Modern Block Ciphers

Symmetric Key Cipher

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 1

Symmetric Key Ciphers
• However one particular element underlies many of the security mechanisms in
use:
• cryptographic techniques

• Symmetric-key cipher:
• The original message from Alice to Bob is called plaintext;
• the message that is sent through the channel is called the ciphertext.
• To create the ciphertext from the plaintext, Alice uses an encryption algorithm and a
shared secret key.
• To create the plaintext from ciphertext, Bob uses a decryption algorithm and the
same secret key.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 2

Symmetric Key Ciphers

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 3

Kerckhoff’s principle
• Traditionally symmetric encryption is used to provide message confidentiality

• Kerckhoff’s principle
• A cryptosystem should be secure even if everything about the system, except
the key, is public knowledge.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 4

Kerckhoff’s principle
• Basic assumption - Kerckhoffs’ assumption
• adversary has access to all data transmitted over cipher channel
• adversary knows all details of the encryption function except the secret key

• The security of a cipher

• must not depend on anything that cannot be easily changed

• The opponent is not to be underestimated

• The opponent knows the encryption and decryption algorithms.
• The strength of a cipher system depends ONLY on keeping the key information
secret, not the algorithm

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 5

Symmetric Key Cryptography

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 6

Model for Network Security

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 7

Model for Network Security
• Using this model requires us to:
• design a suitable algorithm for the security transformation
• generate the secret information (keys) used by the algorithm
• develop methods to distribute and share the secret information
• specify a protocol enabling the principals to use the transformation and
secret information for a security service

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 8

Types of symmetric key ciphers
• The literature divides the symmetric ciphers into two broad categories:
• stream ciphers and block ciphers.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 9

Stream Cipher
• Stream Cipher:
• Encrypt digital data stream of plaintext message one bit or one character at a time
• Call the plaintext stream P, the ciphertext stream C, and the key stream K.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 10

Block Cipher
• Block cipher:
• Processes the plaintext in relatively large blocks (e.g. n≥64 bits)
• Creating a group of cipher text of the same size n
• A single key is used to encrypt the whole block even if the key is made of multiple
values.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 11

Introduction to modern Symmetric Key
Ciphers
• Modern Block Ciphers
• A symmetric-key modern block cipher encrypts an n-bit block of plaintext or decrypts
an n-bit block of ciphertext.
• The encryption or decryption algorithm uses a k-bit key.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 12

Block Cipher
• A symmetric key modern cipher encrypts an n bit block of plaintext or decrypts
an n bit block of cipher-text (n: block length)

• Padding:
• If the message has fewer than n bits, padding must be done to make it n bits.
• If the message size is not a multiple of n, then it should be divided into n bit blocks
and the last block should be padded.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 13

Block Cipher
• How many padding bits must be added to a message of 100 characters if 8-bit
ASCII is used for encoding and the block cipher accepts blocks of 64 bits?

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 14

Block Cipher
• How many padding bits must be added to a message of 100 characters if 8-bit
ASCII is used for encoding and the block cipher accepts blocks of 64 bits?

• Solution:
• Encoding 100 characters using 8-bit ASCII results in an 800-bit message. The
plaintext must be divisible by 64. If | M | and |Pad| are the length of the
message and the length of the padding,

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 15

Transposition Cipher
• A modern block cipher can be designed to act as a
• substitution cipher or a transposition cipher.

• Transposition Ciphers:
• Involves rearrangement of bits, without changing the value
• Consider an n bit cipher
• How many such rearrangements are possible?
• n!
• How many key bits are necessary?
• ceil[log2 (n!)]

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 16

Transposition Cipher
• Show the model and the set of permutation tables for a 3-bit block
transposition cipher where the block size is 3 bits.

• Solution :
• The set of permutation tables has 3! = 6 elements.
• Key : ceil(log26)=3 bits

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 17

Transposition Cipher

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 18

Substitution Cipher
• Substitution Ciphers:
• It does not transpose bits, but substitutes values
• Can we model this as a permutation?
• Yes. The n bit inputs and outputs can be represented as 2n bit sequences, with
one 1 and the rest 0’s.
• This can be thus modelled as a transposition.

