Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

PLS NO PLAGIARISM. 1. Triple DES is a widely used block cipher whose design is m

ID: 3882332 • Letter: P

Question

PLS NO PLAGIARISM.

1. Triple DES is a widely used block cipher whose design is motivated by practical considerations.
(a) Explain what is meant by ‘backwards compatibility’. (b) Describe three different ways in which keys could be chosen in order to
make Triple DES backwards compatible with (single) DES.

2. AES is a very popular symmetric encryption algorithm. (a) What applications of cryptography that you have used support the use of
AES, and which key lengths do they recommend?
(b) AES is under great scrutiny from the cryptographic research community. Provide a ‘layman’s guide’ to the latest cryptanalytic attacks that have been announced against AES and comment on their practical relevance.
(c) Suppose that one day an announcement is made that AES is too insecure for widespread use. What do you think the likely reaction will be from the various communities that this will affect?

3. At least, in theory, the design of a block cipher is generally made more secure by:
• increasing the number of rounds used in block cipher; • using a block cipher with a larger block size.
(a) For each of these techniques, explain why it might be more secure. (b) For each of these techniques, what are the associated practical
disadvantages? (c) For each of these techniques, explain which of the three significant
problems with ECB mode that we identified in Section 4.6.1 might be
reduced. (d) Explain why it is inadvisable to apply either of these techniques to a
published (standardised) block cipher such as AES.

Explanation / Answer

1.a)

The original DES cipher's key size of 56 bits was generally sufficient when that algorithm was designed, but the availability of increasing computational power made brute-force attacks feasible. Triple DES provides a relatively simple method of increasing the key size of DES to protect against such attacks, without the need to design a completely new block cipher algorithm.

A naive approach to increase strength of a block encryption algorithm with short key length (like DES) would be to use two keys (K1, K2) instead of one, and encrypt each block twice: EK2(EK1(plaintext)). If the original key length is n bits, one would hope this scheme provides security equivalent to using key 2n bits long. Unfortunately, this approach is vulnerable to meet-in-the-middle attack: given a known plaintext pair (x, y), such that y = EK2(EK1(x)), one can recover the key pair (K1, K2) in ~2n steps, instead of ~22n steps one would expect from algorithm with 2n bits of key.

Therefore, Triple DES uses a "key bundle" that comprises three DES keys, K1, K2 and K3, each of 56 bits (excluding parity bits). The encryption algorithm is:

ciphertext = EK3(DK2(EK1(plaintext)))

I.e., DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3.

Decryption is the reverse:

plaintext = DK1(EK2(DK3(ciphertext)))

I.e., decrypt with K3, encrypt with K2, then decrypt with K1.

Each triple encryption encrypts one block of 64 bits of data.

In each case the middle operation is the reverse of the first and last. This improves the strength of the algorithm when using keying option 2, and provides backward compatibility with DES with keying option 3.

1.b)

The standards define three keying options:

Keying option 1

All three keys are independent. Sometimes known as 3TDEA[13] or triple-length keys.[14]

This is the strongest, with 3 × 56 = 168 independent key bits. It is still vulnerable to meet-in-the-middle attack, but the attack requires 22 × 56 steps.

Keying option 2

K1 and K2 are independent, and K3 = K1. Sometimes known as 2TDEA[13] or double-length keys.[14]

This provides a shorter key length of 112 bits and a reasonable compromise between DES and Keying option 1, with the same caveat as above.[15] This is an improvement over "double DES" which only requires 256steps to attack. NIST has deprecated this option.[13]

Keying option 3

All three keys are identical, i.e. K1 = K2 = K3.

This is backward compatible with DES, since two operations cancel out. ISO/IEC 18033-3 never allowed this option, and NIST no longer allows it.[13][11]

Each DES key is 8 odd-parity bytes, with 56 bits of key and 8 bits of error-detection.[7] A key bundle requires 24 bytes for option 1, 16 for option 2, or 8 for option 3.

2.a)

Voice Communications
There is a potentially significant market for high-strength encryption on VoIP, wireless phone, and land-line phone communications. The perceived threat of eavesdropping is a powerful market driver in the world of personal communications. Expect Nokia, Ericsson, Samsung, Motorola, TI, Casio, and the other major phone makers to move in, along with a cadre of startups that hope to provide the IP. Once one major vendor offers encryption on a popular phone then, rapidly, every other vendor will be forced to follow suit or lose business to competition. In the space of 18-24 months, encryption mode will become the default talk mode. Expect every VoIP system and land-line phone to gain this functionality as well.


Network Appliances
Another potentially large market for digital encryption is network appliances—anything electronic that is interactively hooked up to a network. As the number of non-PC and wireless devices accessing the Internet increases, the rate of cyber attacks on network infrastructure and service providers will increase. Critical functions such as power-grid management and water-distribution systems are shifting to the Web and need to be protected. Even simple appliances such as fire alarms or temperature alarms can be vulnerable to hacker attacks. There is great value in preventing a hacker from electronically yelling, "fire".


Virtual Private Network (VPN)
VPNs protect direct connections between users and enterprise networks. The high cost of dedicated telecom links compels transition from software to hardware support for these links. Dedicated lease lines are relatively private and secure, but it's too expensive to give everyone a private line. Putting encrypted VPN traffic on public lines is less expensive. While few individual users require a dedicated connection at Gbit/sec speeds, the ballooning number of VPN users means a corporate LAN will need to aggregate and process encrypted data streams in the gigabit range now, and in the multi-gigabit range in the near future.


