STREAM CIPHER

— Encrypts a digital data stream one bit or one byte at a time

o Examples:
 Autokeyed Vigenère cipher
 Vernam cipher
— In the ideal case a one-time pad version of the Vernam cipher would be used, in which
the keystream is as long as the plaintext bit stream
o If the cryptographic keystream is random, then this cipher is unbreakable by
any means other than acquiring the keystream
 Keystream must be provided to both users in advance via some
independent and secure channel
 This introduces insurmountable logistical problems if the intended data
traffic is very large
— For practical reasons the bit-stream generator must be implemented as an algorithmic
procedure so that the cryptographic bit stream can be produced by both users
o It must be computationally impractical to predict future portions of the bit
stream based on previous portions of the bit stream
o The two users need only share the generating key and each can produce the
keystream
BLOCK CIPHER
— Stream cipher: encrypt bit by bit
— Block cipher: encrypt block by block
— A block of plaintext is treated as a whole and used to produce a ciphertext block of
equal length
— Typically a block size of 64 or 128 bits is used
— As with a stream cipher, the two users share a symmetric encryption key
— The majority of network-based symmetric cryptographic applications make use of
block ciphers
STREAM CIPHER AND BLOCK CIPHER

IDEAL BLOCK CIPHER

FEISTEL CIPHER
— Proposed the use of a cipher that alternates substitutions and permutations
o Substitution: each plaintext element or group of elements is uniquely replaced
by a corresponding ciphertext element or group of elements
o Permutation: no elements are added or deleted or replaced in the sequence,
rather the order in which the elements appear in the sequence is changed
— Is a practical application of a proposal by Claude Shannon to develop a product cipher
that alternates confusion and diffusion functions
— Is the structure used by many significant symmetric block ciphers currently in use

DIFFUSION AND CONFUSION

— Terms introduced by Claude Shannon to capture the two basic building blocks for any
cryptographic system
o Shannon’s concern was to thwart cryptanalysis based on statistical analysis
— Diffusion:
o The statistical structure of the plaintext is dissipated into long-range statistics of
the ciphertext
 o This is achieved by having each plaintext digit affect the value of many
ciphertext digits
— Confusion:
o Seeks to make the relationship between the statistics of the ciphertext and the
value of the encryption key as complex as possible
o Even if the attacker can get some handle on the statistics of the ciphertext, the
way in which the key was used to produce that ciphertext is so complex as to
make it difficult to deduce the key
FEISTEL CIPHER STRUCTURE
— Li=Ri-1
— Ri=Li-1 xor F(Ri-1,Ki)
— F function performs the substitution
— A permutation is performed by interchanging the two halves of the data
— This structure is a particular form of the substitution-permutation network (SPN)
proposed by Shannon
FESTIAL EXAMPLE

FEISTEL CIPHER DESIGN FEATURES

— Block size
o Larger block sizes mean greater security but reduced encryption/decryption
speed for a given algorithm
— Key size
o Larger key size means greater security but may decrease
encryption/decryption speeds. Key sizes of 64 bits or less are now widely
considered to be inadequate, and 128 bits has now become a common size
— Number of rounds
o The essence of the Feistel cipher is that a single round offers inadequate
security but that multiple rounds offer increasing security
— Subkey generation algorithm
o Greater complexity in this algorithm should lead to greater difficulty of
cryptanalysis
— Round function F
o Greater complexity generally means greater resistance to cryptanalysis
— Fast software encryption/decryption
o In many cases, encrypting is embedded in applications or utility functions in
such a way as to preclude a hardware implementation; accordingly, the speed
of execution of the algorithm becomes a concern
— Ease of analysis
o If the algorithm can be concisely and clearly explained, it is easier to analyse
that algorithm for cryptanalytic vulnerabilities and therefore develop a higher
level of assurance as to its strength
BLOCK CIPHER DESIGN PRINCIPLES: NUMBER OF ROUNDS
— The greater the number of rounds, the more difficult it is to perform cryptanalysis
— In general, the criterion should be that the number of rounds is chosen so that known
cryptanalysis efforts require greater effort than a simple brute-force key search attack
— If DES had 15 or fewer rounds, differential cryptanalysis would require less effort than
a brute-force key search
DESIGN OF FUNCTION F
— The heart of a Feistel block cipher is the function F
— The more nonlinear F, the more difficult any type of cryptanalysis will be
— The SAC and BIC criteria appear to strengthen the effectiveness of the confusion
function
— The algorithm should have good avalanche properties
o Strict avalanche criterion (SAC):
 States that any output bit j of an S-box should change with probability
½ when any single input bit i is inverted for all i, j
o Bit independence criterion (BIC):
 States that output bits j and k should change independently when any
single input bit i is inverted for all i, j, and k
BLOCK CIPHER DESIGN PRINCIPLES: KEY SCHEDULE ALGORITHM
— With any Feistel block cipher, the key is used to generate one subkey for each round
— In general, we would like to select subkeys to maximise the difficulty of deducing
individual subkeys and the difficulty of working back to the main key
— It is suggested that, at a minimum, the key schedule should guarantee key/ciphertext
Strict Avalanche Criterion and Bit Independence Criterion
DATA ENCRYPTION STANDARD (DES)
— Issued in 1977 by the National Bureau of Standards (now NIST) as Federal Information
Processing Standard 46
— Was the most widely used encryption scheme until the introduction of the Advanced
Encryption Standard (AES) in 2001
— Algorithm itself is referred to as the Data Encryption Algorithm (DEA)
 o Data are encrypted in 64-bit blocks using a 56-bit key
o The algorithm transforms 64-bit input in a series of steps in a 64-bit output
o The same steps, with the same key, are used to reverse the encryption

DES ENCRYPTION ALGORITHM

— A 48-bit subkey (Ki) is produced by the combination of a left circular shift and a
permutation

F FUNCTION IN DES
— Expansion P-box (Permutation box)
o 32 bits to 48 bits
— 8 S-box (Substitution box)
— Straight P-box
F FUNCTION IN DES

DES EXAMPLE
— Plaintext: 02468aceeca86420
— Key: 0f1571c947d9e859
— Ciphertext: da02ce3a89ecac3b
— Note: DES subkeys are shown as eight 6-bit values in hex format
AVALANCHE EFFECT IN DES: CHANGE IN PLAINTEXT

AVALANCHE EFFECT IN DES: CHANGE IN KEY

— Original Key: 0f1571c947d9e859
— Altered Key: 1f1571c947d9e859
AVERAGE TIME REQUIRED FOR EXHAUSTIVE KEY SEARCH

CRACK DES: TIMING ATTACK

— Information about the key or the plaintext is obtained by observing how long it takes a
given implementation to perform decryptions on various ciphertexts
— Exploits the fact that an encryption or decryption algorithm often takes slightly different
amounts of time on different inputs
— So far it appears unlikely that this technique will ever be successful against DES or
more powerful symmetric ciphers such as triple DES and AES