UNIT-2

Classical Cryptography
&
Symmetric Key Cryptography

Unit weightage : 20% (12 marks)

Information Security (CE5006)

 Outline
 Classical Cryptography
• Symmetric cipher model
• Substitution techniques
• Transposition techniques
• Steganography

 Symmetric Key Cryptography

• Block cipher principles
• Substitution-Permutation networks
• Data Encryption Standard (DES)
• Block cipher modes of operation

Unit-2: Classical and Symmentric Key Cryptography 2

 Model for Network Security
Trusted third party
(e.g., arbiter, distributer
of secret information)

Sender Recipient
Security -related Info. Security -related
Channel

Message

Message
Message

Message
Transformation Transformation

Secure
Secure

Secret Secret
Information Opponent Information
(Attacker)

Unit-2: Classical and Symmentric Key Cryptography 3

 Encryption and Decryption

Hello f7#er Hello

Sender Encryption Decryption Receiver

Unit-2: Classical and Symmentric Key Cryptography 4

 Symmetric Cipher Model (Conventional Encryption)
Secret key shared by Secret key shared by
sender and recipient sender and recipient
K K
Transmitted
cipher text
Y = E(K, X)
X X
Plaintext Encryption Algorithm Decryption Algorithm Plaintext
input (e.g. AES) (reverse of encryption output
algorithm)
 Plaintext
The secretiskey
Decryption
Ciphertext
An original the
the isoriginal
isalgorithm
message also isis intelligible
input
scrambled to the
essentially
message
known message
asencryption
the oralgorithm.
encryption
produced
the plaintext,data that the
is fed
algorithm
as output.
while runinto
codedin
 the
The algorithm
key isison
reverse.
It depends
message aas
calledthe input.
value independent
plaintext
the of thekey.
and the secret
ciphertext. plaintext and of the
 Encryption
algorithm.
It
Thetakes
ciphertext
process ofalgorithm
the ciphertext andperforms
is an apparently
converting the secret
from randomvarious
key
plaintext and
stream substitutions
produces isthe
of data
to ciphertext and
original
and,
known as it
as
 transformations
The algorithm
plaintext.
stands, on
orwill
is unintelligible.
enciphering the plaintext.
produce
encryption; a restoring
different output depending
the plaintext on the
from
specific
ciphertextkeyisbeing used at or
deciphering thedecryption.
time.
Unit-2: Classical and Symmentric Key Cryptography 5
 Terminology
 Plaintext: original message
 Ciphertext: encrypted or coded message
 Encryption: convert from plaintext to ciphertext (enciphering)
 Decryption: restore the plaintext from ciphertext (deciphering)
 Key: information used in cipher known only to sender/receiver
 Cipher: a particular algorithm (cryptographic system)
 Cryptography: study of algorithms used for encryption
 Cryptanalysis: study of techniques used for decryption without
knowledge of plaintext
 Cryptology: areas of cryptography and cryptanalysis

Unit-2: Classical and Symmentric Key Cryptography 6

 Cryptography and Cryptanalysis
 Cryptography(Secret Writing) is the process of protecting
information by transforming it into a secure (unreadable) format.

Hello Cryptography $!dzx

 Cryptanalysis is the decryption and analysis of encrypted text.

Cryptanalysis uses mathematical formulas to search algorithm
vulnerabilities and break into cryptography.

$!dzx Cryptanalysis Hello

Unit-2: Classical and Symmentric Key Cryptography 7

 An opponent, observing Y but not having access to K or X, may
attempt to recover X or K or both X and K.
 If the opponent is interested in only this particular message, then
he will focus to recover X by generating a plaintext estimate .
 Often, however, the opponent is interested in being able to read
future messages as well, in which case an attempt is made to
recover K by generating an estimate .
 Requirements and Assumptions
 Requirements for secure use of symmetric encryption:
1. Strong encryption algorithm: Given the algorithm and cipher text,
an attacker cannot obtain key or plaintext.
2. Shared secret keys: sender and receiver both have shared a
secret key; no-one else knows the key(keep it secret).
 Assumptions:
 Cipher is known
 Secure channel to distribute keys

Unit-2: Classical and Symmentric Key Cryptography 9

 Cryptanalysis and Brute-Force Attack
 Objective of attacker: recover key (not just message)
 Approaches of attacker:
 Cryptanalysis: Cryptanalysis is used to break cryptographic
security systems and gain access to the contents of the encrypted
message, even if cryptographic key is unknown.

 Brute-force attack: The attacker tries every possible key on a piece

of ciphertext until an intelligible translation into plaintext is
obtained.
 On average, half of all possible keys must be tried to achieve
success.

Unit-2: Classical and Symmentric Key Cryptography 10

 Attacks on Encrypted Messages
Type of Attack Known to cryptanalyst
Ciphertext Only Encryption algorithm, Ciphertext

Unit-2: Classical and Symmentric Key Cryptography 11

 Attacks on Encrypted Messages
Type of Attack Known to cryptanalyst
Known Plaintext Encryption algorithm, Ciphertext, One or more plaintext-
cipher text pairs formed with the secret key

Unit-2: Classical and Symmentric Key Cryptography 12

 Attacks on Encrypted Messages
Type of Attack Known to cryptanalyst
Chosen Plaintext Encryption algorithm, Ciphertext, Plaintext message chosen by
cryptanalyst

Unit-2: Classical and Symmentric Key Cryptography 13

 Attacks on Encrypted Messages
Type of Attack Known to cryptanalyst
Chosen Encryption algorithm, Ciphertext, Ciphertext chosen by
Ciphertext cryptanalyst, with its corresponding decrypted plaintext
generated with the secret key

Unit-2: Classical and Symmentric Key Cryptography 14

 Attacks on Encrypted Messages
Type of Attack Known to cryptanalyst
Chosen text Encryption algorithm, Ciphertext, Plaintext chosen by
cryptanalyst, with its corresponding ciphertext generated with
the secret key , Ciphertext chosen by cryptanalyst, with its
corresponding decrypted plaintext generated with the secret
key

Unit-2: Classical and Symmentric Key Cryptography 15

  There is no encryption algorithm that is unconditionally secure.
 Therefore, all that the users of an encryption algorithm can strive for is
an algorithm that meets one or both of the following criteria:

1. The cost of breaking the cipher exceeds the value of the encrypted
information.
2. The time required to break the cipher exceeds the useful lifetime of the
information.

 An encryption scheme is said to be computationally secure if either of

the foregoing two criteria are met. The rub is that it is very difficult to
estimate the amount of effort required to cryptanalyze ciphertext
successfully.
Unit-2: Classical and Symmentric Key Cryptography 16
 Substitution Techniques
 A substitution technique is one in which the letters of plaintext are
replaced by other letters or by numbers or symbols.
 If plaintext viewed as sequence of bits, replace plaintext bit
patterns with ciphertext bit patterns.
1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad

Unit-2: Classical and Symmentric Key Cryptography 17

 1. Caesar Cipher
 The Caesar Cipher involves replacing each letter of the alphabet
with the letter standing three places further down the alphabet.
 For encryption algorithm is:

C = E(3, P) = (P + 3) mod 26
 For decryption algorithm is:

P = D(3, C) = (C - 3) mod 26

Unit-2: Classical and Symmentric Key Cryptography 18

 Caesar Cipher (Cont…)
 Let us assign a numerical equivalent to each letter
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25

C = E(3, P) = (P + 3) mod 26
Plain: a b c d e f g h i j k l m n o p q r s t u v w x y
z
Cipher: d e f g h i j k l m n o p q r s t u v w x y z a b
Example:
c
Plaintext: THE QUICK BROWN FOX
Ciphertext: WKH TXLFN EURZQ IRA

Unit-2: Classical and Symmentric Key Cryptography 19

 Caesar Cipher (Cont…)
 Generalised Caesar Cipher
• Allow shift by k positions.
• Encryption : C = E(K, P) = (P + K) mod 26

• Decryption : P = D(K, C) = (C - K) mod 26

 Modulo for negative number is = N- (B%N)

 Example :
-11 mod 26 = 15
26-(11%26) = 15

Unit-2: Classical and Symmentric Key Cryptography 20

 Caesar Cipher Examples
1. Plaintext: networksecurity 2. Cipher: exxegoexsrgi
Key: 7
Cipher: uladvyrzljbypaf Key: 4 attackatonce
Plaintext :
3. Cipher: kyzj dvjjrxv zj vetipgkvu
Key: 17
Plain: this message is encrypted
4. Plain: information security
Key: l
Cipher: tyqzcxletzy dpnfctej

Unit-2: Classical and Symmentric Key Cryptography 21

 Brute force attack on Caesar Cipher
 The encryption and decryption algorithms are known.
 There are only 25 keys to try, e.g. k=1, k=2, …
 The language of the plaintext is known and easily recognizable.

