Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
3 views

Module 2(Part 1)

Module 2 of BCSE309 covers symmetric encryption algorithms, including block and stream ciphers, and key concepts such as plaintext, ciphertext, and cryptosystems. It explores classical ciphers like Caesar and Playfair, along with modern techniques like AES and RC4, emphasizing the importance of cryptography in secure communications. The module also contrasts symmetric and asymmetric methods, detailing their operational differences and applications.

Uploaded by

Satyaprakash Swain
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

Module 2(Part 1)

Module 2 of BCSE309 covers symmetric encryption algorithms, including block and stream ciphers, and key concepts such as plaintext, ciphertext, and cryptosystems. It explores classical ciphers like Caesar and Playfair, along with modern techniques like AES and RC4, emphasizing the importance of cryptography in secure communications. The module also contrasts symmetric and asymmetric methods, detailing their operational differences and applications.

Uploaded by

Satyaprakash Swain
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 121

BCSE309-CRYPTOGRAPHY AND NETWORK SECURITY

MODULE 2

Prepared by
Dr. L. Mary Shamala
Assistant Professor
SCOPE / VIT
MODULE 2: SYMMETRIC ENCRYPTION ALGORITHMS

 Symmetric key cryptographic techniques


 Block cipher
 DES
 AES
 IDEA
 Block Cipher Operation
 Introduction to Stream cipher
 Random Bit Generation and RC4

VIT/SCOPE/BCSE309-CNS/MODULE 2 2
BASIC TERMINOLOGY

 Plaintext - original message


 Ciphertext - coded message
 Cipher- algorithm for transforming plaintext to ciphertext
 Key - information used in cipher known only to sender/receiver
 Encryption/ Enciphering- The process of converting plaintext into ciphertext
 Decryption/Deciphering- The process of converting ciphertext into plaintext
 Cryptosystem -The combination of algorithm, key, and key management functions
used to perform cryptographic operations.
 Keyspace- Total number of possible values of keys in a cipher.
VIT/SCOPE/BCSE309-CNS/MODULE 2 3
CRYPTOLOGY

Cryptology is the science of secure communications.


 Derived from the Greek word “criptos” = secret+ “logos” =writing
 Cryptology=cryptography + cryptanalysis
Cryptography
Study of encryption principles/methods
Cryptanalysis (codebreaking)
Study of principles/ methods of deciphering ciphertext without knowing key

VIT/SCOPE/BCSE309-CNS/MODULE 2 4
CRYPTOLOGY…

VIT/SCOPE/BCSE309-CNS/MODULE 2 5
CRYPTOGRAPHY

 The many schemes used for encryption constitute the area of study
called Cryptography
 It is a branch of mathematics that deals with the transformation of data.
 Increasingly used to protect information.
 Can ensure confidentiality
 Integrity and Authenticity too

VIT/SCOPE/BCSE309-CNS/MODULE 2 6
CRYPTOGRAPHY - HISTORY

 Dates back to at least 2000 BC


 The Manual Era: Pen and Paper Cryptography
 Scytale, Atbash, Caeser,Vigenere,…
 The Mechanical Era: Invention of Cipher Machines
 Confederate Army’s Cipher Disk, Japanese Red and Purple Machines, German
Enigma
 The Modern Era: Computers!
 Lucifer, Rijnjael, RSA, ElGamal
VIT/SCOPE/BCSE309-CNS/MODULE 2 7
CRYPTOGRAPHY…

 Characterize cryptographic system by:


a) Type of encryption operations used
 Substitution/ transposition / product
b) Number of keys used
 Single-key or private or symmetric / two-key or public or Asymmetric
c) The way in which plaintext is processed
 Block / stream
VIT/SCOPE/BCSE309-CNS/MODULE 2 8
SYMMETRIC VS ASYMMETRIC METHODS

 Symmetric
 Same key for encryption and decryption
 Key distribution problem
 Examples: DES, AES, IDEA, Blowfish, RC4, RC5
 Asymmetric
 Mathematically related key pairs for encryption and decryption
 Public and private keys
 RSA, ECC, Diffie-Hellman, ElGamal
VIT/SCOPE/BCSE309-CNS/MODULE 2 9
BLOCK VS STREAM CIPHERS

 Block ciphers process messages in into blocks, each of which is then


en/decrypted
 Like a substitution on very big characters
 64-bits or more

 Stream ciphers process messages a bit or byte at a time when


en/decrypting
 Many current ciphers are block ciphers
VIT/SCOPE/BCSE309-CNS/MODULE 2 10
Block verses Stream Ciphers

VIT/SCOPE/BCSE309-CNS/MODULE 2 11
STREAM VS BLOCK CIPHER
Stream Cipher Block Cipher
Advantages Speed of High diffusion
transformation
Low error Immunity to insertion of
propagation symbol
Limitations Low diffusion Slowness of encryption
Susceptibility to Padding
malicious insertions
and modifications
Error propagation 12

VIT/SCOPE/BCSE309-CNS/MODULE 2
CLASSICAL CIPHERS
CLASSICAL ENCRYPTION TECHNIQUES

 Traditional (precomputer) symmetric ciphers use:


a) Substitution techniques map plaintext elements (characters, bits)
into ciphertext elements.
b) Transposition techniques systematically transpose the positions of
plaintext elements.

VIT/SCOPE/BCSE309-CNS/MODULE 2 14
SUBSTITUTION CIPHERS

 Monoalphabetic Cipher
 Uses one alphabet
 Equal symbols of plaintext are always substituted with the same symbol
 Susceptible to frequency analysis
 Polyalphabetic Cipher
 Uses multiple alphabets
 Equal symbols of plaintext are substituted with different symbols, depending on
the key
VIT/SCOPE/BCSE309-CNS/MODULE 2 15
CLASSICAL SUBSTITUTION CIPHERS

 Letters of plaintext are replaced by other letters or by numbers or


symbols
 If plaintext is viewed as a sequence of bits, then substitution involves
replacing plaintext bit patterns with ciphertext bit patterns
 Examples
 Caesar Cipher
 Playfair Cipher
 Hill Cipher
 Vigenère Cipher
VIT/SCOPE/BCSE309-CNS/MODULE 2 16
CAESAR CIPHER

 The earliest known


substitution cipher by
Julius Caesar
 First attested use in
military affairs
 Replace each letter with
3rd letter
c = E( 3, p) = (p + 3) mod26

VIT/SCOPE/BCSE309-CNS/MODULE 2 17
CAESAR CIPHER

 Can define transformation as:


a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
 Mathematically give each letter a number
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

 Caesar cipher can be defined as:


c = E( k, p) = (p + k) mod (26)
p = D(k, c) = (c – k) mod (26)

VIT/SCOPE/BCSE309-CNS/MODULE 2 18
EXAMPLE

Plaintext
meet me after the toga party

Ciphertext
PHHW PH DIWHU WKH WRJD SDUWB

VIT/SCOPE/BCSE309-CNS/MODULE 2 19
EXAMPLE 2

Encrypt(COMPUTER) gives FRPSXWHU


Decrypt(Encrypt(COMPUTER))
= Decrypt(FRPSXWHU)
= COMPUTER

VIT/SCOPE/BCSE309-CNS/MODULE 2 20
PLAYFAIR CIPHER

 The Playfair Cipher is


multiple-letter encryption cipher
 Treats digrams in the plaintext as
single units and translates these
units into ciphertext digrams
 Invented by Charles Wheatstone
in 1854, but named after his
friend Baron Playfair

VIT/SCOPE/BCSE309-CNS/MODULE 2 21
PLAYFAIR KEY MATRIX
M O N A R
 Uses a 5x5 matrix of letters
called Playfair C H Y B D
square or Wheatston-square,
based on keyword. E F G I/J K
 Fill in the letters of the keyword L P Q S T
 Fill the rest of the matrix with
other letters U V W X Z
 Example: using the keyword
MONARCHY

VIT/SCOPE/BCSE309-CNS/MODULE 2 22
ENCRYPTING AND DECRYPTING

 Plaintext is encrypted two letters at a time


1. If a pair is a repeated letter, insert filler like 'X’
2. If both letters fall in the same row, replace each with letter to the right (wrapping
back to start from the end)
3. If both letters fall in the same column, replace each with the letter below it (again
wrapping to top from bottom)
4. Otherwise, each letter is replaced by the letter in the same row, and the column
of the other letter of the pair
VIT/SCOPE/BCSE309-CNS/MODULE 2 23
EXAMPLE 1

•Keyword: Gitam University


•Plain Text: Gaming academy

 PLAIN TEXT: |GA|MI|NG|AC|AD|EM|YX|

VIT/SCOPE/BCSE309-CNS/MODULE 2 24
EXAMPLE 2

Encrypt the sentence


“Why, don’t you?”
using the keyword
MONARCHY

VIT/SCOPE/BCSE309-CNS/MODULE 2 25
HILL CIPHER

 Hill cipher is a multiletter cipher, developed by the mathematician Lester


Hill in 1929.
 The encryption algorithm takes m successive plaintext letters and
substitutes for them m ciphertext letters.
 The substitution is determined by m linear equations in which each
character is assigned a numerical value (a = 0, b = 1 ... z = 25).

