S DES and DES Complete

Cryptography and Network Security.
By.----By.----William Stalling. B.Forouzan Bruce Schneier P. van Oorschot, and S. Vanstone,
--VIJAY KATTA---VIJAY KATTA--
Chapter 3 & Chapter 6 Block Ciphers DES Others
3.1 Simplified DES 3.2 Block Cipher Principles 3.3 The Data Encryption Standard 3.4 The Strength of DES 3.5 Differential and Linear Cryptanalysis 3.6 Block Cipher Design Principles 3.7 Block Cipher Modes of Operation Ch06- Contemporary symmetric ciphers
--VIJAY KATTA---VIJAY KATTA-2
3.0 Modern Block Ciphers

will now look at modern block ciphers one of the most widely used types of cryptographic algorithms provide secrecy and/or authentication services in particular will introduce DES (Data Encryption Standard)
Block vs Stream Ciphers

block ciphers process messages in into blocks, each of which is then en/decrypted like a substitution on very big characters
64-bits or more 64-
stream ciphers process messages a bit or byte at a time when en/decrypting many current ciphers are block ciphers hence are focus of course
Simplified DES (S-DES) (SAn educational algorithm A product cipher

two identical sub-ciphers sub-
Each sub-cipher sub Permutation Substitution
S-DES
Encryption
Input: 8-bit plaintext 8 Input: 10-bit key K 10 Output: 8-bit ciphertext 8-
Decryption
Input: 8-bit ciphertext 8 Input: 10-bit key K 10 Output: 8-bit plaintext 8--VIJAY KATTA---VIJAY KATTA-6
Simplified DES (cont.)

Key generation
P10: a permutation of 10 bits shift: shift (rotate) the input P8: a permutation of 8-bit 8-
Encryption/Decryption
IP: initial permutation fK: a complex function (substitution+permutation) SW: a simple permutation (swapping) IP-1: the inverse of IP
Overview of S-DES SSubkey generation

K1=P8 y shift y P10 (K) K2=P8 y shift y shift y P10 (K)
Encryption
C= IP-1 y fK2 y SW y fK1 y IP (P)
Decryption
P= IP-1 y fK1 y SW y fK2 y IP (C)
SubSub-key generation
10
SubSub-key generation (cont.)

P10: 10-bit permutation
P10 4 10 1
P10 (k1 k2 k3 k4 k5 k6 k7 k8 k9 k10) k3 k5 k2 k7 k4 k10 k1 k9 k8 k6 e.g. K= 10100 00010 P10(K) = P10 (10100 00010) = 10000 01100

LS-1: rotate left for 1 bit
e.g. LS-1(10000)=00001 LS-1(01100)=11000
12

P8: a permutation with 10-bit input and 8-bit output
P8 4 8
5 10 9
P8 (k1 k2 k3 k4 k5 k6 k7 k8 k9 k10) k6 k3 k7 k4 k8 k5 k10 k9 e.g. K1= P8 (00001 11000) = 010100100
13

LS-2: rotate left for 2 bits
e.g. LS-2(00001)=00100 LS-2(11000)=00011
14

P8: a permutation with 10-bit input and 8-bit output
P8 4 8
5 10 9
P8 (k1 k2 k3 k4 k5 k6 k7 k8 k9 k10) k6 k3 k7 k4 k8 k5 k10 k9 e.g. K2= P8 (00100 00011) = 01000011
15
S-DES encryption
16
S-DES encryption (cont.)

Initial and final permutations: IP, IP-1
IP 2 6 3 1 4 8 5 7
IP-1 5 7
IP-1 IP (X) = X = IP IP-1 (X)

18

Function fK
Permutation + substitution. substitution. )=(L F(R,SK), fK(L, R)=(LF(R,SK), R)
SK: A subkey Ki (i = 1, 2) L: Leftmost 4 bits R: Rightmost 4 bits F: A mapping from 4-bit strings to 4-bit strings. 44: bit-wise XOR bit-
19

Function fK
Example:
Input is 1011 1101 L=1011, R=1101 L=1011, F(1101, SK) = 1110 F(1101, fK(1011 1101) = 1011 1110 || 1101 1101) = 0101 1101
20

