7. Modern Techniques. Data Encryption Standard (DES)

Transcription

1 7. Moder Techiques. Data Ecryptio Stadard (DES) The objective of this chapter is to illustrate the priciples of moder covetioal ecryptio. For this purpose, we focus o the most widely used covetioal ecryptio algorithms: the Data Ecryptio Stadard (DES). Although umerous covetioal ecryptio algorithms have bee developed sice the itroductio of DES, it remais the most importat algorithm. Further, a detailed study of DES provides a uderstadig of the priciples used i other covetioal ecryptio algorithms. Compared to public-key ecryptio schemes such as RSA, the structure of DES, ad most covetioal ecryptio algorithms, is very complex ad caot be explaied as easily as RSA ad similar algorithms. Accordigly, we begi with a simplified versio of DES. This versio allows the reader to perform ecryptio ad decryptio by had ad gai a good uderstadig of the workig of the algorithm details. Classroom experiece idicates that a study of this simplified versio ehaces uderstadig of DES. Simplified DES Simplified DES is a educatioal rather tha a secure ecryptio algorithm. It has similar properties ad structure to DES with much smaller parameters. It was developed by rofessor Edward Schaefer of Sata Clara Uiversity. Overview Figure 7.. illustrates the overall structure of the simplified DES, which we will refer to as S- DES. The S-DES ecryptio algorithm takes a -bit block of plaitext ad a 0-bit key as iput ad produces a -bit block of ciphertext as output. The S-DES decryptio algorithm takes a -bit block of ciphertext ad the same 0-bit key used to produce that ciphertext as iput ad produces the origial -bit block of plaitext. The ecryptio algorithm ivolves five fuctios: a iitial permutatio (I); a complex fuctio labeled f k, which ivolves both permutatio ad substitutio operatios ad depeds o a key iput; a simple permutatio fuctio that switches (SW) the two halves of the data; the fuctio f k agai, ad fially a permutatio fuctio that is iverse of the iitial permutatio (I - ). As was metioed, the use of multiple stages of permutatio ad substitutio results i a more complex algorithm, which icreases the difficulty of cryptaalysis. The fuctio f k takes as iput ot oly the data passig through the ecryptio algorithm, but also a -bit key. The algorithm could have bee desiged to work with a 6- bit key, cosistig of two -bit subkeys, oe used for each occurrece of f k. alteratively, a sigle -bit key could have bee used, with the same key used twice i the algorithm. A compromise is to use a 0-bit key from which two -bit subkeys are geerated, as depicted. I this case, the key is first subjected to a permutatio (0). The a shift operatio is performed. The output of the shift operatio the passes through a permutatio fuctio that produces a -bit output () for the first subkey (K ). The output of the shift operatio also feeds ito aother shift ad aother istace of to produce the secod subkey (K ). 9

2 Ecryptio -bit plaitext Key Geeratio 0-bit key 0 Shift Decryptio -bit plaitext I f k SW f k K K Shift K K I - f k SW f k I - I -bit ciphertext Fig. 7. -bit ciphertext We ca cocisely the ecryptio algorithm as a compositio of fuctios: I - f K SW f K I Which ca also be writte as Ciphertext = I - (f K (SW(f K (I(plaitext))))) Where K = (Shift (0(key))) K = (Shift(Shift (0(key)))) Decryptio is also show ad is essetially the reverse of ecryptio: laitext = I (f K (SW(f K (I - (ciphertext))))) We ow examie the elemets of S-DES i more detail. 0

3 0-bit key LS- 0 LS- K LS- LS- K S-DES key Geeratio Fig.7. S-DES depeds o the use of a 0-bit key shared betwee seder ad receiver. From this key, two -bit subkeys are produced for use i particular stages of the ecryptio ad decryptio algorithm. Depicts the stages followed to produce the subkeys. First, permute the key i the followig fashio. Let the 0-bit key be desigated as (k, k, k, k, k, k 6, k 7, k, k 9, k 0 ). The the permutatio 0 is defied as 0 (k, k, k, k, k, k 6, k 7, k, k 9, k 0 ) = (k, k, k, k 7, k, k 0, k, k 9, k, k 6 ) 0 ca be cocisely defied by the display: This table is read from left to right; each positio i the table gives the idetity of the iput bit that produces the output bit i that positio. So the first output bit is bit of the iput; the secod output bit is bit of the iput, ad so o. Next, perform a circular left shift (LS-), or rotatio, separately o the fist five bits ad the secod five bits. Next we apply, which picks out ad permutes of the 0 bits accordig to the followig rule: The result is subkey (K ). We tha go back to the pair of -bits strig produced by the two LS- fuctio ad perform a circular left sift of bit positios o each strig. Fially, is applied agai to produce K.

