Professional Documents
Culture Documents
Computers and
Information Security
Fall 2023/2024
Lecture # 3
Outputs
5.4
Components of a Modern Block Cipher cont.
S-Box
An S-box is an m × n substitution unit, where m and n are not
necessarily the same.
Example
The figure below shows an example of an invertible S-box. For example, if the input
to the left box is 001, the output is 101. The input 101 in the right table creates the
output 001, which shows that the two tables are inverses of each other.
5.5
Two Classes of Product Ciphers
Modern block ciphers are all product ciphers, but they are divided into two classes.
1. Feistel ciphers
2. Non-Feistel ciphers
Feistel Ciphers
Feistel designed a very intelligent and interesting cipher that has been used for decades. A
Feistel cipher can have three types of components:
self-invertible, invertible, and noninvertible.
• Self-invertible means that the function is its own inverse: if you apply it twice, you get back your original
input.
• A function f is said to be invertible when it has an inverse. It is represented by f−1
Non-Feistel Ciphers
A non-Feistel cipher uses only invertible components. A component in the encryption cipher
has the corresponding component in the decryption cipher.
5.6
Feistel Cipher Structure
❑A practical implementation of
Shanon’s S-P Networks
❑Partitions input block in 2 halves
➢Perform a substitution on right data
half based on a function of right half
& subkey (Round Function or
Mangler function)
➢Then permutation by swapping halves
➢Repeat this “round” of S-P many
times
❑Invertible
Feistel Cipher Design Elements
Most modern block ciphers are a variation of Feistel Cipher
with different:
1. Block size
2. Key size
3. Number of rounds
4. Subkey generation algorithm
5. Round function
6. Fast software en/decryption
7. Ease of analysis
Data Encryption Standard (DES)
The initial and final permutations are straight P-boxes that are
inverses of each other.
6.11
DES Function
The heart of DES is the DES function. The DES function applies a
48-bit key to the rightmost 32 bits to produce a 32-bit output.
Whitener (XOR)
After the expansion
permutation, DES uses
DES function the XOR operation on the
expanded right section
and the round key. Note
that both the right section
and the key are 48-bits in
length. Also note that the
round key is used only in
this operation.
6.12
DES Round in Full
Right Half i-1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1
Round Key i
+
O 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
input symbol input symbol input symbol input symbol input symbol input symbol input symbol input symbol
control
control
control
control
control
control
control
control
S1 S2 S3 S4 S5 S6 S7 S8
output symbol output symbol output symbol output symbol output symbol output symbol output symbol output symbol
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25
+
O 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Right Half i
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
DES Sub-Key Generation
The round-key generator creates sixteen 48-bit keys out of a 56-
bit cipher key.
6.14
Avalanche Effect
Diffusion
The idea of diffusion is to hide the relationship between the
ciphertext and the plaintext.
Confusion
The idea of confusion is to hide the relationship between the
ciphertext and the key.
Avalanche Effect
❑Key desirable property of encryption algorithm
❑A change of one input or key bit results in changing approx half output
bits = Diffusion
❑Making attempts to “home-in” by guessing keys impossible
❑DES exhibits strong avalanche
Strength of DES
❑Bit-wise complement of plaintext with complement of key results in
complement of ciphertext
❑Brute force search requires 255 keys
❑Recent advances have shown, it is possible
➢in 1997 on Internet in a few months
➢in 1998 on dedicated h/w in a few days
➢in 1999 above combined in 22hrs!
❑Statistical Attacks:
➢Timing attacks: calculation time depends upon the key.
Particularly problematic on smartcards
➢Differential cryptanalysis
➢Linear cryptanalysis
Advanced Encryption Standard
(AES)
Advanced Encryption Standard (AES)
❑ AES-128: 10
❑ AES-192: 12
❑ AES-256: 14
1. Substitute Bytes
Each byte is replaced by byte indexed by row (left 4-bits) &
column (right 4-bits) of a 16x16 table
2. Shift Rows
❑1st row is unchanged
❑2nd row does 1 byte circular shift to left
❑3rd row does 2 byte circular shift to left
❑4th row does 3 byte circular shift to left
3. Mix Columns
❑Effectively a matrix multiplication in GF(28) using prime
polynomial m(x) = x8+x4+x3+x+1
4. Add Round Key
❑XOR state with 128-bits of the round key
Key=0f1571c947d9e8590cb7add6af7f6798
Text=0123456789abcdeffedcba9876543210
Key expansion in AES
7.25
Key Expansion in AES-128
AES Decryption