Block Ciphers and Feistel cipher

Similar documents
Part (02) Modem Encryption techniques

Lecture 12: Block ciphers

7 Cryptanalysis. 7.1 Structural Attacks CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Module 2 Advanced Symmetric Ciphers

Lecture 4: DES and block ciphers

MATH3302 Cryptography Problem Set 2

Division Property: a New Attack Against Block Ciphers

Symmetric Crypto Systems

Symmetric Crypto Systems

Cryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev

Lecture Notes. Advanced Discrete Structures COT S

Cryptography Lecture 4 Block ciphers, DES, breaking DES

Introduction. CSC/ECE 574 Computer and Network Security. Outline. Introductory Remarks Feistel Cipher DES AES

Towards Provable Security of Substitution-Permutation Encryption Networks

Codes and Cryptography. Jorge L. Villar. MAMME, Fall 2015 PART XII

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Improved Impossible Differential Cryptanalysis of Rijndael and Crypton

Akelarre. Akelarre 1

Introduction to Cryptology. Lecture 2

Classical Cryptography

Chosen Plaintext Attacks (CPA)

Introduction on Block cipher Yoyo Game Application on AES Conclusion. Yoyo Game with AES. Navid Ghaedi Bardeh. University of Bergen.

Block ciphers. Block ciphers. Data Encryption Standard (DES) DES: encryption circuit

Extended Criterion for Absence of Fixed Points

REU 2015: Complexity Across Disciplines. Introduction to Cryptography

Shift Cipher. For 0 i 25, the ith plaintext character is. E.g. k = 3

Product Systems, Substitution-Permutation Networks, and Linear and Differential Analysis

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 9: Encryption modes. AES

Outline. CPSC 418/MATH 318 Introduction to Cryptography. Information Theory. Partial Information. Perfect Secrecy, One-Time Pad

Chapter 2 : Perfectly-Secret Encryption

Security of the SMS4 Block Cipher Against Differential Cryptanalysis

CTR mode of operation

Topics. Probability Theory. Perfect Secrecy. Information Theory

Public-key Cryptography: Theory and Practice

A Weak Cipher that Generates the Symmetric Group

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky. Lecture 4

Some attacks against block ciphers

Attacks on DES , K 2. ) L 3 = R 2 = L 1 f ( R 1, K 2 ) R 4 R 2. f (R 1 = L 1 ) = L 1. ) f ( R 3 , K 4. f (R 3 = L 3

Permutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1

Jay Daigle Occidental College Math 401: Cryptology

Outline. 1 Arithmetic on Bytes and 4-Byte Vectors. 2 The Rijndael Algorithm. 3 AES Key Schedule and Decryption. 4 Strengths and Weaknesses of Rijndael

Chapter 2 Balanced Feistel Ciphers, First Properties

Structural Cryptanalysis of SASAS

3-6 On Multi Rounds Elimination Method for Higher Order Differential Cryptanalysis

Outline. Computer Science 418. Number of Keys in the Sum. More on Perfect Secrecy, One-Time Pad, Entropy. Mike Jacobson. Week 3

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

STREAM CIPHER. Chapter - 3

Analysis of cryptographic hash functions

Lecture 4: Perfect Secrecy: Several Equivalent Formulations

The Pseudorandomness of Elastic Block Ciphers

Lecture Notes. Advanced Discrete Structures COT S

CSCI3381-Cryptography

Computational and Statistical Learning Theory

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Gurgen Khachatrian Martun Karapetyan

5. Classical Cryptographic Techniques from modular arithmetic perspective

Optimized Interpolation Attacks on LowMC

Klein s and PTW Attacks on WEP

Introduction to Modern Cryptography. Benny Chor

Stream ciphers. Pawel Wocjan. Department of Electrical Engineering & Computer Science University of Central Florida

Solution of Exercise Sheet 7

Bitblock Ciphers and Feistel Networks

Lecture 2: Perfect Secrecy and its Limitations

Lecture (04) Classical Encryption Techniques (III)

one approach to improve security was to encrypt multiple letters invented by Charles Wheatstone in 1854, but named after his

Information and Communications Security: Encryption and Information Hiding

Introduction to Cryptology. Lecture 3

Practically Secure against Differential Cryptanalysis for Block Cipher SMS4

Computational and Statistical Learning Theory

Differential Attack on Five Rounds of the SC2000 Block Cipher

Differential Fault Analysis on DES Middle Rounds

Multi-Map Orbit Hopping Chaotic Stream Cipher

The Artin-Feistel Symmetric Cipher

Block Cipher Cryptanalysis: An Overview

Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:

