Block Ciphers and Data Encryption Standard-Network Security-Lecture Slides, Slides of Cryptography and System Security

This lecture was delivered by Prof. Adityavardhana Gavde at Ankit Institute of Technology and Science. It is part of series lecture on Network Security course. It includes: Network, Security, Block, Cipher, Data, Encryption, Standard, Symmetric, Key, Invertible, Length

Typology: Slides

2011/2012

Uploaded on 07/23/2012

pararijka
pararijka 🇮🇳

4.5

(4)

90 documents

1 / 33

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
NetworkSecurity
(Lec 6)
(BlockCiphers&DataEncryption
Standard)
docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21

Partial preview of the text

Download Block Ciphers and Data Encryption Standard-Network Security-Lecture Slides and more Slides Cryptography and System Security in PDF only on Docsity!

Network^ Security(Lec 6)(Block Ciphers^ &^ Data

Encryption Standard)

Modern^ (Digital)

Cryptography

^ With^ the^ advent^ of^ digital

computers,^ research^ and development^ into^ methods

of^ digital^ cryptography

started^ (in the^ 70’s)  Modern^ digital^ ciphers

operate^ on^ binary^ (plaintext)

data using^ a^ binary^ key^ to^ generate

binary^ ciphertext ^ There^ are^ two^ general

types^ of^ modern^ digital

ciphers: ^ Block^ ciphers^ (e.g.,^ DES,

KASUMI^ and^ Rijndael) ^ Stream^ ciphers^ (e.g.,

RC4,^ A5^ and^ E0)

Block^ Ciphers  Let P denote the set of^ all^ possible^ plaintext^ symbols,

C denote^ the^ set^ of all^ possible^ ciphertext^ symbols,

and^ K denote^ the^ set^ of^ all

possible^ keys (the^ keyspace )  A^ symmetric‐key^ block^ cipher

E^ is^ a^ function: ^ E^ :^ P x^ K^ ‐>^ C ^ Moreover,^ for^ every^ key^

k^ in^ K^ ,^ we^ have^ invertible^ functions ^ E^ :^ P^ ‐>^ CK^ ^ D^ :^ C‐>^ PK^ ‐^1 ^ and^ D^ =^ E^ .K^ K  In^ other^ words,^ the^ key^ determines

the^ bijective^ mapping^ of^ plaintext

to ciphertext^ and^ also^ determines

the^ inverse^ mapping^ of^ ciphertext

to plaintext

Block^ Cipher

Principles

A^ block^ cipher^ operated

on^ a^ plaintext^ block

of^ n

bits^ to^ produce^ a^ ciphertext block

of^ n^ bits.

n^ There are 2 possible

different^ plaintext

blocks^ and

for^ the^ encryption

to^ be^ reversible^ ,^ each

must

produce^ a^ unique^

ciphertext block,^ called

reversible

or^ non‐singular.

Block^ Ciphers

Principles

Block^ and^ Key

Size/Length

^ If^ the^ key^ is^ fixed,^ and^ hence

determines^ a^ specific^ mapping,

the^ block cipher^ can^ be^ considered^ simply

as^ a^ large^ lookup‐table^ (substitution cipher)  In^ particular,^ identical^ plaintext

blocks^ encrypt^ to^ identical

ciphertext blocks  Since^ modern^ ciphers^ are^ implemented

on^ digital^ systems,^ it^ is^ common

to measure^ block^ sizes^ in^ bits  We^ say^ that^ a^ block^ cipher^

has^ a^ block^ size^ (or^ block^ length

) of^ m^ bits, which^ means^ that^ |P|^ =^ |C|

m = 2 ^ Similarly^ We^ say^ that^ a^ block

cipher^ has^ a^ key^ size^ (or^ key

length ) of^ k^ bits, k which means that |K| = 2

Block^ Ciphers:

Problems

Another^ problem

is^ that^ if^ an^ attacker

correctly^ guesses

the^ plaintext^ that

corresponds^ to^ some

ciphertext^ then^ he

can

build^ a^ lookup‐table

of^ plaintext‐ciphertext

pairs^ corresponding

to^ a^ particular^ key,

known

as^ a^ codebook Codebooks^ can^ be

used^ to^ decrypt^

ciphertext

blocks^ without^ knowledge

of^ the^ key

Block^ Ciphers:

The^ solution

^ Both^ problems^ are^ solved

by^ increasing^ the^ block

length,^ and thus^ increasing^ the^ number

of^ possible^ messages.^

If^ n^ is sufficiently^ large,^ and^ an

arbitrary^ reversible^ substitiution between^ plaintext^ and

ciphertext is^ allowed^ ,

then^ statistical analysis^ is^ infeasible.  It^ also^ becomes^ impractical

for^ an^ attacker^ to^ build

plaintext‐ ciphertext codebooks  Typically^ the^ message^ block

length^ m^ would^ be^ at^ least^64 bits (^64) (2 =^ 18446744073709551616)

A^ simple^ block

cipher

-^ Except^ for^ small^ message

block^ or^ key^ lengths,

it^ is

infeasible^ for^ the^ block

cipher^ designer^ to^ explicitly

specify^ a^ plaintext^ to

ciphertext^ mapping^

for^ every

possible^ key:^ this^ would

k^ be like specifying 2

codebooks

-^ It^ is^ far^ more^ practical

to^ specify^ the^ block^

cipher^ as^ an

equation^ or^ an^ algorithm • So^ for^ example,^ a^ simple

block^ cipher^ with^ parameters

( m , k )^ =^ (64,64)^ might

be^ specified^ by:C = P K P = C K

Another^ simple

block^ cipher

^ The^ problem^ with^ the

previous^ simple^ block^

cipher^ is^ that^ it^ is trivially^ broken^ with^ one

known^ plaintext^ by^ K^ =

P^ C

^ This^ block^ cipher^ is^ weak

because^ it^ is^ purely^ linear

and^ thus easily^ solvable  By^ using^ both^ linear^ and

nonlinear^ operations^ we

make^ the block^ cipher^ somewhat

more^ difficult^ to^ manipulate

by^ simple algebra  So^ for^ example,^ a^ slightly

better^ idea^ would^ be^ the

( m , k )^ = (64,128)^ block^ cipher:  C^ =^ (P^ K^0

)^ +^ K
^ P^ =^ (C^ – K
)^ K 10

^ where^ K0and^ K^

are^ key‐dependent^ variables 1

called subkeys  In^ this^ case,^ each^ subkey

is^ half^ of^ the^ key^ K,^ and

thus^ has length^64 bits

Confusion^ and

Diffusion

^ The^ mixture^ of^ linear^ and

non‐linear^ operations^ makes

it^ difficult^ to express^ the^ key^ in^ terms^ of

the^ plaintext^ and^ ciphertext

blocks,^ thus preventing^ a^ simple^ known

plaintext^ attack ^ The^ idea^ of^ mixing^ linear

and^ nonlinear^ operations^ in

order^ to^ obscure^ the relationship^ between^ the^ plaintext,

ciphertext^ and^ key,is^ called

confusion and^ is^ an^ important^ principle

of^ cipher^ design ^ An^ equally^ important^ principle

of^ block^ cipher^ design^ is^ that

of^ diffusion , i.e.,^ the^ idea^ that^ every^ bit^

of^ the^ ciphertext^ should^ depend

on^ every^ bit^ of the^ plaintext^ and^ also^ every

bit^ of^ the^ key ^ This^ ensures^ that^ the^ statistics

of^ the^ plaintext^ are^ dissipated

within^ the ciphertext^ so^ that^ an^ attacker

cannot^ predict^ the^ plaintext

that corresponds^ to^ a^ particular

ciphertext,^ even^ after^ observing

a^ number^ of “similar”^ plaintexts^ and^ their

corresponding^ ciphertexts

Iterated^ ciphers  A simple method^ of^ achieving^ confusion

and^ diffusion^ in^ a block^ cipher^ is^ by^ repeatedly

applying^ keyed^ substitutions

and permutations^ to^ the^ message  The^ substitutions^ are^ used

to^ introduce^ nonlinearity

into^ the message^ (confusion)^ and

the^ permutations^ are^ required^ to ensure^ that^ bits^ are^ affected

by^ different^ substitutions

on subsequent^ iterations^ (diffusion) ^ A^ block^ cipher^ based

on^ this^ principle^ is^ called

an^ iterated cipher

Iterated^ ciphers  By iterating the round^ function^ a^ fixed

number^ of^ times^ we automatically^ obtain^ some

security^ as^ a^ consequence

of^ the fact^ that,^ after^ each^ iteration

(or^ round ),^ the^ output

bits become^ increasingly^ dependent

on^ the^ input^ bits ^ We^ can^ use^ different

subkeys^ in^ each^ iteration

so^ that,^ for^ a^4 ‐ round^ block^ cipher,^ the

encryption^ function^ becomes: ^ C^ =^ E(P,K)

=^ ((((P,K),K),K^12
),K) 34

^ Similarly,^ decryption

would^ be^ achieved^ by: ^ P^ =^ D(C,K)

–1–1–1–1 = ((((C,K
),K),K),K) 4321

^ where,^ for^ a^ fixed

–1^ K, is^ the^ inverse^ function

of^  docsity.com

Example:^ Iterated

Ciphers

Data^ (Plaintext)RoundSubkey^1 FunctionRoundSubkey^2 Function… Data^ (Ciphertext)

IteratedBlock^ CipherKeyKeySchedule^