Mapping F(R, SK)
R
SK
21

Mapping F(R, SK)
Expansion/permutation (E/P): 4-bit R 4 XOR with subkey SK 8 bits 2 S-box 4 bits S P4 permutation 4 bits (output) 8 bits
22

E/P: 4-bit 48-bit
E/P 3 2
Example: E/P(1001)=11000011
23

S-box (substitution box)
S0, S1: 4 bits
S0(b1 b2 b3 b4)
b2b3 b1b4
2 bits
01 10 11
00
00 01 10 11
01 11 00 11
00 10 10 01
11 01 01 11
10 00 11 10
24

S1(b1 b2 b3 b4)
b2b3 b1b4
00
01
10
11
00 01 10 11
00 10 11 10
10 00 00 01
10 01 01 00
11 11 00 11
Example: S0(0010)=00, S1(0010)=10
25

P4: 4-bit permutation 4P4 2 4 1 3
26

1001
10011001 0101
11000011 1010
01
00
1000
S-DES Encryption (cont.)

SW: switch function
Interchange the left and right 4 bits
b1 b2 b3 b4 b5 b6 b7 b8
b5 b6 b7 b8
b1 b2 b3 b4
28
S-DES Encryption (cont.)

2nd round: same as the first round except
SubSub-key K2 is used Final permutation IP-1 is applied.
29

Key: K=1010000010 Plaintext: P=11110011 SubSub-key generation
K1 = P8 LS-1 P10 (1010000010) = 10100100 LS(1010000010) K2 = P8 LS-2 LS-1 P10 (1010000010) = 01000011 LS- LS(1010000010)
Plaintext: 11110011
IP (11110011) = 10111101 = L || R 10111101 F (R, K1)
E/P (1101) K1 = 1110101110100100 = 01001111 (1101) 01001111 S0 (0100) = 11 (0100) S1 (1111) = 11 (1111) P4 (1111) = 1111
30

fK1 (1011 1101) = (LF(R, K1), R) 1101) (L 10111111,1101) = (10111111,1101) = 0100 1101 SW (0100 1101)= 1101 0100 = L || R (0100 F(R, K2)
E/P (0100) K2= 00101000 01000011 = 01101011 (0100) 01101011 S0 (0110) = 10 (0110) S1 (1011) = 01 (1011) P4 (1001) = 0101
fK2(1101 0100) = (LF(R, K2), R) 0100) (L = (11010101, 0100) = 0000100 11010101, 0100) IP-1 (10000100) = 01000001
Ciphertext C=01000001
S-DES decryption
32
S-DES decryption (cont.)

C = IP-1 y fK2 y SW y fK1 y IP (P) IP-1 y fK1 y SW y fK2 y IP (C) = IP-1 y fK1 y SW y fK2 y IP y IP-1 y fK2 y SW y fK1 y IP (P) = IP-1 y fK1 y SW y fK2 y fK2 y SW y fK1 y IP (P) = IP-1 y fK1 y SW y SW y fK1 y IP (P) = IP-1 y fK1 y fK1 y IP (P) = IP-1 y IP (P) =P

Only sub-keys are fed in reverse order subSW SW = I (identity) IP-1 IP = IP IP-1 = I (identity) fK1 fK1 (X,Y) = fK1(XF(Y, K1), Y)
= (XF(Y, K1)F(Y, K1), Y) (X = (X, Y)
fK2 fK2 (X,Y) = fK2(XF(Y, K2), Y)

= (XF(Y, K2)F(Y, K2), Y) (X = (X, Y)

Generate sub-keys in reverse order sub-
35

Generate sub-keys in reverse order subP10(K)=k1 k2 k10 Encryption
LS-1(k1 k2 k3 k4 k5) = k2 k3 k4 k5 k1 LS LS-2 (k2 k3 k4 k5 k1) = k4 k5 k1 k2 k3 LS-
Decryption
RS-2 (k1 k2 k3 k4 k5) = k4 k5 k1 k2 k3 RS RS-2 (k4 k5 k1 k2 k3) = k2 k3 k4 k5 k1 RS--VIJAY KATTA---VIJAY KATTA-36

Generate sub-keys in reverse order sub-
RS-2
RS-2
K2 RS-2 K1
RS-2
e/d flag S-DES decryption Encrytion/Decryption P/C
K1/K2
K2/K1
C/P
3.2& 3.6 Block Cipher Principles

most symmetric block ciphers are based on a Feistel Cipher Structure needed since must be able to decrypt ciphertext to recover messages efficiently block ciphers look like an extremely large substitution would need table of 264 entries for a 64-bit block 64instead create from smaller building blocks using idea of a product cipher
Claude Shannon and SubstitutionSubstitutionPermutation Ciphers

in 1949 Claude Shannon introduced idea of substitutionsubstitution-permutation (S-P) networks (S modern substitution-transposition product cipher substitution-
these form the basis of modern block ciphers S-P networks are based on the two primitive cryptographic operations we have seen before:
substitution (S-box) (S permutation (P-box) (P-
provide confusion and diffusion of message

5.1.4 Product Ciphers

Shannon introduced the concept of a product cipher. A product cipher is a complex cipher combining substitution, permutation, and other components discussed in previous sections.
41
5.1.4 Continued
Diffusion The idea of diffusion is to hide the relationship between the ciphertext and the plaintext. Note Diffusion hides the relationship between the ciphertext and the plaintext.
42
5.1.4 Continued
Confusion The idea of confusion is to hide the relationship between the ciphertext and the key. Note Confusion hides the relationship between the ciphertext and the key.
43
5.1.4 Continued
Rounds Diffusion and confusion can be achieved using iterated product ciphers where each iteration is a combination of S-boxes, P-boxes, and other components.
44
45
Confusion and Diffusion

Shannon suggests to thwart statistical analysis Confusion
Blur the relation between the ciphertext and the encryption key Substitution
Diffusion
Each ciphertext alphabet is affected by many plaintext alphabet Repeated permutations
46
Feistel Cipher Structure

Horst Feistel devised the feistel cipher
based on concept of invertible product cipher
partitions input block into two halves

process through multiple rounds which perform a substitution on left data half based on round function of right half & subkey then have permutation swapping halves
implements Shannons substitutionsubstitutionpermutation network concept

Feistel Cipher Structure
48
Feistel Cipher Design Principles

block size increasing size improves security, but slows cipher key size increasing size improves security, makes exhaustive key searching harder, but may slow cipher number of rounds increasing number improves security, but slows cipher subkey generation greater complexity can make analysis harder, but slows cipher round function greater complexity can make analysis harder, but slows cipher fast software en/decryption & ease of analysis are more recent concerns for practical use and testing
49
Feistel Cipher Decryption
50
Average time required for exhaustive key search

Key Size Number of Time required at (bits) Alternative Keys 106 Decryption/s Decryption/s 32 56 128 168 232 = 4.3 x 109 256 = 7.2 x 1016 2128 = 3.4 x 1038 2168 = 3.7 x 1050
2.15 milliseconds 10 hours 5.4 x 1018 years 5.9 x 1030 years

51
3.3 Data Encryption Standard (DES)

most widely used block cipher in world adopted in 1977 by NBS (now NIST)
as FIPS PUB 46
encrypts 64-bit data using 56-bit key 6456has widespread use has been considerable controversy over its security
52
DES History
IBM developed Lucifer cipher
by team led by Feistel used 64-bit data blocks with 128-bit key 64128-
then redeveloped as a commercial cipher with input from NSA and others in 1973 NBS issued request for proposals for a national cipher standard IBM submitted their revised Lucifer which was eventually accepted as the DES
Security analysis of DES

Why 56 bits?
Lucifers key is 128-bit long 128 Rumor: it was deliberately reduced so that NSA can break it Facts
1997: distributed exhaustive key search all over the world takes 3 months. 1998: specialized key search chips take 56 hours 1999: the search device is improved and achieves the record of 22 hours
55
A single round
56
6.2.3 Continued
Figure 6.10
Key generation
57
58
59
60
61
Avalanche effect
A small change in either the plaintext or the key should produce a significant change in the ciphertext In particular, one bit change in either the plaintext or the key half bits change in ciphertext
62
Avalanche effect (cont.)

