THE FAMILY OF BLOCK CIPHERSTHE FAMILY OF BLOCK CIPHERS

““SD-(n,k)”SD-(n,k)”

S. Markovski

D. Gligoroski

V. Dimitrova

A. Mileva

NATO ARW, Velingrad 21-25 October 2006

2

Outline

Introduction Block ciphers Quasigroups Encryption/Decryption Algorithms Conclusion Future work

NATO ARW, Velingrad 21-25 October 2006

3

Introduction

We present a new family of block ciphers “SD-(n,k)“.

“SD-(n,k)“ is based on the properties of quasigroup operations and quasigroup string transformations.

This design allows choosing different level of security and different kind of performances.

NATO ARW, Velingrad 21-25 October 2006

4

Block ciphers

Block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation.

Plaintext

Ciphertext

EKey

Ciphertext

Plaintext

DKey

NATO ARW, Velingrad 21-25 October 2006

5

Block ciphers

To encrypt messages longer than block size a mode of operation is used

Basic mode of operation:ECB, CBC, OFB, CFB

Typical key size in bits are: 40, 56, 64, 80, 128, 192, 256,...

From 2001 standard is AES witch use– 128 bits for SECRET– 192 bits, 256 bits for TOP SECRET

NATO ARW, Velingrad 21-25 October 2006

6

ECB – Electronic Code Book

M0 ... MnM1

C0 ... CnC1

E ... EE

NATO ARW, Velingrad 21-25 October 2006

7

CBC – Cipher Block Chaining

M0 ... MnM1

C0 ... CnC1

E ... EE

IV

NATO ARW, Velingrad 21-25 October 2006

8

OFB – Output FeedBack

M0 ... MnM1

C0 ... CnC1

E ... EE

IV

NATO ARW, Velingrad 21-25 October 2006

9

CFB – Cipher FeedBack

M0 ... MnM1

C0 ... CnC1

E ... EE

IV

NATO ARW, Velingrad 21-25 October 2006

10

Quasigroup

Quasigroup (Q,*) is a groupoid satisfying the law:

(u,vQ)(!x,yQ)(x*u=v & u*y=v).

* 0 1 2 3

0 2 1 3 0

1 0 3 1 2

2 1 0 2 3

3 3 2 0 1 Q is a finite set. * is quasigroup oparation.

NATO ARW, Velingrad 21-25 October 2006

11

Latin square

Releated combinatorial structure is Latin square.

Latin square is an nxn matrix with elements from Q such that each row and column is a permutation of Q.

2 1 3 0

0 3 1 2

1 0 2 3

3 2 0 1

NATO ARW, Velingrad 21-25 October 2006

12

Quasigroup operations

Given a quasigroup (Q,*) two new operations, can be derived \ and / defined by:

x*y=z y=x\z x=z/y.

The algebra (Q,*,\,/) satisfies the identities:

x\(x*y)=y, x*(x\y)=y, (x*y)/y=x, (x/y)*y=x.

(Q,\), (Q,/) are qusigroups too.

NATO ARW, Velingrad 21-25 October 2006

13

Quasigroup operations

* 0 1 2 3

0 2 1 0 3

1 3 0 1 2

2 1 2 3 0

3 0 3 2 1

\ 0 1 2 3

0 2 1 0 3

1 1 2 3 0

2 3 0 1 2

3 0 3 2 1

/ 0 1 2 3

0 3 1 0 2

1 2 0 1 3

2 0 2 3 1

3 1 3 2 0

NATO ARW, Velingrad 21-25 October 2006

14

Quasigroup string transformations

We consider:– an alphabet A (finite set);– the set A+ of all nonempty finite words;– quasigroup operation *;– element lA (leader); =a1a2...an, where aiA.

We define:– 4 functions: el,*, dl,*, e’l,*,d’l,*:A+ A+.

NATO ARW, Velingrad 21-25 October 2006

15

Quasigroup string transformations

el,*()= b1b2...bn b1=l*a1, b2=b1*a2, ... bn=bn-1*an

a1 a2 ... an-1 an

l b1 b2 ... bn-1 bn

NATO ARW, Velingrad 21-25 October 2006

16

Quasigroup string transformations

dl,*()= c1c2...cn c1=l*a1, c2=a1*a2, ... cn=an-1*an

l a1 a2 ... an-1 an

c1 c2 ... cn-1 cn

NATO ARW, Velingrad 21-25 October 2006

17

Quasigroup string transformations

e’l,*()= b1b2...bn b1=a1*l, b2=a2*b1, ... bn=an*bn-1

a1 a2 ... an-1 an

l b1 b2 ... bn-1 bn

NATO ARW, Velingrad 21-25 October 2006

18

Quasigroup string transformations

d’l,*()= c1c2...cn c1=a1*l, c2=a2*a1, ... cn=an*an-1

l a1 a2 ... an-1 an

c1 c2 ... cn-1 cn

NATO ARW, Velingrad 21-25 October 2006

19

Quasigroup string transformations

Example:– A={0,1,2,3}, – l=0,– (A,*) and (A,\)

1021000000000112102201010300

’= e0,*() 1322130213021011211133013130

’’=d0,\(’) 1021000000000112102201010300

* 0 1 2 3

0 2 1 0 3

1 3 0 1 2

2 1 2 3 0

3 0 3 2 1

- =1021000000000112102201010300

\ 0 1 2 3

0 2 1 0 3

1 1 2 3 0

2 3 0 1 2

3 0 3 2 1

NATO ARW, Velingrad 21-25 October 2006

20

Quasigroup string transformations

Proposition 1: For each string MA+ and each leader lQ it holds that dl,\(el,*(M))=M=el,*(dl,\(M)), i.e. el,* and dl,\ are mutually inverse permutations of A+ ((el,*)-1= dl,\).