VIT/SCOPE/BCSE309-CNS/MODULE 2 26
HILL CIPHER…

 For m = 3, the system can be described as follows:

 C = KP mod 26
 C and P are column vectors of length 3, representing the plaintext and ciphertext,
 K is a 3 x3 matrix, representing the encryption key.
 Operations are performed mod 26.

VIT/SCOPE/BCSE309-CNS/MODULE 2 27
HILL CIPHER…

Encryption
 Convert the keyword into a matrix
 Form plaintext into di-grams (or tri-grams) and each of these into column
vectors
 Perform matrix multiplication (modulo 26) on each column vector with the
key matrix
 These vectors are then converted back into letters to produce the ciphertext

VIT/SCOPE/BCSE309-CNS/MODULE 2 28
EXAMPLE

Encrypt the plaintext message “short example” using the keyword hill

1. The keyword is written as a matrix


2. The key matrix
3. Split plaintext “short example” into column vectors

VIT/SCOPE/BCSE309-CNS/MODULE 2 29
EXAMPLE…

4. The plaintext is converted into numeric column vectors

5. Multiply the key matrix by each column vector

6. Converting numbers back to letters

VIT/SCOPE/BCSE309-CNS/MODULE 2 30
VIT/SCOPE/BCSE309-CNS/MODULE 2 31
VIT/SCOPE/BCSE309-CNS/MODULE 2 32
VIT/SCOPE/BCSE309-CNS/MODULE 2 33
VIT/SCOPE/BCSE309-CNS/MODULE 2 34
Final Ciphertext: “APADJTFTWLFJ”

VIT/SCOPE/BCSE309-CNS/MODULE 2 35
EXAMPLE 2

 Consider the plaintext "paymoremoney" and use the


encryption key

 The first three letters of the plaintext are represented by the


vector

VIT/SCOPE/BCSE309-CNS/MODULE 2 36
HILL CIPHER…

Decryption requires using the inverse of the matrix K.

The inverse K-1 of a matrix K is defined by the equation KK-1 = K-


1K = I,

where I is the matrix that is all zeros except for ones along the main
diagonal from upper left to lower right.
VIT/SCOPE/BCSE309-CNS/MODULE 2 37
HILL CIPHER…

 In general terms, the Hill system can be expressed as follows:


C = E(K, P) = KP mod 26
P = D(K, P) = K-1C mod 26 = K -1KP = P

VIT/SCOPE/BCSE309-CNS/MODULE 2 38
POLYALPHABETIC CIPHERS

 Improve security using multiple cipher alphabets


 Polyalphabetic substitution ciphers
 Make cryptanalysis harder with more alphabets to guess and flatter
frequency distribution
 All these techniques have the following features in common:
1. A set of related monoalphabetic substitution rules is used.
2. A key determines which particular rule is chosen for a given transformation.

VIT/SCOPE/BCSE309-CNS/MODULE 2 39
VIGENÈRE CIPHER

 Best known and simplest polyalphabetic


substitution cipher
 The Vigenere Cipher was developed in 1585
by Blaise de Vigenere.
 Effectively multiple caesar ciphers
 Key is multiple letters long K = k1 k2 ... kd
 ith letter specifies ith alphabet to use
 Use each alphabet in turn
 Repeat from start after d letters in message
VIT/SCOPE/BCSE309-CNS/MODULE 2 40
VIGENÈRE CIPHER…

 Assume a sequence of plaintext letters P= p0, p1, p2 ,…, pn-1 and key
K= k0, k1, k2 ,…, km-1 where m<n
 Ciphertext letters C= C0, C1, C2 ,…, Cn-1 is calculated as:
(p0 + k0) mod 26, (p1 + k1) mod 26,…, (pm-1 + km-1) mod 26,
(pm + km) mod 26, (pm+1 + k1) mod 26,…, (p2m-1 + km-1) mod 26,…
 A general equation of the encryption process
Ci = (pi + kimodm) mod 26
 Decryption
pi = (Ci – kimodm) mod 26
VIT/SCOPE/BCSE309-CNS/MODULE 2 41
Vigenere Tableau

