Brilliant. I've been searching for good explanations of DES algorithm details and this is one of the best lectures I've seen. Guess I won't need my textbook anymore!
I loved to see you teach with this kind of earnesty and a high level of dedication to cryptography and towards your students & viewers too. Wish we could have more teachers like you here in India.
Professor Paar, this is my second time going through this lecture series. I cannot express my gratitude towards you in any way it would simply fall short. This is the best crypto lecture series one can have. I wish I could visit one of your lectures in person someday. Take care.
@@acid123ist oh nice, well im just a freshman who got super excited after watching The imitation Games and made it through the 5th video of these lectures.
Can't wait to continue my Master studies in Germany! Thank you Professor for these free and online lectures. I really value your enthusiasm and ability to distribute information to students.
I was facing so much difficulty to understand this from textbook, but this man cleared all my confusions. Thank you very much Sir for your hard work and dedication.
Agreed. I watch a lot of these between 1.5 and 2 and still understand. Then I wonder how people stay at such a slow, steady pace while lecturing...I wish my brain and speech speed worked like that. I feel like at 1.5, it's normal speed :/
Wonderful lecture. Loved the way how the F-Function was broken down and explained. Thank you for the lectures and looking forward to your upcoming lectures.
Ok I've watched the lecture twice, now I'm going to read the chapter, then I'll code up the techniques so I really understand the material. I used this method for chapters 3 and 4. I'll be back for lecture 6 in about 2 weeks.
From what I've read: confusion refers to making the relationship between the key and ciphertext more obscure whereas diffusion is exactly what you've explained in the lecture. So, confusion is when a cryptanalyst can deduce multiple keys from a set of ciphertexts but can't tell which of the keys was used and diffusion is when a cryptanalyst can't deduce a definitive plaintext from a ciphertext because the statistical properties of the ciphertext have been flattened, i.e. diffused. In this lecture, you say that confusion means a simple substitution that makes relationship between the plaintext and ciphertext more obscure. Is it not a different or incorrect interpretation?
These kind of lectures are difficult to find and especially how much hardwork professor has put in to teach unlike teachers and professors here who just tell the book name and chapters to study.
Wonderful lecture Dr. Paar! The part where they expand the plaintext from 32 bits to 48, and then go back to 32 bits in the S-boxes confuses me. How do they guarantee that they aren't losing data? It seems you could lose data if you didn't do this carefully--did I miss something? (Obviously they don't lose data, or DES would have been dropped years ago.)
hello sir,i have a doubt.i understood the concept of f function.expansion box expand the 32 bit into 48 bit.some bit connected twice .so my question is why some bit is connected only twice .we just have to make 48 bit is there any thing any single bit connected thrice or four times.if not then why???? @christofpaar
I don't get the point of the s-box indexing using outer bits for rows and inner bits for columns. It is just a substitution table, where every input maps to a particular output. Therefore you could just reorder the values in the table to match the index order of the input. It provides no cryptographic benefit to order them in the way that they are. It just makes it *look* like it's a more sophisticated operation than it is.
Great lectures !! I dropped acidentally and driven by private interest into the topic of cryptography. Cant stop myself learning more I think I get adicted !!! There is a verry good and knowledgable book by Simon Singh I read last night. Think there must be also a german version available. Driven by this I tried to understand the german ENIGMA machine and the history and methods of the breaking of its code. From there I wanted to know and understand more about actual math based cypher algorithms and got hooked by the history of RSA (the first unsymetrical algorithm). Cant still stop myself there seems to be unlimetet content at the net and even here on youtube. GIVE ME MORE...
