cs 556 – computer security spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · cs 556 –...
TRANSCRIPT
![Page 1: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/1.jpg)
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 1 / 64
CS 556 – Computer Security
Spring 2018
Dr. Indrajit Ray
Email: [email protected]
Department of Computer Science
Colorado State University
Fort Collins, CO 80523, USA
![Page 2: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/2.jpg)
SECRET KEY CRYPTOSYSTEMS
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 2 / 64
![Page 3: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/3.jpg)
Secret Key Cryptosystem
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 3 / 64
Cryptanalyst
Encrypt M with
SourceMessage Message
Destination
Key SourceKey SourceGenerates
Random Key
Decrypt C with
Provides OrProduces KeySecure Key
Channel
M MC
Insecure CommunicationsChannel
C
key K1 key K2
C = E[M, K1] M = D[C, K2]
K1
K1
K2
![Page 4: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/4.jpg)
Block Ciphers vs. Stream Ciphers (1)
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 4 / 64
P1 P2 PnPn-1
64 / 128 bitsblock
64 / 128 bitsblock
P1
EncryptKey
C1
Pi
EncryptKey
Ci
Pn
EncryptKey
Cn
C1
DecryptKey
P1
Ci
DecryptKey
Pi
Cn
DecryptKey
Pn
Plaintext
Ciphertext
Plaintext
![Page 5: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/5.jpg)
Block Cipher vs. Stream Ciphers (2)
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 5 / 64
Plaintext
Plaintext byte stream
Pseudorandom byte generator
(key stream generator)
+Key
Ciphertextbyte stream
Pseudorandom byte generator
(key stream generator)
+Key
Ciphertextbyte stream
Plaintextbyte stream
![Page 6: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/6.jpg)
Basic Secret-Key Techniques
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 6 / 64
● Substitution
● Permutation or transposition
✦ Reverse Cipher
✦ Column Transposition
✦ Rail Fence
✦ Scytale Cipher
✦ Nihilist Cipher
● Combination and iterations of these - Product ciphers
![Page 7: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/7.jpg)
SIMPLE CIPHERS
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 7 / 64
![Page 8: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/8.jpg)
Simple Alphabetic Substitution
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 8 / 64
Plaintext ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext PZQSGIMBWXDFKJVCHAOLUTERYN
● Also called Caesar cipher
● Huge key space: 26! ≫ 1026
● Trivially broken for known plaintext attacks
● Easily broken for ciphertext only attacks (for natural language
plaintext)
● Multiple encipherment does not help (no point in doing two
substitutions in sequence)
![Page 9: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/9.jpg)
Simple Permutation
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 9 / 64
Plaintext 1 2 3 4 5
Ciphertext 1 235 4
● Key space N! for block size N
● Trivially broken for known plaintext attack
● Easily broken for ciphertext only attack (for natural language
plaintext)
● Multiple encipherment does not help
![Page 10: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/10.jpg)
Reverse Cipher
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 10 / 64
● Reverse the order of the letters in a message
✦ Plaintext – ICAMEISAWICONQUERED
✦ Ciphertext – DERDUQNOCIWASIEMACI
![Page 11: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/11.jpg)
Column Transposition
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 11 / 64
1 2 3 4 5 6 7
l a s e f b ea m s c a n be m o d u l a
r r y m o r ei n t e l l ig e n c e t ha n r a d i o
Key; 4523617
Ciphertext:
merne nasso dytnr vbnlcrltiq laetr igawe baaeihox
ecdtm ecaef auool edsam
w a v e s q x
t e d t o c a
![Page 12: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/12.jpg)
Rail Fence Cipher
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 12 / 64
● Write the message alternating letters in two rows
● Write the ciphertext from the rows
N T M F R G NEDOLAOIEIO
W ST
HE
L O MPlaintext
Ciphertext NWSHTMFRLGOMNOITEIEOALODE
![Page 13: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/13.jpg)
Scytale Cipher
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 13 / 64
● A strip of paper was wound round a staff; message written along
staff in rows; then paper removed leaving a strip of seemingly
random letters
Ciphertext: NEOOOTROWIADIMLMSELETFGNH
N
E
O
O
O
T
R
O
W
I
A
D
I
M
L
M
S
E
L
E
T
G
F
N
H
![Page 14: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/14.jpg)
Nihilist Cipher
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 14 / 64
● Combines row and column transposition
● Write message in rows in order controlled by key, read off by
rows
Plaintext: NOWISTHETIMEFORALLGOODMEN
Key 2 1 3 5 4
2 1 3 5 4
2
1
3
5
4
NO W IS
TH E TI
ME F OR
AL L GO
OD M EN
Ciphertext: HTEIT ONWSI EMFRO DOMNE LALOG
![Page 15: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/15.jpg)
STRONGER CIPHERS
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 15 / 64
![Page 16: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/16.jpg)
Product Ciphers
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 16 / 64
● Substitution followed by permutation followed by substitution
followed by permutation . . .
