This document describes Tharindu Weerasinghe's MSc research project on developing a hybrid cipher by combining a block cipher and a stream cipher. It summarizes the background on block ciphers like DES and stream ciphers like RC4. It then describes the researcher's algorithm that first encrypts plaintext using 3DES (a block cipher) and then RC4 (a stream cipher), and decrypts in the reverse order. The document discusses the benefits of combining ciphers and addresses some vulnerabilities of using block and stream ciphers individually. It also mentions the researcher implemented the algorithm in Java and measured encryption/decryption times.

1. Tharindu Weerasinghe
MSc/EE/08/MSc/24
Supervised by:
Dr. Manjula Sandirigama
Dr. Disala Uduwawala

2. HYBRID?
A
stream cipher & block cipher
are
combined together
to get
a secured
HYBRID cipher text

3. WHY?
 There are many ways to combine cryptographic
algorithms to get new algorithms. The impetus behind
the combination is increasing security.
When we consider a block or stream cipher alone, we
must admit that the strength of security is low.
In this research, the focus was, combining a block
cipher with a stream cipher to enhance the strength of
the cipher.

4. WHY?
Combined (Hybrid) ciphers are more secured than
stream or block ciphers alone.
They can be used as encryption algorithms in many
software applications used in networks...(e.g. Email
clients, Enterprise applications, etc…
Combining 3DES with RC4 is a new experience as 3DES
has a high complexity and that of RC4 is less.

5. BACKGROUND
What is a block cipher?
In cryptography, a block cipher is a symmetric key
cipher operating on fixed-length groups of bits called
blocks, with an unvarying transformations.
Might take 128 bit input and output 128 bit block of
cipher text. The key can be of any finite size.
Decryption is the inverse function of encryption

6. Example of a Block Cipher
DES
Data Encryption Standard – commonly used block
cipher , but it is vulnerable to timing attacks . And it is
obsolete now. But its enhancements like Triple DES &
AES are still in the scene.
Designed by IBM and the NSA, standardized in 1977.
Most widespread block cipher used by federal agencies,
banks (ATM machines), SSL, ...
Key length 56, block length 64.

7. DES Structure….

8. Triple DES (3DES)?
3DES is not a group, then the resultant cipher text is
much harder to break using exhaustive search: 2112
attempts instead of 256 attempts.
This is like having 3 DES blocks with 3 keys (or one key)
in between the input and output.
Three-key 3DES has an effective key length of 168 bits
and is defined as follows:
C = E(K3, D(K2, E(K1, P)))

9. BACKGROUND (Contd.)
What is a stream cipher?
In cryptography, a stream cipher is a symmetric key cipher
where plaintext bits are combined with a pseudorandom cipher
bit stream (key stream), typically by an exclusive-or (XOR)
operation.
In a stream cipher the plaintext digits are encrypted one at a
time, and the transformation of successive digits varies during
the encryption. An alternative name is a state cipher, as the
encryption of each digit is dependent on the current state. In
practice, the digits are typically single bits or bytes.

10. Stream cipher (contd.)
A stream cipher makes use of a much smaller and
more convenient key — 128 bits, for example. Based on
this key, it generates a pseudorandom key stream which
can be combined with the plaintext digits in a similar
fashion to the one-time pad.

11. Example of a Stream Cipher
RC4
In cryptography, RC4 (also known as ARC4 or
ARCFOUR meaning Alleged RC4) is the most widely-
used software stream cipher & used in popular
protocols such as Secure Sockets Layer (SSL) (to protect
Internet traffic) and WEP (to secure wireless networks).
While remarkable for its simplicity and speed in software.

12. RC4, described a bit…

13. RC4, described a bit…
RC4 generates a pseudorandom stream of bits (a key
stream). As with any stream cipher, these can be used for
encryption by combining it with the plaintext using bit-wise
XOR; decryption is performed the same way (since exclusive-
or is a symmetric operation).
To generate the key stream, the cipher makes use of a secret
internal state which consists of two parts:
A permutation of all 256 possible bytes. (denoted "S" in the
figure)
Two 8-bit index-pointers. (denoted "i" and "j“ in the figrue)

14. RC4 (key stream)

15. Problems with Block or Stream
cipher alone…

16. Block cipher problem
All block ciphers share two common theoretical
vulnerabilities, because they all encrypt multiple blocks
with a single key.
If an attacker can extract the key for one block, then he
breaks other blocks with almost zero effort. Also, an
attacker can collect many blocks encrypted with a single
key, which may allow attacks that are impossible against
a single block.

17. Stream cipher problem
All stream ciphers using a simple invertible operation as the
combiner have a common theoretical vulnerability.
Given some known or guessed plaintext, it is trivial for an
adversary to recover some of the pseudorandom masking
material.
For example, using P for plaintext, C for cipher text, R for
(pseudo) random data, and ^ for the most
common combining function, bitwise exclusive OR, we get:
encryption: C = P^R
decryption: P = C^R
but this means the enemy (if he has P) can do:
recover R: R = C^P

18. To overcome those problems?
Join stream and block ciphers 
In this research 3DES & RC4!

19. MY ALGORITHM (BIG Picture)
BLOCK Cipher
(Triple DES Encryption)
STREAM Cipher
(RC4 Encryption)
BLOCK Cipher
(Triple DES Decryption)
STREAM Cipher
(RC4 Decryption)
Input
Output
Cipher 2
Cipher 1
Plaintext 2
Plaintext 1

20. MY ALGORITHM (Overview)

21. What about my application?
The whole application (encryption/decryption
demonstrator) is written in Java.
Implementing the algorithm on paper is much easier
than getting the practical outcome of it. 
Technology used: Java EE together its standard
cryptographic libraries

22. IN MY JAVA PROGRAMS?
3DES, RC4 and the Hybrid Algorithms
It will take an input (plaintext) as an argument value
and encrypt it with DES, and RC4 then it will decrypt it
with RC4 and DES and finally output the result….
In between I have shown the cipher texts
It will calculate the execution time as well…

23. ENCRYPTION TIMES

24. DECRYPTION TIMEs

25. QUESTIONS?
I myself have some questions 
1. Why don’t you encrypt more than two times  ?
2. Can you say use this is in GSM  ?
3. What are the attacks that this algorithm might face ?
4. Any enhancements of this? (Combine AES with RC4 ?) I
have done it too…

26. ENHACEMENT BASED ON THIS
RESEARCH…
A CRYPTO TOOL
TO
EVALUATE
CRYPTOGRAPHIC ALGORITHMS

30. LOOK THE CRYPTO TOOL BY ME…
GO…

31. REFERENCES
Cryptography and Network Security Principles and
Practices, Fourth Edition By William Stallings
Types and Modes Combined Algorithm for Data
Encryption and Decryption (D.M.A.B. Mailewa1, T.D.B. Weerasinghe2, S.P.J
Perera3 ,C.A. Munasinghe4 Department of Computer Engineering, Faculty of Engineering,
University of Peradeniya1234
Evaluation of the RC4 Algorithm for Data Encryption
(Allam Mousa (1) and Ahmad Hamad (2)
(1) Electrical Engineering Department An-Najah University, Nablus, Palestine
(2) Systems EngineerPalTel Company, Nablus, Palestine

32. REFERENCES (contd.)
Combining stream ciphers and block ciphers - Sandy Harris
(sandy@coldstream.ca)
Internet (Wikipedia, DES & RSA references)

33. THANK YOU!