I liked all of Christof Paar's lectures which I watched so far! Great stuff and thumbs UP! However, the entire series of lectures and semester was recorded and took place in 2010-2011. This was before Edward Snowden's revelations in 2013 about NSA's global espionage, so the Professor may have not known the full story and told his students only what he has been told at that time, on why the NSA and their contractor IBM have not told anyone about the DES attack vulnerability (S-Box configuration). But cypherpunks and german crypto developers like me have a different opinion or theory today... It is more likely that NSA wanted to build in a backdoor in DES on purpose in the first place, in order to be able to break in and spy on any company, bank or targeted individual who used the popular DES cipher algorithm over the last 20-30 years. Just take a look at "Heartbleed bug" vulnerability in SSL online encryption which was revealed this year! The NSA knew about it, didn't tell anyone and exploited it for years! This may all sound like a conspiracy theory, but seriously, today everyone knows that the U.S. government and NSA do all these surveillance and espionage operations on the internet, especially against us Germans, even if they deny it. Edward Snowden revealed it himself, so nobody will argue about it today. It's not a conspiracy theory any longer but a conspiracy fact. But alright, let's assume the story was like the Professor said, that the NSA kept the vulnerability secret in order to be safe from attacks, which I find a bit sloppy for a "National Security Agency" with a budget of billions of dollars! You think the NSA would be so stupid and let IBM develop a half-secure cipher for themselves?? No no, that sounds like plausible deniality to me. I don't believe it. I think normal cryptographers have not been told the true reason why NSA kept the vulnerability secret. That's my personal opinion. You can't trust the NSA on this. They tell you one thing, but there may be more to the story as people think. Global industrial espionage has always been a big thing for any government or big corporation. There are many cipher algorithms today on the internet which people can download and use, but which have secret backdoors embedded for the government or spy corporations to break in silently and read all your encrypted messages easily. So be careful! These things don't happen, because NSA made a mistake. Don't be too naive to believe such a thing! NSA does not make mistakes. They want to spy on everyone on the global internet and they know what they're doing. It is more likely that DES was a clever spy scheme or fraud by the NSA. A malicious Cipher algorithm designed on purpose by NSA! But I don't want to insult the DES developers or anyone who loves DES. All I'm saying is I don't believe the story about the secrecy of the DES attack vulnerability.
That image is wrong in 47:50. bit 1 goes to 58 instead of 50 and bit 2 goes to 50 instead of 58. Same goes for IP^-1 bit 58 goes back to 2 and bit 50 goes back to 1 as you can also see from the table.
Great lecture ! :D By the way, how are the subkeys k_i designed ? And, at each time, is the bit numeroted 1 the MSB ? or is it he LSB ? :) Thank you ! :)
If the sixteen 48-bit round keys scheduled for successive rounds in the encryption process for DES are replaced by successive 48-bit blocks of the 768-bit key, What would be the weak keys for this variant of DES ?
Hi Mr Paar , Great lecture. One thing i would like to ask ?S block(s) which are used in DES are still statically there present in the algorithm or they are generated in runtime? If we change the S blocks does that violate DES ? Are they tightly coupled to the permutation box ? or are they mystical ?
The S-Boxes are static look-up tables. They are fundamental for the security of DES and, yes, they interact with the P permutation. For a deeper understanding of the S-Boxes, one has to study differential cryptanalysis, a powerful attack against which the S-Boxes provide protection.
You make the statement around time mark 52:30 that bit level permutations are fast in hardware. This is counter-intuitive because crossing lots of wires on essentially a 2-D chip seems difficult to implement. Either you would need recursion or a fair amount of real estate on the chip itself.
Sir at 15:00 you explain about Shanon's confusion property where you have explained that it establishes relation between plain text & cipher text but according to this property the relation is between the key and cipher text not between plain and cipher text ! Can you please upload a video on RC4 Algorithm?
hiii mr paar its really nice lecture. i would like to ask u a basic question,that how would comination of confusion and diffusion yields a strong block cipher
These lectures are amazing, thank you for making this understandable in a pleasurable way :) If I am to learn this from my local professor I'd probably jump off the building, my face melted from infectious autism.
Hello sir ,your exploration is so so....good Im from India my name is zakir husain im a research scholar So please give me an idea about the research topic of cryptography
Hi Professor, quick question, in the "high level diagram" you had "" confusion box->diffusion box(Confusion box first, THEN the diffusion box) , but when we got into more detail, we have expansion (diffusion) happening BEFORE substitution (confusion), why is this? Thanks in advance!
The order of diffusion-confusion does not really matter because there are 16 rounds, i.e., there is a constant sequence of diffusion-confusion-diffusion-confusion- ...
really good teaching, I think it's hard to find explanations like this on the internet, and for free, thank you.
Even my own cryptography teacher doesn't give so much explanations
Please have a look at Lecture 16 and 17 of this series where I introduce elliptic curve cryptography. Good luck!
Danke
Introduction to Cryptography by Christof Paar
Thanks sir.
danke professor. You have been amazing
Thanks :)
Pro tip: you can watch series at Flixzone. I've been using it for watching a lot of movies these days.
Top notch lecture. Clear, concise, extremely helpful and great fun. Professors of the world, please take a note.
Really appreciate this lecturer because this is the best explanation I have found on DES. Thank you for put it on youtube ❤🙏🙏
Brilliant. I've been searching for good explanations of DES algorithm details and this is one of the best lectures I've seen. Guess I won't need my textbook anymore!
I loved to see you teach with this kind of earnesty and a high level of dedication to cryptography and towards your students & viewers too. Wish we could have more teachers like you here in India.
