Lecture 3 Feistel based algorithms. Today 1.Block ciphers - basis 2.Feistel cipher 3.DES 4.DES variations 5.IDEA 5.NEWDES.

Lecture 3Lecture 3

Feistel based algorithmsFeistel based algorithms

Today

1. Block ciphers - basis2. Feistel cipher3. DES4. DES variations5. IDEA5. NEWDES

Ideal Block Cipher

Source text

Ciphered text

SP - network

Feistel cipher

structure

DES• In 1972, the National Institute of Standards and Technology (called the

National Bureau of Standards at the time) decided that a strong cryptographic algorithm was needed to protect non-classified information.

• In 1974 IBM submitted the Lucifer algorithm, which appeared to meet most of NIST's design requirements.

• NIST enlisted the help of the National Security Agency to evaluate the security of Lucifer.

• DES is classic Feistel cipher with the n=64 bits. Unfortunately even that n is not real. In fact the algorithm use only 56 bits as key. The official explanation was that the 8-th bit from each byte is needed for parity check.

• One of the greatest worries was that the key length, originally 128 bits, was reduced to just 56 bits by NSA request, weakening it significantly.

• The modified Lucifer algorithm was adopted by NIST as a federal standard (see FIPS 46–2) on November 23, 1976. Its name was

changed to the Data Encryption Standard (DES).

• (a) twisted ladder (b) untwisted ladder

Li = Ri-1

Ri = Li-1 f (Ri-1, Ki)

Using DES CBC• In CBC mode (Cypher Block Chaining Mode), each ciphertext block βi is

combined using a XOR with the next input block αi+1. The following scheme is used:

We define a block with initial value V I = β0, and then the blocks are ciphered using the following equation

βi = eK (βi−1 α⊕ i ),(i ≥ 1)

using DES

•Usually OFB and CFB is used for 64 bits blocks but there is no problem in applying on the variable length k bits blocks where (1 ≤ k ≤ 64). •All four modes have both advantages and disadvantages. •A ECB and OFB changing a block from unencrypted input text αi will drive to modifications only to one encrypted output block βi. As we expected this may be a weakness from cryptanalytic point of view especially because the OFB modes is often used in securing satellite communication channels.

Using DES to MACDesigning a MAC using CBC.• We begin with an initial block filled with zeroes • Then the encrypted text β1 , β2 , . . . , βn is constructed using key K, ın

CBC mode, The MAC is represented by βn block as is presented in the figure.

• After that Alice will sent the message α1, α2, . . . , αn , associated with the βn MAC.

• When Bob receive the message α1, α2, . . . , αn , and also generate a β1 , . . . , βn using secret key K and checks if the resulted βn is identical with the message MAC.

• It is clear that without having the secret key it is almost impossible to generate the correct MAC

• The following figure sketches the computation of the CBC-MAC of a message comprising blocks using a secret key k and a block cipher E:

Triple DES (3DES)• Triple DES also known as 3DES or sometimes as DES − ede, is an

system based by DES. It was proposed by Walter Tuchman (the former chief of the Intel team that develop the DES) Was published in FIPS Pub 46−3.

• The idea is simple and use the following formula

where:m unencrypted pain text (64 bits),

c is the encrypted result ,k1 , k2, k3 are DES keys (de 56 bits),

DESk : DES encrypt using key k,DESk

−1: DES decript using key k.

schema

References• http://crypto.stackexchange.com/questions/245/does-unbalancing-a-feistel-cipher-alw

ays-improve-security-does-it-improve-securi• http://www.itl.nist.gov/fipspubs/fip81.htm• http://www.cacr.math.uwaterloo.ca/hac/

• http://williamstallings.com/OS4e.html• William Stallings, Cryptography and Network Security, Fourth Edition, 2005, Prentice

Hall• http://www.computersciencestudent.com/• http://williamstallings.com/Crypto/Crypto4e-inst.html• http://www.tropsoft.com/strongenc/des.htm• http://cryptodox.com/NewDES• http://en.wikipedia.org/wiki/Meet-in-the-middle_attack• Xuejia Lai and James L. Massey, A Proposal for a New Block Encryption Standard,

EUROCRYPT 1990, pp389–404

• Bruce Schneier, Applied Cryptography Second Edition John, Cryptography, Second Edition - John Wiley & Sons

• http://top-topics.thefullwiki.org/Broken_block_ciphers

Who knows? … about the real security of an algorithm!