This document provides an overview of symmetric and public key cryptography systems. It discusses how symmetric key cryptography uses a shared private key for encryption and decryption, while public key cryptography uses separate public and private keys. Symmetric systems are simpler and faster but require secure key exchange, while public key systems avoid this problem by allowing public distribution of public keys. The document then covers specific symmetric and public key algorithms as well as how digital signatures and certificates work with public key encryption.

1. Course code: CSC445
Course title :
IntroductiontoCryptographyand informationsecurity
PART: 2
Prof. Taymoor Mohamed Nazmy
Dept. of computer science, faculty of computer science, Ain Shams uni.
Ex-vice dean of post graduate studies and research Cairo, Egypt
1

2. Symmetric Key Systems, &
Public Key Systems
2

3. Symmetric Key Systems, &
Symmetric Key Systems, & Public Key Systems
• Symmetric key cryptography is also known as shared key
cryptography. As the name suggests, it involves 2 people using the
same private key to both encrypt and decrypt information.
• Public key cryptography, on the other hand, is where 2 different
keys are used – a public key for encryption and a private key for
decryption.
• Symmetric-key systems are simpler and faster, but their main
drawback is that the two parties must somehow exchange the key in
a secure way.
• Public-key encryption avoids this problem because the public key
can be distributed in a non-secure way, and the private key is never
transmitted.

4. Symmetric Cryptography Protocol
 A typical protocol
1. Alice and Bob agree on cryptosystem (algorithm)
2. Alice and Bob agree on a key
3. Alice encrypts her message with the key
4. Alice sends the message to Bob
5. Bob decrypts the messages using same key
 A common variation is where a new key is issued for
each “session” (set of messages) and is corresponded
encrypted using the “master” key
4

5. Secret Key Cryptography
5

6. SKC: Security Uses
– Data is encrypted before being stored somewhere
– Only the entities knowing the key can decrypt it
– Cryptographic checksum
• A well-know algorithm
• Given a key and a message
• The algorithm produces a fixed-length message
authentication code (MAC) that is sent with the message
6

7. Public Key Cryptography
• Each individual has two keys
– a private key (d): need not be reveal to anyone
– a public key (e): preferably known to the entire world
• Public key crypto is also called asymmetric crypto. 7

8. • A message that is encrypted using a public key can only
be decrypted using a private key, while also, a message
encrypted using a private key can be decrypted using a
public key.
• Security of the public key is not required because it is
publicly available and can be passed over the internet.
Asymmetric key has a far better power in ensuring the
security of information transmitted during
communication.
• Asymmetric encryption is mostly used in day-to-day
communication channels, especially over the Internet.
Popular asymmetric key encryption algorithm includes
EIGamal, RSA, DSA, Elliptic curve

9. Asymmetric Encryption in Digital Certificates
• To use asymmetric encryption, there must be a
way of discovering public keys. One typical
technique is using digital certificates in a client-
server model of communication.
• A certificate is a package of information that
identifies a user and a server. It contains
information such as an organization’s name, the
organization that issued the certificate, the users’
email address and country, and users public key.

10. PKC: Security Uses
• Digital Signatures
– Proving that a message is generated by a particular individual
– Non-repudiation: the signing individual can not be denied, because only
him/her knows the private key.
plaintext
Signed
message
plaintext
Signed
message
verification
signing
Public key
Private key
10

11. Digital Signatures

12. 12
Public key vs. Symmetric key
Symmetric key Public key
Both share same key
(or one key is computable from the
other)
Typically faster Typically slower
Two parties MUST trust each
other
Two parties DO NOT need to trust each
other
Two separate keys: a public and a
private key
Examples:
DES, IDEA, RC5, CAST, AES, …
Examples:
RSA, ElGamal Encryption, ECC…
12

13. Shannon and cryptography,
Substitution ,Transposition Ciphers
13

14. Shannon and cryptography
• Communication Theory of Secrecy Systems is
a paper published in 1949 by Claude
Shannon discussing cryptography from the
viewpoint of information theory.
• It is one of the foundational treatments of
modern cryptography.
14

