modern block ciphers
DESCRIPTION
Modern Block Ciphers. CSIS 5857: Encoding and Encryption. Block Ciphers. Encrypting one bit at a time ineffective (only one possible substitution: 1 0, 0 1) Must map one block of plaintext bits to ciphertext Example: 11010010 01101011 Key question: Good block size - PowerPoint PPT PresentationTRANSCRIPT
Modern Block Ciphers
CSCI 5857: Encoding and Encryption
Outline
• Binary blocks and keys• The XOR function• Structure of modern round cipher• Permutation and Substitution boxes
Block Ciphers• Long plaintext messages broken up into blocks
• Encryption substitutes n bit block of ciphertext for n bit block of plaintext– Example: 11010010 10001011 01000111
01101011 10010110 10110001
• Key question: Good block size– 8 bits too small: just maps one ASCII character to
another (monoalphabetic cipher)– Usually 64, 128, 256, or 512 bits
Binary Keys
• Key: Binary number 32 to 256 bits long
• Minimum size now 128 bits to defeat exhaustive search attacks
• Amount of information stored by key is limited
(128 bit key equivalent to 16 ASCII characters)
Substitution and Block Ciphers
• Standard binary key insufficient to represent even simple monoalphabetic substitution cipher– Example: Block size 64 bits– 264 possible blocks, each of which needs a
corresponding ciphertext block listed– Key: 264 x 64 bits long >> 256 bits for normal binary key– Number of mappings with 256-bit key
<< all possible mappings of 64 bit blocks
Transposition and Binary TextTransposition ciphers of binary text easy to break• Small alphabet reduces distinguishable permutations
– 11001011 encrypted with 70351264 11001011
• Example: 64-bit ciphertext block with 8 1’s and 56 0’s
– Only (64 x 63 x 62 x 61 x 60 x 59 x 58 x 57)/ (8 x 7 x 6 x 5 x 4 x 3 x 2 x 1) = 4,426,165,368 combinations of 8 1’s and 56 0’s
– Easily broken with exhaustive search (each successive block reduces number of possible combinations)
Binary Functions
• Since both text and key binary, can use binary function to encrypt/decrypt
• Example: AND function– Plaintext: 1001101110101100– Key: 1101100011001010– Ciphertext: 1001100010001000
Invertible Binary Functions• Problem: Binary function must be invertible• Otherwise, cannot uniquely decrypt message• AND not invertible
– Plaintext: ? could be either 1 or 0 – Key: 0– Ciphertext: 0
???
Exclusive Or Function (XOR)• Definition:
• 1 if operands not equal0 if operands equal
P K C = P K1 1 01 0 10 1 10 0 0
Plaintext
Key
Ciphertext
XOR is Invertible
• XOR is its own inverse: C = P K P = C K
C = P K K P must be:1 1 01 0 10 1 10 0 0
Plaintext
Ciphertext
Plaintext
Ciphertext
Key
encryption
decryption
XOR and Block Ciphers• Most modern block ciphers use XOR to
produce ciphertext from plaintext and key Simple Example (8 bit key and blocks):• Encryption:
Plaintext: 10010101 00100110 01110101Key: 10100110 10100110 10100110Ciphertext: 00110011 10000000 01010011
• Decryption:Ciphertext: 00110011 10000000 01010011Key: 10100110 10100110 10100110Plaintext: 10010101 00100110 01110101
XOR Alone is Breakable
• K = P C • Key can be computed from single known plaintext
“This is too easy!”
Plaintext
Key
Ciphertext
Confusion and Diffusion
• Diffusion:– Hiding relationship between plaintext and ciphertext– Changing one plaintext bit should change many bits
in ciphertext
• Confusion:– Hiding relationship between ciphertext and key– Changing one key bit should change many characters
in ciphertext
Product Cipher
• Substitution and permutation can be used to add diffusion and confusion
Plaintext
Key
CiphertextSubstitution permutation
Substitution permutation
adds diffusion
adds confusion
Substitution permutation
Invertibility • Transformations on plaintext must be invertible• Transformations on key do not
– Don’t care if can’t recover key from ciphertext
Plaintext
Key
CiphertextSubstitution permutation
Substitution permutation
Must be invertible
Does not have to be invertible
Substitution permutation
Rounds in Product Cipher
• Most ciphers have many rounds of substitution, permutation, and XOR
• Maximizes diffusion
P
key 1
Csubst/perm
round 1
key 2
subst/perm
round 2
key n
subst/perm
round n
…
Key Generation• Most ciphers generate separate round keys from
main key using substitution/permutation
P
round key 1
Csubst/perm
round 1
round key 2
subst/perm
round 2
round key n
subst/perm
round n
…
main key K
subst/perm subst/perm subst/perm…
Keyless Ciphers• Substitution/permutation not based on key
– “Hardwired” into cipher– Assume known by adversary
• Simply used to add diffusion/confusion
subst/perm
round i
subst/perm
… …P C
K
“I know this, but still can’t figure out what P and K are”
P-Boxes for Permutation• Number in box gives position of
corresponding input bit in output• Example: 16-bit P-Box
12 7 1 8 15 11 2 5 16 4 13 10 9 3 14 6 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Input1 1 0 1 0 1 0 1 0 0 0 1 0 1 1 0
1 0 1 1 1 0 1 0 0 1 0 0 0 0 1 1 Output
Invertible P-Boxes• P-Box invertible if each input maps to one and only
one output– Example: Same 16-bit P-Box
– Swap numbers and indices
– Resort by indices
12 7 1 8 15 11 2 5 16 4 13 10 9 3 14 6 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1612 7 1 8 15 11 2 5 16 4 13 10 9 3 14 6
3 7 14 10 8 16 2 4 13 12 6 1 11 15 14 9 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Shift and Swap P-Boxes
• Shift Box moves inputs over by some n bits– May be circular, shifting bits at end to beginning– Example: 8-bit right circular shift box
• Swap box swaps two or more blocks of bits– Example: swapping two adjacent 4-bit blocks
8 1 2 3 4 5 6 7
5 6 7 8 1 2 3 4
Compression/Expansion P-Boxes• Compression P-Box:
Not all inputs map to an output• Example: 8 x 6 P-Box
– 8 inputs, only 6 outputs– Note that inputs 3 and 5 do not map to an output
7 4 1 8 6 2
Compression/Expansion P-Boxes• Expansion P-Box:
Some inputs map to multiple outputs• Example: 8 x 12 P-Box
– 8 inputs, 12 outputs– Note that inputs 1, 4, 5, and 7 map to two different
outputs
6 5 1 8 7 2 7 4 5 3 1 4
Compression/Expansion P-Boxes• Compression and Expansion P-Boxes not invertible
– Compression boxes lose information– Can invert expansion box only if output has identical
values corresponding to inputs that are duplicated• 1010 11234 11010• ? 11234 10010
• Used primarily in key generation– Example: Creating 16 32-bit round keys from single
128-bit key
S-Boxes for Substitution• Map blocks of plaintext to ciphertext
– Example: 3 x 3 S-Box
– Often simplify by making “2 dimensional”Example: First bit of input determines row of output
Input 000 001 010 011 100 101 110 111Output 011 101 111 100 000 010 001 110
00 01 10 110 011 101 111 1001 000 010 001 110
Invertible S-Boxes• Must have same number of inputs and outputs
– Example: 3 x 2 compression S-Box
• Each output must be unique
00 01 10 110 00 10 01 111 10 00 11 01
Input 000 001 010 011 100 101 110 111Output 011 101 111 100 011 010 001 110