Cryptography -- Block Ciphers
DES
Overview
• terms and principles • Claude Shannon
A few terms
• block cipher
• block of plaintext is treated as a whole & used to
produce a ciphertext block of equal length
• typical size: 64 bits
• most modern ciphers are block ciphers • stream cipher
• digital data is encrypted one bit (or one unit) at a time
Block vs Stream Ciphers
Q: What is a block cipher we have already
seen?
A: Playfair cipher. What is its block size?
A: 2 characters
Q: What are some stream ciphers we have
already seen?
Symmetric ciphers
Symmetric implies
ONE
key
Block Ciphers Features
•
Block size: in general
larger block
sizes mean greater security.
•
Key size:
larger key size means
greater security
(larger key space).
•
Number of rounds: multiple rounds
offer increasing security.
•
Encryption modes: define how
Basis of modern Block ciphers
• Claude Shannon- information theory • product cipher
• perform two or more ciphers in sequence so that
result (product) is cryptographically stronger than any component cipher
• alternate confusion & diffusion
• virtually all significant symmetric block ciphers currently
Shannon’s strategy
• thwart cryptanalysis that is based on statistical analysis • hacker has some knowledge of statistical characteristic of
plaintext
• if statistics are reflected in ciphertext, then analyst may be
able to deduce encryption key, or part of it
• in Shannon’s ideal cipher, statistics of ciphertext are
Shannon’s building blocks
• confusion
• make relation between statistics of ciphertext and the
value of the encryption key as complex as possible, to thwart attempts to discover the key.
• diffusion
• diffuse statistical property of plaintext digit across a
range of ciphertext digits
• i.e. each plaintext digits affects value of many
Shannon’s building blocks
• Shannon proposed product ciphers with two
components
• S-Boxes -- substitution
• providing confusion of input bits • P-Boxes -- permutation
Feistel cipher
• input plaintext of 2w bits
• key K = n sub-keys: K1, K2, …, Kn
• sequence of n “rounds” each using Ki
• substitution followed by a permutation
• apply function F(Ki) to right half of data, then
exclusive-OR it to left half of data
• permutation: interchange two result halves of data
Feistel cipher
•
Multiple rounds
•
round i input is L
i-1, R
i-1L
i= R
i-1R
i= (L
i-1XOR
F(R
i-1, K
i))
Feistel
Cipher
plaintext (2w bits)
w bits w bits
L0 R0
Round 1
K1
L1 R1
F +
Kn
Ln Rn
F +
Round n
. . .
. . .
Ln+1 Rn+1
Feistel cipher dependencies
• block size – increasing size increases security – 64 bits
common
• key size – increasing size improves security, – 128 bits
common
• number of rounds – 16 is typical
• subkey generation – complex generation makes
cryptanalysis harder
• round function – complex function is stronger
Feistel decryption
• same as encryption, except • ciphertext is input
• use keys in reverse order
• at each round the output is equal to the corresponding
value of the encryption process with the two halves of the value swapped
History of DES
• DES – Data Encryption Standard
• Horst Feistel at IBM developed LUCIFER • about 1971, sold to Lloyds of London
• Nat’l Bureau of Standards issued request for national
cipher standard
• IBM submitted (refined) LUCIFER
DES Characteristics
• Plaintext is 64 bits long • 16 rounds
• Key length is 56 bits
Initial Permutation IP
first step of the DES
IP reorders the input data bits
even bits to LH half, odd bits to RH half
quite regular in structure (easy in h/w)
no cryptographic value
DES cipher
• round i input is Li-1, Ri-1
L
i= R
i-1<----32 bits--->
Li-1
exp/perm to 48
S-box
permutation
Ri-1
<----32 bits--->
xor
KiLi Ri
--- 48 bits
--- 48 bits
--- 32 bits
--- 32 bits
One DES Round
Encryption (Round) (cont.)
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 45 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
Encryption (Round) (cont.)
F
S-box
Key Generation (cont.)
• Original Key: Key0
• Permuted Choice One: PC_1( ) • Permuted Choice Two: PC_2( ) • Schedule of Left Shift: SLS( ) •
• •
0
0
0
(
C
,
D
)
PC
_ 1(
Key
)
1
1
(
C D
i
,
i
)
SLS C
(
i
,
D
i
)
1
1
_ 2(
(
,
))
i
i
i
Decryption
• The same algorithm as
encryption.
• Reversed the order of key
(Key16, Key15, … Key1).
• For example:
• IP undoes IP-1 step of
encryption.
• 1st round with SK16
undoes 16th encrypt round.
Key property
• avalanche
• small change in plaintext or in key produces
significant change in ciphertext
• test for avalanche
DES controversy
• DES choice was intensely criticized:
• original LUCIFER key length was 128 bits, and DES
used 56 bit key (to fit on chip, they said)
• critics feared brute force attacks
• design criteria for the S-boxes was classified, so users
DES status
• no weak points have surfaced • DES is widely used
• 1994, NIST reaffirmed DES for federal use
• NIST recommends DES use for all except classified
information
• generally considered a sound standard • Need more security: use Triple DES
Cryptanalysis of DES
• increased computing speed has made a 56 bit key
susceptible to exhaustive key search
• demonstrated breaks:
• 1997 – taking a few months, a large network of
computers broke DES
• 1998 – Electronic Frontier Foundation broke DES in a
few days on dedicated hardware
1997 break
• RSA issued reward of $10,000 for finding a DES key, given
ciphertext for known and unknown plaintext
• solution found in 96 days – involved 70,000 computers on
the Internet
• an embarrassingly parallel problem – just divide the key
space being searched (brute force) each time a new computer joins in
References & Detailed readings
• Book: Cryptography and Network Security
by william stalling chapter 3
• Book: Cryptography and Network Security