● Best known example is DES (Data Encryption Standard)
● Mathematics to design strong product cipher is classified
![Page 17: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/17.jpg)
Product Ciphers - (cont’d)
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 17 / 64
● For known plaintext/ chosen plaintext/ chosen ciphertext,
breakable by exhaustive search of key space
● Therefore security is based on - computational complexity of
computing the key under these scenarios
✦ size of the key
![Page 18: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/18.jpg)
Vernam One-time Pad
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 18 / 64
+ +
K KSecret Key Secret Key
Secure Channel
Plaintext Ciphertext PlaintextA B
0 0
0 1
1 0
1 1
A + B
0
1
1
0
Perfect Secrecy
![Page 19: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/19.jpg)
Perfect Secrecy
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 19 / 64
● The Vernam one-time pad is the ultimate cipher, but impractical
for most situations
● Requires a random key longer than the message
● The key cannot be reused
● Known plaintext reveals the portion of the key that has been
used, but does not reveal anything about the future bits of the
key
![Page 20: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/20.jpg)
DATA ENCRYPTION STANDARD
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 20 / 64
![Page 21: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/21.jpg)
DES
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 21 / 64
● DES is a product cipher with 56 bit key and 64 bit block size for
plaintext and ciphertext
● Developed by IBM and adopted by NIST (FIPS publication 46)
with NSA approval, for unclassified information
● E and D are public, but the design principles are classified
● Has some four weak keys for which E[E[M, K], K] = M that are
identified as part of the standard and should not be used
● Has twelve semi-weak keys which comes in pairs K1 and K2 for
which E[E[M, K1], K2] = M
![Page 22: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/22.jpg)
DES
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 22 / 64
● Has stood up remarkably well against 15 years of public
cryptanalysis
● Adopted as ANSI DEA (Data Encryption Algorithm)
● Considered by ISO as a standard but abandoned due to concern
that it may become too widespread and an enticing target for
cryptanalysis
![Page 23: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/23.jpg)
DES History
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 23 / 64
● 1977 Approved as Federal standard with 5 year cycle of
recertification
● 1987 Reluctantly approved for 5 years
● 1993 Approved for another 5 years
● 1998 Re-examined and called for replacement
● 1999 DES re-affirmed for use till replacement found; preferred
mode Triple DES
● 2001 Advanced Encryption Standard (FIPS 197) announced to
replace DES
● 2005 DES withdrawn as national standard
![Page 24: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/24.jpg)
DES Controversies
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 24 / 64
● Allegations of built in trapdoors have never been substantiated
✦ The US Senate Select Committee on Intelligence
exonerated the NSA from tampering with the design of DES
in any way
● Major weakness is key size of 56 bits (on the threshold of
allowing exhaustive search for known plaintext attacks)
✦ Broken in 22 hours in 1999 by distributing the computing
over the Internet (EFF’s Deep Crack and distributed.net)
✦ Broken in 1 day by FPGA based parallel machine in 2008
✦ Main reason for replacement
![Page 25: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/25.jpg)
DES DESIGN
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 25 / 64
![Page 26: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/26.jpg)
Overview
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 26 / 64
● The basic process in enciphering a 64-bit data block using the
DES consists of:
✦ an initial permutation (IP)
✦ 16 rounds of a complex key dependent calculation (f)
✦ a final permutation, being the inverse of IP
![Page 27: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/27.jpg)
Overview
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 27 / 64
![Page 28: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/28.jpg)
DES - Selecting Subkeys
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 28 / 64
![Page 29: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/29.jpg)
DES Encryption - The f function
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 29 / 64
![Page 30: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/30.jpg)
BREAKING DES
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 30 / 64
![Page 31: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/31.jpg)
DES Known Plaintext Attack
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 31 / 64
● 56 bit key can be broken on average in 255= 3.6 × 1016 trials
trials / second time required
1 109 years
103 106 years
106 103 years
109 1 year
1012 10 hours
![Page 32: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/32.jpg)
DES Known Plaintext Attacks
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 32 / 64
● Fastest DES chips can do close to 1 million encryptions per
second
● A million chips in parallel can give us 1012 trials per second
● Estimated cost of such a special purpose machine is in 10’s of
millions of dollars at most, comparable to the most expensive
supercomputers
![Page 33: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/33.jpg)
DES Known Plaintext Attack
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 33 / 64
● Compare the numbers for a 76 bit key which can be broken on
average in 275 trials
trials / second time required
1 1015 years
103 1012 years
106 109 years
109 106 years
1012 103 years
![Page 34: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/34.jpg)
DES Chosen Ciphertext Attack
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 34 / 64
● Biham and Shamir have shown that differential cryptanalysis can
break DES in 248 trials - within the capabilities of the most
powerful workstations
● Differential cryptanalysis requires vast amounts of chosen
ciphertext and is not very practical (247 pairs)
● DES-like ciphers with larger keys should also be susceptible to
such attacks
![Page 35: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/35.jpg)
DES Multiple Encipherment
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 35 / 64
● In 1992 it was shown that DES is not a group.
