Cryptography Lecture 5

1
CryptographyLecture 5

• Data Encryption Standard (DES)

2
Reading Assignment

• Reading assignments for Lecture 5
• Required
• Pfleeger 2.5
• Reading assignments for next class
• Required
• Pfleeger Ch 2.6

3
Data Encryption Standards DES
4
Data Encryption Standard

• Mathematics to design strong product ciphers is
  classified
• Breakable by exhaustive search on 56-bit key size
  for known plaintext, chosen plaintext and chosen
  ciphertext attacks
• Security computational complexity of computing
  the key under the above scenarios (22 hours)

5
Data Encryption Standard (DES)

• DES is a product cipher
• 56 bit key size
• 64 bit block size for plaintext and cipher text
• Developed by IBM and adopted by NIST with NSA
  approval
• Encryption and decryption algorithms are public
  but the design principles are classified

6
DES Controversies

• Key size 56 bits threshold of allowing
  exhaustive-search known plaintext attack
• Built in trapdoor allegations
• The US Senate Select Committee of Intelligence
  exonerated NSA from tampering with the design of
  DES in any way

7
DES Multiple Encryption

• 1992 proven that DES is not a group multiple
  encryptions by DES are not equivalent to a single
  encryption

8
DES Multiple Encryption
P
EK1(P)
EK2EK1(P)
Intermediate Ciphertext
Ciphertext
Plaintext
Encryption
Encryption
K1
K2
Known-plaintext meet-in-the-middle
attack Effective key size 57 bit
9
DES Multiple Encryption
P
EK1(P)
DK2EK1(P)
EK1DK2EK1(P)
E
E
D
K1
K2
K1
Tuchman avoid meet-in-the-middle attack If
K1K2 single encryption
10
DES Multiple Encryption

• Tuchmans technique is part of NIST standard
• Can be broken in 256 operations if one has 256
  chosen plaintext blocks (Merkle, Hellman 1981)
• Could use distinct K1,K2,K3 to avoid this attack

11
DES Algorithm
64 bit plaintext
56 bit key
Permuted choice
Initial permutation
K1
Left circular shift
Permuted choice 1
Iteration 1
K2
Left circular shift
Permuted choice 2
Iteration 2
K3
Left circular shift
Permuted choice 16
Iteration 16
32 bit swap
Inverse initial permutation
64 bit ciphertext
12
DES Cycle
32 bits
32 bits
R i-1
L i-1( R i-2)
Expansion permutation
48 bits
48 bits
Permuted key
48 bits
32 bits
32 bits
R i
13
Modes of DES

• ECB Electronic Code Book
• CBC Cipher Block Chaining
• CFB Cipher FeedBack
• OFB Output FeedBack
• Part of NIST standard

14
ECB Mode
64 bit data
56 bit key
56 bit key
E
D
64 bit data
Good for small messages Identical data block will
be identically encrypted
15
CBC Mode
64 bit data
64 bit previous Ciphertext block

56 bit key
56 bit key
E
D
64 bit previous Ciphertext block

CnEkCn-1 ? Pn
64 bit data
Need initiation vector
16
CFB Mode
Needs initialization vector Adv can encipher one
character at a time Error propagation current
transf. next 8 characters
8, 8 bit blocks
8, 8 bit blocks
Left shift
56 bit key
56 bit key
E
D
Left shift


8 bit cipher text
8 bit plain text
8 bit plain text
17
OFB Mode
Needs initialization vector Adv can encipher one
character at a time Error propagation current
transfer only
8, 8 bit blocks
8, 8 bit blocks
Left shift
56 bit key
56 bit key
E
D
Left shift


8 bit cipher text
8 bit plain text
8 bit plain text
18
Advanced Encryption Standard (AES)

• Federal Information Processing Standard (FIPS) to
  be used by U.S. Government organizations
• Effective since May 26, 2002
• Replaces DES (triple DES remains)
• Rijndael (Rhine Dhal) algorithm (Joan Daemen
  and Vincent Rijmen)

19
Rijndael Algorithm

• Chosen for security, performance, efficiency,
  ease of implementation, and flexibility
• Block cipher (variable block and key length)
• Block size 128, 192, 256 bits
• Key size 128, 192, 256 bits

20
Next Class
Public Key Cryptosystems
21

• Next class
• Transpositions
• Characterization of good encryption algorithms