Unit – II

Data Encryption Standard (DES)

DES (Data Encryption Standard) is a symmetric encryption algorithm that encrypts 64-bit data
blocks using a 56-bit key. It processes data through multiple transformation steps, with the
same key used for both encryption and decryption.Before the Advanced Encryption Standard
(AES) was introduced in 2001, DES (Data Encryption Standard) was the most commonly used
encryption method.
Key Facts About DES:
• Issued in 1977 by the National Bureau of Standards (now NIST).
• Encrypts 64-bit blocks of data using a 56-bit key.
• Transformation Process: The algorithm takes 64-bit data, processes it through several
steps, and outputs a 64-bit encrypted version of the data. The same steps (with the
same key) are used to decrypt the data back to its original form.

Block Cipher Design Principles

Block cipher security relies on three crucial factors: number of rounds, function F design, and
key scheduling. These aspects determine the strength of encryption and resistance to
cryptanalytic attacks.
1. Number of Rounds
The security of a Feistel cipher depends significantly on the number of rounds. More rounds
increase the difficulty of breaking encryption, even if the function F is not very strong. The key
idea is that cryptanalysis should require more effort than a simple brute-force attack.
For example, DES (Data Encryption Standard) uses 16 rounds to ensure strong encryption.
Cryptanalyst Bruce Schneier noted that differential cryptanalysis (a method to break ciphers) on
DES requires 2⁵⁵.¹ operations, which is slightly more than a brute-force attack requiring 2⁵⁵
operations. If DES had fewer than 16 rounds, differential cryptanalysis would require less effort
than brute force, making the cipher weaker.
2. Design of Function F
The F function is the core of a Feistel cipher, responsible for adding confusion—making it difficult
for attackers to reverse the encryption process. A well-designed F function ensures that even
small changes in the plaintext or key result in significant differences in the ciphertext.
Key Criteria for Function F
1. Nonlinearity: The function F must be highly nonlinear, meaning it should be hard to
approximate using simple equations. The more nonlinear F is, the harder it is to break the
cipher.
2. Avalanche Effect: A slight change in input should cause major changes in output. The Strict
Avalanche Criterion (SAC) states that flipping a single input bit should change each output
bit with a 50% probability.
3. Bit Independence Criterion (BIC): This ensures that when a single input bit changes,
different output bits change independently, making patterns harder to exploit.
3. Key Scheduling
Key scheduling refers to how a cipher derives multiple subkeys from the main key for each
round of encryption. A strong key schedule ensures:
• It is difficult to deduce individual subkeys.
• It is nearly impossible to work backward to derive the main key from subkeys.
Although no universal principles exist for key scheduling, some guidelines suggest that subkeys
should also follow SAC (strict avalanche criterion)and BIC(e bit independence criterion) to
prevent attackers from finding patterns in key expansion.

Multiple encryption And DES

Multiple encryption is a technique that applies an encryption algorithm more than once to
strengthen security. It typically involves using multiple keys and multiple encryption rounds to
make brute-force attacks more difficult. A common example is Triple DES (3DES), which encrypts
data three times using DES with two or three different keys. This method enhances security while
allowing compatibility with older encryption systems.
Double DES
Double DES is an encryption method that applies the DES algorithm twice using two different
56-bit keys (K1 and K2), resulting in an apparent 112-bit key strength. Encryption follows C =
E(K2, E(K1, P)), and decryption reverses the process as P = D(K1, D(K2, C)). However, it is
vulnerable to the meet-in-the-middle attack, which reduces its effective security to only 56 bits,
making it only slightly stronger than single DES.
Encryption Process:
• First, plaintext (P) is encrypted using the first key (K1):
X = E(K1, P)
• Then, the intermediate output (X) is encrypted again using the second key (K2):
C = E(K2, X) = E(K2, E(K1, P))
• This results in the ciphertext C, which is expected to be much harder to break than single
DES.
Decryption Process:
• The ciphertext is first decrypted using K2:
X = D(K2, C)
• Then, the intermediate output (X) is decrypted using K1 to recover the plaintext:
P = D(K1, X) = D(K1, D(K2, C))

