Download as PDF, PPTX
![Block Ciphers
In a block cipher:
Plaintext and ciphertext have fixed length b (e.g., 128 bits)
A plaintext of length n is partitioned into a sequence of m
blocks, P[0], …, P[m1], where n bm n + b
Each message is divided into a sequence of blocks and
encrypted or decrypted in terms of its blocks.
Plaintext
Blocks of
plaintext
Requires padding
with extra bits.](https://image.slidesharecdn.com/computersecuritymodule-1-150310001359-conversion-gate01/85/Computer-security-module-1-78-320.jpg)
![Block Ciphers
In a block cipher:
Plaintext and ciphertext have fixed length b (e.g., 128 bits)
A plaintext of length n is partitioned into a sequence of m
blocks, P[0], …, P[m1], where n bm n + b
Each message is divided into a sequence of blocks and
encrypted or decrypted in terms of its blocks.
Plaintext
Blocks of
plaintext
Requires padding
with extra bits.](https://image.slidesharecdn.com/computersecuritymodule-1-150310001359-conversion-gate01/75/Computer-security-module-1-78-2048.jpg)
Uploaded byDeepak John
Computer security module 1
The document discusses cryptography and network security, covering key concepts such as encryption, decryption, security attacks, and mechanisms. It elaborates on different types of cryptographic systems, including symmetric and asymmetric encryption, and includes definitions and examples of classical ciphers. Furthermore, it touches on concepts from abstract algebra relevant to cryptography, such as groups and finite fields.
In this document
Powered by AI
Overview of cryptography, including definitions of plaintext, ciphertext, and various concepts.
Discussions on computer security, network security, and key concepts such as confidentiality and integrity.
Categories of security attacks, including passive and active attacks. Key security mechanisms and their functions.
Various security services such as authentication, access control, and data integrity under security architecture.
Models for network security, discussing algorithm design, secret information generation, and access security.
Introduction to group theory, cyclic groups, and rings, detailing their axioms and characteristics.
Definition of fields, Galois fields, and modular arithmetic concepts, including examples and applications.
Overview of symmetric encryption and key management, including methods and the importance of key security.
Detailed analysis of classical ciphers like Caesar and Playfair, introducing their encryption and decryption methods.
Introduction to steganography and the Hill Cipher, including encryption methods using matrix multiplication.
Discussion on block ciphers and the Data Encryption Standard (DES), focusing on structure, key management, and vulnerabilities.
Overview of cryptanalysis methods including differential and linear attacks, highlighting DES resistance.
More Related Content
Similar to Computer security module 1
![CRYPTOGRAPHY & NETWORK SECURITY [Autosaved].pptx](https://cdn.slidesharecdn.com/ss_thumbnails/cryptographynetworksecurityautosaved-240530051152-1f697ae0-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
Computer security module 1
- 1. Cryptography and NetworkSecurity Deepak John SJCET-Pala
- 2. Plain text: Original message(Message to be send) Cipher Text : Message after transformation. Encryption/Enciphering : Conversion of plain text to cipher text Decryption/Deciphering : Conversion of cipher text to plain text Cryptography: Area of Study about encryption and decryption Cipher/Cryptographic System: Entire system of encryption/decryption. Cryptanalysis : Cryptanalysis is the art of breaking codes and ciphers Cryptology : Study of Cryptography and cryptanalysis.
- 3. Definitions Computer Security- generic name for the collection of tools designed to protect data and to prevent hackers Network Security - measures to protect data during their transmission Internet Security - measures to protect data during their transmission over a collection of interconnected networks
- 4. Key Security Concepts •Confidentiality is roughly equivalent to privacy • Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle.
