Block ciphers Linear and Differential Cryptanalysis 曹天杰 Tianjie Cao ticao@cumt.edu.cn College of Computer Science and Technology, China University of Mining and Technology, Xuzhou China 中国矿业大学计算机科学与技术学院 2003.516
1 曹天杰 Tianjie Cao tjcao@cumt.edu.cn College of Computer Science and Technology, China University of Mining and Technology, Xuzhou, China 中国矿业大学计算机科学与技术学院 2003.5.16 Block ciphers Linear and Differential Cryptanalysis
Block cipher Definition An n-bit block cipher is a function E:Vn×KVn, uch that for each key K∈K E(P; K )is an invertible mapping( the encryption function for k) from vn to Vn, written Ex(P). The inverse mapping is the decryption function, denoted DK(C). p denotes that ciphertext results from encrypting plaintext P under k
2 Block cipher Definition An n-bit block cipher is a function E : VnK→Vn , such that for each key K K, E(P;K) is an invertible mapping (the encryption function for K) from Vn to Vn , written EK (P). The inverse mapping is the decryption function, denoted DK (C). P denotes that ciphertext results from encrypting plaintext P under K
Iterating Block ciphers Definition A product cipher combines two or more transformations in a manner intending that the resulting ipher is more secure than the individual components Definition An iterated block cipher is a block cipher involving the sequential repetition of an internal function called a round function. Parameters include the number of rounds nr the block bitsize n and the bitsize k of the input key K from which Nr subkeys Ki (round keys)are derived. For invertibility(allowing unique decryption), for each value Ki the round function is a bijection on the round input
3 Iterating Block ciphers Definition A product cipher combines two or more transformations in a manner intending that the resulting cipher is more secure than the individual components. Definition An iterated block cipher is a block cipher involving the sequential repetition of an internal function called a round function. Parameters include the number of rounds Nr, the block bitsize n, and the bitsize k of the input key K from which Nr subkeys Ki (round keys) are derived. For invertibility (allowing unique decryption), for each value Ki the round function is a bijection on the round input
Iterating block ciphers Iterated block cipher Random( binary)keyK→ round keys:K1…,KN 2. Round function g W=g w-1, kr), where wr-1 is the previous state
4 Iterating Block ciphers 1. Iterated block cipher Random (binary) key K ➔ round keys: K1 ,..., K Nr , 2. Round function g wr = g(wr-1 , Kr ), where wr-1 is the previous state
Iterated cipher Encryption operation W←X g w, Ki), W2=g w1, K2), WNr= g.1, KNr), y←w
5 Iterated cipher … Encryption operation: w0 x w1 = g(w0 , K1 ), w2 = g(w1 , K2 ), wNr = g(wNr-1 , KNr), y wNr