Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 1 views

    Is - Unit 3 - Feasel Cipher

    Uploaded by

    mahek malidwale

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Is - Unit 3 - Feasel Cipher

    Uploaded by

    mahek malidwale
    1 views30 pages

    Original Title

    IS_UNIT 3 _FEASEL CIPHER

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    1 views30 pages

    Is - Unit 3 - Feasel Cipher

    Uploaded by

    mahek malidwale

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 30

    Block Ciphers

    (Iterated) Block Cipher


    • Plaintext and ciphertext consists of fixed sized blocks
    • Ciphertext obtained from plaintext by iterating a round function
    • Input to round function consists of key and the output of previous
    round
    • Usually implementation friendly. Gives a high throughput.
    Feistel Cipher
    • Feistel cipher refers to a type of block cipher design, not a specific
    cipher
    • Split plaintext block into left and right halves: Plaintext = (L0,R0)
    • For each round i=1,2,...,n, compute
    Li= Ri−1
    Ri= Li−1 ⊕ F(Ri−1,Ki)
    where F is round function and Ki is subkey
    • Ciphertext = (Ln,Rn)
    Feistel Cipher
    • Decryption: Ciphertext = (Ln,Rn)
    • For each round i=n,n−1,…,1, compute
    Ri−1 = Li
    Li−1 = Ri ⊕ F(Ri−1,Ki)
    where F is round function and Ki is subkey
    • Plaintext = (L0,R0)
    • Formula “works” for any function F
    • But only secure for certain functions F
    Data Encryption Standard

    • DES developed in 1970’s


    • Based on IBM Lucifer cipher
    • U.S. government standard
    • DES development was controversial
    • NSA was secretly involved
    • Design process not open
    • Key length was reduced
    • Subtle changes to Lucifer algorithm
    DES Numerology
    • DES is a Feistel cipher
    • Block Size: 64 bits
    • Key Size: 64 bits
    • No of Rounds: 16
    • Subkey length: 48 bits of key used each round (subkey)
    • Each round is simple (for a block cipher)
    • Security depends primarily on “S-boxes”
    • Each S-boxes maps 6 bits to 4 bits
    DES – General Structure
    • Step 1: Plaintext is broken into blocks of length 64 bits.
    • Step 2: The 64-bit block undergoes an initial permutation (IP) using initial permutation IP
    table, IP(M).
    • Step 3: The 64-bit permuted input is divided into two 32-bit blocks: left (L) and right (R). The
    initial values of the left and right blocks are denoted L0 and R0.
    • Step 4: There are 16 rounds of operations on the L and R blocks. During each round, the
    following formula is applied:
    • Ln = Rn-1
    Rn = Ln-1 XOR F(Rn-1,Kn)
    • Step 5: The results from the final DES round (i.e., L16 and R16) are recombined into a 64-bit
    value and rearranged using an inverse initial permutation (IP-1) table. The output from IP-1 is
    the 64-bit ciphertext block.
    DES – General Structure with Key
    Generation

    11
    DES – General Structure with Key Generation

    12
    Step 2: Initial Permutation
    • The bits are arranged as
    per this table –
    • 58th bit of the plaintext will
    become 1st bit of the
    initially permuted message
    Step 3: Dividing the plaintext into two parts
    • Initially permuted plaintext is divided into two halves: L0 and R0
    Step 4: Function
    • The function F(.) represents the heart of the DES algorithm. This function implements
    the following operations:
    • Expansion: The right 32-bit half-block is expanded to 48 bits using the expansion
    permutation (E) table, E(Rn-1).
    • Key mixing: The expanded result is combined with a subkey using an XOR operation.
    Sixteen 48-bit subkeys (one for each round) are derived from the main key using the
    key schedule, Kn + E(Rn-1).
    • Substitution: After mixing in the subkeys, the block is divided into eight 6-bit pieces
    and fed into the substitution boxes (S-boxes), which implements nonlinear
    transformation. Each 6-bit piece uses as an address in the S-boxes where the first and
    last bits are used to address the ith row and the middle four bits to address the jth
    column in the S-boxes. The output of each S-box is 4-bit length piece. The output of all
    eight S-boxes is then combined into 32 bit section.
    • Kn + E(Rn-1) = B1B2B3B4B5B6B7B8
    • S(Kn + E(Rn-1)) = S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8)
    • 4-Permutation: The 32 bits outputs from the S-boxes are rearranged using the P-box,
    F=P(S(Kn + E(Rn-1)))
    Step 4: Function
    • Expansion: Right half Ri-1 – is expanded to 48 bits
    using an Expansion box
    • Key Mixing: These 48 bits are XORed with the
    Expansion E-box
    subkey – Ki
    • S-Box: 48 bits outputs are fed into 8 Substitution
    boxes of 6 bits
    • From each S-box – 4 bits output are
    generated
    • All outputs are combined – 32 bits
    • Permutation: These 32 bits are rearranged using
    P-Box . Output is 32 bits
    Step 4: Function –Expansion Box
    • Write 32 numbers into 4 columns
    and 8 rows
    • Add 1 number at the start and
    another number at the end of each
    row
    • 32, 5
    • 4, 9
    • 8, 13
    • 12, 17
    • 16, 21
    • 20, 25
    • 24, 29
    • 28, 1
    Step 4b: Function (Contd…)
    • XOR-ed output of the subkey and pt box
    is fed into the S-boxes

