This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: Chapter 2 Block Ciphers Blockciphers are the central tool in the design of protocols for sharedkey cryptography (aka. sym metric) cryptography. They are the main available “technology” we have at our disposal. This chapter will take a look at these objects and describe the state of the art in their construction. It is important to stress that blockciphers are just tools—raw ingredients for cooking up some thing more useful. Blockciphers don’t, by themselves, do something that an enduser would care about. As with any powerful tool, one has to learn to use this one. Even an excellent blockcipher won’t give you security if you use don’t use it right. But used well, these are powerful tools indeed. Accordingly, an important theme in several upcoming chapters will be on how to use blockciphers well. We won’t be emphasizing how to design or analyze blockciphers, as this remains very much an art. This chapter gets you acquainted with some typical blockciphers, and discusses attacks on them. In particular we’ll look at two examples, DES and AES. DES is the “old standby.” It is currently the most widelyused blockcipher in existence, and it is of sufficient historical significance that every trained cryptographer needs to have seen its description. AES is a modern blockcipher, and it is expected to supplant DES in the years to come. 2.1 What is a blockcipher? A blockcipher is a function E : { , 1 } k × { , 1 } n → { , 1 } n . This notation means that E takes two inputs, one being a kbit string and the other an nbit string, and returns an nbit string. The first input is the key. The second might be called the plaintext, and the output might be called a ciphertext. The keylength k and the blocklength n are parameters associated to the blockcipher. They vary from blockcipher to blockcipher, as of course does the design of the algorithm itself. For each key K ∈ { , 1 } k we let E K : { , 1 } n → { , 1 } n be the function defined by E K ( M ) = E ( K,M ). For any blockcipher, and any key K , it is required that the function E K be a permutation on { , 1 } n . This means that it is a bijection (ie., a onetoone and onto function) of { , 1 } n to { , 1 } n . (For every C ∈ { , 1 } n there is exactly one M ∈ { , 1 } n such that E K ( M ) = C .) Accordingly E K has an inverse, and we denote it E − 1 K . This function also maps { , 1 } n to { , 1 } n , and of course we have E − 1 K ( E K ( M )) = M and E K ( E − 1 K ( C )) = C for all M,C ∈ { , 1 } n . We let E − 1 : { , 1 } k × { , 1 } n → { , 1 } n be defined by E − 1 ( K,C ) = E − 1 K ( C ). This is the inverse blockcipher to E . Preferably, the blockcipher E is a public specified algorithm. Both the cipher E and its inverse E − 1 should be easily computable, meaning given K,M we can readily compute E ( K,M ), and given 2 BLOCK CIPHERS K,C we can readily compute E − 1 ( K,C ). By “readily compute” we mean that there are public and relatively efficient programs available for these tasks.relatively efficient programs available for these tasks....
View
Full
Document
This note was uploaded on 08/31/2011 for the course CSE 207 taught by Professor Daniele during the Winter '08 term at UCSD.
 Winter '08
 daniele

Click to edit the document details