Unit-2: Classical and Symmentric Key Cryptography 22

 Brute force attack on Caesar Cipher
Ciphertext: ZNK WAOIQ HXUCT LUD
Key Transformed text Key Transformed text
1 YMJ VZNHP GWTBS KTC 14 LZW IMAUC TJGOF XGP
2 XLI UYMGO FVSAR JSB 15 KYV HLZTB SIFNE WFO
3 WKH TXLFN EURZQ IRA 16 JXU GKYSA RHEMD VEN
4 VJG SWKEM DTQYP HQZ 17 IWT FJXRZ QGDLC UDM
5 UIF RVJDL CSPXOGPY
18 HVS EIWQY PFCKB TCL
6 THE QUICK BROWN FOX
19 GUR DHVPX OEBJA SBK
7 SGD PTHBJ AQNVM ENW
8 RFC OSGAI ZPMUL DMV 20 FTQ CGUOW NDAIZ RAJ
9 QEB NRFZH YOLTK CLU 21 ESP BFTNV MCZHY QZI
10 PDA MQEYG XNKSJ BKT 22 DRO AESMU LBYGX PYH
11 OCZ LPDXF WMJRI AJS 23 CQN ZDRLT KAXFW OXG
12 NBY KOCWE VLIQH ZIR 24 BPM YCQKS JZWEV NWF
13 MAX JNBVD UKHPG YHQ 25 AOL XBPJR IYVDU MVE
Unit-2: Classical and Symmentric Key Cryptography 23
 Substitution Techniques
1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad

Unit-2: Classical and Symmentric Key Cryptography 24

 2. Monoalphabetic Cipher (Simple substitution)
 It is an improvement to the Caesar Cipher.
 Instead of shifting the alphabets by some number, this scheme
uses some permutation of the letters in alphabet.
 Use a single alphabet for both plaintext and cipher text.
Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
Cipher: y n l k x b s h m i w d p j r o q v f e a u g t z c
Example:
 Cipher: kxlvzofemrj
 Plaintext: decrypstion
 Try Brute force attack :
• With 26 letters in alphabet, the possible permutations are 26!
Keys (>4x1026)

Unit-2: Classical and Symmentric Key Cryptography 25

 2. Monoalphabetic Cipher (Simple substitution)
 As a first step, the relative frequency of the letters can be
determined and compared to a standard frequency distribution
for English,

Unit-2: Classical and Symmentric Key Cryptography 26

 Attack on Monoalphabetic Cipher
 The relative frequencies of the letters in the ciphertext (in %) are

Ciphertext:
uzqsovuohxmopvgpozpevsgzwszopfpesxudbmetsxaizvuephzhmdzshz
owsfpappdtsvpquzwymxuzuhsxepyepopdzszufpombzwpfupzhmdjudtm
ohmq
 In our ciphertext, the most common digram is ZW, which appears
three times. So equate Z with t, W with h and P with e.
 Now notice that the sequence ZWP appears in the ciphertext, and
we can translate that sequence as “the.”
Unit-2: Classical and Symmentric Key Cryptography 27
 Attack on Monoalphabetic Cipher

Unit-2: Classical and Symmentric Key Cryptography 28

 Attack on Monoalphabetic Cipher (Cont…)
 If the cryptanalyst knows the nature of the plaintext, then the
analyst can exploit the regularities of the language.
 The relative frequency of the letters can be determined and
compared to a standard frequency distribution for English.
 If the message were long enough, this technique alone might be
sufficient, but because this is a relatively short message, we
cannot expect an exact match.

Unit-2: Classical and Symmentric Key Cryptography 29

 Substitution Techniques
1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad

Unit-2: Classical and Symmentric Key Cryptography 30

 3. Playfair Cipher
 The Playfair algorithm is based on a 5 × 5 matrix (key) of letters.
 The matrix is constructed by filling in the letters of the keyword
(minus duplicates) from left to right and from top to bottom, and
then filling in the remainder of the matrix with the remaining
letters in alphabetic order. The letters I and J count as one letter.
O C U R E
Example: N A B D F
Keyword= OCCURRENCE
Plaintext= TALL TREES G H I/J K L
M P Q S T
V W X Y Z

Unit-2: Classical and Symmentric Key Cryptography 31

 Playfair Cipher - Encrypt Plaintext
 Operate on pair of letters (digram) at a time.
 Special: if digram with same letters appears, separate by special
letter (e.g. x)
Plaintext= TALL TREES
Plaintext= TA LX LT RE ES
 If there is an odd number of letters, then add uncommon letter to
complete digram, a X/Z may be added to the last letter.
Plaintext= NETWORK
Plaintext= NE TW OR KX

Unit-2: Classical and Symmentric Key Cryptography 32

 Playfair Cipher - Encrypt Plaintext
 Map each pair in key matrix
O C U R E
Plaintext: TA LX LT RE ES
N A B D F
Ciphertext: PF IZ TZ EO RT
G H I/J K L
M P Q S T
V W X Y Z
 If the
theletters
lettersare
letters on different
appear
appear ononthe rows
thesame
sameand columns,
column,
row, replace
replace
replace themthem
them withwith
with the
the letters
letters on other
toimmediately
their corner
immediate of
below, the
right same row.
wrapping
respectively,
around
wrapping
to thearound
top to
if
 The
the order
necessary.
left sideisofimportant - the first letter of the pair should be
the row if necessary.
 replaced
For example,first. using the table above,
above, the
the letter
letter pair
pair RE
LT would be
 For example,
encoded TZ.using the table above, the letter pair TA would be
as EO.
encoded as PF.
Unit-2: Classical and Symmentric Key Cryptography 33
 Playfair Cipher - Is it Breakable?
 Better than monoalphabetic: relative frequency of digrams much
less than of individual letters.
 But relatively easy (digrams, trigrams, expected words)

Unit-2: Classical and Symmentric Key Cryptography 34

 Playfair Cipher Examples
1. Key= “engineering ” Plaintext= “test this process ”
2. Key= “keyword ” Plaintext= “come to the window”
3. Key= “moonmission ” Plaintext= “greet ”
E N G I R Encrypted Message: K E Y W O Encrypted Message:
A B C D F pi tu pm gt ue R D A B C Lc nk zk vf yo
H K L M O lf gp xg F G H I L gq ce bw
P Q S T U M N P Q S
V W X Y Z T U V X Z

M O N I S Encrypted Message:
A B C D E hq cz du
F G H K L
P Q R T U
V W X Y Z

Unit-2: Classical and Symmentric Key Cryptography 35

 Playfair Cipher Examples
4. Key: EXAMPLE
Ciphertext: UA ARBED EXAPO PR QNX AXANR
E X A M P
L B C D F
G H I/J K N
O Q R S T
U V W Y Z

Pair: UA AR BE DE XA PO PR QN XA XA NR
Plaintext: we wi lx lm ex et at th ex ex it
Plaintext: we wilxl mexet at thex exit
Plaintext: we will meet at the exit
Unit-2: Classical and Symmentric Key Cryptography 36
 Playfair Cipher 6*6 Matrix Examples
5. Keyword: FRIENDS4EVER
Key: FRIENDS4V

Rules :

 Enter the secret (password) which may contain numerals and alphabets.
 Find out the keyword by dropping the duplicate letters of key.
 Arrange the keyword in 6 X 6 matrix row-wise: left to right and then top-to-
bottom.
 Fill the remaining spaces in the matrix with the rest of numerals (0-9) and
alphabets (A-Z) that were not the part of our keyword.

