modern cryptography
DESCRIPTION
Modern Cryptography. 1977: Data Encryption Standard (DES) adopted by the U.S. Federal Information Processing for encrypting unclassified information - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/1.jpg)
Modern Cryptography• 1977: Data Encryption Standard (DES) adopted
by the U.S. Federal Information Processing for encrypting unclassified information
• 1976: Diffie and Hellman, introduced the revolutionary concept of public-key cryptography. Security is based on the intractability of the discrete logarithm problem
• 1978: Rivest, Shamir, and Adleman (RSA), perhaps the most well-known scheme; security is based on the the intractability of factoring large integers.
![Page 2: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/2.jpg)
Simplified DES• Encryption
Takes an 8-bit block of plaintext and a 10-bit key as input and produces an 8-bit of cipher.
• DecryptionTakes an 8-bit block of cipher and the same 10-bit key as input and produces an 8-bit of original plaintext.
• Both substitution and transposition operations are used
• It is a complex, multi-phase algorithm
![Page 3: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/3.jpg)
Five Functions of Simplified DES
• IP: Initial permutation• fk: Key-dependent scrambler (Mangler(complex)
function))– Use a 8-bit key – Perform both permutation and substitution
• SW ( simple permutation function) – Swap the two halves of data
• fk again (different key) • IP-1: Inverse permutation
![Page 4: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/4.jpg)
![Page 5: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/5.jpg)
S-DES AlgorithmWe can concisely express the encryotio algorithm as a
composition of functin: IP-1 ° fk2°
SW ° fk1
° IP
OR AS: • Cipher = IP-1(fk2
(SW(fk1(IP(plaintext)))))
• K1 = P8(Shift(P10(key)))
• K2 = P8(Shift(Shift(P10(key))))
• Plaintext = IP-1(fk1(SW(fk2
(IP(ciphertext)))))
![Page 6: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/6.jpg)
Key Generation
![Page 7: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/7.jpg)
Key Generation
10-Bit Key: Make up by sender
P10: Permutation 10 (Constant)
P8: Permutation 8 (Constant)
1 0 1 0 0 0 0 0 1 0
3 5 2 7 4 10 1 9 8 6
6 3 7 4 8 5 10 9
![Page 8: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/8.jpg)
Example of Key GenerationBit Position 1 2 3 4 5 6 7 8 9 1010-bit key 1 0 1 0 0 0 0 0 1 0P10 3 5 2 7 4 10 1 9 8 6split 1 0 0 0 0 0 1 1 0 0LS-1 0 0 0 0 1 1 1 0 0 0P8 6 3 7 4 8 5 10 9K1 1 0 1 0 0 1 0 0
LS-2 0 0 1 0 0 0 0 0 1 1P8 6 3 7 4 8 5 10 9K2 0 1 0 0 0 0 1 1
![Page 9: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/9.jpg)
![Page 10: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/10.jpg)
Encryption
8-Bit Plaintext: Make up by sender
IP: Initial Permutation (constant)
IP-1: Inversed Permutation (constant)
1 1 1 1 0 0 1 1
2 6 3 1 4 8 5 7
4 1 3 5 7 2 8 6
![Page 11: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/11.jpg)
Encryption
S0 Box (constant) S1 Box (constant)
E/P: Expansion/Permutation Rule (constant)
P4: Permutation 4 (constant)4 1 2 3 2 3 4 1
1 0 3 23 2 1 00 2 1 33 1 3 2
0 1 2 32 0 1 33 0 1 02 1 0 3
2 4 3 1
![Page 12: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/12.jpg)
Example of Encryption
X:8-bit Plaintext 1 1 1 1 0 0 1 1IP8: Initial permutation vector 2 6 3 1 4 8 5 7Permutation of X 1 0 1 1 1 1 0 1Splitting into L0,R0 1 0 1 1 1 1 0 1E/P 8: Expansion permutation of R0 4 1 2 3 2 3 4 1EP(0): Expanded R0 1 1 1 0 1 0 1 1K1: Key 1 1 0 1 0 0 1 0 0EP(R0) xor K1 0 1 0 0 1 1 1 1
![Page 13: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/13.jpg)
Example of Encryption
EP(R0) xor K1 0 1 0 0 1 1 1 1Re-arrange in 2X4 matrix 0 1 0 0
1 1 1 1
Mapping values from S0 and S1 Box 1 0 3 2 0 1 2 33 2 1 0 2 0 1 30 2 1 3 3 0 1 03 1 3 2 2 1 0 3
Subtitute with S box entry 1 1 1 1P4: Permutation 4 2 4 3 1F(R0,SK1) 1 1 1 1
![Page 14: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/14.jpg)
Example of Encryption
F(R0,SK1) 1 1 1 1L0 1 0 1 1L0 xor F(R0,SK1) 0 1 0 0f1,R0 0 1 0 0 1 1 0 1Switch: L1,R1 1 1 0 1 0 1 0 0
![Page 15: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/15.jpg)
Fk again
L1,R1 1 1 0 1 0 1 0 0E/P 8: Expanded permutation 4 1 2 3 2 3 4 1Expanded permutation of R1 0 0 1 0 1 0 0 0K2: Key 2 0 1 0 0 0 0 1 1E/P(R1) xor K2 0 1 1 0 1 0 1 1
![Page 16: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/16.jpg)
Fk again
Re-arrange in 2X4 matrix 0 1 1 01 0 1 1
S0 and S1 Box 1 0 3 2 0 1 2 33 2 1 0 2 0 1 30 2 1 3 3 0 1 03 1 3 2 2 1 0 3
Output of S boxes 1 0 0 1P4 2 4 3 1F(R1,SK2) 0 1 0 1
![Page 17: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/17.jpg)
Fk again
F(R1,SK2) 0 1 0 1L1 1 1 0 1L1 xor F(R1,SK2) 1 0 0 0f2,R1 ->L2, R2 1 0 0 0 0 1 0 0IP-1 4 1 3 5 7 2 8 6Ciphertext 0 1 0 0 0 0 0 1
![Page 18: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/18.jpg)
Data Encryption Standard (DES)
• National Bureau of Standards and Technology (NIST) adopted DES in 1977 based on LUCIFER developed by IBM.
