Data Encryption Standard
Download as PPTX, PDF•1 like•596 views
The document discusses the Data Encryption Standard (DES), a symmetric encryption algorithm introduced in 1977, which encrypts data in 64-bit blocks using a 56-bit key. It highlights the strength of DES against brute-force attacks and timing attacks, along with its various modes of operation and extensions like double and triple DES. References for further reading on cryptography and network security are also provided.
Data Encryption Standard
- 1. Data Encryption Standard Adri Jovin J J, M.Tech., Ph.D. UITC203 CRYPTOGRAPHY AND NETWORK SECURITY
- 2. Data Encryption Standard • Issued in 1977 by National Institute of Standards and Technology • Initially referred to as Data Encryption Algorithm • Data encrypted in 64-bit blocks using 56-bit key • Most dominant symmetric encryption algorithm, especially in financial applications till the introduction of AES UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 2
- 3. DES Encryption UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 3
- 4. Single Round of DES Algorithm UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 4
- 5. Calculation of F(R,K) UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 5 Avalanche Effect A change in one bit of the plaintext or one bit of the key should produce a change in many bits of the ciphertext.
- 6. Strength of DES Use of 56-bit keys • 256 possible keys≈ 7.2 × 1016 which makes brute-force attack impractical Nature of DES Algorithm • Design criteria for S-box is not made public Timing Attacks • DES is resistant to timing attacks UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 6 Key Size (bits) Cipher No. of alternative keys Time required at 109 Decryptions/s Time required at 1013 Decryptions/s 56 DES 256 ≈ 7.2 × 1016 255 ns = 1.125 years 1 hour 26 characters (permutation) Monoalphabetic 2! = 4 × 1026 2 × 1026 ns = 6.3 × 109 years 6.3 × 106 years
- 7. DES Modes of Operation ECB – Electronic Code Block CBC – Cipher Block Chaining OFB – Output Feedback CFB – Cipher Feedback • ANSI banking standards specify ECB and CBC for encryption, and CBC and n-bit CFB for authentication UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 7
- 8. Double DES UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 8 Two encryption stages with two keys ⇒ key length=112 Encryption: C = E(K2, E(K1, P)) Decryption: P = D(K1, D(K2, C))
- 9. Triple DES with two keys UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 9
- 10. Triple DES with three keys • Effective key-length is 168 • C = E(K3, D(K2, E(K1, P))) • A number of internet-based applications like PGP, S/MIME etc. adopt three-key triple DES UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 10 Variants of DES DESX – RSA Data Security CRYPT – Unix Systems
- 11. Block Cipher Design Principles Number of Rounds • The greater the number of rounds, the more difficult it is to perform cryptanalysis, even for a relatively weak F. • The number of rounds is chosen so that known cryptanalytic efforts require greater effort than a simple brute-force key search attack Design of Function F • F must be non-linear • The more difficult it is to approximate F by a set of linear equations, the more nonlinear F is • Strict avalanche criterion • Bit independence criterion Key Schedule Algorithm • Select subkeys to maximize the difficulty of deducing individual subkeys and the difficulty of working back to the main key • The key schedule should guarantee key/ciphertext Strict Avalanche Criterion and Bit Independence Criterion UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 11
- 12. References Schneier, B. (2007). Applied cryptography: protocols, algorithms, and source code in C. John Wiley & Sons. Stallings, W. (2014). Cryptography and network security, 6/E. Pearson Education India. Katz, J., & Lindell, Y. (2014). Introduction to modern cryptography. CRC press. UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 12