Cis 5371 cryptography
This presentation is the property of its rightful owner.
Sponsored Links
1 / 15

CIS 5371 Cryptography PowerPoint PPT Presentation


  • 71 Views
  • Uploaded on
  • Presentation posted in: General

CIS 5371 Cryptography. 5a. Pseudorandom Objects in Practice Block Ciphers B ased on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography. Block ciphers as encryption schemes or pseudorandom permutations.

Download Presentation

CIS 5371 Cryptography

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Cis 5371 cryptography

CIS 5371 Cryptography

5a. Pseudorandom Objects in Practice

Block Ciphers

Based on: Jonathan Katz and Yehuda LindellIntroduction to Modern Cryptography


Block ciphers as encryption schemes or pseudorandom permutations

Block ciphers as encryption schemes or pseudorandom permutations

  • Block ciphers should be viewed as pseudorandom permutations and not as encryption schemes.

  • Block ciphers should be viewed as basic building blocks for symmetric key applications as not just as encryption schemes themselves.


Block ciphers in practice and definition 3 28

Block ciphers in practice and Definition 3.28

  • Although we consider block ciphers as pseudorandom permutations, practical constructions of block ciphers do not quite meet the definition.

  • Practical block ciphers are defined for one (or a few) key and block lengths.

  • This is in contrast to Definition 3.28 that refers to all possible key and block lengths.


Substitution permutation networks

Substitution-Permutation Networks

  • A block cipher is that it should behave like a random permutation.

  • However, for a block cipher with input and output length of bits, the size of the table needed for holding the random permutation is roughly .

  • Thus, we need to somehow construct a concise function that behaves like a random function


Cis 5371 cryptography

  • A substitution-permutationnetwork is a direct implementation of this paradigm.

  • The substitution component refers to small random functions, called S-boxes and the permutation component refers to the mixing of the outputs of the random functions.

  • The permutation involves the reordering of the output bits and are called mixing permutations.


Cis 5371 cryptography

  • The secret key

    • One possibility is to have the key specify the S-boxes and mixing permutations.

    • Another possibility is to mix the key into the computation in between each round of substitution-permutation. This option is commonly used.


Cis 5371 cryptography

  • The basic idea is to break the input up into small parts and then feed these parts through different S-boxes (random permutations).

  • Theoutputs are then mixed together

  • The process is repeated a given number of times, called a rounds.

  • The S-boxes introduce confusioninto the construction.

  • In order to spread the confusion throughout, the results are mixed together, achieving diffusion.


Single round of substitution permutation network

Single round of substitution-permutation network


T he avalanche effect

The avalanche effect

  • An important property in any block cipher is that small changes to the input must result in large changes to the output.

  • To ensure this, block ciphers are designed so that small changes in the input propagate quickly to very large changes in the intermediate values.


T he avalanche effect1

The avalanche effect

It is easy to demonstrate that the avalanche effect holds in a substitution-permutation network, when the following hold:

The S-boxes are designed so that any change of at least a single bit to the input to an S-box results in a change of at least two bits in the output.

The mixing permutations are designed so that the output bits of any given S-box are spread into different S-boxes in the next round.


Feistel networks

Feistel Networks

  • A Feistel network is an alternative way of constructing a block cipher.

  • The low-level building blocks (S-boxes, mixing permutations and key schedule) are the same.

  • The difference is in the high-level design.

  • The advantage of Feistelnetworks over substitution permutation networks is that they enable the use of S-boxes that are not necessarily invertible.


Feistel networks1

Feistel Networks

  • This is important because a good block cipher has chaotic behavior (it should look random).

  • Requiring that all of the components of the construction be invertible inherently introduces structure, which contradicts the need for chaos.


Feistel networks2

Feistel Networks

  • A Feistelnetwork is thus a way of constructing an invertible function from non-invertible components.

  • This seems like a contradiction in terms---if you cannot invert the components, how can you invert the overall structure.

  • Nevertheless, the Feisteldesign ingeniously overcomes this obstacle.


A feistel network

A Feistelnetwork

  • For input , denote by and the first and second halves of respectively.

  • Let and .

  • For to (where is the number of rounds in the network):

    • Let and , where denotes the -functionin the -thround of the network.

    • Let and

    • The output is .


Feistel network

Feistel Network

.

mm

mmm

m

mm

mmm

m

mmm

mmm


  • Login