Scribd
Upload
5 views7 pages

2

Feistel ciphers utilize self-invertible, invertible, and noninvertible components, with a focus on a mixer function that combines exclusive-OR operations with noninvertible functions for encryption and decryption. Modern stream ciphers, including synchronous and non-synchronous types, rely on bit streams for encryption and decryption, with the one-time pad being a notable secure example. Attacks on block ciphers, such as chosen-plaintext attacks and linear cryptanalysis, exploit relationships between plaintext and ciphertext to infer information about the encryption key.

Uploaded by

cseagirls2026
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views7 pages

2

Feistel ciphers utilize self-invertible, invertible, and noninvertible components, with a focus on a mixer function that combines exclusive-OR operations with noninvertible functions for encryption and decryption. Modern stream ciphers, including synchronous and non-synchronous types, rely on bit streams for encryption and decryption, with the one-time pad being a notable secure example. Attacks on block ciphers, such as chosen-plaintext attacks and linear cryptanalysis, exploit relationships between plaintext and ciphertext to infer information about the encryption key.

Uploaded by

cseagirls2026
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Feistel Ciphers

A Feistel cipher can have three types of components: self-invertible, invertible, and noninvertible.

A Feistel cipher combines all noninvertible elements in a unit and uses the same unit in the encryption
and decryption algorithms.

First Thought:
The effects of a noninvertible component in the encryption algorithm can be canceled in the
decryption algorithm if we use an exclusive-or operation.

 a noninvertible function, ƒ(K), accepts the key as the input.


 The output of this component is exclusive-ored with the plaintext.
 The result becomes the ciphertext.
 We call the combination of the function and the exclusive-or operation the mixer (for lack of
another name).
 The mixer in the Feistel design is self-invertible.

Improvement:
divide the plaintext and the ciphertext into two equal-length blocks, left and right.
We call the left block L and the right block R.
Let the right block be the input to the function, and let the left block be exclusive-ored with the function
output.
the right section of plaintext in the encryption and the right section of the ciphertext in the decryption
must be the same.
Final Design:
 Increase the number of rounds. Second, add a new element to each round: a swapper.
 The effect of the swapper in the encryption round is canceled by the effect of the swapper in
the decryption round
Non-Feistel Ciphers:
 A non-Feistel cipher uses only invertible components.
 A component in the encryption cipher has the corresponding component in the decryption
cipher.
 S-boxes
 need to have an equal number of inputs and outputs to be compatible.
 No compression or expansion P-boxes are allowed, because they are not invertible.
 In a non-Feistel cipher, there is no need to divide the plaintext into two halves.

example of Non - Feistel Cipher:


MODERN STREAM CIPHERS
Modern stream cipher, encryption and decryption are done r bits at a time.
We have a plaintext bit stream P = pn…p2p1, a ciphertext bit stream C = cn…c2c1, and a key bit
stream K = kn…k2k1, in which pi , ci , and ki are r-bit words. Encryption is ci = E (ki, pi), and decryption
is pi = D (ki, ci).

Modern stream ciphers are divided into two broad categories:


1. Synchronous
2. Non-synchronous

Synchronous Stream Ciphers:


In a synchronous stream cipher, the key stream is independent of the plaintext or ciphertext stream.

One-Time Pad:
 The simplest and the most secure type of synchronous stream cipher is called the onetime
 pad.
 invented and patented by Gilbert Vernam.
 It is an unbreakable cipher.
 A one-time pad cipher uses a key stream that is randomly chosen for each encipherment.

Key characteristics of a one-time pad:

 Key Length: The key must be at least as long as the message and completely random.
 Key Use: The key is used only once and never repeated.
 Security: If the key is truly random, kept secret, and used only once, the ciphertext
(encrypted message) is completely unbreakable

How it works:

Each character in the plaintext is XORed with the corresponding character in the random key.
Feedback Shift Register:
 An FSR can be implemented in either software or hardware.
 A feedback shift register is made of a shift register and a feedback function.

The shift register is a sequence of m cells, b0 to bm−1, where each cell holds a single bit.
The cells are initialized to an m-bit word, called the initial value or the seed.
Whenever an output bit is needed (for example, in a click of time), every bit is shifted one cell to the
right.
The rightmost cell, b0, gives its value as output (ki); the leftmost cell, bm−1, receives its value from the
feedback function.
We call the output of the feedback function bm.
A feedback shift register two types:
1. linear feedback shift register
2. nonlinear feedback shift register

Linear Feedback Shift Register:

In a linear feedback shift register (LFSR), bm is a linear function of b0, b1, …, bm−1.
Nonlinear Feedback Shift Register:
An NLFSR has the same structure as an LFSR except that the bm is the nonlinear function of b0, b1,
…, bm.

where AND means bit-wise and operation, OR means bit-wise or operation.

Non-synchronous Stream Ciphers:


In a nonsynchronous stream cipher, each key in the key stream depends on previous
plaintext or ciphertext.

Attacks on Block Ciphers:


Also called chosen-plaintext attack.
A chosen-plaintext attack (CPA) is a type of cryptanalysis where an attacker can choose arbitrary
plaintexts and obtain their corresponding ciphertext.

How It Works

1. Selection of Plaintext: The attacker selects one or more plaintext messages.


2. Encryption Access: The attacker is able to encrypt these plaintexts using the target
encryption algorithm.
3. Analysis: The attacker studies the relationship between the plaintexts and the
resulting ciphertexts to infer information about the encryption key or algorithm.

Algorithm Analysis:

To find a relationship between the plaintext differences and ciphertext differences without knowing the
key.

Launching a Chosen-Plaintext Attack:


After the analysis, which can be done once and kept for future uses as long as the structure of the
cipher does not change.

Guessing the Key Value


find some plaintext-ciphertext pairs that allow her to guess the value of the key.

Linear Cryptanalysis:
The cipher is made of a single round, as shown in Figure 5.20,
where c0, c1, and c2 represent the three bits in the output
x0, x1, and x2 represent the three bits in the input of the S-box.
The S-box is a linear transformation in which each output is a linear function of input, as we discussed
earlier in this chapter. With this linear component, we can create three linear equations between
plaintext and ciphertext bits, as shown below:
Solving for three unknowns, we get

Linear Approximation:
In some modern block ciphers, it may happen that some S-boxes are not totally nonlinear; they can
be approximated, probabilistically, by some linear functions. In general, given a cipher with plaintext
and ciphertext of n bits and a key of m bits, we are looking for some equations of the form:

where 1 ≤ x ≤ m, 1 ≤ y ≤ n, and 1 ≤ z ≤ n.
The bits in the intercepted plaintext and ciphertext can be used to find the key bits.

You might also like