Professional Documents
Culture Documents
Dr Bobby Yang
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 1/19
Basic operations
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 2/19
DES algorithm
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 3/19
DES – overall operation
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 4/19
DES encryption and decryption
• Consider only one round
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 5/19
DES encryption and decryption
• Consider only one round, Encrypt plaintext X :
A = IP(x) = (L0 R0 )
B = L1 = R0 ; R1 = L0 ⊕ f (K1 , R0 )
Y = IP −1 (R1 L1 ) = IP −1 (R1 , R0 )
• Decryption
Y = IP −1 (R1 , R0 )
U = IP(Y ) = IP(IP −1 (R1 , R0 )) = (R1 , R0 )
V = (R0 , R1 ⊕ f (K1 , R0 ) = (R0 , L0 ⊕ f (K1 , R0 ) ⊕ f (K1 , R0 )
= (R0 , L0 )
W = (L0 , R0 )
Z = IP −1 (L0 , R0 ) = X
• Decryption uses the same function as encryption, except
the round keys are used in reverse.
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 6/19
DES internals – Initial and Final
permutations
1. Initial Permutation IP and Final permutation IP −1
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 7/19
DES internals – f -Function
• S-boxes provides
confusion
• There are 8 S-boxes,
crucial to the strength of
DES
• Transforms 6 bit inputs
• E.g. S-box 1 input
into 4 bit outputs
• Non-linear, i.e. (100101)2
S(a) ⊕ S(b) 6= S(a ⊕ b) becomes (1000)2 = 8
• Use of S-boxes
• Row: use MSB,LSB of
input
• Column: use remaining
4 bits
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 9/19
DES – S-boxes and P
• Permutation function, P designed to provide diffusion
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 10/19
Key Schedule
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 12/19
Security of DES
• Small keyspace, prone to brute force attacks.
• Brute Force attack: If at least one pair of plaintext and
ciphertext is available, try all 256 keys such that the
decrypted ciphertext matches the plaintext. Hence there
• Average number of attempts required 21 256 = 255
• Time to break: 6.4 days using a special cracking devices,
e.g. COPACABANA, Deep Crack
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 13/19
Exhaustive key search
• Give a plaintext-ciphertext pair (x1 , y1 ) find a DES key ki
?
check: DESki (x1 ) = yi , for i = 0, 1, · · · , 256 − 1
• False positive: if a key ki can decrypt one pair (x1 , y1 ) but
not others, then several pairs of (x, y ) would be needed.
• Consider x1 of 64-bits, key size k 80 bits. There should be
280 ciphertext y10,.... . Since the output size is also 64-bits,
is output space is 264 , then some of the possible
80
ciphertext, on average 2264 = 216 , maps to the same value.
• Hence, for one pair (x1 , y1 ), the probability of the correct
key is 2116
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 14/19
2DES
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 15/19
Triple DES (3DES)
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 16/19
Security of 3DES
• If k1 = k2 = k3 , then 3DES is equivalent to DES, i.e. same
3DES code/function can be used for DES
• Exhaustive key search using meet-inside attack
• Give plaintext-ciphertext pair x1 , y1 , keys k1 , k2 , k3
• Encrypt x1 with all possible k1 , k2
i.e. Xij′ = EDES (DDES (x1 , k1i ), k2j )
• Decrypt y1 using k3k , each time check with X ′ until a match
found
• Maximum no. of encrypt/decryt: 22×56 + 256 ≈ 2112
• The equivalent key strength is 112 bits, not 168 bits
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 17/19
Other ciphers
• Lightweight cipher designed for low power devices, e.g.
RFID tags
• Block length 64 bits, key lengths of 80 and 128 bits
• uses 31 rounds of substitution-permutations
• MISTY1
• Blowfish
• Twofish
• IDEA, etc.
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 18/19
DES summary
• DES uses 56 bit keys, too weak against brute force today
• DES is quite robust against known analytical attacks
• Efficient in software and hardware
• DES usually uses as 3DES
Diagrams are taken from textbook "Understanding Cryptography" by Christof Paar and Jan Pelzl 19/19