Top Banner
Cryptography: RSA & DES Marcia Noel Ken Roe Jaime Buccheri
78

Cryptography: RSA & DES

Jan 23, 2016

Download

Documents

etenia

Cryptography: RSA & DES. Marcia Noel Ken Roe Jaime Buccheri. Cryptography is the science of writing in secret code. The first documented use of cryptography in writing dates back to circa 1900 B.C. by an Egyptian scribe. Primary users of cryptography were…. Government classified systems - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Cryptography: RSA & DES

Cryptography: RSA & DES

Marcia NoelKen RoeJaime Buccheri

Page 2: Cryptography: RSA & DES

Cryptography is the science of writing in secret code. The first documented use of cryptography in writing dates back to circa 1900 B.C. by an Egyptian scribe.

Page 3: Cryptography: RSA & DES

Primary users of cryptography were…. Government classified systems Military Financial Institutions

Today it is used for… email credit card transactions sensitive company info personal info passwords

Page 4: Cryptography: RSA & DES

The basis of cryptography is to protect data from theft or alteration when communicating over an un-trusted medium.

Page 5: Cryptography: RSA & DES

Some specific security requirements for application to application communication:

. Authentication: proving ones identity. Privacy/confidentiality: ensuring that no one except

intended receiver can read the message. Integrity: assuring the receiver, the received message

has not been altered in any way from the original. Non-repudiation: proving that the sender really sent

the message. Prevents the sender from denying having sent the message.

Page 6: Cryptography: RSA & DES

Three types of cryptographic schemes used to accomplish these goals:

Secret key cryptography (symmetric) uses a single key for both encryption and decryption.

Public key (asymmetric) uses one key for encryption and another for decryption.

Hash functions uses mathematical transformation to irreversibly “encrypt information”.

Page 7: Cryptography: RSA & DES

Two Key Words In Cryptography

Encryption: transformation of data into a form that is close to impossible to read without a key.

Decryption: the transformation of encrypted data back to an intelligible form.

Page 8: Cryptography: RSA & DES

Public Key Encryption

Alice wants to send a message (plaintext) to Bob… She encrypts the message (ciphertext)

using the public key ( which can be

advertised to the public), and sends it to

Bob. Using his private key, Bob converts

the ciphertext back into plaintext.

Page 9: Cryptography: RSA & DES

Message Authentication

This could also be used to prove that Alice sent the message to Bob…

Alice encrypts the message with her

private key, and sends the message with the

digital signature attached, to Bob.

Bob would decrypt the signature using the

public key. If the result is the same, he

knows Alice sent the message.

Page 10: Cryptography: RSA & DES

Private (Secret) Key Encryption

A single key is used to both encrypt and decrypt the message.

Sender and receiver must agree and exchange a key without someone else eavesdropping.

Page 11: Cryptography: RSA & DES

Cryptographic Hash Functions

Cryptographic hash functions are typically used for creating digital signatures.

A hash function compresses the bits of a message to a fixed-size hash value.

Page 12: Cryptography: RSA & DES

Sender computes the hash value of the message, then encrypts with their private key. Recipient decrypts the hash value with the senders public key. Then computes the hash value of the message and

compares the calculated hash value with the received hash value.

A match proves the message and signature are authentic.

Page 13: Cryptography: RSA & DES

Components of Cryptographic Algorithms

Cryptographic algorithms, also called ciphers are based on the underlying mathematics and the possible number and length of the keys (which are expressed as a number of bits).

The above statement determines the strength of a system.

Page 14: Cryptography: RSA & DES

Information theory: allows us to examine communication and understand what message is really being sent, and how much is unnecessary.

Complexity theory: the study of the computational complexity of different cryptographic techniques.

Page 15: Cryptography: RSA & DES

Number Theory: prime numbers… gcd(m, n) modular arithmetic…

a = b(mod n) if a = b + k*n for some integer k

Factoring: finding prime factors of a number. ex. 80 2 * 2 * 2 * 2 * 5

Page 16: Cryptography: RSA & DES

Discrete Logarithms: inverse of modular exponentiation.

find x where ax = b(mod n)

ex. If 3x = 15 mod 17, then x = 6

Page 17: Cryptography: RSA & DES

Cryptanalysis

The art of deciphering encrypted communications without knowing the proper keys.

