MODULE 2

Symmetric Key Cryptosystems

Symmetric Cipher Model

• Symmetric Encryption is the most basic and old method of encryption.

• It uses only one key for the process of both the encryption and decryption of data.

• Thus, it is also known as Single-Key Encryption.

• A few basic terms in Cryptography are as follows:

• Plain Text: original message to be communicated between sender and receiver

• Cipher Text: encoded format of the original message that cannot be understood by humans

• Encryption (or Enciphering): the conversion of plain text to cipher text

• Decryption (or Deciphering): the conversion of cipher text to plain text, i.e., reverse of
encryption

Stream cipher & Block cipher

• A block cipher is a method of encrypting data in blocks to produce cipher text using a
cryptographic key and algorithm.

• The block cipher processes fixed-size blocks simultaneously, as opposed to a stream cipher,
which encrypts data one bit at a time.
What are the components of Modern Block Cipher in Information Security?

• A block cipher works on a plaintext block of n bits to make a cipher text block of n bits.

• There are possible multiple plaintext blocks and, for the encryption to be reversible (i.e., for
decryption to be applicable), each should create a unique cipher text block.

• Such transformation is known as reversible, or non-singular.

• There are various components of Modern Block Cipher which are as follows −

• D-boxes − A D-box is a permutation box having similar features as traditional transposition

ciphers.

• D-boxes transpose bits.

• There are three types of D-boxes which are as follows −

• 1. Straight D-box − It creates n inputs, permutes them and supports n outputs. In this, the
second input after permutation is the first to be outputted. The first letter in input is
permuted to second place, third on fourth place and fourth on third place. There are n!
Possible way of mapping in D-box.
 • Compression D-box − This is a D-box with n inputs and m outputs, where m<n. There are
various inputs are blocked and do not reach the output. Compression D-boxes are used when
it is required to permute bits and at the similar time reduce the number of bits for the next
stage.

•
• Expansion D-box − This is a D-box with n inputs and m outputs, where m >n i.e., there are
various inputs are connected to more than one output it is used when it is required to
transpose bits and the same increase the multiple bits for the next stage.

• S-boxes − These are substitution boxes same to the substitution cipher. The input to an S-box
can be a n-bit word but the output can be a m-bit word, where m and n are not essentially the
same.

• Circular Shift − It can also discovered in modern block ciphers, it can be such as left shift or
right-shift. In the circular left shift, shift each bit in n-bit word with m position to the left and
the leftmost m-bits are deleted from the left and become the rightmost bits.

Block Cipher modes of Operation

Encryption algorithms are divided into two categories based on the input type, as a block cipher
and stream cipher. Block cipher is an encryption algorithm that takes a fixed size of input
say b bits and produces a ciphertext of b bits again. If the input is larger than b bits it can be
divided further. For different applications and uses, there are several modes of operations for a
block cipher.
Electronic Code Book (ECB) –
Electronic code book is the easiest block cipher mode of functioning. It is easier because of
direct encryption of each block of input plaintext and output is in form of blocks of encrypted
ciphertext. Generally, if a message is larger than b bits in size, it can be broken down into a
bunch of blocks and the procedure is repeated.
Procedure of ECB is illustrated below:

Advantages of using ECB –

• Parallel encryption of blocks of bits is possible, thus it is a faster way of encryption.
• Simple way of the block cipher.
Disadvantages of using ECB –
• Prone to cryptanalysis since there is a direct relationship between plaintext and ciphertext.

Cipher Block Chaining –

Cipher block chaining or CBC is an advancement made on ECB since ECB compromises some
security requirements. In CBC, the previous cipher block is given as input to the next encryption
algorithm after XOR with the original plaintext block. In a nutshell here, a cipher block is
produced by encrypting an XOR output of the previous cipher block and present plaintext
block.
 Advantages of CBC –
• CBC works well for input greater than b bits.
• CBC is a good authentication mechanism.
• Better resistive nature towards cryptanalysis than ECB.
Disadvantages of CBC –
• Parallel encryption is not possible since every encryption requires a previous cipher.

Cipher Feedback Mode (CFB) –

In this mode the cipher is given as feedback to the next block of encryption with some new
specifications: first, an initial vector IV is used for first encryption and output bits are divided as
a set of s and b-s bits.The left-hand side s bits are selected along with plaintext bits to which an
XOR operation is applied. The result is given as input to a shift register having b-s bits to lhs,s
bits to rhs and the process continues. The encryption and decryption process for the same is
shown below, both of them use encryption algorithms.

