Cracking DES Cryptosystem A cryptosystem is made of these parts: • Two parties who want to communicate over an insecure channel • An encryption algorithm that transforms the plaintext into ciphertext • A decryption algorithm that reverses the process
21
Embed
Cracking DES Cryptosystem A cryptosystem is made of these parts: Two parties who want to communicate over an insecure channel An encryption algorithm that.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Cracking DES Cryptosystem
A cryptosystem is made of these parts:
• Two parties who want to communicate over an insecure channel
• An encryption algorithm that transforms the plaintext into ciphertext
• A decryption algorithm that reverses the process
Cracking DES Cryptosystem
• A good electronic cryptosystem should only be vulnerable to brute-force attacks that are computationally infeasible
• A given implementation, or other details not handled by the cryptosystem, may introduce weaknesses
• Can allow a more sophisticated variant of a brute-force algorithm
Overview of DES Cryptosystem
• DES is the US Federal Data Encryption Standard, dating from 1977
• Developed by the NSA under the aegis of the NIST (NBS)
• 56-bit symmetric cipher, based on two parties (Alice and Bob) having a shared key
Outline of DES Cryptosystem
• The plaintext, a string of length 64 bits, is transformed with a fixed Initial Permutation
• 16 iterations (or rounds) of a function are computed. This involves parts of the transformed plaintext, parts of the secret (the shared key), other fixed functions (permutations and expansions), and the XOR operation
• The final string is given an Inverse Permutation
Outline of DES Cryptosystem
• The decryption process is the same as the encryption process, with all steps performed in reverse order
• The decryptor is, or should be, the only other possessor of the shared key
• Since the only mathematical operation is XOR, this is very fast in a dedicated hardware implementation
Details of DES Cryptosystem• The heart of DES is the function
performed for 16 iterations• It contains a non-linear substitution
algorithm, defined by eight fixed shift registers (S-boxes)
• The S-boxes juggle 6 XOR’ed bits from the permuted plaintext and the key for that round
• Changing one input bit changes at least two output bits
An S-Box: S1
14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
Input String
010101
Binary Row Binary Column S-Box output value
Dec:12Bin: 1100
Input String
010100
Binary Row Binary Column S-Box output value
Dec:6Bin: 0110
That’s enough DES details
• Really
• Here’s a puppy
Greta
Difficulties in Cracking DES
• DES is a moderately strong cipher
• 256 possible keys
• Unsophisticated brute-force algorithm average case : 255 operations
• 36,028,797,018,963,968 operations
• Wouldn’t it be nice to be able to cheat?
Cracking DES
There a few things that make a smart brute-force approach computationally feasible:
• Parallelizable
• Fast in hardware
• Plaintext recognizer circuitry
These factors help weed out many keys quickly
Parallelizable
• Testing one candidate key does not depend on testing other keys
• Divide and Conquer – if you have n DES-cracking units, each unit gets 1/n of the potential key-space
• The time to crack also gets divided by n
Fast in hardware
• DES only consists of permutations, shifts, and XOR operations
• Speed of actual custom-built search unit – it can do one decryption in 16 clock cycles
• 2.5 million keys per second at 40 MHz
Plaintext recognizer
An attacker needs to define criteria about the plaintext:
• This is what flags a candidate plaintext
• Configurable in controlling software
• ASCII text is easiest – you know the high bit of any given byte will always be zero
Details of a DeepCrack chip
• 24 search units on a chip
• Each search unit takes 2 8-byte blocks of ciphertext and a potential key
• If the first decrypted block is not “interesting”, the search unit increments the key and tries the block again
• If the first block is “interesting”, then the second block is tried with the same key
What’s “interesting?”
• Each chip is initialized with a plaintext recognizer: a lookup table defining which of 256 permutations of a byte are interesting
• A standard email will be numbers, letters, and a few punctuation marks
• Easy for ASCII – may grow more difficult if Unicode sees more adoption
Controlling software
• The DES cracker is initialized and monitored by a standard PC
• It defines the plaintext lookup table, restarts search units after “interesting” results, and records the “interesting” values for further examination
Putting a DES cracker together
• 24 search units in a chip
• 64 chips on a VMEbus board
• 12 boards to a chassis
• Two chassis cost $210,000 as the first-run prototype built by the EFF in 1997
• Could check 92,160,000,000 keys per second
• Average case: 4.524 days
Securing against this attack
• This technique is dependent on the plaintext (ASCII, etc.) and on the speed of hardware
• It does not make any given n-bit encryption algorithm feasible– it just makes this one easier.
• Triple-DES is a 112-bit cipher – this machine can’t come close
Greta again
Bibliography
Diffie, Whitfield. Privacy on the Line. Cambridge, Massachusetts: The MIT Press, 1998
Stinson, Douglas. Cryptography: Theory and Practice. New York: CRC Press, 1995
Electronic Frontier Foundation. Cracking DES. O’Reilly and Associates, 1998. Primarily a public domain publication