DOCSLIB.ORG

Data Encryption Standard (DES)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Data Encryption Standard (DES) Data Encryption Standard (DES) Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 16 Data Encryption Standard (DES), adopted in 1976 DES has 56 bit keys. You can re-use a key as often as you want. You can encrypt text that is as long as you want*. * In any modern encryption system, there are theoretical limits on the number of times you use the key, and length of the plaintexts. But the limits are huge. They are generally not a concern in practice. Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 17 DES Data Encryption Standard (DES) adopted in 1976 Key size (56 bits) is too small for today's computers (can be broken within hours on very powerful computers) Variants (e.g. 3DES) still provide good security, although nowadays AES considered more secure and is more efficient. Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 18 Design parameters Block length is 64 bits • Key length is is 56 bits • I Actually, the key length is often said to be 64 bits. But 8 of those bits are parity bits. So the effective key length is 56 bits. DES consists of 16 \rounds". Each round uses a roundkey, • also called a subkey, derived from the main key. Subkey length is 48 bits for each subkey K1;:::; K16. Subkeys are derived from the 56 bit key via the \key schedule". Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 19 Notation for DES operations Have three special operations: Cyclic shifts on bitstring blocks: Will denote by b <<< n the • move of the bits of block b by n to the left. Bits that would have fallen out are added at the right side of the b. b >>> n is defined similarly Permutations on the position of bits: Written down as output • order of the input bits. Example: the permutation 4 1 2 3 means that the fourth input bit becomes the first output bit, • the first input bit becomes the second output bit, • the second input bit becomes the third output bit, and • the third input bit becomes the fourth output bit. Sometimes,• we use the word \permutation" for bit re-arrangements that include duplication or dropping of bits, even though that is not a proper permutation. Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 20 Key schedule Have different keys for each round, computed by so-called Key schedule 64-bit key is actually 56-bit key plus 8 parity bits First apply a permutation PC-1 which removes the parity bits. • This results in 56 bits. Split result into half to obtain (C0; D0) • For each round i = 1; :::; 16, we compute • Ci = Ci 1 <<< pi − Di = Di 1 <<< pi − where 1 if i = 1; 2; 9; 16 p = i 2 otherwise Now we join Ci and Di together, and apply a permutation • PC-2 which produces a 48-bit output, to obtain Ki . Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 21 Feistel cipher: a way of doing block ciphers Invented in 1971 at IBM Important class of ciphers (eg Blowfish, DES, 3DES) Same encryption scheme applied iteratively for several rounds Important step: Derive next message state from previous message state via special function called Feistel function Encryption is organised as a series of \rounds". Each round works as follows: Split input in half • Apply Feistel function to the right half • Compute xor of result with old left half to be new left half • Swap old right and new left half, unless we are in the last • round Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 22 Overview of DES R Plaintext Block Li−1 i−1 Ki Initial Permutation IP F L0 R0 Li Ri L16 R16 Final Permutation IP−1 Ciphertext block Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 23 DES Feistel Cipher, continued Formal definition: Split plaintext block in two equal pieces M = (L0; R0) • For each round i = 1; 2;:::; 16 compute • Li = Ri 1 − Ri = Li 1 F (Ki ; Ri 1) − ⊕ − The ciphertext is C = (R16; L16) • R Li−1 i−1 Ki F Li Ri Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 24 Decryption Works as encryption, but with a reversed order of keys Split ciphertext block in two equal pieces C = (R16; L16) • For each round i = 16; 15;:::; 1 compute • Ri 1 = Li − Li 1 = Ri F (Ki ; Li ) − ⊕ Plaintext is M = (L0; R0) • Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 25 DES Feistel function Four stage procedure: Expansion permutation: Expand 32-bit message half block to • 48 bit block by doubling 16 bits and permuting them Round key addition: Compute xor of this 48 bit block with • round key Ki S-Box: Split 48 bit into eight 6-bit blocks. Each of them is • given as input to eight substitution boxes, which substitute 6-bit block by 4-bit block. P-Box: Combine these eight 4-bit blocks to 32-bit block and • apply another permutation. Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 26 DES Feistel function, continued Source: Wikipedia Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 27 S-boxes S-boxes: An S-box substitution is a table lookup. Input is 6 • bit, output is 4 bit. Works as follows: Strip out outer bits of input and join them. This two-bit • number is the row index. Four inner bits indicate column number. • Output is corresponding entry in table • Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 28 Confusion and diffusion The design of DES aims to provide confusion and diffusion. I Confusion means that each bit of the ciphertext should depend on several parts of the key, obscuring the connections between the two. I Diffusion means that if we change a single bit of the plaintext, then (statistically) half of the bits in the ciphertext should change. A related property is \non-linearity". If a cipher has this property, it means that the ciphertext is not a \linear" combination of the key and the plaintext. (That would be weak. More precisely, it would be vulnerable to linear differential cryptanalysis.) Permutations and XOR are linear operations. So some non-linear operations need to be used as well. The S-box of DES is a non-linear operation. Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 29 Choice of S-boxes Because of their non-linearity, the S-boxes are the core of DES in terms of cryptographic strength. Motivation for the choice of the particular S-boxes not known until 1990s. It includes the following constraints: I No single output bit should be too close to a linear combination of the input bits. I If two inputs to an S-box differ in exactly one bit, their outputs must differ in at least two bits. I If two inputs to an S-box differ in the two middle bits, their outputs must differ in at least two bits. I If two inputs to an S-box differ in their rst two bits and are identical in their last two bits, the two outputs must be different. Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 30 DES is not secure by today's standards In any practical encryption system, such as DES, an attacker could try to enumerate all the keys, and test them all. What prevents this in practice is that it would take too long. How long depends on the key size. In the 1970s, the assumption was that you could test at most 1 million keys per second. In that case it would take you more than 2000 years to crack a DES key. DES keys are too short for today's standards. In 2012, a system with 48 Xilinx Virtex-6 LX240T FPGAs was announced, each FPGA containing 40 fully pipelined DES cores running at 400 MHz, able to test 8 x 1011 keys/sec. The system can exhaustively search the entire 56-bit DES key space in about 28 hours. AES has 128 bit keys. That is vastly more. Even if you could build a system capable of testing 8 x 1011 keys/sec, it would take 25,000 years to test them all. Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 31 DES, \2DES" and 3DES DES a good design, but as it only has 56 bit keys, it has only approximately 256 security. (There are some cryptanalytic attacks on DES, but not very serious ones, so let's say its security is about 256.) How about using DES twice? Take a 112-bit key, split it into two keys K1 and K2 and encrypt M like this: EncK1 (EncK2 (M)) Would that give us 2112 security? Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 32 \2DES" is not significantly more secure than DES Suppose we have a pair (M; C) consisting of a valid plaintext-ciphertext pair. With approximately 257 work, we can find the 112-bit key K1K2 used in 2DES. Here is how to do it. 56 I Try all 2 possible keys K2, and store all the results 56 EncK2 (M). Sort them in order. This is 2 work for the encryption, and 256 log(256) for the sorting. 56 I Try all the 2 possible keys K1, computing DecK1 (C). For each such value, check if it is one of the stored EncK2 (M). That is 256 work for the Dec, and log(256) work for the checking.
Load more

Recommended publications
  • Public Key Cryptography And
    PublicPublic KeyKey CryptographyCryptography andand RSARSA Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 [email protected] Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/ Washington University in St. Louis CSE571S ©2011 Raj Jain 9-1 OverviewOverview 1. Public Key Encryption 2. Symmetric vs. Public-Key 3. RSA Public Key Encryption 4. RSA Key Construction 5. Optimizing Private Key Operations 6. RSA Security These slides are based partly on Lawrie Brown’s slides supplied with William Stallings’s book “Cryptography and Network Security: Principles and Practice,” 5th Ed, 2011. Washington University in St. Louis CSE571S ©2011 Raj Jain 9-2 PublicPublic KeyKey EncryptionEncryption Invented in 1975 by Diffie and Hellman at Stanford Encrypted_Message = Encrypt(Key1, Message) Message = Decrypt(Key2, Encrypted_Message) Key1 Key2 Text Ciphertext Text Keys are interchangeable: Key2 Key1 Text Ciphertext Text One key is made public while the other is kept private Sender knows only public key of the receiver Asymmetric Washington University in St. Louis CSE571S ©2011 Raj Jain 9-3 PublicPublic KeyKey EncryptionEncryption ExampleExample Rivest, Shamir, and Adleman at MIT RSA: Encrypted_Message = m3 mod 187 Message = Encrypted_Message107 mod 187 Key1 = <3,187>, Key2 = <107,187> Message = 5 Encrypted Message = 53 = 125 Message = 125107 mod 187 = 5 = 125(64+32+8+2+1) mod 187 = {(12564 mod 187)(12532 mod 187)... (1252 mod 187)(125 mod 187)} mod 187 Washington University in
    [Show full text]
  • On the NIST Lightweight Cryptography Standardization