15. • In information theory, systems are modeled by a
transmitter, channel, and receiver. The
transmitter produces messages that are sent
through the channel.
• The channel modifies the message in some way.
The receiver attempts to infer which message was
sent. In this context, entropy (more
specifically, Shannon entropy) is the expected
value (mean) of the information contained in each
message. 'Messages' can be modeled by any flow
of information.
15

16. 1) The amount of required secrecy should determine the amount of encrypting/decrypting work.
In 1949 Shannon proposed the following characteristics of a good cipher:
2) The choice of keys and the enciphering algorithm should be free from complexity.
3) The implementation of the process should be as simple as possible.
4) Errors in ciphering should not propagate, corrupting other message parts.
5) The size of the ciphertext should be no larger than its corresponding plaintext.
Today’s priorities:
1) The encryption/decryption algorithm must be proven to be mathematically sound.
2) The algorithm must have been analyzed by experts for its vulnerability.
3) Time to encode/decode must still be acceptable.
16

17. Confusion and Diffusion
• Claude Shannon, considered these two terms:
•
• “Confusion” = Substitution
• a -> b
• Exp: Caesar cipher
• “Diffusion” = Transposition or Permutation
• abcd -> dacb
• Exp: DES
Encryption Decryption
plaintext ciphertext plaintext
Key KA Key KB
17

18. Mathematical review on
Modular Arithmetic
 Several important cryptosystems make use of
modular arithmetic.
 When a = qn + r, where q is the quotient and r is the remainder
upon dividing a by n, we write:
a mod n = r , some times mod can be replaced by %,
a % n= r
n is the modulus. Sometimes r is called the residue or reminder
 For example:
 17 mod 5 = 2 because 17 = 5∙3 + 2
 35 mod 7 = 0 because 35 = 7∙5 + 0
 29 mod 8 = 5 because 29 = 8∙3 + 5 In the clock 12 is the mod

19. More examples
1. 8 mod 13 = 8 because 8 = 0∙13 + 8
2. 23 mod 11 = 1 because 23 = 2∙11 + 1
3. 46 mod 7 = 4 because 46 = 6∙7 + 4
4. 42 mod 3 = 0 because 42 = 14∙3 + 0
5. 31 mod 8 = 7 because 31 = 3∙8 + 7
6. 92 mod 15 = 2 because 92 = 6∙15 + 2
7. 27 mod 11 = 5 because 27 = 2∙11 + 5
8. 84 mod 5 = 4 because 84 = 16∙5 + 4

20. And a few more…
1.) -5 mod 12
2.) -4 mod 10
3.) -15 mod 15
4.) -23 mod 8
5.) -28 mod 7
6.) -46 mod 4
7.) -50 mod 9
8.) -61 mod 3

21. And a few more…
1.) -5 mod 12 = 7 because -5 = 12∙ -1 + 7
2.) -4 mod 10 = 6 because -4 = 10∙ -1 + 6
3.) -15 mod 15 = 0 because -15 = 15∙ -1 + 0
4.) -23 mod 8 = 1 because -23 = 8∙ -3 + 1
5.) -28 mod 7 = 0 because -28 = 7∙ -4 + 0
6.) -46 mod 4 = 2 because -46 = 4∙ -12 + 2
7.) -50 mod 9 = 4 because -50 = 9∙ -6 + 4
8.) -61 mod 3 = 2 because -61 = 3∙ -21 + 2

23. 30.23
A substitution cipher replaces one
symbol with another.
Note
23

24. The oldest algorithm:
Substitution cipher
• Each letter of alphabet is replaced by another
letter or symbol, or several symbols.
• Example: A → 1, B → 2, C → 3 and so on
• Less trivial example:
• A → 26, B → 25, C → 24, …, Z → 1

