Professional Documents
Culture Documents
6: Contemporary
Symmetric Ciphers
Jen-Chang Liu, 2004
Adapted from
Lecture slides by Lawrie Brown
Outline
Feistel cipher
+
Key
Key length
subkey generation
block
block length
two halves of block
no. of round
encryption algorithm
S-box
XOR
Key
Complex subkey generation proces
Key length
subkey generation Blowfish
block
Variable plain/ciphertext block leng
block length
RC5
two halves of block Operate on both halves each round
no. of round
Blowfish, RC5
encryption algorithm Variable no. of round: RC5
S-box
Key-dependent S-box: Blowfish
XOR
Data/key-dependent rotation: RC5
Mixed operation: more than one
arithmetic and Boolean operations
Outline
Triple DES
Double-DES ?
E K 2 [ E K1 [ P]] EK 3 [ P ]
Q1: Is that possible
for some K3 ?
Space of mapping
1. The whole space of mapping
64-bit plaintext
mapping
64-bit ciphertext
264!
256
Q2: meet-in-the-middle
attack
00000000 01010101
00000001 11010111
00000010
00000011
00010110
11111111
K2
00000000
00000001
00010110 00000010
00000011
Match!
11111111
Triple-DES
Standardized 3DES
2 56-bit keys
Attack on 3DES
0100
K1,1
101
a
K2
1001
K1,2
011
0110
100
1001
1.
Given n known (P,C) pairs
001
2.
Select an arbitrary a for A
0110000
1110011
K1,1
K1,2
1100111
1011001
0100101
1101010
Complexity of attack on
3DES
Outline
Blowfish
Blowfish
+
+
18 subkeys Pi
1<= j <= 14
to generate
S
S4,255 = 3AC372E6
P
1 = 243F6A88P2 = 85A308D3
2. XOR
P-array
with
K-array
(reuse
as
P1, P2, P3, P4, P14, P15, P16, P17, P18
needed)
+
+
+
+
+
+
+
+ +
K1, K2, K3, K4, , K14,K1, K2, K3, K4
P,S Blowfish,
P1, P2
Blowfish Encryption
+
+
Discussion
Discussion (cont.)
fast
Outline
RC5
RC5 Ciphers
subkey
Simple operations:
1. Addition: modulo 2w
2. Bitwise XOR
3. Circular shift (rotation):
x <<< y, x is left rotate y b
(nonlinear and data dependent !!!)
A Substitution-permutation rou
+
1. Substitution depends on bo
words
2. Permutation depends on bo
words
3. Substitution depends on ke
RC5
Decryption
+
RC5 Modes
Not transmitted
Outline
Advantage of stream
cipher
Disadvantage of stream
cipher
Ciphertext 1 Ciphertext 2
= (plaintext 1 keystream) (plaintext 2 keystre
= plaintext 1 plaintext 2
If plaintexts are text string, credit card no., or other
streams with known properties, then cryptanalysis
may be successful
RC4
Main steps:
i=0, j=0
Plaintext k = ciphertext
RC4 Encryption
RC4 Security