For example
P1=0000 0000 0000 P2=1000 0000 0000 K=0000001 1001011 0100100 1100010 0011100 0011000 0011100 0110010] Then, 34 bits differ in C=R16L16
Avalanche effect
63
Fast avalanche effect

The avalanche effect within the first few rounds; for example, the first 3 rounds.
Change in Plaintext Round #bits that differ 0 1 1 6 2 21 3 35 4 39 5 34 6 32 7 31 8 29 9 42 10 44 11 32 12 30 13 30 14 26 15 29 16 34
Change in Key Round #bits that differ 0 0 1 2 2 14 3 28 4 32 5 30 6 32 7 35 8 34 9 40 10 38 11 31 12 33 13 28 14 26 15 34 16 35

64
3.7 Modes of Operation

block ciphers encrypt fixed size blocks eg. DES encrypts 64-bit blocks, with 56-bit key 6456need way to use in practise, given usually have arbitrary amount of information to encrypt four were defined for DES in ANSI standard ANSI X3.106-1983 Modes of Use X3.106subsequently now have 5 for DES and AES have block and stream modes
Recall ch03-3 ch03 stream ciphers process messages a bit or byte at a time when en/decrypting
Modes of operations (Overview)

Advantages and disadvantages: goals
Same plaintext blocks => Same Cipher blocks Padding Stream cipher => Error propagation Parallel encryption/decryption
Padding message (64bits block)

Electronic codebook mode (ECB) Cipher block chaining mode (CBC)
Convert DES to Stream cipher (1 bit or 8 bits)

Cipher feedback mode (CFB) Output feedback mode (OFB)
Parallel encryptions
Counter (CTR)
67
ECB mode
Simplest mode Each block of 64-bit plaintext is handled 64independently It is like a codebook (huge) lookup The same 64-bit block has the same 64cipher text Same key is used in all block encryption. APPLICATION ::Secured Transmission of Key.
ECB mode (cont.)

Encryption
Key: K Plaintext: P=P1P2PN-1PN Padded plaintext: P=P1P2PN-1PN
P1, P2,, PN-1 are 64-bit blocks 64PN-1 is the last (padded) 64-bit block 64Padding pattern: 100
Ciphertext C=C1C2CN
Ci = EK(Pi), 1eieN 1e
ECB mode (cont.)
70
ECB mode (cont.)

Decryption
Key: K Ciphertext: C=C1C2CN Padded plaintext: P=P1P2PN-1PN Plaintext: P1P2PN-1PN
71
ECB mode (cont.)
72
Advantages and Limitations of ECB

repetitions in message may show in ciphertext
if aligned with message block particularly with data such graphics or with messages that change very little, which become a code-book analysis problem code-
weakness due to encrypted message blocks being independent main use is sending a few blocks of data
Cipher Block Chaining (CBC)

message is broken into blocks but these are linked together in the encryption operation each previous cipher blocks is chained with current plaintext block, hence name use Initial Vector (IV) to start process
Ci = DESK1(Pi XOR Ci-1) C-1 = IV
uses: bulk data encryption, authentication

CBC mode (Cont.)

Goal: Goal: the same plaintext block is encrypted into different ciphertext block Initial vector (IV)
64-bit long 64 Fixed, or negotiated between sender and receiver
Padded plaintext: P= P1P2PN Ciphertext: C = C1C2CN

C1=EK(IV P1) Ci=EK(Ci-1 Pi), 2eieN 2e
75
CBC mode (cont.)
76
CBC mode (cont.)

