This document provides an overview of block ciphers and public key cryptography. It discusses the principles of block ciphers, including block cipher modes of operation. Popular block ciphers like DES, AES, Triple DES and Blowfish are described. The document also covers public key cryptography principles and algorithms like RSA and Diffie-Hellman key exchange. It provides details on elliptic curve cryptography and the arithmetic behind it.

1. BLOCK CIPHERS
&
PUBLIC KEY CRYPTOGRAPHY
T.Ramprakash
AP/ECE
Ramco Institute of Technology
Rajapalayam
1

2. BLOCK CIPHERS & PUBLIC KEY
CRYPTOGRAPHY
• Block Ciphers:
– Block cipher principles
– Block cipher modes of operation
– Data Encryption Standard (DES)
– Advanced Encryption Standard (AES)
– Triple DES
– Blowfish
– RC5 algorithm 2

3. BLOCK CIPHERS & PUBLIC KEY
CRYPTOGRAPHY
• Public key cryptography:
– Principles of public key cryptosystems
– The RSA algorithm, Key management
– Diffie Hellman Key exchange
– Elliptic curve arithmetic
– Elliptic curve cryptography
3

4. Introduction to Block Ciphers
• A block cipher is one in which a block of
plaintext is treated as a whole and used to
produce a ciphertext block of equal length.
• Typically, a block size of 64 or 128 bits is used.
As with a stream cipher, the two users share a
symmetric encryption key
4

5. General n-bit-n-bit Block Substitution
5

6. Encryption and Decryption Tables for
Substitution Cipher
6

7. Block Cipher Principles
• The cryptographic strength of a Feistel cipher
derives from three aspects of the design:
• Number of rounds,
• Function F, and
• Key schedule algorithm
7

8. Block Cipher Principles
• Number of Rounds
– The greater the number of rounds, the more
difficult it is to perform cryptanalysis, even for a
relatively weak F.
– In general, the criterion should be that the
number of rounds is chosen so that known
cryptanalytic efforts require greater effort than a
simple brute-force key search attack
8

9. Block Cipher Principles
• Design of function F
– The heart of a Feistel block cipher is the function F
– Difficult to “unscramble” the substitution
– Function F should be nonlinear.
– Algorithm should have good Avalanche Properties.
– Bit Independence Criterion (BIC), (which states that output
bits j and k should change independently when any single input bit i is
inverted for all i, j, and k)
9

10. Block Cipher Principles
• Key Schedule Algorithm
– With any Feistel block cipher, the key is used to
generate one sub key for each round.
– In general, we would like to select sub keys to
maximize the difficulty of deducing individual
subkeys and the difficulty of working back to the
main key.
– No general principles for this have yet been
promulgated
– Key schedule should guarantee key/ciphertext
Strict Avalanche Criterion and Bit Independence
Criterion 10

11. Block Cipher Modes of Operation
• Electronic Codebook (ECB)
• Cipher Block Chaining (CBC)
• Cipher Feedback (CFB)
• Output Feedback (OFB)
• Counter (CTR)
11

12. Block Cipher Modes of Operation
12

13. i. Electronic Code Block
• Each block of plaintext bits is encoded
independently using the same key.
13

14. ii. Cipher Block Chaining
• The input to the encryption algorithm is the
XOR of the next block of plaintext and the
preceding block of ciphertext.
14

15. iii. Cipher Feedback
• Preceding ciphertext is used as input to the
encryption algorithm to produce
pseudorandom output, which is XORed with
plaintext to produce next unit of ciphertext
15

16. iv. Output Feedback
• Similar to CFB, except that the input to the
encryption algorithm is the preceding
encryption output, and full blocks are used.
16

17. v. Counter
• Each block of plaintext is XORed with an
encrypted counter.
• The counter is incremented for each subsequent
block
17

18. Popular Block Cipher
• DES
• AES
• Triple DES
• Blowfish
• RC5 Algorithm
18

19. Data Encryption Standard (DES)
19

20. DES - History
• In 1971, IBM developed an algorithm, named
LUCIFER which operates on a block of 64 bits,
using a 128-bit key
• Walter Tuchman, an IBM researcher, refined
LUCIFER and reduced the key size to 56-bit, to
fit on a chip.
• In 1977, the results of Tuchman’s project of
IBM was adopted as the Data Encryption
Standard by NSA (NIST).
20

21. DES - History
• It is a symmetric key block cipher.
• It follows feistel structure
• DES was most widely used until the introduction
of AES (2001)
21

