Cryptography CS 555: Topic 10: Block Cipher Security & AES
Cryptography CS 555: Topic 10: Block Cipher Security & AES
CS 555
• Outline
• Attacks against block ciphers
• Differential cryptanalysis
• Linear cryptanalysis
• Double & triple encryption
• AES
• Readings:
• Katz and Lindell: 5.4, 5.5, 5.6
Exhaustive - 1 256 1
precomputation
The weakest point of DES remains the size of the key (56 bits)!
CS555 Spring 2012/Topic 10 11
Double Encryption:
• Given a block cipher Ek[m],
• Define Enck1,k2[m] = Ek1[Ek2[m]]
• The “Meet-in-the-middle” attack
– Given a pair (m,c), we have Dk1[c] = Ek2[m]
– Build table of all encryptions of m
– Then for each possible k, test if Dk(c) is in the table
– For 2DES, this takes about 256 time
– Requires 256 space 1016
• Effective key length is 56, instead of 2*56=112
F2 x Z 2 [ x ]
( x 8 x 4 x 3 x 1)