Professional Documents
Culture Documents
For practical reasons the bit‐
stream generator must be
Encrypts a digital data implemented as an
keystream is as long as the
stream one bit or one byte algorithmic procedure so
plaintext bit stream
at a time that the cryptographic bit
stream can be produced by
both users
If the cryptographic It must be
keystream is random, computationally
then this cipher is impractical to predict
unbreakable by any future portions of the
means other than bit stream based on
acquiring the previous portions of
keystream the bit stream
•Keystream must be
provided to both users in
advance via some
independent and secure
channel The two users need
•This introduces
insurmountable logistical
only share the
problems if the intended generating key and
data traffic is very large each can produce the
keystream
Block Cipher
A block of
plaintext is treated
Typically a block
as a whole and
size of 64 or 128
used to produce a
bits is used
ciphertext block of
equal length
The majority of
network‐based
Two users share a symmetric
symmetric cryptographic
encryption key applications make
use of block
ciphers
Table 4.1
Encryption and Decryption Tables for Substitution Cipher of Figure
4.2
Feistel Cipher
• Feistel proposed the use of a cipher that
alternates substitutions and permutations
•Each plaintext element or group of elements
Substitutions is uniquely replaced by a corresponding
ciphertext element or group of elements
•No elements are added or deleted or replaced
Permutation in the sequence, rather the order in which the
elements appear in the sequence is changed
• Is a practical application of a proposal by Claude
Shannon to develop a product cipher that
alternates confusion and diffusion functions
• Is the structure used by many significant
symmetric block ciphers currently in use
Diffusion and Confusion
• Terms introduced by Claude Shannon to capture
the two basic building blocks for any
cryptographic system
• Shannon’s concern was to thwart cryptanalysis
based on statistical analysis
Diffusion
•The statistical structure of the plaintext is dissipated into long‐range statistics of the
ciphertext
•This is achieved by having each plaintext digit affect the value of many ciphertext
digits
Confusion
•Seeks to make the relationship between the statistics of the ciphertext and the value
of the encryption key as complex as possible
•Even if the attacker can get some handle on the statistics of the ciphertext, the way in
which the key was used to produce that ciphertext is so complex as to make it
difficult to deduce the key
Feistel Cipher Design Features
• Block size
• Larger block sizes mean greater • Round function F
security but reduced • Greater complexity generally
encryption/decryption speed for a means greater resistance to
given algorithm cryptanalysis
• Key size • Fast software
• Larger key size means greater security encryption/decryption
but may decrease • In many cases, encrypting is
encryption/decryption speeds embedded in applications or
utility functions in such a way as
to preclude a hardware
• Number of rounds implementation; accordingly, the
• The essence of the Feistel cipher is that speed of execution of the
a single round offers inadequate algorithm becomes a concern
security but that multiple rounds offer
increasing security
• Ease of analysis
• If the algorithm can be concisely
• Subkey generation algorithm and clearly explained, it is easier
• Greater complexity in this algorithm to analyze that algorithm for
should lead to greater difficulty of cryptanalytic vulnerabilities and
cryptanalysis therefore develop a higher level
of assurance as to its strength
Feistel Example
Data Encryption Standard (DES)
• Issued in 1977 by the National Bureau of Standards (now
NIST) as Federal Information Processing Standard 46
• Was the most widely used encryption scheme until the
introduction of the Advanced Encryption Standard
(AES) in 2001
• Algorithm itself is referred to as the Data Encryption
Algorithm (DEA)
• Data are encrypted in 64‐bit blocks using a 56‐bit key
• The algorithm transforms 64‐bit input in a series of steps
into a 64‐bit output
• The same steps, with the same key, are used to reverse
the encryption
DES Encryption cont…
• Processing consists of 4‐phases
– Sub‐keys are generated by key schedule algorithm
• Compressed 48‐bit sub‐key is actually used,
– Derived from the original 56‐bit key
– 64‐bit plaintext is passed through Initial Permutation
– Followed by 16‐same‐rounds consisting of permutations
and substitution
– Then, Inverse Initial Permutation (Final Permutation)
DES Key Schedule
• Generates sub‐keys used in each
round consists of:
– Step 1:
• initial permutation of the key (PC1)
which selects 56‐bits in two 28‐bit halves
from 64 bits
– PC1 is applied only once though
• Permutation Choice‐I (PC‐I)
– Only 56 bits of the 64 bits of the input are
selected
» To form the 56‐bit key‐schedule state
– The remaining eight (8, 16, 24, 32, 40, 48, 56,
64) were specified for use as parity bits.
DES Key Schedule cont…
– Step 2:
Key Rotations Table
Round
numbe
Number of • 16 stages consisting of:
left rotations
r – rotating each half separately either 1
1 1
or 2 places depending on the key
2 1
3 2
rotation table
i i
4 2 – Passing C & D fromPC‐2
5 2
6 2
– To form the updated 56‐bit key‐
7 2 schedule state
8 2
9 1
10 2 • Permutation Choice‐II (PC‐II)
11 2
12 2 – This permutation selects the 48‐bit
13 2 sub‐key for each round from the
14 2
15 2
updated 56‐bit key‐schedule state.
