block ciphers
TRANSCRIPT
Modern Block ciphers
A symmetric classification
1 …… 1 …… 0 …… 0 …… 0
E
1……... 1…….. 1……. 0……. 1
100110110100010111010010
E E E E
100110110100010111010010
110010011101010010001001
100110 110100 010111
E E E E
110010 011101 010010
… … … …
Stream cipher Block cipher
1100100111010100100010011
Stream cipher A stream cipher is a method of encrypting text (to produce ciphertext) in which a
cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time. This method is not much used in modern cryptography. A key stream generator produces a stream of keys which are then used with plaintext to form the cipher text. Example: one time pad, affine cipher.
keystream K1,K2,…,Kn
plaintext bits P1,P2,…,Pn
+ P1 K1,P2 K2,…,Pn Kn
ciphertext bits
Keystream
generator key
Advantage: -Less implementation cost. - stream ciphers work on only a few bits at a time that’s why they have relatively low memory requirements - It is suitable for H/W implementation. Disadvantage: - Stream ciphers are more difficult to implement correctly. - stream ciphers do not provide integrity protection or authentication. - As the stream ciphers are individually encrypted with not connection to other chunks of data, error correction are more difficult.
Block cipher
A block cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to a block of data at once as a group rather than to one bit at a time. Example : DES, Hill Cipher.
Advantage :
- It is used for S/W implementation.
- More suitable In trading applications.
- In the real world block ciphers seem to be more general
- It is some what faster than stream cipher each time n characters
executed.
Disadvantage:
- It’s required more memory space.
- required large number of coding for implementation.
block of ciphertext Encryption
algorithm
encryption key
block of plaintext
Block Cipher Principles
There are three critical aspects of block cipher design: Feistel Cipher Stractute, and Shannon Product Cipher.
Feistel Cipher Stracture
Number of Rounds:
The greater the number of rounds, the more difficult it is to perform cryptanalysis, even for a relatively weak F. In general, the criterion should be that the number of rounds is chosen so that known cryptanalytic efforts require greater effort than a simple brute-force key search attack. This criterion was certainly used in the design of DES.
Design of Function F:
The function F provides the element of confusion in a Feistel cipher. Thus, it must be difficult to"unscramble" the substitution performed by F.
Key Schedule Algorithm :
A final area of block cipher design, and one that has received less attention than S-box design, is the key schedule algorithm. With any Feistel block cipher, the key is used to generate one subkey for each round.
Shannon Product Cipher : Confusion and diffusion.
Components of modern block cipher A modern block cipher is made of a combination of transposition unit (Called P-box ) and substitution units (S-box) and some special operation. Shannon introduced idea of substitution-permutation (S-P) networks in 1949. In block ciphers, the S-boxes and P-Boxes are used to make the relation between the plaintext and the ciphertext difficult to understand
P-box: In cryptography, a permutation box (or P-box) is a method of bit-shuffling used to permute or transpose bits across inputs. P-boxes are typically classified as compression, expansion, and straight, according as the number of output bits is less than, greater than, or equal to the number of input bits. Only straight P-boxes are invertible.
1 2 3 4 5
1 2 3 4 5
1 2 3 4 5
1 2 3
1 2 3
1 2 3 4 5
S-box: The S-box can have different number of inputs and outputs. In other words, the input to an S-box could be an n-bit word, but the output can be an m bit word where n and m are not necessarily same. S box may be keyed or keyless .
0 1 2 3 4 5 6 7 8 9 A B C D E F
E 4 D 1 2 F B 8 3 A 6 C 5 9 0 7
Other operations:
Exclusive OR
Compliment
Inverse
Circular Shift
Swap
Split and Combine
Diffusion and Confusion Shannon’s idea in introducing the product cipher was enable the block ciphers to have two important properties: Diffusion and Confusion. Diffusion: Hide the relationship between the ciphertext and the plaintext. This will frustrated the adversary who uses ciphertext statistics to find the plaintext.
– Dissipate statistical structure of the plaintext into long-range statistics of the ciphertext
– Spread the statistics over a range of bits, i.e., let each part of the plaintext affect a large part of the ciphertext, thus making the statistical relationship as difficult as possible
– Control frequency analysis – Can be achieved by repeatedly performing some permutation followed by
applying a function to that permutation
• Confusion – Hide the relationship between the ciphertext and key as difficult as
possible – If a single bit in a key is changed, most or all bits in the ciphertext also
be changed – Control attempts to discover the key – Can be achieved by using a complex, non-linear, substitution operation
(S-box)
Motivation for Feistel cipher stricture -The Feistel cipher structure has the advantage that encryption and decryption operations are very similar, requiring only a reversal of key schedule. Therefore the size of the code to implement such cipher is nearly halved.
-Feistel construction is iterative on nature which makes implementing the cryptosystem in hardware easier.
-Feistel networks reversible in nature
-Feistel networks are combination of multiple rounds of repeat operation such as :
-Bit –Shuffling
-- Substitution box.
--Linear mixing (XOR operation)
Reversible Mapping
Plaintext Ciphertext
00 11
01 10
10 00
11 01
irreversible Mapping
Plaintext Ciphertext
00 11
01 10
10 00
11 01
Feistel Cipher Structure • German IBM cryptographer Horst Feistel invented the
feistel cipher
– based on concept of invertible product cipher
– Feistel cipher is a type of block cipher designed, not a
specific cipher.
• partitions input block into two halves
– process through multiple rounds(1,2,3,….n) which
– Divides the data in two halves
– perform a substitution on left data half
– based on round function of right half & subkey
– then have permutation swapping halves
• implements Shannon’s S-P net concept
Feistel Cipher The input to a feistel structure is a plaintext box of n bits and a key K. The input key is broken down into two halves, L0 and R0 . The two halves of the data pass through r rounds of processing and the combined to produce the ciphertext block. Each round i has input Li-1 and Ri-1 , derived from previous round, as well as a sub key k derived from the over all key K. In general, subkey ki is different from K and from each other. In this cipher, a substitution is performed via the round function F and permutation is performed that interchanges the two halves of data.
Feistel Cipher Structure
Encryption and decipher procedure 1. Divide the input into two halves(L0, R0) .The length of L0 and R0 will be
same.
2. For each round i=1,2,3……….n compute
Li=Ri-1
Ri= Li-1 + F(Ri-1 + Ki)
Where F is the round function and Ki is the subkey of the round i
3. Ciphertext C= (Ln, Rn)
Decipherment:
1. Start with the cipher text C=(Ln, Rn)
2. For each round i= n, n-1…….2,1
Ri-1 =L1
Li-1= Ri+ F(Li+Ki)
Where F is the round function and Ki is the subkey of the round i
3. Plaintext P=(L0, R0)
Feistel Cipher Decryption
Feistel Cipher Design Elements block size : Larger block sizes mean greater security (all other things being equal) but reduced encryption/decryption speed for a given algorithm. The greater security is achieved by greater diffusion Traditionally, a block size of 64 bits has been considered a reasonable tradeoff and was nearly universal in block cipher design.
Key size: Larger key size means greater security but may decrease encryption/decryption speed. The greater security is achieved by greater resistance to brute-force attacks and greater confusion. Key sizes of 64 bits or less are now widely considered to be insufficient, and 128 bits has become a common size.
Number of rounds: The essence of the Feistel cipher is that a single round offers insufficient security but that multiple rounds offer increasing security. A typical size is 16 rounds.
Subkey generation algorithm: Greater complexity in this algorithm should lead to greater difficulty of cryptanalysis.
Round function: the increased complexity in round function also enhance the difficulties against the attacks by cryptanalysis.
The Substitution-Permutation Network (SPN)
• Main attraction: Encryption and decryption easy to implement in hardware. Simple description as an iterated cipher.
• Plain text and cipher text : length lm
• Given an r bit key K, derive from it N + 1 keys K1, K2, … KN + 1, each lm bits long using key scheduling algorithm
• Fix a substitutions S
• Fix a permutation P
SPN Algorithm
• Encryption proceeds in N stages. • Stage Encryption proceeds in N stages. • Stage j encryption for j = 1 to N − 1:
X-or with subkey Kj
break into l-bit substrings and substitute each substring using πS
Permute the bits using πP
• Stage N encryption: X-or with subkey KN
break into l-bit substrings and substitute each substring using πS
X-or with KN+1
• First and last X-or are called Whitening.
SPN example (example 3.1, from Stinson’s book)
• l = m = N = 4; r = 32 (32 bit key). • Key scheduling: Given 32-bit key K,
K1 = bits 1–16 of K; K4 = bits 13–28 of K; K2 = bits 5–20 of K; K5 = bits 17–32 of K. K3 = bits 9–24 of K;
• πS:
0 1 2 3 4 5 6 7 8 9 A B C D E F E 4 D 1 2 F B 8 3 A 6 C 5 9 0 7
• πP :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1 5 9 13 2 6 10 14 3 7 11 15 4 8 12 16
K = 0011 1010 1001 0100 1101 0110 0011 1111
Round keys are as follow:
K1= 0011 1010 1001 0100
K2= 1010 1001 0100 1101
K3= 1001 0100 1101 0110
K4= 0100 1101 0110 0011
K5= 1101 0110 0011 1111
• Plain text
• x = 0010 0110 1011 0111
Encryption of x proceeds as follows:
w0 = 0010 0110 1011 0111
K1 = 0011 1010 1001 0100
u1 = 0001 1100 0010 0011
v1 = 0100 0101 1101 0001
w1 = 0010 1110 0000 0111
w1 = 0010 1110 0000 0111
K2 = 1010 1001 0100 1101
u2 = 1000 0111 0100 1010
v2 = 0011 1000 0010 0110
w2 = 0100 0001 1011 1000
SPN example pictorially
Advantage of SPN
• Design is simple for hardware as well as software
• Software implementation S-box is implemented in the form of look-up table
• Less development cost.
• Less computational cost.
Thank you