Block Ciphers - Block Ciphers Structures have been found in DES that were undoubtedly inserted to strengthen the system against certain types of attack

# Block Ciphers - Block Ciphers Structures have been found in...

• Notes
• 64

This preview shows page 1 - 10 out of 64 pages.

Structures have been found in DES that were undoubtedly inserted to strengthen the system against certain types of attack. Structures have also been found that appear to weaken the system. Lexar Corporation, “An Evaluation of the DES”, 1976. Block Ciphers
Stream ciphers Encrypt small (bit or byte) units one at a time Everything we have seen so far Require less buffering Block ciphers Encrypt large chunks (64+ bits) at once Must buffer enough to get a block before encrypting There are ways to convert block ciphers to stream ciphers and vice versa Block ciphers 2
Consider a block cipher with 64 bit blocks 2 64 possible plaintext blocks must have at least 2 64 corresponding ciphertext blocks There are 2 64 ! possible mappings Why not just create a random mapping? Need a 2 64 entry 64-bit table 10 21 bits At \$30/TB (for disk), this costs \$37.5 billion! And would require about 200 million disks… Need to distribute new table if compromised Instead, approximate ideal random mapping using components controlled by a key Block cipher 3
Diffusion Small change in plaintext changes lots of ciphertext Statistical properties of plaintext hidden in ciphertext Confusion Statistical relationship between key and ciphertext as complex as possible Described by Claude Shannon in 1945 Need to design functions that produce output that is diffuse and confused Goals: diffusion and confusion 4
Encrypt in rounds Input to each round is split L 0 = left half of input R 0 = right half of input For each round: L i = R i-1 R i = L i-1 F( R i-1 , K i ) Substitution: S-box Permutation: P-box Proceed for n rounds After final round, undo last permutation C = R n || L n Feistel cipher structure 5 Plaintext Round K i Substitution Permutation R i-1 L i-1 R i L i F
Inputs to decryption engine LD 0 = left half of ciphertext RD 0 = right half of ciphertext For each round LD i = RD i-1 RD i = LD i-1 F(RD i-1 ,K n-i+1 ) Repeat for n rounds Last round P = RD n || LD n Decryption 6 Plaintext Round K n Substitution Permutation RD i-1 LD i-1 RD i LD i F
The entire round is a function: fK (L || R) = R || L F (R, K)) swap (L || R) = R || L E = swap ° swap ° fK r ° swap ° fK r-1 ° ... ° fK 2 ° swap ° fK 1 D = fK 1 ° swap ° fK 2 ° ... ° fK r-1 ° swap ° fK r ° swap ° swap Multiple Rounds 7
8
For decryption to work: F must be deterministic and solely a function of its inputs (key and block) F could certainly produce identical values for a given K and more than one block F could even be a constant function! This wouldn’t lead to strong encryption .... For security: Hide patterns in plaintext Hide patterns in key Coming up with a good F is hard!