4 S-DES Ecryptio The S-DES ecryptio algorithm i greater detail. As was metioed, ecryptio ivolves the sequetial applicatio of five fuctios. We examie each of these. -bit laitext I E/ fk F S K SW E/ fk F K S I - -bit Ciphertext Fig. 7. Ecryptio Iitial ad Fial ermutatios The iput to the algorithm is a -bit block of plaitext, which we first permute usig the I fuctio:

5 I 6 7 This retais all bits of the plaitext but mixes them up. At the ed of the algorithm, the iverse permutatio is used. I It is easy to show by example that the secod permutatio is ideed the reverse of the first; that is, I - (I(X)) = X. The Fuctio f k The most complex compoet of S-DES is the fuctio f k, which cosists of a combiatio of permutatio ad substitutio fuctios. The fuctios ca be expressed as follows. Let L ad R be the leftmost bits ad rightmost bits of the -bit iput to f k, ad let F be a mappig (ot ecessarily oe-to-oe) from -bit strigs to -bit strigs. The we let f k (L, R) = ( L F( R, SK), R) where SK is a subkey ad is the bit-by-bit exclusive- OR fuctio. For example, suppose the output of the I stage is (00) ad F(0, SK) = (0) for some key SK. The f k (00) = (000) because (0) (0) = (00). We ow describe the mappig F. The iput is a -bit umber ( ). The first operatio is a expasio/ permutatio operatio: E/ For what follows, it is clearer to depict the result i this fashio: The -bit subkey K = (k, k, k, k, k, k 6, k 7, k ) is added to this value usig exclusive- OR: k k k k 6 k k 7 k k Let us reame these bits: 0,0,0 0,, 0,, 0,,

6 This first four bits (first row of the precedig matrix) are fed ito the S-box to produce a - bit output, ad the remaiig bits (secod row) are fed ito S to produce aother -bit output. These two boxes are defied as follows: S The S-boxes operate as follows: the first ad fourth iput bits are treated as -bit umbers that specify a row of the S-box, ad the secod ad third iput bits specify a colum of the S-box. The etry i that row ad colum, i base, is the -bit output. For example, if ( 0,0 0, ) = (00) ad ( 0, 0, ) = (0), the the output is from row0, colum of, which is, or () i biary. Similarly, (,0, ) ad (,, ) are used to idex ito a row ad colum of S to produce a additioal bits. Next, the bits produced by ad S udergo a further permutatio as follows: The output of is the output of the fuctio F. The Switch Fuctio The fuctio f k oly alters the leftmost bits of the iput. The switch fuctio (SW) iterchages the left ad right bits so that the secod istace of f k operates o a differet bits. I this secod istace, the E/,, S, ad fuctios are the same. The key iput is K. Example: S-DES Ecryptio Suppose: = 000 K= bit key shared betwee seder ad receiver. Two -bit sub keys are produced for use i particular stages. First, Let the 0-bit key be desigated as (k, k, k, k, k, k 6, k 7, k, k 9, k 0 ) the the permutatio 0 is defied as 0 (k, k, k, k, k, k 6, k 7, k, k 9, k 0 ) = (k, k, k, k 7, k, k 0, k, k 9, k, k 6 ) a) Key geeratio We start by permutig the key accordig to the permutatio 0 :

7 The result we obtai is 0000 We split the result i two groups of symbols (leftmost ad rightmost): 000 ad bit key LS- LS K= LS- LS K= Fig. 7. From this poit, we used the data to obtai the two itermediate key: -for K we group the bits together agai: 0000 ad perform oe last permutatio that also reduces the umber of bits to. For this we have: =( ) The result is: K =(00) -to obtai K we take the two groups ad shift them twice to the left: 000 ad 0 We group the bits together ad perform agai obtaiig the fial result: K =(000) b) Ecryptio of the plaitext: Start with =000 ad perform the iitial permutatio give by: I = ( 6 7)

8 The result we obtaied, 000 -bit laitext I E/ 00 fk F S 00 0 K SW fk F E/ K 000 S I bit Ciphertext Fig. 7. The first f k : Work o the last bits (00) Apply E/ (E/ = ( )) ad obtai

9 Compute exclusive or with the key K (remember, we obtaied as 00). The result is: 0000 Take the four leftmost bits-0 ad use them with S 0 ad the four rightmost bits-0 ad use them with S. From 0 we use st ad rd bits() for select colum ad d ad th bits (0) to select a row. Itersectio will be 00. From 0 we use st ad rd bits(0) for select colum ad d ad th bits () to select a row Itersectio will be S Apply 000 to the permutatio to it ( = ( )): 000 erform XOR betwee these bits ad the first bits obtaied after the I: = 00 At the ed of the first f k we have: 0000 Switch the two bits sequeces, we get: 0000 The secod f k: Work o the last bits (00): Apply E/ to the four bits ad obtai: 0000 Compute exclusive or with K (000). This takes us to: We are ready for the S-boxes. Use the leftmost bits with S 0 ad the rightmost bits with S. We get: 7

10 ad i.e. 0 i biary. Applyig to it we get 0 Fially, we do exclusive or: 0 00 = 000 The result of the secod f k is: To obtai the ciphertext we apply I - = ( 7 6) Ad we get: S-DES Decryptio C = K = 0000 a) Key geeratio NOTE: The key geeratio process is idetical betwee ecryptio ad decryptio. Sice we use the same keys. K = 00; K = 000 b) Decryptio of the ciphertext: The decryptio process is the reverse of the ecryptio i the sese that we start by permutig the ciphertext ad the we pass it through the two f k boxes.