Structural Evaluation of AES and Chosen-Key Distinguisher of 9-round AES-128

Private-key Systems. Block ciphers. Stream ciphers

Introduction to Cryptology Dr. Sugata Gangopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Roorkee

Image Encryption and Decryption Algorithm Using Two Dimensional Cellular Automata Rules In Cryptography

CPA-Security. Definition: A private-key encryption scheme

Biomedical Security. Overview 9/15/2017. Erwin M. Bakker

Diffusion Analysis of F-function on KASUMI Algorithm Rizki Yugitama, Bety Hayat Susanti, Magfirawaty

The Advanced Encryption Standard

Revisit and Cryptanalysis of a CAST Cipher

Modern Cryptography Lecture 4

Linear Cryptanalysis

Low Complexity Differential Cryptanalysis and Fault Analysis of AES

Introduction. Outline. CSC/ECE 574 Computer and Network Security. Secret Keys or Secret Algorithms? Secrets? (Cont d) Secret Key Cryptography

DD2448 Foundations of Cryptography Lecture 3

Impossible Differential-Linear Cryptanalysis of Reduced-Round CLEFIA-128

Public-Key Encryption: ElGamal, RSA, Rabin

Menu. Lecture 5: DES Use and Analysis. DES Structure Plaintext Initial Permutation. DES s F. S-Boxes 48 bits Expansion/Permutation

Distinguishing Attacks on a Kind of Generalized Unbalanced Feistel Network

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Key classification attack on block ciphers

Ways of Doubling Block Size of Feistel Ciphers Used in Some Candidates for the AES

Block Ciphers. Chester Rebeiro IIT Madras. STINSON : chapters 3

K Anup Kumar et al,int.j.comp.tech.appl,vol 3 (1), 23-31

Differential-Linear Cryptanalysis of Serpent

Real scripts backgrounder 3 - Polyalphabetic encipherment - XOR as a cipher - RSA algorithm. David Morgan

Transcription:

introduction Lecture (07) Block Ciphers and cipher Dr. Ahmed M. ElShafee Modern block ciphers are widely used to provide encryption of quantities of information, and/or a cryptographic checksum to ensure the contents have not been altered. Block ciphers work a on block / word at a time, which is some number of bits. All of these bits have to be available before the block can be processed. Stream ciphers work on a bit or byte of the message at a time, hence process it as a stream. Block ciphers are currently better analysed, and seem to have a broader range of applications, hence focus on them. ١ ٢ Block cipher principles An arbitrary reversible substitution cipher for a large block size is not practical, however, from an implementation and performance point of view. In general, for an nbit general substitution block cipher, need a substitution box of 2 n entities For a 64bit block (8 bytes block), a pure block substation cipher is a huge table contains 2 64 entities, each entity has a 64 bits length. So the size of sbox is 64 x 2 64 = 2 70 = 1.18 E21 bits = 1.34 E8 tera bytes In general, for an nbit general substitution block cipher, the size of the key is n x 2 n. Block length Sbox length 8 bits 8 x 2 8 = 2048 bits = 256 bytes 16 bits 16 x 2 16 = 1.05 E6 bits = 128 kbytes 32 bits 32 x 2 32 = 1.37 E 11 bits = 16 G bytes 64 bits 64 x 2 64 = 2 70 = 1.18 E21 bits = 1.34 E8 tera bytes ٣ ٤

Claude Shannon and Substitution Permutation Ciphers Claude Shannon s 1949 paper has the key ideas that led to the development of modern block ciphers. Critically, it was the technique of layering groups of Sboxes separated by a larger Pbox to form the SP network, a complex form of a product cipher. He also introduced the ideas of confusion and diffusion, notionally provided by Sboxes and Pboxes (in conjunction with Sboxes). Every block cipher involves a transformation of a block of plaintext into a block of ciphertext, where the transformation depends on the key. ٥ ٦ Block cipher designing rules The mechanism of diffusion seeks to make the statistical relationship between the plaintext and ciphertext as complex as possible in order to thwart attempts to deduce the key. Confusion seeks to make the relationship between the statistics of the ciphertext and the value of the encryption key as complex as possible, again to thwart attempts to discover the key. So successful are diffusion and confusion in capturing the essence of the desired attributes of a block cipher that they have become the cornerstone of modern block cipher design. Applying what shannon said cryptosystem designer should follow the following rules instead of building a huge blocks a smaller blocks is used to create from smaller building blocks using idea of a product cipher () Block cipher transforms plain block to text block based on user key Block cipher is invertible and based one 1:1 functions ٧ ٨

