Block ciphers
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (5.4 MB, 41 trang )
Block ciphers
Product ciphers
¢ ‘Product’ = permutation + substitution.
¢ Iterated cipher = many rounds
— Key schedule:
¢ Key K 1s used to construct Nr round keys (subkeys)
K;,..., Ky.
— Round function g:
¢ state, = g(state,,, K,).
¢ state, = x.
The Encryption and Decryption
Encryption
9
Decryption
-
tp g(wđ, K')
wt!
c
g
â
g
l
KT)
to g(te`, K?)
wprt-!
g(wht-2,
A Nt1)
Tàn Sài
yw,
tD
1
~1/..2
(to
xì
772
tơ” <— go *(w', K*)
ze
w”,
)
=
|
Substitution-permutation
network
IIL LỊL
s
ta
K
tty THỊ
He |
Ls
Attacks on block ciphers
¢ Linear cryptanalysis
¢ Differential cryptanalysis
¢ (self-reading)
The Data Encryption Standard
(DES)
History of DES
¢ May 1973, the National Institute of Standards
and Technology (NIST) published a
solicitation for cryptosystems
¢ The Data Encryption Standard (DES), first
version in 1975, developed by IBM, then
became the standard in 1977.
¢ DES was used for 20 years until AES appeared.
DES description
¢ A type of iterated cipher.
¢ Block length:
— Plaintext: 64 bits,
— key: 56 bits,
— Ciphertext :64 bits.
¢ Steps:
— Initial permutation (IP)
— 16 rounds of transformations
— Inverse permutation (TP!)
DES—encryption process
INPUT
|
|
|
lk2
L~£I
T
x
Lis = Ald
[
%2z:Lixttanl2
`
SS?
|
|
RLS = Luton
S«——š=<——
*
PRE OUTPUT
|
Y
E6 « L15[+‡#[ K15)té
|
|
|
Kats
Y
Lis = Ris
|
finer J] › 2
ay,
”
'
INVERSE INITIAL PERMUTATION
4t~
]
|
1"
C a
DES~!|
> P
INVERSE INITIAL PERMUTATION
~~
DES—encryption process
11
DES—lnitial permutation (IP)
IP
58
60
62
64
57
59
61
63
50
52
54
56
49
51
53
55
42
44
46
48
41
43
45
47
IP1
34
36
38
40
33
35
37
39
26
28
30
32
25
27
29
31
18
20
22
24
17
19
21
23
10
12
14
16
9
11
13
15
2
4
6
8
1
3
5
7
40
39
38
37
36
35
34
33
8
7
6
5
4
3
2
|
48
47
46
45
44
43
42
41
16
15
14
13
12
II
10
9
56 24
55 23
54 22
33 21
52 20
51 19
50 18
49 17
64 32
63 31
62 30
61 29
60 28
59 27
58 26
57 25
12
DES—encryption process
|
Lis = Ald
|
|
>
RLS = Luton
S«——š=<——
*
PRE OUTPUT
|
Ỳ
Pld = L15[+[ K13)\$
|
|
|
Kats
Y
Llý - Rs
|
,
'
|
INVERSE INITIAL PERMUTATION
OUTPUT
13
DES—each
Li
iteration
Ri
K,
>
L
LER,„,
9
R,
REL;¡®Íf(R;¡,K;)
14
R G2 BITS
E extension
32
1
45
8 9
12 13
16 17
20 21
24 25
28 29
2
3
4
s
67
8
9
10 11
12
13
14 15
16
17
18 19 20 21
22 23 24 25
26 27 28 29
30 31
32
1
DES—f function
P permutation
16
29
1
5
2
32
19
22
7
12
15
18
8
27
13
11
20 21
28 17
23 26
31 10
24 14
3 9
30 6
4 25
15
DES—S boxes
For each S box: 6 bits > 4 bits. An S box is a 4x16 array:
*6 bits (b,b,b,b,b;b,) are divided into 2-bit (b,b,) row number,
°4-bit (b,b,b,b;) column number, the output is the value
corresponding
bits).
Sl box:
S2 box:
to the (row, column) value, which 1s from 0 to 15 (4
|14 413 12 1511 8310612590
7
015
7 414 213 110 612 119 53 8
4 114 813 62 1115129
731050
15 128 24 91 75 113 1410 06 13
15 1ã 146
3.134 715
01471110
13 810 13
113 49 72 1I312
28 1412 01106
413 15 812 69
154 211 67120
05 10
911 5
32 15
514 9
16
PERMUTED
ineur
|
Y
Lo
| |
Vv
oe
Me
L....
|
L~£I
|
Lis = Ald
Y
FO
|
RLS = Luton
S«——š=<——
*
PRE OUTPUT
|
Pld = L15[+[ K13)\$
|
|
|
\
-
K2
[z= Son Ki2
|
-
-~
X—=———=>
Ỳ
£
a)
DES—encryption process
|
Kats
Y
Llý - Rs
|
,
'
|
INVERSE INITIAL PERMUTATION
OUTPUT
17
DES— computation of key schedule
K
(64 bits)
TT
(PC-1
Actual key is 64 bits, of which 56 bits are
|}
key and 8 bits are parity-check, in the
?
positions 8,16,24,..., 64.
(28 bits) ~y—~ (28 bits)
Ca
|
LS,
C,
Dạ
J
LS,
+
+
D,
‡
Ỉ
LS,
ì
L—
LS4¢
:
Cig
LS, represents a cyclic shift (to the left)
of one position if i=1,2,9,or 16 or two
positions, otherwise.
>
PC-2; K,
LS,
đ
e
`
ỡ
'
LSiÂ
J
Dig
"_PC-2; Kg
18
DES— computation of key schedule (cont.)
PC-1
PC-2
(64 bits> 56 bits)
537
1
10
19
63
7
14
21
49 41
58 50
2 59
11
3
55 47
62 54
6 61
13
5
33 25
17
42 34 26
51 43
35
60 52 44
39 31
23
46 38 30
53 45
37
28 20
12
Note: removing bit 8,16,...,64
(56 bits>48 bits)
9
18
27
36
15
22
29
4
14
3
23
16
41
30
44
46
17
11
28
15
19
12
7 27
52 31
40 51
49 39
42 50
24
1
5
6 21
10
4 26
8
20
13
2
37 47 55
45
33 48
56 34 53
36 29 32
Note: removing bit
9,18,22,25,35,38,43,54
19
Analysis of DES
¢ The decryption of DES 1s the exact same as the
encryption, but with the 16 sub-keys reversed.
¢ Problem is that key length is too short.
— Easy to be broken by exhaustive key search, e.g., “DES
challenge III” finds the DES key in 22 hours, 15
minutes, in 1999.
— Easy to be broken by differential cryptanalysis and
linear cryptanalysis.
20