Decryption
Key: K Ciphertext: C=C1C2CN Padded plaintext: P=P1P2PN
P1=DK(C1) IV Pi= DK(Ci) Ci-1= Ci-1PiCi-1
77
CBC mode (cont.)
78
Advantages and Limitations of CBC

each ciphertext block depends on all message blocks thus a change in the message affects all ciphertext blocks after the change as well as the original block need Initial Value (IV) known to sender & receiver
however if IV is sent in the clear, an attacker can change bits of the first block, and change IV to compensate hence either IV must be a fixed value (as in EFTPOS) or it must be sent encrypted in ECB mode before rest of message
at end of message, handle possible last short block

by padding either with known non-data value (eg nulls) non or pad last block with count of pad size
eg. [ b1 b2 b3 0 0 0 0 5] <- 3 data bytes, then 5 bytes pad+count <-
79
CFB mode (Cipher feedback)

Stream cipher mode OneOne-time pad Block size: J bits, 1eJe 64 1e Need no padding in most cases
For example, between key board and computer, we set J=8
80
CFB mode (cont.)

Encryption: J-bit CFB J Plaintext: P = P1P2PN, Pis are J-bit blocks P J SJ(X): the leftmost J bits of X T64-J(Y): the rightmost 64-J bits of Y 6464 Algorithm
R=IV For i=1 to N
Ci= Pi SJ(EK(R)) R=T64-J(R)||Ci-1 64-
81
CFB mode (cont.)

Decryption: J-bit CFB J Ciphertext: C= C1C2CN, Cis are J-bit blocks C J SJ(X): the leftmost J bits of X T64-J(Y): the rightmost 64-J bits of Y 6464 Algorithm
R=IV For i=1 to N
Pi= Ci SJ(EK(R)) R=T64-J(R)||Ci-1 64-
82
83
Advantages and Limitations of CFB

appropriate when data arrives in bits/bytes most common stream mode limitation is need to stall while do block encryption after every n-bits nnote that the block cipher is used in encryption mode at both ends errors propagate for several blocks after the error
OFB mode (Output feedback)

Similar to CFB, but output (not ciphertext) is fed back uses: stream encryption over noisy channels Advantage
Bit errors in Ci wont propagate to decryption errors of Cj, j>I
Disadvantage
Complement bits of Ci result in complementing bits in Pi
Not suitable for error-correcting (See the next errordecryption figure)( modify one bit of C1)
86
Counter (CTR)
a new mode, though proposed early on similar to OFB but encrypts counter value rather than any feedback value must have a different key & counter value for every plaintext block (never reused)
Ci = Pi XOR Oi Oi = DESK1(i)
uses: high-speed network encryptions high--VIJAY KATTA---VIJAY KATTA-87
Counter (CTR)
88
Advantages and Limitations of CTR

efficiency
can do parallel encryptions in advance of need good for bursty high speed links
random access to encrypted data blocks provable security (good as other modes) ? but must ensure never reuse key/counter values, otherwise could break (cf OFB)
Modes of operations (Summary) (Summary)

Advantages and disadvantages: goals
Same plaintext blocks => Same Cipher blocks Padding problem Stream cipher => Error propagation Parallel encryption/decryption
90
Ch06 - Double DES

Key size K=(K1, K2): 112 bits C=EK2(EK1(P))
91
6.4.1 Double DES

The first approach is to use double DES (2DES). Meet-in-the-Middle Attack However, using a known-plaintext attack called meet-inthe-middle attack proves that double DES improves this vulnerability slightly (to 257 tests), but not tremendously (to 2112).
92
Double DES (cont.)

Meet-in-theMeet-in-the-middle attack
Given a pair (P, C) Let Ki be the ith key of the key space, 0 e i e256-1 Compute Mi=EKi(P), 0 e i e256-1 Compute Nj=DKj(C), 0 e i e256-1 Check whether Mi=Nj
If so, K=(Ki, Kj) is very likely to be the secret key
Time: 256+256=257 The memory size for Mis: 25664 bits

we need not store Njs.
6.4.1 Continued
Figure 6.14 Meet-in-the-middle attack for double DES
94
6.4.1 Continued
Figure 6.15 Tables for meet-in-the-middle attack
95
6.4.2 Triple DES

