DATA SECURITY &

CRYPTOGRAPHY
DES
By: Dr. Danish Shehzad

1
TYPES OF CRYPTOGRAPHY

 Symmetric Key Cryptography

 Assymetric/ Public Key Cryptography

SECRET KEY CRYPTOGRAPHY

 Conventional encryption/single key encryption

 Using a single key for encryption/decryption.
 The plaintext and the ciphertext having the same size.

 Also called symmetric key cryptography

SYMMETRIC ENCRYPTION
A symmetric encryption scheme has five ingredients
 Plaintext: This is the original message or data that is fed into the
algorithm as input.
 Encryption algorithm: The encryption algorithm performs various
substitutions and transformations on the plaintext.
 Secret key: The secret key is also input to the encryption algorithm. The
exact substitutions and transformations performed by the algorithm
depend on the key.
 Ciphertext: This is the scrambled message produced as output. It
depends on the plaintext and the secret key. For a given message, two
different keys will produce two different ciphertexts.
 Decryption algorithm: This is essentially the encryption algorithm run
in reverse. It takes the ciphertext and the secret key and produces the
original plaintext.
REQUIREMENTS FOR SECURE USE OF
SYMMETRIC ENCRYPTION

 Encryption algorithm should be strong

 Sender and receiver must have obtained copies of

the secret key in a secure fashion and must keep
the key secure.
APPROACHES FOR ATTACKING A SYMMETRIC
ENCRYPTION SCHEME.

 Cryptanalysis. Cryptanalytic attacks rely on

the nature of the algorithm plus perhaps some
knowledge of the general characteristics of the
plaintext or even some sample plaintext-
ciphertext pairs.

 Brute-force attack, is to try every possible

key on a piece of cipher text until an intelligible
translation into plaintext is obtained.
On average, half of all possible keys must be
tried to achieve success
TYPES OF CIPHERS
Block Cipher
 Processes the input one block of elements at a time
 Produces an output block for each input block
 Can reuse keys
 More common
 DES, Triple DES, AES

Stream Cipher
 Processes the input elements continuously
 Produces output one element at a time
 Primary advantage is that they are almost always faster and use
far less code
 Encrypts plaintext one byte at a time
 Pseudorandom stream is one that is unpredictable without
knowledge of the input key
 RC4 Rivest Cipher 4
SYMMETRIC BLOCK
ENCRYPTION ALGORITHMS

8
A block cipher processes the plaintext input in fixed- size
blocks and produces a block of cipher text of equal size for
each plaintext block.
DES
Triple DES
AES etc.,
DATA ENCRYPTION
STANDARD
 The Data Encryption Standard (DES) was designed by IBM.
 Block Cipher

9
 DES , adopted in 1977 by National Bureau of Standards(NBS), now
National institute of Standards and Technology(NIST) as Federal
information processing standard 46.
 It was unbroken for more than 10 years since its publication and some
aspects of its design were kept secret by IBM at the request of the US
National Security Agency (NSA); some people believed that IBM and
NSA had hidden a trapdoor in DES that only they knew about (that
they could use to crack DES)
DATA ENCRYPTION
STANDARD (DES)
 Block Cipher

10
 Block size – 64 bits
 Follows Feistel Structure
 Total Rounds – 16
 Key Size – 64 bits
 Sub keys – 16
 Sub key size – 48 bits
 Cipher text – 64 bits
DES CRITICISM
 Before adopting as standard ,intense criticism.

11
 First, Enormous reduction in the key.
 Too short to withstand brute force attack.
 Second , internal structure S-boxes was classified.
DES WIDE USE
 DES flourish in financial applications.

12
 In 1994, NIST reaffirm to use it for more 5 years.
 In 1999, NIST issue a new version of its standard
triple DES.
DES INTRODUCTION

DATA ENCRYPTION STANDARD (DES):

13
 Symmetric Key-block cipher
 Published by (NIST) National Institute of Standards and
Technology.
 DES is block cipher.
DES BLOCK CIPHER

14
DES BLOCK CIPHER

15
PERMUTATION'S CONCEPT

16
17
INITIAL PERMUTATION: IP(FROM LAST
TABLES)

 The 64-bit input data (message) block is first bitwise

permutated (i.e., the bits within the block are rearranged)

 This is done using the following permutation table:

Input Output
1 2 3 4 5 6 7 8 58 50 42 34 26 18 10 2
9 10 11 12 13 14 15 16 60 52 44 36 28 20 12 4
17 18 19 20 21 22 23 24 62 54 46 38 30 22 14 6
25 26 27 28 29 30 31 32 64 56 48 40 32 24 16 8
33 34 35 36 37 38 39 40 57 49 41 33 25 17 9 1
41 42 43 44 45 46 47 48 59 51 43 35 27 19 11 3
49 50 51 52 53 54 55 56 61 53 45 37 29 21 13 5
57 58 59 60 61 62 63 64 63 55 47 39 31 23 15 7
 Example: 35th bit of input block is equal to the 41st bit of the
output block.

