Data Encryption

( symmetric key encryption - asymmetric key encryption )

Introduction
1- symmetric key encryption system
2- asymmetric key encryption

system

symmetric key encryption system

symmetric key encryption system

symmetric key encryption systems use a single key that is shared between the sender and the receiver. Both must have the key;

The symmetric key encryption advantages

It is relatively inexpensive to produce a strong key for these ciphers. The keys tend to be much smaller for the level of protection they afford. The algorithms are relatively inexpensive to process. It is more speed than asymmetric key system.

The symmetric key encryption disadvantages

symmetric key encryption requires a key for every pair of individuals who need to communicate privately.

symmetric key encryption algorithms

Types of symmetric-key algorithms Symmetric-key algorithms can be divided into stream ciphers and block ciphers. Block cipher processes the input one block of element at time, producing an output block for each input block. A stream cipher processes the input elements continuously. Producing output one element at a time

International Data Encryption Algorithm (IDEA)

IDEA is a block cipher which uses a 128-bit length key to encrypt successive 64-bit blocks of plaintext. The 64 bit plain text block is partioned into four 16-bit This algorithm has 8 round and the output transformation round

Sub keys Generation

The 128 bit key is partitioned into 16-bit sub-blocks which are then directly used as first eight subblocks . The 128-bit key is then cyclically shifted to the left by 25 positions, after which the resulting 128 bit block is again partitioned into 16-bit sub-blocks which are then directly used as next eight subblocks . Do second step until 52 sub key generated .

What is happened in each round?

The encryption consists of eight rounds with each round involving the following steps: P1 x s1 --> d1 p2 + s2 --> d2 p3 + s3 --> d3 p4 x s4 --> d4 d1 XOR d3 --> d5 d2 XOR d4 --> d6 d5 x s5 --> d7 d6 + d7 --> d8 d8 x s6 --> d9 d7 + d9 --> d10 d1 XOR d9 --> d11 d3 XOR d9 --> d12 d2 XOR d10 --> d13 d4 XOR d10 --> d14

After this process the output blocks d12, d13 are exchanged so that d11, d13, d12 and d14 are used as input to the next round (in that order) along with the next 6 sub keys, s7 to s12. This procedure is followed for eight rounds in total giving four output blocks which we'll call e1, e2, e3 and e4. Four more steps using the last four sub keys complete the encryption: e1 x s49 --> c1 e2 + s50 --> c2 e3 + s51 --> c3 e4 x s52 --> c4

Decryption

Decryption uses exactly the same sequence of operations of successive 64-bit blocks of the cipher text, but with a different set of sub keys.

2- Data Encryption Standard (DES)

DES is a block cipher -- meaning it operate on plaintext blocks of given size (64 bits) and return cipher text blocks of the same size ,each block is divided into two blocks of 32 bits each ,with key length 56 bit.

Algorithm Steps
1- Generate Sub Keys (Key Schedule Algorithm)

Algorithm Steps

PC-1

Algorithm Steps

Circular shift iterations

After split 56 key to L and R L0=1111000 0110011 0010101 0101111 R0=0101010 1011001 1001111 0001111 After first iteration from circular shift L1= 1110000110011001010101011111 R1= 1010101011001100111100011110

Algorithm Steps cont

PC-2

It (permuted choice 2) selects 48 bits from the 56 bit input.

Algorithm Steps cont

2- An initial permutation A message block is first gone through an initial permutation IP, then divided into two parts L0, R0 where L0 if left 32 bit

Algorithm Steps (cont(

3- Calculate Ln, Rn to next round. Ln=Rn-1. Rn=Ln-1 XOR f(Rn-1,Kn) to 16

n1

Algorithm Steps (cont(

What is The Function f(x,y)

The bit-selection table e: The input is 32 bit and the output is 48 bit (expansion /permutation) get the value of output bit from e table.

S-Boxes

There are eight s-boxes map 6 bits to 4 bits, one s-box contains 64 entries each 4 bit. The first and last bits of the 6-bit input determine which row Permutation is used.