    On the NIST Lightweight Cryptography Standardization Meltem S¨onmez Turan NIST Lightweight Cryptography Team ECC 2019: 23rd Workshop on Elliptic Curve Cryptography December 2, 2019 Outline • NIST's Cryptography Standards • Overview - Lightweight Cryptography • NIST Lightweight Cryptography Standardization Process • Announcements 1 NIST's Cryptography Standards National Institute of Standards and Technology • Non-regulatory federal agency within U.S. Department of Commerce. • Founded in 1901, known as the National Bureau of Standards (NBS) prior to 1988. • Headquarters in Gaithersburg, Maryland, and laboratories in Boulder, Colorado. • Employs around 6,000 employees and associates. NIST's Mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. 2 NIST Organization Chart Laboratory Programs Computer Security Division • Center for Nanoscale Science and • Cryptographic Technology Technology • Secure Systems and Applications • Communications Technology Lab. • Security Outreach and Integration • Engineering Lab. • Security Components and Mechanisms • Information Technology Lab. • Security Test, Validation and • Material Measurement Lab. Measurements • NIST Center for Neutron Research • Physical Measurement Lab. Information Technology Lab. • Advanced Network Technologies • Applied and Computational Mathematics • Applied Cybersecurity • Computer Security • Information Access • Software and Systems • Statistical
    [Show full text]
  • Choosing Key Sizes for Cryptography
    information security technical report 15 (2010) 21e27 available at www.sciencedirect.com www.compseconline.com/publications/prodinf.htm Choosing key sizes for cryptography Alexander W. Dent Information Security Group, University Of London, Royal Holloway, UK abstract After making the decision to use public-key cryptography, an organisation still has to make many important decisions before a practical system can be implemented. One of the more difficult challenges is to decide the length of the keys which are to be used within the system: longer keys provide more security but mean that the cryptographic operation will take more time to complete. The most common solution is to take advice from information security standards. This article will investigate the methodology that is used produce these standards and their meaning for an organisation who wishes to implement public-key cryptography. ª 2010 Elsevier Ltd. All rights reserved. 1. Introduction being compromised by an attacker). It also typically means a slower scheme. Most symmetric cryptographic schemes do The power of public-key cryptography is undeniable. It is not allow the use of keys of different lengths. If a designer astounding in its simplicity and its ability to provide solutions wishes to offer a symmetric scheme which provides different to many seemingly insurmountable organisational problems. security levels depending on the key size, then the designer However, the use of public-key cryptography in practice is has to construct distinct variants of a central design which rarely as simple as the concept first appears. First one has to make use of different pre-specified key lengths.
    [Show full text]
  • Quantum Computing Threat: How to Keep Ahead
    Think openly, build securely White paper: Quantum Computing Threat: How to Keep Ahead Ë PQShield Ƕ February 2021 © PQShield Ltd | www.pqshield.com | PQShield Ltd, Oxford, OX2 7HT, UK Cryptographic agility and a clear roadmap to the upcoming NIST standards are key to a smooth and secure transition. 1 Background 1.1 New Cryptography Standards The NIST (U.S. National Institute of Standards and Technology) Post‐Quantum Cryptography (PQC) Project has been running since 2016 and is now in its third, final evaluation round. This project standardizes new key establishment and digital signature algorithms that have been designed to be resistant against attacks by quantum computers. These new algorithms are intended to replace current classical‐security RSA and Elliptic Cryptography (ECDH, ECDSA) standards in applications. The particular mathematical problems that RSA and Elliptic Cryptography are based onareeasy (polynomial‐time solvable) for quantum computers. Unless complemented with quantum‐safe cryptography, this will allow for the forgery of digital signatures (integrity compromise) and de‐ cryption of previously encrypted data (confidentiality compromise) in the future. This is aheight‐ ened risk for organizations that need to secure data for long periods of time; government orga‐ nizations that handle and secure classified information have largely been the drivers ofthepost‐ quantum standardization and its adoption in the field, but banks, financial services, healthcare providers, those developing intellectual property and many others increasingly feel the need to ensure that they can protect their customers and IP – now and in the future. 1.2 Quantum Threat and Post-Quantum Cryptography The current position of NCSC (UK’s National Cyber Security Centre) and NSA (USA’s National Se‐ curity Agency) is that the best mitigation against the threat of quantum computers is quantum‐ safe cryptography, also known as post‐quantum cryptography (PQC).