@@mritunjaymusale True
I actually watch these for fun, it's not my specialist topic but I've spent 7.5hours so far and enjoying it!
Such a great professor. The way he teaches and breaks down this subject is just awesome. Thank you
Professor Paar, this is my second time going through this lecture series. I cannot express my gratitude towards you in any way it would simply fall short. This is the best crypto lecture series one can have. I wish I could visit one of your lectures in person someday. Take care.
Hey I am also Indian Im just curious for what purpose were you learning cryptography Im doing it for fun.
@@creativegiant148 i had netsec crypto in my masters
@@acid123ist oh nice, well im just a freshman who got super excited after watching The imitation Games and made it through the 5th video of these lectures.
And sleep in class. Forgive me, please.
Confusion = substitution. Diffusion = transposition. This makes instant sense to classical cipher fans.
seriously, you explain far better than my teacher.
I would recommend my friends to go through your lectures of crypto....
THANKS...
Can't wait to continue my Master studies in Germany! Thank you Professor for these free and online lectures. I really value your enthusiasm and ability to distribute information to students.
I was facing so much difficulty to understand this from textbook, but this man cleared all my confusions. Thank you very much Sir for your hard work and dedication.
Tip: You can watch this video at 1.5x speed and still understand.
+Kaustubh Ghanekar thank man. true!
Agreed. I watch a lot of these between 1.5 and 2 and still understand. Then I wonder how people stay at such a slow, steady pace while lecturing...I wish my brain and speech speed worked like that. I feel like at 1.5, it's normal speed :/
Useful AND practical.
I do it too 😂 but when you turn to normal it's like he speek tooo slowly
you must not be taking any notes
The first professor I've ever met, who allows sleeping in classes
Es mejor que duerman y no molesten a los demás. Nadie está obligado a aprender.
Sir , That was One of the Best lecture i have learn in youtube ... Thanks for it .
you are doing a very nice job
keep it up :) ....
You are a good man because you shared this knowledge with the world, Thank you Sir.
i would give my 100% attention and focus every single second of his lecture class if i would be in that class
Wonderful lecture. Loved the way how the F-Function was broken down and explained. Thank you for the lectures and looking forward to your upcoming lectures.
Ok I've watched the lecture twice, now I'm going to read the chapter, then I'll code up the techniques so I really understand the material. I used this method for chapters 3 and 4. I'll be back for lecture 6 in about 2 weeks.
Grossartig Lekteur. Ich liebe die bewegende Wandtafeln. Thank you for the lecture, great moving synchronized blackboards...
Thank you very much sir, you earned me my 10 marks of presentation :)
as someone learning both cryptography and german, this is such a helpful lecture :)
Thank you so much. Your explanation was beautiful and you made DES so simple and easy. Beautiful lecture
Thank you very much for sharing. It means a lot for the those of us in the disadvantage part of the world.
29:24 ''If you do youtube on your laptop, it's like the biggest wasted 90 minutes of your life.''
Well, fuck
From what I've read: confusion refers to making the relationship between the key and ciphertext more obscure whereas diffusion is exactly what you've explained in the lecture. So, confusion is when a cryptanalyst can deduce multiple keys from a set of ciphertexts but can't tell which of the keys was used and diffusion is when a cryptanalyst can't deduce a definitive plaintext from a ciphertext because the statistical properties of the ciphertext have been flattened, i.e. diffused.
In this lecture, you say that confusion means a simple substitution that makes relationship between the plaintext and ciphertext more obscure. Is it not a different or incorrect interpretation?
Spot on. The lectures are great, but the explanation of confusion is rather confusing ;-)
Really hats off professor . I can understand easily and also i m watching continuously dis lectures makes very helpful to learn
Awesome Lecture Christof, gave the trivia as well as the concept of DES. Thank you for uploading.
I do not understand how someone can sleep during such a beautiful lecture?!
thank you for this material, the slides are really good and the way you explain this is so friendly.
THE LECTURE MADE MY CONCEPT CRYSTAL CLEAR.THANKS A LOT SIR.THAT UNIVERSITY WOULD BE LUCKY WHERE YOU ARE TEACHING.
Thank you so much! Much better explanation of DES than my professor..
Great lecture on encryptology! many,many thanks to prof Paar
These kind of lectures are difficult to find and especially how much hardwork professor has put in to teach unlike teachers and professors here who just tell the book name and chapters to study.
Well Yes! the SBoxes can be rearrange into a simple vector so that the 6-bit input directly address the appropriate SBox vector element.
you are really a master of Cryptography!!!!
Awesome explanations, you are awesome Sir. Thanks for sharing your knowledge with us with no cost.