Basically an unauthorized third party wages an attack against a key or a message.

Page 18: Cryptography: RSA & DES

Cryptanalysis Techniques

Ciphertext-only attack: The attacker must work from the ciphertext only.

Known-plaintext attack: The attacker knows or can guess the plaintext for some parts of the ciphertext. The task is to decrypt the rest of the ciphertext blocks using this info.

Brute-force attack: where every possible key combination is tried.

Page 19: Cryptography: RSA & DES

Chosen-plaintext attack: The attacker is able to have any text he likes encrypted with the unknown key.

Man-in-the-middle attack: This attack is relevant for cryptographic communication and key exchange protocols. An adversary intercepts the communication and alters it.

Page 20: Cryptography: RSA & DES

Time Complexity

Classical complexity theory deals with worst-case complexity, a concept useless in cryptography where breaking a system must be hard for almost all instances, not just for some of them.

Much of modern cryptography is based on NP-complete problems. If these algorithms could be solved in polynomial time (P) cryptographic systems would be worthless.

Page 21: Cryptography: RSA & DES

Secure Hash Algorithm (SHA)

A hash algorithm which is the US federal standard for use with DSA (Digital Signature Algorithm) for digital signatures and storing passwords.

Page 22: Cryptography: RSA & DES

SHA Overview

Pad the messages so the length is a multiple of 512 bits. This is done with a series of 1’s and 0’s.

Initialize the 5 word (160 bits) buffer(A,B,C,D,E) to a set of standard hex values.

word A: 67 45 23 01

word B: EF CD AB 89

Page 23: Cryptography: RSA & DES

Each 32 bit register (A,B,C,D,E) is an input variable into a set of four auxiliary functions which perform bitwise operations.

F(X,Y,Z) = XY v not(X) Z

G(X,Y,Z) = XZ v Y not(Z)

H(X,Y,Z) = X xor Y Xor Z

I(X,Y, Z) = Y xor (X v not(Z))

Page 24: Cryptography: RSA & DES

Process the message in 16 word(512 bit) chunks, using

four rounds of 20 bit operations on each buffer and the chunks….

Page 25: Cryptography: RSA & DES

for(i to 15) do{ /*i = 0, j = 0*/ for(j to 15) copy into X[j] = (32) bits from 512 bit message

block

/* let [abcd k s i] denote an operation*/ a = b + ((a + F(b,c,d) + X[k] + T [i])<<<s)

/*do the following 16 operations*/[ABCD 0 7 1] [DABC 1 12 2] [CDAB 2 17 3] [BCDA 3 22 4][ABCD 4 7 5] [DABC 5 12 6] [CDAB 6 17 7] [BCDA 7 22 8] [ABCD 8 7 9] [DABC 9 12 10] [CDAB 10 17 11] [BCDA 11 22 12][ABCD 12 7 13] [DABC 13 12 14] [CDAB 14 17 15] [BCDA 15 22 16]

Increment the buffers}end ../*T is a pre-determined table constructed from the sin function.*/

Page 26: Cryptography: RSA & DES

The output is a 160 bit message digest which is entered as a variable into the DSA algorithm.

It would take about 2n steps to find a message with the same message digest.

Page 27: Cryptography: RSA & DES

RSA Background

RSA was invented by three MIT researchers: Ronald Rivest, Adi Shamir, Leonard Adleman

Searching for a more complete Public Key Cryptography approach than Diffie-Hellman.

First published in 1977 in Scientific American.

NSA asked them to stop distributing their report detailing RSA, but had no legal reason for them to stop distribution.

Patented until September 2000.

Page 28: Cryptography: RSA & DES

RSA Overview

RSA is a public key, or asymetric cryptography system.

Two sets of keys, one public and one private. The public key pair is published, while the private is not.

Strength of RSA comes from the difficulty of factoring large prime numbers.

