34
BLOCK CIPHERS AND THE DATA ENCRYPTION STANDARD Presented by:

Cryptography

Tags:

Embed Size (px)

DESCRIPTION

Cryptography

Citation preview

  • BLOCK CIPHERS AND THE DATA ENCRYPTION STANDARD

    Presented by:

  • Chapter 3 Block Ciphers and the Data Encryption StandardA block cipherencryption/decryption scheme in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length.Many block ciphers have a Feistel structure consisting of number of identical rounds of processing. The Data Encryption Standard (DES) has been the most widely used encryption algorithm. It exhibits the classic Feistel structure and uses a 64-bitblock and a 56-bit key.Two important methods of cryptanalysis are differential cryptanalysis and linear cryptanalysis.

  • Modern Block Ciphersone of the most widely used types of cryptographic algorithms provide secrecy /authentication servicesfocus on DES (Data Encryption Standard) use to illustrate block cipher design principles

  • 3.1 Block Cipher Principlesmost symmetric block ciphers are based on a Feistel Cipher Structureneeded as it can decrypt ciphertext to recover messages efficientlyblock ciphers look like an extremely large substitution would need table of 264 entries for a 64-bit block To avoid the difficulties instead create from smaller building blocks .using idea of a product cipher

  • Block vs Stream Ciphersblock ciphers process messages in blocks, each of which is then en/decrypted like a substitution on very big characters64-bits or more stream ciphers process messages a bit or byte at a time when en/decryptingmany current ciphers are block ciphers have broader range of applications

  • Ideal Block Cipher

  • Claude Shannon and Substitution-Permutation CiphersClaude Shannon introduced idea of substitution-permutation (S-P) networks in 1949 paperform basis of modern block ciphers S-P nets are based on the two primitive cryptographic operations seen before: substitution (S-box)permutation (P-box)provide confusion & diffusion of message & key

  • Confusion and Diffusioncipher needs to completely conceal statistical properties of original message practically Shannon suggested combining S & P elements to obtain:diffusion dissipates statistical structure of plaintext over bulk of ciphertextconfusion makes relationship between ciphertext and key as complex as possible

  • Feistel Cipher StructureHorst Feistel devised the feistel cipherbased on concept of invertible product cipherpartitions input block into two halvesprocess through multiple rounds whichperform a substitution on left data halfbased on round function of right half & subkeythen have permutation swapping halvesimplements Shannons S-P net concept

  • Feistel Cipher Structure

  • Feistel Cipher Design Elementsblock size key size number of rounds subkey generation algorithmround function fast software en/decryptionease of analysis

  • Feistel Decryption Algorithm

  • 3.2 Data Encryption Standard (DES)most widely used block cipher in world adopted in 1977 by NBS -National Bureau of Standards now NIST-National Institute of Standards and Technology.as FIPS PUB 46 (Federal Information Processing Standard 46 ).encrypts 64-bit data using 56-bit keyhas widespread usesubject of controversy is its security.

  • DES HistoryIBM developed Lucifer cipherby team led by Feistel in late 60sused 64-bit data blocks with 128-bit keythen redeveloped as a commercial cipher with input from NSA and othersin 1973 NBS issued request for proposals for a national cipher standardIBM submitted their revised Lucifer which was eventually accepted as the DES

  • DES Design Controversyalthough DES standard is publicwas considerable controversy over design in choice of 56-bit key (as Lucifer was 128-bit)and classification of design criteria.subsequent events and public analysis show in fact design was appropriateuse of DES especially in financial applicationsstill standardised for legacy application use

  • DES Encryption Overview

  • Initial Permutation (IP)first step of the data computation IP reorders the input data bits even bits to LH half, odd bits to RH half quite regular in structure example:IP(675a6967 5e5a6b5a) = (ffb2194d 004df6fb)

