4 - Lecture #4 SS G513 Network Security Strength of DES Key...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Lecture #4 SS G513 Network Security
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Strength of DES – Key Size 56-bit keys have 2 56 = 7.2 x 10 16 values brute force search looks hard recent advances have shown is possible in 1997 on Internet in a few months in 1998 on dedicated h/w (EFF) in a few days in 1999 above combined in 22hrs! still must be able to recognize plaintext now considering alternatives to DES
Background image of page 2
Strength of DES – Timing Attacks attacks actual implementation of cipher use knowledge of consequences of implementation to derive knowledge of some/all subkey bits specifically use fact that calculations can take varying times depending on the value of the inputs to it particularly problematic on smartcards
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Strength of DES – Analytic Attacks now have several analytic attacks on DES these utilise some deep structure of the cipher by gathering information about encryptions can eventually recover some/all of the sub-key bits if necessary then exhaustively search for the rest generally these are statistical attacks include differential cryptanalysis linear cryptanalysis related key attacks
Background image of page 4
Differential Cryptanalysis Differential cryptanalysis is usually a chosen plaintext attack, meaning that the attacker must be able to obtain encrypted ciphertexts for some set of plaintexts of his choosing The scheme can successfully cryptanalyze DES with an effort on the order 247 chosen plaintexts The basic method uses pairs of plaintext related by a constant difference; difference can be defined in several ways, but the eXclusive OR (XOR) operation is usual.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Differential Cryptanalysis The attacker then computes the differences of the corresponding ciphertexts, hoping to detect statistical patterns in their distribution. The resulting pair of differences is called a differential . Their statistical properties depend upon the nature of the S-boxes used for encryption, so the attacker analyses differentials (Δ X Y ) for each such S-box S . In the basic attack, one particular ciphertext difference is expected to be especially frequent; in this way, In the basic attack, one particular ciphertext difference is expected to be especially frequent; in this way, the cipher can be distinguished from random. More sophisticated variations allow the key to be recovered faster than exhaustive search.
Background image of page 6
Differential Cryptanalysis one of the most significant recent (public) advances in cryptanalysis known by NSA in 70's cf DES design powerful method to analyse block ciphers used to analyse most current block ciphers with varying degrees of success DES reasonably resistant to it, cf Lucifer
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Differential Cryptanalysis a statistical attack against Feistel ciphers uses cipher structure not previously used design of S-P networks has output of function f hence cannot trace values back through cipher without knowing values of the key Differential Cryptanalysis compares two related pairs of encryptions
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/14/2010 for the course CSE SS ZG513 taught by Professor Sundarb during the Summer '10 term at Birla Institute of Technology & Science.

Page1 / 50

4 - Lecture #4 SS G513 Network Security Strength of DES Key...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online