Cryptography Block Ciphers and Feistel Functions.

Slides:



Advertisements
Similar presentations
“Advanced Encryption Standard” & “Modes of Operation”
Advertisements

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Data Encryption Standard (DES)
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
Chapter 5 Cryptography Protecting principals communication in systems.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Lecture 23 Symmetric Encryption
Symmetric Cryptography
Encryption Schemes Second Pass Brice Toth 21 November 2001.
Chapter 3 – Block Ciphers and the Data Encryption Standard
CSE 651: Introduction to Network Security
Data Encryption Standard (DES). Symmetric Cryptography  C = E(P,K)  P = D(C,K)  Requirements  Given C, the only way to obtain P should be with  the.
The Digital Encryption Standard CSCI 5857: Encoding and Encryption.
IT 221: Classical and Modern Encryption Techniques Lecture 2: Classical and Modern Encryption Techniques For Educational Purposes Only Revised: September.
The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.
Cryptography and Network Security Chapter 3. Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types of cryptographic.
1 Chapter 3 Ciphers Mechanism that decides the process of encryption/decryption Stream Cipher: Bit-by-bit encryption / decryption Block Cipher: Block-by-block.
Network Security Lecture 14 Presented by: Dr. Munam Ali Shah.
Chapter 20 Symmetric Encryption and Message Confidentiality.
TE/CS 536 Network Security Spring 2006 – Lectures 6&7 Secret Key Cryptography.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Block ciphers Structure of a multiround block cipher
Feistel Cipher Structure
Data Security and Encryption (CSE348) 1. Lecture # 6 2.
Lecture 3 Page 1 Advanced Network Security Review of Cryptography Advanced Network Security Peter Reiher August, 2014.
Data Encryption Standard (DES) © 2000 Gregory Kesden.
Chapter 2 (B) – Block Ciphers and Data Encryption Standard.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Security.
Classical &ontemporyryptology 1 Block Cipher Today’s most widely used ciphers are in the class of Block Ciphers Today’s most widely used ciphers are in.
DES Algorithm Data Encryption Standard. DES Features Block cipher, 64 bits per block 64-bit key, with only 56 bits effective ECB mode and CBC mode.
Modes of Usage Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Modes of.
Stream Ciphers and Block Ciphers A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. Examples of classical stream.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Introduction to Modern Symmetric-key Ciphers
Le Trong Ngoc Security Fundamentals (2) Encryption mechanisms 4/2011.
Lecture 23 Symmetric Encryption
Exam 1 Review CS461/ECE422 Fall Exam guidelines A single page of supplementary notes is allowed  8.5x11. Both sides. Write as small as you like.
Computer and Network Security Rabie A. Ramadan Lecture 3.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
Lecture 3 Overview. Ciphers The intent of cryptography is to provide secrecy to messages and data Substitutions – ‘hide’ letters of plaintext Transposition.
Module :MA3036NI Symmetric Encryption -3 Lecture Week 4.
Block Ciphers and the Data Encryption Standard. Modern Block Ciphers  One of the most widely used types of cryptographic algorithms  Used in symmetric.
CPIT 425 Chapter Three: Symmetric Key Cryptography.
Information and Network Security Lecture 2 Dr. Hadi AL Saadi.
1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography.
Lecture 4 Data Encryption Standard (DES) Dr. Nermin Hamza
6b. Practical Constructions of Symmetric-Key Primitives.
Symmetric Algorithm of Cryptography
Outline Desirable characteristics of ciphers Stream and block ciphers
Symmetric Key Block Ciphers
Cryptography and Network Security Chapter 3
PART VII Security.
Block Ciphers and the Data Encryption Standard (DES)
Algorithm Types & Algorithm Modes
ADVANCED ENCRYPTION STANDARDADVANCED ENCRYPTION STANDARD
Chapter -2 Block Ciphers and the Data Encryption Standard
Elect. Codebook, Cipher Block Chaining
Presentation transcript:

Cryptography Block Ciphers and Feistel Functions

What Cryptography is about  Don’t Panic…it is not as hard as you think, so why do you think its hard?  Some Basics:  Kerkchoff’s principle  Symmetric v Asymmetric  Asymmetric: relationships in number theory  Symmetric: Transposition and Substitution  Block v Stream Cipher

Symmetric ciphers Block ciphers – Substitution and Transposition Historical ciphers (all substitution): – ATBASH – Playfair – Caesar – Vigenere

Information Theory Cryptography Concepts Diffusion: Diffusion literally means having changes to one character in the plain text, affect multiple characters in the cipher text. Unlike historical algorithms (Caesar Cipher, Atbash, Vigenere) where each plain text character only affected one cipher text character. Confusion: attempts to make the relationship between the statistical frequencies of the cipher text and the actual key as complex as possible. This occurs by using a complex substitution algorithm.

