80 likes | 211 Views
DES Attacks and Triple DES. Cryptography and Network Security. Reference: Sec 4.1 of Stallings Text. DES and Brute Force Attack. Known plaintext attack Plaintext-ciphertext pairs are available
E N D
DES Attacks and Triple DES Cryptography and Network Security Reference: Sec 4.1 of Stallings Text
DES and Brute Force Attack • Known plaintext attack • Plaintext-ciphertext pairs are available • Brute force attack involves going through all 256 keys, encrypting the plaintext and matching with the ciphertext • SDESCrack1.java and SDESCrack2.java are programs that attack Simplified DES • Brute-force search on all 210 keys • Note the necessity of two plaintext-ciphertext pairs
Multiple DES • Brute-force attack on DES will eventually become possible and practical • Multiple applications (multiple keys) of DES increases the key search space for brute-force attacks • e.g., Double DES means two keys and therefore 2112 possible key-pairs to consider
Double DES • Encryption: C = Ek2[Ek1[P]] • Decryption: P = Dk1[Dk2[C]] • Check out SDES2.java for a simplified version • The following fact is essential: • For any two keys k1 and k2, it does not follow that a key k3 exists where Ek2[Ek1[P]] = Ek3[P] • A single-key brute-force attack will not work • Brute-force attack has two go through all key-pairs (see SDES2Crack1.java & SDES2Crack2.java)
Meet-in-the-Middle Attack • C = Ek2[Ek1[P]] impliesX = Ek1[P] = Dk2[C] • Algorithm: (assume p1,c1 and p2,c2 are known pairs) • Try all 256 possibilities for k1 and tabulate all Ek1[p1] • Try all 256 possibilities for k2, compute for Dk2[c1], and compare against the table • When values match, check ifc2 = Ek2[Ek1[p2]]
Analysis of Revised Attackon Double DES • Takes only twice the amount of time (approx) as brute-force on Regular DES • Requires a table of size 256 • See SDES2MM.java for an attack on Simplified Double DES
Triple DES • Meet-in-the-Middle attack does not apply if three DES applications are used • Using three keys possible but aggregate length of keys might be undesirable • Use two keys instead • Reuse a key for first and third application • Make second application a decryption operation (for backward compatibility with Regular DES) • See SDES3.java
Programming Homework #2 • Write an attack program for simplified triple DES (SDES3.java) • Use a combination of the brute-force method and the meet-in-the-middle method (use a table of size 210) to come up with an algorithm that runs in roughly the same amount of time as DES2Crack1.java