Computer and Data Security. Lecture 3 Block cipher and DES

Similar documents
Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Cryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái

Cryptographic Algorithms - AES

Symmetric Cryptography. Chapter 6

Lecture 4: Symmetric Key Encryption

CPSC 467b: Cryptography and Computer Security

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Block Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1

CPSC 467b: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

Lecture 3: Symmetric Key Encryption

Chapter 3 Block Ciphers and the Data Encryption Standard

Cryptography and Network Security. Sixth Edition by William Stallings

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Fundamentals of Cryptography

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

CSCE 813 Internet Security Symmetric Cryptography

Block Encryption and DES

Modern Symmetric Block cipher

Block Ciphers. Secure Software Systems

Network Security Essentials

Network Security Essentials Chapter 2

CSc 466/566. Computer Security. 6 : Cryptography Symmetric Key

Symmetric Encryption Algorithms

Block Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan

Introduction to Modern Symmetric-Key Ciphers

Stream Ciphers and Block Ciphers

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Symmetric Encryption. Thierry Sans

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Data Encryption Standard (DES)

Symmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.

Stream Ciphers and Block Ciphers

Cryptography and Network Security. Sixth Edition by William Stallings

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009

Secret Key Algorithms (DES)

Cryptography and Network Security

Modern Block Ciphers

3 Symmetric Cryptography

Week 5: Advanced Encryption Standard. Click

Cryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

CSC 474/574 Information Systems Security

Computer Security 3/23/18

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Cryptography MIS

Symmetric Cryptography. CS4264 Fall 2016

Lecture 4. Encryption Continued... Data Encryption Standard (DES)

Lecture 2: Secret Key Cryptography

Content of this part

Network Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar

Cryptography Functions

P2_L6 Symmetric Encryption Page 1

Secret Key Cryptography

CSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

AIT 682: Network and Systems Security

Symmetric Cryptography

Chapter 6: Contemporary Symmetric Ciphers

Symmetric Key Cryptography

Lecture 5. Encryption Continued... Why not 2-DES?

CENG 520 Lecture Note III

Data Encryption Standard

7. Symmetric encryption. symmetric cryptography 1

Conventional Encryption: Modern Technologies

Computational Security, Stream and Block Cipher Functions

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Symmetric Cryptography CS461/ECE422

CIS 4360 Secure Computer Systems Symmetric Cryptography

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

Data Encryption Standard

CPS2323. Block Ciphers: The Data Encryption Standard (DES)

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Week 4. : Block Ciphers and DES

Key Separation in Twofish

UNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan

Block Ciphers and Stream Ciphers. Block Ciphers. Stream Ciphers. Block Ciphers

Information Security and Cryptography 資訊安全與密碼學. Lecture 6 April 8, 2015 洪國寶

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2018

PGP: An Algorithmic Overview

EEC-484/584 Computer Networks

Encryption Details COMP620

CIT 380: Securing Computer Systems. Symmetric Cryptography

Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

CSE 127: Computer Security Cryptography. Kirill Levchenko

Making and Breaking Ciphers

APNIC elearning: Cryptography Basics

Cryptography and Network Security

CS 392/681 Computer Security. Module 1 Private Key Cryptography

Winter 2011 Josh Benaloh Brian LaMacchia

Darshan Institute of Engineering & Technology Page Information Security (IS) UNIT-2 Conventional Encryption Techniques

A SIMPLIFIED IDEA ALGORITHM

Cryptography III: Symmetric Ciphers

Cryptography [Symmetric Encryption]

Goals of Modern Cryptography

Crypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion

Cryptography Symmetric Encryption Class 2

Transcription:

Computer and Data Security Lecture 3 Block cipher and DES

Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach for stream cipher: Key (K) used as input to bit-stream generator algorithm Algorithm generates cryptographic bit stream (k i ) used to encrypt plaintext Users share a key; use it to generate keystream

Stream Ciphers

Block Ciphers l Encrypt a block of plaintext as a whole to produce same sized ciphertext l Typical block sizes are 64 or 128 bits l Modes of operation used to apply block ciphers to larger plaintexts

Reversible and Irreversible Mappings l n-bit block cipher takes n bit plaintext and produces n bit ciphertext l 2 n possible different plaintext blocks l Encryption must be reversible (decryption possible) l Each plaintext block must produce unique ciphertext block l Total transformations is 2 n!

