DEBRE MARKOS UNIVERSITY

BURIE CAMPUS
DEPARTMENT OF COMPUTER SCIENCE
Computer Security
By:
Amare W.

1
 2

Chapter 3: Cryptography and Encryption Techniques

3.1 Basic cryptographic terms

♥ It is the science concerned with data communication and
storage in secure and usually secret form.
♥ It is the technology which is applied in implementing
computer security.
♥ Cryptology is the branch of science that deals with secret
communications.
 3 01/27/2025

♥ It is the study of Cryptosystems.

 Cryptosystems are the techniques for ensuring the secrecy
and/or authenticity of information.

♥ It has two main branches: cryptography and cryptanalysis.

 Cryptography is the study of designing the techniques of
cryptosystem. It designs the secret codes and ciphers.
 Cryptanalysis deals with defeating such techniques, to
recover information.
 It deals with “breaking” and reading secret codes and
ciphers.
3/2/2018
 4 01/27/2025

Encryption and Decryption

 Encryption: Process of encoding (enciphering) a message so that its meaning

is not obvious.

 The process by which plaintext is converted into ciphertext.

 The transformation of the plaintext under the control of the key into a cipher

(also called ciphertext).

 Decryption: Process of decoding (deciphering or transforming) an encrypted

message to its original form.

 Recovering plaintext from the ciphertext.

 The inverse operation, by which a legitimate receiver recovers the concealed

3/2/2018

information from the cipher using the key.

 5 01/27/2025

♥ Symmetric Encryption Scheme (Cryptography)

has five ingredients:
1. Plaintext
2. Encryption algorithm
3. Secret Key
4. Ciphertext
5. Decryption algorithm
Plaintext (P): original form of message (source
info.)
Cipher text (C): encrypted message
Encryption algorithm: E
3/2/2018
Decryption algorithm: D
Secret Key: K
 6 01/27/2025

Description:
♥ A sender S wanting to transmit message M
to a receiver R
♥ To protect the message M, the sender first
encrypts it into an unintelligible message M’
♥ After receipt of M’, R decrypts the message
to obtain M
♥ M is called the plaintext : What we want to encrypt
3/2/2018

♥ M’ is called the ciphertext: The encrypted output

 7 01/27/2025

Notation:

♥ Given
 P=Plaintext
 C=CipherText

♥ C = EK (P) Encryption

♥ P = DK ( C) Decryption

♥ Secret key (K): The secret information

known only to the transmitter and the
3/2/2018
receiver which is used to secure the plaintext.
 8 01/27/2025

♥ Security depends on the secrecy of the key, not the secrecy of the
algorithm. The two types of attack on an encryption algorithm are

1) Cryptanalysis, based on properties of the encryption algorithm,

and

2) Brute-force, which involves trying all possible keys.

Principle of Encryption
♥ Very hard (impossible) to find out the message without knowing
the key
3/2/2018

♥ Very easy (and fast) to find out the message knowing the key
 9 01/27/2025

Types of Cryptosystems

♥ There are two cryptographic systems

1. Symmetric cryptosystem
♥ Also called secret key encipherment or secret/private key cryptosystems.

♥ It is a form of cryptosystem in which encryption and decryption are

performed using the same key.
♥ Transforms plaintext into ciphertext using a secret key and an encryption
algorithm. Using the same key and a decryption algorithm, the plaintext
is recovered from the ciphertext.
♥ The key has to be kept secret, and has to be communicated using a
3/2/2018

secure channel.
 10 01/27/2025

2. Asymmetric cryptosystem

♥ Also called public-key cryptosystem

 Keys for encryption and decryption are different but form
a unique pair
 Only one of the keys need to be private while the other
can be public
♥ to send a secure message to the receiver, the sender first
encrypts the message by using the receiver ‘s public key.
♥ to decrypt the message, the receiver uses his own private key.
3/2/2018
 11 01/27/2025

Classical Encryption Techniques

♥ They are traditional symmetric cryptosystems
♥ They are simple cryptosystems
i. Substitution techniques: map plaintext elements (characters,
bits) into ciphertext elements.
ii. Transposition techniques: systematically transpose the
positions of plaintext elements (rearrange their orders).

