Professional Documents
Culture Documents
Unit 2
Unit 2
P10
8-bit plaintext 8-bit plaintext
SHIFT
IP IP - 1
P8
K1 K1
fk fk
SHIFT
SW SW
K2 P8 K2
fk fk
IP - 1 IP
k1 k2 k3 k4 k5 k6 k7 k8
k2 k6 k3 k1 k4 k8 k5 k7
Expansion/Permutation (E/P)
Expand 4 bits into 8 and permutate them…
k1 k2 k3 k4
k4 k1 k2 k3 k2 k3 k4 k1
Data Encryption Standard (DES)
Initial Permutation IP
Variations of DES –
▪ Double DES
▪ Triple DES
• Triple DES with two keys
• Triple DES with three keys
Double DES
▪ Two encryption stages, two keys
▪ Given plaintext P, keys K1, K2
encryption C = E(K2, E(K1, P))
decryption P = D(K1, D(K2, C))
▪ for decryption, keys applied in reverse order
▪ Apparently, key length 56×2 = 112 bits
Double DES : Attacks
Reduction to Single Stage :
▪ Suppose it is possible to find key K3 so that
E(K2, E(K1, P)) = E(K3, P)
▪ Multiple encryption will be useless as it would be
equivalent to single encryption i.e. DES
Meet in the middle attack :
C = E(K2, E(K1, P))
X = E(K1,P) = D(K2, P)
▪ Encrypt P for all possible 256 values of K1
▪ Decrypt C for all possible 256 values of K2
▪ Lookup each decryption against table
▪ Upon a match, verify with another (P,C) pair
▪ If second pair works, done!
Triple-DES with Two-Keys
▪ To counter meet-in-the-middle attack
▪ Encrypt-decrypt-encrypt EDE sequence
C= E (K1, D(K2, E(K1, P)))
▪ Key length 112 bits
▪ No current cryptanalysis attack on 3DES
Triple-DES with Two-Keys: Proposed attack
Number of rounds 10 12 14
• A
Cipher Feedback Mode ( CFB)
CFB Encryption
▪ Input to E is b-bit shift register, initially IV
▪ From the output of E, select most significant s bits: Ss[E]
▪ XOR with P1 to produce C1
▪ C1 is also placed in least significant s bits of shift register
(left shift)
▪ Repeat the process until all units encrypted
CFB Decryption
▪ Initially IV as input
▪ From output of E, select most significant s bits
▪ XOR with C1 produces P1
▪ C1 is also placed in least significant s bits of shift register
C1 = P1 ⊕ Ss[E(K, IV)] P1 = C1 ⊕ Ss[E(K, IV)]
Output Feedback Mode
▪ Similar to CFB with one difference
▪ Output of E instead of Ci is placed in shift Register
▪ Advantage : bit errors in transmission don’t propagate
Output Feedback Mode
Output Feedback Mode
OFB Encryption
▪ Input to E is b-bit shift register, initially IV
▪ From the output of E, select most significant s bits: Ss[E]
▪ XOR with P1 to produce C1
▪ Output of E is also placed in least significant s bits of shift
register (left shift)
▪ Repeat the process until all units encrypted
OFB Decryption
▪ Initially IV as input
▪ From output of E, select most significant s bits
▪ XOR with C1 produces P1
▪ Output of E is also placed in least significant s bits of shift
register
C1 = P1 ⊕ Ss[E(K, IV)] P1 = C1 ⊕ Ss[E(K, IV)]
Counter Mode