chapter 3 block ciphers and the data encryption standard
play

Chapter 3: Block Ciphers and the Data Encryption Standard Dr. Loai - PDF document

Dec 19, 2023 •92 likes •339 views

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 3: Block Ciphers and the Data Encryption Standard Dr. Loai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Dr. Loai Tawalbeh Fall 2005

  1. CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 3: Block Ciphers and the Data Encryption Standard Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Dr. Lo’ai Tawalbeh Fall 2005 Block vs Stream Ciphers • block ciphers treats messages as blocks to be then en/decrypted separately. • stream ciphers process messages a bit or byte at a time when en/decrypting—e.g., Vigenere • many current ciphers are block ciphers- most major network-based cryptographic appliactions Dr. Lo’ai Tawalbeh Fall 2005 1

  2. Block Cipher Principles • most symmetric block ciphers are based on a Feistel Cipher Structure • needed since must be able to decrypt ciphertext to recover messages efficiently • block ciphers look like an extremely large substitution would need table of 2 64 entries for a 64-bit block • • instead create from smaller building blocks • using idea of a product cipher • It has complex structure compared to public-key algorithms Dr. Lo’ai Tawalbeh Fall 2005 Motivation for Feistel Structure Dr. Lo’ai Tawalbeh Fall 2005 2

  3. Claude Shannon and Substitution-Permutation Ciphers • in 1949 Claude Shannon introduced idea of Substitution- Permutation (S-P) networks • modern substitution-transposition product cipher • these form the basis of modern block ciphers • S-P networks are based on the two primitive cryptographic operations we have seen before: • substitution (S-box) • permutation (P-box) • provide confusion and diffusion of message Dr. Lo’ai Tawalbeh Fall 2005 Confusion and Diffusion • cipher needs to completely obscure statistical properties of original message • a one-time pad does this • more practically Shannon suggested combining elements to obtain: • diffusion – dissipates statistical structure of plaintext over bulk of ciphertext (each plaintext bit affect the value of many ciphertext bits) • confusion – makes relationship between ciphertext and key as complex as possible- use complex substitution algorithm Dr. Lo’ai Tawalbeh Fall 2005 3

  4. Feistel Cipher Structure • Horst Feistel proposed the F eistel cipher • based on concept of invertible product cipher • partitions input block into two halves • process through multiple rounds which • perform a substitution on left data half • based on round function of right half & subkey • then have permutation swapping halves • implements Shannon’s substitution-permutation network concept Dr. Lo’ai Tawalbeh Fall 2005 Feistel Cipher Structure Dr. Lo’ai Tawalbeh Fall 2005 4

  5. Feistel Cipher Design Principles • block size • increasing block provides more security, but reduces the en/decryption speed • key size larger size � greater security, makes exhaustive key searching harder, but • may slow cipher (common 64, 128) • number of rounds More rounds � more security. (Typical 16 rounds) • • subkey generation • greater complexity makes cryptanalysis harder, but slows cipher • round function • greater complexity can make analysis harder, but slows cipher • fast software en/decryption & ease of analysis • are more recent concerns for practical use and testing Dr. Lo’ai Tawalbeh Fall 2005 Feistel Cipher Decryption Dr. Lo’ai Tawalbeh Fall 2005 5

  6. Feistel Cipher Decryption • Use the same encryption algorithm with: • The ciphertext as the input, • The round keys are applied in reverse order: Use Kn in the first round, and K1 in the 16 th round. Dr. Lo’ai Tawalbeh Fall 2005 Data Encryption Standard (DES) • most widely used block cipher in the world • adopted in 1977 by NBS (now NIST) as FIPS PUB 46 • encrypts 64-bit data using 56-bit key • IBM developed Lucifer cipher • by team led by Feistel • used 64-bit data blocks with 128-bit key • in 1973 NBS issued request for proposals for a national cipher standard • IBM submitted their revised Lucifer which was eventually accepted as the DES Dr. Lo’ai Tawalbeh Fall 2005 6

  7. DES Design Controversy • although DES standard is public • was considerable controversy over design • in choice of 56-bit key (vs Lucifer 128-bit) • and because design criteria were classified • subsequent events and public analysis show in fact design was appropriate • DES has become widely used, especially in financial applications Dr. Lo’ai Tawalbeh Fall 2005 DES Encryption Dr. Lo’ai Tawalbeh Fall 2005 7

