Upload
yazanalomari
View
215
Download
0
Embed Size (px)
Citation preview
7/25/2019 Ch3 Block Ciphers and DES_blackboard
1/37
Modern Block Ciphers
Introduction to Network
Security
7/25/2019 Ch3 Block Ciphers and DES_blackboard
2/37
Basic idea of modern block ciphers
From classical ciphers, we learn two techniques thatmay improve security:
Encrypt multiple letters at a time
Use multiple ciphertet alphabets !"olyalphabetic ciphers# $ombinin% these two techniques
encrypt ei%ht !or more# letters at a time called a block cipher
and use an etremely lar%e number of ciphertetalphabets
will be called modes of operation
1
7/25/2019 Ch3 Block Ciphers and DES_blackboard
3/37
&hat is 'implified (E'
Developed 1996 as a teaching tool Santa Clara University
ro!" #dward Schae!er$akes an %&'it 'lock plainte(t) a 1* +'it key
and produces an %&'it 'lock o! cipherte(t
Decryption takes the %&'it 'lock o!
cipherte(t) the sa,e 1*&'it key andproduces the original %&'it 'lock o!plainte(t
7/25/2019 Ch3 Block Ciphers and DES_blackboard
4/37
')(E' 'cheme
*"
fk
'&
fk
*" ) +
"+
"-
*"
fk
'&
fk
*" ) +'.*F/
'.*F/
"-
Encryption Decryption
-)bit plaintet -)bit plaintet
-)bit ciphertet -)bit ciphertet
0+ 0+
01 01
7/25/2019 Ch3 Block Ciphers and DES_blackboard
5/37
Five Functions to Encrypt
I + an initial per,utation
!k
& a co,ple() -&input !unction
S. + a si,ple per,utation that swaps the twony'les
!k & a co,ple() -&input !unction/ again
I + inverse per,utation o! the initial per,utation
7/25/2019 Ch3 Block Ciphers and DES_blackboard
6/37
0ey 2eneration
"+
"-
"-
3')+ 3')+
3')1 3')1
-
-
4 4
4 4
4 4
0+
01
+
Operations
!5# 5pply permutation "+:
!B# 5pply 3')+ !left shift +# to each 4)bit %roup6
!$# 5pply permutation "-:
!(# 5pply 3')1 !left shift 1# to each 4)bit %roup6
7/25/2019 Ch3 Block Ciphers and DES_blackboard
7/37
Encryption (etail* "
E7"
' '+
"8
E7"
' '+
"8
'&
* " )+
0 +
0 1
8
8
-
8 8
1 1
8
!5# 5pply epansion7permutation E7" to input 8 bits
!B# 5dd the -)bit key !use 9;#!$# "ass the left 8 bits throu%h ')bo ' and theri%ht 8 bits throu%h ')bo '+!(# 5pply permutation "8:
The permutation IP-1
The permutation IP
7/25/2019 Ch3 Block Ciphers and DES_blackboard
8/37
')bo peration!+# First and fourth bits %ive row number
!1# 'econd and third bits %ive column number! ( 8-bits )
3et 3, ; be the left 8 bits and ri%ht 8 bits of the input6 /henF
0ey! 3 , ; # = !3 9; f!;, 0ey#, ;#
7/25/2019 Ch3 Block Ciphers and DES_blackboard
9/37
Block $iphers
*n %eneral, a block cipher replaces a block of > plaintet bitswith a block of > ciphertet bits6 !E6%6, > = ?8 or +1-6#
5 block cipher is a monoalphabetic cipher6
Each block may be viewed as a hu%e character6
/he @alphabetA consists of 1>%i%antic characters6
Each particular cipher is a one)to)one mappin% from theplaintet @alphabetA to the ciphertet @alphabetA6
/here are 1> such mappin%s6
5 secret key indicates which mappin% to use6
9
7/25/2019 Ch3 Block Ciphers and DES_blackboard
10/37
*deal Block $ipher
5n idealblock cipher would allow us to useany of these 1> mappin%s6
/he key space would be etremely lar%e6
But this would require a key of lo%1!1># bits6
*f > = ?8,lo%1!1># C > 1>C +1+bits C +++2B6
*nfeasible1*
7/25/2019 Ch3 Block Ciphers and DES_blackboard
11/37
"ractical Block $iphers
Dodern block ciphers use a key of 0 bits to specify arandomsubset of 10 mappin%s6
*f 0 C >,
10is much smaller than 1> But is still very lar%e6
*f the selection of the 10 mappin%s is random, the
resultin% cipher will be a %ood approimation of theidealblock cipher6
.orst Feistel, in+s, proposed a method to achievethis6
11
7/25/2019 Ch3 Block Ciphers and DES_blackboard
12/37
/he Feistel $ipher 'tructure
*nput: a data block and a key
"artition the data block into two halves 3 and;6
2o throu%h a number of rounds6 *n each round,
; does not chan%e6
3 %oes throu%h an operation that depends on ;
and a round key derived from the key6
1-
7/25/2019 Ch3 Block Ciphers and DES_blackboard
13/37
$he
0eistelCipherStructure i
7/25/2019 Ch3 Block Ciphers and DES_blackboard
14/37
ound i
2
!
