Secret Key Cryptography Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 [email protected] These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_04/ Louisiana State University 6- Secret Key Cryptography - 1 CSC4601 F04 Overview Block ciphers Feistel cipher Data Encryption Standard – DES DES – Encryption DES - Decryption Louisiana State University 6- Secret Key Cryptography - 2 CSC4601 F04 Glossary plaintext – message in its original form ciphertext – encrypted message encryption – process of producing ciphertext from plaintext decryption – reverse process breaking encryption scheme – discovering plaintext that matches ciphertext cryptoanalyst, attacker, intruder, bad guy – an entity trying to break encryption Louisiana State University 6- Secret Key Cryptography - 3 CSC4601 F04 Concepts block cipher – encrypts blocks of data (say 64), essentially substituting 64 bit-data block by 64-bit encrypted block we can specify cipher by stating the complete data->encryption, is it possible? can two data blocks map to the same encrypted block? can we map a data block to a smaller (larger) encrypted block? two basic operations for k-bit blocks substitution – for each 2k inputs specify output, impractical for large k permutation – for each bit specifies the output position it gets block encryption usually contains multiple rounds of substituitions and premutations Louisiana State University 6- Secret Key Cryptography - 4 CSC4601 F04 Modern Block Ciphers Will now look at modern block ciphers One of the most widely used types of cryptographic algorithms Provide secrecy and/or authentication services In particular will introduce DES (Data Encryption Standard) Louisiana State University 6- Secret Key Cryptography - 5 CSC4601 F04 Block vs. Stream Ciphers Block ciphers process messages in into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream ciphers process messages a bit or byte at a time when en/decrypting Many current ciphers are block ciphers Hence are focus of course Louisiana State University 6- Secret Key Cryptography - 6 CSC4601 F04 Block Cipher Principles Most symmetric block ciphers are based on a Feistel Cipher Structure Needed since must be able to decrypt ciphertext to recover messages efficiently Block ciphers look like an extremely large substitution Would need table of 264 entries for a 64-bit block Naïve: 264 input values, 64 bits each, total 270 bits to store the mapping Output should look random No correlation between plaintext and ciphertext Bit spreading Instead create from smaller building blocks Using idea of a product cipher Louisiana State University 6- Secret Key Cryptography - 7 CSC4601 F04 Claude Shannon and Substitution- Permutation Ciphers In 1949 Claude Shannon introduced idea of substitution- permutation (S-P) networks modern substitution-transposition product cipher These form the basis of modern block ciphers S-P networks are based on the two primitive cryptographic operations we have seen before: substitution (S-box) permutation (P-box) Provide confusion and diffusion of message Louisiana State University 6- Secret Key Cryptography - 8 CSC4601 F04 Confusion and Diffusion Cipher needs to completely obscure statistical properties of original message A one-time pad does this More practically Shannon suggested combining elements to obtain: diffusion – dissipates statistical structure of plaintext over bulk of ciphertext confusion – makes relationship between ciphertext and key as complex as possible Louisiana State University 6- Secret Key Cryptography - 9 CSC4601 F04 Block Ciphers Substitution: 2k values: k × 2k bits Permutation: change position for each bit: klog2k bits Round: combination of substitution chunks and permutation do often enough so that a bit change can affect every output bit How many rounds? A few but not fewer Louisiana State University 6- Secret Key Cryptography - 10 CSC4601 F04 Feistel Cipher Structure Horst Feistel devised the feistel cipher based on concept of invertible product cipher Partitions input block into two halves process through multiple rounds which perform a substitution on left data half based on round function of right half & subkey then have permutation swapping halves Implements Shannon’s substitution-permutation network concept Louisiana State University 6- Secret Key Cryptography - 11 CSC4601 F04 Feistel Cipher Structure Louisiana State University 6- Secret Key Cryptography - 12 CSC4601 F04 Feistel Cipher Design Principles block size increasing size improves security, but slows cipher key size increasing size improves security, makes exhaustive key searching harder, but may slow cipher number of rounds increasing number improves security, but