Unit-2: Classical and Symmentric Key Cryptography 37

 Substitution Techniques
1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad

Unit-2: Classical and Symmentric Key Cryptography 38

 4. Hill Cipher
 Hill cipher is based on linear algebra
 Each letter is represented by numbers from 0 to 25 and
calculations are done using modulo 26.
 Encryption and decryption can be given by the following formula:
Encryption: C=PK mod 26

Decryption: P=CK-1 mod 26

mod 26

Unit-2: Classical and Symmentric Key Cryptography 39

 Hill Cipher Encryption
 To encrypt a message using the Hill Cipher we must first turn our
keyword and plaintext into a matrix (a 2 x 2 matrix or a 3 x 3
matrix, etc).
Example: Key = “HILL”, Plaintext = “EXAM”
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25

Unit-2: Classical and Symmentric Key Cryptography 40

 Hill Cipher Encryption (Cont…)
== Plaintext
( X )( M ) (23 )( 12)
E A
=
4 0

C=PK mod 26
( 7
11
8
11 )( )4
23 ( 7
11
8
11 )( )
0
12

x 4 + 8 x 23 = 212 x 0 + 8 x 12 = 96
x 4 + 11 x 23 = 297 x 0 + 11 x 12 = 132

( 7
11
8
11 )( ) (
4
23
=
2 12
297 ) ( 7
11
8
11 )( ) (
0
12
=
96
132 )
= mod 26 = = mod 26 =

Ciphertext = “ELSC”
Unit-2: Classical and Symmentric Key Cryptography 41
 Hill Cipher Decryption
-1
P=CK mod 26
Step 1: Find Inverse of key matrix
Step 2: Multiply the Multiplicative Inverse of the Determinant by the
Adjoin Matrix
Step 3: Multiply inverse key matrix with ciphertext matrix to obtain
plaintext matrix

Unit-2: Classical and Symmentric Key Cryptography 42

 Step 1: Inverse of key matrix
2 X 2 inverse of matrix

[ ] [ ]
−1
a b 1 d −b
=
c d ad − cb −c a

3 X 3 inverse of matrix

−1 1
A = ∙ adjoin( A )
determinant ( A )

Unit-2: Classical and Symmentric Key Cryptography 43

 Step 1: Inverse of key matrix
( ) ( )
−1
1
I nverse Key ¿ 7 8 = 11 −8
11 11 77 − 88 − 11 7

¿
1 11
− 11 − 1 1 ( −8
7 )
 -11 mod 26 = 15
¿
1 11
15 15 ( 18
7 )
mod 26  Because, modulo for negative
number is = N- (B%N)
= 26 – (11%26)

Unit-2: Classical and Symmentric Key Cryptography 44

 Step 2: Modular (Multiplicative) inverse
 The inverse of a number A is 1/A since A * 1/A = 1
e.g. the inverse of 5 is 1/5
 In modular arithmetic we do not have a division operation.
 The modular inverse of A (mod C) is A-1
 (A * A-1) ≡ 1 (mod C)
 (A * A-1) mod C = 1 ---------------------------------------------------------- Formula
Example-1:
 The modular inverse of A mod C is the B value and If value of A = 3, C = 11 then Calculate A-1
from formula.

A * A-1 mod C = 1 = 3 * A-1 mod 11 = 1 = 3 * 4 mod 11 = 1

Since (3*4) mod 11 = 1, 4 is modulo inverse of 3

Example-2:
A * A-1 mod C = 1 12
A = 10, C = 17 , A-1 = ?
Unit-2: Classical and Symmentric Key Cryptography 45
 Step 2: Modular (Multiplicative) inverse
Determinants’ multiplicative inverse Modulo 26
Determinant 1 3 5 7 9 11 15 17 19 21 23 25

Inverse Modulo 26 1 9 21 15 3 19 7 23 11 5 17 25

¿
1
15 ( 11
15
18
7 ) mod 26
 Multiplicative inverse of is 7

Unit-2: Classical and Symmentric Key Cryptography 46

 Step 2: Multiply with adjoin of matrix
¿7
( 11
15 ) ( 18
7
=
77
105
1 26
49 ) (
=
25
1
22
23 )
mod 26

¿ thus , if K =
(11X%Y
7 8
11 )
= X-(X/Y)*Y
−1
then K =
25
1 ( 22
23 )
77%26 = 77-(77/26)*26
= 77-(2)*26
= 77-52
= 25

Unit-2: Classical and Symmentric Key Cryptography 47

 Hill Cipher Encryption (Cont…)
= Ciphertext
( L )( C ) (11)( 2 )
E S
=
4 18

P=CK-1 mod 26
( 25
1
22
23 )( )4
11 ( 25
1
22
23 )( )
18
2
x 4 + 22 x 11 = 342 x 18 + 22 x 2 = 494
x 4 + 23 x 11 = 257 x 18 + 23 x 2 = 64

( 25
1
22
23 )( ) (
4
11
=
342
257 ) ( 7
11
8
11 )( ) (
0
12
=
494
64 )
= mod 26 = = mod 26 =

Plaintext = “EXAM”
Unit-2: Classical and Symmentric Key Cryptography 48
 Hill Cipher Examples
1. Key: Hill Plaintext: short example
Ciphertext: APADJ TFTWLFJ
2. Key: ACBA Plaintext: DR GREER ROCKS (A=1, B=2,
…)
Ciphertext: FZIFTOTBXGPO
3. Key:DACB Ciphertext: SAKNOXAOJ (A=1,B=2,…)
Plaintext: WELOVEMATH

Unit-2: Classical and Symmentric Key Cryptography 49

 Substitution Techniques
1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad

Unit-2: Classical and Symmentric Key Cryptography 50

 5. Polyalphabetic Cipher
 Monoalphabetic cipher encoded using only one fixed alphabet
 Polyalphabetic cipher is a substitution cipher in which the cipher
alphabet for the plain alphabet may be different at different
places during the encryption process.
1. Vigenere cipher
2. Vernam cipher

Unit-2: Classical and Symmentric Key Cryptography 51

 Plaintext

K
e
y

PT = HELLO
KEY = GMGMG
CT = NQRXU
 Vigenere Cipher
Keyword : DECEPTIVE Key must be as
Key : DECEPTIVEDECEPTIVEDECEPTIVE long as plaintext
else repeat a
Plaintext : WEAREDISCOVEREDSAVEYOURSELF keyword
Ciphertext : ZICVTWQNGRZGVTWAVZHCQYGLMGJ
C =( P1 + K 1 , P 2+ K 2 , … P m + K m ) mod 26
P =( C 1 − K 1 ,C 2 − K 2 , … Cm − K m ) mod 26

An analyst looking at only the ciphertext would detect the repeated

sequences VTW at a displacement of 9 and make the assumption that the
keyword is either three or nine letters in length.
This system is
Keyword : DECEPTIVE referred as an
Key : DECEPTIVEWEAREDISCOVEREDSAV auto key
Plaintext : WEAREDISCOVEREDSAVEYOURSELF system
Unit-2: Classical and Symmentric Key Cryptography 53
 Vigenere Cipher
 Multiple ciphertext letters for each plaintext letter.
 Weakness is repeating, structured keyword.
 Example:
 Plaintext: internet technologies
 Key: cryptography
 Cipher using standard algorithm: kertkbkk ttjfpfjdzm
 Cipher using auto key system: kertkbkk ttjfvbesxl

Unit-2: Classical and Symmentric Key Cryptography 54

 Vernam Cipher
 The ciphertext is generated by applying the logical XOR operation
to the individual bits of plaintext and the key stream.

