03+分组密码—3DES及分组密码工作模式
合集下载
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
➢ characteristics of the seed
secure if known adversary can determine output so must be random or pseudorandom number27
Linear Congruential Generator
➢ properly designed, can be as secure as a block cipher with same size key
➢ but usually simpler & faster
34
RC4
➢ a proprietary cipher owned by RSA DSI ➢ another Ron Rivest design, simple but effective ➢ variable key size, byte-oriented stream cipher ➢ widely used (web SSL/TLS, wireless WEP/WPA) ➢ key forms random permutation of all 8-bit values ➢ uses that permutation to scramble input info
可并行 可与计算 可随机访问 可证明安全 加解密相似
明文不满一个 字,则丢尾巴
不用填充
Copyright by © 王鲲鹏
工作模式 反馈特征
CBC
CFB
Copyright by © 王鲲鹏
OFB
CRT
存储加密的特征和要求
1. 攻击者可随意获取密文 2. 明文密文的大小一样 3. 分组单位互相独立,可单独访问 4. 加密以16字节的分组为单位 5. 除数据分组外,无其他元数据 6. 不同地方的相同明文加密后得到不同密
29
Using Block Ciphers as PRNGs
➢ for cryptographic applications, can use a block cipher to generate random numbers
➢ often for creating session keys from master key ➢ CTR
Stream Cipher Structure
33
Stream Cipher Properties
➢ some design considerations are:
long period with no repetitions statistically random depends on large enough key large linear complexity
Copyright by © 王鲲鹏
解密
ECB的弱点:
相同的明文片段得 到相同的密文片段
原始文件
ECB模式加密后的文件
资料来C源op:yrigmht sbyd©n王.m鲲i鹏/en-us/magazine/cc163522.aspx,转载请注明
分组密码工作模式2:CBC
时刻 1
文,但再次写到相同位置时总是相同密文 7. 由一个同标准相容的设备加密数据
Copyright by © 王鲲鹏
面向存储设备的XTS-AES
Copyright by © 王鲲鹏
XTSAES
Copyright by © 王鲲鹏
Cryptography and Network Security
Chapter 7
processed a byte at a time
35
RC4 Key Schedule
➢ starts with an array S of numbers: 0..255 ➢ use key to well and truly shuffle ➢ S forms internal state of the cipher
➢ true random numbers provide this ➢ care needed with generated random numbers
24
Pseudorandom Number Generators (PRNGs)
➢ often use deterministic algorithmic techniques to create “random numbers”
xi = xi-12 mod n where n=p.q, and primes p,q=3 mod 4
➢ unpredictable, passes next-bit test ➢ security rests on difficulty of factoring N ➢ is unpredictable given any run of bits ➢ slow, since very large numbers must be used ➢ too slow for cipher use, good for key generation
➢ common iterative technique using:
Xn+1 = (aXn + c) mod m
➢ given suitable values of parameters can produce a long random-like sequence
➢ suitable criteria to have are:
计算机安全技术与实践
分组密码其他内容
2013年4月19日
信息安全国家重点实验室 王鲲鹏
双重DES,总密钥量 2112 bit
DES
DES
加密
DES-1
DES-1
解密
Copyright by © 王鲲鹏
双重DES,绝对不是一个DES
DES
DES
加密
≠
K3
DES-1
DES-1
解DES密
C
Copyright by © 王鲲鹏
although are not truly random can pass many tests of “randomness”
➢ known as “pseudorandom numbers” ➢ created by “Pseudorandom Number
Generators (PRNGs)”
Fifth Edition by William Stallings
Lecture slides by Lawrie Brown
22
Chapter 7 – Stream Ciphers and Random Number Generation
The comparatively late rise of the theory of probability shows how hard it is to grasp, and the many paradoxes show clearly that we, as humans, lack a well grounded intuition in this matter.
function generates a full-period generated sequence should appear random efficient implementation with 32-bit arithmetic
➢ note that an attacker can reconstruct sequence given a small number of values
Xi = EK[Vi]
➢ OFB
Xi = EK[Xi-1]
30
ANSI X9.17 PRG
31
Stream Ciphers
➢ process message bit by bit (as a stream) ➢ have a pseudo random keystream ➢ combined (XOR) with plaintext bit by bit ➢ randomness of stream key completely
➢ have possibilities for making this harder 28
Blum Blum Shub Generator
➢ based on public key algorithms ➢ use least significant bit from iterative equation:
• IV必须为收发双方共享 • IV必须受到保护
Copyright by © 王鲲鹏
分组密码工作模式3:CFB
Copyright by © 王鲲鹏
分组密码工作模式4:OFB
密文有一位取反, 则解密后的明文这 位也取反,即抗篡
改能力弱
Copyright by © 王鲲鹏
分组密码工作模式5:CTR
DES-1 加密
DES
DES-1
Copyright by © 王鲲鹏
DES 解密
DES-1
三重DES(三重密钥)
DES
K3
DES-1
Copyright © 王鲲鹏
DES-1 加密
DES 解密
K3
DES
DES-1
分组密码工作模式1:ECB
时刻 1
时刻 2
时刻 N
加密 解密
加密 加密 解密
加密 解密
In probability theory there is a great deal of art in setting up the model, in solving the problem, and in applying the results back to the real world actions that will follow.
