Cryptography Lab - DES Block Cipher Internals & Modes of Use
Cryptography Lab
DES Block Cipher Internals & Modes of Use
Objective
Resources - DES Calculator
5B5A57676A56676E 675A69675E5A6B5A 974AFFBF86022D1F
You can run the DES Calculator Applet in the following ways:
- install on your own system
-
the DES Calculator Applet page provides links
for the files to download onto your system. Then just open the DEScalc.html page using either
your favorite (Java enabled) web browser, or running
"
appletviewer DEScalc.html
" from the Java SDK distribution, to run the applet. - direct web access
- alternatively you can access the DES Calculator directly from this site to run the applet.
Please note that the applet has limited error handling, supplying an incorrect input value is liable to generate nonsense results!
Lab Task - Part a - Block Cipher Internals
- Encrypt the plaintext using the key given in your triple, with tracing of the round values. Note how the bits in X (the left and right halves of the data) change from round to round. What is the value of your X at the start of round 5?
- Change DES bit 12 of the PLAINTEXT in your triple (ie change the 0 to 1, or 1 to 0 as appropriate), assuming DES bit numbering from left (MSB) bit 1 to right (LSB) bit 64. Encrypt this new plaintext value using the DES Calculator. Using the trace output, after each of the first four rounds list in a table how many bits of X differ from the corresponding values in part i (nb. you will have to convert between hexadecimal & binary and compare the relevant bits to do this).
- Briefly describe how the subkeys used in each of the four rounds above were derived from the original 64 key bits specified.
- Describe which characteristics of a good block cipher design have been illustrated by this exercise, and how they are demonstrated.
Assessment - Part a
Lab Task - Part b - Block Cipher Round
Assessment - Part b
As assessment for this part of the lab, edit your lab file to include the heading: Part b: Block Cipher Round, and follow this with the full details of how you computed each of the steps (including values before and after modulo reduction), and your comments on the validity of the result.
Lab Task - Part c - Block Cipher Modes of Use
For this part of this lab, you will be encrypting by hand, the same message using the same key, twice, once in CBC mode, then in CFB-64 mode. Note - you are not asked to compute the DES internal values by hand, you may use the DES Calculator for this. Rather you are showing how each of the above modes is implemented, treating DES now as a "black box" en/decryption algorithm (ie something that takes input & key and gives you some output).
Setup
- key
-
create a 8-byte (64-bit) key based on your name and
other letters (if necessary) to make it 8 chars long, eg my key might
be: "
LawrieBr
". Then translate this from ASCII into hexadecimal (see below). - message
-
create a short message of between 17 and 23 bytes in
length by concatenating your first name with "test
message" or "message" as necessary to ensure it is 17 or more characters
long.
eg I could use a message of "Lawrie's test message!
"
Please ensure it is at least 17 and no more than 23 characters, that is it should incompletely span 3 input blocks of the cipher.
- either look up each character in an ASCII Table and write out the translation,
%od -x l2-key 0000000 4c 61 77 72 69 65 42 72
To show how you'd use these, I could for example implement the ECB mode (which is not what you are asked to do) as follows: given my key above, and the first 8 bytes of my message "Lawrie's", I'd create the following key and plaintext hex values:
4c617772696542726f776e58595a5051 4c61777269652773
and then encrypt this using the DES Calculator which tells me (using trace level 1):
setKey(4c617772696542726f776e58595a5051)
encryptDES(4c61777269652773) = a10e8bf6faf0f6bd
a10e8bf6faf0f6bd
Illustrate Implementation of CBC Mode
Ci = DESK1(Pi XOR Ci-1)
C-1 = IV
Illustrate Implementation of CFB-64 Mode
Ci = Pi XOR DESK1 (Ci-1)
C-1 = IV
and you will be using 64-bit feedback (ie all 8 bytes of ciphertext), which can be done only after you have processed eight distinct bytes of the message.
Discussion
You should conclude this section with a few sentences on how easy or not each mode was to implement, and each's applicability to different applications.