Professional Documents
Culture Documents
key Encryption
Cipher text
2
Block ciphers: getting the concept
key 000 001 010 011 100 101 110 111
0 001 111 110 000 100 010 101 011
1 001 110 111 100 011 010 000 101
2 001 000 100 101 110 111 010 011
3 100 101 110 111 000 001 010 011
4 101 110 100 010 011 001 011 111
3
General condition in creating secure block
ciphers
n The block size has to be large enough to prevent
against statistical analysis
q However, larger block size means slower processing
n The key space (then key length) must be large
enough to prevent against exhaustive key search
q However, key length shouldn’t be too big that makes key
distribution and management more difficult
4
General principles in designing secure
block ciphers
n Confusion: As a function, the dependence of the
ciphertext on the plaintext should be complex enough
so that enemy can’t find the rules
q The function should be non-linear.
n Diffusion: The goal is to spread the information from
the plaintext over the entire ciphertext so that
changes in plaintext affect many parts in ciphertext
q This makes it difficult for an enemy to break the cipher by
using statistical analysis
n Confusion is made by usings substitutions while
diffusion by transpositions and/or permutations.
5
General principles in designing
secure block ciphers
n Confusion T =tt
' ' '
1 2
q Plaintext : T = t1t 2
M ' = m1' m2'
q Cipher text : M = m m
1 2
6
General principles in designing secure
block ciphers
n Confusion
q Solution: complex substitution
7
General principles in designing secure
block ciphers
n Diffusion
q Permutation + operation
c o m p u
t e r s e
c u r i t
uetpsimrroeuctcy
y computersecurity
xtgfncrjkthpucwx
8
Block cipher: main idea
9
Substitution and Permutation network
(SPN)
n Key schedule algorithm
q Input: main key 𝐾
q Output: 𝑁! sub keys: {𝐾" , 𝐾 # , … , 𝐾$! }
n Round function 𝑤! ← 𝑥
q 𝑔(𝑤 !%" , 𝐾 ! ) 𝑤"← 𝑔 𝑤 !, 𝐾"
𝑤 #← 𝑔 𝑤", 𝐾 #
…..
10
Substitution and Permutation network
(SPN)
n Block length: 𝑙×𝑚
n Round function
q Substitution: 𝜋&
n S-box: replacing 𝑙 bits with different set of other 𝑙 bits
q Permutation: 𝜋'
n P-box: permuting 𝑙𝑚 bits
𝑢! ← 𝑤 !"#⨁ 𝐾 !
𝑣 ! ← 𝜋$ (𝑢! ) An example of round 𝑟
𝑤 ! ← 𝜋% (𝑣 ! )
11
Substitution and Permutation network
(SPN)
n An example: 𝑆𝑃𝑁(𝑥, 𝜋! , 𝜋" , (𝐾 # , … , 𝐾$( %# ))
𝑤! ← 𝑥
For 𝑟 ← 1 to 𝑁% − 1
𝑢% ← 𝑤 %&" ⨁𝐾 %
For 𝑖 ← 1 to 𝑚 // divide into 𝑚 blocks, each of length 𝑙
𝑣'% ← 𝜋( (𝑣'% ) // substitution
end
𝑤 % ← 𝜋) 𝑣 % // permutation
End
For 𝑖 ← 1 to 𝑚
$ $
𝑣' ! ← 𝜋( (𝑣' ! )
$
𝑦 ← 𝑣' ! ⨁𝐾$! *"
12
Substitution and Permutation network
(SPN)
n Exercise: 𝑙 = 𝑚 = 𝑁# = 4
z 0 1 2 3 4 5 6 7 8 9 A B C D E F
𝜋! (z) E 4 D 1 2 F B 8 3 A 6 C 5 9 0 7
z 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
𝜋" (z) 1 5 9 13 2 6 10 14 3 7 11 15 4 8 12 16
𝑤! ← 𝑥
For 𝑟 ← 1 to 𝑁" − 1
𝐾%= 0011 1010 1001 0100 𝑢" ← 𝑤 "#$ ⨁𝐾 "
For 𝑖 ← 1 to 𝑚
𝐾 &= 1010 1001 0100 1101 {𝑢$" , … , 𝑢%
" } ← 𝑢 " // divide into 𝑚 blocks, each of length 𝑙
𝐾 '= 1001 0100 1101 0110 𝑣& ← 𝜋' (𝑢&" ) // substitution
"
14
Feistel structure
Plaintext
round 1 K1
L0 R0
Å f
L1 R1
…
round i Ki
𝐿0 = 𝑅0"# Å f
𝑅0 = 𝐿0"#⨁𝑓(𝑅0"#, 𝐾0 )
Li Ri
…
round n Kn
Å f
Ln Rn
Ln +1 Rn +1
Cipher text 15
Block Ciphers Features
16
History of Data Encryption Standard
(DES)
n 1967: Feistel at IBM
q Lucifer: block size 128; key size 128 bit
n 1972: NBS asks for an encryption standard
n 1975: IBM developed DES (modification of Lucifer
q block size 64 bits; key size 56 bits
n 1975: NSA suggests modification
n 1977: NBS adopts DES as encryption standard in
(FIPS 46-1, 46-2).
