After reading chapter 4, evaluate the history of the Data Encryption Standard (DES) and then how it has transformed cryptography w

Cryptography and Network Security:

Principles and Practice Eighth Edition

Chapter 4

Block Ciphers and the Data

Encryption Standard

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Stream Cipher (1 of 2)

• Encrypts a digital data stream one bit or one byte at a time

– Examples:

▪ Autokeyed Vigenère cipher

▪ Vernam cipher

• In the ideal case, a one-time pad version of the Vernam cipher

would be used, in which the keystream is as long as the

plaintext bit stream

– If the cryptographic keystream is random, then this cipher is

unbreakable by any means other than acquiring the

keystream

▪ Keystream must be provided to both users in advance

via some independent and secure channel

▪ This introduces insurmountable logistical problems if the

intended data traffic is very large

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Stream Cipher (2 of 2)

• For practical reasons the bit-stream generator must be

implemented as an algorithmic procedure so that the

cryptographic bit stream can be produced by both users

– It must be computationally impractical to predict future

portions of the bit stream based on previous portions of

the bit stream

– The two users need only share the generating key and

each can produce the keystream

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Block Cipher

• A block of plaintext is treated as a whole and used to

produce a ciphertext block of equal length

• Typically a block size of 64 or 128 bits is used

• As with a stream cipher, the two users share a symmetric

encryption key

• The majority of network-based symmetric cryptographic

applications make use of block ciphers

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 4.1 Stream Cipher and Block Cipher

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 4.2 General n-bit-n-bit Block

Substitution (shown with n = 4)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 4.1 Encryption and Decryption Tables for

Substitution Cipher of Figure 4.2

Plaintext Ciphertext

0000 1110

0001 0100

0010 1101

0011 0001

0100 0010

0101 1111

0110 1011

0111 1000

1000 0011

1001 1010

1010 0110

1011 1100

1100 0101

1101 1001

1110 0000

1111 0111

Ciphertext Plaintext

0000 1110

0001 0011

0010 0100

0011 1000

0100 0001

0101 1100

0110 1010

0111 1111

1000 0111

1001 1101

1010 1001

1011 0110

1100 1011

1101 0010

1110 0000

1111 0101

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Feistel Cipher

• Feistel proposed the use of a cipher that alternates substitutions and

permutations

• Substitutions

– Each plaintext element or group of elements is uniquely replaced

by a corresponding ciphertext element or group of elements

• Permutation

– No elements are added or deleted or replaced in the sequence,

rather the order in which the elements appear in the sequence is

changed

• Is a practical application of a proposal by Claude Shannon to develop

a product cipher that alternates confusion and diffusion functions

• Is the structure used by many significant symmetric block ciphers

currently in use

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Diffusion and Confusion • Terms introduced by Claude Shannon to capture the two basic building blocks

for any cryptographic system

– Shannon’s concern was to thwart cryptanalysis based on statistical

analysis

• Diffusion

– The statistical structure of the plaintext is dissipated into long-range

statistics of the ciphertext

– This is achieved by having each plaintext digit affect the value of many

ciphertext digits

• Confusion

– Seeks to make the relationship between the statistics of the ciphertext

and the value of the encryption key as complex as possible

– Even if the attacker can get some handle on the statistics of the

ciphertext, the way in which the key was used to produce that ciphertext is so complex as to make it difficult to deduce the key

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 4.3 Feistel Encryption and

Decryption (16 rounds)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Feistel Cipher Design Features (1 of 2)

• Block size

– Larger block sizes mean greater security but reduced

encryption/decryption speed for a given algorithm

• Key size

– Larger key size means greater security but may

decrease encryption/decryption speeds

• Number of rounds

– The essence of the Feistel cipher is that a single round

offers inadequate security but that multiple rounds offer

increasing security

• Subkey generation algorithm

– Greater complexity in this algorithm should lead to

greater difficulty of cryptanalysis

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Feistel Cipher Design Features (2 of 2)

• Round function F

– Greater complexity generally means greater resistance

to cryptanalysis

• Fast software encryption/decryption

– In many cases, encrypting is embedded in applications

or utility functions in such a way as to preclude a

hardware implementation; accordingly, the speed of

execution of the algorithm becomes a concern

• Ease of analysis

– If the algorithm can be concisely and clearly explained,

it is easier to analyze that algorithm for cryptanalytic

vulnerabilities and therefore develop a higher level of

assurance as to its strength

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Feistel Example

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Data Encryption Standard (DES)