  • DES Round Structureuses two 32-bit L & R halvesas for any Feistel cipher can describe as:Li = Ri1Ri = Li1 F(Ri1, Ki)F takes 32-bit R half and 48-bit subkey:expands R to 48-bits using perm Eadds to subkey using XORpasses through 8 S-boxes to get 32-bit resultfinally permutes using 32-bit perm P

  • DES Round Structure

  • Substitution Boxes Shave eight S-boxes which map 6 to 4 bits each S-box is actually 4 little 4 bit boxes outer bits 1 & 6 (row bits) select one row of 4 inner bits 2-5 (col bits) are substituted result is 8 lots of 4 bits, or 32 bitsrow selection depends on both data & keyfeature known as autoclaving (autokeying)example:S(18 09 12 3d 11 17 38 39) = 5fd25e03

  • DES Key Scheduleforms subkeys used in each roundinitial permutation of the key (PC1) which selects 56-bits in two 28-bit halves 16 stages consisting of: rotating each half separately either 1 or 2 places depending on the key rotation schedule Kselecting 24-bits from each half & permuting them by PC2(permuted choice two) for use in round function F

  • DES DecryptionDecrypt uses same alg.as encryption.Only the application of the subkeys is reversed.

  • Avalanche Effect key desirable property of encryption algwhere a change of one input or key bit results in changing approx half output bitsDES exhibits strong avalanche

  • 3.3 Strength of DES Key Size56-bit keys have 256 = 7.2 x 1016 valuesbrute force search looks hard

    recent advances have shown is possiblein 1997 on Internet in a few months in 1998 on dedicated h/w (EFF-Electronic Frontier Foundation) in a few days in 1999 above combined in 22hrs!still must be able to recognize plaintextmust now consider alternatives to DES

  • Strength of DES Analytic Attacksnow have several analytic attacks on DESthese utilise some deep structure of the cipher by gathering information about encryptions can eventually recover some/all of the sub-key bits if necessary then exhaustively search for the rest generally these are statistical attacksincludedifferential cryptanalysis linear cryptanalysis related key attacks

  • Strength of DES Timing Attacksattacks actual implementation of cipheruse knowledge of consequences of implementation to derive information about some/all subkey bitsspecifically use fact that calculations can take varying times depending on the value of the inputs to itparticularly problematic on smartcards

  • 3.4 Differential Cryptanalysisone of the most significant recent (public) advances in cryptanalysis .Murphy, Biham & Shamir published in 90spowerful method to analyse block ciphers used to analyse most current block ciphers with varying degrees of successdifferential cryptanalysis compares two related pairs of encryptions

  • Differential Cryptanalysis Compares Pairs of Encryptions

  • Differential Cryptanalysishave some input difference giving some output difference with probability pif find instances of some higher probability input / output difference pairs occurringcan infer subkey that was used in roundthen must iterate process over many rounds (with decreasing probabilities)

  • Linear Cryptanalysisanother recent development also a statistical method must be iterated over rounds, with decreasing probabilitiesdeveloped by Matsui et al in early 90'sbased on finding linear approximationscan attack DES with 243 known plaintexts, easier but still in practise infeasible

  • Linear Cryptanalysisfind linear approximations with prob p != P[i1,i2,...,ia] C[j1,j2,...,jb] = K[k1,k2,...,kc]where ia,jb,kc are bit locations in P,C,K gives linear equation for key bitsget one key bit using max likelihood algusing a large number of trial encryptions effectiveness given by: |p1/2|

  • DES Design Criteriaas reported by Coppersmith in [COPP94]7 criteria for S-boxes provide for non-linearityresistance to differential cryptanalysisgood confusion3 criteria for permutation P provide for increased diffusion

  • 3.5 Block Cipher Designbasic principles is like Feistels in 1970snumber of roundsmore is better, exhaustive search best attackfunction f:provides confusion, is nonlinear, avalanchehave issues of how S-boxes are selectedkey schedulecomplex subkey creation, key avalanche

