P. 1
Lec01 SimplifiedDES

|Views: 2|Likes:

See more
See less

04/17/2012

pdf

text

original

# What is Simplified DES (S-DES

)

Developed in 1996 as a teaching tool

Santa Clara University
 Prof. Edward Schaefer

Encryption: Takes an 8-bit block plaintext, a 10 –bit key and produces an 8-bit block of ciphertext  Decryption: takes the 8-bit block of ciphertext, the same 10-bit key and produces the original 8-bit block of plaintext

NETWORK SECURITY
Simplified DES

Encryption Algorithm: Five Functions

 

S-DES Scheme

IP – an initial permutation
fk - a complex, 2-input function SW – a simple permutation that swaps the two halves of the data fk - a complex, 2-input function; again

IP-1 – inverse permutation of the initial permutation

Encryption Algorithm

Encryption Algorithm

Input to function fK

Encryption Algorithm:

IP 1  f K2  SW  f K1  IP

the data passing through the encryption algorithm

an 8-bit key.

Possibilities for key
a 16-bit key, consisting of two 8-bit subkeys, one used for each occurrence of fK.  a single 8-bit key could have been used, with the same key used twice in the algorithm.  a 10-bit key from which two 8-bit subkeys are generated

OR 1  Ciphertext= IP ( f K ( SW ( f K ( IP ( plain text)))))
2 1

where

K1

P8( Shift( P10(key)))

K2

P8(Shift(Shift( P10(key))))

Decryption is the reverse of encryption:

Plaintext= IP 1 ( f K ( SW ( f K ( IP (ciphertext))))) 1 2

1

 Perform shift operation (LS-1).k2.k7.k4.  The 6 3 7 4 P8 8 5 10 9  Our example result is subkey K1.k9.k7.k4.k2.k5.k8. two 8-bit subkeys are produced for use in particular stages of the encryption and decryption algorithm.k10.  Example:   the Permutation Function (P8)  picks out and permutes 8 out of 10 bits according to the following rule: given key (1010000010) is first permuted to (1000001100).k4.k9.k8.Encryption Algorithm: Key Generation   Key Generation  In S-DES. the result is (00001 11000).k10:  Encryption Algorithm: Key Generation  Permutation Function (P10) P10(k1.k6) P10 3 5 2 7 4 10 1 9 8 6  Or it may be represented in such a form Example: the key (1010000010) is permuted to (1000001100). Process: the key is first subjected to a permutation (P10)  then a shift operation is performed  The output of the shift operation   passes through a permutation function (P8) that produces an 8bit output for the first subkey (K1). yields (10100100) 2 .k5.k3. a 10-bit key is used From this key. separately on the 1st 5 bits and the 2nd 5 bits.  also feeds into another shift and another instance of P8 to produce the second subkey (K2).k1. P10 3 5 2 7 4 10 1 9 8 6 Encryption Algorithm: Key Generation  Encryption Algorithm: Key Generation  Shift Operation (LS-1) circular shift (LS-1). Encryption Algorithm: Key Generation Permutation Function (P10) First. permute the 10-bit key k1.k7.k5.k6.k2.k10) =(k3.k8.k6. or rotation.k9.k3.

R) is the bit-by-bit exclusive-OR 3 .  f k ( L. 3. the value (00001 11000) becomes (00100 00011). 2.   The most complex component of S-DES A combination of permutation and substitution functions.  In our example. Then f K(1011 1101) = (0101 1101) because (1011) (1110) = (0101). that IP-1(IP(X)) = X.SK) = (1110) for some key SK. the inverse permutation is used: 2  6 3 IP 1 4 8 5 7  4 1 3 IP-1 5 7 2 8 6 This retains all 8 bits of the plaintext but mixes them up. 4. R ) where SK is a subkey and function (L F ( R.Encryption Algorithm: Key Generation  S-DES Encryption  Sub key K2 Generation Take the pair of 5-bit strings produced by the two LS-1 functions  Perform a circular left shift of 2 bit positions on each 5bit string. S-DES encryption involves the sequential application of five functions: Initial Permutation (IP) Complex function (f k ) Switch Function (SW) Complex function (f k ) again Final Permutation (IP -1)  5. the result is (01000011)  1.  Finally. P8 function is applied again to produce K2. Inverse of Initial Permutation S-DES Encryption: Initial Permutation (IP)   S-DES Encryption: Final Permutation (IP-1)  Input to the algorithm: an 8-bit block of plaintext Apply permutation using the following IP function: At the end of the algorithm. SK ). It may be verified. S-DES Encryption: Function (f k)   S-DES Encryption: Function (f k) Example:  Suppose the output of the IP stage is (1011 1101) and F(1101. Assume  L and R be the leftmost 4 bits and rightmost 4 bits of the 8 bit input to fK F be a mapping (not necessarily one to one) from 4-bit strings to 4-bit strings.  In our example.