18
FINAL PERMUTATION: IP-1
 The 64-bit output after 16 rounds is finally bitwise
permutated (i.e., the bits within the block are rearranged)

 This is done using the following permutation table:

Input Output

19
1 2 3 4 5 6 7 8 40 8 48 16 56 24 64 32
9 10 11 12 13 14 15 16 39 7 47 15 55 23 63 31
17 18 19 20 21 22 23 24 38 6 46 14 54 22 62 30
25 26 27 28 29 30 31 32 37 5 45 13 53 21 61 29
33 34 35 36 37 38 39 40 36 4 44 12 52 20 60 28
41 42 43 44 45 46 47 48 35 3 43 11 51 19 59 27
49 50 51 52 53 54 55 56 34 2 42 10 50 18 58 26
57 58 59 60 61 62 63 64 33 1 41 9 49 17 57 25
 Example: 41st bit of Input block is equal to the 35th bit of the
output block.
GENERAL STRUCTURE OF DES

20
Detail of single Round(continue..)

21
DES STEP-3
 ROUNDS:
There are 16 rounds, and each round is based on
Feistel Cipher structure.

22
 DES Function:
Applies 48 bit key to the rightmost 32-bit to
produce 32-bit o/p.
  Expansion P-Box

  Whitener

  Group of S-Boxes

  Straight P Box
DES STEP-3

23
EXPANSION BOX

24
S BOX

25
S BOX

 Example: The input to S-box 1 is 100011. What is the output?

26
S BOX
 Example: The input to S-box 1 is 100011. What is the output?

 Output: If we write the first and the sixth bits

together, we get 11 in binary, which is 3 in
decimal.
 The remaining bits are 0001 in binary, which is 1

27
in decimal. We look for the value in row 3, column
1, in Table 6.3 (S-box 1). The result is 12 in
decimal, which in binary is 1100. So the input
100011
 yields the output 1100.
S BOX

 Example: The input to S-box 8 is 000000. What is the output?

 Output: ???

28
S BOX
 Example: The input to S-box 8 is 000000. What is the output?

 Output: If we write the first and the sixth bits

together, we get 00 in binary, which is 0 in

29
decimal. The remaining bits are 0000 in binary,
which is 0 in decimal. We look for the value in row
0, column 0, in Table 6.10 (S-box 8). The result is
13 in decimal, which is 1101 in binary. So the
input 000000 yields the output 1101.
DES 4-1: STRAIGHT PERMUTATIONS
32 bit output from S-Box as
Input

31
32 bit output from straight
Permutations
 KEY
GENERATION:
Round key-generator
create sixteen 48-bit

32
keys out of a 56-bit
cipher key. Actual key
is of 64 bit from which
8 extra parity bits are
dropped.

 Parity Drop (8, 16,

24, 32, 40, 48, 56, 64)

 Shifting:

1, 2, 9, 16  One bit
 Others  Two bits.
DES BLOCK CIPHER

33
DES ENCRYPTION (1/2)
 There are two inputs to the encryption function: plaintext

34
and key.
 The plaintext must be 64 bit in length and the key is 56
bits in length*.
 Left hand side of the figure, the processing of the
plaintext proceeds in following phases.
 First , the 64-bit plaintext passes through an initial
permutation(IP) that rearrange the bits to produce
permuted input.
DES ENCRYPTION (2/2)
 This is followed by the phase of 16 rounds of the same

35
function , involve substitution and permutation.
 The output of the last(16th)round consists of 64-bits that
are the function of input plaintext and the key.
 The left and right halves of the output are swapped to
produce the preoutput.
 Finally , preoutput is passed through a permutation (IP-1 ),
to produce the 64-bit output.
DES ENCRYPTION
(KEY)
 The right-hand portion, shows how 56-bit key is used.

