course info - florida international university
TRANSCRIPT
![Page 1: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/1.jpg)
CourseInfo
• Instructor:Dr.DengPan• Email:[email protected]• Officehours:– TuesdayandThursday,10am-12PM,ECS-389– Orbyappointment
1
![Page 2: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/2.jpg)
Chapter1Introduction
2
![Page 3: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/3.jpg)
Internetprotocolstack• application
– supportingnetworkapplications• transport
– process-processdatatransfer• network
– routingofdatagramsfromsourcetodestination
• link– datatransferbetweenneighboringnetworkelements
• physical– bits“onthewire”
application
transport
network
link
physical
3
![Page 4: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/4.jpg)
Securityrelatedterminology
• Risk• Threats• Vulnerabilities• Adversary• Attacks• Participants• Trust• SecurityModel
4
![Page 5: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/5.jpg)
Chapter3SecretKeyCryptography
5
![Page 6: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/6.jpg)
SecretKeyEncryption
• orconventional/private-key /single-key• senderandrecipientshareacommonkey• allclassicalencryptionalgorithmsaresecretkeybased
• wasonlytypepriortoinventionofpublic-keyin1970’s
6
![Page 7: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/7.jpg)
SomeBasicTerminology
• plaintext/cleartext - originalmessage
• ciphertext - codedmessage
• cipher - algorithmfortransformingplaintexttociphertext
• key - infousedincipherknownonlytosender/receiver
• encipher(encrypt) - convertingplaintexttociphertext
• decipher(decrypt) – recoveringplaintextfromciphertext
• cryptography - studyofencryptionprinciples/methods
• cryptanalysis(codebreaking) - studyofprinciples/methodsofdecipheringciphertextwithout knowingkey
7
![Page 8: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/8.jpg)
SymmetricCipherModel
8
![Page 9: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/9.jpg)
Requirements
• tworequirementsforsecureuseofsymmetricencryption:– astrongencryptionalgorithm– asecretkeyknownonlytosender/receiver
• mathematicallyhave:Y=EK(X)X=DK(Y)
• assumeencryptionalgorithmisknown
9
![Page 10: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/10.jpg)
Cryptanalysis
• objectivetorecoverkeynotjustmessage• generalapproaches:– cryptanalyticattack– brute-forceattack
10
![Page 11: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/11.jpg)
BruteForceSearch• alwayspossibletosimplytryeverykey• mostbasicattack,proportionaltokeysize• assumeeitherknow/recogniseplaintext
Key Size (bits)
Number of Alternative Keys
Time required at 1 decryption/µs
Time required at 106
decryptions/µs32 232 = 4.3 × 109 231 µs = 35.8
minutes2.15 milliseconds
56 256 = 7.2 × 1016 255 µs = 1142 years 10.01 hours128 2128 = 3.4 × 1038 2127 µs = 5.4 × 1024
years5.4 × 1018 years
168 2168 = 3.7 × 1050 2167 µs = 5.9 × 1036
years5.9 × 1030 years
26 characters (permutation)
26! = 4 × 1026 2 × 1026 µs = 6.4 × 1012 years
6.4 × 106 years
11
![Page 12: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/12.jpg)
ClassicalSubstitutionCiphers
• wherelettersofplaintextarereplacedbyotherlettersorbynumbersorsymbols
