Professional Documents
Culture Documents
Block Cioher
Block Cioher
1
Modern Block Ciphers
• One of the most widely used types of
cryptography algorithms
• It provide strong secrecy and/or
authentication services
• In particular, we will introduce DES (Data
Encryption Standard)
2
Block vs Stream Ciphers
• Block ciphers process messages into blocks,
each of which is then en/decrypted
• Like a substitution on very big characters
– 64-bits or more
• Stream ciphers process messages a bit or byte
at a time when en/decrypting
• Many current ciphers are block ciphers
3
4
5
Block Cipher Principles
• Block ciphers look like an extremely large
substitution
• We would need table of 264 entries for a 64-bit block
• Arbitrary reversible substitution cipher for a large
block size is not practical
– 64-bit general substitution block cipher, key size 264!
• Most symmetric block ciphers are based on a Feistel
Cipher Structure
• Needed since must be able to decrypt ciphertext to
recover messages efficiently
6
Shannon Substitution-Permutation Ciphers
7
Diffusion and Confusion
• Introduced by Claude Shannon to thwart
cryptanalysis based on statistical analysis
– Assume the attacker has some knowledge of the
statistical characteristics of the plaintext
• Cipher needs to completely obscure statistical
properties of original message
8
Diffusion and Confusion
9
Feistel Cipher Structure
• Horst Feistel devised the feistel cipher
– implements Shannon’s substitution-permutation
network concept
• Partitions input block into two halves
– process through multiple rounds which
– perform a substitution on left data half
– based on round function of right half & subkey
– then have permutation swapping halves
10
Feistel Cipher Structure
11
Feistel Cipher
• n sequential rounds
• A substitution on the left half Li
– 1. Apply a round function F to the right half Ri and
– 2. Take XOR of the output of (1) and Li
• The round function is parameterized by the
subkey Ki
– Ki are derived from the overall key K
12
Feistel Cipher Design Principles
• block size
– increasing size improves security, but slows cipher
• key size
– increasing size improves security, makes exhaustive key searching
harder, but may slow cipher
• number of rounds
– increasing number improves security, but slows cipher
• subkey generation
– greater complexity can make analysis harder, but slows cipher
• round function
– greater complexity can make analysis harder, but slows cipher
• fast software en/decryption & ease of analysis
– are more recent concerns for practical use and testing
13
Feistel Cipher Decryption
• The rule is as follows: Use the ciphertext as
input to the algorithm, but use the subkeys Ki
in reverse order.
• That is, use Kn in the first round, Kn–1 in the
second round, and so on until K1 is used in the
last round.
• We need not implement two different
algorithms, one for encryption and one for
decryption.
14
Feistel Cipher Decryption
15
Data Encryption Standard (DES)
• most widely used block cipher in world
• adopted in 1977 by NBS (now NIST)
– as FIPS PUB 46
• encrypts 64-bit data using 56-bit key
• has widespread use
16
DES History
• IBM developed Lucifer cipher
– by team led by Feistel
– used 64-bit data blocks with 128-bit key
• then redeveloped as a commercial cipher with
input from NSA and others
• in 1973 NBS issued request for proposals for a
national cipher standard
• IBM submitted their revised Lucifer which was
eventually accepted as the DES
17
DES Design Controversy
• although DES standard is public
• was considerable controversy over design
– in choice of 56-bit key (vs Lucifer 128-bit)
• subsequent events and public analysis
show in fact design was appropriate
• DES has become widely used, especially
in financial applications
18
DES - Popular Example of Symmetric Cryptosystem
In 1973, the NBS (National Bureau of Standards, now called NIST -
National Institute of Standards and Technology) published a request for
an encryption algorithm that would meet the following criteria:
have a high security level
be easily understood
not depend on the algorithm's confidentiality
be adaptable and economical
be efficient and exportable
To generate the subkeys, start with the 56-bit key (64 bits if
you include the parity bits). These are permuted and
divided into two halves called C and D.
For each round, C and D are each shifted left circularly one
or two bits (the number of bits depending on the round).
The 48-bit subkey is then selected from the current C and
D bits.
DES- Algorithm - Key Schedule and Subkey Generation
DES- Algorithm – One Round of DES
DES- Permutation principles
IP-1
IP
40 8 48 16 56 24 64 32
58 50 42 34 26 18 10 2
39 7 47 15 55 23 63 31
60 52 44 36 28 20 12 4
38 6 46 14 54 22 62 30
62 54 46 38 30 22 14 6
37 5 45 13 53 21 61 29
64 56 48 40 32 24 16 8
36 4 44 12 52 20 60 28
57 49 41 33 25 17 9 1
35 3 43 11 51 19 59 27
59 51 43 35 27 19 11 3
34 2 42 10 50 18 58 26
61 53 45 37 29 21 13 5
33 1 41 9 49 17 57 25
63 55 47 39 31 23 15 7
“First Bit of the output is taken from the 58 th bit of the input, etc...”
DES- Permutation principles
Expansion/Permutation Contraction/Permuted Choice (PC-2)
The 32-bit half-block of data is expanded Selects/Extracts the 48-bit subkey for each
to 48 bits. round from the 56-bit key-schedule state.
E PC-2
32 1 2 3 4 5 14 17 11 24 1 5
4 5 6 7 8 9 3 28 15 6 21 10
8 9 10 11 12 13 23 19 12 4 26 8
12 13 14 15 16 17 16 7 27 20 13 2
16 17 18 19 20 21 41 52 31 37 47 55
20 21 22 23 24 25 30 40 51 45 33 48
24 25 26 27 28 29 44 49 39 56 34 53
28 29 30 31 32 1 46 42 50 36 29 32
DES- Algorithm, General depiction (W. Stallings)
DES- Single round of DES Algorithm (W. Stallings)
DES- Example of Symmetric Cryptosystem …
The vulnerability
of DES was practically demonstrated in 1997, where RSA Se
curity
sponsored a series of contests, offering a $10,000 prize to
the first team that broke a message encrypted with DES for
the contest. That contest was won by the
DESCHALL Project, led by Rocke Verser, Matt Curtin, and
Justin Dolske, using idle cycles of thousands of computers
across the Internet.
The feasibility of cracking DES quickly was demonstrated
in 1998 when a custom DES-cracker was built by the
Electronic Frontier Foundation (EFF), a cyberspace civil
rights group, at the cost of approximately US$250,000.
Their motivation was to show that DES was breakable in
practice as well as in theory.
DES- Example of Symmetric Cryptosystem …
Setting K3 equal to K1 in these processes gives us a double length key K1, K2.
Setting K1, K2 and K3 all equal to K has the same effect as using a single-length
(56-bit key).
Thus it is possible for a system using triple-DES to be compatible with a system
using single-DES.
Avalanche Effect
• Key desirable property of encryption
algorithm
• DES exhibits strong avalanche, where a change
of one input or key bit results in changing
approx. half output bits
38