Unit-2: Classical and Symmentric Key Cryptography 55

 Substitution Techniques
1. Caesar Cipher
2. Monoalphabetic Cipher
3. Playfair Cipher
4. Hill Cipher
5. Polyalphabetic Ciphers
6. One-Time Pad

Unit-2: Classical and Symmentric Key Cryptography 56

 6. One time pad
 Similar to Vigenere, but use random key as long as plaintext.
 Only known scheme that is unbreakable (unconditional security)
• Ciphertext has no statistical relationship with plaintext.
• Given two potential plaintext messages, attacker cannot
identify the correct message.
 Two practical limitations:
1. Difficult to provide large number of random keys
2. Distributing unique long random keys is difficult

Unit-2: Classical and Symmentric Key Cryptography 57

 One time pad
 Attacker knows the ciphertext:
 ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
 Attacker tries all possible keys.
 Two examples:
 key1: pxlmvmsydofuyrvzwctnlebnecvgdupahfzzlmnyih
 Plaintext1: mr mustard with the candlestick in the hall
 key2: mfugpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt
 Plaintext2: miss scarlet with the knife in the library
 There are many other legible plaintexts obtained with other keys.
No way for attacker to know the correct plaintext

Unit-2: Classical and Symmentric Key Cryptography 58

 Transposition Techniques
 A transposition cipher does not substitute one symbol for another,
instead it changes the location of the symbols.
 The simplest such cipher is the rail fence technique, in which the
plaintext is written down as a sequence of diagonals and then
read off as a sequence of rows.
 For example, to send the message “Meet me at the park” to Bob,
Alice writes
M E M A T E A K
E T E T H P R

 She then creates the ciphertext: MEMATEAKETETHPR

Unit-2: Classical and Symmentric Key Cryptography 60

 Rail Fence Transposition
 Easy to break: letter frequency analysis to determine depth.
 Example:
 Plaintext: internettechnology
 Depth: 3
 Cipher: IRTNGNENTEHOOYTECL

I R T N G
N E N T E H O O Y
T E C L

Unit-2: Classical and Symmentric Key Cryptography 61

 Rows/Columns Transposition
 Plaintext letters written in rows.
 Ciphertext obtained by reading column-by-column, but re-
arranged.
 Key determines order of columns to read.
Key: 4 3 1 2 5 6 7
Plaintext: A T T A C K P
O S T P O N E
D U N T I L T
W O A M X Y Z
Ciphertext: TTNA APTMTSUO AODW COIX KNLY PETZ

 Easy to break using letter frequency (try different column orders)

Unit-2: Classical and Symmentric Key Cryptography 62

 Rows/Columns Transposition
 Transposition ciphers can be made stronger by using multiple
stages of transposition
 Plaintext: securityandcryptography
 Key: 315624
 Ciphertext: EYYARDOYSTRRICGCAPPUNTH
 Transpose again using same key:
 Ciphertext: YYCURRAHEOIPDRPYSGNATCT

Unit-2: Classical and Symmentric Key Cryptography 63

 Steganography
 Character marking: Selected letters of printed or typewritten text
are overwritten in pencil. The marks are ordinarily not visible
unless the paper is held at an angle to bright light.
 Invisible ink: A number of substances can be used for writing but
leave no visible trace until heat or some chemical is applied to the
paper.
 Pin punctures: Small pin punctures on selected letters are
ordinarily not visible unless the paper is held up in front of a light.
 Typewriter correction ribbon: Used between lines typed with a
black ribbon, the results of typing with the correction tape are
visible only under a strong light.

Unit-2: Classical and Symmentric Key Cryptography 64

 Steganography

Unit-2: Classical and Symmentric Key Cryptography 65

 Stream Cipher
 A stream cipher is one that encrypts a digital data stream one bit
or one byte at a time.
 Examples:
• Autokeyed Vigenère cipher
• A5/1
• RC4
• Vernam cipher.

Unit-2: Classical and Symmentric Key Cryptography 66

 Stream Cipher

Bit-stream Bit-stream
Key(ki) Key(ki)
Generation Generation
010101 algorithm 010101 algorithm
Ki Ki
Plaintext(pi) Ciphertext(ci) Plaintext(pi)
100101
⊕ 110000
⊕ 100101
ENCRYPTION DECRYPTION

Unit-2: Classical and Symmentric Key Cryptography 67

 Block Cipher
 A block cipher is one in which a block of plaintext is treated as a
whole and used to produce a ciphertext block of equal length.
 Typically, a block size of 64 or 128 bits is used.
 Examples:
• Feistel cipher
• DES
• Triple DES
• AES

Unit-2: Classical and Symmentric Key Cryptography 68

 Block Cipher
b bits b bits

Plaintext Ciphertext

Key Encryption Key Decryption

(K) Algorithm (K) Algorithm

Ciphertext Plaintext

b bits b bits

Unit-2: Classical and Symmentric Key Cryptography 69

 Block Cipher Stream Cipher
• Block Cipher Converts the plain text into • Stream Cipher Converts the plain text into
cipher text by taking plain text’s block at a cipher text by taking 1 byte of plain text at a
time.
time.

• While stream cipher uses 8 bits.

• Block cipher uses either 64 bits or more
than 64 bits.

• While stream cipher is more complex.

• The complexity of block cipher is simple.

• Block cipher Uses confusion as well as

• While stream cipher uses only confusion.
diffusion.

• In block cipher, reverse encrypted text is

• While in stream cipher, reverse encrypted text
hard.
is easy.

• Block cipher works on transposition • While stream cipher works on substitution

techniques like Caesar cipher, polygram techniques like rail-fence technique, columnar
substitution cipher, etc. transposition technique, etc.

• Block cipher is slow as compared to • While stream cipher is fast in comparison to

stream cipher. block cipher.
 Confusion and Diffusion
Confusion Diffusion
 Confusion = Substitution (S-Box)  Diffusion = Transposition or
Permutation (P-Box)
 Example : ceaser cipher  Example : transposition/des
abcd --- > wxyz abcd --- > bdca

 Confusion hides the relationship

 Diffusion hides the
between the ciphertext and the
relationship between the
key.
ciphertext and the plaintext.

 Both stream cipher and block

cipher uses confusion.  Only block cipher uses
diffusion.
Unit-2: Classical and Symmentric Key Cryptography 71
 Feistel Block Cipher
 Feistel Cipher is not a specific scheme of block cipher.

 It is a design model from which many different block ciphers are

derived.

 Data Encryption Standard (DES) is just one example of a Feistel

Cipher.

 A cryptographic system based on Feistel cipher structure uses the

same algorithm for both encryption and decryption.

Unit-2: Classical and Symmentric Key Cryptography 72

 Plaintext (2w bits)
Feistel Cipher Structure
L0 w bits w bits R0 Or Block Cipher Structure
Round 1
K1
F
1. Plaintext is split into 32-bit
halves Li and Ri
L1 R1 2. Ri is fed into the function
F.
3. The output of function F is
Round n
then XORed with Li
Kn
4. Left and right half are
F
swapped.
Ln Rn
R1= L0 (R0 , K1)
Ln+1 Rn+1
Ri= L i -1(R i – 1, Ki)

Ciphertext (2w bits) Li = R i – 1

 Feistel Network Factors
 Block size: Common block size of 64-bit. However, the new algorithms
uses a 128-bit, 256-bit block size.
 Key size: Key sizes of 64 bits or less are now widely considered to be
insufficient, and 128 bits has become a common size.
 Number of rounds: A typical size is 16 rounds.
 Round function F: This phase consisting of sixteen rounds of the same
function, which involves both permutation and substitution functions.
Again, greater complexity generally means greater resistance to
cryptanalysis.
 Subkey generation algorithm: For each of the sixteen rounds, a
different subkey (Ki) derived from main key by the combination of a left
circular shift and a permutation. Greater complexity in this algorithm
should lead to greater difficulty of cryptanalysis.
Unit-2: Classical and Symmentric Key Cryptography 76
Feistel Encryption & Decryption
 Prove that o/p of first round
of Decryption is equal to 32-
bit swap of i/p of 16th round of
Encryption
 LD1=RE15 & RD1=LE15
 On Encryption Side:
𝐿𝐸 16= 𝑅 𝐸1 5
𝑅𝐸16 =𝐿 𝐸 15 ⊕ 𝐹 (𝑅𝐸15 , 𝐾 1 6 )
 On Decryption Side:
𝐿𝐷 1=𝑅𝐷 0= 𝐿𝐸16 =𝑅𝐸15
𝑅𝐷1 =𝐿 𝐷 0 ⊕ 𝐹 ( 𝑅 𝐷0 , 𝐾 16 )
¿ 𝑅𝐸 16 ⊕ 𝐹 ( 𝑅𝐸15 , 𝐾 16 )
¿[ 𝐿𝐸 ¿ ¿15 ⊕ 𝐹 ( 𝑅𝐸 15 , 𝐾 16 ) ] ⊕ 𝐹 ( 𝑅𝐸15 , 𝐾 16 ) ¿
XOR Associativity Property
 Feistel Cipher
 One disadvantage of Feistel ciphers is that they are limited in their
ability to be parallelized as compared to other ciphers.

 In other ciphers, the entire internal state of the cipher changes

with each round, while Feistel ciphers only change part of the
internal state each round.

Unit-2: Classical and Symmentric Key Cryptography 78

 Simplified Data Encryption Standard (S-DES)
 Simplified DES, developed by Professor Edward Schaefer of Santa
Clara University [SCHA96], is an educational rather than a secure
encryption algorithm.
 It has similar properties and structure to DES with much smaller
parameters.

 Type: Block Cipher

 Block Size (Plaintext) : 8-bit
 Key Size: 10-bit
 Number of Rounds: 2

Unit-2: Classical and Symmentric Key Cryptography 79

 S-DES Diagram

Unit-2: Classical and Symmentric Key Cryptography 80

 S-DES
Key
Generation

Unit-2: Classical and Symmentric Key Cryptography 81

 S-DES
Encryption
Round

Unit-2: Classical and Symmentric Key Cryptography 82

 S-DES Examples-1
1. Plaintext: 00101000; Key: 1100011110

Part-1 Key Generation Part-2 Encryption Round

1
1

2
2

Unit-2: Classical and Symmentric Key Cryptography 83

 S-DES Examples-1
Part-1 : Key Generation (K1,K2) from Key: 1100011110

Steps Left (L) Right (R)

Bit# 1 2 3 4 5 6 7 8 9 10

K Key (K) 1 1 0 0 0 1 1 1 1 0
P10 (K) 0 0 1 1 0 0 1 1 1 1
Shift (P10(k)) 0 1 1 0 0 1 1 1 1 0

K1 P8 (Shift (P10(k))) 1 1 1 0 1 0 0 1
P10 (K) 0 0 1 1 0 0 1 1 1 1

Shift3 (P10(k)) 1 0 0 0 1 1 1 0 1 1

P8 (Shift3 (P10(k))) 1 0 1 0 0 1 1 1
K2

Unit-2: Classical and Symmentric Key Cryptography 84

 S-DES Examples-1 (Encryption Plaintext: 00101000)
Steps Left (L) Right (R)
Bit# 1 2 3 4 5 6 7 8
PT Input Plaintext - P 0 0 1 0 1 0 0 0
IP IP(P) 0 0 1 0 0 0 1 0
R 0 0 1 0
E/P(R) 0 0 0 1 0 1 0 0
k1 1 1 1 0 1 0 0 1
E/P(R) ⊕ K1 1 1 1 1 1 1 0 1
Round-1 Sboxes (E/P(R) ⊕ k1) 1 0 0 0
f (P4 (Sboxes (E/P(R) ⊕ k1))) 0 0 0 1
L 0 0 1 0
L ⊕ f (P4 (Sboxes (E/P(R) ⊕ K1))) 0 0 1 1
After Round-1 (L, R) 0 0 1 1 0 0 1 0
Swap Swap (L, R) Before Round-2 0 0 1 0 0 0 1 1
Round-2 (L, R) 0 0 1 0 0 0 1 1
R 0 0 1 1
E/P(R) 1 0 0 1 0 1 1 0
k2 1 0 1 0 0 1 1 1
Round-2 E/P(R) ⊕ k2 0 0 1 1 0 0 0 1
Sboxes (E/P(R) ⊕ k2) 1 0 1 0
f (P4 (Sboxes (E/P(R) ⊕ k2))) 0 0 1 1
L 0 0 1 0
L ⊕ f (P4 (Sboxes (E/P(R) ⊕ K1))) 0 0 0 1
Round-2 (Left, Right)) 0 0 0 1 0 0 1 1
IP Inverse IP Inverse (R, L) 1 0 0 0 1 0 1 0
CT CipherText 1 0 0 0 1 0 1 0

Unit-2: Classical and Symmentric Key Cryptography 85

 S-DES Examples
1. Plaintext: 00101000; Key: 1100011110; Ciphertext: 10001010
2. Plaintext: 01110010; Key: 1010000010; Ciphertext: 01110111
3. Plaintext: 11010101; Key: 0111010001; Ciphertext: 01110011
4. Plaintext: 01001100; Key: 1111111111; Ciphertext: 00100010
5. Plaintext: 00000000; Key: 0000000000; Ciphertext: 11110000
6. Plaintext: 11111111; Key: 1111111111; Ciphertext: 00001111

Unit-2: Classical and Symmentric Key Cryptography 86

 Data Encryption Standard (DES)
 Type: Block Cipher
 Block Size : 64-bit
 Key Size: 64-bit, with only 56-bit effective
 Number of Rounds: 16

Unit-2: Classical and Symmentric Key Cryptography 87

64-bit plaintext 64-bit key

Initial Permutation Permuted choice 1

64 56
K1 48 56
Round 1 Permuted choice 2 Left circular shift
64 56
K2 48 56
Round 2 Permuted choice 2 Left circular shift

K16 48 56
Round 16 Permuted choice 2 Left circular shift

32-bit swap
64
Inverse
Initial Permutation
DES Encryption
64-bit ciphertext
Algorithm
 Data Encryption Standard
X

Initial Permutation

X
Encryption
K1
64 Round 1

DES 56 Ki

64 Encryption
K16
Y Round 16

Final permutation

Y
Unit-2: Classical and Symmentric Key Cryptography 89
 DES Single Round

Unit-2: Classical and Symmentric Key Cryptography 90

 32-bits 32-bits 28-bits 28-bits
𝐿𝑖 − 1 𝑅𝑖 − 1 𝐶𝑖− 1 𝐷𝑖 − 1

Expansion/ permutation Left Shift Left Shift

(E table) (S) (S)
48
Ki Permutation/
XOR compression
48
48 (Permuted choice 2)

Substitution/choice
(S-box)
32
Permutation
(P)
32

XOR

𝐿𝑖 𝑅𝑖 𝐶𝑖 𝐷𝑖
 DES Encryption Algorithm
1. Initial permutation: First, the 64-bit plaintext passes through an initial
permutation (IP) that rearranges the bits to produce the permuted
input.
2. The F function: This phase consisting of sixteen rounds of the same
function, which involves both permutation and substitution functions.
3. Swap: L and R swapped again at the end of the cipher, i.e., after round
16 followed by a final permutation.
4. Inverse (Final) permutation: It is the inverse of the initial permutation.
5. Subkey generation: For each of the sixteen rounds, a different subkey
(Ki) derived from main key by the combination of a left circular shift
and a permutation.