• orifplaintextisviewedasasequenceofbits,thensubstitutioninvolvesreplacingplaintextbitpatternswithciphertextbitpatterns
12
![Page 13: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/13.jpg)
CaesarCipher
• earliestknownsubstitutioncipher• byJuliusCaesar• firstattesteduseinmilitaryaffairs• replaceseachletterby3rdletteron• example:
PHHW PH DIWHU WKH WRJD SDUWB
13
![Page 14: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/14.jpg)
CaesarCipher
• candefinetransformationas:
• mathematicallygiveeachletteranumber
• thenhaveCaesarcipheras:c=E(p)=(p+k)mod(26)p=D(c)=(c– k)mod(26)
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
14
![Page 15: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/15.jpg)
CryptanalysisofCaesarCipher
• onlyhave26possibleciphers– AmapstoA,B,..Z
• couldsimplytryeachinturn• abruteforcesearch• givenciphertext,justtryallshiftsofletters• doneedtorecognizewhenhaveplaintext• eg.breakciphertext"GCUAVQDTGCM"
15
![Page 16: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/16.jpg)
MonoalphabeticCipher
• ratherthanjustshiftingthealphabet• couldshuffle(jumble)thelettersarbitrarily• eachplaintextlettermapstoadifferentrandomciphertextletter
• hencekeyis26letterslongPlain: abcdefghijklmnopqrstuvwxyzCipher: dkvqfibjwpescxhtmyauolrgzn
Plaintext: ifwewishtoreplacelettersCiphertext: wirfrwajuhyftsdvfsfuufya
16
![Page 17: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/17.jpg)
MonoalphabeticCipherSecurity
• nowhaveatotalof– 26!=4x1026 keys
• withsomanykeys,mightthinkissecure• butwouldbewrong• problemislanguagecharacteristics
17
![Page 18: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/18.jpg)
LanguageRedundancyandCryptanalysis
• humanlanguagesareredundant• eg"thlrdsmshphrdshllntwnt"• lettersarenotequallycommonlyused• inEnglishEisbyfarthemostcommonletter– followedbyT,R,N,I,O,A,S
• otherletterslikeZ,J,K,Q,Xarefairlyrare• havetablesofsingle,double&tripleletterfrequenciesforvariouslanguages
18
![Page 19: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/19.jpg)
EnglishLetterFrequencies
19
![Page 20: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/20.jpg)
UseinCryptanalysis• keyconcept- monoalphabeticsubstitutionciphersdonotchangerelativeletterfrequencies
• calculateletterfrequenciesforciphertext• comparecounts/plotsagainstknownvalues• ifcaesarcipherlookforcommonpeaks/troughs– peaksat:A-E-Itriple,NOpair,RSTtriple– troughsat:JK,X-Z
• formonoalphabeticmustidentifyeachletter– tablesofcommondouble/triplelettershelp
20
![Page 21: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/21.jpg)
ExampleCryptanalysis
• givenciphertext:UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
• countrelativeletterfrequencies(seetext)• guessP&Zaree&t• guessZWisthandhenceZWPisthe• proceedingwithtrialanderrorfinallyget:
it was disclosed yesterday that several informal butdirect contacts have been made with politicalrepresentatives of the viet cong in moscow
21
![Page 22: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/22.jpg)
Example
• AgeneralizationoftheCaesarcipher,knownastheaffinecipherisasfollows:C=E([a,b],p)=(ap+b)mod26
• Aciphertexthasbeengeneratedwithanaffinecipher.Themostfrequentletteroftheciphertextis‘B’,andthesecondmostfrequentis‘U’.Breakthecode.
