Good IdeaGood Idea

Cryptography

The Basic Idea:The Basic Idea:

plaintext

algorithm

Key

ciphertext

Two approaches:Two approaches:

1) Make algorithm secret and don’t use a key.

2) Make algorithm public but keep the key secret.

Bad Idea

Security through obscurity

Security through obscurity Security through obscurity is the use of secrecy of design or

implementation to provide security.

Security through obscurity is discouraged and not recommended.

A system relying on security through obscurity may have theoretical or actual security vulnerabilities.

But its owners or designers believe that if the flaws are not known, then attackers will be unlikely to find them

Cipher cannot be distributed among public and thus would not have a commercial or publically accepted value.

Block Cipher Building blocks• Shannon proposed ciphers with two

components – S-Boxes substitution

• providing confusion of input bits

– P-Boxes permutation• providing diffusion across S-box inputs

S-box (substitution)

01234567

3 bitinput

0

1

0

01234567

1

1

0

3 bitoutput

Word size of 3 bits => mapping of 23 = 8 values

P-box (permutation)4 bitinput

1

1

0

1

1

0

1

1

1

1

0

1

1

0

1

1

Example 1

Example 2 - swap twohalves of input

S-Box and P-Box• A combination of S-box and P-box transformation

is known as a product cipher. (Example Lucifer cipher)

• The combination could yield a cipher system more powerful than either one alone.

• A product cipher that uses only substitutions and permutations is also called a SP-network.

• Basis of modern block symmetric cryptography