Professional Documents
Culture Documents
RV College world
of
Engineering
6. Public-Key Cryptanalysis.
of RSA.
be recovered easily by the persons who have the key, but is highly resistant
phrases is rearranged.
• Many current ciphers are block ciphers hence are focus of course
RV College
of
Engineering
Block Cipher Principles Go, change the
world
• block ciphers look like an extremely large substitution would need table of
264 entries for a 64-bit block, arbitrary reversible substitution cipher for a
large block size is not practical
• – 64-bit general substitution block cipher, key size 2 64!
• Most symmetric block ciphers are based on a Feistel Cipher Structure
needed since must be able to decrypt ciphertext to recover messages
efficiently
RV College
Go, change the
of
Engineering
Motivation for the Feistel Cipher Structure world
Feistel proposed [FEIS73] that we can approximate the ideal block cipher by
utilizing the concept of a product cipher, which is the execution of two or more
simple ciphers in sequence in such a way that the final result or product is
Cryptographically stronger than any of the component ciphers.
The essence of the approach is to develop a block cipher with a key length of k
bits and a block length of n bits, allowing a total of 2k possible transformations,
rather than the 2n! Transformations available with the ideal block cipher.
RV College
Go, change the
of
Engineering
FEISTEL CIPHER STRUCTURE world
In particular, the Feistel structure is used for Triple Data Encryption Algorithm
(TDEA), which is one of the two encryption algorithms (along with AES),
approved for general use by the National Institute of Standards and Technology
(NIST). The Feistel structure is also used for several schemes for format-
preserving encryption, which have recently come into prominence.
On the other hand, confusion seeks to make the relationship between the
statistics of the ciphertext and the value of the encryption key as complex as
possible, again to thwart attempts to discover the key. Thus, even if the
attacker can get some handle on the statistics of the ciphertext, the way in
which the key was used to produce that ciphertext is so complex as to make it
difficult to deduce the key. This is achieved by the use of a complex substitution
algorithm. In contrast, a simple linear substitution function would add little
confusion.
Feistel Cipher is not a specific scheme of block cipher. It is a design model from
which many different block ciphers are derived. DES is just one example
of a Feistel Cipher. A cryptographic system based on Feistel cipher
structure uses the same algorithm for both encryption and decryption.
RV College
of
Engineering
FEISTEL CIPHER STRUCTURE Go, change the
world
Encryption Process:
The input block to each round is divided into two halves that can be denoted as
L and R for the left half and the right half.
In each round, the right half of the block, R, goes through unchanged. But the
left half, L, goes through an operation that depends on R and the encryption
key. First, we apply an encrypting function ‘f’ that takes two input − the key K
and R. The function produces the output f(R,K). Then, we XOR the output of
the mathematical function with L.
In real implementation of the Feistel Cipher, such as DES, instead of using the
whole encryption key during each round, a round-dependent key (a subkey) is
derived from the encryption key. This means that each round uses a different
key, although all these subkeys are related to the original key.
RV College
of
Engineering
FEISTEL CIPHER STRUCTURE Go, change the
world
Encryption Process:
The permutation step at the end of each round swaps the modified L and
unmodified R. Therefore, the L for the next round would be R of the current
round. And R for the next round be the output L of the current round.
Above substitution and permutation steps form a ‘round’. The number of
rounds are specified by the algorithm design.
Once the last round is completed then the two sub blocks, ‘R’ and ‘L’ are
concatenated in this order to form the ciphertext block.
RV College
of
Engineering
FEISTEL CIPHER STRUCTURE Go, change the
world
Number of Rounds
The number of rounds used in a Feistel Cipher depends on desired security from the
system. More number of rounds provide more secure system. But at the same
time, more rounds mean the inefficient slow encryption and decryption
processes. Number of rounds in the systems thus depend upon efficiency–
security tradeoff.
RV College
of Go, change the
Engineering
world
FEISTEL CIPHER
• n sequential rounds
• The round function is parameterized by the subkey Ki –Ki are derived from
Decryption Process:
The process of decryption in Feistel cipher is almost similar. Instead of starting with
a block of plaintext, the ciphertext block is fed into the start of the Feistel
structure and then the process thereafter is exactly the same as described in the
given illustration.
The process is said to be almost similar and not exactly same. In the case of
decryption, the only difference is that the subkeys used in encryption are used
in the reverse order.
The final swapping of ‘L’ and ‘R’ in last step of the Feistel Cipher is essential. If
these are not swapped then the resulting ciphertext could not be decrypted using
the same algorithm.
RV College
of
Engineering
FEISTEL CIPHER DECRYPTION Go, change the
world
RV College
of
Engineering
FEISTEL CIPHER DECRYPTION Go, change the
world
Suppose that the blocks at each stage are 32 bits (two 16-bit halves) and that the
key size is 24 bits. Suppose that at the end of encryption round fourteen, the
value of the intermediate block (in hexadecimal) is DE7F03A6.
Then
LE14 = DE7F and RE14 = 03A6. Also assume that the value of K15 is 12DE52.
After round 15, we have LE15 = 03A6 and RE15 = F(03A6, 12DE52) ⊕ DE7F.
RV College
of
Engineering
FEISTEL CIPHER DECRYPTION Go, change the
world
Data encryption standard (DES) has been found vulnerable against very
powerful attacks and therefore, the popularity of DES has been found
slightly on decline.