Information Theory Cryptography concepts Avalanche: This term means that a small change yields large effects in the output, like an avalanche. This is Fiestel’s variation on Claude Shannon’s concept of diffusion. Obviously a high avalanche impact is desirable in any cryptographic algorithm. Ideally a change in one bit in the plain text would affect all the bits of the cipher text. This would be complete avalanche.

The Feistel Function This function is named after its inventor, the German-born physicist and cryptographer Horst Feistel. At the heart of most block ciphers is a Feistel function. This function forms the basis for most block ciphers. This makes it one of the most influential developments in symmetric block ciphers. It is also known as a Feistel Network or a Feistel cipher.

Feistel History  Used in DES, CAST-128, BlowFish, TwoFish, RC5, and others.  First seen in IBM’s Lucifer algorithm (the precursor to DES).  Michael Luby and Charles Rackoff analyzed the Feistel cipher construction and proved that if the round function is a cryptographically secure pseudorandom function, then 3 rounds is sufficient to make the block cipher a pseudorandom permutation, while 4 rounds is sufficient to make it a "strong" pseudorandom permutation

The Feistel Function-Continued This function starts by splitting the bock of plain text data (often 64 bits) into two parts (traditionally termed L 0 and R 0 ) The round function F is applied to 1 of the halves. The term ‘round function’ simply means a function performed with each iteration, or round, of the Feistel cipher. The details of the round function F can vary with different implementations. Usually these are relatively simple functions, to allow for increased speed of the algorithm. The output of each round function F is then xor’d with the other half. What this means is that, for example, you take L 0, pass it through the round function F, then take the result and xor it with R 0. Then the halves are transposed. So L 0 gets moved to the right and R 0 gets moved to the left. This process is repeated a given number of times. The main difference between Feistel based cryptography algorithms is the exact nature of the round function F, and the number of iterations.

A simple view of a single Round

The Feistel Function Here is a general overview of a basic round of a Feistel cipher. Block from the Plain Text ½ of block L 0 ½ of block R o Round Function F Output of F Output of XOR of Output of F And R o XOR Then swap L 0 and R o

Feistel Encryption and Decryption 11

Basic Facts Larger Block sizes increase security. Larger Key sizes increase security. If the round function is secure, then more rounds increase security.

P-Boxes and S-Boxes An s-box is just a substitution box. It defines that each of the input bits are substituted with a new bit. A p-box, or permutation box is a variation on the s-box. Instead of each input bit being mapped to a bit in found in a lookup table, the bits that are input are transposed or permuted. Some may be transposed, and others left in place. For example a 6 bit p-box may swap the 1 st and 4 th bits, swap the 2 nd and 3 rd bit, but leave the 5 th bit in place.

Using the Feistel FUNCTION The classic example is DES, The Data Encryption Standard is a classic in that annals of cryptography. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in While it is now considered outdated and is not recommended for use, it was the premier block cipher for many years and bears study. Many cryptography textbooks and university courses use this as the primary example of block ciphers. DES uses a 56-bit key applied to a 64 bit block. (note there is actually a 64 bit key generated but 8 bits are just for error correction.) DES is a Feistel cipher with 16 rounds and a 48-bit round key for each round. So its general functionality follows the Feistel method of dividing the 64 bit block into two halves (32 bits each), applying the round function to one half, then xor’ing that output with the other half, and finally swapping the halves. DES REALLY HAS ONLY 4 STEPS

DES The actual algorithm: Generating the round key Step 1: To generate the round keys, the 56-bit key is split into two 28-bit halves and those halves are circularly shifted after each round by one or two bits. In other words the halves are first subjected to a round function, then the keys are shifted by 1 to 2 bits. 48 bits are selected from this process each round to create the round key. So each round has a slightly different key. Step 2: Then the 32 bit halves are expanded to 48 bits (8 6 bit blocks), this is permutation. The 48 bit halves are xord with the round key. Then the round function (next slide) is applied.

