Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
TheAmazingKingBlockCiphers
TheAmazingKingBlockCiphers
BlockCiphersarecryptographicalgorithmsthatprocessdatainchunkscalledblocks.Plaintextblocksare
combinedwithakeytoproduceciphertextblocks.Thedatailsofthiscombiningiswhatdeterminesthe
strengthofthecipher.However,thesedetailsshouldnotbekeptsecret.Inacademiccryptanalysis,itis
assumedthattheattackerhasfullknowledgeofthealgorithmsinnerworkingsandlacksonlythekey.Thus,
ciphersaredesignedinsuchawaythatallofthesecurityrestsonkeepingthekeysecret.
KeyExpansion
Beforewecancombineakeywithablockofplaintextwemustensurethattheirlengthscorrespondin
somemeaningfulway.Forexample,theblocksizeandthekeylengthcouldbeidentical.Thiswouldleadto
someeasycomputationandmaximizetheeffectiveuseofthekeybits.Sometimesthereisaneedformore
keymaterialthanjusttheoriginalkeyinthesecases,thealgorithmmustemployakeyexpansion
algorithm.Wecouldhaveablocksizeof256bitsbutakeylengthofonly128bits.Thesimplestkey
expansionmethodistosimplyrepeatthekeyuntilthereisenoughkeymaterial.Thisisaprettybadidea
thoughrepetitionofthekeyshouldbeavoidedduringcipherdesign.Also,thekeyexpansionalgorithmdoes
notneedtobereversibleitonlyprovidesmorekeymaterialfromwhichtheoriginalkeydoesnotneedtobe
recoverable.Inthisway,keyexpansionissimilartohashingexceptthatweareexpandingratherthan
compressing.
SubstitutionPermutationNetworks
SPNsareapopularwaytostructureciphersandaresimpleenoughforustoapproachatthispoint.The
plaintextblockisprocessedmultipletimesduringencryption(anddecryption).Theprocessthatisrepeated
iscalledaroundfunctiontheseroundsarechainedtogetherbacktobacktoformthefullalgorithm.Each
roundtakesinputdataandasubkey,combinesthem,performssomesubstitutionandpermutation,and
producestheoutput.Subkeysarecreatedfromtheoriginalkeybyakeyexpansionalgorithmdesignedfor
multipleroundcipherscalledakeyschedule.Apopularmethodofcombiningasubkeywithdataisbitwise
http://www.theamazingking.com/cryptoblock.php
1/4
9/2/2016
TheAmazingKingBlockCiphers
XOR.Ineachround,afterthekeymixing,thedataisscrambledfurtherusingsubstitutionandpermutation
functions.
KeyMixing
KeyMixingistheelementofacipherinwhichthedatameetsthekeymaterial.Manytimesthisisoneof
thesimplestportionsofthealgorithm.ItoftenconsistsofsimplyXORingthedatawithkeymaterialofthe
samelength.XORhassomeveryinterestingpropertiesthatmakeitusefulincryptography.Ifaninputis
XOR'dwithakeytoproduceanoutputthisoutputcanthenbeXOR'dwiththesamekeytoproducethe
inputagain.Inotherwords:P
K=CandC
K=P.Thereisanotherequationwhichholdstrueandisofinteresttocryptanalysts:P
C=K.WhatthismeansisthatifacipherusesonlyXOR,itistriviallyvulnerabletoaknownplaintext
attack.Inotherwords,ifanattackercancaptureoneblockofplaintextandoneblockofthecorresponding
ciphertexthecanderivethekey.TheattackerjustneedstoXORthetwoblockstogetheraddingmore
roundswon'thelpandneitherwilladdingsubstitution/permutation.However,integratingbothofthese
elementsintothecipherproperlywillremedythissimpleattack.ThiskeymixingXORstageofthecipheris
completelylinearthesubstitution/permutationelementsarerequiredtoaddnonlinearitytothealgorithm.