25. • Substitution table:
• Immediately, we have a problem:
What is 262524?
• Is it ABC?
• Or is it YUYVYW?
• Or maybe ABYW?
• Also, we need to encode spaces between words.
A B C D E F G H I J K L M
26 25 24 23 22 21 20 19 18 17 16 15 14
N O P Q R S T U V W X Y Z
13 12 11 10 9 8 7 6 5 4 3 2 1

26. • It would be better to use the following cipher:
• A → 26, …,X →03, Y →02, Z → 01
and space is 00
• We know that every TWO symbols represent a letter
• Thus
• 14260719001808000719220807
• is…
• MATH IS THE BEST
A B C D E F G H I J K L M
26 25 24 23 22 21 20 19 18 17 16 15 14
N O P Q R S T U V W X Y Z
13 12 11 10 09 08 07 06 05 04 03 02 01

27. 27
Substitution by shifting

28. 28

29. 30.29
The shift cipher is sometimes referred to
as the Caesar cipher.
Note
29

30. Caesar cipher
• The Caesar cipher is one of the earliest known
and simplest ciphers.
• It is a type of substitution cipher in which each
letter in the plaintext is 'shifted' a certain number
of places down the alphabet.
• For example, with a shift of 1, A would be
replaced by B, B would become C, and so on. The
number of shift is considered to be the key of
cipher
30

31. Shift+13

32. 32

33. • How much the shift in this cipher ring?
• It is 15

34. Use Caesar cipher method with key=3 to convert the above
plaintext in to cipertext and vis versa.

35. 35
Using Modular in Caesar encryption

36. 36

37. 37

38. 38

39. Monoalphabetic Cipher
• Rather than just shifting the alphabet
• Could shuffle (jumble) the letters arbitrarily
• Each plaintext letter maps to a different random ciphertext
letter. Key is 26 letters long
• Now have a total of 26! = 4 x 1026 keys
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
39

40. 40

41. Monoalphabetic Cipher Security
• Now have a total of 26! = 4 x 1026 keys
• Is that secure?
• Problem is language characteristics
– Human languages are redundant
– Letters are not equally commonly used

42. Language Statistics and Cryptanalysis
• Human languages are not random.
• Letters are not equally frequently used.
• In English, E is by far the most common letter,
followed by T, R, N, I, O, A, S.
• Other letters like Z, J, K, Q, X are fairly rare.
• There are tables of single, double & triple letter
frequencies for various languages
42

43. English Single Letter Frequencies
43

44. Statistics for double & triple letters
• In decreasing order of frequency
• Double letters:
th he an in er re es on, …
• Triple letters:
the and ent ion tio for nde, …
44

45. Example Cryptanalysis of Monoalphabetic Cipher
• Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
• Count relative letter frequencies (see text)
• Guess P & Z are e and t
• Proceeding with trial and error finally get:
45

46. 46
Guess P & Z are e and t
Proceeding with trial and error finally get:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPES
XUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDT
SVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMB
ZWPFUPZHMDJUDTMOHMQ

47. Polyalphabetic Substitutions
• Definition: A polyalphabetic cipher is a cipher
where different substitution alphabets are used
for various parts of the plaintext.
• Four more famous versions of this are
• German Enigma Cipher Machine
• _ Vigenere Cipher
• - Playfair

48. 48
The “Machine” Ciphers
• Simple Manual Wheels
• Rotor
– Enigma
– Heburn
– SIGABA
– TYPEX
• Stepping switches
• Mechanical Lug and cage
48

49. Rotor machine
• In cryptography, a rotor machine is an electro-
mechanical stream cipher device used
for encrypting and decrypting secret messages.
Rotor machines were the cryptographic state-of-
the-art for a prominent period of history; they
were in widespread use in the 1920s–1970s.
• The most famous example is the German Enigma
machine, whose messages were deciphered by the
Allies during World War II, producing
intelligence code-named Ultra.
49

50. • The primary component is a set of rotors, also
termed wheels or drums, which are rotating disks with an
array of electrical contacts on either side.
• The wiring between the contacts implements a
fixed substitution of letters, replacing them in some
complex fashion.
• On its own, this would offer little security; however, after
encrypting each letter, the rotors advance positions,
changing the substitution. By this means, a rotor machine
produces a complex polyalphabetic substitution cipher,
which changes with every keypress.