- 5. Computer Security Challenges 1.not simple 2. must consider potential attacks 3. involve algorithms and secret info 4. must decide where to deploy mechanisms 5. battle of wits between attacker / admin 6. not perceived on benefit until fails 7. requires regular monitoring 8. regarded as impediment to using system
- 6. OSI Security Architecture ITU-T X.800 “Security Architecture for OSI” defines a systematic way of defining and providing security requirements. Aspects of Security consider 3 aspects of information security: security attack security mechanism security service
- 7. Security Attack anyaction that compromises the security of information owned by an organization often threat & attack used to mean same thing have a wide range of attacks can focus of generic types of attacks passive active
- 8. Passive Attacks Passiveattacks do not affect system resources Two types of passive attacks Unauthorized reading of messages Traffic analysis Passive attacks are very difficult to detect Message transmission apparently normal No alteration of the data
- 10. Active Attacks Activeattacks try to alter system resources or affect their operation Modification of data, or creation of false data Four categories Masquerade Replay Modification of messages Denial of service: preventing normal use A specific target or entire network Difficult to prevent The goal is to detect and recover
- 13. Security Mechanism Aredesigned to detect, prevent, or recover from a security attack no single mechanism that will support all services required however one particular element underlies many of the security mechanisms in use(cryptographic techniques) Security Mechanisms (X.800) • specific security mechanisms: incorporated into appropriate protocol layer • pervasive security mechanisms: not specific to any protocol layer
- 16. Security Service enhancesecurity of data processing systems and information transfers of an organization using one or more security mechanisms Example X.800: defines a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers.
- 17. Security Services (X.800) Authentication - assurance that the communicating entity is the one claimed Access Control - prevention of the unauthorized use of a resource Data Confidentiality –protection of data from unauthorized disclosure Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in a communication Availability – resource accessible/usable
- 18. Model for NetworkSecurity
- 19. using thismodel requires us to: 1. design a suitable algorithm for the security transformation 2. generate the secret information (keys) used by the algorithm 3. develop methods to distribute and share the secret information 4. specify a protocol enabling the principals to use the transformation and secret information for a security service
- 20. Model for NetworkAccess Security using this model requires us to: 1. select appropriate gatekeeper functions to identify users 2. implement security controls to ensure only authorised users access designated information or resources
- 21. Fundamentals of AbstractAlgebra
- 22. Group A groupG is a set of elements and some generic operation/s, with some certain relations: Axioms: A1 (Closure) If {a,b} G, then (a.b)G A2 (Associative) law:(a·b)·c = a·(b·c) A3 (has identity) e: e·a = a·e = a A4 (has inverses) a’: a·a’= e A5 (has commutative) a·b = b·a, A G is a finite group if has a finite number of elements A G is abelian if it is commutative,
- 23. Cyclic Group agroup G is cyclic if every element of G is a power of some fixed element a G ie b = ak for some a and every b in group (k is an integer). a is said to be a generator of the group
- 24. Ring a setof “numbers” denoted by {R,+,X} with two operations (addition and multiplication) which form: an abelian group with addition operation (R satisfies axioms A1-A5) and multiplication: closure :If a and b belong to R, then ab is also in R. (M1) Associative:a(bc) = (ab)c for all a, b, c in R. (M2) distributive over addition:(a(b+c) = ab + ac) (M3) Commutative: ab = ba for all a, b in R. (M4) Multiplicative identity: There is an element 1 in R such that a1 = 1a = a for all a in R. (M5) No zero divisors: If a, b in R and ab = 0, then either a = 0 or b = 0 (M6)