Advantages of CFB –
• Since, there is some data loss due to the use of shift register, thus it is difficult for applying
cryptanalysis.
Disadvantages of using CFB –
• The drawbacks of CFB are the same as those of CBC mode. Both block losses and
concurrent encryption of several blocks are not supported by the encryption. Decryption,
however, is parallelizable and loss-tolerant.

Output Feedback Mode –

The output feedback mode follows nearly the same process as the Cipher Feedback mode
except that it sends the encrypted output as feedback instead of the actual cipher which is XOR
output. In this output feedback mode, all bits of the block are sent instead of sending
selected s bits. The Output Feedback mode of block cipher holds great resistance towards bit
transmission errors. It also decreases the dependency or relationship of the cipher on the
plaintext.

Advantages of OFB –
• In the case of CFB, a single bit error in a block is propagated to all subsequent blocks. This
problem is solved by OFB as it is free from bit errors in the plaintext block.
Disadvantages of OFB-
• The drawback of OFB is that, because to its operational modes, it is more susceptible to a
message stream modification attack than CFB.

Counter Mode –
The Counter Mode or CTR is a simple counter-based block cipher implementation. Every time a
counter-initiated value is encrypted and given as input to XOR with plaintext which results in
ciphertext block. The CTR mode is independent of feedback use and thus can be implemented
in parallel.
Its simple implementation is shown below:
 Advantages of Counter –
• Since there is a different counter value for each block, the direct plaintext and ciphertext
relationship is avoided. This means that the same plain text can map to different ciphertext.
• Parallel execution of encryption is possible as outputs from previous stages are not chained
as in the case of CBC.
Disadvantages of Counter-
• The fact that CTR mode requires a synchronous counter at both the transmitter and the
receiver is a severe drawback. The recovery of plaintext is erroneous when synchronisation
is lost.

Product Ciphers
Shannon introduced the concept of a product cipher. A product cipher is a complex cipher combining
substitution, permutation, and other components.

Diffusion and Confusion

Shannon’s idea in introducing the product cipher was to enable the block ciphers to have two important
properties: diffusion and confusion. The idea of diffusion is to hide the relationship between the ciphertext
and the plaintext. This will frustrate the adversary who uses ciphertext statistics to find the plaintext. Diffusion
implies that each symbol (character or bit) in the ciphertext is dependent on some or all symbols in the
plaintext. In other words, if a single symbol in the plaintext is changed, several or all symbols in the ciphertext
will also be changed.

Diffusion hides the relationship between the ciphertext and the plaintext.

The idea of confusion is to hide the relationship between the ciphertext and the key. This will frustrate the
adversary who tries to use the ciphertext to find the key. In other words, if a single bit in the key is changed,
most or all bits in the ciphertext will also be changed.

Confusion hides the relationship between the ciphertext and the key.

Rounds
Diffusion and confusion can be achieved using iterated product ciphers where each iteration is a combination
of S-boxes, P-boxes, and other components. Each iteration is referred to as a round. The block cipher uses a
key schedule or key generator that creates different keys for each round from the cipher key. In an N-round
cipher, the plaintext is encrypted N times to create the ciphertext; the ciphertext is decrypted N times to
create the plaintext. We refer to the text created at the intermediate levels (between two rounds) as the
middle text. Figure (1)below shows a simple product cipher with two rounds. In practice, product ciphers have
more than two rounds. In Figure below(1), three transformations happen at each round:

a. The 8-bit text is mixed with the key to whiten the text (hide the bits using the key). This is normally done by
exclusive-oring the 8-bit word with the 8-bit key.

b. The outputs of the whitener are organized into four 2-bit groups and are fed into four S-boxes. The values of
bits are changed based on the structure of the S-boxes in this transformation.
 c. The outputs of S-boxes are passed through a P-box to permute the bits so that in the next round each box
receives different inputs.

Diffusion
Figure (2) below shows how changing a single bit in the plaintext affects many bits in the ciphertext.

a. In the first round, bit 8, after being exclusive-ored with the corresponding bit of K1, affects two bits (bits 7
and 8) through S-box 4. Bit 7 is permuted and becomes bit 2; bit 8 is permuted and becomes bit 4. After the
first round, bit 8 has affected bits 2 and 4. In the second round, bit 2, after being exclusive-ored with the
corresponding bit of K2, affects two bits (bits 1 and 2) through S-box 1. Bit 1 is permuted and becomes bit 6;
bit 2 is permuted and becomes bit 1. Bit 4, after being exclusiveored with the corresponding bit in K2, affects
bits 3 and 4. Bit 3 remains the same; bit 4 is permuted and becomes bit 7. After the second round, bit 8 has
affected bits 1, 3, 6, and 7.

b. Going through these steps in the other direction (from ciphertext to the plaintext) shows that each bit in
the ciphertext is affected by several bits in the plaintext.

Confusion
Figure below also shows us how the confusion property can be achieved through the use of a product cipher.
The four bits of ciphertext, bits 1, 3, 6, and 7, are affected by three bits in the key (bit 8 in K1 and bits 2 and 4
in K2). Going through the steps in the other direction shows that each bit in each round key affects several bits
in the ciphertext. The relationship between ciphertext bits and key bits is obscured.
 Practical Ciphers
To improve diffusion and confusion, practical ciphers use larger data blocks, more S-boxes, and more rounds.
With some thought, it can be seen that increasing the number of rounds using more S-boxes may create a
better cipher in which the ciphertext looks more and more like a random n-bit word. In this way, the
relationship between ciphertext and plaintext is totally hidden (diffusion). Increasing the number of rounds
increases the number of round keys, which better hides the relationship between the ciphertext and the key.

Two Classes of Product Ciphers

Modern block ciphers are all product ciphers, but they are divided into two classes. The ciphers in the first
class use both invertible and noninvertible components. The ciphers in this class are normally referred to as
Feistel ciphers. The block cipher DES is a good example of a Feistel cipher. The ciphers in the second class use
only invertible components. We refer to ciphers in this class as non-Feistel ciphers (for the lack of another
name). The block cipher AES is a good example of a non-Feistel cipher.

(1)Feistel Ciphers
Feistel designed a very intelligent and interesting cipher that has been used for decades. A Feistel cipher can
have three types of components: self-invertible, invertible, and noninvertible. A Feistel cipher combines all
noninvertible elements in a unit and uses the same unit in the encryption and decryption algorithms. The
question is how the encryption and decryption algorithms are inverses of each other if each has a
noninvertible unit. Feistel showed that they can be canceled out. First Thought To better understand the
Feistel cipher. The effects of a noninvertible component in the encryption algorithm can be canceled in the
decryption algorithm if we use an exclusive-or operation, as shown in Figure (3).
In the encryption, a noninvertible function, ƒ(K), accepts the key as the input. The output of this component is
exclusive-ored with the plaintext. The result becomes the ciphertext. We call the combination of the function
and the exclusive-or operation the mixer (for lack of another name). The mixer plays an important role in the
later development of the Feistel cipher. Because the key is the same in encryption and decryption, we can
prove that the two algorithms are inverses of each other. In other words, if C2 = C1 (no change in the
ciphertext during transmission), then P2 = P1.

Encryption: C1 = P1 ⊕ ƒ(K)

Decryption: P2 = C2 ⊕ ƒ(K) = C1 ⊕ ƒ(K) = P1 ⊕ ƒ(K) ⊕ ƒ(K) = P1 ⊕ (00…0) = P1

Note that two properties of exclusive-or operation have been used (existence of inverse and existence of
identity). The above argument proves that, although the mixer has a noninvertible element, the mixer itself is
self-invertible.

The mixer in the Feistel design is self-invertible

Improvement

Let us improve on our first thought to get closer to the Feistel cipher. We know that we need to use the same
input to the noninvertible element (the function), but we don’t want to use only the key. We want the input to
the function to also be part of the plaintext in the encryption and part of the ciphertext in the decryption. The
key can be used as the second input to the function. In this way, our function can be a complex element with
some keyless elements and some keyed elements. To achieve this goal, divide the plaintext and the ciphertext
into two equal-length blocks, left and right. We call the left block L and the right block R. Let the right block be
the input to the function, and let the left block be exclusive-ored with the function output. We need to
remember one important point: the inputs to the function must be exactly the same in encryption and
decryption.This means that the right section of plaintext in the encryption and the right section of the
ciphertext in the decryption must be the same. In other words, the right section must go into and come out of
the encryption and decryption processes unchanged. Figure (4) shows the idea.

The encryption and decryption algorithms are still inverses of each other. Assume that L3 = L2 and R3 = R2 (no
change in the ciphertext during transmission).

R4 = R3 = R2 = R1

L4 = L3 ⊕ ƒ(R3, K) = L2 ⊕ ƒ(R2, K) = L1⊕ ƒ(R1, K) ⊕ ƒ(R1, K) = L1

The plaintext used in the encryption algorithm is correctly regenerated by the decryption algorithm.
Final Design
The preceding improvement has one flaw. The right half of the plaintext never changes. Eve can immediately
find the right half of the plaintext by intercepting the ciphertext and extracting the right half of it. The design
needs more improvement. First, increase the number of rounds. Second, add a new element to each round: a
swapper. The effect of the swapper in the encryption round is canceled by the effect of the swapper in the
decryption round. However, it allows us to swap the left and right halves in each round. Figure 5 shows the
new design with two rounds

Note that there are two round keys, K1 and K2. The keys are used in reverse order in the encryption and
decryption. Because the two mixers are inverses of each other, and the swappers are inverses of each other, it
should be clear that the encryption and decryption ciphers are inverses of each other. However, let us see if
we can prove this fact using the relationship between the left and right sections in each cipher. In other words,
let us see if L6 = L1 and R6 = R1, assuming that L4 = L3 and R4 = R3 (no change in the ciphertext during
transmission). We first prove the equality for the middle text.

L5 = R4 ⊕ ƒ(L4, K2) = R3 ⊕ ƒ(R2, K2) = L2 ⊕ ƒ(R2, K2) ⊕ ƒ(R2, K2) = L2

R5 = L4 = L3 = R2

Then it is easy to prove that the equality holds for two plaintext blocks.

L6 = R5 ⊕ ƒ(L5, K1) = R2 ⊕ ƒ(L2, K1) = L1 ⊕ ƒ(R1, K1) ⊕ ƒ(R1, K1) = L1

R6 = L5 = L2 = R1

(2)Non-Feistel Ciphers
A non-Feistel cipher uses only invertible components. A component in the encryption cipher has the
corresponding component in the decryption cipher. For example, S-boxes need to have an equal number of
inputs and outputs to be compatible. No compression or expansion P-boxes are allowed, because they are not
invertible. In a non-Feistel cipher, there is no need to divide the plaintext into two halves as we saw in the
Feistel ciphers. Figure (1) can be thought of as a non-Feistel cipher because the only components in each
round are the exclusive-or operation (self-invertible), 2 × 2 S-boxes that can be designed to be invertible, and a
straight P-box that is invertible using the appropriate permutation table. Because each component is
invertible, it can be shown that each round is invertible. We only need to use the round keys in the reverse
order. The encryption uses round keys K1 and K2. The decryption algorithm needs to use round keys K2 and
K1.

STREAM CIPHERS
In stream cipher, one byte is encrypted at a time while in block cipher ~128 bits are encrypted at a
time. Initially, a key(k) will be supplied as input to pseudorandom bit generator and then it produces
a random 8-bit output which is treated as keystream. The resulted keystream will be of size 1 byte,
i.e., 8 bits. Stream ciphers are fast because they encrypt data bit by bit or byte by byte, which makes
them efficient for encrypting large amounts of data quickly.Stream ciphers work well for real-time
communication, such as video streaming or online gaming, because they can encrypt and decrypt
data as it’s being transmitted.

Key Points of Stream Cipher

1. Stream Cipher follows the sequence of pseudorandom number stream.

2. One of the benefits of following stream cipher is to make cryptanalysis more difficult, so the
number of bits chosen in the Keystream must be long in order to make cryptanalysis more
difficult.

3. By making the key more longer it is also safe against brute force attacks.

4. The longer the key the stronger security is achieved, preventing any attack.

5. Keystream can be designed more efficiently by including more number of 1s and 0s, for
making cryptanalysis more difficult.

6. Considerable benefit of a stream cipher is, it requires few lines of code compared to block
cipher.
 • Synchronous Stream Ciphers

• In a synchronous stream cipher, the key stream is independent of the plaintext or ciphertext
stream.

• The key stream is generated and used with no relationship between key bits and the plaintext
or ciphertext bits.

One-Time Pad

• The simplest and the most secure type of synchronous stream cipher is called the onetime
pad

• A one-time pad cipher uses a key stream that is randomly chosen for each encipherment.

• The encryption and decryption algorithms each use a single exclusive-or operation. Based on
properties of the exclusive-or operation, the encryption and decryption algorithms are
inverses of each other.

RC4 Encryption Algorithm

RC4 is a stream cipher and variable-length key algorithm. This algorithm encrypts one byte at a time
(or larger units at a time). A key input is a pseudorandom bit generator that produces a stream 8-bit
number that is unpredictable without knowledge of input key, The output of the generator is called
key-stream, is combined one byte at a time with the plaintext stream cipher using X-OR operation.

Key-Generation Algorithm – A variable-length key from 1 to 256 bytes is used to initialize a 256-byte
state vector S, with elements S[0] to S[255]. For encryption and decryption, a byte k is generated
from S by selecting one of the 255 entries in a systematic fashion, then the entries in S are permuted
again.

Key-Scheduling Algorithm: Initialization: The entries of S are set equal to the values from 0 to 255 in
ascending order, a temporary vector T, is created. If the length of the key k is 256 bytes, then k is
assigned to T. Otherwise, for a key with length(k-len) bytes, the first k-len elements of T as copied
from K, and then K is repeated as many times as necessary to fill T.

for

i = 0 to 255 do S[i] = i;

T[i] = K[i mod k - len];

we use T to produce the initial permutation of S. Starting with S[0] to S[255], and for each S[i]
algorithm swap it with another byte in S according to a scheme dictated by T[i], but S will still contain
values from 0 to 255 :

int j = 0;

for (int i = 0; i <= 255; i++) {

j = (j + S[i] + T[i]) % 256;

swap(S[i], S[j]); // Swap S[i] and S[j]

Pseudo random generation algorithm (Stream Generation): Once the vector S is initialized, the input
key will not be used. In this step, for each S[i] algorithm swap it with another byte in S according to a
scheme dictated by the current configuration of S. After reaching S[255] the process continues,
starting from S[0] again

i, j = 0;

while (true)

i = (i + 1)mod 256;

j = (j + S[i])mod 256;

Swap(S[i], S[j]);

t = (S[i] + S[j])mod 256;

k = S[t];
Encrypt using X-Or():

Features of the RC4 encryption algorithm:

1. Symmetric key algorithm: RC4 is a symmetric key encryption algorithm, which means that the
same key is used for encryption and decryption.

2. Stream cipher algorithm: RC4 is a stream cipher algorithm, which means that it encrypts and
decrypts data one byte at a time. It generates a key stream of pseudorandom bits that are
XORed with the plaintext to produce the ciphertext.

3. Variable key size: RC4 supports variable key sizes, from 40 bits to 2048 bits, making it flexible
for different security requirements.

4. Fast and efficient: RC4 is a fast and efficient encryption algorithm that is suitable for low-
power devices and applications that require high-speed data transmission.

5. Widely used: RC4 has been widely used in various applications, including wireless networks,
secure sockets layer (SSL), virtual private networks (VPN), and file encryption.

6. Vulnerabilities: RC4 has several vulnerabilities, including a bias in the first few bytes of the
keystream, which can be exploited to recover the key. As a result, RC4 is no longer
recommended for use in new applications.
• Encryption Procedure

• The user inputs a plain text file and a secret key.

• The encryption engine then generates the keystream by using KSA and PRGA Algorithm.

• This keystream is now XOR with the plain text, this XORing is done byte by byte to produce
the encrypted text.

• The encrypted text is then sent to the intended receiver, the intended receiver will then
decrypted the text and after decryption, the receiver will get the original plain text.

Data Encryption Standard

• The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST).

• DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size
is 64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the
64 bits of the key are not used by the encryption algorithm (function as check bits only).
The overall scheme for DES encryption is illustrated in Figure . As with any encryption scheme, there
are two inputs to the encryption function: the plaintext to be encrypted and the key. In this case, the
plaintext must be 64 bits in length and the key is 56 bits in length. Looking at the left-hand side of the
figure, we can see that the processing of the plaintext proceeds in three phases. First, the 64-bit
plaintext passes through an initial permutation (IP) that rearranges the bits to produce the permuted
input.

This is followed by a phase consisting of sixteen rounds of the same function, which involves both
permutation and substitution functions. The output of the last (sixteenth) round consists of 64 bits
that are a function of the input plaintext and the key. The left and right halves of the output are
swapped to produce the pre output. Finally, the pre output is passed through a permutation [IP-1 ]
that is the inverse of the initial permutation function, to produce the 64-bit ciphertext. With the
exception of the initial and final permutations, DES has the exact structure of a Feistel cipher, as
shown in Figure . The right-hand portion of Figure shows the way in which the 56-bit key is used.
Initially, the key is passed through a permutation function. Then, for each of the sixteen rounds, a
subkey (Ki ) is produced by the combination of a left circular shift and a permutation. The
permutation function is the same for each round, but a different subkey is produced because of the
repeated shifts of the key bits.

Initial and Final Permutation

The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of each
other. They have no cryptography significance in DES. The initial and final permutations are shown as
follows −

The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the rightmost
32 bits to produce a 32-bit output.

• Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we first
need to expand right input to 48 bits. Permutation logic is graphically depicted in the
following illustration −

• The graphically depicted permutation logic is generally described as table in DES specification
illustrated as shown −
• XOR (Whitener). − After the expansion permutation, DES does XOR operation on the
expanded right section and the round key. The round key is used only in this operation.

• Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-boxes,
each with a 6-bit input and a 4-bit output. Refer the following illustration −

• The S-box rule is illustrated below −

 • There are a total of eight S-box tables. The output of all eight s-boxes is then combined in to
32 bit section.

• Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight
permutation with rule shown in the following illustration:

Round Function
The main or important or we can say that the heart of this cipher is the DES function, (f). This DES
function applies 48-bit key cryptography to the rightmost 32 bits to produce a 32-bit output as a
right.

This function follows some steps,

• Expansion Permutation box

• Xor with the key of 48 bit.

• Substitution Box

• Permutation box.
DES Analysis
• The DES satisfies both the desired properties of block cipher. These two properties make
cipher very strong.

• Avalanche effect − A small change in plaintext results in the very great change in the
ciphertext.

• Completeness − Each bit of ciphertext depends on many bits of plaintext.

Strength- The strength of DES lies on two facts:

It is a symmetric key block cipher algorithm. The algorithm is based on Feistel network. The
algorithm uses a 56-bit key to encrypt data in 64-bit blocks. There are mainly two categories of
concerns about the strength of Data encryption standard. They are:

1. Concerns about the particular algorithm used.

2. Concerns about the usage of key of size 56-bit.

• a. The use of 56-bit keys: 56-bit key is used in encryption, there are 256 possible keys. A brute
force attack on such number of keys is impractical.

• b. The nature of algorithm: Cryptanalyst can perform cryptanalysis by exploiting the

characteristic of DES algorithm but no one has succeeded in finding out the weakness.

Weakness- Weakness has been found in the design of the cipher:

a. Two chosen input to an S-box can create the same output.
b. The purpose of initial and final permutation is not clear.

Double DES:

Double DES is a encryption technique which uses two instance of DES on same plain text. In
both instances it uses different keys to encrypt the plain text. Both keys are required at the
time of decryption. The 64 bit plain text goes into first DES instance which then converted into
a 64 bit middle text using the first key and then it goes to second DES instance which gives 64
bit cipher text by using second key.

However double DES uses 112 bit key but gives security level of 2^56 not 2^112 and this is
because of meet-in-the middle attack which can be used to break through double DES.

Triple DES:

Triple DES is a encryption technique which uses three instance of DES on same plain text. It
uses there different types of key choosing technique in first all used keys are different and in
second two keys are same and one is different and in third all keys are same.
Triple DES is also vulnerable to meet-in-the middle attack because of which it give total
security level of 2^112 instead of using 168 bit of key. The block collision attack can also be
done because of short block size and using same key to encrypt large size of text.

AES
AES stands for Advanced Encryption Standard and is a majorly used symmetric encryption
algorithm. It is mainly used for encryption and protection of electronic data. It was used as the
replacement of DES(Data encryption standard) as it is much faster and better than DES. AES
consists of three block ciphers and these ciphers are used to provide encryption of data.

History

AES was developed by NIST(National Institute of Standards and Technology) in 1997. It was
developed for replacing DES which was slow and was vulnerable to various attacks. So,
therefore, a new encryption algorithm was made to overcome the shortcomings of DES. AES
was then published on 26th November 2001.
 Characteristics

• AES has keys of three lengths which are of 128, 192, 256 bits.

• It is flexible and has implementation for software and hardware.

• It provides high security and can prevent many attacks.

• It doesn’t have any copyright so it can be easily used globally.

• It consists of 10 rounds of processing for 128 bit keys.

