580 likes | 813 Views
Modern Cryptography. 1977: Data Encryption Standard (DES) adopted by the U.S. Federal Information Processing for encrypting unclassified information
E N D
Modern Cryptography • 1977: Data Encryption Standard (DES)adopted by the U.S. Federal Information Processing for encrypting unclassified information • 1976: Diffie and Hellman, introduced the revolutionary concept of public-key cryptography. Security is based on the intractability of the discrete logarithm problem • 1978:Rivest, Shamir, and Adleman (RSA), perhaps the most well-known scheme; security is based on the the intractability of factoring large integers.
Simplified DES • Encryption Takes an 8-bit block of plaintext and a 10-bit key as input and produces an 8-bit of cipher. • Decryption Takes an 8-bit block of cipher and the same 10-bit key as input and produces an 8-bit of original plaintext. • Both substitution and transposition operations are used • It is a complex, multi-phase algorithm
Five Functions of Simplified DES • IP: Initial permutation • fk: Key-dependent scrambler (Mangler(complex) function)) • Use a 8-bit key • Perform both permutation and substitution • SW ( simple permutation function) • Swap the two halves of data • fk again (different key) • IP-1: Inverse permutation
S-DES AlgorithmWe can concisely express the encryotio algorithm as a composition of functin: IP-1 ° fk2°SW ° fk1° IP OR AS: • Cipher = IP-1(fk2(SW(fk1(IP(plaintext))))) • K1 = P8(Shift(P10(key))) • K2 = P8(Shift(Shift(P10(key)))) • Plaintext = IP-1(fk1(SW(fk2(IP(ciphertext)))))
Key Generation 10-Bit Key: Make up by sender P10: Permutation 10 (Constant) P8: Permutation 8 (Constant)
Encryption 8-Bit Plaintext: Make up by sender IP: Initial Permutation (constant) IP-1: Inversed Permutation (constant)
Encryption S0 Box (constant) S1 Box (constant) E/P: Expansion/Permutation Rule (constant) P4: Permutation 4 (constant)
Data Encryption Standard (DES) • National Bureau of Standards and Technology (NIST) adopted DES in 1977 based on LUCIFER developed by IBM. • DES has flourished and is widely used, especially in financial application. • Text length: 64 bits. Thus the plaintext is divide into 64-bit blocks. • The key is 64 bit long. However, the bit positions 8, 16,….,64 are parity of the previous 7 bits. Hence, the key is really a 56 bit long binary string.
From S-DES to DESEncryption Scheme • S-DES IP-1 o fk2 o SW o fk1 o IP • DES IP-1 o fk16 o SW o fk15 o SW..... o SW o fk1 o IP
From S-DES to DESkey • S-DES • 10-bit key is used • From which two 8-bit keys are calculated • DES • 56-bit key is used • From which 16 48-bit keys are calculated
From S-DES to DESData block • S-DES • Each block is 8 bits • Each half is 4 bits • DES • Each block is 64 bits • Each half is 32 bits
From S-DES to DESexpansion of right half • S-DES • 4-bit right half is expanded to 8 bits • After xor with the key, it is arranged into 2X4 matrix • DES • 32-bit right half is expanded to 48 bits • After xor with the key, it is arranged into 8X6 matrix
From S-DES to DESS box • S-DES • Use 1st and 4th bit for row, 2nd and 3rd bit for column • There are 2 S Boxes, each is 4 X 4 • Entries in S box are 0 - 3 • DES • Use 1st and 6th bit for row, 2nd thru 6th bit for column • There are 8 S Boxes, each is 4 X 16 • Entries in S box are 0 - 15
DES: Key generation for each round (key schedule) • The parity bits are stripped away. • The bits are permuted by PC-1 • Result is split in to left half (Ci) and right half (Di) (i: round of calculation) • Left shift Ci and Di separately. Left shift by one position if i=1, 2, 9, or 16; otherwise shift by 2 • Combine the two halves after shifting and permute by PC-2. The result is sub key i (48 bits) • Use result of (4) as input for next sub key
Key Permuted Choice 1 PC-1: Permutation of 56 bits
Key Permuted Choice 2 PC-2: Permutation of 48 bits The following bits are discarded
Key Shifting Schedule of left shift
DES – Permutation Function • Before first rounds, the plaintext bits are permuted using an initial permutation. IP • Hence, at the end of the 16 rounds the inverse permutation is applied. IP-1
Data Encryption Standard • The algorithm has 16 rounds. Each round has the following architecture: Li and Ri are 32-bit long
DES: Expansion Function • The 32 bits of Ri are permuted and 16 of them are repeated twice to obtain a 48 bit string.
DES: S Boxes. • S blocks takes in as input 6-bit arguments and outputs four bits. • This is the substitution part of the cipher.
DES – Permutation 32 • After substitution, the function output is now 32 bits and it goes through a fixed permutation.
Output of Mangler function • The 32-bit output of Mangler function is xor with the original left half. • Result of (1) is the right half (R1) • Original right half becomes new left half (L1) • Concatenation of L1 andR1 is input to round 2
Cipher Text • Repeat for another 15 rounds • Apply permutation IP-1 at the end of 16th round. • Use the same algorithm for decryption, except the sub keys are used in reversed order. (k16 for round 1, key15 for round 2, etc....)
DES Reviewed An initial permutation is applied to the plain text. The result is split into two halves (L0,R0). We apply a function and call it a round: L1=R0, R1=L0f(R0,K0) From the initial key K we derive subkeys: Ki (basically shifts of the initial key).
Mangler Function Reviewed A is the 32 bit input, J is the 48 bit subkey. E is a trivial expansion of the input to 48 bits (bits 4,5 are repeated, bits 8,9 are repeated, bits 12,13 are repeated… and there is a circular shift of 1 bit to the right. The S-Boxes map 6 bits onto 4, finally a permutation is applied.
The Strength/Weakness of DES • Number of possible keys = 256 • Which is equivalent to 7.2 X 1016 • On Average half the key space has to be searched • Estimated single machine brute-force search
The Strength/Weakness of DES • Parallel computing and improvement in computing power makes DES breakable. • Downside of brute-force search: if plaintext is compressed or is a numeric file, it is difficult to recognize. Some knowledge about plaintext is needed.
DES: Comments • The security of the system depends on the number of rounds. For example, if the number of rounds is 8 then DES can be broken quite easily by differential cryptanalysis. • 56 bit keys have become easier to break by exhaustive search. That is if you have one single copy of a plaintext and the corresponding cipher state, then one can try all possible keys before a match occurs. • Modified DES (e.g., triple DES) protocols are used. • DES will be replaced Advanced Encryption System (AES).
AES • As DES is getting very old, NIST began a public process to choose a new cipher to be called AES (Advanced Encryption Standard). • AES algorithms should have 3 key sizes: 128, 192, 256 bits, and operate on block sizes of 128 bits. • The algorithm would be selected by choosing the fastest cipher, • Additional considerations are memory requirements, suitability to smart cards, etc… • In 1999, the finalist were announced....