Presentation is loading. Please wait.

# Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

## Presentation on theme: "Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits."— Presentation transcript:

Symmetric Encryption Example: DES Weichao Wang

2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits of ciphertext A product cipher – basic unit is the bit – performs both substitution and transposition (permutation) on the bits Cipher consists of 16 rounds (iterations), each with a 48-bit round key generated from the 64-bit key

3 Generation of Round Keys Round keys are 48 bits each

4 Encipherment

5 The f Function

6 S-Box – There are eight S-Box, each maps 6-bit input to 4- bit output – Each S-Box is a look-up table – This is the only non-linear step in DES and contributes the most to its safety P-Box – A permutation

7 Controversy Considered too weak – Diffie, Hellman said “in a few years technology would allow DES to be broken in days” DES Challenge organized by RSA In 1997, solved in 96 days; 41 days in early 1998; 56 hours in late 1998; 22 hours in Jan 1999 http://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCrac ker/HTML/19990119_deschallenge3.html http://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCrac ker/HTML/19990119_deschallenge3.html – Design decisions not public S-boxes may have backdoors

8 Undesirable Properties 4 weak keys – They are their own inverses 12 semi-weak keys – Each has another semi-weak key as inverse Complementation property – DES k (m) = c  DES k (m) = c S-boxes exhibit irregular properties – Distribution of odd, even numbers non-random – Outputs of fourth box depends on input to third box

9 Number of rounds – After 5 rounds, every cipher bit is impacted by every plaintext bit and key bit – After 8 rounds, cipher text is already a random function – When the number of rounds is 16 or more, brute force attack will be the most efficient attack for known plaintext attack – So NSA knows a lot when it fixes the DES

10 Differential Cryptanalysis A chosen ciphertext attack – Requires 2 47 (plaintext, ciphertext) pairs Revealed several properties – Small changes in S-boxes reduce the number of (plaintext, ciphertext) pairs needed – Making every bit of the round keys independent does not impede attack Linear cryptanalysis improves result – Requires 2 43 (plaintext, ciphertext) pairs

11 DES Modes Electronic Code Book Mode (ECB) – Encipher each block independently Cipher Block Chaining Mode (CBC) – Xor each plaintext block with previous ciphertext block – Requires an initialization vector for the first one – The initialization vector can be made public Encrypt-Decrypt-Encrypt Mode (2 keys: k, k) Encrypt-Encrypt-Encrypt Mode (3 keys: k, k, k  )

12 CBC Mode Encryption  init. vector m1m1 DES c1c1  m2m2 c2c2 sent … … …

13 CBC Mode Decryption  init. vector c1c1 DES m1m1 … … …  c2c2 m2m2

14 Self-Healing Property What will happen if a bit gets lost during transmission? – All blocks will not be aligned When one bit in a block flipped, only the next two blocks will be impacted. – Plaintext “heals” after 2 blocks

15 Current Status of DES Design for computer system, associated software that could break any DES-enciphered message in a few days published in 1998 Several challenges to break DES messages solved using distributed computing NIST selected Rijndael as Advanced Encryption Standard, successor to DES – Designed to withstand attacks that were successful on DES – 128 bit block size; 128, 192, or 256 bit key – Encryption speed can be 700MB/sec on an i7 CPU

Download ppt "Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits."

Similar presentations

Ads by Google