|
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks'', with an unvarying transformation that is specified by a symmetric key. Block ciphers are important elementary components in the design of many cryptographic protocols, and are widely used to implement encryption of bulk data. The modern design of block ciphers is based on the concept of an ''iterated'' product cipher. Product ciphers were suggested and analyzed by Claude Shannon in his seminal 1949 publication ''Communication Theory of Secrecy Systems'' as a means to effectively improve security by combining simple operations such as substitutions and permutations. Iterated product ciphers carry out encryption in multiple rounds, each of which uses a different subkey derived from the original key. One widespread implementation of such ciphers is called a Feistel network, named after Horst Feistel, and notably implemented in the DES cipher.〔, p. 455.〕 Many other realizations of block ciphers, such as the AES, are classified as substitution-permutation networks. The publication of the DES cipher by the U.S. National Bureau of Standards (now National Institute of Standards and Technology, NIST) in 1977 was fundamental in the public understanding of modern block cipher design. In the same way, it influenced the academic development of cryptanalytic attacks. Both differential and linear cryptanalysis arose out of studies on the DES design. Today, there is a palette of attack techniques against which a block cipher must be secure, in addition to being robust against brute force attacks. Even a secure block cipher is suitable only for the encryption of a single block under a fixed key. A multitude of modes of operation have been designed to allow their repeated use in a secure way, commonly to achieve the security goals of confidentiality and authenticity. However, block ciphers may also be used as building blocks in other cryptographic protocols, such as universal hash functions and pseudo-random number generators. ==Definition== A block cipher consists of two paired algorithms, one for encryption, ''E'', and the other for decryption, ''D''. Both algorithms accept two inputs: an input block of size ''n'' bits and a key of size ''k'' bits; and both yield an ''n''-bit output block. The decryption algorithm ''D'' is defined to be the inverse function of encryption, i.e., ''D'' = ''E''−1. More formally,〔 〕〔, chapter 3.〕 a block cipher is specified by an encryption function : which takes as input a key ''K'' of bit length ''k'', called the ''key size'', and a bit string ''P'' of length ''n'', called the ''block size'', and returns a string ''C'' of ''n'' bits. ''P'' is called the plaintext, and ''C'' is termed the ciphertext. For each ''K'', the function ''E''''K''(''P'') is required to be an invertible mapping on ''n''. The inverse for ''E'' is defined as a function : taking a key ''K'' and a ciphertext ''C'' to return a plaintext value ''P'', such that : For example, a block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext. The exact transformation is controlled using a second input – the secret key. Decryption is similar: the decryption algorithm takes, in this example, a 128-bit block of ciphertext together with the secret key, and yields the original 128-bit block of plain text. For each key ''K'', ''EK'' is a permutation (a bijective mapping) over the set of input blocks. Each key selects one permutation from the possible set of . 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Block cipher」の詳細全文を読む スポンサード リンク
|