内容简介:How can you make an invertible function out of non-invertable parts? Why would you want to?Encryption functions must be invertible. If the intended recipient can’t decrypt the message then the encryption method is useless.Of course you want an encryption f
How can you make an invertible function out of non-invertable parts? Why would you want to?
Encryption functions must be invertible. If the intended recipient can’t decrypt the message then the encryption method is useless.
Of course you want an encryption function to be really hard to invert without the key. It’s hard to think all at once of a function that’s really hard to invert. It’s easier to think of small components that are kinda hard to invert. Ideally you can iterate steps that are kinda hard to invert and create a composite that’s really hard to invert.
So how do we come up with components that are kinda hard to invert? One way is to make small components that are non-linear, and that are in fact impossible to invert. But how can you use functions that are impossible to invert to create functions that are possible to invert? It doesn’t seem like this could be done, but it can. Feistel networks , named after cryptographer Horst Feistel, provide a framework for doing just that.
Many block encryption schemes are based a Feistel network or a modified Feistel network: DES, Lucifer, GOST, Twofish, etc.
The basic idea of Feistel networks is so simple that it may go by too fast the first time you see it.
You take a block of an even number bits and split it into two sub-blocks, the left half L and the right half R . The n th round of a Feistel cipher creates new left and right blocks from the left and right blocks of the previous round by
Here ⊕ is bitwise XOR (exclusive or) and f ( R n -1 , K n ) is any function of the previous right sub-block and the key for the n th round. The function f need not be invertible. It could be a hash function. It could even be a constant, crushing all input down to a single value. It is one of the non-invertible parts that the system is made of.
Why is this invertible? Suppose you have L n and R n . How could you recover L n -1 and R n -1 ?
Recovering R n -1 is trivial: it’s just L n . How do you recover L n -1 ? You know R n -1 and the key K n and so you can compute
The main idea is that XOR is it’s own inverse. No matter what f ( R n -1 , K n ) is, if you XOR it with anything twice, you get that thing back.
At each round, only one sub-block from the previous round is encrypted. But since the roles of left and right alternate each time, the block that was left alone at one round will be encrypted the next round.
When you apply several rounds of a Feistel network, the output of the last round is the encrypted block. To decrypt the block, the receiver reverses each of the rounds in the reverse order.
A sketch of DES
The DES (Data Encryption Standard) algorithm may be the best-known application of Feistel networks. It operates on 64-bit blocks of data and carries out 16 rounds. It takes a 56-bit key [1] and derives from it different 48-bit keys for each of the 16 rounds. In the context of DES, the function f described above takes 32 bits of data and a 48-bit key and returns 32 bits. This function has four steps.
- Expand the 32 bits of input to 48 bits by duplicating some of the bits.
- XOR with the key for that round.
- Divide the 48 bits into eight groups of 6 bits and apply an S box to each group.
- Permute the result.
The S boxes are nonlinear functions that map 6 bits to 4 bits. The criteria for designing the S boxes was classified when DES became a standard, and there was speculation that the NSA has tweaked the boxes to make them less secure. In fact, the NSA tweaked the boxes to make them more secure. The S boxes were modified to make them more resistant to differential cryptanalysis, a technique that was not publicly know at the time.
More cryptography posts
[1] When DES was designed in the 1970’s researchers objected that 56-bit keys were too small. That’s certainly the case now, and so DES is no longer secure. DES lives on as a component of Triple DES, which uses three 56-bit keys to produce 112-bit security. (Triple DES does not give 168 bits of security because it is vulnerable to a kind of meet-in-the-middle attack.)
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Python Cookbook
Alex Martelli、Anna Ravenscroft、David Ascher / 高铁军 / 人民邮电出版社 / 2010-5-1 / 99.00元
本书介绍了Python应用在各个领域中的一些使用技巧和方法,从最基本的字符、文件序列、字典和排序,到进阶的面向对象编程、数据库和数据持久化、 XML处理和Web编程,再到比较高级和抽象的描述符、装饰器、元类、迭代器和生成器,均有涉及。书中还介绍了一些第三方包和库的使用,包括 Twisted、GIL、PyWin32等。本书覆盖了Python应用中的很多常见问题,并提出了通用的解决方案。书中的代码和方......一起来看看 《Python Cookbook》 这本书的介绍吧!