block ciphers
play

Block Ciphers Fall 2010 CS 334: Computer Security 1 Recall: - PowerPoint PPT Presentation

Feb 17, 2024 •429 likes •916 views

Block Ciphers Fall 2010 CS 334: Computer Security 1 Recall: Private-Key Encryption Algorithms Also called single-key or symmetric key algorithms Both parties share the key needed to encrypt and decrypt messages, hence both parties are

  1. Block Ciphers Fall 2010 CS 334: Computer Security 1

  2. Recall: Private-Key Encryption Algorithms • Also called single-key or symmetric key algorithms • Both parties share the key needed to encrypt and decrypt messages, hence both parties are equal • Modern symmetric key ciphers (developed from product ciphers) include DES, Blowfish, IDEA, LOKI, RC5, Rijndael (AES) and others Fall 2010 CS 334: Computer Security 2

  3. Block Ciphers • One of the most widely used types of cryptographic algorithms – For encrypting data to ensure secrecy – As a cryptographic checksum to ensure integrity – For authentication services • Used because they are comparatively fast, and we know how to design them • We’ll look in particular at DES (Data Encryption Standard) Fall 2010 CS 334: Computer Security 3

  4. Block vs Stream Ciphers • Block ciphers process messages in into blocks, each of which is then en/decrypted – So all bits of block must be available before processing • Like a substitution on very big characters – 64-bits or more • Stream ciphers process messages a bit or byte at a time when en/decrypting – Though technically the only difference here is block size, there are significant differences in how stream and block ciphers are designed. Fall 2010 CS 334: Computer Security 4

  5. Claude Shannon • Wrote some of the pivotal papers on modern cryptology theory – C E Shannon, "Communication Theory of Secrecy Systems", Bell System Technical Journal, Vol 28, Oct 1949, pp 656-715 – C E Shannon, "Prediction and Entropy of printed English", Bell System Technical Journal, Vol 30, Jan 1951, pp 50-64 Fall 2010 CS 334: Computer Security 5

  6. Claude Shannon • Among other things, he developed the concepts of: – Entropy of a message – Redundancy in a language – Theories about how much information is needed to break a cipher – Defined the concepts of computationally secure vs unconditionally secure ciphers – Introduced the idea of substitution-permutation (S-P) networks, basis of current product ciphers Fall 2010 CS 334: Computer Security 6

  7. Shannon S-P Network • cipher needs to completely obscure statistical properties of original message – E.g., a one-time pad does this • more practically Shannon suggested combining elements to obtain: – diffusion – dissipates statistical structure of plaintext over bulk of ciphertext – confusion – makes relationship between ciphertext and key as complex as possible • S-P networks designed to provide these Fall 2010 CS 334: Computer Security 7

  8. Block Cipher Requirements • Must be reasonably efficient • Must be able to efficiently decrypt ciphertext to recover plaintext • Must have a reasonable key length • First attempt: Arbitrary reversible substitution – For a large block size this is not practical for implementation and performance reasons Fall 2010 CS 334: Computer Security 8

  9. Why Not Arbitrary Reversible Substitution? • If we’re going from n bit plaintext to n bit ciphertext: – There are 2 n possible plaintext blocks. – Each must map to a unique output block, so total of 2 n ! reversible transformations • List all n-bit binary (plaintext) strings. First one can go to any of 2 n n-bit binary strings, next to any of 2 n -1 output strings, etc. Fall 2010 CS 334: Computer Security 9

  10. Why Not Arbitrary Reversible Substitution? • If we’re going from n bit plaintext to n bit ciphertext: – So, to specify a specific transformation, essentially need to provide the list of ciphertext outputs for each input block. – How many? Well, 2 n inputs, so 2 n outputs, each n bits long implies an effective key size of n(2 n ) bits. • For blocks of size 64 (desirable to thwart statistical attacks) this amounts to a key of length 64(2 64 ) = 2 70 = 2 67 bytes ~ 1.47 × 10 20 bytes = 147 TB Fall 2010 CS 334: Computer Security 10

  11. Feistel Cipher Structure • Horst Feistel devised the Feistel cipher – based on concept of invertible product cipher – His main contribution was invention of structure that adapted Shannon’s S-P network into easily inverted structure. • Process consists of several rounds. In each round: – partitions input block into two halves – Perform substitution on left half by a round function based on right half of data and subkey – then have permutation swapping halves • implements Shannon’s substitution- permutation network concept Fall 2010 CS 334: Computer Security 11

  12. Fall 2010 CS 334: Computer Security 12

  13. Feistel Cipher Design Principles • block size – increasing size improves security, but slows cipher – 64 bits reasonable tradeoff. Some use 128 bits • key size – increasing size improves security, makes exhaustive key searching harder, but may slow cipher – 64 bit considered inadequate. 128 bit is common size (for now) • number of rounds – increasing number improves security, but slows cipher Fall 2010 CS 334: Computer Security 13

  14. Feistel Cipher Design Principles • subkey generation – greater complexity can make analysis harder, but slows cipher • round function – greater complexity can make analysis harder, but slows cipher • fast software en/decryption & ease of analysis – are more recent concerns for practical use and testing – Making algorithms easy to analyze helps determine cipher effectiveness (DES functionality is not easily analyzed) Fall 2010 CS 334: Computer Security 14

