Académique Documents
Professionnel Documents
Culture Documents
Tjark Weber
Cryptology
March 26, 2013
1 / 39
Lab Groups
Lab Groups
Lab groups have been announced on the Student Portal. Please get in
touch with your group members! The deadline for part (a) of Lab 1 is this
Friday, March 29.
Please send email to jean-noel.monette@it.uu.se as soon as possible
if
you have not been assigned to a lab group but want to do the labs;
you have been assigned to a lab group but dont want to do the labs.
2 / 39
Lab 1
Lab 1
For your convenience, computer room 1515 has been reserved tomorrow
(Wednesday) from 8:15-12:00.
You are not required to be there at this time. You may work on the lab
when- and wherever you like. You may use the computer room at other
times if it is available.
Jean-Noel will not be there tomorrow. As usual, you can contact him in
person or by email (jean-noel.monette@it.uu.se) if you have
questions.
3 / 39
Exercise Solutions
Exercise Solutions
4 / 39
Exercise Solutions
Exercise Solutions
Exercise Solutions
1
5 / 39
Exercise Solutions
6 / 39
Cryptanalysis
Cryptanalysis
7 / 39
Cryptanalysis
Attack Models
Attack Models
8 / 39
Cryptanalysis
9 / 39
Cryptanalysis
dk (y )
EUXWHIRUFH
9 / 39
Cryptanalysis
dk (y )
EUXWHIRUFH
DTWVGHQTEG
9 / 39
Cryptanalysis
dk (y )
EUXWHIRUFH
DTWVGHQTEG
CSVUFGPSDF
9 / 39
Cryptanalysis
dk (y )
EUXWHIRUFH
DTWVGHQTEG
CSVUFGPSDF
BRUTEFORCE
..
.
9 / 39
Cryptanalysis
|K |
28
240
256
264
2128
10 / 39
Cryptanalysis
|K |
28
240
256
264
2128
10 / 39
Cryptanalysis
11 / 39
Cryptanalysis
11 / 39
Cryptanalysis
Frequency Analysis
Frequency Analysis
Frequency analysis relies on the observation that in natural-language
plaintexts, certain letters and combinations of letters (bigrams,
trigrams, . . . ) occur with varying frequencies.
12 / 39
Cryptanalysis
13 / 39
Cryptanalysis
The Vigen`ere cipher can be attacked because the key is reused periodically:
xi , xi+m , xi+2m , . . . are all encrypted with the same key character, ki .
To break the cipher, we proceed in two steps:
1
14 / 39
Cryptanalysis
15 / 39
Cryptanalysis
16 / 39
Cryptanalysis
25
X
pi2 = 0.065.
i=0
17 / 39
Cryptanalysis
P25
i=0
fi (x j )(fi (x j )1)
.
l(l1)
0
1
m0
Pm0
j=1 Ic (x
j ).
18 / 39
Cryptanalysis
19 / 39
Cryptanalysis
Many are the cryptosystems offered [...] today that cannot be broken by
any known methods of cryptanalysis. [...] In a sense, then, cryptanalysis is
dead.
David Kahn, 2002
20 / 39
21 / 39
AES: Overview
AES: Overview
22 / 39
I have nothing but good things to say about NIST and the AES process.
Bruce Schneier, http://www.schneier.com/crypto-gram-0010.html#8
23 / 39
24 / 39
Substitution Boxes
Substitution Boxes
A substitution box (S-box) is a basic component of a symmetric-key
algorithm that transforms m input bits into n output bits. Often, m = n,
and the transformation is invertible.
m
S
n
25 / 39
Permutation Boxes
Permutation Boxes
P
n
26 / 39
Substitution-Permutation Networks
Substitution-Permutation Networks
27 / 39
(Animation)
28 / 39
AES: Cryptanalysis
AES: Cryptanalysis
For specific keys and a reduced number of rounds, attacks that are faster
than brute force are known since 2009.
The first key-recovery attacks on full AES were published in 2011. They
are faster than brute force by a factor of about four. Technically, AES is
broken.
However, AES remains secure in practice: all currently known attacks are
computationally infeasible.
29 / 39
Side-channel Attacks
Side-channel Attacks
30 / 39
Modes of Operation
Modes of Operation
31 / 39
Modes of Operation
Modes of Operation
Modes of Operation
32 / 39
Modes of Operation
33 / 39
Modes of Operation
34 / 39
Modes of Operation
35 / 39
Modes of Operation
36 / 39
Modes of Operation
Counter
Counter
37 / 39
Exercises
Exercises
38 / 39
Exercises
Exercises
Exercises
39 / 39