The general way of
encrypting a 64-bit
block is to take each of the:
264 input values and map it to a unique one of the 264 output values.
This would take (264 )*(64) = 270 bits to store this map. NOT practical.
Secret key cryptographic
take a reasonable length key (e.g., 64 bits) and generate a
mapping that looks, to someone who does not know the key, completely
I.e., any single bit change in the input result in a totally independent random number output.
for k-bit blocks:
Data Encryption Standard (DES):
Key length: 64 bits8 bits are used for parity check,How secure is DES?
why is that? to make it 265 times less secure!
read why 56 bits? section in the textbook.In 1998, $150K machine can break the key in 5 days!Basic Structure of DES: (Fig. 3-2)
For added security triple DES is 256 more secure.
The decryption works by essentially running DES backward (with keys: K16 .. K1).
The Permutation of Data (Fig. 3-3 )
This is not random, see Fig. 3-3 to get IP, and reverse the arrows to get IP-1
In the IP table, bit 1 comes from bit 58, bit 2 comes from bit 50, etc.
The first octet of the input (ABC....H) is distributed over the 8 octets of the output
(A to 5th octet, B to 1st Octet, ... H to 4th octet).
In this Figure:
Bit 58 at position[8,2] --> bit 1 at position [1,1].
Bit 1 at position [1,1] --> bit 40 at position [5,8].
Generating the Per-Round Keys:
- Key-Permutation: (Fig. 3-4) Produces C0 and D0
- Key-Generation: (Fig. 3-5)
8 bits are discarded: 9, 18, 22, 25 from Ci and 35, 38,43, 54 from Di
so that each Ki is 48 bits.
A DES Round: (Fig. 3-6)
Why decryption works?
- The output of the Mangler Function (M) is the same for both encryption and decryption.
- In encryption: M ® Ln = Rn+1
- In decryption: M ® Rn+1 = M ® ( M ® Ln ) = Ln
- Expands R from 32 bit to 48 bits as shown in Fig3-7:It breaks R into eight 4-bit chunks and expand each to 6-bit by concatenating the adjacent 2 bits. Let CRi refer to chunk i of expanded R.
- The 48-bit K is broken to eight 6-bit chunks. Let CKi refer to chunk i of K.
- Let Si = CRi ® CKi
- Si is fed into an S-box, a substitution which produces a 4-bit output for each possible 6-bit input as shown in Figure 3-8 ( i.e., 4 input mapped to 1 output).
- The 8 S-boxes specified in Fig. 3-9 to 3-16:
- The 4-bit output of each of the eight S-boxes is permuted as shown in Fig. 3-17(to ensure that the output of an S-box in one round affects the input of multiple S-boxes on the next round):
What's So Special about DES?
Are they random?. no one knows.
Playing around with the S-boxes can be dangerous!
Fig. 3-18 shows the basic Structure of IDEA:
a ® K =
» A ® K =
since (a ® K) ® K = a
a + K = A » A + (-K) = a since (a + K) + (-K) = a
a x K = A » A x (K-1) = a since (a x K) x (K-1) = a
Total of 17 rounds, odd: 1, 3, ...17 & even 2, 4, .., 16
How it is reversed?
From Figure 3-22 we have:
X'a ® X'b = (Xa ® Yout ) ® (Xb ® Yout)
= Xa ® Xb
I.e, Yin is the same if we use (Xa , Xb) or (X'a , X'b)
Similarly, Zin the the same if we use (Xc , Xd) or (X'c , X'd)
Thus Yout and Zout are the same in both encryption and decryption.
Therefore, since we know
Zout we can get:
K1 K2 K3 K4 K5 K6 K7 K8 ......
(K49)-1 -(K50) -(K51) (K52)-1 K47 K48 (K43)-1 -(K44) ....
Advanced Encryption Standard (AES):
Developed with the help of NIST as an efficient, flexible, secure and
unencumbered (free to implement) standard for protecting
sensitive non classified, U.S. government information.
NIST selected an algorithm called Rijndael (named after two Belgium cryptographers).
It uses a variety of block and key sizes (mainly 128, 192 and 256)
and the standards are named: AES-128, AES-192, AES-256!
(block sizes are fixed in all to 128 bits).
It is similar to DES and IDEA in that there is rounds and key expansion.
Encrypting a Large Massage
Electronic Code Book (ECB):
Break the message into
(padding the last one) and
encrypt each block with the secret key.
See Figure Fig. 4-5 & Fig 4-6:
chosen IV (Initialization Vector)
Two identical plain messages produces two different cipher messages.
(e.g., continue holding, continue holding, ....., start attach)
This prevents Chosen plain text attach
You can modify the contents of one cipher block to make the plain text of next block as you wish, however the preceding plain text block will be garbled, as shown:
Thus if cn is
garbled then mn will be completely garbed.
Only the same portion of mn+1 as what was changed in cn will be changed.
This can be solved by
a CRC to the plain text before encryption.
Output Feedback Mode (OFB):
It is a stream cipher,
is performed by ®ing the message with one-time pad generated as
Major advantages of OFB:
Major disadvantages of
To solve the last
we use CFB below, where if one block is lost,
only the next block is garbled and the rest of the blocks will decrypt properly.
See Fig. 4-10 , CTR have the following advantages:
A secret key system can be
to generate a cryptographic checksum
MAC (message authentication code) or MIC (message integrity code).
Send Plain text +
(see Fig. 4-11)
The receiver computes the CBC residue from the plain text
and compare it with the received CBC residue.
Multiple Encryption DES