Tuesday, June 4, 2019
Development of Cryptography Studies
Development of cryptography Studies0.1 AbstractThis report is an overview of near structures that have heavily influence the course and dissect of Cryptography the refinement decades. Initially, we allow for analyse the structure of some important ciphers such as stilbesterol, 3DES and AES by underlying some dark and complicated points and show the critical obligations called S-boxes. We get out then expand of some basic attributes of these block ciphers, for example the lead sentence of them and their hardware and software product system performance. Finally, we will focus on a highly important aspect of these cryptosystems, warrantor by exploring some of the roughly signififannyt ack-ack guns that have been discovered against them. The paper is concluded with a intro of the most important results of our investigation.1 IntroductionCryptography has a actually rich history, rooted back in the ancient years. Even Greeks of classical measure have demonstrated understan ding of ciphers, with the example of Herodotus to be the most well known, who tattooed a message to his slave pass on a slaves shaved head and hide it under his regrown hair. Before the fashionrn era, cryptography had an absolute target the achievement of confidentiality of a message. The most crucial years for cryptography were un mistrustedly the last century. The decisive step was an investigation of Claude Shannon, the father of information security. In his seminar at 1949, Shannon analysed and illustrated block ciphers and suggest that, if they are combined with some operations that arse set up the whole cipher with permutation and renewal, they should be a reasonable option. A block cipher, is an encryption scheme that belongs in the branch of Cryptography that is called symmetric- see Cryptography. This draw is warrant by the fact that the parties that are involved in the communication through the cipher use the same secret depict. Later designed as iterated increase ciphers, block ciphers are deterministic algorithms that operate on fixed distance groups of bits, called blocks. The major attribute for a block cipher is that the length of the foreplay, called plaintext, and the length of the output, called ciphertext, is invariably the same. They take as an stimulation a attain of k-bits length and the this key is expanded to many different keys following a sequence of operations, the so called finish out keys. Typically, a block cipher is built by iteration, using a hightail it called round function. In both round, the round function takes as an stimulation the corresponding message and the round key and produces a new outcome which is oriented to be used in the next round. The final round will produce the ciphertext. Block ciphers have been widely used and dramatically influence the new era of humanity, and more importantly for commercial reasons in industry and banking. thither is a remarkable variety of examples from block ciphers, a lthough for the rest of this paper we will focus on the most historied examples that dominated the whole area of symmetric-key Cryptography in the new era. These are called DES, 3DES, AES. blowfish has also attracted the attention since on that point isnt still any known vulnerability but it will remain orthogonal of the scope of this report.2 abstract and Description2.1 Data Encryption Standard (DES)Nowadays, DES is considered to be precarious, but it had a huge impact in the evolution of the symmetric-key cryptography for many decades after its invention. It has been designed back in 1976, when the government of the United States realized the overwhelming necessity of an algorithm that could effectively protect government data and safely used for buying products from the international markets. The most interesting difference of DES with its predecessor, Lucifer, which has been designed by Horst Fiestel, is that the key length and the block length has been reduced signifi tu shtly. Nevertheless, the key length, especially, was from the time that DES was published, under heavy criticism and was actually badly broken in 1997 with the so-called exhaustive take care attack. That actor that a machine was able to search all the assertable keys and find the correct ane. DES has a very rich history of attacks and we will insure some of these attacks in more detail later in this paper.The core idea behind DES is the so-called Feistel Ne bothrk, where a block cipher can built up with the use of some arbitrary functions f0,f1,fd 0,1n 0,1n. There is a wide variety of block ciphers that have a mistakable construction, although AES has a completely different construction. The critical point in these kinds of constructions is the structure of these functions, which can vary significantly. Abstractly speaking, the main target is to construct an invertible function F 0,12n 0,12n in order to able to decrypt the ciphertext. DES is basically a 16-round Fiestel ne twork. More specifically, the input is just 64 bits, so R0 and L0 are 32 bits each. Obviously, from the draw above, in every the half(a) of the bits remains unchanged. The other half comes with a sequence of operations. Initially, as specified by the protocol, a permutation of the whole input takes place, followed by a 16-round Fiestel Network. Each function f0,f1,f16 0,116 0,116 that is used at each round is computed by using the