DOCSLIB.ORG

Chapter 4 Block Ciphers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Chapter 4 Block Ciphers Chapter 4 Block Ciphers Course website: https://ece.uwaterloo.ca/~j25ni/CP460 1 Outline • Block ciphers • Data encryption standard (DES) • Block cipher attacks • Advanced encryption standard (AES) • Encryption Modes 2 Block Ciphers Block ciphers play an important role in securing systems. They be used to construct: • Pseudo-random number generator • Stream ciphers • Message authentication code (MAC) and hash function • The core components of message authentication technology, data integrity mechanism, identity authentication protocol and the single- key digital signature system. 3 Requirements in Implementation • Safety • Speed • Storage (length of program, length of data packet, cache size) • Implementation platform (hardware, software, chip) • Encryption mode 4 Basic Concept Plaintext Sequence x1, x2,…, xi,… Encryption E: Pn×KCm Substitution Cipher for a sequence of length n Key k=(k0, k1,…, kt-1 ) Key k=(k0, k1,…, kt-1 ) Ciphertext Plaintext Plaintext x=(x0, x1,…, xn-1) x=(y0, y1,…, ym-1) x=(x0, x1,…, xn-1) Encryption Decryption n=m in general. If n < m , it is a block cipher with data extension. If n>m , it is a block cipher with data compression. 5 Design Problem The design problem of block ciphers is to find an algorithm that can easily and quickly select a permutation from a large enough and sufficiently good subset of permutations under the control of keys to encrypt the input plaintext. 6 Design Principles Confusion and Diffusion are two properties of the operation of a secure block cipher Confusion: each binary digit (bit) of the ciphertext should depend on several parts of the key, obscuring the connections between the two. Diffusion: if we change a single bit of the plaintext, then (statistically) half of the bits in the ciphertext should change, and similarly, if we change one bit of the ciphertext, then approximately one half of the plaintext bits should change, such that the statistical properties of plaintext can be hidden. 7 Requirements on Block Cipher Algorithm • The block size n is large enough: • Prevent the exhaustive attack on plaintext. • The amount of keys should be large enough: • Eliminate weak keys and make all keys equally good to prevent exhaustive attack on keys. • The permutation algorithm determined by keys is complex enough: • Realize the Confusion and Diffusion plaintext and key, the connections are obscured, to prevent known attacks. • Encryption and decryption operations are simple: • Easy to implement on software and hardware at high speed. • Data extension: • No data extension, and data extension can be introduced when using homomorphic permutation and randomization encryption techniques. • Error propagation is as small as possible. 8 Block Ciphers Examples Plaintext • AES • DES E • 3DES • Twofish Key Ciphertext • Blowfish • Serpent • IDEA D Plaintext 9 Round Function R(k, m) is called a round function 10 Performance Crypto++ 5.6.0 [Wei Dai] AMD Opteron, 2.2 GHz (Linux) Cipher Block/key size Throughput [MB/s] Stream RC4 126 Salsa20/12 643 Sosemanuk 727 Block 3DES 64/168 13 AES128 128/128 109 11 History of DES 1970s: Horst Feistel designs Lucifer at IBM key = 128 bits, block = 128 bits 1973: NBS (National Bureau of Standards) asks for block cipher proposals. IBM submits variant of Lucifer. 