1 Chapter 3 – Block Ciphers Chapter 3 – Block Ciphers and the Data Encryption and the Data Encryption Standard Standard Modern Block Ciphers Modern Block Ciphers now look at modern block now look at modern block ciphers ciphers one of the most widely used one of the most widely used types of cryptographic types of cryptographic algorithms algorithms provide secrecy /authentication provide secrecy /authentication services services focus on DES (Data Encryption focus on DES (Data Encryption
31
Embed
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers now look at modern block ciphers one of the most widely used types.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
11
Chapter 3 – Block Ciphers and Chapter 3 – Block Ciphers and the Data Encryption Standardthe Data Encryption Standard
Modern Block CiphersModern Block Ciphers
now look at modern block ciphersnow look at modern block ciphersone of the most widely used types of one of the most widely used types of cryptographic algorithms cryptographic algorithms provide secrecy /authentication servicesprovide secrecy /authentication servicesfocus on DES (Data Encryption Standard)focus on DES (Data Encryption Standard)to illustrate block cipher design principlesto illustrate block cipher design principles
22
Block vs Stream CiphersBlock vs Stream Ciphers
block ciphers process messages in blocks, block ciphers process messages in blocks, each of which is then en/decrypted each of which is then en/decrypted
like a substitution on very big characterslike a substitution on very big characters 64-bits or more 64-bits or more
stream ciphers stream ciphers process messages a bit or process messages a bit or byte at a time when en/decryptingbyte at a time when en/decrypting
many current ciphers are block ciphersmany current ciphers are block ciphers broader range of applicationsbroader range of applications
33
Block Cipher PrinciplesBlock Cipher Principles
most symmetric block ciphers are based on a most symmetric block ciphers are based on a Feistel Cipher StructureFeistel Cipher Structure
must be able to must be able to decryptdecrypt ciphertext to recover ciphertext to recover messages efficientlymessages efficiently
block ciphers look like an extremely large block ciphers look like an extremely large substitution substitution
would need a table of 2would need a table of 26464 entries for a 64-bit entries for a 64-bit block block
instead create from smaller building blocks instead create from smaller building blocks using idea of a product cipher using idea of a product cipher
44
Ideal Block CipherIdeal Block Cipher
55
Claude Shannon and Substitution-Claude Shannon and Substitution-Permutation CiphersPermutation Ciphers
Claude Shannon introduced idea of substitution-Claude Shannon introduced idea of substitution-permutation (S-P) networks in 1949 paperpermutation (S-P) networks in 1949 paper
form basis of modern block ciphers form basis of modern block ciphers S-P nets are based on the two primitive S-P nets are based on the two primitive
cryptographic operations seen before: cryptographic operations seen before: substitutionsubstitution (S-box) (S-box) permutation permutation (P-box)(P-box)
provide provide confusionconfusion & & diffusiondiffusion of message & key of message & key
66
Confusion and DiffusionConfusion and Diffusion
cipher needs to completely obscure cipher needs to completely obscure statistical properties of original messagestatistical properties of original message
a one-time pad does thisa one-time pad does this more practically Shannon suggested more practically Shannon suggested
combining S & P elements to obtain:combining S & P elements to obtain: diffusiondiffusion – dissipates statistical structure – dissipates statistical structure
of plaintext over bulk of ciphertextof plaintext over bulk of ciphertext confusionconfusion – makes relationship between – makes relationship between
ciphertext and key as complex as possibleciphertext and key as complex as possible
77
Feistel Cipher StructureFeistel Cipher Structure
Horst Feistel devised the Horst Feistel devised the feistel cipherfeistel cipher based on concept of invertible product cipherbased on concept of invertible product cipher
partitions input block into two halvespartitions input block into two halves process through multiple rounds whichprocess through multiple rounds which perform a substitution on left data halfperform a substitution on left data half based on round function of right half & subkeybased on round function of right half & subkey then have permutation swapping halvesthen have permutation swapping halves
implements Shannon’s S-P net conceptimplements Shannon’s S-P net concept
88
Feistel Cipher StructureFeistel Cipher Structure
99
Feistel Cipher Design ElementsFeistel Cipher Design Elements
block size block size key size key size number of rounds number of rounds subkey generation algorithmsubkey generation algorithm round function round function fast software en/decryptionfast software en/decryption ease of analysisease of analysis
IBM developed Lucifer cipherIBM developed Lucifer cipher by team led by Feistel in late 60’sby team led by Feistel in late 60’s used 64-bit data blocks with 128-bit keyused 64-bit data blocks with 128-bit key
then redeveloped as a commercial cipher then redeveloped as a commercial cipher with input from NSA and otherswith input from NSA and others
in 1973 NBS issued request for proposals in 1973 NBS issued request for proposals for a national cipher standardfor a national cipher standard
IBM submitted their revised Lucifer which IBM submitted their revised Lucifer which was eventually accepted as the DESwas eventually accepted as the DES
1212
The same algorithm is used both to encipher anThe same algorithm is used both to encipher and to decipher.d to decipher.
