Professional Documents
Culture Documents
File 04. PMIT-6204 Cryptography & Steganography- DES, AES & RSA Cryptosystem
File 04. PMIT-6204 Cryptography & Steganography- DES, AES & RSA Cryptosystem
File 04. PMIT-6204 Cryptography & Steganography- DES, AES & RSA Cryptosystem
Slide-2 IIT, JU
Components of a Modern Block Ciphers:
Slide-3 IIT, JU
Components of a Modern Block Ciphers (continued…):
P-Boxes:
A P-box (permutation box) is a component in a modern block cipher
that transposes bits.
Types of P-Boxes:
Slide-4 IIT, JU
Components of a Modern Block Ciphers (continued…):
Straight P-Boxes:
A straight P-Box is a permutation which has n inputs and n outputs.
There are n! possible mappings.
Figure below shows a 5 x 5 straight P-box.
Compression P-Boxes:
A compression P-box is a P-box with n inputs and m outputs where m<n.
Some of the inputs are blocked and do not reach the output.
Figure below shows a 5 x 3 compression P-box.
Slide-6 IIT, JU
Components of a Modern Block Ciphers (continued…):
Expansion P-Boxes:
A expansion P-box is a P-box with n inputs and m outputs where m>n.
Some of the inputs are connected to more than one output.
Figure below shows a 3 x 5 expansion P-box.
The expansion P-boxes used in modem block ciphers normally are keyless,
where a permutation table shows the rules for transposing bits.
Expansion P-boxes are used when we need to permute bits and the same
time increase the number of bits for the next stage of
encryption/decryption.
Slide-7 IIT, JU
Components of a Modern Block Ciphers (continued…):
S-Boxes:
An S-box (substitution box) can be thought of as a miniature
substitution cipher.
However, an S-box can have a different number of inputs and outputs.
In other words, the input to an S-box could be an n-bit word, but the
Slide-8 IIT, JU
Components of a Modern Block Ciphers (continued…):
Input-Output Relationship for a 3x2 S-Box by Table:
The following table defines the input/output relationship for an S-box of
size 3 × 2.
The leftmost bit of the input defines the row; the two rightmost bits of the
input define the column.
The two output bits are values on the cross section of the selected row
Based on the above S-box table, an input of 010 yields the output 01. An
input of 101 yields the output of 00.
Slide-9 IIT, JU
Components of a Modern Block Ciphers (continued…):
Kinds of Product Ciphers:
Modern block ciphers are all product ciphers, but they are divided into two
classes:
Feistel ciphers
Non-Feistel ciphers
Feistel ciphers:
Slide-10 IIT, JU
Components of a Modern Block Ciphers (continued…):
Non-Feistel ciphers:
This type of ciphers use only invertible components.
A component in the encryption cipher has the corresponding
component in the decryption cipher.
For example, S-boxes need to have an equal number of inputs and
outputs to be compatible. No compression or expansion P-boxes are
allowed, because they are not invertible.
Slide-11 IIT, JU
Confusion and Diffusion:
The terms diffusion and confusion were introduced by Claude Shannon to
capture the two basic building blocks for product cipher.
Every block cipher involves a transformation of a block of plaintext into a block
of ciphertext, where the transformation depends on the key.
Hence, the block cipher needs to completely obscure statistical properties of
original message.
Shannon suggested combining S & P elements to obtain diffusion and
confusion.
Slide-13 IIT, JU
Overview of DES
DES is a 64 bit block cipher with key length 56 bits.
In DES, the plaintext input bit string is divided into 64-bit blocks and
each block is encrypted using the same 56-bit key. The same key is
used for decryption. Hence, DES is a symmetric block cipher.
It was designed by IBM in 1976 for the National Bureau of Standards
(NBS), with approval from the National Security Agency (NSA).
Slide-14 IIT, JU
DES Algorithm/DES Structure/ Encryption of the DES:
The actual DES encryption algorithm is quite complex.
Plaintext is broken into blocks of length 64 bits. Each 64-bit block of
plaintext is encrypted using a 56-bit key.
A 56-bit key k is fed into a subkey generating algorithm to produce
16 round subkeys k1, k2, k3, ……., k16 of length 48 bits each.
At first, an initial permutation (IP) is performed on the 64-bit block of
Li=Ri-1
Ri=Li-1 f(Ri-1,ki)
In the final round, the left (L) and right (R) halves are swapped, so that
Slide-20
Figure: DES function IIT, JU
DES Round Function f(Ri-1,Ki):
Slide-21
Figure: Expansion permutation IIT, JU
DES Round Function f(Ri-1,Ki):
2. Whitener (Exclusive-or):
After the expansion permutation, DES uses the XOR operation on the
expanded right section and the round key.
Note that both the right section and the key are 48-bits in length. Also
note that the round key is used only in this operation.
Figure: Whitener
Slide-22 IIT, JU
DES Round Function f(Ri-1,Ki):
3. The S-boxes (substitute 48 bits to 32 bits):
In DES, a non-linearity is introduced into the encryption so that decryption will
be computationally infeasible without the secret key. This is achieved with the
use of S-boxes . which are basically non-linear substitution tables where either
the output is smaller than the input or vice versa.
The S-boxes are the only non-linear operation in DES that do the
real mixing (confusion).
DES uses 8 S-boxes, each with a 6-bit input and a 4-bit output, that is it
Note:
The s-boxes provide the “confusion” of data and key values, whilst the
permutation P then spreads this as widely as possible, so each S-box output
affects as many S-box inputs in the next round as possible, giving “diffusion”.
Slide-25 IIT, JU
Modes of Operation in DES:
The DES algorithm is a basic building block for providing data
security.
To apply DES in a variety of applications, five modes of operation
have been defined which cover virtually all variation of use of the
algorithm and these are shown in table-8 below.
11.29 IIT, JU
Features of AES:
11.30 IIT, JU
Criteria Defined by NIST for AES:
The criteria defined by NIST for selecting AES fall into three areas:
1. Security:
The main emphasis was on security. Because NIST explicitly demanded a
128-bit key, this criterion focused on resistance to cryptanalysis attacks
other than brute-force attack.
2. Cost:
3. Implementation:
The third criterion was implementation. This criterion included the
requirement that the algorithm must have flexibility (be implementable on
any platform) and simplicity. It also required that AES be an open
algorithm, available to the public worldwide.
At the end, Rijndael was judged the best at meeting the combination
of these criteria.
11.31 IIT, JU
Parameters for Three Versions of AES:
11.32 IIT, JU
11.33
Common Parameters about AES:
IIT, JU
Let us know how data is being stored during the process of AES
encryption.
The plaintext block to be encrypted is just a sequence of 128 bits.
AES works with byte quantities. So at first, we convert the 128 bits
into 16 bytes.
11.34 IIT, JU
Manner of Storing Input Data: Block-to-State Conversion
Example:
Let us see how a 16-character block can be shown as a 4 x 4 matrix.
Assume that the text block is “AES uses a matrix”.
We add two bogus characters at the end to get “AESUSESAMATRIXZZ”.
Now we replace each character with a decimal integer between 00 and 25.
We then show each byte as an integer with two hexadecimal digits. For example,
11.35
Figure: Changing plaintext to state IIT, JU
Steps in AES Encryption Process
The AES encryption process uses a set of specially derived keys called
round keys. Along with other operations, these round keys are applied on an
array of data that holds exactly one block of data that is to be encrypted.
The steps in the encryption of AES 128-bit block are listed
below:
11.36 IIT, JU
Simplified Block Diagram of AES
IIT, JU
54 = 01010100 77 = 01110111
54 = 01010100 68 = 01101000
11.39 00 = 00000000 1F = 00011111 IIT, JU
Round Operations in AES
In the final round (10th round), following three operations are required to
perform
1. SubBytes
2. ShiftRows
3. XorRoundKey
11.40 IIT, JU
1. SubBytes Operations
11.41 IIT, JU
2. ShiftRows Operation
11.42
State Matrix after ShiftRows Operation IIT, JU
3. MixColumn Operation:
11.45 IIT, JU
Key Schedule Algorithm in AES-128:
After rotation
11.53 IIT, JU
Transformations in AES:
1) Substitution:
AES, like DES, uses substitution. However, the mechanism is
different.
First, the substitution is done for each byte.
Second, only one table is used for transformation of every byte, which
means that if two bytes are the same, the transformation is also the
11.54 IIT, JU
Transformations in AES:
2) Permutation:
The second transformation in a round is shifting, which permutes the bytes.
Unlike DES, in which permutation is done at the bit level, shifting
transformation in AES is done at the byte level; the order of the bits in the
byte is not changed.
In the encryption, the transformation is called ShiftRows. In the decryption,
3) Mixing:
The mixing transformation changes the contents of each byte by
taking four bytes at a time and combining them to recreate four new
bytes.
AES defines two mixing transformations, MixColumns and
InvMixColumns, to be used in the encryption and decryption.
11.56 IIT, JU
Transformations in AES:
4) Key-adding:
The transformation that performs whitening is called AddRoundKey.
The previous state is added (matrix addition) with the round matrix
key to create the new state.
Addition of individual elements in the two matrices is done in GF(2 8)
which means that 8-bit words are XORed.
Slide- 58 IIT, JU
How the RSA Cryptosystem Works?
Briefly, the RSA algorithm involves multiplying two large prime numbers
P and Q and through additional operations deriving a set of two
numbers e and d where e is the public key and d is the private key.
Once the keys have been developed, the original prime numbers are no
longer important and can be discarded. Both the public and the private
keys are needed for encryption /decryption but only the owner of a
private key ever needs to know it. Using the RSA system, the private
Slide- 59 IIT, JU
Steps in RSA Algorithm
The RSA algorithm involves three steps:
1. Key generation (Generating public and private key)
2. Encryption (Encrypting the message)
3. Decryption (Decrypting the message)
RSA involves a public key and a private key.
Slide- 60 IIT, JU
RSA Algorithm: Key Generation
The keys for the RSA algorithm are generated by the following ways:
1. Choose two large and distinct prime numbers p and q.
For security purposes, the integers p and q should be chosen at random, and should be of
similar bit-length.
In RSA, p and q must be at least 512 bits; n must be at least 1024 bits.
3. Compute the number of integers less than n that are coprime with n
(otherwise known as the totient or Euler’s Phi function):
φ(n) = φ(p*q) = φ(p)* φ(q)=(p - 1) * (q – 1)
4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1; i.e. e
and φ(n) are coprime.
e is released as the public key exponent (encryption exponent).
Slide- 61 IIT, JU
RSA Algorithm: Key Generation
5. Determine the multiplicative inverse d of e; i.e., compute a value for d
such that it satisfies the relation: (d * e) mod φ(n) = 1
d is kept as the private key exponent (decryption exponent).
p, q, and φ(n) must also be kept secret because they can be used to calculate d.
Slide- 62 IIT, JU
RSA Algorithm: Encryption
Bob transmits his public key (e, n) to Alice and keeps the private key
(d, n) secret.
Alice then wishes to send message M to Bob.
The message is encrypted by the following ways:
1. Alice first turns message M into an integer m, such that 0 ≤ m < n.
Large messages can be broken up into a number of blocks. Each block would
then be represented by an integer in the same range.
2. After turning the message into integer, Alice then computes the ciphertext
c using the following relation:
c = me mod n
Slide- 63 IIT, JU
RSA Algorithm: Decryption
Bob can recover m from c by using his private key exponent d using the
following relation:
m = cd mod n
After having m, Bob can recover the original message M by reversing
the padding scheme.
The encryption, decryption and key generation in RSA
Slide- 65 IIT, JU
RSA Cryptosystem: Trivial Examples
Example-2:
Bob receives the ciphertext 26 and uses the private key 37 to decipher the ciphertext:
Slide- 66 IIT, JU
RSA Cryptosystem: Trivial Examples
Example-3:
Now assume that another person, John, wants to send a
message to Bob.
John can use the same public key announced by Bob
(probably on his website), 13.
Slide- 67 IIT, JU
RSA Cryptosystem: Trivial Examples
Example-4:
Jennifer creates a pair of keys for herself. She chooses p =
397 and q = 401.
She calculates n = 159197. She then calculates φ(n) = 158400. She then
chooses e = 343 and d = 12007.
Show how Ted can send a message to Jennifer if he knows e and n.
Slide- 68 IIT, JU
Attacks on RSA Cryptosystem
No devastating attacks on RSA have been yet discovered.
Several attacks have been predicted based on the weak plaintext, weak
parameter selection, or inappropriate implementation.
Figure below shows the category of potential attacks on RSA.
Slide- 72 IIT, JU