Transcript No Slide Title

DES
• The Data Encryption Standard (DES) is a
classic symmetric block cipher algorithm.
• DES was developed in the 1970’s as a US
government standard
• The block size is 64 bits and the ciphertext
block size is 64 bits.
• The key size is 56 bits.
1
The key is used to generate 16 subkeys Ki
each of length 48 bits.
The following is then performed 16 times:
1. The block is split into two halves Li and Ri
2. The left half of the output at the next round
is the right half of the previous round
but
the right half is the left half XORed by a
function with the right half and the
corresponding key Ki.
2
We have
Li+1 = Ri
Ri+1 = Li  F(Ki,Ri)
Where F is a function specified in the DES
protocol.
Decryption is the reverse of encryption
since
Ri = Li+1
Li = Ri+1  F(Ki,Ri)
3
Strengths of DES
• Even if you have the plaintext and
ciphertext, it seems difficult to get the key.
• Altering 1 bit of the plaintext block alters
about half of the bits of the ciphertext block.
• The functions are a mixture of different
mathematical structures with no apparent
shortcut.
• DES is tried and tested.
4
Weaknesses of DES
• Although secure when it was designed in
1977, the key size of 56 bits is now too
small. It is feasible these days to
exhaustively search a key space of size 256.
• Linear and differential cryptanalysis can be
used to improve the search time.
• Nobody can prove that DES is secure.
5
Triple DES
• One way to improve the security of DES is
to increase the key size. This is done by
using a variation called triple DES.
• We have 3 DES keys K1,K2 and K3.
• First Alice encrypts the message M with key
K1 to get C, she then decrypts C with key
K2 to get M’, finally she encrypts M’ with
key K3 to get C’ which she sends to Bob.
6
• Bob also has the 3 keys K1,K2 and K3. and
he receives ciphertext C’ from Alice.
• Bob decrypts C’ using key K3 to get M’, he
then encrypts M’ using key K2 to get C and
finally Bob decrypts C using key K1 to get
the original message M.
• The key size is now 3*56 = 168 bits which
is long enough to defeat exhaustive key
search attacks with current technology. The
block size remains unchanged.
7
AES
In 1997, NIST (National Institute of
Standards and Technologies) issued a call
for a new Advanced Encryption Standard
(AES). NIST were looking for a block
cipher algorithm to replace DES.
Proposed algorithms were evaluated for
security, computational efficiency, memory
requirements, software suitability and
flexibility.
8
Rijndael
• The winner of the AES, announced in 2000
was an algorithm called Rijndael which was
designed Vincent Rijmen and Joan Daemen.
• A European project called NESSIE (New
European Standards for Security, Integrity
and Encryption) also recommends Rijndael
in the block cipher category.
9
Rijndael
• The length of the key is either 128, 192 or
256 bits depending on the security required.
• The number of rounds is either 10, 12 or 14
depending respectively on the key length.
• A subkey is generated for each round.
• A round consists of substitutions,
permutations and multiplications.
10
• Where Rijndael is different from DES is
that it considers the data as polynomials
with co-efficients being either 0 or 1.
• This means that it is possible to write a
Rijndael encryption as a algebraic formula.
11
Strengths and Weaknesses
• Flexibility - different
• Because it is relatively
key lengths and
new, it has not been
different block sizes
studied in as much
can be used.
detail as other older
block ciphers.
• Efficient
• Requires little memory • The mathematical
structure
might
prove
• Can be implemented
to be a weakness (or
in hardware as well as
maybe not!?)
software
12
Modes of Operation
a) Electronic codebook (ECB)
b) Cipher Block Chaining (CBC)
c) Output Feedback (OFB)
A block cipher used in a mode other than
ECB can be used as the keystream generator
for a stream cipher.
13