Your SlideShare is downloading. ×
13528 l8
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

13528 l8

771
views

Published on

Published in: Education, Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
771
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 4/e, by William Stallings, Chapter 2 – “ Classical Encryption Techniques ”.
  • The most widely used private key block cipher, is the Data Encryption Standard (DES). It was adopted in 1977 by the National Bureau of Standards as Federal Information Processing Standard 46 (FIPS PUB 46). DES encrypts data in 64-bit blocks using a 56-bit key. The DES enjoys widespread use. It has also been the subject of much controversy its security.
  • In the late 1960s, IBM set up a research project in computer cryptography led by Horst Feistel. The project concluded in 1971 with the development of the LUCIFER algorithm. LUCIFER is a Feistel block cipher that operates on blocks of 64 bits, using a key size of 128 bits. Because of the promising results produced by the LUCIFER project, IBM embarked on an effort, headed by Walter Tuchman and Carl Meyer, to develop a marketable commercial encryption product that ideally could be implemented on a single chip. It involved not only IBM researchers but also outside consultants and technical advice from NSA. The outcome of this effort was a refined version of LUCIFER that was more resistant to cryptanalysis but that had a reduced key size of 56 bits, to fit on a single chip. In 1973, the National Bureau of Standards (NBS) issued a request for proposals for a national cipher standard. IBM submitted the modified LUCIFER. It was by far the best algorithm proposed and was adopted in 1977 as the Data Encryption Standard.
  • Before its adoption as a standard, the proposed DES was subjected to intense & continuing criticism over the size of its key & the classified design criteria. Recent analysis has shown despite this controversy, that DES is well designed. DES is theoretically broken using Differential or Linear Cryptanalysis but in practise is unlikely to be a problem yet. Also rapid advances in computing speed though have rendered the 56 bit key susceptible to exhaustive key search, as predicted by Diffie & Hellman. DES has flourished and is widely used, especially in financial applications. It is still standardized for legacy systems, with either AES or triple DES for new applications.
  • The overall scheme for DES encryption is illustrated in Stallings Figure3.4, which takes as input 64-bits of data and of key. The left side shows the basic process for enciphering a 64-bit data block which consists of: - an initial permutation (IP) which shuffles the 64-bit input block - 16 rounds of a complex key dependent round function involving substitutions & permutations - a final permutation, being the inverse of IP The right side shows the handling of the 56-bit key and consists of: - an initial permutation of the key (PC1) which selects 56-bits out of the 64-bits input, in two 28-bit halves - 16 stages to generate the 48-bit subkeys using a left circular shift and a permutation of the two 28-bit halves
  • The initial permutation and its inverse are defined by tables, as shown in Stallings Tables 3.2a and 3.2b, respectively. The tables are to be interpreted as follows. The input to a table consists of 64 bits numbered left to right from 1 to 64. The 64 entries in the permutation table contain a permutation of the numbers from 1 to 64. Each entry in the permutation table indicates the position of a numbered input bit in the output, which also consists of 64 bits. Note that the bit numbering for DES reflects IBM mainframe practice, and is the opposite of what we now mostly use - so be careful! Numbers from Bit 1 (leftmost, most significant) to bit 32/48/64 etc (rightmost, least significant). Note that examples are specified using hexadecimal. Here a 64-bit plaintext value of “675a6967 5e5a6b5a” (written in left & right halves) after permuting with IP becomes “ffb2194d 004df6fb”.
