Download - Digital Encryption Standard
-
8/17/2019 Digital Encryption Standard
1/30
DES
• Developed in early 1970s at IBM and based onan earlier design by Horst Feistel.
• Standardized in 1977 by National Brea o!
Standards• Most poplar blo"# "yp$er !or %ost o! t$e last
&0 years
• No'adays( inse"re de to s%all #ey lengt$(
)*bit• Bt+ &DES yields very se"re "ip$er( still sed
today.
• ,epla"ed by -ES in 000
-
8/17/2019 Digital Encryption Standard
2/30
/vervie' o! DES -lgorit$%
64
64
k 56
x
y
DES
-
8/17/2019 Digital Encryption Standard
3/30
IterativeStr"tre o!DES
• First step is I
• $en( en"ryption donein 1* ronds
• So( 2ey 2 is divided into1* sb3#eys.
• Finally( per%tationagain
-
8/17/2019 Digital Encryption Standard
4/30
Initial and Final
er%tations• Bit'ise er%tation
• 5an be vie'ed as si%ple "ross3'iring
•
Easily i%ple%ented in $ard'are( bt noso !ast in so!t'are
-
8/17/2019 Digital Encryption Standard
5/30
Initial er%tation61
-
8/17/2019 Digital Encryption Standard
6/30
-
8/17/2019 Digital Encryption Standard
7/30
Finaler%tation
5on"ept is sa%e as Initialonly t$e table sed is
di:erent '$i"$ is s$o'n$ere.
Note+
I6; and I6< are trly
inverse operations.
i.e. I6 = 1
-
8/17/2019 Digital Encryption Standard
8/30
$e FeistelStr"tre o!DES61
-!ter I o! *> bit( plainte
-
8/17/2019 Digital Encryption Standard
9/30
$e ! 3!n"tion• ?ets "onsider it$ rond(
• E
-
8/17/2019 Digital Encryption Standard
10/30
-
8/17/2019 Digital Encryption Standard
11/30
SbstittionBo3bit otpt.
•
Ea"$ s3bo< "ontains = *> entries('$i"$ are represented by table 'it$1* "ol%ns and > ro's.
• -ll S3bo
-
8/17/2019 Digital Encryption Standard
12/30
,eading S3tables
$e inpt to ea"$ S3bo bit
$e %ost signi"ant bit 6MSB and t$e least signi"ant bit 6?SB o!ea"$ * bit inpt gives t$e ro' o! t$e table( '$ile in!er > bits sele"tst$e "ol%n.
$e inter 0(1(.1) represent t$e de"i%al notation o! > bit vale
For e
-
8/17/2019 Digital Encryption Standard
13/30
-
8/17/2019 Digital Encryption Standard
14/30
-
8/17/2019 Digital Encryption Standard
15/30
e er% a on'it$in t$e !3!n"tion
Finally( t$e & bit otpt isper%ted bit'isea""ording to t$e tables$o'n
nli#e I and I31( t$is!n"tion introd"esdi:sion be"ase > bitotpt !ro% S3bo< isper%ted in s"$ a 'ayt$at every bit !or% plainte
-
8/17/2019 Digital Encryption Standard
16/30
$e FeistelStr"tre o!
DES6• Here(
?i = ,iA1(
,i = ?iA1 ! 6 ,iA1(#i
'$ere( i = 1((.1*
• -!ter ,ond 1* o!en"ryption t$e otpt o!Feistel Str"tre ?1*and ,1* is s'apped
• Final per%tation isdone
i.e.
$i"$ yields
G = DES#6
-
8/17/2019 Digital Encryption Standard
17/30
2ey s"$edle!or DES
En"ryption• /!ten stated as *> bit( bt every 8t$
bit are sed as odd parity overpre"eding 7 bits.
• Initial #ey er%tation 531 is doneignoring parity bits
• ,eslting )* bit #ey is split into $alves 5i and Di
$ere( i = 1((.1*
• $e t'o 8 bits $alves are "y"li"allys$i!ted le!t i.e. rotated
• ,onds i = 1((9(1* by 13bit
• ,onds i 1((9(1* by 3bit
• Interestingly 50 = 51* and D0 =D1*
• #ey er%tation 53 is done inea"$ it$ rond to red"e sb#ey to>8 bit.
t d 5$ i 1
-
8/17/2019 Digital Encryption Standard
18/30
er%ted 5$oi"e 16531
$e le!t and rig$t $alves o! t$e table s$o's '$i"$ bit !ro% t$e inpt!or% t$e le!t and rig$t se"tion.
/nly )* bits o! *> bits o! inpts are sele"ted.
$e re%aining eig$t 68(1*(&(>0(>8()*(*> are ignored '$i"$ 'erespe"ied !or se as parity bits.
-
8/17/2019 Digital Encryption Standard
19/30
er%ted5$oi"e 653
• $is per%tation
sele"ts t$e >83bit sb#ey !or ea"$ rond !ro%)*3bit #ey s"$edlestate.