3/2/2018
 12 01/27/2025

Substitution ciphers
♥ A substitution cipher is one in which the letters of plaintext are
replaced by other letters or by numbers or symbols.
♥ Substitution ciphers can be categorized as either
a. Monoalphabetic ciphers
b. Polyalphabetic ciphers
I. Monoalphabetic ciphers
♥ In this case, a character ( or symbol) in the plaintext is always
changed to the same character (or symbol) in the ciphertext
regardless of its position or text.
• For example, if the algorithm says that letter A in the 3/2/2018
plaintext is
changed to letter D, every letter A is changed to letter D.
• The relationship in between plaintext and ciphertext is one-to-one.
 13 01/27/2025

♥ Example: The following example shows a plaintext and the

corresponding ciphertext.
♥ We use the lowercase characters to show the plaintext and
uppercase characters to show the ciphertexts.
♥ The cipher is monoalphbetic because both the l’s are encrypted
as O’s:
Plaintext: hello Ciphertext: KHOOR

3/2/2018
 14 01/27/2025

♥ The group of monoalphabetic ciphers

includes:
i. Additive ciphers or Caesar ciphers
ii. Multiplicative ciphers
iii. Affine ciphers
i. Additive ciphers:
• This is the simplest monoalphabetic cipher.
• We assume that the plaintext contains the
lowercase characters (a to z) and the
ciphertext contain the upper 3/2/2018text
characters (A to Z) as follows:
 15 01/27/2025

♥ the Figure, each character is assigned an integer

in Z26 .

♥ The secret key is also an integer in Z 26

♥ The encryption algorithm adds the key to the

plaintext characters and the decryption algorithm
subtracts the key from the ciphertext characters.
♥ Then the algorithm can be expressed as follows:

For each plaintext letter P, substitute the ciphertext letter C:

(a mod n is the remainder when a is divided by n. E.g.3/2/2018

11 mod 7
= 4)
 16 01/27/2025

♥ The encryption algorithm is

C = E(k, P) = (P + k) mod 26 ; where k takes a value in the range 1 to 25.
 The decryption algorithm is simply
P = D(k, C) = (C - k) mod 26 ; where k takes a value in the range 1 to 25.

Example: Use the additive cipher with key =15 to encrypt the message “hello”.
Soln. : We apply the encryption algorithm to the plaintext character by
character
Plaintext : h  07 Encryption: (07+15)mod 26 Ciphertext: 22 W
Plaintext : e  04 Encryption: (04+15)mod 26 Ciphertext: 19  T
Plaintext : l  11 Encryption: (11+15)mod 26 Ciphertext: 00  A
Plaintext : l  11 Encryption: (11+15)mod 26 Ciphertext: 00  A
Plaintext : o  14 Encryption: (14+15)mod 26 Ciphertext: 03  D
So, the result is “WTAAD”
Note: By using the reverse decrypt algorithm, we can now decrypt the3/2/2018

ciphertext “WTAAD”.
 17 01/27/2025

♥ Additive cipher is also called as shift cipher. The

reason is that the encryption algorithm can be
interpreted as “shift key character down” and
the decryption algorithm can be interpreted as
“shift key character up”.
• Three important characteristics of this problem
enabled us to use a brute-force cryptanalysis:
1. The encryption and decryption algorithms are
known.
2. There are only 25 keys to try.
3/2/2018
3. The language of the plaintext is known and
easily recognizable.
 18 01/27/2025

♥ Julius Caesar used an additive cipher to

communicate with his officers. For this
reason, this cipher is also sometimes called
as caesar cipher.
♥ Caesar Cipher: The earliest known example of
a substitution cipher in which each character
of a message is replaced by a character three
position down in the alphabet. For example:
 Plaintext: are you ready 3/2/2018
 Ciphertext: duh brx uhdgb
 19 01/27/2025

….cont’d

ii. Multiplicative cipher:

♥ In this cipher, the encryption algorithm specifies the
multiplication of the plaintext by the key and the
decryption algorithm specifies the division of the
ciphertext by the key.