1976: NBS adopts DES as federal standard key = 56 bits, block = 64 bits 1997: DES broken by exhaustive search 2000: NIST adopts Rijndael as AES to replace DES. AES currently widely deployed in banking, commerce and Web 12 DES: core idea – Feistel network Given one-way functions Goal: build invertible function n-bits R0 R1 R2 Rd-1 Rd • • • n-bits f1 f2 fd L0 L1 L2 Ld-1 Ld input output In symbols: 13 Feistel network - inverse Claim: Feistel function F is invertible Proof: construct inverse Ri Ri+1 inverse Ri+1 Ri fi+1 fi+1 Li Li+1 Li+1 Li 14 Decryption circuit -isn-bits n-bits R R d d-1 Rd-2 R1 R0 f f d d-1 • • • f1 L L d d-1 Ld-2 L1 L0 • Inversion is basically the same circuit, with f1, …, fd applied in reverse order • General method for building invertible functions (block ciphers) from arbitrary functions. • Used in many block ciphers … but not AES 15 DES: 16 round Feistel network 56 bits key k 48 bits key expansion key k1 key k2 • • • key k16 64 bits64 bits64 R0 R1 R2 R15 R16 -1 IP f1 f2 • • • f16 IP L0 L1 L2 L15 L16 ⊕ ⊕ ⊕ 16 round Feistel network To invert, use keys in reverse order 16 Initial permutation (IP) Table 17 Initial permutation IP 18 IP-1 Table Y=IP-1(X)=IP-1(IP(M)) 19 The function F(ki, x) S-box: function {0,1}6 {0,1}4, implemented as lookup table. 20 Expansion function E E(a1a2…a32)=a32a1a2a3a4a5a4….a31a32a1 21 Permutation P P(c1c2…c32)=c16c7c20c21c29c12c28….c11c4c25 22 The S Boxes e.g., 011011 1001 23 DES Key Schedule Forms subkeys used in each round – initial permutation of the key (PC1) which selects 56-bits in two 28-bit halves – 16 stages consisting of: • rotating each half separately either 1 or 2 places depending on the key rotation schedule K (left-circular shift) • selecting 24-bits from each half & permuting them by PC2 for use in round function F 24 Input Key 56-bit input key 64-bit key 25 Permuted Choice (PC) 26 Left-circular Shift (LCS) Round 4: left-circular shift 2 bits 1101100011010111000101010100 0110001101011100010101010011 27 Outline • Block ciphers • Data encryption standard (DES) • Block cipher attacks • Advanced encryption standard (AES) • Encryption Modes 28 Exhaustive Search for block cipher key Goal: given a few input output pairs (mi, ci = E(k, mi)) i=1,..,n find key k. Attack: Brute force to find the key k. 29 DES challenge msg = “The unknown messages is:XXXXXXXX…“ CT = c1 c2 c3 c4 56 Goal: find k {0,1} s.t. DES(k, mi) = ci for i=1,2,3 -1 How expensive is it to reveal DES (k, c4)? 1976 DES adopted as federal standard 1997 Distributed search 3 months 1998 EFF deep crack 56 hours $250,000 1999 Distributed search and deep crack 22 hours 2006 COPACOBANA (120 FPGAs parallel machine) 7 days $10,000 72 56-bit keys should not be used (128-bit key 2 days) 30 Strengthening DES Method 1: Triple-DES Let E : K × M M be a block cipher Define 3E: K3 × M M as: 3E( (k1,k2,k3), m) = E(k1, D(k2, E(k3, m) ) ) 3DES - Key-size: 3×56 = 168 bits k = k = k => DES - 3×slower than DES 1 2 3 - Simple attack in time: ≈2118 31 Why not 2DES? • Define 2E( (k1,k2), m) = E(k1 , E(k2 , m) ) key-len = 112 bits for 2DES m E(k2, ) E(k1, ) c Given: M = (m1,…, m10), C = (c1,…,c10). (Naïve method) 56: For each k2 {0,1} 56: For each k1 {0,1} if E(k1, E(k2, mi)) = ci then (k2, k1) k … k … 2 1 2112 checks m c' c’’ … … c’’ = c? 32 Meet in the middle attack • Define 2E( (k1,k2), m) = E(k1 , E(k2 , m) ) key-len = 112 bits for 2DES m E(k2, ) E(k1, ) c … … m c' c’’ c … … Idea: key found when c’ = c’’: E(ki, m) = D(kj, c) 33 Meet in the middle attack • Define 2E( (k1,k2), m) = E(k1 , E(k2 , m) ) key-len = 112 bits for 2DES m E(k2, ) E(k1, ) c Attack: M = (m1,…, m10) , C = (c1,…,c10). • step 1: build table. k0 = 00…00 E(k0 , M) k1 = 00…01 E(k1 , M) nd 56 sort on 2 column 2 2 2 k = 00…10 E(k , M) entries maps c’ to k2 kN = 11…11 E(kN , M) 34 Meet in the middle attack m E(k2, ) E(k1, ) c M = (m ,…, m ) , C = (c ,…,c ) 1 10 1 10 k0 = 00…00 E(k0 , M) • step 1: build table. k1 = 00…01 E(k1 , M) k2 = 00…10 E(k2 , M) • Step 2: for each k {0,1}56: kN = 11…11 E(kN , M) test if D(k, c) is in 2nd column. i i if so then E(k ,M) = D(k,C) (k ,k) = (k2,k1) 35 Meet in the middle attack m E(k2, ) E(k1, ) c Time = 256log(256) + 256 log(256) < 263 << 2112 [Build & Sort Table] [Search Entries] Space ≈ 256 [Table Size] Same attack on 3DES: Time = 2118 , Space ≈ 256 m E(k3, ) D(k2, ) E(k1, ) c 36 Method 2: DESX E : K × {0,1}n {0,1}n a block cipher Define EX as EX(k1, k2, k3, m) = k1 E(k2, m k3 ) For DESX: key-len = 64+56+64 = 184 bits … but there is a meet-in-the-middle attack in time 264+56 = 2120 Note: k1 E(k2, m) and E(k2, m k1) do almost nothing! 37 Attacks on the implementation 1. Side channel attacks: – Measure time to do enc/dec, measure power for enc/dec 16 rounds [Kocher, Jaffe, Jun, 1998] Card is doing DES smartcard IP IP-1 2. Fault attacks: – Computing errors in the last round expose the secret key k never implement crypto primitives yourself … 38 Outline • Block ciphers • Data encryption standard (DES) • Block cipher attacks • Advanced encryption standard (AES) • Encryption Modes 39 AES • 1997: DES broken by exhaustive search • 1997: NIST publishes request for proposal • 1998: 15 submissions • 1999: NIST chooses 5 finalists • 2000: NIST chooses Rijndael as AES (developed by Daemen and Rijmen at K.U. Leuven, Belgium) 40 AES: Subs-Perm network DES is based on Feistel networks AES is based on the idea of substitution-permutation networks That is, alternating steps of substitution and permutation operations 41 AES is a Subs-Perm network (not Feistel) kn k1 k2 S1 S1 S1 S2 S2 S2 S3 S3 S3 input output S8 S8 S8 subs.
Load more

Recommended publications
  • Block Ciphers and the Data Encryption Standard
    Lecture 3: Block Ciphers and the Data Encryption Standard Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) January 26, 2021 3:43pm ©2021 Avinash Kak, Purdue University Goals: To introduce the notion of a block cipher in the modern context. To talk about the infeasibility of ideal block ciphers To introduce the notion of the Feistel Cipher Structure To go over DES, the Data Encryption Standard To illustrate important DES steps with Python and Perl code CONTENTS Section Title Page 3.1 Ideal Block Cipher 3 3.1.1 Size of the Encryption Key for the Ideal Block Cipher 6 3.2 The Feistel Structure for Block Ciphers 7 3.2.1 Mathematical Description of Each Round in the 10 Feistel Structure 3.2.2 Decryption in Ciphers Based on the Feistel Structure 12 3.3 DES: The Data Encryption Standard 16 3.3.1 One Round of Processing in DES 18 3.3.2 The S-Box for the Substitution Step in Each Round 22 3.3.3 The Substitution Tables 26 3.3.4 The P-Box Permutation in the Feistel Function 33 3.3.5 The DES Key Schedule: Generating the Round Keys 35 3.3.6 Initial Permutation of the Encryption Key 38 3.3.7 Contraction-Permutation that Generates the 48-Bit 42 Round Key from the 56-Bit Key 3.4 What Makes DES a Strong Cipher (to the 46 Extent It is a Strong Cipher) 3.5 Homework Problems 48 2 Computer and Network Security by Avi Kak Lecture 3 Back to TOC 3.1 IDEAL BLOCK CIPHER In a modern block cipher (but still using a classical encryption method), we replace a block of N bits from the plaintext with a block of N bits from the ciphertext.
