Question

In: Computer Science

Suppose you wanted to create a block cipher that was based at least in part on...

Suppose you wanted to create a block cipher that was based at least in part on a hash function. We know that hash functions are one-way, while a cipher needs to be reversible in order to decrypt it. Come up with a way that you could use a hash function in this way. Looking over DES could be a good way to start thinking about this question.

Solutions

Expert Solution

It is possible to build a block cipher out of a great many things. If you want to use a hash function, the classic trick is to follow a Feistel structure, which is, incidentally, the same kind of structure than what DES uses.

The schematics on the Wikipedia page are quite clear; you would use the hash function for the "F" part, which combines one (sub)key and one half of the current block, to produce a value which is to be XORed with the other half of the current block. The beauty of the scheme is that the "F" function is always invoked in the same direction, both for encryption and for decryption. Therefore, it can be a one-way function, like a hash function.

Luby and Rackoff have demonstrated in 1988 that the Feistel scheme offers remarkable security with as little as four rounds, provided that the "F" function is "perfect" and that the cipher block size is big enough (to get the standard "128-bit security" out of the Luby-Rackoff proof, you need 256-bit blocks).

Of course, any concrete hash function cannot be really "perfect" (see for instance this answer) and there are a lot of subtle details which can destroy the security of the best thought cipher structure. As usual, you are strongly advised not to build your own crypto (unless you are quite clear with yourself that you do it for learning and not to actually protect any data of value).

Also, if you build such a cipher, you will probably notice that the resulting performance is disappointing. With a secure hash function like SHA-256, you could expect an encryption bandwidth roughly 20 times lower than what AES would get you.


Related Solutions

What is a block cipher? What is the equation to describe a block cipher?
 What is a block cipher? What is the equation to describe a block cipher? What is symmetric key encryption and compare with Public key encryption? Why is a block cipher considered a keyed permutation? What is the most common block cipher currently in use? Explain the "key schedule" Considering the DES algorithm, what Caused it to encounter serious security issues? What are Sub-Bytes? What is the difference in output when considering ShiftRows and MixColumns? What is 3DES? 3DES is the workhorse of which industry and why?
Suppose Alice is using a block cipher to send the message THE ORDER IS KARL, ANDY,...
Suppose Alice is using a block cipher to send the message THE ORDER IS KARL, ANDY, FRED AND IAN. IAN AND ANDY HAVE LEFT. to Bob. Assume that the block cipher is used in ECB mode, the English is divided into plaintext blocks of 2 letters (ignore spaces and punctuation) the ciphertext blocks are denoted C1,C2,...,C23 (a) Write down the 23 plaintext blocks. (b) Will any of the ciphertext blocks be repeated? If so, which ones? (c) Suppose an attacker...
Suppose a block cipher uses m-to-m bits S-boxes. How many bits are required to store the...
Suppose a block cipher uses m-to-m bits S-boxes. How many bits are required to store the look-up table of k different such m-to-m bits S-boxes? Give a formula in terms of k and m. Hint: A look-up table for one DES S-box requires 256 bits of storage.
Explain the different classes of attacks that should be resisted by a secure block cipher
Explain the different classes of attacks that should be resisted by a secure block cipher
Create a PLSQL block that retrieves and displays information for a specific project based on project...
Create a PLSQL block that retrieves and displays information for a specific project based on project ID. Display the following on a single row of output: project ID, project name, number of pledges made, total dollars pledged, and the average pledge amount
Which block cipher mode to use? For each of the following scenarios, determine which of the...
Which block cipher mode to use? For each of the following scenarios, determine which of the four block cipher modes discussed in class would be most appropriate. Justify your answer. Encryption of the social security number field within every record of a database. Encryption of a Word document (.doc) that will be sent as an email attachment. Sector-by-sector encryption of an external hard drive. Real-time encryption of a non-packetized bit stream (e.g. raw digital video). Suppose a communication system encrypts...
Why in Cipher Block Chaining (CBC) mode, an initialization vector is needed in addition to the...
Why in Cipher Block Chaining (CBC) mode, an initialization vector is needed in addition to the Key?
Continued Part 1, - Internal controls process Based on this scenario, you decide to create an...
Continued Part 1, - Internal controls process Based on this scenario, you decide to create an internal controls process that will protect your business. Your first task is to create a written plan for addressing the situation with all employees. What are the goals of this plan? How can you address staff without letting other employees know who was directly involved? How might you train staff to prevent transposition errors, whether deliberate or accidental, in the future? What measurements can...
Suppose you are a Chief Financial Officer (CFO) of a UK based listed Part A -...
Suppose you are a Chief Financial Officer (CFO) of a UK based listed Part A - company. The company is currently trading at £10 per share and 10 million shares in issue. The total market value of the issued share capital of the company is £100 million. You have been requested to write a report to the board of directors with respect to raising an additional funding of £50 million to enable the next stage of development of international projects...
Why is the Cipher Block Chaining (CBC) mode of operation considered preferable to the Electronic Code...
Why is the Cipher Block Chaining (CBC) mode of operation considered preferable to the Electronic Code Book (ECB) mode? Is it possible to perform encryption operations in parallel on multiple blocks of plaintext in the CBC mode? How about decryption?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT