Top Banner
Modern Block ciphers
25
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Block Ciphers

Modern Block ciphers

Page 2: Block Ciphers

A symmetric classification

1 …… 1 …… 0 …… 0 …… 0

E

1……... 1…….. 1……. 0……. 1

100110110100010111010010

E E E E

100110110100010111010010

110010011101010010001001

100110 110100 010111

E E E E

110010 011101 010010

… … … …

Stream cipher Block cipher

1100100111010100100010011

Page 3: Block Ciphers

Stream cipher A stream cipher is a method of encrypting text (to produce ciphertext) in which a

cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time. This method is not much used in modern cryptography. A key stream generator produces a stream of keys which are then used with plaintext to form the cipher text. Example: one time pad, affine cipher.

keystream K1,K2,…,Kn

plaintext bits P1,P2,…,Pn

+ P1 K1,P2 K2,…,Pn Kn

ciphertext bits

Keystream

generator key

Page 4: Block Ciphers

Advantage: -Less implementation cost. - stream ciphers work on only a few bits at a time that’s why they have relatively low memory requirements - It is suitable for H/W implementation. Disadvantage: - Stream ciphers are more difficult to implement correctly. - stream ciphers do not provide integrity protection or authentication. - As the stream ciphers are individually encrypted with not connection to other chunks of data, error correction are more difficult.

Page 5: Block Ciphers

Block cipher

A block cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to a block of data at once as a group rather than to one bit at a time. Example : DES, Hill Cipher.

Advantage :

- It is used for S/W implementation.

- More suitable In trading applications.

- In the real world block ciphers seem to be more general

- It is some what faster than stream cipher each time n characters

executed.

Disadvantage:

- It’s required more memory space.

- required large number of coding for implementation.

block of ciphertext Encryption

algorithm

encryption key

block of plaintext

Page 6: Block Ciphers

Block Cipher Principles

There are three critical aspects of block cipher design: Feistel Cipher Stractute, and Shannon Product Cipher.

Feistel Cipher Stracture

Number of Rounds:

The greater the number of rounds, the more difficult it is to perform cryptanalysis, even for a relatively weak F. In general, the criterion should be that the number of rounds is chosen so that known cryptanalytic efforts require greater effort than a simple brute-force key search attack. This criterion was certainly used in the design of DES.

Design of Function F:

The function F provides the element of confusion in a Feistel cipher. Thus, it must be difficult to"unscramble" the substitution performed by F.

Key Schedule Algorithm :

A final area of block cipher design, and one that has received less attention than S-box design, is the key schedule algorithm. With any Feistel block cipher, the key is used to generate one subkey for each round.

Shannon Product Cipher : Confusion and diffusion.

Page 7: Block Ciphers

Components of modern block cipher A modern block cipher is made of a combination of transposition unit (Called P-box ) and substitution units (S-box) and some special operation. Shannon introduced idea of substitution-permutation (S-P) networks in 1949. In block ciphers, the S-boxes and P-Boxes are used to make the relation between the plaintext and the ciphertext difficult to understand

P-box: In cryptography, a permutation box (or P-box) is a method of bit-shuffling used to permute or transpose bits across inputs. P-boxes are typically classified as compression, expansion, and straight, according as the number of output bits is less than, greater than, or equal to the number of input bits. Only straight P-boxes are invertible.

1 2 3 4 5

1 2 3 4 5

1 2 3 4 5

1 2 3

1 2 3

1 2 3 4 5

Page 8: Block Ciphers

S-box: The S-box can have different number of inputs and outputs. In other words, the input to an S-box could be an n-bit word, but the output can be an m bit word where n and m are not necessarily same. S box may be keyed or keyless .

0 1 2 3 4 5 6 7 8 9 A B C D E F

E 4 D 1 2 F B 8 3 A 6 C 5 9 0 7

Other operations:

Exclusive OR

Compliment

Inverse

Circular Shift

Swap

Split and Combine

Page 9: Block Ciphers

Diffusion and Confusion Shannon’s idea in introducing the product cipher was enable the block ciphers to have two important properties: Diffusion and Confusion. Diffusion: Hide the relationship between the ciphertext and the plaintext. This will frustrated the adversary who uses ciphertext statistics to find the plaintext.

– Dissipate statistical structure of the plaintext into long-range statistics of the ciphertext

– Spread the statistics over a range of bits, i.e., let each part of the plaintext affect a large part of the ciphertext, thus making the statistical relationship as difficult as possible

– Control frequency analysis – Can be achieved by repeatedly performing some permutation followed by

applying a function to that permutation

• Confusion – Hide the relationship between the ciphertext and key as difficult as

possible – If a single bit in a key is changed, most or all bits in the ciphertext also

be changed – Control attempts to discover the key – Can be achieved by using a complex, non-linear, substitution operation

(S-box)

Page 10: Block Ciphers

Motivation for Feistel cipher stricture -The Feistel cipher structure has the advantage that encryption and decryption operations are very similar, requiring only a reversal of key schedule. Therefore the size of the code to implement such cipher is nearly halved.

-Feistel construction is iterative on nature which makes implementing the cryptosystem in hardware easier.

-Feistel networks reversible in nature

-Feistel networks are combination of multiple rounds of repeat operation such as :

-Bit –Shuffling

-- Substitution box.

