Presentation is loading. Please wait.

Presentation is loading. Please wait.

Announcements: Homework 3 due now Homework 3 due now Homework 4 posted Homework 4 postedToday: Attacks on DES Attacks on DESQuestions? DTTF/NB479: DszquphsbqizDay.

Published byMaude Greene Modified over 9 years ago

Similar presentations

Presentation on theme: "Announcements: Homework 3 due now Homework 3 due now Homework 4 posted Homework 4 postedToday: Attacks on DES Attacks on DESQuestions? DTTF/NB479: DszquphsbqizDay."— Presentation transcript:

1 Announcements: Homework 3 due now Homework 3 due now Homework 4 posted Homework 4 postedToday: Attacks on DES Attacks on DESQuestions? DTTF/NB479: DszquphsbqizDay 14

2 DES round keys involve two permutations and a left shift K = Grab 56 permuted bits:[57, 49, 41, 33 …] Get 1100… In round 1, LS(1), so: 100 …1 Then grab 48 permuted bits: [14, 17, 11, 24, 1, 5, 3, …] Get … 1 0 … T&W, p. 127 0111111001001000 1100001010000010 0001110000001110 1111010011101000

3 DES has been showing signs of weakness from the beginning 1975 1977 1987 1992 1993 2013 2000

4 Only 2 56 = 72,057,594,037,927,936 keys, so it was brute forced using parallelism 1997: DES Challenge issued. $10K prize Found after 5 months, searching ___% of keyspace Found after 5 months, searching ___% of keyspace 1998: DES Challenge II Down to 39 days, 85% of keyspace! Down to 39 days, 85% of keyspace! Also in 1998…

5 DES Cracker used a mixture of software and specialized hardware Budget of only $200,000 1998 dollars vs $20,000,000 1977 dollars vs $20,000,000 1977 dollarsResult?

6 Post-DES Brute force attacks that take O(N) DES computations are now reasonable. N is size of keyspace = 2 56 N is size of keyspace = 2 56 Can we just double encrypt to get O(N 2 ) computations? Use k1, k2 Use k1, k2 C = E k2 (E k1 (P)), so P = D k1 (D k2 (C)) ? C = E k2 (E k1 (P)), so P = D k1 (D k2 (C)) ?

7 Meet-in-the-middle attack Assume k completely determines E k and D k Know P and C = E k2 (E k1 (P)) P E k1 (P) (for all k1) C D k2 (C) (for all k2) Time complexity? O( n ) DES computations, O( n 2 ) comparisons O(n ) memory

8 Triple-DES? Type DES computations ComparisonsMemory Brute force DES Double C=E k2 (E k1 (P)) O(N) O(N 2 ) O(N) Triple1 C=E k3 (E k2 (E k1 (P))) Triple2 C=E k1 (E k2 (E k1 (P))) Triple3 C=E k2 (E k1 (E k1 (P))) Describe attacks on triple 1-3, fill out chart, and order by level of security

9 Triple-DES? Type DES computations ComparisonsMemory Brute force DES (3) Double C=E k2 (E k1 (P)) O(N) O(N 2 ) O(N) (1) Triple1 C=E k3 (E k2 (E k1 (P))) O(N 2 ) O(N 3 ) O(N 2 ) O(N 3 ) (2) Triple2 C=E k1 (E k2 (E k1 (P))) (3) Triple3 C=E k2 (E k1 (E k1 (P))) Describe attacks on triple 1-3, fill out chart, and order by level of security

10 Triple-DES? Type DES computations ComparisonsMemory Brute force DES (3) Double C=E k2 (E k1 (P)) O(N) O(N 2 ) O(N) (1) Triple1 C=E k3 (E k2 (E k1 (P))) O(N 2 ) O(N 3 ) O(N 2 ) O(N 3 ) (2) Triple2 C=E k1 (E k2 (E k1 (P))) O(N 2 ) O(N 3 ) O(N 2 ) (3) Triple3 C=E k2 (E k1 (E k1 (P))) Describe attacks on triple 1-3, fill out chart, and order by level of security