• DES has flourished and is widely used, especially in financial application.
• Text length: 64 bits. Thus the plaintext is divide into 64-bit blocks.
• The key is 64 bit long. However, the bit positions 8, 16,….,64 are parity of the previous 7 bits. Hence, the key is really a 56 bit long binary string.
![Page 19: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/19.jpg)
From S-DES to DESEncryption Scheme
• S-DESIP-1 o fk2
o SW o fk1 o IP
• DESIP-1 o fk16
o SW o fk15 o SW.....
o SW o fk1
o IP
![Page 20: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/20.jpg)
From S-DES to DESkey
• S-DES– 10-bit key is used– From which two 8-bit keys are calculated
• DES– 56-bit key is used– From which 16 48-bit keys are calculated
![Page 21: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/21.jpg)
From S-DES to DESData block
• S-DES– Each block is 8 bits– Each half is 4 bits
• DES– Each block is 64 bits– Each half is 32 bits
![Page 22: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/22.jpg)
From S-DES to DESexpansion of right half
• S-DES– 4-bit right half is expanded to 8 bits– After xor with the key, it is arranged into 2X4
matrix• DES
– 32-bit right half is expanded to 48 bits– After xor with the key, it is arranged into 8X6
matrix
![Page 23: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/23.jpg)
From S-DES to DESS box
• S-DES– Use 1st and 4th bit for row, 2nd and 3rd bit for column– There are 2 S Boxes, each is 4 X 4– Entries in S box are 0 - 3
• DES– Use 1st and 6th bit for row, 2nd thru 6th bit for column– There are 8 S Boxes, each is 4 X 16– Entries in S box are 0 - 15
![Page 24: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/24.jpg)
![Page 25: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/25.jpg)
DES: Key generation for each round (key schedule)
1. The parity bits are stripped away.2. The bits are permuted by PC-13. Result is split in to left half (Ci) and right half (Di)
(i: round of calculation)4. Left shift Ci and Di separately. Left shift by one
position if i=1, 2, 9, or 16; otherwise shift by 25. Combine the two halves after shifting and permute
by PC-2. The result is sub key i (48 bits)6. Use result of (4) as input for next sub key
![Page 26: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/26.jpg)
![Page 27: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/27.jpg)
Key Permuted Choice 1
PC-1: Permutation of 56 bits
![Page 28: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/28.jpg)
Key Permuted Choice 2
PC-2: Permutation of 48 bits
The following bits are discarded9 18 22 25 35 38 43 54
![Page 29: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/29.jpg)
Key Shifting
Schedule of left shift
![Page 30: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/30.jpg)
DES – Permutation Function• Before first rounds, the plaintext bits are permuted
using an initial permutation. IP
• Hence, at the end of the 16 rounds the inverse permutation is applied. IP-1
![Page 31: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/31.jpg)
Data Encryption Standard
• The algorithm has 16 rounds. Each round has the following architecture:
Li and Ri are 32-bit long
![Page 32: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/32.jpg)
Details of Single Round
![Page 33: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/33.jpg)
Mangler Function F(R,K)
![Page 34: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/34.jpg)
DES: Expansion Function
• The 32 bits of Ri are permuted and 16 of them are repeated twice to obtain a 48 bit string.
![Page 35: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/35.jpg)
DES: S Boxes.
• S blocks takes in as input 6-bit arguments and outputs four bits.
• This is the substitution part of the cipher.
![Page 36: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/36.jpg)
DES – Input to S Boxes1 2 3 4 5 6 Row Column
1 1 1 0 0 1 0 2 92 1 0 0 1 1 1 3 33 0 1 1 1 1 0 0 154 1 1 1 1 0 1 3 145 0 1 0 0 0 0 0 86 0 0 0 1 0 1 1 27 0 1 1 0 0 0 0 128 1 1 0 1 0 1 3 10
![Page 37: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/37.jpg)
DES: S Boxes (1-4)
![Page 38: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/38.jpg)
DES: S Boxes (5-8)
![Page 39: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/39.jpg)
DES – Output of S BoxesRow Column S Box Entry 1 2 3 4
2 9 12 1 1 0 03 3 1 0 0 0 10 15 8 1 0 0 03 14 2 0 0 1 00 8 8 1 0 0 01 2 4 0 1 0 00 12 5 0 1 0 13 10 9 1 0 0 1
![Page 40: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/40.jpg)
DES – Permutation 32
• After substitution, the function output is now 32 bits and it goes through a fixed permutation.