The S-box produces 2-bit output. p03) = (00) and (p01. k12. S-DES Encryption: Function (f k) Mapping F : an expansion/permutation (E/P)operation 3. k16. column 2 of S0. producing the output of F 4 1 2 E/P 3 2 3 4 1 Or write in the following fashion: S-DES Encryption: Function (f k)  S-DES Encryption: Function (f k)  Mapping F : exclusive-OR with 8-bit sub-key1 Mapping F : S-boxes S0 and S1  The 8-bit subkey K1 = (k11. in base 2. is the 2-bit output. p13) and (p11. 4.  For example.  Similarly. 2. if (p00.   The entry in that row and column. p02) = (10) the output is from row 0. The outputs of S0 and S1 undergo permutation (P4).S-DES Encryption: Function (f k) Mapping F  The input is a 4-bit number (n1 n2 n3 n4). (p10. k13. k14. which is 3. p12) are used to index into a row and column of S1 to produce an additional 2 bits.  Operations 1. an expansion/permutation exclusive-OR with 8-bit sub-key1 Perform S-box operation S0 on four bits of the result and S1 on the remaining four bits. k15. or (11) in binary. k17. k18) is added to this value using XOR:    The first 4 bits (1st row of the preceding matrix) are fed into the S-box S0 to produce a 2-bit output The remaining 4 bits (2nd row) are fed into S1 to produce another 2-bit output Two S-boxes are defined as  Rename these bits as: S-DES Encryption: Function (f k)  S-DES Encryption: Function (f k)  Mapping F : S-boxes S0 and S1 Mapping F : S-boxes S0 and S1    The 1st and 4th input bits are treated as a 2-bit number that specify a row of the S-box The 2nd and 3rd input bits specify a column of the S-box. 4 .

c8).k7. The key input is K2. S0. 5 .t)  Then the operation of S0 is defined in the following equations: q = abcd + ab + ac + b + d r = abcd + abd + ab + ac + ad + a + c + 1  5 6 7 8 9 10 11 12 13 14 15 where all additions are made modulo 2.s.k5.b. S-DES: Analysis  S-DES: Analysis  Brute-force attack   Cryptanalytic attack: Known Plaintext attack  certainly feasible With a 10-bit key.   If we know plaintext (p1.p11.  Given a ciphertext.p6.c7.p3.k10) is unknown.c.k8. the E/P.d) and (p10. S1. an attacker can try each possibility and analyze the result to determine if it is reasonable plaintext.S-DES Encryption: Function (f k)  S-DES Encryption: Switch Function (SW)  Mapping F : Permutation P4  The 4 bits produced by S0 and S1 undergo a further permutation as follows:  2  4 P4 3  1  The function f K only alters the leftmost 4 bits of input.x.p5.p02.p2.k9. there are only 210 = 1024 possibilities. The switch function SW interchanges the left and right bits so that the 2nd instance of f K operates on a different 4 bits.k3.y.z). then we can express this problem as a system of 8 nonlinear equations with 10 unknowns. In the 2nd instance.p12. This is the output of the Function F. Let 4-bit output be (q. and P4 functions are the same. q r 1 0 a 0 0 d 0 0 b 0 0 c 0 1 S-DES: Analysis  S-DES: Analysis Truth Table for S-box S0: 0 1 2 3 4 0 0 1 1 1 1 0 0 0 1 0 1 1 0 1 1 1 0 1 0 1 0 0 0 1 1 1 1 1 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 0 0 1 1 1 1 0 0 0 0 1 1 1 1 1 1 0 0 1 1 0 0 1 1 0 0 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 Cryptanalytic attack: Known Plaintext attack rename (p00.r.c6.k4. The nonlinearity comes from the S-boxes. It is useful to write down equations for these boxes. and key (k1.p03)=(a.c3.c5.k6.c4.  Similar equations define S1.p7.p01.p4.k2.c2.p13)=(w.p8) and respective cipher text (c1.

There is an initial permutation of 56 bits followed by a sequence of shifts and permutations of 48 bits. instead of F acting on 4 bits (n1n2n3n4). from which 16 48-bit subkeys are calculated. 6 . the output of 48 bits can be depicted as  A 56-bit key is used. The 1 st and last bit of a row of the preceding matrix picks out a row of an S-box. note that a polynomial equation in 10 unknowns in binary arithmetic can have 210 possible terms.. corresponding to 8 S-boxes.S-DES: Analysis q (a d b c)(a d b c )(a d b c) (a d b c )(a d b c)(a d b c)(a d b c ) (a d b)(a d b )(a d c)(a d b c ) (a db bd )(a bd d c cd bc) abd a b d a bd abc ac d acd bcd b c d (abd (1 a)(1 b)d ) (1 a)b(1 d ) abc (a(1 c)d ac(1 d )) (bc(1 d ) (1 b)(1 c)d ) (d ad bd ) (b ab bd abd ) abc (ad ac) (bc d bd cd ) (d ad b ab bd ) (abd acd ac bc d bd cd abcd abc) abcd ac ab b d S-DES: Analysis   Alternating linear maps with these nonlinear maps results in very complex polynomial expressions for the cipher-text bits.  On average. it acts on 32 bits (n1n2.. S-DES: Relationship to DES   S-DES: Relationship to DES  DES operates on 64-bit blocks of input.n32).   Each S-box has 4 rows and 16 columns.. After the initial expansion/permutation. S-DES: Relationship to DES   This matrix is added (XOR) to a 48-bit subkey. and the middle 4 bits pick out a column.SW  f K1  SW  IP  Within the encryption algorithm. we might therefore expect each of the 8 equations to have 2 9 terms. There 8 rows. Encryption scheme can be defined as  IP 1  f K16  SW  f K15  SW  . making cryptanalysis difficult. To visualize the scale of the problem.

scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->