corresponding subkey, fi(x) = F(ki,x) ,in order to put down out the decryption circuit feasible and manageable from a hardware perspective of view. This subkey is produced by the main key, in the following way 56 bits are selected from the 64 bits that contains the key, the 56 bits are divided into two 28 bit halves and each half is treated afterwards separately. In every round, both halves are revolved form the left to the right by hotshot or two bits and then 48 bits are selected, 24 from the left and 24 from the right to demonstrate the correspo nding subkey. afterwards these 16 rounds of the Fiestel network, there is one more permutation before the final output is computed. The following image describes the construction of the fi function.Initially, the input of 32-bits replicates 48-bits with some simple calculations and then the result is XOR with the 48-bits subkey. The 48-bits are splitted to 8 blocks of 6 bits and passed to the S-boxes. This is the most critical point of a block cipher and bad implementation of S-boxes can easily compromise security. A S-box is a function 0,16 0,14 and acts like a look-up table. The selection of these tables is of vital importance and has been a controversial subject for many years. It has been proved that linear S-boxes is definitely not an option. Even a partly linear S-box can run under some kind of attacks. After the implementation of all the S-boxes, a last permutation that maps the 32-bits around, takes place. The decryption circuit follows exactly the inverse procedure.Obvio usly, the encryption and decryption circuit are almost selfsame(a) as the only actual difference is the order that the f1,f2,,fd functions are applied. This fact made DES very attractive to hardware developers be coif they had to implement just one algorithm for both procedures.2.2 Triple Data Encryption Standard (3DES)As already mentioned, DES has been proved to be vulnerable under certain types of attacks so significant has been made in order to improve the security of DES. For this reason, DES has been replaced by 3DES, which was published in 1998 To dismount with, let E KXM M be a block cipher and lets define the function 3E K3 M as 3E((k1,k2,k3),m) = E(k1,D(k2,E(k3,m))), where D denotes the decryption algorithm. Actually, there are trio encryption steps. The main interview that arises here is why the middle one is a decryption algorithm and not and encryption algorithm. The answer is simple this would have lead to the implementation of a single DES, beacause the offsho ot and the second DES operations cancel out. will cancel the other. Obviously, the key-sizing, as it was mean, has been increased to 168-bits, as each of the keys is 56-bits. There are three options for keys in the starting line key options all the keys are independent, in the second option k1andk2 are independent and k3 = k1 and in the third all three key are identical, k1 = k2 = k3. The third option is no longer recommended by the NIST( National Institute of Standards and Technology), the starting time key option is the strongest with a total number of 168 key bits as mentioned above, and the second option is stronger that simply implementing DES twice.2.3 Why not double DES?3DES is considered to be a secure block cipher. Nevertheless, a average question is why 2DES in not an option, as it may not seem easy to beak by brute force with a key-length position 2112. A 2DES can be defined in the following way 2E(k1,k2),m) = E(k1,E(k2,m)) with a key length 112 bits. This constructi on turns out to be completely insecure and the reason for this is the meet-in-the-middle attack. Basically, if an attacker has at his disposal an actual message and the corresponding ciphertext, which will be of the same length, he will try to find a pair of key (k1,k2) that E(k1,E(k2,M)) = C. If we apply at both parts of this equation the decryption algorithm, then we get the get E(k2,M) = D(k1,C). So, the attacker will try to figure out which is the appropriate pair of key in order to map the message M and ciphertext C at the same point this also justifies the name of the attack meet-in-themiddle. The attack is structured in two steps Firstly, the attacker has to build up a table with all the 2112 keys and the corresponding encryptions and then distinguish this list, and secondly, for all possible key that belongs to 0,156, he calculates D(k,C) and he looks for a match at the previous table. Whenever he finds the first match, his goal has been achieved. The running time of this attack is 256log(256) + 256log(256) 263, time that is much smaller than the time that is necessary for brute force attack.2.4 Advanced Encryption Standard(AES)It is widely acceptable AES has been adopted by the U.S. government and nowadays is used existencewide. As DES was proved insecure and 3DES quite slow, the demand for a more effective encryption scheme grew fastly and at 1997 NIST bespeak a new proposal. After some investigation, NIST chose Rijndael as AES at 2000, a cipher that was designed in Belgium.AES, unlikely to its predecessor, its not a Feistel Network. In contrast, it is called a substitution-permutation network because both actions of permutation and substitution take place. AES has a fixed block size of 128-bits, although the key length can vary, 128,192 or 256 bits. Additionally, in every round of AES all bits change while in every round of DES half of the bits remain