➢ in all cases its critical that these values be
statistically random, uniform distribution, independent unpredictability of future values from previous values
P256
DES
256
C
中间相遇攻击,总计算量 256 bit
P
P
DES
1 DES
2
……
P
DES
256
C1
C2
……
C256
记录
查记录 P256
DES
256
C
Copyright by © 王鲲鹏
中间相遇攻击,结果
P
DES
2
DES C
Copyright by © 王鲲鹏
256
三重DES(双密钥)
DES
25
Random & Pseudorandom Number Generators
26
PRNG Requirements
➢ randomness
uniformity, scalability, consistency
➢ unpredictability
forward & backward unpredictability use same tests to check
— The Art of Probability, Richard Hammin23g
Random Numbers
➢ many uses of random numbers in cryptography
nonces in authentication protocols to prevent replay session keys public key generation keystream for a one-time pad
时刻 2
时刻 N
加密 解密
加密 加密
解密
加密 解密
Copyright by © 王鲲鹏
解密
CBC模式加密的优点
原始文件
CBC模式加密后的文件
资料来C源op:yrigmht sbyd©n王.m鲲i鹏/en-us/magazine/cc163522.aspx,转载请注明
CBC模式的弱点
destroys statistically properties in message
Ci = Mi XOR StreamKeyi
➢ but must never reuse stream key
otherwise can recover messages (cf book cipher)
32
中间相遇攻击,恢复密钥
P
DES DES
???? ????
(P,C)是一个明密文对
C
Copyright by © 王鲲鹏
中间相遇攻击,原理
P
P
DES
1 DES
2
……
C1
C2
C2 = P256
P1
P1
DES
1 DES
2
……
C
C
K1=1
Copyright by © 王鲲鹏
K2=256
P
DES
256
C256
secure if known adversary can determine output so must be random or pseudorandom number27
Linear Congruential Generator
➢ properly designed, can be as secure as a block cipher with same size key
➢ but usually simpler & faster
34
RC4
➢ a proprietary cipher owned by RSA DSI ➢ another Ron Rivest design, simple but effective ➢ variable key size, byte-oriented stream cipher ➢ widely used (web SSL/TLS, wireless WEP/WPA) ➢ key forms random permutation of all 8-bit values ➢ uses that permutation to scramble input info
可并行 可与计算 可随机访问 可证明安全 加解密相似
明文不满一个 字,则丢尾巴
不用填充
Copyright by © 王鲲鹏
工作模式 反馈特征
CBC
CFB
Copyright by © 王鲲鹏
OFB
CRT
存储加密的特征和要求
1. 攻击者可随意获取密文 2. 明文密文的大小一样 3. 分组单位互相独立,可单独访问 4. 加密以16字节的分组为单位 5. 除数据分组外,无其他元数据 6. 不同地方的相同明文加密后得到不同密
29
Using Block Ciphers as PRNGs
➢ for cryptographic applications, can use a block cipher to generate random numbers
➢ often for creating session keys from master key ➢ CTR
Stream Cipher Structure
33
Stream Cipher Properties
➢ some design considerations are:
long period with no repetitions statistically random depends on large enough key large linear complexity
Copyright by © 王鲲鹏
解密
ECB的弱点:
相同的明文片段得 到相同的密文片段
原始文件
ECB模式加密后的文件
资料来C源op:yrigmht sbyd©n王.m鲲i鹏/en-us/magazine/cc163522.aspx,转载请注明
分组密码工作模式2:CBC
时刻 1
文,但再次写到相同位置时总是相同密文 7. 由一个同标准相容的设备加密数据
Copyright by © 王鲲鹏
面向存储设备的XTS-AES
Copyright by © 王鲲鹏
XTSAES
Copyright by © 王鲲鹏
Cryptography and Network Security
Chapter 7
processed a byte at a time
35
RC4 Key Schedule
➢ starts with an array S of numbers: 0..255 ➢ use key to well and truly shuffle ➢ S forms internal state of the cipher
➢ true random numbers provide this ➢ care needed with generated random numbers
24
Pseudorandom Number Generators (PRNGs)
➢ often use deterministic algorithmic techniques to create “random numbers”
xi = xi-12 mod n where n=p.q, and primes p,q=3 mod 4
➢ unpredictable, passes next-bit test ➢ security rests on difficulty of factoring N ➢ is unpredictable given any run of bits ➢ slow, since very large numbers must be used ➢ too slow for cipher use, good for key generation
