Presentation is loading. Please wait.

Presentation is loading. Please wait.

DES/TDEA Currently, there exist three FIPS † -approved algorithms for encryption: –Data Encryption Standard (DES) –Triple DES (TDEA) –Skipjack Triple DES.

Published byNaomi Ball Modified over 9 years ago

Similar presentations

Presentation on theme: "DES/TDEA Currently, there exist three FIPS † -approved algorithms for encryption: –Data Encryption Standard (DES) –Triple DES (TDEA) –Skipjack Triple DES."— Presentation transcript:

1 DES/TDEA Currently, there exist three FIPS † -approved algorithms for encryption: –Data Encryption Standard (DES) –Triple DES (TDEA) –Skipjack Triple DES is the FIPS-approved symmetric encryption algorithm of choice. † Federal Information Processing Standards

2 DES/TDEA Data Encryption Standard –AKA Data Encryption Algorithm (DEA) (ANSI) DEA-1 (ISO) –Origins Early 1970’s a need arose Military/NSA had developed encryption and had equipment Nonmilitary research and application was “haphazard” Some manufacturing, mostly for overseas No interoperatibility Was anything really secure? No independent certification

3 DES/TDEA –National Bureau of Standards (National Institute of Standards and Technolgy) Issues public request 5/15/73 for RFP for a standard crytpographic algorithm Specs (wish list): –Provide high level of security –Completely specified and easy to understand –Security in the key not depend on the algorithm secrecy –Available to all users –Adaptable to diverse applications –Economically implementable in electronic devices –Efficient –Validatable –Exportable

4 DES/TDEA –Responses failed to meet the goals –Second request 8/27/74 –Algorithm based on IBM’s Patented Lucifer Roy Adler, Don Coppersmith, Horst Feistel, Edna Grossman, Alan Konheim, Carl Meyer, Bill Notz, Lynn Smith, Walt Tuchman, Bryant Tuckerman Worked well for hardware of the time –NBA asked for NSA evaluation help –NSA makes several changes (always suspected) –IBM/NBS work out agreement –Published 8/1/75

5 DES/TDEA –Review, lively dialogue and publications of the standard ensued –“Standards were unprecedented” –“DES did more to galvanize the field of cryptanalysis than anything else” –NSA claimed was secure Thought was hardware solution Details published that allowed for SW implementation Next standard, Skipjack, was classified… –ANSI approved “DEA” as X3.92 (1981)

6 DES/TDEA –Business adoption Retail and wholesale banking (through ANSI) –Financial Institution Retail Security Working Group –Financial Institution Wholesale Security Working Group –Authentication, PIN and key management and distribution, secure personal and node authentication American Bankers Association (ABA) –Voluntary standards –Recommendations for encryption and key management –Additional Governmental usage GSA Dept of Treasury

7 DES/TDEA –Validation/Certification DES requires recertification every 5 years 1978 –First Certified 1983 –Recertified with no problems 1987 –Likeliness of breaking beginning to show –Commercial COMSEC Endorsement Program (CCEP) »NSA designed algorithms on a VLSI chip –Banking industry uses extensively with no alternative –Withdrawal leave some orgs with no alternatives –Recertified but “would not be recertified again”

8 DES/TDEA 1993 –Still no alternative –Usefulness expected to end by later 1990s –Software implementations allowed to be certified 1999 –Reaffirmed –FIPS PUB 46-3 (supercedes 46-2) –Added TDEA and Skipjack as approved standards “Note: It is anticipated that triple DES and the Advanced Encryption Standard (AES) will coexist as FIPS † approved algorithms allowing for a gradual transition to AES. (The AES is a new symmetric-based encryption standard under development by NIST. AES is intended to provide strong cryptographic security for the protection of sensitive information well into the 21st century.)” † Federal Information Processing Standards

9 DES/TDEA –With this modification: »“1. Triple DES (i.e., TDEA), as specified in ANSI X9.52 will be recognized as a FIPS approved algorithm. »2. Triple DES will be the FIPS approved symmetric encryption algorithm of choice. »3. Single DES (i.e., DES) will be permitted for legacy systems only. New procurements to support legacy systems should, where feasible, use Triple DES products running in the single DES configuration. »4. Government organizations with legacy DES systems are encouraged to transition to Triple DES based on a prudent strategy that matches the strength of the protective measures against the associated risk.”

10 DES/TDEA Components –Keys 64 but actually 56 bits Every 8 th bit is parity –Blocks “Block cipher” 64 bit blocks in/out Composed of bits numbered from left to right, i.e., the left most bit of a block is bit one. –Algorithm Symmetric “At its simplest level…nothing more than a combination of the two basic techniques of encryption: confusion and diffusion”

11 DES/TDEA Algorithm Notes –Substitution followed by Permutation on the text based on the key (round) –16 Rounds –Uses standard arithmetic and logical operations on numbers of 64 bits (’70s hardware influence) –Handful of numbers considered weak and Semiweak keys »64 out of 72,057,594,037,927,927,936

12 DES/TDEA –Algorithm Description Start with 64 bits of Plaintext Initial Permutation (IP) Block bisected into two 32 bits “right” and “left” blocks Function “ƒ” applied 16 times using shifted keys and exchanging the R/L R/L rejoined Final Permutation (IP -1 ) End with 64 bits of Ciphertext

13

14 DES/TDEA Initial Permutation (IP) –Transposes the input block using table: 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36 28, 20, 12, 4 62, 54, 46, 38, 30,… 57, 49, 41, 33,… 61, 53, 45 i.e. Bit 58 goes to position 1, 50 to 2, 42 to 3, … Maybe makes it easier to load text into a DES chip?

