Presentation is loading. Please wait.

Presentation is loading. Please wait.

6b. Practical Constructions of Symmetric-Key Primitives.

Published byIrma Day Modified over 6 years ago

Similar presentations

Presentation on theme: "6b. Practical Constructions of Symmetric-Key Primitives."— Presentation transcript:

1 6b. Practical Constructions of Symmetric-Key Primitives.
CIS Cryptography 6b. Practical Constructions of Symmetric-Key Primitives.

2 DES DES is a special type of iterated cipher based on the Feistel network. Block length 64 bits Key length 56 bits Ciphertext length 64 bits

3 DES The round function is: where g ([Li-1,Ri-1 ]), Ki ) = (Li , Ri),
Li = Ri-1 and Ri = Li-1 XOR f (Ri-1, Ki).

4 DES round encryption

5 DES mangler function (inner or round function)

6 DES computation path

7 One DES Round 64 bit input 32 bit Ln 32 bit Rn Kn Inner Function +
64 bit output 32 bit Ln+1 64 bit input 32 bit Ln 32 bit Rn Inner Function + Kn One DES round only scrambles half of the input data (the right half). Since the last step in the mangle is to reverse the halfs, the other half of the data is scrambled in the second (and fourth ... and 6th, and 8th, etc. rounds). Also, as stated by the scribe: "The 32 bit Right half becomes the 32 bit Left half for the next round (not the mangled output) unless the textbook diagram is wrong also (Page 68 of the text Figure 3-6). The Right half goes into the mangler and that output is XOR'd with the 32 bit Left half to create the 32 bit Right half for the next round. The Right half (unmangled) simply becomes the Left half for the next round, according to the book and the formulas they give for reversing it. "

8 Combine 32 bit input and 48 bit key into 32 bit output
Inner Function Combine 32 bit input and 48 bit key into 32 bit output Expand 32 bit input to 48 bits XOR the 48 bit key with the expanded 48 bit input Apply the S-boxes to the 48 bit input to produce 32 bit output Permute the resulting 32 bits This helps diffusion, by making a single bit change in the plaintext ripple throughout the ciphertext. It also explains how the decryption works, when the four bit ciphertext can map back to any of four possible plaintexts. You'll see in a minute.

9 Expansion Function Expand 32 bit input to 48 bits by adding a bit to the front and the end of each 4 bit segment. These bits are taken from adjacent bits. This String Becomes this String Notice several bit values are repeated: 4, 5, 8, 9, 28, 29, etc. This helps diffusion, by making a single bit change in the plaintext ripple throughout the ciphertext. It also explains how the decryption works, when the four bit ciphertext can map back to any of four possible plaintexts. You'll see in a minute.

10 S Boxes There are 8 different S-Boxes, 1 for each 6 bit chunk
S box process maps 6 bit input to 4 bit output S box performs a substitution on 4 bits There are 8 possible substitutions in each S box Inner 4 bits are fed into an S box Outer 2 bits determine which substitution is used

11 S Boxes (6 bits to 4 bits) Use bits 1 & 6 to select the row
Bits 2-5 to select the substitution will return (11 X 0010)

12 DES: The Initial and Final Permutations
There is also an initial and a final permutation: the final permutation is the inverse of the initial permutation.

13 Decrypting with DES DES (and all Feistel structures) is invertible through “reverse” encryption because The input to the nth step is the output of the n-1th step Everything needed (except the key) to produce the input to the inner function of the n-1th step is available from the output of the nthstep. So we can Work backwards to step 1. Note that the S-boxes are not reversible.

14 Encrypt round n, Decrypt round n+1
32 bit Rn+1 64 bit input 32 bit Ln+1 64 bit output 32 bit Ln 32 bit Rn Inner Function + Kn Ln+1 was not changed in round n. It started round n as Rn and was used as the input to the mangler function. We can apply the mangler function to Ln+1 which gives the same value that was xor'ed with Ln to get Rn+1. So, when we xor the mangled Ln+1 with Rn+1, we get Ln.

