Data encryption standard
3,767 views
49 slides
Mar 21, 2022
Slide 1 of 49
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
About This Presentation
Unit 2_Chapter 6
Slide Content
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Chapter 6
Data Encryption Standard
(DES)
Chapter 6
Data Encryption Standard
(DES)
6-1 INTRODUCTION
TheDataEncryptionStandard(DES)isasymmetric-
keyblockcipherpublishedbytheNationalInstituteof
StandardsandTechnology(NIST).
6.1.1History
6.1.2Overview
Topics discussed in this section:
TheDataEncryptionStandard(DES)isasymmetric-
keyblockcipherpublishedbytheNationalInstituteof
StandardsandTechnology(NIST).
6.1.1History
6.1.2Overview
Topics discussed in this section:
In1973,NISTpublishedarequestforproposalsfora
nationalsymmetric-keycryptosystem.Aproposalfrom
IBM,amodificationofaprojectcalledLucifer,was
acceptedasDES.DESwaspublishedintheFederal
RegisterinMarch1975asadraftoftheFederal
InformationProcessingStandard(FIPS).
6.1.1 History
nationalsymmetric-keycryptosystem.Aproposalfrom
IBM,amodificationofaprojectcalledLucifer,was
acceptedasDES.DESwaspublishedintheFederal
RegisterinMarch1975asadraftoftheFederal
InformationProcessingStandard(FIPS).
6.1.1 History
DESisablockcipher,asshowninFigure6.1.
6.1.2 Overview
Figure 6.1 Encryption and decryption with DES
6.1.2 Overview
Figure 6.1 Encryption and decryption with DES
6-2 DES STRUCTURE
Theencryptionprocessismadeoftwopermutations
(P-boxes),whichwecallinitialandfinal
permutations,andsixteenFeistelrounds.
6.2.1Initial and Final Permutations
6.2.2Rounds
6.2.3Cipher and Reverse Cipher
6.2.4Examples
Topics discussed in this section:
Theencryptionprocessismadeoftwopermutations
(P-boxes),whichwecallinitialandfinal
permutations,andsixteenFeistelrounds.
6.2.1Initial and Final Permutations
6.2.2Rounds
6.2.3Cipher and Reverse Cipher
6.2.4Examples
Topics discussed in this section:
6-2 Continue
Figure 6.2 General structure of DES
Figure 6.2 General structure of DES
6.2.1 Initial and Final Permutations
Figure 6.3 Initial and final permutation steps in DES
Figure 6.3 Initial and final permutation steps in DES
6.2.1Continue
Table 6.1 Initial and final permutation tables
Table 6.1 Initial and final permutation tables
Example 6.1
6.2.1Continued
Findtheoutputofthefinalpermutationboxwhentheinput
isgiveninhexadecimalas:
Onlybit25andbit63are1s;theotherbitsare0s.Inthefinal
permutation,bit25becomesbit64andbit63becomesbit15.
Theresultis
Solution
6.2.1Continued
Findtheoutputofthefinalpermutationboxwhentheinput
isgiveninhexadecimalas:
Onlybit25andbit63are1s;theotherbitsare0s.Inthefinal
permutation,bit25becomesbit64andbit63becomesbit15.
Theresultis
Solution
Example 6.2
6.2.1Continued
Provethattheinitialandfinalpermutationsaretheinverse
ofeachotherbyfindingtheoutputoftheinitialpermutation
iftheinputis
Theinputhasonlytwo1s;theoutputmustalsohaveonlytwo
1s.UsingTable6.1,wecanfindtheoutputrelatedtothese
twobits.Bit15intheinputbecomesbit63intheoutput.Bit
64intheinputbecomesbit25intheoutput.Sotheoutput
hasonlytwo1s,bit25andbit63.Theresultinhexadecimalis
Solution
6.2.1Continued
Provethattheinitialandfinalpermutationsaretheinverse
ofeachotherbyfindingtheoutputoftheinitialpermutation
iftheinputis
Theinputhasonlytwo1s;theoutputmustalsohaveonlytwo
1s.UsingTable6.1,wecanfindtheoutputrelatedtothese
twobits.Bit15intheinputbecomesbit63intheoutput.Bit
64intheinputbecomesbit25intheoutput.Sotheoutput
hasonlytwo1s,bit25andbit63.Theresultinhexadecimalis
Solution
6.2.1Continued
The initial and final permutations are
straight P-boxes that are inverses
of each other.