Triple DES
Triple DES (3DES) is an encryption algorithm that applies the DES cipher three times using either
two or three distinct keys. The two-key version encrypts, decrypts, and then encrypts the data
again, while the three-key version uses three separate keys for encryption and decryption. It
provides stronger security than single DES, with a key size of 112 bits (two-key) or 168 bits (three-
key).
1. Two-Key Triple DES (2-Key 3DES)
Two-Key 3DES uses two keys to apply the Data Encryption Standard (DES) algorithm three times.
In this case, K1 and K2 are used, but K1 is applied for both the first and third encryption stages.
Process:
1. First stage: Encrypt the plaintext PPP using the first key K1.
C1=E(K1,P)
2. Second stage: Decrypt the result from the first stage using the second key K2.
C2=D(K2,C1)
3. Third stage: Encrypt the result from the second stage again using the first key K1.
C=E(K1,C2)
So, the final ciphertext C is generated by applying DES encryption and decryption with two keys
as follows:
Formula:
C=E(K1,D(K2,E(K1,P)))
Where:
• P = Plaintext
• C = Ciphertext
• K1,K2 = Two keys used
• E(K,X) = Encryption of X using key K
• D(K,X) = Decryption of X using key K
Decryption process:
1. First stage: Decrypt the ciphertext CCC using K1.
C2=D(K1,C)
2. Second stage: Encrypt the result from the first stage using K2.
C1=E(K2,C2)
3. Third stage: Decrypt the result from the second stage using K1.
P=D(K1,C1)
So, the decryption formula is:
P=D(K1,E(K2,D(K1,C)))
Security:
• Two-Key 3DES offers a key length of 112 bits (56-bit * 2) due to the use of two keys.
• While it's stronger than single DES (56-bit), it's still vulnerable to certain cryptographic
attacks like the meet-in-the-middle attack.

2. Three-Key Triple DES (3-Key 3DES)

Three-Key 3DES uses three distinct keys K1,K2,K3 for the three encryption/decryption stages.
This version offers better security compared to two-key 3DES because all three keys are
independent.
Process:
1. First stage: Encrypt the plaintext PPP using the first key K1.
C1=E(K1,P)
 2. Second stage: Decrypt the result from the first stage using the second key K2.
C2=D(K2,C1)
3. Third stage: Encrypt the result from the second stage using the third key K3.
C=E(K3,C2)So, the final ciphertext CCC is generated by applying DES encryption and
decryption with three different keys as follows:
Formula:
C=E(K3,D(K2,E(K1,P)))
Where:
• P = Plaintext
• C = Ciphertext
• K1,K2,K3 = Three distinct keys used
• E(K,X) = Encryption of X using key K
• D(K,X) = Decryption of X using key K
Decryption process:
1. First stage: Decrypt the ciphertext CCC using K3.
C2=D(K3,C)
2. Second stage: Encrypt the result from the first stage using K2K2K2.
C1=E(K2,C2)
3. Third stage: Decrypt the result from the second stage using K1K1K1.
P=D(K1,C1)
So, the decryption formula is:
P=D(K1,E(K2,D(K3,C)))

Principle of Public Key Cryptosystem

A public-key cryptosystem (also known as asymmetric cryptography) uses a pair of related keys
for secure communication: a public key (used for encryption) and a private key (used for
decryption). The central idea is that while the public key can be freely distributed, the private
key must remain secret. The security of the system relies on the difficulty of deriving the private
key from the public key.
Key Components of a Public-Key Cryptosystem:
 1. Plaintext:
The plaintext is the original, readable message or data that is input into the
cryptographic system. It is what needs to be securely transmitted.
2. Encryption Algorithm:
The encryption algorithm is used to transform the plaintext into ciphertext using the
public key. The encryption process applies a mathematical function to the plaintext,
which makes it unreadable to anyone without the corresponding private key.
3. Public and Private Keys:
o Public Key: A key that is available to everyone. It is used for encryption and is
shared widely. In a public-key cryptosystem, anyone who wants to send a secure
message to the key owner can use this public key.
o Private Key: The private key is kept secret by the user and is used for decryption.
The private key is kept private, ensuring that only the intended recipient of the
message can decrypt and read it.
4. Ciphertext:
Ciphertext is the encrypted message produced by applying the encryption algorithm to
the plaintext. This message is unreadable and can only be decrypted using the private
key associated with the public key used for encryption.
5. Decryption Algorithm:
The decryption algorithm takes the ciphertext and the private key as input and reverses
the encryption process to recover the original plaintext message. Only the private key
can decrypt messages encrypted with the corresponding public key.
Steps in Public-Key Encryption:
1. Key Generation:
Each participant in a public-key system generates a pair of keys: one public and one
private. The private key is kept secret, while the public key is shared publicly.
2. Encryption:
The sender uses the recipient's public key to encrypt the plaintext message. This ensures
that only the recipient, who possesses the corresponding private key, can decrypt and
read the message.
3. Decryption:
The recipient uses their private key to decrypt the ciphertext and recover the original
plaintext message.
Applications of Public Key Cryptosystem:
1. Encryption/Decryption:
o Public-key cryptography ensures that only the recipient, who has the
corresponding private key, can decrypt a message encrypted with their public
key.
o It allows secure communication even if the communication channel is insecure,
as only the holder of the private key can read the message.
2. Digital Signatures:
o Digital signatures provide authenticity and integrity to messages.
o In this process, the sender creates a signature using their private key, and the
recipient verifies the signature using the sender's public key.
o This ensures that the message was indeed sent by the claimed sender
(authentication) and has not been altered during transmission (integrity).
3. Key Exchange:
o Public-key cryptography allows secure exchange of symmetric encryption keys
over an insecure channel.
o The most common key exchange method is Diffie-Hellman, which allows two
parties to securely exchange keys over an open communication channel. Once
the key exchange is done, the symmetric key can be used for faster encryption
and decryption of messages.
Requirements for a Public Key Cryptosystem:
1. Security of Private Key:
The system's security depends on the confidentiality of the private key. If the private key
is compromised, the security of the system is broken.
2. Computational Infeasibility of Private Key Derivation:
It must be computationally infeasible to derive the private key from the public key. This
ensures that the public key can be freely distributed without risking the system's
security.
3. Efficiency:
The encryption and decryption operations should be computationally efficient enough to
be practical for use in real-world applications, such as secure email or online
transactions.
 4. Key Pair Generation:
The system must be able to securely generate key pairs. This process must ensure that
the public key cannot be easily linked to the private key.
Public Key Cryptanalysis:
Public-key cryptanalysis refers to the study of methods to break or exploit weaknesses in public-
key systems. The security of most public-key systems is based on the difficulty of certain
mathematical problems, such as:
1. Factoring Large Numbers
2. Discrete Logarithm Problem
3. Elliptic Curve Cryptography (ECC)
4. Brute Force and Attack Methods

RSA Algorithm
The Rivest-Shamir-Adleman (RSA) algorithm, introduced in 1978, is one of the most widely
used public-key cryptographic systems. RSA relies on the difficulty of factoring large numbers
and is the most popular encryption technique for secure data transmission.
Key Concepts and Components
1. Plaintext and Ciphertext:
In RSA, the plaintext and ciphertext are represented as integers between 0 and n−1,
where n is a large number typically about 1024 bits in size. The message is encrypted in
blocks, each having a binary value less than n.
2. Public Key and Private Key:
The RSA algorithm uses two keys:
o Public Key (PU): Consists of two values, e (the public exponent) and n (the
modulus), which are used for encryption.
o Private Key (PR): Consists of d (the private exponent) and n, used for decryption.
3. Encryption and Decryption:
o Encryption: The encryption formula is C=Memod n, where MMM is the plaintext
message and Cis the ciphertext.
o Decryption: The decryption formula is M=Cdmod n, where C is the ciphertext,
and M is the original message.
The sender encrypts the message using the receiver's public key, and the receiver decrypts it
using their private key.

Applications of RSA
1. Encryption and Decryption:
RSA is widely used to secure data during transmission, where the public key encrypts the
data and the private key decrypts it.
2. Digital Signatures:
RSA is also used to generate digital signatures, ensuring the authenticity and integrity of
messages. The sender signs the message with their private key, and the receiver verifies
the signature with the sender's public key.
3. Key Exchange:
RSA can be used for secure key exchange, where two parties can securely exchange a
symmetric key for faster encryption after using RSA for initial secure communication.
Computational and Cryptanalytical Considerations
• Efficiency:
RSA is computationally expensive due to the large exponentiations involved in
encryption and decryption. However, its strength lies in the computational difficulty of
factoring large numbers.
• Cryptanalysis:
The primary attack on RSA is factorization. If an attacker can factor n into p and q, they
can compute P(n) and derive the private key d. Therefore, selecting sufficiently large
prime numbers for p and q is essential for maintaining security.