    • Substitution Box or S-Box:


    • Fixed Table of 4 rows and 16 columns
    • Each row consists numbers from 0 to 15
    • For any 6 bit input
    • 1st and 6th bits are considered as row
    • 2nd, 3rd, 4th and 5th bits are column
    • To find out the number of the intersection
    of row and column
    • 4 bit output from each S-box
    Step 4: Function (Contd…)
    • 4 bit output from each S-box
    • 32 bits output go through the
    permutation function
    Step 5: Inverse Initial Permutation
    • The results from the final DES
    round (i.e., L16 and R16) are
    recombined into a 64-bit value
    • rearranged using an inverse
    initial permutation (IP-1) table.
    • The output from IP-1 is the 64-bit
    ciphertext block.
    DES - Key Generation
    • The 56 bits of the key are selected from the initial
    64 by Permuted Choice 1 (PC1) table.

    • The 56 bits are divided into two 28-bit halves.

    • In each round, both halves are rotated left by one


    or two bits (specified for each round).

    • The 48 subkey bits are selected by Permuted


    Choice 2 (PC2) table (24 bits from the left half, and
    24 from the right) and used in each round.
    DES Decryption
    • It uses the same algorithm as encryption, except that the application of the
    subkeys is reversed.
    • Also, the initial and final permutations are reversed.

    23
    Strength of DES

    • The algorithm itself


    • Refers to the possibility that cryptanalysis is possible by exploiting the
    characteristics of the algorithm
    • But no such success so far
    • 56 bit Key
    • 56-bit key is used in encryption, there are 256 possible keys.
    • A brute force attack on such number of keys is impractical.
    • 256 = 7.2 × 1016 keys
    • Time required if PC works at 109 decryptions/s, then 255 ns = 1.125
    years.
    • Time required if PC works at 1013 decryptions/s, then 1 hour.

    25
    Is it Unbreakable?
    • First challenge in 1997 (thousands of volunteers connected by Internet) :
    solved in 96 days (3 months). Message was "The secret message is: Many
    hands make light work."
    • 1998 EFF (Electronic Frontier Foundation, non-profit organization) machine
    (costs $250K): 3 days
    • 1999 (distributed.net and Deep Crack, combined): 22 hours and 15 minutes
    (Message was “See you in Rome (second AES Conference, March 22-23,
    1999)”)

    26
    Weak Keys
    • DES has 4 weak keys (64-bit)
    • 01010101 01010101 , FEFEFEFE FEFEFEFE, E0E0E0E0 F1F1F1F1, 1F1F1F1F
    0E0E0E0E
    • the outcome of the Permuted Choice 1 (PC1) in the DES key schedule leads to
    round keys (K1---K16) being either all zeros, all ones or alternating zero-one
    patterns.
    • Since all the subkeys are identical, and DES is a Feistel network, the encryption
    function becomes self-inverting; that is, encrypting twice with a weak key K
    produces the original plaintext.
    • Weak keys should be avoided at key generation.
    DES semi-weak keys
    • DES has also semi-weak keys, which only produce two different subkeys, each used
    eight times in the algorithm
    • We can refer to them as K1 and K2
    • They have the property that EK1(EK2(x))=x
    • There are six pairs of DES semi-weak keys
    An Example

    You might also like