introduction to information security lect. 6: block ciphers
TRANSCRIPT
Introduction to Information Security
Lect. 6: Block Ciphers
2
Model of Symmetric Cryptosystem
E D
Shared Se-cret Key
Shared Se-cret Key
KeyK
Secure Channel
Insecure Channel
PlaintextM
Ciphertext C
PlaintextM
CryptanalystAdversary
M
K
C = EK(M) DK(C) = M
3
Block Cipher – A Simplified View
En
cryp
tio
nF
un
ctio
n
En
cryp
tio
nK
ey S
ched
ule
Input Message(Plaintext) User Key
En
cryp
tio
n R
ou
nd
key
s
Output Message(Ciphertext)
Dec
ryp
tio
nK
ey S
ched
ule
Dec
ryp
tio
n R
ou
nd
key
s
Dec
ryp
tio
nF
un
ctio
n
E DE D
Input Message(Ciphertext)
Output Message(Plaintext)
4
Most Popular Symmetric Ciphers
1980 1990 2000 2010 2020 2030
DES 3DES
AES
IDEARC5BlowfishCAST
SerpentRC6TwofishMars
56 bit key
128, 192, 256 bit key
1997 1999
AEScontest
2001
Americanstandards
Other popular
algorithms
5
1. Feistel Network
6
Feistel-type Ciphers
Feistel network An elegant variant of S-P networks that could be implemented
using a single algorithm for both encryption and decryption F( ) does not need to be invertible
Horst Feistel
Horst Feistel is best known for his work on the Feistel network construction – a common method for constructing encryption algorithms. In 1977, he was recognized at the IBM Corporate Technical Recognition Event (CTRE) for "devising a scheme encrypting binary data which is especially significant to IBM products and is the basis for the recently announced Federal Information Processing Standard adopted by the U.S. Commerce Department." His work at IBM led to the development of the pioneering Lucifer and Data Encryption Standards (DES) ciphers, and as a result of his efforts, IBM announced the 3845 and 3846 data encryption devices and the IBM cryptographic subsystem. Feistel earned a bachelor's and a master's degree in physics from MIT and Harvard, respectively. Before joining IBM, he worked with the U.S. Air Force Cambridge Research Center (AFCRC), MIT's Lincoln Laboratory and the Mitre Corporation.
7
Block Cipher Architecture : Feistel-type (Encryption)
round 1
round 2
round r
Plaintext
Ciphertext
Å
Å
Å
F
F
F
K1
K2
Kr
L0 R0
L1
Lr-1
R1
Rr-1
LrRr
8
Block Cipher Architecture : Feistel-type (Decryption)
Ciphertext
Å
Å
Å
F
F
F
Kr
Kr-1
K1
Rr Lr
Rr-1
R1
Lr-1
L1
R0L0
Plaintext
9
Feistel-type Cipher
P = L0 || R0 C = Rr || Lr
L1 = R0 Rr-1 = Lr
R1 = L0 F(K1, R0) Lr-1 = Rr F(Kr, Rr-1)
Li = Ri-1 Ri-1 = Li
Ri = Li-1 F(Ki, Ri-1) Li-1 = Ri F(Ki, Ri-1)
Lr = Rr-1 R0 = L1
Rr = Lr-1 F(Kr, Rr-1) L0 = R1 F(K1, R0)
C = Rr || Lr P = L0 || R0 P = L0 || R0 C = Rr || Lr
for i=1 to r for i=r-1 to 0 Li = Ri-1 Ri = Li+1
Ri = Li-1 F(Ki, Ri-1) Li = Ri+1 F(Ki+1, Ri) C = Rr || Lr P = L0 || R0
10
Design of Feistel-type Ciphers
Design of F-function The only non-linear part in the Feistel-type cipher Need not be invertible Typically uses S-boxes (Substitution boxes) for non-linearity May also contain mixing (permutation) part of the S-box outputs Determines the ultimate security
Design of Key scheduling algorithm Algorithm for deriving as many round keys as necessary from a fixed
user key On-the-fly vs. off-line calculation
Number of rounds Depends on the strength of round function (F-function) A safety margin should be considered for long-term security Determined through the analysis of the whole algorithm against most
powerful known cryptanalysis techniques