


Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A lecture note from cs 120/csci e-177: introduction to cryptography course. It focuses on private-key encryption schemes used in practice, specifically stream ciphers and block ciphers. The note covers the differences between them, their design principles, and the data encryption standard (des) as an example of a block cipher. It also discusses modes of operation and cryptanalysis of des.
Typology: Study notes
1 / 4
This page cannot be seen from the preview
Don't miss anything!



CS 120/CSCI E-177: Introduction to Cryptography
Salil Vadhan and Alon Rosen Nov. 7, 2006
Recommended Reading.
Essentially meant to be pseudorandom generators, used for stateful encryption. Examples: linear feedback shift registers (not secure, but used as component in better stream ciphers), RC4, SEAL, ... Extremely simple and fast Practical issues: can generate pseudorandom bits oine and decrypt very quickly without buering, but requires synchronization
For every key k ∈ { 0 , 1 }n, Ek : { 0 , 1 }^ → { 0 , 1 }^ is a permutation, and both Ek and E k−^1 can be computed quickly given k. (n=key length, ` = block length) Examples: DES, AES/Rijndael, IDEA, ... Main tools for private-key encryption in practice. Have both stateless modes and stateful/stream-like modes.
More of an art than science. Intuition/experience of designers, public critique important.
Diusion: have each output bit aected by many input bits, each input bit inuence many output bits often achieved by repeating many rounds that involve swapping bits. Confusion: avoid structured relationships (especially linearity) between input and out- put/key that are exploited in known attacks. Output should be random-looking, have good statistical properties. Simplicity. Eciency extremely fast in hardware & software on wide variety of platforms.
(0 , r 0 ) ∈ { 0 , 1 }^32 × { 0 , 1 }^32 is xed permutation of bit positions of m. (i, ri) = (ri− 1 , `i− 1 ⊕ fki− 1 (ri− 1 )). Feistel transformation Subkey ki− 1 ∈ { 0 , 1 }^48 consists of xed permuted subset of bits of k. Computation of round function fk(r): ∗ r ∈ { 0 , 1 }^32 expanded to E(r) ∈ { 0 , 1 }^48 by repeating some bits and permuting bits. ∗ E(r) ⊕ k broken into 6-bit blocks B 1 ,... , B 8. ∗ Cj = Sj (Bj ) for hardwired S-box Sj : { 0 , 1 }^6 → { 0 , 1 }^4. (Main source of DES's security.) ∗ fk(r) = xed permutation of bits of C 1 · · · C 8.
∗ Sometimes, next word formed by a left-shift and S-box applied to entries of previous word.
Protection against known attack methods (e.g. linear and dierential cryptanalysis). Eciency (hardware and software) on wide range of platforms. Simplicity.
Eciency provable constructions much slower (modular arithmetic), require larger keys. For a key length k, the security of block ciphers seem to grow like Θ(2k) and the security of provable number-theoretic constructions seems to grow like 2 Θ(k 1 / (^3) )
History block ciphers standardized before modern cryptography developed (in contrast to public-key crypto).
How can we bridge the gap?