Experiment No.

2
PART A
(PART A: TO BE REFERRED BY STUDENTS)

A.1 Aim:
To study Advance Encryption Standards block cipher and it’s mode of operations

Task 1:
Simulate the working of Cipher Block Chaining (CBC) mode for Advance Encryption Standard
using Virtual Bombay.

Step I: Choose a mode of operation from PART I

Step II: Select Key Size, Plaintext, Key Text, Initialization vector (IV) (for ECB and OFB modes
only) and CTR (forctr mode only) in PART II
Step III: Whenever necessary use XOR operation in PART III in accordance with chosen mode
of operation
Step IV: Use function FK and "Key in hex:" field in PART IV should be filled key text generated
in Step2
Step V: Fill "Plaintext in hex:" field with appropriate value in accordance with chosen mode of
operation and click on encrypt button
Step VI: Enter your answer in PART V to check your cipher text

A.2 Prerequisite:
Basic understanding of goals of security, cryptography.

A.3 Outcome:

After successful completion of this experiment students will be able to

1. To understand the need, strengths and weaknesses of various modes of operation of block
ciphers.

A.4 Theory:

AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation network’. It

comprises of a series of linked operations, some of which involve replacing inputs by specific
outputs (substitutions) and others involve shuffling bits around (permutations).

Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats the
128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four
rows for processing as a matrix −

Unlike DES, the number of rounds in AES is variable and depends on the length of the key. AES
uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each
of these rounds uses a different 128-bit round key, which is calculated from the original AES key.
The schematic of AES structure is given in the following illustration
Byte Substitution (SubBytes)
The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result
is in a matrix of four rows and four columns.
Shiftrows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-inserted
on the right side of row. Shift is carried out as follows −
 First row is not shifted.
 Second row is shifted one (byte) position to the left.
 Third row is shifted two positions to the left.
 Fourth row is shifted three positions to the left.
 The result is a new matrix consisting of the same 16 bytes but shifted with respect to each
other.
MixColumns
Each column of four bytes is now transformed using a special mathematical function. This
function takes as input the four bytes of one column and outputs four completely new bytes,
which replace the original column. The result is another new matrix consisting of 16 new bytes.
It should be noted that this step is not performed in the last round.
Addroundkey
The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the
round key. If this is the last round then the output is the cipher text. Otherwise, the resulting 128
bits are interpreted as 16 bytes and we begin another similar round.
Decryption Process
The process of decryption of an AES ciphertext is similar to the encryption process in the reverse
order. Each round consists of the four processes conducted in the reverse order

 Add round key

 Mix columns
 Shift rows
 Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the
encryption and decryption algorithms needs to be separately implemented, although they are very
closely related.
 Experiment No. 2
PART B
(PART B : TO BE COMPLETED BY STUDENTS)

(Students must submit the soft copy as per following segments within two hours of the
practical. The soft copy must be uploaded on the Student Portal or emailed to the concerned lab
in charge faculties at the end of the practical in case the there is no Student Portal access
available)

Roll No: A047 Name: Ritika Sahu

Branch: MCA Batch: 2
Date of Experiment: Date of Submission:
Grade:

B.1 Tasks completed by the student

B.2 Observations and learning:

B.3 Conclusion:
B.4 Questions of Curiosity

Q1. Which is the fastest mode of operation among four mode of operation?

ECB (Electronic Codebook) is essentially the first generation of the AES. It is the most
basic form of block cipher encryption.

CBC (Cipher Blocker Chaining) is an advanced form of block cipher encryption. With
CBC mode encryption, each ciphertext block is dependent on all plaintext blocks
processed up to that point. This adds an extra level of complexity to the encrypted data.

Advantages of using ECB – 

 Parallel encryption of blocks of bits is possible, thus it is a faster way of encryption. 
 Simple way of block cipher. 

Disadvantages of using ECB –  

 Prone to cryptanalysis since there is a direct relationship between plaintext and ciphertext. 

Advantages of CBC – 
 CBC works well for input greater than b bits. 
 CBC is a good authentication mechanism. 
 Better resistive nature towards cryptanalysis than ECB.  

Disadvantages of CBC –  

 Parallel encryption is not possible since every encryption requires previous cipher. 

Q2. Which mode of operation is more secure?

 ECB (electronic code book) is basically raw cipher. For each block of input, you encrypt
the block and get some output. The problem with this transform is that any resident
properties of the plaintext might well show up in the ciphertext – possibly not as clearly –
that's what blocks and key schedules are supposed to protect againt, but analyzing the
patterns you may be able to deduce properties that you otherwise thought were hidden.
 CBC mode is short for cipher block chaining. You have an initialization vector which
you XOR the first block of plaintext against. You then encrypt that block of plaintext.
The next block of plaintext is xor'd against the last encrypted block before you encrypt
this block. 
Q3. What is importance of Initialization Vector (IV) and CTR? An initialization vector (IV)
is an arbitrary number that can be used along with a secret key for data
encryption. This number, also called a nonce, is employed only one time in any
session. 

The use of an IV prevents repetition in data encryption, making it more difficult

for a hacker using a dictionary attack to find patterns and break a cipher. For
example, a sequence might appear twice or more within the body of a
message. If there are repeated sequences in encrypted data, an attacker could
assume that the corresponding sequences in the message were also identical.
The IV prevents the appearance of corresponding duplicate character
sequences in the ciphertext. 

Q4. Why ECB is not CPA-secure and Why CBC is CPA-secure?

The main reason not to use ECB mode encryption is that it's not semantically secure — that is,
merely observing ECB-encrypted ciphertext can leak information about the plaintext (even
beyond its length, which all encryption schemes accepting arbitrarily long plaintexts will leak
to some extent).
Specifically, the problem with ECB mode is that encrypting the same block (of 8 or 16 bytes,
or however large the block size of the underlying cipher is) of plaintext using ECB mode
always yields the same block of ciphertext. This can allow an attacker to:

 detect whether two ECB-encrypted messages are identical;

 detect whether two ECB-encrypted messages share a common prefix;
 detect whether two ECB-encrypted messages share other common substrings, as long as
those substrings are aligned at block boundaries; or
 detect whether (and where) a single ECB-encrypted message contains repetitive data
(such as long runs of spaces or null bytes, repeated header fields or coincidentally
repeated phrases in text).

Q5. Suppose IV is not random. Then is CBC and OFB mode both secure

A block cipher mode specifies how to handle data that spans multiple blocks. Block
cipher modes are where block ciphers really shine. There are modes for (CPA-secure)
encryption, modes for data integrity, modes that achieve both privacy and integrity,
modes for hard drive encryption, modes that gracefully recover from errors in
transmission, modes that are designed to croak upon transmission errors, and so on.
There is something of a cottage industry of clever block cipher modes, each with their
own unique character and properties. Think of this chapter as a tour through the most
common modes.