“implementation of a rc5 block cipher algorithm and implementing an attack on it”
DESCRIPTION
Cryptography Team Presentation 1. Agarwal, Kshitij Rao , Prashant. “Implementation of a RC5 block cipher algorithm and implementing an attack on it”. Project Mentor – Prof. Alan Kaminsky. Fast symmetric block cipher Same key for encryption and decryption - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/1.jpg)
““Implementation of a RC5 block cipher algorithm Implementation of a RC5 block cipher algorithm and implementing an attack on it”and implementing an attack on it”
Cryptography Team Presentation 1Cryptography Team Presentation 1
![Page 2: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/2.jpg)
About RC5About RC5
◦Fast symmetric block cipher
◦Same key for encryption and decryption
◦Plaintext and ciphertext are fixed-length bit sequences (blocks)
![Page 3: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/3.jpg)
Parameters of RC5Parameters of RC5
◦RC5 – w/r/b E.g. RC5 – 32/16/10◦w = 32 bits◦r = 16 rounds◦b = 10-byte (80-bit) secret key variable◦ t = 2 (r + 1) = 2 (16 + 1) = 34 rounds
![Page 4: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/4.jpg)
Important parameters in detailsImportant parameters in details“w”(bits) – variable word size
Allowable choice for “w” in RC5– 16,32 and 64 Suggested 32 “Two” word input (plaintext) block size – 64-bit plaintext “Two” word output (ciphertext) block size – 64-bit ciphertext
Design accepts all w > 0 Variable word size can exploit longer word length of
processors like 64 – bit processors.
![Page 5: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/5.jpg)
Important parameters in detailsImportant parameters in details“r” – variable number of rounds
Tradeoff between high speed and high security. Allowed values 0-255 Suggested – 12
Higher the number of rounds provides increased level of security.
“S” – Expanded key table – derived from user’s secret key. “t” – The size of table “S” (depends on “r”)◦ t = 2 ( r + 1 ) words.
![Page 6: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/6.jpg)
Important parameters in detailsImportant parameters in details“b” – variable length secret cryptographic key◦The number of bytes in the secret key K.◦16 bytes suggested with allowed values from 0 – 255
“K” – The b-byte secret key : K[0], K[1], ..., K[b-1].
![Page 7: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/7.jpg)
Discussion on parametersDiscussion on parametersRC5 cannot be secure for all possible values◦r = 0
No rounds of security will provide no encryption◦r = 1
One round will provide very less security As a matter of fact, it can be easily broken
◦b = 0 No key, no security
◦Maximum allowable parameter values will be overkill.◦Nominal Choice Proposed
RC5 – 32/12/16
![Page 8: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/8.jpg)
Notation and RC5 Primitive OpsNotation and RC5 Primitive OpsThree Primitive operations(and their inverses)◦Two’s complement addition of words, modulo 2w
‘+’ Inverse op , subtraction, ‘-’
◦Bit-wise exclusive OR of words, denoted by ⊕◦A left-rotation of words
x <<< y , cyclic rotation of word x left by y bits One word of the intermediate results is cyclically rotated by an
amount determined bits of another intermediate results. The inverse operation is right-rotation, x>>>y
![Page 9: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/9.jpg)
NoteNoteWe see that rotations are ‘rotations by variable
amount’ that is plaintext dependent
We know that on modern microprocessors, a variable rotation takes constant-time◦Time is independent of the rotation amount y
No other non-linear operations in RC5
Strength,therefore, relies on data-dependent rotations
![Page 10: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/10.jpg)
RC5 AlgorithmRC5 AlgorithmThree parts:-◦Key Expansion◦Encryption Algorithm◦Decryption Algorithm
![Page 11: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/11.jpg)
RC5 Algorithm – Key ExpansionRC5 Algorithm – Key ExpansionRequirements of key expansion◦Filling the expanded key table array S[0…t – 1] with
random binary words “t” – Size of table “S” => 2 ( r+1 )
◦S table is not an “S-box” like DES. Entries in S sequentially, one at a time.
