Modern Symmetric Ciphers

Dr. Greg Bernstein

February 19th, 2021

The Advanced Encryption Standard (AES)


What Symmetric Algorithms are Currently Used?

What is AES?

From Wikipedia: AES

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

In the United States, AES was announced by the NIST as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001. This announcement followed a five-year standardization process in which fifteen competing designs were presented and evaluated, before the Rijndael cipher was selected as the most suitable.

AES Characteristics

  • AES is an open standard. The details of its operation has been public for over 20 years.

  • " is the first (and only) publicly accessible cipher approved by the U.S. National Security Agency (NSA) for top secret information when used in an NSA approved cryptographic module."

  • AES is very efficient (fast, easy to implement in hardware and software)

AES is a Block Cipher 1

From Wikipedia: Block Cipher

  • Encryption: \(E_K(P) := E(K,P): \{0,1\}^k \times \{0,1\}^n \rightarrow \{0,1\}^n\)

  • Where \(K\) is the key of length \(k\) bits, \(P\) is the plaintext of length \(n\) bits

  • Decryption: \(E_K^{-1}(C) := D_K(C) = D(K,C): \{0,1\}^k \times \{0,1\}^n \rightarrow \{0,1\}^n\)

AES is a Block Cipher 2

  • AES is a block cipher it works on blocks of 128 bits (16 bytes) and uses key sizes of 128 bits (16 bytes), 192 bits (24 bytes), or 256 bits (32 bytes)

  • From Wikipedia: AES: “AES is based on a design principle known as a substitution–permutation network, and is efficient in both software and hardware.”


From Wikipedia

SP Network

AES is a Block Cipher 3

  • Block Ciphers are used via certain block cipher modes of operation which must be carefully used to get the full protection of the algorithm.

  • The length of the key is vital to the security of the algorithm, you should never directly use “text” as a key to a block cipher.

Hands on AES with Python

Cryptography in Python

Testing AES Encryption in Python

AES is well known with published examples

from cryptography.hazmat.primitives.ciphers import (Cipher, algorithms, modes)
plaintext = bytes.fromhex("00112233445566778899aabbccddeeff")
key = bytes.fromhex("000102030405060708090a0b0c0d0e0f")
encryptor = Cipher(algorithms.AES(key), modes.ECB()).encryptor()
ciphertext = encryptor.update(plaintext)
# Expected output: 69c4e0d86a7b0430d8cdb78070b4c55a

Testing AES Decryption in Python

decryptor = Cipher(algorithms.AES(key), modes.ECB()).decryptor()
dtext = decryptor.update(ciphertext)

Test a larger Key (256 bits)

plaintext = bytes.fromhex("00112233445566778899aabbccddeeff")
key = bytes.fromhex("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f")
encryptor = Cipher(algorithms.AES(key), modes.ECB()).encryptor()
ciphertext = encryptor.update(plaintext)
# Expected output: 8ea2b7ca516745bfeafc49904b496089

Encrypting an Image

  • We saw with our homemade substitution cipher that we could see patterns in the ciphertext
  • AES works with block of 16 bytes so we probably would not see pattern in “text” based ciphertext
  • What about an image?

Reading Images in Python

Will use matplotlib and numpy to get an image

import matplotlib.pyplot as plt
import matplotlib.image as mpimg
import numpy as np
img = mpimg.imread('test.jpg')

My Test Image

Screen shot of the Image tutorial page

Test Image

Image as an Array of Bytes 1

print(f"The image size in bytes: {img.size}")
print(f"The number of dimensions in the image array: {img.ndim}")
print(f"The size of each image dimension: {img.shape}")
print(f"The type of data in the image arra: {img.dtype}")

Image as an Array of Bytes 2

  • The image size is 3,117,102 bytes Why so big?
  • The image array has 3 dimensions(!) with sizes: (739, 1406, 3) Why?
  • The type of data in array is an unsigned 8 bit integer (a raw byte)
  • Interpretation: height of 739 pixels, width of 1406 pixels. Each pixel’s color is specified by a combination of three bytes RGB

Encrypting the Image Array

  • As a block cipher AES works on 128 bits (16 bytes) at a time
  • we will need to group together 16 bytes at a time.
  • We’ll group 4x4 blocks of pixels and encrypt each color separately to get a block of 128 bits.

