Cryptography and Network Security Chapter 3Chapter 3 – Block Ciphers and the Data Encryption StandardModern Block CiphersBlock vs Stream CiphersSlide 5Block Cipher PrinciplesIdeal Block CipherClaude Shannon and Substitution-Permutation CiphersConfusion and DiffusionFeistel Cipher StructureSlide 11Feistel Cipher Design ElementsData Encryption Standard (DES)DES HistoryDES Design ControversyDES Encryption OverviewInitial Permutation IPDES Round StructureSlide 19Substitution Boxes SDES Key ScheduleDES DecryptionDES ExampleAvalanche in DESAvalanche EffectStrength of DES – Key SizeStrength of DES – Analytic AttacksStrength of DES – Timing AttacksDifferential CryptanalysisSlide 30Differential Cryptanalysis Compares Pairs of EncryptionsSlide 32Slide 33Slide 34Linear CryptanalysisSlide 36DES Design CriteriaBlock Cipher DesignSummaryCryptography and Cryptography and Network SecurityNetwork SecurityChapter 3Chapter 3Fifth EditionFifth Editionby William Stallingsby William StallingsLecture slides by Lawrie BrownLecture slides by Lawrie BrownChapter 3 – Block Ciphers and Chapter 3 – Block Ciphers and the Data Encryption Standardthe Data Encryption StandardAll the afternoon Mungo had been working on All the afternoon Mungo had been working on Stern's code, principally with the aid of the latest Stern's code, principally with the aid of the latest messages which he had copied down at the messages which he had copied down at the Nevin Square drop. Stern was very confident. Nevin Square drop. Stern was very confident. He must be well aware London Central knew He must be well aware London Central knew about that drop. It was obvious that they didn't about that drop. It was obvious that they didn't care how often Mungo read their messages, so care how often Mungo read their messages, so confident were they in the impenetrability of the confident were they in the impenetrability of the code.code.——Talking to Strange Men, Talking to Strange Men, Ruth RendellRuth RendellModern Block CiphersModern Block Ciphersnow look at modern block ciphersnow look at modern block ciphersone of the most widely used types of one of the most widely used types of cryptographic algorithms cryptographic algorithms provide secrecy /authentication servicesprovide secrecy /authentication servicesfocus on DES (Data Encryption Standard)focus on DES (Data Encryption Standard)to illustrate block cipher design principlesto illustrate block cipher design principlesBlock vs Stream CiphersBlock vs Stream Ciphersblock ciphers process messages in block ciphers process messages in blocks, each of which is then en/decrypted blocks, each of which is then en/decrypted like a substitution on very big characterslike a substitution on very big characters64-bits or more 64-bits or more stream ciphers stream ciphers process messages a bit or process messages a bit or byte at a time when en/decryptingbyte at a time when en/decryptingmany current ciphers are block ciphersmany current ciphers are block ciphersbetter analysedbetter analysedbroader range of applicationsbroader range of applicationsBlock vs Stream CiphersBlock vs Stream CiphersBlock Cipher PrinciplesBlock Cipher Principlesmost symmetric block ciphers are based on a most symmetric block ciphers are based on a Feistel Cipher StructureFeistel Cipher Structureneeded since must be able to needed since must be able to decryptdecrypt ciphertext ciphertext to recover messages efficientlyto recover messages efficientlyblock ciphers look like an extremely large block ciphers look like an extremely large substitution substitution would need table of 2would need table of 26464 entries for a 64-bit block entries for a 64-bit block instead create from smaller building blocks instead create from smaller building blocks using idea of a product cipher using idea of a product cipherIdeal Block CipherIdeal Block CipherClaude Shannon and Substitution-Claude Shannon and Substitution-Permutation CiphersPermutation CiphersClaude Shannon introduced idea of substitution-Claude Shannon introduced idea of substitution-permutation (S-P) networks in 1949 paperpermutation (S-P) networks in 1949 paperform basis of modern block ciphers form basis of modern block ciphers S-P nets are based on the two primitive S-P nets are based on the two primitive cryptographic operations seen before: cryptographic operations seen before: substitutionsubstitution (S-box) (S-box)permutation permutation (P-box)(P-box)provide provide confusionconfusion & & diffusiondiffusion of message & key of message & keyConfusion and DiffusionConfusion and Diffusioncipher needs to completely obscure cipher needs to completely obscure statistical properties of original messagestatistical properties of original messagea one-time pad does thisa one-time pad does thismore practically Shannon suggested more practically Shannon suggested combining S & P elements to obtain:combining S & P elements to obtain:diffusiondiffusion – dissipates statistical structure – dissipates statistical structure of plaintext over bulk of ciphertextof plaintext over bulk of ciphertextconfusionconfusion – makes relationship between – makes relationship between ciphertext and key as complex as possibleciphertext and key as complex as possibleFeistel Cipher StructureFeistel Cipher StructureHorst Feistel devised the Horst Feistel devised the feistel cipherfeistel cipherbased on concept of invertible product cipherbased on concept of invertible product cipherpartitions input block into two halvespartitions input block into two halvesprocess through multiple rounds whichprocess through multiple rounds whichperform a substitution on left data halfperform a substitution on left data halfbased on round function of right half & subkeybased on round function of right half & subkeythen have permutation swapping halvesthen have permutation swapping halvesimplements Shannon’s S-P net conceptimplements Shannon’s S-P net conceptFeistel Cipher StructureFeistel Cipher StructureFeistel Cipher Design ElementsFeistel Cipher Design Elementsblock size block size key size key size number of rounds number of rounds subkey generation algorithmsubkey generation algorithmround function round function fast software en/decryptionfast software en/decryptionease of analysisease of analysisData Encryption Standard (DES)Data Encryption
View Full Document