nformation is stored information is stored digitally - just 0s and 1s, so how is text represented?
1. ASCII codes.
1. 0 to 255 decimal or 0 to FF hexadecimal.
2. 8 bits per ASCII character.
3. ASCII table readily available on internet.
2. 2 Hex characters used to represent each of 256 (FF).
3. For example:
1. lowercase ’a’ is 6116 or 011000012 in binary.
2. uppercase ’A’ is 4116 or 010000012 in binary.
Block ciphers
1. A block cipher is a symmetric-key cipher that breaks up the plaintext message
into blocks of a fixed length and encrypts one block at a time.
2. Break the plaintext P into successive blocks:
1. P1, P2, . . . of size n bits each
3. Encrypt each Pi with the same key K of size k bits:
1. EK(P) = EK(P1)EK(P2) . . .
Main types of block ciphers
1. substitution cipher: replace symbols (or groups of symbols) by other symbols
(or groups of symbols).
- 示例:凯撒密码是一种简单的替换密码,其中每个字母在字母表中向前或向后移动固定数量的位置。
2. transposition cipher: permutes the symbols within the block.
- 示例:列转置密码是一种转置密码,其中消息的字母被写入一个矩阵中,然后按列(或其他模式)读取以形成密文。
3. product ciphers: is a composite of substitution and transposition ciphers.
- 示例:Feistel-IBM-1971系统是数据加密标准(DES)的前身,它使用置换(转置)操作来混合大块数据,并使用替换操作来增加混淆。
Feistel structure for block ciphers
1. Named after the IBM cryptographer Horst Feistel and first implemented in the
Lucifer cipher by Horst Feistel and Don Coppersmith.
2. A cryptographic system based on Feistel structure uses the same basic
algorithm for both encryption and decryption.
3. Consists of multiple rounds of processing of the plaintext, with each round
consisting of a “substitution” step followed by a permutation step: combination
of P and S-boxes.
1. The input block to each round is divided into two halves: denoted by L (the left
half) and R (the right half).
2. In each round,
1. the right half of the block R goes through unchanged. R(右半)不变 L(左半)加密
2. the left half L goes through an operation that depends on R and the encryption key.
3. The permutation step at the end of each round: swapping the modified L and R.
Therefore, R L 左右交换
1. the L for the next round would be R of the current round, and
2. R for the next round be the output L of the current round.
Decryption in the Feistel structure
1. The decryption algorithm is exactly the same as the encryption algorithm with
the only difference that the round keys are used in the reverse order.
2. The output of each round during decryption is the input to the corresponding
round during encryption. 解密全部与加密相反 加密的输出是解密的输入
DES: 3-stage/18-step algorithm 数据加密标准
1. Initial permutation.
2. 16 operations (rounds): DES uses the Feistel cipher structure with 16 rounds of
processing.
3. Final permutation.
4. Sizes:
1. Plaintext blocks 64 bits.
2. Ciphertext blocks 64 bits.
注意 如果不够64bits 则用0补齐
Subkeys generation
1. Input: The original 64-bit key k: the key is usually stored as a 64-bit number
originally. Algorithm:
1. k′ = PC1(k) (56-bit intermediate key).
2. A0 = b57 b49 . . . b36 (first half, 28 bits).
3. B0 = b63 b55 . . . b4 (last half, 28 bits).
4. 16 generation stages:
1. Aj = LSj (Aj−1)
2. Bj = LSj (Bj−1)
3. kj = PC2(Aj Bj )
5. where LSj : Cyclic shift to the left (left-rotations) by 1 if j {1, 2, 9, 16} and 2
otherwise.