S-Boxes

The Function f(block x, key y)

round permutation p

Algorithm Steps cont

4- Inverse Initial permutation

Decryption

DES Properties

DES avalanche Effect Achieve Confusion Concepts Diffusion Requirement

DES Cracking

In academia, various proposals for a DES-cracking machine were advanced. In 1977, Diffie and Hellman proposed a machine costing an estimated US$20 million which could find a DES key in a single day. By 1993, Wiener had proposed a key-search machine costing US$1 million which would find a key within 7 hours. There are some Des attack method which is

TRIPLE DATA ENCRYPTION ALGORITHM

Encryption

Decryption

Comparison between symmetric Key algorithms

Asymmetric Key encryption System

Asymmetric Key encryption System

Asymmetric Key encryption system uses a pair of

mathematically related keys. A message that is encrypted with the first key must be decrypted with the second key, Each participant in a public-key system has a pair of keys. The symmetric (private) key is kept secret. The other key is distributed to anyone who wants it;

Asymmetric Key encryption System

Asymmetric Key encryption advantages

The increase in the total number of keys is less dramatic as the number of participants increases, compared to symmetric key encryption. Anyone who knows your public key can use it to send you a message that only you can read. More secure than symmetric key encryption.

Asymmetric Key encryption disadvantages

Very processor-intensive operation -- 100 to 1000 times slower than secret-key operations. the Authentication problem. the man-in-the-middle problem.

asymmetric key encryption algorithms

Diffie_Heleman Algorithm
It is based on the discrete logarithm problem. This problem is to find a value of S. S= (g power k) mod p When two users want to communicate, each enciphers the other's public key using their own private key, and uses the result as the shared secret key S.

Example

Alice and Bob have chosen p=53 and g=17. They choose their private keys to be: A Private =5 B private =7 So they can compute their public keys : A public =17 ^ 5 mod 53 =40 B public =17 ^ 7 mod 53=6

Suppose Bob wishes to send Alice a message. He computes a Shared secret key by enciphering Alice's public key using his private key. S (Bob, Alice) =A public ^ B private mod p= 40 ^ 7 mod 53=38 And encrypt his message using this key When Alice gets The message, she computes the key she shares with Bob as : S (Alice, Bob) =B public ^ A private mod p= 6^5 mod 53=38 And can decipher the message.

RSA Algorithm

n = pq , with p and q primes e relatively prime too (n) = (p 1) (q 1) d inverse of e in Z(n)

Where

ed mod (n) =1

Keys: Public key: KE = (n, e) Private key: KD = d Encryption:

Plaintext M in Zn C = M power e mod n

Decryption:

M = C power d mod n

Example
p = 7, q = 17 n = 717 = 119 (n) = 616 = 96 e=5 d = 77 Keys: Public key: (119, 5) Private Key: 77 Encryption: M = 19 C = 19 power 5 mod 119 = 66 Decryption: C = 66 power 77 mod 119 = 19

References

1- Encryption on the Internet Excerpt from the Internet Security course to be offered at CTU Dr. Garrison Q. Kenney NCSU Computer Training Unit NC TECHNOLOGY SHOWCASE 2000 Raleigh NC March 23, 2000 2- Architectural Support for Fast Symmetric-Key Cryptography Jerome Burke John McDonald Todd Austin Advanced Computer Architecture Laboratory University of Michigan fjaburke,johngm,austing@eecs.umich.edu 3 - (IDEA) the international data encryption standard technical description. 4- The Data Encryption Standard in Detail Cunsheng Ding Department of Computer Science Hong Kong University of Science and Technology Clearwater Bay, Kowloon, Hong Kong, CHINA 5- chapter 8 (This is a Chapter from the Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996. For further information, see www.cacr.math.uwaterloo.ca/hac) 6- RSA Encryption Tom Davis tomrdavis@earthlink.net http://www.geometer.org/mathcircles October 10, 2003 7- www.ibm.com