Block Encryption

1. 1
Introduction:
A symmetric algorithm is used as a secret key in both encryption and decryption. Using
substitution and permutation in encryption methods, the S box and P box are two
examples of these processes. The CBC mode will be the foundation for the
implementation of our novel symmetric algorithm in this project.
A thorough description of the symmetric algorithm design:
Using the new symmetric technique, each block will be subjected to three basic
operations:
 Replacement, XORed with the sub of the key, permutation.
Among other things, this method is built on the following characteristics:
 Non-overlapping blocks are used to split a message.
 There are five rounds for each block, thus we may estimate there are five blocks.
Consequently, we break up the communication into five chunks, which we
encrypt individually.
 There are eight bits in each block and eight bits in each subkey.
 The 40-bit secure key is split into five 8-bit subkeys. Because of this, each round
uses a different set of five subkeys.
 Each round uses substitution and permutation techniques.
 Bits in the block are ordered in various ways for Permutation:
 Each block will be shuffled five times, resulting in a total of five separate shuffles.
This is how Substitution works:
 Throughout the algorithm.
 It is necessary to make ten S boxes with various values.
 Only two of them will be utilised in each round.
 Each block is 4 by 4 bits in size.
This is how we choose the two S-boxes:
 Based on the key, the two S-boxes are picked at random.
 In each round, the subkey is transformed to an integer in both directions (from
left to right). We now have two integers.

2. 2
 Two S-boxes will be utilised for each round based on the outcomes of each
integer being modular on 10 (the result is 0 to 9). In this example, 00000011 is
equivalent to the number 3. 11000000 = 192 in decimal, which is the inverse of
11000000. For indexes, we divide by ten and multiply by a factor of 10. (i.e., the
first index is 3 and second is 2)
Each S-box selects a value based on the 8 bits of the block in the following manner:
 Split the 8-bit block into two 4-bit chunks (4bits left and 4 bits on right).
 First 2 bits indicate the column. Second 2 bits represent the subparts 2 bits and 2
bits respectively. The row is represented by the last two bits. Instead, the S-
matching box's result (the four bits) will be used.
 The right component should be treated in the same manner as the left.
 Results are multiplied by the key's subtraction for each round.
 There are a number of processes in decryption that are reversed in order to
reverse the encryption process.
So, in terms of decryption, we may say:
 The 8-bit ciphertext is xored with the subkey in each cycle.
 In the encryption, the key is used to choose the two S-boxes, and that's how it
will be done going forward.
 There will be an inverse S-box for each of the 10 previously generated S-boxes,
which we will construct or make earlier.
 xored's output will be split into two 4bit samples (left and right)
 We now utilise the chosen S-box and the inverse-S-box to restore the original 4
bits for each of the four bits on the left. The right side is exactly the same as the
left side (4bits)
 To get the original permutation back, we'll mix the left and right components and
run them through an inverse permutation that returns them (before shuffling). The
inverse permutation will be produced for every permutation (there are a total of
five).
 Finally, we get the current round's plaintext.
 This means that in order to decode the data, all the encryption stages must be
reversed, including the generation of reverse permutations and S-boxes and the
xored with key.
The encryption algorithm and decryption algorithm codes:

3. 3
# 10 s-boxes
Sboxes = [
[[0, 1, 2, 3], [4, 5, 6, 7], [8, 9, 10, 11], [12, 13, 14, 15]],
[[1, 0, 3, 2], [4, 6, 7, 5], [11, 10, 9, 8], [13, 12, 14, 15]],
[[3, 10, 13, 15],[2, 4, 9, 11],[1, 5, 8, 12],[0, 6, 7, 14]],
[[5, 7, 11, 15],[1, 3, 8, 14],[0, 2, 9, 13],[4, 6, 10, 12]],
[[13, 12, 14, 15],[4, 6, 7, 5],[1, 0, 3, 2],[11, 10, 9, 8]],
[[2, 4, 9, 11, ],[1, 5, 8, 12],[0, 6, 7, 14], [3, 10, 13, 15]],
[[2, 3,12, 13], [6, 7, 8, 11],[4, 5, 9, 10], [0, 1, 14, 15]],
[[1, 7, 12, 14],[2, 4, 5, 11],[0,10, 13, 15],[3, 6, 8, 9]],
[[0, 1, 14, 15], [2, 3,12, 13], [4, 5, 9, 10], [6, 7, 8, 11]],
[[12,13,14,15], [4, 5, 6, 7], [8, 9, 10, 11], [0, 1, 2, 3]]
]
# dec to binary 4bits
def decToBin4bit(x):
x = bin(x)[2:]
if len(x) == 1:
return '0'*3 + x
elif len(x) == 2:
return '0'*2 + x
elif len(x) == 3:
return '0' + x
return x
# s-box inverse function
def SBoxInverse(x, v):
for i in range(len(x)):
for j in range(len(x[i])):
if x[i][j] == v:
n,m = bin(i)[2:], bin(j)[2:]
if len(n) == 1:
n = '0' + n
if len(m) == 1:
m = '0' + m
return n+''+m
# xor function, returns a xor b
def XOR(a, b):
res = ""
for i in range(len(a)):
if a[i] == b[i]:
res += "0"
else:
res += "1"
return res
# shuffle, using example shuffle given in project
# 5 differnt pattern used
def permutation(x, i):
if i==0:
return x[5] + x[7] + x[0] + x[1] + x[3] + x[2] + x[4] + x[6]
if i==1:
return x[3] + x[2] + x[4] + x[6] + x[5] + x[7] + x[0] + x[1]
if i==2:
return x[6] + x[4] + x[0] + x[1] + x[3] + x[2] + x[5] + x[7]
if i==3:
return x[6] + x[0] + x[7] + x[1] + x[4] + x[2] + x[3] + x[5]
if i==4:
return x[1] + x[3] + x[2] + x[4] + x[6] + x[5] + x[7] + x[0]
# the inverse of shuffle
def invpermutation(x, i):
if i==0:
return x[2] + x[3] + x[5] + x[4] + x[6] + x[0] + x[7] + x[1]
if i==1:
return x[6] + x[7] + x[1] + x[0] + x[2] + x[4] + x[3] + x[5]
if i==2:

4. 4
return x[2] + x[3] + x[5] + x[4] + x[1] + x[6] + x[0] + x[7]
if i==3:
return x[1] + x[3] + x[5] + x[6] + x[4] + x[7] + x[0] + x[2]
if i==4:
return x[7] + x[0] + x[2] + x[1] + x[3] + x[5] + x[4] + x[6]
# select sbox based on subkeyand modulo 10
def selectSbox(subk):
# convert both subkey and its revser to decimal
# then select the s-boxes to use
q = int(subk, 2)%10
# subk[::-1] reverses the string
r = int(subk[::-1], 2)%10
return Sboxes[q], Sboxes[r]
# encryption
def encryption(m, key, rounds):
encrypted = ''
for i in range(rounds):
mi = m[8*i:8*(i+1)]
ki = key[8*i:8*(i+1)]
mi = permutation(mi, i)
sbL, sbR = selectSbox(ki)
mLeft, mRight = mi[0:4], mi[4:8]
mLeftRow, mLeftCol= int(mLeft[0:2], 2), int(mLeft[2:4], 2)
sbLVal = sbL[mLeftRow][mLeftCol]
sbLVal = decToBin4bit(sbLVal)
mRightRow, mRightCol= int(mRight[0:2], 2), int(mRight[2:4], 2)
sbRVal = sbR[mRightRow][mRightCol]
sbRVal = decToBin4bit(sbRVal)
SPBox = sbLVal + sbRVal
rdi = XOR(SPBox, ki)
encrypted += rdi
return encrypted
# decryption
def decryption(cipher, key, rounds) :
decrypted = ''
for i in range(rounds):
cph = cipher[8*i:8*(i+1)]
ki = key[8*i:8*(i+1)]
rdi = XOR(cph, ki)
mLeft, mRight = rdi[0:4], rdi[4:8]
sbL, sbR = selectSbox(ki)
decL = int(mLeft, 2)
sbLVal = SBoxInverse(sbL, decL)
decR = int(mRight, 2)
sbRVal = SBoxInverse(sbR, decR)
SPBoxInv = sbLVal + sbRVal
decipher = invpermutation(SPBoxInv, i)
decrypted += decipher
return decrypted
message1 = '1101101111010100100001111000100111100111'
key1 = '0111011110110100111010110110101000110000'

5. 5
Test the proposed algorithm for diffusion and confusion
Using:
message1 = '1101101111010100100001111000100111100111'
key1 = '0111011110110100111010110110101000110000'
Before changing any bit on plaintext not key, the cipher text is:
0000110100111010100100001110111010101110
Changing one bit (left) in message and using original key above:
message1 = 0101101111010100100001111000100111100111
cipher text: 0010110100111010100100001110111010101110
rounds = 5
print("Encryption/Decryption Test 1(key1 and message1)")
print("-"*45)
print()
encrypted1 = encryption(message1, key1, rounds)
decrypted1 = decryption(encrypted1, key1, rounds)
print("Original Message: ", message1)
print("Key:", " "*13, key1)
print("Encrypted Message:", encrypted1)
print("Decrypted Message:", decrypted1)
print()
print("*"*60)
message2 = '1111010001010101101001111100110101011111'
key2 = '1011011100001111111010011110010010001001'
print("Encryption/Decryption Test 2 (key2 and message2)")
print("-"*45)
print()
encrypted2 = encryption(message2, key2, rounds)
decrypted2 = decryption(encrypted2, key2, rounds)
print("Original Message: ", message2)
print("Key:", " "*13, key2)
print("Encrypted Message:", encrypted2)
print("Decrypted Message:", decrypted2)

