Unit-2

Block Cipher and Public Key Cryptography

ALGORITHM TYPES AND MODES

Let us discuss two key aspects of such algorithms: algorithm types and algorithm modes.
 An algorithm type defines what size of plain text should be encrypted in each step of the
algorithm.
 The algorithm mode defines the details of the cryptographic algorithm, once the type is decided.

Algorithm Types

Stream Ciphers

In stream ciphers, the plain text is encrypted one bit at a time. Stream-cipher technique involves the
encryption of one plain-text bit at a time. The decryption also happens one bit at a time.

Block Cipher:
A block cipher takes a block of plaintext bits and generates a block of cipher text bits,
generally of same size. The size of block is fixed in the given scheme. The choice of block
size does not directly affect to the strength of encryption scheme. The strength of cipher
depends up on the key length.
Block Size:
Block ciphers use a block of bits as the unit of encryption and decryption. To encrypt a 64-
bit block, one has to take each of the 264 input values and map it to one of the 264 output
values.
Concepts of Confusion and Diffusion
Confusion is a technique of ensuring that a cipher text gives no clue about the original plain
text. This is to try and thwart the attempts of a cryptanalyst to look for patterns in the cipher
text, so as to deduce the corresponding plain text. We already know how to achieve
confusion: it is achieved by means of the substitution techniques
Diffusion increases the redundancy of the plain text by spreading it across rows and
columns. We have already seen that this can be achieved by using the transposition
techniques (also called permutation techniques).
Algorithm Modes
 There are four important algorithm modes, namely Electronic Code Book (ECB), Cipher
Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB).
Electronic Code Book (ECB) Mode
Electronic Code Book (ECB) is the simplest mode of operation. Here, the incoming plain-
text mes- sage is divided into blocks of 64 bits each. Each such block is then encrypted
independently of the other blocks. For all blocks in a message, the same key is used for
encryption. This process is shown in Fig.

At the receiver’s end, the incoming data is divided into 64-bit blocks, and by using the same key as
was used for encryption, each block is decrypted to produce the corresponding plain-text block. This
process is shown in Fig.

In ECB, since a single key is used for encrypting all the blocks of a message, if a plain-text block
repeats in the original message, the corresponding cipher-text block will also repeat in the encrypted
message.

Cipher Block Chaining (CBC) Mode

To overcome the problem in ECB, the Cipher Block Chaining (CBC) mode ensures that even if a block of plain
text repeats in the input, these two (or more) identical plain-text blocks yield totally different cipher-text blocks
in the output. For this, a feedback mechanism is used.

Chaining adds a feedback mechanism to a block cipher. In Cipher Block Chaining (CBC), the results of the
encryption of the previous block are fed back into the encryption of the current block. That is, each block is used
to modify the encryption of the next block.

The encryption process of CBC is depicted in Fig. 3.8 and described thereafter.
As shown in the figure, the first step receives two inputs: the first block of plain text and a random block of text,
called Initialization Vector (IV).
(a) The IV has no special meaning: it is simply used to make each message unique. Since the value of IV is
randomly generated, the likelihood of it repeating in two different messages is quite rare. Consequently, IV helps
in making the cipher-text somewhat unique, or at least quite different from all the other cipher texts in a different
message. The output of step 1 is cipher-text block 1, which is also one of the two inputs to the second encryption
step.
(b) The first block of cipher text and IV are combined using XOR and then encrypted using a key to produce the
first cipher-text block. The first cipher-text block is then provided as a feedback to the next plain-text block, as
explained below.

2. In the second step, the second plain-text block is XORed with the output of step 1, i.e. the first cipher-text
block. It is then encrypted with the same key, as used in step 1. This produces ciphertext block 2.
3. In the third step, the third plain-text block is XORed with the output of step 2, i.e. the second cipher-text
block. It is then encrypted with the same key, as used in step 1.
4. This process continues for all the remaining plain-text blocks of the original message.

The decryption process works as follows.

1. The cipher-text block 1 is passed through the decryption algorithm using the same key, which was used during
the encryption process for all the plain-text blocks. The output of this step is then XORed with the IV. This
process yields plain-text block 1.
2. In step 2, the cipher-text block 2 is decrypted, and its output is XORed with cipher-text block 1, which yields
plain-text block 2.
3. This process continues for all the Cipher text blocks in the encrypted message.
The decryption process is shown in Fig. 3.9.

3. Cipher Feedback (CFB) Mode

Step 1 Like CBC, a 64-bit Initialization Vector (IV) is used in the case of CFB mode. The IV is kept in a shift
register. It is encrypted in the first step to produce a corresponding 64-bit IV cipher text. This is shown in Fig.