    [Show full text]
  • Cryptographic Algorithms and Key Sizes for Personal Identity Verification
    Archived NIST Technical Series Publication The attached publication has been archived (withdrawn), and is provided solely for historical purposes. It may have been superseded by another publication (indicated below). Archived Publication Series/Number: NIST Special Publication 800-78-2 Title: Cryptographic Algorithms and Key Sizes for Personal Identity Verification Publication Date(s): February 2010 Withdrawal Date: December 2010 Withdrawal Note: SP 800-78-2 is superseded in its entirety by the publication of SP 800-78-3 (December 2010). Superseding Publication(s) The attached publication has been superseded by the following publication(s): Series/Number: NIST Special Publication 800-78-3 Title: Cryptographic Algorithms and Key Sizes for Personal Identity Verification Author(s): W. Timothy Polk, Donna F. Dodson, William E. Burr, Hildegard Ferraiolo, David Cooper Publication Date(s): December 2010 URL/DOI: http://dx.doi.org/10.6028/NIST.SP.800-78-3 Additional Information (if applicable) Contact: Computer Security Division (Information Technology Lab) Latest revision of the SP 800-78-4 (as of August 7, 2015) attached publication: Related information: http://csrc.nist.gov/groups/SNS/piv/ Withdrawal N/A announcement (link): Date updated: ƵŐƵƐƚϳ, 2015 NIST Special Publication 800-78-2 Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William. E. Burr I N F O R M A T I O N S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD, 20899-8930 February 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Dr.
    [Show full text]
  • Outline Block Ciphers
    Block Ciphers: DES, AES Guevara Noubir http://www.ccs.neu.edu/home/noubir/Courses/CSG252/F04 Textbook: —Cryptography: Theory and Applications“, Douglas Stinson, Chapman & Hall/CRC Press, 2002 Reading: Chapter 3 Outline n Substitution-Permutation Networks n Linear Cryptanalysis n Differential Cryptanalysis n DES n AES n Modes of Operation CSG252 Classical Cryptography 2 Block Ciphers n Typical design approach: n Product cipher: substitutions and permutations n Leading to a non-idempotent cipher n Iteration: n Nr: number of rounds → 1 2 Nr n Key schedule: k k , k , …, k , n Subkeys derived according to publicly known algorithm i n w : state n Round function r r-1 r n w = g(w , k ) 0 n w : plaintext x n Required property of g: ? n Encryption and Decryption sequence CSG252 Classical Cryptography 3 1 SPN: Substitution Permutation Networks n SPN: special type of iterated cipher (w/ small change) n Block length: l x m n x = x(1) || x(2) || … || x(m) n x(i) = (x(i-1)l+1, …, xil) n Components: π l → l n Substitution cipher s: {0, 1} {0, 1} π → n Permutation cipher (S-box) P: {1, …, lm} {1, …, lm} n Outline: n Iterate Nr times: m substitutions; 1 permutation; ⊕ sub-key; n Definition of SPN cryptosytems: n P = ?; C = ?; K ⊆ ?; n Algorithm: n Designed to allow decryption using the same algorithm n What are the parameters of the decryption algorithm? CSG252 Classical Cryptography 4 SPN: Example n l = m = 4; Nr = 4; n Key schedule: n k: (k1, …, k32) 32 bits r n k : (k4r-3, …, k4r+12) z 0 1 2 3 4 5 6 7 8 9 A B C D E F π S(z) E 4 D 1 2 F B 8 3 A 6 C
    [Show full text]
  • The Whirlpool Secure Hash Function
    Cryptologia, 30:55–67, 2006 Copyright Taylor & Francis Group, LLC ISSN: 0161-1194 print DOI: 10.1080/01611190500380090 The Whirlpool Secure Hash Function WILLIAM STALLINGS Abstract In this paper, we describe Whirlpool, which is a block-cipher-based secure hash function. Whirlpool produces a hash code of 512 bits for an input message of maximum length less than 2256 bits. The underlying block cipher, based on the Advanced Encryption Standard (AES), takes a 512-bit key and oper- ates on 512-bit blocks of plaintext. Whirlpool has been endorsed by NESSIE (New European Schemes for Signatures, Integrity, and Encryption), which is a European Union-sponsored effort to put forward a portfolio of strong crypto- graphic primitives of various types. Keywords advanced encryption standard, block cipher, hash function, sym- metric cipher, Whirlpool Introduction In this paper, we examine the hash function Whirlpool [1]. Whirlpool was developed by Vincent Rijmen, a Belgian who is co-inventor of Rijndael, adopted as the Advanced Encryption Standard (AES); and by Paulo Barreto, a Brazilian crypto- grapher. Whirlpool is one of only two hash functions endorsed by NESSIE (New European Schemes for Signatures, Integrity, and Encryption) [13].1 The NESSIE project is a European Union-sponsored effort to put forward a portfolio of strong cryptographic primitives of various types, including block ciphers, symmetric ciphers, hash functions, and message authentication codes. Background An essential element of most digital signature and message authentication schemes is a hash function. A hash function accepts a variable-size message M as input and pro- duces a fixed-size hash code HðMÞ, sometimes called a message digest, as output.