They have no cryptography significance in
DES.
Note
The initial and final permutations are
straight P-boxes that are inverses
of each other.
They have no cryptography significance in
DES.
Note
DESuses16rounds.EachroundofDESisaFeistel
cipher.
6.2.2 Rounds
Figure 6.4
A round in DES
(encryption site)
cipher.
6.2.2 Rounds
Figure 6.4
A round in DES
(encryption site)
TheheartofDESistheDESfunction.TheDESfunction
appliesa48-bitkeytotherightmost32bitstoproducea
32-bitoutput.
6.2.2Continued
DES Function
Figure 6.5
DES function
appliesa48-bitkeytotherightmost32bitstoproducea
32-bitoutput.
6.2.2Continued
DES Function
Figure 6.5
DES function
ExpansionP-box
SinceR
I−1isa32-bitinputandK
Iisa48-bitkey,wefirst
needtoexpandR
I−1to48bits.
6.2.2Continue
Figure 6.6 Expansion permutation
SinceR
I−1isa32-bitinputandK
Iisa48-bitkey,wefirst
needtoexpandR
I−1to48bits.
6.2.2Continue
Figure 6.6 Expansion permutation
Althoughtherelationshipbetweentheinputandoutput
canbedefinedmathematically,DESusesTable6.2to
definethisP-box.
6.2.2Continue
Table 6.6 Expansion P-box table
canbedefinedmathematically,DESusesTable6.2to
definethisP-box.
6.2.2Continue
Table 6.6 Expansion P-box table
Whitener(XOR)
Aftertheexpansionpermutation,DESusestheXOR
operationontheexpandedrightsectionandtheround
key.Notethatboththerightsectionandthekeyare48-
bitsinlength.Alsonotethattheroundkeyisusedonlyin
thisoperation.
6.2.2Continue
Aftertheexpansionpermutation,DESusestheXOR
operationontheexpandedrightsectionandtheround
key.Notethatboththerightsectionandthekeyare48-
bitsinlength.Alsonotethattheroundkeyisusedonlyin
thisoperation.
6.2.2Continue
S-Boxes
TheS-boxesdotherealmixing(confusion).DESuses8
S-boxes,eachwitha6-bitinputanda4-bitoutput.See
Figure6.7.
6.2.2Continue
Figure 6.7 S-boxes
TheS-boxesdotherealmixing(confusion).DESuses8
S-boxes,eachwitha6-bitinputanda4-bitoutput.See
Figure6.7.
6.2.2Continue
Figure 6.7 S-boxes
6.2.2Continue
Figure 6.8 S-box rule
Figure 6.8 S-box rule
Table6.3showsthepermutationforS-box1.Fortherest
oftheboxesseethetextbook.
6.2.2Continue
Table 6.3 S-box 1
oftheboxesseethetextbook.
6.2.2Continue
Table 6.3 S-box 1
Example 6.3
6.2.2Continued
TheinputtoS-box1is100011.Whatistheoutput?
Ifwewritethefirstandthesixthbitstogether,weget11in
binary,whichis3indecimal.Theremainingbitsare0001in
binary,whichis1indecimal.Welookforthevalueinrow3,
column1,inTable6.3(S-box1).Theresultis12indecimal,
whichinbinaryis1100.Sotheinput100011yieldstheoutput
1100.
Solution
6.2.2Continued
TheinputtoS-box1is100011.Whatistheoutput?
Ifwewritethefirstandthesixthbitstogether,weget11in
binary,whichis3indecimal.Theremainingbitsare0001in
binary,whichis1indecimal.Welookforthevalueinrow3,
column1,inTable6.3(S-box1).Theresultis12indecimal,
whichinbinaryis1100.Sotheinput100011yieldstheoutput
1100.
