lecture 6 overview

Lecture 6 Overview

The minimum requirements• A symmetric-key cryptosystem• A block cipher• Capable of supporting a block size of 128 bits• Capable of supporting key length of 128, 192,

and 256 bits• Available on a worldwide, non-exclusive,

royalty-free basis

CS 450/650 Lecture 6: AES 2

Criteria for Evaluation• Security– Soundness of the mathematical basis for an

algorithm’s claimed strength– Research community search for flaws

• Computational Efficiency• Memory Requirements• Flexibility• Simplicity

CS 450/650 Lecture 6: AES 3

Advanced Encryption Standard• 10, 12, 14 rounds for 128, 192, 256 bit keys– Regular Rounds (9, 11, 13)– Final Round is different (10th, 12th, 14th)

• Each regular round consists of 4 steps– Byte substitution (BSB)– Shift row (SR)– Mix column (MC)– Add Round key (ARK)

CS 450/650 Lecture 6: AES 4

AES Overview

Plaintext (128) ARK Subkey0

Ciphertext (128) ARK Subkey10

SR

BSB

9 rounds

CS 450/650 Lecture 6: AES 5

Round i operations

Subkeyi

CS 450/650 Lecture 6: AES 6

128-bit substitution boxes

transposition step of circular shift

Left shift and XOR of bits

portion of key is XORed

confusion

confusion

diffusion and confusion

confusion

Shift Row (128-bit)b0 b4 b8 b12

b1 b5 b9 b13

b2 b6 b10 b14

b3 b7 b11 b15

b0 b4 b8 b12

b5 b9 b13 b1

b10 b14 b2 b6

b15 b3 b7 b11

CS 450/650 Lecture 6: AES 7

Mix Column

2 3 1 1

1 2 3 1

1 1 2 3

3 1 1 2

S0,i

S1,i

S2,I

S3,i

S’0,I

S’1,I

S’2,I

S’3,i

= *

Multiplying by 1 no changeMultiplying by 2 shift left one bitMultiplying by 3 shift left one bit and XOR with original value

More than 8 bits 100011011 is subtracted CS 450/650 Lecture 6: AES 8

Add Key

b0 b4 b8 b12

b1 b5 b9 b13

b2 b6 b10 b14

b3 b7 b11 b15

k0 k4 k8 k12

k1 k5 k9 k13

k2 k6 k10 k14

k3 k7 k11 k15

b’x bx kx= XOR

CS 450/650 Lecture 6: AES 9

Key Generation

4 bytes 4 bytes 4 bytes 4 bytes

4 bytes 4 bytes 4 bytes 4 bytes

Circular left shift 1byte

S-box

XORXOR Round constant

CS 450/650 Lecture 6: AES 10

XOR

XOR

DES vs AES

DES AESDate 1976 1999

Block size 64 bits 128 bits

Key length 56 bits 128, 192, 256, … bits

Encryption primitives Substitution and permutation Substitution, shift, bit mixing

Cryptographic primitives

Confusion and diffusion Confusion and diffusion

Design Open Open

Design rationale Closed Open

Selection process Secret Secret (accepted public comment)

Source IBM, enhanced by NSA Belgian cryptographers

11CS 450/650 Lecture 6: AES

Lecture 8 Algorithm Background

CS 450/650

Fundamentals of Integrated Computer Security

Slides are modified from Hesham El-Rewini

Analysis of Algorithms• Algorithms– Time Complexity– Space Complexity

• An algorithm whose time complexity is bounded by a polynomial is called a polynomial-time algorithm. – An algorithm is considered to be efficient if it runs

in polynomial time.

CS 450/650 Lecture 8: Algorithm Background 13

Time and Space• Should be calculated as function of problem

size (n)– Sorting an array of size n, – Searching a list of size n, – Multiplication of two matrices of size n by n

• T(n) = function of n (time)

• S(n) = function of n (space)

14CS 450/650 Lecture 8: Algorithm Background

Growth Rate• We Compare functions by comparing their

relative rates of growth.

1000n vs. n2

15CS 450/650 Lecture 8: Algorithm Background

Definitions T(n) = O(f(n)): T is bounded above by fThe growth rate of T(n) <= growth rate of f(n)

T(n) = (g(n)): T is bounded below by gThe growth rate of T(n) >= growth rate of g(n)

T(n) = (h(n)): T is bounded both above and below by hThe growth rate of T(n) = growth rate of h(n)

T(n) = o(p(n)): T is dominated by pThe growth rate of T(n) < growth rate of p(n)

16CS 450/650 Lecture 8: Algorithm Background

Time Complexity C O(n) O(log n) O(nlogn) O(n2) … O(nk)

O(2n) O(kn) O(nn)

17CS 450/650 Lecture 8: Algorithm Background

Polynomial

ExponentialO(2log n)

P, NP, NP-hard, NP-complete• A problem belongs to the class P if the problem can be

solved by a polynomial-time algorithm• A problem belongs to the class NP if the correctness of the

problem’s solution can be verified by a polynomial-time algorithm

• A problem is NP-hard if it is as hard as any problem in NP– Existence of a polynomial-time algorithm for an NP-hard problem

implies the existence of polynomial solutions for every problem in NP

• NP-complete problems are the NP-hard problems that are also in NP

18CS 450/650 Lecture 8: Algorithm Background

Relationships between different classes

NP

P NP-complete

NP-hard

19CS 450/650 Lecture 8: Algorithm Background

Partitioning ProblemGiven a set of n integers, partition the integers into two subsets such that the difference between the sum of the elements in the two subsets is minimum

13, 37, 42, 59, 86, 100

20CS 450/650 Lecture 8: Algorithm Background

Bin Packing Problem• Suppose you are given n items of sizes

s1, s2,..., sn

• All sizes satisfy 0 si 1

• The problem is to pack these items in the fewest number of bins, – given that each bin has unit capacity

21CS 450/650 Lecture 8: Algorithm Background

Bin Packing ProblemExample (Optimal; Solution) for 7 items of sizes:

0.2, 0.5, 0.4, 0.7, 0.1, 0.3, 0.8.

0.8

0.2

0.3

0.7

0.50.10.4

Bin 1 Bin 2 Bin 322CS 450/650 Lecture 8: Algorithm Background