  • THANK YOU

    ********

    ** ****.

    **

    *

    **********

    *******


Introduction to Practical Cryptography Lecture 2 Public Key Cryptography

Introduction to Practical Cryptography Lecture 2 Public Key Cryptography

Documents
Elliptic Curve Cryptography based Threshold Cryptography (ECC- TC)

Elliptic Curve Cryptography based Threshold Cryptography (ECC- TC)

Documents
Cryptography and Security in Wireless Sensor …Cryptography Cryptography De nition Cryptography is the study of mathematical techniques related to aspects of information security

Cryptography and Security in Wireless Sensor …Cryptography Cryptography De nition Cryptography is the study of mathematical techniques related to aspects of information security

Documents
Quantum cryptography CS4600/5600 Biometrics and Cryptography UTC/CSE

Quantum cryptography CS4600/5600 Biometrics and Cryptography UTC/CSE

Documents
Cryptography 2017 - Chalmers · Cryptography 2017 Introduction ... J. Katz, Y. Lindell, Introduction to Modern Cryptography, ... Introduction Why study cryptography?

Cryptography 2017 - Chalmers · Cryptography 2017 Introduction ... J. Katz, Y. Lindell, Introduction to Modern Cryptography, ... Introduction Why study cryptography?

Documents
Cryptography -

Cryptography -

Documents
An Introduction to Cryptography - Higher Intellectcdn.preterhuman.net/texts/cryptography/IntroToCrypto.pdfAn Introduction to Cryptography v Preface Cryptography is the stuff of spy

An Introduction to Cryptography - Higher Intellectcdn.preterhuman.net/texts/cryptography/IntroToCrypto.pdfAn Introduction to Cryptography v Preface Cryptography is the stuff of spy

Documents
Cryptography - University College Dublin. Cryptography II.pdf · Cryptography Introduction Note: For a similar workshop, please refer to ‘Cryptography’, Maths Sparks Volume I

Cryptography - University College Dublin. Cryptography II.pdf · Cryptography Introduction Note: For a similar workshop, please refer to ‘Cryptography’, Maths Sparks Volume I

Documents
DNA BASED CRYPTOGRAPHY - Western Universitylila/kavita.pdf · 2 Overview • Cryptography in general • Need of Cryptography • Basic concepts in Cryptography - Plaintext - Cipher

DNA BASED CRYPTOGRAPHY - Western Universitylila/kavita.pdf · 2 Overview • Cryptography in general • Need of Cryptography • Basic concepts in Cryptography - Plaintext - Cipher

Documents
CS 4770: Cryptography CS 6750: Cryptography and

CS 4770: Cryptography CS 6750: Cryptography and

Documents
ECE578 Cryptography 5: Hash Functions, Asymmetric Cryptography

ECE578 Cryptography 5: Hash Functions, Asymmetric Cryptography

Documents
Overview of Cryptography What is Cryptography? Cryptography is a collection of mathematical techniques for protecting information. Cryptography is

Overview of Cryptography What is Cryptography? Cryptography is a collection of mathematical techniques for protecting information. Cryptography is

Documents
Chapter 3 Cryptography - Reading & Learning...Chapter 3 Cryptography Introduction: Cryptography is an ancient art of keeping secrets. Cryptography ensures security of communication

Chapter 3 Cryptography - Reading & Learning...Chapter 3 Cryptography Introduction: Cryptography is an ancient art of keeping secrets. Cryptography ensures security of communication

Documents
Palladium Cryptography Palladium Cryptography Next ... · Palladium Cryptography Palladium Cryptography Next Generation Security Computation Base Harshwardhan Rathore, Asst. Prof

Palladium Cryptography Palladium Cryptography Next ... · Palladium Cryptography Palladium Cryptography Next Generation Security Computation Base Harshwardhan Rathore, Asst. Prof