Christof is a great lecturer.
this is my food for thought for partial unemployment days, great lectures!
Very helpful. Thanks for making it public.
Really great explanation ! Helped me out a lot in understanding DES
00:00 DES Intro
24:19 Feistel Network
42:54 DES Internals
I really enjoyed this. Very clear and well illustrated.
Very nice and interesting video! I wish we had professors like you in my university !
31:38 the best part of the lesson, OMG what a good teacher !!!! "It´s perfect, because it´s wrong"
Thank you for uploading this,,,No one does the explanation better than you,,,,
Wonderful lecture Dr. Paar! The part where they expand the plaintext from 32 bits to 48, and then go back to 32 bits in the S-boxes confuses me. How do they guarantee that they aren't losing data? It seems you could lose data if you didn't do this carefully--did I miss something? (Obviously they don't lose data, or DES would have been dropped years ago.)
Thnx from Albania. I liked the explanation and I'm so excited that I'm going to write my own DES code. :)
I love the way he says "that's it for today thank you very much"
Thanks, Christof. Very well explanied.
I was attentive through out the video. thank you so much for the great explanation.
My english is not perfect but I would said to thanks to this teacher. THANKS
This is such an amazing course, but could you help me to add a subtitle for each lesson to people who hasnt a good skill in english
i believe i can fly
sooo before you go
@@fahmiramadhan7166 hey yoshii masi idup kamu
Great lectures, very clear explanation! Nice job! Thank you
Pleasant class. Thank you, professor!
Great teacher ! very good explanations. Thank you very much.
hello sir,i have a doubt.i understood the concept of f function.expansion box expand the 32 bit into 48 bit.some bit connected twice .so my question is why some bit is connected only twice .we just have to make 48 bit is there any thing any single bit connected thrice or four times.if not then why???? @christofpaar
Thanks for the lecture, From India :)
This was amazing! wish we had teachers like you in india
Best explanation ...!!!
Lecture so brilliant and helpful, thanks a lot prof.
Very good lesson!
There are some football players known as genius. And know I guess I know who to call genius in teaching. :-) Thank you Mr. Paar.
I don't get the point of the s-box indexing using outer bits for rows and inner bits for columns. It is just a substitution table, where every input maps to a particular output. Therefore you could just reorder the values in the table to match the index order of the input. It provides no cryptographic benefit to order them in the way that they are. It just makes it *look* like it's a more sophisticated operation than it is.
Great lectures !!
I dropped acidentally and driven by private interest into the topic of cryptography.
Cant stop myself learning more I think I get adicted !!!
There is a verry good and knowledgable book by Simon Singh I read last night.
Think there must be also a german version available.
Driven by this I tried to understand the german ENIGMA machine and the history and methods of the breaking of its code.
From there I wanted to know and understand more about actual math based cypher algorithms and got hooked by the history of RSA (the first unsymetrical algorithm).
Cant still stop myself there seems to be unlimetet content at the net and even here on youtube.
GIVE ME MORE...
Volker Schmidt
Omg i came here from numberphile's video on the Enigma!
@@bananian same here
Superb lecture. Thank you
very helpful, the teaching is great too good job.
Amazing. That is what should proffer looks like
I liked all of Christof Paar's lectures which I watched so far! Great stuff and thumbs UP!
However, the entire series of lectures and semester was recorded and took place in 2010-2011. This was before Edward Snowden's revelations in 2013 about NSA's global espionage, so the Professor may have not known the full story and told his students only what he has been told at that time, on why the NSA and their contractor IBM have not told anyone about the DES attack vulnerability (S-Box configuration). But cypherpunks and german crypto developers like me have a different opinion or theory today... It is more likely that NSA wanted to build in a backdoor in DES on purpose in the first place, in order to be able to break in and spy on any company, bank or targeted individual who used the popular DES cipher algorithm over the last 20-30 years. Just take a look at "Heartbleed bug" vulnerability in SSL online encryption which was revealed this year! The NSA knew about it, didn't tell anyone and exploited it for years! This may all sound like a conspiracy theory, but seriously, today everyone knows that the U.S. government and NSA do all these surveillance and espionage operations on the internet, especially against us Germans, even if they deny it. Edward Snowden revealed it himself, so nobody will argue about it today. It's not a conspiracy theory any longer but a conspiracy fact.