  15. Feistel Cipher Decryption Fall 2010 CS 334: Computer Security 15

  16. Data Encryption Standard (DES) • most widely used block cipher in world • adopted in 1977 by NBS (now NIST) – as FIPS PUB 46 • encrypts 64-bit data using 56-bit key • has widespread use • Considerable controversy over its security – Tweaked by NSA? Fall 2010 CS 334: Computer Security 16

  17. DES History • IBM developed Lucifer cipher – by team led by Feistel – used 64-bit data blocks with 128-bit key • then redeveloped as a commercial cipher with input from NSA and others • in 1973 NBS issued request for proposals for a national cipher standard • IBM submitted their revised Lucifer which was eventually accepted as the DES Fall 2010 CS 334: Computer Security 17

  18. DES Design Controversy • Although DES standard is public was considerable controversy over design – in choice of 56-bit key (vs Lucifer 128-bit) – and because design criteria were classified – And because some NSA requested changes incorporated • Subsequent events and public analysis show in fact design was appropriate – Changes made cipher less susceptible to differential or linear cryptanalysis Fall 2010 CS 334: Computer Security 18

  19. DES Encryption Fall 2010 CS 334: Computer Security 19

  20. Initial Permutation IP • first step of the data computation • IP reorders the input data bits – Permutation specified by tables (See FIPS 46-3) • even bits to LH half, odd bits to RH half • quite regular in structure (easy in h/w) Fall 2010 CS 334: Computer Security 20

  21. DES Round Structure • uses two 32-bit L & R halves • as for any Feistel cipher can describe as: L i = R i –1 R i = L i –1 xor F( R i –1 , K i ) • takes 32-bit R half and 48-bit subkey and: – expands R to 48-bits using perm E – adds to subkey (XOR) – passes through 8 S-boxes to get 32-bit result • Each S-box takes 6 bits as input and produces 4 as output – finally permutes this using 32-bit perm P Fall 2010 CS 334: Computer Security 21

  22. Fall 2010 CS 334: Computer Security 22

  23. S-boxes There are four more Fall 2010 CS 334: Computer Security 23

  24. DES Round Structure Fall 2010 CS 334: Computer Security 24

  25. Substitution Boxes S • have eight S-boxes which map 6 to 4 bits • each S-box is actually 4 little 4 bit boxes – outer bits 1 & 6 ( row bits) considered 2-bit number that selects row – inner bits 2-5 ( col bits) considered 4-bit number that selects column. – Decimal number in table is converted to binary and that gives the four output bits – result is 8 lots of 4 bits, or 32 bits • row selection depends on both data & key – feature known as autoclaving (autokeying) Fall 2010 CS 334: Computer Security 25

  26. DES Key Schedule • forms subkeys used in each round • consists of: – initial permutation of the key (PC1) which selects 56- bits in two 28-bit halves – 16 stages consisting of: • selecting 24-bits from each half • permuting them by PC2 for use in function f, • rotating each half separately either 1 or 2 places depending on the key rotation schedule K Fall 2010 CS 334: Computer Security 26

  27. Fall 2010 CS 334: Computer Security 27

  28. Fall 2010 CS 334: Computer Security 28

  29. DES Decryption • decrypt must unwind steps of data computation • with Feistel design, do encryption steps again • using subkeys in reverse order (SK16 … SK1) • note that IP undoes final FP step of encryption • 1st round with SK16 undoes 16th encrypt round • …. • 16th round with SK1 undoes 1st encrypt round • then final FP undoes initial encryption IP • thus recovering original data value Fall 2010 CS 334: Computer Security 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the

1.11k views • 63 slides
Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Organisation Organisation Overview Block Ciphers Overview Block Ciphers Historic Ciphers Security of Block ciphers Historic Ciphers Security of Block ciphers Symmetric Ciphers Symmetric Ciphers Assume encryption and decryption use the

425 views • 5 slides
One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers Encryption Modes Encryption Modes Shift Cipher Brute%force attack can easily break Ahmet Burak Can Substitution Cipher Hacettepe University

191 views • 6 slides
Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and

Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and

CSS441 Block Ciphers Principles DES Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

788 views • 50 slides
Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks Ryota Nakamichi and Tetsu

Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks Ryota Nakamichi and Tetsu

Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks Ryota Nakamichi and Tetsu Iwata Nagoya University, Japan FSE 2020 November 913, 2020, Virtual 1 / 19 Block Ciphers block cipher (BC) E : K { 0 , 1 } n { 0

530 views • 24 slides
Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length

Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length

Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the ciphertext block C i = E K ( M i ), and the results are concatenated to the

334 views • 8 slides
Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers

Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 2 October, 2012 Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers DES II.

588 views • 10 slides
B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

1 B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a) Fundamentals 3 B.1 Definition A mapping Enc: P K C for which k := Enc( ,k): P C is bijective for each k K is called an

1.1k views • 32 slides
B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n

B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n

1 B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n is called a block cipher . The positive integer n denotes the block size ( block length ). 3 B.25 Remark and Convention The encryption

709 views • 67 slides
Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof.

Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof.

Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof. Raluca Ada Popa Jan 31, 2018 Announcements Project 1 is out, due Feb 14 midnight Recall: Block cipher A function E : {0, 1} k {0, 1} n

553 views • 32 slides
T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES

T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES

T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES 3.3 IDEA 3.4 AES Kaufman et al: Chapter 3 Stallings: Chapters 3, 5 1 Block ciphers Confidentiality primitive Threat: recover the plaintext

774 views • 15 slides
Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof.

Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof.

Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 15, 2016 Announcements Project due Sept 20 Recall: Block cipher A function E : {0, 1} k {0, 1} n {0, 1} n . Once

417 views • 30 slides
T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher

T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher

T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher confidentiality modes of operation Kaufman et al: Ch 4 Stallings: Ch 6, Ch 3 1 Stream ciphers Stream ciphers are generally faster than block

535 views • 12 slides
Perfect Block Ciphers With Small Blocks Louis Granboulan 1 , 2 Thomas Pornin 3 1 cole Normale

Perfect Block Ciphers With Small Blocks Louis Granboulan 1 , 2 Thomas Pornin 3 1 cole Normale

Block ciphers with non-standard sizes Choosing uniformly a random permutation P ERMUTATOR Sampling following the Hypergeometric Distribution Security Analysis Perfect Block Ciphers With Small Blocks Louis Granboulan 1 , 2 Thomas Pornin 3 1

550 views • 23 slides
Design Issues of Block Ciphers The objectives of this part is to show certain design issues of

Design Issues of Block Ciphers The objectives of this part is to show certain design issues of

Design Issues of Block Ciphers The objectives of this part is to show certain design issues of block ciphers. 1 Block Ciphers and Stream Ciphers A one-key cipher is a 5-tuple ( M , C , K , E k , D k ) , where M , C , K are respectively the

461 views • 12 slides
How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and

How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and

Introduction Cryptology Basics Detection Cryptanalysis The Word Case The Excel Case Conclusion How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and Break them Eric Filiol, filiol@esiea.fr ESIEA -

808 views • 64 slides
Algebraic Structures and its Applications in Cryptography Dr. Sucheta Chakrabarti Scientist - G

Algebraic Structures and its Applications in Cryptography Dr. Sucheta Chakrabarti Scientist - G

Algebraic Structures and its Applications in Cryptography Dr. Sucheta Chakrabarti Scientist - G Scientific Analysis Group DRDO Delhi E-mail suchetadrdo@hotmail.com IC-W 2020 29/8/2020 Outline of the Presentation Secure

1k views • 56 slides
Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey

Secure Multi-party Quantum Computation with a Dishonest Majority Yfke Dulek, Alex Grilo, Stacey Je ff ery, Christian Majenz, Christian Scha ff ner Introduction Multi-party computation (MPC) Input (player i): x i 83 false Output: f(x 1 , ,

686 views • 20 slides
Theory of Computation Chapter 12: Cryptography Guan-Shieng Huang Dec. 20, 2006 0-0

Theory of Computation Chapter 12: Cryptography Guan-Shieng Huang Dec. 20, 2006 0-0

Theory of Computation Chapter 12: Cryptography Guan-Shieng Huang Dec. 20, 2006 0-0 Introduction Alice wants to communicate with Bob secretely. x Alice Bob John y=E ( e,x ) y Alice Bob y ??? John Assumption The encryption

580 views • 25 slides
tt rt r t

tt rt r t

tt rt r t Prts ss Prts t r ss t

825 views • 79 slides
Physical Layer Security ennur Uluku ECE / ISR University of Maryland FOR UMD USE ONLY

Physical Layer Security ennur Uluku ECE / ISR University of Maryland FOR UMD USE ONLY

Physical Layer Security ennur Uluku ECE / ISR University of Maryland FOR UMD USE ONLY Security in Wireless Systems Inherent openness in the wireless communications channel: eavesdropping and jamming attacks B A E FOR UMD USE ONLY

1.21k views • 26 slides
Shannons Theory Debdeep Mukhopadhyay IIT Kharagpur Objectives Understand the definition

Shannons Theory Debdeep Mukhopadhyay IIT Kharagpur Objectives Understand the definition

Shannons Theory Debdeep Mukhopadhyay IIT Kharagpur Objectives Understand the definition of Perfect Secrecy Prove that a given crypto-sytem is perfectly secured One Time Pad Entropy and its computation Ideal Ciphers

657 views • 23 slides
Objectives Importance of Probability Computational Security Binomial Distribution

Objectives Importance of Probability Computational Security Binomial Distribution

Probability and Information Theory Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Importance of Probability Computational

557 views • 18 slides
Chapter 2: Classical Encryption Techniques Dr. Loai Tawalbeh Computer Engineering Department

Chapter 2: Classical Encryption Techniques Dr. Loai Tawalbeh Computer Engineering Department

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 2: Classical Encryption Techniques Dr. Loai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Dr. Loai Tawalbeh Fall 2005 Introduction

474 views • 16 slides

More recommend