Cryptography and Cryptography and Network Security Network - PowerPoint PPT Presentation

Cryptography and Cryptography and Network Security Network Security Chapter Chapter 3 3 Fourth Edition Fourth Edition by William Stallings by William Stallings Lecture slides by Lecture slides by Lawrie Lawrie Brown Brown

Modern Block Ciphers Modern Block Ciphers � � now look at modern block ciphers now look at modern block ciphers � � one of the one of the most widely used most widely used types of types of cryptographic algorithms cryptographic algorithms � provide provide secrecy /authentication secrecy /authentication services services � � focus on focus on DES DES (Data Encryption Standard) Data Encryption Standard) � � to illustrate block cipher design to illustrate block cipher design principles principles �

Block Block vs vs Stream Ciphers Stream Ciphers � � block ciphers process block ciphers process messages in blocks messages in blocks, , each of which is then each of which is then en/decrypted en/decrypted � like a substitution on very big characters like a substitution on very big characters � � 64 64-bits or more bits or more � � stream ciphers � stream ciphers process messages a process messages a bit or bit or byte byte at a time when en/decrypting at a time when en/decrypting � many many current ciphers current ciphers are are block ciphers block ciphers � � broader range of applications broader range of applications �

Illustration of Block Cipher Illustration of Block Cipher Technique Technique

Block Block vs vs Stream Ciphers Stream Ciphers

Block Block vs vs Stream Ciphers Stream Ciphers

Block Cipher Principles Block Cipher Principles � most most symmetric block ciphers are symmetric block ciphers are based based on a on a � Feistel Feistel Cipher Cipher Structure Structure � block ciphers block ciphers look like an look like an extremely large extremely large � substitution substitution � In general, In general, for an n for an n-bit ideal block cipher, the bit ideal block cipher, the � n x 2 n length of the key length of the key defined in this fashion is defined in this fashion is n x bits. bits.

Ideal Block Cipher Ideal Block Cipher

Claude Shannon and Substitution Claude Shannon and Substitution- Permutation Ciphers Permutation Ciphers � Claude Claude Shannon Shannon introduced idea of introduced idea of substitution substitution- � permutation (S-P) networks in permutation P) networks in 1949 1949 paper paper � form basis of modern block ciphers form basis of modern block ciphers � � � S-P nets P nets are are based based on the on the two two primitive primitive cryptographic cryptographic operations operations seen before: seen before: � substitution substitution (S-box) box) � � permutation permutation (P-box) box) � � � provide provide confusion confusion & & diffusion diffusion of message & key of message & key

Confusion and Diffusion Confusion and Diffusion � � cipher needs to completely obscure cipher needs to completely obscure statistical properties of original message statistical properties of original message � � a one a one-time pad does this time pad does this � � more practically Shannon suggested more practically Shannon suggested combining S & P elements to obtain: combining S & P elements to obtain: � � diffusion diffusion – dissipates statistical structure dissipates statistical structure of plaintext over bulk of of plaintext over bulk of ciphertext ciphertext � confusion confusion – makes relationship between makes relationship between � ciphertext ciphertext and key as complex as possible and key as complex as possible

Feistel Cipher Structure Feistel Cipher Structure � � partitions input block into two halves partitions input block into two halves � process through multiple rounds which process through multiple rounds which � � perform a substitution on left data half perform a substitution on left data half � � based on round function of right half & based on round function of right half & subkey subkey � � then have permutation swapping halves then have permutation swapping halves � � implements Shannon’s S implements Shannon’s S-P net concept P net concept �

Feistel Cipher Structure Feistel Cipher Structure

Feistel Cipher Design Elements Feistel Cipher Design Elements � block size block size � � key size key size � � � number of rounds number of rounds � subkey generation algorithm subkey generation algorithm � � � round function round function � fast software en/decryption fast software en/decryption � � ease of analysis ease of analysis �

Feistel Cipher Decryption Feistel Cipher Decryption

Data Encryption Standard (DES) Data Encryption Standard (DES) � � most most widely used widely used block cipher in world block cipher in world � adopted in adopted in 1977 1977 by NBS (now NIST) by NBS (now NIST) � � as FIPS PUB as FIPS PUB 46 46 � � encrypts encrypts 64 64-bit data using bit data using 56 56-bit key bit key � � has widespread use has widespread use �

DES History DES History � � IBM developed IBM developed Lucifer cipher Lucifer cipher � by team led by by team led by Feistel Feistel in late in late 60 60’s ’s � � used used 64 64-bit data blocks with bit data blocks with 128 128-bit key bit key � � then redeveloped as a commercial cipher then redeveloped as a commercial cipher � with input from NSA and others with input from NSA and others � � in in 1973 1973 NBS issued request for proposals NBS issued request for proposals for a national cipher standard for a national cipher standard � � IBM submitted their revised Lucifer which IBM submitted their revised Lucifer which was eventually accepted as the DES was eventually accepted as the DES

DES Encryption Overview DES Encryption Overview

Initial Permutation IP Initial Permutation IP � � first step of the data computation first step of the data computation � IP reorders the input data bits IP reorders the input data bits � � even bits to even bits to LH LH half, half, odd bits to odd bits to RH RH half half � � quite regular in structure (easy in h/w) � quite regular in structure (easy in h/w) � � example: example: IP( IP(675 675a a6967 5 6967 5e e5a6b5a) = a) = (-------- -------- 004 004df df6 6fb) fb)

Initial Permutation (IP) Initial Permutation (IP)

Initial Permutation IP Initial Permutation IP � � first step of the data computation first step of the data computation � � IP reorders the input data bits IP reorders the input data bits � � even bits to even bits to LH LH half, half, odd bits to odd bits to RH RH half half � quite regular in structure (easy in h/w) � quite regular in structure (easy in h/w) � example: example: � IP( IP(675 675a6967 5 6967 5e e5a6b5a) = (ffb a) = (ffb2194 2194d d 004 004df df6fb) fb)

DES Round Structure DES Round Structure � � uses two uses two 32 32-bit L & R halves bit L & R halves � as for any Feistel cipher can describe as: as for any Feistel cipher can describe as: � L i = = R i –1 R i = = L i –1 ⊕ F( F( R i –1 , , K i ) � F takes F takes 32 32-bit R half and bit R half and 48 48-bit subkey: bit subkey: � � expands R to expands R to 48 48-bits using perm E bits using perm E � � adds to subkey using XOR adds to subkey using XOR � � passes through passes through 8 8 S S-boxes to get boxes to get 32 32-bit result bit result � � finally permutes using finally permutes using 32 32-bit perm P bit perm P �

Single Round of DES Single Round of DES Algorithm Algorithm

Calculation of F(R, K) Calculation of F(R, K)

The Expansion Permutation E

DES Expansion Permutation DES Expansion Permutation � R half expanded to same length as R half expanded to same length as 48 48-bit bit � subkey subkey � consider R as consider R as 8 8 nybbles nybbles (4 4 bits each) bits each) � � expansion permutation expansion permutation � � copies each copies each nybble nybble into the middle of a into the middle of a 6-bit bit � block block � copies the end bits of the two adjacent copies the end bits of the two adjacent � nybbles nybbles into the two end bits of the into the two end bits of the 6-bit block bit block

Calculation of F(R, K) Calculation of F(R, K)

Substitution Boxes S Substitution Boxes S � � have eight S have eight S-boxes which map boxes which map 6 6 to to 4 4 bits bits � each S each S-box is actually box is actually 4 4 little little 4 4 bit boxes bit boxes � � outer bits outer bits 1 1 & & 6 6 ( row row bits) bits) select one row of select one row of 4 4 � � inner bits inner bits 2-5 5 ( col col bits) bits) are substituted are substituted � � result is result is 8 8 lots of lots of 4 4 bits, or bits, or 32 32 bits bits � � row selection depends on both data & key row selection depends on both data & key � � feature known as autoclaving ( feature known as autoclaving (autokeying autokeying) �