♥ Since operations are in Z26, decryption here means

multiplying by the multiplicative inverse of the key.
 The general multiplicative encryption algorithm is
C = E(k, P) = (P * k) mod 26 ; where k takes on a
value in the range 1 to 25.
 The general multiplicative decryption algorithm is
P = D(k, C) = (C*k-1) mod 26 ; where k takes
3/2/2018on a

value in the range 1 to 25.

 20 01/27/2025

♥ Example: Use the multiplicative cipher with key =7 to encrypt the message
“hello”.;
Soln.: We apply the encryption algorithm to the plaintext character by
character
Plaintext :h  07 Encryption: (07*07)mod 26 Ciphertext: 23 X
Plaintext : e  04 Encryption: (04*07)mod 26 Ciphertext: 02 C
Plaintext : l  11 Encryption: (11*07)mod 26 Ciphertext: 25  Z
Plaintext : l  11 Encryption: (11*07)mod 26 Ciphertext: 25 Z
Plaintext : o  14 Encryption: (14*07)mod 26 Ciphertext: 20  U
So, the result is “XCZZU”
Note: By using the reverse decrypt algorithm, we can now decrypt the
ciphertext “XCZZU”. (Use K-1 = 15) 3/2/2018
 21 01/27/2025

iii. Affine cipher:

♥ Affine cipher is a combination of additive and
multiplicative ciphers with a pair of keys.
♥ The first key is used with multiplicative cipher and
the second key is used with the additive cipher.
♥ Affine cipher is actually two ciphers applied one
after the other.
♥ In the affine cipher, the relations between the
plaintext and ciphertext are
C = E(k1, k2 ; P) = (P * k1 + k2 )mod 26 and P =3/2/2018
D(C; k1,
k2) = ((C - k2 )*k1-1 )mod 26
 22 01/27/2025

♥ Example: Use the affine cipher with key pair (7, 2) to encrypt the
message “hello”.
♥ Soln. : We use 7 for the multiplicative key and 2 for the additive key.
♥ We apply the encryption algorithm to the plaintext character by
character
Plaintext : h  07 Encryption: (07*07+2)mod 26
Ciphertext: 25  Z
Plaintext : e  04 Encryption: (04*07+2)mod 26 Ciphertext:
04  E
Plaintext : l  11 Encryption: (11*07+2)mod 26 Ciphertext:
01  B
Plaintext : l  11 Encryption: (11*07+2)mod 26 Ciphertext:
01  B
Plaintext : o  14 Encryption: (14*07+2)mod 26 Ciphertext:
22 W
So, the result is “ZEBBW”. 3/2/2018
Note: By using the reverse decrypt algorithm, we can now decrypt the
ciphertext “ZEBBW”.
 23 01/27/2025

♥ Because additive, multiplicative and affine ciphers have small key

domain, they are vulnerable to brute-force attack.
♥ A brute-force attack involves trying every possible key until an
intelligible translation of the ciphertext into plaintext is obtained. On
average, half of all possible keys must be tried to achieve success.
♥ After the sender and the receiver agreed Ki a single key, that key is
used to encrypt each letter in the plaintext or decrypt each letter in
the ciphertext.
♥ A better solution is to create a mapping in between each letter of the
3/2/2018

plaintext and each letter of the ciphertext.

 24 01/27/2025

II Polyalphabetic cipher

♥ In this kind of cipher, each occurrence of character may have a different

substitute. The relationship between the characters in the plaintext and the
characters in ciphertext is one-to-many.
♥ For example, ‘a’ could be enciphered as ‘D’ in the beginning, but as ‘N’ in
the middle. Polyalphabetic ciphers have the advantage of hiding the letter
frequency of the underlying language.
♥ To create a polyalphabetic cipher, we need to make each ciphertext character
dependent on both the plaintext character and the position of the plaintext
character.
♥ We need to have a key stream k= (k1, k2, k3,…) in which ki is used to encipher
3/2/2018

the ith character in the plaintext to create the ith character in the ciphertext.
 25 01/27/2025

♥ The group of polyalphabetic ciphers includes:

1. Autokey cipher
♥ In this cipher, the key is a stream of sub keys, in which each sub key is used to
encrypt the corresponding character in the plaintext. The first sub key is a
predetermined value agreed upon by the sender and the receiver.
♥ The second sub key is the value of first plaintext character (between 0 and 25).
The third subkey is the value of second plaintext character and so on.
♥ The name of the cipher autokey implies that the sub keys are automatically
generated from the plaintext cipher characters during the encryption process.
P=P1P2P3… C=C1C2 C3… k=k1P1P2…
Encryption: Ci= (Pi+ki) mod 26 3/2/2018

