This document provides an overview of block ciphers and the Data Encryption Standard (DES) algorithm. It begins with definitions of stream ciphers and block ciphers. It then discusses the principles of confusion and diffusion in encryption algorithms. The document introduces the Feistel cipher structure and how it was developed based on Claude Shannon's work. It provides details on the DES algorithm, including its history, design, encryption process using rounds and subkeys, decryption process, and the avalanche effect property.

1. CHAPTer 3
BLOCK CIPHERS & DATA
ENCRYPTION STANDARD
1

2. STREAM CIPHERS vs BLOCK
CIPHERS
 Stream cipher encrypts digital data one bit
or byte at a time
 Eg: vigenere cipher
 Block cipher encrypts a block of plaintext to
produce cipher text block of same length
 Block size of 64 or 128 is used
2

3. 3
 operates on n bits to produce a
ciphertext of n bits
So 2
n
possible different plaintext blocks
& each must produce unique ciphertext
 such transformation is reversible or
nonsingular
Otherwise it is irreversible

4. 4
Reversible Irreversible
Plaintext ciphertext Plaintext ciphertext
00 11 00 11
01 10 01 10
10 00 10 01
11 01 11 01
A cipher text 01 produced by one of the two
possibilities

5. Ideal Block Cipher
5

6.  If a small block size such as n=4 is used then
the system is equivalent to classical
substitution cipher.
 Such a system is vulnerable to statistical
analysis of plaintext
 If n is sufficiently large and an arbitarily
reversible substitution b/w plaintext &
ciphertext is allowed then the statistical
characteristics of plaintext can be masked. 6

7. Modern Block Ciphers
 one of the most widely used types of
cryptographic algorithms
 provide secrecy /authentication services
 focus on DES (Data Encryption Standard)
7

8. Block Cipher Principles
 most symmetric block ciphers are based on
a Feistel Cipher Structure
 block ciphers look like an extremely large
substitution
 would need table of 264 entries for a 64-bit
block
8

9. FIESTEL CIPHER
 Substitution ciphers can be approximated
using product cipher which is performing of 2
or more basic ciphers in sequence
 This results in cryptographically stronger
cipher
 Fiestel proposed a cipher that alternates
substitutions & permutations 9

10. 10
 it is the practical application of proposal
by Claud Shanan to produce a cipher that
alternates confusion & diffusion functions

11. Claude Shannon and Substitution-
Permutation Ciphers
 Claude Shannon introduced idea of substitution-
permutation (S-P) networks in 1949 paper
 form basis of modern block ciphers
 S-P nets are based on the two primitive cryptographic
operations :
 substitution (S-box)
 permutation (P-box)
 provide confusion & diffusion of message & key
11

12. Confusion and Diffusion
 Shannon suggests 2 methods for frustrating
statistical cryptanalysis by combining S & P
elements to obtain:
 diffusion – dissipates statistical structure of
plaintext over bulk of ciphertext. Achieved by
having each plaintext digit affect the value of
many ciphertext digits
12

13. 13
Eg: encrypt a msg M=m1,m2,…………of
characters with an averaging operation
That is adding k successive letters to
get a ciphertext
confusion – makes relationship
between statistics of ciphertext and
value of encryption key as complex as
possible

14. Feistel Cipher Structure
 Horst Feistel devised the feistel cipher
 based on concept of invertible
product cipher
 Inputs are
 Plaintext block of length 2w
 Key K
14

15. 15
 partitions input block into two halves
L0 & R0
 Two halves pass through n rounds of
processing & then combine to
produce ciphertext block
 Each round i has inputs Li-1
& Ri-1
derived from previous round as well
as subkey Ki
derived from key K

16. 16
Each subkey Ki are different from K &
from each other.
All rounds have same structure
A substituiton is performed on left
half of data
This is done by applying a round
function on right half of data & then
taking XOR of o/p of that function & left
half of data

17. 17
The round function has same structure
for each round but is parametrized by
round subkey Ki
Following this substitution a
permutation is done
Consists of interchange of 2 halves of
data

18. 18

19. Feistel Cipher Design Elements
 block size –larger block size means greater
security but reduce encryption decryption
speed. Block size of 64 bits used.AES uses
128 bit block
 key size – larger key size offers greater
security but decrease encryption/
decryption speed. key size of 64 bits or less
is inadequate and 128 bits is common size
19

20. 20
number of rounds : single round offers
inadequate security. usually 16 rounds used
 subkey generation algorithm: greater
complexity leads to greater difficulty in
cryptanalysis
 round function : greater complexity
leads to greater difficulty in cryptanalysis

21. 21
 fast software en/decryption
Usually encryption embedded
in applications/utility functions so as
to avoid h/w implementation. Thus
speed is a concern
 ease of analysis
if algorithm can be concisely &
clearly explained it is easier to analyze
against cryptanalysis

22. 22

23. 23

24. 24
 Encryption process given by
 LE16=RE15
 RE16=LE15  F(RE15,K16)
 decryption process is given by
 LD1=RD0=LE16=RE15
 RD1=LD0  F(RD0,K16)

25. 25
 decryption process
 Ciphertext is used as input
 But subkeys is used in
reverse order
ie, Kn is used in first
order
 Decryption is given by
 LD1=RD0=LE16=RE15
 RD1=LD0  F(RD0,K16)

26. 26
=RE16 F( RE15, K16)
=[LE15  F(RE15,K16) ]  F(RE15,K16)
XOR has the following properties
[A X B] X C=A X [ B X C]

27. Data Encryption Standard (DES)
 most widely used block cipher in world
 adopted in 1977 by NBS (now NIST)
 as FIPS PUB 46
 encrypts 64-bit data using 56-bit key to
produce 64 bit block cipher
 has widespread use
 has been considerable controversy over its
security 27

28. DES History
 IBM developed Lucifer cipher
 by team led by Feistel in late 1960’s
 used 64-bit data blocks with 128-bit key
 then redeveloped as a marketable commercial
cipher that could be implemented on a chip
 in 1973 NBS issued request for proposals for a
national cipher standard
 IBM submitted their revised Lucifer which was
eventually accepted as the DES
28

29. DES Design Controversy
 although DES standard is public
 was considerable controversy over design
 in choice of 56-bit key (vs Lucifer 128-
bit)so prone to brute force attack
 design criteria for the internal structure
of S boxes in DES. The users were not
sure that the internal structure of DES
were free of hidden weak points.
29

30. 30
 subsequent events and public analysis
show in fact design was appropriate &
had a strong internal structure
 use of DES has flourished
 especially in financial applications
 still standardised for legacy
application use

31. DES Encryption Overview
31

32. 32
 There are two inputs
 Plaintext to be encrypted(64 bits)
 The key(56 bits)
 Processing proceeds in 3 phases
 64 bit plaintext passes through
initial permutation(IP) that
rearranges the bits to produce
permutted o/p

33. 33
 This is followed by a phase
consisting of 16 rounds of the
same function which invoves both
substituton & permutation
 The o/p of the last round consists
of 64 bits that are a function of i/p
text & key
 The left & right halves of o/p are
swapped to produce preoutput

34. 34
 Finally the preoutput is passed
through a permutation(IP
-1
) that is
the reverse of initial permutation
to produce 64 bit ciphertext

35. 35
 Key Generation
• Initially key is passed through a
permutation function
• for each round a subkey Ki is
produced by combination of left
circular shift & a permutation
• Permutation function is same for
each round but different key is
produced for each round because
of repeated shifts of the key bits

36. Initial Permutation IP
 Initial permutation and final permutation
are defined by tables
 The input to the table consists of 64 bits
numbered from 1 to 64
 Each entry in the table indicates the
position of numbered i/p bit in the o/p
which also consists of 64 bits. This is the
first step of the data computation
36

37. Initial and final permutation Tables

38. DES Round Structure
 uses two 32-bit L & R halves
 as for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1  F(Ri–1, Ki)
 F takes 32-bit R half and 48-bit subkey:
 expands R to 48-bits using a table that
defines permutation + expansion which
involves duplication of 16 of the R bits 38

39. 39
 Resulting 48 bits are XORed with
key Ki
 This 48 bits passes through
substitution function (8 S-boxes) to
get 32-bit result
 finally the 32 bit o/p from the 8 S-
boxes is permuted using 32-bit perm
P

40. 40

41. CALCULATION OF F(R,K)
41

42. EXPANSION P-BOX
42

43. Substitution Boxes S
 have eight S-boxes which accepts 6 bits as
input & produces 4 bits as output
 The first & last bits of the input to box Si
form a 2 bit binary number to select one of
four substitutions defined by 4 rows in the
table Si
 The middle 4 bits select one of the 16
columns
43

44. 44
 The decimal value in the cell selected
by the row & column is then converted
to its 4 bit representation to produce
output
 Eg: for 011001 the row is 01(row 1) &
column is 1100(column 12)
The value in row 1 column 12 is 9,
so the output is 1001

45. S-BOX 1
45

46. DES Key GENERATION
 64 bit key is used as input to the algorithm
 The bits of the key are numbered 1 through 64. Every
eighth bit is ignored to generate a 56 bit key.
 Subkeys used in each round are generated from the
key K
 initial permutation of the key (PC1) which selects
56-bits
 The resulting 56 bit key is treated in two 28-bit
halves
46

47.  16 stages consisting of:
• rotating each half separately either 1 or
2 places depending on the key rotation
schedule K
• The shifted value acts as input to the next
round as well as to permuted choice PC2
• selecting 24-bits from each half &
permuting them by PC2 for use in round
function F
47

48. DES Decryption
 Decryption uses same algorithm as encryption
 As with Feistel design, decryption uses the same
algorithm as encryption except that the appliction of
subkeys is reversed (SK16 … SK1)
 IP-1 undoes final FP step of encryption
 1st round with SK16 undoes 16th encrypt round and so
on.................….
 16th round with SK1 undoes 1st encrypt round
 then final FP undoes initial encryption IP
 thus recovering original data value
48

49. Avalanche Effect
 key desirable property of encryption algorithm is
 When there is a small change in either plaintext or key
bit it should results in changing many bits of the
ciphertext
 making attempts to “home-in” by guessing keys
impossible
 DES exhibits strong avalanche effect
49

50. Strength of DES – Key Size
 56-bit keys have 256 = 7.2 x 1016 values
 brute force search looks hard
 recent advances have shown is possible
 in 1997 on Internet in a few months
 in 1998 Electronic Frontier Foundation
announced that it had broken a DES encryption
using a special purpose DES Cracker machine 50

51. Strength of DES – nature of
des algorithm
 Cryptanalysis is possible by exploiting characteristics
of DES algorithm
 Focus has been on 8 S-boxes
 Because design criteria of both S-boxes & algorithm
is not made public there is a suspicion that
cryptanalysis is possible
 Despite this no one has succeeded in discovering the
weakness in S-boxes
51

52. Strength of DES – Timing
Attacks
 Timing attack is one in which information about key
or plaintext is obtained by observing how long it
takes for a given implementation to perform
decryption on various ciphers
 Timing attack exploits the fact that calculations can
take varying times depending on the value of the
inputs to it
52

53. Summary
 have considered:
 block vs stream ciphers
 Feistel cipher design & structure
 DES
• Encryption
• decryption
• Strength
53