unchanged. Generally, a substitution permutation networks initial input is operated with an XOR with the corresponding round subkey, then goes through a substitution layer where there are some blocks, configured depending on what the substitution table says and eventually a permutation layer follows where all bits are permuted. This procedure is repeated many times until the final outcome is produced. All steps of a substitution permutation network must be reversible in order to be able to decrypt. Specifically for AES, the 128-bits, which are equal to 16-bytes, are handled with the help of a 4X4 matrix with ten repeated rounds to follow. Each element of this matrix is one byte. Each byte comes under the XOR operation with the corresponding round subkey, and then a function is applied in every round that consists of three steps (1) The Sub-Bytes step, according to which all bytes are replaced with other coming from a look-up table, named Rijndael S-box. This S-box is associated with the Galois Field(28) which is considered to have goo properties. This is a critical operat ion for the boilersuit structure, as it domiciliates AES with non-linearity. (2) The Shift-Rows step, where the last three rows of the current state are moved some certain positions to the left while the first row remains stable and (3) the Mix-Columns step, where all the bytes of each column of the current state are combined under a linear transformation. The last two steps provide AES with diffusion, a vital property for a secure cipher according to which if we change one bit of the plaintext then almost half of the bits of the ciphertext will change. It is also considerable that the step Mix-Columns is omitted at the last round of AES. Each subkey is produced by the main key with some kind of expansion similar to the DES. The key expansion is introduced with a number of operations named rotate, Rcon, and S-box and then follows an inner loop in key schedule before the final subkey is produced.3 coincidence and Attacks3.1 Running timeA real concern about which algorithm is approp riate, especially for commercial use, is the effectiveness and its running time. In general, the larger the block size is, the faster is the algorithm, obviously because larger amount of data is encrypted in one round of operations. Similarly, the smaller the key size is, the faster is the encryption algorithm, because the less key bits are involved in the operations and thus the complexity of them is reduced. A series of experiments have taken place to verify which of the famous encryption algorithms, AES,DES,3DES. most of these experiments implement these encryption algorithms in Java, although there are some others that used C, most of them at a machine of Pentium 2 or Pentium 4. At most of these experiments, the fastest of these algorithms has been proved to be DES, followed by AES and finally from the 3DES, as it is three times slower than DES. It obviously doesnt make sense to examine the running time of these block ciphers in complete isolation with the security that they pro vide although it is definitely a factor that must be taken into consideration.3.2 Software and Hardware instruction executionAnother important aspect that must be examined is the performance of these block ciphers in combination with the available hardware. Again, a lot of study has been carried out and provide us with some clear evidence. In compact architecture, 3DES, DES and AES have displayed very similar performance. In contrast, in high-speed architecture, AES is considered to be almost 4-times than the 3DES and DES. This is incident due to a variety of reasons, amongst them there is no hardware support for DES in modern CPUs, when from the other side there is for AES in more and more many CPUs, including most targeting servers hence hardware DES is ooaded to a distant IC, when AES is often in-core. Additionally, DES is often used in CBC mode which makes parallelization inevitable and processed in advance during encryption when AES is mainly used in CTR mode where the hatc hway of parallelization is available. Finally, DES, and its expansion 3DES is much slower in software than AES, obviously because it was designed back at 1976 before the 8086 processor was designed and uses a lot of bit operations that are not implemented suciently in a processor with a word oriented instruction set.3.3 Attacks on DES and 3DESAs already mentioned earlier at this paper, 2DES has been collapsed from the meet-in-the-middle-attack. Simultaneously, DES, despite its contribution to the overall development of cryptography, has also been defeated by a quite popular attack named exhaustive search. Exhaustive search means that the attacker will search the whole key space and he will find the appropriate, which is unique, in sucient amount of time. There are some cases, even in the real world where the attacker can obtain some pairs (mi,ci), where m denotes a message and c the corresponding ciphertext. Under this small requirement, DES was badly broken. To be specific, a compa ny named RSA, back at 1997 announced a problem with the name DES challenge. The company announced six ciphertexts and in parallel announced the first three actual messages and asked for the scientific community to search for the key and use it to obtain the other messages. The same year of the request the challenge had been solved. To go besides, the rapid