Advantages

• It can be implemented on both hardware and software.

• It provides high security to the users.

• It provides one of the best open source solutions for encryption.

• It is a very robust algorithm.

Disadvantages

• It requires many rounds for encryption.

• It is hard to implement on software.

• It needs much processing at different stages.

• It is difficult to implement when performance has to be considered.

Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES) is a specification for the encryption of electronic data
established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is
widely used today as it is much stronger than DES and triple DES despite being harder to
implement. In this article, we will cover the AES, the Working of Cipher and Encryption-
Decryption methods used in it, and its applications.
 What is Advanced Encryption Standard (AES)?

Advanced Encryption Standard (AES) is a highly trusted encryption algorithm used to secure
data by converting it into an unreadable format without the proper key. Developed by the
National Institute of Standards and Technology (NIST), AES encryption uses various key
lengths (128, 192, or 256 bits) to provide strong protection against unauthorized access.
This data security measure is efficient and widely implemented in securing internet
communication, protecting sensitive data, and encrypting files. AES, a cornerstone of modern
cryptography, is recognized globally for its ability to keep information safe from cyber threats.

Points to Remember

• AES is a Block Cipher.

• The key size can be 128/192/256 bits.

• Encrypts data in blocks of 128 bits each.

That means it takes 128 bits as input and outputs 128 bits of encrypted cipher text. AES relies
on the substitution-permutation network principle, which is performed using a series of linked
operations that involve replacing and shuffling the input data.

Working of The Cipher

AES performs operations on bytes of data rather than in bits. Since the block size is 128 bits,
the cipher processes 128 bits (or 16 bytes) of the input data at a time.

The number of rounds depends on the key length as follows :

• 128-bit key – 10 rounds

• 192-bit key – 12 rounds

• 256-bit key – 14 rounds

Creation of Round Keys

A Key Schedule algorithm calculates all the round keys from the key. So the initial key is used
to create many different round keys which will be used in the corresponding round of the
encryption.
 Creation of Round Keys (AES)

Encryption

AES considers each block as a 16-byte (4 byte x 4 byte = 128 ) grid in a column-major
arrangement.

[ b0 | b4 | b8 | b12 |
| b1 | b5 | b9 | b13 |
| b2 | b6 | b10| b14 |
| b3 | b7 | b11| b15 ]

Each round comprises of 4 steps :

• SubBytes

• ShiftRows
• MixColumns

• Add Round Key

The last round doesn’t have the MixColumns round.

The SubBytes does the substitution and ShiftRows and MixColumns perform the permutation
in the algorithm.

Sub Bytes

This step implements the substitution.

In this step, each byte is substituted by another byte. It is performed using a lookup table also
called the S-box. This substitution is done in a way that a byte is never substituted by itself
and also not substituted by another byte which is a compliment of the current byte. The result
of this step is a 16-byte (4 x 4 ) matrix like before.

The next two steps implement the permutation.

Shift Rows

This step is just as it sounds. Each row is shifted a particular number of times.

• The first row is not shifted

• The second row is shifted once to the left.

• The third row is shifted twice to the left.

• The fourth row is shifted thrice to the left.

(A left circular shift is performed.)

[ b0 | b1 | b2 | b3 ] [ b0 | b1 | b2 | b3 ]
| b4 | b5 | b6 | b7 | -> | b5 | b6 | b7 | b4 |
| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |
[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 | b14 ]

Mix Columns

Each column of four bytes is now transformed using a special mathematical function. This
function takes as input the four bytes of one column and outputs four completely new bytes,
which replace the original column. The result is another new matrix consisting of 16 new
bytes. It should be noted that this step is not performed in the last round.This step is a matrix
multiplication. Each column is multiplied with a specific matrix and thus the position of each
byte in the column is changed as a result.
This step is skipped in the last round.

[ c0 ] [ 2 3 1 1 ] [ b0 ]
| c1 | = | 1 2 3 1 | | b1 |
| c2 | | 1 1 2 3 | | b2 |
[ c3 ] [ 3 1 1 2 ] [ b3 ]

Add Round Keys

The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of
the round key. If this is the last round then the output is the ciphertext. Otherwise, the
resulting 128 bits are interpreted as 16 bytes and we begin another similar round.

Added Round Keys (AES)

After all these rounds 128 bits of encrypted data are given back as output. This process is
repeated until all the data to be encrypted undergoes this process.