15 Key schedule INPUT: 64-bit key: k1, k2, … , k64
OUTPUT: sixteen 48-bit keys: k1, k2, … , k16 The algorithm used for generating the key schedule combines and selects bits of K to generate the round keys two bit selection tables. -- for details see textbook. C is the encryption key D is the decryption key

16 Weak Keys Let C0 and D0 be the 28 bit key halves
There are 4 week keys in the keyspace (256) C0 = All zeros & D0 = All zeros C0 = All ones & D0 = All zeros C0 = All zeros & D0 = All ones C0 = All ones & D0 = All ones There are 12 semi-weak keys, where Co & Do are the following in some combination All zeros, All ones, …, … -- for details see Handbook of Applied Cryptography. C is the encryption key D is the decryption key

17 Confusion & Diffusion Impact
Confusion: the relationship between the statistics of the ciphertext and the value of the key is as complex as possible. Diffusion. The relationship between the statistics of the plaintext and the ciphertext should as complex as possible: the value of each plaintext bit affects many plaintext bits.

18 Attacks on DES No dramatic improvement on brute force Brute force
Linear Cryptanalysis Known plaintext attack Differential cryptanalysis Chosen plaintext attack Modify plaintext bits, observe change in ciphertext No dramatic improvement on brute force - Brute force we've already discussed. If a suitable "Break DES" version were created, brute force could find the key in a matter of hours because of computing power advances.

19 Linear Cryptanalysis

20 Linear cryptanalysis

21 Differential cryptanalysis (chosen plaintext)
Differential cryptanalysis is a chosen plaintext attack. In this case the XOR of two inputs x, x* is compared with that of the corresponding outputs y, y*. In general we look for pairs x, x* for which x’=x+x* is fixed. For each such pair, decrypt y, y* using all possible candidate keys for the last round, and determine if their XOR has a certain value. Again use a frequency counter. Hopefully, at the end, this counter can be used to determine the correct values for the subkey bits.

22 The security of DES None of these attacks have a serious impact on the
The main problem with DES is that it has relatively short key length. Consequently it is subject to brute-force or exhaustive key search attacks. One solution to overcome this problem is to run DES a multiple number of times.

23 Countering Attacks Large keyspace combats brute force attack
Triple DES, typically two key mode: Ek1Dk2Ek1 Use AES

24 Triple DES Encryption: c = Ek1(Dk2(Ek1(m)) Decryption:
m = Dk1(Ek2(Dk1(c))

25 AES Block length 128 bits. Key lengths 128 (or 192 or 256).
The AES is an iterated cipher with Nr=10 (or 12 or 14) In each round we have: Subkey mixing: State  Roundkey XOR State A substitution: SubBytes(State) A permutation: ShiftRows(State) & MixColumns(State)

26 Establishing Trusted Communication Channels
Conventional techniques Public-key techniques Quantum Key distribution techniques

Download ppt "6b. Practical Constructions of Symmetric-Key Primitives."

Similar presentations

6.1.2 Overview DES is a block cipher, as shown in Figure 6.1.

6.1.2 Overview DES is a block cipher, as shown in Figure 6.1.
Data Encryption Standard (DES)

Data Encryption Standard (DES)
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)

Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Data Encryption Standard (DES)

Data Encryption Standard (DES)
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
CSE 651: Introduction to Network Security

CSE 651: Introduction to Network Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.

The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Block ciphers Structure of a multiround block cipher

Block ciphers Structure of a multiround block cipher
13. Other Block Ciphers 13.1 LUCIFER 13.2 MADRYGA 13.3 NEWDES 13.4 FEAL 13.5 REDOC 13.6 LOKI.

13. Other Block Ciphers 13.1 LUCIFER 13.2 MADRYGA 13.3 NEWDES 13.4 FEAL 13.5 REDOC 13.6 LOKI.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Fifth Edition by William Stallings

Fifth Edition by William Stallings
Symmetric Encryption Lesson Introduction ●Block cipher primitives ●DES ●AES ●Encrypting large message ●Message integrity.

Symmetric Encryption Lesson Introduction ●Block cipher primitives ●DES ●AES ●Encrypting large message ●Message integrity.
Computer and Network Security Rabie A. Ramadan Lecture 3.

Computer and Network Security Rabie A. Ramadan Lecture 3.

Similar presentations

Ads by Google