1. Block Ciphers and the Data Encryption Standard

2. Modern Block Ciphers  One of the most widely used types of cryptographic algorithms  Used in symmetric cryptographic network application.  Difficult Structure to understand then public key ciphers.  Our focus on DES (Data Encryption Standard)

3. Block vs Stream Ciphers  In Block cipher a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length.  A block size of 64 or 128 bits is used  Stream ciphers process messages a bit or byte at a time when en/decrypting  The key stream (Ki)is as long as the plaintext bit stream (Pi).  Many current ciphers are block ciphers better analyzed better analyzed broader range of applications broader range of applications  Examples of classical stream ciphers are the Vigenère cipher

4. Block vs Stream Ciphers

5. Block Cipher Principles  Most symmetric block ciphers are based on a Feistel Cipher Structure  In general, A block cipher operates on a plaintext block of n bits to produce a cipher text block of n bits (E.g., N = 64 or 128.)  A block cipher is a monoalphabetic cipher.  There are 2 N ! such mappings.  A secret key indicates which mapping to use.

6. Ideal Block Cipher

7. Claude Shannon and Substitution- Permutation Ciphers  Claude Shannon introduced idea of substitution-permutation (S-P) networks in 1949 paper and form the basis of modern block ciphers  Modern block ciphers use a key of K bits to specify a random subset of 2 K mappings. 2 K is much smaller than 2 N ! 2 K is much smaller than 2 N ! But is still very large. But is still very large.  S-P nets are based on the two primitive cryptographic operations seen before: substitution (S-box) substitution (S-box) permutation (P-box) permutation (P-box)  provide confusion & diffusion of message & key

8. Confusion and Diffusion  cipher needs to completely obscure statistical properties of original message  More practically Shannon suggested combining S & P elements to obtain:  diffusion – make the statistical relationship between the plaintext and ciphertext as complex as possible in order to thwart attempts to deduce the key.  confusion – makes relationship between ciphertext and key as complex as possible

9. Feistel Cipher Structure  Horst Feistel devised the feistel cipher based on concept of invertible product cipher based on concept of invertible product cipher  partitions input block into two halves process through multiple rounds which process through multiple rounds which perform a substitution on left data half perform a substitution on left data half based on round function of right half & subkey based on round function of right half & subkey then have permutation/transformation swapping halves then have permutation/transformation swapping halves  implements Shannon’s S-P net concept

10. The Feistel Cipher Structure

11. Round i + f L i-1 R i-1 kiki L i R i

12. Mathematical Description of Round i 12

13. The Feistel Cipher Decryption Structure

14. Feistel Cipher Design Elements  block size  key size  number of rounds  subkey generation algorithm  round function  fast software en/decryption  ease of analysis

15. DES Round Structure  uses two 32-bit L & R halves  as for any Feistel cipher can describe as: L i = R i–1 R i = L i–1  F(R i–1, K i )  F takes 32-bit R half and 48-bit subkey: expands R to 48-bits using perm E expands R to 48-bits using perm E adds to subkey using XOR adds to subkey using XOR 48 bit passes through 8 S-boxes to get 32-bit result 48 bit passes through 8 S-boxes to get 32-bit result finally permutes using 32-bit perm P finally permutes using 32-bit perm P

16. DES Encryption Overview

17. Single Round Structure

19. Substitution Boxes S  have eight S-boxes which map 6 to 4 bits.  Each S-box is specified as a 4 x 16 table.  each row is a permutation of 0-15.  The first and last bits of the input to box Si form a 2-bit binary number to select one of four substitutions defined by the four rows in the table for Si.  The middle four bits select one of the sixteen columns.

20. S-Box Example  The example lists 8 to 6-bit values (ie 18 in hex is 011000 in binary, 09 hex is 001001 binary etc), each of which is replaced following the process detailed above using the appropriate S-box.  S1(011000) lookup row 00 col 1100 in S1 to get 5  S1(000011) lookup row 01 col 0001 in S1 to get 15 = f in hex 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1441312151183106125907 0157414213110612116538 4114813621115129731050 1512824917511314100613 01230123

21. Avalanche Effect  Avalanche effect: The avalanche effect is evident if, when an input is changed slightly (for example, flipping a single bit) the output changes significantly (e.g., half the output bits flip) The avalanche effect is evident if, when an input is changed slightly (for example, flipping a single bit) the output changes significantly (e.g., half the output bits flip) A small change in the plaintext or in the key results in a significant change in the ciphertext. A small change in the plaintext or in the key results in a significant change in the ciphertext. an evidence of high degree of diffusion and confusion an evidence of high degree of diffusion and confusion

22.  DES exhibits a strong avalanche effect Changing 1 bit in the plaintext affects 34 bits in the ciphertext on average. Changing 1 bit in the plaintext affects 34 bits in the ciphertext on average. 1-bit change in the key affects 35 bits in the ciphertext on average. 1-bit change in the key affects 35 bits in the ciphertext on average.

23. 23 Attacks on DES  Brute-force key search Trying 1 key per microsecond would take 1000+ years on average, due to the large key space size, 2 56 ≈ 7.2×10 16. Trying 1 key per microsecond would take 1000+ years on average, due to the large key space size, 2 56 ≈ 7.2×10 16.  Differential cryptanalysis Possible to find a key with 2 47 plaintext-ciphertext samples Possible to find a key with 2 47 plaintext-ciphertext samples Known-plaintext attack Known-plaintext attack  Liner cryptanalysis: Possible to find a key with 2 43 plaintext-ciphertext samples Possible to find a key with 2 43 plaintext-ciphertext samples Known-plaintext attack Known-plaintext attack