![Page 41: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/41.jpg)
DES – After Permutation 32
0 0 0 01 0 1 11 1 0 10 0 0 01 1 0 01 0 0 10 0 0 01 0 0 0
![Page 42: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/42.jpg)
Output of Mangler function
1. The 32-bit output of Mangler function is xor with the original left half.
2. Result of (1) is the right half (R1)
3. Original right half becomes new left half (L1)
4. Concatenation of L1 and R1 is input to round 2
![Page 43: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/43.jpg)
Cipher Text
• Repeat for another 15 rounds• Apply permutation IP-1 at the end of 16th
round.• Use the same algorithm for decryption,
except the sub keys are used in reversed order. (k16 for round 1, key15 for round 2, etc....)
![Page 44: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/44.jpg)
DES Reviewed
An initial permutation is applied to the plain text. The result is split into two halves (L0,R0). We apply a function and call it a round:L1=R0, R1=L0f(R0,K0)From the initial key K we derive subkeys: Ki (basically shifts of the initial key).
![Page 45: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/45.jpg)
Mangler Function ReviewedA is the 32 bit input, J is the 48 bit subkey. E is a trivial expansion of the input to 48 bits (bits 4,5 are repeated, bits 8,9 are repeated, bits 12,13 are repeated… and there is a circular shift of 1 bit to the right.The S-Boxes map 6 bits onto 4, finally a permutation is applied.
![Page 46: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/46.jpg)
The Avalanche Effect of DES1 bit of Plaintext is changed 1 bit of Key is changed
RoundNumber of Bits
that differsNumber of Bits
that differs0 1 01 6 22 21 143 35 284 39 325 34 306 32 327 31 358 29 349 42 4010 44 3811 32 3112 30 3313 30 2814 26 2615 29 3416 34 35
![Page 47: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/47.jpg)
The Strength/Weakness of DES• Number of possible keys = 256
• Which is equivalent to 7.2 X 1016
• On Average half the key space has to be searched
• Estimated single machine brute-force search
Key serch machine cost Expected search time$100,000 35 hours
$1,000,000 3.5 hours$10,000,000 21 minutes
![Page 48: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/48.jpg)
The Strength/Weakness of DES• Parallel computing and improvement in
computing power makes DES breakable.• Downside of brute-force search: if plaintext
is compressed or is a numeric file, it is difficult to recognize. Some knowledge about plaintext is needed.
![Page 49: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/49.jpg)
DES: Comments• The security of the system depends on the number of
rounds. For example, if the number of rounds is 8 then DES can be broken quite easily by differential cryptanalysis.
• 56 bit keys have become easier to break by exhaustive search. That is if you have one single copy of a plaintext and the corresponding cipher state, then one can try all possible keys before a match occurs.
• Modified DES (e.g., triple DES) protocols are used.• DES will be replaced Advanced Encryption System
(AES).
![Page 50: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/50.jpg)
AES• As DES is getting very old, NIST began a public
process to choose a new cipher to be called AES (Advanced Encryption Standard).
• AES algorithms should have 3 key sizes: 128, 192, 256 bits, and operate on block sizes of 128 bits.
• The algorithm would be selected by choosing the fastest cipher,
• Additional considerations are memory requirements, suitability to smart cards, etc…
• In 1999, the finalist were announced....
![Page 51: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/51.jpg)
Five Finalist for AESAugust, 1999
• MARS—developed by IBM• RC6™—developed by RSA Laboratories• Rijndael—developed by Joan Daemen and
Vincent Rijmen of Belgium• Serpent—developed by Ross Anderson, Eli Biham
and Lars Knudsen of the United Kingdom, Israel and Norway respectively
• Twofish—developed by Bruce Schneier, etc.In 2000, the winner was decided ........
![Page 52: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/52.jpg)
AES Winner: Rijndael• Designed by a Belgian group.• Originally had variable block size as well as variable key
size.• For the AES proposal, only the 128 bit block variant was
used.• The number of rounds depends on the key size, 9 round for
128 bits, 11 for 192 bits, 13 for 256 bits.• Rijndael was the fastest cipher which was not shown to
have obvious weaknesses.• Some features of Rijndael’s design are considered to be
novel, which in cryptography, is not always good.
![Page 53: Modern Cryptography](https://reader035.vdocuments.us/reader035/viewer/2022062315/56816336550346895dd3c3e9/html5/thumbnails/53.jpg)
Security of Rijndael
• Rijndael is a new cipher, so there are limited results, but so far the news is good.
• The use of matrix multiplication is unique and untested by time. Some controversy has been raised about this.
• Rijndael had the lowest memory requirements and the fastest encryption of all the five finalists.