--Linear mixing (XOR operation)

Reversible Mapping

Plaintext Ciphertext

00 11

01 10

10 00

11 01

irreversible Mapping

Plaintext Ciphertext

00 11

01 10

10 00

11 01

Page 11: Block Ciphers

Feistel Cipher Structure • German IBM cryptographer Horst Feistel invented the

feistel cipher

– based on concept of invertible product cipher

– Feistel cipher is a type of block cipher designed, not a

specific cipher.

• partitions input block into two halves

– process through multiple rounds(1,2,3,….n) which

– Divides the data in two halves

– perform a substitution on left data half

– based on round function of right half & subkey

– then have permutation swapping halves

• implements Shannon’s S-P net concept

Page 12: Block Ciphers

Feistel Cipher The input to a feistel structure is a plaintext box of n bits and a key K. The input key is broken down into two halves, L0 and R0 . The two halves of the data pass through r rounds of processing and the combined to produce the ciphertext block. Each round i has input Li-1 and Ri-1 , derived from previous round, as well as a sub key k derived from the over all key K. In general, subkey ki is different from K and from each other. In this cipher, a substitution is performed via the round function F and permutation is performed that interchanges the two halves of data.

Page 13: Block Ciphers

Feistel Cipher Structure

Page 14: Block Ciphers

Encryption and decipher procedure 1. Divide the input into two halves(L0, R0) .The length of L0 and R0 will be

same.

2. For each round i=1,2,3……….n compute

Li=Ri-1

Ri= Li-1 + F(Ri-1 + Ki)

Where F is the round function and Ki is the subkey of the round i

3. Ciphertext C= (Ln, Rn)

Decipherment:

1. Start with the cipher text C=(Ln, Rn)

2. For each round i= n, n-1…….2,1

Ri-1 =L1

Li-1= Ri+ F(Li+Ki)

Where F is the round function and Ki is the subkey of the round i

3. Plaintext P=(L0, R0)

Page 15: Block Ciphers

Feistel Cipher Decryption

Page 16: Block Ciphers

Feistel Cipher Design Elements block size : Larger block sizes mean greater security (all other things being equal) but reduced encryption/decryption speed for a given algorithm. The greater security is achieved by greater diffusion Traditionally, a block size of 64 bits has been considered a reasonable tradeoff and was nearly universal in block cipher design.

Key size: Larger key size means greater security but may decrease encryption/decryption speed. The greater security is achieved by greater resistance to brute-force attacks and greater confusion. Key sizes of 64 bits or less are now widely considered to be insufficient, and 128 bits has become a common size.

Number of rounds: The essence of the Feistel cipher is that a single round offers insufficient security but that multiple rounds offer increasing security. A typical size is 16 rounds.

Subkey generation algorithm: Greater complexity in this algorithm should lead to greater difficulty of cryptanalysis.

Round function: the increased complexity in round function also enhance the difficulties against the attacks by cryptanalysis.

Page 17: Block Ciphers

The Substitution-Permutation Network (SPN)

• Main attraction: Encryption and decryption easy to implement in hardware. Simple description as an iterated cipher.

• Plain text and cipher text : length lm

• Given an r bit key K, derive from it N + 1 keys K1, K2, … KN + 1, each lm bits long using key scheduling algorithm

• Fix a substitutions S

• Fix a permutation P

Page 18: Block Ciphers

SPN Algorithm

• Encryption proceeds in N stages. • Stage Encryption proceeds in N stages. • Stage j encryption for j = 1 to N − 1:

X-or with subkey Kj

break into l-bit substrings and substitute each substring using πS

Permute the bits using πP

• Stage N encryption: X-or with subkey KN

break into l-bit substrings and substitute each substring using πS

X-or with KN+1

• First and last X-or are called Whitening.

Page 19: Block Ciphers

SPN example (example 3.1, from Stinson’s book)

• l = m = N = 4; r = 32 (32 bit key). • Key scheduling: Given 32-bit key K,

K1 = bits 1–16 of K; K4 = bits 13–28 of K; K2 = bits 5–20 of K; K5 = bits 17–32 of K. K3 = bits 9–24 of K;

• πS:

0 1 2 3 4 5 6 7 8 9 A B C D E F E 4 D 1 2 F B 8 3 A 6 C 5 9 0 7

• πP :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1 5 9 13 2 6 10 14 3 7 11 15 4 8 12 16

Page 20: Block Ciphers

K = 0011 1010 1001 0100 1101 0110 0011 1111

Round keys are as follow:

K1= 0011 1010 1001 0100

K2= 1010 1001 0100 1101

K3= 1001 0100 1101 0110

K4= 0100 1101 0110 0011

K5= 1101 0110 0011 1111

Page 21: Block Ciphers

• Plain text

• x = 0010 0110 1011 0111

Encryption of x proceeds as follows:

w0 = 0010 0110 1011 0111

K1 = 0011 1010 1001 0100

u1 = 0001 1100 0010 0011

v1 = 0100 0101 1101 0001

w1 = 0010 1110 0000 0111

Page 22: Block Ciphers

w1 = 0010 1110 0000 0111

K2 = 1010 1001 0100 1101

u2 = 1000 0111 0100 1010

v2 = 0011 1000 0010 0110

w2 = 0100 0001 1011 1000

Page 23: Block Ciphers

SPN example pictorially

Page 24: Block Ciphers

Advantage of SPN

• Design is simple for hardware as well as software

• Software implementation S-box is implemented in the form of look-up table

• Less development cost.

• Less computational cost.

Page 25: Block Ciphers

Thank you