DTEL (Department for Technology Enhanced Learning)

The Centre for Technology enabled Teaching & Learning , N Y S S, India

Teaching Innovation - Entrepreneurial - Global

DEPARTMENT OF COMPUTER SCIENCE &
ENGINEERING
7TH -SEMESTER
CRYPTOGRAPHY & NETWORK SECURITY

Unit 3
Encipherment
 UNIT 3:- SYLLABUS

1 Simplified DES
.

2 Differential and linear cryptanalysis

3 Block cipher design principles

4 3-DES

5 AES, IDEA, Blowfish, RC4, CAST

DTEL 3
 UNIT 3:- SYLLABUS

6 Public key encryption

.

7 Principle of public key cryptosystems

8 RSA algorithm, key management

9 Diffie- Hellman key exchange

10 Elliptic Curve Cryptography

DTEL 4
 UNIT-3 SPECIFIC OBJECTIVE / COURSE OUTCOME

The student will be able to:

1 To use different encryption Algorithms

DTEL 5
 Modern Block Ciphers
Modern block ciphers are widely used to provide
encryption of quantities of information, and/or a
cryptographic checksum to ensure the contents
have not been altered. We continue to use block
ciphers because they are comparatively fast, and
because we know a fair amount about how to
design them. Will use the widely known DES
algorithm to illustrate some key block cipher design
principles.

DTEL 6
 Block Vs Stream Ciphers
• block ciphers process messages in blocks, each
of which is then en/decrypted
• like a substitution on very big characters
– 64-bits or more

• stream ciphers process messages a bit or byte

at a time when en/decrypting
• many current ciphers are block ciphers
7

DTEL 7
 Block Cipher Principles
•A block cipher is an encryption/decryption scheme in
which a block of plaintext is treated as a whole and
used to produce a ciphertext block of equal length.
•Many block ciphers have a Feistel structure. Such a
structure consists of a number of identical rounds of
processing. In each round, a substitution is performed
on one half of the data being processed, followed by a
permutation that interchanges the two halves. The
original key is expanded so that a different key is used
for each round.

DTEL 8
 Block Cipher Principles
Diffusion
The idea of diffusion is to hide the relationship
between the ciphertext and the plaintext.

Confusion
The idea of confusion is to hide the relationship
between the ciphertext and the key.
Rounds
Diffusion and confusion can be achieved using
iterated product ciphers where each iteration is a
combination of S-boxes, P-boxes, and other
components. Each iteration is called as round. 9

DTEL 9
 Feistel Cipher Structure
• Horst Feistel devised the feistel cipher
– based on concept of invertible product cipher
• partitions input block into two halves
– process through multiple rounds which
perform a substitution on left half data based
on round function of right half & subkey.
– then have permutation swapping halves.
– Essentially the same h/w or s/w is used for
both encryption and decryption, with just a
slight change in how the keys are used.

10

DTEL 10
 Feistel Cipher Structure

11

DTEL 11
 Data Encryption Standard (DES)
The Data Encryption Standard (DES) is a symmetric-
key block cipher published by the National Institute of
Standards and Technology (NIST).

Figure 3.1 Encryption and decryption with DES

12

DTEL 12
 Data Encryption Standard (DES)

Figure 3.2 General structure of DES 13

DTEL 13
 Data Encryption Standard (DES)

Figure 3.3 Initial and final permutation steps in DES

14

DTEL 14
 Data Encryption Standard (DES)

Table 3.1 Initial and final permutation tables

The initial and final permutations are straight P-boxes that are
inverses of each other.
They have no cryptography significance in DES.
15

DTEL 15
 Data Encryption Standard (DES)
Rounds
DES uses 16 rounds. Each round of DES is a Feistel
cipher.

Figure 3.4
A round in DES
(encryption site)

16

DTEL 16
 Data Encryption Standard (DES)
DES Function
The heart of DES is the DES function. The DES
function applies a 48-bit key to the rightmost 32 bits
to produce a 32-bit output.

Figure 3.5
DES function

17

DTEL 17
 Data Encryption Standard (DES)

Expansion D-box
Since RI−1 is a 32-bit input and KI is a 48-bit key, we
first need to expand RI−1 to 48 bits.

Figure 3.6 Expansion permutation

18

DTEL 18
 Data Encryption Standard (DES)

Whitener (XOR)
After the expansion permutation, DES uses the XOR
operation on the expanded right section and the
round key. Note that both the right section and the
key are 48-bits in length. Also note that the round key
is used only in this operation.

19

DTEL 19
 Data Encryption Standard (DES)
S-Boxes
The S-boxes do the real mixing (confusion). DES
uses 8 S-boxes, each with a 6-bit input and a 4-bit
output.

