1 / 18

Secret Key Cryptography

Secret Key Cryptography. TE/CS 536 Network Security Spring 2006 – Lectures 6&7. Block Encryption - 1. Stream ciphers are not suitable for long messages Block ciphers convert block to another: one-to-one reversible mapping Long enough to avoid known-plaintext attack

tobit
Download Presentation

Secret Key Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secret Key Cryptography TE/CS 536 Network Security Spring 2006 – Lectures 6&7

  2. Block Encryption - 1 • Stream ciphers are not suitable for long messages • Block ciphers convert block to another: one-to-one reversible mapping • Long enough to avoid known-plaintext attack • 64 bits – possible number of keys = ? • 128 bits • Output should look random • No correlation between plaintext and ciphertext

  3. Block Encryption - 2 • Substitution (creates confusion) • Permutation (creates diffusion) • Round: combination of substitution and permutation; do until a bit change can affect every output bit • How many rounds? A few but not fewer

  4. Block Cipher Scheme Plaintext block of length N Cipher block of length N Encrypt Secret key

  5. Block Ciphers: modes • ECB: Electronic Code Book • Good for small messages, non-repeating blocks • CBC: Cipher Block Chaining • The cipher text i is XORed with message (i+1) before encryption. • CFB: Cipher Feedback • OFB: Output Feedback

  6. DES (Data Encryption Standard) • Published in 1977, standardized in 1979. • Key: 64 bit quantity=8-bit parity+56-bit key • Every 8th bit is a parity bit. • 64 bit input, 64 bit output. 64 bit M 64 bit C DES Encryption 56 bits

  7. DES Top View 56-bit Key 64-bit Input 48-bit K1 Generate keys LPT RPT Initial Permutation 48-bit K1 Round 1 48-bit K2 Round 2 …... 48-bit K16 Round 16 Swap 32-bit halves Swap Final Permutation Permutation 64-bit Output

  8. Initial Permutation -> LPT | RPT

  9. RPT Expansion Permutation (32-to-48) 1 2 3 4 5 32 Input: ……. 0 0 1 0 1 1 Output …….. 10 0 1 0 1 0 110 1 2 3 4 5 6 7 8 48

  10. Per-Round Key Generation Initial Permutation of DES key C i-1 D i-1 28 bits 28 bits Circular Left Shift Circular Left Shift One round Round 1,2,9,16: single shift Others: two bits Permutation with 8 bits Discard 48 bits Ki C i D i 28 bits 28 bits

  11. A DES Round 32 bits Ln 32 bits Rn Expand One Round Encryption 48 bits Function F 48 bits Ki S-Boxes P 32 bits 32 bits Ln+1 32 bits Rn+1

  12. 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 S1 S2 S3 S4 S5 S6 S7 S8 + + + + + + + + Permutation The F Function Key is XORed in eight 6-bit chunks with the expanded permuted RPT 6-input bits used to select 4-output bits through an S-box The permutation produces “spread” among the chunks/S-boxes!

  13. 2 bits row I1 I2 I3 I4 I5 I6 S O1 O2 O3 O4 i 4 bits column = 1,…8. i S-Box (Substitute and Shrink) • 48 bits ==> 32 bits. (8*6 ==> 8*4) • 2 bits used to select amongst 4 permutations for the rest of the 4-bit quantity

  14. S1 box Each row and column contain different numbers. 0 1 2 3 4 5 6 7 8 9…. 15 0 14 4 13 1 2 15 11 8 3 1 0 15 7 4 14 2 13 1 10 2 4 1 14 8 13 6 2 11 15 3 15 12 8 2 4 9 1 7 5 Example: input: 100110 output: ???

  15. 8 S-Boxes • Logic behind the selection of the S-Boxes remains unpublished secret • Is it a good idea technically to publish it?

  16. Decryption • Apply the same operations with the same key Ki at each round: • Input: Rn+1|Ln+1 • Due to the “swap” operation • Output: Rn|Ln • The swap operation at the end will produce the correct result: L|R

  17. Cipher Iterative Action : Input: 64 bits Key: 48 bits Output: 64 bits Key Generation Box : Input: 56 bits Output: 48 bits DES Standard One round (Total 16 rounds)

  18. DES Summary • Simple, easy to implement: • Hardware/gigabits/second, software/megabits/second • 56-bit key DES may be acceptable for non-critical applications but triple DES (DES3) should be secure for most applications today • Supports several operation modes: ECB CBC, OFB, CFB

More Related