Step 2 Now, the leftmost (i.e. the most significant) j bits of the encrypted IV are XORed with the first j bits of the
plain text. This produces the first portion of cipher text (say C) as shown in Fig. 3.11. C is then transmitted to the
receiver.
Step 3 Now, the bits of IV (i.e. the contents of the shift register containing IV) are shifted left by j positions.
Thus, the rightmost j positions of the shift register now contain unpredictable data. These rightmost j positions
are now filled with C. This is shown in Fig. 3.12.

Step 4 Now, steps 1 through 3 continue until all the plain-text units are encrypted. That is, the following steps are
repeated:
● IV is encrypted.
● The leftmost j bits resulting from this encryption process are XORed with the next j bits of the plain text.
● The resulting cipher-text portion (i.e. the next j bits of cipher text) is sent to the receiver.
● The shift register containing the IV is left-shifted by j bits.
● The j bits of the cipher text are inserted from right into the shift register containing the IV.

Figure 3.13 shows the overall conceptual view of the CFB mode.
At the receiver’s end, the decryption process is pretty similar, with minor changes.

4. Output Feedback (OFB) Mode

The Output Feedback (OFB) mode is extremely similar to the CFB. The only difference is that in the case of
CFB, the cipher text is fed into the next stage of encryption process. But in the case of OFB,

the output of the IV encryption process is fed into the next stage of encryption process. Therefore, we shall not
describe the details of OFB, and instead, shall simply draw the block diagram of the OFB process, as shown in
Fig. 3.14. The same details as discussed in CFB apply here, except the change, as pointed out above.
5. Counter (CTR) Mode

The Counter (CTR) mode is quite similar to the OFB mode, with one variation. It uses sequence numbers called
counters as the inputs to the algorithm. After each block is encrypted, to fill the register, the next counter value is
used. Usually, a constant is used as the initial counter value, and is incremented (usually by 1) for every iteration.
The size of the counter block is the same as that of the plain-text block.

For encryption, the counter is encrypted and then XORed with the plain text block to get the cipher text. No
chaining process is used. On the other hand, for decryption, the same sequence of counters is used. Here, each
encrypted counter is XORed with the corresponding cipher-text block to obtain the original plain-text block.
The overall operation of the counter mode is shown in Fig. 3.15 and Fig. 3.16.
Fig. 3.15

Fig. 3.15 Counter (CTR) mode: the encryption process

Fig. 3.16 Counter (CTR) mode: the decryption process

The encryption or decryption process in the counter can be done in parallel on multiple text blocks, since no
chaining is involved. This can make the execution speed of the counter faster.

SYMMETRIC-KEY CRYPTOGRAPHY

Symmetric-key cryptography is referred to by various other terms, such as secret-key cryptography or private-
key cryptography.

In this scheme, only one key is used and the same key is used for both encryption and decryption of messages.
Obviously,
both the parties must agree upon the key before any transmission begins, and nobody else should know
Computer-based about it.

Fig. 3.17 Symmetric-key cryptography

RC-5 Algorithm
 In RC-5, the word size (i.e. input plaintext block size), number of rounds and number of keys are not
fixed i.e. all can be of variable length.
 Once w, r, k (word size, number of rounds, number of keys) are finalized then they remain same for all
the rounds.
 Plain text can be 32 bits, 64 bits or 128 bits
 Number of rounds can be between 0-255
 Key size can be between 0 to 255 bytes
Encryption using RC5
Encryption involved several rounds of a simple function. 12 or 20 rounds seem to be recommended, depending
on security needs and time considerations.
We initialize the counter to 1 and perform some permutation and combination using addition and XOR
The algorithm works into two phases:
a. First it starts with phase one
b. Output of phase one become input of phase two
We divide the plaintext block into two equal parts A and B
Then they are XOR with two subkeys S{0} and S{1}
C=A+S[0]
D=B+S[1]

for i = 1 to r do:
1. C ⊕ D = E
2. perform circular left shift on E by D bits
3. add E and S[2 * i] and store the result in F which is input for step 4
4. D ⊕ F = G
5. perform circular left shift on G by F bits
6. add G and S[2 * i + 1] and store the result in H
7. If i< r
Call F as C and H as D and repeat the steps from 1 to 7
else stop
  Once both the phases are completed the counter is incriminated and we check if it is greater than the
number of rounds, if yes then the algorithm terminals and if no then the algorithm iterates.

Decryption:
Decryption is a straightforward reversal of the encryption process