  8. Initial Permutation IP • first step of the data computation • IP reorders the input data bits • even bits to LH half, odd bits to RH half • quite regular in structure (easy in h/w) • see text Table 3.2 • example: IP(675a6967 5e5a6b5a) = (ffb2194d 004df6fb) Dr. Lo’ai Tawalbeh Fall 2005 DES Round Structure • uses two 32-bit L & R halves • as for any Feistel cipher can describe as: L i = R i –1 R i = L i –1 xor F( R i –1 , K i ) • takes 32-bit R half and 48-bit subkey and: • expands R to 48-bits using perm E • adds to subkey • passes through 8 S-boxes to get 32-bit result • finally permutes this using 32-bit perm P Dr. Lo’ai Tawalbeh Fall 2005 8

  9. DES Round Structure Dr. Lo’ai Tawalbeh Fall 2005 Substitution Boxes S • have eight S-boxes which map 6 to 4 bits • each S-box is actually 4 little 4 bit boxes • outer bits 1 & 6 ( row bits) select one rows • inner bits 2-5 ( col bits) are substituted • result is 8 lots of 4 bits, or 32 bits • row selection depends on both data & key • feature known as autoclaving (autokeying) • example: S(18 09 12 3d 11 17 38 39) = 5fd25e03 Dr. Lo’ai Tawalbeh Fall 2005 9

  10. DES Key Schedule • forms subkeys used in each round • consists of: • initial permutation of the key (PC1) which selects 56-bits in two 28-bit halves • 16 stages consisting of: • selecting 24-bits from each half • permuting them by PC2 for use in function f, • rotating each half separately either 1 or 2 places depending on the key rotation schedule K Dr. Lo’ai Tawalbeh Fall 2005 DES Decryption • decrypt must unwind steps of data computation • with Feistel design, do encryption steps again • using subkeys in reverse order (SK16 … SK1) • note that IP undoes final FP step of encryption • 1st round with SK16 undoes 16th encrypt round • …. • 16th round with SK1 undoes 1st encrypt round • then final FP undoes initial encryption IP • thus recovering original data value Dr. Lo’ai Tawalbeh Fall 2005 10

  11. Avalanche Effect • A small change in the plaintext or the key should result in significant change in the ciphertext. It is a desirable property of encryption algorithm. • where a change of one input or key bit results in changing approx half output bits • making attempts to “home-in” by guessing keys impossible • DES exhibits strong avalanche effect Dr. Lo’ai Tawalbeh Fall 2005 Strength of DES – Key Size, DES Nature • 56-bit keys have 2 56 = 7.2 x 10 16 values • brute force search looks hard • recent advances have shown is possible • in 1997 on Internet in a few months • in 1998 on dedicated h/w (EFF) in a few days • in 1999 above combined in 22hrs! • now considering alternatives to DES • DES Algorithm Nature: The main concern was about the S-Boxes. No body discovered the weakness in them Dr. Lo’ai Tawalbeh Fall 2005 11

  12. Strength of DES – Timing Attacks • Attacks the actual implementation of the cipher • Observes how long it takes to decrypt a ciphertext using a certain implementation. • Uses the fact that calculations can take varying times depending on the value of the applied inputs. • Noticing the Hamming weight (# of 1’s). • DES is resistant to the timing attacks Dr. Lo’ai Tawalbeh Fall 2005 Differential Cryptanalysis • one of the most significant recent (public) advances in cryptanalysis • published in 1990 • powerful method to analyse block ciphers • used to analyse most current block ciphers with varying degrees of success • DES reasonably resistant to it Dr. Lo’ai Tawalbeh Fall 2005 12

  13. Differential Cryptanalysis • Finding the key by a chosen plaintext attack. • a statistical attack against Feistel ciphers • design of S-P networks has output of function f influenced by both input & key • hence cannot trace values back through cipher without knowing values of the key Dr. Lo’ai Tawalbeh Fall 2005 Differential Cryptanalysis Compares Pairs of Encryptions • with a known difference in the input • searching for a known difference in output • when same subkeys are used Dr. Lo’ai Tawalbeh Fall 2005 13