Decryption: Pi = (Ci – ki) mod 26

 26 01/27/2025

Example: Encrypt the plaintext “attack is today” using

the initial key value k1 = 12.
Sol.: Here enciphering is done character by character.
Each character in the plaintext is first replaced by its
integer value as shown in the figure. The first sub-key is
added to create the first ciphertext character.
The rest of the key is created as the plaintext characters
are read.

We note that the cipher is polyalphabetic because the

three occurrences of “a” in the plaintext are encrypted
3/2/2018
differently. The three occurrences of the “t” are
enciphered differently.
 27 01/27/2025

2. Playfair cipher

• The secret key in this cipher is made of 25

alphabetic letters arranged in 5×5 matrix.
• Different arrangementsof the letters of the matrix
can create many different secret keys. One of the
possible arrangements has been shown in the
following figure:

• Beforeencryption, if the two letters in a pair are

same, a bogus letter is inserted in between to
separate them.
• Afterinserting bogus letters, if the number of
characters in the plaintext is odd, one extra bogus
3/2/2018
character is added at the end to make the number
of characters even.
 28 01/27/2025

 The cipher uses three rules for encryption:

i. If the two letters in a pair is located in the same row of the secret
key, the corresponding encrypted character for each letter is the next
letter to the right in the same row ( with wrapping to the beginning
of the row if the plaintext letter is the last character in the row)
ii. If the two letters in a pair are located in the same column of the
secret key, the corresponding encrypted character for each letter is
the letter beneath it in the same column ( with wrapping to the
beginning of the column if the plaintext letter is the last character in
the column).
iii. If the two letters in a pair are not in the same row or column of the
secret, the corresponding encrypted character for each letter is
a letter that is in its own row but in the same column as3/2/2018
the other
letter.
 29 01/27/2025

• In Playfair cipher, the key is a stream of subkeys in

which the subkeys are created two at a time.
• The encryption algorithm takes a pair of characters
from plaintext & creates a pair of ciphertext by
following the above-mentioned rules
• We can say that the key stream depends on the
position of the characters of the plaintext.
 P=P1P2P3...... C=C1C2C3… k= ((k1, k2), (k3, k4),… )
Encryption : Ci= ki Decryption : Pi = ki

Example: Encrypt the plaintext ‘attack’ by using the key

in the above matrix.
Sol. : When we group the letters in two-character pair,
we get “at, ta, ck”.
at -> BP ta -> PB ck->FP 3/2/2018

Ciphertext: BPPBFP
 30 01/27/2025

3. Vegenere cipher

• This cipher was designed by Blaise de Vegenere,

a sixteenth century French mathematician.
• A Vegenere cipher uses a different strategy to
create the key stream.
• The key stream is a repetition of an initial secret
key stream of length m, where we have 1≤m≤26.
• The cipher can be described as follows where
(k1,k2,…, km) is the initial secret key agreed by the
sender and the receiver.
 P=P1P2… C= C1C2… K=[(k1, k2,…,km), (k1, k2,…,km),
….]
Encryption: Ci =( Pi+ ki )mod 26
Decryption: Pi =( Ci - ki )mod 26 3/2/2018
 31 01/27/2025

• The difference between the Vegenere cipher and the other two
polyalphabetic ciphers is that the Vegenere key stream does not
depend on the plaintext characters; it depends only on the position of
the character in the plaintext.
• In other words, the key stream can be created without knowing what
the plaintext is.
Example: Encrypt the message “she is listening” using the 6-character
keyword “PASCAL”.
Sol.: The initial key stream is (15, 0, 18, 2, 0, 11). The key stream is the
repetition of this initial key stream.