A message encrypted with the public key pair, can only be decrypted using the private key pair. A message encrypted using the private key pair can only be decrypted using the public key pair.

Page 29: Cryptography: RSA & DES

RSA Concepts

We have two functions, P(M) using the public key pair (e, n) and S(M) using the private key pair (d, n).

The two functions are inverse functions.

EXAMPLE – Function: X 2

Inverse Function: sqrt (X)

Either of the functions can be used to encrypt a message, but the opposite must be used to decrypt.

Encrypt P(M) C Decrypt S(C) M

---------------------------------------------------------------------------

Encrypt S(M) C Decrypt P(C) M

M is the message to be encrypted

C is the ciphertext (encrypted message)

Page 30: Cryptography: RSA & DES

RSA Concepts – Key Generation

Properly generating keys is essential to the strength of RSA

We are trying to generate two pairs of keys, the public key pair and the private key pair. They will be denoted as follows:

Public: (e, n) Private: (d, n)

e is the public exponent

d is the private exponent

n, the modulus, is common to both pairs.

Page 31: Cryptography: RSA & DES

RSA Concepts – Steps to Generate RSA Keys

1.) Select two prime numbers: p, q.

2.) Find the modulus n = pq. This will be the n in our public and private key pairs.

3.) Find e, the public exponent. e must be relatively prime to (p-1)(q-1).

4.) Find d, the private exponent. d must be chosen so (ed-1)/(p-1)(q-1) is an integer. If d satisfies this equation, then d will be the multiplicative inverse of e.

5.) Discard p and q, only the public key (e, n) and private key (d, n) pairs are needed now.

Page 32: Cryptography: RSA & DES

RSA Concepts - Encryption

If Bob wanted to send Alice a message that only Alice can read, he would do the following:

Obtain Alice’s public key pair (e, n)

Encrypt a message using Alice’s public key to create the ciphertext.

Symbolic Function: P(M) C

Mathematical Function: C = Me mod n

Bob sends this ciphertext to Alice. The original message is protected during transmission.

Page 33: Cryptography: RSA & DES

RSA Concepts - Decryption

Now that Alice has received the ciphertext, she needs to decrypt it to get the original message back:

Use the secret key pair (d, n) known only to Alice to convert the Ciphertext back to the original message.

Symbolic Function: S(C) M

Mathematical Function: M = Cd mod n

Now Alice has retrieved the original message.

Page 34: Cryptography: RSA & DES

RSA Example – Key Generation

1.) Select two primes p, q: p = 3, q = 5

2.) Find modulus n = pq: n = 15

3.) Find e relatively prime to (p-1)(q-1): (3-1)(5-1) = 8.

Factors of 8 are 8, 4, 2, 1.

Let e be 3 – gcd(8, 3) = 1, so this works.

4.) Find d where the equation (ed-1)/(p-1)(q-1) is an integer: (3d-1)/8.

Let d = 11 since (3*11-1)/8 = 4.

5.) Discard p, q. Our pairs are:

Public: (3, 15) Private: (11, 15)

Page 35: Cryptography: RSA & DES

RSA Example – Encryption

If Alice wants to send a message to Bob that can only be viewed by Bob, she needs to encrypt the message using Bob’s public key. This message can only be decrypted using Bob’s private key, so he will be the only one able to view it.

Public: (3, 15)

The message she wants to encrypt is “GO”. We take this one character at a time representing each as a number based on it’s position in the alphabet.

M = 7, since the letter ‘G’ is mapped to the number 7

Using the equation C = Me mod n we create the ciphertext C.

C = 73 mod 15

C = 13

Alice sends C to Bob without worrying about it being intercepted.

Page 36: Cryptography: RSA & DES

RSA Example – Decryption

Bob has received this ciphertext and wishes to decrypt it. He applies the RSA function to the Ciphertext C using his private keys to get the original message back.

Private: (11, 15)

C = 13

M = 1311 mod 15

M = 7 = “G”

In reality, we would use ASCII values to represent characters in the message, but this would require much larger primes since the largest value a message can have is the value of n, the modulus, minus 1 (in this case 14 is the max value).