  14. Linear Cryptanalysis • another recent development • also a statistical method • must be iterated over rounds, with decreasing probabilities • developed by Matsui et al in early 90's • based on finding linear approximations • can attack DES with 2 47 known plaintexts, still in practise infeasible Dr. Lo’ai Tawalbeh Fall 2005 Block Cipher Design Principles • basic principles still like Feistel in 1970’s • number of rounds • more is better, exhaustive search best attack • function f: • provides “confusion”, is nonlinear, avalanche • key schedule • complex subkey creation, key avalanche Dr. Lo’ai Tawalbeh Fall 2005 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers Encryption Modes Encryption Modes Shift Cipher Brute%force attack can easily break Ahmet Burak Can Substitution Cipher Hacettepe University

191 views • 6 slides
Kryptographie Data Encryption Standard (DES) Uwe Egly Vienna University of Technology Institute

Kryptographie Data Encryption Standard (DES) Uwe Egly Vienna University of Technology Institute

Kryptographie Data Encryption Standard (DES) Uwe Egly Vienna University of Technology Institute of Information Systems Knowledge-Based Systems Group November 30, 2010 1 / 32 Block Ciphers Block ciphers (BCs) are symmetric-key algorithms

950 views • 32 slides
B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n

B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n

1 B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n is called a block cipher . The positive integer n denotes the block size ( block length ). 3 B.25 Remark and Convention The encryption

709 views • 67 slides
Cryptography and Network Encryption Standard Security All the afternoon Mungo had been working on

Cryptography and Network Encryption Standard Security All the afternoon Mungo had been working on

Chapter 3 Block Ciphers and the Data Cryptography and Network Encryption Standard Security All the afternoon Mungo had been working on Stern's Chapter 3 code, principally with the aid of the latest messages which he had copied down at the Nevin

289 views • 7 slides
Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Organisation Organisation Overview Block Ciphers Overview Block Ciphers Historic Ciphers Security of Block ciphers Historic Ciphers Security of Block ciphers Symmetric Ciphers Symmetric Ciphers Assume encryption and decryption use the

425 views • 5 slides
Breaking The FF3 Format- Preserving Encryption Standard Over Small Domains F. Betl Durak

Breaking The FF3 Format- Preserving Encryption Standard Over Small Domains F. Betl Durak

Breaking The FF3 Format- Preserving Encryption Standard Over Small Domains F. Betl Durak Serge Vaudenay 1 Block Ciphers {0,1} 128 0x149E00A50F0F00D6 K AES {0,1} 128 0xA4F22C1B78HE90A9 2 Block Ciphers {0,1} 128

1.32k views • 91 slides
Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the

1.11k views • 63 slides
T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES

T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES

T-79.159 Cryptography and Data Security Lecture 3: 3.1 Introduction to block ciphers 3.2 DES 3.3 IDEA 3.4 AES Kaufman et al: Chapter 3 Stallings: Chapters 3, 5 1 Block ciphers Confidentiality primitive Threat: recover the plaintext

774 views • 15 slides
Benefits of Cryptography Basic Cryptographic Scheme Improvement not a Solution! original

Benefits of Cryptography Basic Cryptographic Scheme Improvement not a Solution! original

Summary Substitution ciphers Permutations Making good ciphers Data Encryption Standard (DES)

454 views • 13 slides
Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers Thomas Peyrin 1

Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers Thomas Peyrin 1

TBCs and AE NSIV Generic Composition EPWC MAC CTRT Encryption Conclusion Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers Thomas Peyrin 1 Yannick Seurin 2 1 NTU, Singapore 2 ANSSI, France August 15, 2016

1.29k views • 102 slides
One Time Pad, Block Ciphers, Encryption Modes Ahmet Burak Can Hacettepe University

One Time Pad, Block Ciphers, Encryption Modes Ahmet Burak Can Hacettepe University

One Time Pad, Block Ciphers, Encryption Modes Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Information Security 1 Basic Ciphers Shift Cipher Brute&force attack can easily break Substitution Cipher Frequency

571 views • 35 slides
Classical Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter 1 Ciphers Symmetric

Classical Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter 1 Ciphers Symmetric

