Write the design principle of Block cipher.
Ans: Block ciphers treat a block of plaintext as a whole. Typically, a block size is 64 or 128 bits. They are more popular than stream ciphers and mostly based on Feistel cipher structure.
Block Cipher Principles specifies:
- Most of the symmetric block ciphers are based on a Feistel Cipher Structure,
- It must be able to decrypt cipher text to recover messages efficiently,
- Block ciphers look like an extremely large substitution,
- Need table for a 64-bit block, instead of creating smaller building blocks,
- For designing, use idea of a product cipher.
What is the purpose of S-boxes in DES?
Ans: The Data Encryption Standard (DES) is a block cipher that was designed according to these two principles:-
- Confusion - dissipates statistical structure of plaintext over bulk of ciphertext
- Diffusion - makes relationship between ciphertext and key as complex as possible
- cryptographic operations are:-
The substitution consists of a set of eight S-boxes, each of which accepts 6 bits as input and produces 4 bits as output. These transformations are interpreted as follows:
- The first and last bits of the input to box Si form a 2-bit binary number to select one of four substitutions defined by the four rows in the table for Si.
- The middle four bits select one of the sixteen columns.
- The decimal value in the cell selected by the row and column is then converted to its 4-bit representation to produce the output.
For example, in S1, for input 011001, the row is 01 (row 1) and the column is 1100 (column 12). The value in row 1, column 12 is 9, so the output is 1001.
Explain briefly AES.
Ans: In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as 'Rijndael'. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively.
AES is a symmetric block cipher that is intended to replace DES as the approved standard for a wide range of applications since DES have theoretical attacks that can break it and have demonstrated exhaustive key search attacks.
Key Features and Requirements for AES:-
- Based on a design principle known as a Substitution permutation network.
- It is fast in both software and hardware.
- Unlike its predecessor, DES, AES does not use a Feistel network.
- private key symmetric block cipher
- 128-bit data, 128/192/256-bit keys
- stronger & faster than Triple-DES
- active life of 20-30 years (+ archival use)
- provide full specification & design details
- both C & Java implementations
How strength of DES can be calculated?
Ans: The levels of security provided by DES in two areas are: key size and the nature of the algorithm.
Key Size: With a key length of 56 bits, there are 2^56 possible keys, which is approximately 7.2*10^16 keys. Thus a brute-force attack appeared impractical.
Analytic Attacks: These techniques utilise some deep structure of the cipher by gathering information about encryptions so that eventually you can recover some/all of the sub-key bits, and then exhaustively search for the rest if necessary. Attacks of this form include differential cryptanalysis, linear cryptanalysis and related key attacks.
Timing Attacks: A timing attack is one in which information about the key or the plaintext is obtained by observing how long it takes a given implementation to perform decryptions on various ciphertext.
Give an overview of working principle of triple DES.
Ans: In cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm (TDEA) block cipher.
- It applies the cipher algorithm three times to each data block.
- Triple DES provides a relatively simple method of increasing the key size of DES to protect against brute force attacks, without requiring a completely new block cipher algorithm.
- Must use 3 encryptions with a need of 3 distinct keys but can use 2 keys with E-D-E sequence.
- The encryption algorithm is: C = EK1(DK2(EK1(P)))
- Decryption is the reverse: P = DK1(EK2(DK3(C)))
What is Multiple Encryption and where it is used?
Ans: The potential vulnerability of DES i.e.
- theoretical attacks that can break it,
- demonstrated exhaustive key search attacks requires a clear replacement for DES. Thus, there has been considerable interest in finding an alternative.
One approach is to design a completely new algorithm, of which AES is a prime example.
Another alternative, which would preserve the existing investment in software and equipment, is to use multiple encryptions with DES and multiple keys. We examine the widely accepted triple DES (3DES) approach.
Usage: The use of double encryption does not provide the expected increase in security when compared with the increased implementation requirements, and it cannot be recommended as a good alternative. Instead, triple-encryption is the point at which multiple encryptions give substantial improvements in security.