Scribd Logo
Upload

Welcome to Scribd!

  • 4 views

    Fig: Feistel Encryption and Decryption

    Uploaded by

    DHARINI R SIT 2020

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Fig: Feistel Encryption and Decryption

    Uploaded by

    DHARINI R SIT 2020
    4 views9 pages

    Original Title

    11

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    4 views9 pages

    Fig: Feistel Encryption and Decryption

    Uploaded by

    DHARINI R SIT 2020

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 9

    Fig: Feistel encryption and decryption

    The process of decryption is essentially the same as the encryption process. The rule is as follows:
    use the cipher text as input to the algorithm, but use the subkey k i in reverse order. i.e., kn in
    the first round, kn-1 in second round and so on. For clarity, we use the notation LEi and REi for
    data traveling through the decryption algorithm. The diagram below indicates that, at each
    round, the intermediate value of the decryption process is same (equal) to the corresponding value
    of the encryption process with two halves of the value swapped.

    i.e., REi || LEi (or) equivalently RD16-i || LD16-i


    After the last iteration of the encryption process, the two halves of the output are
    swapped, so that the cipher text is RE16 || LE16. The output of that round is the cipher text. Now
    take the cipher text and use it as input to the same algorithm. The input to the first round is RE16
    || LE16, which is equal to the 32-bit swap of the output of the sixteenth round of the
    encryption process.
    Now we will see how the output of the first round of the decryption process is equal to a
    32-bit swap of the input to the sixteenth round of the encryption process. First consider the
    encryption process,
    LE16 = RE15
    RE16 = LE15 F (RE15, K16) On the decryption side,
    LD1 =RD0 = LE16 =RE15
    RD1 = LD0 F (RD0, K16)
    = RE16 F (RE15, K16)
    = [LE15 F (RE15, K16)] F (RE15, K16)
    = LE15
    Therefore, LD1 = RE15

    RD1 = LE15 In general, for the ith iteration of the encryption algorithm, LEi = REi-1
    REi = LEi-1 F (REi-1, Ki)
    Finally, the output of the last round of the decryption process is RE0 || LE0. A 32-bit swap
    recovers the original plaintext.
    MODULE - II
    BLOCK CIPHER PRINCIPLES
    Virtually, all symmetric block encryption algorithms in current use are based on a structure
    referred to as Fiestel block cipher. For that reason, it is important to examine the design principles
    of the Fiestel cipher. We begin with a comparison of stream cipher with block cipher.
    • A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. E.g,
    vigenere cipher. A block cipher is one in which a block of plaintext is treated as a whole and
    used to produce a cipher text block of equal length. Typically a block size of 64 or 128 bits is
    used.
    Block cipher principles
    • most symmetric block ciphers are based on a Feistel Cipher Structure needed since must be
    able to decrypt ciphertext to recover messages efficiently. block ciphers look like an extremely
    large substitution
    • would need table of 264 entries for a 64-bit block
    • Instead create from smaller building blocks
    • using idea of a product cipher in 1949 Claude Shannon introduced idea of substitu-
    tion-permutation (S-P) networks called modern substitution-transposition product cipher
    these form the basis of modern block ciphers
    • S-P networks are based on the two primitive cryptographic operations we have seen before:
    • substitution (S-box)
    • permutation (P-box)
    • provide confusion and diffusion of message
    • diffusion – dissipates statistical structure of plaintext over bulk of ciphertext
    • confusion – makes relationship between ciphertext and key as complex as possible

    DATA ENCRYPTION STANDARD (DES)

    In May 1973, and again in Aug 1974 the NBS (now NIST) called for possible encryption
    algorithms for use in unclassified government applications response was mostly disappointing,
    however IBM submitted their Lucifer design following a period of redesign and comment it
    became the Data Encryption Standard (DES)
    it was adopted as a (US) federal standard in Nov 76, published by NBS as a hardware only scheme
    in Jan 77 and by ANSI for both hardware and software standards in ANSI X3.92-1981 (also
    X3.106-1983 modes of use) subsequently it has been widely adopted and is now published in
    many standards around the world cf Australian Standard AS2805.5-1985
    one of the largest users of the DES is the banking industry, particularly with EFT, and EFTPOS
    it is for this use that the DES has primarily been standardized, with ANSI having twice
    reconfirmed its recommended use for 5 year periods - a further extension is not expected however
    although the standard is public, the design criteria used are classified and have yet to be released
    there has been considerable controversy over the design, particularly in the choice of a 56-bit key
    · recent analysis has shown despite this that the choice was appropriate, and that DES is well
    designed
    · rapid advances in computing speed though have rendered the 56 bit key susceptible to
    exhaustive key search, as predicted by Diffie & Hellman
    · the DES has also been theoretically broken using a method called Differential
    Cryptanalysis, however in practice this is unlikely to be a problem (yet)

