![Triple DEA
Triple DEA
Use three keys and three executions of the DES algorithm
(encrypt-decrypt-encrypt)
◦ C = ciphertext
◦ P = Plaintext
◦ EK[X] = encryption of X using key K
◦ DK[Y] = decryption of Y using key K
Effective key length of 168 bits
15
C = EK3[DK2[EK1[P]]]](https://image.slidesharecdn.com/desalog-241105162946-c7e486a7/85/DATA-ENCRTPTION-STANDARDS-IN-CRYPTOGRAPY-15-320.jpg)
![Cipher Block Modes of
Cipher Block Modes of
Operation
Operation
Cipher Block Chaining Mode (CBC)
◦ The input to the encryption algorithm is the XOR
of the current plaintext block and the preceding
ciphertext block.
◦ Repeating pattern of 64-bits are not exposed
19
i
i
1
i
1
i
i
K
1
i
i
1
i
i
K
i
1
i
K
K
i
K
i
1
i
k
i
P
P
C
C
]
[C
D
C
)
P
(C
]
[C
D
)]
P
(C
[E
D
]
[C
D
]
P
[C
E
C
](https://image.slidesharecdn.com/desalog-241105162946-c7e486a7/85/DATA-ENCRTPTION-STANDARDS-IN-CRYPTOGRAPY-19-320.jpg)
DATA ENCRTPTION STANDARDS IN CRYPTOGRAPY
- 1. Chapter 2 Chapter 2 CONVENTIONAL CONVENTIONAL ENCRYPTION MESSAGE ENCRYPTION MESSAGE CONFIDENTIALITY CONFIDENTIALITY 1 V.SIVA PRASAD DEPT OF MCA
- 2. Outline Outline Conventional Encryption Principles Conventional Encryption Algorithms Cipher Block Modes of Operation Location of Encryption Devices Key Distribution 2
- 3. Conventional Encryption Conventional Encryption Principles Principles An encryption scheme has five ingredients: ◦ Plaintext ◦ Encryption algorithm ◦ Secret Key ◦ Ciphertext ◦ Decryption algorithm Security depends on the secrecy of the key, not the secrecy of the algorithm 3
- 5. Cryptography Cryptography Classified along three independent dimensions: ◦ The type of operations used for transforming plaintext to ciphertext ◦ The number of keys used ◦ symmetric (single key) ◦ asymmetric (two-keys, or public-key encryption) ◦ The way in which the plaintext is processed 5
- 6. Average time required for Average time required for exhaustive exhaustive key search key search 6 Key Size (bits) Number of Alternative Keys Time required at 106 Decryption/µs 32 232 = 4.3 x 109 2.15 milliseconds 56 256 = 7.2 x 1016 10 hours 128 2128 = 3.4 x 1038 5.4 x 1018 years 168 2168 = 3.7 x 1050 5.9 x 1030 years
- 7. Feistel Cipher Structure Feistel Cipher Structure Virtually all conventional block encryption algorithms, including DES have a structure first described by Horst Feistel of IBM in 1973 The realization of a Fesitel Network depends on the choice of the following parameters and design features (see next slide): 7
- 8. Feistel Cipher Structure Feistel Cipher Structure Block size: larger block sizes mean greater security Key Size: larger key size means greater security Number of rounds: multiple rounds offer increasing security Subkey generation algorithm: greater complexity will lead to greater difficulty of cryptanalysis. Fast software encryption/decryption: the speed of execution of the algorithm becomes a concern 8
- 9. 9
- 10. Conventional Encryption Conventional Encryption Algorithms Algorithms Data Encryption Standard (DES) ◦ The most widely used encryption scheme ◦ The algorithm is reffered to the Data Encryption Algorithm (DEA) ◦ DES is a block cipher ◦ The plaintext is processed in 64-bit blocks ◦ The key is 56-bits in length 10
- 13. DES DES The overall processing at each iteration: ◦Li = Ri-1 ◦Ri = Li-1 F(Ri-1, Ki) Concerns about: ◦The algorithm and the key length (56-bits) 13
- 14. Time to break a code (10 Time to break a code (106 6 decryptions/µs) decryptions/µs) HENRIC JOHNSON 14
- 15. Triple DEA Triple DEA Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt) ◦ C = ciphertext ◦ P = Plaintext ◦ EK[X] = encryption of X using key K ◦ DK[Y] = decryption of Y using key K Effective key length of 168 bits 15 C = EK3[DK2[EK1[P]]]
- 17. Other Symmetric Block Other Symmetric Block Ciphers Ciphers International Data Encryption Algorithm (IDEA) ◦ 128-bit key ◦ Used in PGP Blowfish ◦ Easy to implement ◦ High execution speed ◦ Run in less than 5K of memory 17
- 18. Other Symmetric Block Other Symmetric Block Ciphers Ciphers RC5 ◦ Suitable for hardware and software ◦ Fast, simple ◦ Adaptable to processors of different word lengths ◦ Variable number of rounds ◦ Variable-length key ◦ Low memory requirement ◦ High security ◦ Data-dependent rotations Cast-128 ◦ Key size from 40 to 128 bits ◦ The round function differs from round to round 18
- 19. Cipher Block Modes of Cipher Block Modes of Operation Operation Cipher Block Chaining Mode (CBC) ◦ The input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block. ◦ Repeating pattern of 64-bits are not exposed 19 i i 1 i 1 i i K 1 i i 1 i i K i 1 i K K i K i 1 i k i P P C C ] [C D C ) P (C ] [C D )] P (C [E D ] [C D ] P [C E C
- 21. Location of Encryption Location of Encryption Device Device Link encryption: ◦ A lot of encryption devices ◦ High level of security ◦ Decrypt each packet at every switch End-to-end encryption ◦ The source encrypt and the receiver decrypts ◦ Payload encrypted ◦ Header in the clear High Security: Both link and end-to-end encryption are needed (see Figure 2.9) 21
- 23. Key Distribution Key Distribution 1. A key could be selected by A and physically delivered to B. 2. A third party could select the key and physically deliver it to A and B. 3. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. 4. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B. 23
- 24. Key Distribution (See Figure Key Distribution (See Figure 2.10) 2.10) Session key: ◦ Data encrypted with a one-time session key.At the conclusion of the session the key is destroyed Permanent key: ◦ Used between entities for the purpose of distributing session keys 24
- 25. 25