Lecture 3 Feistel based algorithms Today 1. 2. 3. 4. 5. 5. Block ciphers - basis Feistel cipher DES DES variations IDEA NEWDES Ideal Block Cipher Source text Ciphered text SP - network Feistel cipher structure DES • In 1972, the National Institute of Standards and Technology (called the National Bureau of Standards at the time) decided that a strong cryptographic algorithm was needed to protect non-classified information. • In 1974 IBM submitted the Lucifer algorithm, which appeared to meet most of NIST's design requirements. • NIST enlisted the help of the National Security Agency to evaluate the security of Lucifer. • DES is classic Feistel cipher with the n=64 bits. Unfortunately even that n is not real. In fact the algorithm use only 56 bits as key. The official explanation was that the 8-th bit from each byte is needed for parity check. • One of the greatest worries was that the key length, originally 128 bits, was reduced to just 56 bits by NSA request, weakening it significantly. • The modified Lucifer algorithm was adopted by NIST as a federal standard (see FIPS 46–2) on November 23, 1976. Its name was changed to the Data Encryption Standard (DES). • (a) twisted ladder (b) untwisted ladder Li = Ri-1 Ri = Li-1 f (Ri-1, Ki) Using DES CBC • In CBC mode (Cypher Block Chaining Mode), each ciphertext block βi is combined using a XOR with the next input block αi+1. The following scheme is used: We define a block with initial value V I = β0, and then the blocks are ciphered using the following equation βi = eK (βi−1 ⊕ αi ),(i ≥ 1) using DES •Usually OFB and CFB is used for 64 bits blocks but there is no problem in applying on the variable length k bits blocks where (1 ≤ k ≤ 64). •All four modes have both advantages and disadvantages. •A ECB and OFB changing a block from unencrypted input text αi will drive to modifications only to one encrypted output block βi. As we expected this may be a weakness from cryptanalytic point of view especially because the OFB modes is often used in securing satellite communication channels. Using DES to MAC Designing a MAC using CBC. • We begin with an initial block filled with zeroes • Then the encrypted text β1 , β2 , . . . , βn is constructed using key K, ın CBC mode, The MAC is represented by βn block as is presented in the figure. • After that Alice will sent the message α1, α2, . . . , αn , associated with the βn MAC. • When Bob receive the message α1, α2, . . . , αn , and also generate a β1 , . . . , βn using secret key K and checks if the resulted βn is identical with the message MAC. • It is clear that without having the secret key it is almost impossible to generate the correct MAC • The following figure sketches the computation of the CBC-MAC of a message comprising blocks using a secret key k and a block cipher E: Triple DES (3DES) • Triple DES also known as 3DES or sometimes as DES − ede, is an system based by DES. It was proposed by Walter Tuchman (the former chief of the Intel team that develop the DES) Was published in FIPS Pub 46−3. • The idea is simple and use the following formula where: m unencrypted pain text (64 bits), c is the encrypted result , k1 , k2, k3 are DES keys (de 56 bits), DESk : DES encrypt using key k, DESk−1: DES decript using key k. schema References • • http://crypto.stackexchange.com/questions/245/does-unbalancing-a-feistel-cipheralways-improve-security-does-it-improve-securi http://www.itl.nist.gov/fipspubs/fip81.htm • http://www.cacr.math.uwaterloo.ca/hac/ • • • • http://williamstallings.com/OS4e.html William Stallings, Cryptography and Network Security, Fourth Edition, 2005, Prentice Hall http://www.computersciencestudent.com/ http://williamstallings.com/Crypto/Crypto4e-inst.html • http://www.tropsoft.com/strongenc/des.htm • http://cryptodox.com/NewDES • http://en.wikipedia.org/wiki/Meet-in-the-middle_attack • Xuejia Lai and James L. Massey, A Proposal for a New Block Encryption Standard, EUROCRYPT 1990, pp389–404 • Bruce Schneier, Applied Cryptography Second Edition John, Cryptography, Second Edition - John Wiley & Sons • http://toptopics.thefullwiki.org/Broken_block_ciphers Who knows? … about the real security of an algorithm!