Ch 3: Block Ciphers and Data

Encryption Standard (DES)

Fourth Edition
by William Stallings

Lecture slides by Lawrie Brown

(modified by Prof. M. Singhal, U of
Kentucky)
1
 Modern Block Ciphers
• look at modern block ciphers
• one of the most widely used types of
cryptographic algorithms
• provide secrecy /authentication services
• focus on DES (Data Encryption Standard)
to illustrate block cipher design principles

2
 Block vs Stream Ciphers
• block ciphers process messages in
blocks, each of which is then en/decrypted
• like a substitution on very big characters
– 64-bits or more
• stream ciphers process messages a bit or
byte at a time when en/decrypting
• many current ciphers are block ciphers
• broader range of applications
3
 Block Cipher Principles
• most symmetric block ciphers are based on a
Feistel Cipher Structure
• block ciphers look like an extremely large
substitution
• would need table of 264 entries for a 64-bit block
• instead create from smaller building blocks
• using idea of a product cipher

4
Ideal Block Cipher

5
Claude Shannon and Substitution-
Permutation Ciphers
• Claude Shannon introduced idea of substitution-
permutation (S-P) networks in 1949
• form basis of modern block ciphers
• S-P nets are based on the two primitive
cryptographic operations:
– substitution (S-box)
– permutation (P-box)
• provide confusion & diffusion of message & key

6
 Diffusion and Confusion…

• Diffusion:
“The statistical structure of the plaintext is
spread (dissipated) into long-range
statistics of the ciphertext.”
• Achieved by having each plaintext digit
affect the value of many ciphertext digits.
• Objective is to globalize the local affects.
7
 Diffusion and Confusion…
• Confusion:
“Attempts to make the relationship between the
ciphertext and the encryption key as complex as
possible.”
• Achieved by using a complex substitution
algorithm.
• Even if an attacker can have some handle on
the statistics of the ciphertext, it is very difficult to
deduce the key.
8
 Feistel Cipher Structure
• Horst Feistel devised the feistel cipher
– based on concept of invertible product cipher
• partitions input block into two halves
– process through multiple rounds which
– perform a substitution on left data half
– based on round function of right half & subkey
– then have permutation swapping halves
• implements Shannon’s S-P net concept
9
Feistel Cipher Structure

10
Feistel Cipher Design Elements
• block size
• key size
• number of rounds
• subkey generation algorithm
• round function
• fast software en/decryption

11
Feistel Cipher Decryption

12
 Data Encryption Standard (DES)
• most widely used block cipher in world
• adopted in 1977 by NBS (now NIST)
• encrypts 64-bit data using 56-bit key
• has widespread use
• has been considerable controversy over
its security

13
 DES History
• IBM developed Lucifer cipher
– by team led by Feistel in late 60’s
– used 64-bit data blocks with 128-bit key
• then redeveloped as a commercial cipher
with input from NSA and others
• in 1973 NBS issued request for proposals
for a national cipher standard
• IBM submitted their revised Lucifer which
was eventually accepted as the DES
14
 DES Design Controversy
• although DES standard is public
• was considerable controversy over design
– in choice of 56-bit key (vs Lucifer 128-bit)
– and because design criteria were classified
• subsequent events and public analysis
show in fact design was appropriate
• use of DES has flourished
– especially in financial applications
– still standardised for legacy application use
15
16
 DES…

• Initial Permutation (IP):

The plaintext block undergoes an intial
permutation.
> 64 bits of the block are permuted.
• A Complex Transformation:
64 bit permuted block undergoes 16
rounds of complex transformation.
(Using subkeys)
17
 DES…

• 32-bit swap:
32 bit left and right halves of the
output of the 16th round are swapped.
• Inverse Initial Permutation (IP-1):
The 64 bit output undergoes a
permutation that is inverse of the intial
permutation.
>The 64 bit output is the ciphertext.
18
19
 DES
• The complex processing at each
iteration/round:
– Li = Ri-1
– Ri = Li-1 ⊗ F(Ri-1, Ki)
• Details of function F:
It takes 32 bits input and
produces a 32 bit output.
20
 DES

• Details of function F:
>32 bit input is expanded into 48 bits.
-This is done by permuting and
duplicating some bits of 32 bits.
>Exclusive OR operation is performed
between these 48 bits and 48 bit
subkey.

21
 DES

• Details of function F:...

> 48 bit output of the Exclusive
OR operation is grouped into 8
groups of 6 bits each.
> Each 6 bit group is fed into a 6-
to-4 substitution box that
transforms 6 bits to 4 bits.

22
 DES

• Details of function F:...

> 32 bit output of 8 substitution
boxes is fed into a permutation
box.
> The 32 bit output of the
permutation box is F(Ri-1, Ki).

23
 DES
• Concerns about:
– The key length (56-bits)
> 56 bit key was adequate in 70s.
> With faster processors, this
encryption method is no longer
safe.

24
Time to break a code (106
decryptions/µs)

25
 Triple DEA
• Use three keys and three executions of
the DES algorithm (encrypt-decrypt-
encrypt)

C = EK3[DK2[EK1[P]]]
• C = ciphertext
• P = Plaintext
• EK[X] = encryption of X using key K
• DK[Y] = decryption of Y using key K

• Effective key length of 168 bits

26
Triple DEA

27
 Cipher Block Modes of
Operation
• Cipher Block Chaining Mode (CBC)
- A method to increase the security of DES or
any block cipher.
– The input to the encryption algorithm is the
XOR of the current plaintext block and the
preceding ciphertext block.
- Processing of a sequence of plaintext
blocks is chained together.

28
29
Basis of Cipher Block Chaining…

Ci = E k [Ci −1 ⊕ Pi ]

D K [Ci ] = D K [E K (Ci −1 ⊕ Pi )]
D K [Ci ] = (Ci −1 ⊕ Pi )
Ci −1 ⊕ D K [Ci ] = Ci −1 ⊕ Ci −1 ⊕ Pi = Pi
30