This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: BLOCK CIPHERS 1 / 44 Permutations and Inverses A function f : { , 1 } ℓ → { , 1 } ℓ is a permutation if there is an inverse function f − 1 : { , 1 } ℓ → { , 1 } ℓ satisfying ∀ x ∈ { , 1 } ℓ : f − 1 ( f ( x )) = x This means f must be onetoone and onto, meaning for every y ∈ { , 1 } ℓ there is a unique x ∈ { , 1 } ℓ such that f ( x ) = y . 2 / 44 Permutations and Inverses x 00 01 10 11 f ( x ) 01 11 00 10 A permutation x 00 01 10 11 f ( x ) 01 11 11 10 Not a permutation 3 / 44 Permutations and Inverses x 00 01 10 11 f ( x ) 01 11 00 10 A permutation x 00 01 10 11 f − 1 ( x ) 10 00 11 01 Its inverse 4 / 44 Block Ciphers Let E : { , 1 } k × { , 1 } ℓ → { , 1 } ℓ be a function taking a key K and input x to return output E ( K , x ) . For each key K we let E K : { , 1 } ℓ → { , 1 } ℓ be the function defined by E K ( x ) = E ( K , x ) . We say that E is a block cipher if • E K : { , 1 } ℓ → { , 1 } ℓ is a permutation for every K , meaning has an inverse E − 1 K , • E , E − 1 are efficiently computable, where E − 1 ( K , x ) = E − 1 K ( x ) . 5 / 44 Example The table entry corresponding to the key in row K and input in column x is E K ( x ). 00 01 10 11 00 00 01 10 11 01 01 00 11 10 10 10 11 00 01 11 11 10 01 00 In this case, the inverse cipher E − 1 is given by the same table: the table entry corresponding to the key in row K and output in column y is E − 1 K ( y ). 6 / 44 Block Ciphers: Example Let ℓ = k and define E : { , 1 } k × { , 1 } ℓ → { , 1 } ℓ by E K ( x ) = E ( K , x ) = K ⊕ x Then E K has inverse E − 1 K where E − 1 K ( y ) = K ⊕ y Why? Because E − 1 K ( E K ( x )) = E − 1 K ( K ⊕ x ) = K ⊕ K ⊕ x = x The inverse of block cipher E is the block cipher E − 1 defined by E − 1 ( K , y ) = E − 1 K ( y ) = K ⊕ y 7 / 44 Block cipher usage • K $ ← { , 1 } k • K (magically) given to parties S, R, but not to A. • S,R use E K Algorithm E is public! Think of E K as encryption under key K . Leads to security requirements like: • Hard to get K from y 1 , y 2 , . . . • Hard to get x i from y i 8 / 44 DES History 1972 – NBS (now NIST) asked for a block cipher for standardization 1974 – IBM designs Lucifer Lucifer eventually evolved into DES. Widely adopted as a standard including by ANSI and American Bankers association Used in ATM machines Replaced (by AES) only a few years ago 9 / 44 DES parameters Key Length k = 56 Block length ℓ = 64 So, DES: { , 1 } 56 × { , 1 } 64 → { , 1 } 64 DES − 1 : { , 1 } 56 × { , 1 } 64 → { , 1 } 64 10 / 44 DES Construction function DES K ( M ) //  K  = 56 and  M  = 64 ( K 1 , . . . , K 16 ) ← KeySchedule ( K ) //  K i  = 48 for 1 ≤ i ≤ 16 M ← IP ( M ) Parse M as L bardbl R //  L  =  R  = 32 for i = 1 to 16 do L i ← R i − 1 ; R i ← f ( K i , R i − 1 ) ⊕ L i − 1 C ← IP − 1 ( L 16 bardbl R 16 ) return C Round i: Invertible given K i : 11 / 44 DES Construction function DES...
View
Full Document
 Winter '08
 daniele
 Advanced Encryption Standard, Block cipher, Data Encryption Standard

Click to edit the document details