1 / 27

Data Encryption Standard (DES)

Data Encryption Standard (DES). Symmetric Cryptography. C = E(P,K) P = D(C,K) Requirements Given C, the only way to obtain P should be with the knowledge of K Any attempt to attack the cipher should be comparable in complexity to brute-force method

diep
Download Presentation

Data Encryption Standard (DES)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Encryption Standard (DES)

  2. Symmetric Cryptography • C = E(P,K) • P = D(C,K) • Requirements • Given C, the only way to obtain P should be with • the knowledge of K • Any attempt to attack the cipher should be • comparable in complexity to brute-force method • use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. • The keys may be identical or there may be a simple transformation to go between the two keys. •  This requirement that both parties have access to the secret key is one of the main drawbacks of symmetric key encryption

  3. Desired Characteristics • Confusion – How does changing a bit of the key affect the ciphertext? • Diffusion – How does changing one bit of the plaintext affect the ciphertext? • S-Boxes provide confusion of input bits • P-Boxes provide diffusion across S-box inputs

  4. Desired Characteristics (Cont…) • Confusion • Change key values each round • Performed through substitution • Complicates plaintext/key relationship • Diffusion • Change location of plaintext in ciphertext • Done through transposition

  5. Two Basic Types Block Ciphers Typically 64, 128 bit blocks A k-bit plaintext block maps to a k-bit ciphertext block Usually employ Fiestel structure. The inverse mapping is the decryption function. Stream Ciphers A key is used to generate a stream of pseudo-random bits key stream Just XOR plaintext bits with the key stream for encryption For decryption generate the key stream and XOR with the ciphertext!

  6. Block Ciphers Features Block size: in general larger block sizes mean greater security. Key size: larger key size means greater security (larger key space). Number of rounds: multiple rounds offer increasing security. Encryption modes: define how messages larger than the block size are encrypted, very important for the security of the encrypted message.

  7. DES History 1967: Feistel at IBM Lucifer: block size 128; key size 128 bit 1972: NBS asks for an encryption standard 1975: IBM developed DES (modification of Lucifer) block size 64 bits; key size 56 bits 1975: NSA suggests modifications 1977: NBS adopts DES as encryption standard in (FIPS 46-1, 46-2). 2001: NIST adopts Rijndael as replacement to DES.

  8. Picture of Inverse Function

  9. DES ENCRYPTION

  10. INITIAL PERMUTATION AND ITS INVERSE • It affects on 64-bit input

  11. INITIAL PERMUTATION AND ITS INVERSE

  12. DETAILS OF SINGLE ROUND

  13. Expansion/Permutation

  14. DETAILS OF SINGLE ROUND (CONT 1) • The resulting 48 bits are XORed with Ki. This 48 bit result passes through a substitution function that produces 32-bit output, which is permuted by Permutation function (P):

  15. The role of S-boxes The substitution consists of a set of 8 S-boxes, each of which accepts 6 bits input and produces 4 bits as output.

  16. DETAILS OF SINGLE ROUND (CONT 2) Each row of an S-box defines a general reversible substitution: middle 4 bits of each group of 6-bit input are substituted by S-box output, 1st and last 6th bits define what particular substitution out of to use.

  17. KEY GENERATION • Input key has 64 bits. But each 8th bit is not used: bits 8,16,24,32,40,48,56,64 are not further used. The 56-bit key is first subjected to permutation Permuted Choice 1:

  18. KEY GENERATION (Cont…) • The resulting 56-bit key is then treated as 2 28-bit quantities, labeled C0 and D0. At each round, C i-1 and Di-1 are separately subjected to a circular left shift, or rotation, of 1 or 2 bits as governed by the following:

  19. KEY GENERATION (Cont…) • These shifted values serve as input to the next round. They also serve as input to Permuted Choice 2, which produces a 48-bit output that serves as input to the function .

  20. DES DECRYPTION • As with any Feistel cipher, decryption uses the same algorithm as encryption, except that the application of subkeys is reversed.

  21. Decryption Circuit

  22. DES Applications • Served most commerce applications for more than 30 years • All ATM transactions • Bank transfers • Credit card applications

More Related