- 25. if multiplicationoperation is commutative, it forms a commutative ring if multiplication operation has an identity and no zero divisors, it forms an integral domain
- 26. Field a setof numbers denoted by {F,+,X} with two operations which form: abelian group for addition(F satisfies axioms A1-A5) abelian group for multiplication (F satisfies axioms A1-M6 ignoring 0)
- 27. Modular Arithmetic The Modulus If ‘a’ is an integer and ‘n’ is a positive integer, we define “a mod n” to be the remainder when ‘a’ is divided by n . The integer ‘n’ is called the modulus. Two integers ‘a’ and ‘b’ are said to be congruent modulo n, if (a mod n)=(b mod n). This can be written as a ≡ b (mod n) i.e when divided by n, a & b have same remainder eg. 100 ≡ 34 mod 11
- 28. Modulo 8 AdditionExample + 0 1 2 3 4 5 6 7 0 0 1 2 3 4 5 6 7 1 1 2 3 4 5 6 7 0 2 2 3 4 5 6 7 0 1 3 3 4 5 6 7 0 1 2 4 4 5 6 7 0 1 2 3 5 5 6 7 0 1 2 3 4 6 6 7 0 1 2 3 4 5 7 7 0 1 2 3 4 5 6
- 30. Euclidean Algorithm anefficient way to find the GCD(a,b) uses theorem that: GCD(a,b) = GCD(b, a mod b) The algorithm assumes a > b > 0. EUCLID(a,b) 1. A = a; B = b 2. if B = 0 return A = gcd(a, b) 3. R = A mod B 4. A = B 5. B = R 6. goto 2 algorithm progression
- 31. FINITE FIELDS OFTHE FORM GF(p) Galois Fields order of a finite field (number of elements in the field) must be a power of a prime .known as Galois Fields GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime p. The simplest finite field is GF(2). Its arithmetic operations are easily summarized: Addition Multiplication
- 32. Finding Multiplicative Inversein GF(p) EXTENDED EUCLID(m, b) 1. (A1, A2, A3)=(1, 0, m); (B1, B2, B3)=(0, 1, b) 2. if B3 = 0 return A3 = gcd(m, b); no inverse 3. if B3 = 1 return B3 = gcd(m, b); B2 = b–1 mod m 4. Q = A3 div B3 5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) 6. (A1, A2, A3)=(B1, B2, B3) 7. (B1, B2, B3)=(T1, T2, T3) 8. goto 2
- 33. Ex: Inverseof 550 in GF(1759) Q A1 A2 A3 B1 B2 B3 — 1 0 1759 0 1 550 3 0 1 550 1 –3 109 5 1 –3 109 –5 16 5 21 –5 16 5 106 –339 4 1 106 –339 4 –111 355 1
- 34. Symmetric Encryption orconventional / private-key / single-key sender and recipient share a common key all classical encryption algorithms are private-key Requirements two requirements for secure use of symmetric encryption: a strong encryption algorithm a secret key known only to sender / receiver Classical Encryption Techniques
- 35.
- 36. Mathematically: Y =E(K, X) X = D(K, Y) X = plaintext Y = ciphertext K = secret key E = encryption algorithm D = decryption algorithm Both E and D are known to public
- 37. Model of conventionalcryptosystem
- 38. Cryptography characterize cryptographicsystem by: i. Type of encryption operations used ii. Number of keys used iii. Way in which plaintext is processed i. Type of encryption operations used Substitution: each element in the plaintext is mapped into another element, Transposition: elements in the plaintext are rearranged. Product : using multiple stages of substitutions and transpositions
- 39. ii. number ofkeys used single-key or private / two-key or public iii. way in which plaintext is processed block : processes the input one block of elements at a time, producing an output block for each input block. stream: processes the input elements continuously, producing output one element at a time, as it goes along.
- 40. Cryptanalysis objective torecover key not just message general approaches: cryptanalytic attack brute-force attack
- 41. i. Cryptanalytic Attacks classified by how much information needed by the attacker: Ciphertext-only attack Known-plaintext attack Chosen-plaintext attack Chosen-ciphertext attack
- 42. Ciphertext-only attack onlyknow algorithm & ciphertext An encryption scheme is completely insecure if it cannot resist ciphertext-only attacks. known plaintext Know plaintext & ciphertext chosen plaintext select plaintext and obtain ciphertext chosen ciphertext select ciphertext and obtain plaintext
- 43. Brute Force Search most basic attack, proportional to key size always possible to simply try every key An attacker has an encrypted message .They know that this file contains data they want to see, and they know that there’s an encryption key that unlocks it. To decrypt it, they can begin to try every single possible password and see if that results in a decrypted file.