➢ common iterative technique using:
Xn+1 = (aXn + c) mod m
➢ given suitable values of parameters can produce a long random-like sequence
➢ suitable criteria to have are:
计算机安全技术与实践
分组密码其他内容
2013年4月19日
信息安全国家重点实验室 王鲲鹏
双重DES,总密钥量 2112 bit
DES
DES
加密
DES-1
DES-1
解密
Copyright by © 王鲲鹏
双重DES,绝对不是一个DES
DES
DES
加密
≠
K3
DES-1
DES-1
解DES密
C
Copyright by © 王鲲鹏
although are not truly random can pass many tests of “randomness”
➢ known as “pseudorandom numbers” ➢ created by “Pseudorandom Number
Generators (PRNGs)”
Fifth Edition by William Stallings
Lecture slides by Lawrie Brown
22
Chapter 7 – Stream Ciphers and Random Number Generation
The comparatively late rise of the theory of probability shows how hard it is to grasp, and the many paradoxes show clearly that we, as humans, lack a well grounded intuition in this matter.
function generates a full-period generated sequence should appear random efficient implementation with 32-bit arithmetic
➢ note that an attacker can reconstruct sequence given a small number of values
Xi = EK[Vi]
➢ OFB
Xi = EK[Xi-1]
30
ANSI X9.17 PRG
31
Stream Ciphers
➢ process message bit by bit (as a stream) ➢ have a pseudo random keystream ➢ combined (XOR) with plaintext bit by bit ➢ randomness of stream key completely
➢ have possibilities for making this harder 28
Blum Blum Shub Generator
➢ based on public key algorithms ➢ use least significant bit from iterative equation:
• IV必须为收发双方共享 • IV必须受到保护
Copyright by © 王鲲鹏
分组密码工作模式3:CFB
Copyright by © 王鲲鹏
分组密码工作模式4:OFB
密文有一位取反, 则解密后的明文这 位也取反,即抗篡
改能力弱
Copyright by © 王鲲鹏
分组密码工作模式5:CTR
DES-1 加密
DES
DES-1
Copyright by © 王鲲鹏
DES 解密
DES-1
三重DES(三重密钥)
DES
K3
DES-1
Copyright © 王鲲鹏
DES-1 加密
DES 解密
K3
DES
DES-1
分组密码工作模式1:ECB
时刻 1
时刻 2
时刻 N
加密 解密
加密 加密 解密
加密 解密
In probability theory there is a great deal of art in setting up the model, in solving the problem, and in applying the results back to the real world actions that will follow.
➢ in all cases its critical that these values be
statistically random, uniform distribution, independent unpredictability of future values from previous values
P256
DES
256
C
中间相遇攻击,总计算量 256 bit
P
P
DES
1 DES
2
……
P
DES
256
C1
C2
……
C256
记录
查记录 P256
DES
256
C
Copyright by © 王鲲鹏
中间相遇攻击,结果
P
DES
2
DES C
Copyright by © 王鲲鹏
256
三重DES(双密钥)
DES
25
Random & Pseudorandom Number Generators
26
PRNG Requirements
➢ randomness
uniformity, scalability, consistency
➢ unpredictability
forward & backward unpredictability use same tests to check
— The Art of Probability, Richard Hammin23g
Random Numbers
➢ many uses of random numbers in cryptography
nonces in authentication protocols to prevent replay session keys public key generation keystream for a one-time pad
时刻 2
时刻 N
加密 解密
加密 加密
解密
加密 解密
Copyright by © 王鲲鹏
解密
CBC模式加密的优点
原始文件
CBC模式加密后的文件
资料来C源op:yrigmht sbyd©n王.m鲲i鹏/en-us/magazine/cc163522.aspx,转载请注明
CBC模式的弱点
destroys statistically properties in message
Ci = Mi XOR StreamKeyi
➢ but must never reuse stream key
otherwise can recover messages (cf book cipher)
32
中间相遇攻击,恢复密钥
P
DES DES
???? ????
(P,C)是一个明密文对
C
Copyright by © 王鲲鹏
中间相遇攻击,原理
P
P
DES
1 DES
2
……
C1
C2
C2 = P256
P1
P1
DES
1 DES
2
……
C
C
K1=1
Copyright by © 王鲲鹏
K2=256
P
DES
256
C256