X

Download Block Ciphers PowerPoint Presentation

SlidesFinder-Advertising-Design.jpg

Login   OR  Register
X


Iframe embed code :



Presentation url :

Home / Business & Management / Business & Management Presentations / Block Ciphers PowerPoint Presentation

Block Ciphers PowerPoint Presentation

Ppt Presentation Embed Code   Zoom Ppt Presentation

PowerPoint is the world's most popular presentation software which can let you create professional Block Ciphers powerpoint presentation easily and in no time. This helps you give your presentation on Block Ciphers in a conference, a school lecture, a business proposal, in a webinar and business and professional representations.

The uploader spent his/her valuable time to create this Block Ciphers powerpoint presentation slides, to share his/her useful content with the world. This ppt presentation uploaded by standsfordotin in Business & Management ppt presentation category is available for free download,and can be used according to your industries like finance, marketing, education, health and many more.

About This Presentation

Block Ciphers Presentation Transcript

Slide 1 - Block Ciphers Part 1  Cryptography 1
Slide 2 - (Iterated) Block Cipher Plaintext and ciphertext consists of fixed sized blocks Ciphertext obtained from plaintext by iterating a round function Input to round function consists of key and the output of previous round Usually implemented in software Part 1  Cryptography 2
Slide 3 - Feistel Cipher Feistel cipher refers to a type of block cipher design, not a specific cipher Split plaintext block into left and right halves: Plaintext = (L0,R0) For each round i=1,2,...,n, compute Li= Ri-1 Ri= Li-1  F(Ri-1,Ki) where f is round function and Ki is subkey Ciphertext = (Ln,Rn) Part 1  Cryptography 3
Slide 4 - Feistel Cipher Decryption: Ciphertext = (Ln,Rn) For each round i=n,n-1,…,1, compute Ri-1 = Li Li-1 = Ri  F(Ri-1,Ki) where f is round function and Ki is subkey Plaintext = (L0,R0) Formula “works” for any function F But only secure for certain functions F Part 1  Cryptography 4
Slide 5 - Data Encryption Standard DES developed in 1970’s Based on IBM Lucifer cipher U.S. government standard DES development was controversial NSA was secretly involved Design process not open Key length was reduced Subtle changes to Lucifer algorithm Part 1  Cryptography 5
Slide 6 - DES Numerology DES is a Feistel cipher 64 bit block length 56 bit key length 16 rounds 48 bits of key used each round (subkey) Each round is simple (for a block cipher) Security depends primarily on “S-boxes” Each S-boxes maps 6 bits to 4 bits Part 1  Cryptography 6
Slide 7 - Part 1  Cryptography 7 L R expand shift shift key key S-boxes compress L R 28 28 28 28 28 28 48 32 48 32 32 32 32 One Round of DES 48 32 Ki P box  
Slide 8 - DES Expansion Permutation Input 32 bits 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Output 48 bits 31 0 1 2 3 4 3 4 5 6 7 8 7 8 9 10 11 12 11 12 13 14 15 16 15 16 17 18 19 20 19 20 21 22 23 24 23 24 25 26 27 28 27 28 29 30 31 0 Part 1  Cryptography 8
Slide 9 - DES S-box 8 “substitution boxes” or S-boxes Each S-box maps 6 bits to 4 bits S-box number 1 input bits (0,5)  input bits (1,2,3,4) | 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111 ------------------------------------------------------------------------------------ 00 | 1110 0100 1101 0001 0010 1111 1011 1000 0011 1010 0110 1100 0101 1001 0000 0111 01 | 0000 1111 0111 0100 1110 0010 1101 0001 1010 0110 1100 1011 1001 0101 0011 1000 10 | 0100 0001 1110 1000 1101 0110 0010 1011 1111 1100 1001 0111 0011 1010 0101 0000 11 | 1111 1100 1000 0010 0100 1001 0001 0111 0101 1011 0011 1110 1010 0000 0110 1101 Part 1  Cryptography 9
Slide 10 - DES P-box Input 32 bits 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Output 32 bits 15 6 19 20 28 11 27 16 0 14 22 25 4 17 30 9 1 7 23 13 31 26 2 8 18 12 29 5 21 10 3 24 Part 1  Cryptography 10
Slide 11 - DES Subkey 56 bit DES key, 0,1,2,…,55 Left half key bits, LK 49 42 35 28 21 14 7 0 50 43 36 29 22 15 8 1 51 44 37 30 23 16 9 2 52 45 38 31 Right half key bits, RK 55 48 41 34 27 20 13 6 54 47 40 33 26 19 12 5 53 46 39 32 25 18 11 4 24 17 10 3 Part 1  Cryptography 11
Slide 12 - DES Subkey For rounds i=1,2,…,n Let LK = (LK circular shift left by ri) Let RK = (RK circular shift left by ri) Left half of subkey Ki is of LK bits 13 16 10 23 0 4 2 27 14 5 20 9 22 18 11 3 25 7 15 6 26 19 12 1 Right half of subkey Ki is RK bits 12 23 2 8 18 26 1 11 22 16 4 19 15 20 10 27 5 24 17 13 21 7 0 3 Part 1  Cryptography 12
Slide 13 - DES Subkey For rounds 1, 2, 9 and 16 the shift ri is 1, and in all other rounds ri is 2 Bits 8,17,21,24 of LK omitted each round Bits 6,9,14,25 of RK omitted each round Compression permutation yields 48 bit subkey Ki from 56 bits of LK and RK Key schedule generates subkey Part 1  Cryptography 13
Slide 14 - DES Last Word (Almost) An initial perm P before round 1 Halves are swapped after last round A final permutation (inverse of P) is applied to (R16,L16) to yield ciphertext None of these serve any security purpose Part 1  Cryptography 14
Slide 15 - Security of DES Security of DES depends a lot on S-boxes Everything else in DES is linear Thirty years of intense analysis has revealed no “back door” Attacks today use exhaustive key search Inescapable conclusions Designers of DES knew what they were doing Designers of DES were ahead of their time Part 1  Cryptography 15
Slide 16 - Block Cipher Notation P = plaintext block C = ciphertext block Encrypt P with key K to get ciphertext C C = E(P, K) Decrypt C with key K to get plaintext P P = D(C, K) Part 1  Cryptography 16
Slide 17 - Triple DES Today, 56 bit DES key is too small But DES is everywhere: What to do? Triple DES or 3DES (112 bit key) C = E(D(E(P,K1),K2),K1) P = D(E(D(C,K1),K2),K1) Why use Encrypt-Decrypt-Encrypt (EDE) with 2 keys? Backward compatible: E(D(E(P,K),K),K) = E(P,K) And 112 bits is enough Part 1  Cryptography 17
Slide 18 - 3DES Why not C = E(E(P,K),K) ? Still just 56 bit key Why not C = E(E(P,K1),K2) ? A (semi-practical) known plaintext attack Precompute table of E(P,K1) for every possible key K1 (resulting table has 256 entries) Then for each K2 compute D(C,K2) until a match in table is found When match is found, have E(P,K1) = D(C,K2) Result is keys: C = E(E(P,K1),K2) Part 1  Cryptography 18
Slide 19 - Advanced Encryption Standard Replacement for DES AES competition (late 90’s) NSA openly involved Transparent process Many strong algorithms proposed Rijndael Algorithm ultimately selected Iterated block cipher (like DES) Not a Feistel cipher (unlike DES) Part 1  Cryptography 19
