Block Cipher Design Principles

 Block ciphers are built in the Feistel cipher structure.

 Block cipher has a specific number of rounds and keys for generating ciphertext.
 Block cipher is a type of encryption algorithm that processes fixed-size blocks of data,
usually 64 or 128 bits, to produce ciphertext.
 The design of a block cipher involves several important principles to ensure the security
and efficiency of the algorithm.

Some of these principles are:

1. Number of Rounds – The number of Rounds is regularly considered in design criteria, it
just reflects the number of rounds to be suitable for an algorithm to make it more complex,
in DES we have 16 rounds ensuring it to be more secure while in AES we have 10 rounds
which makes it more secure.
2. Design of function F – The core part of the Feistel Block cipher structure is the Round
Function. The complexity of cryptanalysis can be derived from the Round function i.e. the
increasing level of complexity for the round function would be greatly contributing to an
 increase in complexity. To increase the complexity of the round function, the avalanche
effect is also included in the round function, as the change of a single bit in plain text would
produce a mischievous output due to the presence of avalanche effect.
3. Confusion and Diffusion: The cipher should provide confusion and diffusion to make it
difficult for an attacker to determine the relationship between the plaintext and ciphertext.
Confusion means that the ciphertext should be a complex function of the key and plaintext,
making it difficult to guess the key.
Diffusion means that a small change in the plaintext should cause a significant change in the
ciphertext, which makes it difficult to analyze the encryption pattern.
4. Key Size: The key size should be large enough to prevent brute-force attacks. A larger key
size means that there are more possible keys, making it harder for an attacker to guess the
correct one. A key size of 128 bits is considered to be secure for most applications.
5. Key Schedule: The key schedule should be designed carefully to ensure that the keys used
for encryption are independent and unpredictable. The key schedule should also resist
attacks that exploit weak keys or key-dependent properties of the cipher.
6. Block Size: The block size should be large enough to prevent attacks that exploit statistical
patterns in the plaintext. A block size of 128 bits is generally considered to be secure for
most applications.
7. Non-linearity: The S-box used in the cipher should be non-linear to provide confusion. A
linear S-box is vulnerable to attacks that exploit the linear properties of the cipher.
8. Avalanche Effect: The cipher should exhibit the avalanche effect, which means that a small
change in the plaintext or key should cause a significant change in the ciphertext. This
ensures that any change in the input results in a complete change in the output.
9. Security Analysis: The cipher should be analyzed for its security against various attacks
such as differential cryptanalysis, linear cryptanalysis, and brute-force attacks. The cipher
should also be tested for its resistance to implementation attacks, such as side-channel
attacks.
Overall, a good block cipher design should be resistant to various attacks, efficient, and easy to
implement.
Block Cipher modes of Operation
Encryption algorithms are divided into two categories based on the input type, as a
block cipher and
stream cipher.
Block cipher is an encryption algorithm that takes a fixed size of input say b bits and
produces a ciphertext of b bits again. If the input is larger than b bits it can be divided further.
For different applications and uses, there are several modes of operations for a block cipher.

Electronic Code Book (ECB) –

Electronic code book is the easiest block cipher mode of functioning. It is easier because of
direct encryption of each block of input plaintext and output is in form of blocks of encrypted
ciphertext. Generally, if a message is larger than b bits in size, it can be broken down into a
bunch of blocks and the procedure is repeated.

Procedure of ECB is illustrated below:

Advantages of using ECB –
 Parallel encryption of blocks of bits is possible, thus it is a faster way of encryption.
 Simple way of the block cipher.
Disadvantages of using ECB –
 Prone to cryptanalysis since there is a direct relationship between plaintext and ciphertext.

Cipher Block Chaining –

Cipher block chaining or CBC is an advancement made on ECB since ECB compromises some
security requirements. In CBC, the previous cipher block is given as input to the next
encryption algorithm after XOR with the original plaintext block
The process is illustrated here:
Advantages of CBC –
 CBC works well for input greater than b bits.
 CBC is a good authentication mechanism.
 Better resistive nature towards cryptanalysis than ECB.
Disadvantages of CBC –
 Parallel encryption is not possible since every encryption requires a previous cipher.

Cipher Feedback Mode (CFB) –

Output Feedback Mode –
Counter Mode –

Applications of Block Ciphers

1. Data Encryption: Block Ciphers are widely used for the encryption of private and sensitive
data such as passwords, credit card details and other information that is transmitted or stored
for a communication. This encryption process converts a plain data into non-readable and
complex form. Encrypted data can be decrypted only by the authorised person with the
private keys.
2. File and Disk Encryption: Block Ciphers are used for encryption of entire files and disks in
order to protect their contents and restrict from unauthorised users. The disk encryption
softwares such as BitLocker, TrueCrypt aslo uses block cipher to encrypt data and make it
secure.
3. Virtual Private Networks (VPN): Virtual Private Networks (VPN) use block cipher for the
encryption of data that is being transmitted between the two communicating devices over the
internet. This process makes sure that data is not accessed by unauthorised person when it is
being transmitted to another user.
4. Secure Sockets Layer (SSL) and Transport Layer Security (TLS): SSL and TLS
protocols use block ciphers for encryption of data that is transmitted between web browsers
 and servers over the internet. This encryption process provides security to confidential data
such as login credentials, card information etc.
5. Digital Signatures: Block ciphers are used in the digital signature algorithms, to provide
authenticity and integrity to the digital documents. This encryption process generates the
unique signature for each document that is used for verifying the authenticity and detecting
if any malicious activity is detected.

What is DES?
Data Encryption Standard (DES) is a block cipher with a 56-bit key length that has played a
significant role in data security. Data encryption standard (DES) has been found vulnerable to
very powerful attacks therefore, the popularity of DES has been found slightly on the decline.
DES is a block cipher and encrypts data in blocks of size of 64 bits each, which means 64 bits
of plain text go as the input to DES, which produces 64 bits of ciphertext. The same algorithm
and key are used for encryption and decryption, with minor differences. The key length is 56
bits.

The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST).

DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size
is 64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the
64 bits of the key are not used by the encryption algorithm (function as check bits only). General
Structure of DES is depicted in the following illustration −
Since DES is based on the Feistel Cipher, all that is required to specify DES is −

 Round function
 Key schedule
 Any additional processing − Initial and final permutation
Initial and Final Permutation

The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of
each other. They have no cryptography significance in DES. The initial and final permutations
are shown as follows −

Round Function

The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the
rightmost 32 bits to produce a 32-bit output.
 Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we
first need to expand right input to 48 bits. Permutation logic is graphically depicted in the
following illustration −

 The graphically depicted permutation logic is generally described as table in DES

specification illustrated as shown −
 XOR (Whitener). − After the expansion permutation, DES does XOR operation on the
expanded right section and the round key. The round key is used only in this operation.
 Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-
boxes, each with a 6-bit input and a 4-bit output. Refer the following illustration −

 The S-box rule is illustrated below −

  There are a total of eight S-box tables. The output of all eight s-boxes is then combined in
to 32 bit section.
 Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight
permutation with rule shown in the following illustration:

Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The process of
key generation is depicted in the following illustration −
The logic for Parity drop, shifting, and Compression P-box is given in the DES description.

DES Analysis

The DES satisfies both the desired properties of block cipher. These two properties make cipher
very strong.

 Avalanche effect − A small change in plaintext results in the very great change in the
ciphertext.
 Completeness − Each bit of ciphertext depends on many bits of plaintext.

During the last few years, cryptanalysis have found some weaknesses in DES when key selected
are weak keys. These keys shall be avoided.
DES has proved to be a very well designed block cipher. There have been no significant
cryptanalytic attacks on DES other than exhaustive key search.

Strength of Data encryption standard (DES)

Data encryption standard (DES) is a symmetric key block cipher algorithm. The algorithm is
based on Feistel network. The algorithm uses a 56-bit key to encrypt data in 64-bit blocks. There
are mainly two categories of concerns about the strength of Data encryption standard. They are:
1. Concerns about the particular algorithm used.
2. Concerns about the usage of key of size 56-bit.
The first concern regarding the algorithm used addresses the possibility of cryptanalysis by
making use of the DES algorithm characteristics. A more severe concern is about the length of

secret key used. There can be (approximately 7.2 × keys) possible keys with a key
length of 56 bits. Thus, a brute force attack appears to be impractical. Assuming that on an
average one has to search half the key space, to break the cipher text, a system performing one
DES encryption per microsecond might require more than thousand years. But, the assumption
of one DES encryption per microsecond is too conservative. In July 1998, DES was finally
proved to be insecure when the Electronic Frontier Foundation (EFF) had broken a DES
encryption. The encryption was broken with the help of a special-purpose “DES cracker”
machine. It was reported that the attack took less than 3 days. Simply running through all
possible keys won’t result in cracking the DES encryption. Unless known plain text is given, the
attacker must be able to differentiate the plain text from other data. Some degree of knowledge
about the target plain text and some techniques for automatically distinguishing plain text from
garble are required to supplement the brute-force approach. If brute force attack is the only
means to crack the DES encryption algorithm, then using longer keys will obviously help us to
counter such attacks. An algorithm is guaranteed unbreakable by brute force if a 128- bit key is
used. The differential cryptanalysis, linear cryptanalysis, are examples for statistical attacks on
DES algorithm. Few of the important alternatives for DES are AES (Advanced Encryption
Standard) and triple DES.