BLOCK CIPHER PRINCIPLES STREAM CIPHER • Encrypts a digital data stream 1-bit or 1-byte at a time. BLOCK CIPHER • Encrypts a block of plaintext to produce a ciphertext block of equal length. • A typical block size is 64-bits. • The vast majority of network-based conventional cryptographic applications make use of block ciphers. EXAMPLE Consider 2-bit block 0 1 2 3 0 1 2 3 00 ! 11; 01 ! 10; 10 ! 11; 11 ! 01 BLOCK CIPHER THEORY • It operates on a plaintext block of n-bits and produces a ciphertext block of n-bits. • There are 2n possible different plaintext blocks. • Each plaintext block must produce a unique ciphertext in order to be reversible. EXAMPLE • 4-bit blocks, n = 4. o 24, which is 16 plaintext blocks. o Therefore 16 ciphertext blocks • Fig. 3.4 o The 16 plaintext blocks are 0, 1, 2, 3, 4 …….., 14, 15. o They are (0000), (0001), (0010) …….(1111). • Table 3.1 PRACTICAL PROBLEM • For small block size, example n = 4, the system is equivalent to a classical substitution cipher. • Vulnerable to a statistical analysis of plain text. • 24 = 16 unique mapping between plaintext and cipher text and make possible 4x16 = 64 mappings • For n = 64, 64x264 = 270 = 1021 mappings. • The mapping itself is the KEY. • Therefore, arbitrary reversible substitution cipher for a large block size is not practical. • Having a very large keyspace increase security but produces different difficulty. • Therefore Feistel Cipher is proposed using diffusion and confusion functions. Table 3.1 Encryption and Decryption Tables for Substition Cipher of Figure 3.4 Plaintext Ciphertext Ciphertext Plaintext 0000 1110 0000 1110 0001 0100 0001 0011 0010 1101 0010 0100 0011 0001 0011 1000 0100 0010 0100 0001 0101 1111 0101 1100 0110 1011 0110 1010 0111 1000 0111 1111 1000 0011 1000 0111 1001 1010 1001 1101 1010 0110 1010 1001 1011 1100 1011 0110 1100 0101 1100 1011 1101 1001 1101 0010 1110 0000 1110 0000 1111 0111 1111 0101 BLOCK CIPHER PRINCIPLES DIFFUSION (PLAINTEXT ⇔ CIPHERTEXT) The statistical structure of the plaintext is dissipated (degenerate) into long-range statistics of the ciphertext. This is achieved by each plaintext digit affect the value of many ciphertext digits. An example of diffusion: k = Yn ∑mn+i (mod26) where Yn is the ciphertext and the i=1 message (plaintext) m1, m2, m3, …… In block cipher, diffusion can be achieved by repeatedly performing some permutation on the data followed by applying a function to that permutation. CONFUSION (CIPHERTEXT ⇔ KEY) It makes the relationship between the statistics of the ciphertext and the value of the encryption key as complex as possible. FEISTEL ENCRYPTION Explain Fig. 3.5. Input: o Plaintext block of 2w-bits and a key K. o Divide the plaintext block into halves L0 and R0. o Two halves of the data pass through n (in general 16) rounds of processing. o The combine to produce ciphertext. Plaintext (2w bits) L0 w bits w bits R Round 1 0 K1 F L R 1 • • 1 • • • • Round i Ki F L R i • • i • • • • Round n Kn F Ln Rn Ln+1 Rn+1 Ciphertext (2w bits) Figure 3.5 Classical Feistel Network Substitution: o It is performed on left half of the data. o It is performed using exclusive OR. Round Function: o It is performed on the right half of the data. o It is parameterized by the round subkey Ki. Permutation: o It is performed by the interchange of the two halves of the data. PARAMETERS FOR FEISTEL CIPHER Block size: o Larger block size mean greater security. o Reduces encryption and decryption speed. o Block size of 64-bits is a reasonable tradeoff. Key size: o Larger key size mean greater security. o Reduces encryption/decryption speed. o 64-bits widely considered adequate but 128-bit has become common size. Number of rounds: o Single round offers inadequate security. o Multiple rounds offer increasing security. o A typical size is 16 rounds. Subkey generation algorithm: o Greater complexity in this algorithm should lead to greater difficulty of cryptanalysis. Round function: o Greater complexity means greater resistance to cryptanalysis. Fast software encryption/decryption: Ease of analysis: FEISTEL DECRYPTION Explain Fig. 3.6. Prove: o The same algorithm with a reversed key produces the correct plaintext from the ciphertext which was created by an algorithm and a key. o It means prove: • LDn = RE16-n; RDn = LE16-n Proof: by induction. n = 1: From encryption: LE16 = RE15 RE16 = LE15 ⊕ F(RE15, K16) From decryption: LD1 = RD0 = LE16 = RE15 RD1 = LD0 ⊕ F(RD0, K16) = RE16 ⊕ F(RE15, K16) = (LE15 ⊕ F(RE15, K16)) ⊕ F(RE15, K16) = LE15 ⊕ (F(RE15, K16) ⊕ F(RE15, K16)) = LE15 ⊕ 0 = LE15. That is; LD1 = RE15 RD1 = LE15 Therefore, hypothesis is true for n = 1. Assume, it is true for n=i. LDi = RE16-i RDi = LE16-i Prove it is true for n=i+1: From encryption: LEi = REi-1 i=1 .. 16 REi = LEi-1 ⊕ F(REi-1, Ki) i=1 .. 16 From decryption: LDi+1 = RDi = LE16-i from assumption = RE (16-i)-1 from encryption = RE16-(i+1) RDi+1 = LDi ⊕ F(RDi, K16-i) = RE16-i ⊕ F(LE16-i, K16-i) from assumption = (LE(16-i-1) ⊕ F(RE16-i-1, K16-i)) ⊕ F(RE16-i-1, K16-i) from encryption = LE(16-i-1) = LE16-(i+1) That is: LDi+1 = RE16-(i+1) RDi+1 = LE16-(i+1) Therefore by induction: LDn = RE16-n; RDn = LE16-n Therefore LD16 = RE0 and RD16 = LE0 After switching we get the original plaintext. Output (plaintext) Input (plaintext) RD16 = LE0 LD16 = RE0 LE0 K1 RE0 LD = RE RD = LE 16 0 16 0 F F RE1 K LE1 2 RD15 = LE1 LD15 = RE1 K1 F F LE RE 2 2 LD14 = RE2 RD14 = LE2 K2 LE14 K15 RE14 LD2 = RE14 RD2 = LE14 F F RE K LE 15 16 15 RD1 = LE15 LD1 = RE15 K15 F F LE16 RE16 LD0 = RE16 RD0 = LE16 K16 RE16 LE16 Input (ciphertext) Output (ciphertext) Figure 3.6 Feistel Encryption and Decryption.