Вы находитесь на странице: 1из 52

International Data Encryption Algorithm (IDEA)

Originally designed by Massey and Lai at ETH (Zurich), 1990. Based on mixing operations from different algebraic groups (XOR, addition mod 216 , multiplication mod 216 +1). All operations are on 16-bit sub-blocks, with no permutations used. Speed: faster than DES in software.

Broad Level Steps in IDEA


Input Plain Text (64 bits)

P1 (16 bits)

P2 (16 bits)

P3 (16 bits)

P4 (16 bits) K1 K6 K7 K12

Round 1

. . . .

Round 2

Round 8

. . . . C4 (16 bits)

K43 K48 K49 K52

Output Transformation C1 (16 bits) C2 (16 bits) C3 (16 bits)

Output Cipher Text (64 bits)

IDEA
Design goals: Block Length: deter statistical analysis Key Length: deter exhaustive search Features: 128-bit key 64 bit blocks 8 rounds, operates on 16-bit numbers

IDEA: Encryption
64-bit data block is divided in 4 parts: X1 X2 X3 X4 In each of eight rounds with 14 steps the sub-blocks are XORd, added, multiplied with one another and with six 16-bit sub-blocks of key material, and the second and third sub-blocks are swapped. Finally some more key material is combined with the sub-blocks.

IDEA Key Schedule


Total of 52 subkeys: 6*8+4 Subkey is generated by dividing the 128 bits key in 8 x 16 bits keys. Every time more subkeys are needed, rotate left the key 25 bits and divide again in 8 subkeys. The decryption keys are a little more difficult to generate.

IDEA Cryptanalysis
Currently there is no known practical attack against IDEA. Appears secure against differential cryptanalysis. Key length protects against exhaustive search. IDEA has weak keys, avoided at key generation.

Encryption key generation


The 52 16-bit key sub-blocks which are generated from the 128-bit key are produced as follows: First, the 128-bit key is partitioned into eight 16-bit subblocks which are then directly used as the first eight key sub-blocks. The 128-bit key is then cyclically shifted to the left by 25 positions, after which the resulting 128-bit block is again partitioned into eight 16-bit sub-blocks to be directly used as the next eight key sub-blocks. The cyclic shift procedure described above is repeated until all of the required 52 16-bit key sub-blocks have been generated.

In each round, the sequence of events is as follows:


(1) Multiply X1 and the first subkey. (2) Add X2 and the second subkey.

(3) Add X3 and the third subkey.


(4) Multiply X4 and the fourth subkey. (5) XOR the results of steps (1) and (3). (6) XOR the results of steps (2) and (4). (7) Multiply the results of step (5) with the fifth subkey. (8) Add the results of steps (6) and (7). (9) Multiply the results of step (8) with the sixth subkey.

(10) Add the results of steps (7) and (9).


(11) XOR the results of steps (1) and (9). (12) XOR the results of steps (3) and (9). (13) XOR the results of steps (2) and (10).

(14) XOR the results of steps (4) and (10).

X1

X2

X3

X4

X1

X2

X3

X4

After the eighth round, there is a final output transformation: (1) Multiply X1 and the first subkey.

(2) Add X2 and the second subkey. (3) Add X3 and the third subkey. (4) Multiply X4 and the fourth subkey.

Algebraic operations used in IDEA


The algebraic idea behind IDEA is the mixing of three incompatible algebraic operations on 16-bit blocks:
bitwise XOR, addition modulo 216, and multiplication modulo 216 + 1.

RC5
Proprietary cipher owned by RSA Data Security (designed by Ron Rivest). Very fast, operates on words. Variable key size, block size and number of rounds.

Clean and simple design.


Low memory requirement. Data-dependent rotations that strengthen the algorithm against cryptanalysis.

Design objectives for RC5


RC5 should be a symmetric block cipher.

The plaintext and ciphertext are fixed-length bit sequences (blocks). RC5 should be suitable for hardware or software. This means that RC5 should use only computational primitive operations commonly found on typical microprocessors.

Design objectives for RC5


RC5 should be fast. This more-or-less implies that RC5 be word-oriented: the basic computational operations should be operators that work on full words of data at a time. RC5 should be adaptable to processors of different wordlengths. For example, as 64-bit processors become available, it should be possible for RC5 to exploit their longer word length. Therefore, the number w of bits in a word is a parameter of RC5; different choices of this parameter result in different RC5 algorithms.

Design objectives for RC5


RC5 should be iterative in structure, with a variable number of rounds. The user can explicitly manipulate the trade-off between higher speed and higher security. The number of rounds r is a second parameter of RC5. RC5 should have a variable-length cryptographic key. The user can choose the level of security appropriate for his application, or as required by external considerations such as export restrictions. The key length b (in bytes) is thus a third parameter of RC5.

Design objectives for RC5


RC5 should be simple. It should be easy to implement. More importantly, a simpler structure is perhaps more interesting to analyze and evaluate, so that the cryptographic strength of RC5 can be more rapidly determined. RC5 should have a low memory requirement, so that it may be easily implemented on smart cards or other devices with restricted memory. (Last but not least!) RC5 should provide high security when suitable parameter values are chosen.

Design objectives for RC5


In addition, during the development of RC5, designer began to focus his attention on a intriguing new cryptographic primitive: data-dependent rotations, in which one word of intermediate results is cyclically rotated by an amount determined by the low-order bits of another intermediate result. Thus developed an additional goal. RC5 should highlight the use of data-dependent rotations, and encourage the assessment of the cryptographic strength datadependent rotations can provide.