DES- Continued Step 3: The DES round function uses eight S-boxes. The term s-box just means substitution boxes and they are look-up tables. Each item passed into the box, is substituted with the item that matches it in the lookup table. This is a very common tactic in symmetric key algorithms. Each one of the DES s-boxes takes in 6 bits and produces 4 bits. The middle 4 bits of the 6 bit input are used to lookup the 4 bit replacement. This produces 8 – 4 bit blocks, that are concatenated into one 32 bit block. Step 4: The 32 bit block is put through a P-box This is done each round of DES, and remember that DES has 16 rounds. So this is an effective way to scramble the plain text. We get high diffusion and confusion.

Unbalanced Feistel Cipher There is a variation of the Feistel network called an Unbalanced Feistel cipher. Unbalanced Feistel ciphers use a modified structure where L 0 and R 0 are not of equal lengths. This means that L 0 might be 32 bits and R 0 could be 64 bits (making a 96 bit block of text). This variation is actually used in the Skipjack algorithm. Note: one can also have an expanding or contracting unbalanced cipher.

KFC (Krazy Feistel Cipher) Developed by Thomas Baignères and Matthieu Finiasz, presented at AsiaCrypt 2006 Instead of computing the advantage of the best d-limited adversary, KFC will bound it by a function of the advantage of the best (d − 1)-limited adversary.

KFC Continued Note this image comes from Baigneres and Finiasz paper

KFC - Continued  Idea: Replace the layers of random permutations with layers of random functions  The following image is also from their paper/presentation

Dual Feistel This is my own variation. It involves two round functions, one being applied to each half. Block from the Plain Text ½ of block L 0 ½ of block R o Round Function F Output of F XOR Round Function F 2 Output of F 2

Simple ways to improve block ciphers Without any math at all you can improve any block cipher with some simple techniques: – Whitening – Cipher block chaining mode – Cipher feedback mode – Initialization Vector

Whitening Just xor a key with the text either before the round function, after the round function, or both

Whitening plain text block for round Random key same size as block pseudo plain text round function XOR plain text block for round pseudo plain text round function XOR plain text block for round Random key same size as block pseudo plain text XOR Random key same size as block XOR round function

Electronic codebook (ECB) The most basic encryption mode is the electronic codebook (ECB) mode. The message is divided into blocks and each block is encrypted separately. The problem is that if you submit the same plain text more than once, you always get the same cipher text. This gives attackers a place to begin analyzing the cipher to attempt to derive the key.

Cipher-block chaining (CBC) When using cipher-block chaining (CBC) mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This means there is significantly more randomness in the final ciphertext. This is much more secure than electronic codebook mode and is the most common mode.

CBC plain text block for round i cipher text produced in round i-1 pseudo plain text round function XOR

Cipher feedback (CFB) In CFB mode the previous ciphertext block is encrypted then the ciphertext produced is XOR’d back with the plaintext to produce the current ciphertext block. Essentially it loops back on itself, increasing the randomness of the resultant ciphertext.

CBC plain text block for round i cipher text produced in round i-1 cipher text for round i round function XOR

Initialization vector (IV) An IV is a fixed-size input to a cryptographic primitive that is random or pseudorandom. Some cryptographic methods require the IV only to be non-repeating, not truly random. In this case, the IV is commonly called a nonce (number used once), and the methods are described as stateful as opposed to randomized. In a block ciphers using Electronic Code Book (ECB) mode, encryption of the same plain text with the same key results in the same ciphertext. Use of an initialization vector that is xor’d with the first block of plaintext or included in front of the plaintext prior to encryption solves this problem.

Additional Resources  The original article describing Feistel ciphers H. Feistel, "Cryptography and Computer Privacy," Scientific American, v. 228, n. 5, May 73, pp  Bruce Schneier on unbalanced Feistel ciphers  Elastic Block Ciphers 04.pdf 04.pdf  KFC  KFC pdf pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.