Scribd
Upload
16 views24 pages

Symmetric Key Cryptography: Key S Key S

The document discusses symmetric key cryptography, focusing on stream and block ciphers, particularly the Data Encryption Standard (DES). It explains the concepts of confusion and diffusion, the structure and operation of DES, including its key schedule and security concerns. Additionally, it mentions Triple DES (3DES) as an alternative to AES, highlighting its use of multiple DES encryptions for enhanced security.

Uploaded by

Harman Kour IIT Mandi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
16 views24 pages

Symmetric Key Cryptography: Key S Key S

The document discusses symmetric key cryptography, focusing on stream and block ciphers, particularly the Data Encryption Standard (DES). It explains the concepts of confusion and diffusion, the structure and operation of DES, including its key schedule and security concerns. Additionally, it mentions Triple DES (3DES) as an alternative to AES, highlighting its use of multiple DES encryptions for enhanced security.

Uploaded by

Harman Kour IIT Mandi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

Symmetric key Cryptography

Key Key
Sk Sk
Symmetric key Cryptography

Key Key
Sk Sk
Stream ciphers encrypt bits individually. This is achieved by adding a bit from a key
stream to a plaintext bit.

Block ciphers encrypt an entire block of plaintext bits at a time with the same key. This
means that the encryption of any plaintext bit in a given block depends on every other
plaintext bit in the same block.
Block Cipher Primitives: Confusion and Diffusion

Claude Shannon: There are two primitive operations with which strong encryption
algorithms can be built:

• Confusion: An encryption operation where the relationship between key and


ciphertext is obscured.

Cipher text

• Diffusion: An encryption operation where the influence of one plaintext symbol is


spread over many ciphertext symbols with the goal of hiding statistical properties
of the plaintext.

Plaintext Cipher text


Most of today‘s block ciphers are product ciphers as they consist of
rounds which are applied repeatedly to the data.

Can reach excellent diffusion: changing of one bit of plaintext results


on average in the change of half the output bits.
DES Facts
▪ Data Encryption Standard (DES) encrypts blocks of size 64 bit.

▪ Developed by IBM based on the cipher Lucifer under influence of the National
Security Agency (NSA), the design criteria for DES have not been published

▪ Standardized 1977 by the National Bureau of Standards (NBS) today called National
Institute of Standards and Technology (NIST)
▪ Most popular block cipher for most of the last 30 years.

▪ By far best studied symmetric algorithm.

▪ Nowadays considered insecure due to the small key length of 56 bit.

▪ But: 3DES yields very secure cipher, still widely used today.

▪ Replaced by the Advanced Encryption Standard (AES) in 2000


▪ Encrypts blocks of size 64 bits.

▪ Uses a key of size 56 bits.

▪ Symmetric cipher: uses same key for encryption and


decryption

▪ Uses 16 rounds which all perform the identical operation

▪ Different subkey in each round derived from main key


▪ DES structure is a Feistel network

▪ Advantage: encryption and decryption differ only in


key schedule

▪ Bitwise initial permutation, then 16 rounds


▪ Plaintext is split into 32-bit halves Li and Ri
▪ Ri is fed into the function f, the output of which is
then XORed with Li
▪ Left and right half are swapped

▪ Rounds can be expressed as:

▪ L and R swapped again at the end of the cipher, i.e.,


after round 16 followed by a final permutation
Bitwise Permutations.
• Inverse operations.
• Described by tables IP and IP-1
The f-Function
• main operation of DES
f-Function inputs: R i-1 and round key ki

4 Steps:
• Expansion E

• XOR with round key

• S-box substitution

• Permutation
The Expansion Function E

1.Expansion E

• main purpose: increases diffusion


Add Round Key

XOR Round Key

• Bitwise XOR of the round key and the


output of the expansion function E

• Round keys are derived from the main


key in the DES key schedule
The DES S-Boxes 3.S-Box substitution
• Eight substitution tables.
• 6 bits of input, 4 bits of output.
• Non-linear and resistant to differential
cryptanalysis.
• Crucial element for DES security!
• Find all S-Box tables and S-Box design criteria
The Permutation P 4.Permutation P
• Bitwise permutation.
• Introduces diffusion.
• Output bits of one S-Box effect several S-Boxes in next
round
• Diffusion by E, S-Boxes and P guarantees that after
Round 5 every bit is a function of each key bit and each
plaintext bit.
▪ Derives 16 round keys (or subkeys) ki of 48 bits each from the original 56 bit key.

▪ The input key size of the DES is 64 bit: 56 bit key and 8 bit parity:

▪ Parity bits are removed in a first permuted choice PC-1: (note that the bits 8, 16, 24,
32, 40, 48, 56 and 64 are not used at all)
Split key into 28-bit halves C0 and D0.

• In rounds i = 1, 2, 9 ,16, the two halves are each


rotated left by one bit.

• In all other rounds where the two halves are each


rotated left by two bits.

• In each round i permuted choice PC-2


selects a permuted subset of 48 bits of Ci and Di as round
key ki, i.e. each ki is a permutation of k!
In Feistel ciphers only the key schedule has to
be modified for decryption.
• Generate the same 16 round keys in reverse
order.
Reversed key schedule:

▪ As D0=D16 and C0=C16 the first round key can be


generated by applying PC-2 right after PC-1 (no rotation
here!).

▪ All other rotations of C and D can be reversed to


reproduce the other round keys resulting in:
• No rotation in round 1.
• One bit rotation to the right in rounds 2, 9 and 16.
• Two bit rotations to the right in all other rounds
Security of DES

▪ After proposal of DES two major criticisms arose:


• Key space is too small (256keys)
• S-box design criteria have been kept secret: Are there any hidden analytical
attacks (backdoors), only known to the NSA?

▪ Analytical Attacks: DES is highly resistent to both differential and linear


cryptanalysis, which have been published years later than the DES. This means IBM
and NSA had been aware of these attacks for 15 years! So far there is no known
analytical attack which breaks DES in realistic scenarios.

▪ Exhaustive key search: For a given pair of plaintext-ciphertext (x, y) test all 256 keys
until the condition DESk-1(x)=y is fulfilled.

▪ Relatively easy given today’s computer technology


Triple DES (3DES) and DESX An alternative to AES or the AES finalist algorithms is triple DES, often denoted
as 3DES.
3DES consists of three subsequent DES encryptions y =DESk3 (DESk2 (DESk1 (x)))

You might also like