Figure 6.16 Triple DES with two keys
96
Triple DES
Plaintext, ciphertext: 64 bits ciphertext: Key K=(K1, K2): 112 bits Encryption: Encryption: C=EK1(DK2(EK1(P))) Decryption: P=DK1(EK2(DK1(P))) Advantages
Key size is larger Compatible with regular one-key DES oneSet K1=K2=K (56-bit) (56C=EK(DK(EK(P)))=EK(P) P=DK(EK(DK(P)))=DK(P)
98
6.4.2 Continuous
Triple DES with Three Keys The possibility of known-plaintext attacks on triple DES with two keys has enticed some applications to use triple DES with three keys. Triple DES with three keys is used by many applications such as PGP (See Chapter 16).
99
Plain text = 64 bit. Key =128 bit. Sub key = 52. (16 bit each) Cipher text = 64. Number of identical rounds =8.(6 key in each round) And one output transformation round(4 key)
IDEA (International Data Encryption Algorithm)
Design Issues
The design philosophy behind the algorithm is one of mixing operation from different algebraic groups. 1) XOR 2)Addition modulo 216 3) Multiplication modulo 216 + 1
101
102
Encryption Key Generation.
103
Encryption Algorithm.
104
Sequence of operation
1)Multiply x1 and first sub key(sk) 2)Add x2 and second sk 3)Add x3 and third sk 4)Multiply x4 and fourth sk 5) Step 1 step 3 6) Step 2 step 4 7)Multiply step 5 with fifth sk. 8)Add result of step 6 and step 7 9) Multiply result of step 8 with sixth sk. 10)Add result of step 7 and step 9.
Continue..
11) XOR result of steps 1 and step 9. 12) XOR result of steps 3 and step 9. 13) XOR result of steps 2 and step 10. 14) XOR result of steps 2 and step 10.
106
Operation in output transformation

1)Multiply x1 with first sk. 2)Add x2 and second sk. 3)Add x3 and third sk. 4)Multiply x4 and fourth sk.
107
Next generation
NIST begin the process of selecting the nextnext-generation secret-key encryption secretalgorithm in 1998. Advanced encryption standard (AES)
Rijndael (Chapter 5) (Chapter 5)
Plaintext, ciphertext: at least 128 bits. bits. Key size: flexible, at least 128 bits. bits. You can check its web.
Http://www.nist.gov/aes
Stream Ciphers
process the message bit by bit (or byes) (as a stream) typically have a (pseudo) random stream key combined (XOR) with plaintext bit by bit (XOR) randomness of stream key completely destroys any statistically properties in the message
Ci = Mi XOR StreamKeyi
what could be simpler!!!! but must never reuse stream key

otherwise can remove effect and recover messages
Stream Cipher Properties

some design considerations are:
long period with no repetitions statistically random depends on large enough key large linear complexity correlation immunity confusion diffusion use of highly non-linear boolean functions non--VIJAY KATTA---VIJAY KATTA-110
Stream Cipher: RC4 Cipher:

a proprietary cipher owned by RSA DSI another Ron Rivest design, simple but effective variable key size, byte-oriented stream cipher bytewidely used (web SSL/TLS, WLAN WEP-not WEPsecure) key forms random permutation of all 8-bit values 8uses that permutation to scramble input info processed a byte at a time
111
WLAN WEP (WLAN security requirement and some attacks.ppt)

WLANs
protocol standard IEEE 802.11a 802.11b 802.11g (WEP) 802.11i (TKIP short-term solution)
112

Problems with WEP
24-bit IVs are too short The CRC checksum is used by WEP for integrity protection WEP combines the IV with the key in a way that enables cryptanalytic attacks Integrity protection for source and destination addresses is not provided
113

TKIP IEEE 802.11i short-term solution
A message integrity code (MIC), called Michael,to defeat forgeries; A packet sequencing discipline, to defeat replay attacks A per-packet key mixing function, to prevent attack
Long-term solution
A single key to provide confidentiality and integrity Provide integrity protection for the plaintext packet header, as well as

