Académique Documents
Professionnel Documents
Culture Documents
CAST-128
Developed by Carlisle Adams and Stafford Tavares
64-bit block size and key size varies from 40- to 128-bits in
8-bit increments
Classical Feistel network structure
Sixteen rounds
Two subkeys per round, one 32-bit (Kmi), one 5-bit (Kri)
Three different round functions
Four operations: addition(+) and subtraction(-) modulo
232, XOR, and (variable) circular left rotate (<<<)
5-bit subkey (Kri) determines rotate amount
Encryption
L0||R0 = Plaintext
for i = 1 to 16 do
Li = Ri-1
Ri = Li-1 Fi[Ri-1, Kmi, Kri];
Ciphertext = L16||R16
Mukesh Chinta, Asst Prof, CSE
CAST Encryption
CAST-128 S-Boxes
CAST-128 uses eight 8 32 S-boxes.
Four of these, S-box 1 thru S-box 4 are used in the
encryption/decryption process and S-box 5 thru S-box
8 are used in the subkey generation.
Each S-box is an array of 32 columns by 256 rows
where, the 8-bit input selects a row in the array and 32-
bit value in that row is the output.
S-boxes contain fixed (predefined) values and are
carefully designed to have a high degree of
nonlinearity.
RC-2
Uses 64 bit plaintext and ciphertext blocks and a key length varying
from 8 to 1024 bits
A set of operations are performed on the secret key to produce 128
bytes of subkey.
It uses addition, bitwise exclusive-or, bitwise complement, bitwise
AND and left circular rotation operations for encryption
64-bit plaintext is stored in 4 16-bit words R[0],R[1],R[2] and R[3]
Algorithm consists of 18 rounds of two types: mixing and mashing.
Each mixing round uses four subkey words and all of them are used
in the 16 mixing rounds
Subkeys are selected in data dependent manner for the two mashing
rounds.
Decryption is performed as the inverse of encryption and keys are
used in reverse order
RC2 is vulnerable to a related-key attack using 234 chosen plaintexts
Mukesh Chinta, Asst Prof, CSE
Stream Ciphers
process message bit by bit (as a stream)
have a pseudo random keystream
combined (XOR) with plaintext bit by bit
randomness of stream key completely
destroys statistically properties in message
Ci = Mi XOR StreamKeyi
but must never reuse stream key
otherwise can recover messages (cf book
cipher)
RC 4
Designed by Ron Rivest in 1984 for RSA Data
Security
widely used in data communication and
networking protocols including SSL/TLS and IEEE
802.11 wireless LAN standard
Byte oriented stream cipher i.e., a byte of plaintext
is Xored with a byte of key to produce a byte of
ciphertext.
Key size is variable and can contain any where
from 1 t0 256 bytes
Simple design, yet effective
Mukesh Chinta, Asst Prof, CSE
Initialization
Initialization is done in two steps
Step-1: The state is initialized to values 0,1,....255. A key
array, T[0], T[1], .....T[255] is also created. If needed the
bytes are repeated until the K array is filled
for i = 0 to 255 do
S[i] = i
T[i] = K[i mod keylen]
Step-2: The initialized state goes through a permutation
based on the values of the bytes in T[i]. The key byte is
used only in this step to define which elements to be
swapped and after this, the state bytes are completely
shuffled
j=0
for i = 0 to 255 do
j = (j + S[i] + T[i]) (mod 256)
swap (S[i], S[j])
Mukesh Chinta, Asst Prof, CSE
RC4 Overview
RC4 Security
claimed secure against known attacks
have some analyses, none practical
result is very non-linear
since RC4 is a stream cipher, must never
reuse a key
have a concern with WEP, but due to key
handling rather than RC4 itself
RC5
RC5 is a symmetric encryption algorithm developed by
Ron Rivest and was designed to have the following
characteristics:
a) Suitable for hardware or software
b) Fast
c) Adaptable to processors of different word lengths
d) Variable number of rounds
e) Variable-length key
f) Simple
g) Low memory requirement
h) High Security
i) Data dependent rotations
Mukesh Chinta, Asst Prof, CSE
RC5 Parameters
RC5 is word-oriented
Two-word input and two-word output
Representation
Word size: w (16,32,64)
Number of rounds: r (0,1, …, 255)
Number of bytes in key K: b (0,1, …, 255)
RC5 algorithm notation: RC5-w/r/b
i=j=X=Y=0;
Do 3*max(t, c) times: Note: <<< cyclic rotate left
X=S[i]=(S[i]+X+Y)<<<3;
Y=L[j]=(L[j]+X+Y)<<<(X+Y);
i=(i+1) mod t;
j=(j+1) mod c;
Mukesh Chinta, Asst Prof, CSE
RC5 Encryption
RC5 uses 3 primitive operations
•Addition, Subtraction (of
words): modulo 2w
•Bitwise XOR
•Left, right circular rotation
Encryption
LE0 = A + S[0];
RE0 = B + S[1];
for i = 1 to r do
LEi = ((LEi-1 REi-1) <<< REi-1) + S[2i];
REi = ((REi-1 LEi) <<< LEi) + S[2i+1];
RC5 Decryption
for i = r downto 1 do
RDi-1 = ((RDi – S[2i+1] >>> LDi) LDi) ;
LDi-1 = ((LDi – S[2i] >>> Rdi-1) RDi-1) ;
B = RD0 - S[1];
A = LD0 - S[0];
RC5 Modes
To enhance the effectiveness of RC5 in interoperable
implementations, there are four different modes of
operation.
RFC2040 defines 4 modes used by RC5
RC5 Block Cipher, is ECB mode
RC5-CBC, is CBC mode
RC5-CBC-PAD, is CBC with padding by bytes with value
being the number of padding bytes
RC5-CTS, a variant of CBC which is the same size as the
original message, uses ciphertext stealing to keep size
same as original