15 DES/TDEA Key transformation –Extract 56 bits from 64 bit key (remove and verify parity) –Generate 48 bit subkey for each of the 16 rounds 1. Divide 56 bit key into two 28 bit pieces 2. Circular shift left each half by one or two bits based on: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1 3. Select 48 out of 56 bits (compression permutation) (aka permuted choice) 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 i.e. bit 1 goes to position 14, 17 to 2,…

16

17 LRKey Key’L’R’ P-Box S-Box Expansion shift Compression 5232 48 32 48

18 DES/TDEA Expansion Permutation –Expand R 32 bit half to 48 bits –Make R same size as key for XOR –Main purpose: one bit affects two substitutions creating a rapidly increasing dependency of output to input bits (avalanche effect) –E-box: For each 4 bit input, 1 st and 4 th bits  two bits of the output block 2 nd and 3 rd bits  one bit Using: 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17, 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25, 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1

19 DES/TDEA S-Box Substitution –After Compressed key XORed with expanded blocks –Substitution Box used: 6 bit in  4 bits out 8 different S-Boxes Tables used in parallel 48 bits in 6 bit groups go through 8 s-boxes giving 32 bits out –Input bits used to index into a table: b1,…, b6  (row) b1,b6 and (column) b2,b3,b4,b5 –Result is 32 bit block –This substitution is most critical: “other operations are linear and easy to analyze, The S-boxes are nonlinear and, more than anything else, give DES its security”

20 S-Box Design No output bit of S-box should be too close to a linear function of the input bits If L and R bits are fixed, and 4 middle bits varied, each possible 4 bit result is obtained once. 2 inputs vary in 1 bit, output varies in 2 bits 2 inputs vary in 2 middle bits, the output varies in at least 2 bits 2 inputs are different on 1 st 2 bits, and same on last 2 bits, the output is different A few more esoteric ones….

21 DES/TDEA P-Box Permutation –Output of S-Box is permuted –Map each input bit  output position –No bits used twice and bits ignored (straight permutation) 16, 7, 20, 21, 29, 12, 28, 17, 1,15, 23, 26, 5, 18, 31, 10 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 Result XORed with L 32 bits L and R switched Go around again… Repeat 16 times

22 DES/TDEA Final Permutation (P -1 ) –L and R not exchanged after last round –Concatenated block put through: 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31 38, 6, 46, 14, 54, … 36, 4, 44, 12, … 34, 2, 42, … Done (EOA)!

23 DEA/TDEA Decrypting –Use same function –Key is the key… Used in reverse order (K 1,…,K 16 becomes K 16,…, K 1 ) Right circular shift of 0-2 bits 0 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1 )

24 DES/TDEA Triple Data Encryption Algorithm –Same base algorithm –Uses three separate keys (K 1, K 2, K 3 ) (bundle) With keying options of: 1. K 1  K 2  K 3 2. K 1  K 2 and K 3 = K 1 3. K 1 = K 2 = K 3 –Encryption defined as: C = EK 3 (DK 2 (EK 1 (T))) –Decryption defined as: C = DK 1 (EK 2 (DK 3 (T)))

25 DES/TDEA –TDEA backwards compatible with DES if: Using compatible keying options 1.An encrypted plaintext computed using a single DES mode of operation can be decrypted correctly by a corresponding TDEA mode of operation 2.An encrypted plaintext computed using a TDEA mode of operation can be decrypted correctly by a corresponding single DES mode of operation –When using Keying Option 3 (K1 = K2 = K3), TECB, TCBC, TCFB and TOFB modes are backward compatible with single DES modes of operation ECB, CBC, CFB, OFB respectively

26 DES/TDEA Is it (basic DES) really Secure? –Years of speculation –Successful attacks on versions with fewer rounds –Differential and Linear Cryptanalysis reduces potential number of steps of a brute force (exhaustion) attack –NSA rumors: massively parallel systems with special algorithms yielding < 15 min. cracks –Conclusion: Logically, doubtful!

Download ppt "DES/TDEA Currently, there exist three FIPS † -approved algorithms for encryption: –Data Encryption Standard (DES) –Triple DES (TDEA) –Skipjack Triple DES."

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
Data Encryption Standard (DES)

Data Encryption Standard (DES)
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)

Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Data Encryption Standard (DES)

Data Encryption Standard (DES)
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.

Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.

Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.

DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Cryptography Block Ciphers and Feistel Functions.

Cryptography Block Ciphers and Feistel Functions.
Chapter 3 – Block Ciphers and the Data Encryption Standard

Chapter 3 – Block Ciphers and the Data Encryption Standard
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Similar presentations

Ads by Google