Presentation on theme: "Chapter3: Block Ciphers and the Data Encryption Standard"— Presentation transcript:

1 Chapter3: Block Ciphers and also the Data Encryption StandardNUIST college of Computer and also Software Jian Shen, PhD, Professor

*

2 advent A block cipher is an encryption/decryption system in which a block of plaintext is treated together a whole and used to create a ciphertext block of same length. Plenty of block ciphers have a Feistel structure. Such a structure is composed of a number of identical rounds of processing. In each round, a substitution is perform on one fifty percent of the data gift processed, adhered to by a permutation that interchanges the two halves. The original an essential is broadened so the a different key is supplied for each round. The Data Encryption typical (DES) has been the many widely offered encryption algorithm till recently. That exhibits the classic Feistel structure. DES provides a 64-bit block and also a 56-bit key. Two necessary methods of cryptanalysis space differential cryptanalysis and linear cryptanalysis. DES has been displayed to be highly resistant to these two varieties of attack. Is designed come detect, prevent, or recover from a defense attack. Security services encompass authentication, accessibility control, data confidentiality, data integrity, nonrepudiation, and also availability.

*

3 3.1. Block Cipher PrinciplesStream Ciphers and also Block Ciphers A stream cipher is one that encrypts a digital data currently one little or one byte at a time. An ideas for the Feistel Cipher framework A block cipher operates on a plaintext block of n bits to create a ciphertext block the n bits.

*

4 3.1. Block Cipher PrinciplesFigure 3.1 illustrates the logic of a general substitution cipher for n = 4. A 4-bit entry produces among 16 feasible input states, i m sorry is mapped by the substitution cipher into a distinctive one the 16 feasible output states, every of i beg your pardon is represented by 4 ciphertext bits.

*

5 3.1. Block Cipher PrinciplesTable 3.1. This is the most general kind of block cipher and can be supplied to define any reversible mapping between plaintext and ciphertext.

*

6 3.1. Block Cipher PrinciplesThe Feistel Cipher danger Feistel proposed that we deserve to approximate the ideal block cipher by using the principle of a product cipher, which is the execution of two or an ext simple ciphers in sequence in such a means that the final result or product is cryptographically stronger than any of the ingredient ciphers. In particular, Feistel suggest the usage of a cipher the alternates substitutions and permutations.

*
the we can approximate the best block cipher by using the ide of a product cipher, which is the execution of two or much more simple ciphers in sequence in such a way that the final result or product is cryptographically stronger than any type of of the ingredient ciphers. In particular, Feistel propose the usage of a cipher the alternates substitutions and permutations.">

7 3.1. Block Cipher PrinciplesDiffusion and also Confusion assume the attacker has some expertise of the statistical features of the plaintext. In diffusion, the statistical structure of the plaintext is dissipated right into long-range statistics that the ciphertext. This is achieved by having each plaintext digit impact the value of plenty of ciphertext digits; normally this is indistinguishable to having each ciphertext digit be impacted by many plaintext digits.

*

8 3.1. Block Cipher PrinciplesFeistel Cipher Structure figure 3.2 depicts the framework proposed through Feistel. The inputs to the encryption algorithm are a plaintext block of length 2w bits and a key K. The plaintext block is divided into two halves, L0 and also R0. The two halves of the data pass through n rounds of processing and also then integrate to develop the ciphertext block. Every round i has actually as input Li-1 and also Ri-1, derived from the vault round, as well as a subkey Ki, derived from the in its entirety K. In general, the subkeys Ki are different from K and also from every other.

*

9 3.1. Block Cipher PrinciplesThe precise realization the a Feistel network depends on the an option of the following parameters and also design features: Block size: bigger block size mean higher security (all other things being equal) however reduced encryption/decryption rate for a given algorithm. Key size: Larger crucial size method greater security however may diminish encryption/decryption speed. Variety of rounds: The essence of the Feistel cipher is that a single round offers inadequate security but that multiple ring offer raising security. Subkey generation algorithm: Greater complexity in this algorithm should cause greater an obstacle of cryptanalysis. Round function: Again, greater complexity generally method greater resistance to cryptanalysis.

*

10 3.1. Block Cipher PrinciplesThere are two other considerations in the architecture of a Feistel cipher: rapid software encryption/decryption lull of evaluation

*

11 3.1. Block Cipher PrinciplesFeistel Decryption Algorithm number 3.3 mirrors the encryption process going down the left-hand side and also the decryption process going increase the right-hand side because that a 16-round algorithm.

*

12 3.2. The Data Encryption StandardFeistel Decryption Algorithm for DES, data room encrypted in 64-bit blocks using a 56-bit key. The algorithm transforms 64-bit entry in a series of steps into a 64-bit output. The same steps, v the very same key, are provided to turning back the encryption. DES Encryption The all at once scheme because that DES encryption is illustrated in number 3.4. Together with any type of encryption scheme, there space two inputs come the encryption function: the plaintext to be encrypted and the key. In this case, the plaintext should be 64 bits in length and also the crucial is 56 bits in length.

*

13 3.2. The Data Encryption StandardInitial Permutation The early stage permutation and its station are identified by tables, as presented in Tables 3.2a and 3.2b, respectively. .

*

14 3.2. The Data Encryption StandardInitial Permutation To check out that these two permutation attributes are indeed the inverse of every other, take into consideration the adhering to 64-bit input M:

*

15 3.2. The Data Encryption StandardInitial Permutation whereby Mi is a binary digit. Climate the permutation X = IP(M) is as follows: If we then take it the station permutation Y = IP-1(X) = IP-1(IP(M)), it have the right to be checked out that the initial ordering of the bits is restored.