22
![Page 23: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/23.jpg)
PlayfairCipher
• noteventhelargenumberofkeysinamonoalphabeticcipherprovidessecurity
• oneapproachtoimprovingsecuritywastoencryptmultipleletters
• the PlayfairCipher isanexample• inventedbyCharlesWheatstonein1854,butnamedafterhisfriendBaronPlayfair
23
![Page 24: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/24.jpg)
PlayfairKeyMatrix
• a5X5matrixoflettersbasedonakeyword• fillinlettersofkeyword(sansduplicates)• fillrestofmatrixwithotherletters• eg.usingthekeywordMONARCHY
M O N A RC H Y B DE F G I/J KL P Q S TU V W X Z
24
![Page 25: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/25.jpg)
EncryptingandDecrypting
• plaintextisencryptedtwolettersatatime1. ifapairisarepeatedletter,insertfillerlike'X’2. ifbothlettersfallinthesamerow,replaceeach
withlettertoright (wrappingbacktostartfromend)
3. ifbothlettersfallinthesamecolumn,replaceeachwiththeletterbelowit(againwrappingtotopfrombottom)
4. otherwiseeachletterisreplacedbytheletterinthesamerowandinthecolumnoftheotherletterofthepair
25
![Page 26: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/26.jpg)
SecurityofPlayfairCipher
• securitymuchimprovedovermonoalphabetic• sincehave26x26=676digrams• wouldneeda676entryfrequencytabletoanalyse(verses26foramonoalphabetic)
• andcorrespondinglymoreciphertext• waswidelyusedformanyyears– eg.byUS&BritishmilitaryinWW1
• itcanbebroken,givenafewhundredletters• sincestillhasmuchofplaintextstructure
26
![Page 27: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/27.jpg)
PolyalphabeticCiphers
• polyalphabeticsubstitutionciphers• improvesecurityusingmultiplecipheralphabets• makecryptanalysisharderwithmorealphabetstoguessandflatterfrequencydistribution
• useakeytoselectwhichalphabetisusedforeachletterofthemessage
• useeachalphabetinturn• repeatfromstartafterendofkeyisreached
27
![Page 28: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/28.jpg)
VigenèreCipher
• simplestpolyalphabeticsubstitutioncipher• effectivelymultiplecaesarciphers• keyismultipleletterslongK=k1 k2 ...kd• ith letterspecifiesith alphabettouse• useeachalphabetinturn• repeatfromstartafterdlettersinmessage• decryptionsimplyworksinreverse
28
![Page 29: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/29.jpg)
ExampleofVigenèreCipher
• writetheplaintextout• writethekeywordrepeatedaboveit• useeachkeyletterasacaesarcipherkey• encryptthecorrespondingplaintextletter• egusingkeyworddeceptive
key: deceptivedeceptivedeceptiveplaintext: wearediscoveredsaveyourselfciphertext: zicvtwqngrzgvtwavzhcqyglmgj
29
![Page 30: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/30.jpg)
SecurityofVigenèreCiphers
• havemultipleciphertextlettersforeachplaintextletter
• henceletterfrequenciesareobscured• butnottotallylost• startwithletterfrequencies– seeiflookmonoalphabeticornot
• ifnot,thenneedtodeterminenumberofalphabets,sincethencanattackeach
30
![Page 31: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/31.jpg)
AutokeyCipher• ideallywantakeyaslongasthemessage• Vigenèreproposedtheautokey cipher• withkeywordisprefixedtomessageaskey• knowingkeywordcanrecoverthefirstfewletters• usetheseinturnontherestofthemessage• eg.givenkeydeceptive
key: deceptivewearediscoveredsavplaintext: wearediscoveredsaveyourselfciphertext: zicvtwqngkzeiigasxstslvvwla
31
![Page 32: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/32.jpg)
TranspositionCiphers
• nowconsiderclassicaltransposition orpermutation ciphers
• thesehidethemessagebyrearrangingtheletterorder
• withoutalteringtheactuallettersused• canrecognisethesesincehavethesamefrequencydistributionastheoriginaltext
32
![Page 33: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/33.jpg)
RailFencecipher
• writemessagelettersoutdiagonallyoveranumberofrows
• thenreadoffcipherrowbyrow• eg.writemessageoutas:
m e m a t r h t g p r ye t e f e t e o a a t
• givingciphertextMEMATRHTGPRYETEFETEOAAT
33
![Page 34: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/34.jpg)
RowTranspositionCiphers
• amorecomplextransposition• writelettersofmessageoutinrowsoveraspecifiednumberofcolumns
• thenreorderthecolumnsaccordingtosomekeybeforereadingofftherowsKey: 3 4 2 1 5 6 7Plaintext: a t t a c k p
o s t p o n ed u n t i l tw o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
34
![Page 35: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/35.jpg)
ProductCiphers
• ciphersusingsubstitutionsortranspositionsarenotsecurebecauseoflanguagecharacteristics
• henceconsiderusingseveralciphersinsuccessiontomakeharder,but:– twosubstitutionsmakeamorecomplexsubstitution– twotranspositionsmakemorecomplextransposition– butasubstitutionfollowedbyatranspositionmakesanewmuchhardercipher
• thisisbridgefromclassicaltomodernciphers
35
![Page 36: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/36.jpg)
Example
ConsidertwoCaesarciphers:E(p)=(p+3)mod(26)E’(p)=(p+7)mod(26)
Whatisthecompositionofthetwociphers,i.e.E’(E(p))?