Python Image Array Encryption

Not to be used for security!!!

def jpgEncrypt(npimg, encrypt=True):
    shape = npimg.shape
    # Chop off rows and columns to be a multiple of 4
    nshape = ((shape[0]//4)*4, (shape[1]//4)*4, shape[2])
    cimg = np.ndarray(nshape, np.uint8)
    # Encrypt by block
    for i in range(0, nshape[0]//4):
        for j in range(0, nshape[1]//4):
            for k in range(0, 3):
                mybytes = npimg[4*i:4*(i + 1), 4*j:4*(j+1), k].tobytes()
                if encrypt:
                    cbytes = encryptor.update(mybytes)
                    cbytes = decryptor.update(mybytes)
                deserialized_bytes = np.frombuffer(cbytes, dtype=np.uint8)
                cimg[4*i:4*(i + 1), 4*j:4*(j+1), k] = np.reshape(deserialized_bytes, newshape=(4, 4))
    return cimg

Image Encryption Result

This is suitable for “top secret” information?

ECB Test

What Went Wrong?

The image (uncompressed) has lots of 128 bit blocks with the same information, i.e., groups of identical 4x4 pixels, the block encryption algorithm processes these into exactly the same new blocks of information!

I guess we can’t use AES?

Block Cipher Modes (BCM) of Operation

The Use of Block Ciphers

From Block cipher mode of operation

A block cipher by itself is only suitable for the secure cryptographic transformation (encryption or decryption) of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher’s single-block operation to securely transform amounts of data larger than a block.

BCM References

Confidentiality Only Modes I

Just a sample, there are more…

  • Electronic Code Book (ECB)
  • Cipher Block Chaining (CBC) “CBC has been the most commonly used mode of operation…”
  • Cipher Feed Back (CFB)
  • Output Feed Back (OFB) “allows many error-correcting codes to function normally even when applied before encryption”
  • Counter Mode (CTR)

Confidentiality Only Modes II

Mode Encrypt Parallel Decrypt Parallel Random Read Stream
ECB Yes Yes Yes No
CBC No Yes Yes No
CFB No Yes Yes Yes
OFB No No No Yes
CTR Yes Yes Yes Yes

Electronic Code Book (ECB) I

From Wikipedia: Block cipher mode of operation

ECB diagram

Electronic Code Book (ECB) II

From Wikipedia: Block cipher mode of operation

The disadvantage of this method is a lack of diffusion. Because ECB encrypts identical plaintext blocks into identical ciphertext blocks, it does not hide data patterns well. ECB is not recommended for use in cryptographic protocols

Cipher Block Chaining (CBC)

From Wikipedia: Block cipher mode of operation

CBC diagram

Initialization Vectors

From Wikipedia: Block cipher mode of operation

An initialization vector (IV) is a block of bits that is used by several modes to randomize the encryption and hence to produce distinct ciphertexts even if the same plaintext is encrypted multiple times.

An initialization vector has different security requirements than a key, so the IV usually does not need to be secret. For most block cipher modes it is important that an initialization vector is never reused under the same key, i.e. it must be a cryptographic nonce. Many block cipher modes have stronger requirements, such as the IV must be random or pseudorandom.

AES-CBC in Python

# Set up encryptor and decryptor
key = bytes.fromhex("000102030405060708090a0b0c0d0e0f")
# Need to set the initialization vetor
iv = bytes.fromhex("e0e1e2f3f4a5a6a7b8b90a0b0c0d0e0f")
encryptor = Cipher(algorithms.AES(key), modes.CBC(iv)).encryptor()
decryptor = Cipher(algorithms.AES(key), modes.CBC(iv)).decryptor()

Result of AES-CBC Image Encryption

When I use AES with CBC to encrypt my screen shot I get:

CBC Test

Counter Mode (CTR)

From Wikipedia: Block cipher mode of operation

CTR Diagram

The nonce is like an initialization vector

Other Important Modes

  • Galois Counter Mode (GCM): Provides confidentiality and authenticity (integrity) and is fast (newest), option in WPA3, TLS, SSH
  • CCM: Provides confidentiality and authenticity used in WPA2, TLS
  • XTS: “…designed to protect the confidentiality of data on block-oriented storage devices without providing authentication, in order to avoid expansion of the data;” See Wikipedia: Disk Encryption for all the software/products using this mode.
// reveal.js plugins