*

16 3.2. The Data Encryption StandardDetails of solitary Round figure 3.5 mirrors the internal structure that a single round.

*

17 3.2. The Data Encryption StandardDetails of solitary Round The role of the S-boxes in the duty F is shown in figure 3.6.

*

18 3.2. The Data Encryption StandardDetails of single Round These changes are identified in Table 3.3, i m sorry is construed as follows: The an initial and last bits of the input to box Si type a 2-bit binary number to choose one of four substitutions identified by the four rows in the table because that Si. The middle 4 bits select one that the 16 columns. The decimal value in the cell selected through the row and also column is then onverted to its 4-bit depiction to develop the output.

*

19 3.2. The Data Encryption StandardKey Generation

*

20 3.2. The Data Encryption StandardDES Decryption as with any kind of Feistel cipher, decryption offers the exact same algorithm together encryption, except that the applications of the subkeys is reversed.

*

21 3.2. The Data Encryption StandardThe Avalanche effect A preferable property of any encryption algorithm is that a little change in either the plaintext or the vital should develop a far-ranging change in the ciphertext. DES exhibits a solid avalanche effect. Table 3.5 shows some outcomes taken native . In Table 3.5a, two plaintexts the differ through one bit were used: v the key

*
. In Table 3.5a, two plaintexts that differ through one bit were used: with the key.">

22 3.3. The toughness of Des The usage of 56-Bit KeysThe Nature the the DES Algorithm Timing strikes

*

23 3.4. Differential and also Linear CryptanalysisDifferential Cryptanalysis background Differential Cryptanalysis attack Figure 3.7, based upon a figure in , illustrates the propagation of distinctions through 3 rounds of DES.

*
, illustrates the propagation of distinctions through 3 rounds of DES.">

24 3.4. Differential and Linear CryptanalysisWe now provide a brief summary of the rule on which straight cryptanalysis is based. For a cipher v n-bit plaintext and ciphertext blocks and also an m-bit key, allow the plaintext block be labeling P<1>, ... P, the cipher text block C<1>, ... C, and also the an essential K<1>, ... K. Then define The target of linear cryptanalysis is to discover an reliable linear equation that the form:

*
, ... P, the cipher text block C<1>, ... C, and also the vital K<1>, ... K. Climate define. The target of linear cryptanalysis is to find an reliable linear equation the the form:">

25 3.5. Block Cipher style PrinciplesDES style Criteria No output bit of any S-box should be as well close a linear duty of the entry bits. Each heat of one S-box (determined through a solved value that the leftmost and rightmost intake bits) should include all 16 possible output bit combinations. If two inputs to an S-box different in exactly one bit, the outputs should differ in at least two bits. If 2 inputs come an S-box different in the two middle bits exactly, the outputs have to differ in at the very least two bits. If two inputs to an S-box different in their an initial two bits and also are the same in your last two bits, the 2 outputs need to not it is in the same. For any type of nonzero 6-bit difference in between inputs, no much more than 8 the the 32 pairs of entry exhibiting that distinction may an outcome in the same output differ This is a criterion similar to the ahead one, however for the situation of three S-boxes.ence.

*

26 3.5. Block Cipher architecture PrinciplesDES design Criteria The criteria for the permutation P space as follows: The 4 output bits from every S-box at round i are spread so that 2 of them impact (provide intake for) "middle bits" of ring (i + 1) and the various other two impact end bits. The two center bits of input to an S-box space not mutual with surrounding S-boxes. The finish bits space the 2 left-hand bits and also the 2 right-hand bits, i beg your pardon are mutual with surrounding S-boxes. The 4 output bits from each S-box affect six different S-boxes ~ above the next round, and also no two affect the same S-box. For 2 S-boxes j, k, if an output little from Sj influence a middle little bit of Sk ~ above the next round, climate an output bit from Sk cannot influence a middle little of Sj. This means that because that j = k, one output little bit from Sj have to not impact a middle bit of Sj.

*

27 3.5. Block Cipher design PrinciplesNumber of ring The cryptographic strength of a Feistel cipher derives native three elements of the design: the number of rounds, the duty F, and the key schedule algorithm. Style of duty F architecture Criteria for F S-Box style For larger S-boxes, such together 8 x 32, the concern arises as to the best technique of picking the S-box entries in bespeak to meet the type of criteria we have actually been discussing. Nyberg, who has actually written a lot around the theory and practice that S-box design, argues the complying with approaches: arbitrarily Random with experimentation Human-made Math-made

*

28 3.5. Block Cipher style PrinciplesKey Schedule Algorithm A final area the block cipher design, and one that has actually received much less attention 보다 S-box design, is the vital schedule algorithm. With any type of Feistel block cipher, the crucial is offered to create one subkey for each round. In general, us would like to choose subkeys come maximize the challenge of deducing separation, personal, instance subkeys and the difficulty of working earlier to the main key. No general values for this have yet been promulgated.


You are watching: Why is it important to study the feistel cipher


See more: What Does Plus Que Ma Propre Vie Mean, What Does Plus Que Ma Vie Mean

*

29 Review concerns 3.1 Why is it essential to research the Feistel cipher?3.2 What is the difference in between a block cipher and a present cipher? 3.3 Why is it not helpful to usage an arbitrarily reversible substitution cipher the the kind displayed in Table 3.1? 3.4 What is a product cipher? 3.5 What is the difference between diffusion and also confusion? 3.6 i m sorry parameters and design options determine the yes, really algorithm the a Feistel cipher? 3.7 What is the function of the S-boxes in DES? 3.8 explain the avalanche effect. 3.9 What is the difference between differential and linear cryptanalysis?

*