36
![Page 37: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/37.jpg)
ModernBlockCiphers
• nowlookatmodernblockciphers• oneofthemostwidelyusedtypesofcryptographicalgorithms
• providesecrecy/authenticationservices• focusonDES(DataEncryptionStandard)• toillustrateblockcipherdesignprinciples
37
![Page 38: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/38.jpg)
BlockvsStreamCiphers
• blockciphersprocessmessagesinblocks,eachofwhichisthenen/decrypted
• likeasubstitutiononverybigcharacters– 64-bitsormore
• streamciphersprocessmessagesabitorbyteatatimewhenen/decrypting
• manycurrentciphersareblockciphers
38
![Page 39: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/39.jpg)
DataEncryptionStandard(DES)
• mostwidelyusedblockcipherinworld• encrypts64-bitdatausing56-bitkey• haswidespreaduse• hasbeenconsiderablecontroversyoveritssecurity
39
![Page 40: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/40.jpg)
DESDesignControversy
• althoughDESstandardispublic• wasconsiderablecontroversyoverdesign– inchoiceof56-bitkey– andbecausedesigncriteriawereclassified
• subsequenteventsandpublicanalysisshowinfactdesignwasappropriate
• useofDEShasflourished– especiallyinfinancialapplications– stillstandardisedforlegacyapplicationuse
40
![Page 41: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/41.jpg)
DESOverview
41
![Page 42: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/42.jpg)
DESOverview
• Initialpermutation• 16rounds• 64-bitinput– Eachroundproducesa64-bitoutput
• 56-bitinitialkey– generatessixteen48-bitper-roundkeys
• Swaptwohalvesafter16th round• Finalpermutation
42
![Page 43: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/43.jpg)
DESOverview
• DecryptionworksbyessentiallyrunningDESbackwards.
• Sameoperation,keysinoppositeorder– firstuseK16,thekeyyougeneratedlast
43
![Page 44: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/44.jpg)
ThePermutationsoftheData
• Initialpermutation(IP)– firststepofthedatacomputation– IPreorderstheinputdatabits– quiteregularinstructure(easyinh/w)
• Finalpermutation(IP-1)– Laststep– InverseofIP
44
![Page 45: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/45.jpg)
Initialpermutation(IP)InitialPermutation(IP)
58 50 42 34 26 18 10 260 52 44 36 28 20 12 462 54 46 38 30 22 14 664 56 48 40 32 24 16 857 49 41 33 25 17 9 159 51 43 35 27 19 11 361 53 45 37 29 21 13 563 55 47 39 31 23 15 7
• Numbersintablespecifybitnumbersofinput.Orderofnumbersintablescorrespondstooutputbitposition.
• E.g.:– inputbit58tooutputbit1– inputbit50tooutputbit2 45
![Page 46: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/46.jpg)
FinalPermutation(IP-1)
• InverseofIP– IP-1(IP(M))=M
FinalPermutation(IP-1)40 8 48 16 56 24 64 3239 7 47 15 55 23 63 3138 6 46 14 54 22 62 3037 5 45 13 53 21 61 2936 4 44 12 52 20 60 2835 3 43 11 51 19 59 2734 2 42 10 50 18 58 2633 1 41 9 49 17 57 25
46
![Page 47: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/47.jpg)
ThePermutationsoftheData
• Permutationnotrandom• PatternsofIPandIP-1 (reversingthearrows)– bitsofith octetgetspreadinto(9-i)th bitsofalloctets
47
![Page 48: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/48.jpg)
GeneratingthePer-RoundKeys
• DESkeylookslike64bitslong,but8bitsareparity.– Numberthebitsfromlefttorightas1,2,...64.Bits8,16,...64aretheparitybits.