  • Transcript

    • 1. Block Ciphers and Data Encryption Standard (Class-L8) Lecture Slides By: Monalisa Panigrahi Asst. Professor LPU
    • 2. Algorithm Types• It defines what size of plain text should be encrypted in each step of algorithm – Stream Cipher – Block Cipher
    • 3. Stream Cipher• Plaintext is encrypted one bit at a time• Suppose message is “Pay 101” in ASCII• In binary it can be a series of 1 and 0;• Every bit will be applied with a encryption algorithms• Let Say binary data is 10010101 – Apply XOR with a key operation will get a cipher text
    • 4. Block Ciphers• A block of bits is encrypted at one go• Suppose a plaint text is FOUR_AND_FOUR• It can be encrypted in blocks of “FOUR”, “_AND_”, and “FOUR”
    • 5. How to use a block cipher?• Block ciphers encrypt fixed size blocks – E.g. DES encrypts 64-bit blocks• We need some way to encrypt a message of arbitrary length – E.g. a message of 1000 bytes• NIST defines five ways to do it – Called modes of operations 5
    • 6. Algorithm Modes• It is a combination of a series of the basic algorithm steps on block cipher and kind of feedback from the previous steps
    • 7. Five Modes of Operation– Electronic codebook mode (ECB)– Cipher block chaining mode (CBC) – most popular– Output feedback mode (OFB)– Cipher feedback mode (CFB)– Counter mode (CTR) 7
    • 8. Electronic Code Book (ECB)• The plaintext is broken into blocks, P1, P2, P3, ...• Each block contains 64 bits each• Each block is encrypted independently of the other blocks• For all blocks in a message, the same key is used for encryption• At the Receiver end, the incoming data is divided into 64-bit blocks and used the same key for decryption 8
    • 9. Remarks on ECB• Strength: it’s simple.• Weakness: – Repetitive information contained in the plaintext may show in the ciphertext, if aligned with blocks. – If the same message (e.g., an SSN) is encrypted (with the same key) and sent twice, their cipher texts are the same.• Typical application: secure transmission of short pieces of information 9
    • 10. Cipher Block Chaining (CBC)• The plaintext is broken into blocks: P , P2 , P3 , ... 1• Each plaintext block is XORed ( chained ) with the previous ciphertext block before encryption (hence the name): Ci = E K ( Ci −1 ⊕ Pi ) C0 = IV• Use an Initial Vector ( IV ) to start the process.• Decryption : Pi = Ci −1 ⊕ D K (Ci )• Application : general block-oriented transmission. 10
    • 11. Cipher Block Chaining (CBC) 11
    • 12. Remarks on CBC• The encryption of a block depends on the current and all blocks before it.• So, repeated plaintext blocks are encrypted differently.• Initialization Vector (IV) – Must be known to both the sender & receiver – Typically, IV is either a fixed value or is sent encrypted in ECB mode before the rest of ciphertext. 12
    • 13. Cipher feedback mode (basic version)• Plaintext blocks: p1, p2, …• Key: k• Basic idea: construct key stream k1, k2, k3, …• Encryption: c0 = IV   ki = Ek (ci −1 ), for i ≥ 1  ci = pi ⊕ ki , for i ≥ 1  13
    • 14. Cipher Feedback (CFB) Mode• The plaintext is a sequence of segments of s bits (where s ≤ block-size): P , P2 , P3 , P4 , … 1• Encryption is used to generate a sequence of keys, each of s bits: K1 , K 2 , K 3 , K 4 , …• The ciphertext is C1 , C2 , C3 , C4 , …, where Ci = Pi ⊕ Ki• How to generate the key stream? 14
    • 15. Generating Key Stream for CFB• The input to the block cipher is a shift register x; its value at stage i is denoted as xi .• Initially, x1 = an initial vector (IV). For i > 1, xi = shift-left-s -bits(xi −1 ) PCi −1.• Then, K i = s -most-significant-bits(E K ( xi )). 15
    • 16. Encryption in CFB Mode 16
    • 17. Decryption in CFB Mode• Generate key stream K1 , K 2 , K 3 , K 4 , … the same way as for encryption.• Then decrypt each ciphertext segment as: Pi = Ci ⊕ K i 17
    • 18. Remark on CFB• The block cipher is used as a stream cipher.• Appropriate when data arrives in bits/bytes.• s can be any value; a common value is s = 8.• A ciphertext segment depends on the current and all preceding plaintext segments.• A corrupted ciphertext segment during transmission will affect the current and next several plaintext segments. 18