    [Show full text]
  • KLEIN: a New Family of Lightweight Block Ciphers
    KLEIN: A New Family of Lightweight Block Ciphers Zheng Gong1, Svetla Nikova1;2 and Yee Wei Law3 1Faculty of EWI, University of Twente, The Netherlands fz.gong, [email protected] 2 Dept. ESAT/SCD-COSIC, Katholieke Universiteit Leuven, Belgium 3 Department of EEE, The University of Melbourne, Australia [email protected] Abstract Resource-efficient cryptographic primitives become fundamental for realizing both security and efficiency in embedded systems like RFID tags and sensor nodes. Among those primitives, lightweight block cipher plays a major role as a building block for security protocols. In this paper, we describe a new family of lightweight block ciphers named KLEIN, which is designed for resource-constrained devices such as wireless sensors and RFID tags. Compared to the related proposals, KLEIN has ad- vantage in the software performance on legacy sensor platforms, while its hardware implementation can be compact as well. Key words. Block cipher, Wireless sensor network, Low-resource implementation. 1 Introduction With the development of wireless communication and embedded systems, we become increasingly de- pendent on the so called pervasive computing; examples are smart cards, RFID tags, and sensor nodes that are used for public transport, pay TV systems, smart electricity meters, anti-counterfeiting, etc. Among those applications, wireless sensor networks (WSNs) have attracted more and more attention since their promising applications, such as environment monitoring, military scouting and healthcare. On resource-limited devices the choice of security algorithms should be very careful by consideration of the implementation costs. Symmetric-key algorithms, especially block ciphers, still play an important role for the security of the embedded systems.
    [Show full text]
  • Chapter 3 – Block Ciphers and the Data Encryption Standard
    Symmetric Cryptography Chapter 6 Block vs Stream Ciphers • Block ciphers process messages into blocks, each of which is then en/decrypted – Like a substitution on very big characters • 64-bits or more • Stream ciphers process messages a bit or byte at a time when en/decrypting – Many current ciphers are block ciphers • Better analyzed. • Broader range of applications. Block vs Stream Ciphers Block Cipher Principles • Block ciphers look like an extremely large substitution • Would need table of 264 entries for a 64-bit block • Arbitrary reversible substitution cipher for a large block size is not practical – 64-bit general substitution block cipher, key size 264! • Most symmetric block ciphers are based on a Feistel Cipher Structure • Needed since must be able to decrypt ciphertext to recover messages efficiently Ideal Block Cipher Substitution-Permutation Ciphers • in 1949 Shannon introduced idea of substitution- permutation (S-P) networks – modern substitution-transposition product cipher • These form the basis of modern block ciphers • S-P networks are based on the two primitive cryptographic operations we have seen before: – substitution (S-box) – permutation (P-box) (transposition) • Provide confusion and diffusion of message Diffusion and Confusion • Introduced by Claude Shannon to thwart cryptanalysis based on statistical analysis – Assume the attacker has some knowledge of the statistical characteristics of the plaintext • Cipher needs to completely obscure statistical properties of original message • A one-time pad does this Diffusion
    [Show full text]
  • A Block Cipher Algorithm to Enhance the Avalanche Effect Using Dynamic Key- Dependent S-Box and Genetic Operations 1Balajee Maram and 2J.M
    International Journal of Pure and Applied Mathematics Volume 119 No. 10 2018, 399-418 ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version) url: http://www.ijpam.eu Special Issue ijpam.eu A Block Cipher Algorithm to Enhance the Avalanche Effect Using Dynamic Key- Dependent S-Box and Genetic Operations 1Balajee Maram and 2J.M. Gnanasekar 1Department of CSE, GMRIT, Rajam, India. Research and Development Centre, Bharathiar University, Coimbatore. [email protected] 2Department of Computer Science & Engineering, Sri Venkateswara College of Engineering, Sriperumbudur Tamil Nadu. [email protected] Abstract In digital data security, an encryption technique plays a vital role to convert digital data into intelligible form. In this paper, a light-weight S- box is generated that depends on Pseudo-Random-Number-Generators. According to shared-secret-key, all the Pseudo-Random-Numbers are scrambled and input to the S-box. The complexity of S-box generation is very simple. Here the plain-text is encrypted using Genetic Operations and S-box which is generated based on shared-secret-key. The proposed algorithm is experimentally investigates the complexity, quality and performance using the S-box parameters which includes Hamming Distance, Balanced Output and the characteristic of cryptography is Avalanche Effect. Finally the comparison results motivates that the dynamic key-dependent S-box has good quality and performance than existing algorithms. 399 International Journal of Pure and Applied Mathematics Special Issue Index Terms:S-BOX, data security, random number, cryptography, genetic operations. 400 International Journal of Pure and Applied Mathematics Special Issue 1. Introduction In public network, several types of attacks1 can be avoided by applying Data Encryption/Decryption2.