Solution
Example 6.4
6.2.2Continued
TheinputtoS-box8is000000.Whatistheoutput?
Ifwewritethefirstandthesixthbitstogether,weget00in
binary,whichis0indecimal.Theremainingbitsare0000in
binary,whichis0indecimal.Welookforthevalueinrow0,
column0,inTable6.10(S-box8).Theresultis13indecimal,
whichis1101inbinary.Sotheinput000000yieldstheoutput
1101.
Solution
6.2.2Continued
TheinputtoS-box8is000000.Whatistheoutput?
Ifwewritethefirstandthesixthbitstogether,weget00in
binary,whichis0indecimal.Theremainingbitsare0000in
binary,whichis0indecimal.Welookforthevalueinrow0,
column0,inTable6.10(S-box8).Theresultis13indecimal,
whichis1101inbinary.Sotheinput000000yieldstheoutput
1101.
Solution
StraightPermutation
6.2.2Continue
Table 6.11 Straight permutation table
6.2.2Continue
Table 6.11 Straight permutation table
Usingmixersandswappers,wecancreatethecipherand
reversecipher,eachhaving16rounds.
6.2.3 Cipher and Reverse Cipher
FirstApproach
Toachievethisgoal,oneapproachistomakethelast
round(round16)differentfromtheothers;ithasonlya
mixerandnoswapper.
In the first approach, there is no swapper in
the last round.
Note
reversecipher,eachhaving16rounds.
6.2.3 Cipher and Reverse Cipher
FirstApproach
Toachievethisgoal,oneapproachistomakethelast
round(round16)differentfromtheothers;ithasonlya
mixerandnoswapper.
In the first approach, there is no swapper in
the last round.
Note
6.2.3Continued
Figure 6.9 DES cipher and reverse cipher for the first approach
Figure 6.9 DES cipher and reverse cipher for the first approach
AlternativeApproach
6.2.3Continued
Wecanmakeall16roundsthesamebyincludingone
swappertothe16throundandaddanextraswapperafter
that(twoswapperscanceltheeffectofeachother).
KeyGeneration
Theround-keygeneratorcreatessixteen48-bitkeysout
ofa56-bitcipherkey.
6.2.3Continued
Wecanmakeall16roundsthesamebyincludingone
swappertothe16throundandaddanextraswapperafter
that(twoswapperscanceltheeffectofeachother).
KeyGeneration
Theround-keygeneratorcreatessixteen48-bitkeysout
ofa56-bitcipherkey.
6.2.3Continued
Figure 6.10
Key generation
Figure 6.10
Key generation
6.2.3Continued
Table 6.12 Parity-bit drop table
Table 6.13 Number of bits shifts
Table 6.12 Parity-bit drop table
Table 6.13 Number of bits shifts
6.2.3Continued
Table 6.14 Key-compression table
Table 6.14 Key-compression table
Example 6.5
6.2.4 Examples
Wechoosearandomplaintextblockandarandomkey,and
determinewhattheciphertextblockwouldbe(allin
hexadecimal):
Table 6.15 Trace of data for Example 6.5
6.2.4 Examples
Wechoosearandomplaintextblockandarandomkey,and
determinewhattheciphertextblockwouldbe(allin
hexadecimal):
Table 6.15 Trace of data for Example 6.5
Example 6.5
Table 6.15 Trace of data for Example 6.5 (Conintued
6.2.4Continued
Continued
Table 6.15 Trace of data for Example 6.5 (Conintued
6.2.4Continued
Continued
Example 6.6
6.2.4Continued
LetusseehowBob,atthedestination,candecipherthe
ciphertextreceivedfromAliceusingthesamekey.Table6.16
showssomeinterestingpoints.
6.2.4Continued
LetusseehowBob,atthedestination,candecipherthe
ciphertextreceivedfromAliceusingthesamekey.Table6.16
showssomeinterestingpoints.
6-3 DES ANALYSIS
CriticshaveusedastrongmagnifiertoanalyzeDES.
