Block Ciphers

 Encrypt data one block at a time

 „ Used in broader range of applications
 „ Typical block size 64 – 128 bits 128 bits
 „ Most algorithms based on a structure referred to as
Feistel block cipher
Confusion and Diffusion
 Diffusion
– Statistical nature of plaintext is reduced in ciphertext
– E.g. A plaintext letter affects the value of many ciphertext letters
– How: repeatedly apply permutation (transposition) to data, and
then apply function
 Confusion
– Make relationship between ciphertext and key as complex as
possible
– Even if attacker can find some statistical characteristics of
ciphertext, still hard to find key
– How: apply complex (non-linear) substitution algorithm
Data Encryption Standard (DES)
 Symmetric block cipher

– 56-bit key, 64-bit input block, 64-bit output block

 One of most used encryption systems in world
– Developed in 1977 by NBS/NIST
– Designed by IBM (Lucifer) with input from NSA
– Principles used in other ciphers, e.g. 3DES, IDEA
 Simplified DES (S-DES)
– Cipher using principles of DES
– Developed for education (not real world use)
Simplified DES

 Input (plaintext) block: 8-bits

 Output (ciphertext) block: 8-bits
 Key: 10-bits
 Rounds: 2
 Round keys generated using permutations and left shifts
 Encryption: initial permutation, round function, switch halves
 Decryption: Same as encryption, except round keys used in
opposite order
S-DES Algorithm
IP = { 2, 6, 3, 1, 4, 8, 5 , 7 }

IP -1= { 4,1 ,3 ,5 ,7 ,2 ,8 , 6}
S-DES Key generation
P10 = { 3, 5, 2, 7, 4, 10, 1, 9, 8, 6}

P8 = { 6, 3, 7, 4, 8, 5, 10, 9}
S-DES Encryption Details
IP = { 2.,6, 3 , 1 , 4 , 8 , 5 , 7 }

EP = { 4, 1, 2, 3, 2, 3, 4, 1}

P4 = { 2, 4, 3, 1}

IP -1 = { 4.,1 ,3 , 5 , 7 , 2, 8 , 6}
S-Box
 S-DES (and DES) perform substitutions using S-Boxes
 S-Box considered as a matrix: input used to select
row/column; selected element is output
 4-bit input: bit1; bit2; bit3; bit4
– bit1 , bit4 species row (0, 1, 2 or 3 in decimal)
– bit2bit3 species column
– 2-bit output
S-DES Example
 S-DES Example
– Plaintext: 01110010
– Key: 1010000010
– Ciphertext: 01110111

– See the example detailes on the website

S-DES Summery
 S-DES expressed as functions:

 Security of S-DES:
– 10-bit key, 1024 keys: brute force easy
– If know plaintext and corresponding ciphertext,
can we determine key? Very hard
Comparing DES and S-DES
 S-DES  DES
– 8-bit blocks – 64-bit blocks
– 10-bit key: 2 x 8-bit – 56-bit key: 16 x 48-bit
round keys round keys
– IP: 8-bits – IP: 64 bits
– F operates on 4 bits – F operates on 32 bits
– 2 S-Boxes – 8 S-Boxes
– 2 rounds – 16 rounds
DES
Encryption
Algorithm
Permutation Tables for DES
Permutation Tables for DES
3: Expansion permutation (E )

4 : Permutation Function (P)

Single Round of DES Algorithm

16
DES Round Structure
Definition of DES S-Boxes
Definition of DES S-Boxes
Avalanche Effect
 Aim: small change in key (or plaintext) produces large change in
ciphertext
 Avalanche effect is present in DES (good for security)
 Following examples show the number of bits that change in output
when two different inputs are used, differing by 1 bit
– Plaintext 1: 02468aceeca86420
– Plaintext 2: 12468aceeca86420
– Ciphertext difference: 32 bits
– Key 1: 0f1571c947d9e859
– Key 2: 1f1571c947d9e859
– Ciphertext difference: 30
Table 3.5
Average Time Required for Exhaustive Key Search
Key size
 Although 64 bit initial key, only 56 bits used in
encryption (other 8 for parity check)
 256 = 7.2 x 1016
– 1977: estimated cost $US20m to build machine
to break in 10 hours
– 1998: EFF built machine for $US250k to break
in 3 days
– Today: 56 bits considered too short to
withstand brute force attack
 3DES uses 128-bit keys
Attacks on DES
 Timing Attacks
– Information gained about key/plaintext by observing how
long implementation takes to decrypt
– No known useful attacks on DES
 Differential Cryptanalysis
– Observe how pairs of plaintext blocks evolve
– Break DES in 247 encryptions (compared to 255); but
require 247 chosen plaintexts
 Linear Cryptanalysis
– Find linear approximations of the transformations
– Break DES using 243 known plaintexts
DES Algorithm Design
 DES was designed in private; questions about the
motivation of the design
– S-Boxes provide non-linearity: important part
of DES, generally considered to be secure
– S-Boxes provide increased confusion
– Permutation P chosen to increase diffusion
Multiple Encryption with DES
 DES is vulnerable to brute force attack
 Alternative block cipher that makes use of DES
software/equipment/knowledge: encrypt multiple
times with different keys
 Options:
– 1. Double DES: not much better than single DES
– 2. Triple DES (3DES) with 2 keys: brute force 2112
– 3. Triple DES with 3 keys: brute force 2168
Double Encryption

 For DES, 2 56-bit keys, meaning 112-bit key

length
 Requires 2111 operations for brute force?
 Meet-in-the-middle attack makes it easier
Triple Encryption
 2 keys, 112 bits
 3 keys, 168 bits
 Why E-D-E? To be compatible with single DES:
Summary
 have considered:
– block vs stream ciphers
– Feistel cipher design & structure
– DES
» details
» strength
– Double DES
– Triple DES