Download presentation

Presentation is loading. Please wait.

1
Announcements: Quizzes returned at end of class Quizzes returned at end of class This week: Mon-Thurs: Data Encryption Standard (DES) Mon-Thurs: Data Encryption Standard (DES) Today: Differential Cryptanalysis on EDEN HW 4 (assigned Thurs) is to implement DES HW 4 (assigned Thurs) is to implement DES Friday: Computer quiz on breaking ciphers in ch 2 Friday: Computer quiz on breaking ciphers in ch 2 Next week: Rijndael, start RSA Rijndael, start RSAQuestions? DTTF/NB479: DszquphsbqizDay 14

2
Recall EDEN Input (12 bits) L 0 (6)R 0 (6) f L 1 (6)R 1 (6) K 1 (8) f L 2 (6)R 2 (6) K 2 (8) Round 1 Round 2 Repeat for 8 rounds … The key, K i for round i is derived from a 9-bit key K.

3
Differential Cryptanalysis A chosen plaintext attack to find the key We’ll work the process together for 3 rounds. Assume we can input L 1 R 1 and view output L 4 R 4. This can be extended to 4 rounds

4
Lots of calculations done on whiteboard…

5
Extension to 4 Rounds Exploits weaknesses in S-boxes. S 1 : 12/16 of input pairs with XOR = 0011 have output XOR 011 S 2 : 8/16 of input pairs with XOR = 1100 have output XOR 010 But we expect only 2/16 pairs in each case We choose R 0, R 0 * such that R 0 ’ = 001100 P(XOR of outputs = 011010) ~ 3/8. P(XOR of outputs = 011010) ~ 3/8. If we also choose L 0, L 0 * such that L 0 ’ = 011010, then 3/8 of time, L 1 ’R 1 ’ = 001100 000000. So we choose lots of pairs like this, and do the 3-round method with L 1 ’ = 001100 and the known outputs. We’ll get lots of garbage (random keys), since we aren’t sure that L 1 ’ = 001100, but since it shows up so often, K 4 will show up much more frequently than other keys! Example on p. 122 gives key frequencies using an attack with 100 such inputs. K 4 shows up ~50% more than others.

6
Extensions What about more than 4 rounds? What about stronger S-boxes? Can do both, just require more inputs to gather statistics to find key. Is this more efficient than brute forcing?

7
Summary Number of rounds # inputs needed for diffy crypt. # inputs required for brute force EDEN 3~2*(2-3) 29292929 4~2*100 29292929 DES <=15 < 2 56 2 56 16 > 2 56 (no longer efficient to use) 2 56 Could the DES designers have anticipated diffy crypt attacks?

8
HW4: DES Implementation I implemented EDEN in Java fairly quickly DES is obviously more complicated You’ll implement encryption and decryption. Correctness: Can use one to test the other. Can use one to test the other.Efficiency: In addition, it’d be nice to use a language that closer to the hardware for efficiency, like C. In addition, it’d be nice to use a language that closer to the hardware for efficiency, like C. I’m planning a competition to see whose implementation is quickest! I’m planning a competition to see whose implementation is quickest!

Similar presentations

© 2020 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google