Block ciphers

Product’ = permutation + substitution. • Iterated cipher = many rounds – Key schedule– schedule: • Key K is used to construct Nr round keys (subkeys) K1, …, KNr. – Round function g: • stater = g(stater-1, Kr). • state0 = x.

Block ciphers

Product ciphers

The Data Encryption Standard

History of DES

¢ May 1973, the National Institute of Standards and Technology (NIST) published a

solicitation for cryptosystems

¢ The Data Encryption Standard (DES), first

version in 1975, developed by IBM, then

became the standard in 1977

¢ DES was used for 20 years until AES appeared

DES—S boxes

For each S box: 6 bits > 4 bits An S box is a 4x16 array:

*6 bits (b,b,b,b,b;b,) are divided into 2-bit (b,b,) row number, °4-bit (b,b,b,b;) column number, the output is the value

DES— computation of key schedule

K (64 bits) Actual key is 64 bits, of which 56 bits are

TT key and 8 bits are parity-check, in the

(PC-1 |} ? positions 8,16,24, , 64

(28 bits) ~y—~ (28 bits)

Analysis of DES

¢ The decryption of DES 1s the exact same as the encryption, but with the 16 sub-keys reversed ¢ Problem is that key length is too short

— Easy to be broken by exhaustive key search, e.g., “DES challenge III” finds the DES key in 22 hours, 15

minutes, in 1999

— Easy to be broken by differential cryptanalysis and

linear cryptanalysis

DES modes of operation

¢ 4 different modes of DES operation:

— Electronic Codebook mode (ECB)

¢ Naive use of DES: each 64-bit block encrypted to 64-bit cipher block

 Y=y) Y; Ơ, = DES,(x,) DES; (x,) DES; (x,)

— Cipher Block Chaining mode (CBC)

¢ Define y,=IV, (initialization vector), then y=DES,(y;., © x;) — Output Feedback mode (OFB)

¢ A synchronous stream cipher:

— Z=IV, z=DES,(Z;1), y=x, P Z;

— Cipher Feedback mode (CFB)

Properties of four DES modes

¢ ECB: identical plaintext blocks to get identical ciphertext blocks

¢ ECB and OFB: any change in block x, only affects cipher block y,, not other In some situation such as unreliable communication channel, this is a good property E.g., OFB is used to encrypt satellite transmissions

¢ CBC and CFB: if a block x, is changed, the cipher block y; and all subsequent blocks are changed This property is good for authentication E.g., these two modes can be used to generate Message Authentication Code (MAC)

Triple DES Plaintext

Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES)

Intended to replace DES Block length is 128 bits

Key length is 128, or 192, or 256 bits

Iterated cipher: Nr=10/12/14 rounds for key length 128/192/256 respectively

Of course, very secure No better known attack other than exhaustive key search

History of AES

¢ In 1997, NIST needed an advanced

encryption standard (AES) to replace DES ¢ From 1998 to 2000, many cryptosystem

candidates submitted The final 5 ones

were: MARS, RC6, Rijndael, Serpent, and Twofish

° In 2000, Rijndael was selected for the AES

Then become the standard in 2001

Advanced Encryption Standard (AES)

A private key encryption scheme

An US Federal Information Processing Standard (FIPS) PUB 197 http://csrc.nist.gov/publications/fips/fips197/fips- 197.pdf) AES has a fixed block size of 128 bits and a key size of 128, 192 or 256 bits

Each block passes through certain number of

rounds of operations, depending on the key length

Each round contains four transformations,

AES—brief description

Given a plaintext x (length 128 bits), initialize State to be x, and perform an operation ADDROUNDKEY, which 1s x-

ors the RoundKey with State

For each of first Nr-1 rounds, perform a substitution operation called SUBBYTES on State using an S-box;

perform a permutation SHIFTROWS on State; perform an operation MIXCOLUMNS on State; and perform

ADDROUNDKEY on State

(Final round) perform SUBBYTES; perform

SHIFTROWS; and perform ADDROUNDKEY, all are on

State

AES States ¢ Transition of input (message) bytes,

input bytes State array oniput bytes ig | ig | ïs | ?nạ Soo | Sor | Soa | So3 OHfa | O1f4 | OMfs |OHft3

SubBytes Transformation, s.| |S„.|s Š-Box ttal %„ | #a2|s “99 | “01 0.2) "634." 040 01 03 — | + 5 $ t2 | Ÿt3 Shy F + | địa ` r.c ` c —— ’ i § 5 q Sy $5 2 5 $ í 5 1 $5 ` 55 3 Sep'| Say | Say] Sis Hig | Mag: | Sen | Sa

S-box was derived from the calculations of

binary polynomials based on some mathematical theories

MixColumns Transformation, MixColumns ()

A lookup table, derived from the calculations of binary

polynomials based on some mathematical theories, is available

AddRoundKey Transformation, l=round* 4

¡1s a subkey originated from a key seed via

a deterministic key expansion algorithm

AES Decryption

¢ Each transformation 1s invertible,

Criteria for the selection of a cryptosystem 1) Security 2) Cost (speed and memory requirements) — Software — Hardware — Smart card

3) Algorithm and implementation characteristics ¢ Riyndael was chosen for AES with the

combination of all criteria

The end