Figure 3.7 S-boxes

20

DTEL 20
 Data Encryption Standard (DES)

Figure 3.8 S-box rule

21

DTEL 21
 Data Encryption Standard (DES)

Straight Permutation

Table 3.2 Straight permutation table

22

DTEL 22
 Data Encryption Standard (DES)
Properties
Two desired properties of a block cipher are the
avalanche effect and the completeness.
To check the avalanche effect in DES, let us
encrypt two plaintext blocks (with the same key)
that differ only in one bit and observe the
differences in the number of bits in each round.

23

DTEL 23
 Data Encryption Standard (DES)
Continued…
Although the two plaintext blocks differ only in the
rightmost bit, the ciphertext blocks differ in 29 bits.
This means that changing approximately 1.5
percent of the plaintext creates a change of
approximately 45 percent in the ciphertext.

Table 3.3 Number of bit differences for Example

24

DTEL 24
 Data Encryption Standard (DES)

Completeness effect
Completeness effect means that each bit of the
ciphertext needs to depend on many bits on the
plaintext. The diffusion and confusion produced by
D-boxes and S-boxes.

25

DTEL 25
 Data Encryption Standard (DES)
Security of DES
DES, as the first important block cipher, has gone
through much scrutiny. Among the attempted
attacks, three are of interest: brute-force,
differential cryptanalysis, and linear cryptanalysis.
Brute-Force Attack
with the less no. of key ,it is clear that DES can be
broken using 255 encryptions. However ,application
use either 3-DES with 2 keys(key size of 112) or 3 –
DES with 3 keys(key size of 168).these 2 multiple
DES versions make DES resistant to brute force
attack. 26

DTEL 26
 Data Encryption Standard (DES)
Differential Cryptanalysis

It has been revealed that the designers of DES

already knew about this type of attack and designed
S-boxes and chose 16 as the number of rounds to
make DES specifically resistant to this type of
attack.DES can be broken using differential
cryptanalysis if we have chosen 247 chosen plaintext
or 255 know plaintext.

27

DTEL 27
 Data Encryption Standard (DES)

Linear Cryptanalysis

Linear cryptanalysis is newer than differential

cryptanalysis. DES is more vulnerable to linear
cryptanalysis than to differential cryptanalysis. S-
boxes are not very resistant to linear cryptanalysis. It
has been shown that DES can be broken using 243
pairs of known plaintexts. However, from the practical
point of view, finding so many pairs is very unlikely.

28

DTEL 28
 Data Encryption Standard (DES)
Triple DES

Figure 3.9 Triple DES with two keys 29

DTEL 29
 RC4

RC4 is a byte-oriented stream cipher in which a byte

(8 bits) of a plaintext is exclusive-ored with a byte of
key to produce a byte of a ciphertext.

State
RC4 is based on the concept of a state.

30

DTEL 30
 Fig 3.10 The idea of RC4 stream cipher 31

DTEL 31
 Initialization
Initialization is done in two steps:

Key Stream Generation

The keys in the key stream are generated, one by
one.

32

DTEL 32
 Continued….

33

DTEL 33
 Continued….

34

DTEL 34
 Advanced Encryption Standard (AES)
Criteria

The criteria defined by NIST for selecting AES fall

into three areas:
1. Security
2. Cost
3. Implementation.

35

DTEL 35
 Rounds

AES is a non-Feistel cipher that encrypts and

decrypts a data block of 128 bits. It uses 10, 12, or
14 rounds. The key size, which can be 128, 192,
or 256 bits, depends on the number of rounds.

AES has defined three versions, with 10, 12, and

14 rounds.
Each version uses a different cipher key size
(128, 192, or 256), but the round keys are always
128 bits. 36

DTEL 36
 Fig 3.11 General design of AES encryption cipher
37

DTEL 37
 Fig 3.12 Data units used in AES
38

DTEL 38
 Fig 3.13 Block-to-state and state-to-block transformation
39

DTEL 39
 Fig 3.14 Changing plaintext to state

40

DTEL 40
 Figure 3.15 Structure of each round at the encryption site
41

DTEL 41
 Transformations
To provide security, AES uses four types of
transformations: substitution, permutation, mixing,
and key-adding.
Substitution
AES, like DES, uses substitution. AES uses two
invertible transformations.
SubBytes
The first transformation, SubBytes, is used at the
encryption site. To substitute a byte, we interpret the
byte as two hexadecimal digits.
The SubBytes operation involves 16 independent
42
byte-to-byte transformations.
DTEL 42
 Figure 3.16 SubBytes transformation
43

DTEL 43
 Continue..

44

DTEL 44
 Continue…

45

DTEL 45
 Continue…

InvSubBytes

46

DTEL 46
 Continue…

InvSubBytes (Continued)

47

DTEL 47
 Continue…
Figure 3.17 shows how a state is transformed
using the SubBytes transformation. The figure also
shows that the InvSubBytes transformation creates
the original one. Note that if the two bytes have the
same values, their transformation is also the same.

Figure 3.17 SubBytes transformation

48

DTEL 48
 Permutation…

Another transformation found in a round is shifting,

which permutes the bytes.
ShiftRows
In the encryption, the transformation is called
ShiftRows.

Figure 3.18 ShiftRows transformation

49

DTEL 49
 Continue…

InvShiftRows
In the decryption, the transformation is called
InvShiftRows and the shifting is to the right.

50

DTEL 50
 Continue…

Figure 3.19 shows how a state is transformed

using ShiftRows transformation. The figure also
shows that InvShiftRows transformation creates
the original state.

Figure 3.19 ShiftRows transformation

51

DTEL 51
 Continue…
Mixing
We need an interbyte transformation that changes
the bits inside a byte, based on the bits inside the
neighboring bytes. We need to mix bytes to
provide diffusion at the bit level.

Figure 3.20 Mixing bytes using matrix multiplication

52

DTEL 52
 Continue…

Figure 3.21 Constant matrices used by MixColumns and InvMixColumns

53

DTEL 53
MixColumns
The MixColumns transformation operates at the
column level; it transforms each column of the state
to a new column.

Figure 3.22 MixColumns transformation

54

DTEL 54
 Continue…

InvMixColumns
The InvMixColumns transformation is basically the
same as the MixColumns transformation.

The MixColumns and InvMixColumns

transformations are inverses of each other.

55

DTEL 55
 Continue…
Figure 3.23 shows how a state is transformed
using the MixColumns transformation. The figure
also shows that the InvMixColumns transformation
creates the original one.

Figure 3.23 The MixColumns transformation

56

DTEL 56
 Key Adding
AddRoundKey
AddRoundKey proceeds one column at a time.
AddRoundKey adds a round key word with each state
column matrix; the operation in AddRoundKey is
matrix addition.
The AddRoundKey transformation is the inverse
of itself.

57

DTEL 57
 Continue…

Figure 3.24 AddRoundKey transformation

58

DTEL 58
 Public key Cryptosystem

Symmetric and asymmetric-key cryptography will

exist in parallel and continue to serve the
community. We actually believe that they are
complements of each other; the advantages of one
can compensate for the disadvantages of the
other.
Symmetric-key cryptography is based on sharing
secrecy;
asymmetric-key cryptography is based on
personal secrecy.

59

DTEL 59
 Keys
Asymmetric key cryptography uses two separate
keys: one private and one public.

Figure 3.25 Locking and unlocking in asymmetric-key cryptosystem

60

DTEL 60
 Continue…

Figure3.26 General idea of asymmetric-key cryptosystem

61

DTEL 61
 Continue…

Plaintext/Ciphertext
Unlike in symmetric-key cryptography, plaintext and
ciphertext are treated as integers in asymmetric-key
cryptography.

Encryption/Decryption

C = f (Kpublic , P) P = g(Kprivate , C)

62

DTEL 62
 RSA

63

DTEL 63
 Continue…

Encryption

64

DTEL 64
 Continue…

Decryption

65

DTEL 65
 Examples
Bob chooses 7 and 11 as p and q and calculates n =
77. The value of f(n) = (7 − 1)(11 − 1) or 60. Now he
chooses two exponents, e and d, from Z60∗. If he
chooses e to be 13, then d is 37. Note that e × d mod
60 = 1 (they are inverses of each Now imagine that
Alice wants to send the plaintext 5 to Bob. She uses
the public exponent 13 to encrypt 5.

Bob receives the ciphertext 26 and uses the private

key 37 to decipher the ciphertext:

66

DTEL 66
Now assume that another person, John, wants to
send a message to Bob. John can use the same
public key announced by Bob (probably on his
website), 13; John’s plaintext is 63. John calculates
the following:

Bob receives the ciphertext 28 and uses his private

key 37 to decipher the ciphertext:

67

DTEL 67
 Continue…

68

DTEL 68
 Continue…

69

DTEL 69
 Continue…

70

DTEL 70
 Continue…

71

DTEL 71
 Continue…

72

DTEL 72
 Continue…

73

DTEL 73
 Continue…

74

DTEL 74
 Continue…

75

DTEL 75