Reversible and Irreversible Mappings

Ideal Block Cipher l n-bit input maps to 2n possible input states l Substitution used to produce 2n output states l Output states map to n-bit output l Ideal block cipher allows maximum number of possible encryption mappings from plaintext block l Problems with ideal block cipher: Small block size: equivalent to classical substitution cipher; cryptanalysis based on statistical characteristics feasible Large block size: key must be very large; performance/ implementation problems

General Block Substitution

Encryption/Decryption Tables

Feistel Structure for Block Ciphers l Feistel proposed applying two or more simple ciphers in sequence so final result is cryptographically stronger than component ciphers l n-bit block length; k-bit key length; 2 k transformations l Feistel cipher alternates: substitutions, transpositions (permutations) l Applies concepts of diffusion and confusion l Applied in many ciphers today

Feistel Structure for Block Ciphers l Approach: Plaintext split into halves Subkeys (or round keys) generated from key Round function, F, applied to right half Apply substitution on left half using XOR Apply permutation: interchange to halves

Diffusion and Confusion Diffusion Statistical nature of plaintext is reduced in ciphertext E.g. A plaintext letter affects the value of many ciphertext letters How: repeatedly apply permutation (transposition) to data, and then apply function Confusion Make relationship between ciphertext and key as complex as possible Even if attacker can find some statistical characteristics of ciphertext, still hard to find key How: apply complex (non-linear) substitution algorithm

Feistel Encryption and Decryption

Using the Feistel Structure l Exact implementation depends on various design features Block size, e.g. 64, 128 bits: larger values leads to more diffusion Key size, e.g. 128 bits: larger values leads to more confusion, resistance against brute force Number of rounds, e.g. 16 rounds Subkey generation algorithm: should be complex Round function F : should be complex l Other factors include fast encryption in software and ease of analysis l Trade-off: security vs performance

Data Encryption Standard l Symmetric block cipher 56-bit key, 64-bit input block, 64-bit output block l One of most used encryption systems in world Developed in 1977 by NBS/NIST Designed by IBM (Lucifer) with input from NSA Principles used in other ciphers, e.g. 3DES, IDEA l Simplified DES (S-DES) Cipher using principles of DES Developed for education (not real world use)

Simplified DES l Input (plaintext) block: 8-bits l Output (ciphertext) block: 8-bits l Key: 10-bits l Rounds: 2 l Round keys generated using permutations and left shifts l Encryption: initial permutation, round function, switch halves l Decryption: Same as encryption, except round keys used in opposite order

S-DES Algorithm

S-DES Operations

S-DES Operations

S-DES Key Generation

S-DES Encryption Details

S-DES S-Boxes S-DES (and DES) perform substitutions using S-Boxes S-Box considered as a matrix: input used to select row/column; selected element is output 4-bit input: bit1, bit2, bit3, bit4 bit1bit4 specifies row (0, 1, 2 or 3 in decimal) bit2bit3 specifies column 2-bit output

S-DES Summary l Educational encryption algorithm l S-DES expressed as functions: ciphertext = IP 1 (f K2 (SW (f K1 (IP (plaintext))))) plaintext = IP 1 (f K1 (SW (f K2 (IP (ciphertext))))) l Security of S-DES: 10-bit key, 1024 keys: brute force easy If know plaintext and corresponding ciphertext, can we determine key? Very hard

Comparing DES and S-DES

General DES Encryption Algorithm

Permutation Tables for DES

Permutation Tables for DES

Single Round of DES Algorithm

Calculation of F(R,K)

Definition of DES S-Boxes

Definition of DES S-Boxes

DES Key Schedule Calculation

Key Size l Although 64 bit initial key, only 56 bits used in encryption (other 8 for parity check) l 2 56 =7.2 10 16 1977: estimated cost $US20m to build machine to break in 10 hours 1998: EFF built machine for $US250k to break in 3 days Today: 56 bits considered too short to withstand brute force attack l 3DES uses 128-bit keys