Classical Cryptography Chester Rebeiro IIT Madras CR STINSON : chapter 1 Ciphers Symmetric Algorithms Encryption and Decryption use the same key i.e. K E = K D Examples: Block Ciphers : DES, AES, PRESENT, etc. Stream

534 views • 40 slides
Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary

Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary

Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary Introduction Stream & Block Ciphers Block Ciphers Modes (ECB,CBC,OFB) Advanced Encryption Standard (AES) Message

243 views • 20 slides
Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers Yusuke Naito *

Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers Yusuke Naito *

Workshop on Cryptographic Hardware and Embedded Systems (CHES 2020) Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers Yusuke Naito * and Takeshi Sugawara ** * Mitsubishi Electric Corporation ** The University of

420 views • 22 slides
T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher

T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher

T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher confidentiality modes of operation Kaufman et al: Ch 4 Stallings: Ch 6, Ch 3 1 Stream ciphers Stream ciphers are generally faster than block

535 views • 12 slides
Advanced Encryption Standard different hardware implementations: 8 bit - 32 bit 1998 15

Advanced Encryption Standard different hardware implementations: 8 bit - 32 bit 1998 15

Advanced Encryption Standard (AES) Advanced Encryption Standard (AES) 1997 NIST call for candidate larger key size (bits): 128, 192, 256 larger block size (bits): 128 larger block size (bits): 128 Advanced Encryption Standard

733 views • 7 slides
Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length

Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length

Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the ciphertext block C i = E K ( M i ), and the results are concatenated to the

334 views • 8 slides
Fully Automated Differential Fault Analysis on Software Implementations of Block Ciphers Xiaolu

Fully Automated Differential Fault Analysis on Software Implementations of Block Ciphers Xiaolu

Fully Automated Differential Fault Analysis on Software Implementations of Block Ciphers Xiaolu Hou 1 , Jakub Breier 2 , Fuyuan Zhang 3 , and Yang Liu 2 1 National University of Singapore, Singapore 2 HP-NTU Digital Manufacturing Corporate Lab,

513 views • 26 slides
Cryptography and Cryptography and Network Security Network Security Chapter Chapter 3 3

Cryptography and Cryptography and Network Security Network Security Chapter Chapter 3 3

Cryptography and Cryptography and Network Security Network Security Chapter Chapter 3 3 Fourth Edition Fourth Edition by William Stallings by William Stallings Lecture slides by Lecture slides by Lawrie Lawrie Brown Brown Modern Block

1.07k views • 43 slides
Design Issues of Block Ciphers The objectives of this part is to show certain design issues of

Design Issues of Block Ciphers The objectives of this part is to show certain design issues of

Design Issues of Block Ciphers The objectives of this part is to show certain design issues of block ciphers. 1 Block Ciphers and Stream Ciphers A one-key cipher is a 5-tuple ( M , C , K , E k , D k ) , where M , C , K are respectively the

461 views • 12 slides
How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and

How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and

Introduction Cryptology Basics Detection Cryptanalysis The Word Case The Excel Case Conclusion How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and Break them Eric Filiol, filiol@esiea.fr ESIEA -

808 views • 64 slides
BLOCK CIPHERS 1 / 1 Permutations and Inverses A function f : { 0 , 1 } { 0 , 1 } is a

BLOCK CIPHERS 1 / 1 Permutations and Inverses A function f : { 0 , 1 } { 0 , 1 } is a

BLOCK CIPHERS 1 / 1 Permutations and Inverses A function f : { 0 , 1 } { 0 , 1 } is a permutation if there is an inverse function f 1 : { 0 , 1 } { 0 , 1 } satisfying x { 0 , 1 } : f 1 ( f ( x )) = x

1.05k views • 62 slides
Structural attacks on block ciphers Sondre Rnjom NSM/UiB September 2, 2017 1 Preliminaries 2

Structural attacks on block ciphers Sondre Rnjom NSM/UiB September 2, 2017 1 Preliminaries 2

Structural attacks on block ciphers Sondre Rnjom NSM/UiB September 2, 2017 1 Preliminaries 2 Subspaces in block ciphers 3 From subspace trails to invariant subspaces in Simpira 4 Zero-di ff erence cryptanalysis of AES Preliminaries Block

2.18k views • 146 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday & Friday, 9:00 10:30 William Stallings

670 views • 19 slides

More recommend