This presentation contains the contents pertaining to the undergraduate course on Cryptography and Network Security (UITC203) at Sri Ramakrishna Institute of Technology. This covers the Data Encryption Standard and its variants.
2. Data Encryption Standard
• Issued in 1977 by National Institute of Standards and Technology
• Initially referred to as Data Encryption Algorithm
• Data encrypted in 64-bit blocks using 56-bit key
• Most dominant symmetric encryption algorithm, especially in financial applications till the introduction of AES
UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 2
4. Single Round of DES Algorithm
UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 4
5. Calculation of F(R,K)
UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 5
Avalanche Effect
A change in one bit of the plaintext or one bit of the key should produce a change in many bits of the
ciphertext.
6. Strength of DES
Use of 56-bit keys
• 256 possible keys≈ 7.2 × 1016
which makes brute-force attack impractical
Nature of DES Algorithm
• Design criteria for S-box is not made public
Timing Attacks
• DES is resistant to timing attacks
UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 6
Key Size (bits) Cipher No. of
alternative keys
Time required at 109
Decryptions/s
Time required at
1013 Decryptions/s
56 DES 256 ≈ 7.2 × 1016 255 ns = 1.125 years 1 hour
26 characters
(permutation)
Monoalphabetic 2! = 4 × 1026 2 × 1026 ns = 6.3 × 109 years 6.3 × 106 years
7. DES Modes of Operation
ECB – Electronic Code Block
CBC – Cipher Block Chaining
OFB – Output Feedback
CFB – Cipher Feedback
• ANSI banking standards specify ECB and CBC for encryption, and CBC and n-bit CFB for authentication
UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 7
8. Double DES
UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 8
Two encryption stages with two keys ⇒ key length=112
Encryption: C = E(K2, E(K1, P))
Decryption: P = D(K1, D(K2, C))
9. Triple DES with two keys
UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 9
10. Triple DES with three keys
• Effective key-length is 168
• C = E(K3, D(K2, E(K1, P)))
• A number of internet-based applications like PGP, S/MIME etc. adopt three-key triple DES
UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 10
Variants of DES
DESX – RSA Data Security
CRYPT – Unix Systems
11. Block Cipher Design Principles
Number of Rounds
• The greater the number of rounds, the more difficult it is to perform cryptanalysis, even for a relatively weak F.
• The number of rounds is chosen so that known cryptanalytic efforts require greater effort than a simple brute-force
key search attack
Design of Function F
• F must be non-linear
• The more difficult it is to approximate F by a set of linear equations, the more nonlinear F is
• Strict avalanche criterion
• Bit independence criterion
Key Schedule Algorithm
• Select subkeys to maximize the difficulty of deducing individual subkeys and the difficulty of working back to the
main key
• The key schedule should guarantee key/ciphertext Strict Avalanche Criterion and Bit Independence Criterion
UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 11
12. References
Schneier, B. (2007). Applied cryptography: protocols, algorithms, and source code in C. John Wiley & Sons.
Stallings, W. (2014). Cryptography and network security, 6/E. Pearson Education India.
Katz, J., & Lindell, Y. (2014). Introduction to modern cryptography. CRC press.
UITC203 CRYPTOGRAPHY AND NETWORK SECURITY 12