Cryptography Reference
In-Depth Information
4.
Subkeys
: Generation of subkeys from an input key during the operation
of the algorithm aids in thwarting cryptanalysis.
S-DES and DES are examples of Feistel ciphers (with the only deviation
from the above being that DES and S-DES begin and end with permutations).
S-DES has a round function given above with
r
= 2, and subkey generation
described in the above key schedule. DES is a Feistel cipher with
r
= 16.
Now we are in a position to explain the intimate details of just how the
substitutions and permutations are used in Feistel ciphers in general, and DES
in particular.
Confusion and Diffusion
DES is basically a block cipher combining fundamental cryptographic tech-
niques,
confusion
and
diffusion
.
Confusion
obscures the relationship between
the plaintext and the ciphertext, which thwarts a cryptanalyst's attempts to
study the ciphertext by looking for redundancies and statistical patterns. The
best way to cause confusion is through the use of a complex substitution algo-
rithm. (Note that a simple linear substitution such as some we have studied
earlier, would add negligible confusion. It is
necessary
to have a deeply complex
substitution algorithm in order to cause confusion.)
Diffusion
dissipates the redundancy of the plaintext by spreading it over
the ciphertext, which frustrates a cryptanalyst's attempts to search for redun-
dancies in the plaintext through observations of the ciphertext. The simplest
manner in which we can cause diffusion in a binary block cipher is through re-
peatedly performing a permutation on the data followed by the application of
a function to that permutation. This results in bits from different positions in
the plaintext contributing to the same position in the ciphertext. Since DES in-
volves an initial permutation followed by sixteen rounds of substitution, then a
final permutation, DES essentially employs a sequence of confusion and diffusion
techniques.
In 1949, Shannon published [250] in which the terms “confusion” and “dif-
fusion” were introduced. His idea was to thwart frequency analysis by cryptan-
alysts, such as those we have studied in Chapters 1 and 2. We will learn more
about Shannon later; see Section 11.1, pages 425-426.
The plaintext block size in DES of a 64-bit key input (reduced to 56-bit in
the algorithm, since eight of the bits are parity check bits that are discarded)
proved to be insecure for modern purposes. The new AES, which we will study
in Section 3.5, has a 128-bit keylength, which is common in much of modern-day
cryptosystems. (Many of us will see at the bottom of our browsers, when logging
into a secure Web site such as online banking, something akin to “
connection
secure —
RC
4
:
128
-bit encrypted
.” This is referring to Rivest's secure 128-bit
RC
4 cipher, a “stream” cipher, which we will study in Section 3.7.) The greater
the number of rounds in a Feistel cipher, the greater the security. Today, sixteen
rounds is typical. Of course, the greater the complexity of the round function,
the greater the di0culty for a cryptanalyst a la Shannon [250]. In fact, Shannon
Search WWH ::
Custom Search