Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dan Boneh Block ciphers The data encryption standard (DES) Online Cryptography Course Dan Boneh.

Published byErica Ross Modified over 8 years ago

Similar presentations

Presentation on theme: "Dan Boneh Block ciphers The data encryption standard (DES) Online Cryptography Course Dan Boneh."— Presentation transcript:

1 Dan Boneh Block ciphers The data encryption standard (DES) Online Cryptography Course Dan Boneh

2 Dan Boneh Block ciphers: crypto work horse E, D CT Block n bits PT Block n bits Key k Bits Canonical examples: 1.3DES: n= 64 bits, k = 168 bits 2.AES: n=128 bits, k = 128, 192, 256 bits

3 Dan Boneh Block Ciphers Built by Iteration R(k,m) is called a round function for 3DES (n=48), for AES-128 (n=10) key k key expansion k1k1 k2k2 k3k3 knkn R(k 1,  )R(k 2,  )R(k 3,  )R(k n,  ) m c

4 Dan Boneh The Data Encryption Standard (DES) Early 1970s: Horst Feistel designs Lucifer at IBM key-len = 128 bits ; block-len = 128 bits 1973: NBS asks for block cipher proposals. IBM submits variant of Lucifer. 1976: NBS adopts DES as a federal standard key-len = 56 bits ; block-len = 64 bits 1997: DES broken by exhaustive search 2000: NIST adopts Rijndael as AES to replace DES Widely deployed in banking (ACH) and commerce

5 Dan Boneh DES: core idea – Feistel Network Given functions f 1, …, f d : {0,1} n {0,1} n Goal: build invertible function F: {0,1} 2n {0,1} 2n In symbols: inputoutput R d-1 L d-1 RdRd RdRd LdLd LdLd R0R0 R0R0 L0L0 L0L0 n-bits R1R1 R1R1 L1L1 L1L1 ⊕ f1f1 f1f1 R2R2 R2R2 L2L2 L2L2 ⊕ f2f2 f2f2 ⋯ ⊕ fdfd fdfd

6 Dan Boneh Claim: for all f 1, …, f d : {0,1} n {0,1} n Feistel network F: {0,1} 2n {0,1} 2n is invertible Proof: construct inverse R i-1 L i-1 RiRi RiRi LiLi LiLi ⊕ fifi fifi inverse R i-1 = L i L i-1 = f i (L i ) R i inputoutput R d-1 L d-1 RdRd RdRd LdLd LdLd R0R0 R0R0 L0L0 L0L0 n-bits R1R1 R1R1 L1L1 L1L1 ⊕ f1f1 f1f1 R2R2 R2R2 L2L2 L2L2 ⊕ f2f2 f2f2 ⋯ ⊕ fdfd fdfd

7 Dan Boneh Claim: for all f 1, …, f d : {0,1} n {0,1} n Feistel network F: {0,1} 2n {0,1} 2n is invertible Proof: construct inverse R i-1 L i-1 RiRi RiRi LiLi LiLi ⊕ fifi fifi inverse inputoutput R d-1 L d-1 RdRd RdRd LdLd LdLd R0R0 R0R0 L0L0 L0L0 n-bits R1R1 R1R1 L1L1 L1L1 ⊕ f1f1 f1f1 R2R2 R2R2 L2L2 L2L2 ⊕ f2f2 f2f2 ⋯ ⊕ fdfd fdfd RiRi RiRi LiLi LiLi R i-1 L i-1 ⊕ fifi fifi

8 Dan Boneh Decryption circuit Inversion is basically the same circuit, with f 1, …, f d applied in reverse order General method for building invertible functions (block ciphers) from arbitrary functions. Used in many block ciphers … but not AES R1R1 R1R1 L1L1 L1L1 R0R0 R0R0 L0L0 L0L0 RdRd RdRd LdLd LdLd n-bits R d-1 L d-1 ⊕ fdfd fdfd R d-2 L d-2 ⊕ f d-1 ⋯ ⊕ f1f1 f1f1

9 Dan Boneh “Thm:” (Luby-Rackoff ‘85): f: K × {0,1} n {0,1} n a secure PRF ⇒ 3-round Feistel F: K 3 × {0,1} 2n {0,1} 2n a secure PRP R3R3 R3R3 L3L3 L3L3 R0R0 R0R0 L0L0 L0L0 input R1R1 R1R1 L1L1 L1L1 ⊕ f f R2R2 R2R2 L2L2 L2L2 ⊕ f f ⊕ f f output

10 Dan Boneh DES: 16 round Feistel network f 1, …, f 16 : {0,1} 32 {0,1} 32, f i (x) = F ( k i, x ) input 64 bits output 64 bits 16 round Feistel network IP IP -1 k k key expansion k1k1 k1k1 k2k2 k2k2 k 16 ⋯ To invert, use keys in reverse order

11 Dan Boneh The function F(k i, x) S-box: function {0,1} 6 {0,1} 4, implemented as look-up table.

12 Dan Boneh The S-boxes S i : {0,1} 6 {0,1} 4

13 Dan Boneh Example: a bad S-box choice Suppose: S i (x 1, x 2, …, x 6 ) = ( x 2 x 3, x 1 x 4 x 5, x 1 x 6, x 2 x 3 x 6 ) or written equivalently: S i (x) = A i ⋅ x (mod 2) We say that S i is a linear function. 0 1 1 0 0 0 1 0 0 1 1 0 1 0 0 0 0 1 0 1 1 0 0 1 0 1 1 0 0 0 1 0 0 1 1 0 1 0 0 0 0 1 0 1 1 0 0 1 x1x2x3x4x5x6x1x2x3x4x5x6 x1x2x3x4x5x6x1x2x3x4x5x6. = x2x3x1x4x5x1x6x2x3x6x2x3x1x4x5x1x6x2x3x6 x2x3x1x4x5x1x6x2x3x6x2x3x1x4x5x1x6x2x3x6

14 Dan Boneh Example: a bad S-box choice Then entire DES cipher would be linear: ∃ fixed binary matrix B s.t. But then: DES(k,m 1 ) DES(k,m 2 ) DES(k,m 3 ) B B m k 1 k 2 k 16 m k 1 k 2 k 16. = c c 832 64 ⋮ DES(k,m) = = DES(k, m 1 m 2 m 3 ) B B B = B m1km1k m1km1k m2km2k m2km2k m3km3k m3km3k m1m2m3kkkm1m2m3kkk m1m2m3kkkm1m2m3kkk (mod 2)

15 Dan Boneh Choosing the S-boxes and P-box Choosing the S-boxes and P-box at random would result in an insecure block cipher (key recovery after ≈2 24 outputs) [BS’89] Several rules used in choice of S and P boxes: No output bit should be close to a linear func. of the input bits S-boxes are 4-to-1 maps ⋮

16 Dan Boneh End of Segment

Download ppt "Dan Boneh Block ciphers The data encryption standard (DES) Online Cryptography Course Dan Boneh."

Similar presentations

Dan Boneh Using block ciphers Modes of operation: one time key Online Cryptography Course Dan Boneh example: encrypted email, new key for every message.

Dan Boneh Using block ciphers Modes of operation: one time key Online Cryptography Course Dan Boneh example: encrypted , new key for every message.
Cryptography: Block Ciphers

Cryptography: Block Ciphers
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)

Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Data Encryption Standard (DES)

Data Encryption Standard (DES)
SYMMETRIC CRYPTOSYSTEMS Symmetric Cryptosystems 10/06/2015 | pag. 2.

SYMMETRIC CRYPTOSYSTEMS Symmetric Cryptosystems 10/06/2015 | pag. 2.
CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.
Cryptography and Network Security

Cryptography and Network Security
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.

Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
Foundations of Network and Computer Security J J ohn Black Lecture #5 Sep 7 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Foundations of Network and Computer Security J J ohn Black Lecture #5 Sep 7 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.

DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.
1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Modern Block Ciphers  now look at modern block ciphers  one of the most widely used types.

Similar presentations

Ads by Google