Professional Documents
Culture Documents
02장
02장
Fall 2014
2014 T.A
e-mail : eom_je@korea.ac.kr
2.1 DES
DES(Data Encryption Standard)
1973 (National Bureau of Standards,
NBS, ) DES
IBM (Lucifer)
1977 DES
FIPS PUB 46
(National Security Agency, NSA)
64 56, S-Box
considerable controversy over its security
(Substitution)
2. (Diffusion) :
DES (Permutation)
, AES
MixColumn
Shannon
Note: 2
2.3 DES
64 56 64
2.4 (Feistel)
(Feistel) : (Invertible) (NonInvertible)
(Non-Feistel) :
Note : :
(Inverse Function)
: .
2.4 (Feistel)
1 (Feistel)
:
:
;
2.4 (Feistel)
2 (Feistel)
,
,
,
,
,
,
,
,
,
2.4 (Feistel)
(Feistel)
2
SPN
1
,
.
2.5 DES
IP/ FP ( = IP
2.5 DES
( )
(Mixer) : 32
, 32
XOR .
(Swapper): XOR ,
32
.
2.5 DES
( )
2.5 DES
2.5 DES
(XOR) : 48 XOR
(S-Box)
1.
2.
3.
48 6 8 .
6 8 S-Box .
S-Box 6 4 .
2.5 DES
(S-Box)
1. 6 1 6
0 3 ,
.
2. 2 5 4
0 15 ,
.
2.5 DES
(S-Box)
S A S B
S A B .
....
2.5 DES
64
16 48
2.5 DES
(Parity Bit Drop)
DES 64 8
, DES 56
57
58
59
60
31
30
29
49
50
51
52
23
22
21
41
42
43
44
15
14
13
33
34
35
36
07
06
05
25
26
27
63
62
61
28
17
18
19
55
54
53
20
09
10
11
47
46
45
12
01
02
03
39
38
37
04
2.5 DES
(Shift)
,
2.2
10
11
12
13 14
15
16
2.5 DES
(Compression P-Box)
2.3 (Compression P-Box)
14
15
26
41
51
34
17
06
08
52
45
53
11
21
16
31
33
46
24
10
07
37
48
42
01
23
27
47
44
50
05
19
20
55
49
36
03
12
13
30
39
29
28
04
02
40
56
32
2.6 DES
2.7 DES
(Weak Key)
64
[ 2.1]
56
0000000 0000000
0000000 FFFFFFF
FFFFFFF 0000000
FFFFFFF FFFFFFF
2.7 DES
(Semi-Weak Key):
2
4
DES 4, 12, 48
2 64 4 12
48 /2
8.8 x 10
01FE 01FE 01FE 01FE
2.7 DES
(Brute Force Attack)
1981:estimatedbreakablein2daysby$50Mmachine
DESChallengeI(1997):brokenin96daysby70000machines,testing7
billionkeys/s(DESCHALLproject)
DESChallengeII1(1998):brokenbydistributed.netin41days
DESChallengeII2(1998):lessthan56hoursbyspecialhardware,$250K
incl designanddevelopment(DeepCrack)
DESChallengeIII(1999):22h15min,DeepCrack+100000machines,
testing245billionkeys/s
2007:6.4days,$10Khardware,120FPGAs(COPACOBANAproject)
(Complementation Property)
KeyComplement
C=Ek(P) =comp(C)=Ecomp(k)comp(P)
keydomainof256. 255.
2.7 DES
DifferentialCryptanalysis
Biham andShamirhaveshownhowa13rounditerated
characteristiccanbreakthefull16roundDES,requiresaneffort
ontheorderof247encryptions,requiring247 chosenplaintextsto
beencrypted,withaconsiderableamountofanalysis inpractise
exhaustivesearchisstilleasier,eventhoughupto255 encryptions
arerequiredforthis.
LinearCryptanalysis
canattackDESwith243 knownplaintexts,easierbutstillinpractise
infeasible
2.8 DES
56 DES
DES DES
2 DES (Double DES)
2.8 DES
2 DES (Double DES)
(Meet-in-the-Middle Attack)
2.8 DES
3 DES (Triple DES)