Slide 20 - AES Overview Block size: 128, 192 or 256 bits Key length: 128, 192 or 256 bits (independent of block size) 10 to 14 rounds (depends on key length) Each round uses 4 functions (in 3 “layers”) ByteSub (nonlinear layer) ShiftRow (linear mixing layer) MixColumn (nonlinear layer) AddRoundKey (key addition layer) Part 1  Cryptography 20
Slide 21 - AES ByteSub ByteSub is AES’s “S-box” Can be viewed as nonlinear (but invertible) composition of two math operations Part 1  Cryptography 21 Assume 192 bit block, 4x6 bytes
Slide 22 - AES S-box Part 1  Cryptography 22 First 4 bits of input Last 4 bits of input
Slide 23 - AES ShiftRow Cyclic shift rows Part 1  Cryptography 23
Slide 24 - AES MixColumn Implemented as a (big) lookup table Part 1  Cryptography 24 Nonlinear, invertible operation applied to each column
Slide 25 - AES AddRoundKey RoundKey (subkey) determined by key schedule algorithm Part 1  Cryptography 25 XOR subkey with block Block Subkey
Slide 26 - AES Decryption To decrypt, process must be invertible Inverse of MixAddRoundKey is easy, since  is its own inverse MixColumn is invertible (inverse is also implemented as a lookup table) Inverse of ShiftRow is easy (cyclic shift the other direction) ByteSub is invertible (inverse is also implemented as a lookup table) Part 1  Cryptography 26
Slide 27 - A Few Other Block Ciphers Briefly… IDEA Blowfish RC6 More detailed… TEA Part 1  Cryptography 27
Slide 28 - IDEA Invented by James Massey One of the greats of modern crypto IDEA has 64-bit block, 128-bit key IDEA uses mixed-mode arithmetic Combine different math operations IDEA the first to use this approach Frequently used today Part 1  Cryptography 28
Slide 29 - Blowfish Blowfish encrypts 64-bit blocks Key is variable length, up to 448 bits Invented by Bruce Schneier Almost a Feistel cipher Ri = Li1  Ki Li = Ri1  F(Li1  Ki) The round function F uses 4 S-boxes Each S-box maps 8 bits to 32 bits Key-dependent S-boxes S-boxes determined by the key Part 1  Cryptography 29
Slide 30 - RC6 Invented by Ron Rivest Variables Block size Key size Number of rounds are all variable An AES finalist Uses data dependent rotations Unusual to rely on data as part of algorithm Part 1  Cryptography 30
Slide 31 - Tiny Encryption Algorithm 64 bit block, 128 bit key Assumes 32-bit arithmetic Number of rounds is variable (32 is considered secure) Uses “weak” round function, so large number rounds required Part 1  Cryptography 31
Slide 32 - TEA Encryption (assuming 32 rounds): (K[0],K[1],K[2],K[3]) = 128 bit key (L,R) = plaintext (64-bit block) delta = 0x9e3779b9 sum = 0 for i = 1 to 32 sum += delta L += ((R<<4)+K[0])^(R+sum)^((R>>5)+K[1]) R += ((L<<4)+K[2])^(L+sum)^((L>>5)+K[3]) next i ciphertext = (L,R) Part 1  Cryptography 32
Slide 33 - TEA (cont) Decryption (assuming 32 rounds): (K[0],K[1],K[2],K[3]) = 128 bit key (L,R) = ciphertext (64-bit block) delta = 0x9e3779b9 sum = delta << 5 for i = 1 to 32 R = ((L<<4)+K[2])^(L+sum)^((L>>5)+K[3]) L = ((R<<4)+K[0])^(R+sum)^((R>>5)+K[1]) sum = delta next i plaintext = (L,R) Part 1  Cryptography 33
Slide 34 - TEA comments Almost a Feistel cipher Uses + and - instead of  (XOR) Simple, easy to implement, fast, low memory requirement, etc. Possibly a related key attack eXtended TEA (XTEA) eliminates related key attack (slightly more complex) Simplified TEA (STEA) --- insecure version used as an example for cryptanalysis Part 1  Cryptography 34