    [Show full text]
  • A Tutorial on the Implementation of Block Ciphers: Software and Hardware Applications
    A Tutorial on the Implementation of Block Ciphers: Software and Hardware Applications Howard M. Heys Memorial University of Newfoundland, St. John's, Canada email: [email protected] Dec. 10, 2020 2 Abstract In this article, we discuss basic strategies that can be used to implement block ciphers in both software and hardware environments. As models for discussion, we use substitution- permutation networks which form the basis for many practical block cipher structures. For software implementation, we discuss approaches such as table lookups and bit-slicing, while for hardware implementation, we examine a broad range of architectures from high speed structures like pipelining, to compact structures based on serialization. To illustrate different implementation concepts, we present example data associated with specific methods and discuss sample designs that can be employed to realize different implementation strategies. We expect that the article will be of particular interest to researchers, scientists, and engineers that are new to the field of cryptographic implementation. 3 4 Terminology and Notation Abbreviation Definition SPN substitution-permutation network IoT Internet of Things AES Advanced Encryption Standard ECB electronic codebook mode CBC cipher block chaining mode CTR counter mode CMOS complementary metal-oxide semiconductor ASIC application-specific integrated circuit FPGA field-programmable gate array Table 1: Abbreviations Used in Article 5 6 Variable Definition B plaintext/ciphertext block size (also, size of cipher state) κ number
    [Show full text]
  • Construction of Stream Ciphers from Block Ciphers and Their Security
    Sridevi, International Journal of Computer Science and Mobile Computing, Vol.3 Issue.9, September- 2014, pg. 703-714 Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320–088X IJCSMC, Vol. 3, Issue. 9, September 2014, pg.703 – 714 RESEARCH ARTICLE Construction of Stream Ciphers from Block Ciphers and their Security Sridevi, Assistant Professor, Department of Computer Science, Karnatak University, Dharwad Abstract: With well-established encryption algorithms like DES or AES at hand, one could have the impression that most of the work for building a cryptosystem -for example a suite of algorithms for the transmission of encrypted data over the internet - is already done. But the task of a cipher is very specific: to encrypt or decrypt a data block of a specified length. Given an plaintext of arbitrary length, the most simple approach would be to break it down to blocks of the desired length and to use padding for the final block. Each block is encrypted separately with the same key, which results in identical ciphertext blocks for identical plaintext blocks. This is known as Electronic Code Book (ECB) mode of operation, and is not recommended in many situations because it does not hide data patterns well. Furthermore, ciphertext blocks are independent from each other, allowing an attacker to substitute, delete or replay blocks unnoticed. The feedback modes in fact turn the block cipher into a stream cipher by using the algorithm as a keystream generator. Since every mode may yield different usage and security properties, it is necessary to analyse them in detail.