22. DES - Encryption
22

23. Initial and final permutation steps in DES
23

24. Initial and final permutation steps in DES
24

25. Single Round DES algorithm
25

26. Single Round DES algorithm
• Li=Ri-1
• Ri=Li + F(RL-i,Ki)
26

27. Permutation choice 1 for Key
• Input 64 Bits
• Out put 56 bits
27

28. Permutation choice 2 for subKey
• Input 56 Bits
• Out put 48 bits
28

29. Left shift for subKey
29

30. Expansion Permutation (E)
30

31. Expansion Permutation (E)
31

32. Calculation F(R,K)
32

33. S box
33

34. S box
34

35. S box
35

36. Permutation (P)
36

37. DES - Encryption
• There are two inputs to the encryption
function:
– Plaintext to be encrypted
– Key
• In this case, the plaintext must be 64 bits in
length and the key is 56 bits in length
37

38. DES - Encryption
• Processing of the plaintext proceeds in three phases.
– First, the 64-bit plaintext passes through an initial
permutation (IP) that rearranges the bits to produce the
permuted input.
– This is followed by a phase consisting of sixteen rounds of
the same function, which involves both permutation and
substitution functions.
– The output of the last (sixteenth) round consists of 64 bits
that are a function of the input plaintext and the key.
– The left and right halves of the output are swapped to
produce the pre output.
– Finally, the preoutput is passed through a permutation
[IP -1] that is the inverse of the initial permutation function,
to produce the 64-bit ciphertext.
38

39. DES - Encryption
• Initially, the key is passed through a
permutation function.
• Then, for each of the sixteen rounds, a subkey
(Ki) is produced by the combination of a left
circular shift and a permutation.
• The permutation function is the same for each
round, but a different subkey is produced
because of the repeated shifts of the key bits.
39

40. DES - Example
40

41. DES - Example
• The Avalanche Effect
– A small change in either the plaintext or the key
should produce a significant change in the
ciphertext.
– In particular, a change in one bit of the plaintext or
one bit of the key should produce a change in
many bits of the ciphertext.
– This is referred to as the avalanche effect
41

42. Avalanche Effect in DES: Change in Plaintext
42

43. Avalanche Effect in DES: Change in Key
43

44. Cracking DES
• 1998
• John Gilmore
• $220,000
• 56-bit DES key space 4.5 days
• Deep Crack Computer, 27 boards each
containing 64 chips, capable of testing 90
billion keys a second
44

45. Advanced Encryption Standard
45

46. Advanced Encryption Standard
Key Size 
128 or
192 or
256
46

47. Advanced Encryption Standard
• The Advanced Encryption Standard (AES) was
published by the National Institute of
Standards and Technology (NIST) in 2001.
• AES is a symmetric block cipher that is
intended to replace DES as the approved
standard for a wide range of applications
47

48. Advanced Encryption Standard
• plaintext block size 128 bits, or 16 bytes.
• The key length 128 or 192 or 256 bits (16,
24, or 32 bytes ).
• The algorithm is referred to as AES-128, AES-
192, or AES-256, depending on the key length
48

49. Advanced Encryption Standard
49

50. Advanced Encryption Standard
50

51. Advanced Encryption Standard
51

52. Advanced Encryption Standard
52

53. Advanced Encryption Standard
53

54. Advanced Encryption Standard
• Changing Plaintext to State
54

55. Advanced Encryption Standard
• Detail of Each round
55

56. SubBytes
• A simple substitution of each byte provide a
confusion
• Uses one S-box of 16x16 bytes containing a
permutation of all 256 8-bit values
• Each byte of state is replaced by byte indexed by
row (left 4-bits) & column (right 4-bits)
– eg. byte {95} is replaced by byte in row 9 column 5
– which has value {2A}
• S-box constructed using defined transformation
of values in Galois Field- GF(28) 56

57. SubBytes
57

58. SubBytes
58

59. Inverse SubBytes
59

60. Sample SubBytes
60

61. ShiftRows
• Shifting, which permutes the bytes.
• A circular byte shift in each each
– 1st row is unchanged
– 2nd row does 1 byte circular shift to left
– 3rd row does 2 byte circular shift to left
– 4th row does 3 byte circular shift to left
• In the encryption, the transformation is called ShiftRows
• In the decryption, the transformation is called InvShiftRows
and the shifting is to the right
61

62. ShiftRows and InvShiftRows
62

63. MixColumns
• The forward mix column transformation,
called MixColumns, operates on each column
individually. Each byte of a column is mapped
into a new value that is a function of all four
bytes in that column
63

64. MixColumns
64

65. AddRoundKey
• In the forward add round key transformation,
called AddRoundKey, the 128 bits of State are
bitwise XORed with the 128 bits of the round
key.
65

66. AddRoundKey
66

67. AES Key Expansion
• The AES key expansion algorithm takes as
input a four-word (16-byte) key and produces
a linear array of 44 words (176 bytes).
• This is sufficient to provide a four word round
key for the initial AddRoundKey stage and
each of the 10 rounds of the cipher.
67

68. Overall Algorithm
68

69. AES Key Expansion
• RotWord performs a one-
byte circular left shift on a
word. This means that an
input word [B0, B1, B2, B3]
is transformed into [B1, B2,
B3, B0].
• SubWord performs a byte
substitution on each byte of
its input word, using the S-
box.
• The result of steps 1 and 2 is
XORed with a round
constant, Rcon[j].
69

70. Round Constant
70

71. Key expansion Example
• For example, suppose that the round key for
round 8 is
EA D2 73 21 B5 8D BA D2 31 2B F5 60 7F 8D 29 2F
• Then the first 4 bytes (first column) of the round key
for round 9 are calculated as follows:
71

72. Double DES
72

73. Double DES
C = E(K2, E(K1, P))
P = D(K1, D(K2, C))
73

74. Meet in Middle Attack:
• Thus, the use of double DES results in a
mapping that is not equivalent to a single DES
encryption. But there is a way to attack this
scheme, one that does not depend on any
particular property of DES but that will work
against any block encryption cipher.
• The algorithm, known as a meet-in-the-
middle attack
C = E(K2, E(K1, P))
P = D(K1, D(K2, C))
74

75. Meet in Middle Attack:
C = E(K2, E(K1, P))
P = D(K1, D(K2, C))
• Given a known pair, (P, C), the attack proceeds as
follows. First, encrypt P for all 256 possible values of K1.
• Store these results in a table and then sort the table by
the values of X.
• Next, decrypt C using all 256 possible values of K2.
• As each decryption is produced, check the result
against the table for a match.
• If a match occurs, then test the two resulting keys
against a new known plaintext–ciphertext pair.
• If the two keys produce the correct ciphertext, accept
them as the correct keys. 75

76. Triple DES
76

77. Blowfish
77

78. Blowfish
• A symmetric block cipher
• Designed by Bruce Schneier in 1993/94
• Fast
• Simple
• Compact
• Variably Secure
78

79. Blowfish
• Characteristics
– 64-bit block cipher
– Variable length key (32 bits to 448 bits)
– Complex subkey generation
– Key-dependent S-boxes
– Simple operations – fast implementation
• Modulo 232 addition
• Bitwise XOR
79

80. Blowfish
• The keys are stored in k array
K1,k2 …. Kj
• The sub keys are stored in P array
P1, P2, …. P18
• There are four S-boxes, each with 256 32-bit
entries
S1,0,S1,1, S1,2,S1,3…S1,255
S2,0,S2,1, S2,2,S2,3…S2,255
S3,0,S3,1,S3,2,S3,3…S3,255
S4,0,S4,1, S4,2,S4,3…S4,255
1<= j <= 14
80

81. Blowfish
+
+
+
+
+ + + +
+
+
+
+
18 subkeys Pi
81

82. Blowfish single round
Modulo 232 addition
256-entry S-box, 32-bit output/entry
82

83. Blowfish Encryption
+
+
+
++
+
+
+
+
+ and  do not commute
83

84. RC5
• Designed by Ronald Rivest (of RSA fame)
– used in RSA Data Security, Inc.’s products
• Can vary key size
• Can vary data size
• Can vary number of rounds
• Very clean and simple design
• Easy implementation on various CPUs
• Yet still regarded as secure
84

85. RC5
• RC5 is a family of ciphers RC5-w/r/b
– w = word size in bits (16/32/64), block data=2w
– r = number of rounds (0..255)
– b = number of bytes in key (0..255)
• nominal version is RC5-32/12/16
– i.e. 32-bit words so encrypts 64-bit data blocks
– using 12 rounds
– with 16 bytes (128-bit) secret key
85

86. RC5
Simple operations:
1. Addition: modulo 2w
2. Bitwise XOR
3. Circular shift (rotation):
x <<< y, x is left rotate y bits
A Substitution-permutation round:
1. Substitution depends on both
words
2. Permutation depends on both
words
3. Substitution depends on key
86

87. RC5
• split input into two halves A & B
L0 = A + S[0];
R0 = B + S[1];
for i = 1 to r do
Li = ((Li-1 XOR Ri-1) <<< Ri-1) + S[2 x i];
Ri = ((Ri-1 XOR Li) <<< Li) + S[2 x i + 1];
• each round is like 2 DES rounds
• note rotation is main source of non-linearity
• need reasonable number of rounds (eg 12-16)
87

88. RC5
• RFC2040 defines 4 modes used by RC5
– RC5 Block Cipher, is ECB mode
– RC5-CBC, is CBC (cipher block chaining) mode
– RC5-CBC-PAD, is CBC with padding by bytes with
value being the number of padding bytes
– RC5-CTS, a variant of CBC which is the same size
as the original message, uses ciphertext stealing to
keep size same as original
88

89. Public Key Cryptography
89

90. Introduction to public key cryptography
• The development of public-key cryptography
is the greatest and perhaps the only true
revolution in the entire history of
cryptography.
90

91. Terminology Related to Asymmetric
Encryption
• Asymmetric Keys
– Two related keys, a public key and a private key,
that are used to perform complementary
operations, such as encryption and decryption or
signature generation and signature verification.
• Public Key Certificate
– A digital document issued and digitally signed by
the private key of a Certification Authority that
binds the name of a subscriber to a public key.
– The certificate indicates that the subscriber
identified in the certificate has sole control and
access to the corresponding private key.
91

92. Terminology Related to Asymmetric
Encryption
• Public Key (Asymmetric) Cryptographic
Algorithm
– A cryptographic algorithm that uses two related keys,
a public key and a private key.
– The two keys have the property that deriving the
private key from the public key is computationally
infeasible.
• Public Key Infrastructure (PKI)
– A set of policies, processes, server platforms, software
and workstations used for the purpose of
administering certificates and public-private key pairs,
including the ability to issue, maintain, and revoke
public key certificates.
92

93. Encryption with public key
93

94. Encryption with private key
94

95. Public-Key Cryptosystems
• Asymmetric algorithms rely on one key for
encryption and a different but related key for
decryption.
• These algorithms have the following
important characteristic.
– It is computationally infeasible to determine the
decryption key given only knowledge of the
cryptographic algorithm and the encryption key
– Either of the two related keys can be used for
encryption, with the other used for decryption
95

96. Six ingredients
• Plaintext:
– This is the readable message or data that is fed into
the algorithm as input.
• Encryption algorithm:
– The encryption algorithm performs various
transformations on the plaintext.
• Public and private keys:
– This is a pair of keys that have been selected so that if
one is used for encryption, the other is used for
decryption.
– The exact transformations performed by the algorithm
depend on the public or private key that is provided as
input.
96

97. Six ingredients
• Ciphertext:
– This is the scrambled message produced as
output.
– It depends on the plaintext and the key.
– For a given message, two different keys will
produce two different ciphertexts.
• Decryption algorithm:
– This algorithm accepts the ciphertext and the
matching key and produces the original plaintext.
97

98. Essential steps
1. Each user generates a pair of keys to be used for
the encryption and decryption of messages.
2. Each user places one of the two keys in a public
register or other accessible file. This is the public
key. The companion key is kept private. Each
user maintains a collection of public keys
obtained from others.
3. If Bob wishes to send a confidential message to
Alice, Bob encrypts the message using Alice’s
public key.
4. When Alice receives the message, she decrypts
it using her private key. No other recipient can
decrypt the message because only Alice knows
Alice’s private key. 98

99. Conventional Vs Public Key Encryption
99

100. Public Key Cryptosystem: Secrecy
100

101. Public Key Cryptosystem:
Authentication
101

102. Public Key Cryptosystem:
Authentication and Secrecy
102

103. Application for public key cryptosystems
• Encryption/decryption:
– The sender encrypts a message with the
recipient’s public key.
• Digital signature:
– The sender “signs” a message with its private key.
Signing is achieved by a cryptographic algorithm
applied to the message or to a small block of data
that is a function of the message.
• Key exchange:
– Two sides cooperate to exchange a session key.
Several different approaches are possible,
involving the private key(s) of one or both parties.
103

104. Application for public key cryptosystems
104

105. RSA Algorithm
• By Rivest, Shamir & Adleman of MIT in 1977
• Best known & widely used public-key scheme
105

106. Intuition behind RSA Algorithm
• I would like to receive encrypted message
from everyone
• I obtain a private key and public key
• I publish my public key and keep my private
key secret
• Everyone can use my public key to encrypt
their message to me
• I am the only one who can decrypt the
message using the private key
106

107. RSA algorithm in our daily life
• When buying something from ebay, they send
their public key to your browser
• Your information gets encrypted using ebay’s
public key and sent to them
• They use their private key to decrypt the
encrypted data
107

108. RSA example
• Message: m
• Encryption(public key) : (5,14)
c=me mod n
• Decryption (private key) : (5,14)
p=cd mod n
108

109. Key Management
• Generate two large random prime numbers
p and q
• Find n=p.q
• Find Φ(n)=(p-1)(q-1)
• Choose the public key e, such that
1<e< Φ(n)
gcd (e, Φ(n)) = 1
gcd(e,n)=1
• Compute the private key d, such that
1<d< Φ(n)
e.d=1(mod Φ(n))
• The private key is (e,n) and public key is (d,n)
109

110. Why RSA special?
• Given two large prime numbers p and q, a
composite number n can be computed as
n = p.q
• But, given just n, there is no known algorithm
to effectively find p and q
110

111. RSA example
• M=13
• P=3
• Q=11
111

112. RSA example
• M= 88
• P=17
• Q=11
• Encryption
PU={7,187}
Decryption
PR={23,187}
112

113. RSA Algorithm
113

114. RSA Algorithm
114

115. RSA Example
115

116. Examples of RSA
• Message = 15, p=7, q= 11, e =7
• Message= 88, p = 17, q = 11, e =7
116

117. Security of RSA
• Five possible approaches to attacking the RSA
algorithm are
• Brute force:
– This involves trying all possible private keys.
• Mathematical attacks:
– There are several approaches, all equivalent in effort to
factoring the product of two primes.
• Timing attacks:
– These depend on the running time of the decryption
algorithm.
• Hardware fault-based attack:
– This involves inducing hardware faults in the processor
that is generating digital signatures.
• Chosen ciphertext attacks:
– This type of attack exploits properties of the RSA
algorithm. 117

118. Diffie Hellman Key exchange
118

119. Diffie Hellman Key exchange
• The first published public-key algorithm
appeared in the seminal paper by Diffie and
Hellman that defined public-key cryptography
[DIFF76b] and is generally referred to as Diffie-
Hellman key exchange
119

120. Diffie Hellman Key exchange
120

121. Diffie Hellman Key exchange
121

122. Diffie Hellman Example
• Find the secret key shared between user A and
user B using Diffie Hellman algorithm for the
following
• q = 353, α=3, XA=45 and XB=50
122

123. Diffie Hellman Example
• Find the secret key shared between user A and
user B using Diffie Hellman algroithm fo rthe
following
• q = 353, α=3, XA=97 and XB=233
YA = 397 mod 353 = 40.
YB = 3233 mod 353 = 248.
A computes K = (YB)XA mod 353 = 24897 mod 353 = 160.
B computes K = (YA)XB mod 353 = 40233 mod 353 = 160.
123

124. Man-in-the-Middle Attack
124

125. Man-in-the-Middle Attack
• Darth prepares for the attack by generating two
random private keys XD1 and XD2 and then
computing the corresponding public keys YD1 and
YD2.
• Alice transmits YA to Bob.
• Darth intercepts YA and transmits YD1 to Bob. Darth
also calculates K2 = (YA)XD2 mod q.
• Bob receives YD1 and calculates K1 = (YD1)XB mod q.
• Bob transmits YB to Alice.
• Darth intercepts YB and transmits YD2 to Alice.
Darth calculates K1 = (YB)XD1 mod q.
• Alice receives YD2 and calculates K2 = (YD2)XA mod q.125

126. Man-in-the-Middle Attack
• The key exchange protocol is vulnerable to such
an attack because it does not authenticate the
participants.
• This vulnerability can be overcome with the use
of digital signatures and public-key certificates
126

127. Elliptic curve arithmetic
• What are Elliptic Curves?
– y2 = x3 + ax + b a, b ϵ ℝ
–4a3 + 27b2 ≠ 0
• Characteristics of Elliptic Curve
– Forms an abelian group
– Symmetric about the x-axis
– Point at Infinity acting as the identity element
127

128. Why Elliptic Curve Cryptography?
• Shorter Key Length
• Lesser Computational Complexity
• Low Power Requirement
• More Secure
128

129. Example of Elliptic curve
129

130. Abelian Groups
130

131. Comparable Key Sizes for Equivalent
Security
131

132. What is Elliptic Curve Cryptography?
132

133. Point Doubling
133

134. Example
• a = 1, b = 1, x = 9, y = 7, p = 23
134

135. ECC Diffie-Hellman Key Exchange
135

136. Reference
1. William Stallings, Cryptography and Network
Security, 6th Edition, Pearson Education,
March 2013.
2. Charlie Kaufman, Radia Perlman and Mike
Speciner, “Network Security”, Prentice Hall of
India, 2002.
136