Brute Force Cryptic Attack on DES encrypted Data
description
Transcript of Brute Force Cryptic Attack on DES encrypted Data
BRUTE FORCE CRYPTIC ATTACK
ON DES ENCRYPTED DATA
Group 01Foucher, SThontat, Y
Shaduka, S
Encryption History WWII and breaking the Enigma code 10 000 people full time
DES and Brute Force Attacks 56 bit keys to stop Birthday Attacks 7.2 x 10^16 possibility 64 bits of Data
Weakness (advantage):easily implemented in HDW
Cryptanalysis Partial knowledge about encoded
message“Drea Gro”… (64 bits)
Exploit Human weaknesses“aaaaaaa” to “9999999”20 500 Reduction in Explored key space
DecrypterNest
64 bit Cyphertext
64 bit Expected Plaintext56 bit Key Used
Match Flag
Highest Order ViewHighest Order View
Common KeyGen
0-9
Decryption Unit 5
Q-Z
Decryption Unit 4
G-P
Decryption Unit 3
w-F
Decryption Unit 2
l-v
Decryption Unit 1
a-k
Decryption Unit 6
7 ASCII Common key from “aaaaaaa” to “9999999”
aaaaaaaak9999999
laaaaaaav9999999
waaaaaaaF9999999
GaaaaaaaP9999999
QaaaaaaaZ9999999
0aaaaaaa99999999
8 charactersASCII key
56 b
it K
EY
DO
NE
MA
TCH
AND EXHAUSTED LIST OR MATCH FOUND
56 b
it K
EY
DO
NE
MA
TCH
56 b
it K
EY
DO
NE
MA
TCH
56 b
it K
EY
DO
NE
MA
TCH
56 b
it K
EY
DO
NE
MA
TCH
56 b
it K
EY
DO
NE
MA
TCH
DONE MATCH KEY
CYPHERDATA
EXPECTEDTEXT
64 bits
64 bits
NEST
8 charactersASCII key
8 charactersASCII key
8 charactersASCII key
8 charactersASCII key
8 charactersASCII key
Probabilities 56 bit key space:
7.2 * 10^16 Collisions Expected every:
4.3 * 10^9 p(collision) = 2.33 * 10^-10 p(2 simultaneous collisions) =
8.14 * 10^-19 (Every 779 years) E(collisions) = 50,794
How to deal with 50,000 Keys
DecrypterNest
64 bit Cyphertext
64 bit Expected Plaintext
Potential Key 2nd StageSingle Decrypter
Match Flag
2nd Block of 64 bit Cyphertext
Key
DATA Integrity Lookup
Key Scheduler
18 pipelined stages Initial Permuted
Choice 1 stage 16 sub key stages
Shift leftPermuted Choice 2
Each sub key used during one of 16 encryption stages
ORIGINAL KEY
PERMUTATED CHOICE 1
C0 ROL 1 D0 ROL 1
56 bits28 bits 28 bits
C1 ROL 1 D1 ROL 1
28 bits 28 bits
Register
K1
C2 ROL 2 D2 ROL 2
28 bits 28 bitsK2
Register
C3 ROL 2 D3 ROL 2
28 bits 28 bitsK3
Register
C15 ROL 1 D15 ROL 1
28 bits
K15
28 bits 28 bits
Register
... ...
28 bits28 bits
K16
Register
28 bits
48 bits
48 bits
48 bits
48 bits
48 bits
PERMUTATED CHOICE 2
PERMUTATED CHOICE 2
PERMUTATED CHOICE 2
PERMUTATED CHOICE 2
PERMUTATED CHOICE 2
KEY SCHEDULERfor the encrypter
56 bits
Stage Number Of Direction Number Shifts Of Shifts
0 1 Left 1 1 Left 2 2 Left 3 2 Left 4 2 Left 5 2 Left 6 2 Left 7 2 Left 8 1 Left 9 2 Left 10 2 Left 11 2 Left 12 2 Left 13 2 Left 14 2 Left 15 1 Left
Inverse Key Scheduler
In essence identical to the Key Scheduler
Only difference is order of sub key production
Key16 shifted 28 positions = no shift
28 – Keyn shifted number = inverse shift
GENERATED KEY
PERMUTATED CHOICE 1
C0 ROL 28 D0 ROL 28
56 bits28 bits 28 bits
C1 ROR 1 D1 ROR 1
28 bits 28 bits
Register
K16
C2 ROR 2 D2 ROR 2
28 bits 28 bitsK15
Register
C3 ROR 2 D3 ROR 2
28 bits 28 bitsK14
Register
C15 ROR 1 D15 ROR 1
28 bits
K2
28 bits 28 bits
Register
... ...
28 bits28 bits
K1
Register
28 bits
KEY GENERATOR
56 bits
DONE
48 bits
48 bits
48 bits
48 bits
48 bits
PERMUTATED CHOICE 2
PERMUTATED CHOICE 2
PERMUTATED CHOICE 2
PERMUTATED CHOICE 2
PERMUTATED CHOICE 2
KEY SCHEDULERfor the decrypter
Stage Number Of Direction Number Shifts Of Shifts
0 28 Left 1 1 Right 2 2 Right 3 2 Right 4 2 Right 5 2 Right 6 2 Right 7 2 Right 8 1 Right 9 2 Right 10 2 Right 11 2 Right 12 2 Right 13 2 Right 14 2 Right 15 1 Right
Structure of the Encrypter
•18 pipelined stages
• The first and final stages are key independent permutations
• Encryption is performed in the 16 middle stages
• Subkeys are applied to the middle stages in order, from K1 to K16
DES Core Algorithm
•Feistel structure:Encryption and Decryption are similar processes
• The Feistel function operates on the right-half block and consists of four stages:
1. Expansion2. Key mixing3. Substitution4. Permutation
Structure of the Decrypter
• Same algorithm used for encryption/decryption
•Subkeys are applied in reverse order, from K16 to K1
• Keys are aged
•Decrypted data block is applied to a look-up
Design Process Individual components design &
validation Stage by stage outputs Fully integrated attack unit
Challenges MSB/LSB Timing
Hardware SpeedupC# (Dual Core 1.7GHz)
FPGA (At Max clk 140MHz)
Keys/Sec 333 840,000
Time/Key 3mS 1.19nS
Average time/Attack
7,581,255 Days(20,770 Years)
3 Days