WEP
Cipher Key Size(s) Key Lifetime PerPerpacketpacket-key Packet Data Replay detection Key Management RC4 40 or 104-bit 104encryption 24-bit wrapping IV Concatenate IV to base key CRCCRC-32 None None
TKIP
RC4 128-bit encryption 1286464-bit authentication 4848-bit IV TKIP mixing function Michael Enforcing IV sequencing IEEE802.1X
115
WLAN EAP (EAP series methods on wireless security.ppt)

IEEE 802.1X provide both authentication and key management
EAP
RADIUS
116
WLAN EAP (EAP series methods on wireless security.ppt)

EAP series
Password-based PasswordLEAP EAPEAP-SKE EAPEAP-SRP EAPEAP-SPEKE EAPEAP-SIM (GSM/GPRS, SIM card) EAPEAP-AKA (3G-UMTS, USIM card) (3G Certificate-based CertificateEAPEAP-TLS EAPEAP-TTLS PEAP

S DES and DES Complete

Uploaded by

Copyright:

Available Formats

S DES and DES Complete

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

S DES and DES Complete

Uploaded by

Copyright:

Available Formats

What are the main topics discussed in the document?

What are the main topics discussed in the document?

What information is provided on pages 5-6?

What information is provided on pages 5-6?

Cryptography and Network Security.

By.----By.----William Stalling. B.Forouzan Bruce Schneier P. van Oorschot, and S. Vanstone,

--VIJAY KATTA---VIJAY KATTA--

Chapter 3 & Chapter 6 Block Ciphers DES Others

3.0 Modern Block Ciphers

--VIJAY KATTA---VIJAY KATTA--

Block vs Stream Ciphers

Simplified DES (S-DES) (SAn educational algorithm A product cipher

Each sub-cipher sub Permutation Substitution

--VIJAY KATTA---VIJAY KATTA--

Simplified DES (cont.)

--VIJAY KATTA---VIJAY KATTA--

Overview of S-DES SSubkey generation

--VIJAY KATTA---VIJAY KATTA--

--VIJAY KATTA---VIJAY KATTA--

SubSub-key generation (cont.)

SubSub-key generation (cont.)

e.g. LS-1(10000)=00001 LS-1(01100)=11000

--VIJAY KATTA---VIJAY KATTA--

SubSub-key generation (cont.)

P8 (k1 k2 k3 k4 k5 k6 k7 k8 k9 k10) k6 k3 k7 k4 k8 k5 k10 k9 e.g. K1= P8 (00001 11000) = 010100100

--VIJAY KATTA---VIJAY KATTA--

SubSub-key generation (cont.)

e.g. LS-2(00001)=00100 LS-2(11000)=00011

--VIJAY KATTA---VIJAY KATTA--

SubSub-key generation (cont.)

P8 (k1 k2 k3 k4 k5 k6 k7 k8 k9 k10) k6 k3 k7 k4 k8 k5 k10 k9 e.g. K2= P8 (00100 00011) = 01000011

--VIJAY KATTA---VIJAY KATTA--

--VIJAY KATTA---VIJAY KATTA--

S-DES encryption (cont.)

IP-1 IP (X) = X = IP IP-1 (X)

S-DES encryption (cont.)

--VIJAY KATTA---VIJAY KATTA--

S-DES encryption (cont.)

--VIJAY KATTA---VIJAY KATTA--

S-DES encryption (cont.)

--VIJAY KATTA---VIJAY KATTA--

S-DES encryption (cont.)

--VIJAY KATTA---VIJAY KATTA--

S-DES encryption (cont.)

--VIJAY KATTA---VIJAY KATTA--

S-DES encryption (cont.)

--VIJAY KATTA---VIJAY KATTA--

S-DES encryption (cont.)

S-DES encryption (cont.)

Example: S0(0010)=00, S1(0010)=10

--VIJAY KATTA---VIJAY KATTA--

S-DES encryption (cont.)

--VIJAY KATTA---VIJAY KATTA--

S-DES encryption (cont.)

S-DES Encryption (cont.)

--VIJAY KATTA---VIJAY KATTA--

S-DES Encryption (cont.)

--VIJAY KATTA---VIJAY KATTA--

S-DES encryption (cont.)

--VIJAY KATTA---VIJAY KATTA--