Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

Published byChrista Padilla Modified over 9 years ago

Similar presentations

Presentation on theme: "1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers."— Presentation transcript:

1 1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers

2 2 DES DES is a special type of iterated cipher based on the Feistel network. Block length 64 bits Key length 56 bits Ciphertext length 64 bits

3 3 DES The round function is: g ([L i-1,R i-1 ]), K i ) = (L i, R i ), where L i = R i-1 and R i = L i-1 XOR f (R i-1, K i ).

4 4 DES round encryption

5 5 DES inner function

6 6 DES computation path

7 7 One DES Round 32 bit R n+1 64 bit output 32 bit L n+1 64 bit input 32 bit L n 32 bit R n Inner Function + KnKn

8 8 Combine 32 bit input and 48 bit key into 32 bit output Expand 32 bit input to 48 bits XOR the 48 bit key with the expanded 48 bit input Apply the S-boxes to the 48 bit input to produce 32 bit output Permute the resulting 32 bits

9 9 Inner Function Expand 32 bit input to 48 bits by adding a bit to the front and the end of each 4 bit segment. These bits are taken from adjacent bits. This String Becomes this String Notice several bit values are repeated: 4, 5, 8, 9, 28, 29, etc.

10 10 S Boxes  There are 8 different S-Boxes, 1 for each chunk  S-box process maps 6 bit input to 4 bit output  S box performs substitution on 4 bits  There are 8 possible substitutions in each S box  Inner 4 bits are fed into an S box  Outer 2 bits determine which substitution is used

11 11 S Boxes Use bits 1 & 6 to select the row Bits 2-5 to select the substitution

12 12 DES: The Initial and Final Permutations There is also an initial and a final permutation: the final permutation is the inverse of the initial Permutation.

13 13 Decrypting with DES DES (and all Feistel structures) is invertible through “reverse” encryption because  The input to the n th step is the output of the n-1 th step  Everything needed (except the key) to produce the input to the inner function of the n-1 th step is available from the output of the n th step. So we can Work backwards to step 1. Note that the S-boxes are not reversible.

14 14 32 bit R n+1 64 bit input 32 bit L n+1 64 bit output 32 bit L n 32 bit R n Inner Function + KnKn 32 bit R n+1 64 bit output 32 bit L n+1 64 bit input 32 bit L n 32 bit R n Inner Function + KnKn

15 15 Key schedule INPUT: 64-bit key: k 1, k 2, …, k 64 OUTPUT: sixteen 48-bit keys: k 1, k 2, …, k 16 The algorithm used for generating the key schedule combines and selects bits of K to generate the round keys two bit selection tables. -- for details see textbook.

16 16 Weak Keys Let C 0 and D 0 be the 28 bit key halves  There are 4 week keys in the keyspace (2 56 ) C 0 = All zeros & D 0 = All zeros C 0 = All ones & D 0 = All zeros C 0 = All zeros & D 0 = All ones C 0 = All ones & D 0 = All ones  There are 12 semi-weak keys, where C o & D o are the following in some combination All zeros, All ones, 010101…, 101010… -- for details see Handbook of Applied Cryptography.

17 17 Attacks on iterated ciphers 

18 18 Diffusion & Confusion -Shannon  Diffusion. The relationship between the statistics of the plaintext and the ciphertext should as complex as possible: the value of each plaintext bit affects many plaintext bits.  Confusion: the relationship between the statistics of the ciphertext and the value of the key is as complex as possible.

19 19 Attacks on DES  Brute force  Linear Cryptanalysis  Known plaintext attack  Differential cryptanalysis  Chosen plaintext attack  Modify plaintext bits, observe change in ciphertext No dramatic improvement on brute force

20 20 Linear cryptanalysis (known plaintext) For each pair (x i,y i ), decrypt using all possible candidate keys for the last round and determine if the linear relation holds. If it does, increment a frequency counter for the candidate key used. Hopefully, at the end, this counter can be used to determine the correct values for the subkey bits.

21 21 Differential cryptanalysis (chosen plaintext) Differential cryptanalysis is a chosen plaintext attack. In this case the XOR of two inputs x, x* is compared with that of the corresponding outputs y, y*. In general we look for pairs x, x* for which x’=x+x* is fixed. For each such pair, decrypt y, y* using all possible candidate keys for the last round, and determine if their XOR has a certain value. Again use a frequency counter. Hopefully, at the end, this counter can be used to determine the correct values for the subkey bits.

22 22 The security of DES None of these attacks have a serious impact on the security of DES. The main problem with DES is that it has relatively short key length. Consequently it is subject to brute-force or exhaustive key search attacks. One solution to overcome this problem is to run DES a multiple number of times.

23 23 Countering Attacks  Large keyspace combats brute force attack  Triple DES, typically two key mode: E k 1 D k 2 E k 1  Use AES

24 24 Triple DES Encryption: c = E k 1 (D k 2 (E k 1 (m)) Decryption: m = D k 1 (E k 2 (D k 1 (c))

25 25 AES Block length 128 bits. Key lengths 128 (or 192 or 256). The AES is an iterated cipher with Nr=10 (or 12 or 14) In each round we have:  Subkey mixing: State  Roundkey XOR State  A substitution: SubBytes(State)  A permutation: ShiftRows(State) & MixColumns(State)

26 26 Establishing Trusted Communication Channels  Conventional techniques  Public-key techniques  Quantum Key distribution techniques

Download ppt "1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers."

Similar presentations

6.1.2 Overview DES is a block cipher, as shown in Figure 6.1.

6.1.2 Overview DES is a block cipher, as shown in Figure 6.1.
From Crypto-Theory to Crypto-Practice 1 CHAPTER 14: From Crypto-Theory to Crypto-Practice SHIFT REGISTERS The first practical approach to ONE-TIME PAD.

From Crypto-Theory to Crypto-Practice 1 CHAPTER 14: From Crypto-Theory to Crypto-Practice SHIFT REGISTERS The first practical approach to ONE-TIME PAD.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
Data Encryption Standard (DES)

Data Encryption Standard (DES)
Data Encryption Standard (DES)

Data Encryption Standard (DES)
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)

Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Data Encryption Standard (DES)

Data Encryption Standard (DES)
Cryptography and Network Security, resuming some notes Dr. M. Sakalli.

Cryptography and Network Security, resuming some notes Dr. M. Sakalli.
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.

Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.

Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.

DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
CS470, A.SelcukLucifer & DES1 Block Ciphers Lucifer & DES CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukLucifer & DES1 Block Ciphers Lucifer & DES CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
ICS 454: Principles of Cryptography

ICS 454: Principles of Cryptography
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Chapter 3 – Block Ciphers and the Data Encryption Standard

Chapter 3 – Block Ciphers and the Data Encryption Standard

Similar presentations

Ads by Google