    [Show full text]
  • Chapter 2 Block Ciphers
    Chapter 2 Block Ciphers Block ciphers are the central tool in the design of protocols for shared-key cryp- tography. They are the main available “technology” we have at our disposal. This chapter will take a look at these objects and describe the state of the art in their construction. It is important to stress that block ciphers are just tools—raw ingredients for cooking up something more useful. Block ciphers don’t, by themselves, do something that an end-user would care about. As with any powerful tool, one has to learn to use this one. Even a wonderful block cipher won’t give you security if you use don’t use it right. But used well, these are powerful tools indeed. Accordingly, an important theme in several upcoming chapters will be on how to use block ciphers well. We won’t be emphasizing how to design or analyze block ciphers, as this remains very much an art. The main purpose of this chapter is just to get you acquainted with what typical block ciphers look like. We’ll look at two examples, DES and AES. DES is the “old standby.” It is currently (year 2001) the most widely-used block cipher in existence, and it is of sufficient historical significance that every trained cryptographer needs to have seen its description. AES is a modern block cipher, and it is expected to supplant DES in the years to come. 2.1 What is a block cipher? A block cipher is a function E: {0, 1}k ×{0, 1}n →{0, 1}n that takes two inputs, a k- bit key K and an n-bit “plaintext” M, to return an n-bit “ciphertext” C = E(K, M).
    [Show full text]
  • Recommendation for Block Cipher Modes of Operation Methods
    NIST Special Publication 800-38A Recommendation for Block 2001 Edition Cipher Modes of Operation Methods and Techniques Morris Dworkin C O M P U T E R S E C U R I T Y ii C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 December 2001 U.S. Department of Commerce Donald L. Evans, Secretary Technology Administration Phillip J. Bond, Under Secretary of Commerce for Technology National Institute of Standards and Technology Arden L. Bement, Jr., Director iii Reports on Information Security Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analyses to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.
    [Show full text]
  • Fast Correlation Attacks: Methods and Countermeasures
    Fast Correlation Attacks: Methods and Countermeasures Willi Meier FHNW, Switzerland Abstract. Fast correlation attacks have considerably evolved since their first appearance. They have lead to new design criteria of stream ciphers, and have found applications in other areas of communications and cryp- tography. In this paper, a review of the development of fast correlation attacks and their implications on the design of stream ciphers over the past two decades is given. Keywords: stream cipher, cryptanalysis, correlation attack. 1 Introduction In recent years, much effort has been put into a better understanding of the design and security of stream ciphers. Stream ciphers have been designed to be efficient either in constrained hardware or to have high efficiency in software. A synchronous stream cipher generates a pseudorandom sequence, the keystream, by a finite state machine whose initial state is determined as a function of the secret key and a public variable, the initialization vector. In an additive stream cipher, the ciphertext is obtained by bitwise addition of the keystream to the plaintext. We focus here on stream ciphers that are designed using simple devices like linear feedback shift registers (LFSRs). Such designs have been the main tar- get of correlation attacks. LFSRs are easy to implement and run efficiently in hardware. However such devices produce predictable output, and cannot be used directly for cryptographic applications. A common method aiming at destroy- ing the predictability of the output of such devices is to use their output as input of suitably designed non-linear functions that produce the keystream. As the attacks to be described later show, care has to be taken in the choice of these functions.