Documents
Cryptography and Network Security Public Key Cryptography and RSA

Cryptography and Network Security Public Key Cryptography and RSA

Documents
Quantum cryptography CS415 Biometrics and Cryptography UTC/CSE

Quantum cryptography CS415 Biometrics and Cryptography UTC/CSE

Documents
Cryptography Cryptography 1. Activity What is cryptography ? 2

Cryptography Cryptography 1. Activity What is cryptography ? 2

Documents
Slide #8-1 Chapter 8: Basic Cryptography Classical Cryptography Public Key Cryptography Cryptographic Checksums

Slide #8-1 Chapter 8: Basic Cryptography Classical Cryptography Public Key Cryptography Cryptographic Checksums

Documents
Cryptography - Coding and Cryptography

Cryptography - Coding and Cryptography

Documents
Cryptography Gerard Klonarides. What is cryptography? Symmetric Encryption Symmetric Encryption Asymmetric Encryption Asymmetric Encryption Other cryptography

Cryptography Gerard Klonarides. What is cryptography? Symmetric Encryption Symmetric Encryption Asymmetric Encryption Asymmetric Encryption Other cryptography

Documents
Advanced Cryptography Isogeny-based Cryptography

Advanced Cryptography Isogeny-based Cryptography

Documents
Cryptography - Number Theory an Related Alghoritm in Cryptography

Cryptography - Number Theory an Related Alghoritm in Cryptography

Documents
Kleptography: Using Cryptography Against Cryptography · 2017-08-27 · Kleptography: Using Cryptography Against Cryptography Adam Young* and Moti Yung” Abstract. The notion of

Kleptography: Using Cryptography Against Cryptography · 2017-08-27 · Kleptography: Using Cryptography Against Cryptography Adam Young* and Moti Yung” Abstract. The notion of

Documents
Notes on cryptography · Notes on cryptography ... 5 Public-key cryptography: RSA and El-Gamal 83 ... 1.2 Steganography and cryptography

Notes on cryptography · Notes on cryptography ... 5 Public-key cryptography: RSA and El-Gamal 83 ... 1.2 Steganography and cryptography

Documents
An Introduction to Cryptography - Symantecorigin-symwisedownload.symantec.com/.../live/SOLUTIONS/.../introcry… · An Introduction to Cryptography. tember 2006. ... Cryptography

An Introduction to Cryptography - Symantecorigin-symwisedownload.symantec.com/.../live/SOLUTIONS/.../introcry… · An Introduction to Cryptography. tember 2006. ... Cryptography

Documents
(Continue) Cryptography - University of Washington · 2013-02-05 · Cryptography: Now on to asymmetric cryptography HW2 out soon (on cryptography) (Reminder:) Symmetric Cryptography

(Continue) Cryptography - University of Washington · 2013-02-05 · Cryptography: Now on to asymmetric cryptography HW2 out soon (on cryptography) (Reminder:) Symmetric Cryptography

Documents
1 Lecture 2: Introduction to Cryptography Outline uses of cryptography secret key cryptography public key cryptography message digests

1 Lecture 2: Introduction to Cryptography Outline uses of cryptography secret key cryptography public key cryptography message digests

Documents
Lattice-based Cryptography · Cryptography Post-Quantum CryptographyResults and Perspectives Outline 1 Cryptography Fundamental Goals Techniques and Limitations 2 Post-Quantum Cryptography

Lattice-based Cryptography · Cryptography Post-Quantum CryptographyResults and Perspectives Outline 1 Cryptography Fundamental Goals Techniques and Limitations 2 Post-Quantum Cryptography

Documents
Cryptography - A Reviewweb.cse.msstate.edu/~ramkumar/review1.pdfSymmetric Cryptography Asymmetric Cryptography Key Management Network Security Symmetric Cryptography Overview Block

Cryptography - A Reviewweb.cse.msstate.edu/~ramkumar/review1.pdfSymmetric Cryptography Asymmetric Cryptography Key Management Network Security Symmetric Cryptography Overview Block

Documents
Cryptography and Network Security, part I: Basic cryptography

Cryptography and Network Security, part I: Basic cryptography

Documents