Proposition 2: For each string MA+ and each leader lQ it holds that d’l,/(e’l,*(M))=M=e’l,*(d’l,/(M)), i.e. e’l,* and d’l,/ are mutually inverse permutations of A+ ((e’l,*)-1= d’l,/).

NATO ARW, Velingrad 21-25 October 2006

21

Encryption/Decryption functions of “SD-(n,k)”

We use: – Blocks with length of n letters;– Key K=K0K1...Kn+4k-1, KiA , where k is number of

repeating of four different quasigroup string transformations in encryption/decryption functions;

– Input: plaintext m0m1...mn-1, miA

– Output: ciphertext c0c1...cn-1, ciA

We use: – Blocks with length of n letters;– Key K=K0K1...Kn+4k-1, KiA , where k is number of

repeating of four different quasigroup string transformations in encryption/decryption functions;

– Input: plaintext m0m1...mn-1, miA

– Output: ciphertext c0c1...cn-1, ciA

NATO ARW, Velingrad 21-25 October 2006

22

Encryption algorithm

EA1: For i=0 to n-1 do bi=Ki*mi

EA2: For j=0 to k-1 do

b0Kn+4j*b0

For i=0 to n-1 do bibi-1*bi

bn-1Kn+4j+1*bn-1

For i=n-1 down to 1 do bi-1bi*bi-1

b0b0 *Kn+4j+2

For i=1 to n-1 do bibi*bi-1

bn-1bn-1 * Kn+4j+3

For i=n-1 down to 1 do bi-1bi-1*bi

EA3: For i=0 to n-1 do ci=Ki*bi

EA1: For i=0 to n-1 do bi=Ki*mi

EA2: For j=0 to k-1 do

b0Kn+4j*b0

For i=0 to n-1 do bibi-1*bi

bn-1Kn+4j+1*bn-1

For i=n-1 down to 1 do bi-1bi*bi-1

b0b0 *Kn+4j+2

For i=1 to n-1 do bibi*bi-1

bn-1bn-1 * Kn+4j+3

For i=n-1 down to 1 do bi-1bi-1*bi

EA3: For i=0 to n-1 do ci=Ki*bi

NATO ARW, Velingrad 21-25 October 2006

23

Decryption algorithm

DA1: For i=0 to n-1 do bi=Ki\ci

DA2: For j=k-1 down to 0 do

For i=1 to n-1 do bi-1bi-1/bi

bn-1bn-1 /Kn+4j+3

For i=n-1 down to 1 do bibi/bi-1

b0b0 /Kn+4j+2

For i=1 to n-1 do bi-1bi\bi-1

bn-1Kn+4j+1 \ bn-1

For i=n-1 down to 1 do bibi-1\bi

b0Kn+4j\b0

DA3: For i=0 to n-1 do mi=Ki\bi

DA1: For i=0 to n-1 do bi=Ki\ci

DA2: For j=k-1 down to 0 do

For i=1 to n-1 do bi-1bi-1/bi

bn-1bn-1 /Kn+4j+3

For i=n-1 down to 1 do bibi/bi-1

b0b0 /Kn+4j+2

For i=1 to n-1 do bi-1bi\bi-1

bn-1Kn+4j+1 \ bn-1

For i=n-1 down to 1 do bibi-1\bi

b0Kn+4j\b0

DA3: For i=0 to n-1 do mi=Ki\bi

NATO ARW, Velingrad 21-25 October 2006

24

Encryption/Decryption algorithms

The algorithms EAK and DAK for fixed K can be considered as transformations of the set An

EAK(DAK(m0m1...mn-1))=m0m1...mn-1

DAK(EAK(m0m1...mn-1))=m0m1...mn-1.

Theorem: The transformations EAK and DAK are permutations of the set An.

The algorithms EAK and DAK for fixed K can be considered as transformations of the set An

EAK(DAK(m0m1...mn-1))=m0m1...mn-1

DAK(EAK(m0m1...mn-1))=m0m1...mn-1.

Theorem: The transformations EAK and DAK are permutations of the set An.

NATO ARW, Velingrad 21-25 October 2006

25

Conclusion

– This is a new family of block ciphers.– Very flexible design.– Easy implementation.– It has a large range of applications.

– This is a new family of block ciphers.– Very flexible design.– Easy implementation.– It has a large range of applications.

NATO ARW, Velingrad 21-25 October 2006

26

Future Work

– Cryptanalysis of “SD-(n,k)”.– Practical implementation.– Design improvement.

– Cryptanalysis of “SD-(n,k)”.– Practical implementation.– Design improvement.

NATO ARW, Velingrad 21-25 October 2006

27

THANK YOU

FOR

YOUR ATTENTION