• DESgeneratesfromthe64bitsinitialkeysixteen48-bitkeys,whichareK1,K2,...K16.
48
![Page 49: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/49.jpg)
InitialKeyPermutation
• Initialpermutationon56usefulbitsofkey,outputdividedintotwo28-bitvalues:C0 andD0
• Noticethatnoneoftheparitybits(8,16,...64)isusedinC0 orD0.
C0 D0
57 49 41 33 25 17 9 63 55 47 39 31 23 151 58 50 42 34 26 18 7 62 54 46 38 30 2210 2 59 51 43 35 27 14 6 61 53 45 37 2919 11 3 60 52 44 36 21 13 5 28 20 12 4
49
![Page 50: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/50.jpg)
InitialKeyPermutation
• Permutationnotrandom
50
![Page 51: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/51.jpg)
GeneratingthePer-RoundKeys
• 16rounds:rotationfollowedbypermutation• Numberofbitsshifted– Single-bitrotateleftinrounds1,2,9,and16– Two-bitrotateleftintheotherrounds
51
![Page 52: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/52.jpg)
LefthalfofKi• PermutationofCi produceslefthalfofKi• Bits9,18,22,and25discarded:24bitsleft
permutationtoobtainthelefthalfofKi:
14 17 11 24 1 53 28 15 6 21 1023 19 12 4 26 816 7 27 20 13 2
52
![Page 53: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/53.jpg)
RighthalfofKi• PermutationofDi producesrighthalfofKi• Bits35,38,43,and54discarded• Ki 48bitslong
permutationtoobtaintherighthalfofKi:
41 52 31 37 47 5530 40 51 45 33 4844 49 39 56 34 5346 42 50 36 29 32
53
![Page 54: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/54.jpg)
Example
• Whatwillbetheroundkeysiftheinitialkeyis00…00?
54
![Page 55: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/55.jpg)
DESRound
• Eachofthe16rounds
55
![Page 56: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/56.jpg)
DESRound
• 64-bitinputdividedintotwo32-bithalvesLnandRn.
• Theroundgeneratesasoutput32-bitquantitiesLn+1 andRn+1.– Ln+1 =Rn– Rn+1=Ln ⊕ mangler(Rn,Kn)
• TheconcatenationofLn+1 andRn+1 isthe64-bitoutputoftheround.
56
![Page 57: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/57.jpg)
DESRound
• Fordecryption,howtogetLn andRn fromLn+1andRn+1?– Rn =Ln+1– Ln =Rn+1⊕ mangler(Rn,Kn)
• DESisreversiblewithoutconstrainingmanglerfunctiontobereversible,duetoFeistel.– Decryptionidenticaltoencryptionwith32-bithalvesswapped.Inotherwords,feedingRn+1|Ln+1intoroundnproducesRn|Ln asoutput.
57
![Page 58: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/58.jpg)
ManglerFunction
• Input:32-bitRand48-bitK• Firststep:expandRto48bits– breakRintoeight4-bitchunks– expandeachchunkto6bitsbytakingadjacentbitsandconcatenatingthemtochunk
58
![Page 59: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/59.jpg)
ManglerFunction
• 48-bitKbrokenintoeight6-bitchunks.• ChunkioftheexpandedRis⊕ 'dwithchunkiofKtoyielda6-bitoutput.
• 6-bitoutputisfedintoanS-box,asubstitutionwhichproducesa4-bitoutput.– inner4bits:row#– outer2bits:column#
59
![Page 60: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/60.jpg)
S-box
• 8S-boxes– The4-bitoutputofeachoftheeightS-boxesiscombinedinto32bits.
• Example:S-box1
60
![Page 61: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/61.jpg)
Example
• FindbelowtheS-boxS8 ofDES.SupposingtheinputtoS8 is19,calculatetheoutput.
