Secret Key Algorithms (DES)

Similar documents
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

Symmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Lecture 4: Symmetric Key Encryption

Lecture 3: Symmetric Key Encryption

Cryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CSc 466/566. Computer Security. 6 : Cryptography Symmetric Key

Computer and Data Security. Lecture 3 Block cipher and DES

Secret Key Cryptography (Spring 2004)

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Data Encryption Standard (DES)

Chapter 3 Block Ciphers and the Data Encryption Standard

CSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms

Computational Security, Stream and Block Cipher Functions

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2018

Block Encryption and DES

Symmetric Cryptography. Chapter 6

P2_L6 Symmetric Encryption Page 1

Secret Key Cryptography

Introduction to Cryptography. Lecture 2. Benny Pinkas. Perfect Cipher. Perfect Ciphers. Size of key space

Fundamentals of Cryptography

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

CSC 474/574 Information Systems Security

AIT 682: Network and Systems Security

UNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan

Applied Cryptography Data Encryption Standard

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

Network Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar

Encryption Details COMP620

Network Security Essentials Chapter 2

Introduction to Modern Symmetric-Key Ciphers

Block Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan

7. Symmetric encryption. symmetric cryptography 1

L3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015

Computer Security CS 526

Symmetric Encryption Algorithms

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Secret Key Cryptography

Report on Present State of CIPHERUNICORN-A Cipher Evaluation (full evaluation)

3 Symmetric Cryptography

New Kid on the Block Practical Construction of Block Ciphers. Table of contents

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Symmetric Cryptography

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

CSCE 813 Internet Security Symmetric Cryptography

Symmetric Encryption. Thierry Sans

Symmetric Key Cryptosystems. Definition

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

Modern Block Ciphers

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Week 4. : Block Ciphers and DES

Computer Security 3/23/18

Goals of Modern Cryptography

Chapter 6: Contemporary Symmetric Ciphers

Modern Symmetric Block cipher

Cryptography Functions

Block Ciphers and Stream Ciphers. Block Ciphers. Stream Ciphers. Block Ciphers

Cryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles

CENG 520 Lecture Note III

On the Security of the 128-Bit Block Cipher DEAL

Practical Aspects of Modern Cryptography

Data Encryption Standard

Cryptography and Network Security. Sixth Edition by William Stallings

CIS 6930/4930 Computer and Network Security. Project requirements

Data Encryption Standard

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Network Security Essentials

Winter 2011 Josh Benaloh Brian LaMacchia

Jordan University of Science and Technology

CPS2323. Block Ciphers: The Data Encryption Standard (DES)

Lecture 3: Block Ciphers and the Data Encryption Standard. Lecture Notes on Computer and Network Security. by Avi Kak

Lecture 1 Applied Cryptography (Part 1)

Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

The Rectangle Attack

Cryptography [Symmetric Encryption]

Linear Cryptanalysis of FEAL 8X Winning the FEAL 25 Years Challenge

Conventional Encryption: Modern Technologies

Stream Ciphers - RC4. F. Sozzani, G. Bertoni, L. Breveglieri. Foundations of Cryptography - RC4 pp. 1 / 16

Block Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1

Geldy : A New Modification of Block Cipher

Jaap van Ginkel Security of Systems and Networks

Syrvey on block ciphers

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

Cryptanalysis. Ed Crowley

Technological foundation

Lecture 2: Secret Key Cryptography

Cryptography ThreeB. Ed Crowley. Fall 08

EEC-484/584 Computer Networks

Double-DES, Triple-DES & Modes of Operation

Cryptography and Network Security

A SIMPLIFIED IDEA ALGORITHM

Cryptography III: Symmetric Ciphers

Cryptography and Network Security. Sixth Edition by William Stallings

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General Considerations:

ENEE 457: Computer Systems Security 09/12/16. Lecture 4 Symmetric Key Encryption II: Security Definitions and Practical Constructions

Transcription:

Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34

Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption. therefore the key must be known only by the two communicating parties and kept secret to everybody else Foundations of Cryptography - Secret Key pp. 2 / 34

Block and Stream Cipher there are two main families of symmetric key algorithms: block ciphers input is a string of bits, generally 64 bits string is input in parallel stream ciphers input is a single bit / byte or a 32 bit word bits are input serially today block ciphers are more common Foundations of Cryptography - Secret Key pp. 3 / 34

Structure of a Block Cipher block cipher is divided into two distinct parts: key schedule data path secret key KEY SCHEDULE plaintext DATA PATH ciphertext Foundations of Cryptography - Secret Key pp. 4 / 34

Data Path in order to have a regular structure the data path consists of a function called round, which is repeated for a fixed number of times having two or more rounds is a necessity, since no sufficiently simple function has ever been found so far that exhibits the required confusion / diffusion property in a single round Foundations of Cryptography - Secret Key pp. 5 / 34

