Block Ciphers after DES

Download Report

Transcript Block Ciphers after DES

Cryptography
Block Ciphers after DES
Anita Jones
CS451 Information Security
Copyright(C) Anita Jones
9/06
What’s next -- after DES?
What’s the alternative, now that the 56 bit
key is broken?
triple DES
an entirely new cipher
9/06
Triple DES
put multiple DES units in parallel, i.e.

C = EK3(EK2(EK1 (p)))
it’s stronger & there is no K4 such
that C = EK4(p) !
why triple? ….. to avoid the “meet in
the middle” attack
9/06
Meet in the middle attack
assume two adjacent block ciphers (e.g.
double DES)

C = EK2(EK1 (p))
but

X= EK1(p) = DK2 (C)
so given a known pair, [p, C]
encrypt p with 256 keys & decrypt C with 256 keys
compare to find match; double check
if OK, then you have the two keys
9/06
So, ……….triple DES
………..it is not susceptible to the
“meet in the middle” attack
… because there is no “middle”
9/06
What’s REALLY next
you can view Triple DES as a ‘holding
action”
what is really the next cipher?
9/06
New cipher designs to replace DES
International Data Encryption Algorithm
from Swiss Fed.l Institute of Technology (1990)
symmetric block cipher; 128 bit key
encrypts 64 bit blocks
uses three operations in contrast to DES and
XOR
bitwise exclusive OR
addition of integer modulo 216
multiplication of integers modulo 216 + 1
9/06
New alternatives
Blowfish
symmetric block cipher -- Bruce Schneier (93)
can run in less than 5K of memory
variable key length (32 bits up to 448 bits)
uses 2 primitive operations:
addition (mod 232) & bitwise exclusive OR
op.ns performed on both halves each round
both subkeys and S-boxes are produced by
repeated applications of Blowfish itself
9/06
More new alternatives
RC5 -- symmetric, Ron Rivest (95)
Twofish -- based on Blowfish
CAST-128 (97)
9/06
Characteristics
Modern symmetric block ciphers:
based on Feistel block cipher structure
variable key length
use multiple operators (provides nonlinearity
as alternative to S-boxes); all but Triple DES
use ‘em
data (not key)-dependent rotation in rounds
variable function F – different in different
rounds
operate on both data halves in each round
9/06
Cipher Block Chaining
XOR current plaintext block and the
preceding cipher-text block (using same key)
Deals with repetitive plain-text
9/06
1.Int’l Data Encryption Alg.m (IDEA)
a cipher from Louvain University in Europe,
designed by Xuejia Lia and James Massey
64-bit iterative block cipher with 128-bit key
relies on three incompatible types of
arithmetic operations on 16-bit words
patented in US and Europe
no linear cryptanalytic attacks on IDEA, and
there are no known algebraic weaknesses
in IDEA, i.e. known practical attacks to date
9/06
2. U.S. Adv.d Encryption Standard (AES)
AES is successor to (U.S.-selected) DES
officially adopted for US government work,
but often voluntarily adopted by private
sector
Note: influences hardware development
winning cipher was Rijndael (pronounced
Rhine-doll)
Belgian designers: Joan Daemen & Vincent
Rijmen
adopted by NIST in November, 2001
9/06