    • 19. Output feedback mode (basic version)• Plaintext blocks: p1, p2, …• Key: k• Basic idea: construct key stream k1, k2, k3, …• Encryption:  k0 = IV    ki = Ek ( ki −1 ), for i ≥ 1   ci = pi ⊕ ki , for i ≥ 1  19
    • 20. Output Feedback (OFB) Mode• Very similar to Cipher Feedback in structure.• But K i −1 rather than Ci −1 is fed back to the next stage.• As in CFB, the input to the block cipher is a shift register x; its value at stage i is denoted as xi .• Initially, x1 = an initial vector (IV). For i > 1, xi = shift-left-s -bits(xi −1 ) PK i −1.• Then, K i = s -most-significant-bits(E K ( xi )). 20
    • 21. Cipher FeedbackOutput Feedback 21
    • 22. Remark on OFB• The block cipher is used as a stream cipher.• Appropriate when data arrives in bits/bytes.• Advantage: – more resistant to transmission errors; a bit error in a ciphertext segment affects only the decryption of that segment.• Disadvantage: – Cannot recover from lost ciphertext segments; if a ciphertext segment is lost, all following segments will be decrypted incorrectly (if the receiver is not aware of the segment loss).• IV should be generated randomly each time and sent with the ciphertext. 22
    • 23. Counter Mode (CTR)• Plaintext blocks: p1, p2, p3, …• Key: k• Basic idea: construct key stream k1, k2, k3, …• Encryption: T1 = IV Ti = Ti-1 + 1 Ci = Pi ♁ EK(Ti) C = (IV, C1, C2, C3, ...) 23
    • 24. Remark on CTR• Strengthes: – Needs only the encryption algorithm – Fast encryption/decryption; blocks can be processed (encrypted or decrypted) in parallel; good for high speed links – Random access to encrypted data blocks• IV should not be reused. 24
    • 25. Data Encryption Standard (DES)• most widely used block cipher in world• adopted in 1977 by NBS (now NIST)• encrypts 64-bit data using 56-bit key• has widespread use• has been considerable controversy over its security
    • 26. DES History• IBM developed Lucifer cipher – by team led by Feistel in late 60’s – used 64-bit data blocks with 128-bit key• then redeveloped as a commercial cipher with input from NSA and others• in 1973 NBS issued request for proposals for a national cipher standard• IBM submitted their revised Lucifer which was eventually accepted as the DES
    • 27. DES Design Controversy• although DES standard is public• was considerable controversy over design – in choice of 56-bit key (vs Lucifer 128-bit) – and because design criteria were classified• subsequent events and public analysis show in fact design was appropriate• use of DES has flourished – especially in financial applications – still standardised for legacy application use
    • 28. DES : Basic Principles• DES is a Block Cipher.• It Encrypts data in blocks of size 64 bits each• 64 bits of plain text goes as the input to DES, which produces 64 bits of Cipher Text.• The key length is 56 Bits.
    • 29. How Does DES Works ???
    • 30. Key Size (56 Bits) How ???• The Initial Key Consists of 64 bits.•• Before the DES process starts, every 8th bit of the key is discarded to produce a 56 bit key.• Bit positions (8, 16, 24, 32, 40,48,56,64) are discarded.• These bits can be used for parity checking to ensure that the key does not contain any error
    • 31. 56 Bit key1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1617 18 19 20 21 22 23 24 25 26 27 28 29 30 31 3233 34 35 36 37 38 39 40 41 42 43 44 45 46 47 4849 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
    • 32. Key Discarding Process
    • 33. DES - Basics• DES uses the two basic techniques of cryptography – Substitution Technique (confusion) and Transposition Technique (diffusion).• DES consists of 16 Steps, each of which is known as round• Each round performs the steps of Substitution and Transposition
    • 34. Level of steps in DES1. The 64 bit plain text block is handed over to an Initial Permutation (IP) function2. The IP is performed on plain text3. The IP produces two halves of the permuted block: – LPT (Left Plain Text) – RPT (Right Plain Text)
    • 35. Level of steps in DES4. Each of LPT and RPT go through 16 rounds of encryption process5. In the End, LPT and RPT are rejoined, and a Final Permutation (FP) is performed on the combined block6. The result produces 64-bit cipher text.
