Cryptography Lab
DES Block Cipher Internals & Modes of Use
Objective
The objective of this lab is to explore the operation of the DES
encryption algorithm by tracing its execution, computing one round
by hand, and then exploring the various block cipher modes of use.
Resources - DES Calculator
To explore the operation of the DES block cipher, you will be using
the DES Calculator Applet. This applet is used to
encrypt or decrypt test data values using the DES block cipher. It can
optionally provide a trace of the calculations performed, with varying
degrees of detail.
For this lab, you will be assigned a Key Plain Cipher triple to use.
The triple is written as three values in hexadecimal being the key (64 bits),
plaintext (64 bits) and ciphertext (64 bits) values respectively;
and should look something like the following:
5B5A57676A56676E 675A69675E5A6B5A 974AFFBF86022D1F
If you encrypt the specified plaintext with the key, you should get
the ciphertext value; if you decrypt the ciphertext value, you should
get the plaintext value. Depending on the trace level specified, you will
also be given details of the round calculations as they are computed.
You can run the DES Calculator
Applet in the following ways:
- install on your own system
- the DES Calculator Applet page
provides links for the files to download onto your system. Then just
open the DEScalc.html
page using either your favorite (Java enabled) web browser, or running
"
appletviewer DEScalc.html
" from the Java SDK distribution,
to run the applet.
- direct web access
- alternatively you can access the
DES Calculator
directly from this site to run the applet.
Please note that the applet has limited error handling, supplying an
incorrect input value is liable to generate nonsense results!
Lab Task - Part a - Block Cipher Internals
For this lab, you have been allocated a specific DES triple
from the list below (please make sure you use it). You will use the
key and plaintext values from this triple in the
DES Calculator.
With this triple, you are asked to do the following tasks:
- Encrypt the plaintext using the key given in your triple, with
tracing of the round values. Note how the bits in X (the left
and right halves of the data) change from round to round. What is the
value of your X at the start of round 5?
- Change DES bit 12 of the PLAINTEXT in your triple (ie change the
0 to 1, or 1 to 0 as appropriate), assuming DES bit numbering from left
(MSB) bit 1 to right (LSB) bit 64. Encrypt this new plaintext value using
the DES Calculator. Using the trace output,
after each of the first four rounds list in a table how many bits
of X differ from the corresponding values in part i (nb. you will
have to convert between hexadecimal & binary and compare the relevant
bits to do this).
- Briefly describe how the subkeys used in each of the four rounds above
were derived from the original 64 key bits specified.
- Describe which characteristics of a good block cipher design have been
illustrated by this exercise, and how they are demonstrated.
Assessment - Part a
As assessment for this part of the lab, you should create a file for this lab.
At the top of this file you should include
the name of this course, this lab, your name, and your student number.
Then include the heading: Part a: Block Cipher Internals, and
follow this with the trace logs of the round values for all the DES
encryptions you ran for each of the above tasks, your working, your
answers and discussions.
DES Triples:
The table below lists triples on the left with the login they are
allocated to on the right (nb. you may need to scroll the window to see
the logins). These were randomly generated using the GenDES program, which is
also included in the JAR file, and which generates n random triples
when run as:
java -cp DEScalc.jar GenDES n
Triple (key plain cipher)in Hexadecimal Login
5B5A57676A56676E 675A69675E5A6B5A 974AFFBF86022D1F xxx
Lab Task - Part b - Block Cipher Round
For the second part of this lab, using your original plaintext
and key values, you should calculate the value of round two
by hand, (ie computing all steps in a DES round) using the
value of X and the sub-keys as given by the
DES Calculator,
and verify that you obtain the same value of X as the
trace shows at the start of round three.
You will find this relatively simple if you use a scientific calculator
with the ability to enter and display numbers in various bases and to
perform logical operations (eg. the Windows Calculator in Scientific Mode,
or kcalc on Linux).
Assessment - Part b
As assessment for this part of the lab, edit your lab file to
include the heading: Part b: Block Cipher Round, and follow this
with the full details of how you computed each of the steps
(including values before and after modulo reduction), and your comments
on the validity of the result.
Lab Task - Part c - Block Cipher Modes of Use
For this part of this lab, you will be encrypting by hand, the
same message using the same key, twice, once in CBC mode,
then in CFB-64 mode. Note - you are not asked to compute the DES
internal values by hand, you may use the
DES Calculator for this.
Rather you are showing how each of the above modes is implemented,
treating DES now as a "black box" en/decryption algorithm (ie something
that takes input & key and gives you some output).
Setup
To start with you need to create the key and message you'll use, and represent
them in hex (binary) as follows:
- key
- create a 8-byte (64-bit) key based on your name
and other letters (if necessary) to make it 8 chars long,
eg my key might be: "
LawrieBr
".
Then translate this from ASCII into hexadecimal (see below).
- message
- create a short message of between 17 and 23 bytes in length by
concatenating your first name with "test message" or "message"
as necessary to ensure it is 17 or more characters long.
eg I could use a message of "Lawrie's test message!
"
Please ensure it is at least 17 and no more than 23 characters,
that is it should incompletely span 3 input blocks of the cipher.
To convert from the ASCII text of your key/message to hexadecimal (and hence
binary), you can:
To show how you'd use these, I could for example implement the ECB mode
(which is not what you are asked to do) as follows:
given my key above, and the first 8 bytes of my message "Lawrie's",
I'd create the following key and plaintext hex values:
4c617772696542726f776e58595a5051 4c61777269652773
and then encrypt this using the DES Calculator
which tells me (using trace level 1):
setKey(4c617772696542726f776e58595a5051)
encryptDES(4c61777269652773) = a10e8bf6faf0f6bd
hence my first block of ciphertext in ECB mode would be:
a10e8bf6faf0f6bd
Illustrate Implementation of CBC Mode
Demonstrate how the CBC Mode can be used to first encrypt, and then
decrypt the above message, divided into blocks. You should use an
IV of all 0's. CBC mode is:
Ci = DESK1(Pi XOR Ci-1)
C-1 = IV
You should explicitly discuss how you handle the final, undersize block,
and how the receiver determines which decrypted bytes are valid. This
is part of the assessment for this item.
Illustrate Implementation of CFB-64 Mode
Demonstrate how the CFB-64 Mode can be used to first encrypt, and then
decrypt the above message, handling each character (byte) separately this
time in a stream. Again use an IV of all 0's. CFB mode is:
Ci = Pi XOR DESK1 (Ci-1)
C-1 = IV
and you will be using 64-bit feedback (ie all 8 bytes of ciphertext),
which can be done only after you have processed eight distinct bytes
of the message.
Discussion
You should conclude this section with a few sentences on how easy or
not each mode was to implement, and each's applicability to different
applications.
Assessment - Part c
As assessment for this part of the lab, edit your lab file to
include the heading: Part c: Block Cipher Modes of Use, and follow
this with full details of all your calculations showing how you
implemented the above modes. You should include all your DES Calculator
traces of key, data and resulting output values, but not internal
round values; as well as all your calculations and discussions.
Copyright ©
Dr Lawrie Brown /
6 Jun 2005