Unit-2: Classical and Symmentric Key Cryptography 94

 Initial and Inverse Permutation
1 2 25 40 58 64
 The initial permutation
of the DES algorithm
changes the order of
the plaintext prior to
the first round of 1 2 8 25 40 58 64
encryption.
 The final permutation 16 Rounds
occurs after the sixteen 1 2 25 40 58 64
rounds of DES are
completed. It is the
inverse of the initial
permutation.
1 2 8 25 40 58 64

Unit-2: Classical and Symmentric Key Cryptography 95

 Initial and Final Permutation
IP IP-1
58 50 42 34 26 18 10 2 40 8 48 16 56 24 64 32
60 52 44 36 28 20 12 4 39 7 47 15 55 23 63 31
62 54 46 38 30 22 14 6 38 6 46 14 54 22 62 30
64 56 48 40 32 24 16 8 37 5 45 13 53 21 61 29
57 49 41 33 25 17 9 1 36 4 44 12 52 20 60 28
59 51 43 35 27 19 11 3 35 3 43 11 51 19 59 27
61 53 45 37 29 21 13 5 34 2 42 10 50 18 58 26
63 55 47 39 31 23 15 7 33 1 41 9 49 17 57 25

Unit-2: Classical and Symmentric Key Cryptography 96

The F function Ri-1
32
 Main operation of DES Expansion/permutation
 f-function inputs: (E table)
Ri-1 and round key ki 48
Ki
XOR
 4 Steps: 48
1. Expansion E 48
2. XOR with round key 6 6 6 6 6 6 6 6
3. S-box substitution
S1 S2 S3 S4 S5 S6 S7 S8
4. Permutation
4 4 4 4 4 4 4 4

32
Permutation
(P)
32
 1. The Expansion Function E
Ri-1
 Main purpose: Increases diffusion
32
 Since Ri-1 is a 32-bit input and Ki is
Expansion/permutation
a 48-bit key, we first need to (E table)
expand Ri-1 to 48 bits. 48

 Input: (8 blocks, each of them

Expansion Table E
consisting 4 bits) - 32 bits 32 1 2 3 4 5
4 5 6 7 8 9
 Output: (8 blocks, each of them
8 9 10 11 12 13
consisting 6 bits) – 48 bits 12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1

Unit-2: Classical and Symmentric Key Cryptography 98

 2. Add round key
 XOR Round Key Ri-1
 After the expansion 32
permutation, DES uses the Expansion/permutation
XOR operation on the (E table)
48
expanded right section and
Ki
the round key. XOR
48
 Note that both the right 48
section and the key are 48-
bits in length now.

Unit-2: Classical and Symmentric Key Cryptography 99

 3. The DES S-Boxes
Ri-1
 S-Box substitution.
32
 Eight substitution tables.
Expansion/permutation
 6 bits of input (E table)
 4 bits of output. 48
Ki
 Convert 48 bits to 32 bits XOR
48
 Non-linear and resistant to 48
differential cryptanalysis.
6 6 6 6 6 6 6 6
 Crucial element for DESS1 S4 S5 S6
S2 S3 S7 S8
security! 4 4 4 4 4 4 4
4
 Introduces confusion.
32

Unit-2: Classical and Symmentric Key Cryptography 100

 Role of S-box
 The outer two bits of each group select one row of an S-box.
 Inner four bits selects one column of an S-box.

S-box 1
 Example:
Input 0 1 1 0 0 1 Output 1 0 0 1

Row Column

Unit-2: Classical and Symmentric Key Cryptography 101

 4. The Permutation P
Ri-1
 Permutation P 32
 Bitwise permutation. Expansion/permutation
(E table)
 Introduces diffusion. 48
Ki
Permutation Table P XOR 48
16 7 20 21 29 12 28 17 48
01 15 23 26 05 18 31 10
6 6 6 6 6 6 6 6
02 08 24 14 32 27 03 09
S1 S2 S3 S4 S5 S6 S7 S8
19 13 30 06 22 11 04 25
4 4 4 4 4 4 4 4

32
Permutation
(P)
32
Unit-2: Classical and Symmentric Key Cryptography 102
 Key schedule of DES
 Derives 16 round keys (or K
subkeys) ki of 48 bits each from 64

the original 56 bit key. PC-1

56
 The input key size of the DES is 64
bit: 56 bit key and 8 bit parity Permuted choice (PC-1)
 Parity bits are removed in a first 57 49 41 33 25 17 09 01
58 50 42 34 26 18 10 02
permuted choice PC-1: (note that
59 51 43 35 27 19 11 03
the bits 8, 16, 24, 32, 40, 48, 56
60 52 44 36 63 55 47 39
and 64 are not used at all) 31 23 15 07 62 54 46 38
30 22 14 06 61 53 45 37
29 21 13 05 28 20 12 04

Unit-2: Classical and Symmentric Key Cryptography 103

 Key schedule of DES
 Split key into 28-bit halves C0 and D0. K
64
 In rounds i = 1, 2, 9 ,16, the two halves PC-1
are each rotated left by one bit. 56
C0 D0
 In all other rounds where the two
28 28
halves are each rotated left by two bits.
LS1 LS1
 These shifted values are input to the
next round. 28 28
C1 D1
56
Round 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

key 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1

Unit-2: Classical and Symmentric Key Cryptography 104

 Key schedule of DES
 In each round i permuted choice K

PC-2 selects a permuted subset 64

PC-1
of 48 bits of Ci and Di as round
56
key ki. C0 D0
Permuted choice (PC-2) 28 28
Transform 1
14 17 11 24 01 05 03 28
LS1 LS1
15 06 21 10 23 19 12 04
26 08 16 07 27 20 13 02
28 28
K1 PC-2 C1 D1
41 52 31 37 47 55 30 40 48 56
51 45 33 48 44 49 39 56
34 53 46 42 50 36 29 32

Unit-2: Classical and Symmentric Key Cryptography 105

Subkey generation K
64
PC-1
56
C0 D0
28 28
Transform 1
LS1 LS1

28 28
K1 PC-2 C1 D1
48 56
28 28

LS2 LS2

LS16 LS16

28 28
K16 PC-2 C16 D16
48 56
 Avalanche Effect
 Desirable property of any encryption algorithm is that a change in
one bit of the plaintext or of the key should produce a change in
many bits of cipher text.
 DES performs strong avalanche effect.

 Although the two plaintext blocks differ only in the rightmost bit,
the ciphertext blocks differ in 29 bits.
 This means that changing approximately 1.5 % of the plaintext
creates a change of approximately 45 % in the ciphertext.
Unit-2: Classical and Symmentric Key Cryptography 107
 Completeness Effect
 It means that each bit of cipher text needs to depend on many bit
on plaintext.

 For this effect DES Used:

• Confusion (S-BOX)
• Diffusion (P-BOX)

Unit-2: Classical and Symmentric Key Cryptography 108

 Strength of DES
 The use of 56-bit keys: 56-bit key is used in encryption, there are 256
possible keys. A brute force attack on such number of keys is
impractical.
• Normal PC – Thousand Year
• 1977 - Parallel Machine (1 million encryption device) – 10 Hours
($20 Million Cost)
• 1998 – DES Cracker – $250,000

 The nature of algorithm: Cryptanalyst can perform cryptanalysis by

exploiting the characteristic of DES algorithm but no one has
succeeded in finding out the weakness.

 Timing Attacks
Unit-2: Classical and Symmentric Key Cryptography 109
 DES Design Criteria
 The design of DES was revealed by IBM in 1994. Many tests on DES have
proved that it satisfies some of the required criteria as claimed. We
briefly discuss some of these design issues.
 P-Boxes (Permutation) : We have discussed the general design criteria
for S-boxes ; we only discuss the criteria selected for DES here. The
design provides confusion and diffusion of bits from each round to the
next. According to this revelation and some research, we can mention
several properties of S-boxes.
 1. The entries of each row are permutations of values between 0 and 15.
 2. S-boxes are nonlinear. In other words, the output is not an affine
transformation of the input.
 3. If we change a single bit in the input, two or more bits will be changed
in the output.

Unit-2: Classical and Symmentric Key Cryptography 110

 DES Design Criteria
 S-Boxes (Substitution) :

 Between two rows of S-boxes (in two subsequent rounds), there are one straight D-box (32 to 32) and one
expansion D-box (32 to 48). These two D-boxes together provide diffusion of bits. We have discussed the
general design principle of D-boxes in Chapter 5. Here we discuss only the ones applied to the D-boxes
used inside the DES function. The following criteria were implemented in the design of D-boxes to achieve
this goal:
 1. Each S-box input comes from the output of a different S-box (in the previous round).
 2. No input to a given S-box comes from the output from the same box (in the previous round).
 3. The four outputs from each S-box go to six different S-boxes (in the next round).
 4. No two output bits from an S-box go to the same S-box (in the next round).
 5. If we number the eight S-boxes, S1, S2, …, S8, a. An output of Sj−2 goes to one of the fi rst two bits of Sj
(in the next round). b. An output bit from Sj −1 goes to one of the last two bits of Sj (in the next round). c.
An output of Sj +1 goes to one of the two middle bits of Sj (in the next round).
 6. For each S-box, the two output bits go to the fi rst or last two bits of an S-box in the next round. The
other two output bits go to the middle bits of an S-box in the next round.
 7. If an output bit from Sj goes to one of the middle bits in Sk (in the next round), then an output bit from
Sk cannot go to the middle bit of Sj . If we let j = k, this implies that none of the middle bits of an S-box can
go to one of the middle bits of the same S-box in the next round.
Unit-2: Classical and Symmentric Key Cryptography 111
 Block cipher design principles
 The design of the block cipher is based on the three principles, which
are

1. Number of Rounds
2. Design of function F
3. Key schedule algorithm

1. Number of Rounds:
• In this, the number of rounds will judge the block cipher algorithm’s strength.
• It is thought that if the number of rounds is more, it makes it difficult for the
cryptanalysis to break into the algorithm.
• Even in case, the function F stays weak, then the number of rounds makes it
challenging to get into the algorithm and break it.

Unit-2: Classical and Symmentric Key Cryptography 112

 Block cipher design principles
2. Design of function F
• The block cipher design principles F has to be designed to make it
impossible for any cryptanalysis to unscramble and substitute it.
• It is the non-linearity criteria that strengthen the F function. If F is not linear,
then it makes it even more painful to crack into it.
• In designing the process, it needs to get confirmed that there is a property of
great avalanche.
• This will state that when there is a change of one bit of the input, this change
will be reflected in the output bits.
• F has to be designed so that it has a criterion of F bit independence that
suggests that the output bit should change independently.
• This is if there are any changes in the input bit.

Unit-2: Classical and Symmentric Key Cryptography 113

 Block cipher design principles
3. Key Schedule algorithm
• In Feistel Block cipher structure, each round would generate a sub-key for
increasing the complexity of cryptanalysis.
• The Avalanche effect makes it more complex in deriving sub-key.
• Decryption must be done very carefully to get the actual output as the
avalanche effect is present in it.

Unit-2: Classical and Symmentric Key Cryptography 114

 Attack on DES
 List of DES attack:
1. Brute Force Attack
2. Differential cryptanalysis (DC)
3. Linear cryptanalysis (LC)
4. Davies Attack(DA)

 History of DES attack

1. 1976: For a very small class of weak keys, DES can be broken with complexity 1
2. 1977: Exhaustive search will become possible within 20 years, breaking DES with complexity 256
3. 1980: A time/memory tradeoff can break DES faster at the expense of more memory
4. 1982: For a very small class of semi-weak keys, DES can be broken with complexity 1
5. 1985: A meet-in-the-middle attack can break 6-round DES with complexity 252
6. 1987: the “Davies Attack” can break DES with complexity 256.2 ,slightly worse than brute force
7. 1990: Differential cryptanalysis can break DES with 247 chosen plaintext (full 16-round)
8. 1993: Linear cryptanalysis can break DES with 243 known plaintexts
9. 1994: Differential-linear cryptanalysis can break 8-round DES with 768 chosen plaintexts plus 246 a brute-
force search
10. 1994: the Davies attack can be improved, and can break DES with 252 known plaintexts
Unit-2: Classical and Symmentric Key Cryptography 115
 Block Cipher Modes of Operations
 To apply a block cipher in a variety of applications, five "modes of
operation" have been defined.
1. Electronic Code Book (ECB)
2. Cipher Block Chaining (CBC)
3. Cipher Feedback (CFB)
4. Output Feedback (OFB)
5. Counter (CTR)
 The five modes are intended to cover a wide variety of
applications of encryption for which a block cipher could be used.
 These modes are intended for use with any symmetric block
cipher, including triple DES and AES.

Unit-2: Classical and Symmentric Key Cryptography 116

 Block Cipher Modes of Operations
 Block cipher: operates on fixed length b-bit input to produce b-bit
ciphertext.
 What about encrypting plaintext longer than b bits?
 Break plaintext into b-bit blocks (padding if necessary) and apply
cipher on each block.

Unit-2: Classical and Symmentric Key Cryptography 117

 1. Electronic Code Book(ECB) Encryption & Decryption
P1 P2 PN
64-bit 64-bit 64-bit
K K K
Encrypt Encrypt … Encrypt

64-bit 64-bit 64-bit

C1 C2 CN

C1 C2 CN
64-bit 64-bit 64-bit
K K K
Decrypt Decrypt … Decrypt

64-bit 64-bit 64-bit

P1 P2 PN
Unit-2: Classical and Symmentric Key Cryptography 118
 Electronic Code Book (ECB) (cont…)
 In ECB Mode Plaintext handled one block at a time and each block
of plaintext is encrypted using the same key.
 The term codebook is used because, for a given key, there is a
unique ciphertext for every b-bit block of plaintext.

𝐶 𝑗 =𝐸 ( 𝐾 , 𝑃 𝑗 ) 𝑗=1 , .., 𝑁
𝑃 𝑗 =𝐷 ( 𝐾 , 𝐶 𝑗 ) 𝑗=1 ,.. , 𝑁

Unit-2: Classical and Symmentric Key Cryptography 119

 Electronic Code Book (ECB) (cont…)
 ECB Advantages:
• No block synchronization between sender and receiver is
required.
OK if some blocks are lost in transit.
• Bit errors caused by noisy channels only affect the
corresponding block but not succeeding blocks.
• Block cipher operating can be parallelized.

Unit-2: Classical and Symmentric Key Cryptography 120

 Electronic Code Book (ECB) (cont…)
 ECB Disadvantages:
• Identical plaintexts result in identical ciphertexts.
• An attacker recognizes if the same message has been sent
twice simply by looking at the ciphertext.
• Plaintext blocks are encrypted independently of previous
blocks.
An attacker may reorder ciphertext blocks which results in
valid plaintext.

Unit-2: Classical and Symmentric Key Cryptography 121

 Substitution Attack on ECB
 Consider an electronic bank transfer
1 2 3 4 5
Sending Sending Receiving Receiving Amount
Bank A Account # Bank B Account # $

 The attacker sends $1.00 transfers from his account at bank A to

his account at bank B repeatedly.
 He can check for ciphertext blocks that repeat, and he stores
blocks 1,3 and 4 of these transfers.
 He now simply replaces block 4 of other transfers with the block 4
that he stored before.
 All transfers from some account of bank A to some account of bank
B are redirected to go into the attacker’s B account.
Unit-2: Classical and Symmentric Key Cryptography 122
 Electronic Code Book (cont…)
 Strength: it’s simple.
 Weakness:
• Problem: with long message, repetition in plaintext may cause
repetition in ciphertext.
 Typical application:
• Secure transmission of short pieces of information (e.g. a
temporary encryption key).

Unit-2: Classical and Symmentric Key Cryptography 123

2. Cipher Block Chaining (CBC) Encryption & Decryption
P1 P2 PN
IV CN-1
K K
Encrypt Encrypt … K
Encrypt

C1 C2 CN

C1 C2 CN
K K K
Decrypt Decrypt … Decrypt
IV CN-1

P1 P2 PN
 Cipher Block Chaining (CBC) (cont…)
𝐶 1= 𝐸 ¿

𝑃 1= 𝐷 ( 𝐾 ,𝐶 1 )⊕ 𝐼𝑉

Unit-2: Classical and Symmentric Key Cryptography 125

 Cipher Block Chaining (CBC) (cont…)
 CBC is a technique in which the same plaintext block, if repeated,
produces different ciphertext blocks.
 In this scheme, the input to the encryption algorithm is the XOR of
the current plaintext block and the preceding ciphertext block and
the same key is used for each block.
 To produce the first block of ciphertext, an initialization vector (IV)
is XORed with the first block of plaintext.

