cis 5371 cryptography
Skip this Video
Download Presentation
CIS 5371 Cryptography

Loading in 2 Seconds...

play fullscreen
1 / 15

CIS 5371 Cryptography - PowerPoint PPT Presentation

  • Uploaded on

CIS 5371 Cryptography. 5a. Pseudorandom Objects in Practice Block Ciphers B ased on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography. Block ciphers as encryption schemes or pseudorandom permutations.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' CIS 5371 Cryptography' - dreama

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
cis 5371 cryptography

CIS 5371 Cryptography

5a. Pseudorandom Objects in Practice

Block Ciphers

Based on: Jonathan Katz and Yehuda LindellIntroduction to Modern Cryptography

block ciphers as encryption schemes or pseudorandom permutations
Block ciphers as encryption schemes or pseudorandom permutations
  • Block ciphers should be viewed as pseudorandom permutations and not as encryption schemes.
  • Block ciphers should be viewed as basic building blocks for symmetric key applications as not just as encryption schemes themselves.
block ciphers in practice and definition 3 28
Block ciphers in practice and Definition 3.28
  • Although we consider block ciphers as pseudorandom permutations, practical constructions of block ciphers do not quite meet the definition.
  • Practical block ciphers are defined for one (or a few) key and block lengths.
  • This is in contrast to Definition 3.28 that refers to all possible key and block lengths.
substitution permutation networks
Substitution-Permutation Networks
  • A block cipher is that it should behave like a random permutation.
  • However, for a block cipher with input and output length of bits, the size of the table needed for holding the random permutation is roughly .
  • Thus, we need to somehow construct a concise function that behaves like a random function

A substitution-permutationnetwork is a direct implementation of this paradigm.

  • The substitution component refers to small random functions, called S-boxes and the permutation component refers to the mixing of the outputs of the random functions.
  • The permutation involves the reordering of the output bits and are called mixing permutations.

The secret key

    • One possibility is to have the key specify the S-boxes and mixing permutations.
    • Another possibility is to mix the key into the computation in between each round of substitution-permutation. This option is commonly used.

The basic idea is to break the input up into small parts and then feed these parts through different S-boxes (random permutations).

  • Theoutputs are then mixed together
  • The process is repeated a given number of times, called a rounds.
  • The S-boxes introduce confusioninto the construction.
  • In order to spread the confusion throughout, the results are mixed together, achieving diffusion.
single round of substitution permutation network
Single round of substitution-permutation network
t he avalanche effect
The avalanche effect
  • An important property in any block cipher is that small changes to the input must result in large changes to the output.
  • To ensure this, block ciphers are designed so that small changes in the input propagate quickly to very large changes in the intermediate values.
t he avalanche effect1
The avalanche effect

It is easy to demonstrate that the avalanche effect holds in a substitution-permutation network, when the following hold:

The S-boxes are designed so that any change of at least a single bit to the input to an S-box results in a change of at least two bits in the output.

The mixing permutations are designed so that the output bits of any given S-box are spread into different S-boxes in the next round.

feistel networks
Feistel Networks
  • A Feistel network is an alternative way of constructing a block cipher.
  • The low-level building blocks (S-boxes, mixing permutations and key schedule) are the same.
  • The difference is in the high-level design.
  • The advantage of Feistelnetworks over substitution permutation networks is that they enable the use of S-boxes that are not necessarily invertible.
feistel networks1
Feistel Networks
  • This is important because a good block cipher has chaotic behavior (it should look random).
  • Requiring that all of the components of the construction be invertible inherently introduces structure, which contradicts the need for chaos.
feistel networks2
Feistel Networks
  • A Feistelnetwork is thus a way of constructing an invertible function from non-invertible components.
  • This seems like a contradiction in terms---if you cannot invert the components, how can you invert the overall structure.
  • Nevertheless, the Feisteldesign ingeniously overcomes this obstacle.
a feistel network
A Feistelnetwork
  • For input , denote by and the first and second halves of respectively.
  • Let and .
  • For to (where is the number of rounds in the network):
    • Let and , where denotes the -functionin the -thround of the network.
    • Let and
    • The output is .
feistel network
Feistel Network