• Thus it is a permutation of 2n values, thus needs

• Key - ceil[log2(2n!)] bits.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 19

Substitution Cipher
• Show the model and the set of permutation tables for a 3-bit block substitution
cipher.

• Solution:
• Figure next shows the model and the set of permutation tables.
• The key is also much longer, [log2(40,320)] = 16 bits.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 20

Substitution Cipher

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 21

Block Cipher
• A modern block cipher can be designed to act as a substitution cipher or a
transposition cipher

• To be resistant to exhaustive-search attack, a modern block cipher needs to be

designed as a substitution cipher.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 22

Example
• Suppose that we have a block cipher where n = 64. If there are 10 1’s in the
ciphertext, how many trial-and error tests does Eve need to do to recover the
plaintext from the intercepted ciphertext in each of the following cases?

a. The cipher is designed as a substitution cipher.

b. The cipher is designed as a transposition cipher

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 23

Example
• Solution

• In the first case, Eve has no idea how many 1’s are in the plaintext. Eve needs to
try all possible 264 64-bit blocks to find one that makes sense.

• In the second case, Eve knows that there are exactly 10 1’s in the plaintext. Eve
can launch an exhaustive-search attack using only those 64-bit blocks that have
exactly 10 1’s.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 24

Components of a Modern Block Cipher

• Most important components:

• PBox: It is a key-less fixed transposition cipher
• SBox: It is a key-less fixed substitution cipher

• Diffusion: it hides the relationship between the ciphertext and the

plaintext
• Diffusion refers to the property that redundancy in the statistics of the plaintext is
"dissipated" in the statistics of the ciphertext.
• Changing a single bit in a block of plain text will have the effect of changing each bit
of cipher text with probability of 0.5
• However, this changes are scattered across the block of cipher text.
• Transposition enhances diffusion!!!

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 25

Components of a Modern Block Cipher

• Confusion: it hides the relationship between the ciphertext and the key

• Confusion refers to making the relationship between the key and the ciphertext
as complex and as involved as possible

• a single bit change in key - changes roughly half of the bits in corresponding
cipher text,

• moreover positions of changed (flipped) bits are random!

• Substitution enhances confusion!!

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 26

Principle of Confusion and Diffusion
• The design principles of Block Cipher depends on these properties

• The S-Box is used to provide confusion,

• as it is dependent on the unknown key

• The P-Box is fixed, and there is no confusion due to it

• But it provides diffusion

• Properly combining these is necessary.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 27
Permutation Box - P Box
• Performs permutation or rearrangement of the bits in the input

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 28

Three types of P-Boxes

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 29

Example
• Figure below shows all 6 possible mappings of a 3 × 3 P-box

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 30

Example

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 31

Example

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 32

SBox
• An SBox (substitution box) is an nxm substitution box,
• where m and n are not necessarily same

• Each output bit is a Boolean function of the inputs

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 33

SBox
• Linear SBox

• Non-Linear Sbox
• In a non-linear S-Box, each of the elements cannot be expressed as above
• Eg.
Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 34
SBox - Example
• The following table defines the input/output relationship for an S-box of size 3 × 2 (3 bits input, 2 bits
output). The leftmost bit of the input defines the row; the two rightmost bits of the input define the
column. The two output bits are values on the cross section of the selected row and column.

• Based on the table, an input of 010 yields the output 01. An input of 101 yields the output of 00.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 35

SBox – Example (6×4-bit )
• Selecting the row using the outer two bits (the first and last bits), and
the column using the inner four bits.
• For example, an input "011011" has outer bits "01" and inner bits
"1101";
• the corresponding output would be "1001

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 36

SBox
• An S-box may or may not be invertible.

• In an invertible S-box, the number of input bits should be the same

as the number of output bits.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 37

SBox - Example
• Example shows invertible S-box.
• Encryption : If the input to the left box is 001, the output is 101.
• Decryption : The input 101 in the right table creates the output 001,
which shows that the two tables are inverses of each other.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 38

Exclusive-Or (XOR)
• An important component in most block ciphers is the exclusive-or
operation.