2. Output: A set of 16 keys kj
- 步骤1:将密钥k通过PC1(Permuted Choice 1)函数处理,得到一个56位的临时密钥k’。
- 步骤2:将临时密钥k’分为两半,得到A0和B0。
- A0:包含密钥的前28位,标记为b57 b49 … b36。
- B0:包含密钥的后28位,标记为b63 b55 … b4。
- 步骤3:进行16个生成阶段:
- 在每个阶段j(j = 1, 2, …, 16),执行以下操作:
- Aj = LSj(Aj−1):将Aj−1向左循环移位j位,如果j是{1, 2, 9, 16}中的一个,则移位1位,否则移位2位。
- Bj = LSj(Bj−1):将Bj−1向左循环移位j位,如果j是{1, 2, 9, 16}中的一个,则移位1位,否则移位2位。
- kj = PC2(Aj Bj):将Aj和Bj通过PC2(Permuted Choice 2)函数处理,得到一个48位的子密钥kj。
- 在每个阶段j(j = 1, 2, …, 16),执行以下操作:
- 步骤4:最终输出16个子密钥k1, k2, …, k16。
Keys generator: PC1 64 → 56
Keys generator: PC2 56 → 48.
-
初始化:
- 假设我们有初始的明文块P,它被分为两半,即左半部分L0和右半部分R0。
-
Li和Ri的计算:
- Li的计算:Li = Ri−1。这意味着左半部分Li是右半部分Ri−1的直接复制。
- Ri的计算:Ri = Li−1 ⊕ f(Ri−1, ki)。这里,⊕表示异或(XOR)逻辑函数,f是DES算法中的特定内部函数,ki是密钥生成器产生的第i个子密钥。
-
子密钥的使用:
- DES算法使用16个子密钥,分别标记为k1, k2, …, k16。每个子密钥ki用于加密过程中的一个轮次。
-
重复轮次:
- 这个Li和Ri的计算过程(Li = Ri−1, Ri = Li−1 ⊕ f(Ri−1, ki))被重复执行16次,每次使用不同的子密钥ki。
-
输出:
- 最后,经过16轮的计算,我们得到两个新的子块,即L16和R16。这两个子块经过一个最终的置换(IP置换)来生成最终的密文块C。
DES: the f function 32→ 48
1. Input: 2 arguments (Ri−1, ki ) of size 32 and 48 ...;
2. Algorithm:
1. Expand Ri−1 to a 48-bit block using a given expansion function;
2. Ccompute Ri−1 
ki ; XOR
3. Decompose the result into eight 6-bit blocks B1B2B3B4B5B6B7B8;
4. Replace independently each 6-bit block Bi by a 4-bit block Ci ;
5. Assemble the eight 4-bit blocks to obtain a 32-bit block C1C2C3C4C5C6C7C8;
6. Permute C using a given permutation function.
3. Output: a 32-bit block;
DES f function: Substitution (Bi → Ci ): the S-box
1. In general, an S-Box takes some number of input bits (m), and transforms them
into some number of output bits (n).
2. Fixed tables are normally used.
- 假设我们有一个6位输入块B1 = 101010。
- 使用外部的两位(b1b6)来选择行,我们得到行索引2(因为10的二进制表示是2)。
- 使用内部的四个位(b2b3b4b5)来选择列,我们得到列索引5(因为0101的二进制表示是5)。
- 在S盒中,行索引2和列索引5对应的4位输出是C1 = 6
DES: stage 3
1. Final Permutation = IP−1 (64 bits)
1. Symmetric: the algorithm is symmetric:
1. the same initial key and the same algorithm will decrypt the ciphertext into the
original plaintext.
2. Public algorithms and functions:
1. the algorithm and the permutations, functions, ... are well known.
2. security depends on the length of the key.
3. Initial and final permutations: useless.
Variant: 3DES
1. Uses a series of DES encryptions/decryptions:
1. there exist multiple variants.
2. The official accepted variant is DES-EDE, that is, GIVEN 3 keys k1, k2 and k3,
compute:
1. Ciphertext = Ek3(Dk2 (Ek1(Plaintext)))
3. Note that k1 = k2 = k3 make Triple DES compatible with DES.
4. It requires three times the computation of normal DES:
1. stronger than DES 计算量大
5. Key size: 168 bits.
6. Security
扫一扫
1516
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
