Download presentation
Presentation is loading. Please wait.
Published byAndrew Doyle Modified over 9 years ago
1
TE/CS 536 Network Security Spring 2006 – Lectures 6&7 Secret Key Cryptography
2
Block Encryption - 1 n Stream ciphers are not suitable for long messages n Block ciphers convert block to another: one-to- one reversible mapping n Long enough to avoid known-plaintext attack u 64 bits – possible number of keys = ? u 128 bits n Output should look random u No correlation between plaintext and ciphertext
3
Block Encryption - 2 n Substitution (creates confusion) n Permutation (creates diffusion) n Round: combination of substitution and permutation; do until a bit change can affect every output bit u How many rounds? A few but not fewer
4
Block Cipher Scheme Secret key Plaintext block of length N Cipher block of length N Encrypt
5
Block Ciphers: modes n ECB: Electronic Code Book u Good for small messages, non-repeating blocks n CBC: Cipher Block Chaining u The cipher text i is XORed with message (i+1) before encryption. n CFB: Cipher Feedback n OFB: Output Feedback
6
DES (Data Encryption Standard) n Published in 1977, standardized in 1979. n Key: 64 bit quantity=8-bit parity+56-bit key u Every 8 th bit is a parity bit. n 64 bit input, 64 bit output. DES Encryption 64 bit M64 bit C 56 bits
7
DES Top View LPT RPT Permutation Swap Round 1 Round 2 Round 16 Generate keys Initial Permutation 48-bit K1 48-bit K2 48-bit K16 Swap 32-bit halves Final Permutation 64-bit Output 48-bit K1 64-bit Input 56-bit Key …...
8
Initial Permutation -> LPT | RPT 585042342618102605244362820124 625446383022146645648403224168 57494133251791595143352719113 615345372921135635547393123157
9
RPT Expansion Permutation (32-to-48) ……. …….. 1 2 3 4 5 32 Input: Output 0 0 1 0 1 1 1 2 3 4 5 6 7 8 48 1 0 0 1 0 1 0 1 1 0
10
Per-Round Key Generation 28 bits 48 bits K i One round Circular Left Shift 28 bits Permutation with 8 bits Discard Initial Permutation of DES key C i-1 D i-1 C i D i Round 1,2,9,16: single shift Others: two bits
11
A DES Round 48 bits 32 bits 32 bits L n 32 bits R n 32 bits L n+1 32 bits R n+1 Expand S-Boxes P 48 bits K i One Round Encryption Function F
12
The F Function 44444444 66666666 ++++++++ 66666666 S8S1S2S7S3S4S5S6 44444444 Permutation The permutation produces “spread” among the chunks/S-boxes! Key is XORed in eight 6- bit chunks with the expanded permuted RPT 6-input bits used to select 4-output bits through an S-box
13
S-Box (Substitute and Shrink) n 48 bits ==> 32 bits. (8*6 ==> 8*4) n 2 bits used to select amongst 4 permutations for the rest of the 4-bit quantity 2 bits row S i i = 1,…8. I1 I2 I3 I4 I5 I6 O1 O2 O3 O4 4 bits column
14
S1 box 0 1 2 3 4 5 6 7 8 9…. 15 0 14 4 13 1 2 15 11 8 3 1 0 15 7 4 14 2 13 1 10 2 4 1 14 8 13 6 2 11 15 3 15 12 8 2 4 9 1 7 5 Each row and column contain different numbers. Example: input: 100110 output: ???
15
8 S-Boxes n Logic behind the selection of the S-Boxes remains unpublished secret n Is it a good idea technically to publish it?
16
Decryption n Apply the same operations with the same key K i at each round: u Input: R n+1 |L n+1 F Due to the “swap” operation u Output: R n |L n F The swap operation at the end will produce the correct result: L|R
17
DES Standard n Cipher Iterative Action : u Input:64 bits u Key:48 bits u Output:64 bits n Key Generation Box : u Input:56 bits u Output:48 bits One round (Total 16 rounds)
18
DES Summary n Simple, easy to implement: u Hardware/gigabits/second, software/megabits/second n 56-bit key DES may be acceptable for non- critical applications but triple DES (DES3) should be secure for most applications today n Supports several operation modes: ECB CBC, OFB, CFB
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.