VIT/SCOPE/BCSE309-CNS/MODULE 2 42
EXAMPLE OF VIGENÈRE CIPHER

 Write the plaintext out


 Write the keyword repeated above it
 Use each key letter as a caesar cipher key
 Encrypt the corresponding plaintext letter
 Example: Encrypt the plaintext “We are discovered. Save yourself!”
using the keyword deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
VIT/SCOPE/BCSE309-CNS/MODULE 2 43
VIGENÈRE CIPHER…

 Decryption is equally simple.


 The key letter again identifies the row.
 The position of the ciphertext letter in that row determines the column,
and the plaintext letter is at the top of that column.

VIT/SCOPE/BCSE309-CNS/MODULE 2 44
AUTOKEY CIPHER

 To eliminate the periodic nature of keyword, ideally want a key as long as the
message.
 Vigenère proposed the autokey cipher
 Keyword is prefixed to message to provide a running key.
 Example: The key is deceptive
key: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
 Vulnerable to cryptanalysis as it has frequency characteristics
VIT/SCOPE/BCSE309-CNS/MODULE 2 45
TRANSPOSITION CIPHERS

 Classical transposition or permutation ciphers


 These hide the message by rearranging the letter order, without altering the
actual letters used
 Can recognise these since have the same frequency distribution as the original
text
 Examples
 Rail Fence cipher
 Row/Column transposition cipher
 Route Cipher
VIT/SCOPE/BCSE309-CNS/MODULE 2 46
RAIL FENCE CIPHER
 Write message letters out diagonally over some rows
 Then read off cipher row by row
 Example: write the message out as:
m e m a t r h t g p r y
e t e f e t e o a a t
 Ciphertext
MEMATRHTGPRYETEFETEOAAT

VIT/SCOPE/BCSE309-CNS/MODULE 2 47
ROW TRANSPOSITION CIPHERS
 A more complex transposition
 Write the message in a rectangle, row by row, and read the message off,
column by column
 Then reorder the columns according to some key before reading off the rows
Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
48
ROW TRANSPOSITION CIPHERS…

 A transposition cipher can be significantly made more secure by


performing more than one stage of transposition.
 The result is a more complex permutation that is not easily
reconstructed
 Example
Key: 4 3 1 2 5 6 7
Plaintext: t t n a a p t
m t s u o a o
d w c o I x k
n l y p e t z
Ciphertext: NSCYAUOPTTWLTMDNOIEPAXTTOKZ
49
SYMMETRIC KEY CRYPTOGRAPHIC TECHNIQUES

VIT/SCOPE/BCSE309-CNS/MODULE 2 50
SYMMETRIC ENCRYPTION

 Symmetric encryption is a form of cryptosystem in which encryption


and decryption are performed using the same key
 Conventional / private-key / single-key
 Sender and recipient share a common key
 All classical encryption algorithms are private-key
 Only type prior to invention of public-key in 1970’s
 Most widely used
VIT/SCOPE/BCSE309-CNS/MODULE 2 51
SIMPLIFIED MODEL OF CONVENTIONAL ENCRYPTION
ENCRYPTION

VIT/SCOPE/BCSE309-CNS/MODULE 2 52
REQUIREMENTS

 Two requirements for secure use of symmetric encryption:


 a strong encryption algorithm
 a secret key known only to sender / receiver
 Mathematically:
Y = EK(X)
X = DK(Y)
 Assume encryption algorithm is known
 Implies a secure channel to distribute key
VIT/SCOPE/BCSE309-CNS/MODULE 2 53
ATTACKING SYMMETRIC ENCRYPTION

 Cryptanalysis
 rely on nature of the algorithm
 plus some knowledge of plaintext characteristics
 even some sample plaintext-ciphertext pairs
 exploits characteristics of algorithm to deduce specific plaintext or key
 Brute-force attack
 try all possible keys on some ciphertext until get an intelligible translation into
plaintext
VIT/SCOPE/BCSE309-CNS/MODULE 2 54
CRYPTANALYSIS