• Issued in 1977 by the National Bureau of Standards (now

NIST) as Federal Information Processing Standard 46

• Was the most widely used encryption scheme until the

introduction of the Advanced Encryption Standard (AES) in

2001

• Algorithm itself is referred to as the Data Encryption

Algorithm (DEA)

– Data are encrypted in 64-bit blocks using a 56-bit key

– The algorithm transforms 64-bit input in a series of

steps into a 64-bit output

– The same steps, with the same key, are used to

reverse the encryption

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 4.5 General Depiction of DES

Encryption Algorithm

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 4.2 DES Example

Note: DES subkeys are shown as eight 6-bit values in hex format

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 4.3 Avalanche Effect in DES: Change in Plaintext

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 4.4 Avalanche Effect in DES: Change in Key

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 4.5 Average Time Required for Exhaustive

Key Search

Key Size

(bits) Cipher

Number of

Alternative Keys

Time Required at 109

Decryptions/s

Time Required

at 1013

Decryptions/s

56 DES 256 ≈ 7.2 × 1016 255 ns = 1.125 years 1 hour

128 AES 2128 ≈ 3.4 × 1038 2127 ns = 5.3 × 1021 years 5.3 × 1017 years

168 Triple DES 2168 ≈ 3.7 × 1050 2167 ns = 5.8 × 1033 years 5.8 × 1029 years

192 AES 2192 ≈ 6.3 × 1057 2191 ns = 9.8 × 1040 years 9.8 × 1036 years

256 AES 2256 ≈ 1.2 × 1077 2255 ns = 1.8 × 1060 years 1.8 × 1056 years

26 characters

(permutation)

Monoalphabetic 2! = 4 × 1026 2 × 1026 ns = 6.3 × 109

years

6.3 × 106 years

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Strength of DES

• Timing attacks

– One in which information about the key or the plaintext is

obtained by observing how long it takes a given

implementation to perform decryptions on various

ciphertexts

– Exploits the fact that an encryption or decryption algorithm

often takes slightly different amounts of time on different

inputs

– So far it appears unlikely that this technique will ever be

successful against DES or more powerful symmetric ciphers

such as triple DES and AES

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Block Cipher Design Principles:

Number of Rounds • The greater the number of rounds, the more difficult it is to

perform cryptanalysis

• In general, the criterion should be that the number of

rounds is chosen so that known cryptanalytic efforts

require greater effort than a simple brute-force key search

attack

• If DES had 15 or fewer rounds, differential cryptanalysis

would require less effort than a brute-force key search

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Block Cipher Design Principles:

Design of Function F • The heart of a Feistel block cipher is the function F

• The more nonlinear F, the more difficult any type of cryptanalysis will be

• The SAC and BIC criteria appear to strengthen the effectiveness of the

confusion function

The algorithm should have good avalanche properties

• Strict avalanche criterion (SAC)

– States that any output bit j of an S-box should change with probability 1/2

when any single input bit i is inverted for all i , j

• Bit independence criterion (BIC)

– States that output bits j and k should change independently when any single input bit i is inverted for all i , j , and k

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Block Cipher Design Principles: Key

Schedule Algorithm

• W ith any Feistel block cipher, the key is used to generate one

subkey for each round

• In general, we would like to select subkeys to maximize the

difficulty of deducing individual subkeys and the difficulty of

working back to the main key

• It is suggested that, at a minimum, the key schedule should

guarantee key/ciphertext Strict Avalanche Criterion and Bit Independence Criterion

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Summary

• Explain the concept of the avalanche effect

• Discuss the cryptographic strength of DES

• Summarize the principal block cipher design principles

• Understand the distinction between stream ciphers and block ciphers

• Present an overview of the Feistel cipher and explain how decryption

is the inverse of encryption

• Present an overview of Data Encryption Standard (DES)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Copyright

This work is protected by United States copyright laws and is

provided solely for the use of instructors in teaching their

courses and assessing student learning. Dissemination or sale of

any part of this work (including on the World Wide Web) will

destroy the integrity of the work and is not permitted. The work

and materials from it should never be made available to students

except by instructors using the accompanying text in their

classes. All recipients of this work are expected to abide by these

restrictions and to honor the intended pedagogical purposes and

the needs of other instructors who rely on these materials.