A REPORT ON BLOCK CIPHERS (Literature Survey) A Report on BLOCK CIPHERS (Literature Survey) ANUJ PRATEEK R GURUPRASAD B ITS, PILANI NAL, BANGALORE Reviewed by: Dr Vidyadhar Mudkavi NAL, BANGALORE OCTOBER 2006 N A L ATIONAL EROSPACE ABORATORIES BANGALORE ACKNOWLEDGEMENT ACKNOWLEDGEMENT I would like to extend my deep gratitude to Dr. A. R. Upadhya, Director, NAL and Dr. Ranjan Moodithaya, Head KTMD, NAL for granting me the permission and resources, which were indispensable for writing this report. I am also extremely grateful to Dr. M. R. Nayak, Head, TS and Dr. R. M. Jha, Scientist, ALD for their kind permission and very useful suggestions to work in this very interesting area. I would also like to express my deep gratitude to Dr. Vidyadhar Mudkavi, Scientist, CTFD and Dr. U. N. Sinha, Head, FSD for their guidance, technical help and constant motivation throughout the writing of the report. I would like to extend my acknowledgement to Dr. S. Bhogle who provided the initial motivation to carry out this report. Last but not the least; I would like to extend my special thanks to Mr. R. Guruprasad for contributing immensely to the SECTION ONE. It would not be wrong to say that it is completely his work. I would also like to thank him for providing me various resources from his lab and in person too. CONTENT CONTENT S.No. TITLE Page No. A ABSTRACT & INTRODUCTION I B SECTION ONE III 1 INTRODUCTION TO CRYPTOGRAPHY 1 2 EVOLUTION OF CRYPTOGRAPHY 6 3 CHARACTERSTICS OF A GOOD CIPHER 9 REFERENCES R-I C SECTION TWO IV 4 PRODUCT CIPHERS 11 5 BLOCK MODES 13 6 FEISTEL NETWORK 17 7 S-BOX 19 REFERENCES R-II D SECTION THREE V 8 LUCIFER 23 9 DES 25 10 IDEA 32 11 CAST 34 12 LOKI 37 13 SERPENT 41 14 DEAL 45 15 MARS 47 16 SQUARE 55 17 AES 58 18 ANUBIS 66 19 CMEA 72 20 PHELIX 74 21 TIGER 78 22 OTHER ALGORITHMS 80 REFERENCES R-III E SECTION FOUR VI 23 CRYPTANALYSIS 84 24 DIFFERENTIAL CRYPTANALYSIS 96 25 LINEAR CRYPTANALYSIS 99 REFERENCES R-V 26 CONCLUSION 100 27 FUTURE APPLICATION 100 ABSTRACT & INTRODUCTION ABSTRACT This document is a literature survey about block ciphers, especially based on Feistel Network, presented in form of a report. The report concentrates on providing a starting point for designing strong, secure, and efficient cryptosystems. Various design issues and algorithms have been described in the report. Description about various forms of cryptanalysis has also been provided. Report explains the key players of design of block ciphers in detail. The report will provide as a excellent reference material for anyone who wants to design a Feistel network based block cipher. KEYWORDS: Evolution, Good Cipher Characteristics, Product Ciphers, Feistel Network, S-Box, LUCIFER, DES, IDEA, CAST, LOKI97, SERPENT, DEAL, MARS, SQUARE, AES, ANUBIS, CMEA, PHELIX, TIGER, Cryptanalysis, Differential & Linear Cryptanalysis INTRODUCTION Horst Feistel in his famous article, “Cryptography & Computer Privacy,” published in Scientific American, in May 1973, rightly wrote in the very first paragraph of the article, “There is growing concern that computers now constitute a dangerous threat to individual privacy. Since many computers contain personal data and are accessible from distant terminals, they are viewed as unexcelled means of assembling large amount of information about individual or a group. It is asserted that it will soon be feasible to compile dossiers in depth of an entire citizenry, where until recently the material for such dossiers was scattered in many separate locations under widely diverse jurisdictions. It will be argued here, however, a computer system can be adapted to guard its content from everyone but authorized individuals by enciphering the materials in forms highly resistant to cipher breaking.” Feistel clearly reflected in his words that as the amount of digital content is growing, the need of secrecy and authorized access to the information is increasing and future systems should be able to answer these needs. In modern era, these needs have been answered by cryptography, the science and cryptosystem, the product. In these all years the need has grown manifold in various forms and so has the elicit activities related to acquiring unauthorized information has grown. Every science has its advantages and disadvantages, so has cryptography. People involved in various illegal businesses have started using cryptosystems to mask their activities and this has forced law implementers to force the evolution of cryptanalysis i.e. the science of unmasking the crypts. Not arguing on the pros and cons of cryptography, the thing that remains as a concern for learners of this science is development of secure cryptosystems. Cryptography is divided into category and two of the broad categories of general interest are private and public key cryptography. This report talks about private key cryptography and in particular, the sub-sub domain known as Feistel Network based block ciphers. I ABSTRACT & INTRODUCTION The report has been divided into four parts, named as sections. The report flows in a way that the key concepts that are required in design of mentioned cryptosystems are touched and they appear in a progressive sequence. The report neither goes into deep mathematical aspects like efficiency analysis and attack testing etc nor does it sways away from the basic mathematics. The first section introduces cryptography, evolution of cryptography and the desired characteristics of a cryptosystem, in brief. The second section briefs product ciphers, Modes of operation of block ciphers, Feistel Network and S-boxes. Feistel Networks fall in the broad category of product ciphers which is a sub-domain of block ciphers. As any block ciphers have various modes of operation, they are introduced too in this section. S-boxes constitute a very important part of Feistel Network, are most prone to attacks, and hence make place in the section. The third section, the major part of this report, presents various cryptographic algorithms that have come in the modern age. Algorithms are introduced, explained and the attacks have been mentioned. Algorithms that were picked for presentation includes LUCIFER, DES, IDEA, CAST, LOKI, SERPENT, DEAL, MARS, SQUARE, AES, ANUBIS, CMEA, PHELIX, and TIGER. These algorithms