Professional Documents
Culture Documents
Chapter 2
Chapter 2
Cryptography Cryptanalysis
02 06
Plaintext
Encryption algorithm
Secret Key
Ciphertext
Decryption algorithm
Type of operations.
Substitution
Transposition
TYPE OF OPERATIONS
Substitution / Transposition
SUBSTITUTION
• Substitution
Regards, 89742214
Bob 365
• Transposition
Regards, sargerd,
Bob oBb
Ohlle iceal,
The number of keys used
• single-key (symmetric) uI! LIoo vey
• two-key (asymmetric)
sargerd,
oBb
Cipher text
Symmetric / Asymmetric
THE WAY IN WHICH
PLAINTEXT PROCESSED
THE WAY IN WHICH PLAINTEXT PROCESSED
sargerd, sargerd,
oBb oBb
• Stream Cipher - A stream cipher encrypts data one bit or one byte
at a time, in a continuous stream.
5 4
CRYPTANALYSIS
CRYPTANALYSIS
Dictionary Attack
Key Size (bits) Number of Alternative Time required at 1 decryption/µs Time required at 106
Keys decryptions/µs
128 2128 = 3.4 1038 2127 µs = 5.4 1024 years 5.4 1018 years
168 2168 = 3.7 1050 2167 µs = 5.9 1036 years 5.9 1030 years
26 characters 26! = 4 1026 2 1026 µs = 6.4 1012 years 6.4 106 years
(permutation)
FEISTEL CIPHER
STRUCTURE
Feistel Cipher
Cipher
text
56-bit key
Plaintext Key
Cipher
text Process
Cipher
text
Feistel
Cipher
Feistel
DES Cipher
DES
• The overall processing at each iteration:
• Li = Ri-1
• Ri = Li-1
• F(Ri-1, Ki)
DES
• The overall processing at each iteration:
• Li = Ri-1
• Ri = Li-1
• F(Ri-1, Ki)
DES
• The overall processing at each iteration:
• Li = Ri-1
• Ri = Li-1
• F(Ri-1, Ki)
Disadvantage of DES
• DES uses a relatively short key length of 56 bits. With advances in
computing power, this key length is no longer considered secure
enough to resist brute-force attacks.
(encrypt-decrypt-encrypt)
• C = ciphertext
• P = Plaintext
• EK[X] = encryption of X using key K
• DK[Y] = decryption of Y using key K
Step 1
Step 2
• C = ciphertext
• P = Plaintext Step 3
• EK[X] = encryption of X using key K
• DK[Y] = decryption of Y using key K
Triple DES
Triple DES
Triple DES overcome DES
• Both DES & 3DES use a 64-bit block size. Unfortunately, the 64-bit
block size is not large enough for efficiency and security.
ADVANCED ENCRYPTION
STANDARD
(AES)
Advance Encryption Standard
• Does NOT use a Feistel structure but processes the entire data
block in parallel during each round using substitutions and
permutation
Advance Encryption Standard
• Once established that all four stages, all stages are reversible to
recover the plaintext.
Option 1:
• A key could be selected by Alice and physically delivered to Bob.
Option 2:
• A 3rd party could select the key and physically deliver it to Alice and
Bob.
Key Distribution (Symmetric)
Option 3:
• If Alice and Bob have previously used a key, one party
could transmit the new key to the other, encrypted using
the old key.
Option 4:
• If Alice and Bob each have an encrypted connection to a
third party, the third party could deliver a key on the
encrypted links to Alice and Bob.
Step 2: Security service Step 3: KDC
buffer packet; asks KDC distributes session
Option 4:
for session key. key in both hosts.
3rd party
Alice Bob
Step 4: Buffered packet
transmitted.
OTHER SYMMETRIC BLOCK
CIPHER
Other Symmetric Block Cipher
Blowfish
• Easy to implement
• High execution speed
• It has been widely adopted in various applications, including disk
encryption, virtual private networks (VPNs), and secure file transfer
protocols.
Other Symmetric Block Cipher
RC5
• Suitable for hardware and software
• Fast, simple
• Adaptable to processors of different word lengths
• Variable number of rounds
• Variable-length key
• Low memory requirement
• High security
• Data-dependent rotations
Other Symmetric Block Cipher
CAST - 128
• It uses a fixed 64-bit block size and supports key sizes ranging from
40 bits to 128 bits.
• The round function differs from round to round.
• CAST-128 employs a Feistel network structure.
LOCATION OF ENCRYPTION
DEVICE
Link encryption:
A lot of encryption devices
High level of security
Decrypt each packet at every
switch
End-to-end encryption
The source encrypt and the
receiver decrypts
Data is encrypted
Header is not encrypted
High Security: Both link and end-to-
end encryption are needed
Disadvantage: The message must be decrypted each time it
enters a packet switch.
Why?
Because: The switch must read the address (Virtual circuit
number) in the packet header to route the packet. Therefore,
the message is vulnerable at each switch.
THANK YOU
Insert the Subtitle of Your Presentation