    [Show full text]
  • Block Ciphers
    BLOCK CIPHERS MTH 440 Block ciphers • Plaintext is divided into blocks of a given length and turned into output ciphertext blocks of the same length • Suppose you had a block cipher, E(x,k) where the input plaintext blocks,x, were of size 5-bits and a 4-bit key, k. • PT = 10100010101100101 (17 bits), “Pad” the PT so that its length is a multiple of 5 (we will just pad with 0’s – it doesn’t really matter) • PT = 10100010101100101000 • Break the PT into blocks of 5-bits each (x=x1x2x3x4) where each xi is 5 bits) • x1=10100, x2= 01010, x3=11001, x4=01000 • Ciphertext: c1c2c3c4 where • c1=E(x1,k1), c2=E(x2,k2), c3=E(x3,k3), c4=E(x4,k4) • (when I write the blocks next to each other I just mean concatentate them (not multiply) – we’ll do this instead of using the || notation when it is not confusing) • Note the keys might all be the same or all different What do the E’s look like? • If y = E(x,k) then we’ll assume that we can decipher to a unique output so there is some function, we’ll call it D, so that x = D(y,k) • We might define our cipher to be repeated applications of some function E either with the same or different keys, we call each of these applications “round” • For example we might have a “3 round” cipher: y Fk x E((() E E x, k1 , k 2)), k 3 • We would then decipher via 1 x Fk (,, y) D((() D D y, k3 k 2) k 1) S-boxes (Substitution boxes) • Sometimes the “functions” used in the ciphers are just defined by a look up table that are often referred to “S- boxes” •x1 x 2 x 3 S(x 1 x 2 x 3 ) Define a 4-bit function with a 3-bit key 000
    [Show full text]
  • Block Cipher and Data Encryption Standard (DES)
    Block Cipher and Data Encryption Standard (DES) 2021.03.09 Presented by: Mikail Mohammed Salim Professor 박종혁 Cryptography and Information Security 1 Block Cipher and Data Encryption Standard (DES) Contents • What is Block Cipher? • Padding in Block Cipher • Ideal Block Cipher • What is DES? • DES- Key Discarding Process • Des- 16 rounds of Encryption • How secure is DES? 2 Block Cipher and Data Encryption Standard (DES) What is Block Cipher? • An encryption technique that applies an algorithm with parameters to encrypt blocks of text. • Each plaintext block has an equal length of ciphertext block. • Each output block is the same size as the input block, the block being transformed by the key. • Block size range from 64 -128 bits and process the plaintext in blocks of 64 or 128 bits. • Several bits of information is encrypted with each block. Longer messages are encoded by invoking the cipher repeatedly. 3 Block Cipher and Data Encryption Standard (DES) What is Block Cipher? • Each message (p) grouped in blocks is encrypted (enc) using a key (k) into a Ciphertext (c). Therefore, 푐 = 푒푛푐푘(푝) • The recipient requires the same k to decrypt (dec) the p. Therefore, 푝 = 푑푒푐푘(푐) 4 Block Cipher and Data Encryption Standard (DES) Padding in Block Cipher • Block ciphers process blocks of fixed sizes, such as 64 or 128 bits. The length of plaintexts is mostly not a multiple of the block size. • A 150-bit plaintext provides two blocks of 64 bits each with third block of remaining 22 bits. • The last block of bits needs to be padded up with redundant information so that the length of the final block equal to block size of the scheme.
    [Show full text]
  • A Novel Construction of Efficient Substitution-Boxes Using Cubic
    entropy Article A Novel Construction of Efficient Substitution-Boxes Using Cubic Fractional Transformation Amjad Hussain Zahid 1,2, Muhammad Junaid Arshad 2 and Musheer Ahmad 3,* 1 Department of Computer Science, University of Management and Technology, Lahore 54000, Pakistan; [email protected] 2 Department of Computer Science, University of Engineering and Technology, Lahore 54000, Pakistan; [email protected] 3 Department of Computer Engineering, Jamia Millia Islamia, New Delhi 110025, India * Correspondence: [email protected]; Tel.: +91-112-698-0281 Received: 27 January 2019; Accepted: 28 February 2019; Published: 5 March 2019 Abstract: A symmetric block cipher employing a substitution–permutation duo is an effective technique for the provision of information security. For substitution, modern block ciphers use one or more substitution boxes (S-Boxes). Certain criteria and design principles are fulfilled and followed for the construction of a good S-Box. In this paper, an innovative technique to construct substitution-boxes using our cubic fractional transformation (CFT) is presented. The cryptographic strength of the proposed S-box is critically evaluated against the state of the art performance criteria of strong S-boxes, including bijection, nonlinearity, bit independence criterion, strict avalanche effect, and linear and differential approximation probabilities. The performance results of the proposed S-Box are compared with recently investigated S-Boxes to prove its cryptographic strength. The simulation and comparison analyses validate that the proposed S-Box construction method has adequate efficacy to generate efficient candidate S-Boxes for usage in block ciphers. Keywords: substitution box; cubic fractional transformation; block ciphers; security 1. Introduction Cryptography helps individuals and organizations to protect their data.
    [Show full text]