- 44. Classical Substitution Ciphers where letters of plaintext are replaced by other letters or by numbers or symbols or if plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with ciphertext bit patterns
- 45. Caesar Cipher earliestknown substitution cipher by Julius Caesar replaces each letter by 3rd letter on example: meet me after the toga party PHHW PH DIWHU WKH WRJD SDUWB Mathematically, map letters to numbers: a, b, c, ..., x, y, z 0, 1, 2, ..., 23, 24, 25
- 46. Then thegeneral Caesar cipher is: c = EK(p) = (p + k) mod 26 p = DK(c) = (c – k) mod 26 Cryptanalysis of Caesar Cipher only have 26 possible ciphers could simply try each in turn a brute force search given ciphertext, just try all shifts of letters
- 47. Monoalphabetic Cipher ratherthan just shifting the alphabet could shuffle the letters arbitrarily each plaintext letter maps to a different random ciphertext letter hence key is 26 letters long Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
- 48. Monoalphabetic Cipher Security Now we have a total of 26! = 4 x 1026 keys. With so many keys, it is secure against brute-force attacks. But not secure against some cryptanalytic attacks. Problem is language characteristics.
- 49. Language Statistics andCryptanalysis Human languages are not random. Letters are not equally frequently used. In English, E is by far the most common letter, followed by T, R, N, I, O, A, S. Other letters like Z, J, K, Q, X are fairly rare. There are tables of single, double & triple letter frequencies for various languages To attack, we calculate letter frequencies for ciphertext compare this distribution against the known one
- 50. Example Cryptanalysis Givenciphertext: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ Count relative letter frequencies Guess {P, Z} = {e, t} Of double letters, ZW has highest frequency, so guess ZW = th and hence ZWP = the Proceeding with trial and error finally get: it was disclosed yesterday that several informal but direct contacts have been made with political representatives of the viet cong in moscow
- 51. Playfair Cipher Noteven the large number of keys in a monoalphabetic cipher provides security. One approach to improving security is to encrypt multiple letters at a time. The Playfair Cipher is the best known such cipher. Invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair.
- 52. Playfair Key Matrix Use a 5 x 5 matrix. The matrix is constructed by filling in the letters of the keyword without duplicates from left to right and from top to bottom. Fill the rest of matrix with other letters in alphabetic order. E.g., key = MONARCHY. M O N A R C H Y B D E F G I/J K L P Q S T U V W X Z
- 53. Encrypting and Decrypting plaintext encrypted two letters at a time: 1. if a pair is a repeated letter, insert a filler like 'X', eg. "balloon" encrypts as "ba lx lo on" 2. if both letters fall in the same row, replace each with letter to right (wrapping back to start from end), eg. “ar" encrypts as "RM" 3. if both letters fall in the same column, replace each with the letter below it (again wrapping to top from bottom), eg. “mu" encrypts to "CM" 4. otherwise each letter is replaced by the one in its row in the column of the other letter of the pair, eg. “hs” encrypts to "BP", and “ea" to "IM" or "JM"
- 54. Security of PlayfairCipher Equivalent to a monoalphabetic cipher with an alphabet of 26 x 26 = 676 characters or diagrams . would need a 676 entry frequency table to analyse Was widely used for many decades eg. by US & British military in WW1 and early WW2
- 55. Polyalphabetic Ciphers Asequence of monoalphabetic ciphers (M1, M2, M3, ..., Mk) is used in turn to encrypt letters. A key determines which sequence of ciphers to use. Each plaintext letter has multiple corresponding ciphertext letters. This makes cryptanalysis harder since the letter frequency distribution will be flatter repeat from start after end of key is reached
- 56. Vigenère Cipher Simplestpolyalphabetic substitution cipher Consider the set of all Caesar ciphers: { Ca, Cb, Cc, ..., Cz } Key: e.g. security Encrypt each letter using Cs, Ce, Cc, Cu, Cr, Ci, Ct, Cy in turn. Repeat from start after Cy. Decryption simply works in reverse. 56
- 57. Example of VigenèreCipher
- 58. Security of VigenèreCiphers There are multiple ciphertext letters corresponding to each plaintext letter. To break Vigenere cipher: 1. Try to guess the key length. 2. If key length is N, the cipher consists of N Caesar ciphers. Plaintext letters are encoded by the same cipher. 3. Attack each individual cipher.
