Professional Documents
Culture Documents
04-Block Ciphers Des
04-Block Ciphers Des
2
Block Ciphers
◼ Input: a plaintext block of n bits
◼ Output: a ciphertext block of n bits
◼ 2n possible plaintext blocks
◼ 2n! possible mapping between plaintext
and ciphertext
◼ Reversible/nonsingular encryption
Each has unique ciphertext
◼ Irreversible/singular
More than one plaintext → same ciphertext
3
Reversible VS Irreversible
Reversible Mapping Irreversible Mapping
Plaintext Ciphertext Plaintext Ciphertext
00 11 00 11
01 10 01 10
10 00 10 01
11 01 11 01
4
Ideal Block Cipher
5
Ideal Block Cipher
Encryption Table Decryption Table
6
Key Length for the Ideal
Block Cipher
◼ In previous example, key is mapping
◼ Key length 16 × 4 bits = 64 bits
i.e., concatenate all bits of ciphertext table
◼ In general, key length is 2n × n
◼ Actual block size is at least 64 bits
◼ Key length will be 264 × 64 ≈ 1021 bits
7
Block Ciphers are built on Iteration
Key 𝑘
Key expansion
𝑘1 𝑘2 𝑘3 𝑘n
𝒎 𝑚1 𝑚2 𝑚3 𝒄
𝑹(𝒌𝟏 , . ) 𝑹(𝒌𝟐 , . ) 𝑹(𝒌𝟑 , . ) 𝑹(𝒌𝒏 , . )
9
Substitution vs. Permutation
◼ Substitution: Each plaintext element is
uniquely replaced by a corresponding
ciphertext element.
◼ Permutation: a sequence of plaintext
elements is replaced by a permutation of
that sequence. That is, no elements are
added or deleted or replaced.
10
Diffusion
◼ Each plaintext digit affects the value of
many ciphertext digits
◼ Ciphertext has nearly equal letter
frequency compared to plaintext
◼ Achieved by multiple permutations
followed by applying a function
11
Confusion
◼ Maximize complexity of the relation
between key and ciphertext statistics
◼ Achieved by using complex substitution
algorithms
12
Feistel Cipher Structure
◼ Input
plaintext block of length 2w
key K
◼ Plaintext block divided to LE0, RE0
◼ Pass thru n rounds of processing
◼ Each round i has
LEi-1,
REi-1 derived from previous round
subkey Ki derived from overall K
13
Output (plaintext)
Input (plaintext)
LE0 RE0 LD16 = RE0 RD16 = LE0
Round 16
Round 1
F K1
F K1
Round 15
Round 2
F K2
F K2
Feistel Cipher Structure
LE2 RE2 LD14 = RE2 RD14 = LE2
Round 15
Round 2
F K15
F K15
Round 1
F K16
F K16
LE17 RE17
Output (ciphertext)
15
Feistel Decryption Algorithm
◼ Ciphertext is used as input
◼ Use subkeys Ki in reverse order
◼ Same algorithm is used
◼ Notation
LEi : left half in encryption algorithm
REi : right half in encryption algorithm
LDi : left half in decryption algorithm
RDi : right half in decryption algorithm
16
Feistel Network & Inverse
n bits
◼ 𝑅𝑖 = ? , 𝐿𝑖 = ? 𝑅𝑖−1 𝑅𝑖
◼ 𝑅𝑖 = 𝑓𝑖 𝑅𝑖−1 ⊕ 𝐿𝑖−1
𝒇𝐢
n bits
𝐿𝑖−1 𝐿𝑖
◼ 𝐿𝑖 = 𝑅𝑖−1 ⊕
◼ Inverse?
Feistel Network & Inverse
n bits
◼ 𝑅𝑖 = ? , 𝐿𝑖 = ? 𝑅𝑖−1 𝑅𝑖
◼ 𝑅𝑖 = 𝑓𝑖 𝑅𝑖−1 ⊕ 𝐿𝑖−1 𝒇𝐢
n bits
◼ 𝐿𝑖 = 𝑅𝑖−1 𝐿𝑖−1 𝐿𝑖
⊕
◼ Inverse? ⊕
n bits
𝑅𝑖+1 𝑅𝑖
◼ 𝑅𝑖 = ? , 𝐿𝑖 = ? 𝒇𝐢+𝟏
n bits
◼ 𝑅𝑖 = 𝐿𝑖+1 𝐿𝑖+1 𝐿𝑖
◼ 𝐿𝑖 = 𝑅𝑖+1 ⊕ 𝑓𝑖+1 (𝐿𝑖+1 )
Feistel Example
Encryption round Decryption round
F(03A6, 12DE52)
[F(03A6, 12DE52) DE7F]
DE7F 03A6 03A6 = DE7F
Round 15
Round 2
F 12DE52
F 12DE52
◼ Key size
larger: greater security (brute-force resist)
smaller: faster encryption, decryption
typical: 128 bit
20
Design Parameters
◼ Number of rounds
multiple rounds increase security
typical: 16
21
Data Encryption Standard (DES)
◼ Issued in 1977 by the National Bureau of
Standards (now NIST)
◼ Was the most widely used encryption scheme
until the introduction of the Advanced
Encryption Standard (AES) in 2001
◼ Algorithm itself is referred to as the Data
Encryption Algorithm (DEA)
Data are encrypted in 64-bit blocks using a 56-bit
key
The algorithm transforms 64-bit input in a series
of steps into a 64-bit output
The same steps, with the same key, are used to
reverse the encryption
DES Encryption
◼ 64-bit plaintext block
◼ 56-bit key
◼ Exact structure as Feistel except
initialpermutation of plaintext
final permutation of last round’s output
23
DES Security
◼ 1977
estimated brute-force attack
cost: ~ $20 million Must be able to
recognize plaintext!
time: ~ 10 hours
◼ 1998
DES definitely proved insecure
EFF designed “DES Cracker”
cost: < $250,000
time: < 3 days
24
Avalanche Effect
◼ Small change in P → large change in C
◼ 1 bit change in P/K → many bit change in C
◼ Makes cryptanalysis more difficult
◼ DES exhibits strong avalanche effect
25
Avalanche Effect – Example
◼ Two plaintexts used, with 1 bit difference
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
28
Reading Assignment
◼ Textbook
chapter 4
◼ 4.1, 4.2, 4.3
29