Page 37: Cryptography: RSA & DES

RSA Concepts – Digital Signatures

Alice wants to send Bob a message in a way that Bob can be certain that M came from Alice and is authentic.

Alice takes the message M, and creates a signature S by encrypting the message using her secret key pair.

S(M) S

She then sends Bob S and M (note M is not encrypted).

•Bob uses Alice’s public key pair to decrypt the signature S and verifies that this matches M.

P(S) M

If the decrypted signature matches the message, it must have come from Alice and be unaltered, since only Alice could have created S using her secret key pair.

Page 38: Cryptography: RSA & DES

RSA - Efficiency

To maximize efficiency, public exponent e chosen should be small to make computing the ciphertext easier.

This makes encryption faster than decryption, and verification faster than signing in the case of digital signatures.

Using typical modular exponentiation algorithms, here are the efficiencies (where k = the number of bits in the modulus n):

Public Key Operations: O(k2) steps

Private Key Operations: O(k3) steps

Key generation: O(k4) steps

Page 39: Cryptography: RSA & DES

RSA – Advantages/Disadvantages

Advantages:

Increased security – Keys never need to be transferred. Transferring keys is a security risk.

Digital Signatures – RSA can be used for authentication and verification of message integrity.

Disadvantages:

Speed – Most secret key (symetric) encryption methods are faster than public key cryptosystems. In software, DES is generally 100 times faster than RSA, in hardware DES is between 1,000 and 10,000 times as fast.

Page 40: Cryptography: RSA & DES

RSA – Breaking RSA

General Methods – ways of finding the secret key d

Method 1: Factor modulus, n, into prime factors to find p, q

- Integrity of RSA depends on factoring n being difficult.

- Protect against by using proper key lengths.

- Improvements in hardware will not make this easier if long keys are used.

- It is much easier to multiply two numbers than to determine which numbers create a given product.

EXAMPLE - 6 x 4 = 24

What are the two numbers multiplied together that gave you 24?

1 x 24 = 24 2 x 12 = 24 3 x 8 = 24 4 x 6 = 24

Page 41: Cryptography: RSA & DES

RSA – Breaking RSA

General Methods – ways of finding the secret key d

Method 2: Compute the eth roots mod n.

- Since C = Me mod n, the eth root of c mod n is the message.

- There is no algorithm to accomplish this.

Key lengths are critical to strength of RSA

- In 1997 it was estimated that 512-bit RSA keys could be factored for less than $1,000,000 in cost and eight months of effort.

- RSA Laboratories reccoments 1024 bit key length for corporate use, and 2048 bit key length for extremely important uses.

Page 42: Cryptography: RSA & DES

RSA – Breaking RSA

Single Message Attacks – finds the contents of a particular message but does not expose keys.

Guessed plaintext attack

-The attacker guesses the contents of the message, and encrypts it using the public key. If it matches the intercepted cyphertext, the attacker knows he is right.

- Can be defended against by appending some random bits to the message.

Page 43: Cryptography: RSA & DES

DES Background

DES was originally developed as Lucifer in the early 1970s by IBM

Its original purpose was to provide a standard method for protecting sensitive commercial and unclassified data

NSA (National Security Agency) and NIST (National Institute of Standards andTechnology ) created a modified version of Lucifer and named it DES

DES officially became a federal standard in November of 1976

Page 44: Cryptography: RSA & DES

DES Overview

DES is a private or symmetric key cryptographic method

Algorithm depends on the secrecy of the key

There are 72 quadrillion or more potential keys that may be used

DES is a block cipher--meaning it operates on plaintext blocks of a given size and returns cipher text blocks of the same size

Page 45: Cryptography: RSA & DES

DES Steps

1. Subkey generation

2. Encrypting the message

3. Applying the final permutation

Page 46: Cryptography: RSA & DES

Components of DES

XOR

Left Shift/Rotation

Permutations-reorder bits

Substitutions- S boxes, have never been made public

The f Function

Page 47: Cryptography: RSA & DES

Components of DES

XOR operator:0 False, 1 True

0 0 =

0 1 =

1 0 =

1 1 =

0

0

1

1

Page 48: Cryptography: RSA & DES

Components of DES

Example of XOR operator:

1 0 1 0 1 0 1 1 1

0 1 1 0 1 0 1 0 1

1 1 0 0 0 0 0 1 0

Page 49: Cryptography: RSA & DES

Components of DES

DES uses a circular left shift for its key generation

A one bit shift would yield the following results:

1 1 0 0 1 1 1 0

1 0 0 1 1 1 0 1

Left Shift/ Rotations:

Page 50: Cryptography: RSA & DES

Components of DES

Permutations:

Permuted Message

Initial Message

Permutation Table

3 5 2 7 4 6 8 1

1 1 0 0 1 1 1 0

0 1 1 1 0 1 0 10 1 1 1 0 01 1

Permuted Message

Page 51: Cryptography: RSA & DES

DES Structure

The goal of DES is to scramble the data and key so that every bit of ciphertext depends on every bit of data and every key

Page 52: Cryptography: RSA & DES

The keys are stored in 64 bit blocks

Let K be the key in hexadecimal: 133457799BBCDFF1

Rewritten in binary we get:

K = 0001 0011 0011 0100 0101 0111 0111 1001 1001 1011 1011 1100 1101 1111 1111 0001 1 3 3 4 5 7 7 9 9 B B C D F F 1

Example of DES Encryption:Step 1: Subkey Generation

Page 53: Cryptography: RSA & DES

Example: DES EncryptionStep 1: Subkey Generation - Creating the keys PC-1

The 64-bit key is permuted to a 56-bit key according to the following table:

The 8th bit is ignored and the resulting seven most significant bytes are used resulting in a length of 56 bits

Page 54: Cryptography: RSA & DES

Example: DES EncryptionStep 1: Subkey Generation - Splitting the keys

split the permuted 56 bit key into left and right halves ( 28 bit segments) L0 and R0

K = 1111000 0110011 0010101 0101111 0101010 1011001 1001111 0001111

L0 R0

Page 55: Cryptography: RSA & DES

Example: DES EncryptionStep 1: Subkey Generation - Left shifts

Use left shifts to create 16 blocks while cycling from 1 to 16The shifts are determined from the Subkey Rotation Table:

Using the key we just permuted:

1111000 0110011 0010101 0101111 0101010 1011001 1001111 0001111 L0 R0

We determine the round numberAnd apply shifts according to the specified number of bits to rotate:

Round 1: L0 = 1110000110011001010101011111Round 1: R0 = 1010101011001100111100011110

We use the table and apply shifts to to preceding R0 L0 for 16 rounds, resulting in 16 key pairs

Page 56: Cryptography: RSA & DES

Example: DES EncryptionStep 1: Subkey Generation - Creating the Keys PC-2

Next we apply the following permutation to each of our 16 keys

This results in our 56 bit keys permuting into 48 bit keys

Page 57: Cryptography: RSA & DES

Example: DES EncryptionStep 1: Subkey Generation - Creating the Keys PC-2

For the first key we have :

L1R1 = 1110000 1100110 0101010 1011111 1010101 0110011 00111100 001111

which, after we apply the permutation PC-2, becomes

K1 = 000110 110000 001011 101111 111111 000111 000001 110010

*Note that PC-2 is applied to each of our keys

We now have generated our 16 subkeys

Page 58: Cryptography: RSA & DES

M - plain text message M = 0123456789ABCDEF, where M is in hexadecimal (base 16) format. Rewriting M in binary format, we get the 64-bit block of text:

M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111 0 1 2 3 4 5 6 7 8 9 A B C D E F

Example of DES Encryption:Step 2: Encrypting the Message - M

Page 59: Cryptography: RSA & DES

Example: DES EncryptionStep 2: Encrypting the Message - IP

An initial permutation(IP) is performed on the 64 bits of data message M, which rearranges the bits according to the table below

Applying the initial permutation to the block of text M, we get:

IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010 1010 1111 0000 1010 1010

