Presentation is loading. Please wait.

Presentation is loading. Please wait.

DES Analysis and Attacks CSCI 5857: Encoding and Encryption.

Published byRosamond Parker Modified over 8 years ago

Similar presentations

Presentation on theme: "DES Analysis and Attacks CSCI 5857: Encoding and Encryption."— Presentation transcript:

1 DES Analysis and Attacks CSCI 5857: Encoding and Encryption

2 Outline Confusion and diffusion Attacks and weaknesses –Linear cryptanalysis attacks –Weak keys Exhaustive search attacks –Use of multiple keys –Meet in the middle attacks –Triple DES

3 Confusion and Diffusion Use of inputs to create round key assures each plaintext bit affects many ciphertext bits Use of shifts and permutations in key generation assures each key bit affects many ciphertext bits

4 Cryptanalysis Differential Cryptanalysis: Using similar plaintexts to look for patterns in how ciphertext generated Linear Cryptanalysis: Attempting to approximate entire cipher as one big set of linear equations –Finding solutions to set of linear equations well studied in engineering –Possible if all S-boxes linear –n bit key requires n known plaintexts to solve

5 Linear S-Boxes Linear n x m S-Box can be expressed as linear equation of form: c 1 = a 11 x 1  a 12 x 2  …  a 1n x n c 2 = a 21 x 1  a 22 x 2  …  a 2n x n … c m = a m1 x 1  a m2 x 2  …  a mn x n where x i is ith input bit c i is ith ciphertext bit a ij is either 0 or 1 Each cipherbit character is defined as the XOR of certain input bits

6 Linear S-Boxes Example of linear 3x3 S-Box: Corresponding linear equations c 1 = x 1  x 2 = 1  x 1  1  x 2  0  x 3 c 2 = x 1  x 2  x 3 = 1  x 1  1  x 2  1  x 3 c 3 = x 2  x 3 = 0  x 1  1  x 2  1  x 3 00011011 0000011111100 1110101001010

7 Linear Cryptanalysis Example Example: Above S-Box used after XOR stage

8 Linear Cryptanalysis Example S-Box input bit x i = p i  k i Resulting equations: c 1 = (p 1  k 1 )  (p 2  k 2 ) c 2 = (p 1  k 1 )  (p 2  k 2 )  (p 3  k 3 ) c 3 = (p 2  k 2 )  (p 3  k 3 ) Can now solve for key bits! k 1 = p 1  (c 1  c 2  c 3 ) k 2 = p 1  (c 1  c 2 ) k 3 = p 1  (c 2  c 3 )

9 Linear Cryptanalysis Possible if cipher uses only linear components –Permutation boxes linear by definition! Shifting from position i to position j is equation c j = 0  p 1  0  p 2  …  1  p i …  0  p n Therefore, S-Boxes must not be linear! –They are the only possible nonlinear component

10 Cryptanalysis Attacks on DES Linear Cryptanalysis –DES not designed for this attack (invented after DES released –However, DES S-Boxes not linear –2 43 known plaintexts needed to break DES using linear cryptanalysis

11 Weak Keys Keys that leave plaintext vulnerable in some way –Simple example: k = 26 in Caesar cipher Weak keys in DES produce same round key for multiple rounds –4 keys give same round key every round –8 keys give only 2 distinct round keys –48 keys give only 4 distinct round keys –Odds unlikely (8.8 x 10 -16 ), but should still check randomly generated keys

12 Exhaustive Search Attacks 56-bit key not computationally secure Parallel processing attacks –Computer with 1 million chips (1998)  key found in 112 hours –Network of 3500 computers (1977)  key found in 120 days 56-bit key not recommended by NIST! “all clones test different keys!”

13 Multiple Stage DES No way to use larger key in DES –Structure “hardwired” Only solution: multiple stage DES –Different keys used each stage –Output ciphertext of one stage  input plaintext of next stage

14 Multiple Stage DES Multiple stages with different keys greatly increases number of possible ciphertexts –(2 64 )! possible mappings from 2 64 possible input blocks to 2 64 possible output blocks –Only 2 56 possible keys (tiny fraction of the above) –Extremely unlikely that there exists K 3 such that E(E(P, K 1 ), K 2 ) = E(P, K 3 ) Possible ciphertexts After applying K 1 and K 2 After applying K 1

15 “Meet In The Middle” Attack Theoretically, two stages should be sufficient –Adversary would have to try all combinations of possible K 1 and K 2 –2 56 x 2 56 = 2 112 possible combinations of keys Vulnerable to “meet in the middle” attack –Adversary has a known plaintext P and ciphertext C –Works forward encrypting P with all possible K 1 –Works backward decrypting C with all possible K 2 –Stores results and searches for matches

16 “Meet In The Middle” Attack “I’ll try all K1 and store the results in a table” Table of all possible M created by encrypting P “I’ll try all K2 and store the results in another table” Table of all possible M created by decrypting C “Now I’ll compare the two and look for any matches”

17 “Meet In The Middle” Attack M’s (and keys K 1 and K 2 that created them) kept in sorted tables –2 56 runs to create each table –56 x 2 56 comparisons to find matches –Match gives plausible values for K 1 and K 2 “Double DES” not computationally secure MK1 1010001…100110100…01 MK2 1010001…101100110…00 “These match” “So this might be K1 and K2”

18 Triple DES Need at least three stages of encryption –“Meet in middle” attack can only take place after at least two stages –Effectively the same as 112 bit key K1K1 K3K3 K2K2 “I can only attack here”

19 Triple DES With Two Keys Just use K1 twice (in first and last stage) Shorter keys (112 bits instead of 168 bits) Still secure (have to try all K 1 and K 2 to do meet in middle attack) “Still too hard to crack”

20 Efficiency of DES Fast if burned into hardware –Basic structure corresponds to wiring diagram Slow if executed as software –Basic structure doesn’t fit into registers –Much swapping between RAM/registers required 3DES even slower

Download ppt "DES Analysis and Attacks CSCI 5857: Encoding and Encryption."

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
Data Encryption Standard (DES)

Data Encryption Standard (DES)
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.

Cryptology  Terminology  plaintext - text that is not encrypted.  ciphertext - the output of the encryption process.  key - the information required.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)

Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Data Encryption Standard (DES)

Data Encryption Standard (DES)
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Advanced Encryption Standard

Advanced Encryption Standard
Cryptography and Network Security, resuming some notes Dr. M. Sakalli.

Cryptography and Network Security, resuming some notes Dr. M. Sakalli.
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.

Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
FEAL FEAL 1.

FEAL FEAL 1.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

Similar presentations

Ads by Google