Professional Documents
Culture Documents
Unit 3-1
Unit 3-1
Unit 3
Encipherment
UNIT 3:- SYLLABUS
1 Simplified DES
.
4 3-DES
DTEL 3
UNIT 3:- SYLLABUS
DTEL 4
UNIT-3 SPECIFIC OBJECTIVE / COURSE OUTCOME
DTEL 5
Modern Block Ciphers
Modern block ciphers are widely used to provide
encryption of quantities of information, and/or a
cryptographic checksum to ensure the contents
have not been altered. We continue to use block
ciphers because they are comparatively fast, and
because we know a fair amount about how to
design them. Will use the widely known DES
algorithm to illustrate some key block cipher design
principles.
DTEL 6
Block Vs Stream Ciphers
• block ciphers process messages in blocks, each
of which is then en/decrypted
• like a substitution on very big characters
– 64-bits or more
DTEL 7
Block Cipher Principles
•A block cipher is an encryption/decryption scheme in
which a block of plaintext is treated as a whole and
used to produce a ciphertext block of equal length.
•Many block ciphers have a Feistel structure. Such a
structure consists of a number of identical rounds of
processing. In each round, a substitution is performed
on one half of the data being processed, followed by a
permutation that interchanges the two halves. The
original key is expanded so that a different key is used
for each round.
DTEL 8
Block Cipher Principles
Diffusion
The idea of diffusion is to hide the relationship
between the ciphertext and the plaintext.
Confusion
The idea of confusion is to hide the relationship
between the ciphertext and the key.
Rounds
Diffusion and confusion can be achieved using
iterated product ciphers where each iteration is a
combination of S-boxes, P-boxes, and other
components. Each iteration is called as round. 9
DTEL 9
Feistel Cipher Structure
• Horst Feistel devised the feistel cipher
– based on concept of invertible product cipher
• partitions input block into two halves
– process through multiple rounds which
perform a substitution on left half data based
on round function of right half & subkey.
– then have permutation swapping halves.
– Essentially the same h/w or s/w is used for
both encryption and decryption, with just a
slight change in how the keys are used.
10
DTEL 10
Feistel Cipher Structure
11
DTEL 11
Data Encryption Standard (DES)
The Data Encryption Standard (DES) is a symmetric-
key block cipher published by the National Institute of
Standards and Technology (NIST).
DTEL 12
Data Encryption Standard (DES)
DTEL 13
Data Encryption Standard (DES)
14
DTEL 14
Data Encryption Standard (DES)
The initial and final permutations are straight P-boxes that are
inverses of each other.
They have no cryptography significance in DES.
15
DTEL 15
Data Encryption Standard (DES)
Rounds
DES uses 16 rounds. Each round of DES is a Feistel
cipher.
Figure 3.4
A round in DES
(encryption site)
16
DTEL 16
Data Encryption Standard (DES)
DES Function
The heart of DES is the DES function. The DES
function applies a 48-bit key to the rightmost 32 bits
to produce a 32-bit output.
Figure 3.5
DES function
17
DTEL 17
Data Encryption Standard (DES)
Expansion D-box
Since RI−1 is a 32-bit input and KI is a 48-bit key, we
first need to expand RI−1 to 48 bits.
DTEL 18
Data Encryption Standard (DES)
Whitener (XOR)
After the expansion permutation, DES uses the XOR
operation on the expanded right section and the
round key. Note that both the right section and the
key are 48-bits in length. Also note that the round key
is used only in this operation.
19
DTEL 19
Data Encryption Standard (DES)
S-Boxes
The S-boxes do the real mixing (confusion). DES
uses 8 S-boxes, each with a 6-bit input and a 4-bit
output.
20
DTEL 20
Data Encryption Standard (DES)
21
DTEL 21
Data Encryption Standard (DES)
Straight Permutation
22
DTEL 22
Data Encryption Standard (DES)
Properties
Two desired properties of a block cipher are the
avalanche effect and the completeness.
To check the avalanche effect in DES, let us
encrypt two plaintext blocks (with the same key)
that differ only in one bit and observe the
differences in the number of bits in each round.
23
DTEL 23
Data Encryption Standard (DES)
Continued…
Although the two plaintext blocks differ only in the
rightmost bit, the ciphertext blocks differ in 29 bits.
This means that changing approximately 1.5
percent of the plaintext creates a change of
approximately 45 percent in the ciphertext.
24
DTEL 24
Data Encryption Standard (DES)
Completeness effect
Completeness effect means that each bit of the
ciphertext needs to depend on many bits on the
plaintext. The diffusion and confusion produced by
D-boxes and S-boxes.
25
DTEL 25
Data Encryption Standard (DES)
Security of DES
DES, as the first important block cipher, has gone
through much scrutiny. Among the attempted
attacks, three are of interest: brute-force,
differential cryptanalysis, and linear cryptanalysis.