 The process of decrypting a message without knowing the cipher or the


key used to encrypt it
 Objective to recover key not just message
 General approaches:
 cryptanalytic attack
 brute-force attack

VIT/SCOPE/BCSE309-CNS/MODULE 2 55
CRYPTANALYTIC ATTACKS

56
BRUTE FORCE SEARCH
 Always possible to simply try every key
 Most basic attack, proportional to key size
 Assume either know / recognise plaintext
 Average Time Required for Exhaustive Key Search

57
VIT/SCOPE/BCSE309-CNS/MODULE 2
Exhaustive Key Search

VIT/SCOPE/BCSE309-CNS/MODULE 2 58
MORE DEFINITIONS

 Unconditional security
 No matter how much computer power or time is available, the cipher
cannot be broken since the ciphertext provides insufficient
information to uniquely determine the corresponding plaintext
 Computational security
 Given limited computing resources (eg time needed for calculations is
greater than age of universe), the cipher cannot be broken
VIT/SCOPE/BCSE309-CNS/MODULE 2 59
BLOCK CIPHERS
BLOCK CIPHER

A block of
BLOCK CIPHER plaintext is
treated as a whole Typically a block
and used to size of 64 or 128
produce a bits is used
ciphertext block
of equal length

The majority of
network-based
The two users symmetric
share a symmetric cryptographic
encryption key applications make
use of block
ciphers
VIT/SCOPE/BCSE309-CNS/MODULE 2 61
BLOCK CIPHER

VIT/SCOPE/BCSE309-CNS/MODULE 2 62
BLOCK CIPHERS...

 For encryption to be reversible, each plaintext must produce a unique


ciphertext block. Such a transformation is called reversible or
nonsingular
 Block ciphers look like an extremely large substitution
 Would need a table of 264 entries for a 64-bit block
 Instead, create from smaller building blocks
 Using the idea of a product cipher

VIT/SCOPE/BCSE309-CNS/MODULE 2 63
BLOCK CIPHER PRINCIPLES…

 In 1949, Claude Shannon introduced the idea of substitution-


permutation (S-P) networks (Product Ciphers)
 These form the basis of modern block ciphers
 S-P networks are based on the two primitive cryptographic
operations:
 Substitution (S-box)
 Permutation (P-box)
VIT/SCOPE/BCSE309-CNS/MODULE 2 64
BLOCK CIPHER PRINCIPLES…

 Shannon’s idea in introducing the product cipher was to enable the block
ciphers to have two important properties:
Diffusion
• Dissipates statistical structure of plaintext over the bulk of
ciphertext
• This is achieved by having each plaintext digit affect the value of
many ciphertext digits

Confusion
• Makes the relationship between ciphertext and key as complex as 65

possible
FEISTEL CIPHER

 Two Classes of Product Ciphers


 Feistel cipher- use both invertible and noninvertible components
 Non- Feistel cipher-use only invertible components
 Feistel proposed the use of a cipher that alternates substitutions and
permutations
 A practical application of a proposal by Claude Shannon to develop a
product cipher that alternates confusion and diffusion functions
 Most symmetric block ciphers are based on a Feistel Cipher
Structure
VIT/SCOPE/BCSE309-CNS/MODULE 2 66
FEISTEL CIPHER STRUCTURE

 Horst Feistel devised the Feistel cipher, based on the concept of an


invertible product cipher
 Partitions input block into two halves
 Process through multiple rounds
 Perform a substitution on the left data half based on a round function of
the right half & subkey
 Then have permutation-swapping halves
 Implements Shannon’s substitution-permutation network concept.

VIT/SCOPE/BCSE309-CNS/MODULE 2 67
Feistel Cipher Structure

FEISTEL CIPHER STRUCTURE

VIT/SCOPE/BCSE309-CNS/MODULE 2 68
A ROUND IN FEISTEL CIPHER

 Feistel cipher can be


described as:
 Li+1 = Ri
 Ri+1 = Li xor F(Ri, Ki)

VIT/SCOPE/BCSE309-CNS/MODULE 2 69
FEISTEL CIPHER DESIGN PRINCIPLES

Number of
Block size Key size
rounds

Subkey Round Fast software


generation function en/decryption

Ease of
analysis
VIT/SCOPE/BCSE309-CNS/MODULE 2 70
FEISTEL DECRYPTION ALGORITHM

The decryption process with a The rule is as follows:


Feistel cipher is essentially the
same as the encryption
process. Use the ciphertext as input
to the algorithm but use the
subkeys Ki in reverse order.
VIT/SCOPE/BCSE309-CNS/MODULE 2 71
MODERN BLOCK CIPHERS
 The most widely used types of
cryptographic algorithms
 Provide encryption of quantities
of information, and/or a
cryptographic checksum to
ensure the contents have not
been altered
 Provide secrecy and/or
authentication services
 Example Ciphers: DES, AES, IDEA
etc

VIT/SCOPE/BCSE309-CNS/MODULE 2 72
SIMPLIFIED DES (S-DES)

VIT/SCOPE/BCSE309-CNS/MODULE 2 73
GENERAL STRUCTURE OF S-DES ENCRYPTION
VIT/SCOPE/BCSE309-CNS/MODULE 2 74
KEY GENERATION FOR S-DES
VIT/SCOPE/BCSE309-CNS/MODULE 2 75
KEY GENERATION FOR S-DES …

Cipher Key 1011100110


After permutation 1100101110
After splitting L: 11001 R: 01110
Round 1:
Shifted keys: L: 10011 R: 11100
Combined key: 1001111100
Round Key 1: 10111100
Round 2:
Shifted keys: L: 01110 R: 10011
Combined key: 0111010011
Round Key 2: 11010011 76

VIT/SCOPE/BCSE309-CNS/MODULE 2
S-DES ENCRYPTION

1. Initial and Final Permutations

 Plaintext:11110011
 Permuted output: 10111101

VIT/SCOPE/BCSE309-CNS/MODULE 2 77
S-DES ENCRYPTION

 Rounds
 S-DES uses two rounds.
 Each round of S-DES is a
Feistel cipher

VIT/SCOPE/BCSE309-CNS/MODULE 2 78
S-DES ENCRYPTION

 S-DES Function

 The heart of S-DES is the S-DES


function.
 The S-DES function applies an 8-bit
key to the rightmost 4 bits to
produce a 4-bit output

VIT/SCOPE/BCSE309-CNS/MODULE 2 79
S-DES ENCRYPTION

 Expansion P-box

 Example: R= 1101
E/P output = 11101011

VIT/SCOPE/BCSE309-CNS/MODULE 2 80
S-DES ENCRYPTION

 S-boxes

The input to S-box 1 is 1010. What is the output?


81
S-DES ENCRYPTION…

 Straight P-Box

VIT/SCOPE/BCSE309-CNS/MODULE 2 82
SIMPLIFIED
DES

83
DATA ENCRYPTION STANDARD (DES)

VIT/SCOPE/BCSE309-CNS/MODULE 2 84
DATA ENCRYPTION STANDARD (DES)
 The Data Encryption Standard (DES) is a symmetric-key block cipher published by
the National Institute of Standards and Technology (NIST).
 Issued in 1977 by the National Bureau of Standards (now NIST) as Federal
Information Processing Standard 46
 Most widely used block cipher in world
 Algorithm itself is referred to as the Data Encryption Algorithm (DEA)
 Data are encrypted in 64-bit blocks using a 56-bit key
 The algorithm transforms 64-bit input in a series of steps into a 64-bit output
 The same steps, with the same key, are used to reverse the encryption 85

VIT/SCOPE/BCSE309-CNS/MODULE 2
DES HISTORY

 IBM developed Lucifer cipher


 by team led by Feistel
 used 64-bit data blocks with 128-bit key
 Redeveloped as a commercial cipher with input from NSA and others
 In 1973, NIST issued request for proposals for a national cipher standard
 IBM submitted their revised Lucifer which was eventually accepted as the
DES
VIT/SCOPE/BCSE309-CNS/MODULE 2 86
DES has considerable controversy over
the design
• in choice of 56-bit key (vs Lucifer 128-bit)
• Design Criteria of S-Boxes
Subsequent events and public analysis show
DES DESIGN design was appropriate
CONTROVERSY DES has become widely used, especially in
financial applications
NIST defines DES as the standard for use
in unclassified applications.
In 1999, NIST issued a new version of its
standard (FIPS PUB 46-3) called Triple
DES
VIT/SCOPE/BCSE309-CNS/MODULE
87 2
GENERAL STRUCTURE OF DES

 The encryption process is


made of:
 2 permutations (P-boxes)
 16 Feistel rounds.
 Each round uses a different
48-bit round key