36
 Initially , the key is passed through a permutation
function.
 For each of the 16 rounds, a subkey (k i) is produced by
the combination of the left circular shift and the
permutation. the permutation function is same for each
round, but the different subkey is produced because of the
repeated shifts of the key bits.
INITIAL PERMUTATION:
IP(FROM LAST TABLES)
 The 64-bit input data (message) block is first bitwise permutated (i.e.,
the bits within the block are rearranged)

37
 This is done using the following permutation table:

 Example: 35th bit of input block is equal to the 41st bit of the output
block.
FINAL PERMUTATION
 The 64-bit output after 16 rounds is finally bitwise permutated (i.e., the
bits within the block are rearranged)

38
 This is done using the following permutation table:

 Example: 41st bit of Input block is equal to the 35th bit of the output
block.
DES CIPHER FUNCTION

39
THE SINGLE ROUND
 The left hand side of the diagram, the left and right halves
of each 64-bit are treated as 32-bit quantities labelled as

40
L(left) and R(right).
 The round key Ki is 48 bit. The R input is 32 bits.
 The R input is first expanded to 48 bits by using table that
involves duplication of 16 of the R bits.
 The resulting 48 bits are XORed with ki.
 This 48-bit result passes through a substitution function
that produces a 32-bit output , which is permuted
EXPANSION PERMUTATION:
E(FROM LAST TABLE)
 The expansion permutation acts on the 32-bit input to the cipher
function.
 It expands the 32-bit input block to a 48-bit output block by

41
duplicating some input bits at specified positions
 The permutation is given by the following table:

 Example: 46th bit of output block (counting from left, starting

from bit 1) is equal to the 31st bit of input block
EXPANSION PERMUTATION :E

42
32-bit data

48-bit expanded data

SUBSTITUTION BOXES: S
 The substitution boxes (S-boxes) map a 6-bit input block
to a 4-bit output block

43
 There are 8 S-boxes, so the 48-bit input block is mapped
to a 32-bit output block
SUBSTITUTION BOXES: S

44
S1 S2 S3 S4 S5 S6 S7 S8
SUBSTITUTION BOXES: S

45
 PERMUTATION: P
 The 32-bit output of the S-boxes is then bitwise permutated (i.e., the bits
within the block are rearranged)
 This is done using the following permutation table:

46
Output Input
1 2 3 4 16 7 20 21
56 7 8 29 12 28 17
9 10 11 12 1 15 23 26
13 14 15 16 5 18 31 10
17 18 19 20 2 8 24 14
21 22 23 24 32 27 3 9
25 26 27 28 19 13 30 6
29 30 31 32 22 11 4 25
 Example: 25th bit of output block is equal to the 19th bit of the input
block.
DES KEY SCHEDULE
 The DES key schedule takes a 64-bit key and generates 16
48-bit subkeys, one per round

47
 The key schedule uses two (fixed/known) permutation
tables (called PC1 and PC2) and a table of “shifts” (called
LS).
DES KEY SCHEDULE
 The 64-bit key is used as input to the algorithm.
 The key is first subjected to a permutation governed by the

48
table labelled permuted choice one.
 The resulting 56-bit key is then treated as two 28-bit quantities,
labelled C0 and D0.
 At each round, Ci-1 and Di-1 are separately subjected to circular
left shift or rotation , of 1 to 2 bits, these values serve as input
to the next round.
 They also serve as input to permutation Choice Two, which
produce 48-bit output that serve as input to the function F(Ri-
1,Ki).
DES KEY SCHEDULE
Key (64)
PC1

49
Effective Key (56)
Round number = 1

Round Round
number
LS LS number

Is Round number = 16? Yes End PC2

No
Increment round number Subkey (48)
DES DECRYPTION
 The decryption uses the same algorithm as
encryption , except the application of subkeys are

50
reversed.
THE STRENGTH OF DES
 The key length is 56 bits, there are 256 possible keys, 7.2 X 10 16 keys,
brute force attack impractical.

51
 Assuming, on average half the key space has to be searched, a single
machine performing on DES encryption per microsec would take
more than 1000 years to break the cipher.
 In 1977, Deffie Hallman, postulated that the technology existed to
build a parallel machine with 1 million encryption devices, each of
which could perform one encryption per microsec.
 This would bring search time to about 10 hours , cost $20 million.
DES STRENGTH
 D E S finally proved insecure in July 1998,
 When the Electronic Frontier Foundation(EFF)

52
declared broken D E S using “ DES cracker”, cost
$250,000 and publish the description of cracker ,
enables others to build their own, with decrease price
of hardware and increase speed make D E S worthless.
SUMMARY
 Types of Cryptography
 Asymmetric Key Cryptography

53
 Symmetric Key Cryptography
 Requirements for secure symmetric encryption
 Approaches for attacking a symmetric encryption scheme
 Block Ciphers vs. Stream Ciphers
 Data Encryption Standard (DES)
 D E S Encryption / Decryption
 Strength/Weakness of D E S