Cryptography and Network

Security: Block Ciphers

 Block vs Stream Ciphers
• block ciphers process messages in into
blocks, each of which is then en/decrypted
• like a substitution on very big characters
– 64-bits or more
• stream ciphers process messages a bit or
byte at a time when en/decrypting
• many current ciphers are block ciphers
Block vs Stream Ciphers
Claude Shannon and Substitution-
Permutation Ciphers
• in 1949 Claude Shannon introduced idea of
substitution-permutation (S-P) networks
– modern substitution-transposition product cipher
• these form the basis of modern block ciphers
• S-P networks are based on the two primitive
cryptographic operations we have seen before:
– substitution (S-box)
– permutation (P-box)
• provide confusion and diffusion of message
 Confusion and Diffusion
• cipher needs to completely obscure
statistical properties of original message
• a one-time pad does this
• more practically Shannon suggested
combining elements to obtain:
• diffusion – dissipates statistical structure
of plaintext over bulk of ciphertext
• confusion – makes relationship between
ciphertext and key as complex as possible
 Feistel Cipher Structure
• Horst Feistel devised the feistel cipher
– based on concept of invertible product cipher
• partitions input block into two halves
– process through multiple rounds which
– perform a substitution on left data half
– based on round function of right half & subkey
– then have permutation swapping halves
• implements Shannon’s substitution-
permutation network concept
Feistel Cipher Structure
Feistel Cipher Design Principles
• block size
– increasing size improves security, but slows cipher
• key size
– increasing size improves security, makes exhaustive key
searching harder, but may slow cipher
• number of rounds
– increasing number improves security, but slows cipher
• subkey generation
– greater complexity can make analysis harder, but slows cipher
• round function
– greater complexity can make analysis harder, but slows cipher
• fast software en/decryption & ease of analysis
– are more recent concerns for practical use and testing
 Data Encryption Standard (DES)
• most widely used block cipher in world
• adopted in 1977 by NBS (now NIST)
– as FIPS PUB 46
• encrypts 64-bit data using 56-bit key
• has widespread use
• has been considerable controversy over
its security
 DES History
• IBM developed Lucifer cipher
– by team led by Feistel
– used 64-bit data blocks with 128-bit key
• then redeveloped as a commercial cipher
with input from NSA and others
• in 1973 NBS issued request for proposals
for a national cipher standard
• IBM submitted their revised Lucifer which
was eventually accepted as the DES
DES Encryption Overview
 Initial Permutation IP
• first step of the data computation
• IP reorders the input data bits
• even bits to LH half, odd bits to RH half
• quite regular in structure (easy in h/w)
• see text Table 3.2
• example:
IP(675a6967 5e5a6b5a) = (ffb2194d 004df6fb)
 DES Round Structure
• uses two 32-bit L & R halves
• as for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1 xor F(Ri–1, Ki)
• takes 32-bit R half and 48-bit subkey and:
– expands R to 48-bits using perm E
– adds to subkey
– passes through 8 S-boxes to get 32-bit result
– finally permutes this using 32-bit perm P
DES Round Structure
 Substitution Boxes S
• have eight S-boxes which map 6 to 4 bits
• each S-box is actually 4 little 4 bit boxes
– outer bits 1 & 6 (row bits) select one rows
– inner bits 2-5 (col bits) are substituted
– result is 8 lots of 4 bits, or 32 bits
• row selection depends on both data & key
– feature known as autoclaving (autokeying)
• example:
S(18 09 12 3d 11 17 38 39) = 5fd25e03
 DES Key Schedule
• forms subkeys used in each round
• consists of:
– initial permutation of the key (PC1) which
selects 56-bits in two 28-bit halves
– 16 stages consisting of:
• selecting 24-bits from each half
• permuting them by PC2 for use in function f,
• rotating each half separately either 1 or 2 places
depending on the key rotation schedule K
 DES Decryption
• decrypt must unwind steps of data computation
• with Feistel design, do encryption steps again
• using subkeys in reverse order (SK16 … SK1)
• note that IP undoes final FP step of encryption
• 1st round with SK16 undoes 16th encrypt round
• ….
• 16th round with SK1 undoes 1st encrypt round
• then final FP undoes initial encryption IP
• thus recovering original data value
 Block Cipher Design Principles
• basic principles still like Feistel in 1970’s
• number of rounds
– more is better
• function f:
– provides “confusion”, is nonlinear, avalanche
• key schedule
– complex subkey creation, key avalanche
 Summary
• have considered:
• block cipher design principles
• DES
– details
– strength
• Differential & Linear Cryptanalysis
• Modes of Operation
– ECB, CBC, CFB, OFB, CTR