61
![Page 62: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/62.jpg)
PermutationofS-boxResults
• 32-bitS-boxresultsarethenpermuted.• Interpretationoftable– 1st bitofoutputofthepermutationisthe16thinputbit,the2nd outputbitisthe7th inputbit,...the32nd outputbitisthe25th inputbit.
62
![Page 63: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/63.jpg)
StrengthofDES– KeySize
• 56-bitkeyshave256 =7.2x1016 values• bruteforcesearchlookshard• recentadvanceshaveshownispossible• mustnowconsideralternativestoDES
63
![Page 64: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/64.jpg)
DESExample
• Plaintext:02468aceeca86420• Key:0f1571c947d9e859• Ciphertext:da02ce3a89ecac3b
64
![Page 65: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/65.jpg)
DESExample
65
![Page 66: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/66.jpg)
AvalancheEffectinDES:ChangeinPlaintext
66
![Page 67: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/67.jpg)
AvalancheEffectinDES:ChangeinKey(1f1571c947d9e859)
67
![Page 68: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/68.jpg)
Example
• Assumethat0xFFFFFFFFFFFFFFFFistheinitialDESkey.SupposethatweknowE0xFFFFFFFFFFFFFFFF (0x0102030405060708)=0x0101010101010101. CalculateE0xFFFFFFFFFFFFFFFF (0x0101010101010101).
68
![Page 69: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/69.jpg)
InternationalDataEncryptionAlgorithm(IDEA)
• DevelopedbyETHZuria• Efficientinsoftware• Input:64-bitplaintext,128-bitkey• SimilartoDES,IDEAhasencryptionanddecryptionidenticalexceptforkeyexpansion.
69
![Page 70: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/70.jpg)
PrimitiveOperations
• EachprimitiveoperationinIDEAmapstwo16-bitquantitiesintoa16-bitquantity.
• Threeoperations,allreversible– bitwiseexclusiveor⊕– modifiedadd+:throwingawaycarries,oradditionmod216
– modifiedmultiply:firstcalculatingthe32-bitresult,andthentakingremainderdividedby216+1
70
![Page 71: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/71.jpg)
KeyExpansion
• 128-bitkeyto5216-bitkeys,K1,K2,...K52• First8keys:startingfromtheleft,choppingoff16bitsatatime
71
![Page 72: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/72.jpg)
KeyExpansion
• Next8keys:startingatbit25,andwrappingaroundtothebeginningwhentheendisreached
72
![Page 73: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/73.jpg)
KeyExpansion
• Next8keysaregeneratedbyoffsetting25morebits,andsoforth.
• Lastoffsetstartsatbit23,andonly4keys– 25*6mod128=22
• K50 andK51 areswapped
73
![Page 74: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/74.jpg)
IDEARound
• 17rounds,oddandevenroundsdifferent
74
![Page 75: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/75.jpg)
IDEARound
• 64-bitdatainput:treatedasfour16-bitquantities,Xa,Xb,Xc,andXd,toyieldnewversions.
• Keys:– Oddroundsuse4keys:Ka,Kb,Kc,andKd– Evenroundsuse2keys:Ke andKf
75
![Page 76: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/76.jpg)
OddRound
• Easilyreversibleindecryption– Sameoperationwithmultiplicative/additiveinversesofkeys
76
![Page 77: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/77.jpg)
EvenRound
• Evenroundisitsowninverse,samekeysfordecryption77
![Page 78: Course Info - Florida International University](https://reader036.vdocument.in/reader036/viewer/2022062502/62aff6a545642543ee5c6067/html5/thumbnails/78.jpg)
InverseKeysforDecryption
• Samecodecanperformeitherencryptionordecryptiongivendifferentexpandedkeys
• Inoddrounds,takeinversesofencryptionkeysandusetheminoppositeorder– E.g.encryptionkeysK49,K50,K51,andK52correspondingtodecryptionkeysK1,K2,K3,andK4
• Inevenrounds,samekeysforencryptionasdecryption
78