hardwaredevelopment was able to create a machine that find the key and solve the problem, equivalently crack DES, within less than one day at the year 1999 with exhaustive search, leading to the assumption that 56-bits length block ciphers should not be used any more. As DES is one of the most famous and controversial block ciphers, it is not entirely surprising that there is a variety of attacks developed against DES, some of them even faster than exhaustive search. Back at 1998, Kocher and Jun demonstrated a very innovative idea by making a side channel attack, introducing a new era for cryptography. Side carry attacks extract information from the physical implementation of the cipher. This type of attack was specifically against smart handbills, and is based in power measurement. They actually measured precisely the running time of the smart cards and analysed the diagrams that they obtain from this measurement. In this way, they were able to learn was much time was consumed by in each operation from the smart card and find exactly the key. Nowadays, even smart cards are equipped with mechanisms that dont reveal any information of the power consumption there is an attack called differential power analysis, which can steal the secret key after running a lot of time the smart card. It should me mentioned that these attacks are quite general and not for smart cards. In addition, there is another type of a quite highly surprising class of attacks called fault attacks. In this occasion, the attacker can cause a malfunction to a mechanism, lets say to a smart card, for example by warming it up. If he manage to cause and recognise an error at the last round of DES he will be able to discover the secret key. The last attack that we would like to point out is the so called linear cryptanalysis. This is a generic attack and was introduced by Matsui at 1993 and is one of the most realistic, sophisticated and quick attacks on the DES. His attacks, and generally in linear cryptanalysis, one tries to find probalistic linear relations between the plaintext, the ciphertext and the secret key. He starts by examining linear relations at the S-boxes of one round and if he succeeds, he will use the to find out linear relations in one-round and then finally them iteratively to find multi-round relations. These relations from round to round are not independent. By combining all these linear relations, the attacker should be able to retrive the secret key. Matsui attack used 244 known plaintexts to find 13 bits of the secret key with a high probability . A similar method was applied to find another 13 bits and then for the remaining 30-bits he applied exhaustive search, he applied exhaustive search, reducing significantly the time that the initial exhaustive search demands. Today, linear cryptanalysis is considered to be, with some improvements, one of the most powerful attacks on DES. Although DES is considered to be faultless and no specific technical vulnerabilities has been found, a high level of linearity at the fifth box of DES has created the possibility for someone to generate this type of attack.Most of the previously referred attacks can also be implemented against 3DES, as the two block ciphers are obviously, highly related. To begin with, an exhaustive search is not sucient any more as the key space, if we use three totally independent keys, is huge, especially if we take into consideration the computational power that a strong mahine can demonstrate nowadays. The meet-in-the middle-attack can be applied in a very similar mode, as the attacker can still create a sort ed table with the first implementation of DES between one element of the table and the implementation of twice the DES at the opposite direction. The time needed for this attack is 2112, which is considered to be a high level of security, as nowadays a satisfactory level of security against a certain attack is approximately 290, although is still faster in comparison with exhaustive search. Lately, a new attack against block ciphers has been displayed, mainly intended against 3DES and Blowfish and exploits well known kind of vulnerabilities like collision and birthday attacks. Since this is currently under examination and was published only this year, we are not loss to expand more. Overall, till today there is not a known and widely acceptable attack that cracks 3DES in a reasonable amount of time.3.4 Attacks on AESRijndael has outplayed all other candidates suggested for the AES and so has been analysed quite a bit the last decade. A lot of attacks have been introduced although n one of them has hurt AESs security significantly. To begin with, there is a lot of analysis around the meet-in-the-middle attack and some possible improvements of it over the last five years. Gilbert and Minier have proved a very interesting distinguishing property for the first four rounds of AES with the following proposition lets consider a set of 256 plaintexts where the entry a11 takes all byte values between 0 and 255 exactly once over a given set of plaintexts and all other entries are equal to a constant. If we encrypt this set with three rounds of AES then the function that maps a11 to C11 is determind by 9 fixed 1-byte parameters. C11 denotes the byte values at row i, column j. This proposition was used by them to implement the same idea of the meet-in-the-middle attack. Some further investigation