Brute-Force Attack
with the less no. of key ,it is clear that DES can be
broken using 255 encryptions. However ,application
use either 3-DES with 2 keys(key size of 112) or 3 –
DES with 3 keys(key size of 168).these 2 multiple
DES versions make DES resistant to brute force
attack. 26
DTEL 26
Data Encryption Standard (DES)
Differential Cryptanalysis
27
DTEL 27
Data Encryption Standard (DES)
Linear Cryptanalysis
28
DTEL 28
Data Encryption Standard (DES)
Triple DES
DTEL 29
RC4
State
RC4 is based on the concept of a state.
30
DTEL 30
Fig 3.10 The idea of RC4 stream cipher 31
DTEL 31
Initialization
Initialization is done in two steps:
32
DTEL 32
Continued….
33
DTEL 33
Continued….
34
DTEL 34
Advanced Encryption Standard (AES)
Criteria
35
DTEL 35
Rounds
DTEL 36
Fig 3.11 General design of AES encryption cipher
37
DTEL 37
Fig 3.12 Data units used in AES
38
DTEL 38
Fig 3.13 Block-to-state and state-to-block transformation
39
DTEL 39
Fig 3.14 Changing plaintext to state
40
DTEL 40
Figure 3.15 Structure of each round at the encryption site
41
DTEL 41
Transformations
To provide security, AES uses four types of
transformations: substitution, permutation, mixing,
and key-adding.
Substitution
AES, like DES, uses substitution. AES uses two
invertible transformations.
SubBytes
The first transformation, SubBytes, is used at the
encryption site. To substitute a byte, we interpret the
byte as two hexadecimal digits.
The SubBytes operation involves 16 independent
42
byte-to-byte transformations.
DTEL 42
Figure 3.16 SubBytes transformation
43
DTEL 43
Continue..
44
DTEL 44
Continue…
45
DTEL 45
Continue…
InvSubBytes
46
DTEL 46
Continue…
InvSubBytes (Continued)
47
DTEL 47
Continue…
Figure 3.17 shows how a state is transformed
using the SubBytes transformation. The figure also
shows that the InvSubBytes transformation creates
the original one. Note that if the two bytes have the
same values, their transformation is also the same.
DTEL 48
Permutation…
DTEL 49
Continue…
InvShiftRows
In the decryption, the transformation is called
InvShiftRows and the shifting is to the right.
50
DTEL 50
Continue…
DTEL 51
Continue…
Mixing
We need an interbyte transformation that changes
the bits inside a byte, based on the bits inside the
neighboring bytes. We need to mix bytes to
provide diffusion at the bit level.
DTEL 52
Continue…
53
DTEL 53
MixColumns
The MixColumns transformation operates at the
column level; it transforms each column of the state
to a new column.
DTEL 54
Continue…
InvMixColumns
The InvMixColumns transformation is basically the
same as the MixColumns transformation.
55
DTEL 55
Continue…
Figure 3.23 shows how a state is transformed
using the MixColumns transformation. The figure
also shows that the InvMixColumns transformation
creates the original one.
56
DTEL 56
Key Adding
AddRoundKey
AddRoundKey proceeds one column at a time.
AddRoundKey adds a round key word with each state
column matrix; the operation in AddRoundKey is
matrix addition.
The AddRoundKey transformation is the inverse
of itself.
57
DTEL 57
Continue…
58
DTEL 58
Public key Cryptosystem
59
DTEL 59
Keys
Asymmetric key cryptography uses two separate
keys: one private and one public.
DTEL 60
Continue…
61
DTEL 61
Continue…
Plaintext/Ciphertext
Unlike in symmetric-key cryptography, plaintext and
ciphertext are treated as integers in asymmetric-key
cryptography.
Encryption/Decryption
C = f (Kpublic , P) P = g(Kprivate , C)
62
DTEL 62
RSA
63
DTEL 63
Continue…
Encryption
64
DTEL 64
Continue…
Decryption
65
DTEL 65
Examples
Bob chooses 7 and 11 as p and q and calculates n =
77. The value of f(n) = (7 − 1)(11 − 1) or 60. Now he
chooses two exponents, e and d, from Z60∗. If he
chooses e to be 13, then d is 37. Note that e × d mod
60 = 1 (they are inverses of each Now imagine that
Alice wants to send the plaintext 5 to Bob. She uses
the public exponent 13 to encrypt 5.
66
DTEL 66
Now assume that another person, John, wants to
send a message to Bob. John can use the same
public key announced by Bob (probably on his
website), 13; John’s plaintext is 63. John calculates
the following:
67
DTEL 67
Continue…
68
DTEL 68
Continue…
69
DTEL 69
Continue…
70
DTEL 70
Continue…
71
DTEL 71
Continue…
72
DTEL 72
Continue…
73
DTEL 73
Continue…
74
DTEL 74
Continue…
75
DTEL 75