Testshavebeendonetomeasurethestrengthofsome
desiredpropertiesinablockcipher.
6.3.1Properties
6.3.2Design Criteria
6.3.3DES Weaknesses
Topics discussed in this section:
CriticshaveusedastrongmagnifiertoanalyzeDES.
Testshavebeendonetomeasurethestrengthofsome
desiredpropertiesinablockcipher.
6.3.1Properties
6.3.2Design Criteria
6.3.3DES Weaknesses
Topics discussed in this section:
Twodesiredpropertiesofablockcipherarethe
avalancheeffectandthecompleteness.
6.3.1 Properties
Example 6.7
TochecktheavalancheeffectinDES,letusencrypttwo
plaintextblocks(withthesamekey)thatdifferonlyinonebit
andobservethedifferencesinthenumberofbitsineach
round.
avalancheeffectandthecompleteness.
6.3.1 Properties
Example 6.7
TochecktheavalancheeffectinDES,letusencrypttwo
plaintextblocks(withthesamekey)thatdifferonlyinonebit
andobservethedifferencesinthenumberofbitsineach
round.
Example 6.7
6.3.1Continued
Althoughthetwoplaintextblocksdifferonlyintherightmost
bit,theciphertextblocksdifferin29bits.Thismeansthat
changingapproximately1.5percentoftheplaintextcreatesa
changeofapproximately45percentintheciphertext.
Table 6.17 Number of bit differences for Example 6.7
Continued
6.3.1Continued
Althoughthetwoplaintextblocksdifferonlyintherightmost
bit,theciphertextblocksdifferin29bits.Thismeansthat
changingapproximately1.5percentoftheplaintextcreatesa
changeofapproximately45percentintheciphertext.
Table 6.17 Number of bit differences for Example 6.7
Continued
6.3.1Continued
Completenesseffect
Completenesseffectmeansthateachbitoftheciphertext
needstodependonmanybitsontheplaintext.
Completenesseffect
Completenesseffectmeansthateachbitoftheciphertext
needstodependonmanybitsontheplaintext.
6.3.2 Design Criteria
S-Boxe
Thedesignprovidesconfusionanddiffusionofbitsfrom
eachroundtothenext.
P-Boxes
Theyprovidediffusionofbits.
NumberofRounds
DESusessixteenroundsofFeistelciphers.theciphertext
isthoroughlyarandomfunctionofplaintextand
ciphertext.
S-Boxe
Thedesignprovidesconfusionanddiffusionofbitsfrom
eachroundtothenext.
P-Boxes
Theyprovidediffusionofbits.
NumberofRounds
DESusessixteenroundsofFeistelciphers.theciphertext
isthoroughlyarandomfunctionofplaintextand
ciphertext.
Duringthelastfewyearscriticshavefoundsome
weaknessesinDES.
6.3.3 DES Weaknesses
WeaknessesinCipherDesign
1.WeaknessesinS-boxes
2.WeaknessesinP-boxes
3.WeaknessesinKey
weaknessesinDES.
6.3.3 DES Weaknesses
WeaknessesinCipherDesign
1.WeaknessesinS-boxes
2.WeaknessesinP-boxes
3.WeaknessesinKey
Example 6.8
6.3.3Continued
LetustrythefirstweakkeyinTable6.18toencryptablock
twotimes.Aftertwoencryptions
withthesamekeytheoriginalplaintextblockiscreated.Note
thatwehaveusedtheencryptionalgorithmtwotimes,not
oneencryptionfollowedbyanotherdecryption.
6.3.3Continued
LetustrythefirstweakkeyinTable6.18toencryptablock
twotimes.Aftertwoencryptions
withthesamekeytheoriginalplaintextblockiscreated.Note
thatwehaveusedtheencryptionalgorithmtwotimes,not
oneencryptionfollowedbyanotherdecryption.