3i&1 i&1
ki
3i
i
7/25/2019 Ch3 Block Ciphers and DES_blackboard
15/37
Dathematical (escription of;ound i
14
1 1
1
1 1
1
Let and be the input of round , and
and the output.
We have
:
( , )
:
:
( , )
Or, (
i i
i i
i i
i i
i
i
i i
i
iL R
L R i
L R
L
L
R
R L F R K
=
=
=
o1
1 1
, where
: ( , ) ( , ).
: ( , ) ( , ).
Not
,
e
)
that and .
( , )
i
i
i
i
i
x y y
x y y x
x F y k
R
= =
7/25/2019 Ch3 Block Ciphers and DES_blackboard
16/37
Feistel $ipher
16
16 2 1
1 1 1 1
1 2 1
Goes through a nuber of rounds, sa! 16 rounds.
" #eiste$ %ipher en%r!pts a p$ainte&t b$o%' as:
: ( ) : ( )
he de%r!ption wi$$ be:
* ( )
k
k
m
c m m
c
= =
=
o o o
o
o o3 o o
o o3 o o 11 16
1 2 16
( )
( )
he des%r!ption a$gorith is the sae as the
en%r!ption a$gorith, but uses round 'e!s in the
reverse order.
c
c
=
o
o o o o3 o o
o
o
7/25/2019 Ch3 Block Ciphers and DES_blackboard
17/37
(E': /he (ata Encryption 'tandard
Dost widely used block cipher in the world6
5dopted by >*'/ in +6
Based on the Feistel cipher structure with +?
rounds of processin%6 Block = ?8 bits
0ey = 4? bits
&hat is specific to (E' is the desi%n of the Ffunction and how round keys are derived fromthe main key6
15
7/25/2019 Ch3 Block Ciphers and DES_blackboard
18/37
(esi%n "rinciples of (E'
/o achieve hi%h de%ree of diffusionandconfusion6
(iffusion: makin% each plaintet bit affectas many ciphertet bits as possible6
$onfusion: makin% the relationship
between the encryption key and theciphertet as comple as possible6
1
7/25/2019 Ch3 Block Ciphers and DES_blackboard
19/37
(E' Encryption
verview
7/25/2019 Ch3 Block Ciphers and DES_blackboard
20/37
;ound 0eys 2eneration
Dain key: ?8 bits6
4?)bits are selected and permuted usin% "ermuted$hoice ne !"$+#G and then divided into two8-bit
ha!"es6 *n each round:
3eft)rotate each ha!fseparately by either + or 1bits accordin% to a rotation schedule6
'elect 18)bits from each half, and permute thecombined 8- bits6
/his forms a round key6
7/25/2019 Ch3 Block Ciphers and DES_blackboard
21/37
"ermuted $hoice ne !"$+#
-1
45 9 1 77 -4 15 9
1 4% 4* - 7 -6 1%
1* - 49 41 7 74 -519 11 7 6* 4- 76
67 44 5 79 71 -7 14
5 6- 4 6 7% 7* --1 6 61 47 4 75 -9
-1 17 4 -% -* 1-
7/25/2019 Ch3 Block Ciphers and DES_blackboard
22/37
*nitial "ermutation *"
*": the first step of the encryption6
*t reorders the input data bits6
/he last step of encryption is the inverse of *"6
*" and *")+are specified by tables !see'tallin%s book, /able
7/25/2019 Ch3 Block Ciphers and DES_blackboard
23/37
ound i
2
0
3i&1 i&1
ki
3i
i
7/25/2019 Ch3 Block Ciphers and DES_blackboard
24/37
-
( )( )
he and ea%h have +2 bits, and the round 'e! - bits.
he fun%tion, on input and , produ%es +2 bits:
( , )
where :
(
e&pands +2 bits o
)
t
he fun%tion of *
L R K
F R K
F R K P S E K
E
R
F
=
- bits/
: shrin's it ba%' to +2 bits/
: perutes the +2 bits.
