Professional Documents
Culture Documents
Block 3: Modern Symmetric Key Cryptography: Objectives
Block 3: Modern Symmetric Key Cryptography: Objectives
Block 3: Modern Symmetric Key Cryptography: Objectives
Objectives
Appreciate that many block ciphers are Feistel ciphers.
Be able to explain how a Feistel cipher works.
Be able to outline the architecture, modes of operation
and applications of the DES.
Be able to outline the architecture of the AES.
Feistel Ciphers
The plaintext is viewed as a pair of n bit words w , w . A
function f is chosen and the pair w , f (w ) w is formed,
where is bitwise addition modulo 2.
1
n bits
w1
w2
f ( w2 )
1 ROUND
w2 , f w2 w1
A Feistel cipher gets its strength from the fact that a number of
rounds involving non-linear transformations are applied to the
data.
Careful choice of the nonlinear functions can help ensure that
easy to solve sets of equations are unlikely to arise.
m0
fk1
+
fk2
m2
+
fk3
m3
+
fk4
+
m4
fk5
+
m5
fk6
+
m6
fk7
+
m7
m8
Encode
2
04
12
24
31
41
2
f2
03
12
24
32
40
00
12
23
30
43
f1
f3
1
Communication
Channel
Communication
Channel
f3
Decode
4
f1
03
12
24
32
40
04
12
24
31
41
f2
0,1
1,1
2,1
3,1
4,1
0,2
1,2
2,2
3,2
4,2
0,3
1,3
2,3
3,3
4,3
0,4
1,4
2,4
3,4
4,4
CORRESPONDING CIPHERTEXTS
0,4
3,0
2,4
4,0
2,1
0,2
3,3
1,1
4,3
3,1
2,2
0,0
4,4
1,4
4,1
0,1
2,0
0,3
3,4
1,2
1,3
3,2
1,0
4,2
2,3
2 64
28 bits
28 bits
48 bit subkey
10
+
fki
+
ki
32
48
48
48
32
32
11
DES Configuratons
They are defined in the ANSI Standard X3.106-1982, Modes
of Operation of the DEA.
ECB: Electronic Codebook
In this mode a 64 bit plaintext is encrypted once using one 56
bit DES key.
This mode is vulnerable to known plaintext attack by
exhaustive key search.
A symmetry means that there are only 2 keys to try. This is
a big number, but not so big that it is out of range of special
purpose hardware, or massively parallel processors.
55
Plain Text
Cipher Text
Input Block
Input Block
DES Encrypt
DES Decrypt
Output Block
Output Block
Cipher Text
Plain Text
12
2n
13
DES Encrypt
K3
DES Decrypt
DES Encrypt
K2
DES Decrypt
K1
DES Decrypt
Plain Text
DES Encrypt
Cipher Text
.
CBC: Cipher Block Chaining
In CBC mode, a random initialisation vector (IV) is transmitted
and also XORed with the first block of plaintext.
The result is then encrypted with DES and transmitted.
The result is also XORed with the next data block and the
process repeated.
CBC mode helps protect against certain attacks although not
against exaustive search or a technique called differential
analysis.
This is a useful technique for preventing an adversary from
building up a codebook of plaintext-ciphertext pairs.
It also prevent replay and deletions of single blocks, although
it does not provide full authentication.
In practice, CBC is a widely used mode of DES, and is
specified in several standards.
For additional security, one could use triple encryption with
CBC, but since single DES in CBC mode is usually
considered secure enough, triple encryption is not often used.
15
IV
IV
Plain Text
Plain Text
Plain Text
DES Encrypt
DES Encrypt
DES Encrypt
Cipher Text
Cipher Text
Cipher Text
DES Decrypt
DES Decrypt
DES Decrypt
Plain Text
Plain Text
Plain Text
16
17
18
19
Original picture
20
21
Weak Keys
In DES there are four keys for which encryption is exactly the
same as decryption so encrypting twice with one of these
weak keys recovers the original plaintext.
However, the number of weak keys is such a small fraction of
all possible keys that the chance of picking one at random is
very small so they pose no significant threat to security.
Algebraic Attacks
22
24
25
CTR: Counter
In both CTR encryption and CTR decryption, the forward
cipher functions can be performed in parallel.
Similarly, the plaintext block that corresponds to any particular
ciphertext block can be recovered independently from the
other plaintext blocks if the corresponding counter block can
be determined.
Moreover, the forward cipher functions can be applied to the
counters prior to the availability of the plaintext or ciphertext
data.
In Wi-Fi RSN the security protocol built around AES is called
Counter Mode CBC MAC Protocol or CCMP.
Basic counter mode does not provide any message
authentication, only encryption.
o Therefore, for RSN, additional capabilities are added.
26
27
29
30
Concluding Remarks
On 17 May 2005 software implementations of AES were
shown to be vulnerable to a timing attack.
o Timing attacks assumes that an attacker knows how long
a particular encryption operation takes.
o At the moment is not clear how serious a problem this
attack represents.
The recommended modes of operation of AES are ECB, CBC,
CFB, OFB and CTR, although many others have been
proposed.
The result of every step in the encryption process is
dependent on every bit of the key.
AES has very limited RAM and ROM memory requirements
and so is suitable for use in restricted-resource environments
such as smart cards.
o One current recommendation is for 3GPP AKA algorithms
is MILENAGE which is based on AES
It is likely to take several years for AES to replace DES.
It is important to note that AES is freely available worldwide.
31