◦Random binary words are derived from the K.
![Page 12: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/12.jpg)
RC5 Algorithm – Key ExpansionRC5 Algorithm – Key ExpansionStarting with two magic constants◦Two word-sized binary constants ◦Pw = Odd((e - 2) 2w )
◦ Qw = Odd((φ – 1) 2w ) e = 2.718281828459… (base of natural logarithms) Φ = 1.618033988749… (golden ratio),
◦Where, Odd(x) is the odd integer nearest to x◦For w = 16 and 32 in hexadecimal form
P16 = b7e1 Q16 = 9e37 P32 = b7e15163 Q32 = 9e3779b9
![Page 13: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/13.jpg)
RC5 Algorithm – Key ExpansionRC5 Algorithm – Key ExpansionConverting the Secret Key from Bytes to Words
◦c = ceiling(b/u) words◦Pseudo code for conversion:-
Image Source: http://people.csail.mit.edu/rivest/Rivest-rc5rev.pdf
![Page 14: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/14.jpg)
RC5 Algorithm – Key ExpansionRC5 Algorithm – Key ExpansionInitializing the S Array◦Initialization to a particular fixed(key- independent)
Image Source: http://people.csail.mit.edu/rivest/Rivest-rc5rev.pdf
![Page 15: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/15.jpg)
RC5 Algorithm – Key ExpansionRC5 Algorithm – Key ExpansionMixing in the Secret Key◦Pseudo code:-
Image Source: http://people.csail.mit.edu/rivest/Rivest-rc5rev.pdf
![Page 16: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/16.jpg)
RC5 AlgorithmRC5 AlgorithmEncryption Algorithm◦Two w-bit words are denoted as A and B
A = A + S[0];B = B + S[1];for i = 1 to r do
A = (( A ⊕ B ) <<< B ) + S[ 2 * i ];B = (( B ⊕ A) <<< A ) + S[ 2 * i + 1];
The output is in the registers A and B.Work is done on both A and B, unlike DESwhere only half input is updated.
Image Source: http://en.wikipedia.org/wiki/File:RC5_InfoBox_Diagram.svg
![Page 17: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/17.jpg)
RC5 AlgorithmRC5 AlgorithmDecryption Algorithm◦(easily derived from encryption)◦Two w-bit words are denoted as A and B
for i = r downto 1 doB = (( B – S[ 2 * i + 1 ]) >>> A) ⊕ A;A = (( A – S[ 2 * i ] >>> B) ⊕ B;
B = B - S[1];A = A - S[0];
The output is in the registers A and B.
![Page 18: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/18.jpg)
Important NotesImportant NotesData dependent rotations – amount of rotation is not
pre-determined.The behavior of each round is different as the
rotation amount is different. ◦Each round ends by adding expanded key from S
It was experimentally[1] determined that after eight rounds in RC5-32, each message bit affected some rotation amount.
[1]: Rivest, R. L. (1994). "The RC5 Encryption Algorithm" (pdf). Proceedings of the Second International Workshop on Fast Software Encryption (FSE) 1994e. pp. 86–96.
![Page 19: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/19.jpg)
Next PresentationNext PresentationDifferential Attack will be performed.◦Difficult because bits are rotated to “random” positions in
each round.
Analysis of the requirements of the attack.
Analysis of the results of the attack.
![Page 20: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/20.jpg)
ReferencesReferences Rivest, R. L. (1994). "The RC5 Encryption Algorithm" (pdf).
Proceedings of the Second International Workshop on Fast Software Encryption (FSE) 1994e. pp. 86–96. http://people.csail.mit.edu/rivest/Rivest-rc5rev.pdf
RC5 Encryption Diagram◦ http://en.wikipedia.org/wiki/File:RC5_InfoBox_Diagram.svg◦ http://en.wikipedia.org/wiki/RC5
![Page 21: “Implementation of a RC5 block cipher algorithm and implementing an attack on it”](https://reader033.vdocument.in/reader033/viewer/2022051114/5681317b550346895d97f419/html5/thumbnails/21.jpg)