中国矿业大学：《密码学》课程教学资源（PPT讲稿）认证协议（Authentication Protocol）Block ciphers-DES

Block ciphers-DES DATA ENCRYPTION STANDARD 曹天杰 Tianjie Cao ticao@cumt.edu.cn College of Computer Science and Technology, China University of Mining and Technology, Xuzhou China 中国矿业大学计算机科学与技术学院 2003.5.19

1 曹天杰 Tianjie Cao tjcao@cumt.edu.cn College of Computer Science and Technology, China University of Mining and Technology, Xuzhou, China 中国矿业大学计算机科学与技术学院 2003.5.19 Block ciphers-DES DATA ENCRYPTION STANDARD

DES 1973, NBS solicits proposals for cryptosystems for“ unclassified” documents 1974, NBS repeats request IBM responds with modification of LUCIFER NBS asks nsa to evaluate BM holds patent for dES 1975, details of the algorithm published, public discussion begins des became a federal standard in november 76 NBS(NIST hardware standard in January 77 ANSI X3.92-1981(hardware software ANSI X3 106-1983(modes of operation Australia As2805.5-1985

2 DES • 1973, NBS solicits proposals for cryptosystems for “unclassified” documents. • 1974, NBS repeats request. IBM responds with modification of LUCIFER. NBS asks NSA to evaluate. IBM holds patent for DES. • 1975, details of the algorithm published, public discussion begins. • DES became a federal standard in November 76 – NBS (NIST) hardware standard in January 77 – ANSI X3.92-1981 (hardware + software) – ANSI X3.106-1983 (modes of operation) – Australia AS2805.5-1985

DES 1983, no problem. First publicly available algorithm certified by Nsa as secure. Certificate to be renewed every 5 years 1987, passed, but NSa says that des soon will be vulnerable to brute force attack. This is the last time Business lobbies to keep it, since so the had much invested 1993, still passed(no alternatives) 1997, call for proposals: AES

3 DES • 1983, no problem. First publicly available algorithm certified by NSA as secure. Certificate to be renewed every 5 years. • 1987, passed, but – NSA says that DES soon will be vulnerable to brute￾force attack. This is the last time. – Business lobbies to keep it, since so the had much invested. • 1993, still passed (no alternatives). • 1997, call for proposals: AES

DES Design Controversy Originally designed to be efficient in hardware. A LOT of money has been invested in hardware although dES standard is public there was considerable controversy over design in choice of 56-bit key(vs Lucifer 128-bit) and because design criteria were classified subsequent events and public analysis show in fact design was appropriate DES has become widely used, especially in financial applications

4 DES Design Controversy • Originally designed to be efficient in hardware . A LOT of money has been invested in hardware. • although DES standard is public there was considerable controversy over design – in choice of 56-bit key (vs Lucifer 128-bit) – and because design criteria were classified • subsequent events and public analysis show in fact design was appropriate • DES has become widely used, especially in financial applications

DES Standard Cipher Iterative Key generation Action Box Input: 64 bits nput: 56 bits Key: 48 bits Output: 48 bits Output: 64 bits One round (Total 16 rounds)

5 DES Standard • Cipher Iterative Action : – Input: 64 bits – Key: 48 bits – Output: 64 bits • Key Generation Box : – Input: 56 bits – Output: 48 bits One round (Total 16 rounds)