Cryptography and Network Security Chapter 3Chapter 3 – Block Ciphers and the Data Encryption StandardModern Block CiphersBlock vs Stream CiphersSlide 5Block Cipher PrinciplesIdeal Block CipherClaude Shannon and Substitution-Permutation CiphersConfusion and DiffusionFeistel Cipher StructureSlide 11Feistel Cipher Design ElementsData Encryption Standard (DES)DES HistoryDES Design ControversyDES Encryption OverviewInitial Permutation IPDES Round StructureSlide 19Substitution Boxes SDES Key ScheduleDES DecryptionDES ExampleAvalanche in DESAvalanche EffectStrength of DES – Key SizeStrength of DES – Analytic AttacksStrength of DES – Timing AttacksDifferential CryptanalysisSlide 30Differential Cryptanalysis Compares Pairs of EncryptionsSlide 32Slide 33Slide 34Linear CryptanalysisSlide 36DES Design CriteriaBlock Cipher DesignSummaryCryptography and Cryptography and Network SecurityNetwork SecurityChapter 3Chapter 3Fifth EditionFifth Editionby William Stallingsby William StallingsLecture slides by Lawrie BrownLecture slides by Lawrie BrownChapter 3 – Block Ciphers and Chapter 3 – Block Ciphers and the Data Encryption Standardthe Data Encryption StandardAll the afternoon Mungo had been working on All the afternoon Mungo had been working on Stern's code, principally with the aid of the latest Stern's code, principally with the aid of the latest messages which he had copied down at the messages which he had copied down at the Nevin Square drop. Stern was very confident. Nevin Square drop. Stern was very confident. He must be well aware London Central knew He must be well aware London Central knew about that drop. It was obvious that they didn't about that drop. It was obvious that they didn't care how often Mungo read their messages, so care how often Mungo read their messages, so confident were they in the impenetrability of the confident were they in the impenetrability of the code.code.——Talking to Strange Men, Talking to Strange Men, Ruth RendellRuth RendellModern Block CiphersModern Block Ciphersnow look at modern block ciphersnow look at modern block ciphersone of the most widely used types of one of the most widely used types of cryptographic algorithms cryptographic algorithms provide secrecy /authentication servicesprovide secrecy /authentication servicesfocus on DES (Data Encryption Standard)focus on DES (Data Encryption Standard)to illustrate block cipher design principlesto illustrate block cipher design principlesBlock vs Stream CiphersBlock vs Stream Ciphersblock ciphers process messages in block ciphers process messages in blocks, each of which is then en/decrypted blocks, each of which is then en/decrypted like a substitution on very big characterslike a substitution on very big characters64-bits or more 64-bits or more stream ciphers stream ciphers process messages a bit or process messages a bit or byte at a time when en/decryptingbyte at a time when en/decryptingmany current ciphers are block ciphersmany current ciphers are block ciphersbetter analysedbetter analysedbroader range of applicationsbroader range of applicationsBlock vs Stream CiphersBlock vs Stream CiphersBlock Cipher PrinciplesBlock Cipher Principlesmost symmetric block ciphers are based on a most symmetric block ciphers are based on a Feistel Cipher StructureFeistel Cipher Structureneeded since must be able to needed since must be able to decryptdecrypt ciphertext ciphertext to recover messages efficientlyto recover messages efficientlyblock ciphers look like an extremely large block ciphers look like an extremely large substitution substitution would need table of 2would need table of 26464 entries for a 64-bit block entries for a 64-bit block instead create from smaller building blocks instead create from smaller building blocks using idea of a product cipher using idea of a product cipherIdeal Block CipherIdeal Block CipherClaude Shannon and Substitution-Claude Shannon and Substitution-Permutation CiphersPermutation CiphersClaude Shannon introduced idea of substitution-Claude Shannon introduced idea of substitution-permutation (S-P) networks in 1949 paperpermutation (S-P) networks in 1949 paperform basis of modern block ciphers form basis of modern block ciphers S-P nets are based on the two primitive S-P nets are based on the two primitive cryptographic operations seen before: cryptographic operations seen before: substitutionsubstitution (S-box) (S-box)permutation permutation (P-box)(P-box)provide provide confusionconfusion & & diffusiondiffusion of message & key of message & keyConfusion and DiffusionConfusion and Diffusioncipher needs to completely obscure cipher needs to completely obscure statistical properties of original messagestatistical properties of original messagea one-time pad does thisa one-time pad does thismore practically Shannon suggested more practically Shannon suggested combining S & P elements to obtain:combining S & P elements to obtain:diffusiondiffusion – dissipates statistical structure – dissipates statistical structure of plaintext over bulk of ciphertextof plaintext over bulk of ciphertextconfusionconfusion – makes relationship between – makes relationship between ciphertext and key as complex as possibleciphertext and key as complex as possibleFeistel Cipher StructureFeistel Cipher StructureHorst Feistel devised the Horst Feistel devised the feistel cipherfeistel cipherbased on concept of invertible product cipherbased on concept of invertible product cipherpartitions input block into two halvespartitions input block into two halvesprocess through multiple rounds whichprocess through multiple rounds whichperform a substitution on left data halfperform a substitution on left data halfbased on round function of right half & subkeybased on round function of right half & subkeythen have permutation swapping halvesthen have permutation swapping halvesimplements Shannon’s S-P net conceptimplements Shannon’s S-P net conceptFeistel Cipher StructureFeistel Cipher StructureFeistel Cipher Design ElementsFeistel Cipher Design Elementsblock size block size key size key size number of rounds number of rounds subkey generation algorithmsubkey generation algorithmround function round function fast software en/decryptionfast software en/decryptionease of analysisease of analysisData Encryption Standard (DES)Data Encryption