    • 36. Broad Level steps in DES
    • 37. DES Encryption Overview
    • 38. Initial Permutation (IP)• IP happens only once and it happens before the first round• It suggests how the transposition in IP should proceed• It says that the IP replaces the first bit of the original plain text block with the 58th bit of the original plain text block• 2nd bit with 50th bit and so on.
    • 39. Idea of IP
    • 40. IP TABLE58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 462 54 46 38 30 22 14 6 64 56 48 40 32 24 16 857 49 41 33 25 17 9 1 59 51 43 35 27 19 11 361 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7
    • 41. Initial Permutation IP• The resulting 64 bits text block is divided into two half blocks (each 32 bits)• 16 rounds are performed on these two blocks
    • 42. Permutation on 56 Bit Key57 49 41 33 25 17 9 1 58 50 42 34 26 1810 2 59 51 43 35 27 19 11 3 60 52 44 3663 55 47 39 31 23 15 7 62 54 46 38 30 2214 6 61 53 45 37 29 21 13 5 28 20 12 4
    • 43. Details Of one Round in DES
    • 44. Step 1 : Key Transformation• For each round, 56 bit key is available• From this 56 bit key, a different 48-bit sub key is generated during each round using a process called as Key Transformation• In this method, a 56 bit key is divided into two halves, each of 28 bits• These halves are circularly shifted by 1 or 2 positions, depending on the round
    • 45. Number of Key bits shifted per round 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16Round 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1Shift
    • 46. 56 Bit key57 49 41 33 25 17 9 1 58 50 42 34 26 1810 2 59 51 43 35 27 19 11 3 60 52 44 3663 55 47 39 31 23 15 7 62 54 46 38 30 2214 6 61 53 45 37 29 21 13 5 28 20 12 4
    • 47. 56 Bit key57 49 41 33 25 17 9 1 58 50 42 34 26 1810 2 59 51 43 35 27 19 11 3 60 52 44 3663 55 47 39 31 23 15 7 62 54 46 38 30 2214 6 61 53 45 37 29 21 13 5 28 20 12 4
    • 48. After Round-1• 56 Bit Key:49 41 33 25 17 9 1 58 50 42 34 26 18 102 59 51 43 35 27 19 11 3 60 52 44 36 5755 47 39 31 23 15 7 62 54 46 38 30 22 146 61 53 45 37 29 21 13 5 28 20 12 4 63
    • 49. How to Select 48 bit Key from 56 Bit key• Since the Key Transformation process involves permutation as well as selection of a 48 bit sub- set of the original 56-bit key, It is called as Compression Permutation 14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32 18 bit number is discarded
    • 50. Step 2 : Expansion Permutation• The RPT is expanded from 32 bits to 48 bits• The RPT is divided into 8 blocks, with each block consists of 4 bits• For per 4-bit block, 2 more bits are added.
