Cryptography and

Network Security
Chapter 2
 Modern Block Ciphers

one of most widely used cryptographic

algorithms
provide secrecy /authentication services
focus on DES (Data Encryption Standard)
to illustrate block cipher design principles
 Block vs Stream Ciphers
block ciphers process messages in blocks,
each of which is then en/decrypted
like
 64-bits or more
stream ciphers process messages a bit or
byte at a time when en/decrypting
many current ciphers are block ciphers
 Block Cipher Principles
most symmetric block ciphers are based on a
Feistel Cipher Structure

block ciphers look like an extremely large

substitution

would need table of 264 entries for a 64-bit block

Ideal Block Cipher
Claude Shannon and Substitution-
Permutation Ciphers
Claude Shannon introduced idea of substitution-
permutation (S-P) networks in 1949 paper
form basis of modern block ciphers
S-P nets are based on the two primitive
cryptographic operations seen before:
 substitution (S-box)
 permutation (P-box)
provide confusion & diffusion of message & key
 Confusion and Diffusion
cipher needs to completely obscure
statistical properties of original message
a one-time pad does this

diffusion – dissipates statistical structure

of plaintext over bulk of ciphertext
Hides relationship between PT & Key
confusion – makes relationship between
ciphertext and key as complex as possible
 Feistel Cipher Structure
Horst Feistel devised the feistel cipher
 based on concept of invertible product cipher
partitions input block into two halves
 process through multiple rounds which
 perform a substitution on left data half

 based on round function of right half & subkey

 then have permutation swapping halves

implements Shannon’s S-P net concept

 Li = Ri–1
Ri = Li–1  F(Ri–1, Ki)
Feistel Cipher Structure
Feistel Cipher Design Elements
block size
key size
number of rounds
subkey generation algorithm
round function
fast software en/decryption
ease of analysis
Feistel Cipher Decryption
Data Encryption Standard (DES)
most widely used block cipher in world
adopted in 1977
encrypts 64-bit data using 56-bit key
has widespread use
Substitution and permutation
Confusion and deffusion
16 steps called as rounds
DES Encryption Overview
 Initial Permutation IP

st

Is done before the 1 round
st th

1 bit is replace by 58 bit
nd th
2 bit is replace by 50 bit
Rearranges the bits---Permuted input
l
M 58 M 50 M 42 M 34 M 26 M 18 M 10 M 2
l
M 60 M 52 M 44 M 36 M 28 M 20 M 12 M 4
l
M 62 M 54 M 46 M 38 M 30 M 22 M 14 M 6
l
M 64 M 56 M 48 M 40 M 32 M 24 M 16 M 8
l
M 57 M 49 M 41 M 33 M 25 M 17 M 9 M 1
l
M 59 M 51 M 43 M 35 M 27 M 19 M 11 M 3
l
M 61 M 53 M 45 M 37 M 29 M 21 M 13 M 5
l
M 63 M 55 M 47 M 39 M 31 M 23 M 15 M 7
 DES Round Structure
16 round
uses two 32-bit L & R halves
5 steps
Key transformation
Expansion permutation
S box substitution
P box permutation
XOR and swap
Key transformation

64 bit key transformed into 56 bit keys

l

th
l
Out of 56 bits - discard every 8 bit to get 48
bit subkey
l
56 bits devided into 2 halves of 28 bits
l
Circular shift of 1 or 2 positions
l
Round 1,2,9,16--- shift 1 position
l
Others-shift 2 position
Key transformation

• initial 64-bit key is transformed into a 56-bit key by

discarding every 8th bit of the initial key. Thus, for each
a 56-bit key is available. From this 56-bit key, a
different 48-bit Sub Key is generated during each round
using a process called key transformation. For this, the
Expansion Permutation:

• after the initial permutation, we had two 32-bit

plain text areas called Left Plain Text(LPT) and
Right Plain Text(RPT). During the expansion
permutation, the RPT is expanded from 32 bits
DES Round Structure
 Avalanche Effect
Is a desirable property of encryption alg
 a small change in either P.T. or key
produce significant change in C.T.
Change of 1 bit in PT or key produce
change of many bits in C.T.
DES exhibits strong avalanche
 Strength of DES – Key Size
Use of 56-bit keys have 256 = 7.2 x 1016
brute force search is not practical
recent advances have shown is possible
 In 1997 ---- few months
 in 1998 on dedicated h/w (EFF) in a few days

 using DES cracker machine

 In 1999 ------ 22hrs!

still must be able to recognize plaintext

must now consider alternatives to DES
like AES and triple DES
 Strength of DES – Nature of
algorithm
Exploit characteristics of algo
Here focus is on 8 S box
Weakness of S box
Over the years regularities & unexpected
behaviors are discovered
No one has discovered a fatal weakness in s box
 Strength of DES – Nature of
algorithm
Exploit characteristics of algo
Here focus is on 8 S box
Weakness of S box
Over the years regularitie & unexpected
behaviors are discovered
No one has discovered a fatal weakness in s box
 Strength of DES – Timing
Attacks
Different amount of time on different inputs
Information is got by observing how long it
takes to decrypt various Cipher Text
DES is
Fairly resistant to this attack
Unsuccessful against AES and triple DES
 Linear Cryptanalysis
another recent development
also a statistical method
must be iterated over rounds, with
decreasing probabilities
developed by Matsui et al in early 90's
based on finding linear approximations
can attack DES with 243 known plaintexts,
easier but still in practise infeasible