VIT/SCOPE/BCSE309-CNS/MODULE 2 88
Key Generation

89

VIT/SCOPE/BCSE309-CNS/MODULE 2 89
VIT/SCOPE/BCSE309-CNS/MODULE 2 90
KEY GENERATION
COMPRESSION PERMUTATION 1

 The compression permutation (P-box) changes the 64 bits to 56 bits,


which are used as a key for a round.
P-Box 1

91
VIT/SCOPE/BCSE309-CNS/MODULE 2
KEY GENERATION
SHIFT LEFT

Number of bit shifts

VIT/SCOPE/BCSE309-CNS/MODULE 2 92
KEY GENERATION
COMPRESSION PERMUTATION 2

 The compression permutation (P-box) changes the 56 bits to 48 bits,


which are used as a key for a round.
P-Box 2

VIT/SCOPE/BCSE309-CNS/MODULE 2 93
DES ENCRYPTION
INITIAL AND FINAL PERMUTATIONS

VIT/SCOPE/BCSE309-CNS/MODULE 2 94
INITIAL AND FINAL PERMUTATIONS …

Initial and final permutation tables

 Example: IP(675a6967 5e5a6b5a)


VIT/SCOPE/BCSE309-CNS/MODULE 2 95

= (ffb2194d 004df6fb)
DES ROUNDS

▪ DES uses 16 rounds.


▪ Each round of DES is a Feistel
cipher
▪ Uses two 32-bit L & R halves
▪ Feistel cipher can be described as:
▪ Li = Ri–1
▪ Ri = Li–1 xor F(Ri–1, Ki)

VIT/SCOPE/BCSE309-CNS/MODULE 2 96
DES FUNCTION
 The heart of DES is the DES function.
 The DES function applies a 48-bit key to the rightmost 32 bits (Ri–1) to
produce a 32-bit output.
 This function is made up of four sections:
 an expansion P-box,
 a whitener (that adds key)
 a group of S-boxes
 a straight P-box

VIT/SCOPE/BCSE309-CNS/MODULE 2 97
DES
FUNCTION…

VIT/SCOPE/BCSE309-CNS/MODULE 2 98
EXPANSION PERMUTATION

Expansion P-box table

VIT/SCOPE/BCSE309-CNS/MODULE 2 99
SUBSTITUTION BOXES

 The S-boxes do the real mixing (confusion).


 Have eight S-boxes which map 6 to 4 bits

VIT/SCOPE/BCSE309-CNS/MODULE 2 100
S-BOXES…

 S-box rule

 Example:
S(18 09 12 3d 11 17 38 39) = 5fd25e03

VIT/SCOPE/BCSE309-CNS/MODULE 2 101
S-box 1

S-box 2

S-box 3

102
S-box 4

S-box 5

S-box 6

103
S-box 7

S-box 8

1. The input to S-box 1 is 100011. What is the output?


2. The input to S-box 8 is 000000. What is the output?
104
VIT/SCOPE/BCSE309-CNS/MODULE 2
STRAIGHT PERMUTATION

 The last operation in the DES function is a straight permutation with a


32-bit input and a 32-bit output.
Straight permutation table

VIT/SCOPE/BCSE309-CNS/MODULE 2 105
GENERAL
DEPICTION OF
DES ENCRYPTION

106
SINGLE ROUND
OF DES

107
DES DECRYPTION

Decryption uses the same algorithm as encryption, except that


the application of the subkeys is reversed.

Additionally, the initial and final permutations are reversed.

VIT/SCOPE/BCSE309-CNS/MODULE 2 108
DES EXAMPLE

Plaintext:
02468ACEECA86420

Key:
0F1571C947D9E859

Ciphertext:
DA02CE3A89ECAC3B

VIT/SCOPE/BCSE309-CNS/MODULE 2 109
AVALANCHE EFFECT

 Key desirable property of encryption algorithm


 Avalanche effect means a small change in the plaintext (or key) should
create a significant change in the ciphertext
 A change of one bit plaintext or key bit results in changing
approximately half output bits
 Making attempts to “home-in” by guessing keys impossible
 DES exhibits a strong avalanche effect
VIT/SCOPE/BCSE309-CNS/MODULE 2 110
AVALANCHE EFFECT …