51. The Enigma Machine
– Used by Nazi Germany
(1940’s)
– Broken by British
(Turing), Polish
– “Won us the war.” –
Churchill
51

52. Example : Enigma, world war 2,
German cipher machine
A typewriter* that based on wires and rotor setting would emit different letter
for every keypress.
current state
letter typed
new state
letter output
About 10113
possibilities to set the wirings and rotors.
Lightspeed supercomputer will take ≫ 1017
years to check them all
(universe is only 1010
years old)
Believed impossible to break by Germans.
Broken via heroic efforts by British at Bletchley park
• Cut German U-Boat success in sinking ships by ~90%
• Sank about 60% of German U-Boats in Mediterranean
• Crucial to success of Normandy D-day landing. 52

53. How did Enigma work?
• Rotors have different
wiring connecting input to
output
• Rotors move after each
keypress
• The key is the initial
position of the three rotors
53

54. Simplified Enigma
A a
B b
C c
D d
=
A c
B a
C c
D d
A a
B b
C c
D d
A a
B b
C c
D d
=
A b
B a
C d
D c
=
A d
B c
C a
D b
Every time a key is pressed the rotors
spin, so the overall substitution table
changes
A a
B b
C c
D d
A a
B b
C c
D d
A a
B b
C c
D d
=
A b
B c
C d
D a 54

55. Vigenère square
55
The Vigenère cipher is a method of encrypting alphabetic text. It is a form of
polyalphabetic substitution. To encrypt, a table of alphabets can be used,,
Vigenère square, or Vigenère table. It consists of the alphabet written out 26
times in different rows, each alphabet shifted cyclically to the left compared to
the previous alphabet, corresponding to the 26 possible Caesar ciphers.

56. How it works
• Suppose that the plaintext to be encrypted is:
• How are you
• The person sending the message chooses a keyword and repeats it until
it matches the length of the plaintext, for example, the keyword
“SEMON":
• HOWAREYOU
• SEMONSEMO
• Use Vigenère square and choose the first letter from plaintext from the
first column in the square, go horizontally to meet the corresponding
letter of the keyword on the first row of the square.

57. ThTThe plaintext letter

60. 60
Playfair Cipher
The technique encrypts pairs of letters , instead of single letters as in the simple
substitution cipher and rather more complex Vigenère cipher systems then in use.
The Playfair is thus significantly relatively, harder to break since the frequency
analysis used for simple substitution ciphers does not work with it.
The Playfair Cipher operates on pairs of letters (bigrams).
The key is a 5x5 square consisting of every letter except J.
Before encrypting, the plaintext must be transformed:
• Replace all J’s with I’s
• Write the plaintext in pairs of letters…
• …separating any identical pairs by a Z
• If the number of letters is odd, add a Z to the end

61. 61
Playfair Cipher: Encryption
• If two plaintext letters lie in the same row then
replace each letter by the one on its “right” in the key
square.

62. • If two plaintext letters lie in the same column then
replace each letter by the one “below” it in the key
square.

63. • Else, replace:
– First letter by letter in row of first letter and column of
second letter in the key square
– Second letter by letter in column of first letter and row of
second letter in the key square

64. 64
Playfair Cipher: Example
S T A N D
E R C H B
K F G I L
M O P Q U
V W X Y Z
GLOW WORM
GL OW WO RM
IK WT TW EO

65. A transposition cipher reorders
(permutes) symbols in a block of
symbols.
Note
65

66. Transposition Ciphers
• Definition: A Transposition Cipher is a cipher
in which the plaintext message is rearranged
by some means agreed upon by the sender and
receiver.
– In transposition ciphers, no new alphabet is
created. The letters of the plaintext are just
rearranged in some fashion…

