0% found this document useful (0 votes)
64 views61 pages

Block Cipher and Des

The document discusses symmetric cryptography and block ciphers. It describes block ciphers as processing data in blocks versus stream ciphers which process data bit-by-bit. An ideal block cipher is defined as having all possible encryption mappings for a given block size, though this becomes impractical for large block sizes. The Feistel cipher structure was developed to approximate an ideal block cipher using rounds of processing to swap and transform block halves with subkeys. The Data Encryption Standard (DES) implements the Feistel cipher structure.

Uploaded by

Shorya Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
64 views61 pages

Block Cipher and Des

The document discusses symmetric cryptography and block ciphers. It describes block ciphers as processing data in blocks versus stream ciphers which process data bit-by-bit. An ideal block cipher is defined as having all possible encryption mappings for a given block size, though this becomes impractical for large block sizes. The Feistel cipher structure was developed to approximate an ideal block cipher using rounds of processing to swap and transform block halves with subkeys. The Data Encryption Standard (DES) implements the Feistel cipher structure.

Uploaded by

Shorya Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 61

Symmetric

Cryptography

Block Cipher and DES

Sang-Yoon Chang, Ph.D.


Modern Cipher (vs. Classical Cipher)

Digital computer communications


based on bits

Product cipher

More sophisticated techniques


Module: Block Cipher and DES

Block Cipher vs. Stream Cipher

Ideal Block Cipher

Feistel Cipher

Data Encryption Standard (DES)


Block Cipher vs. Stream Cipher

Block cipher (left) processes in blocks


(multiple bits) while stream cipher (right)
processes them a bit/byte at a time
P (n bits) Pseudorandom bit
K stream generation
K Enc

C (n bits)
pi + ci
Block Cipher vs. Stream Cipher

Block cipher (left) processes in blocks


(multiple bits) while stream cipher (right)
processes them a bit/byte at a time
P (n bits) Pseudorandom bit
K stream generation
K Enc

C (n bits)
pi + ci

Pad bits if the last block is incomplete


Block Cipher Function Requirements

Block cipher function: n bits à n bits


2n possible block options

Reversible function
Dec(K,(Enc(K,X)))=X, for all X

Given the key K, the computation of the


function is deterministic and easy
Ideal Block Cipher

Block cipher function: n bits à n bits


2n possible block options

Ideal block cipher supports the maximum


number of encryption mappings

Reversible transformation
2n! Possible transformations or keys
Ideal Block Cipher Example (n=4)
0000 0000
0001 0001
0010 0010
0011 0011
0100 0100
0101 0101
0110 0110
Plaintext 0111 0111 Ciphertext
1000 1000
1001 1001
1010 1010
1011 1011
1100 1100
1101 1101
1110 1110
1111 1111
Ideal Block Cipher Example (n=4)
0000 0000
0001 0001
0010 0010
0011 0011
0100 0100
0101 0101
0110 0110
Plaintext 0111 0111 Ciphertext
1000 1000
1001 1001
1010 1010
1011 1011
1100 1100
1101 1101
1110 1110
1111 1111
Ideal Block Cipher Example (n=4)
0000 0000
0001 0001
0010 0010
0011 0011
0100 0100
0101 0101
0110 0110
Plaintext 0111 0111 Ciphertext
1000 1000
1001 1001
1010 1010
1011 1011
1100 1100
1101 1101
1110 1110
1111 1111
Ideal Block Cipher Example (n=4)
0000 0000
0001 0001
0010 0010
0011 0011
0100 0100
0101 0101
0110 0110
Plaintext 0111 0111 Ciphertext
1000 1000
1001 1001
1010 1010
1011 1011
1100 1100
1101 1101
1110 1110
1111 1111 Already taken by the 1st plaintext block
Ideal Block Cipher Example (n=4)
0000 0000
0001 0001
0010 0010
0011 0011
0100 0100
0101 0101
0110 0110
Plaintext 0111 0111 Already taken by the 2nd plaintext block
1000 1000
1001 1001
1010 1010
1011 1011
1100 1100
1101 1101
1110 1110
1111 1111 Already taken by the 1st plaintext block
Ideal Block Cipher Example (n=4)
0000 0000
0001 0001
0010 0010
0011 0011
0100 0100
0101 0101
0110 0110
Plaintext 0111 0111 Already taken by the 2nd plaintext block
1000 1000
1001 1001 Already taken by the 3rd plaintext block
1010 1010
1011 1011
1100 1100
1101 1101
1110 1110
1111 1111 Already taken by the 1st plaintext block
Ideal Block Cipher Example (n=4)
0000 0000
0001 0001
0010 0010 For block i, 0≤i≤15,
0011 0011
0100 0100 (16-i) block options
0101 0101
0110 0110
Plaintext 0111 0111
1000 1000
1001 1001
1010 1010
1011 1011
1100 1100
1101 1101
1110 1110
1111 1111
Ideal Block Cipher Example (n=4)
0000 0000
0001 0001
0010 0010 For block i, 0≤i≤15,
0011 0011
0100 0100 (16-i) block options
0101 0101
0110 0110
Plaintext 0111 0111
1000
1001
1000
1001
16! mappings/keys
1010 1010
1011 1011
1100 1100
1101 1101
1110 1110
1111 1111
Ideal Block Cipher Example (n=4)
0000 0000
0001 0001
0010 0010
0011 0011
0100 0100
0101 0101
0110 0110
Plaintext 0111 0111
1000
1001
1000
1001
2n! possible keys
1010 1010
1011 1011
1100 1100
1101 1101
1110 1110
1111 1111
Plaintext Ciphertext