• Here bits69(18(()(&)(&8(>&()>
are ignored to get >8bit sb #ey
-
8/17/2019 Digital Encryption Standard
20/30
DES En"ryption/vervie'
-
8/17/2019 Digital Encryption Standard
21/30
DES
De"ryption
De"ryption ist t$e sa%e!n"tion as En"ryption
Be"ase DES is based on
Feistel net'or#( only #eys"$edle $as to bereversed.
$s( #ey s"$edlealgorit$% $ave togenerate rond #eys as
t$e seen"e #1*( #1)(..(#1
-
8/17/2019 Digital Encryption Standard
22/30
,everse 2ey S"$edle 61
• Sin"e( 50 = 5 1* and D0 = D1*
• Hen"e( #1* "an be dire"tlyderived a!ter 5 31
• 2 1* = 53651*(D1*
=53650(D0 =5365316#
• 2 1) = 53651)(D1)
=536,S651*(,S6D1*
= 536,S650(,S6D0
• Sbseently rond #eys 21>(21&(21 are derived via rig$ts$i!ts in si%ilar !as$ion
-
8/17/2019 Digital Encryption Standard
23/30
,eversed 2eyS"$edle 6
• In de"ryption 1( t$e #eyis not rotated
• In de"ryption rond
(9(and 1* rotation isby 1 bit rig$t
• In ot$er rond&(>()(*(7(8(10(11(1(1&(1> and 1) rotation is byt'o bits.
-
8/17/2019 Digital Encryption Standard
24/30
Feistel Net'or# !orDe"ryption
• Here( t$e de"ryption !n"tionreverses t$e DES en"ryptionby rond3by3rond %anner.
• Means de"ryption rond 1reverses en"ryption rond 1*and de"ryption rond reverses en"ryption rond 1and so on
6?d0(,d0 = I6G
= I6I6,1*(?1*
= 6,1*(?1*
Hen"e(
Ld 0 = R1*
Rd 0 = L1* = R1)
e s e e 'or or
-
8/17/2019 Digital Encryption Standard
25/30
e s e e 'or orDe"ryption6
$e rst de"ryption rond 1 in ter%s o! t$e
inpt vales o! t$e last en"ryption rond 6L1),R1)
Here(
?d1 = ,d0 = ?1* = ,1)
,d1= ?d0 ! 6,d0(#1* = ,1* ! 6?1*(#1*
,d1= J?1) ! 6,1)(#1*K ! 6,1)(#1*
,d1= ?1)J ! 6,1)(#1* ! 6,1)(#1*K = ?1)
Hen"e
?d1 = ,1)
,d1== ?1)
So( 'e "an easily derive !or ?d1 and ,d1)
?d = ,1>
,d== ?1>
-
8/17/2019 Digital Encryption Standard
26/30
Feistel Net'or# !or De"ryption6&
• $s ne
-
8/17/2019 Digital Encryption Standard
27/30
Se"rity o! DES
• 5riti"is% to'ards DES+• 2ey spa"e too s%all 6L)* #eys
• S3 bo< design "riteria $as been #ept se"ret+
$i"$ lead to t$e idea o! $aving ba"#doors(only #no'n to NS-
• -nalyti"al -tta"#s+ Hig$ly ,esistant tobot$ Di:erential and ?inear5ryptanalysis. So !ar t$ere is no #no'nanalyti"al atta"#s '$i"$ brea#s DES inrealisti" s"enarios.
• Brte For"e -tta"#+ ,elatively easy"onsidering todays te"$nology
-
8/17/2019 Digital Encryption Standard
28/30
History o! -tta"#s on DES
• 1977 DiOe C Hill%an( esti%ated t$e "ost o! #ey sear"$ %a"$ine
• 1990 Bi$a% C S$a%ir proposed di:erential "yptanalysis 6L>7 "$osenplainte.) %ont$s
• 1998 DES 5$allenge II 1 bro#en t$rog$ brte3!or"eQ distribted e:orton t$e Internet too# &9 days
• 1998 DES 5$allenge II bro#en t$rog$ brte3!or"eQ Ele"troni" FrontierFondation bilt t$e Deep 5ra"# #ey3sear"$ %a"$ine !or abot P)0(000.
$e atta"# too# )* $ 61) days average• 1999 3 DES 5$allenge III bro#en t$rog$ brte3!or"e by distribted
Internet e:ort "o%bined 'it$ Deep 5ra"# and a total sear"$ ti%e o! $ors
• 2006 3 niversities o! Bo"$% and 2iel bilt 5/-5/B-N- #ey3sear"$%a"$ine based on lo'3"ost FR-s !or appro
-
8/17/2019 Digital Encryption Standard
29/30
riple DES• Sy%%etri"3#ey( blo"# "ip$er '$i"$ applies t$e 6DES
"ip$er algorit$% t$ree ti%es to ea"$ data blo"#
• rovides a relatively si%ple %et$od o! in"reasing #ey sizeo! DES 'it$ot need to design a "o%pletely designing ane' "ip$er algorit$%
• y = DES#& 6DES# 6DES#1 6
-
8/17/2019 Digital Encryption Standard
30/30
,e!ren"es+
• nderstanding 5ryptograp$y by 5$risto!aar C an elzl
• i#ipedia