Key Schedule the key schedule algorithm processes the secret key and derives from it a number of so-called round keys each round key is used in one round the rationale behind the idea of using round keys, is that of stressing the dependence of each bit of the cipher text from every bit of the secret key Foundations of Cryptography - Secret Key pp. 6 / 34

Block Cipher Structure PLAINTEXT SECRET KEY ROUND 0 ROUND KEY 0 ROUND 1 ROUND KEY 1 KEY SCHEDULE ROUND 9 ROUND KEY 9 ROUND 10 ROUND KEY 10 ENCRYPTED DATA Foundations of Cryptography - Secret Key pp. 7 / 34

Example the most popular block cipher is the Data Encryption Standard (DES) it was designed in the 70 s by IBM and revised by NSA (US National Security Agency) the design of DES was directly commissioned by the US government Foundations of Cryptography - Secret Key pp. 8 / 34

DES Structure DES is divided in two parts: key schedule data path block size is 64 bits secret key size is formally 64 bits actually only 56 bits are used a real key the round function is inspired by the so-called Feistel function Foundations of Cryptography - Secret Key pp. 9 / 34

Feistel Round Function depending on the properties of the function, the round is iterated a certain number of times function f does not need to be invertible! this can be proved by deriving the equations of L i and R i as functions of L i+1 and R i+1 L i + f R i ROUND KEY L i+1 R i+1 Foundations of Cryptography - Secret Key pp. 10 / 34

DES Structure the DES round is iterated 16 times an initial permutation is applied before the first round is just a bit rearrangement is unuseful for security but helps HW design before outputting ciphertext, the inverse of the initial permutation is applied Foundations of Cryptography - Secret Key pp. 11 / 34

DES Round 32 four transformations compose the f function of DES: expansion (EBOX) key addition substitution box (SBOX) permutation S 1 S 2 S 3 EXPANSION + 48 48 S 4 S 5 32 PERMUTATION 32 48 S 6 ROUND KEY S 7 S 8 Foundations of Cryptography - Secret Key pp. 12 / 34

DES Expansion the right word R i of the input text is expanded from 32 bits to 48 bits EBOX simply duplicates some bits, those in positions 1, 4, 5, 9, 10, 14, 15, 32 1 2 3 4 5 6 7 8 9 10. 48 1 2 3 4 5 6 7 8 9 10 11 12.. Foundations of Cryptography - Secret Key pp. 13 / 34

DES SBOX SBOX design criteria are undisclosed the only way for representing a SBOX is through the use of a look-up table the 8 SBOXes of DES are all different from one another and named S1 S8 all the SBOXes take a 6 bit input and return a 4 bit output Foundations of Cryptography - Secret Key pp. 14 / 34

DES Permutation the 32 bits output of the array of 8 SBOXes are permuted all the bits are used once no bit is discharged it is a simple rearrangement of the bits Foundations of Cryptography - Secret Key pp. 15 / 34

SECRET KEY DES Key Schedule 64 PC - 1 56 C 0 D 0 DES key schedule is very simple has the property of giving back the original secret key as final output SUB KEY 1... 48 28 28 LS 1 LS 1 C 1 D 1 28 28 PC - 2 LS 2 LS 2 28 28...... 28 28 LS 16 LS 16 SUB KEY 16 48 PC - 2 C 16 D 16 28 28 Foundations of Cryptography - Secret Key pp. 16 / 34

DES Key Schedule secret key has nominally 64 bits, but the 8 th bit of every byte is used as parity bit PC-1 function extracts 56 bits by discarding the parity bit of every byte of the secret key PC-2 function extracts a fixed set of bits in order to obtain a round key of 48 bits the secret key is shifted by one bit position for rounds 1, 2, 9 and 16, and by two bit positions in the remaining rounds Foundations of Cryptography - Secret Key pp. 17 / 34

DES Decryption DES decryption is essentially the same function as encryption in order to decrypt a DES ciphertext, it suffices to apply the 16 encryption round functions and simply feed the round keys in reverse order this property is a consequence of the structure of Feistel networks Foundations of Cryptography - Secret Key pp. 18 / 34

Weak keys The secret key should be randomly chosen, but there are some particular values that should not be used 4 Weak keys: all 0, all 1, half 0 half 1 E k (E k (x))=x 12 Semi weak keys: In the form 7 zeros, 7 ones combinations 0000000 11111111 0000000 1111111 E k2 (E k1 (x))=x

Other Facts Fixed Points There are 2^32 P such that E k (P)=P, with k a weak key Complementation property E k (P)= C => E k (P )= C where A = not(a)