M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111

Page 60: Cryptography: RSA & DES

Example: DES EncryptionStep 2: Encrypting the Message - divide the IP block

1111 0000 1010 1010 1111 0000 1010 1010

Next divide the permuted block IP into a left half of 32 bits and a right half of 32 bits

Example: From IP, we get L0 and R0:

1100 1100 0000 0000 1100 1100 1111 1111

L0 R 0

IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010 1010 1111 0000 1010 1010

is now…

Page 61: Cryptography: RSA & DES

Example: DES EncryptionStep 2: Encrypting the Message

The resulting 64 bits are then encrypted using the 16 subkeys

The next step is to proceed through 16 iterations using a function f which operates on two blocks of data:

Block 1: is a data block of 32 bits

Block 2: key Kn of 48 bits

Page 62: Cryptography: RSA & DES

Example: DES EncryptionStep 2: Encrypting the Message - Block 1

First, we need to calculation Block 1 from the original divided 64 bit data block and the keys

Going from n-16 we calculate:

Rn = Ln-1 + f(Rn-1,Kn) : For the right 32 bits in the current

step, we XOR the left 32 bits of the previous step with the calculation f

Our first step is to determine f

Page 63: Cryptography: RSA & DES

Example: DES EncryptionStep 2: Encrypting the Message - Block 1, Function f

Determining f consists of 4 steps:

1. E operator: expands each block Rn-1 from 32 bits to 48 bits

2. XOR: the result of step 1 is XOR’d with the key Kn

3. S-Boxes:The remaining groups are used as addresses in tables

called S-boxes

4. P: A permutation of the S-box output is done to obtain the

final value of f

Page 64: Cryptography: RSA & DES

Take 32 bits from previous step and expand to 48 bits using expansion operator E

The expansion operator E is necessary in order to have one bit of input affect more than one bit of output.

The expansion operator begins with bit 32 and cycles back to the beginning using all the bits in order and repeating every 4th and 5th bit

Example: DES EncryptionStep 2: Encrypting the Message - E Operator

Page 65: Cryptography: RSA & DES

Input 1 2 3 4 5 6 7 8 9 28 29 30 31 32

E

output 1 2 3 4 5 6 7 8 9 10 11 12 13 14 41 42 43 44 45 46 47 48

Example: DES EncryptionStep 2: Encrypting the Message - E Operator

R0 = 1111 0000 1010 1010 1111 0000 1010 1010 E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101

(Note that each block of 4 original bits has been expanded to a block of 6 output bits.)

Page 66: Cryptography: RSA & DES

Use XOR with one of the 48 subkeys to produce a different 48 bits

Example: For K1 , E(R0), we have:

Example: DES EncryptionStep 2: Encrypting the Message - XOR

K1 = 000110 110000 001011 101111 111111 000111 000001 110010

E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101

K1+E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111

We are left with eight groups each containing six bits which will be used as addresses in tables called S-boxes:

B1 B2 B3 B4 B5 B6 B7 B8

011000 010001 011110 111010 100001 100110 010100 100111

Page 67: Cryptography: RSA & DES

Example: DES EncryptionStep 2: Encrypting the Message

To determine S1(B1) :

i : The first and last bits of B represent in base 2 a number in the binary range 00 to 11

i = 011000j: The middle 4 bits of B represent in base 2 a number in the binary range 0000 to 1111

j = 011000

Located at that address will be a 4-bit number which will replace the original 6 bits

The result is that eight groups of 6 bits are transformed into eight groups of 4 bits (32 bits)

011000

011000

Page 68: Cryptography: RSA & DES

Example: DES EncryptionStep 2: Encrypting the Message - S-Boxes

Look up in the table the number in the i-th row and j-th column. It is a number in the range 0 to 15 and is uniquely represented by a 4 bit block. That block is the output S1(B) of S1 for the input B.

i = the first bit is 0 and the last bit is 0 giving us 00 as the row 0j =1100 giving us 12 as the column

In row 0, column 12 appears 5 in the S1 table. This determines the output; 5 is binary 0101, so that the output is 0101. Hence S1(011001) = 0101