11 Triple-DES? Type DES computations ComparisonsMemory Brute force DES (3) Double C=E k2 (E k1 (P)) O(N) O(N 2 ) O(N) (1) Triple1 C=E k3 (E k2 (E k1 (P))) O(N 2 ) O(N 3 ) O(N 2 ) O(N 3 ) (2) Triple2 C=E k1 (E k2 (E k1 (P))) O(N 2 ) (3) Triple3 C=E k2 (E k1 (E k1 (P))) O(N) O(N 2 ) O(N) Describe attacks on triple 1-3, fill out chart, and order by level of security

12 DES Modes of Operation Electronic codebook: Each block is encoded independently TextASCII bit vector Block 1 (64 bits) DES Encoded 1 (64 bits) Encoded bit vector Block 2 (64 bits) DES Encoded 2 (64 bits) …

13 DES Modes of Operation Cipher-block chaining: Each plaintext block is XOR’ed with the previous ciphertext before going into DES We will do a simpler version of this in HW4 (set C 0 = 0) We will do a simpler version of this in HW4 (set C 0 = 0) TextASCII bit vector Block 1 (64 bits) DES Encoded 1 (64 bits) Encoded bit vector Block 2 (64 bits) DES Encoded 2 (64 bits) + … ++ C0C0 (random; sent in clear)

14 DES Modes of Operation Others: Cipher feedback: similar, but 64-bit blocks overlap, giving k bits at a time (like 8 for 1 character at a time) Cipher feedback: similar, but 64-bit blocks overlap, giving k bits at a time (like 8 for 1 character at a time) Uses pseudorandom bits like LFSR Output feedback: similar but helps catch errors before propagate. Output feedback: similar but helps catch errors before propagate. Counter: Some output can be computed independently, so better for parallelizing Counter: Some output can be computed independently, so better for parallelizing I trust you could implement these if needed. Not part of HW4…

15 HW4: DES Implementation Encryption and decryption. Cipher-block chaining to prevent speedups due to embarrassing parallelism Correctness: Can use one to test the other. Can use one to test the other.Efficiency: In addition, it’d be nice to use a language that’s closer to the hardware for efficiency, like C or non-OO Java. In addition, it’d be nice to use a language that’s closer to the hardware for efficiency, like C or non-OO Java. Part of your grade will depend on this Part of your grade will depend on this There will also be a competition to see whose implementation is quickest! There will also be a competition to see whose implementation is quickest!

16 Questions so far on DES?

Download ppt "Announcements: Homework 3 due now Homework 3 due now Homework 4 posted Homework 4 postedToday: Attacks on DES Attacks on DESQuestions? DTTF/NB479: DszquphsbqizDay."

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,

Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.

Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.
1 Lect. 9 : Mode of Operation. 2 Modes of Operation – ECB Mode  Electronic Code Book Mode Break a message into a sequence of plaintext blocks Each plaintext.

1 Lect. 9 : Mode of Operation. 2 Modes of Operation – ECB Mode  Electronic Code Book Mode Break a message into a sequence of plaintext blocks Each plaintext.
Announcements: Get your ch 1-2 quiz if you haven’t. Get your ch 1-2 quiz if you haven’t. Grading change: Grading change: Homeworks are mixed programming.

Announcements: Get your ch 1-2 quiz if you haven’t. Get your ch 1-2 quiz if you haven’t. Grading change: Grading change: Homeworks are mixed programming.
Announcements: Homework 3 due now Homework 3 due now Homework 4 posted Homework 4 postedToday: Attacks on DES Attacks on DESQuestions? DTTF/NB479: DszquphsbqizDay.

Announcements: Homework 3 due now Homework 3 due now Homework 4 posted Homework 4 postedToday: Attacks on DES Attacks on DESQuestions? DTTF/NB479: DszquphsbqizDay.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Announcements: Quizzes returned tomorrow Quizzes returned tomorrow This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption Standard.

Announcements: Quizzes returned tomorrow Quizzes returned tomorrow This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption Standard.
Announcements: Homework 2 returned Homework 2 returned Monday: Written (concept and small calculations) exam on breaking ch 2 ciphers Monday: Written (concept.

Announcements: Homework 2 returned Homework 2 returned Monday: Written (concept and small calculations) exam on breaking ch 2 ciphers Monday: Written (concept.
Announcements: Quizzes returned at end of class Quizzes returned at end of class This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption.

Announcements: Quizzes returned at end of class Quizzes returned at end of class This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.

Similar presentations

Ads by Google