 Encrypt two plaintext blocks (with the same key) that differ only in one bit
and observe the differences in the number of bits in each round.
 Plaintext: 0000000000000000 Key: 22234512987ABB23
CipherText: 4789FD476E82A5F1
 Plaintext: 0000000000000001 Key: 22234512987ABB23
Ciphertext: 0A4ED5C15A63FEA3
Number of bit differences

111
AVALANCHE
EFFECT IN DES:
CHANGE IN
PLAINTEXT

VIT/SCOPE/BCSE309-CNS/MODULE 2 112
AVALANCHE
EFFECT IN DES:
CHANGE IN KEY

VIT/SCOPE/BCSE309-CNS/MODULE 2 113
STRENGTH OF DES – KEY SIZE

 56-bit keys have 256 = 7.2 x 1016 values


 Brute force search looks hard
 Recent advances have shown is possible
 in 1997 on Internet in a few months
 in 1998 on dedicated h/w (EFF) in a few days
 in 1999 above combined in 22hrs!
 Now considering alternatives to DES

VIT/SCOPE/BCSE309-CNS/MODULE 2 114
STRENGTH OF DES – TIMING ATTACKS

 Attacks actual implementation of cipher


 Use knowledge of consequences of implementation to
derive knowledge of some/all subkey bits
 Exploits the fact that calculations can take varying times
depending on the value of the inputs to it
 Particularly problematic on smartcards

VIT/SCOPE/BCSE309-CNS/MODULE 2 115
STRENGTH OF DES – ANALYTIC ATTACKS

 Now have several analytic attacks on DES


 These utilize some deep structure of the cipher
 by gathering information about encryptions
 can eventually recover some/all of the sub-key bits
 if necessary, then exhaustively search for the rest
 Generally, these are statistical attacks
 Include
 Differential cryptanalysis
 Linear cryptanalysis
 Related key attacks
VIT/SCOPE/BCSE309-CNS/MODULE 2 116
BLOCKBlock Cipher
CIPHER Design
DESIGN Principles: Number of Rounds
PRINCIPLES:
NUMBER OF ROUNDS

In general, the criterion


should be that the number If DES had 15 or fewer
The greater the number of
of rounds is chosen so rounds, differential
rounds, the more difficult
that known cryptanalytic cryptanalysis would
it is to perform
efforts require greater require less effort than a
cryptanalysis
effort than a simple brute- brute-force key search
force key search attack

VIT/SCOPE/BCSE309-CNS/MODULE 2 117
MULTIPLE DES

 The major criticism of DES regards its key length


 Use double or triple DES to increase the key size
 Double DES (2DES).
 use two instances of DES ciphers for encryption and two instances of reverse ciphers for
decryption.
 Each instance uses a different key, which means that the size of the key is now doubled
(112 bits).
 Vulnerable to a known-plain text attack
 Triple-DES
 Uses three stages of DES for encryption and decryption.
 Two versions of triple DES are: triple DES with two keys and triple DES with three keys.
 Much more secure but also much slower
VIT/SCOPE/BCSE309-CNS/MODULE 2 120
MULTIPLE DES

 The major criticism of DES regards its key length


 Use double or triple DES to increase the key size
 Double DES (2DES).
 use two instances of DES ciphers for encryption and two instances of reverse ciphers for
decryption.
 Each instance uses a different key, which means that the size of the key is now doubled
(112 bits).
 Vulnerable to a known-plain text attack
 Triple-DES
 Uses three stages of DES for encryption and decryption.
 Two versions of triple DES are: triple DES with two keys and triple DES with three keys.
 Much more secure but also much slower
VIT/SCOPE/BCSE309-CNS/MODULE 2 121
DOUBLE DES

▪ The simplest form of multiple


encryption has two
encryption stages and two
keys
▪ Given a plaintext P and two
encryption keys K1 and K2,
ciphertext C is generated as:
C = E(K2, E(K1, P))
▪ Decryption requires that the
keys be applied in reverse order:
P = D(K1, D(K2, C))

VIT/SCOPE/BCSE309-CNS/MODULE 2 122
TRIPLE DES

▪ Two-key triple encryption follows


an encrypt-decrypt-encrypt (EDE)
sequence
C = E(K1, D(K2, E(K1, P)))
P = D(K1, E(K2, D(K1, C)))
▪ Three-key 3DES is defined as
C = E(K3, D(K2, E(K1, P)))

VIT/SCOPE/BCSE309-CNS/MODULE 2 123

You might also like