67. Transposition (permutation) cipher
67

68. Transposition Ciphers
• Now consider classical transposition or
permutation ciphers
• These hide the message by rearranging the letter
order, without altering the actual letters used.
• Rail Fence Cipher is an example for this
ciphermethod.
68

69. Simple Types of Transposition Ciphers
• Rail Fence Cipher – The plaintext is written in a zig-zag pattern in two
rows and form the ciphertext by reading off the letters from the first row
followed by the second row.
• Example 1: Encipher “CHUCK NORRIS IS A TOUGH GUY”
– Row 1: CUKORSSTUHU
– Row 2: HCNRIIAOGGY
– ciphertext: CUKORSSTUHUHCNRIIAOGGY
• To decipher a rail fence cipher, we divide the ciphertext in half and reverse
the order of the steps of encipherment, that is, write the ciphertext in two
rows and read off the plaintext in zig-zag fashion.
• (Note: if there are an odd number of letters, the first row has one more
letter then the second)

70. 70

72. Basis of modern ciphers
• Claude Shannon - information theory
• product cipher
– perform two or more ciphers in sequence so that result
(product) is cryptographically stronger than any
component cipher
• alternate confusion & diffusion
• virtually all significant symmetric block ciphers
currently in use are of this type

73. Product Ciphers
• Ciphers using substitutions or transpositions are not secure because of
language characteristics
• A product cipher combines two or more transformations in a manner
intending that the resulting cipher is more secure than the individual
components to make it resistant to cryptanalysis.
• The product cipher combines a sequence of simple transformations such as
substitution (S-box),permutation (P-box) , and modular arithmetic.
• Hence consider using several ciphers in succession to make harder, but:
– Two substitutions make a more complex substitution
– Two transpositions make more complex transposition
– But a substitution followed by a transposition makes a new much harder
cipher
• This is bridge from classical to modern ciphers
73

74. Shannon’s product ciphers
• Shannon proposed product ciphers with two components
– S-Boxes -- substitution
• providing confusion of input bits
– P-Boxes -- permutation
• providing diffusion across S-box inputs
• n rounds of S-P boxes

75. n rounds of S-P boxes

76. Block Ciphers & Stream Ciphers
76

77. Block cipher vs stream cipher
• Ciphers can be distinguished into two types by the type of input
data, block and stream cipher:
• A block cipher consists of two paired algorithms, one for
encryption, E, and the other for decryption, D. Both algorithms
accept two inputs: an input block of size n bits and a key of size k
bits; and both yield an n-bit output block.
• In a stream cipher, each plaintext digit is encrypted one at a time
with the corresponding digit of the keystream, to give a digit of the
ciphertext stream. Since encryption of each digit is dependent on the
current state of the cipher,
• it is also known as state cipher. In practice, a digit is typically a bit
and the combining operation an exclusive-or (XOR).

78. 78
A symmetric classification
1 …… 1 …… 0 ……0 ……0
E
1……...1……..1…….0…….1
100110110100010111010010
1100100111010100100010011
E E E E
100110110100010111010010
110010011101010010001001
100110 110100 010111 010010
E E E E
110010 011101 010010 001001
… … … …
Stream cipher Block cipher

79. Stream cipher
• A stream cipher is a symmetric key cipher where
plaintext digits are combined with a pseudorandom
cipher digit stream (keystream).
• In a stream cipher, each plaintext digit is encrypted one
at a time with the corresponding digit of the keystream,
to give a digit of the ciphertext stream.
• Since encryption of each digit is dependent on the
current state of the cipher, it is also known as state
cipher. In practice, a digit is typically a bit and the
combining operation an exclusive-or (XOR).

80. XOR cipher
• In cryptography, the simple XOR cipher is a
type of additive cipher
• {01010111}  {10000011} = {11010100}
• {57}  {83} = {212}
80

82. – Each k[i] is a bit of the key, M[i] a bit of the plaintext, and
C[i] a bit of the ciphertext.
– The Operation between the plaintext and the key is `xor`.
Since the inverse of xor is xor with the same bit,
we see that encryption and decryption are simply xoring
with the same secret key.
– If the key is never
re-used and is chosen originally at random, one has perfect
security.
– This suggests one idea: What if,
instead of having a random key that must be conveyed in
its entirety, we could do with a small random key
and use it to create a ``stream’’ of bits that are just random
enough that one cannot distinguish from the real
thing?