have shown that the number of the parameters, and specifically for 13 or 14 bytes, and this is able to be reduced so the number of the required plaintexts will be minimized. Anot her famous class of attacks are called cache attacks. Cache is a small part of high speed memory and it aims to keep the CPU as much busy as possible. The catch parameters influence the running time of an algorithm. Specifically, when an element of a data array is called, then we have two possible outcomes. Id the element lies n the cache memory,then the access is instant. In a different situation, the element must be accessed from the main memory. This operation will be penalize in significantly different running times and reveal valuable information. We can separate this class of attacks into three families cold start misses, which arise for the first reference of the data, capacity misses which the magnitude of the element is bigger than the size o the cache and the conflict misses, which may happen in the case of accessing recently accessed data.4 ConclusionIn this paper we examined the structure of popular block ciphers that heavily influenced the development of Cryptography, like DES,3DES and AES and we have compared them in means of running time and software and hardware implementation. We have also considered some basic attacks that have been applied on these cryptosystems. We come to the conclusion that AES is the most safe and practical block ciphers, and this is confirm by the fact that is has been chosen for encryption at a series of important applications nowadays. IS it estimated that AES will fully replace 3DES until 2030. There is not any doubt that AES is the most practical and convenient cipher from a hardware and running time perspective. Nevertheless, further investigation must definitely be carried out to promise the the safety of AES, especially under the increasing enhancement of the technological means, is guaranteed. Finally, the attack Sweet32 is a newly invented attack and must carefully be examined, mainly because it is truly compromise 3DES security, countermeasures must be taken DES will fully replaced by AES.5 References1 Dan Boneh and Victor Shoup, A Graduate Course of Cryptography, August 2015. 2 Diaa Salama Abd Elminaam,Hatem Mohamed Abdual Kader and Mohiy Mohamed Hadhoud, Evaluating The mathematical process of Symmetric Encryption Algorithms, Higher Technological Institute 10th of Ramadan City, Egypt, (Received Feb. 16, 2009 revised and accepted May 12, 2009) 3 Aamer Nadeem, Dr M. Younus Javed, A Performance Comparison of Data Encryption Algorithms, division of Computer Engineering, College of Electrical and Mechanical Engineering, National University of Sciences and Technology, Rawalpindi, Pakistan. 4 Akashi Satoh and Sumio Morioka, Hardware-Focused Performance Comparison for the Standard Block Ciphers AES, Camellia, and Triple-DES, Tokyo Research Laboratory IBM Japan Ltd. 5 Huseyin Demirci, Ihsan Taskn, Mustafa Coban, and Adnan Baysal, Improved Meet-in-the-Middle Attacks on AES, 2011. 6 Daniel J. Bernstein, Cache-timing attacks on AES, Department of Mathematics, Statistics, and Computer Science (M/C 249) The University of Illinois at Chicago, 2005. 7 Eran Tromer, Dag Arne Osvik and Adi Shamir, Computer Science and Artificial Intelligence Laboratory, Massachusetts Institute of Technology, 32 Vassar Street, G682, Cambridge, MA 02139, USA and Laboratory for Cryptologic Algorithms, Station 14, Ecole Polytechnique Federale de Lausanne, 1015 Lausanne, Switzerland Received 20 July 2007 and revised 25 June 2009. 8 Anne Canteaut, Cedric Lauradoux and Andre Seznec, Understanding cache attacks, April 2006. 9 Johannes Blomer and Volker Krummel, Analysis of countermeasures against access driven cache attacks on AES, Faculty of Computer Science, Electrical Engineering and Mathematics University of Paderborn, Germany 2009. 10 Hamdan.O.Alanazi, B.B.Zaidan, A.A.Zaidan, Hamid A.Jalab, M.Shabbir and Y. Al-Nabhani, New Comparative Study Between DES, 3DES and AES within club Factors, Journal of Computing, Volume 2, Issue 3, March 2010. 11 Henri Gilbert and Thomas Peyrin, Super-Sbox Cryptanaly sisImproved Attacks for AES-like Permutations, Orange Labs, France 12 Elisabeth Oswald, Stefan Mangard, Norbert Pramstaller and Vincent Rijmen, Institute for Applied Information Processing and Communciations (IAIK), Austria, 2005. 13 Kai Schramm, Gregor Leander, Patrick Felke and Christof Paar, A Collision-Attack on AES Combining Side Channel and Differential Attack, Horst Gortz Institute for IT Security, Germany 2005. 14 Alex Biryukov and Dmitry Khovratovich, Related-Key Cryptanalysis of the Full AES-192 and AES-256, University of Luxembourg 2011. 15 A Chosen-Plaintext Linear Attack on DES, Lars R. Knudsen and John Erik Mathiassen Department of Informatics, University of Bergen, N5020 Bergen, Norway, 2000. 16 Jawahar Thakur and Nagesh Kumar, DES, AES and Blowfish Symmetric Key Cryptography, Algorithms Simulation Based Performance Analysis, International Journal of Emerging Technology and Advanced Engineering Website www.ijetae.com (ISSN 2250-2459, Volume 1, Issue 2, December 2011) 17 Stefan Tillich and Christoph Herbst, struggle State-of-the-Art Software Countermeasures A Case Study for AES, Institute for Applied Information Processing and Communications, Inffeldgasse 16a, A-8010 Graz, Austria
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.