✦ That is there is no K such that E[M, K] = E[E[M, K1], K2]]
✦ So multiple encryption should be effective in giving a
stronger cipher
■ However, this is not the case
![Page 36: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/36.jpg)
DES Multiple Encipherment
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 36 / 64
Plaintext IntermediateCiphertext
Ciphertext
P E E
K1 K2
C = E[E[P, K1], K2]
![Page 37: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/37.jpg)
DES Multiple Encipherment
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 37 / 64
IntermediateCiphertext
Ciphertext Plaintext
C D D
K2 K1
P = D[D[C, K2], K1]
![Page 38: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/38.jpg)
Double DES - Attack
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 38 / 64
● Only as strong as DES with a 57 bit key and not a 112 bit key
✦ Known plaintext meet-in-the-middle attack
![Page 39: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/39.jpg)
Double DES Meet-in-the-Middle Attack
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 39 / 64
● Note that C = E[E[P, K1], K2]; then we have X = E[P, K1] = D[C,
K2]
● The attack starts with a known pair (P, C)
● Step 1: Encrypt P for all 256 possible values of K1. Store these
results (that is the X values) in a table and then sort the table by
the values of X
![Page 40: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/40.jpg)
The Meet-in-the-Middle Attack
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 40 / 64
● Step 2: Decrypt C using all possible 256 values of K2 . As each
decryption is produced, check the result against the table (of X
values) for a match.
● If a match occurs then test the two resulting keys against a new
known plaintext-ciphertext pair. If the two keys produce the
correct ciphertext, accept them as the correct key.
![Page 41: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/41.jpg)
The Attack - Analysis
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 41 / 64
● For any given 64 bit plaintext P, there are 264 ciphertext values
that could be produced by double DES
● Double DES has a 112 bit key size - so in effect there are 2112
possible key values
● Therefore, on an average, for a given plaintext, the number of
different 112 bit keys that will produce a given ciphertext is
2112/264= 248
![Page 42: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/42.jpg)
Analysis (continued)
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 42 / 64
● Thus, the attack will produce about 248 false alarms on the first
(P, C) pair.
● A similar argument states that with an additional (P, C) pair the
false alarm rate is reduced to 248 /264= 2−16
✦ that is if the attacks is performed on two blocks of known (P,
C) pair the probability of the attack succeeding is 1 – 2−16≈
1
![Page 43: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/43.jpg)
DES TRIPLE ENCRYPTION
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 43 / 64
![Page 44: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/44.jpg)
Triple DES
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 44 / 64
Plaintext Ciphertext
E D EP C
K1K1 K2
![Page 45: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/45.jpg)
Triple DES
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 45 / 64
● Technique suggested by Tuchman to avoid the vulnerability in
double DES.