- 59. One-Time Pad ifa truly random key as long as the message is used, the cipher will be secure called a One-Time pad is unbreakable since ciphertext has no statistical relationship to the plaintext since for any plaintext & any ciphertext there exists a key mapping one to other can only use the key once problems in generation & safe distribution of key
- 60. Transposition Ciphers Alsocalled permutation ciphers. these hide the message by rearranging the letter order. without altering the actual letters used Rail Fence cipher write message letters out diagonally over a number of rows Key: the number of Rails Ciphertext: read off cipher row by row.
- 61. eg. writemessage out as: defend the east wall Obtained ciphertext DNETLEEDHESWLXFTAAX
- 62. Row Transposition Ciphers a more complex transposition write letters of message in a rectangle in rows over a specified number of columns (related to the length of the key) and read out message column by column then reorder the columns according to some key before reading off the rows Key: 3 4 2 1 5 6 7 Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y z Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
- 63. Product Ciphers Usesa sequence of substitutions and transpositions Harder to break than just substitutions or transpositions this is bridge from classical to modern ciphers. Rotor Machines before modern ciphers, rotor machines were most common product cipher. implemented a very complex, varying substitution cipher used a series of cylinders, each giving one substitution, which rotated and changed after each letter was encrypted with 3 cylinders have 263=17576 alphabets
- 64. Steganography Hide amessage in another message. E.g., hide your plaintext in a graphic image Each pixel has 3 bytes specifying the RGB color The least significant bits of pixels can be changed w/o greatly affecting the image quality So can hide messages in these LSBs Advantage: hiding existence of messages Drawback: high overhead
- 65. Hill Cipher Multiletteror block cipher developed by Lester Hill in 1929,based on matrix multiplication Key: an invertible m x m matrix (where m is the block length) Encryption • first turn our keyword into a key matrix • turn the plaintext into a column vector. • then perform matrix multiplication modulo the length of the alphabet (i.e. 26) on each vector. • These vectors are then converted back into letters to produce the ciphertext
- 66. Example • plaintext :“short example”, keyword : hill use 2 x 2 matrix. • turn the keyword into a matrix. • With the keyword in a matrix, we need to convert this into a key matrix. We do this by converting each letter into a number by its position in the alphabet (starting at 0). So, A = 0, B = 1, C= 2, D = 3, etc. The keyword written as a matrix. The key matrix
- 67. • Convert plaintextto column vectors. • convert the plaintext column vectors to plaintext matrix by replacing each letter by its appropriate number. • multiply the key matrix by each column vector in turn. The algebraic rules of matrix multiplication.
- 68. So weget we have to reduce the resultant column vector modulo 26. Repeating this procedure gives us a final ciphertext of "APADJ TFTWLFJ".
- 69. Message P=“ACTDOG”, use m=3 Break into two blocks: “ACT”, and “DOG” For the first block “ACT” is the vector 'A' is 0, 'C' is 2 and 'T' is 19, the vector: x= Encryption key is a 3*3 matrix: K= The cipher text of the first block is: c = K∙x c =‘POH’
- 70. If thefirst block plaintext is ‘CAT’ x = c=K ∙ x c= ‘FIN’ Cryptanalysis: - hard with ciphertext-only - easy with known plaintext:
- 71. Decryption To decrypta ciphertext encoded using the Hill Cipher, we first multiply the inverse key matrix (K-1) with each column vectors that the ciphertext is split into, take the results modulo the length of the alphabet, and finally convert the numbers back to letters. where K is the key matrix, d is the determinant of the key matrix and adj(K) is the adjugate matrix of K. Where General method to calculate the inverse key matrix.
