Data Encryption Standard (DES)

Encryption Algorithms

We will be looking at 3 industrial-strength encryption algorithms. The first encryption algorithm is called DES for data encryption standard. This standard was designed to encipher sensitive but non-classified data. It is bit oriented and uses both transposition and substitution. It is sometimes referred to as a product cipher. Its input, output, and encryption key are each 64 bits long. The set of 64 bits are referred to as blocks. This is a symmetric key encryption method.

Data Encryption Standard (DES)

In 1972 the National Bureau of Standards issued an RFP (Request for Proposal) with the following criteria:

1. able to provide a high level of security.

2. specified and easy to understand

3. publishable so that security does not depend on the secrecy of the algorithm

4. available to all users

5. adoptable for use in diverse applications

6. economical to implement in electronic devices

7. efficient to use

8. able to be validated

9. exportable

The Bureau received no responses. It re-issued the RPF in 1974. IBM responded with the Lucifer Algorithm. Lucifer uses only simple logical operations on relatively small quantities. The algorithm was implemented fairly efficiently in both hardware and software on conventional computers of that time period. The characteristics of the algorithm are:

Product Cipher - Both transposition & Substitution

Worked on 64 bit chunks at a time, really 56 bits

16 keys, fixed 56 bit keys

16 iteration of encryption

The graphic below indicates how one iteration of the algorithm works.

Advanced Encryption Standard

The AES (Advanced Encryption Standard) was put forward in 1997. It has yet to stand the test of time, but is likely to be the commercial-grade symmetric algorithm of choice for years if not decades. The requirements for the algorithm were

1. unclassified

2. publicly disclosed

3. available royalty-free for use worldwide

4. symmetric block cipher algorithm, for blocks of 128 bits

5. usable with key sizes of 128, 192, & 256 bits

In 1999 the selected algorithm, submitted by two Dutch cryptographers (Rijmen and Daemen), was adopted in 1999. The characteristics of the algorithm are

1. Substitution

2. Transposition

3. Shift

4. Exclusive Or

5. Additions

The algorithm’s operation is based on the length of the key that is used. 9, 11, or 13 cycles for keys of 128, 192, or 256 bits, respectively, determine the algorithm’s operation.

Each cycle of the algorithm consists of

1. Byte substitution This is a confusion set that substitutes each byte of a 128-bit block according to a substitution table. This is similar to the DES algorithm.

2. Shift row This is a another confusion step that is implemented as a transposition step. Basically, row n is shifted left circular (n-1) bytes.

3. Mix column This operation provides confusion and diffusion. The step involves shifting left and exclusive-ORing bits with themselves.

4. add subkey This operation provides confusion and incorporates the key. In this step a portion of the key unique to this cycle is exclusively-ORed with the cycle results

The graphic below depicts the algorithm.

The following table compares DES and AES.

DES AES

Date 1976 1999

Block Size 64 bits 128 bits

Key Length 56 bits (effective length) 128, 192, 256 (possible more) bits

Encryption Substitution, Permutation Substitution, Shift, Bit Mixing Primitives

Cryptographic Confusion, Diffusion Confusion, Diffusion Primitives

Design Open Open

Design Rationale Closed Open

Selection Secret Secret, but accepted open public comment Process

Source IBM, enhanced by NSA Independent Dutch cryptographers

RSA (Rivest – Shamir – Adelman) Encryption

The Rivest-Shamir-Adelman (RSA) cryptosystem is a public key system. This algorithm was first introduced in 1978 and to date remains secure. It has been subject to extensive cryptanalysis, and no serious flaws have been found. The RSA encryption algorithm combines results from number theory, specifically mathematics properties of prime factors of numbers. The two keys in RSA, d and e, are used for decryption and encryption respectively. The algorithm is described below.

Exponentiation Cipher

Choose 2 large prime numbers p and q

N = p q

Φ(n) = # of numbers less than n with no factors in common with n e.g. n = 10 1, 2, 3, 4, 5, 6, 7, 8, 9

Φ(10) = 4

Chose an integer e < n that is relatively prime to Φ(n)

Find a second integer d e d mod Φ(n) = 1

The public key is ( e, n ), and the private key is d. e.g.

p = 7 q = 3

n = 21 Φ(n) = (p – 1) ( q – 1)

Φ(n) = 12

1, 21, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20

Choose 11

e = 11

11 d mod 12 = 1

d = 11

Note: This is not a good example because we are using very small integers.

Let m be a message

c = me mod n

m = cd mod n e.g. p = 7 q = 11

n = 77

Φ(n) = 60

choose 17 as the public key

17 d mod 60 = 1

d = 53 private key

have to go through list until above is true

Questions such as are we guaranteed to find at least 1 d? is there more than one d? All beyond the scope of this course…..

e.g. H E L L O  W O R L D

Note: Bob encrypts using the public key and Alice decrypts using the private key

Bob Encrypts:

Plain Text: 07 04 11 11 14 26 22 14 17 11 03

Cipher Text: 717 mod 77 = 28

417 mod 77 = 16

1117 mod 77 = 44

Cipher Text: 28 16 44 44 …… encrypt using the public key

Alice Decrypts:

Using the Cipher Text: 28 16 44 44 42 38 42 19 44 75

Plain Text: 2853 mod 77 = 7

1653 mod 77 = 4

4453 mod 77 = 11

Plain Text: 7 4 11 11 14 26 22 14 17 11 3