Cis 5371 cryptography
1 / 15

CIS 5371 Cryptography - PowerPoint PPT Presentation

  • Uploaded on

CIS 5371 Cryptography. 5a. Pseudorandom Objects in Practice Block Ciphers B ased on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography. Block ciphers as encryption schemes or pseudorandom permutations.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' CIS 5371 Cryptography' - dreama

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Cis 5371 cryptography

CIS 5371 Cryptography

5a. Pseudorandom Objects in Practice

Block Ciphers

Based on: Jonathan Katz and Yehuda LindellIntroduction to Modern Cryptography

Block ciphers as encryption schemes or pseudorandom permutations
Block ciphers as encryption schemes or pseudorandom permutations

  • Block ciphers should be viewed as pseudorandom permutations and not as encryption schemes.

  • Block ciphers should be viewed as basic building blocks for symmetric key applications as not just as encryption schemes themselves.

Block ciphers in practice and definition 3 28
Block ciphers in practice and Definition 3.28

  • Although we consider block ciphers as pseudorandom permutations, practical constructions of block ciphers do not quite meet the definition.

  • Practical block ciphers are defined for one (or a few) key and block lengths.

  • This is in contrast to Definition 3.28 that refers to all possible key and block lengths.

Substitution permutation networks
Substitution-Permutation Networks

  • A block cipher is that it should behave like a random permutation.

  • However, for a block cipher with input and output length of bits, the size of the table needed for holding the random permutation is roughly .

  • Thus, we need to somehow construct a concise function that behaves like a random function

  • A substitution-permutationnetwork is a direct implementation of this paradigm.

  • The substitution component refers to small random functions, called S-boxes and the permutation component refers to the mixing of the outputs of the random functions.

  • The permutation involves the reordering of the output bits and are called mixing permutations.

  • The secret key

    • One possibility is to have the key specify the S-boxes and mixing permutations.

    • Another possibility is to mix the key into the computation in between each round of substitution-permutation. This option is commonly used.

  • The basic idea is to break the input up into small parts and then feed these parts through different S-boxes (random permutations).

  • Theoutputs are then mixed together

  • The process is repeated a given number of times, called a rounds.

  • The S-boxes introduce confusioninto the construction.

  • In order to spread the confusion throughout, the results are mixed together, achieving diffusion.

Single round of substitution permutation network
Single round of substitution-permutation network

T he avalanche effect
T substitution-permutation networkhe avalanche effect

  • An important property in any block cipher is that small changes to the input must result in large changes to the output.

  • To ensure this, block ciphers are designed so that small changes in the input propagate quickly to very large changes in the intermediate values.

T he avalanche effect1
T substitution-permutation networkhe avalanche effect

It is easy to demonstrate that the avalanche effect holds in a substitution-permutation network, when the following hold:

The S-boxes are designed so that any change of at least a single bit to the input to an S-box results in a change of at least two bits in the output.

The mixing permutations are designed so that the output bits of any given S-box are spread into different S-boxes in the next round.

Feistel networks
Feistel substitution-permutation network Networks

  • A Feistel network is an alternative way of constructing a block cipher.

  • The low-level building blocks (S-boxes, mixing permutations and key schedule) are the same.

  • The difference is in the high-level design.

  • The advantage of Feistelnetworks over substitution permutation networks is that they enable the use of S-boxes that are not necessarily invertible.

Feistel networks1
Feistel substitution-permutation network Networks

  • This is important because a good block cipher has chaotic behavior (it should look random).

  • Requiring that all of the components of the construction be invertible inherently introduces structure, which contradicts the need for chaos.

Feistel networks2
Feistel substitution-permutation network Networks

  • A Feistelnetwork is thus a way of constructing an invertible function from non-invertible components.

  • This seems like a contradiction in terms---if you cannot invert the components, how can you invert the overall structure.

  • Nevertheless, the Feisteldesign ingeniously overcomes this obstacle.

A feistel network
A substitution-permutation networkFeistelnetwork

  • For input , denote by and the first and second halves of respectively.

  • Let and .

  • For to (where is the number of rounds in the network):

    • Let and , where denotes the -functionin the -thround of the network.

    • Let and

    • The output is .

Feistel network
Feistel substitution-permutation network Network