3/2/2018
 32 01/27/2025

♥ Hill cipher,
♥ Rotor Cipher

3/2/2018
 33 01/27/2025

Transposition Techniques
♥ Systematically transpose the positions of plaintext elements (rearrange their
orders).
♥ A transposition cipher does not substitute one symbol for another, instead it
changes the location of the symbols.
♥ A symbol in the first position of the plaintext may appear in the tenth position
of the ciphertext.
♥ A symbol in the eighth position in the plaintext may appear in the first position
of the ciphertext.
♥ In the other words, a transposition cipher reorders (transposes) the symbols.
This group of ciphers include:
3/2/2018
1. Keyless transposition ciphers
2. Keyed transposition ciphers
 34 01/27/2025

1. Keyless Transposition ciphers

♥ The simple transposition ciphers are keyless. There are two

methods for permutation of characters .
♥ In the first method, the text is written into a table column by
column and then transmitted row by row.
♥ In the second method, the text is written into the table row by row
and then transmitted column by column. Example: Rail fence
cipher
♥ In this cipher the plaintext is arranged in two lines as a zigzag
pattern ( which means column by column); the ciphertext
3/2/2018 is
created by reading the pattern row by row.
 35 01/27/2025

♥ For example, to send the message “ meet me at the park” to

the receiver, the sender writes

♥ He then creates the ciphertext “ MEMATEAKETETHPR” by

sending the first row followed by the second row
♥ The receiver receives the ciphertext and divides it in half ( in
this case the second half has one less character)
♥ The first half forms the first row; the second half the second
3/2/2018

row. The receiver reads the result in zigzag.

 36 01/27/2025

2. Keyed Transposition cipher:

♥ The keyless ciphers permutes the characters by using writing
plaintext in one way (row by row , for example) and reading it
in another way (column by column , for example).
♥ The permutation is done on the whole plaintext to create the
whole ciphertext.
♥ Another method is to divide the plain text into groups of
predetermined size, called blocks, and then use a key to
3/2/2018
permute the characters in each block separately.
 37 01/27/2025

Example: The sender needs to send the

message” enemy attacks tonight”
 In this case, both agreed to divide the text
into groups of five characters and then
permute the characters in each group.
 The following show the grouping after
adding a bogus character at the end to make
the last group the same size as the others.
enemy attac kston ightz
 The key used for encryption and decryption
is a permutation key, which shows how the
character are permuted.
 For this message, assume that the 3/2/2018
sender
and the receiver used the following key
 38 01/27/2025

♥ The third character in the plaintext block

becomes the first character in the ciphertext
block; the first character in the plaintext block
becomes the second character in the
ciphertext block; and so on. The permutation
yields

EEMYNTAACTTKONSHITZG
♥ The receiver divides the ciphertext into 5-
character groups and , using the key3/2/2018
in the
reverse order, finds the plaintext.
 39 01/27/2025

Symmetric key cryptography

Block Ciphers
♥ A symmetric encryption algorithms in which a large block of plaintext
bits (typically 64) is transformed as a whole into a ciphertext block of
the same length.
♥ Block ciphers operate on blocks of plaintext and ciphertext- usually of
64 bits but sometimes longer.
♥ The groups of bits are called blocks. For modern computer
algorithms, a typical block size is 64 bits.
♥ Block ciphers operate on blocks of a message and apply the
3/2/2018

encryption algorithm to an entire message block at the same time.

 40 01/27/2025

♥ With a block cipher, the same plaintext block will always encrypt
to the same ciphertext block, using the same key.
♥ A block cipher is an encryption/decryption scheme in which a
block of plaintext is treated as a whole and used to produce a
ciphertext block of equal length. It may be viewed as a simple
substitution cipher with large character size.
♥ The function is parameterized by a k-bit key K, taking values
from a subset K (the key space) of the set of all k-bit vectors V k.
3/2/2018
♥ n-bit block cipher takes n bit plaintext and produces n bit
ciphertext. 2n possible different plaintext blocks (inputs) will be
 41 01/27/2025

Widely used block Ciphers

Some of the block cipher algorithms widely used today are the
following:

i. DES (Data Encryption Standard)

ii. Triple DES
iii. AES (Advanced Encryption Standard)

3/2/2018
 42 01/27/2025

Block Ciphers: Data Encryption Standard (DES)

♥ The Data Encryption Standard, known as DES, is a simple block

cipher developed way back in the 1970s. The design is based on the
Lucifer cipher, a Feistel cipher developed by IBM.
♥ It is the most widely used encryption scheme. The plaintext is 64-
bits in length, and the key is 56-bits in length.
♥ There are 16 rounds of processing. From the original 56-bit key, 16
subkeys are generated, one of which is used for each round.
♥ With a key length of 56 bits, there are 2 56possible keys, which is
approximately 7.2 X 1016 keys. Thus, on the face of it, a brute-force
3/2/2018

attack appears impractical.