provide a strong base for development of new algorithms and show the variety of attacks that can be made on them. CMEA, PHELIX, and TIGER are odd among the mentioned algorithms but have been included for completeness and the lessons that they teach. CMEA provides an insight of embedded-efficient algorithms. PHELIX and TIGER show the other side of private key encryption namely stream ciphers and use hashes. At the end of this section, an introduction about various algorithms existing today is mentioned, though the details are omitted as they are covered more or less by the mentioned detailed algorithms. The last part of the section will help in improving the general knowledge about the algorithms, will provide with the names of key people in the field, and lastly will provide a place to look for reference. The last section or section four introduces cryptanalysis. The section briefs about various methodologies of cryptanalysis. In addition, at the end talks about differential and linear cryptanalysis, the most powerful types of attacks on present day cryptosystems. The report will serve as an excellent reference to anyone who wants to develop a cryptosystem of the type mentioned, whether an advanced reader or an amateur. It is not as everything related to the design has been covered but yes most have been and after reading the report, the reader will know how to proceed and where to look for help. Lastly, the report does not guarantee that the reader will be able to actualize the concept, but yes, a step would be taken in direction of actualization. “Every science needs effort but cryptography is not a mere science, but broader, it is an art; one needs to feel it, imagine it, and breathe it.” II SECTION ONE SECTION - I Introduction to Cryptography Evolution of Cryptography Characteristics of a Good Cipher - R. Guruprasad - Anuj Prateek III INTRODUCTION TO CRYPTOGRAPHY 1. INTRODUCTION TO CRYPTOGRAPHY The word “cryptography” is a Greek word and means “secret writing.” Earlier cryptography was used primarily by the military for the purposes of espionage. Cryptography is defined as the science of devising methods that allow information to be sent in a secure form in such a way that the only person able to retrieve this information is the intended recipient. With the advances in modern communication, technology has enabled businesses and individuals to transport information at a very low cost via public networks such as the Internet. This development comes at the cost of potentially exposing the data transmitted over such a medium. Therefore, it becomes imperative for businesses to make sure that sensitive data is transferred from one point to another in an airtight, secure manner over public networks. Cryptography helps to achieve this goal by making messages unintelligible to all but the intended recipient. Cryptography as a technique can be summarized by the set {P, C, K, E, D} where, • P = Plaintext space • C = Ciphertext Space • K = Key Space • E = Encryption Function Space • D = De-Encryption Function Space The basic principle is this: A message being sent is known as plaintext. The message is then coded using a cryptographic algorithm. This process is called encryption. An encrypted message is known as ciphertext, and is turned back into plaintext by the process of decryption. Figure 1.1 Schematic of cryptosystem It must be assumed that any eavesdropper has access to all communications between the sender and the recipient. A method of encryption is only secure if even with this complete access, the eavesdropper is still unable to recover the original plaintext from the ciphertext. In the last few decades, cryptographic algorithms, being mathematical by nature, have become sufficiently advanced that computers can only handle them. This in effect means that plaintext is binary in form, and can therefore be anything; a picture, a voice, an e-mail or even a video. The actual mathematical function used to encrypt and decrypt messages is called a cryptographic algorithm or cipher. This is only part of the system used to send and receive secure messages. 1 INTRODUCTION TO CRYPTOGRAPHY 1.1 GROUPS OF ALGORITHMS Cryptographic algorithms are classified into various groups and a brief description is given here. 1.1.1 RESTRICTED ALGORITHM If, as with most historical ciphers, the security of the message being sent relies on the algorithm itself remaining secret, then that algorithm is known as a restricted algorithm. One of the major drawbacks of such algorithm is that a large or changing group of users cannot utilize them, as every time one user leaves the group, everyone must change algorithm and if the algorithm is compromised in any way, a new algorithm must be implemented. 1.1.2 KEY-BASED ALGORITHM Practically all modern cryptographic systems make use of a key. Algorithms that use a key system allow all details of the algorithm to be widely available. This is because all of the security lies in the key. With a key-based algorithm, the plaintext is encrypted and decrypted by the algorithm, which uses a certain key, and the resulting ciphertext is dependant on the key, and not the algorithm. 1.1.3 SYMMETRIC ALGORITHM Symmetric algorithms have one key that is used to both encrypt and decrypt the message. This presents one major problem that is the transfer of the key between encrypter and the decrypter can be compromised by the attacker. There are two types of symmetric algorithms namely Stream and Block ciphers. Stream ciphers operate on plaintext one bit at a time. Block ciphers operate on groups of bits called blocks. The major advantages and disadvantages of this kind of algorithm are given next. Advantages, • Very fast relative to public key cryptography • Considered secure, provided the key is relatively strong • The ciphertext is compact Disadvantages, • The administration of the keys can become extremely complicated • A large number of keys is needed to communicate securely with a large group of people • Non-repudiation is not possible • The key is subject to interception by hackers 1.1.4 ASYMMETRIC ALGORITHM Asymmetric algorithm is the algorithm in which the encryption and decryption keys are different. The encryption key is known as the public key and the decryption key is 2