• The inverse of a component in a cipher

• if the component represents a unary operation (one input and one output).

• keyless P-box or a keyless S-box can be made invertible because they

have one input and one output.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 39

Exclusive-Or (XOR)
• An XOR is a binary operation.
• The inverse of an XOR is possible
• Only if one of the inputs is fixed (is the same in encryption and decryption).

• If one of the inputs is the key,

• which is the same in encryption and decryption,
• XOR self-invertible

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 40

Properties of XOR

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 41

Exclusive-Or (XOR)
• Invertibility of the exclusive-or operation

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 42

Circular Shift
• It shifts each bit in an n-bit word k positions to the left.
• The leftmost k bits become the rightmost bits.
• Invertible Transformation

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 43

Circular Shift
• Swap:
• A special type of shift operation where k=n/2

• Example : Swap operation on an 8-bit word

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 44

Circular Shift
• Two other operations found in some block ciphers are split and
combine.

• Example: Split and combine operations on an 8-bit word

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 45

Improving Security
• Two key ideas:
1. Product Ciphers:
• Shannon introduced the concept of a product cipher.
• A product cipher is a complex cipher combining substitution, permutation, and
other components (e.g., shift, exclusive OR, etc.)
• combines two or more transformations
• resulting cipher is more secure than the individual components
• If S1: A → B and S2: B → C are ciphers,
• so S = S1 × S2 : A → C

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 46

Improving Security
2. Iterated Cipher:
• a block cipher involving the sequential repetition of an internal function called a
round function controlled by some parameters

• If S : A → A is a cipher, consider
• Sk = S × S × . . . × S : A → A

• A product of S with itself is denoted S x S or S2

• As k increases, Sk is expected to have higher security

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 47

Improving Security
• Diffusion and confusion can be achieved using iterated product
ciphers where each iteration is a combination of S-boxes, P-boxes,
and other components.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 48

A product
cipher made
of two rounds

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 49

A product cipher
made of two
rounds

• Diffusion and confusion in a block cipher

• Avalanche effect:
• A small change in a plaintext or key
will produces a large change in the
cipher-text

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 50

Practical Ciphers
• Large data blocks

• More S-Boxes

• More rounds

• These help to improve the diffusion and confusion in the cipher.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 51

Two Classes of Product Ciphers
• Modern block ciphers are all product ciphers, but they are divided into two
classes.

1. Feistel ciphers
• Ex. DES (Data Encryption Standard)

2. Non-Feistel ciphers (Substitution Permutation Networks)

• Ex. AES (Advanced Encryption System)

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 52

Feistel Cipher
• Feistel cipher refers to a type of block cipher design, not a specific cipher

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 53

Feistel Cipher - Example
• plaintext and cipher-text - 4 bits long

• key - 3 bits long.

• Function f(k):
• takes the first and third bits of the key,
• interprets these two bits as a decimal number,
• squares the number,
• interprets the result as a 4-bit binary pattern

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 54

Feistel Cipher - Example
• Show the results of encryption and decryption
• if the original plaintext is 0111 and the key is 101

• The function extracts the first and third bits of key: 11 in binary or 3 in decimal.

• The result of squaring is 9, which is 1001 in binary.

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 55

Feistel Cipher
• Improvement of the previous Feistel design

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 56

Final design of a Feistel cipher with two rounds

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 57

Final design of a Feistel cipher
• Encryption:
• Split plaintext block into left and right halves:
• Plaintext = (L0,R0)

• For each round i=1,2,...,n, compute

• Li= Ri-1
• Ri= Li-1 f(Ri-1,Ki)

• where f is round function and Ki is subkey

• Ciphertext = (Ln,Rn)

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 58

Final design of a Feistel cipher
• Decryption: Ciphertext = (Ln,Rn)

• For each round i=n,n-1,…,1, compute

• Ri-1 = Li
• Li-1 = Ri f(Ri-1,Ki)

• where f is round function and Ki is subkey

• Plaintext = (L0,R0)

Dr. Reema Patel, B.Tech,SOT,PDPU,IS-2019 59