 43 01/27/2025

Block Ciphers: DES

♥ Outline of the DES Algorithm: DES operates on two inputs to the

encryption function:
 a 64-bit block of plaintext to be encrypted and the 56-bit key k.
♥ Note: Actually, the function expects a 64-bit key as input. However,
only 56 of these bits are ever used; the other 8 bits (8th, 16th, 24th,
…,64th) can be used as parity bits or simply set arbitrarily.
♥ The processing of the plaintext proceeds in four phases: In first
phase, the 64-bit plaintext passes through an initial permutation (IP)
that rearranges the bits to produce the permuted input.
3/2/2018
This
permuted input is then broken into a right half and a left half, each
 44 01/27/2025

♥ Second phase consists of 16 rounds of an identical operation, called the

function F, in which data are combined with the key.
♥ This phase consists of sixteen rounds of the same function, which
involves both permutation and substitution functions. In each round
(see Figure):
♥ The key bits are shifted, and then 48 bits are selected from the 56 bits of
the key.
♥ The right half of the data is expanded to 48 bits via an expansion
permutation, combined with 48 bits of a shifted and permuted key via an
XOR, sent through 8 S-boxes producing 32 new bits, and3/2/2018
permuted
again.
 45 01/27/2025

♥ The output of Function F is then combined with the left half via
another XOR.
♥ The result of these operations becomes the new right half; the old
right half becomes the new left half. These operations are
repeated 16 times, making 16 rounds of DES.
♥ In the third phase, the output of the last (sixteenth) round consists
of 64 bits that are a function of the input plaintext and the key.
♥ The left and right halves of the output are swapped to produce the
preoutput. 3/2/2018
 46 01/27/2025

♥ In the final phase, the preoutput is passed through an inverse permutation

(IP-1) of the initial permutation function, to produce the 64-bit ciphertext.
♥ The right-hand portion of the following Figure shows the way in
which the 56-bit key is used.
♥ Initially, the 64 bit key is passed through a permutation function, then 8 bits
(k8,k16,k24,... ,k64) of K are discarded.

♥ Then, for each of the 16 rounds, a 48 bit subkey (K i) is produced by the

combination of a left circular shift and a permutation from the 56 bit
key.
♥ The permutation function is the same for each round, but 3/2/2018
a different
subkey is produced because of the repeated shifts of the key bits.
 47 01/27/2025

3/2/2018

Figure: General Depiction of DES Encryption

Algorithm
 48 01/27/2025

 Outline of the DES Algorithm

♥ With the exception of the initial and final permutations, DES
has the exact structure of a Feistel cipher, as shown in the
following Figure.
♥ For each round i = 1, 2, . . . , 16, new left and right halves are
computed according to the rule
Li = Ri−1
Ri = Li−1 ⊕ F(Ri−1,Ki )
where Ki is the subkey for round i.
3/2/2018
 49 01/27/2025

D
E
S
c
o
m
p
u
t
a
ti
o
n
p
a
T
3/2/2018
h Figure: One round of DES
 50 01/27/2025

Block Ciphers: DES

♥ Unscrambling the above diagram, we see that the DES round

function F can be written as follows.
F(Ri−1,Ki) = P-box(S-boxes(Expand(Ri−1)⊕Ki))

♥ Since the DES block size is 64 bits, each L i and Ri is 32 bits. The
new left half is simply the old right half.
♥ The round function F is the composition of the expansion
permutation, addition of subkey, S-boxes, and P-box.
♥ The expansion permutation expands its input from 32 to 48 bits
(all bits are used once; some are used twice), and the 48 bit
3/2/2018

subkey is XORed with the result.

 51 01/27/2025

♥ The S-boxes then compress these 48 bits down to 32 bits

before the result is passed through the P-box. The P-box
output is then XORed with the old left half to obtain the new
right half.