Page 69: Cryptography: RSA & DES

Example: DES EncryptionStep 2: Encrypting the Message - S-Boxes

K1 + E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111

S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) =

0101 1100 1000 0010 1011 0101 1001 0111

After taking the XOR result

And applying the eight S-boxes, we get:

Page 70: Cryptography: RSA & DES

Example: DES EncryptionStep 2: Encrypting the Message - P

The final stage in the calculation of f is to do a permutation of the S-box output to obtain the final value of f

f = P(S1(B1)S2(B2)...S8(B8))

From: 0101 1100 1000 0010 10110101 1001 0111

f = 0010 0011 0100 1010 1010 1001 1011 1011

Page 71: Cryptography: RSA & DES

Example: DES EncryptionStep 3: Encrypting the Message - P Equation Completion

Now that we have determined f we can complete the equation: R1 = L0 + f(R0 , K1 )

= 1100 1100 0000 0000 1100 1100 1111 1111 + 0010 0011 0100 1010 1010 1001 1011 1011

= 1110 1111 0100 1010 0110 0101 0100 0100

In the next round, we must calculate R2 =L1 + f(R1, K2), and so

on for 16 rounds.

on the 16th round we get:

L16 = 0100 0011 0100 0010 0011 0010 0011 0100

R16 = 0000 1010 0100 1100 1101 1001 1001 0101

Page 72: Cryptography: RSA & DES

Example: DES EncryptionStep 3: Encrypting the Message - IP-1

We reverse the order of these two blocks :L16R16 = 0100 0011 0100 0010 0011 0010 0011 0100 0000 1010 0100 1100 1101 1001 1001 0101

and apply the final permutation, which leaves us with 56 bits:

R16L16 = 0000 1010 0100 1100 1101 1001 1001 0101 0100 0011 0100 0010 0011 0010 0011 0100

IP-1 = 10000101 11101000 00010011 01010100 00001111 00001010 10110100 00000101

This is the encrypted form of M = 0123456789ABCDEF: C = 85E813540F0AB405

Decryption Is the inverse of encryption, following the same steps as above, but reversing the order in which the subkeys are applied

Page 73: Cryptography: RSA & DES

DES-Efficiency

Generating the subkeys is done in O(K*16)

Encrypting the message is done in O(M)

DES cannot be broken in Polynomial Time(NP-Complete)

Page 74: Cryptography: RSA & DES

DES-Strengths

Simplicity and Speed

DES can be implemented by hardware or software

Page 75: Cryptography: RSA & DES

DES-Criticisms and Weaknesses

2^56 key space too smallwas safe in the 70’s but with faster processors no longer safeMassively parallel system could try all keys in one day-vulnerable to BRUTE FORCE attacks

Key Space

Linear computations With the exception of s-boxesCan “work backwards” and discern the keyGiven a particular file, it is always encrypted the same way given the same key

Triple-DESPotential solution to above problemsPerforms DES algorithm three times with three separate keys and has the strength o f a 168-bit key *DES should be avoided whenever possible

Page 76: Cryptography: RSA & DES

DES-Controversies

Regarding the security of DES:

Was originally proposed with a key length of 64 bits. It is suspected that the US Government may have prompted the key to be changed to 56 bits before it was made the standard.

Questioned because it makes a search for the key feasible onfast computers, and only the Government at that time had access to such fast computers.

May have wanted to reduce the key space to crack the code if necessary.

S-boxes: complete design criteria was never published. There is suspicion that a “trapdoor” may have been included.

Page 77: Cryptography: RSA & DES

DES-Breaking DES

1. Exhaustive key search

2. A dedicated machine1998 the EFF built a machine called Deep Crack for $200000 that was able to recover the key with the help of an exhaustive search on the average of 4 days checking 92 keys each second

3. A huge computer clusterCheaper way to break DES1999, an organization called DistributedNet broke DES in 23 hours

4. Differential Cryptoanalysis

In 1990, Biham and Shamir, two Israeli cryptographers invented a new generic technique to break symmetric algorithms called the differential cryptanalysis. It was the first time that a method could break DES in less time than an exhaustive search..

Page 78: Cryptography: RSA & DES

Deep Crack Machine