How to Test Security is a block cipher secure? consider key space and block size, is brute force attack feasible? consider mathematical attacks consider implementation attacks these are the minimal tests that a block cipher should pass, to be accepted as practically secure Foundations of Cryptography - Secret Key pp. 21 / 34

How to Break DES due to the computational power of supercomputers available today, or of specialised parallel hardware, DES is unsecure brute force attack: give a ciphertext and a plaintext how much does it take to try all the keys? 2 56 encryptions! Foundations of Cryptography - Secret Key pp. 22 / 34

Brute Force Attack Estimation how many days does it take to compute 2 56 encryptions? if 1 encryption per millisecond 833.999.931 days per microsecond 833.999 days per nanosecond 833 days If 100 devices in parallel 8 days solutions? 3DES or change the algorithm Foundations of Cryptography - Secret Key pp. 23 / 34

Trade of Time and Memory Space one could think of tabulating all the possible encryption operations select a plaintext P and encrypt it with all the possible keys: 64 bits 2 56 memory space = 4,611,686,018,427,387,904 bits = 524,288 TBytes force plaintext P, get ciphertext and find the corresponding key in the data base Foundations of Cryptography - Secret Key pp. 24 / 34

Triple DES (3DES) triple DES is the application of DES three times, with 3 different secret keys the most used version is EDE: first Encryption second Decryption finally Encryption again EEE is the another possibility Foundations of Cryptography - Secret Key pp. 25 / 34

Triple DES (3DES) 3DES is interesting since no changes to the basic algorithm are required, just a reuse of the available HW / SW sometimes 3DES is used with only two keys (called two key 3DES): C = E k1 ( D k2 ( E k1 ( P ) ) ) Foundations of Cryptography - Secret Key pp. 26 / 34

Security consider 2DES (version EE), which is the application of DES two times with two different keys a simple brute force attack to 2DES costs 2 56 2 56 = 2 112 DES encryptions similarly, a brute force attack to 3DES with two keys costs 2 112 DES encryptions but there is another attack, called meet-inthe-middle, that can trade time with memory Foundations of Cryptography - Secret Key pp. 27 / 34

Attack Meet-in-the-Middle (2DES) give a pair plaintext-ciphertext (P, C) for every key k i compute A i = Enc ki (P) and store A i cost is 2 56 encryptions and 2 56 memory cells for every key k j compute B j = Dec kj (C) and for every i check all the equality A i = B j if equality A i = B j holds store the key pair (ki, kj) cost is 2 56 decryptions, no need of storing there is now a set of candidate key pairs (ki, kj) with a second plain-ciphertext pair (P,C ), check which key pair (ki, kj) is the right one total cost is 2 56 encryptions, 2 56 decryptions (thus 2 57 operations), and 2 56 memory cells Foundations of Cryptography - Secret Key pp. 28 / 34

Impact on 2DES and 3DES with meet-in-the-middle, attacking 2DES costs 2 56 + 2 56 = 2 57 DES encryptions, plus 2 56 memory cells similarly, with meet-in-the-middle the cost of breaking 3DES (with two keys) is about of 2 112 operations (encryptions and decryptions) and 2 56 memory cells therefore the idea of chaining two or more encryptions with different keys is not so good as it may seem at a first glance Foundations of Cryptography - Secret Key pp. 29 / 34

Hardware Speed-Up if the throughput is not satisfactory, it is possible to pipeline the round, in order to increase the clock frequency generally the round is divided into two or three stages Foundations of Cryptography - Secret Key pp. 30 / 34

Hardware Speed-Up if time latency is the constraint, instead of throughput, it is possible to execute two rounds per clock cycle but only if the critical path allows it Foundations of Cryptography - Secret Key pp. 31 / 34

Software Implementation DES is not software-friendly, as there are many bit-oriented operations all the substitutions of DES are stored in precomputed tables key schedule is generally computed in advance and the round keys are stored in a table Foundations of Cryptography - Secret Key pp. 32 / 34

Theoretical Attack to test the robustness of a block cipher there are some well known attacks that ought to be tested: linear cryptanalysis differential cryptanalysis Foundations of Cryptography - Secret Key pp. 33 / 34

Linear Cryptanalysis every block cipher should exhibit a strongly non-linear behaviour if not so, linear cryptanalysis may succeed in finding an approximated linear relation between plaintext, corresponding ciphertext and the bits of the secret key Foundations of Cryptography - Secret Key pp. 34 / 34

Differential Cryptanalysis select a set of pairs of plaintexts, where the elements of the pair have a fixed difference the difference propagates in the DES in a peculiar manner build a set of probabilities of the differences of the cipher text pairs collect a certain number of plaintext / ciphertext pairs, statistics will validate guesses of the right bits of the key Foundations of Cryptography - Secret Key pp. 35 / 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback