This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Notes 9 1 Block Ciphers: In symmetric encryption schemes, Alice and Bob share a random key and use this single key to repeatedly exchange information securely despite the existence of an eavesdropping adversary, Eve. The block cipher is a fundamental building block in implementing a symmetric encryption scheme. In a block cipher, Alice and Bob share a k bit random key K , and use this to encrypt an n bit message into an n bit ciphertext. In mathematical notation this can be said as follows. There is an encryption function E : { , 1 } k { , 1 } n { , 1 } n . Once we fix the key K , we get a function mapping n bits to n bits: E K : { , 1 } n { , 1 } n defined by E K ( M ) = E ( K , M ) . E K is required to be a permutation on the n bit strings. The inverse mapping of this permutation D K is the decryption algorithm. D K ( E K ( M )) = M . The Data Encryption Standard (DES) is an example of a block cipher. It was designed by IBM in 1974 in response to a request from NIST for an encryption algorithm that could be standardized. DES uses a key length of k = 56 and a block length of n = 64. It was designed to have extremely fast VLSI implementations. In terms of security, DES has proved to be an impressively strong algorithm. After all these years, the best practical attack known is exhaustive key search (a symmetry in the key structure can be used to halve the search space) which requires 2 55 computations. Thus DES behaves very differently than the onetime pad. Even given a very large number of plaintext, ciphertext pairs, there appears to be no effective way to decrypt any new ciphertexts. The best such technique for DES is through linear cryptanalysis and requires 2 42 such chosen plaintextciphertext pairs. We will formalize these security properties of DES by saying that the function E K for a randomly chosen key K behaves like a random permutation on the n bit strings....
View
Full
Document
This note was uploaded on 01/29/2008 for the course CS 194 taught by Professor Joseph during the Fall '05 term at University of California, Berkeley.
 Fall '05
 Joseph
 Computer Security

Click to edit the document details