Ideal Block Cipher 0000 1111


0001 0111
0010 1001
0000 0000
0001 0001 0011 1110
0010 0010 0100 0101
0011 0011
0101 0100
0100 0100
0101 0101 0110 1100
0110 0110 0111 1000
0111 0111
1000 0010
1000 1000
1001 1001 1001 0000
1010 1010 1010 0011
1011 1011
1100 1100 1011 0001
1101 1101 1100 1011
1110 1110 1101 1101
1111 1111
1110 0110
1111 1010
Plaintext Ciphertext

Ideal Block Cipher 0000 1111


0001 0111
0010 1001
0000 0000
0001 0001 0011 1110
0010 0010 0100 0101
0011 0011
0101 0100
0100 0100
0101 0101 0110 1100
0110 0110 0111 1000
0111 0111
1000 0010
1000 1000
1001 1001 1001 0000
1010 1010 1010 0011
1011 1011
1100 1100 1011 0001
1101 1101 1100 1011
1110 1110 1101 1101
1111 1111
1110 0110
1111 1010
Plaintext Ciphertext
Need n×2n bits for key
Ideal Block Cipher 0000 1111
E.g., n=64 è 270=1021 bits
0001 0111
0010 1001
0000 0000
0001 0001 0011 1110
0010 0010 0100 0101
0011 0011
0101 0100
0100 0100
0101 0101 0110 1100
0110 0110 0111 1000
0111 0111
1000 0010
1000 1000
1001 1001 1001 0000
1010 1010 1010 0011
1011 1011
1100 1100 1011 0001
1101 1101 1100 1011
1110 1110 1101 1101
1111 1111
1110 0110
1111 1010
Horst Feistel

An IBM researcher

Contributed to DES in 1970s

Wanted an approximation of ideal block


cipher, built out of components that
are easily realizable
Feistel Cipher (Feistel Network)

Product cipher

Structure for symmetric block ciphers

Key length k bits < n×2n bits


è 2k possible keys < 2n! mappings
Feistel Cipher
Li : the left half of data after round i
Ri : the right half of data after round i
Ki : the subkey for round i
Round 0

Round 1

Round n
Li : the left half of data after round i
Ri : the right half of data after round i
Ki : the subkey for round i
ß Substitution
Li : the left half of data after round i
Ri : the right half of data after round i
Ki : the subkey for round i
ß Substitution
ß Permutation (swap
left half and right half)
Li : the left half of data after round i
Ri : the right half of data after round i
Ki : the subkey for round i
ß Substitution
ß Permutation (swap
left half and right half)
In the i-th round:
Li = Ri-1
Ri = Li-1 Å F(Ri-1, Ki)
Li : the left half of data after round i
Ri : the right half of data after round i
Ki : the subkey for round i

In the i-th round:


Li = Ri-1
Ri = Li-1 Å F(Ri-1, Ki)

F function does not


need to be reversible
(Decryption also uses F)
Feistel Cipher Design Parameters

Block size
Key size
Number of rounds
Subkey generation
Round function
Data Encryption Standard (DES)

§Most widely used block cipher


§Based on Feistel Cipher
§In 1973, NBS (NIST) issued request for
proposal for national cipher standard
§In 1977, adopted/published as DES
§Developed by IBM (Feistel) + NSA
§Considered broken but still widely
used, e.g., legacy application
Feistel Cipher
Feistel Cipher

ß Substitution
ß Permutation (swap
left half and right half)
Feistel Cipher Design Parameters

Block size
Key size
Number of rounds
Subkey generation
Round function
Feistel Cipher Design Parameters
DES
Block size 64 bits
Key size 56 bits
Number of rounds 16 rounds
Subkey generation (Later)
Round function (Later)
DES Overview
DES Overview
DES Overview

n=16
Initial Permutation
DES Overview

n=16

Add permutation blocks at


the beginning and the end

Final Permutation
64 bits of plaintext
Initial Permutation
DES Overview
64 bits
n=16
64 bits
Add permutation blocks at
the beginning and the end
64 bits

64 bits
Final Permutation
64 bits of ciphertext
64 bits of plaintext
Initial Permutation
DES Overview
64 bits
48 bits
n=16
64 bits
48 bits Add permutation blocks at
the beginning and the end
64 bits

48 bits

64 bits
Final Permutation
64 bits of ciphertext
64 bits of plaintext
Initial Permutation
DES Overview
64 bits
48 bits

64 bits Subkey (Ki) generation:


48 bits 56 bits à 16・48 bits
64 bits
Round function F:
48 bits
32 bits à 32 bits

64 bits
Final Permutation
64 bits of ciphertext
64 bits of plaintext
Initial Permutation
DES Overview
64 bits
48 bits

64 bits Subkey (Ki) generation:


48 bits 56 bits à 16・48 bits
64 bits
Round function F:
48 bits
32 bits à 32 bits

64 bits
Final Permutation
64 bits of ciphertext
64 bits of plaintext
Initial Permutation
DES Overview
64 bits
48 bits

64 bits
48 bits

64 bits
Round function F:
48 bits
32 bits à 32 bits

64 bits
Final Permutation
64 bits of ciphertext
64 bits of plaintext
Initial Permutation
DES Overview
64 bits
48 bits

64 bits F actually has two inputs:


48 bits Ri (32 bits), Ki (48 bits)
64 bits
Round function F:
48 bits
32 bits à 32 bits

64 bits
Final Permutation
64 bits of ciphertext
DES Round Function (F)
32 bits

48 bits
DES Round Function (F)
48 bits

48 bits
48 bits
DES Round Function (F)

48 bits

32 bits
DES Round Function (F)

32 bits

32 bits
64 bits of plaintext
Initial Permutation
DES Overview
64 bits
48 bits

64 bits Subkey (Ki) generation:


48 bits 56 bits à 16・48 bits
64 bits

48 bits

64 bits
Final Permutation
64 bits of ciphertext
DES Subkey Generation (Ki)
DES Subkey Generation (Ki)

PC are Permuted Choice:


§ PC1: 64 bits à 56 bits
§ PC2: 56 bits à 48 bits

<<< is left-circular shift (LCS)


Every round, LCS by 1 or 2 bits,
depending on the round
DES Strength

Avalanche Effect

Change of one plaintext bit or


one key bit changes about half
the ciphertext bits
DES Brute Force

56-bit key è Attacker effort O(255)

Require recognizing the correct plaintext

Demonstration of Brute Force attacks:


In 1997: a few months to find the key
In 1998: a few days
In 1999: 22 hours
DES Security

Brute Force attacks in practice

Cryptanalytic attacks that can


further reduce the complexity

Timing attacks on computation

You might also like