Symmetric key cryptograph A-B B plaintext encryption-ciphertext decryption plaintext message, m algorithm algorithm A A-B、A-B symmetric key crypto: Bob and Alice share know same (symmetric) key: K A-B D eg, key is knowing substitution pattern in mono alphabetic substitution cipher 0 Q: how do bob and alice agree on key value Network Security 7-11
Network Security 7-11 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value? ciphertext plaintext KA-B encryption algorithm decryption algorithm A-B KA-B plaintext message, m K (m) A-B K (m) A-B m = K ( ) A-B
Symmetric key crypto: DES DES: Data Encryption Standard o US encryption standard [nIst 1993] 0 56-bit symmetric key, 64-bit plaintext input g How secure is dES? o DES Challenge: 56-bit-key-encrypted phrase CStrong cryptography makes the world a safer place" )decrypted(brute force)in 4 months o no known backdoor"decryption approach o making des more secure: o use three keys sequentially (3-DES)on each datum o use cipher-block chaining Network Security 7-12
Network Security 7-12 Symmetric key crypto: DES DES: Data Encryption Standard US encryption standard [NIST 1993] 56-bit symmetric key, 64-bit plaintext input How secure is DES? DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 months no known “backdoor” decryption approach making DES more secure: use three keys sequentially (3-DES) on each datum use cipher-block chaining
64-bit input 56bit key termite Symmetric Key L1 RI crypto: DES 48-bit KI fILL, RL, KID DES operation 12R2 initial permutation 48-bit K2 2R2K2 16 identical"rounds"of function application 13 each using different 48 bits of key final permutation 48-bit K16 t7R17 permu:e 64-bit output Network Security 7-13
Network Security 7-13 Symmetric key crypto: DES initial permutation 16 identical “rounds” of function application, each using different 48 bits of key final permutation DES operation
AES: Advanced Encryption Standard o new(Nov 2001) symmetric-key NIST standard, replacing des O processes data in 128 bit blocks 0128, 192, or 256 bit keys o brute force decryption(try each key) taking 1 sec on des, takes 149 trillion years for AES Network Security 7-14
Network Security 7-14 AES: Advanced Encryption Standard new (Nov. 2001) symmetric-key NIST standard, replacing DES processes data in 128 bit blocks 128, 192, or 256 bit keys brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES
Public Key cryptography symmetric key crypto public key cryptography o requires sender, 口 radically different receiver know shared approach [Diffie secret key HelIman76, RSA781 oQ: how to agree on key o sender, receiver do in first place not share secret key (particularly if never 口 public encryption key met)? known to all 口 private decryption key known only to receiver Network Security 7-15