data encryption and block ciphers

1. CHAPTer 3
BLOCK CIPHERS & DATA
ENCRYPTION STANDARD
1

2. STREAM CIPHERS vs BLOCK
CIPHERS
 Stream cipher encrypts digital data one bit
or byte at a time
 Eg: vigenere cipher
 Block cipher encrypts a block of plaintext to
produce cipher text block of same length
 Block size of 64 or 128 is used
2

3. 3
 operates on n bits to produce a
ciphertext of n bits
So 2
n
possible different plaintext blocks
& each must produce unique ciphertext
 such transformation is reversible or
nonsingular
Otherwise it is irreversible

4. 4
Reversible Irreversible
Plaintext ciphertext Plaintext ciphertext
00 11 00 11
01 10 01 10
10 00 10 01
11 01 11 01
A cipher text 01 produced by one of the two
possibilities

5. Ideal Block Cipher
5

6.  If a small block size such as n=4 is used then
the system is equivalent to classical
substitution cipher.
 Such a system is vulnerable to statistical
analysis of plaintext
 If n is sufficiently large and an arbitarily
reversible substitution b/w plaintext &
ciphertext is allowed then the statistical
characteristics of plaintext can be masked. 6

7. Modern Block Ciphers
 one of the most widely used types of
cryptographic algorithms
 provide secrecy /authentication services
 focus on DES (Data Encryption Standard)
7

8. Block Cipher Principles
 most symmetric block ciphers are based on
a Feistel Cipher Structure
 block ciphers look like an extremely large
substitution
 would need table of 264 entries for a 64-bit
block
8

9. FIESTEL CIPHER
 Substitution ciphers can be approximated
using product cipher which is performing of 2
or more basic ciphers in sequence
 This results in cryptographically stronger
cipher
 Fiestel proposed a cipher that alternates
substitutions & permutations 9

10. 10
 it is the practical application of proposal
by Claud Shanan to produce a cipher that
alternates confusion & diffusion functions

11. Claude Shannon and Substitution-
Permutation Ciphers
 Claude Shannon introduced idea of substitution-
permutation (S-P) networks in 1949 paper
 form basis of modern block ciphers
 S-P nets are based on the two primitive cryptographic
operations :
 substitution (S-box)
 permutation (P-box)
 provide confusion & diffusion of message & key
11

12. Confusion and Diffusion
 Shannon suggests 2 methods for frustrating
statistical cryptanalysis by combining S & P
elements to obtain:
 diffusion – dissipates statistical structure of
plaintext over bulk of ciphertext. Achieved by
having each plaintext digit affect the value of
many ciphertext digits
12

13. 13
Eg: encrypt a msg M=m1,m2,…………of
characters with an averaging operation
That is adding k successive letters to
get a ciphertext
confusion – makes relationship
between statistics of ciphertext and
value of encryption key as complex as
possible

14. Feistel Cipher Structure
 Horst Feistel devised the feistel cipher
 based on concept of invertible
product cipher
 Inputs are
 Plaintext block of length 2w
 Key K
14

15. 15
 partitions input block into two halves
L0 & R0
 Two halves pass through n rounds of
processing & then combine to
produce ciphertext block
 Each round i has inputs Li-1
& Ri-1
derived from previous round as well
as subkey Ki
derived from key K

16. 16
Each subkey Ki are different from K &
from each other.
All rounds have same structure
A substituiton is performed on left
half of data
This is done by applying a round
function on right half of data & then
taking XOR of o/p of that function & left
half of data

17. 17
The round function has same structure
for each round but is parametrized by
round subkey Ki
Following this substitution a
permutation is done
Consists of interchange of 2 halves of
data

18. 18

19. Feistel Cipher Design Elements
 block size –larger block size means greater
security but reduce encryption decryption
speed. Block size of 64 bits used.AES uses
128 bit block
 key size – larger key size offers greater
security but decrease encryption/
decryption speed. key size of 64 bits or less
is inadequate and 128 bits is common size
19

20. 20
number of rounds : single round offers
inadequate security. usually 16 rounds used
 subkey generation algorithm: greater
complexity leads to greater difficulty in
cryptanalysis
 round function : greater complexity
leads to greater difficulty in cryptanalysis

21. 21
 fast software en/decryption
Usually encryption embedded
in applications/utility functions so as
to avoid h/w implementation. Thus
speed is a concern
 ease of analysis
if algorithm can be concisely &
clearly explained it is easier to analyze
against cryptanalysis

22. 22

23. 23

24. 24
 Encryption process given by
 LE16=RE15
 RE16=LE15  F(RE15,K16)
 decryption process is given by
 LD1=RD0=LE16=RE15
 RD1=LD0  F(RD0,K16)

25. 25
 decryption process
 Ciphertext is used as input
 But subkeys is used in
reverse order
ie, Kn is used in first
order
 Decryption is given by
 LD1=RD0=LE16=RE15
 RD1=LD0  F(RD0,K16)

26. 26
=RE16 F( RE15, K16)
=[LE15  F(RE15,K16) ]  F(RE15,K16)
XOR has the following properties
[A X B] X C=A X [ B X C]

27. Data Encryption Standard (DES)
 most widely used block cipher in world
 adopted in 1977 by NBS (now NIST)
 as FIPS PUB 46
 encrypts 64-bit data using 56-bit key to
produce 64 bit block cipher
 has widespread use
 has been considerable controversy over its
security 27