16 1 – Discarded bits are 9, 18, 22, 25 (from
Ci), 35, 38, 43, 54 (from Di)
DES Encryption
• Initial Permutation IP
• first step of the data computation
• IP reorders the input data bits
• – even bits to LH half (32‐bits), odd bits to RH half (32‐bits)
DES Encryption
Round Structure
• Uses two 32‐bit left (L) & right (R) halves
• As for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1 xor F(Ri–1, Ki)
• Takes 32‐bit R half and 48‐bit sub‐key and:
– expands R to 48‐bits using permutation E
– adds to sub‐key
– passes through 8 S‐boxes to get 32‐bit result
– finally permutes this using 32‐bit permutation P
DES Encryption
Round Structure
• Uses two 32‐bit left (L) & right (R) halves
• As for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1 xor F(Ri–1, Ki)
• Takes 32‐bit R half and 48‐bit sub‐key and:
– expands R to 48‐bits using permutation E
– adds to sub‐key
– passes through 8 S‐boxes to get 32‐bit result
– finally permutes this using 32‐bit permutation P
DES Encryption Function
Expansion Table
• Note that some bits from the input are duplicated at the output, e.g.
– the fifth bit of the input is duplicated in both the sixth and eighth
bit of the output.
• Thus, the 32‐bit half‐block is expanded to 48 bits.
DES Encryption Function
DES Encryption Function cont..
S‐boxes
• Have eight S‐boxes which map 6 bits to 4 bits
– Generated by Boolean functions
• Each S‐box is actually 4 little 4 x 16 tables
– outer bits 1 & 6 (row bits) select one rows
• Make the value from 0 to 3
– inner bits 2‐5 (column bits) are substituted
• Make the value from 0 to 15
– Result is 8 lots of 4 bits, or 32 bits
• Row selection depends on both data & key
– feature known as autoclaving (auto‐keying)
• S‐box selection depends on the 6‐bit lot position/order
• This layer provides the confusion property
DES Encryption Function cont..
Example:
S(180912B92E17) = S(000110 000000 100100 010010 101110 010010 111000 010111)=
s1(000110) s2(000000) s3(100100) s4(010010) s5(101110) s6(010010) s7(111000)
s8(010111)= 1f428c0b
DES Encryption Function cont...
S‐Box: Example
• Let the input to S5‐box is: (101110)
• The first and last bits combine to form 10
– which corresponds to the row 2 (actually 3rd row) of S5
• The middle 4 bits combine to form 0111
– which corresponds to the column 7 (actually the 8th
column) of the same S5‐box
• Thus, looking for the entry:
– in row 2, column 7 of S5‐box:
– Output 8 (decimal) = 1000 (binary)
Table 4.2
DES
Example
Note: DES subkeys are shown as eight 6-bit values in hex format
Avalanche Effect
• Significantly desirable property of encryption
algorithms
– Change of one input‐bit / key‐bit exhibits the change in
approximately half of the output bits
• Making attempts to guessing the key impossible
• DES exhibits strong avalanche effect
Avalanche Effect in DES
• Let two plaintext blocks that differ only in one‐bit
• And let a key:
• Then
• The output of two plaintexts differ in 33‐bits after
16 rounds of DES
Table 4.3 Avalanche Effect in DES: Change in Plaintext
Table 4.4 Avalanche Effect in DES: Change in Key
Table 4.5
Average Time Required for Exhaustive Key Search
Block Cipher Design Principles:
Number of Rounds
In general, the
criterion should be
If DES had 15 or
that the number of
The greater the fewer rounds,
rounds is chosen so
number of rounds, differential
that known
the more difficult it cryptanalysis would
cryptanalytic efforts
is to perform require less effort
require greater
cryptanalysis than a brute‐force
effort than a simple
key search
brute‐force key
search attack
Block Cipher Design Principles:
Design of Function F
• The heart of a Feistel The algorithm should have good
block cipher is the avalanche properties
function F
• The more nonlinear F, Bit
the more difficult any Strict avalanche
independence
type of cryptanalysis will criterion (SAC) criterion (BIC)
be
States that output bits
• The SAC and BIC States that any output
bit j of an S‐box should j and k should change
criteria appear to change with probability independently when
any single input bit i is
strengthen the 1/2 when any single input
bit i is inverted for all i , j inverted for all i , j ,
effectiveness of the and k
confusion function
Block Cipher Design Principles:
Key Schedule Algorithm
• With any Feistel block cipher, the key is used to
generate one subkey for each round
• In general, we would like to select subkeys to
maximize the difficulty of deducing individual
subkeys and the difficulty of working back to the
main key
• It is suggested that, at a minimum, the key
schedule should guarantee key/ciphertext Strict
Avalanche Criterion and Bit Independence
Criterion
Summary
• Traditional Block Cipher • The strength of DES
Structure • Use of 56‐bit keys
• Stream ciphers • Nature of the DES
• Block ciphers algorithm
• Motivation for the • Timing attacks
Feistel cipher structure
• Feistel cipher • Block cipher design
principles
• The Data Encryption • Number of rounds
Standard (DES) • Design of function F
• Encryption • Key schedule algorithm
• Decryption
• Avalanche effect