te/cs 536 network security spring 2006 – lectures 6&7 secret key cryptography
TRANSCRIPT
TE/CS 536 Network SecurityTE/CS 536 Network Security
Spring 2006 – Lectures 6&7Spring 2006 – Lectures 6&7
Secret Key Cryptography
Block Encryption - 1 Stream ciphers are not suitable for long messagesStream ciphers are not suitable for long messages Block ciphers convert block to another: one-to-Block ciphers convert block to another: one-to-
one reversible mappingone reversible mapping Long enough to avoid known-plaintext attackLong enough to avoid known-plaintext attack
64 bits – possible number of keys = ?64 bits – possible number of keys = ? 128 bits128 bits
Output should look randomOutput should look random No correlation between plaintext and No correlation between plaintext and
ciphertextciphertext
Block Encryption - 2
Substitution (creates confusion)Substitution (creates confusion) Permutation (creates diffusion)Permutation (creates diffusion)
Round: combination of substitution and Round: combination of substitution and permutation; do until a bit change can affect permutation; do until a bit change can affect every output bitevery output bit How many rounds? A few but not fewerHow many rounds? A few but not fewer
Block Cipher Scheme
Secret key
Plaintextblockof length N
Cipherblockof length N
Encrypt
Block Ciphers: modes
ECB: Electronic Code BookECB: Electronic Code Book Good for small messages, non-repeating blocksGood for small messages, non-repeating blocks
CBC: Cipher Block ChainingCBC: Cipher Block Chaining The cipher text i is XORed with message (i+1) The cipher text i is XORed with message (i+1)
before encryption.before encryption. CFB: Cipher FeedbackCFB: Cipher Feedback OFB: Output FeedbackOFB: Output Feedback
DES (Data Encryption Standard) Published in 1977, standardized in 1979.Published in 1977, standardized in 1979. Key: 64 bit quantity=8-bit parity+56-bit keyKey: 64 bit quantity=8-bit parity+56-bit key
Every 8Every 8thth bit is a parity bit. bit is a parity bit. 64 bit input, 64 bit output.64 bit input, 64 bit output.
DESEncryption
64 bit M 64 bit C
56 bits
DES Top View
LPT RPT
Permutation
Swap
Round 1
Round 2
Round 16
Generate keysInitial Permutation
48-bit K1
48-bit K2
48-bit K16
Swap 32-bit halves
Final Permutation
64-bit Output
48-bit K164-bit Input56-bit Key
…...
Initial Permutation -> LPT | RPT
5858 5050 4242 3434 2626 1818 1010 22 6060 5252 4444 3636 2828 2020 1212 44
6262 5454 4646 3838 3030 2222 1414 66 6464 5656 4848 4040 3232 2424 1616 88
5757 4949 4141 3333 2525 1717 99 11 5959 5151 4343 3535 2727 1919 1111 33
6161 5353 4545 3737 2929 2121 1313 55 6363 5555 4747 3939 3131 2323 1515 77
RPT Expansion Permutation (32-to-48)
…….
……..
1 2 3 4 5 32Input:
Output
0 0 1 0 1 1
1 2 3 4 5 6 7 8 48
1 0 0 1 0 1 0 1 1 0
Per-Round Key Generation
28 bits 28 bits
48 bitsKi
Oneround
Circular Left Shift Circular Left Shift
28 bits 28 bits
Permutationwith 8 bits Discard
Initial Permutation of DES key
C i-1 D i-1
C i D i
Round 1,2,9,16: single shiftOthers: two bits
A DES Round
48 bits
32 bits
32 bits Ln 32 bits Rn
32 bits Ln+1 32 bits Rn+1
Expand
S-Boxes
P
48 bitsKi
One RoundEncryption
FunctionF
The F Function
4444444 4
6666666 6
+ + +++ ++ +
6666666 6
S8S1 S2 S7S3 S4 S5 S6
4444444 4
PermutationThe permutation produces “spread” among the chunks/S-boxes!
Key is XORed in eight 6-bit chunks with the expanded permuted RPT
6-input bits used to select 4-output bits through an S-box
S-Box (Substitute and Shrink)
48 bits ==> 32 bits. (8*6 ==> 8*4)48 bits ==> 32 bits. (8*6 ==> 8*4) 2 bits used to select amongst 4 permutations 2 bits used to select amongst 4 permutations
for the rest of the 4-bit quantityfor the rest of the 4-bit quantity
2 bitsrow
S i
i = 1,…8.
I1I2I3I4I5I6
O1O2O3O4
4 bitscolumn
S1 box
0 1 2 3 4 5 6 7 8 9…. 15
0 14 4 13 1 2 15 11 8 3
1 0 15 7 4 14 2 13 1 10
2 4 1 14 8 13 6 2 11 15
3 15 12 8 2 4 9 1 7 5
Each row and column contain different numbers.
Example: input: 100110 output: ???
8 S-Boxes
Logic behind the selection of the S-Boxes Logic behind the selection of the S-Boxes remains unpublished secretremains unpublished secret
Is it a good idea technically to publish it?Is it a good idea technically to publish it?
Decryption
Apply the same operations with the same Apply the same operations with the same key Kkey Kii at each round: at each round: Input: RInput: Rn+1n+1|L|Ln+1n+1
Due to the “swap” operationDue to the “swap” operation
Output: ROutput: Rnn|L|Lnn
The swap operation at the end will produce the The swap operation at the end will produce the correct result: L|Rcorrect result: L|R
DES Standard
Cipher Iterative Cipher Iterative Action :Action : Input:Input: 64 bits64 bits Key:Key: 4848 bits bits Output:Output: 64 bits64 bits
Key Generation Key Generation Box :Box : Input:Input: 56 bits56 bits Output:Output: 4848 bits bits
One round (Total 16 rounds)
DES Summary
Simple, easy to implement:Simple, easy to implement: Hardware/gigabits/second, Hardware/gigabits/second,
software/megabits/secondsoftware/megabits/second 56-bit key DES may be acceptable for non-56-bit key DES may be acceptable for non-
critical applications but triple DES (DES3) critical applications but triple DES (DES3) should be secure for most applications todayshould be secure for most applications today
Supports several operation modes: ECB Supports several operation modes: ECB CBC, OFB, CFBCBC, OFB, CFB