Cipher Horst, working at IBM Thomas J Watson Research Labs devised a suitable invertible cipher structure in early 70's. One of 's main contributions was the invention of a suitable structure which adapted Shannon's SP network in an easily inverted structure. ٩ cipher as black substitution box refers to an nbit general substitution as an ideal block cipher it allows for the maximum number of possible encryption mappings from the plaintext to ciphertext block. ١١ It partitions block into two halves which are processed through multiple rounds which perform a substitution on left data half, based on round function of right half & subkey, and then have permutation swapping halves. Essentially the same h/w or s/w is used for both encryption and decryption, with just a slight change in how the keys are used. One layer of Sboxes and the following Pbox are used to form the round function. ١٠ Ex: A 4bit produces one of 16 possible states, which is mapped by the substitution cipher into a unique one of 16 possible states, each of which is represented by 4 ciphertext bits. The encryption and decryption mappings can be defined by a 0000 0001 0010 0011 0100 tabulation ١٢ n Security.. 1111

Cipher Design Elements The exact realization of a network depends on the choice of the following parameters and design features: block size increasing size improves security, but slows cipher key size increasing size improves security, makes exhaustive key searching harder, but may slow cipher number of rounds increasing number improves security, but slows cipher subkey generation algorithm greater complexity can make analysis harder, but slows cipher round function greater complexity can make analysis harder, but slows cipher fast software en/decryption more recent concern for practical use ease of analysis for easier validation & testing of strength cipher decryption The process of decryption with a cipher, is essentially the same as the encryption process. The rule is as follows: Use the ciphertext as to the algorithm, but use the subkeys Ki in reverse order. ١٣ ١٤ That is, use Kn in the first round, Kn 1 in the second round, and so on until is used in the last round. This is a nice feature because it means we need not implement two different algorithms, one for encryption and one for decryption. ١٥ ١٦

Proof; encryption is the same as decryption Enc: R2 = R1 1 L2 = L1 xor F(R1, K) 2 Dec: R3 = R2 3 L3 = L2 xor F(R2, k) 4 From 3 & 1 R1= R3 From 2 & 4 L 3 = L1 xor F(R1, k) xor F(R2, k) But R1 = R2 L3 = L1 xor F(R1, k) xor F(R1, k) L3 = L1 L1 R1 L2 L2 R2 L3 R3 R2 ١٧ Decryption R5 = R4 5 L5 = L4 xor F(R4,) 6 R4 = R3 xor F(L3,k2) 7 L4 = L3 8 ١٩ Proof; encryption is the same as decryption encryption R3 = L2 xor F(R2,) 1 L3 = R2 2 R2 = L1 xor F(R1,k1) 3 L2 = R1 4 ١٨ R3 = L2 xor F(R2,) 1 L3 = R2 2 R2 = L1 xor F(R1,k1) 3 L2 = R1 4 R5 = R4 5 L5 = L4 xor F(R4,) 6 R4 = R3 xor F(L3,k2) 7 L4 = L3 8 From 1,2,4: R3 = R1 xor F(L3,) 8 From 2,3: L3 = L1 xor F(R1,) 9 Sub 11 in 9 L5 = L1 xor F(R1,) xor F(R5,) From 7,5,8: R5 = R3 xor F(L3,) 10 From 8,5,6: L5 = L3 xor F(R5,) 11 But R1 == R5 so F(R1,) = F(R5,) Sub 10 in 8 R5 = R1 xor F(L3,) xor F(L3,k2) = R1 # So L5 = L1 # ٢٠

٢١ ٢٣ Thanks,.. See you next week (ISA), 4 8 chars L1 R1 4 L3 R3 4 4 4 L2 R2 4 L4 R4 4 4 4 L3 R3 4 L5 R5 8 chars Cipher Example Simplified 2 rounds operated on 26 characters English plaintext characters space Dr. Ahmed M. ElShafee ٢٢ Function is SP network Plain characters xored with Key a simple substitution (4 x sbox) Followed by simple permutation (1 x ) L1 R0,0 R0,1 R0,2 R0,3 K0,0 K0,1 K0,2 K0,3 S1 S2 S3 S4 Permutation ٢٤ R1

