Modern Block Ciphers
description
Transcript of Modern Block Ciphers
![Page 1: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/1.jpg)
Modern Block Ciphers
CSCI 5857: Encoding and Encryption
![Page 2: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/2.jpg)
Outline
• Binary blocks and keys• The XOR function• Structure of modern round cipher• Permutation and Substitution boxes
![Page 3: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/3.jpg)
Block Ciphers• Long plaintext messages broken up into blocks
• Encryption substitutes n bit block of ciphertext for n bit block of plaintext– Example: 11010010 10001011 01000111
01101011 10010110 10110001
• Key question: Good block size– 8 bits too small: just maps one ASCII character to
another (monoalphabetic cipher)– Usually 64, 128, 256, or 512 bits
![Page 4: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/4.jpg)
Binary Keys
• Key: Binary number 32 to 256 bits long
• Minimum size now 128 bits to defeat exhaustive search attacks
• Amount of information stored by key is limited
(128 bit key equivalent to 16 ASCII characters)
![Page 5: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/5.jpg)
Substitution and Block Ciphers
• Standard binary key insufficient to represent even simple monoalphabetic substitution cipher– Example: Block size 64 bits– 264 possible blocks, each of which needs a
corresponding ciphertext block listed– Key: 264 x 64 bits long >> 256 bits for normal binary key– Number of mappings with 256-bit key
<< all possible mappings of 64 bit blocks
![Page 6: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/6.jpg)
Transposition and Binary TextTransposition ciphers of binary text easy to break• Small alphabet reduces distinguishable permutations
– 11001011 encrypted with 70351264 11001011
• Example: 64-bit ciphertext block with 8 1’s and 56 0’s
– Only (64 x 63 x 62 x 61 x 60 x 59 x 58 x 57)/ (8 x 7 x 6 x 5 x 4 x 3 x 2 x 1) = 4,426,165,368 combinations of 8 1’s and 56 0’s
– Easily broken with exhaustive search (each successive block reduces number of possible combinations)
![Page 7: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/7.jpg)
Binary Functions
• Since both text and key binary, can use binary function to encrypt/decrypt
• Example: AND function– Plaintext: 1001101110101100– Key: 1101100011001010– Ciphertext: 1001100010001000
![Page 8: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/8.jpg)
Invertible Binary Functions• Problem: Binary function must be invertible• Otherwise, cannot uniquely decrypt message• AND not invertible
– Plaintext: ? could be either 1 or 0 – Key: 0– Ciphertext: 0
???
![Page 9: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/9.jpg)
Exclusive Or Function (XOR)• Definition:
• 1 if operands not equal0 if operands equal
P K C = P K1 1 01 0 10 1 10 0 0
Plaintext
Key
Ciphertext
![Page 10: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/10.jpg)
XOR is Invertible
• XOR is its own inverse: C = P K P = C K
C = P K K P must be:1 1 01 0 10 1 10 0 0
Plaintext
Ciphertext
Plaintext
Ciphertext
Key
encryption
decryption
![Page 11: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/11.jpg)
XOR and Block Ciphers• Most modern block ciphers use XOR to
produce ciphertext from plaintext and key Simple Example (8 bit key and blocks):• Encryption:
Plaintext: 10010101 00100110 01110101Key: 10100110 10100110 10100110Ciphertext: 00110011 10000000 01010011
• Decryption:Ciphertext: 00110011 10000000 01010011Key: 10100110 10100110 10100110Plaintext: 10010101 00100110 01110101
![Page 12: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/12.jpg)
XOR Alone is Breakable
• K = P C • Key can be computed from single known plaintext
“This is too easy!”
