This shows you the differences between two versions of the page.
sasc:laboratoare:05 [2016/03/29 00:42] sergiu.costea [Lab 05] |
sasc:laboratoare:05 [2017/03/23 19:53] (current) marios.choudary |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Lab 05 ===== | + | ===== Lab 05 - DES ===== |
Line 5: | Line 5: | ||
http://cs.curs.pub.ro/2014/pluginfile.php/13095/mod_resource/content/2/sasc_curs4_5.pdf | http://cs.curs.pub.ro/2014/pluginfile.php/13095/mod_resource/content/2/sasc_curs4_5.pdf | ||
- | ==== Exercise 1 ==== | + | ==== Exercise 1 (2p) ==== |
- | Remember DESX defined as the operation DESX( (k1,k2,k3), m) = k1 ⊕ DES(k2, m ⊕ k3). | + | Remember DESX defined as the operation DESX( (k1,k2,k3), m) = k1 ⊕ DES(k2, m ⊕ k3), |
- | Show an attack on DESX that runs in time 2<sup>120</sup>. | + | where k1, k3 have 64 bits (same as input/output of DES) and k2 has 56 bits (DES key size). |
+ | Show a brute force (exhaustive key search) attack on DESX that runs in time $O(2^{120})$. | ||
- | ==== Exercise 2 ==== | + | <note tip> |
+ | Try using a couple of (message, ciphertext) pairs and see if you can get rid of k1 | ||
+ | somehow in order to speed up a brute force attack. | ||
+ | </note> | ||
+ | |||
+ | ==== Exercise 2 (3p) ==== | ||
Show why the following schemes do not bring any real advantage compared to DES: | Show why the following schemes do not bring any real advantage compared to DES: | ||
Line 17: | Line 23: | ||
* b) c = DES(k2, m ⊕ k1) | * b) c = DES(k2, m ⊕ k1) | ||
- | ==== Exercise 3 ==== | + | <note tip> |
+ | You may use a similar approach to what you did in the previous exercise. | ||
+ | </note> | ||
+ | |||
+ | ==== Exercise 3 (5p) ==== | ||
The goal of this exercise is to implement the meet-in-the-middle attack on double DES. | The goal of this exercise is to implement the meet-in-the-middle attack on double DES. | ||
Line 232: | Line 242: | ||
main() | main() | ||
</code> | </code> | ||
- | ==== SPN 2 ==== | ||
- | |||
- | Now we have a better SPN, where the output of the permutation is XOR-ed with another 2 key bytes, as in the following figure: | ||
- | {{:sasc:laboratoare:spn_1r_full_2s.png|}} | ||
- | |||
- | - Try to find the key in this case, when given the following message/ciphertext pairs: ('Om', 0x0073), ('El', 0xd00e), ('an', 0x855b). Print the key in ascii. | ||
- | |||
- | <note tip>You may try some kind of brute-force search</note> | ||
- | |||
- | ==== SPN 3 ==== | ||
- | |||
- | As another example, which uses a larger block size, let's use an SPN that takes a 4-byte input x=[x1 || x2 || x3 || x4] and an 8-byte key k=[k1 || k2 || k3 || k4 || k5 || k6 || k7 || k8] as in this figure: | ||
- | {{:sasc:laboratoare:spn_1r_full_4s.png|}} | ||
- | |||
- | Note that in this 4-byte SPN, the permutation operates on all 4 bytes, similarly to the 2-byte SPN: that is, it shifts all bits four bits to the right. | ||
- | |||
- | - Try to find the key in this case as well, using the following message/ciphertext pairs: ('Omul', 0xddcf7bc7), ('stea', 0x96d58b43), ('luna', 0x9c3f2303) . Again print the key in ascii. | ||
- | |||
- | <note tip> This time you cannot (easily) do a brute-force on all the bytes of the last XOR. However, you may try to attack one S-box at a time. Think of the bits that affect one such S-box and find an efficient attack. | ||
- | </note> | ||