6. 6
23 bits are different:
23/40 = 57%
Changing one bit (left) in key and using original message above:
key1 = 1111011110110100111010110110101000110000
cipher text: 0100110000111010100100001110111010101110
cipher text:
2 bits are different:
2/40 = 0.05%
Encryption Algorithm:
START
Use /dev/urandom to generate a four-byte random key.
READING THE INPUT FILE.
 Error message if the path to the input file is incorrect.
 THE ERROR WILL OCCUR IF THE INPUT FILE IS SMALLER THAN 4 BYTES.
4 BYTES OF THE INPUT FILE ARE XOR'ED WITH THE KEY (the bytes of the plaintext
are selected in a sequential fashion)
The output file stores the result (this is the ciphertext).
MD5 Hashes of keys used to decrypt current blocks are computed as part of this
process (size of the hash is 32 bits)
In order to generate a new key, the current block's encrypting key is XOR'd with the
hash of the key used to encrypt it.
ENCRYPTION OF THE INPUT FILE IS COMPLETED BY REPLICATION OF STEPS 4
TO 7.
STOP

7. 7
Decryption Algorithm:
The decoding is almost same. In the case of XOR-encryption, the process may be
undone in a matter of just seconds.
Padding bytes are ignored in the first four bytes. The KEY is given as a command line
option and four bytes of the encrypted file are read consecutively and XOR'd with the
KEY. The first four bytes of the raw text are shown in this way.
The current key's MD5 hash is computed and XOR'ed with the current key, which yields
the next key for decrypting the next four bytes.
Until the whole encrypted file has been decrypted, the procedure outlined above is
repeated.
Cryptanalysis:
1. The encryption technique does not operate for files less than 4 bytes in size.
Checks to prevent the encryption of blank files may be found here.
2. Even if the file path is wrong, a random key is produced. Only when the file
location and file size are within the program's restrictions should a random
encryption key be created, in our view.
3. /dev/urandom is used to create random keys in the encryption process. A specific
file called dev/urandom is used to generate pseudorandom numbers.
Environmental sounds recorded from many devices and other sources may be
accessed via these.
/dev/urandom reuses the entropy pool, decreasing the quality of randomness
over time, according to certain academics and researchers, hence they
recommend using dev/random instead.
4. The ciphertext is generated using a basic XOR operation as part of the
encryption process. The encryption may be undone thanks to the reversibility of
XOR.

8. 8
5. Confusion, Diffusion, and Permutation are not used in the construction of this
method.
6. Each block of four bytes is encrypted with a new subkey/rolling key. No
permutation or replacement methods are used, thus the connection between
Plaintext and Ciphertext is clear. Commercial use of encryption is thus
impossible because of this problem.
7. Algorithms that are self-contained are those that are complete and include all of
the necessary components. Because of the following factors, we do not consider
this encryption technique to be self-contained:
a) In order to calculate the MD5 Hashes of the random key, the programme imports
"md5.h." The usage of another cryptographic technique should be avoided in a
self-contained encryption procedure.
b) Because of the use of MD5 Hashes, the programme seems to be doing some
sophisticated operation, but all it is doing is performing an XOR operation on the
hash and the original key. There is no need for the hashing in the encryption
method, since we could have used a preset 4-byte (32-bit) variable to XOR the
key with.
Weaknesses:
1. The encryption scheme is reversible since it only employs XOR operations.
XORing the input file's first four bytes with the random key yields the beginning
block cypher text.
Data concerning the file type is often included in the first four bytes of an input file
(not limited to only 4 bytes).
Recovering the random key is a simple matter of
KEY = Ciphertext (First 4 bytes) ⊕ (4 bytes of the file header)
In other words, anybody who has knowledge of the file type may decode the
encoded data.
2. In addition, the encryption method does not use any confusion or dispersion
measures, which renders this scheme very vulnerable

9. 9
Brute-forcing:
We've come up with three methods of brute-forcing encrypted data.
1. First, we are using the system entropy to generate a four-byte random key. There
are thus 4294967296 potential combinations of the 168 available keys.
The file containing all the keys will be 36 GB in total size.
It takes a lot of computing power to generate such a large file and then test each key
to see whether it yields a decrypted file that can be read. It's going to take a while for
this one to get going. Below, a more efficient and effective method is outlined.
2. Using information about the file type, we will brute-force the encrypted document.
 Three encrypted files have been sent to us: an encrypted PNG file, an
encrypted PDF and a text document.
 The first eight bytes of a PNG file always include the following values - 89
50 4E 47. When we bruteforce PNG files, this is basically the header
information that we'll be using.
 The first eight bytes of a PDF file are 0x25, 0x50, 0x44, and 0x46,
respectively. Use this to decode the encrypted pdf file.
Patching the Weaknesses:
XOR's reversible nature is one of the most exploited weaknesses of this encryption
technique. This may be patched using substitution or permutation. When the plain text
bits are shuffled at the beginning, it is critical that the cypher text is not easily discernible
from the plain text. As a result, the technique is less effective since it can't distinguish
between files that have the same header (e.g., file type descriptors). In order to get rid
of the file type descriptors at the beginning of encrypted content, the easiest method
would be to shuffle its bits. When the ciphertext and header are combined, the key
cannot be generated.