But alright, let's assume the story was like the Professor said, that the NSA kept the vulnerability secret in order to be safe from attacks, which I find a bit sloppy for a "National Security Agency" with a budget of billions of dollars! You think the NSA would be so stupid and let IBM develop a half-secure cipher for themselves?? No no, that sounds like plausible deniality to me. I don't believe it. I think normal cryptographers have not been told the true reason why NSA kept the vulnerability secret. That's my personal opinion. You can't trust the NSA on this. They tell you one thing, but there may be more to the story as people think. Global industrial espionage has always been a big thing for any government or big corporation. There are many cipher algorithms today on the internet which people can download and use, but which have secret backdoors embedded for the government or spy corporations to break in silently and read all your encrypted messages easily. So be careful! These things don't happen, because NSA made a mistake. Don't be too naive to believe such a thing! NSA does not make mistakes. They want to spy on everyone on the global internet and they know what they're doing. It is more likely that DES was a clever spy scheme or fraud by the NSA. A malicious Cipher algorithm designed on purpose by NSA! But I don't want to insult the DES developers or anyone who loves DES. All I'm saying is I don't believe the story about the secrecy of the DES attack vulnerability.
Very nice explanation sir. I really enjoyed your lecture.
That image is wrong in 47:50. bit 1 goes to 58 instead of 50 and bit 2 goes to 50 instead of 58. Same goes for IP^-1 bit 58 goes back to 2 and bit 50 goes back to 1 as you can also see from the table.
Just bought this guys book thanks for das buche!!!
@17:52 In definition of confusion, it should be relation between key and ciphertext obsured.
You're an amazing lecturer!
confusion refers to making
the relationship between the ciphertext and the symmetric
key u wrote the other way rnd
I think there is a mistake at 1:20:27 8 is 0100 not 1000 but this is the greatest lecture about des
DES intro 0:00
Feistel networks 24:30
DES internals 43:00
sir you teach great !
I wonder if the S-Boxes can be rearranged so that the lookup can be direct, without all that bit0-bit5 and bit4-bot3-bit2-bit1 nonsense.
Great lecture ! :D
By the way, how are the subkeys k_i designed ? And, at each time, is the bit numeroted 1 the MSB ? or is it he LSB ? :)
Thank you ! :)
Good description
thank you from Brazil
If the sixteen 48-bit round keys scheduled for successive rounds in the encryption process for DES are replaced by successive 48-bit blocks of the 768-bit key, What would be the weak keys for this variant of DES ?
Hi Mr Paar ,
Great lecture. One thing i would like to ask ?S block(s) which are used in DES are still statically there present in the algorithm or they are generated in runtime? If we change the S blocks does that violate DES ? Are they tightly coupled to the permutation box ? or are they mystical ?
The S-Boxes are static look-up tables. They are fundamental for the security of DES and, yes, they interact with the P permutation. For a deeper understanding of the S-Boxes, one has to study differential cryptanalysis, a powerful attack against which the S-Boxes provide protection.
thank you sir for these great lecture.
You make the statement around time mark 52:30 that bit level permutations are fast in hardware. This is counter-intuitive because crossing lots of wires on essentially a 2-D chip seems difficult to implement. Either you would need recursion or a fair amount of real estate on the chip itself.
To my knowledge, the bit permutations can be achieved in standard ICs quite easily using standard metal routing. regards, christof
Sir at 15:00 you explain about Shanon's confusion property where you have explained that it establishes relation between plain text & cipher text but according to this property the relation is between the key and cipher text not between plain and cipher text !
Can you please upload a video on RC4 Algorithm?
i learned a lot from this tutorial Thanks
Thanks for an awesome lecture !
Can we use 3DES in EED mode with K1,K1,K2 keys? how will the strength differ in finding the keys in terms of EDE and EED mode?
Thanks so much, I loved it!
hiii mr paar its really nice lecture. i would like to ask u a basic question,that how would comination of confusion and diffusion yields a strong block cipher
may I ask, what's is the algorithm that makes the subkeys for every round and where do I find the S-BOXS 2 to 8?
These lectures are amazing, thank you for making this understandable in a pleasurable way :) If I am to learn this from my local professor I'd probably jump off the building, my face melted from infectious autism.
Thank you so much amazing lecture
Beautiful!
Hello sir ,your exploration is so so....good
Im from India my name is zakir husain im a research scholar
So please give me an idea about the research topic of cryptography
Sir realy helping notes thnx alot
Hi Professor, quick question, in the "high level diagram" you had "" confusion box->diffusion box(Confusion box first, THEN the diffusion box) , but when we got into more detail, we have expansion (diffusion) happening BEFORE substitution (confusion), why is this? Thanks in advance!
The order of diffusion-confusion does not really matter because there are 16 rounds, i.e., there is a constant sequence of diffusion-confusion-diffusion-confusion- ...