Attacks on DES Timing Attacks Information gained about key/plaintext by observing how long implementation takes to decrypt No known useful attacks on DES Differential Cryptanalysis Observe how pairs of plaintext blocks evolve Break DES in 2 47 encryptions (compared to 255); but require 2 47 chosen plaintexts Linear Cryptanalysis Find linear approximations of the transformations Break DES using 2 43 known plaintexts

DES Algorithm Design l DES was designed in private; questions about the motivation of the design S-Boxes provide non-linearity: important part of DES, generally considered to be secure S-Boxes provide increased confusion Permutation P chosen to increase diffusion

Multiple Encryption with DES l DES is vulnerable to brute force attack l Alternative block cipher that makes use of DES software / equipment / knowledge: encrypt multiple times with different keys l Options: 1. Double DES: not much better than single DES 2. Triple DES (3DES) with 2 keys: brute force 2 112 3. Triple DES with 3 keys: brute force 2 168

Double Encryption For DES, 2 56-bit keys, meaning 112-bit key length Requires 2 111 operations for brute force? Meet-in-the-middle attack makes it easier

Meet-in-the-Middle Attack l l Double DES Encryption: C=E(K 2,E(K 1,P)) Say X=E(K 1,P)=D(K 2,C) l Attacker knows two plaintext, ciphertext pairs (P a,c a ) and (P b,c b ) 1. Encrypt P a using all 2 56 values of K 1 to get multiple values of X 2. Store results in table and sort by X l l 3. Decrypt C a using all 2 56 values of K 2 4. As each decryption result produced, check against table 5. If match, check current K 1,K 2 on C b. If P b obtained, then accept the keys With two known plaintext, ciphertext pairs, probability of successful attack is almost 1 Encrypt/decrypt operations required: 2 56 (twice as many as single DES)

Triple Encryption 2 keys, 112 bits 3 keys, 168 bits Why E-D-E? To be compatible with single DES: C = E(K 1, D(K 1, E(K 1, P))) = E(K 1, P)

Advanced Encryption Standard l NIST called for proposals for new standard in 1997 Aims: security, efficient software/hardware implementations, low memory requirements, parallel processing Candidate algorithms from around the world Rijndael chosen, standard called AES created in 2001

Advanced Encryption Standard l AES: Block size: 128 bits (others possible) Key size: 128, 192, 256 bits Rounds: 10, 12, 14 (depending on key) Operations: XOR with round key, substitutions using S-Boxes, mixing using Galois Field arithmetic l Widely used in file encryption, network communications l Generally considered secure l See textbook for details (including S-AES)

Other Symmetric Encryption Algorithms l Blowfish (Schneier, 1993): 64 bit blocks/32 448 bit keys; Feistel structure l Twofish (Schneier et al, 1998): 128/128, 192, 256; Feistel structure l Serpent (Anderson et al, 1998): 128/128, 192, 256; Substitution-permutation network l Camellia (Mitsubishi/NTT, 2000): 128/128, 192, 256; Feistel structure l IDEA (Lai and Massey, 1991): 64/128

Other Symmetric Encryption Algorithms l CAST-128 (Adams and Tavares, 1996): 64/40 128; Feistel structure l CAST-256 (Adams and Tavares, 1998): 128/up to 256; Feistel structure l RC5 (Rivest, 1994): 32, 64 or 128/up to 2040; Feistel-like structure l RC6 (Rivest et al, 1998): 128/128, 192, 256; Feistel structure

Cryptanalysis on Block Ciphers l l l l Known data: chosen pairs of (plaintext, ciphertext) MITM: Meet-in-the-middle Lucks: S. Lucks, Attacking Triple Encryption, in Fast Software Encryption, Springer, 1998 Biclique: Bogdanov, Khovratovich and Rechberger, Biclique Cryptanalysis of the Full AES, in ASIACRYPT2011, Springer, 2011

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback