Professional Documents
Culture Documents
Encryption: Takes an 8-bit block plaintext, a 10 bit key and produces an 8-bit block of ciphertext Decryption: takes the 8-bit block of ciphertext, the same 10-bit key and produces the original 8-bit block of plaintext
NETWORK SECURITY
Simplified DES
S-DES Scheme
IP an initial permutation
fk - a complex, 2-input function SW a simple permutation that swaps the two halves of the data fk - a complex, 2-input function; again
Encryption Algorithm
Encryption Algorithm
Input to function fK
Encryption Algorithm:
IP 1 f K2 SW f K1 IP
an 8-bit key.
where
K1
K2
P8(Shift(Shift( P10(key))))
Plaintext= IP 1 ( f K ( SW ( f K ( IP (ciphertext))))) 1 2
Key Generation
In S-DES, a 10-bit key is used From this key, two 8-bit subkeys are produced for use in particular stages of the encryption and decryption algorithm.
Process:
the key is first subjected to a permutation (P10) then a shift operation is performed The output of the shift operation
passes through a permutation
function (P8) that produces an 8bit output for the first subkey (K1). also feeds into another shift and another instance of P8 to produce the second subkey (K2).
P10(k1,k2,k3,k4,k5,k6,k7,k8,k9,k10) =(k3,k5,k2,k7,k4,k10,k1,k9,k8,k6)
P10 3 5 2 7 4 10 1 9 8 6
P10 3 5 2 7 4 10 1 9 8 6
given key (1010000010) is first permuted to (1000001100). Perform shift operation (LS-1), the result is (00001 11000).
The
P8 8
10
Our example
S-DES Encryption
1. 2. 3. 4.
S-DES encryption involves the sequential application of five functions: Initial Permutation (IP) Complex function (f k ) Switch Function (SW) Complex function (f k ) again Final Permutation (IP -1)
5.
Input to the algorithm: an 8-bit block of plaintext Apply permutation using the following IP function:
IP 1 4
IP-1 5 7
This retains all 8 bits of the plaintext but mixes them up.
The most complex component of S-DES A combination of permutation and substitution functions. Assume
L and R be the leftmost 4 bits and rightmost 4 bits of the 8 bit input to fK F be a mapping (not necessarily one to one) from 4-bit strings to 4-bit strings.
f k ( L, R )
where SK is a subkey and function
(L
F ( R, SK ), R)
3.
4.
an expansion/permutation exclusive-OR with 8-bit sub-key1 Perform S-box operation S0 on four bits of the result and S1 on the remaining four bits. The S-box produces 2-bit output. The outputs of S0 and S1 undergo permutation (P4), producing the output of F
E/P 3 2
The 8-bit subkey K1 = (k11, k12, k13, k14, k15, k16, k17, k18) is added to this value using XOR:
The first 4 bits (1st row of the preceding matrix) are fed into the S-box S0 to produce a 2-bit output The remaining 4 bits (2nd row) are fed into S1 to produce another 2-bit output Two S-boxes are defined as
The 1st and 4th input bits are treated as a 2-bit number that specify a row of the S-box The 2nd and 3rd input bits specify a column of the S-box.
For example,
if (p00, p03) = (00) and (p01, p02) = (10) the output is from row 0, column 2 of S0, which is 3, or (11) in binary. Similarly, (p10, p13) and (p11, p12) are used to index into a row and column of S1 to produce an additional 2 bits.
The entry in that row and column, in base 2, is the 2-bit output.
Mapping F : Permutation P4
P4 3
The function f K only alters the leftmost 4 bits of input. The switch function SW interchanges the left and right bits so that the 2nd instance of f K operates on a different 4 bits. In the 2nd instance, the E/P, S0, S1, and P4 functions are the same. The key input is K2.
S-DES: Analysis
S-DES: Analysis
Brute-force attack
certainly feasible
With a 10-bit key, there are only 210 = 1024 possibilities. Given a ciphertext, an attacker can try each possibility and analyze the result to determine if it is reasonable plaintext.
If we know plaintext (p1,p2,p3,p4,p5,p6,p7,p8) and respective cipher text (c1,c2,c3,c4,c5,c6,c7,c8), and key (k1,k2,k3,k4,k5,k6,k7,k8,k9,k10) is unknown, then we can express this problem as a system of 8 nonlinear equations with 10 unknowns. The nonlinearity comes from the S-boxes. It is useful to write down equations for these boxes.
r
1 0
a
0 0
d
0 0
b
0 0
c
0 1
S-DES: Analysis
S-DES: Analysis
Truth Table for S-box S0:
0 1 2 3 4
0 0
1 1 1 1 0
0 0 1 0 1 1 0 1 1
1 0 1 0 1
0 0 0 1 1 1 1 1 0
0 0 0 0 0
0 1 1 1 1 1 1 1 1
0 0 1 1 1
1 0 0 0 0 1 1 1 1
1 1 0 0 1
1 0 0 1 1 0 0 1 1
0 1 0 1 0
1 0 1 0 1 0 1 0 1
5 6 7 8 9 10 11
12 13 14 15
where all additions are made modulo 2. Similar equations define S1.
S-DES: Analysis
q (a d b c)(a d b c )(a d b c) (a d b c )(a d b c)(a d b c)(a d b c ) (a d b)(a d b )(a d c)(a d b c ) (a db bd )(a bd d c cd bc) abd a b d a bd abc ac d acd bcd b c d (abd (1 a)(1 b)d ) (1 a)b(1 d ) abc (a(1 c)d ac(1 d )) (bc(1 d ) (1 b)(1 c)d ) (d ad bd ) (b ab bd abd ) abc (ad ac) (bc d bd cd ) (d ad b ab bd ) (abd acd ac bc d bd cd abcd abc) abcd ac ab b d
S-DES: Analysis
Alternating linear maps with these nonlinear maps results in very complex polynomial expressions for the cipher-text bits, making cryptanalysis difficult. To visualize the scale of the problem, note that a polynomial equation in 10 unknowns in binary arithmetic can have 210 possible terms.
Within the encryption algorithm, instead of F acting on 4 bits (n1n2n3n4), it acts on 32 bits (n1n2..n32). After the initial expansion/permutation, the output of 48 bits can be depicted as
A 56-bit key is used, from which 16 48-bit subkeys are calculated. There is an initial permutation of 56 bits followed by a sequence of shifts and permutations of 48 bits.
This matrix is added (XOR) to a 48-bit subkey. There 8 rows, corresponding to 8 S-boxes.
Each S-box has 4 rows and 16 columns. The 1 st and last bit of a row of the preceding matrix picks out a row of an S-box, and the middle 4 bits pick out a column.