DESTripleDESandAES.pptVIP

7/3/01 7/3/01 CSPP 532 DES, Triple-DES, and AES Sandy Kutin CSPP 532 7/3/01 Symmetric Cryptography Secure communication has two parts: Establish a key (public key methods) Encrypt message symmetrically using key Symmetric encryption is faster Cryptographic scheme is only as good as its “weakest link” We need to understand strengths and weaknesses of symmetric encryption DES: Data Encryption Standard 1972: National Bureau of Standards begins search 1975: DES: Lucifer by IBM, modified by NSA (key reduced from 128 to 56 bits) Approved by NBS ‘76, ANSI ‘81 renewed every 5 years by NIST now considered obsolete DESiderata Secure: hard to attack Classic case: given ciphertext, get plaintext Also: given both, get key Achieved through diffusion, confusion Easy to implement (in hardware, software) Use a few fast subroutines Decryption uses same routines Easy to analyze Prove that certain attacks fail DEScription: Overview Block cipher: 64 bits at a time Initial permutation rearranges 64 bits (no cryptographic effect) Encoding is in 16 rounds DEScription: One Round 64 bits divided into left, right halves Right half goes through function f, mixed with key Right half added to left half Halves swapped (except in last round) DEScription: InsiDES Expand right side from 32 to 48 bits (some get reused) Add 48 bits of key (chosen by schedule) S-boxes: each set of 6 bits reduced to 4 P-box permutes 32 bits DESign Principles: Inverses MoDES of Operation ECB: Electronic CodeBook mode: Encrypt each 64-bit block independently Attacker could build codebook CBC: Cipher Block Chaining mode: Encryption: Ci = EK(Pi ? Ci-1) Decryption: Pi = Ci-1 ? DK(Ci) CFB, OFB: allow byte-wise encryption Cipher FeedBack, Output FeedBack PeDEStrian attacks Obvious attack: guess the key. 256 keys Complementation Property: 255 keys 1 million per second: 1100 years Store EK(P1) for all K: 512 petabytes Time/Memory Tradeoff (Hellman, 1980): 1 terabyte 5 days DEStroying Security Differential Cryp