Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown."— Presentation transcript:

1 Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown

2 Outline Simplified DES (S-DES) Block Cipher Principles The Data Encryption Standard (DES) The Strength of DES Brute-force attacks Timing attacks Differential Cryptanalysis Block Cipher Design Principles Block Cipher: Mode of Operation

3 Strength of DES ? Key size 56-bit keys have 2 56 = 7.2 x 10 16 values brute force search looks hard Search at average 2 55 keys Design of S-box Is there weakness in the S-boxes? So far, no fatal weakness in the S-boxes is found

4 Weakness of DES – Key Size Brute force 1 DES encrypt./  s => 1142 year 1 million parallel machine => 10 hours 1977, Diffie and Hellman, $20 million dollars Recent advances 1997 on Internet in a few months 1998 on EFF ’ s DES Cracker in a less than 3 days Special purpose machine, $250,000 1999 above combined in 22hrs!

5 Timing Attacks to DES Fact: encrypt/decrypt takes slightly different amount of times depending on different inputs attacks actual implementation of cipher 攻擊加解 密的硬體 Method: observe how long it takes to perform decryption on various ciphertext Ex. smartcards

6 Analytic Attacks Analytic attacks on DES These utilise some deep structure of the cipher by gathering information about encryptions can eventually recover some/all of the sub-key bits if necessary then exhaustively search for the rest Generally these are statistical attacks, include differential cryptanalysis Published in 1990, known to DES group early in 1974 It is complex … linear cryptanalysis related key attacks

7 Dataflow of DES Plaintext m Left m 0 Right m 1 m1m1 m 2 =m 0  f(m 1,K 1 ) Round 1 m 3 =m 1  f(m 2,K 2 ) m2m2 Round 2 … … m 17 =m 15  f(m 16,K 16 ) m 16 Round 16 Data flow m m 0,m 1 m2m2 m3m3 m 16 m 17 Substitution-permutation network … Data flow m ’ m 0 ’,m 1 ’ m 2 ’ m 3 ’ m 16 ’ m 17 ’ …

8 Recall: XOR Two binary streams 0101100 ….01110 1001010 ….01100  1100110 ….00010 Different bits will be labeled as 1 after XOR

9 XOR: Differential of messages Data flow m m 0,m 1 m2m2 m3m3 m 16 m 17 … Data flow m ’ m 0 ’,m 1 ’ m 2 ’ m 3 ’ m 16 ’ m 17 ’ … Δm 0 =m 0  m 0 ’ Δm 1 =m 1  m 1 ’ Δm 2 =m 2  m 2 ’ =m 0  f(m 1,K 1 )  m 0 ’  f(m 1 ’,K 1 ’ ) =Δm 0  [f(m 1,K 1 )  f(m 1 ’,K 1 ’ )] ? Assume subkey is the same f(Δm 1 ) = [f(m 1,K 1 )  f(m 1 ’,K 1 )] f(., K) f(Δm i ) ΔmiΔmi unknown p: probability

10 Differential Cryptanalysis p=0.0625

11 Differential Cryptanalysis perform attack by repeatedly encrypting plaintext pairs with known input XOR until obtain desired output XOR when found if intermediate rounds match required XOR have a right pair if not then have a wrong pair, relative ratio is S/N for attack can then deduce keys values for the rounds right pairs suggest same key bits wrong pairs give random values Complexity: order of 2 47, requiring 2 47 chosen plaintext Recall: brute-force 2 56

12 Outline Simplified DES (S-DES) Block Cipher Principles The Data Encryption Standard (DES) The Strength of DES Brute-force attacks Timing attacks Differential Cryptanalysis Block Cipher Design Principles Block Cipher: Mode of Operation

13 Block Cipher Design Principles basic principles still like Feistel in 1970 ’ s number of rounds more is better, exhaustive search best attack function f: provides “ confusion ”, is nonlinear, avalanche key schedule complex subkey creation, key avalanche

14 Modes of Operation block ciphers encrypt fixed size blocks eg. DES encrypts 64-bit blocks, with 56-bit key need way to use in practise, given usually have arbitrary amount of information to encrypt 5 modes of operation NIST Special Publication 800-38A

15

16 Electronic Codebook Book (ECB)

17 message is broken into independent blocks which are encrypted each block is a value which is substituted, like a codebook, hence name each block is encoded independently of the other blocks C i = DES K (P i ) uses: secure transmission of single values or short messages