- 72. Example: keyword :hill, ciphertext :"APADJ TFTWLFJ". Multiplicative Inverse of the Determinant The keyword written as a matrix. The key matrix Algebraic method to calculate the determinant of a 2 x 2 matrix. Once we have found this value, we need to take the number modulo 26.
- 73. Calculating the determinantof our 2 x 2 key matrix. now have to find the multiplicative inverse of the determinant working modulo 26. That is, the number between 1 and 25 that gives an answer of 1 when we multiply it by the determinant. So, in this case, we are looking for the number that we need to multiply 15 by to get an answer of 1 modulo 26. ie
- 74. By trailand error we found that the multiplicative inverse of the determinant modulo 26 is 7. The adjugate matrix is a matrix of the same size as the original. That is, we swap the top left and bottom right numbers in the key matrix, and change the sign of the the top right and bottom left numbers. Algebraically this is given below. The adjugate matrix of a 2 x 2 matrix.
- 75. once wehave these values we will need to take each of them modulo 26 (in particular, we need to add 26 to the negative values to get a number between 0 and 25). For our example we get the matrix below. The adjugate matrix of the key matrix.
- 76. To getthe inverse key matrix, we now multiply the inverse determinant (that was 7 in our case) by each of the elements of the adjugate matrix . Then we take each of these answers modulo 26. Ie Multiplying the multiplicative inverse of the determinant by the adjugate to get the inverse key matrix.
- 77. convert theciphertext into column vectors and multiply the inverse matrix by each column vector in turn, take the results modulo 26 and convert these back into letters to get the plaintext. After multiplying inverse key matrix with ciphertext column vector, We get back our plaintext of "short example".
- 78. Block Ciphers Ina block cipher: Plaintext and ciphertext have fixed length b (e.g., 128 bits) A plaintext of length n is partitioned into a sequence of m blocks, P[0], …, P[m1], where n bm n + b Each message is divided into a sequence of blocks and encrypted or decrypted in terms of its blocks. Plaintext Blocks of plaintext Requires padding with extra bits.
- 79. Claude Shannon andSubstitution-Permutation Ciphers Claude Shannon introduced idea of (S-P) networks in 1949 .form basis of modern block ciphers based on the two primitive cryptographic operations : substitution (S-box): Replace n bits by another n bits permutation (P-box): Bits are rearranged. No bits are added/removed. provide confusion & diffusion of message & key diffusion – dissipates statistical structure of plaintext over bulk of ciphertext confusion – makes relationship between ciphertext and key as complex as possible
- 80. Feistel Cipher Structure Horst Feistel devised the feistel cipher based on concept of invertible product cipher partitions input block into two halves Perform a substitution on left data half based on a function of right half & subkey (Round Function). Then permutation by swapping halves Practical implementation of Shannon’s S-P net concept. Repeat this round of S-P many times
- 81. Feistel Cipher DesignElements block size :Larger block sizes mean greater security but reduced encryption/decryption speed for a given algorithm. Ex:64,128bits key size :Larger key size means greater security but may decrease encryption/ decryption speed. number of rounds :multiple rounds offer increasing security. A typical size is 16 rounds. subkey generation algorithm: Greater complexity in this algorithm should lead to greater difficulty of cryptanalysis.
- 82. round function:greater resistance to cryptanalysis. fast software encryption/decryption: the speed of execution of the algorithm becomes a concern. ease of analysis Input: 2w bits (L0, R0) L1 = R0 R1= L0 xor F(R0, K1) K1 is the first subkey
- 83. • Encryption: L1 =R0 R1 = L0⊕f1(R0,K0) L2 = R1 R2 = L1⊕f2(R1,K1) Ln+1 = Rn Rn+1 = Ln⊕fn(Rn, Kn) R1L1 RnLn
- 84. • Decryption: Rn =Ln+1 Ln = Rn+1⊕fn(Ln+1 ,Kn) R0 = L1; L0 = R1⊕f0(L1 ,K0) Rn Ln R1 L1
- 85. Data Encryption Standard(DES) Features: – Block size = 64 bits – Key size = 56 bits (in reality, 64 bits, but 8 are used as parity-check bits for error control, see next slide) – Number of rounds = 16 – 16 intermediary keys, each 48 bits
- 86. Key length inDES In the DES specification, the key length is 64 bit: 8 bytes; in each byte, the 8th bit is a parity-check bit
- 87.