28. DES History
 IBM developed Lucifer cipher
 by team led by Feistel in late 1960’s
 used 64-bit data blocks with 128-bit key
 then redeveloped as a marketable commercial
cipher that could be implemented on a chip
 in 1973 NBS issued request for proposals for a
national cipher standard
 IBM submitted their revised Lucifer which was
eventually accepted as the DES
28

29. DES Design Controversy
 although DES standard is public
 was considerable controversy over design
 in choice of 56-bit key (vs Lucifer 128-
bit)so prone to brute force attack
 design criteria for the internal structure
of S boxes in DES. The users were not
sure that the internal structure of DES
were free of hidden weak points.
29

30. 30
 subsequent events and public analysis
show in fact design was appropriate &
had a strong internal structure
 use of DES has flourished
 especially in financial applications
 still standardised for legacy
application use

31. DES Encryption Overview
31

32. 32
 There are two inputs
 Plaintext to be encrypted(64 bits)
 The key(56 bits)
 Processing proceeds in 3 phases
 64 bit plaintext passes through
initial permutation(IP) that
rearranges the bits to produce
permutted o/p

33. 33
 This is followed by a phase
consisting of 16 rounds of the
same function which invoves both
substituton & permutation
 The o/p of the last round consists
of 64 bits that are a function of i/p
text & key
 The left & right halves of o/p are
swapped to produce preoutput

34. 34
 Finally the preoutput is passed
through a permutation(IP
-1
) that is
the reverse of initial permutation
to produce 64 bit ciphertext

35. 35
 Key Generation
• Initially key is passed through a
permutation function
• for each round a subkey Ki is
produced by combination of left
circular shift & a permutation
• Permutation function is same for
each round but different key is
produced for each round because
of repeated shifts of the key bits

36. Initial Permutation IP
 Initial permutation and final permutation
are defined by tables
 The input to the table consists of 64 bits
numbered from 1 to 64
 Each entry in the table indicates the
position of numbered i/p bit in the o/p
which also consists of 64 bits. This is the
first step of the data computation
36

37. Initial and final permutation Tables

38. DES Round Structure
 uses two 32-bit L & R halves
 as for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1  F(Ri–1, Ki)
 F takes 32-bit R half and 48-bit subkey:
 expands R to 48-bits using a table that
defines permutation + expansion which
involves duplication of 16 of the R bits 38

39. 39
 Resulting 48 bits are XORed with
key Ki
 This 48 bits passes through
substitution function (8 S-boxes) to
get 32-bit result
 finally the 32 bit o/p from the 8 S-
boxes is permuted using 32-bit perm
P

40. 40

41. CALCULATION OF F(R,K)
41

42. EXPANSION P-BOX
42

43. Substitution Boxes S
 have eight S-boxes which accepts 6 bits as
input & produces 4 bits as output
 The first & last bits of the input to box Si
form a 2 bit binary number to select one of
four substitutions defined by 4 rows in the
table Si
 The middle 4 bits select one of the 16
columns
43

44. 44
 The decimal value in the cell selected
by the row & column is then converted
to its 4 bit representation to produce
output
 Eg: for 011001 the row is 01(row 1) &
column is 1100(column 12)
The value in row 1 column 12 is 9,
so the output is 1001

45. S-BOX 1
45

46. DES Key GENERATION
 64 bit key is used as input to the algorithm
 The bits of the key are numbered 1 through 64. Every
eighth bit is ignored to generate a 56 bit key.
 Subkeys used in each round are generated from the
key K
 initial permutation of the key (PC1) which selects
56-bits
 The resulting 56 bit key is treated in two 28-bit
halves
46

47.  16 stages consisting of:
• rotating each half separately either 1 or
2 places depending on the key rotation
schedule K
• The shifted value acts as input to the next
round as well as to permuted choice PC2
• selecting 24-bits from each half &
permuting them by PC2 for use in round
function F
47

48. DES Decryption
 Decryption uses same algorithm as encryption
 As with Feistel design, decryption uses the same
algorithm as encryption except that the appliction of
subkeys is reversed (SK16 … SK1)
 IP-1 undoes final FP step of encryption
 1st round with SK16 undoes 16th encrypt round and so
on.................….
 16th round with SK1 undoes 1st encrypt round
 then final FP undoes initial encryption IP
 thus recovering original data value
48

49. Avalanche Effect
 key desirable property of encryption algorithm is
 When there is a small change in either plaintext or key
bit it should results in changing many bits of the
ciphertext
 making attempts to “home-in” by guessing keys
impossible
 DES exhibits strong avalanche effect
49

50. Strength of DES – Key Size
 56-bit keys have 256 = 7.2 x 1016 values
 brute force search looks hard
 recent advances have shown is possible
 in 1997 on Internet in a few months
 in 1998 Electronic Frontier Foundation
announced that it had broken a DES encryption
using a special purpose DES Cracker machine 50

51. Strength of DES – nature of
des algorithm
 Cryptanalysis is possible by exploiting characteristics
of DES algorithm
 Focus has been on 8 S-boxes
 Because design criteria of both S-boxes & algorithm
is not made public there is a suspicion that
cryptanalysis is possible
 Despite this no one has succeeded in discovering the
weakness in S-boxes
51

52. Strength of DES – Timing
Attacks
 Timing attack is one in which information about key
or plaintext is obtained by observing how long it
takes for a given implementation to perform
decryption on various ciphers
 Timing attack exploits the fact that calculations can
take varying times depending on the value of the
inputs to it
52

53. Summary
 have considered:
 block vs stream ciphers
 Feistel cipher design & structure
 DES
• Encryption
• decryption
• Strength
53