CM30173: Cryptography\reserved@d =[@let@token art II
CM30173:
Cryptography
Part II
Outline
Combining basic
building blocks
Substitution-
permutation
networks
Example SPN
Attacks on SPNs
Part II
Private-key cryptography: block ciphers
CM30173:
Cryptography
Part II
Outline
Combining basic
building blocks
Substitution-
permutation
networks
Example SPN
Attacks on SPNs
Outline
Combining basic building blocks
Substitution-permutation networks
Example SPN
Attacks on SPNs
CM30173:
Cryptography
Part II
Outline
Combining basic
building blocks
Substitution-
permutation
networks
Example SPN
Attacks on SPNs
Outline
Combining basic building blocks
Substitution-permutation networks
Example SPN
Attacks on SPNs
CM30173:
Cryptography
Part II
Outline
Combining basic
building blocks
Substitution-
permutation
networks
Example SPN
Attacks on SPNs
Recall Alice and Bob
Alice Bob
Oscar
PlaintextPlaintext
Encryption Decryption
Unsecured channel
ek(x) = y dk(y) = x
CM30173:
Cryptography
Part II
Outline
Combining basic
building blocks
Substitution-
permutation
networks
Example SPN
Attacks on SPNs
Private-key cryptosystems
Alice Bob
Oscar
PlaintextPlaintext
Encryption Decryption
Unsecured channel
Secure channel
ek(x) = y dk(y) = x
k
k
xx
Key source
CM30173:
Cryptography
Part II
Outline
Combining basic
building blocks
Substitution-
permutation
networks
Example SPN
Attacks on SPNs
Private-key cryptography: Block ciphers
1 Combining basic components
2 Substitution-permutation networks
3 Attacks on substitution-permutation networks
4 The Data Encryption Standard (DES)
5 Modes of operation
6 After DES: 3DES and the Advanced Encryption
Standard (AES)
CM30173:
Cryptography
Part II
Outline
Combining basic
building blocks
Substitution-
permutation
networks
Example SPN
Attacks on SPNs
Outline
Combining basic building blocks
Substitution-permutation networks
Example SPN
Attacks on SPNs
CM30173
Cryptography
Useful information
Course outline
Confusion and Di↵usion
According to Claude Shannon, an ideal cipher should
satisfy:
Confusion The relationship between the key and
the ciphertext is as complex as possible.
Di↵usion The structure of the plaintext is
dissipated over the entire ciphertext.
More precisely (the strict avalanche criterion):
Confusion Flipping any fixed set of key bits causes
the ith bit of ciphertext to change with probability
0.5.
Di↵usion Flipping any fixed set of plaintext bits
causes the ith bit of ciphertext to change with
probability 0.5.
CM30173
Cryptography
Useful information
Course outline
Confusion and Di↵usion
According to Claude Shannon, an ideal cipher should
satisfy:
Confusion The relationship between the key and
the ciphertext is as complex as possible.
Di↵usion The structure of the plaintext is
dissipated over the entire ciphertext.
More precisely (the strict avalanche criterion):
Confusion Flipping any fixed set of key bits causes
the ith bit of ciphertext to change with probability
0.5.
Di↵usion Flipping any fixed set of plaintext bits
causes the ith bit of ciphertext to change with
probability 0.5.
CM30173:
Cryptography
Part II
Outline
Combining basic
building blocks
Substitution-
permutation
networks
Example SPN
Attacks on SPNs
Basic components
We already have some basic components…
Substitution to provide confusion.
CM30173:
Cryptography
Part II
Outline
Combining basic
building blocks
Substitution-
permutation
networks
Example SPN
Attacks on SPNs
Basic components
We already have some basic components…
Substitution to provide confusion.
Permutation to provide di!usion.
CM30173:
Cryptography
Part II
Outline
Combining basic
building blocks
Substitution-
permutation
networks
Example SPN
Attacks on SPNs
Basic components
We already have some basic components…
Substitution to provide confusion.
Permutation to provide di!usion.
Other components might include: x-or, linear
transformations, arithmetic operations, modular
multiplication
CM30173:
Cryptography
Part II
Outline
Combining basic
building blocks
Substitution-
permutation
networks
Example SPN
Attacks on SPNs
Combining components
Definition (Product cipher)
A product cipher combines two or more components
with the intention of producing a cipher that is more
secure than the basic parts of which it is made.
CM30173:
Cryptography
Part II
Outline
Combining basic
building blocks
Substitution-
permutation
networks
Example SPN
Attacks on SPNs
Example product cipher
Let P = C = K = (Z2)
m and for k1, k2 ! K we have
encryption functions:
e
(1)
k1
(x) = x ” k1
e
(2)
k2
(x) = permutation of the bits of x
(Decryption functions are the obvious inverse
operations).
CM30173:
Cryptography
Part II
Outline
Combining basic
building blocks
Substitution-
permutation
networks
Example SPN
Attacks on SPNs
Example product cipher
Cryptosystem (Product)
Our product cryptosystem is then (P, C,K #K, E ,D).
For each key (k1, k2) in the keyspace we have a member
of the set E of encryption functions:
e(k1,k2)(x) = e
(2)
k2
(e
(1)
k1
(x))
and a member of the set D:
d(k1,k2)(y) = d
(1)
k1
(d
(2)
k2
(y))
CM30173:
Cryptography
Part II
Outline
Combining basic
building blocks
Substitution-
permutation
networks
Example SPN
Attacks on SPNs
Iterated ciphers
Definition (Iterated block cipher)
An iterated block cipher is a block cipher is made up
from:
A key schedule of Nr round keys:
(k1, k2, . . . , kNr), derived, using a fixed public
algorithm, from the key k.
A round function f which takes a round key and
a current state
The encryption (and decryption) functions consist of
repetition of the round function Nr times.
Private-key cryptography: block ciphers
Outline
Combining basic building blocks
Substitution-permutation networks
Example SPN
Attacks on SPNs