- 89. Initial Permutation IP first step of the data computation reorders the input data bits • This table specifies the input permutation on a 64- bit block. • The meaning is as follows: the first bit of the output is taken from the 58th bit of the input; the second bit from the 50th bit, and so on, with the last bit of the output taken from the 7th bit of the input.
- 90. Final Permutation (IP-1) The final permutation is the inverse of the initial permutation; That is, the output of the Final Permutation has bit 40 as its first bit, bit 8 as its second bit, and so on, until bit 25 as the last bit of the output.
- 91. DES Round Structure uses two 32-bit L & R halves Li = Ri–1 Ri = Li–1 F(Ri–1, Ki)
- 92. F takes32-bit R half and 48- bit subkey E is an expansion function which takes a block of 32 bits as input and produces a block of 48 bits as output. 16 bits appear twice, in the expansion 48 bit added to subkey using XOR And the result is passes through 8 S-boxes to get 32-bit result finally permutes using 32-bit P DES F Function Expansion table
- 94. Substitution Boxes S Each of the unique selection functions S1,S2,...,S8, takes a 6-bit block as input and yields a 4-bit block as output
- 96. DES Key Schedule forms subkeys used in each round consists of: • initial permutation of the key (PC1) which selects 56-bits in two 28-bit halves • 16 stages consisting of: rotating each half separately Give the shifted output to next round and permuting them by PC2 for use in function f, selecting 24-bits from each half
- 97. K=64 bit K1….K16=48 bits C,D=28 bits Ci=LSi(Ci-1) Di=LSi(Di-1) Ki=PC-2(CiDi)
- 98. DES Decryption Decryptionuses the same algorithm as encryption, except that the subkeys K1, K2,…K16 are applied in reversed order. Avalanche effect A desirable property of any encryption algorithm is that a small change in either plaintext or key should produce significant changes in the ciphertext. DES exhibits a strong avalanche effect.
- 99. Strength of DES Key Size: 56-bit keys have 256 values, brute force search looked hard. Timing Attacks: is one in which information about the key or the plaintext is obtained by observing how long it takes a given implementation to perform decryptions on various ciphertexts. DES appears to be fairly resistant to a successful timing attack. Nature of the DES Algorithm
- 100. Cryptanalysis of DES Weak Keys: encrypting twice with a weak key K produces the original plaintext. EK(EK(x))=x for all weak keys should be avoided at key generation. Four weak keys in DES semi-weak keys: which only produce two different subkeys, each used eight times in the algorithm. We can refer to them as K1 and K2.They have the property that EK1(EK2(x))=x
- 101. Differential Cryptanalysis (Biham-Shamir) •This is a chosen plaintext attack, assumes than an attacker knows (Plaintext, Ciphertext) pairs • involves comparing the XOR of 2 plaintexts to the XOR of the 2 corresponding ciphertexts • Difference ΔP = P1⊕P2, ΔC = C1⊕C2 • Distribution of ΔC’s given ΔP may reveal information about the key (certain key bits) • After finding several bits, use brute-force for the rest of the bits to find the key.
- 102. DES wasresistant to differential cryptanalysis. S-boxes were designed to resist differential cryptanalysis. Against 16-round DES, attack requires 247 chosen plaintexts. Differential cryptanalys is not effective against DES in practice.
- 103. Linear Cryptanalysis ofDES another recent development also a statistical method must be iterated over rounds, with decreasing probabilities developed by Matsui et al in early 90's based on finding linear approximations can attack DES with 243 known plaintexts, easier but still in practise infeasible