Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS555Spring 2012/Topic 91 Cryptography CS 555 Topic 9: Block Cipher Construction & DES.

Published byBenjamin Lester Modified over 9 years ago

Similar presentations

Presentation on theme: "CS555Spring 2012/Topic 91 Cryptography CS 555 Topic 9: Block Cipher Construction & DES."— Presentation transcript:

1 CS555Spring 2012/Topic 91 Cryptography CS 555 Topic 9: Block Cipher Construction & DES

2 CS555Spring 2012/Topic 92 Outline and Readings Outline Substitution-Permutation Networks Feistel networks DES Readings: Katz and Lindell: 5.1,5.2,5.3

3 CS555Spring 2012/Topic 93 Why Block Ciphers? Another way to defeat frequency analysis –Make the unit of transformation larger, rather than encrypting letter by letter, encrypting block by block Provide an efficient implementation for PRF and PRP Block ciphers are important building blocks for constructing encryption schemes

4 CS555Spring 2012/Topic 94 Block Ciphers A block cipher is an efficient, keyed permutation F: {0,1} n × {0,1} l  {0,1} l –F k (x) = F(k,x) is a bijection (permutation) –Block size: l –Key size: n

5 Spring 2012/Topic 95 Truly Random Permutation The truly random permutation is a substitution cipher from {0,1} n to {0,1} n –total number of keys: 2 n ! –insecure when n is small –impractical when n is large: key length s = log (2 n !) > (n-1)2 n-1 –Block ciphers approximate random permutation for large n –Use a subset of the 2 n ! possible permutations CS555

6 Confusion-Diffusion Paradigm Construct block cipher from many smaller random (or random-looking) permutations Confusion: e.g., for block size 128, uses 16 8-bit random permutation –F k (x) = f 1 (x 1 )  f 16 (x 16 ) –Where key k selects 16 8-bit random permutation. –Does F k (  ) look like a random permutation? Diffusion: bits of F k (x) are permuted (re-ordered) Multiple rounds of confusion and diffusion are used. CS555Spring 2012/Topic 96

7 Substitution-Permutation Networks A variant of the Confusion-Diffusion Paradigm – {f i } are fixed and are called s-boxes –Sub-keys are XORed with intermediate result Sub-keys are generated from the master key according to a key schedule Each round has three steps –Message XORed with sub-key –Message divided and went through s-boxes –Message goes through a mixing permutation (bits reordered) CS555Spring 2012/Topic 97

8 CS555Spring 2012/Topic 98 Taken from http://en.wikipedia.org/ wiki/Substitution- permutation_network

9 Design Principles of Substitution- Permutation Networks Design Principle 1. S-boxes are invertible Design Principle 2. The avalanche effect: small changes in input result in large changes in output. –A single-bit difference in each s-box results in changes in at least two bits in output –The mixing permutation distributes the output bits of any s-box into different s-boxes –The above, with sufficient number of rounds, achieves the avalanche effect. CS555Spring 2012/Topic 99

10 CS555Spring 2012/Topic 910 Feistel Network A high-level structure that constructs an invertible function from non-invertible components –Components do not need to be invertible –Can thus behave “more randomly” A Feistel Network is fully specified given –the block size: n = 2w –number of rounds: d –d round functions f 1, …, f d : {0,1} w  {0,1} w Used in DES, IDEA, RC5, and many other block ciphers; but not in AES

11 CS555Spring 2012/Topic 911 L0L0 R0R0 f1f1  L1L1 R1R1 f2f2  Encryption: L 1 =R 0 R 1 =L 0  f 1 (R 0 ) L 2 =R 1 R 2 =L 1  f 2 (R 1 ) … L d =R d-1 R d =L d-1  f d (R d-1 ) L d-1 R d-1 fdfd  LdLd RdRd Decryption: R d-1 =L d L d-1 =R d  f d (L d ) … R 0 =L 1 ; L 0 =R 1  f 1 (L 1 ) Feistel Network w bits

12 Feistel Network Always invertible no matter what the round function is. Each round function is similar to that in the substitution-permutation network –Except that the s-boxes do not need to be invertible CS555Spring 2012/Topic 912