S
P
7/25/2019 Ch3 Block Ciphers and DES_blackboard
25/37
/he F function of (E'
7/25/2019 Ch3 Block Ciphers and DES_blackboard
26/37
/he Epansion "ermutation E
7/25/2019 Ch3 Block Ciphers and DES_blackboard
27/37
/he ')Boes
Ei%ht ')boes each map ? to 8 bits
Each ')bo is specified as a 8 +? table each row is a permutation of )+4
outer bits + I ? of input are used to select oneof the four rows
inner 8 bits of input are used to select a
column 5ll the ei%ht boes are different6
7/25/2019 Ch3 Block Ciphers and DES_blackboard
28/37
-%
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
1 1+ 1 2 10 11 - + 1 6 12 0 3
10 3 1 2 1+ 1 1 6 12 11 6 0 + -
1 1 - 1+ 6 2 11 10 12 3 + 1 0
10 12 - 2 1 3 0 11 + 1 1 6 1+
Box S1
80or e(a,ple) S11*1*1*: ; 6 ; *11*"
0
1
2
3
7/25/2019 Ch3 Block Ciphers and DES_blackboard
29/37
"ermutation Function "
1
P
+? 1 1+
1 +1 1- +
+ +4 1< 1?4 +-
7/25/2019 Ch3 Block Ciphers and DES_blackboard
30/37
5valanche Effect
5valanche effect:
5 small chan%e in the plaintet or in the key results in asi%nificant chan%e in the ciphertet6
an evidence of hi%h de%ree of diffusion and confusion
a desirable property of any encryption al%orithm
(E' ehibits a stron% avalanche effect
$han%in% + bit in the plaintet affects
7/25/2019 Ch3 Block Ciphers and DES_blackboard
31/37
71
5ttacks on (E'
Brute)force key search
>eeds only two plaintet)ciphertet samples
/ryin% + key per microsecond would take +J years onavera%e, due to the lar%e key space siKe, 14?C 61L++?6
(ifferential cryptanalysis
"ossible to find a key with 18Fplaintet)ciphertet samples
0nown)plaintet attack
3iner cryptanalysis:
"ossible to find a key with 18
7/25/2019 Ch3 Block Ciphers and DES_blackboard
32/37
7-
DE# $rac%er
(E' $racker:5 (E' key search machine
contains +4
7/25/2019 Ch3 Block Ciphers and DES_blackboard
33/37
Dultiple Encryption with (E'
*n 1+, >*'/ published the 5dvanced Encryption
'tandard !5E'# to replace (E'6
But users in commerce and finance are not ready to %iveup on (E'6
5s a temporary solution to (E'Ns security problem, one
may encrypt a messa%e !with (E'# multiple times usin%multiple keys:
1(E' is not much securer than the re%ular (E'
'o,
7/25/2019 Ch3 Block Ciphers and DES_blackboard
34/37
1(E'
$onsider 1(E' with two keys:
$ = E01!E0+!"##
(ecryption: " = (0+!(01!$##
0ey len%th: 4? 1 = ++1 bits
/his should have thwarted brute)force attacksO &ron%
7
7/25/2019 Ch3 Block Ciphers and DES_blackboard
35/37
Deet)in)the)Diddle 5ttack on 1(E'
1)(E': $ = E01!E0+!"##
2iven a known pair !", $#, attack as follows: Encrypt " with all 14?possible keys for 0+6
(ecrypt $ with all 14?possible keys for 016
*f E0+N!"# = (01N!$#, try the keys on another !"N, $N#6
*f works, !0+N, 01N# = !0+, 01# with hi%h probability6 /akes !14?# stepsG not much more than attackin% +)(E'6
74
E0+" $E01
7/25/2019 Ch3 Block Ciphers and DES_blackboard
36/37
76
( )( )
( )( )
1 2 1
1 2 1
1 2
" straightforward ip$eentation wou$d be :
: ( )
4n pra%ti%e : : ( )
"$so referred to as * en%r!ption
5eason : if , then
+*
+*(. with 2 'e!s
k k k
k k k
c E E E m
c E D E m
k k
=
=
=
g
1*.
hus, a +* software %an be used as a sing$e6*.
tandardi7ed in "N4 8.13 9 4O -3+2.
No pra%ti%a$ atta%'s are 'nown.
=
7/25/2019 Ch3 Block Ciphers and DES_blackboard
37/37
75
( )( )+ 2 1
1 +
1 2 +
n%r!ption: : ( ) .
4f , it be%oes +* with 2 'e!s.
4f , it be%oes the regu$ar *. o, it is ba%'ward %opatib$e with both +* with 2 'e!s
and
+*(. with + 'e!sk k k
c E D E m
k k
k k k
=
=
= =
the regu$ar *.
oe internet app$i%ations adopt +* with three 'e!s/
e.g. G and ;