    Overview of the DES Encryption Algorithm

    · the basic process in enciphering a 64-bit data block using the DES consists of:
    o an initial permutation (IP)
    o 16 rounds of a complex key dependent calculation f
    o a final permutation, being the inverse of IP
    · in more detail the 16 rounds of f consist of:

    · this can be described functionally as


    L(i) = R(i-1)
    R(i) = L(i-1) (+) P(S( E(R(i-1))(+) K(i) ))
    and forms one round in an S-P network
    · the subkeys used by the 16 rounds are formed by the key schedule which consists of:
    o an initial permutation of the key (PC1) which selects 56-bits in two 28-bit halves
    o 16 stages consisting of
    o selecting 24-bits from each half and permuting them by PC2 for use in function f,
    o rotating each half either 1 or 2 places depending on the key rotation schedule KS
    · this can be described functionally as:
    K(i) = PC2(KS(PC1(K),i))
    · the key rotation schedule KS is specified as:
    Round 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
    KS 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
    Total Rot 1 2 4 6 8 10 12 14 15 17 19 21 23 25 27 28

    · more details on the various DES functions can be found in your textbooks
    · following is a walk-through of a DES encryption calculation taken from:
    H Katzan, "The Standard Data Encryption Algorithm", Petrocelli Books, New York, 1977

    DES Modes of Use


    · DES encrypts 64-bit blocks of data, using a 56-bit key
    · we need some way of specifying how to use it in practise, given that we usually have an
    arbitrary amount of information to encrypt
    · the way we use a block cipher is called its Mode of Use and four have been defined for the
    DES by ANSI in the standard: ANSI X3.106-1983 Modes of Use)
    · modes are either:
    Block Modes
    Splits messages in blocks (ECB, CBC)
    Electronic Codebook Book (ECB)
    - Where the message is broken into independent 64-bit blocks which are encrypted
    C_(i) = DES_(K1) (P_(i))

    Cipher Block Chaining (CBC)


    Again the message is broken into 64-bit blocks, but they are linked together in the encryption
    operation with an IV C_(i) = DES_(K1) (P_(i)(+)C_(i-1)) C_(-1)=IV

    Stream Modes
    On bit stream messages (CFB, OFB)

    Cipher Feedback (CFB)


    - Where the message is treated as a stream of bits, added to the output of the DES, with the result
    being feedback for the next stage
    C_(i) = P_(i)(+) DES_(K1) (C_(i-1)) C_(-1)=IV

    Output Feedback (OFB)


    - Where the message is treated as a stream of bits, added to the message, but with the feedback
    being independent of the message
    C_(i) = P_(i)(+) O_(i) O_(i) = DES_(K1)(O_(i-1)) O_(-1)=IV
    · each mode has its advantages and disadvantages

    Limitations of Various Modes


    ECB
    · repetitions in message can be reflected in ciphertext
    o if aligned with message block
    o particularly with data such graphics
    o or with messages that change very little, which become a code-book analysis
    problem
    · weakness is because enciphered message blocks are independent of each other
    CBC
    · use result of one encryption to modify input of next
    o hence each ciphertext block is dependent on all message blocks before it
    o thus a change in the message affects the ciphertext block after the change as well as
    the original block

    to start need an Initial Value (IV) which must be known by both sender and receiver
    o however if IV is sent in the clear, an attacker can change bits of the first block, and
    change IV to compensate
    o hence either IV must be a fixed value (as in EFTPOS) or it must be sent encrypted
    in ECB mode before rest of message
    · also at the end of the message, have to handle a possible last short block
    o either pad last block (possible with count of pad size), or use some fiddling to
    double up last two blocks
    o see Davies for examples

    CFB
    · when data is bit or byte oriented, want to operate on it at that level, so use a stream mode
    · the block cipher is use in encryption mode at both ends, with input being a feed-back
    copy of the ciphertext
    · can vary the number of bits feed back, trading off efficiency for ease of use
    · again errors propogate for several blocks after the error
    OFB
    · also a stream mode, but intended for use where the error feedback is a problem, or where
    the encryptions want to be done before the message is available
    · is superficially similar to CFB, but the feedback is from the output of the block cipher and
    is independent of the message, a variation of a Vernam cipher
    · again an IV is needed
    · sender and receiver must remain in sync, and some recovery method is needed to ensure
    this occurs
    · although originally specified with varying m-bit feedback in the standards, subsequent
    research has shown that only 64-bit OFB should ever be used (and this is the most efficient use
    anyway), see
    D Davies, G Parkin, "The Average Cycle Size of the Key Stream in Output Feedback
    Encipherment" in Advances in Cryptology - Crypto 82, Plenum Press, 1982, pp97-98

    DES Weak Keys


    · with many block ciphers there are some keys that should be avoided, because of reduced
    cipher complexity
    · these keys are such that the same sub-key is generated in more than one round, and they
    include:

    Weak Keys
    · he same sub-key is generated for every round
    · DES has 4 weak keys

    Semi-Weak Keys
    · only two sub-keys are generated on alternate rounds
    · DES has 12 of these (in 6 pairs)

    You might also like