Embed Size (px)
Citation preview
Lecture 3Lecture 3
Feistel based algorithmsFeistel based algorithms
Today
1. Block ciphers - basis2. Feistel cipher3. DES4. DES variations5. IDEA5. NEWDES
Ideal Block Cipher
Source text
Ciphered text
SP - network
Feistel cipher
structure
DES• In 1972, the National Institute of Standards and Technology (called the
National Bureau of Standards at the time) decided that a strong cryptographic algorithm was needed to protect non-classified information.
• In 1974 IBM submitted the Lucifer algorithm, which appeared to meet most of NIST's design requirements.
• NIST enlisted the help of the National Security Agency to evaluate the security of Lucifer.
• DES is classic Feistel cipher with the n=64 bits. Unfortunately even that n is not real. In fact the algorithm use only 56 bits as key. The official explanation was that the 8-th bit from each byte is needed for parity check.
• One of the greatest worries was that the key length, originally 128 bits, was reduced to just 56 bits by NSA request, weakening it significantly.
• The modified Lucifer algorithm was adopted by NIST as a federal standard (see FIPS 46–2) on November 23, 1976. Its name was
changed to the Data Encryption Standard (DES).
• (a) twisted ladder (b) untwisted ladder
Li = Ri-1
Ri = Li-1 f (Ri-1, Ki)
Using DES CBC• In CBC mode (Cypher Block Chaining Mode), each ciphertext block βi is
combined using a XOR with the next input block αi+1. The following scheme is used:
We define a block with initial value V I = β0, and then the blocks are ciphered using the following equation
βi = eK (βi−1 α⊕ i ),(i ≥ 1)
using DES
•Usually OFB and CFB is used for 64 bits blocks but there is no problem in applying on the variable length k bits blocks where (1 ≤ k ≤ 64). •All four modes have both advantages and disadvantages. •A ECB and OFB changing a block from unencrypted input text αi will drive to modifications only to one encrypted output block βi. As we expected this may be a weakness from cryptanalytic point of view especially because the OFB modes is often used in securing satellite communication channels.
Using DES to MACDesigning a MAC using CBC.• We begin with an initial block filled with zeroes • Then the encrypted text β1 , β2 , . . . , βn is constructed using key K, ın
CBC mode, The MAC is represented by βn block as is presented in the figure.
• After that Alice will sent the message α1, α2, . . . , αn , associated with the βn MAC.
• When Bob receive the message α1, α2, . . . , αn , and also generate a β1 , . . . , βn using secret key K and checks if the resulted βn is identical with the message MAC.
• It is clear that without having the secret key it is almost impossible to generate the correct MAC
• The following figure sketches the computation of the CBC-MAC of a message comprising blocks using a secret key k and a block cipher E:
Triple DES (3DES)• Triple DES also known as 3DES or sometimes as DES − ede, is an
system based by DES. It was proposed by Walter Tuchman (the former chief of the Intel team that develop the DES) Was published in FIPS Pub 46−3.
• The idea is simple and use the following formula
where:m unencrypted pain text (64 bits),
c is the encrypted result ,k1 , k2, k3 are DES keys (de 56 bits),
DESk : DES encrypt using key k,DESk
−1: DES decript using key k.
schema
References• http://crypto.stackexchange.com/questions/245/does-unbalancing-a-feistel-cipher-alw
ays-improve-security-does-it-improve-securi• http://www.itl.nist.gov/fipspubs/fip81.htm• http://www.cacr.math.uwaterloo.ca/hac/
• http://williamstallings.com/OS4e.html• William Stallings, Cryptography and Network Security, Fourth Edition, 2005, Prentice
Hall• http://www.computersciencestudent.com/• http://williamstallings.com/Crypto/Crypto4e-inst.html• http://www.tropsoft.com/strongenc/des.htm• http://cryptodox.com/NewDES• http://en.wikipedia.org/wiki/Meet-in-the-middle_attack• Xuejia Lai and James L. Massey, A Proposal for a New Block Encryption Standard,
EUROCRYPT 1990, pp389–404
• Bruce Schneier, Applied Cryptography Second Edition John, Cryptography, Second Edition - John Wiley & Sons
• http://top-topics.thefullwiki.org/Broken_block_ciphers
Who knows? … about the real security of an algorithm!
