Introduction to Modern Symmetric-Key Ciphers 1 OObjectivesbjectives • Review a short history of DES. • Define the basic structure of DES. • List DES alternatives. • Introduce the basic structure of AES. 2 Data Encryption Standard (DES) History • DES is most well known symmetric-key block cipher published by National Institute of Standards and Technology (NIST). • Proposal from IBM. • DES was adopted as a federal standard in 1976 and published as DES in 1977. • It was used widely in the financial industry. • In 1998, NIST issued a call for a new proposal for an algorithm because DES was no longer able to provide adequate cryptographic protection. 3 Data Encryption Standard (DES) Overview • Block size=64 bit It takes a 64 bit plaintext and creates 64 bit ciphertext. • Key= 56 bit The round-key generator create sixteen 48 bit keys out of one 56 bit cipher key. 4 Data Encryption Standard (DES) Encryption Encryption process is made of: • Two permutation - Called initial and final. - Each of these permutation takes a 64 -bit input and permutes them according to a predefined rules. - They are keyless straight permutation per that are the inverse of each other. • 16 Feistel rounds. - Each round uses different round key generated by round key generator. 5 64-bit plaintext DES Initial permutation K 1 Round 1 48 bit K Round 2 2 48 bit 56 bit . generator -Key Cipher key K Round Round Round 16 16 48 bit Final permutation 64-bit ciphertext Figure 6.2: General Structure of DES Ref: http://www.dmst.aueb.gr/dds/secimp/crypto/indexw.htm Data Encryption Standard (DES) Decryption The decryption is essentially the same as encryption. only the key schedule is reversed. This is due to the fact that DES is based on a Feistel network. 8 Data Encryption Standard (DES) Criticism DES was criticized for two reasons: 1. Small key length (only 56 bit) which could make the cipher vulnerable to brute-force attack. 2. Critics were concerned about some hidden design behind the internal structure of DES. 9 DES Alternatives There exists a wealth of other block ciphers. A small collection of as of yet unbroken ciphers is: Algorithm I/O bits Key Lengths Remark AES/Rijndael 128 128/192/256 DES “successor", US federal standard Triple DES 64 112 (effective) • Most conservative choice • It has been adopted by banking industry Mars 128 128/192/256 AES finalist RC6 128 128/192/256 AES finalist Serpent 128 128/192/256 AES finalist Twofish 128 128/192/256 AES finalist IDEA 64 128 patented 10 Advanced Encryption Standard (AES) History • The Advanced Encryption Standard (AES) is a symmetric-key block cipher. • In February 2001, NIST announced that a draft of the Federal Information Processing Standard (FIPS) was available for public review and comment • AES was published as FIPS 1997. the Federal Register in December 2001. • The criteria defined by NIST for selecting AES fall into three areas: security, cost, implementation . 11 Advanced Encryption Standard (AES) Overview • AES is a non-Feistel cipher. • It encrypts and decrypts a data block of 128 bits. • The key size, which can be 128, 192, or 256 bits. • It uses 10 , 12 , or 14 rounds depending on the key size. • The round keys are always 128 bits. 12 Advanced Encryption Standard (AES) Encryption • To provide security, AES use four types of transformations: substitution, permutation, mixing and key adding. • At the encryption side, each round except the last use four transformations that are invertible. • The pre-round transformation uses only one transformation(key adding). • The last round has only three transformation (mixing is missing). 13 Advanced Encryption Standard (AES) Figure 7.1: General design of AES encryption ciphe 14 Advanced Encryption Standard (AES) Decryption • AES is a non-feistel cipher, , which means that each transformation or group of transformation must be invertible. • The order of each transformation is changed in the reverse cipher (the decryption side) • The difference in ordering is needed to make each transformation in the encryption side aligned with its inverse in the decryption side => In this way, operations will cancel the effect of each other. 15 Advanced Encryption Standard (AES) Analysis of AES AES was designed after DES. Most of the known attacks on DES were already tested on AES. For example: • Brute -Force Attack AES is definitely more secure than DES due to the larger-size key. 16 References [1] Ch 6 , Introduction to CRYPTOGRAPHY and NETWORK SECURITY, Behrouz A.Forouzan [2] http://www.box.net/shared/static/76vk1rd49n.pdf 17.