18 Limitations of ECB repetitions in message may show in ciphertext if aligned with message block particularly with data such graphics or with messages that change very little, which become a code-book analysis problem weakness due to encrypted message blocks being independent

19 Cipher Block Chaining (CBC)

20 message is broken into blocks each previous cipher blocks is chained with current plaintext block, hence name use Initial Vector (IV) to start process C i = DES K (P i XOR C i-1 ) C -1 = IV uses: bulk data encryption, authentication

21 Advantages and Limitations of CBC each ciphertext block depends on all message blocks thus a change in the message affects all ciphertext blocks after the change as well as the original block need Initial Value (IV) known to sender & receiver it must be sent encrypted in ECB mode before rest of message if IV is sent in the clear, an attacker can change selected bits of IV, and therefore change plaintext P 1 at end of message, handle possible last short block by padding either with known non-data value (eg nulls) or pad last block with count of pad size eg. [ b1 b2 b3 0 0 0 0 5] <- 3 data bytes, then 5 bytes pad+count

22 Cipher FeedBack (CFB): stream mode DES block

23 Cipher FeedBack (CFB) message is treated as a stream of bits added to the output of the block cipher result is feed back for next stage (hence name) standard allows any number of bit (1,8 or 64 or whatever) to be feed back denoted CFB-1, CFB-8, CFB-64 etc is most efficient to use all 64 bits (CFB-64) C i = P i XOR DES K (C i-1 ) C -1 = IV uses: stream data encryption, authentication

24 Advantages and Limitations of CFB appropriate when data arrives in bits/bytes most common stream mode note that the block cipher is used in encryption mode at both ends errors propogate for several blocks after the error

25 Output FeedBack (OFB)

26 message is treated as a stream of bits output of cipher is added to message feedback is independent of plaintext can be computed in advance C i = P i XOR O i O i = DES K (O i-1 ) O -1 = IV uses: stream encryption over noisy channels

27 Advantages and Limitations of OFB used when error feedback is a problem or where need to encryptions before message is available Disadvantage: controlled changes to the recovered plaintext can be made 攔截 Ciphertext, 送出偽造的 C 1 = 001000 … C 1 = 101000 … <= 偽造的

28 Counter (CTR): ATM network and IPSec

29 Counter (CTR) similar to OFB but encrypts counter value rather than any feedback value must have a different key & counter value for every plaintext block (never reused) C i = P i XOR O i O i = DES K (i) Efficiency of CTR mode can do parallel encryptions on multiple blocks (c.f. feedback mode, wait for previous ciphertext) Preprocessing is possible

30 Summary block cipher design principles DES details strength Differential & Linear Cryptanalysis Modes of Operation ECB, CBC, CFB, OFB, CTR

Download ppt "Chapter 3 – Block Ciphers and the Data Encryption Standard Jen-Chang Liu, 2004 Adopted from lecture slides by Lawrie Brown."

Similar presentations

Cryptography and Network Security Chapter 6 Block Cipher Modes of Operation Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 5/e,

Cryptography and Network Security Chapter 6 Block Cipher Modes of Operation Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 5/e,
Block Cipher Modes of Operation and Stream Ciphers

Block Cipher Modes of Operation and Stream Ciphers
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Cryptography and Network Security Chapter 6 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 6 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,

Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Symmetric Encryption Algorithms CS-480b Dick Steflik Text – Network Security Essentials – Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik.

Symmetric Encryption Algorithms CS-480b Dick Steflik Text – Network Security Essentials – Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik.
Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.

Cryptography1 CPSC 3730 Cryptography Chapter 3 DES.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Cryptography and Network Security Chapter 6

Cryptography and Network Security Chapter 6
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
CSCE 790G: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790G: Computer Network Security Chin-Tser Huang University of South Carolina.
Chapter 3 – Block Ciphers and the Data Encryption Standard

Chapter 3 – Block Ciphers and the Data Encryption Standard
Chapter 3 – Block Ciphers and the Data Encryption Standard

Chapter 3 – Block Ciphers and the Data Encryption Standard
Block Cipher Transmission Modes CSCI 5857: Encoding and Encryption.

Block Cipher Transmission Modes CSCI 5857: Encoding and Encryption.

Similar presentations

Ads by Google