83. 83
Vernam cipher
random key bits K1, K2,…, Kn
plaintext bits P1, P2,…, Pn
+
P1  K1, P2  K2,…, Pn  Kn
ciphertext bits
This cipher use XOR operation

84. Block Ciphers
• In general, a block cipher replaces a block of N plaintext bits with
a block of N ciphertext bits. (E.g., N = 64 or 128.)
• A block cipher is a monoalphabetic cipher.
• Each block may be viewed as a gigantic character.
• The “alphabet” consists of 2N gigantic characters.
• Each particular cipher is a one-to-one mapping from the plaintext
“alphabet” to the ciphertext “alphabet”.
• There are 2N! such mappings.
• A secret key indicates which mapping to use.
84

85. • most symmetric block ciphers are based on a Feistel
Cipher Structure
• Feistel proposed the use of a cipher that alternates
substitutions and permutations
• needed since must be able to decrypt ciphertext to
recover messages efficiently
• block ciphers look like an extremely large substitution
• would need table of 264 entries for a 64-bit block
•
• instead create from smaller building blocks
• using idea of a product cipher
85
Block Cipher Principles
85

86. Block Cipher
• Divide input bit stream into n-bit sections, encrypt only that
section, no dependency/history between sections
• In a good block cipher, each output bit is a function of all n
input bits and all k key bits
86

87. The Feistel Cipher Concept
• Input: a data block and a key
• Partition the data block into two halves L and R.
• Go through a number of rounds. The encryption process
uses the Feistel structure consisting multiple rounds of
processing of the plaintext, each round consisting of a
“substitution” step followed by a permutation step.
• In each round,
– R does not change.
– L goes through an operation that depends on R and a round
key derived from the key.
87

88. • Feistel cipher, a scheme used by almost all modern block
ciphers. The input is broken into two equal size blocks,
generally called left (L) and right (R), which are then
repeatedly cycled through the algorithm.
• At each cycle, a hash function (f) is applied to the right
block and the key, and the result of the hash is XOR-ed
into the left block. The blocks are then swapped.
• The XOR-ed result becomes the new right block and the
unaltered right block becomes the left block. The process
is then repeated a number of times.
Feistel cipher algorithm

89. 89
A Feistel cipher
L0 R0
f
L1=R0 R1 =L0  f (R0,K)
f
L2=R1
Key K
Key K
R2 =L1 f (R1,K)
plaintext


1
3
45
6
7
2

90. To decrypt, the ciphertext is broken into L and R
blocks, and the key and the R block are run
through the hash function to get the same hash
result used in the last cycle of encryption; notice
that the R block was unchanged in the last
encryption cycle.
• The hash is then XOR'ed into the L block to
reverse the last encryption cycle, and the
process is repeated until all the encryption
cycles have been backed out.

91. • The security of a Feistel cipher depends primarily
on the key size and the irreversibility of the hash
function. Ideally, the output of the hash function
should appear to be random bits from which
nothing can be determined about the input(s).
• Once the last round is completed then the two sub
blocks, ‘R’ and ‘L’ are concatenated in this order
to form the ciphertext block.

92. 92
Feistel Networks

93. Block Ciphers algorithms
• AES
• DES
• 3DES
• Twofish
• Blowfish
• Serpent
• RC4
• IDEA
• Etc.

94. Secret Key Cryptographic Algorithms
• DES (Data Encryption Standard)
• 3DES (Triple DES)
• AES (Advanced Encryption Standard)
• IDEA (International Data Encryption Algorithm)
94

95. DES - History
• The Data Encryption Standard (DES) was developed
in the 1970s by the National Bureau of Standards
with the help of the National Security Agency.
• Its purpose is to provide a standard method for
protecting sensitive commercial and unclassified data.
IBM created the first draft of the algorithm, calling it
LUCIFER. DES officially became a federal standard
in November of 1976.

96. Data Encryption Standard (DES)
The most widely used encryption scheme
DES is a block cipher
The plaintext is processed in 64-bit blocks
The key is 56-bits in length
Achieves its strength from repeated rounds of
substitution and permutation
96

97. DES - Basics
• DES uses the two basic techniques of
cryptography - confusion and diffusion.
• At the simplest level, diffusion is achieved
through numerous permutations and
confusions is achieved through the XOR
operation.

98. DEScription: One Round
• 64 bits divided into left,
right halves
• Right half goes through
function f, mixed with key
• Right half added to left half
• Halves swapped (except in
last round)
Li-1 Ri-1
Li Ri
 f

99. DES Algorithm
(1) Input feeds are parsed into 64-bit blocks. 64-bit
data blocks are permuted by an Initial Permutation
stage.
(2) Blocks are transformed using a 64-bit key
(3) Data blocks are split. Each half is scrambled
independently. The key is applied to one half, and the
two are swapped. The process is repeated 16 times.
99

100. Breaking DES
• The key length of DES was too short
– If a key is 56 bits long, that means there are 256 possible
keys
– “DES Cracker” machines were designed to simply brute
force all possible keys
• People began encrypting the plaintext multiple times
with different keys in order to increase the number of
keys that need to be checked
100

101. Triple-DES (3DES)
• C = DESk3(DESk2(DESk1(P))).
• Data block size: 64-bit
• Key size: 168-bit key;
• Encryption is slower than DES
• Securer than DES
101

102. Triple DES

103. AES (Advanced Encryption Standard)
• Authors: Daemen & Rijmen
• Block size:128-bit
• Key size: 128-bit, 192-bit, 256-bit
• Encryption is fast
• Security
– As of 2005, no successful attacks are recognized.
– NSA stated it secure enough for non-classified data.
103

104. Current attacks against AES
• On AES with 128-bit keys, a brute force attack would
require 2128 work
– Any technique that can decrypt a ciphertext with less than
2128 work is considered an attack
• Currently the best attacks on AES use variations of
differential cryptanalysis
– None of them work on the full number of rounds
104

105. AES

106. 106
DES, 3DES, and AES
DES
56
Weak
Moderate
Moderate
3DES
112 or 168
Strong
High
High
AES
128, 192, 256
Strong
Modest
Modest
Key Length (bits)
Key Strength
Processing
Requirements
RAM Requirements
106

107. Big numbers
 292 atoms in the average human body
 2128 possible keys in a 128-bit key
 2190 atoms in the sun
 2233 atoms in the galaxy
 2256 possible keys in a 256-bit key

108. 8.108
A block cipher by itself is only suitable for the secure cryptographic
transformation (encryption or decryption) of one fixed-length group of bits
called a block. A mode of operation describes how repeatedly to apply a
cipher's single-block operation securely to transform amounts of data larger
than a block.
– Partition into n-bit blocks
– Choose mode of operation
• Electronic Codebook (ECB),
• Cipher-Block Chaining (CBC),
• Cipher Feedback (CFB),
• Output Feedback (OFB),
• Counter (CTR)
-- Modes of operation have been devised to encipher text of
any size employing either DES or AES.
•
How to encrypt large messages?

109. 8.109
Modes of operation

112. Electronic Codebook (ECB) Mode
• ECB is the simplest mode of operation.
• The plain text is divided into N blocks.
• The block size is n bits.
• If the plaintext size is not multiple of the block
size , the text is padded to make the last block
the same size other blocks.
• Same key is used to encrypt and decrypt each
block

113. 8.113
Electronic Codebook (ECB) Mode
Electronic codebook (ECB) mode

117. 8.117The pseudorandomness in the key stream is achieved using a counter.

118. CBC
CTR
OFB
CFB

119. 8.119
Comparison of Different Modes
n-bit

120. End of part 2