    [Show full text]
  • Selecting Cryptographic Key Sizes
    J. Cryptology (2001) 14: 255–293 DOI: 10.1007/s00145-001-0009-4 © 2001 International Association for Cryptologic Research Selecting Cryptographic Key Sizes Arjen K. Lenstra Citibank, N.A., 1 North Gate Road, Mendham, NJ 07945-3104, U.S.A. [email protected] and Technische Universiteit Eindhoven Eric R. Verheul PricewaterhouseCoopers, GRMS Crypto Group, Goudsbloemstraat 14, 5644 KE Eindhoven, The Netherlands eric.verheul@[nl.pwcglobal.com, pobox.com] Communicated by Andrew Odlyzko Received September 1999 and revised February 2001 Online publication 14 August 2001 Abstract. In this article we offer guidelines for the determination of key sizes for symmetric cryptosystems, RSA, and discrete logarithm-based cryptosystems both over finite fields and over groups of elliptic curves over prime fields. Our recommendations are based on a set of explicitly formulated parameter settings, combined with existing data points about the cryptosystems. Key words. Symmetric key length, Public key length, RSA, ElGamal, Elliptic curve cryptography, Moore’s law. 1. Introduction 1.1. The Purpose of This Paper Cryptography is one of the most important tools that enable e-commerce because cryp- tography makes it possible to protect electronic information. The effectiveness of this protection depends on a variety of mostly unrelated issues such as cryptographic key size, protocol design, and password selection. Each of these issues is equally important: if a key is too small, or if a protocol is badly designed or incorrectly used, or if a pass- word is poorly selected or protected, then the protection fails and improper access can be gained. In this article we give some guidelines for the determination of cryptographic key sizes.
    [Show full text]
  • Block Cipher and Data Encryption Standard (DES)
    Block Cipher and Data Encryption Standard (DES) 2021.03.09 Presented by: Mikail Mohammed Salim Professor 박종혁 Cryptography and Information Security 1 Block Cipher and Data Encryption Standard (DES) Contents • What is Block Cipher? • Padding in Block Cipher • Ideal Block Cipher • What is DES? • DES- Key Discarding Process • Des- 16 rounds of Encryption • How secure is DES? 2 Block Cipher and Data Encryption Standard (DES) What is Block Cipher? • An encryption technique that applies an algorithm with parameters to encrypt blocks of text. • Each plaintext block has an equal length of ciphertext block. • Each output block is the same size as the input block, the block being transformed by the key. • Block size range from 64 -128 bits and process the plaintext in blocks of 64 or 128 bits. • Several bits of information is encrypted with each block. Longer messages are encoded by invoking the cipher repeatedly. 3 Block Cipher and Data Encryption Standard (DES) What is Block Cipher? • Each message (p) grouped in blocks is encrypted (enc) using a key (k) into a Ciphertext (c). Therefore, 푐 = 푒푛푐푘(푝) • The recipient requires the same k to decrypt (dec) the p. Therefore, 푝 = 푑푒푐푘(푐) 4 Block Cipher and Data Encryption Standard (DES) Padding in Block Cipher • Block ciphers process blocks of fixed sizes, such as 64 or 128 bits. The length of plaintexts is mostly not a multiple of the block size. • A 150-bit plaintext provides two blocks of 64 bits each with third block of remaining 22 bits. • The last block of bits needs to be padded up with redundant information so that the length of the final block equal to block size of the scheme.
