Applied cryptography chapter -2

Symmetric Key Cryptography

Stream cipher vs block cipher

confusion

➔ Given cipher text , we shldnt be able to guess the plain text or key or other details
➔ An example of a method possessing confusion property is substitution
Diffusion

➔ The process of making each plaintext bit affect as many ciphertext as possible
➔ Suppose u r giving some plaintext to the cipher or encryption algorithm and this is
generating the ciphertext which is the output and if u make a small modification in the
plain text and the output or the ciphertext is changed drastically , then there is diffusion
property

Which is needed for strong encryption scheme?

Both

Stream cipher

➔ Encrypting one by one letter at a time

➔
➔ If the encryption is done bit by bit or byte by byte -→ stream cipher
➔ The output also ll be produced in bit or byte
➔ 2 inputs → plain text and key
Block cipher

➔ Operates in block by block / fixed length group of bits (64 bit /128bit..)
➔ The size of the block is decided by the encryption algo

➔
→Most symmetric block encryption algorithms in current use are based on a structure referred
to as a Feistel block cipher. A block cipher operates on a plaintext block of n bits to produce a
ciphertext block of n bits. An arbitrary reversible substitution cipher for a large block size is not
practical, however, from an implementation and performance point of view. In general, for an n-
bit general substitution block cipher, the size of the key is n x 2n. For a 64-bit block, which is a
desirable length to thwart statistical attacks, the key size is 64x 264 = 270 = 1021 bits. In
considering these difficulties, Feistel points out that what is needed is an approximation to the
ideal block cipher system for large n, built up out of components that are easily realizable.
Differences between stream and block cipher

design

s.t→ complex →uses a complex design cuz it takes a input bit and ll generate a output bit

→operation is going to be complex here

b.t→ we will follow a design to generate a cipher txt

encryption -→ modes of operation / encryption algos

stream ciphers are generally faster than block ciphers ? why?

➢ A: Playfair cipher. What is its block size?

➢ A: 2 characters

➢ Q: What are some stream ciphers we have already seen?

➢ A: Autokey cipher, Vigenere cipher, Vernam cipher, OneTime Pad (OTP)

Claude Shannon and Substitution-Permutation Ciphers

➢ Claude Shannon introduced idea of substitution-permutation (S-P) networks in 1949

paper

➢ form basis of modern block ciphers

➢ S-P nets are based on the two primitive cryptographic operations seen before:

⚫ substitution (S-box)

⚫ permutation (P-box)

➢ provide confusion & diffusion of message & key

In particular, Feistel proposed the use of a cipher that alternates substitutions and
permutations, as a practical application of a proposal by Claude Shannon. Claude Shannon’s
1949 paper has the key ideas that led to the development of modern block ciphers. Critically, it
was the technique of layering groups of S-boxes separated by a larger P-box to form the S-P
network, a complex form of a product cipher. He also introduced the ideas of confusion and
diffusion, notionally provided by S-boxes and P-boxes (in conjunction with S-boxes).
more practically Shannon suggested combining S & P elements to obtain:

confusion and diffusion

The terms diffusion and confusion were introduced by Claude Shannon to capture the two basic
building blocks for any cryptographic system.

Shannon's concern was to thwart cryptanalysis based on statistical analysis. Every block cipher
involves a transformation of a block of plaintext into a block of ciphertext, where the
transformation depends on the key.

The mechanism of diffusion seeks to make the statistical relationship between the plaintext
and ciphertext as complex as possible in order to thwart attempts to deduce the key.

Confusion seeks to make the relationship between the statistics of the ciphertext and the value
of the encryption key as complex as possible, again to thwart attempts to discover the key.

So successful are diffusion and confusion in capturing the essence of the desired attributes of a
block cipher that they have become the cornerstone of modern block cipher design.

Fiestal cipher structure

Left -→ encryption process (input is plain text and output is cipher text)

Right→ decryption process

➔ The plaintext is divided into two parts ( left hand side and right hand side)

➔ Example : if plaintext is 64bit ( lhs will be 32 bit and rhs bit ll 32 bit)
➔ Why spliiting?

The rhs is given to some function and it is computed with the help of the key k1
and the output of this is xored with lhs

➔ This result will be next rhs

➔ The next lhs will be the prev rhs
➔ ( so we receive exact no of bits (64 bits))
➔ This is the operation of round 1 and we use key k1 for round 1
➔ Round key → key used

In round 2 , we use different key k2

➔ For every round , you use different keys ( totally 16 rounds+ 1 round (Swap))
➔ At last , you swap

➔
Decryption process

➔ Input is cipher text

➔ In round 1 , we use k16 ( 16th key) , not k1 ( reverse process)

➔ Aes and des algorithms basis are on this fiestal structure

➔ For every round → diff keys used → we need some key scheduling algo to generate
round keys for every round
➔ We will fix a key → from that fixed key , new round keys for every round will be generated
from the original key
 ➔ We know that any encryption algorithm containing both confusion and diffusion
properties will be strong enough

➔ So for creating confusion and diffusion properties for cipher text , something must be
carried out ( ciphertext needs confusion and diffusion)

➔ The function F is responsible for creating this confusion and diffusion properties ,

1. Substitution
2. Permutation

Fiestal structure design features

1.block size

→ fiestel structure is a block cipher

➔ If input bits is 64 bit , then block size = `64

➔ Des uses 64bit blocksize and aes uses 128 bit block size
➔ Des is outdated → not used anymore →hacked easily

2.key size

→ for n rounds → we need n round keys

➔ What is the original key size and what is generated round key size
➔ If we need greater security → use greater length key size
➔ But if we use bigger key size → it may decrease encryption / decryption speed
➔ If key size is smaller → it is vulnerable to brute force attack and leads to lesser
confusion

Aim from fiestal structure:

1. Greater confusion
2. Greter diffusion
3. High security

3.Number of rounds

→ is one round enough for better security ? NO → easily broken

→no of rounds for encryption from plain text to ciphertext

 ➔ The no of rounds used in encryption = no of rounds used in decryption ( symmetric
encryption model → same keys will be used for encryption and decryption)
➔ In fiestal structure → same keys are used but only the order is different
➔ No of rounds higher → security higher

4. Subkey generation algorithm

➔ Subkeys (round keys ) generated form original key

➔ Original key size shld be higher for higher security
➔ Shld be complex , we want a secure algorithm → shldnt be broken easily

5.round function

→there shld be complex design in the round function to gain both confusion and diffusion
properties

6.Fast encryption/decryption algorithm

→ in most cases, encryption is part of application or hardware.. so we need this to be carried

out as fast as possible as ultimately we r gng to transfer the data

→spped of the algorithm is very imp

7.ease of analysis

→in cryptanalyst perspective, it shld nt be easy for them to analyze entire process

The exact realization of a Feistel network depends on the choice of the following parameters
and design features:

• block size - increasing size improves security, but slows cipher

• key size - increasing size improves security, makes exhaustive key searching harder, but
may slow cipher

• number of rounds - increasing number improves security, but slows cipher

• subkey generation algorithm - greater complexity can make analysis harder, but slows
cipher

• round function - greater complexity can make analysis harder, but slows cipher

• fast software en/decryption - more recent concern for practical use

• ease of analysis - for easier validation & testing of strength

DES- DATA ENCRYPTION STANDARD

➔ Des encryption algorithm

➔ SYMMETRIC BLOCK CIPHER – same key used in both encryption and decryption, block
processing (group of bits)
➔ Replaced by aes in 2001 as it has powerful encryption standards/schemes

➔
➔ The input is plain text ( 64 bits)
➔ The subkey helps to generate round key
➔ No of round keys = 16 – 48bit round keys
➔

➔
→”initial permutation function”-→ takes 64bit pplain text and changes the position of bits
and gives 64bit output

➔ Input -64bit and output is 64bit

➔ In last round swap lhs and rhs parts ( 32bits)
➔ “ inverse initial permuation function “ produces 64 bit cipher text
 ➔ Key length in des alfgo : 56 bits

48 bit round key

➔ 64 bit is the original key → round key 48 bit generate aagum from 56 bit subkey

Single round of des algorithm

1.initial permutation function

→ takes 64bit pplain text and changes the position of bits and gives 64bit output
 ➔ Left hand image : input 64 bit binary format
➔ Rhs image : output after changing position of bits

Inverse initial permutation

→input 64bit is coming from 32 bit swap function

→
Inverse initial permutation arrangement is → first row is permuatated (reordering) to 2nd
column

➔ Swap function is -> partition the 64 bit into two 32 bits

➔ Change lhs and rhs
Single round of des algorithm

Input : 64 bit plain text , 48 bit round key

Output: 64 bit transformed text

Single round function key related process

“mangler function"

1. 64 bit input divided into lhs 32 bit and rhs 32 bit

2. Rhs 32 bit is fed into expansion permutation func to expand it into 48 bits as the
round key is of 48 bits ( we need xor both , so shld be in same length)
3. So now 48bit expansion output (xor) 48 bit round key
4. Again have to reduce the result to 32 bit using keyed substitution ( s-box)
5. Fed into transposition or p box or permutation box to change the position of
bits→32 bits output
6. Some process
7. So now rhs 32 bit (xor) original lhs 32 bit→ result :32 bits
8. This result is final rhs part
9. Final lhs part is original rhs part
10. 32 bit + 32bit =64 bit to next round
11. Previous round -→ i-1
12. Next round → i
13. 16 rounds →16 different round keys

key related process per round

1. Original key is divided into 32 + 32 bit

2. It is reduces into 56 bit
3. 56 bit is redeuced to 48 bit
4. And round key is generated
5. This process is repeated for 16times → 16 rounds
Let input be L(i-1 ) and R(i-1)

Output: Li and Ri

Mangler function

The F Function of DES (Mangler Function)

Operations in mangler function on rhs 32 bits

1.expnsion permutation

2.xor operation with round key

3.s box

4.p box
Original 32 bit rhs
These bits from input is placed here

The remaining 32 is placed here

Originally it was 32 bit → now expanded to 32 +8 = 40 bits

More 8 bits ➔ 40 +8 =48 bits

So the expansion permutation function takes 32 bit input and produces 48 bit output

Next simple xor operation with round key

The output 48 bits is given to s box

➔ We have 8 s -boxes
➔ 48 bits input /8 s-boxes = 6 bits each (input)
➔ The output of each s box is 4 bits
➔ Total output of s box will be 32 bits
➔
➔ This follows the classic structure for a feistel cipher.
➔ Note that the s-boxes provide the “confusion” of data and key values, whilst the
permutation P then spreads this as widely as possible, so each S-box output affects
as many S-box inputs in the next round as possible, giving “diffusion”.
➔
How 6 bits are converted into 4 bits?

➔ There is a row and column information hidden

➔ The 1st bit and 6th bit represent row
➔ Here it is 10 -→ represents 3rd row in the table
➔ Middle bits → 0101 represents the column
➔ Now the intersection la enna value iruku? 6
➔ 6 binary rep → 0110
➔ Output: 32bit

Inverse permutation box

32 bits position are changed

When transposition and substitution both are present , there will be both confusion
and diffusion are added to the des algorithm

Key Scheduling and Decryption in DES

Encryption
Permutated choice 1

➔ 64 -56 = 8bits are removed

➔ What are the removed bits ? “parity bits”
➔ They are 8th , 16th,24th,….,64th bits that are removed
➔ The effective key length is 56 bits

Left circular shift

i-> stands for round

Permutaed choice 2

56bits are converted to 48 bits

 Des decryption

➔ Reverse of encryption
➔ Input: cipher text and output : plain text
➔ Order of round keys is changed
➔ In round 1 → key16 k16 is used
➔
Avalanche Effect and the Strength of DES

➔ It is recommended that any encryption algo shld possess avalanche effect

➔ Suppose u r modifying 1 bit in plain text / key , it leads to drastic change in cipher
text when comparing previous cipher text→ this is avalanche effect→ then this
exhibit strong avalanche effect

➔ Suppose 1 bit is changed in plain text /key and only 2 to 3 bits are changing in
cipher text (not changing drastically), then it gives room for cryptanalyst to know
the pattern

➔ If there is 1 bit modification in input plain text / key , there shld be many no of bits
change in the output → if any encryption algo has that property then that has
avalanche effect

➔ Des has strong avalanche effect

➔ How ?

➔ The change is almost half the size of input (64 bit)

Strength of des

Analyzed using 3 features

1.use of keys

→ the effective length of key is 56 bit

→ the original key size is 64 bit and the effective length is 56 bit which is converted

→ thus , subkey size : 56 bit keys (binary keys )

→ then no of possible keys : 2 ^56 possible keys

→exactvalue :

→ then is brute force attack possible (attempting all possible keys to know the key) ?
→if the keyspace is 10 keys → lkeep trying → one point successful

➔ If keyspace is large like this → hard to attack

➔ So brute force attack is impractical
➔ Lets say we have one comp or mach that can perform one DES encryption per
microsecond → then how much time does it take to decipher it ?
➔ Practicaaly more than 1000 yrs to break the cipher / decipher

Possible attacks:/ how is des insecure?

If we have a big computing environment→where multiple computing machines are searching in

the limited key space it is assigned → then becomes easy

When concurrently system tries → can be broken

2.the nature of des algorithm

→has lot of components like swap function ,permutation function ,andha table , indha
table

→ we know cryptanalysis shld be tougher as far as any encryption algo is concerned

➔ As s boxes were kept private → they wd have guuesed some clue is in there nu
3.Timing attacks

→how effective is des against timing attacks

➔ An attack that gives some info abt the key or the plaintext
➔ 2nd point → this gives some idea abt nature of encryption process
➔ Timing attack ll reveal some info abt encryption and decryption
➔ Des is fairly resistant to timing attack

➔
Des -solved questions
Search entire keyspace → brute force attack
Refer thangaramya 10 page pdf for example

How expansion permutation works?

Example 1:
 1. Represent the letters in hexadecimal

2.convert to binary

3.drop parity bits (to convert from 64 to 56)

Note: now in binary values , the last bit is removed → compare with prev pic

The table is given in the book → table is called cpc -1 , the table is different for text and key
Introduction to AES (ADVANCED ENCRYPTION STANDARD)

➔ THIS IS A POWERFUL ALTERNATIVE TO AES

➔ SYMMETRIC BLOCK CIPHER
➔ INPUT : 128 BITS PLAIN TEXT