Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography after DES

Published byΌφελος Κολιάτσος Modified over 6 years ago

Similar presentations

Presentation on theme: "Cryptography after DES"— Presentation transcript:

1 Cryptography after DES
Modern Ciphers Cryptography after DES

2 Designing a new cipher Competing requirements Code footprint
Key agility Efficient software and hardware implementation Speed Flexibility Security Code footprint: Ciphers that require large amounts of RAM cannot be implemented in constrained environments. Key agility: When the cipher has to use a new key, the key schedule needs to be computed. The computational cost of initializing a cipher can be quite high. Flexibility: Different key/ block sizes allow tuning a cipher for the security vs. efficiency trade-off most adequate for the intended

3 Skipjack Developed by NSA For use with the Clipper chip
Caused controversy: Secret specification Push for Government-based key escrow Being implemented in some constrained environments.

4 Skipjack 64-bit block size 80-bit keys 32 rounds
8 rounds of “Rule A,” followed by 8 rounds of “Rule B”, and repeat The round function is a Feistel network; the encryption and decryption use different algorithms

5 Skipjack Rules The above notation means the following: There are 4 16-bit words at any given time being processed by Skipjack. Let W1(i) be the value stored in word W1 after i steps. Then in the i+1 step, W2(i+1) becomes G( W1(i) ), W3(i+1) becomes W2(i), W4(i+1) becomes W3(i) and W1(i+1) becomes G( W1(i) )

6 Round function G Each execution of the round function performs two updates of the values of the high and low bytes of the 16-bit word. The round function is a Feistel network

7 Decryption round function G-1
As with other Feistel networks, the inversion of the round function is obtained by reversing the key scheduling algorithm.

8 The function F The function F is given by table lookup
As in other ciphers, the design of F takes into consideration several goals: Achieves high diffusion and confusion parameters Achieves avalanche effect Is far from a linear function The avalanche effect is how fast the statistics of the function the satisfaction of the SAC Strict Avalanche Criterium: Each bit of the cipher-text has 50% of probability of changing value for each bit of the plaintext that changes value. A linear function is a function that commutes with XOR: F( c_1 XOR c_2) = F( c_1) XOR F( c_2 )

9 Key scheduling algorithm
Extremely simple n-th byte of CV = (n mod 10)-th byte of Key The notation CV stands for “crypto-variable”, an NSA idiosyncratic terminology for KEY.

10 Product Ciphers and Triple-DES
Increasing key length Product Ciphers and Triple-DES

11 Product cipher Consider a cipher E() with key length t bits.
Take two keys k1 and k2 and encrypt a message m by first encrypting it with k1 and then with k2 : C = Ek2( Ek1(m)) Does the key length increase to 2t imply a corresponding gain in security?

12 Man-in-the-Middle Consider the following strategy to find the keys of a product cipher: Obtain some pairs (Pi, Ci) of plaintext and ciphertext encrypted with the product cipher. Ci = Enc(K’’,Enc(K’,Pi)) iff Dec(K’’, Ci) = Enc(K’, Pi) Encrypt P1 with all possible keys K’. Decrypt C1 with all possible keys K’’. Select key pairs s.t. D(K’’, C1) = E(K’, C2)

13 Attack ... K’’ K’ Dec(K2t,C1) Enc(K2t,P1) Dec(K2t-1,C1) Enc(K2t-1,P1)
Dec(K4,C1) Enc(K4,P1) Dec(K3,C1) Enc(K3,P1) Dec(K2,C1) Enc(K2,P1) Dec(K1,C1) Enc(K1,P1) K’’ K’ In the example, encrypting P1 with K1 matches decrypting C1 with the K3 : The pair (K1, K3) is a candidate for the double encryption The table has 2t+1 entries, not 22t Security equivalent to using a key only one or two bits longer! In order to make finding pairs more efficient, proceed as follows. Compute A1 = Enc(K1, P1). Then interpret the block

14 Time/memory trade-off
In order to optimize finding matches: Compute A1 = Enc(K’, P1). Interpret A1 as an address location and store the value K’ there. Compute B1 = Dec(K’’, C1). Interpret B1 as an address location and store the value K’’ there. If a key K’ and a key K’’ try to occupy the same address, output (K’, K’’) as a possible key pair. Time/memory trade-off: Use only part of the block value to address. Store only part of the key data.

15 Triple-DES 3-DES is usually implemented as a encryption followed by a decryption (with a different key) followed by another encryption: DES-EDE Two- and three-key variants, to accomplish 112 and 168-bit keys: DES(K1, DES-1(K2, DES(K1, m))) DES(K3, DES-1(K2, DES(K1, m)))

16 Attacking triple encryption
Merkle devised the following attack. For each key K’, compute P(K’) = Dec(K’’, 0). For each K’, get P(K’) encrypted (using 3-encryption). Apply previous attack on double encryption, with P1 = 0, to find candidates (K’’, K’’’) for each K’. Conclusion: 23t computations not required Many pairs of plaintext/ciphertext required. Note: This is a chosen-plaintext attack, while the previous attack on double-encryption was a given plaintext attack. Also, the attack requires massive amounts of CHOSEN plaintext-ciphertext pairs.

Download ppt "Cryptography after DES"

Similar presentations

6.1.2 Overview DES is a block cipher, as shown in Figure 6.1.

6.1.2 Overview DES is a block cipher, as shown in Figure 6.1.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Cryptography and Network Security

Cryptography and Network Security
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)

Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Cryptography and Network Security, resuming some notes Dr. M. Sakalli.

Cryptography and Network Security, resuming some notes Dr. M. Sakalli.
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
FEAL FEAL 1.

FEAL FEAL 1.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
ICS 454: Principles of Cryptography

ICS 454: Principles of Cryptography
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
Chapter 3 – Block Ciphers and the Data Encryption Standard

Chapter 3 – Block Ciphers and the Data Encryption Standard
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
“Implementation of a RC5 block cipher algorithm and implementing an attack on it” Cryptography Team Presentation 1.

“Implementation of a RC5 block cipher algorithm and implementing an attack on it” Cryptography Team Presentation 1.
Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri.

Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption

Similar presentations

Ads by Google