Slide an toàn và hệ thống bảo mật thông tin chapter 4 cryptography symmetric modern dec
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1019.09 KB, 41 trang )
.c
om
cu
u
du
o
ng
th
an
co
ng
SYMMETRIC CIPHERS
CuuDuongThanCong.com
/>
.c
om
Contents
Block Cipher Principles
2)
Feistel Cipher
3)
Data Encryption Standard (DEC)
cu
u
du
o
ng
th
an
co
ng
1)
CuuDuongThanCong.com
/>
.c
om
ng
CRYPTOLOGY
an
co
CRYPTOGRAPHY
Transposition
ng
du
o
u
Substitution
ASYMMETRIC
MODERN
Block ciphers
cu
CLASSICAL
th
SYMMETRIC
CRYPTANALYSIS
Stream ciphers
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
1. Block Cipher Principles
CuuDuongThanCong.com
/>
.c
om
Stream Ciphers and Block Ciphers
A stream cipher is a type pf symmetric encryption in which input data is
cu
u
du
o
ng
th
an
co
ng
encrypted one bit (byte) at a time.
CuuDuongThanCong.com
/>
.c
om
Stream Ciphers and Block Ciphers
Block Ciphers is one in which the plaintext is divided in blocks and one
cu
Block size?
u
du
o
ng
th
an
co
ng
block is encrypted at a time producing a ciphertext of equal length
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
2. Feistel Cipher
CuuDuongThanCong.com
/>
.c
om
The Feistel Cipher
Horst Feistel devised the feistel cipher
co
ng
Most symmetric block ciphers are based on a feistel cipher structure.
an
Feistel proposed the use of a cipher that alternates substitutions and
ng
th
permutations, where these terms are defined as follows:
du
o
Substitution: Each plaintext element or group of elements is uniquely replaced
cu
u
by a corresponding ciphertext element or group of elements
Permutation: A sequence of plaintext elements is replaced by a permutation of
that sequence
CuuDuongThanCong.com
/>
.c
om
Feistel Cipher Structure
ng
The Plaintext block: 2w bits
co
The plaintext block is divided into two halves,
th
an
L0 and R0.
du
o
ng
L, R pass through n rounds of processing and
u
then combine to produce the ciphertext block.
cu
Each round i (1->16):
CuuDuongThanCong.com
/>
.c
om
Feistel Cipher Principles
The exact realization of a Feistel network depends on the choice of the
co
ng
following parameters and design features:
th
an
Block size: Larger block sizes mean greater security but reduced
du
o
ng
encryption/decryption speed for a given algorithm.
Key size: Larger key size means greater security but may decrease
cu
u
encryption/decryption speed.
Number of rounds: increase number improves security, but slows cipher
CuuDuongThanCong.com
/>
.c
om
Feistel Cipher Principles (cont.)
Subkey generation algorithm: Greater complexity in this algorithm
co
ng
should lead to greater difficulty of cryptanalysis.
th
an
Round function F: greater complexity generally means greater resistance
cu
u
du
o
ng
to cryptanalysis.
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
Feistel decryption algorithm
CuuDuongThanCong.com
/>
.c
om
Feistel decryption algorithm
ng
cu
u
du
o
On the decryption side
th
an
co
ng
Consider the encryption process
CuuDuongThanCong.com
/>
u
cu
Thus, we have:
du
o
ng
th
an
co
ng
The XOR has the following properties:
.c
om
Feistel decryption algorithm
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
Feistel Example
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
3. Data Encryption Standard - DEC
CuuDuongThanCong.com
/>
.c
om
Data Encryption Standard - DEC
The Data Encryption Standard (DES) is a symmetric-key block cipher
co
ng
published by the National Institute of Standards and Technology (NIST).
th
an
A block cipher
u
long.
du
o
ng
Data Encrypted in 64-bits blocks using a 56-bit key; ciphertext is of 64-bit
cu
Number of rounds: 16
CuuDuongThanCong.com
/>
.c
om
ng
co
an
th
ng
du
o
u
cu
CuuDuongThanCong.com
/>
.c
om
Description
The 64-bit plaintext passes through an initial permutation (IP) that rearranges the
co
ng
bits to produce the permuted input.
an
Sixteen rounds of the same function, which involves both permutation and
th
substitution functions. The output of the last (sixteenth) round consists of 64 bits
du
o
ng
that are a function of the input plaintext and the key. The left and right halves of
u
the output are swapped to produce the preoutput.
cu
Finally, the preoutput is passed through the inverse of the initial permutation
function, to produce the 64-bit ciphertext
CuuDuongThanCong.com
/>
.c
om
Initial Permutation (IP)
du
o
ng
th
an
co
ng
The ouput bit-1 for example is the input bit 58
cu
u
Find the output of the initial permutation box when the input is given in
hexadecimal as: 0x0002 0000 0000 0001
CuuDuongThanCong.com
/>
u
du
o
ng
th
an
co
ng
.c
om
Inverse Initial Permutation (IP-1)
cu
Find the output of the inverse initial permutation box when the input is given in
hexadecimal as: 0x0000 0080 0000 0002
CuuDuongThanCong.com
/>
.c
om
Details Of single round
The left and right halves of each 64-bit
are
treated
as
ng
value
co
intermediate
an
separate 32-bit quantities, labeled L
cu
u
du
o
ng
th
(left) and R (right)
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
Expansion Permutation: 32bit → 48 bit
.c
om
E table
CuuDuongThanCong.com
/>
.c
om
Details Of single round (cont.)
After the expansion permutation, DES uses the XOR operation on the
cu
u
du
o
ng
th
an
co
ng
expanded right section and the round key
CuuDuongThanCong.com
/>
.c
om
S-Boxes
ng
Input: 6-bit
co
Output: 4-bit
th
an
The 48-bit data from the second operation is divided into eight 6-bit chunks,
cu
u
du
o
ng
and each chunk is fed into a box. The result of each box is a 4-bit chunk
CuuDuongThanCong.com
/>
