Tuesday, February 26, 2019
Simple Des
William Stallings Copyright 2006 adjunct to Cryptography and Net organise Security, Fourth Edition Prentice Hall 2006 ISBN 0-13-187316-4 http// go forthiamstallings. com/Crypto/Crypto4e. hypertext markup language 8/5/05 alter stilbestrol, developed by Professor Edward Schaefer of Santa Clara University SCHA96, is an educational rather than a secure encoding algorithm. It has similar properties and structure to diethylstilboestrol with much smaller parameters. The reader might find it intentionful to work through an example by and while pursuance the discussion in this Appendix. C. 1 Overview var. C. 1 illustrates the overall structure of the simplified DES, which we will refer to as SDES. The S-DES encryption algorithm takes an 8- minute gag law of plaintext (example 10111101) and a 10-bit pick up as input signal and produces an 8-bit block of ciphertext as issue. The S-DES decryption algorithm takes an 8-bit block of ciphertext and the equal 10-bit key apply to produc e that ciphertext as input and produces the current 8-bit block of plaintext.The encryption algorithm involves louvre functions an initial successor (IP) a coordination compound function labeled fK, which involves both exchange and substitution operations and depends on a key input a simple permutation function that switches (SW) the two halves of the data the function fK again and finally a permutation function that is the inverse of the initial permutation (IP1). As was mentioned in Chapter 2, the use of multiple puts of permutation and substitution emergences in a more(prenominal) complex algorithm, which increases the difficulty of cryptanalysis.The function fK takes as input not only when the data passing through the encryption algorithm, but also an 8-bit key. The algorithm could have been designed to work with a 16-bit key, consisting of two 8-bit subkeys, one used for from each one occurrence of fK. Alternatively, a single 8-bit key could have been used, with the s ame key used twice in the algorithm. A compromise is to use a 10-bit key from which two 8-bit subkeys ar generated, as fork overed in Figure C. 1. In this case, the key is prototypic subjected to a permutation (P10). because a miscue operation is performed.The make of the shift operation whence passes through a permutation function that produces an 8-bit divulgeput (P8) for the premier subkey (K1 ). The rig of the shift operation also feeds into another shift and another guinea pig of P8 to produce the bet on subkey (K 2 ). We can concisely pronounce the encryption algorithm as a composition1 of functions which can also be compose as IP-1 o fK2 o SW o fK1 o IP ((( ciphertext = IP-1 fK 2 SW fK1 (IP(plaintext )) where ( K1 = P8 Shift (P10(key )) ( ( ))) ) K2 = P8 Shift Shift( P10( key)) )) Decryption is also shown in Figure C. and is essentially the reverse of encryption ((( plaintext = IP-1 fK1 SW fK 2 (IP(ciphertext )) 1 ))) Definition f f and g atomic number 18 two functions, because the function F with the equation y = F(x) = I gf(x) is called the composition of f and g and is denoted as F = g o f . C-2 8/5/05 We straightaway examine the elements of S-DES in more detail. C. 2 S-DES diagnose Generation S-DES depends on the use of a 10-bit key shared betwixt sender and receiver. From this key, two 8-bit subkeys are produced for use in particular stages of the encryption and decryption algorithm. Figure C. 2 depicts the stages followed to produce the subkeys.First, permute the key in the following fashion. permit the 10-bit key be designated as (k1 , k2 , k3 , k4 , k5 , k6 , k7 , k8 , k9 , k10). Then the permutation P10 is defined as P10(k1 , k2 , k3 , k4 , k5 , k6 , k7 , k8 , k9 , k10) = (k3 , k5 , k2 , k7 , k4 , k10, k1 , k9 , k8 , k6 ) P10 can be concisely defined by the display 3 5 2 7 P10 4 10 1 9 8 6 This table is read from unexpended-hand(a) to right each position in the table gives the identity of the input bit that produces the y ield bit in that position. So the first out(a)put bit is bit 3 of the input the second output bit is bit 5 of the input, and so on.For example, the key (1010000010) is permuted to (1000001100). Next, perform a nib left shift (LS-1), or rotation, separately on the first five bits and the second five bits. In our example, the prove is (00001 11000). Next we apply P8, which picks out and permutes 8 of the 10 bits according to the following rule P8 6 3 7 4 8 5 10 9 The result is subkey 1 (K1 ). In our example, this yields (10100100) We then go back to the pair of 5-bit draw produced by the two LS-1 functions and perform a circular left shift of 2 bit positions on each string. In our example, the value (00001 11000) becomes (00100 00011). utmostly, P8 is utilize again to produce K2 . In our example, the result is (01000011). C. 3 S-DES Encryption Figure C. 3 shows the S-DES encryption algorithm in greater detail. As was mentioned, encryption involves the sequential application of fi ve functions. We examine each of these. Initial and Final Permutations The input to the algorithm is an 8-bit block of plaintext, which we first permute using the IP function IP 2 6 3 1 4 8 5 7 This retains all 8 bits of the plaintext but mixes them up. At the end of the algorithm, the inverse permutation is used C-3 8/5/05 1 3 IP1 57 2 8 6 It is easy to show by example that the second permutation is hence the reverse of the first that is, IP1(IP(X)) = X. The operation fK The most complex share of S-DES is the function fK, which consists of a combination of permutation and substitution functions.The functions can be expressed as follows. Let L and R be the left 4 bits and rightmost 4 bits of the 8-bit input to fK, and permit F be a mapping (not necessarily one to one) from 4-bit strings to 4-bit strings. Then we let fK(L, R) = (L F(R, SK), R) where SK is a subkey and s the bit-by-bit exclusive-OR function. For example, suppose the output of the IP stage in Figure C. 3 is (101 11101) and F(1101, SK) = (1110) for some key SK. Then fK(10111101) = (01011101) because (1011) (1110) = (0101). We now describe the mapping F. The input is a 4-bit number (n 1 n2 n3 n4 ). The first operation is an expansion/permutation operation 4 1 2 E/P 32 3 4 1 For what follows, it is clearer to depict the result in this fashion n4 n2 n1 n3 n2 n4 n3 n1 The 8-bit subkey K1 = (k11, k12, k13, k14, k15, k16, k17, k18) is added to this value using exclusiveOR n4 11 n2 k15 n1 k12 n3 k16 n2 k13 n4 k17 n3 k14 n1 k18 p0,1 p1,1 p0,2 p1,2 p0,3 p1,3 Let us rename these 8 bits p0,0 p1,0 The first 4 bits (first row of the forgo matrix) are fed into the S-box S0 to produce a 2bit output, and the remaining 4 bits (second row) are fed into S1 to produce another 2-bit output. These two boxes are defined as follows C-4 8/5/05 0 S0 = 1 2 3 0 1 $3 $0 $3 1 0 2 2 1 2 3 1 1 3 3 2% 0 3 2 0 S1 = 1 2 3 0 0 $2 $3 $2 1 1 0 0 1 23 2 3% 1 3 1 0 0 3 & The S-boxes operate as follows.The first and fo urth input bits are interact as a 2-bit number that specify a row of the S-box, and the second and third input bits specify a editorial of the Sbox. The entry in that row and column, in base 2, is the 2-bit output. For example, if (p0,0p0,3) = (00) and (p0,1p0,2) = (10), then the output is from row 0, column 2 of S0, which is 3, or (11) in binary. kindredly, (p1,0p1,3) and (p1,1p1,2) are used to index into a row and column of S1 to produce an additional 2 bits. Next, the 4 bits produced