Introduction to Information Security

Lect. 6: Block Ciphers

2

Model of Symmetric Cryptosystem

E D

Shared Se-cret Key

Shared Se-cret Key

KeyK

Secure Channel

Insecure Channel

PlaintextM

Ciphertext C

PlaintextM

CryptanalystAdversary

M

K

C = EK(M) DK(C) = M

3

Block Cipher – A Simplified View

En

cryp

tio

nF

un

ctio

n

En

cryp

tio

nK

ey S

ched

ule

Input Message(Plaintext) User Key

En

cryp

tio

n R

ou

nd

key

s

Output Message(Ciphertext)

Dec

ryp

tio

nK

ey S

ched

ule

Dec

ryp

tio

n R

ou

nd

key

s

Dec

ryp

tio

nF

un

ctio

n

E DE D

Input Message(Ciphertext)

Output Message(Plaintext)

4

Most Popular Symmetric Ciphers

1980 1990 2000 2010 2020 2030

DES 3DES

AES

IDEARC5BlowfishCAST

SerpentRC6TwofishMars

56 bit key

128, 192, 256 bit key

1997 1999

AEScontest

2001

Americanstandards

Other popular

algorithms

5

1. Feistel Network

6

Feistel-type Ciphers

Feistel network An elegant variant of S-P networks that could be implemented

using a single algorithm for both encryption and decryption F( ) does not need to be invertible

Horst Feistel

Horst Feistel is best known for his work on the Feistel network construction – a common method for constructing encryption algorithms. In 1977, he was recognized at the IBM Corporate Technical Recognition Event (CTRE) for "devising a scheme encrypting binary data which is especially significant to IBM products and is the basis for the recently announced Federal Information Processing Standard adopted by the U.S. Commerce Department." His work at IBM led to the development of the pioneering Lucifer and Data Encryption Standards (DES) ciphers, and as a result of his efforts, IBM announced the 3845 and 3846 data encryption devices and the IBM cryptographic subsystem. Feistel earned a bachelor's and a master's degree in physics from MIT and Harvard, respectively. Before joining IBM, he worked with the U.S. Air Force Cambridge Research Center (AFCRC), MIT's Lincoln Laboratory and the Mitre Corporation.

7

Block Cipher Architecture : Feistel-type (Encryption)

round 1

round 2

round r

Plaintext

Ciphertext

Å

Å

Å

F

F

F

K1

K2

Kr

L0 R0

L1

Lr-1

R1

Rr-1

LrRr

8

Block Cipher Architecture : Feistel-type (Decryption)

Ciphertext

Å

Å

Å

F

F

F

Kr

Kr-1

K1

Rr Lr

Rr-1

R1

Lr-1

L1

R0L0

Plaintext

9

Feistel-type Cipher

P = L0 || R0 C = Rr || Lr

L1 = R0 Rr-1 = Lr

R1 = L0 F(K1, R0) Lr-1 = Rr F(Kr, Rr-1)

Li = Ri-1 Ri-1 = Li

Ri = Li-1 F(Ki, Ri-1) Li-1 = Ri F(Ki, Ri-1)

Lr = Rr-1 R0 = L1

Rr = Lr-1 F(Kr, Rr-1) L0 = R1 F(K1, R0)

C = Rr || Lr P = L0 || R0 P = L0 || R0 C = Rr || Lr

for i=1 to r for i=r-1 to 0 Li = Ri-1 Ri = Li+1

Ri = Li-1 F(Ki, Ri-1) Li = Ri+1 F(Ki+1, Ri) C = Rr || Lr P = L0 || R0

10

Design of Feistel-type Ciphers

Design of F-function The only non-linear part in the Feistel-type cipher Need not be invertible Typically uses S-boxes (Substitution boxes) for non-linearity May also contain mixing (permutation) part of the S-box outputs Determines the ultimate security

Design of Key scheduling algorithm Algorithm for deriving as many round keys as necessary from a fixed

user key On-the-fly vs. off-line calculation

Number of rounds Depends on the strength of round function (F-function) A safety margin should be considered for long-term security Determined through the analysis of the whole algorithm against most

powerful known cryptanalysis techniques