The general way of
encrypting a 64-bit
block is to take each of the:
2^{64}
input values and map it to a unique
one of the 2^{64} output values.
This would take (2^{64}
)*(64) = 2^{70} bits to store this map. NOT
practical.
Secret key cryptographic
systems
take a reasonable length key (e.g., 64 bits) and generate a
one-one
mapping that looks, to someone who does not know the key, completely
random.
I.e., any single
bit change in the input result in a
totally
independent random number output.
Types of
transformation
for k-bit blocks:
Data Encryption Standard (DES):Key length: 64 bits
8 bits are used for parity check,How secure is DES?
why is that? to make it 265 times less secure!
read why 56 bits? section in the textbook.In 1998, $150K machine can break the key in 5 days!Basic Structure of DES: (Fig. 3-2)
For added security triple DES is 2^{56}^{ }more secure.
The decryption works by essentially running DES backward (with keys: K16 .. K1).The Permutation of Data (Fig. 3-3 )
This is not random, see Fig. 3-3 to get IP, and reverse the arrows to get IP^{-1 In the IP table, bit 1 comes from bit 58, bit 2 comes from bit 50, etc. The first octet of the input (ABC....H) is distributed over the 8 octets of the output (A to 5th octet, B to 1st Octet, ... H to 4th octet). }
In this Figure:
Bit 58 at position[8,2] --> bit 1 at position [1,1].
Bit 1 at position [1,1] --> bit 40 at position [5,8].
Generating the Per-Round Keys:
- Key-Permutation: (Fig. 3-4) Produces C_{0 }and D_{0}
_{ }
C0 D0
- Key-Generation: (Fig. 3-5)
8 bits are discarded: 9, 18, 22, 25 from C_{i }and 35, 38,43, 54 from D_{i}
so that each K_{i}_{ } is 48 bits.
A DES Round: (Fig. 3-6)
Why decryption works?
- The output of the Mangler Function (M) is the same for both encryption and decryption.
- In encryption: M ® L_{n} = R_{n+1}
- In decryption: M ® R_{n+1} = M ® ( M ® L_{n }) = L_{n}
- Expands R from 32 bit to 48 bits as shown in Fig3-7:
It breaks R into eight 4-bit chunks and expand each to 6-bit by concatenating the adjacent 2 bits. Let CR_{i }refer to chunk i of expanded R.
- The 48-bit K is broken to eight 6-bit chunks. Let CK_{i }refer to chunk i of K.
- Let S_{i }= CR_{i }® CK_{i}
- S_{i }is fed into an S-box, a substitution which produces a 4-bit output for each possible 6-bit input as shown in Figure 3-8 ( i.e., 4 input mapped to 1 output).
- The 8 S-boxes specified in Fig. 3-9 to 3-16:
- The 4-bit output of each of the eight S-boxes is permuted as shown in Fig. 3-17
(to ensure that the output of an S-box in one round affects the input of multiple S-boxes on the next round):
What's So Special about DES?
The S-boxes!
Are they random?. no one knows.
Playing around with the S-boxes can be dangerous!
Fig. 3-18
shows the basic
Structure of IDEA:
IDEA operations:
a ® K =
A
» A ® K =
a
since (a ® K) ® K = a
a + K =
A
» A + (-K) =
a
since (a + K) + (-K) = a
a x K =
A
» A x (K^{-1}) =
a
since (a x K) x (K^{-1}) = a
Key Expansion:
^{The 128-bit key is
expanded
into 52 16-bit keys: K1, K2 , ....K52.}
^{After generating the first
8 keys (Fig. 3-19),
shift 25 bits and continue the generation (Fig. 3-20).}
Figure 3-20
Rounds:
Total of 17 rounds, odd: 1, 3, ...17 & even 2, 4, .., 16
How it is reversed?
Why?
From Figure 3-22 we have:
Thus:
X'a ® X'b = (Xa ® Yout ) ® (Xb ® Yout)
= Xa ® Xb
= Yin
I.e, Yin is the same if we
use
(Xa , Xb) or (X'a , X'b)
Similarly, Zin the the same if
we use (Xc , Xd) or (X'c , X'd)
Thus Yout and Zout are the same
in both encryption and decryption.
Therefore, since we know
Yout and
Zout we can get:
Encryption keys:
K1
K2
K3
K4
K5
K6
K7
K8
......
Decryption Keys:
(K49)^{-1} -(K50) -(K51) (K52)^{-1} K47 K48 (K43)^{-1} -(K44) ....
Advanced Encryption Standard (AES):Developed with the help of NIST as an efficient, flexible, secure and
unencumbered (free to implement) standard for protecting
sensitive non classified, U.S. government information.
NIST selected an algorithm called Rijndael (named after two Belgium cryptographers).
It uses a variety of block and key sizes (mainly 128, 192 and 256)
and the standards are named: AES-128, AES-192, AES-256!
(block sizes are fixed in all to 128 bits).
It is similar to DES and IDEA in that there is rounds and key expansion.
Encrypting a Large Massage
Electronic Code Book (ECB):
Break the message into
64-bit blocks
(padding the last one) and
encrypt each block with the
secret
key.
Two problems:
See Figure Fig. 4-5 & Fig 4-6:
The randomly
chosen IV (Initialization Vector)
Two identical plain messages
produces
two different cipher messages.
(e.g., continue holding,
continue
holding, ....., start attach)
This prevents Chosen
plain text attach
CBC Threat-
Modifying
Cipher Blocks
You can modify the contents of
one cipher block to make the plain text of next block as
you wish,
however
the preceding plain text block will be garbled, as shown:
Thus if c_{n }is
garbled then m_{n} will be completely garbed.
Only the same portion of m_{n+1}
as what was changed in c_{n} will be changed.
This can be solved by
attaching
a CRC to the plain text before encryption.
Output Feedback Mode (OFB):
It is a stream cipher,
encryption/decryption
is performed by ®ing the message with one-time pad generated as
follows:
Major advantages of
OFB:
Major disadvantages of
OFB:
To solve the last
two problems,
we use CFB below, where if one block is lost,
only the next block is
garbled
and the rest of the blocks will decrypt properly.
See Fig. 4-10 , CTR have the following advantages:
Figure 4-10
A secret key system can be
used
to generate a cryptographic checksum
MAC (message authentication
code)
or MIC (message integrity code).
Send Plain text +
CBC residue:
(see Fig. 4-11)
The receiver computes the
CBC
residue from the plain text
and compare it with the
received
CBC residue.