1 / 25

Chapter 2 Encryption Algorithms (Part D)

This chapter discusses popular encryption algorithms, including DES, AES, RSA, and El Gamal. It explores the strengths, key transformations, substitutions, and permutations used in DES. It also examines the security and vulnerabilities of the DES algorithm.

gayr
Download Presentation

Chapter 2 Encryption Algorithms (Part D)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 2Encryption Algorithms (Part D)

  2. Outline • NP-completeness & Encryption • Symmetric (secret key) vs Asymmetric (public key) Encryptions • Popular Encryption Algorithms • DES • AES • RSA Encryption • El Gamal Algorithms • Hashing Algorithms V. Sawma, Computer Security

  3. Data Encryption Standard (DES) • 1976: officially adopted as a U.S. federal standard • Was authorized for use on all public and private sector unclassified communication • Later became an international standard by the ISO • The strength of DES comes from repeated application of the two encryption techniques, substitution and permutation, one on top of the other, for a total of 16 cycles. • Product cipher: C = E2 ( E1(P) ) • A secret key method V. Sawma, Computer Security

  4. Data Encryption Standard (DES) • 16 cycles of substitutions and permutations: Fig.10-7 (p.646) (next slide) • Steps in a single cycle: Fig. 10-9, p. 647 (next slide) • Operates on blocks of data: 64 bits per block • Splits a data block in half: left half, right half (32 bits) • Scrambles each half independently: shifted left, permuted • Combines the key with the right half: the result is then combined with the left half • Swaps the two halves: • T = right half; right half += key; right half += left half; left half = T. V. Sawma, Computer Security

  5. Input Initial Permutation L0 R0 Key Shifted Substitution Key Permuted Permutation L1 = R0 R1 DES FLOWCHART Cycle 1 Key Shifted Substitution Key Permuted Permutation Cycle 2 L2 = R1 R2 V. Sawma, Computer Security

  6. Single cycle of DES V. Sawma, Computer Security

  7. Key Transformation • 64-bit key, but only 56 of the bits are used (bits 8, 16, 24, 32, 40, 48, 56, 64 are parity bits) • At each step, the key is split into two 28-bit halves. • The halves are shifted by a specified number of digits (Table 10-2, p. 651), pasted together again, and then 48 of these 56 bits are permuted as a key during this step (choice permutation: Table 10-3, p.651). V. Sawma, Computer Security

  8. Key Transformation (2) V. Sawma, Computer Security

  9. Key Transformation (3) Choice permutation to transform 56 bit keys to 48 bits V. Sawma, Computer Security

  10. Data Encryption Standard (DES) • How to combine a 32-bit right half with a 56-bit key? p.649: Fig. 10-11 Expansion permutation: The 32-bit half is expanded to 48 bits by repeating certain bits See Table 10-1, p. 649 Permuted choices: The 56-bit key is reduced to 48 bits by choosing only certain bits (See Table 10-3, p.651) • Fig. 10-11: a detailed single cycle V. Sawma, Computer Security

  11. Expansion Permutation V. Sawma, Computer Security

  12. Substitutions and S-boxes • An S-box is a table in which 6 bits of data are replaced by 4 bits. • The 48-bit input is divided into eight 6-bit blocks  8 S-boxes for substitutions (Table 10-4, p.652) • Substitutions by S-boxes (Example p. 650) V. Sawma, Computer Security

  13. Substitution V. Sawma, Computer Security

  14. S-box substitutions • Input: Bj = 6 bits (b1 b2 b3 b4 b5 b6) • Output: a 4-bit binary number • Process: • r = b1 b6 • c = b2 b3 b4 b5 • result = the value at (r, c) of the S-box j (Sj) of Table 3-6. • Convert the result to a binary number. V. Sawma, Computer Security

  15. S-box substitutions • Example: Input = Bj =B7 = 010011b r = 01b = 1 c = 1001b = 9 result = (r, c) = (1, 9) in S7 = 3 = 0011b • Suppose the Input = B4 = 101010b. What’s the output of the substitution? V. Sawma, Computer Security

  16. P-box permutations • Permutations: Initial permutation Permutation in each cycle Final inverse permutation • Initial & final permutations: Table 10-6 p. 653, and table 10-7 p.654 • Per-cycle permutation: p. 653: Table 10-5 Examples Bit 1  bit 9 Bit 23 bit 11 Bit 19  ? Bit 27  ? V. Sawma, Computer Security

  17. Initial and Final Permutations Initial Permutation V. Sawma, Computer Security Final Permutation

  18. P-box permutation V. Sawma, Computer Security

  19. Summary of DES Encryption • Fig. 10-7, p.646 • Input = (64-bit data block, 64-bit key) • process 64-bit key  56 bits Initial permutation 16 cycles: Key transformation (split, shift, permuted) Data blocks substitution & permutation Lj = Rj-1 ; Rj = Lj-1 XOR f(Rj-1, kj) S-boxes, P-boxes Final permutation • Output = 64-bit ciphertext V. Sawma, Computer Security

  20. DES Decryption • Encryption: (Lj-1 ,Rj-1)  (Lj ,Rj) Lj = Rj-1 ; Rj = Lj-1 XOR f(Rj-1, kj) • Decryption: (Lj ,Rj)  (Lj-1 ,Rj-1) Rj-1 =Lj Lj-1 = Rj XOR f(Lj, kj) • Reverse key transformation V. Sawma, Computer Security

  21. Security of the DES • DES is in general a secure method; although it suffers minor weakness caused by complements, weak keys, design, key clustering, and differential cryptanalysis. • Nobody has yet shown serious flaws in the DES, nor do people really believe that hardware power has reached the point where a brute force attack can feasibly break the DES. • The problem with DES is not that it is known, or even suspected, to have been broken; it is just becoming more likely that it could be broken. V. Sawma, Computer Security

  22. Security Issues of DES • Design of Algorithm: • No S-box is linear • A bit change in the input of an S-box changes at least two output bits • Number of Iterations: 16 was found to be adequate • Key Length: A brute force attack performed in 1997 took four months to recover a key V. Sawma, Computer Security

  23. Weakness of DES • Complements: c = DES(p,k) ¬c = DES(¬p,¬k) • Weak Keys: The half keys shifted are all 0’s or 1’s V. Sawma, Computer Security

  24. Triple DES • In Triple-DES, two 56-bit keys are selected. • Data is encrypted via DES three times, the first time by the first key, the second time by the second key and the third time by the first key once again. • This process creates an encrypted data stream that is unbreakable with today's code-breaking techniques and available computing power, while being compatible with DES. • Triple-DES needs to encrypt a singular piece of data three times before transmitting. It is CPU-intensive. V. Sawma, Computer Security

  25. E(P, K1) E( E(P, K1), K2) E( E( E(P, K1), K2), K1) P K1 K2 K1 E(P, K1) E( E(P, K1), K1) E( E( E(P, K1), K1), K1) P K1 K1 K1 P E(P, K1) Triple-DES Using two keys: Using one-key: (Backward compatibility) V. Sawma, Computer Security

More Related