RC5:A Parameterized Family of Encryption Algorithms


RC5 is a family of ciphers rc5-w/r/b w = word size in bits (16/32/64)
(plaintext block size=2w=ciphertext block size)

r = number of rounds (0..255) In addition to w and r, RC5 has a variable-length secret cryptographic key, specified by parameters b and K:
b The number of bytes in the secret key K. Allowable values of b are 0, 1, ..., 255. K The b-byte secret key: K[0], K[1], ..., K[b 1] .

RC5:A Parameterized Family of Encryption Algorithms


Nominal version is RC5-32/12/16 32-bit words so encrypts 64-bit data blocks Using 12 rounds 16 bytes (128-bit) secret key But Algorithm needs 2*(r+1)=26 byte of keys.

RC5 Key Schedule


RC5 uses 2r+2 subkey words (w-bits) subkeys are stored in array s[i], i=0..t-1 t=2*(r+1) Initialize S to a fixed pseudorandom value The byte key is copied (little-endian) into a cword array L A mixing operation then combines L and S to form the final S array

RC5 Encryption
Split input text into two parts A and B LE0 = A + S[0] RE0 = B + S[1] for i = 1 to r do
LEi = ((LEi-1 REi-1) <<< REi-1) + S[2 * i] REi = ((REi-1 LEi) <<< LEi) + S[2 * i + 1]

Rotation is main source of non-linearity x <<< y cyclic rotation of word x left by y bits

RC5 Decryption
Cipher text is LDr and RDr for i = r downto 1 do
RDi-1 = ((RDi-1 - S[2 * i +1]) >>> LDi) LDi LDi-1 = ((LDi - S[2 * i]) >>> RDi-1) RDi-1

B = RD0 S[1] A = LD0 S[0]


x >>> y cyclic rotation of word x right by y bits. Twos complement addition of words, denoted by +. This is modulo-2w addition. The inverse operation, subtraction, is denoted .

Key Expansion
The key-expansion routine expands the users secret key K to fill the expanded key array S, so that S resembles an array of t = 2(r+1) random binary words determined by K. The key expansion algorithm uses two magic constants, and consists of three simple algorithmic parts.

Key Expansion
The key-expansion algorithm uses two word-sized binary constants Pw and Qw (called Magic Constants). They are defined for arbitrary w as follows:

and where Odd(x) is the odd integer nearest to x (rounded up if x is an even integer, although this wont happen here).

Key Expansion
For w = 16, 32, and 64, these constants are given below in binary and in hexadecimal. P16 = 1011011111100001 = b7e1 Q16 = 1001111000110111 = 9e37 P32 = 10110111111000010101000101100011 = b7e15163 Q32 = 10011110001101110111100110111001 = 9e3779b9 P64 = 10110111111000010101000101100010100010101110110100 10101001101011 = b7e151628aed2a6b Q64 = 10011110001101110111100110111001011111110100101001 11110000010101 = 9e3779b97f4a7c15

Converting the Secret Key from Bytes to Words


The first algorithmic step of key expansion is to copy the secret key K[0...b 1] into an array L[0...c 1] of c = b/u words, where u = w/8 is the number of bytes/word. This operation is done in a natural manner, using u consecutive key bytes of K to fill up each successive word in L, low-order byte to high-order byte. Any unfilled byte positions of L are zeroed.

Initializing the Array S


The second algorithmic step of key expansion is to initialize array S to a particular fixed (key-independent) pseudo-random bit pattern, using an arithmetic progression modulo 2w determined by the magic constants Pw and Qw. Since Qw is odd, the arithmetic progression has period 2w.

Mixing in the Secret Key


The third algorithmic step of key expansion is to mix in the users secret key in three passes over the arrays S and L. More precisely, due to the potentially different sizes of S and L, the larger array will be processed three times, and the other may be handled more times.

Reference for RC5


R.L. Rivest, The RC5 Encryption Algorithm, Fast Software Encryption: Second International Workshop, Leuven, Belgium, December 1994, Proceedings, SpringerVerlag, 1994, pp. 86-96. www.ecs.csus.edu/csc/iac/csc296o/lecture_notes /rc5.pdf

RC5 Encryption Modes


RC5 Block Cipher, is ECB mode. RC5-CBC, is CBC mode. RC5-CBC-PAD, is CBC with padding by bytes with value being the number of padding bytes. RC5-CTS, a variant of CBC which is the same size as the original message, uses ciphertext stealing to keep size same as original, handles plaintext of any size and produces ciphertext of equal size.

Blowfish
Designed by Bruce Schneier in 1993/94. Fast implementation on 32-bit CPUs. Compact: runs in less than 5K of memory. Simple to implement and analyze its strength. Variable security: can give it larger keys.

Blowfish Key Generation


Block size is 64 Number of rounds is 16 Uses a key of variable size, from 32 to 448 bits. The key is used to generate: 18 32-bit subkeys stored in P-arrays 4 8x32 S-boxes stored in S-arrays Requires 521 encryptions, so it has a slow rekeying.

Each line represents 32 bits. The algorithm keeps two subkey arrays: the 18-entry P-array and four 256-entry S-boxes. The Sboxes accept 8-bit input and produce 32-bit output. One entry of the P-array is used every round, and after the final round, each half of the data block is XORed with one of the two remaining unused P-entries.

Blowfish decryption
Decryption is exactly the same as encryption, except that P1, P2,..., P18 are used in the reverse order. This is not so obvious because xor is commutative and associative. A common mistake is to use inverse order of encryption as decryption algorithm (i.e. first XORing P17 and P18 to the ciphertext block, then using the P-entries in reverse order).

Blowfish Cryptanalysis
Key dependent S-boxes and subkeys, generated using cipher itself, makes analysis very difficult. Changing both halves in each round increases security. Provided key is large enough, brute-force key search is not practical.

Вам также может понравиться