PermutationBoxes
ThisisanelementofciphersthataddsDiffusiontothealgorithm.Theobjectiveofdiffusionistospread
informationaroundintheciphertext.Agroupoftechniquescalledfrequencyanalysistakeadvantageof
patternsintheinputdata(i.e.theEnglishlanguage)tohelpdeducetheplaintext.Ciphersusingonly
http://www.theamazingking.com/cryptoblock.php
2/4
9/2/2016
TheAmazingKingBlockCiphers
substitutionarevulnerabletotheseattacks.Thesimplestexampleisthemonoalphabeticcipherusedin
puzzlescalledcryptograms.Thesepuzzleslackanydiffusionatallandaresovulnerabletofrequency
analysisthattheycanbesolvedbyhandforfun.PBoxescanbeaddedtocipherstointroducediffusion.
Theseareverysimplefunctionsthatmovebitvaluesfromonepositiontoanother.Forexample,aPBox
mightswitchthevaluesofBit0andBit2duringencryption(andthesameduringdecryption).
SubstitutionBoxes
SBoxesaddsomethingcalledconfusiontociphersthatemploythem.Theyobscuredifferencesbetween
theplaintextandtheciphertext.Byproperlyaddingconfusiontoacryptographicalgorithm,wecanmakeit
moreresistanttodifferentialandlinearcryptanalysis.Substitutionfunctionsmustbereversibleinorderto
allowdecryptionandbythemselvestheyprovidenosecurity.Butwhencombinedwithdiffusionandkey
mixingovermultiplerounds,securitycanbeachieved.ThesimplesttypeofSBoxtakesinputandchecksa
lookuptabletodeterminetheoutput.Inthedecryptionroutine,thislookuptableisobviouslyreversed.The
designofsubstitutionboxesisverytrickybusinessandrequiresadeepunderstandingofmodern
cryptanalyticmethods.Basically,inputpatternsintotheboxshouldproducepatternsintheoutputwitha
probabilityclosetothatofarandomfunction.Example:ifyouXORalloftheinputbitswitheachotheracross
allpossibleinputs,aperfectsboxwouldproducethesameXOR'dvalueinexactlyhalfofthecorresponding
outputs.
FeistelCiphers
http://www.theamazingking.com/cryptoblock.php
3/4
9/2/2016
TheAmazingKingBlockCiphers
TherearealotofwaysthatwecanstructureablockcipherthefirstoneweexploredwiththebasicSPN.
Anotherstructure,whichisextremelypopular,isaFeistelcipher.WhatmakesFeistelstructuressouseful
isthattheroundfunction(themeatofthealgorithm)inthemcanbeverysimilaroreventhesameinthe
encryptionanddecryptionfunctions.ThismeansthatdeployingacryptosystemthatusesaFeistellike
structuremightrequirehalfthecodethanotheralgorithms.Thesetypesofciphershavealsobecome
popularbecauseDES(DataEncryptionStandard)usesaFeistelstructure.DESisprobablythemoststudied
algorithminhistoryandmuchresearch,andthereforeciphers,isbasedonit.Datacomesintothealgorithm
andissplitintotwohalves:leftandright.Therightsideiscombinedwithasubkeyfromakeyexpansion
algorithm(keyschedule)usingtheroundfunction.Theroundfunctiontypicallyinvolveskeymixing,
substitution,andpermutation.TheoutputoftheroundfunctionisthenXOR'dwiththelefthalfthisproduces
thenextround'srighthalf.Thenextround'slefthalfissimplythecurrentround'srighthalf.Thischunkof
processingiscalledaroundandeachroundgetsasubkey.Typically,themoreroundsinacipher,themore
secureitis.ThereareagreatmanyresearchpapersouttherethatdealwithFeistelstructuresanditwill
benefitthereadertounderstandthemwell.
http://www.theamazingking.com/cryptoblock.php
4/4