1 / 24

Block Cipher

Block of Bits. KEY. Block of Bits. Block Cipher. Today’s most widely used ciphers are in the class of Block Ciphers Define a block of computer bits which represent several characters Encipher the complete block at one time. Algorithm. Modes of Operation.

jethro
Télécharger la présentation

Block Cipher

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Block of Bits KEY Block of Bits Block Cipher • Today’s most widely used ciphers are in the class of Block Ciphers • Define a block of computer bits which represent several characters • Encipher the complete block at one time Algorithm

  2. Modes of Operation • Before examining the details of any specific block cipher algorithm, it is useful to consider how such algorithms are used • There are 3 operational modes: • Electronic Code Book (ECB) • Cipher Block Chaining (CBC) • Output Feedback Mode (OFM) • These modes have become international standards for implementing any block cipher

  3. M1 M2 Mm Ek Ek Ek Key C1 C2 Cm Electronic Code Book • Simplest mode of operation • each block is enciphered into a ciphertext block using one key Problem: if Mi = Mj then Ci = Cj

  4. M1 M2 Mm Ek Ek Ek Key C1 C2 Cm Cipher Block Chaining • The input to each block stage is the current block XORed with the previous stage cipher block

  5. Mi KEY Ek Ri+1 Ri Ci Output Feedback Mode • The block cipher is used as a stream cipher • it produces the random key stream

  6. General Structure • In 1973, Feistel suggest a form of product cipher that has become the architecture of choice for almost all symmetric block ciphers in use today. • The overall process involves several stages of a substitution followed by a transposition. • The master key is subdivided into a set of subkeys – one for each stage. • At each stage the data block is divided into a left and a right segment, the segments are swapped, and one segment is mixed with subkey for that stage. • Another name for this type of cipher is a substitution-permutation (SP) cipher.

  7. Data Encryption Standard • In the mid-70’s the US government decided that a powerful standard cipher system was necessary. • The National Bureau of Standards put out a request for the development of such a cipher. • Several companies went to work and submitted proposals. The winner was IBM with their cipher system called Lucifer. • With some modifications suggested by the National Security Agency, in 1977, Lucifer became known as the Data Encryption Standard or DES. • It has since been replaced by the Advanced Encryption Standard (AES)

  8. Basic Structure • DES works on 64 bit blocks of plaintext using a 56 bit key to produce 64 bit blocks of ciphertext. • It is a substitution-permutation cipher with 16 SP stages. • The key for DES is an arbitrary 56 bit string of 0’s and 1’s • there are 256 possible strings (greater than 1016) • often it is given as a 7 letter word • DES expands this key to 64 bits by adding 8 additional 0’s and 1’s • bits 8, 16, 24, 32, 40, 48, 56, and 64 are added so that each 8 bit block has odd parity (odd number of 1’s) • the key is divided, shifted, and shuffled 16 times to form 16 different (but related) subkeys each of which is 48 bits long

  9. 64 bit key PC-1 28 bit D0 28 bit C0 Left Shift Left Shift 28 bit D1 28 bit C1 PC-2 K1 Left Shift Left Shift Key Generation • Each of the 16 stages uses a 48 bit subkey which is derived from the initial 64 bit key. • The key passes through a PC-1 block (Permuted Choice 1) which extracts the original 56 bits supplied by the user. • The 56 bits are divided into left and right halves. Each half is shifted left by 1 or 2 bit positions (it varies depending on the stage). • The new 56 bits are compressed using PC-2 (Permuted Choice 2) by throwing out 8 bits to create the 48 bit key for the given stage.

  10. DES Stages • Each stage of DES is performs the same set of operations using a different subkey acting on the output of the previous stage. • Those operations are defined in three “boxes” called the expansion box (Ebox), the substitution box (Sbox), and the permutation box (Pbox).

  11. Right 32 bits Left 32 bits Key E Box 56 bits 48 bits Key Box 48 bits 48 bits S Boxes 32 bits P Box XOR 32 bits XOR 32 bits 32 bits Example Stage The E-Box expands (from 32 to 48 bits) and permutates The E-Box output is XORed with part of the key There are 8 S-Boxes and each one accepts 6 bits of input and produces 4 bits of output The P-Box is a simple permutation Finally, the left side is XORed with the result and both sides are passed on to the next round

  12. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 Right 32 bits 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1 EBox E-Box • The EBox expands its 32-bit input into 48-bits by duplicating some of the input bits. Note the duplication

  13. Column 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 7 8 0 13 0 15 14 4 12 4 15 1 7 8 13 14 4 2 1 8 13 14 4 2 6 9 15 2 13 2 1 11 1 7 11 8 10 3 5 15 11 12 10 6 6 9 3 12 7 14 11 12 3 10 9 5 9 0 5 10 6 0 5 3 0 1 Row 2 3 S-Boxes • The SBoxes are the real source of the power of DES. • There are 8 different Sboxes • Each Sbox accepts 6-bits of input and produces 4-bits of output. • An Sbox has 16 columns and 4 rows where each element in the box is a 4-bit block usually given in its decimal representation.

  14. 10 5 5 15 3 0 13 1 14 7 8 4 14 11 7 10 15 6 4 11 2 3 8 13 4 1 14 9 5 12 7 8 0 2 1 12 10 13 6 9 12 6 3 9 0 5 11 2 Column 15 Row 0 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 10 0 1 2 9 13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 3 S2 Working with the S-Boxes • Each 6-bit input to an S-Box is divided into a row and a column index. • The row index is given by bits 1 and 6 and the bits 2 to 5 supply the column index. • The output of the S-Box is the value stored at the addressed row/column Input: 0 1 1 1 1 0 Output: 1 0 1 0

  15. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 SBox Outputs 32 27 3 9 19 13 30 6 22 11 4 25 PBox P-Box • After the S-Box operation there are just 32-bits remaining which are rearranged according to the permutation table:

  16. Final Step • The final operation places the original RHS 32-bits on the LHS and XORs the original LHS with the 32-bit output of the Pbox • This process is repeated 16 times using a different subkey each time

  17. Key2 Key3 Key1 D E E M DES Implementations • DES could be used in any one of the three standard block cipher implementation modes: OFM, CBC, or ECB. • However DES is no longer a secure cipher. • Hence, alternative implementations of DES have been suggested in an effort to improve its overall security. The most common is called Triple-DES. • Triple-DES comes in two versions, one uses three keys and the other only uses two keys. • The three key version first encrypts the message with Key1, decrypts the result with Key2, and finally encrypts that with K3 • The two key version uses the same steps where K3 = K1.

  18. S-DES • S-DES (Simplified-DES) was developed by Dr. Edward Schaefer at Santa Clara University in 1996. • It is simple enough so that you can explore the operation of DES and some of its weaknesses. • It operates on 8-bit data blocks (in other words, single characters) using a 10-bit key (only 210 = 1024 possibilities) and two stages

  19. Plaintext block 10 bit key 8 bits PC-1 IP D0 C0 Left Shift 2 bits Left Shift 1 bit Left Shift 1 bit Left Shift 2 bits L0 R0 D1 C1 K1 PC-2 F XOR XOR D2 C2 L1 R1 K2 PC-2 F L2 R2 IP-1 8 bits Ciphertext block S-DES Structure 1 2 3 4 5 6 7 8 2 6 3 1 4 8 5 7 • In spite of the simplifications, S-DES looks much like our basic DES. 1 2 3 4 5 6 7 8 4 1 3 5 7 2 8 6

  20. S-DES S-Boxes • The function F on the prior slide contains an EBox, PBox and 2 SBoxes (much like DES) • The two S-Boxes are given by: The input is a 4 bit value The first and last bits define the row The middle bits define the column The output is a 2 bit value

  21. S-DES Key Generation • The key generation mechanism begins with a 10-bit key which is permuted by PC-1 into the order 3 5 2 7 4 10 1 9 8 6. • It is separated into 2 five bit segments and each segment is left shift by one bit. • PC-2 selects and rearranges 8 bits from the two five bit segments – the bits in order are 6 3 7 4 8 5 10 9. The result is subkey 1. • The two segments are now left shifted twice and PC-2 is applied again to produce subkey 2.

  22. Status of DES • When IBM first proposed DES it had a 128 bit key • NSA required that the key be reduced to 56 bits • There have been several successful attacks on DES • June 1997: Using the internet 14,000 to 78,000 computers broke DES in 90 days • Jan 1998: Using the internet again it only took 39 days • July 1998: a $210,000 machine called deep crack was built and it broke DES in 56 hours

  23. Avalanche Condition • One of the most important strength criteria is the avalanche condition: there should be no correlation between any input bits or key bits and the output bits. • This is important because if someone started trying different keys, they should not be able to tell if they are close (within a few bits) to the actual key. • There are two versions of the avalanche condition: • Strict plaintext avalanche criterion (SPAC): each bit of the ciphertext block should change with the probability of one half whenever any bit of the plaintext block is complemented. • Strict key avalanche criterion (SKAC.) for a fixed plaintext block, each bit of the ciphertext block changes with a probability of one half when any bit of the key changes.

  24. DES Example Input: ...............................................................* 1 Permuted: .......................................*........................ 1 Round 1: .......*........................................................ 1 Round 2: .*..*...*.....*........................*........................ 5 Round 3: .*..*.*.**..*.*.*.*....**.....**.*..*...*.....*................. 18 Round 4: ..*.*****.*.*****.*.*......*.....*..*.*.**..*.*.*.*....**.....** 28 Round 5: *...**..*.*...*.*.*.*...*.***..*..*.*****.*.*****.*.*......*.... 29 Round 6: ...*..**.....*.*..**.*.**...*..**...**..*.*...*.*.*.*...*.***..* 26 Round 7: *****...***....**...*..*.*..*......*..**.....*.*..**.*.**...*..* Round 8: *.*.*.*.**.....*.*.*...**.*...*******...***....**...*..*.*..*... Round 9: ***.*.***...**.*.****.....**.*..*.*.*.*.**.....*.*.*...**.*...** Round 10: *.*..*.*.**.*..*.**.***.**.*...****.*.***...**.*.****.....**.*.. Round 11: ..******......*..******....*....*.*..*.*.**.*..*.**.***.**.*...* Round 12: *..***....*...*.*.*.***...****....******......*..******....*.... Round 13: **..*....*..******...*........*.*..***....*...*.*.*.***...****.. Round 14: *.**.*....*.*....**.*...*..**.****..*....*..******...*........*. Round 15: **.*....*.*.*...*.**.*..*.*.**.**.**.*....*.*....**.*...*..**.** Round 16: .*..*.*..*..*.**....**..*..*..****.*....*.*.*...*.**.*..*.*.**.* Output: ..*..**.*.*...*....***..***.**.*...*..*..*.*.*.**.*....*.*.*.**.

More Related