✦ If K2 = K1, this amounts to a single encryption which is
convenient
● Tuchman’s technique is not part of the NIST standard; however
adopted as ANSI X9.52 standard
● Can be broken in 256 operations if one has 256 chosen plaintext
blocks
✦ Could use distinct K1, K2, K3
● Triple DES variant uses three consecutive encryption
![Page 46: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/46.jpg)
BEYOND DES
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 46 / 64
![Page 47: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/47.jpg)
CCEP
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 47 / 64
● CCEP = Commercial COMSEC Endorsement Program
● Provide NSA designed secret crypto algorithms as black boxes
which cannot be reverse engineered, and will be manufactured
by selected vendors
![Page 48: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/48.jpg)
CCEP – Type 1 and Type 2
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 48 / 64
● Type 1 Product module
✦ Can be sold only to US government agencies and US
government contractor for processing classified data
● Type 2 Product module
✦ Can be sold only to US government agencies and US firms
for processing sensitive, unclassified data
● Under certain circumstances, NSA may approve Type 1 and
Type 2 products for use by friendly governments
![Page 49: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/49.jpg)
USING SYMMETRIC KEY CRYPTOSYSTEM
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 49 / 64
![Page 50: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/50.jpg)
Modes of Operation for Symmetric Key Crypto
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 50 / 64
● 4 modes of operation
✦ ECB - Electronic Code Book
✦ CBC - Cipher Block Chaining
✦ CFB - Cipher Feedback
✦ OFB - Output Feedback
● For DES, these are part of the NIST standard
● They have been generalized into ANSI and ISO standards for
modes of block ciphers
![Page 51: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/51.jpg)
Electronic Code Book Mode
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 51 / 64
64 bit data block
64 bit data block
56 bit key 56 bit keyE D
● Ok for small messages
● Identical data blocks will be identically encrypted
![Page 52: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/52.jpg)
Problem with ECB Mode
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 52 / 64
![Page 53: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/53.jpg)
Cipher Block Chaining
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 53 / 64
56 bit key 56 bit key
+
+
64 bit data block
64 bit data block
ciphertext block
ciphertext block64 bit previous
64 bit previous
E D
![Page 54: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/54.jpg)
Cipher Block Chaining
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 54 / 64
● CBC seeks to make each ciphertext block a function of
✦ the key and
✦ all previous plaintext blocks
● Needs an Initialization Vector (IV) to serve as the first feedback
block
![Page 55: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/55.jpg)
Cipher Block Chaining
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 55 / 64
● IV need not be secret or random
● Integrity of IV is important, otherwise first data block can be
arbitrarily changed
● IV should be changed from message to message, or first block
of every message should be distinct
✦ otherwise the first blocks will be encrypted identically
![Page 56: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/56.jpg)
Encryption in CBC Mode
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 56 / 64
![Page 57: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/57.jpg)
Cipher Feedback
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 57 / 64
8, 8-bit blocks
56 bitkey
+
8-bitplaintext
+
8, 8-bit blocks
leftshift
leftshift
8-bitplaintext
leftmost8 bits
leftmost8 bits
56 bitkeyE D
8-bit ciphertext
![Page 58: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/58.jpg)
Cipher Feedback
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 58 / 64
● Intended for character-by-character transmission, among other
things
● Operates at 1/8th the speed of CB or ECB
● We can have k-bit feedback, in general
● Needs a 64-bit Initialization Vector to initialize the shift register
● Error in 1 8-bit ciphertext will be extended to the next 8 8-bit
decrypted ciphertexts
![Page 59: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/59.jpg)
Output Feedback
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 59 / 64
8, 8-bit blocks
56 bitkey
+
8-bitplaintext
+
8, 8-bit blocks
leftshift
leftshift
8-bitplaintext
leftmost8 bits
leftmost8 bits
56 bitkeyE D
8-bit ciphertext
![Page 60: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/60.jpg)
Output Feedback
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 60 / 64
● Similar to CFB except that the key stream generated as input to
exclusive OR is independent of plaintext
✦ Error is not extended
● OFB is intended for use with speech or video (due to lack of
error extension)
● ANSI and ISO only allow 64 bit feedback in OFB
✦ otherwise average cycle of repetition in key stream is 231
![Page 61: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/61.jpg)
Counter Mode for Block Ciphers
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 61 / 64
![Page 62: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/62.jpg)
Counter Mode for Block Ciphers
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 62 / 64
![Page 63: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/63.jpg)
Advanced Encryption Standard
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 63 / 64
● Federal Information Processing Standard 197
● Replacement for DES, became effective May 2002
● Standard to be reevaluated every 5 years
![Page 64: CS 556 – Computer Security Spring 2018cs556dl/lecture-notes/secret-key-crypto.pdf · CS 556 – Computer Security Spring 2018 Dr. Indrajit Ray ... [M, K1] M =D[C, K2] K1 K1 2](https://reader031.vdocuments.us/reader031/viewer/2022021910/5c0321bb09d3f2c12d8c2c7e/html5/thumbnails/64.jpg)
Advanced Encryption Standard
SECRET KEY
CRYPTOSYSTEMS
SIMPLE CIPHERS
STRONGER CIPHERS
DATA ENCRYPTION
STANDARD
DES DESIGN
BREAKING DES
DES TRIPLE
ENCRYPTION
BEYOND DES
USING SYMMETRIC
KEY CRYPTOSYSTEM
Dr. Indrajit Ray, Computer Science Department CS 556 - Computer Security - c© 2018 Colorado State University – 64 / 64
● Symmetric key block cipher
● Uses the Rijndael algorithm
● 128 bit data block size
● Variable key sizes of 128 bit or 192 bits or 256 bits
✦ Rijndael was designed to handle additional block sizes,
however they were not adopted in the standard