DES k

advertisement
Lecture 3
Feistel based algorithms
Today
1.
2.
3.
4.
5.
5.
Block ciphers - basis
Feistel cipher
DES
DES variations
IDEA
NEWDES
Ideal Block Cipher
Source text
Ciphered text
SP - network
Feistel
cipher
structure
DES
• In 1972, the National Institute of Standards and Technology (called the
National Bureau of Standards at the time) decided that a strong
cryptographic algorithm was needed to protect non-classified
information.
• In 1974 IBM submitted the Lucifer algorithm, which appeared to meet
most of NIST's design requirements.
• NIST enlisted the help of the National Security Agency to evaluate the
security of Lucifer.
• DES is classic Feistel cipher with the n=64 bits. Unfortunately even that
n is not real. In fact the algorithm use only 56 bits as key. The official
explanation was that the 8-th bit from each byte is needed for parity
check.
• One of the greatest worries was that the key length, originally 128 bits,
was reduced to just 56 bits by NSA request, weakening it significantly.
• The modified Lucifer algorithm was adopted by NIST as a federal
standard (see FIPS 46–2) on November 23, 1976. Its name was
changed to the Data Encryption Standard (DES).
•
(a) twisted ladder (b) untwisted ladder
Li = Ri-1
Ri = Li-1  f (Ri-1, Ki)
Using DES CBC
• In CBC mode (Cypher Block Chaining Mode),
each ciphertext block βi is combined using a XOR
with the next input block αi+1. The following scheme
is used:
We define a block with initial value V I = β0, and
then the blocks are ciphered using the following
equation
βi = eK (βi−1 ⊕ αi ),(i ≥ 1)
using DES
•Usually OFB and CFB is used for 64 bits blocks but there is no
problem in applying on the variable length k bits blocks where
(1 ≤ k ≤ 64).
•All four modes have both advantages and disadvantages.
•A ECB and OFB changing a block from unencrypted input text
αi will drive to modifications only to one encrypted output block
βi. As we expected this may be a weakness from cryptanalytic
point of view especially because the OFB modes is often used
in securing satellite communication channels.
Using DES to MAC
Designing a MAC using CBC.
• We begin with an initial block filled with zeroes
• Then the encrypted text β1 , β2 , . . . , βn is constructed using key K, ın
CBC mode, The MAC is represented by βn block as is presented in the
figure.
• After that Alice will sent the message α1, α2, . . . , αn , associated with the
βn MAC.
• When Bob receive the message α1, α2, . . . , αn , and also generate a β1 ,
. . . , βn using secret key K and checks if the resulted βn is identical with
the message MAC.
• It is clear that without having the secret key it is almost impossible to
generate the correct MAC
• The following figure sketches the computation of the CBC-MAC of a
message comprising blocks using a secret key k and a block cipher E:
Triple DES (3DES)
• Triple DES also known as 3DES or sometimes as DES − ede, is an
system based by DES. It was proposed by Walter Tuchman (the former
chief of the Intel team that develop the DES) Was published in FIPS
Pub 46−3.
• The idea is simple and use the following formula
where:
m unencrypted pain text (64 bits),
c is the encrypted result ,
k1 , k2, k3 are DES keys (de 56 bits),
DESk : DES encrypt using key k,
DESk−1: DES decript using key k.
schema
References
•
•
http://crypto.stackexchange.com/questions/245/does-unbalancing-a-feistel-cipheralways-improve-security-does-it-improve-securi
http://www.itl.nist.gov/fipspubs/fip81.htm
•
http://www.cacr.math.uwaterloo.ca/hac/
•
•
•
•
http://williamstallings.com/OS4e.html
William Stallings, Cryptography and Network Security, Fourth Edition, 2005, Prentice
Hall
http://www.computersciencestudent.com/
http://williamstallings.com/Crypto/Crypto4e-inst.html
•
http://www.tropsoft.com/strongenc/des.htm
•
http://cryptodox.com/NewDES
•
http://en.wikipedia.org/wiki/Meet-in-the-middle_attack
•
Xuejia Lai and James L. Massey, A Proposal for a New Block Encryption Standard,
EUROCRYPT 1990, pp389–404
• Bruce Schneier, Applied Cryptography Second Edition
John, Cryptography, Second Edition - John Wiley &
Sons
• http://toptopics.thefullwiki.org/Broken_block_ciphers
Who knows? … about the real
security of an algorithm!
Download