    [Show full text]
  • (Advance Encryption Scheme (AES)) and Multicrypt Encryption Scheme
    International Journal of Scientific and Research Publications, Volume 2, Issue 4, April 2012 1 ISSN 2250-3153 Analysis of comparison between Single Encryption (Advance Encryption Scheme (AES)) and Multicrypt Encryption Scheme Vibha Verma, Mr. Avinash Dhole Computer Science & Engineering, Raipur Institute of Technology, Raipur, Chhattisgarh, India [email protected], [email protected] Abstract- Advanced Encryption Standard (AES) is a suggested a couple of changes, which Rivest incorporated. After specification for the encryption of electronic data. It supersedes further negotiations, the cipher was approved for export in 1989. DES. The algorithm described by AES is a symmetric-key Along with RC4, RC2 with a 40-bit key size was treated algorithm, meaning the same key is used for both encrypting and favourably under US export regulations for cryptography. decrypting the data. Multicrypt is a scheme that allows for the Initially, the details of the algorithm were kept secret — encryption of any file or files. The scheme offers various private- proprietary to RSA Security — but on 29th January, 1996, source key encryption algorithms, such as DES, 3DES, RC2, and AES. code for RC2 was anonymously posted to the Internet on the AES (Advanced Encryption Standard) is the strongest encryption Usenet forum, sci.crypt. Mentions of CodeView and SoftICE and is used in various financial and public institutions where (popular debuggers) suggest that it had been reverse engineered. confidential, private information is important. A similar disclosure had occurred earlier with RC4. RC2 is a 64-bit block cipher with a variable size key. Its 18 Index Terms- AES, Multycrypt, Cryptography, Networking, rounds are arranged as a source-heavy Feistel network, with 16 Encryption, DES, 3DES, RC2 rounds of one type (MIXING) punctuated by two rounds of another type (MASHING).
    [Show full text]
  • Data Encryption Standard (DES)
    6 Data Encryption Standard (DES) Objectives In this chapter, we discuss the Data Encryption Standard (DES), the modern symmetric-key block cipher. The following are our main objectives for this chapter: + To review a short history of DES + To defi ne the basic structure of DES + To describe the details of building elements of DES + To describe the round keys generation process + To analyze DES he emphasis is on how DES uses a Feistel cipher to achieve confusion and diffusion of bits from the Tplaintext to the ciphertext. 6.1 INTRODUCTION The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National Institute of Standards and Technology (NIST). 6.1.1 History In 1973, NIST published a request for proposals for a national symmetric-key cryptosystem. A proposal from IBM, a modifi cation of a project called Lucifer, was accepted as DES. DES was published in the Federal Register in March 1975 as a draft of the Federal Information Processing Standard (FIPS). After the publication, the draft was criticized severely for two reasons. First, critics questioned the small key length (only 56 bits), which could make the cipher vulnerable to brute-force attack. Second, critics were concerned about some hidden design behind the internal structure of DES. They were suspicious that some part of the structure (the S-boxes) may have some hidden trapdoor that would allow the National Security Agency (NSA) to decrypt the messages without the need for the key. Later IBM designers mentioned that the internal structure was designed to prevent differential cryptanalysis.
    [Show full text]
  • What Is the Effective Key Length for a Block Cipher
    What is the Effective Key Length for a Block Cipher: an Attack on Every Block Cipher Jialin Huang and Xuejia Lai Shanghai Jiaotong University Abstract. Recently, several important block ciphers are considered to be broken by the bruteforce-like cryptanalysis, with a time complexity faster than exhaustive key search by going over the entire key space but performing less than a full encryption for each possible key. Motivated by this observation, we describe a meet-in-the-middle attack that can always be successfully mounted against any practical block ciphers with success probability one. The data complexity of this attack is the smallest according to the unicity distance. The time complexity can be written as 2k(1 − ) where > 0 for all block ciphers. Previously, the security bound that is commonly accepted is the length k of the given master key. From our result we point out that actually this k-bit security is always overestimated and can never be reached due to the inevitable key bits loss. No amount of clever design can prevent it, but increments of the number of rounds can reduce this key loss as much as possible. We give more insight in the problem of the upper bound of effective key bits in block ciphers, and show a more accurate bound. A suggestion about the relation between the key size and block size is given. That is, when the number of rounds is fixed, it is better to take a key size equal to the block size. Moreover, effective key bits of many well-known block ciphers are calculated and analyzed, which also confirm their lower security margin than thought before.
    [Show full text]