Plaintext
Key
Ciphertext
![Page 13: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/13.jpg)
Confusion and Diffusion
• Diffusion:– Hiding relationship between plaintext and ciphertext– Changing one plaintext bit should change many bits
in ciphertext
• Confusion:– Hiding relationship between ciphertext and key– Changing one key bit should change many characters
in ciphertext
![Page 14: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/14.jpg)
Product Cipher
• Substitution and permutation can be used to add diffusion and confusion
Plaintext
Key
CiphertextSubstitution permutation
Substitution permutation
adds diffusion
adds confusion
Substitution permutation
![Page 15: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/15.jpg)
Invertibility • Transformations on plaintext must be invertible• Transformations on key do not
– Don’t care if can’t recover key from ciphertext
Plaintext
Key
CiphertextSubstitution permutation
Substitution permutation
Must be invertible
Does not have to be invertible
Substitution permutation
![Page 16: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/16.jpg)
Rounds in Product Cipher
• Most ciphers have many rounds of substitution, permutation, and XOR
• Maximizes diffusion
P
key 1
Csubst/perm
round 1
key 2
subst/perm
round 2
key n
subst/perm
round n
…
![Page 17: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/17.jpg)
Key Generation• Most ciphers generate separate round keys from
main key using substitution/permutation
P
round key 1
Csubst/perm
round 1
round key 2
subst/perm
round 2
round key n
subst/perm
round n
…
main key K
subst/perm subst/perm subst/perm…
![Page 18: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/18.jpg)
Keyless Ciphers• Substitution/permutation not based on key
– “Hardwired” into cipher– Assume known by adversary
• Simply used to add diffusion/confusion
subst/perm
round i
subst/perm
… …P C
K
“I know this, but still can’t figure out what P and K are”
![Page 19: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/19.jpg)
P-Boxes for Permutation• Number in box gives position of
corresponding input bit in output• Example: 16-bit P-Box
12 7 1 8 15 11 2 5 16 4 13 10 9 3 14 6 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Input1 1 0 1 0 1 0 1 0 0 0 1 0 1 1 0
1 0 1 1 1 0 1 0 0 1 0 0 0 0 1 1 Output
![Page 20: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/20.jpg)
Invertible P-Boxes• P-Box invertible if each input maps to one and only
one output– Example: Same 16-bit P-Box
– Swap numbers and indices
– Resort by indices
12 7 1 8 15 11 2 5 16 4 13 10 9 3 14 6 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1612 7 1 8 15 11 2 5 16 4 13 10 9 3 14 6
3 7 14 10 8 16 2 4 13 12 6 1 11 15 14 9 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
![Page 21: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/21.jpg)
Shift and Swap P-Boxes
• Shift Box moves inputs over by some n bits– May be circular, shifting bits at end to beginning– Example: 8-bit right circular shift box
• Swap box swaps two or more blocks of bits– Example: swapping two adjacent 4-bit blocks
8 1 2 3 4 5 6 7
5 6 7 8 1 2 3 4
![Page 22: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/22.jpg)
Compression/Expansion P-Boxes• Compression P-Box:
Not all inputs map to an output• Example: 8 x 6 P-Box
– 8 inputs, only 6 outputs– Note that inputs 3 and 5 do not map to an output
7 4 1 8 6 2
![Page 23: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/23.jpg)
Compression/Expansion P-Boxes• Expansion P-Box:
Some inputs map to multiple outputs• Example: 8 x 12 P-Box
– 8 inputs, 12 outputs– Note that inputs 1, 4, 5, and 7 map to two different
outputs
6 5 1 8 7 2 7 4 5 3 1 4
![Page 24: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/24.jpg)
Compression/Expansion P-Boxes• Compression and Expansion P-Boxes not invertible
– Compression boxes lose information– Can invert expansion box only if output has identical
values corresponding to inputs that are duplicated• 1010 11234 11010• ? 11234 10010
• Used primarily in key generation– Example: Creating 16 32-bit round keys from single
128-bit key
![Page 25: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/25.jpg)
S-Boxes for Substitution• Map blocks of plaintext to ciphertext
– Example: 3 x 3 S-Box
– Often simplify by making “2 dimensional”Example: First bit of input determines row of output
Input 000 001 010 011 100 101 110 111Output 011 101 111 100 000 010 001 110
00 01 10 110 011 101 111 1001 000 010 001 110
![Page 26: Modern Block Ciphers](https://reader035.fdocuments.us/reader035/viewer/2022062310/568162c8550346895dd352b8/html5/thumbnails/26.jpg)
Invertible S-Boxes• Must have same number of inputs and outputs
– Example: 3 x 2 compression S-Box
• Each output must be unique
00 01 10 110 00 10 01 111 10 00 11 01
Input 000 001 010 011 100 101 110 111Output 011 101 111 100 011 010 001 110