Most widely used cipher everMost widely used cipher ever Security based on Shannon’s Theory Security based on Shannon’s Theory
Confusion : a piece of information is changed so that tConfusion : a piece of information is changed so that the output bits have no obvious relationship to the inpuhe output bits have no obvious relationship to the input bits.t bits.
Disfussion : To spread the effect of one plaintext bit to Disfussion : To spread the effect of one plaintext bit to
other bits in the ciphertextother bits in the ciphertext..
Each S-box SEach S-box Sjj maps a 6-bit block maps a 6-bit block bb11bb22bb33bb44bb55bb66 int int
o a 4-bit block. (In: 6 bits, Out: 4 bits)o a 4-bit block. (In: 6 bits, Out: 4 bits) The integer corresponding to The integer corresponding to bb11bb66 selects a row selects a row
and the integer corresponding to and the integer corresponding to bb22bb33bb44bb55 selects selects
a column.a column. Example: (100001)Example: (100001)22 for S-box 1 for S-box 1
Row # = (11)Row # = (11)22= 3 and Column # = (0000)= 3 and Column # = (0000)22= 0 Ou= 0 Ou
Deciphering is performed using the same Deciphering is performed using the same algorithm, except that algorithm, except that KK1616 is used in the first is used in the first
iteration, iteration, KK1515 in the second iteration, and so on. in the second iteration, and so on.
The last round of enciphering:The last round of enciphering:R 15L 15
R 16 = L 15 f (R 1 5 , K 1 6) L 1 6 = R 15
K 16f
IP -1
output
2727
Deciphering Deciphering
The first round of deciphering:The first round of deciphering:
IP
L 0 R 0
R 1 = L 0 f (R 0 , K 1 6)L 1 = R 0
K 16f
2828
Deciphering Deciphering The last round of enciphering:The last round of enciphering:
LELE1616 = = RERE1515
RERE1616 = = LELE1515 ff((RERE1515, , KK1616)) The first round of deciphering:The first round of deciphering:
Thus, the output of the first round of deciphering is the swap of the Thus, the output of the first round of deciphering is the swap of the input to the sixteenth round of the enciphering. input to the sixteenth round of the enciphering.
2929
The order of subkeys is the reverse order (kThe order of subkeys is the reverse order (k1616, k, k11
Complements: If C= EComplements: If C= Ekk(P), then ¬C= E(P), then ¬C= Ekk(¬P), where ¬x i(¬P), where ¬x i
s the cpmplement of x.s the cpmplement of x. Reduce the complexity for finding keys from 2^56 to 2Reduce the complexity for finding keys from 2^56 to 2
^55.^55. Weak Keys(4):Weak Keys(4):
56 bits key left and right half are all 0 or 1,then it woul56 bits key left and right half are all 0 or 1,then it would cause all subkeys are the same.d cause all subkeys are the same.
3131
Semi-Weak Keys:Semi-Weak Keys: the encryption using two different keys could get the sathe encryption using two different keys could get the sa
me result [Eme result [Ekk(P)= E(P)= Ekk’(P)]’(P)]