slows cipher subkey generation greater complexity can make analysis harder, but slows cipher round function greater complexity can make analysis harder, but slows cipher fast software en/decryption & ease of analysis are more recent concerns for practical use and testing Louisiana State University 6- Secret Key Cryptography - 13 CSC4601 F04 Feistel Cipher Decryption Louisiana State University 6- Secret Key Cryptography - 14 CSC4601 F04 Data Encryption Standard (DES) Convert block to another: one-to-one Most widely used block cipher in world Adopted in 1977 by NBS (now NIST) as FIPS PUB 46 Long enough to avoid known-plaintext attack 64 bit nice for RISC Encrypts 64-bit data using 56-bit key Has been considerable controversy over its security Key length: 56bit – 1979, 64bit- 1995, 128bit - ? Louisiana State University 6- Secret Key Cryptography - 15 CSC4601 F04 DES History IBM developed Lucifer cipher by team led by Feistel used 64-bit data blocks with 128-bit key Then redeveloped as a commercial cipher with input from NSA and others In 1973 NBS issued request for proposals for a national cipher standard IBM submitted their revised Lucifer which was eventually accepted as the DES Louisiana State University 6- Secret Key Cryptography - 16 CSC4601 F04 Block Cipher Scheme Encrypt Plaintext Cipher block Secret key block of length N of length N Decrypt Louisiana State University 6- Secret Key Cryptography - 17 CSC4601 F04 DES Design Controversy Although DES standard is public Was considerable controversy over design in choice of 56-bit key (vs Lucifer 128-bit) and because design criteria were classified Subsequent events and public analysis show in fact design was appropriate DES has become widely used, esp in financial applications efficient to implement in hardware, but slow in software the adoption of DES was done without public scrutiny some operations are suspect security value of initial/final permutations is suspect Louisiana State University 6- Secret Key Cryptography - 18 CSC4601 F04 DES (Data Encryption Standard) Published in 1977, standardized in 1979. Key: 64 bit quantity=8-bit parity+56-bit key Every 8th bit is a parity bit. 64 bit input, 64 bit output. 64 bit M 64 bit C DES Encryption 56 bits Louisiana State University 6- Secret Key Cryptography - 19 CSC4601 F04 DES Top View 56-bit Key 64-bit48-bit Input K1 Generate keys Permutation Initial Permutation 48-bit K1 Round 1 48-bit K2 Round 2 …... 48-bit K16 Round 16 Swap Swap 32-bit halves Permutation Final Permutation 64-bit Output Louisiana State University 6- Secret Key Cryptography - 20 CSC4601 F04 Bit Permutation (1-to-1) 1 2 3 4 32 Input: 0 0 1 0……. 1 1 bit Output 1 0 1 1…….. 1 22 6 13 32 3 Louisiana State University 6- Secret Key Cryptography - 21 CSC4601 F04 Bits Expansion (1-to-m) 1 2 3 4 5 32 Input: 0 0 1 0 1……. 1 Output 1 0 0 1 0 1 0 1 …….. 1 0 1 2 3 4 5 6 7 8 48 Louisiana State University 6- Secret Key Cryptography - 22 CSC4601 F04 Initial and Final Permutations Initial permutation (IP) View the input as M: 8(-byte) by 8(-bit) matrix Transform M into M1 in two steps Transpose row x into column (9-x), 0<x<9 Apply permutation on the rows: For even column y, it becomes row y/2 For odd column y, it becomes row (5+y/2) Quite regular in structure (easy in h/w) Example: IP(675a6967 5e5a6b5a) = (ffb2194d 004df6fb) Final permutation FP = IP-1 Louisiana State University 6- Secret Key Cryptography - 23 CSC4601 F04 Initial and Final Permutations Louisiana State University 6- Secret Key Cryptography - 24 CSC4601 F04 Per-Round Key Generation Initial Permutation of DES key C i-1 28 bitsD i-1 28 bits Circular Left Shift Circular Left Shift One round Permutation Round 1,2,9,16: with Discard single shift Others: two bits 48 bits Ki C i 28 bitsD i 28 bits Louisiana State University 6- Secret Key Cryptography - 25 CSC4601 F04 DES Key Schedule Forms subkeys used in each round Consists of: initial permutation of the key which selects 56-bits in two 28-bit halves 16 stages consisting of: selecting 24-bits from each half permuting them by PC2 for use in function f, rotating each half separately either 1 or 2 places depending on the key rotation schedule K Louisiana State University 6- Secret Key Cryptography - 26 CSC4601 F04 Input Key Louisiana State University 6- Secret Key Cryptography - 27 CSC4601 F04 Initial Permutation of Key C0 D0 Louisiana State University 6- Secret Key Cryptography - 28 CSC4601 F04 Permutation with Discard Louisiana State University 6- Secret Key Cryptography - 29 CSC4601 F04 Schedule of Left Shifts Louisiana State University 6- Secret Key Cryptography - 30 CSC4601 F04 A DES Round 32 bits Ln 32 bits Rn E One Round 48 bits Mangler Encryption Function