Integrity of Documents and Messages Detection of corrupted documents and messages Detection of bit errors caused by unreliable transmission links or faulty storage media Solution: Message Digest acting as a unique fingerprint for the document(similar function as CRC) Protection against unauthorized modification Without protection a forger could create both an alternative document and its corresponding correct message digest Symmetric Key Solution: Message Authentication Code (MAC) formed by using a keyed message digest function Asymmetric Key Solution: Digital Signature formed by encrypting the message digest with the document authors private key
Integrity of Documents and Messages • Detection of corrupted documents and messages – Detection of bit errors caused by unreliable transmission links or faulty storage media. – Solution: Message Digest acting as a unique fingerprint for the document (similar function as CRC). • Protection against unauthorized modification – Without protection a forger could create both an alternative document and its corresponding correct message digest. – Symmetric Key Solution: Message Authentication Code (MAC) formed by using a keyed message digest function. – Asymmetric Key Solution: Digital Signature formed by encrypting the message digest with the document author‘ s private key
Block cipher Definition An n-bit block cipher is a function E:Vn×KVn, uch that for each key K∈K E(P; K )is an invertible mapping( the encryption function for k) from vn to Vn, written Ex(P). The inverse mapping is the decryption function, denoted DK(C). p denotes that ciphertext results from encrypting plaintext P under k
Block cipher Definition An n-bit block cipher is a function E : VnK→Vn , such that for each key K K, E(P;K) is an invertible mapping (the encryption function for K) from Vn to Vn , written EK (P). The inverse mapping is the decryption function, denoted DK (C). P denotes that ciphertext results from encrypting plaintext P under K
Iterating Block ciphers Definition A product cipher combines two or more transformations in a manner intending that the resulting ipher is more secure than the individual components Definition An iterated block cipher is a block cipher involving the sequential repetition of an internal function called a round function. Parameters include the number of rounds nr the block bitsize n and the bitsize k of the input key K from which Nr subkeys Ki (round keys)are derived. For invertibility(allowing unique decryption), for each value Ki the round function is a bijection on the round input
Iterating Block ciphers Definition A product cipher combines two or more transformations in a manner intending that the resulting cipher is more secure than the individual components. Definition An iterated block cipher is a block cipher involving the sequential repetition of an internal function called a round function. Parameters include the number of rounds Nr, the block bitsize n, and the bitsize k of the input key K from which Nr subkeys Ki (round keys) are derived. For invertibility (allowing unique decryption), for each value Ki the round function is a bijection on the round input
Substitution-Permutation networks: SPN Definition A substitution-permutation(SP)network is a product cipher composed of a number of stages each nvolving substitutions and permutations Substitution to;{01÷{01y Permutation Tp:{1,…,m}{1,…m The plaintext has Im bits X=XulI.. lIX Whe.0=(x/+1,…,X) The spn has Nr rounds, in which we perform on X m substitutionsπ s followed by one permutation兀p to get the ciphertext y
Substitution-Permutation Networks: SPN • Substitution pS : {0,1}l → {0,1}l • Permutation pP : {1, …,lm} → {1, …,lm} The plaintext has lm bits: x = x(1)|| . . . ||x(m) where: x(i)= (x(i-1)l+1 , . . . , xil ) The SPN has Nr rounds, in which we perform on x m substitutions pS followed by one permutation pP , to get the ciphertext y. Definition A substitution-permutation (SP) network is a product cipher composed of a number of stages each involving substitutions and permutations
Linear Cryptanalysis Linear cryptanalysis tries to take advantage of high probability occurrences of linear expressions involving plaintext bits, ciphertext" bits(actually we shall use bits from the 2nd last round output), and subkey bits It is a known plaintext attack
Linear Cryptanalysis • Linear cryptanalysis tries to take advantage of high probability occurrences of linear expressions involving plaintext bits, "ciphertext" bits (actually we shall use bits from the 2nd last round output), and subkey bits. • It is a known plaintext attack