DES is a block cipher, and encrypts data in blocks of size of 64 bit each, means
64 bits of plain text goes as the input to DES, which produces 64 bits of
cipher text. The same algorithm and key are used for encryption and
decryption, with minor differences. The key length is 56 bits.
RV College
Go, change the
of
Engineering
DATA ENCRYPTION STANDARD (DES) world
We have mention that DES uses a 56 bit key. Actually, the initial key consists of
64 bits. However, before the DES process even starts, every 8th bit of the
key is discarded to produce a 56 bit key. That is bit position 8, 16, 24, 32,
40, 48, 56 and 64 are discarded.
Thus, the discarding of every 8th bit of the key produces a 56-bit key from the
original 64-bit key.
RV College
Go, change the
of
Engineering
DATA ENCRYPTION STANDARD (DES) world
1. In the first step, the 64 bit plain text block is handed over to an initial
Permutation (IP) function.
2. The initial permutation performed on plain text.
3. Next the initial permutation (IP) produces two halves of the permuted
block; says Left Plain Text (LPT) and Right Plain Text (RPT).
4. Now each LPT and RPT to go through 16 rounds of encryption process.
5. In the end, LPT and RPT are rejoined and a Final Permutation (FP) is
performed on the combined block.
6. The result of this process produces 64 bit cipher text.
RV College
Go, change the
of
Engineering
DATA ENCRYPTION STANDARD (DES) world
• first step of the data computation IP reorders the input data bits quite
regular in structure.
RV College
Go, change the
of
Engineering DES ROUND STRUCTURE world
The last operation in the DES function is a permutation with a 32-bit input and a
32-bit output.
The input/output relationship for this operation is shown in Table and follows the
same general rule as previous tables.
For example, the seventh bit of the input becomes the second bit of the output.
RV College
of Go, change the
Engineering DES Decryption (Reverse encryption) world
• where a change of one input or key bit results in changing approx half
output bits
RV College
of
Terminology Related to Asymmetric EncryptionGo, changeworld
Engineering
the
Asymmetric Keys
Two related keys, a public key and a private key, that are used to perform
complementary operations, such as encryption and decryption or signature
generation and signature verification.
Public Key Certificate
A digital document issued and digitally signed by the private key of a
Certification Authority that binds the name of a subscriber to a public key. The
certificate indicates that the subscriber identified in the certificate has sole
control and access to the corresponding private key.
Public Key (Asymmetric) Cryptographic Algorithm
A cryptographic algorithm that uses two related keys, a public key and a private
key. The two keys have the property that deriving the private key from the
public key is computationally infeasible.
Public Key Infrastructure (PKI)
A set of policies, processes, server platforms, software and workstations used for
the purpose of administering certificates and public-private key pairs,
including the ability to issue, maintain, and revoke public key certificates.
RV College
Go, change the
of
Engineering
Private Key Cryptography world
hence does not protect sender from receiver forging a message & claiming is
sent by sender
RV College
Go, change the
of
Engineering
Public Key Cryptography world
digital signatures – how to verify a message comes intact from the claimed
sender
public invention due to Whitfield Diffie & Martin Hellman at Stanford Uni in
1976
some algorithms are suitable for all uses, others are specific to one
RV College
Go, change the
of
Engineering
Public Key Requirements world
either of the two related keys can be used for encryption, with the other used
for decryption (for some algorithms)
these are formidable requirements which only a few algorithms have satisfied
RV College
Go, change the
of
Engineering
Public Key Requirements world
like private key schemes brute force exhaustive search attack is always
theoretically possible
but keys used are too large (>512bits)
security relies on a large enough difference in difficulty between easy
(en/decrypt) and hard (cryptanalyse) problems
more generally the hard problem is known, but is made hard enough to be
impractical to break
requires the use of very large numbers
hence is slow compared to private key schemes
RV College
Go, change the
of
Engineering
Introduction RSA world
computes: M = Cd mod n
note that the message M must be smaller than the modulus n (block if needed)
RV College
Go, change the
of
Engineering
RSA Key Setup world
SECURITY OF RSA:
Although the timing attack is a serious threat, there are simple countermeasures
that can be used, including the following.
Constant exponentiation time: Ensure that all exponentiations take the same
amount of time before returning a result. This is a simple fix but does degrade
performance.
Random delay: Better performance could be achieved by adding a random
delay to the exponentiation algorithm to confuse the timing attack. Kocher points
out that if defenders don’t add enough noise, attackers could still succeed by
collecting additional measurements to compensate for the random delays.
Blinding: Multiply the ciphertext by a random number before performing
exponentiation.
This process prevents the attacker from knowing what ciphertext bits are being
processed inside the computer and therefore prevents the bit-by-bit analysis
essential to the timing attack.
RV College
of
Go, change the
Engineering world
Alice & Bob with Eve listening wish to make a secret shared
color
RV College
Go, change the
of
Engineering Diffie-Hellman Key Exchange Algorithm world
Alice mixed
[(Yellow + Teal) from Bob] + Orange
Bob mixed
[(Yellow + Orange) from Alice] + Teal
RV College
Go, change the
of
Engineering Diffie-Hellman Key Exchange Algorithm world
Diffie-Hellman Algorithm
Example: Let p=11, g=2, then
a 1 2 3 4 5 6 7 8 9 10 11
ga 2 4 8 16 32 64 128 256 512 1024 2048
ga mod p 2 4 8 5 10 9 7 3 6 1 2