Secure Socket Layer (SSL)
SSLs provide security using the Secure Socket Layer protocol for Internet browser-based transactions (in other words, SSL is Web specific). The presence of encryption on a Web site is often the deciding factor whether to make an online transaction; no company wants to lose business for lack of a secure connection. As bandwidth requirements go up, it is vital to include a resident SSL hardware accelerator in the data center to encode and decode traffic going in and out of the Web site.

Note that SSL processing currently works from a suite of algorithms including DES, 3-DES, IDEA, RC-2, and RC-4 (plus digital signature algorithms such as SHA and MD5). It is too early to tell whether AES will simply be added to SSL ciphers or used to replace the other algorithms altogether. It is important to realize that the NIST (National Institute of Standards and Technology) selection team decided against a multiple-algorithm AES. One of the primary reasons is that multiple AES key sizes provide increased levels of security. Another primary reason is that a single-algorithm AES decreases the complexity of implementations that will be built to comply with the AES specifications, thereby lowering costs and promoting interoperability.

2.b)The selection process for this new symmetric key algorithm was fully open to public scrutiny and comment; this ensured a thorough, transparent analysis of the designs submitted.

2.c)

In the data security world, having a backup plan is important, especially for vendors protecting enterprise big data. Having a living list of data encryption ciphers could save a lot of time for cryptanalysts in the event that AES ever fails.Consider for a moment how much sensitive information is in your Enterprise. How much of it is encrypted: is it Gigabytes, Terabytes or more?

Now, what would happen if someone told you that all of it was vulnerable - that the encryption didn’t mean anything? Think - for a moment - what would happen if the sky fell and Advanced Encryption Standard (AES) was suddenly found to be critically broken. What then?

If you could then snap your fingers and push a button and simply move the data - the sheer amount of data to move would be enormous, but so is all the stuff that happens during the time it takes for a figurative snap of the fingers.

To further illustrate how much critical information can change in a flash, take this hypothetical scenario as an example: A cryptanalyst finds a critical break against AES and publishes the findings. The cryptographic community vets this in short order and confirms it. Someone tips off the media and it goes viral. Enterprises begin to respond, and what do you think they will do? They will call the vendor, who originally supplied the protection (us, for instance). What follows is not an actual conversation (AES is still secure!) but is possible:

Angry customer: What are we going to do with all of this “encrypted” data? How can we be secure?
Vendor: We will start to look into it.
Angry customer: When will you have an answer?
Vendor: As soon as possible.
Angry customer: That’s not good enough.
Vendor: What’s your alternative?

Instantly, there is pressure on vendors to scramble and find a suitable alternative. Some vendors may be able to dust off existing IP and provide proprietary answers to their customers – interoperation is low in this scenario. The urgency of the need coupled with the existing diversity of requirements by varying institutions quickly drives down interoperability as everyone works to get something that works for them or for their community. Worse still, the desperate urgency acts as a siren call to all: including the ethically dubious or technically inept. Interoperation is driven out and snake oil rears its ugly head. The standards bodies and security agencies work towards a solution, but that takes time (AES took 3-4 years).

In this scenario, the bottom fell out of our AES basket and all of our data eggs dropped on the floor.

This is a long-winded argument for algorithm diversity, for a suite of algorithms* of similar/identical security levels so that Enterprises can have multiple baskets within which to place the data they are entrusted with guarding. However, back to the question - what if AES fails? What *is* the next algorithm? What encryption tool works seamlessly, operates with today’s performance parameters, potentially on low-power or low-complexity devices, etc..? What are the alternatives? What ciphers are even out there?

This author had trouble finding such a list for data-encrypting ciphers. Cryptography is an active field: Any such list would quickly be out of date. A useful list would be dynamic and would be updated periodically - a human would curate it and make it a “living” document. Such an activity might just reduce the research time by weeding out “known bad” algorithms and providing at least some basis for support or further investigation.

It is proposed that we do it. A draft is below. Expect an “expires by” date to accompany the linked document.

Such a list begins to take on additional utility. Cipher designers may be able to use a gathered list of cryptanalytic techniques to not represent a cipher “secure against known cryptanalytic attacks”, but “secure against known cryptanalytic attacks (see footnote for list)”. Cryptanalysts could use this to either wield a new cryptanalytic tool against previous ciphers or to expand the applicability of a specific cryptanalytic technique to more ciphers. Those studying the field could hone their cryptanalytic skills on new and interesting ciphers. Some analytics could estimate historical longevity of ciphers (is it 10 years or 20 years?), the graduated death of a cipher as it is abandoned, estimates of risk around a mono-cultured symmetric encryption algorithm, probably lots more by starving grad students.

Related Questions

PLEASE, THE ANSWER MUST BE TYPED!! Comment on the Stellar Spectra, OBAFGKM and h
Question #293773
PLEASE, URGENT: I need a step-by-step solution to these questions. Please and th
Question #856056
PLEASE, explain in steps how to determine the directions of the APPLIED magnetic
Question #2037772
PLEASE, explain this process if possible. 21 Exercise 15-3 A job order cost shee
Question #2612074
PLEASE, explain well the solution because I really can\'t seem to understand the
Question #3881169
PLEASE, read bottom. A 51.3-kg skateboarder starts out with a speed of 1.85 m/s.
Question #2169576
PLEASE, solve this tis prblem by using MATLAB,, The following table includes exp
Question #3781976
PLEASE, use this comment to fix/correct my code: 1. the counting of the digital
Question #3786674
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
PLS NO PLAGIARISM 2. Key backup is an important part of the cryptographic key li
Next
PLS NOTE: \"NO PLAGIARISM\" \"NO PLAGIARISM\" \"NO PLAGIARISM\" MINIMUM OF 300 t

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.