adam's notes

Block Cipher Design

Block cipher is an encryption–decryption scheme where a block of plaintext is treated as a single block and is used to obtain a block of ciphertext with the same size.

How Block Ciphers Operate

Block-Based Ciphering

  • Plaintext is divided into a series of fixed-length blocks ()
    • current standards use a block bit-length of 64 or 128
  • An encryption key (with a known length of 56, 128, 192, or 256 bits)
  • Encrypted blocks () are of fixed length
    • same length as the plaintext blocks
  • Decryption is the inverse operation
  • block cipher is composed of two algorithms:
    • encryption
    • decryption
  • both use same secret key
  • For any plaintext , the following property holds:
  • encryption and decryption algorithms are based on iterated operations

Confusion and Diffusion Properties

  • 2 fundamental properties of operation of secure ciphers

Confusion is a cipher operation where each bit of the ciphertext should depend on several bits of the key.

  • thus the statistical relationship between the plaintext and the ciphertext should be hidden

Diffusion is a cipher operation where when a single bit is changed in the plaintext, several bits in the ciphertext should change and vice versa.

Avalanche effect is when changing a few bits in the plaintext results in a lot of changes in the ciphertext.

  • small change in the key or plaintext should cause a drastic change in the ciphertext

Common techniques to achieve confusion and diffusion:

  • substitution boxes
  • permutations
  • key expansion

Substitution Boxes

An substitution box (S-Box) is an array of rows by columns.

  • contains elements of specific length
    • e.g. AES has s-box of length 8 bits
  • generally, the number of rows or columns is at most 16
  • bit lengths of the elements of an S-box depends on each cipher
  • element space of an S-Box is at most equal to that of the input space
    • otherwise some elements are never used

S-Box Mapping

  • the value to replace is converted into two indexes, and
  • then, the content of the cell, , is returned as the element to replace

Properties expected to not compromise security and to enable decryption:

  1. Nonlinearity of S-Boxes
    • S-Boxes include elements that appear as random sequences of elements
    • so no relationship between elements could be inferred to design attacks
  2. Deterministic
    • same input is always mapped to the same output

Permutation

Permutation is a function that is a permutation if there exists an inverse function such that , for any .

  • block ciphers use permutations to swap a part of a block with another, so that the diffusion is increased
  • defined by permutation tables or with shifting and mixing

Key Expansion

  • block ciphers use multiple rounds of the same function (round function)
  • to increase confusion, each round uses its own round key
    • cipher uses keys where = number of rounds

Key expansion function is the component of block ciphers that generates the round keys from the initial key (called the cipher key).

  • aka key schedule function
  • makes use of permutations and s-boxes

Key Expansion

Feistel Structure

  • block ciphers are based on Feistel network (aka Feistel structure)
  • main component is the round function
    • takes an input block and a round key and returns an output of the same length as the input block
    • can be invertible or not
    • number of rounds is a setting parameter
      • often
      • depends on the tradeoff between desired security level and efficiency
        • latter is measured in terms of computation time or hardware implementation complexity
  • each round makes use of a round key
    • performs a substitution and a permutation

Graph View

Backlinks