Download presentation
Presentation is loading. Please wait.
1
CS470, A.SelcukAfter the DES1 Block Ciphers After the DES CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk
2
CS470, A.SelcukAfter the DES2 DES was designed for h/w; slow in s/w. It was also suspect, due to the secret design process By late ’80s, need for an independently developed, fast-in-s/w cipher was clear.
3
CS470, A.SelcukAfter the DES3 FEAL (Shimizu & Miyaguchi, 1987) Idea: More complicated f function—but fast in s/w—with fewer rounds; hence higher speed. Feistel cipher, originally 4 rounds. (later increased to 6, 8, 16, 32) Broken repeatedly –4 rounds: with 5 known plaintexts –8 rounds: with 12 chosen plaintexts –16 rounds: with 2 28 chosen plaintexts 32 rounds may be adequately secure.
4
CS470, A.SelcukAfter the DES4 IDEA (Lai & Massey, 1992) 64-bit block size, 128-bit key 8.5 rounds of: : bitwise XOR +: addition mod 2 16 : multpl’n mod 2 16 + 1 decryption: same as encryption, with inverse keys very secure, a bit slow (~DES) One round of IDEA
5
CS470, A.SelcukAfter the DES5 RC5 (Rivest, 1994) Extremely simple & flexible Variable block size (w), key size (b), no. of rounds (r); specified as RC5-w/r/b. Encryption algorithm: L 1 = L 0 + K 0 R 1 = R 0 + K 1 for i = 2 to 2r+1 do L i = R i-1 R i = ((L i-1 R i-1 ) <<< R i-1 ) + K i For 64-bit block size (w=32), 24 rounds (r=12) is secure
6
CS470, A.SelcukAfter the DES6 Blowfish (Schneier, 1994) 16-round Feistel cipher with key-dependent, large, variable s-boxes –variable s-boxes are not fixed targets for analysis –with large (8x32) s-boxes, chances of a weak combination is negligible Simple, very fast f function. (s-box, +, ) x = (x 1,x 2,x 3,x 4 ), where each x i is 8-bit. f(x) = ((S 1 (x 1 ) + S 2 (x 2 )) S 3 (x 3 )) + S 4 (x 4 ) Slow key schedule.
7
CS470, A.SelcukAfter the DES7 Advanced Encryption Standard (AES) Successful public design process: NIST’s request for proposals (1997) 15 submissions (1998) 5 finalists (1999) Mars (IBM) RC6 (RSA) Twofish (Schneier et al.) Serpent (Anderson et al.) Rijndael (Daemen & Rijmen) Winner: Rijndael (2000)
8
CS470, A.SelcukAfter the DES8 Rijndael An SP cipher with algebraically designed s- boxes (optimal against LC & DC) 128, 192, or 256-bit block size 128, 192, or 256-bit key. 10-14 rounds of: –ByteSub –ShiftRow –MixColumn –AddRoundKey Decryption is similar to encryption (by design)
9
CS470, A.SelcukAfter the DES9 Rijndael Round Function Input is divided into 8-bit cells; organized in 4 rows. Eg. for 128-bit block size: ByteSub: Each cell goes through the s-box. ShiftRow: Each of the 4 rows is shifted by a different amount (“diffusion”) MixColumn: Every column, taken as a 4-entry vector over GF(2 8 ), is multiplied by a special 4x4 matrix over GF(2 8 ). AddRoundKey: All cells are XORed by 8-bit keys. X 1,1 X 1,2 X 1,3 X 1,4 X 2,1 X 2,2 X 2,3 X 2,4 X 3,1 X 3,2 X 3,3 X 3,4 X 4,1 X 4,2 X 4,3 X 4,4
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.