by S0 and S1 undergo a further permutation as follows P4 2 4 3 1 The output of P4 is the output of the function F.The Switch Function The function fK only alters the leftmost 4 bits of the input. The switch function (SW) interchanges the left and right 4 bits so that the second instance of f K operates on a different 4 bits. In this second instance, the E/P, S0, S1, and P4 functions are the same. The key input is K2 . C. 4 Analysis of Simplified DES A brute-force attack on simplified DES is certa inly feasible. With a 10-bit key, there are only 2 10 = 1024 possibilities. Given a ciphertext, an attacker can try each possibility and analyze the result to determine if it is reasonable plaintext. What about cryptanalysis?Let us turn over a known plaintext attack in which a single plaintext (p1 , p2 , p3 , p4 , p5 , p6 , p7 , p8 ) and its ciphertext output (c1 , c2 , c3 , c4 , c5 , c6 , c7 , c8 ) are known and the key (k1 , k2 , k3 , k4 , k5 , k6 , k7 , k8 , k9 , k10) is unknown. Then each ci is a polynomial function gi of the pj s and kj s. We can therefore express the encryption algorithm as 8 nonlinear equations in 10 unknowns. at that place are a number of possible solutions, but each of these could be calculated and then analyzed. Each of the permutations and additions in the algorithm is a linear mapping.The nonlinearity comes from the S-boxes. It is useful to write down the equations for these boxes. For clarity, rename (p0,0, p0,1,p0,2, p0,3) = (a, b, c, d) and (p1,0, p 1,1,p1,2, p1,3) = (w, x, y, z), and let the 4-bit output be (q, r , s, t) Then the operation of the S0 is defined by the following equations q = abcd + ab + ac + b + d r = abcd + abd + ab + ac + ad + a + c + 1 where all additions are modulo 2. Similar equations define S1. Alternating linear maps with these nonlinear maps results in very complex polynomial expressions for the ciphertext bits, making cryptanalysis difficult.To visualize the scale of the problem, note that a polynomial equation in 10 unknowns in binary arithmetic can have 210 possible terms. On average, we might therefore C-5 8/5/05 expect each of the 8 equations to have 29 terms. The provoke reader might try to find these equations with a symbolic processor. any the reader or the software will give up beforehand much progress is made. C. 5 Relationship to DES DES operates on 64-bit blocks of input. The encryption scheme can be defined as IP-1 o fK16 o SW o fK15 o SW oL o SW o f K1 o IPA 56-bit key is used, from wh ich sixteen 48-bit subkeys are calculated. There is an initial permutation of 64 bits followed by a sequence of shifts and permutations of 48 bits. Within the encryption algorithm, instead of F acting on 4 bits (n1 n2 n3 n4 ), it acts on 32 bits (n1 n32). After the initial expansion/permutation, the output of 48 bits can be diagrammed as n32 n4 n28 n1 n5 n29 n2 n6 n30 n3 n7 n4 n8 n31 n32 n5 n9 n1 This matrix is added (exclusive-OR) to a 48-bit subkey. There are 8 rows, corresponding to 8 S-boxes. Each S-box has 4 rows and 16 columns.The first and last bit of a row of the preceding matrix picks out a row of an S-box, and the middle 4 bits pick out a column. C-6 10-bit key ENCRYPTION DECRYPTION P10 8-bit plaintext 8-bit plaintext Shift IP-1 IP K1 fK P8 K1 fK Shift SW SW K2 fK P8 K2 fK IP1 IP 8-bit ciphertext 8-bit ciphertext Figure C. 1 Simplified DES Scheme 10-bit key 10 P10 5 5 LS-1 LS-1 5 5 P8 K1 8 LS-2 LS-2 5 5 P8 K2 8 Figure C. 2 Key Generation for Simplified DES 8-bit p laintext 8 IP 4 fK 4 E/P 8 F 8 + 4 4 2 K1 2 S0 S1 P4 4 + 4 SW 4 fK 4 E/P 8 F 8 + 4 4 2 K2 2 S0 S1 P4 4 + 4 IP1 8 8-bit ciphertext Figure C. 3 Simplified DES Encryption expatiate
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment