DES Algorithm: Design, Encryption, Controversy and Public Key Cryptography, Study notes of Computer Science

Download DES Algorithm: Design, Encryption, Controversy and Public Key Cryptography and more Study notes Computer Science in PDF only on Docsity! May 26, 2005 ECS 235, Computer and Information Security Slide #1 Overview of the DES • A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits of ciphertext • A product cipher – basic unit is the bit – performs both substitution and transposition (permutation) on the bits • Cipher consists of 16 rounds (iterations) each with a round key generated from the user-supplied key May 26, 2005 ECS 235, Computer and Information Security Slide #2 Generation of Round Keys key PC-1 C0 D0 LSH LSH D1 PC-2 K1 K16 LSH LSH C1 PC-2 • Round keys are 48 bits each May 26, 2005 ECS 235, Computer and Information Security Slide #5 Controversy • Considered too weak – Diffie, Hellman said in a few years technology would allow DES to be broken in days • Design using 1999 technology published – Design decisions not public • S-boxes may have backdoors May 26, 2005 ECS 235, Computer and Information Security Slide #6 Undesirable Properties • 4 weak keys – They are their own inverses • 12 semi-weak keys – Each has another semi-weak key as inverse • Complementation property – DESk(m) = c ⇒ DESk′(m′) = c′ • S-boxes exhibit irregular properties – Distribution of odd, even numbers non-random – Outputs of fourth box depends on input to third box May 26, 2005 ECS 235, Computer and Information Security Slide #7 Differential Cryptanalysis • A chosen ciphertext attack – Requires 247 plaintext, ciphertext pairs • Revealed several properties – Small changes in S-boxes reduce the number of pairs needed – Making every bit of the round keys independent does not impede attack • Linear cryptanalysis improves result – Requires 243 plaintext, ciphertext pairs May 26, 2005 ECS 235, Computer and Information Security Slide #10 CBC Mode Decryption ⊕ init. vector c1 DES m1 … … … ⊕ c2 DES m2 May 26, 2005 ECS 235, Computer and Information Security Slide #11 Self-Healing Property • Initial message – 3231343336353837 3231343336353837 3231343336353837 3231343336353837 • Received as (underlined 4c should be 4b) – ef7c4cb2b4ce6f3b f6266e3a97af0e2c 746ab9a6308f4256 33e60b451b09603d • Which decrypts to – efca61e19f4836f1 3231333336353837 3231343336353837 3231343336353837 – Incorrect bytes underlined – Plaintext “heals” after 2 blocks May 26, 2005 ECS 235, Computer and Information Security Slide #12 Current Status of DES • Design for computer system, associated software that could break any DES-enciphered message in a few days published in 1998 • Several challenges to break DES messages solved using distributed computing • NIST selected Rijndael as Advanced Encryption Standard, successor to DES – Designed to withstand attacks that were successful on DES May 26, 2005 ECS 235, Computer and Information Security Slide #15 Diffie-Hellman • Compute a common, shared key – Called a symmetric key exchange protocol • Based on discrete logarithm problem – Given integers n and g and prime number p, compute k such that n = gk mod p – Solutions known for small p – Solutions computationally infeasible as p grows large May 26, 2005 ECS 235, Computer and Information Security Slide #16 Algorithm • Constants: prime p, integer g ≠ 0, 1, p–1 – Known to all participants • Anne chooses private key kAnne, computes public key KAnne = gkAnne mod p • To communicate with Bob, Anne computes Kshared = KBobkAnne mod p • To communicate with Anne, Bob computes Kshared = KAnnekBob mod p – It can be shown these keys are equal May 26, 2005 ECS 235, Computer and Information Security Slide #17 Example • Assume p = 53 and g = 17 • Alice chooses kAlice = 5 – Then KAlice = 175 mod 53 = 40 • Bob chooses kBob = 7 – Then KBob = 177 mod 53 = 6 • Shared key: – KBobkAlice mod p = 65 mod 53 = 38 – KAlicekBob mod p = 407 mod 53 = 38 May 26, 2005 ECS 235, Computer and Information Security Slide #20 Algorithm • Choose two large prime numbers p, q – Let n = pq; then φ(n) = (p–1)(q–1) – Choose e < n such that e is relatively prime to φ(n). – Compute d such that ed mod φ(n) = 1 • Public key: (e, n); private key: d • Encipher: c = me mod n • Decipher: m = cd mod n May 26, 2005 ECS 235, Computer and Information Security Slide #21 Example: Confidentiality • Take p = 7, q = 11, so n = 77 and φ(n) = 60 • Alice chooses e = 17, making d = 53 • Bob wants to send Alice secret message HELLO (07 04 11 11 14) – 0717 mod 77 = 28 – 0417 mod 77 = 16 – 1117 mod 77 = 44 – 1117 mod 77 = 44 – 1417 mod 77 = 42 • Bob sends 28 16 44 44 42 May 26, 2005 ECS 235, Computer and Information Security Slide #22 Example • Alice receives 28 16 44 44 42 • Alice uses private key, d = 53, to decrypt message: – 2853 mod 77 = 07 – 1653 mod 77 = 04 – 4453 mod 77 = 11 – 4453 mod 77 = 11 – 4253 mod 77 = 14 • Alice translates message to letters to read HELLO – No one else could read it, as only Alice knows her private key and that is needed for decryption May 26, 2005 ECS 235, Computer and Information Security Slide #25 Example: Both • Alice wants to send Bob message HELLO both enciphered and authenticated (integrity-checked) – Alice’s keys: public (17, 77); private: 53 – Bob’s keys: public: (37, 77); private: 13 • Alice enciphers HELLO (07 04 11 11 14): – (0753 mod 77)37 mod 77 = 07 – (0453 mod 77)37 mod 77 = 37 – (1153 mod 77)37 mod 77 = 44 – (1153 mod 77)37 mod 77 = 44 – (1453 mod 77)37 mod 77 = 14 • Alice sends 07 37 44 44 14 May 26, 2005 ECS 235, Computer and Information Security Slide #26 Security Services • Confidentiality – Only the owner of the private key knows it, so text enciphered with public key cannot be read by anyone except the owner of the private key • Authentication – Only the owner of the private key knows it, so text enciphered with private key must have been generated by the owner May 26, 2005 ECS 235, Computer and Information Security Slide #27 More Security Services • Integrity – Enciphered letters cannot be changed undetectably without knowing private key • Non-Repudiation – Message enciphered with private key came from someone who knew it May 26, 2005 ECS 235, Computer and Information Security Slide #30 Example Use • Bob receives “10111101” as bits. – Sender is using even parity; 6 1 bits, so character was received correctly • Note: could be garbled, but 2 bits would need to have been changed to preserve parity – Sender is using odd parity; even number of 1 bits, so character was not received correctly May 26, 2005 ECS 235, Computer and Information Security Slide #31 Definition • Cryptographic checksum h: A→B: 1. For any x ∈ A, h(x) is easy to compute 2. For any y ∈ B, it is computationally infeasible to find x ∈ A such that h(x) = y 3. It is computationally infeasible to find two inputs x, x′ ∈ A such that x ≠ x′ and h(x) = h(x′) – Alternate form (stronger): Given any x ∈ A, it is computationally infeasible to find a different x′ ∈ A such that h(x) = h(x′). May 26, 2005 ECS 235, Computer and Information Security Slide #32 Collisions • If x ≠ x′ and h(x) = h(x′), x and x′ are a collision – Pigeonhole principle: if there are n containers for n+1 objects, then at least one container will have 2 objects in it. – Application: if there are 32 files and 8 possible cryptographic checksum values, at least one value corresponds to at least 4 files