n 2001: NIST adopts Rijndael as replacement to DES
17
DES Features
18
DES Rounds
19
DES encryption: A closer look
INPUT
64 Bits
IP
L0 32 Bits 32 Bits R0
K1
f
R1 = L0 Å f ( R0 , K 1 )
Decryption uses the same
L1 = R0 32 Bits 32 Bits
K2
algorithm as encryption,
f
except that the subkeys
L2 = R1
32 Bits 32 Bits
R2 = L1 Å f ( R1 , K 2 ) 𝐾1, 𝐾2, … 𝐾16 are applied in
f Ki reversed order
IP-1
64 Bits
OUTPUT
20
DES: 𝑓 function
21
DES: S-boxes
n Input: 𝐵 = 𝑏1𝑏2𝑏3𝑏4𝑏5𝑏6
n Output: 𝐶 = 𝑐#𝑐1𝑐2𝑐3𝑐4𝑐5
n Two bits 𝑏1𝑏6 determine the binary representation of a
row 𝑟 of 𝑆𝑗
n the four bits 𝑏2𝑏3𝑏4𝑏5 determine the binary
representation of a column 𝑐 of 𝑆𝑗
22
Modes of Operation (Encryption modes)
(optional)
n Mode of operation (or encryption mode):
q A block cipher algorithm takes on a fixed-length input, i.e. a block,
and produce an output, usually a block of the same fixed-length.
q In practice, we want to encrypt files of various length è need to
divide a file into block of that given fixed length è then call the
encryption algorithms several times
q Operation mode: the manner and structure in which we feed the
encryption algorithm (several times) with blocks of the plaintext
file and concatenate the resulted blocks to produce the ciphertext
file.
n The popular modes:
q ECB, CBC, OFB, CFB
23
Electronic Code Book (ECB)
n Each block is independently encoded
n Problem:
q Identical Inputè Identical Output
n Deterministic: the same data block gets encrypted the same way,
reveals patterns of data when a data block repeats.
24
ECB critics
25
Cipher Block Chaining (CBC)
26
CBC (cont.)
27
CBC critics
n Good
q Randomized encryption: repeated text gets mapped to
different encrypted data.
n Can be proven to be “secure” assuming that the block cipher
has desirable properties and that random IV’s are used
q A ciphertext block depends on all preceding plaintext
blocks
n reorder affects decryption
n Bad
q Errors in one block propagate to two blocks
n one bit error in Cj affects all bits in Mj and one bit in Mj+1
q Sequential encryption, cannot use parallel hardware
q Observation: if Ci=Cj then Ek (MiÅCi-1) = Ek (MjÅCj-1); thus
MiÅCi-1 = MjÅCj-1; thus MiÅ Mj = Ci-1 ÅCj-1
28
Cipher Feedback (CFB)
29
CFB critics
n Good
q Randomized encryption
q A ciphertext block depends on all preceding plaintext
blocks; reorder affects decryption
n Bad
q Errors propagate for several blocks after the error, but the
mode is self-synchronizing (like CBC).
q Sequential encryption
30
Output Feedback (OFB)
31
OFB critics
n Randomized encryption
n Sequential encryption, but preprocessing
possible
n Error propagation limited
32