mirror of
https://github.com/calofmijuck/blog.git
synced 2025-12-06 14:53:50 +00:00
fix: broken image links have been fixed
This commit is contained in:
@@ -118,7 +118,7 @@ This is a matter of *collisions* of $f(x_i)$, so we use the facts from the birth
|
||||
|
||||
A **block cipher** is actually a different name for PRPs. Since a PRP $E$ is a keyed function, applying $E(k, x)$ is in fact encryption, and applying its inverse is decryption.
|
||||
|
||||
|
||||
|
||||
|
||||
Block ciphers commonly have the following form.
|
||||
- A key $k$ is chosen uniformly from $\left\lbrace 0, 1 \right\rbrace^s$.
|
||||
@@ -140,7 +140,7 @@ Block ciphers commonly have the following form.
|
||||
|
||||
Since block ciphers are PRPs, we have to build an invertible function. Suppose we are given **any** functions $F_1, \dots, F_d : \left\lbrace 0, 1 \right\rbrace^n \rightarrow \left\lbrace 0, 1 \right\rbrace^n$. Can we build an **invertible** function $F : \left\lbrace 0, 1 \right\rbrace^{2n} \rightarrow \left\lbrace 0, 1 \right\rbrace^{2n}$?
|
||||
|
||||
|
||||
|
||||
|
||||
It turns out the answer is yes. Given an $2n$-bit long input, $L_0$ and $R_0$ denote the left and right halves ($n$ bits) of the input, respectively. Define
|
||||
|
||||
@@ -160,7 +160,7 @@ Note that we did not require $F_i$ to be invertible. We can build invertible fun
|
||||
|
||||
In DES, the function $F_i$ is the DES round function.
|
||||
|
||||
|
||||
|
||||
|
||||
The Feistel function takes $32$ bit data and divides it into eight $4$ bit chunks. Each chunk is expanded to $6$ bits using $E$. Now, we have 48 bits of data, so apply XOR with the key for this round. Next, each $6$-bit block is compressed back to $4$ bits using a S-box. Finally, there is a permutation $P$ at the end, resulting in $32$ bit data.
|
||||
|
||||
@@ -168,7 +168,7 @@ The Feistel function takes $32$ bit data and divides it into eight $4$ bit chunk
|
||||
|
||||
DES uses $56$ bit keys that generate $16$ rounds keys. The diagram below shows that DES has 16-round Feistel networks.
|
||||
|
||||
|
||||
|
||||
|
||||
The input goes through initial/final permutation, which are inverses of each other. These have no cryptographic significance, and just for engineering.
|
||||
|
||||
@@ -176,7 +176,7 @@ The input goes through initial/final permutation, which are inverses of each oth
|
||||
|
||||
DES is not secure, since key space and block length is too small. Thankfully, we have a replacement called the **advanced encryption standard** (AES).
|
||||
|
||||
|
||||
|
||||
|
||||
- DES key only had $56$ bits, so DES was broken in the 1990s
|
||||
- NIST standardized AES in 2001, based on Rijndael cipher
|
||||
@@ -254,7 +254,7 @@ Then the key space has increased (exponentially). As for 2DES, the key space is
|
||||
|
||||
Unfortunately, 2DES is only secure as DES, with the attack strategy called **meet in the middle**. The idea is that if $c = E(k_1, E(k_2, m))$, then $D(k_1, c) = E(k_2, m)$.
|
||||
|
||||
|
||||
|
||||
|
||||
Since we have the plaintext and the ciphertext, we first build a table of $(k, E(k_2, m))$ over $k_2 \in \mathcal{K}$ and sort by $E(k_2, m)$. Next, we check if $D(k_1, c)$ is in the table for all $k_1 \in \mathcal{K}$.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user