Example 1 Use the following feistel cipher to encrypt the following message supplies Using the following key scrt s1= pdqjkfvobwselcmtirhgnyxazu S2=gcobidpjmywurtzqefkxnlhsav S3=musxelogkrqpzbatifjycdnvhw S4=ycsjndegatipzwhrokfqvxlubm ٢٦ P=dacb l i e s 11 8 4 18 L1 s u p p R1 18 20 15 15 s c r t 18 2 17 19 d k v l 3 10 21 11 p j d W 15 9 3 22 h d s l 7 3 18 11 l i e s 11 8 4 18 L2 R2 c r t s 2 17 19 18 j u l d 9 20 11 3 j w p n 9 22 15 13 u e t f 20 4 19 5 L3 h d s l R3 7 3 18 11 h d s l u e t f 7 3 18 11 20 4 19 5 ٢٨ Key schedule key 0 1 2 3 0 1 2 3 ٢٥ L1 R1 L2 R2 L3 R3 ٢٧

٢٩ ٣١ d k v l j w d p p j d w ٣٠ j u l d w n p j j w p n ٣٢

L1 t e n f R1 i f t y Example 2 s c r t 18 2 17 19 Use the following feistel cipher to encrypt the following message ten fifty Using the following key scrt L2 R2 c r t s 2 17 19 18 L3 R3 ٣٣ ٣٤ s1= pdqjkfvobwselcmtirhgnyxazu S2=gcobidpjmywurtzqefkxnlhsav S3=musxelogkrqpzbatifjycdnvhw S4=ycsjndegatipzwhrokfqvxlubm P=dacb i f t y 8 5 19 24 L1 t e n f R1 19 4 13 5 s c r t 18 2 17 19 a h k r 0 7 10 17 k p q j 10 15 16 9 d t d o 3 19 3 14 i f t y 8 5 19 24 L2 R2 c r t s 2 17 19 18 f k w g 5 10 22 6 e f n w 4 5 13 22 m k g u 12 10 6 20 L3 d t d o R3 3 19 3 14 d t d o m k g u 3 19 3 14 12 10 6 20 ٣٦ ٣٥

a h k r p j q k k p q j ٣٧ f k w g f w n e e f n w ٣٩ ٣٨ Example 3 Use the following feistel cipher to decrypt the following message qdkcdyjk Using the following key scrt s1= pdqjkfvobwselcmtirhgnyxazu S2=gcobidpjmywurtzqefkxnlhsav S3=musxelogkrqpzbatifjycdnvhw S4=ycsjndegatipzwhrokfqvxlubm ٤٠ P=dacb

d y j k 3 24 9 10 L3 q d k c R3 16 3 10 2 c r t s 2 17 19 18 s u d u 18 20 3 20 v h x n 21 7 23 13 i r m x 8 17 12 23 q d k c 16 3 10 2 L4 R4 s c r t 18 2 17 19 a t d q 0 19 3 16 o p x x 14 15 23 23 i r m x 8 17 12 23 R5 c o n f 2 14 13 5 L5 c o n f i r m x 2 14 13 5 8 17 12 23 ٤٢ s u d u h n x v v h x n ٤٤ L3 R3 L4 R4 R5 L5 ٤١ ٤٣

a t d q p x x o o p x x ٤٥ ٤٦ h v x s w x w k L3 R3 Example 4 c r t s 2 17 19 18 Use the following feistel cipher to decrypt the following message hvxswxwk Using the following key scrt L4 R4 s c r t 18 2 17 19 R5 L5 ٤٧ ٤٨ s1= pdqjkfvobwselcmtirhgnyxazu S2=gcobidpjmywurtzqefkxnlhsav S3=musxelogkrqpzbatifjycdnvhw S4=ycsjndegatipzwhrokfqvxlubm P=dacb

w x w k 22 23 22 10 L3 h v x s R3 7 21 23 18 c r t s 2 17 19 18 j m q k 9 12 16 10 i w i r 8 22 8 17 o b o t 14 1 14 19 h v x s 7 21 23 18 L4 R4 ٥٠ s c r t 18 2 17 19 g d f m 6 3 5 12 z v l b 25 21 11 1 o b o t 14 1 14 19 R5 i a m r 8 0 12 17 L5 i a m r o b o t 8 0 12 17 14 1 14 19 ٤٩ j m q k ٥٢ w r i i i w i r ٥١

g d f m v b l z z v l b ٥٣ ٥٤ Thanks,.. See you next week (ISA),

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback