2. STREAM CIPHERS vs BLOCK
CIPHERS
Stream cipher encrypts digital data one bit
or byte at a time
Eg: vigenere cipher
Block cipher encrypts a block of plaintext to
produce cipher text block of same length
Block size of 64 or 128 is used
2
3. 3
operates on n bits to produce a
ciphertext of n bits
So 2
n
possible different plaintext blocks
& each must produce unique ciphertext
such transformation is reversible or
nonsingular
Otherwise it is irreversible
6. If a small block size such as n=4 is used then
the system is equivalent to classical
substitution cipher.
Such a system is vulnerable to statistical
analysis of plaintext
If n is sufficiently large and an arbitarily
reversible substitution b/w plaintext &
ciphertext is allowed then the statistical
characteristics of plaintext can be masked. 6
7. Modern Block Ciphers
one of the most widely used types of
cryptographic algorithms
provide secrecy /authentication services
focus on DES (Data Encryption Standard)
7
8. Block Cipher Principles
most symmetric block ciphers are based on
a Feistel Cipher Structure
block ciphers look like an extremely large
substitution
would need table of 264 entries for a 64-bit
block
8
9. FIESTEL CIPHER
Substitution ciphers can be approximated
using product cipher which is performing of 2
or more basic ciphers in sequence
This results in cryptographically stronger
cipher
Fiestel proposed a cipher that alternates
substitutions & permutations 9
10. 10
it is the practical application of proposal
by Claud Shanan to produce a cipher that
alternates confusion & diffusion functions
11. Claude Shannon and Substitution-
Permutation Ciphers
Claude Shannon introduced idea of substitution-
permutation (S-P) networks in 1949 paper
form basis of modern block ciphers
S-P nets are based on the two primitive cryptographic
operations :
substitution (S-box)
permutation (P-box)
provide confusion & diffusion of message & key
11
12. Confusion and Diffusion
Shannon suggests 2 methods for frustrating
statistical cryptanalysis by combining S & P
elements to obtain:
diffusion – dissipates statistical structure of
plaintext over bulk of ciphertext. Achieved by
having each plaintext digit affect the value of
many ciphertext digits
12
13. 13
Eg: encrypt a msg M=m1,m2,…………of
characters with an averaging operation
That is adding k successive letters to
get a ciphertext
confusion – makes relationship
between statistics of ciphertext and
value of encryption key as complex as
possible
14. Feistel Cipher Structure
Horst Feistel devised the feistel cipher
based on concept of invertible
product cipher
Inputs are
Plaintext block of length 2w
Key K
14
15. 15
partitions input block into two halves
L0 & R0
Two halves pass through n rounds of
processing & then combine to
produce ciphertext block
Each round i has inputs Li-1
& Ri-1
derived from previous round as well
as subkey Ki
derived from key K
16. 16
Each subkey Ki are different from K &
from each other.
All rounds have same structure
A substituiton is performed on left
half of data
This is done by applying a round
function on right half of data & then
taking XOR of o/p of that function & left
half of data
17. 17
The round function has same structure
for each round but is parametrized by
round subkey Ki
Following this substitution a
permutation is done
Consists of interchange of 2 halves of
data
19. Feistel Cipher Design Elements
block size –larger block size means greater
security but reduce encryption decryption
speed. Block size of 64 bits used.AES uses
128 bit block
key size – larger key size offers greater
security but decrease encryption/
decryption speed. key size of 64 bits or less
is inadequate and 128 bits is common size
19
20. 20
number of rounds : single round offers
inadequate security. usually 16 rounds used
subkey generation algorithm: greater
complexity leads to greater difficulty in
cryptanalysis
round function : greater complexity
leads to greater difficulty in cryptanalysis
21. 21
fast software en/decryption
Usually encryption embedded
in applications/utility functions so as
to avoid h/w implementation. Thus
speed is a concern
ease of analysis
if algorithm can be concisely &
clearly explained it is easier to analyze
against cryptanalysis
24. 24
Encryption process given by
LE16=RE15
RE16=LE15 F(RE15,K16)
decryption process is given by
LD1=RD0=LE16=RE15
RD1=LD0 F(RD0,K16)
25. 25
decryption process
Ciphertext is used as input
But subkeys is used in
reverse order
ie, Kn is used in first
order
Decryption is given by
LD1=RD0=LE16=RE15
RD1=LD0 F(RD0,K16)
26. 26
=RE16 F( RE15, K16)
=[LE15 F(RE15,K16) ] F(RE15,K16)
XOR has the following properties
[A X B] X C=A X [ B X C]
27. Data Encryption Standard (DES)
most widely used block cipher in world
adopted in 1977 by NBS (now NIST)
as FIPS PUB 46
encrypts 64-bit data using 56-bit key to
produce 64 bit block cipher
has widespread use
has been considerable controversy over its
security 27
28. DES History
IBM developed Lucifer cipher
by team led by Feistel in late 1960’s
used 64-bit data blocks with 128-bit key
then redeveloped as a marketable commercial
cipher that could be implemented on a chip
in 1973 NBS issued request for proposals for a
national cipher standard
IBM submitted their revised Lucifer which was
eventually accepted as the DES
28
29. DES Design Controversy
although DES standard is public
was considerable controversy over design
in choice of 56-bit key (vs Lucifer 128-
bit)so prone to brute force attack
design criteria for the internal structure
of S boxes in DES. The users were not
sure that the internal structure of DES
were free of hidden weak points.
29
30. 30
subsequent events and public analysis
show in fact design was appropriate &
had a strong internal structure
use of DES has flourished
especially in financial applications
still standardised for legacy
application use
32. 32
There are two inputs
Plaintext to be encrypted(64 bits)
The key(56 bits)
Processing proceeds in 3 phases
64 bit plaintext passes through
initial permutation(IP) that
rearranges the bits to produce
permutted o/p
33. 33
This is followed by a phase
consisting of 16 rounds of the
same function which invoves both
substituton & permutation
The o/p of the last round consists
of 64 bits that are a function of i/p
text & key
The left & right halves of o/p are
swapped to produce preoutput
34. 34
Finally the preoutput is passed
through a permutation(IP
-1
) that is
the reverse of initial permutation
to produce 64 bit ciphertext
35. 35
Key Generation
• Initially key is passed through a
permutation function
• for each round a subkey Ki is
produced by combination of left
circular shift & a permutation
• Permutation function is same for
each round but different key is
produced for each round because
of repeated shifts of the key bits
36. Initial Permutation IP
Initial permutation and final permutation
are defined by tables
The input to the table consists of 64 bits
numbered from 1 to 64
Each entry in the table indicates the
position of numbered i/p bit in the o/p
which also consists of 64 bits. This is the
first step of the data computation
36
38. DES Round Structure
uses two 32-bit L & R halves
as for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1 F(Ri–1, Ki)
F takes 32-bit R half and 48-bit subkey:
expands R to 48-bits using a table that
defines permutation + expansion which
involves duplication of 16 of the R bits 38
39. 39
Resulting 48 bits are XORed with
key Ki
This 48 bits passes through
substitution function (8 S-boxes) to
get 32-bit result
finally the 32 bit o/p from the 8 S-
boxes is permuted using 32-bit perm
P
43. Substitution Boxes S
have eight S-boxes which accepts 6 bits as
input & produces 4 bits as output
The first & last bits of the input to box Si
form a 2 bit binary number to select one of
four substitutions defined by 4 rows in the
table Si
The middle 4 bits select one of the 16
columns
43
44. 44
The decimal value in the cell selected
by the row & column is then converted
to its 4 bit representation to produce
output
Eg: for 011001 the row is 01(row 1) &
column is 1100(column 12)
The value in row 1 column 12 is 9,
so the output is 1001
46. DES Key GENERATION
64 bit key is used as input to the algorithm
The bits of the key are numbered 1 through 64. Every
eighth bit is ignored to generate a 56 bit key.
Subkeys used in each round are generated from the
key K
initial permutation of the key (PC1) which selects
56-bits
The resulting 56 bit key is treated in two 28-bit
halves
46
47. 16 stages consisting of:
• rotating each half separately either 1 or
2 places depending on the key rotation
schedule K
• The shifted value acts as input to the next
round as well as to permuted choice PC2
• selecting 24-bits from each half &
permuting them by PC2 for use in round
function F
47
48. DES Decryption
Decryption uses same algorithm as encryption
As with Feistel design, decryption uses the same
algorithm as encryption except that the appliction of
subkeys is reversed (SK16 … SK1)
IP-1 undoes final FP step of encryption
1st round with SK16 undoes 16th encrypt round and so
on.................….
16th round with SK1 undoes 1st encrypt round
then final FP undoes initial encryption IP
thus recovering original data value
48
49. Avalanche Effect
key desirable property of encryption algorithm is
When there is a small change in either plaintext or key
bit it should results in changing many bits of the
ciphertext
making attempts to “home-in” by guessing keys
impossible
DES exhibits strong avalanche effect
49
50. Strength of DES – Key Size
56-bit keys have 256 = 7.2 x 1016 values
brute force search looks hard
recent advances have shown is possible
in 1997 on Internet in a few months
in 1998 Electronic Frontier Foundation
announced that it had broken a DES encryption
using a special purpose DES Cracker machine 50
51. Strength of DES – nature of
des algorithm
Cryptanalysis is possible by exploiting characteristics
of DES algorithm
Focus has been on 8 S-boxes
Because design criteria of both S-boxes & algorithm
is not made public there is a suspicion that
cryptanalysis is possible
Despite this no one has succeeded in discovering the
weakness in S-boxes
51
52. Strength of DES – Timing
Attacks
Timing attack is one in which information about key
or plaintext is obtained by observing how long it
takes for a given implementation to perform
decryption on various ciphers
Timing attack exploits the fact that calculations can
take varying times depending on the value of the
inputs to it
52
53. Summary
have considered:
block vs stream ciphers
Feistel cipher design & structure
DES
• Encryption
• decryption
• Strength
53