@Yuan Xue Announcement Project Release Team forming Homework 1 will be released next Tuesday
@Yuan Xue Data Encryption Standard (DES)
@Yuan Xue DES Overview Data Encryption Standard (DES) Most widely used encryption scheme Adopted as Federal Information Processing Standard (FIPS) for the United States in 1976Federal Information Processing StandardUnited States 64-bit data block 56-bit key Based on Feistel Network The decryption follows the same process as the encryption. Now considered insecure for many applications Replaced by AES
@Yuan Xue DES Structure
@Yuan Xue Initial Permutation and Inverse Initial Permutation IP and FP have almost no cryptographic significance, included in order to facilitate loading blocks in and out of mid-1970s hardware, as well as to make DES run slower in software.
@Yuan Xue IP
@Yuan Xue Single Round
@Yuan Xue
Expansion (E) and Permutation (P)
@Yuan Xue S-Box
@Yuan Xue S-box definition
@Yuan Xue The S-boxes S i : {0,1} 6 {0,1} 4 Credit: Dan Boneh, “Introduction to Cryptography”
@Yuan Xue Example: a bad S-box choice Suppose: S i (x 1, x 2, …, x 6 ) = ( x 2 x 3, x 1 x 4 x 5, x 1 x 6, x 2 x 3 x 6 ) or written equivalently: S i (x) = A i ⋅ x (mod 2) We say that S i is a linear function x1x2x3x4x5x6x1x2x3x4x5x6 x1x2x3x4x5x6x1x2x3x4x5x6. = x2x3x1x4x5x1x6x2x3x6x2x3x1x4x5x1x6x2x3x6 x2x3x1x4x5x1x6x2x3x6x2x3x1x4x5x1x6x2x3x6 Credit: Dan Boneh, “Introduction to Cryptography”
@Yuan Xue Example: a bad S-box choice Then entire DES cipher would be linear: ∃ fixed binary matrix B s.t. But then: DES(k,m 1 ) DES(k,m 2 ) DES(k,m 3 ) B B m k 1 k 2 k 16 m k 1 k 2 k 16. = c c ⋮ DES(k,m) = = DES(k, m 1 m 2 m 3 ) B B B = B m1km1k m1km1k m2km2k m2km2k m3km3k m3km3k m1m2m3kkkm1m2m3kkk m1m2m3kkkm1m2m3kkk (mod 2) Credit: Dan Boneh, “Introduction to Cryptography”
@Yuan Xue Choosing the S-boxes and P-box Choosing the S-boxes and P-box at random would result in an insecure block cipher (key recovery after ≈2 24 outputs) [BS’89] Several rules used in choice of S and P boxes: No output bit should be close to a linear func. of the input bits S-boxes are 4-to-1 maps ⋮ Credit: Dan Boneh, “Introduction to Cryptography”
@Yuan Xue Sub-key Generation
@Yuan Xue Permutation Choice Note: Only 56 bits Are used
@Yuan Xue DES Security DES is replaced by AES Concerns Key size Nature of the algorithm Attacks Brute-force attack Linear cryptanalysis Differential cryptanalysis Side channel attacks Timing attack Energy analysis
@Yuan Xue Other Symmetric Ciphers Block Ciphers 3DES AES: Key sizes: 128, 192, 256 bits Block size: 128 bits Blowfish IDEA Stream Ciphers RC4