Cryptography Reference
In-Depth Information
half the output bits, i.e., the second ciphertext looks statistically independent of the
first one. This is an important property to keep in mind when dealing with block
ciphers. We demonstrate this behavior with the following simple example.
Example 3.1.
Let's assume a small block cipher with a block length of 8 bits. En-
cryption of two plaintexts
x
1
and
x
2
, which differ only by one bit, should roughly
result in something as shown in Fig. 3.2.
x
= 0010 1011
y
= 1011 1001
1
1
Block Cipher
x
= 0000 1011
y
= 0110 1100
2
2
Fig. 3.2
Principle of diffusion of a block cipher
Note that modern block ciphers have block lengths of 64 or 128 bit but they show
exactly the same behavior if one input bit is flipped.
3.2 Overview of the DES Algorithm
DES is a cipher which encrypts blocks of length of 64 bits with a key of size of 56
bits (Fig. 3.3).
x
64
56
DES
k
64
y
Fig. 3.3
DES block cipher
DES is a symmetric cipher, i.e., the same same key is used for encryption and
decryption. DES is, like virtually all modern block ciphers, an iterative algorithm.
For each block of plaintext, encryption is handled in 16 rounds which all perform
the identical operation. Figure 3.4 shows the round structure of DES. In every round
a different subkey is used and all subkeys
k
i
are derived from the main key
k
.
Let's now have a more detailed view on the internals of DES, as shown in
Fig. 3.5.The structure in the figure is called a
Feistel network
. It can lead to very
strong ciphers if carefully designed. Feistel networks are used in many, but cer-
tainly not in all, modern block ciphers. (In fact, AES is not a Feistel cipher.) In
addition to its potential cryptographic strength, one advantage of Feistel networks is
that encryption and decryption are almost the same operation. Decryption requires
