1. Conventional Encryption Chapter 4

2. Multiple DES Advantage of extra stages –Each stage gives 56 more bits of key length –Double DES subject to meet-in-the-middle attack – 2**56 possible middle blocks –Generate a table of 2**56 middle blocks – sorted. –Look for matches –

3. IDEA Non-Feistel cipher with reversible stages Stages contain many individually reversible operations Operations are –Exclusive or –Addition mod 2*16 –Multiplication mod (2**16 + 1) These don’t satisfy associativity or distributivity – no algebraic simplification 8 stages –Each uses 48 bits subkey derived from a 128-bit keyword

4. More IDEA Advantages –Can be done in 16-bit processor without bit fiddling –8 rounds appear to be enough, based on cryptanalysis –128 bit key – more than enough for brute force –Diffusion and confusion properties are good –Schneier says no positive cryptanalysis done – yet

5. Blowfish Design goals –18 clock cycles/byte on 32-bit machines –Less than 5K of memory –Simple structure – easy to cryptanalyze –Variable security – can use up to 448 bits Algorithm characteristics –Feistel structure – F needn’t be reversible –Uses only XOR and add mod 2**32 – no bit fiddles –16 rounds – each contains 4 2**8 x 32 bit S-boxes –Table 4-3 claims 6 times as fast as TDES 2.7 * IDEA

6. Other Block Algorithms RC5 –Family of algorithms – more rounds, key bits, –can be used on various processor sizes (but different algorithms) –But – the variability makes it nonstandard RC2 –Doesn’t use Feistel structure –Standardized in S/MIME (email types) CAST Looks like another BlowFish with different subkey generation

7. Advanced Block Cipher Characteristics Variable key length Mixed operators Data dependent rotations rather than S-boxes Key dependent rotation Data dependent S-boxes Lengthy key transformation (discourages brute force) Variable F (like CAST-128) Variable block length Variable number of rounds Operating on both block halves each round