lecture 6 overview
DESCRIPTION
Lecture 6 Overview. The minimum requirements. A symmetric-key cryptosystem A block cipher Capable of supporting a block size of 128 bits Capable of supporting key length of 128, 192, and 256 bits Available on a worldwide, non-exclusive, royalty-free basis. Criteria for Evaluation. Security - PowerPoint PPT PresentationTRANSCRIPT
Lecture 6 Overview
The minimum requirements• A symmetric-key cryptosystem• A block cipher• Capable of supporting a block size of 128 bits• Capable of supporting key length of 128, 192,
and 256 bits• Available on a worldwide, non-exclusive,
royalty-free basis
CS 450/650 Lecture 6: AES 2
Criteria for Evaluation• Security– Soundness of the mathematical basis for an
algorithm’s claimed strength– Research community search for flaws
• Computational Efficiency• Memory Requirements• Flexibility• Simplicity
CS 450/650 Lecture 6: AES 3
Advanced Encryption Standard• 10, 12, 14 rounds for 128, 192, 256 bit keys– Regular Rounds (9, 11, 13)– Final Round is different (10th, 12th, 14th)
• Each regular round consists of 4 steps– Byte substitution (BSB)– Shift row (SR)– Mix column (MC)– Add Round key (ARK)
CS 450/650 Lecture 6: AES 4
AES Overview
Plaintext (128) ARK Subkey0
Ciphertext (128) ARK Subkey10
SR
BSB
9 rounds
CS 450/650 Lecture 6: AES 5
Round i operations
Subkeyi
CS 450/650 Lecture 6: AES 6
128-bit substitution boxes
transposition step of circular shift
Left shift and XOR of bits
portion of key is XORed
confusion
confusion
diffusion and confusion
confusion
Shift Row (128-bit)b0 b4 b8 b12
b1 b5 b9 b13
b2 b6 b10 b14
b3 b7 b11 b15
b0 b4 b8 b12
b5 b9 b13 b1
b10 b14 b2 b6
b15 b3 b7 b11
CS 450/650 Lecture 6: AES 7
Mix Column
2 3 1 1
1 2 3 1
1 1 2 3
3 1 1 2
S0,i
S1,i
S2,I
S3,i
S’0,I
S’1,I
S’2,I
S’3,i
= *
Multiplying by 1 no changeMultiplying by 2 shift left one bitMultiplying by 3 shift left one bit and XOR with original value
More than 8 bits 100011011 is subtracted CS 450/650 Lecture 6: AES 8
Add Key
b0 b4 b8 b12
b1 b5 b9 b13
b2 b6 b10 b14
b3 b7 b11 b15
k0 k4 k8 k12
k1 k5 k9 k13
k2 k6 k10 k14
k3 k7 k11 k15
b’x bx kx= XOR
CS 450/650 Lecture 6: AES 9
Key Generation
4 bytes 4 bytes 4 bytes 4 bytes
4 bytes 4 bytes 4 bytes 4 bytes
Circular left shift 1byte
S-box
XORXOR Round constant
CS 450/650 Lecture 6: AES 10
XOR
XOR
DES vs AES
DES AESDate 1976 1999
Block size 64 bits 128 bits
Key length 56 bits 128, 192, 256, … bits
Encryption primitives Substitution and permutation Substitution, shift, bit mixing
Cryptographic primitives
Confusion and diffusion Confusion and diffusion
Design Open Open
Design rationale Closed Open
Selection process Secret Secret (accepted public comment)
Source IBM, enhanced by NSA Belgian cryptographers
11CS 450/650 Lecture 6: AES
Lecture 8 Algorithm Background
CS 450/650
Fundamentals of Integrated Computer Security
Slides are modified from Hesham El-Rewini
Analysis of Algorithms• Algorithms– Time Complexity– Space Complexity
• An algorithm whose time complexity is bounded by a polynomial is called a polynomial-time algorithm. – An algorithm is considered to be efficient if it runs
in polynomial time.
CS 450/650 Lecture 8: Algorithm Background 13
Time and Space• Should be calculated as function of problem
size (n)– Sorting an array of size n, – Searching a list of size n, – Multiplication of two matrices of size n by n
• T(n) = function of n (time)
• S(n) = function of n (space)
14CS 450/650 Lecture 8: Algorithm Background
Growth Rate• We Compare functions by comparing their
relative rates of growth.
1000n vs. n2
15CS 450/650 Lecture 8: Algorithm Background
Definitions T(n) = O(f(n)): T is bounded above by fThe growth rate of T(n) <= growth rate of f(n)
T(n) = (g(n)): T is bounded below by gThe growth rate of T(n) >= growth rate of g(n)
T(n) = (h(n)): T is bounded both above and below by hThe growth rate of T(n) = growth rate of h(n)
T(n) = o(p(n)): T is dominated by pThe growth rate of T(n) < growth rate of p(n)
16CS 450/650 Lecture 8: Algorithm Background
Time Complexity C O(n) O(log n) O(nlogn) O(n2) … O(nk)
O(2n) O(kn) O(nn)
17CS 450/650 Lecture 8: Algorithm Background
Polynomial
ExponentialO(2log n)
P, NP, NP-hard, NP-complete• A problem belongs to the class P if the problem can be
solved by a polynomial-time algorithm• A problem belongs to the class NP if the correctness of the
problem’s solution can be verified by a polynomial-time algorithm
• A problem is NP-hard if it is as hard as any problem in NP– Existence of a polynomial-time algorithm for an NP-hard problem
implies the existence of polynomial solutions for every problem in NP
• NP-complete problems are the NP-hard problems that are also in NP
18CS 450/650 Lecture 8: Algorithm Background
Relationships between different classes
NP
P NP-complete
NP-hard
19CS 450/650 Lecture 8: Algorithm Background
Partitioning ProblemGiven a set of n integers, partition the integers into two subsets such that the difference between the sum of the elements in the two subsets is minimum
13, 37, 42, 59, 86, 100
20CS 450/650 Lecture 8: Algorithm Background
Bin Packing Problem• Suppose you are given n items of sizes
s1, s2,..., sn
• All sizes satisfy 0 si 1
• The problem is to pack these items in the fewest number of bins, – given that each bin has unit capacity
21CS 450/650 Lecture 8: Algorithm Background
Bin Packing ProblemExample (Optimal; Solution) for 7 items of sizes:
0.2, 0.5, 0.4, 0.7, 0.1, 0.3, 0.8.
0.8
0.2
0.3
0.7
0.50.10.4
Bin 1 Bin 2 Bin 322CS 450/650 Lecture 8: Algorithm Background