Unit-2: Classical and Symmentric Key Cryptography 126

 Cipher Block Chaining (CBC) (cont…)
 Initialisation Vector (IV) must be known by sender/receiver, but it
should be kept secret from attacker.
 On decryption, the IV is XORed with the output of the decryption
algorithm to recover the first block of plaintext.

Unit-2: Classical and Symmentric Key Cryptography 127

 Substitution Attack on CBC
 Consider the last example (electronic bank transfer).
 If the IV is properly chosen for every wire transfer, the attack will
not work at all.
 If the IV is kept the same for several transfers, the attacker would
recognize the transfers from his account at bank A to back B.

Unit-2: Classical and Symmentric Key Cryptography 128

 Cipher Block Chaining (CBC) (cont…)
 Strength: because of the chaining mechanism of CBC, it is an
appropriate mode for encrypting messages of length greater than
b bits.
 Typical application:
• General-purpose block oriented transmission
• Authentication

Unit-2: Classical and Symmentric Key Cryptography 129

 3. Cipher Feedback Mode (CFB)
 For AES, DES, or any block cipher, encryption is performed on a
block of b bits. In DES, b = 64 and in AES, b = 128.
 However, it is possible to convert a block cipher into a stream
cipher, using cipher feedback (CFB) mode, output feedback (OFB)
mode, and counter (CTR) mode.
 A stream cipher eliminates the need to pad a message to be an
integral number of blocks.

Unit-2: Classical and Symmentric Key Cryptography 130

 CFB Encryption
CN-1
IV Shift register IV Shift register
IV b-s bits | s bits b-s bits | s bits
K b bits
K K
Encrypt Encrypt Encrypt
b bits

Select Discard
s bits b-s bits
Select Discard
s bits b-s bits
… Select Discard
s bits b-s bits
S bits S bits S bits
s bits
P1 P2 PN
s bits

C1 C2 CN
S bits S bits S bits

Unit-2: Classical and Symmentric Key Cryptography 131

 CFB Encryption (cont…)

Unit-2: Classical and Symmentric Key Cryptography 132

 CFB Decryption
CN-1
Shift register Shift register
IV b-s bits | s bits b-s bits | s bits
K K K
Encrypt Encrypt Encrypt

Select Discard
s bits b-s bits
Select Discard
s bits b-s bits
… Select Discard
s bits b-s bits

C1 C2 CN
S bits S bits S bits
P1 P2 PN
S bits S bits S bits

Unit-2: Classical and Symmentric Key Cryptography 133

 CFB Decryption (Cont…)

Unit-2: Classical and Symmentric Key Cryptography 134

 Cipher Feedback Mode (CFB) (cont…)
 The input to the encryption function is a b-bit shift register that is
initially set to some initialization vector (IV).
 The leftmost (most significant) s bits of the output of the
encryption function are XORed with the first segment of plaintext
P1 to produce the first unit of ciphertext C1 , which is then
transmitted.
 In addition, the contents of the shift register are shifted left by s
bits, and C1 is placed in the rightmost (least significant) s bits of
the shift register.
 For decryption, the same scheme is used, except that the received
ciphertext unit is XORed with the output of the encryption
function to produce the plaintext unit.
Unit-2: Classical and Symmentric Key Cryptography 135
 4. OFB Encryption

Unit-2: Classical and Symmentric Key Cryptography 136

 4. OFB Encryption
Nonce
K K K
Encrypt Encrypt … Encrypt

P1 P2 PN

C1 C2 CN

Unit-2: Classical and Symmentric Key Cryptography 137

 OFB Decryption
Nonce
K K K
Encrypt Encrypt … Encrypt

C1 C2 CN

P1 P2 PN

Unit-2: Classical and Symmentric Key Cryptography 138

 Output Feedback Mode(OFB) (cont..)
 The output feedback (OFB) mode is similar in structure to that of
CFB.
 For OFB, the output of the encryption function is feedback to
become the input for encrypting the next block of plaintext.
 In CFB, the output of the XOR unit is feedback to become input for
encrypting the next block.
 The other difference is that the OFB mode operates on full blocks
of plaintext and ciphertext, whereas CFB operates on an s-bit
subset.

Unit-2: Classical and Symmentric Key Cryptography 139

 OFB Mode (cont..)
 Nonce: A time-varying value that has at most a negligible chance
of repeating, for example, a random value that is generated a new
for each use, a timestamp, a sequence number, or some
combination of these.
 Each bit in the ciphertext is independent of the previous bit or
bits.
 This avoids error propagation.
 Pre-compute of forward cipher is possible.

Unit-2: Classical and Symmentric Key Cryptography 140

 5. CTR Encryption
Counter 1 Counter 2 Counter N
K K K
Encrypt Encrypt … Encrypt

P1 P2 PN

C1 C2 CN

𝐶 𝑗 =𝑃 𝑗 ⊕ 𝐸 ( 𝐾 ,𝑇 𝑗 ) 𝑗=1 , .. , 𝑁

Unit-2: Classical and Symmentric Key Cryptography 141

 CTR Decryption
Counter 1 Counter 2 Counter N
K K K
Encrypt Encrypt … Encrypt

C1 C2 CN

P1 P2 PN

𝑃 𝑗 =𝐶 𝑗 ⊕ 𝐸 ( 𝐾 ,𝑇 𝑗 ) 𝑗=1 , .. , 𝑁

Unit-2: Classical and Symmentric Key Cryptography 142

 Counter Mode (CTR) (cont…)
 Counter (CTR) mode has increased recently with applications to
ATM (asynchronous transfer mode) network security and IP sec (IP
security).
 A counter equal to the plaintext block size is used.
 The counter value must be different for each plaintext block that is
encrypted.
 Typically, the counter is initialized to some value and then
incremented by 1 for each subsequent block.

Unit-2: Classical and Symmentric Key Cryptography 143

 Advantages of the CTR Mode
 Strengths:
• Needs only the encryption algorithm.
• Random access to encrypted data blocks.
• blocks can be processed (encrypted or decrypted) in parallel.
• Simple and fast encryption/decryption.
 Counter must be
• Must be unknown and unpredictable.
• pseudo-randomness in the key stream is a goal.

Unit-2: Classical and Symmentric Key Cryptography 144

 Summary of all modes
Operation Description Type of
Mode Result
ECB Each n-bit block is encrypted Block Cipher
independently with same key.
CBC Same as ECB, but each block is XORed Block Cipher
with previous cipher text.
CFB Each s-bit block is XORed with s-bit key Stream Cipher
which is part of previous cipher text.
OFB Same as CFB, but input to the encryption Stream Cipher
is preceding encryption output.
CTR Same as OFB, but a counter is used Stream Cipher
instead of nonce.

Unit-2: Classical and Symmentric Key Cryptography 145

 Questions !!
1. Define: cryptology and cryptanalyst.
2. Perform the encryption for following data using rail fence cipher. Plaintext: This is
University Depth: 3
3. Given the plaintext and key, find the ciphertext using Hill cipher Plaintext: Short
example Key: Hill
4. Encrypt the given message with given key using the play fair cipher. Message –
balloon theme shoot , Key – carnival
5. What are the rules used for play fair cipher?
6. Explain symmetric cryptosystem model with diagram.
7. Define: steganography and cryptography.
8. Draw and explain Feistel cipher structure.
9. Define confusion and diffusion.
10. Draw and explain single round structure of DES.
11. Draw and explain general block diagram of DES encryption algorithm.

Unit-2: Classical and Symmentric Key Cryptography 146

 Questions !!
12. Difference between block cipher and stream cipher.
13. List and explain any two block cipher modes of operation with diagram.
14. Compute the cipher text for the plaintext=10010111 with keys k1=10100100 and
k2=01000011 using S-DES encryption algorithm.
15. Explain key generation algorithm of DES with diagram.
16. Explain ECB and CFB mode in detail.
17. Explain key generation algorithm of DES with diagram.
18. Explain Cipher Block Chaining mode and Counter mode with diagram.

Unit-2: Classical and Symmentric Key Cryptography 147

Thank You

End of Unit-2