MODERNBLOCKCIPHERS

Forusewithcomputersweneedbitoriented ciphers Modernsymmetrickeyblockciphersencryptsnbit blocksofPT Ifthemsghasfewerthannbits,paddingbitsadded Commonvaluesofnare64,128,256,512

MODERNBLOCKCIPHERS

Modernblockciphersaredesignedassubstitution ciphers/substitranspostioncombination

ComponentsofaModernBlock Cipher

Amodernblockcipherismadeofacombinationof

transpositionunits(PBoxes)and substitutionunits(SBoxes)

PBoxes

Transposesbits Threetypesfoundinmodernblockciphers

Straight,Expansion,Compression

StraightPBox

Theaboveone(64x64)fors/wimplementation Prewiredforh/wimplementation

CompressionPBox

'n'inputsand'm'(m<n)outputs Eg.a32x24permutationtableforacomp.PBox

Inputs7,8,9,15,16,23,24,25areblocked

ExpansionPBox

'n'inputsand'm'(m>n)outputs Eg.a12x16permut.tab.foranExpansionPBox

Inputs1,3,9and12aremappedto2outputs

InvertibilityofPBoxes

Straightpboxesareinvertiblebutnottheothers

So,straightpboxescanbeusedinencryption ciphers&correspondinginversepboxescanbe usedindecryptionciphers

Substitutionbox(SBox)

Substitutiondone Takesasinput,annbitwordandproducesanmbit word(mneednotbe=n) ThereareLinearandNonlinearSBoxes LinearSbox(relationb/wi/p&o/pisalinearfunction)

NonLinear???

InvertibilityofSBoxes

Mayormaynotbeinvertible.Ifinvertible,thenumberof inputbitswillbeequaltothenumberofoutputbits AninvetibleSBoxcanbeusedinanencryptioncipherand correspondinginvertedSBoxcanbeusedinthe respectivedecryptioncipher

ExclusiveOR(XOR)

PropertiesofXORinGF(2n)fields

Closure:nbitsXORnbits=>nbits Associativity Commutativity ExistenceofIdentity=>allnbits='0' ExistenceofInverse=>Eachwordisanadditive inverseofitself Complement:xXORx'=111...1 x'

xXOR(111...1)=x'

ExclusiveOR(XOR)

InvertibilityofXORoperation

Circularshift

Shiftingcanbetotheleftortotheright Helpstohidepatternsintheoriginalword No.ofpositionstobeshifted(k)canbetreatedasakey, butinmodernciphersitisusedkeyless(byfixinga particularvalueforkforacipher) Invertibility:circularleftshift<=>circularrightshift Shiftingismodulon Circularshiftoperationundercompositionoperationisa group

Swapoperation

Specialcaseofcircularshift(n/2bitsshifted) Selfinvertible Operationvalidonlyifniseven

Split&Combineoperation

Split=>splitsnbitwordsinthemiddle Combine=>concatenates2equallengthwords Operationvalidonlyifniseven Inversesofeachother

ProductCiphers

Shannonintroducedtheconcept.Allmodernciphersare~ Acomplexcipherthatcombinessubstitution,permutation, XOR,circularshift,etc. Diffusion&Confusion

Theideaofdiffusionistohidetherelationshipb/w CTandPT

ACTsymbol/bitdependentonsome/allPTs/b

Theideaofconfusionistohidetherelationshipb/w CTandKey

Ifasinglebitofkeychanged,most/allbitsof CTchanged

Productciphers

Rounds

Diffusionandconfusioncanbeachievedusing iteratedproductciphers Eachiteration(round)isacombinationofSBox,P box,etc. Createsdifferent(round)keysforeachroundfrom theoriginalkey PT=>MT=>MT=>...=>MT=>CT

Keyschedule/generator

Middletext

Aproductcipherwith2rounds

Confusion&DiffusionwithSBox&PBox

Twoclassesofproductciphers

Classthatusebothinvertibleandnoninvertible components

TheseciphersareusuallyknownasFiestelCiphers Eg.DESisaFiestelCipher CallednonFiestelciphers Eg.AES

Classthatuseonlyinvertiblecomponents

FiestelCiphers

Dealingwithnoninvertibleelements,Eg. noninvertible

Heref(K)isnoninvertible

AnimprovedFiestelDesign

InputtothefunctionisKey+apartofPT

R1mustbe=R3 R1sentunencrypted(flaw)

FiestelCipherfinaldesign

NonFiestelCiphers

Useonlyinvertiblecomponents SBoxesusedmustbestraightSBoxes NocompressionorexpansionPBoxesallowed Aproductcipherwith2roundscanbeconsidered asanonfiestelcipher

MODERNSTREAMCIPHERS

EncryptionandDecryptiondonerbitsatatime Ciphershave

APTbitstreamP=pn...p2p1 ACTbitstreamC=cn...c2c1 AKeybitstreamK=kn...k2k1 pi'sci'sandki'sarerbitwords ci=E(ki,pi)andpi=D(ki,ci)

MODERNSTREAMCIPHERS

Fasterthanblockciphers Easierhardwareimplementation Twocategories:Synchronous&Nonsynchronous

Synchronousstreamciphers

KeystreamisindependentofPTorCTstream Eg.Onetimepad(bitoriented)

SimpleXORoperation Idealcipherbutdifficulttoimplementinpractice

FeedbackShiftRegister(FSR)

AskeystreamgeneratorforOnetimePad

FeedbackShiftRegister(FSR)

Thecellsareinitializedwithanmbitwordcalled seed seed Wheneveranoutputbitisneeded,everybitis shiftedonepositiontotheright Rightmostbitistheoutput FSRscanbelinearornonlinear linear InaLFSR,outputbitisalinearfunctionof b0,b1,...,bm1

FeedbackShiftRegister(FSR)

AnLFSRwith5cellsinwhichb5=b4^b2^b0

Bitsequencemaylooklikerandom,butisperiodic Basedonthedesign&seed,theperiodcanbeupto 2m1

FSR

NLFSR(NonLinearFSR)

HassamestrucureasanLFSRexceptthatthe feedbackfunctionisnonlinear Notcommonbecausethereisnomathematical foundationforhowtomakeanNLFSRwith maximumperiod

Nonsynchronousstreamciphers

EachkeyinthekeystreamdependsonpreviousPT orCTsymbol