TE/CS 536 Network SecurityTE/CS 536 Network Security

Spring 2006 – Lectures 6&7Spring 2006 – Lectures 6&7

Secret Key Cryptography

Block Encryption - 1 Stream ciphers are not suitable for long messagesStream ciphers are not suitable for long messages Block ciphers convert block to another: one-to-Block ciphers convert block to another: one-to-

one reversible mappingone reversible mapping Long enough to avoid known-plaintext attackLong enough to avoid known-plaintext attack

64 bits – possible number of keys = ?64 bits – possible number of keys = ? 128 bits128 bits

Output should look randomOutput should look random No correlation between plaintext and No correlation between plaintext and

ciphertextciphertext

Block Encryption - 2

Substitution (creates confusion)Substitution (creates confusion) Permutation (creates diffusion)Permutation (creates diffusion)

Round: combination of substitution and Round: combination of substitution and permutation; do until a bit change can affect permutation; do until a bit change can affect every output bitevery output bit How many rounds? A few but not fewerHow many rounds? A few but not fewer

Block Cipher Scheme

Secret key

Plaintextblockof length N

Cipherblockof length N

Encrypt

Block Ciphers: modes

ECB: Electronic Code BookECB: Electronic Code Book Good for small messages, non-repeating blocksGood for small messages, non-repeating blocks

CBC: Cipher Block ChainingCBC: Cipher Block Chaining The cipher text i is XORed with message (i+1) The cipher text i is XORed with message (i+1)

before encryption.before encryption. CFB: Cipher FeedbackCFB: Cipher Feedback OFB: Output FeedbackOFB: Output Feedback

DES (Data Encryption Standard) Published in 1977, standardized in 1979.Published in 1977, standardized in 1979. Key: 64 bit quantity=8-bit parity+56-bit keyKey: 64 bit quantity=8-bit parity+56-bit key

Every 8Every 8thth bit is a parity bit. bit is a parity bit. 64 bit input, 64 bit output.64 bit input, 64 bit output.

DESEncryption

64 bit M 64 bit C

56 bits

DES Top View

LPT RPT

Permutation

Swap

Round 1

Round 2

Round 16

Generate keysInitial Permutation

48-bit K1

48-bit K2

48-bit K16

Swap 32-bit halves

Final Permutation

64-bit Output

48-bit K164-bit Input56-bit Key

…...

Initial Permutation -> LPT | RPT

5858 5050 4242 3434 2626 1818 1010 22 6060 5252 4444 3636 2828 2020 1212 44

6262 5454 4646 3838 3030 2222 1414 66 6464 5656 4848 4040 3232 2424 1616 88

5757 4949 4141 3333 2525 1717 99 11 5959 5151 4343 3535 2727 1919 1111 33

6161 5353 4545 3737 2929 2121 1313 55 6363 5555 4747 3939 3131 2323 1515 77

RPT Expansion Permutation (32-to-48)

…….

……..

1 2 3 4 5 32Input:

Output

0 0 1 0 1 1

1 2 3 4 5 6 7 8 48

1 0 0 1 0 1 0 1 1 0

Per-Round Key Generation

28 bits 28 bits

48 bitsKi

Oneround

Circular Left Shift Circular Left Shift

28 bits 28 bits

Permutationwith 8 bits Discard

Initial Permutation of DES key

C i-1 D i-1

C i D i

Round 1,2,9,16: single shiftOthers: two bits

A DES Round

48 bits

32 bits

32 bits Ln 32 bits Rn

32 bits Ln+1 32 bits Rn+1

Expand

S-Boxes

P

48 bitsKi

One RoundEncryption

FunctionF

The F Function

4444444 4

6666666 6

+ + +++ ++ +

6666666 6

S8S1 S2 S7S3 S4 S5 S6

4444444 4

PermutationThe permutation produces “spread” among the chunks/S-boxes!

Key is XORed in eight 6-bit chunks with the expanded permuted RPT

6-input bits used to select 4-output bits through an S-box

S-Box (Substitute and Shrink)

48 bits ==> 32 bits. (8*6 ==> 8*4)48 bits ==> 32 bits. (8*6 ==> 8*4) 2 bits used to select amongst 4 permutations 2 bits used to select amongst 4 permutations

for the rest of the 4-bit quantityfor the rest of the 4-bit quantity

2 bitsrow

S i

i = 1,…8.

I1I2I3I4I5I6

O1O2O3O4

4 bitscolumn

S1 box

0 1 2 3 4 5 6 7 8 9…. 15

0 14 4 13 1 2 15 11 8 3

1 0 15 7 4 14 2 13 1 10

2 4 1 14 8 13 6 2 11 15

3 15 12 8 2 4 9 1 7 5

Each row and column contain different numbers.

Example: input: 100110 output: ???

8 S-Boxes

Logic behind the selection of the S-Boxes Logic behind the selection of the S-Boxes remains unpublished secretremains unpublished secret

Is it a good idea technically to publish it?Is it a good idea technically to publish it?

Decryption

Apply the same operations with the same Apply the same operations with the same key Kkey Kii at each round: at each round: Input: RInput: Rn+1n+1|L|Ln+1n+1

Due to the “swap” operationDue to the “swap” operation

Output: ROutput: Rnn|L|Lnn

The swap operation at the end will produce the The swap operation at the end will produce the correct result: L|Rcorrect result: L|R

DES Standard

Cipher Iterative Cipher Iterative Action :Action : Input:Input: 64 bits64 bits Key:Key: 4848 bits bits Output:Output: 64 bits64 bits

Key Generation Key Generation Box :Box : Input:Input: 56 bits56 bits Output:Output: 4848 bits bits

One round (Total 16 rounds)

DES Summary

Simple, easy to implement:Simple, easy to implement: Hardware/gigabits/second, Hardware/gigabits/second,

software/megabits/secondsoftware/megabits/second 56-bit key DES may be acceptable for non-56-bit key DES may be acceptable for non-

critical applications but triple DES (DES3) critical applications but triple DES (DES3) should be secure for most applications todayshould be secure for most applications today

Supports several operation modes: ECB Supports several operation modes: ECB CBC, OFB, CFBCBC, OFB, CFB