1 / 26

Block Cipher- introduction

Block Cipher- introduction. DES Description: Feistel, S-box Exhaustive Search, DC and LC Modes of Operation AES Description: SPN, Branch number Security and Efficiency Modes of Operation Other Ciphers Linear layer Confusion layer. DES (Data Encryption Standard).

asiegel
Download Presentation

Block Cipher- introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Block Cipher- introduction • DES • Description: Feistel, S-box • Exhaustive Search, DC and LC • Modes of Operation • AES • Description: SPN, Branch number • Security and Efficiency • Modes of Operation • Other Ciphers • Linear layer • Confusion layer

  2. DES (Data Encryption Standard) http://en.wikipedia.org/wiki/Data_Encryption_Standard

  3. “Communication Theory for Secrecy System“, C. Shannon,1949 • Confusion: • The ciphertext statistics should depend on the plaintext statistics in a manner too complicated to be exploited by the enemy cryptanalyst • Diffusion: • Each digit of the plaintext should influence many digits of the ciphertext, and/or • Each digit of the secret key should influence many digits of the the ciphertext. • Block cipher: • A repetition of confusion(Substitution) and diffusion(Permutation) • Iteration: Weak  Strong Claude Shannon

  4. News on Shannon’s Death

  5. Block Cipher • Definition: • Let Bn denote the set of bit strings of length n. • A block cipher is an encryption algorithm E such that EK is a permutation of Bn for each key K • Characteristics • Based on Shannon’s Theorem(1949) • Same P => Same C • {|P| = |C|}  64 bit, |P|  |K|  56 bit • Memoryless configuration • Operate as stream cipher depending on mode • Shortcut cryptanalysis (DC, LC etc) in 90’s * DC: Differential Cryptanalysis, LC: Linear Cryptanalysis

  6. Design Criteria of DES • Provide a high level of security • Completely specify and easy to understand • Security must depend on hidden key, not algorithm • Available to all users • Adaptable for use in diverse applications • Economically implementable in electronic device • Efficient to use • Able to be validated • Exportable * Federal Register, May 15, 1973

  7. DES(Data Encryption Standard) • Based on Lucifer (1972) • Developed by IBM and intervened by NSA • Adopted Federal Standard by NIST, revised every 5 years (~’98), • 64bit block cipher, 56bit key • 16 Round, Nonlinearity : S-box • Cryptanalysis like DC, LC, etc. after 1992 * DC:Differential Cryptanalysis, LC : Linear Cryptanalysis

  8. FIPS Documents • FIPS PUB 46-3, Data Encryption Standard”, 1977(83,88,93) (*) • FIPS PUB 81, “DES modes of operation”,1980(*) • FIPS PUB 74, “Guidelines for implementing and using the NBS Data Encryption Standard”, 1981(*) • FIPS PUB 113, “Computer Data Authentication”, 1985 • FIPS PUB 140-2, “Security Requirements for Cryptographic Modules”, 2001 * Federal Notice (July 26, 2004) Announcing Proposed Withdrawal of Federal Information Processing Standard (FIPS) for the Data Encryption Standard (DES) and Request for Comments “NIST determined that the strength of the DES algorithm is no longer sufficient to adequately protect Federal government information. As a result, NIST proposes to withdraw FIPS 46-3, and the associated FIPS 74 and FIPS 81. Future use of DES by Federal agencies is to be permitted only as a component function of the Triple Data Encryption Algorithm (TDEA). TDEA may be used for the protection of Federal information; however, NIST encourages agencies to implement the faster and stronger algorithm specified by FIPS 197, Advanced Encryption Standard (AES) instead. NIST proposes issuing TDEA implementation guidance as a NIST Recommendation via its ``Special Publication'' series (rather than as a FIPS) as Special Publication 800-67, Recommendation for Implementation of the Triple Data Encryption Algorithm (TDEA). “ FIPS: Federal Information Processing Standard

  9. Involution structure • If we apply its operation 2 times, it returns to the original value, e.g., f(f(x)) = x. • Type of f-1(x) = f(x) (d) (c) (b) (a) x1 x2 x1 x2 x1 x2 x1 x2   g y1 y2 y1 y2 y1=x1x2 y2 = x2 y1=x1 g(x2) or x1g(x2,k) y2 = x2

  10. K P 56 64 PC-1 IP Rot R0(32) Rot L0(32) PC-2 f 16 Round PC-2 R16 L16 FP 64 C Structure of DES Key Scheduling Round function

  11. Enciphering Computation * Decryption is done by executing round key in the reverse order.

  12. Initial Permutation & Final Permutation 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7 FP= IP-1 IP 40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25 cf.) The 58th bit of x is the first bit of IP(x) IP & FP have no cryptanalytic significance.

  13. f-function of DES

  14. P Permutation • Permutes the order of 32 bits 16 7 20 2 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25

  15. E Expansion • Expands 32 -> 48 bits by duplicating 16 bits twice 32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1 cf.) The first 4 bits are expanded into 6 bits by adding the last bit of the last 4 bits at first and the first bit of the second 4 bits at last.

  16. DES Key Scheduling

  17. Permutated Choice-1(PC-1) • 64 -> 56 bits 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60 52 44 36 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4 cf.) Do not use the parity check bits.

  18. Permutated Chioce-2 (PC-2) • 56 -> 48 bits 14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32

  19. Rotation Schedule Rnd 1 2 3 4 5 6 7 8 9 10 11 12 1314 15 16 Rot 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1 • Total number of rotation = 28 • After final rotations, the final round keys return to the input of the 1st round keys.

  20. DES S-boxes • 8 S-boxes (6 -> 4 bits) • each row : permutation of 0-15 • 4 rows : choose by MSB & LSB of input • some known design criteria • not linear (affine) • Any one bit of the inputs changes at least two output bits • S(x) and S(x  001100) differs at least 2bits • S(x)  S(x  11ef00) for any ef={00.01.10.11} • Resistance against DC etc. • The actual design principles have never been revealed (U.S. classified information)

  21. DES S-boxes(I) • Input values mapping order L R 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 0 1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 1 0 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 1 1 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13 • S1(1 0111 0)=11=(1011)2

  22. DES S-boxes(II) • S1-box 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13 • S2-box 15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10 3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5 0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15 13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9 e.g.) S2(010010)= ?

  23. DES S-boxes(III) • S3-box 10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8 13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1 13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7 1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12 • S4-box 7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15 13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9 10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4 3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14 S4-box is most linear than others.!!!

  24. Criticism of DES • Short key size : 112 -> 56 bits by NSA • Classified design criteria • Revision of standard every 5 yrs after 1977 by NIST • No more standard

  25. Cryptographic properties • (P,C) dependency with fixed Key : after 5 round • (K,C) dependency with fixed plaintext : after 5 round • Avalanche effect • Cyclic Test : Random function • Algebraic structure : Not a group i.e., E(K1, E(K2,P))  E(K3,P)

  26. Known Weakness of DES • Complementary Prop. • If C= E(K,P), C = E(K, P) • Weak Key : 4 keys • E(K, E(K,P))=P • Semi-weak Keys : 12 keys (6 pairs) • E(K1, E(K2,P))=P • Key Exhaustive Search : 255

More Related