13 CS555Spring 2012/Topic 913 Data Encryption Standard (DES) Designed by IBM, with modifications proposed by the National Security Agency US national standard (and de facto international standard) from 1977 to 2001 Block size 64 bits; Key size 56 bits; 16-round Feistel network Designed mostly for hardware implementations Considered insecure now because of short key length –vulnerable to brute-force attacks

14 Spring 2012/Topic 914 DES Structure CS555

15 Spring 2012/Topic 915 DES Round i L i-1 R i-1 LiLi RiRi KiKi F + 32 bits 48 bits 32 bits CS555

16 Spring 2012/Topic 916 DES f Function 48 CS555

17 Spring 2012/Topic 917 S-boxes S-box B (6 bits) C(4 bits) B = b 1 b 2 b 3 b 4 b 5 b 6 b 1 b 6 = r = rowc = column S = matrix 4 x 16, values from 0 to 15 C = Binary representation of S(r,c) 8 S-boxes S-boxes are the only non-linear elements in DES design CS555

18 Spring 2012/Topic 918 About the S-boxes … 1441312151183106125907 0157414213110612119538 4114813621115129731050 1512824917511314100613 Example: S 1 S(i, j)  {0,1,…,15}, corresponds to 4 bits Each row is a permutation of {0,1,…,15}. Changing one bit in input changes at least two bits in output CS555

19 Spring 2012/Topic 919 DES Key Scheduling 28 bits C i-1 D i-1 Left shift Permutation/contraction KiKi 48 bits CiCi DiDi CS555

20 Spring 2012/Topic 920 DES Weak Keys Definition: A DES weak key is a key K such that E K (E K (x))=x for all x, i.e., encryption and the decryption is the same –these keys make the same sub-key to be generated in all rounds. DES has 4 weak keys (only the 56-bit part of it) 0000000 0000000 FFFFFFF FFFFFFF 0000000 FFFFFFF Weak keys should be avoided at key generation. CS555

21 Spring 2012/Topic 921 Exhaustive Key Search of DES Brute Force: Known-Plaintext Attack Try all 2 56 possible keys Requires constant memory Time-consuming DES challenges: (RSA) –msg=“the unknown message is :xxxxxxxx” –CT=“ C1 | C2 | C3 | C4” –1997 Internet search: 3 months –1998 EFF machine (costs $250K): 3 days –1999 Combined: 22 hours CS555

22 Spring 2012/Topic 922 Coming Attractions … Block cipher security & AES Reading: Katz & Lindell: 5.4,5.5,5.6

Download ppt "CS555Spring 2012/Topic 91 Cryptography CS 555 Topic 9: Block Cipher Construction & DES."

Similar presentations

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Cryptography and Network Security

Cryptography and Network Security
Data Encryption Standard (DES)

Data Encryption Standard (DES)
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.

Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.

DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
1 CS 255 Lecture 4 Attacks on Block Ciphers Brent Waters.

1 CS 255 Lecture 4 Attacks on Block Ciphers Brent Waters.
CS470, A.SelcukLucifer & DES1 Block Ciphers Lucifer & DES CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukLucifer & DES1 Block Ciphers Lucifer & DES CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
ICS 454: Principles of Cryptography

ICS 454: Principles of Cryptography
ICS 454 Principles of Cryptography Advanced Encryption Standard (AES) (AES) Sultan Almuhammadi.

ICS 454 Principles of Cryptography Advanced Encryption Standard (AES) (AES) Sultan Almuhammadi.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
6. Practical Constructions of Symmetric-Key Primitives

6. Practical Constructions of Symmetric-Key Primitives
Cryptanalysis on Substitution- Permutation Networks Jen-Chang Liu, 2005 Ref: Cryptography: Theory and Practice, D. R. Stinson.

Cryptanalysis on Substitution- Permutation Networks Jen-Chang Liu, 2005 Ref: Cryptography: Theory and Practice, D. R. Stinson.
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.

CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.

Similar presentations

Ads by Google