6.3.3Continued
Figure 6.11 Double encryption and decryption with a weak key
Figure 6.11 Double encryption and decryption with a weak key
6.3.3Continued
6.3.3Continued
6.3.3Continued
Figure 6.12 A pair of semi-weak keys in encryption and decryption
Figure 6.12 A pair of semi-weak keys in encryption and decryption
Example 6.9
6.3.3Continued
Whatistheprobabilityofrandomlyselectingaweak,asemi-
weak,orapossibleweakkey?
Solution
DEShasakeydomainof2
56
.Thetotalnumberoftheabove
keysare64(4+12+48).Theprobabilityofchoosingoneof
thesekeysis8.8×10
−16
,almostimpossible.
6.3.3Continued
Whatistheprobabilityofrandomlyselectingaweak,asemi-
weak,orapossibleweakkey?
Solution
DEShasakeydomainof2
56
.Thetotalnumberoftheabove
keysare64(4+12+48).Theprobabilityofchoosingoneof
thesekeysis8.8×10
−16
,almostimpossible.
6.3.3Continued
Example 6.10
6.3.3Continued
Letustesttheclaimaboutthecomplementkeys.Wehave
usedanarbitrarykeyandplaintexttofindthecorresponding
ciphertext.Ifwehavethekeycomplementandtheplaintext,
wecanobtainthecomplementofthepreviousciphertext
(Table6.20).
6.3.3Continued
Letustesttheclaimaboutthecomplementkeys.Wehave
usedanarbitrarykeyandplaintexttofindthecorresponding
ciphertext.Ifwehavethekeycomplementandtheplaintext,
wecanobtainthecomplementofthepreviousciphertext
(Table6.20).
6-4 Security of DES
DES,asthefirstimportantblockcipher,hasgone
throughmuchscrutiny.Amongtheattemptedattacks,
threeareofinterest:brute-force,differential
cryptanalysis,andlinearcryptanalysis.
6.4.1Brute-Force Attack
6.4.2Differential Cryptanalysis
6.4.3Linear Cryptanalysis
Topics discussed in this section:
DES,asthefirstimportantblockcipher,hasgone
throughmuchscrutiny.Amongtheattemptedattacks,
threeareofinterest:brute-force,differential
cryptanalysis,andlinearcryptanalysis.
6.4.1Brute-Force Attack
6.4.2Differential Cryptanalysis
6.4.3Linear Cryptanalysis
Topics discussed in this section:
Wehavediscussedtheweaknessofshortcipherkeyin
DES.Combiningthisweaknesswiththekeycomplement
weakness,itisclearthatDEScanbebrokenusing2
55
encryptions.
6.4.1 Brute-Force Attack
DES.Combiningthisweaknesswiththekeycomplement
weakness,itisclearthatDEScanbebrokenusing2
55
encryptions.
6.4.1 Brute-Force Attack
IthasbeenrevealedthatthedesignersofDESalready
knewaboutthistypeofattackanddesignedS-boxesand
chose16asthenumberofroundstomakeDES
specificallyresistanttothistypeofattack.
6.4.2 Differential Cryptanalysis
knewaboutthistypeofattackanddesignedS-boxesand
chose16asthenumberofroundstomakeDES
specificallyresistanttothistypeofattack.
6.4.2 Differential Cryptanalysis
Linearcryptanalysisisnewerthandifferential
cryptanalysis.DESismorevulnerabletolinear
cryptanalysisthantodifferentialcryptanalysis.S-boxes
arenotveryresistanttolinearcryptanalysis.Ithasbeen
shownthatDEScanbebrokenusing2
43
pairsofknown
plaintexts.However,fromthepracticalpointofview,
findingsomanypairsisveryunlikely.
6.4.3 Linear Cryptanalysis
cryptanalysis.DESismorevulnerabletolinear
cryptanalysisthantodifferentialcryptanalysis.S-boxes
arenotveryresistanttolinearcryptanalysis.Ithasbeen
shownthatDEScanbebrokenusing2
43
pairsofknown
plaintexts.However,fromthepracticalpointofview,
findingsomanypairsisveryunlikely.
6.4.3 Linear Cryptanalysis
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 3,767
- Slides 49
- Favorites 1
- Age 1353 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
22 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views