    • 51. Division of 32 bit RPTinto Eight 4-bit block
    • 52. RPT Expansion Process
    • 53. Expansion Permutation Table32 1 2 3 4 5 4 5 6 7 8 98 9 10 11 12 13 12 13 14 15 16 1716 17 18 19 20 21 20 21 22 23 24 2524 25 26 27 28 29 28 29 30 31 32 1
    • 54. Expansion Permutation Table32 1 2 3 4 5 4 5 6 7 8 98 9 10 11 12 13 12 13 14 15 16 1716 17 18 19 20 21 20 21 22 23 24 2524 25 26 27 28 29 28 29 30 31 32 1
    • 55. S-Box Substitution• It is a Process that accepts the 48- bit input from the XOR operation involving the compressed key and Expanded RPT and Produces a 32 bit output using Substitution Technique
    • 56. Way to S-BoxSubstitution
    • 57. S-Box Substitution
    • 58. Selecting an Entry in a S- Box based on the 6-bit input
    • 59. Example
    • 60. P-Box Permutation• The output of S-box Contains 32 bits• These 32 bits are permuted using P- Box
    • 61. P-Box Permutation16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 102 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25
    • 62. XOR and SWAP
    • 63. Final Permutation (IP inverse)40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 3138 6 46 14 54 22 62 30 37 5 45 13 53 21 61 2936 4 44 12 52 20 60 28 35 3 43 11 51 19 59 2734 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25
    • 64. DES Example - Key K = 581FBC94D3A452EA X = 3570E2F1BA4682C7 K = ( 0101 1000 0001 1111 1011 1100 1001 0100 1101 0011 1010 0100 0101 0010 1110 1010 )C0 = ( 10111100110100 01101001000101 )D0 = ( 11010010001011 10100001111111 )
    • 65. DES Example - KeyC1 = ( 0111 1001 1010 0011 0100 1000 1011 )D1 = ( 1010 0100 0101 1101 0000 1111 1111 )K1 = ( 001001 111010 000101 101001 111001 011000 110111 011010 )C2 = ( 1111 0011 0100 0110 1001 0001 0110 )D2 = ( 0100 1000 1011 1010 0001 1111 1111 )K2 = ( 110110 101001 000111 011101 110101 111011 011101 001000 )
    • 66. DES Example - Data K=581FBC94D3A452EA X=3570E2F1BA4682C7X = (x1, x2, x3, …, x64) =( 0011 0101 0111 0000 1110 0010 1111 0001 1011 1010 0100 0110 1000 0010 1100 0111)This plaintext X is first subjected to an Initial Permutation –IP which gives L0 = ( 1010 1110 0001 1011 1010 0001 1000 1001) A E 1 B A 1 8 9R0 =( 1101 1100 0001 111 0001 0000 1111 0100) D C 1 F 1 0 F 4
    • 67. DES Example - DataE(R0) = ( 011011 111000 000011 111110 100010 100001 01110 101001) Γ1 = E(R0) ⊕ K1 = ( 010010 000010 000110 010111 011011 111001 101001 110011) S501(1101) = S51(13) = 9 = 1001 S611(1100) = S63(12) = 6 = 0110 S711(0100) = S73(4) = 1 = 0001 S811(1001) = S83(9) = 12 = 1100
    • 68. DES Example - DataB1 = (1010 0001 1110 1100 1001 0110 0001 1100)P(B1) = (0010 1011 1010 0001 0101 0011 0110 1100)R1 = P(B1) ⊕ L0 = (1000 0101 1011 1010 1111 0010 1110 0101) 8 5 B A F 2 E 5
    • 69. DES Example - DataL1 = (1101 1100 0001 1111 0001 0000 1111 0100) D C 1 F 1 0 F 4E(R1) = ( 110000 001011 110111 110101 011110 100101 011100 001011)Γ2 = E(R1) ⊕ K2 = ( 000110 100010 110000 101000 101011 011110 000001 000011)
    • 70. DES Example - DataS100(0011) = S11(3) = 1 = 0001S210(0001) = S23(1) = 14 = 1110S310(1000) = S33(8) = 11 = 1011S410(0100) = S43(4) = 12 = 1100S511(0101) = S51(5) = 14 = 1110S600(1111) = S63(15) = 11 = 1011S701(0000) = S73(0) = 13 = 1101S801(0001) = S83(1) = 15 = 1111
    • 71. DES Example - Data B2 = (0001 1110 1011 1100 1110 1011 1101 1111)P(B2) = (0101 1111 0011 1110 0011 1001 1111 0111) R2 = P(B2) ⊕ L1 = (1000 0011 0010 0001 0010 1001 0000 0011) 8 3 2 1 2 9 0 3 L2 = R1 = (1000 0101 1011 1010 1111 0010 1110 0101) 8 5 B A F 2 E 5
    • 72. DES Example - Data - Done !Y = (y1, y2,y3, …, y64) =( 1101 0111 0110 1001 1000 0010 0010 0100 0010 1000 0011 1110 0000 1010 1110 1010) =( D 7 6 9 8 2 2 4 2 8 3 E 0 A E A)