Presentation is loading. Please wait.

Presentation is loading. Please wait.

Block ciphers Structure of a multiround block cipher

Published byBryan Carr Modified over 8 years ago

Similar presentations

Presentation on theme: "Block ciphers Structure of a multiround block cipher"— Presentation transcript:

1 Block ciphers Structure of a multiround block cipher
Structure of each round Chaining modes for block ciphers Differential and linear cryptanalysis Conventional crypto - Noack

2 Structure of multiround block ciphers
Plaintext output Plaintext input Key Single round Key scheduling round Inverse of single round Single round Key scheduling round Inverse of single round Single round Key scheduling round Inverse of single round Ciphertext out Ciphertext in These are private-key symmetric ciphers – same key for encrypt and decrypt Each single round must be invertible Key scheduling rounds do not need to be invertible If key is constant from block to block, this is a monoalphabetic, but with huge alphabet Strength comes from confusion and diffusion repeatedly applied Conventional crypto - Noack

3 Structure of a single round
Partially Encrypted text From previous round Invertible operations can include Bitwise exclusive or Addition modulo blocksize Galois field but not conventional multiplication permutation Nonfeedback network of Invertible operations Key for this round From key scheduler Partially Encrypted text To next round XOR A C K A Example of an invertible operation If C = K xor A Then A = K xor C K XOR C Conventional crypto - Noack

4 The Feistel block is a reversible round
Left halfi Right halfi Left halfi Right halfi One-way (nonreversible) block XOR One-way (nonreversible) block XOR Right halfi+1 Left halfi+1 Right halfi+1 Left halfi+1 Note: This block is reversible The direction of signal flow does not change in the one-way block The XOR is a reversible device Conventional crypto - Noack

5 More on the Feistel block
Characteristics and limitations Essentially any one-way function can be used – doesn’t have to be reversible Because the block scrambles only one half the partial text at a time it is possibly weaker than other ciphers, but more rounds (typically 16) can be used The one-way function is half the width of the block, so a 64-bit block can be encrypted efficiently with a 32-bit processor The Feistel block is vulnerable to differential cryptanalysis, which is a chosen-plaintext attack. With enough rounds, it is usable. Conventional crypto - Noack

6 The equations for the Feistel block
Comments These equations are valid for any Feistel block, regardless of the particular one-way function used They are the basis for differential and linear cryptanalysis A large number of present-day ciphers, but not all, use Feistel The direct transformation Li+1 = Li  F(Ri, Ki ) Ri+1 = Li The inverse transformation Li = Li+1  F(Li+1, Ki ) Ri = Li+1 The recurrence relation used in differential cryptanalysis Li+2 = Li+1  F(Li, Ki ) Conventional crypto - Noack

7 The one-way function for DES
Input half 32 Per-stage keyword E-box Expand/permute 48 48 Components E-box – expansion and permutation S-box – substitution – a 64 by 4 bit memory or array P-box – expansion and permutation E and P boxes were hardwired S-boxes were in on-chip ROM – 256 bytes per round 48-bit-wide XOR 6 6 64x4 S-box 4 4 P-box –permute only 32 Output half Conventional crypto - Noack

8 DES – the Data Encryption Standard
Standardized by NBS (NIST) in mid-1970’s Key length is 56 bits – brute force of 255 = 32 x 1015 This size has always been suspect – special-purpose machines to break it have been made for less than $250K. Original standard required hardware implementation, now almost always done in software The permutation operations are inefficient in software – the S-boxes are no problem Suspicion centers on whether the S-boxes contain trapdoors and whether governments and big corporations have built cryptanalysis tools Cryptanalysis almost certainly yes, trapdoors likely not Differential crypto was known but not public at development Standard is still in use as Triple DES – 168-bit keys Conventional crypto - Noack

9 Conventional crypto - Noack
Chaining algorithms ECB (Electronic CodeBook) mode Basic method Susceptible to known plaintext if structure of early blocks is known Example is .gifs, .jpgs, .doc Can still be recovered if block is missing Block encryption Session key – same for all blocks P0 C0 P1 P2 Pn C1 C2 Cn Conventional crypto - Noack

10 Conventional crypto - Noack
ECB and its inverse Block encryption Session key – same for all blocks P0 C0 P1 P2 Pn C1 C2 Cn Block encryption Session key – same for all blocks C0 P0 C1 C2 Pn P1 P2 Conventional crypto - Noack

11 Conventional crypto - Noack
Other chaining modes CBC – Cipher block chaining CFB – Partial block fed forward each time OFB – Partial block fed forward, but block is not related to text, just IV Counter – Counter is encrypted, then result is XORed with plaintext – another stream mode Conventional crypto - Noack

Download ppt "Block ciphers Structure of a multiround block cipher"

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.

The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)

Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.
1 Lect. 9 : Mode of Operation. 2 Modes of Operation – ECB Mode  Electronic Code Book Mode Break a message into a sequence of plaintext blocks Each plaintext.

1 Lect. 9 : Mode of Operation. 2 Modes of Operation – ECB Mode  Electronic Code Book Mode Break a message into a sequence of plaintext blocks Each plaintext.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.

Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
CSCE 790G: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790G: Computer Network Security Chin-Tser Huang University of South Carolina.
Network Security Chapter

Network Security Chapter
Encryption Schemes Second Pass Brice Toth 21 November 2001.

Encryption Schemes Second Pass Brice Toth 21 November 2001.

Similar presentations

Ads by Google