3/2/2018
 52 01/27/2025

Block Ciphers: DES: DES FUNCTIONS IN DETAIL

Now let us describe each of the components of F.

1) The Initial Permutation
♥ The initial permutation and its inverse are defined by the
following tables.
♥ These tables, like all the other tables in this chapter, should be
read left to right, top to bottom.
♥ For example, the initial permutation moves bit 58 of the
plaintext to bit position 1, bit 50 to bit position 2, bit 42 to bit
position 3, and so forth. 3/2/2018
 53 01/27/2025

3/2/2018

Figure: Initial and Final permutations in DES

 54 01/27/2025

The tables are to be interpreted as follows.

• The input to a table consists of 64 bits numbered from 1 to 64.
• The 64 entries in the permutation table contain a permutation
of the numbers from 1 to 64.
• Each entry in the permutation table indicates the position of a
numbered input bit in the output, which also consists of 64 bits.
 To see that these two permutation functions are indeed the
inverse of each other, consider the following 64-bit input M,
where Mi is a binary digit:

3/2/2018
 55 01/27/2025

Then the permutation X= IP(M) is as follows:

 If we then take the inverse permutation

Y= IP-1(X) = IP-1(IP(M)), 3/2/2018

it can be seen that the original ordering of the bits is restored .

 56 01/27/2025

2) The Key Generation/Transformation

• Returning back to Figures of general depiction and one round
of DES, we see that a 64-bit key is used as input to the
algorithm.
• The bits of the key are numbered from 1 through 64; every
eighth bit is ignored, as indicated in the following table.

Table: Bits included

and excluded in
reducing the key size 3/2/2018
 57 01/27/2025

The key is first subjected to a permutation governed by a table labeled

Permuted Choice One (the following table). This is nothing but permutation
of numbers (referring to bit positions) in the left of the previous table.

Table: Permuted Choice One

 The resulting 56-bit key is then treated as two 28-bit quantities
 Each halves are separately subjected to a circular left shift, or rotation, of
1 or 2 bits, as governed by the following table.

Table: Number of key bits shifted per round 3/2/2018

 58 01/27/2025

• These shifted values serve as input to the next round. They

also serve as input to Permuted Choice Two, which produces a
48-bit output that serves as input to the function F(Ri-1, Ki).
• Because this operation permutes the order of the bits as well as
selects a subset of bits (48 bits from 56 bits are selected), it is
called a compression permutation.

Table: Permuted Choice Two (Compression Permutation)

3/2/2018
 59 01/27/2025

3) The Expansion Permutation

 This operation expands the right half of the data, Ri, from 32
bits to 48 bits. Because this operation changes the order of the
bits as well as repeats certain bits, it is known as an expansion
permutation.
 This operation has two purposes: It makes the right half the
same size as the key for the XOR operation and it provides a
longer result that can be compressed during the substitution
operation.

3/2/2018
 60 01/27/2025

4) The S-Box Substitution

 After the compressed key is XORed with the expanded block,
the 48-bit result moves to a substitution operation.
 The substitutions are performed by 8 substitution boxes, or S-
boxes. Each S-box has a 6-bit input and a 4-bit output, and
there are 8 different S-boxes.
 The 48 bits are divided into eight 6-bit sub-blocks. Each
separate block is operated on by a separate S-box: The first
block is operated on by S-box 1, the second block is operated
on by S-box 2, and so on.

Figure: S-Box 3/2/2018

Substitution
 61 01/27/2025

 Each S-box is a table of 4 rows and 16 columns. Each entry in

the box is a 4-bit number. The 6 input bits of the S-box specify
under which row and column number to look for the output.
 The following table shows all eight S-boxes

3/2/2018
 62 01/27/2025

 The input bits specify an entry in the S-box in a very particular

manner. Consider an S-box input of 6 bits, labeled b 1b2b3b4b5 and
b6 .
 Bits b1 and b6 are combined to form a 2-bit number, from 0 to 3,
which corresponds to a row in the table.
 The middle 4 bits, b2 through b5 are combined to form a 4-bit
number, from 0 to 15, which corresponds to a column in the table.
 For example, assume that in the S1 101101. The first and last bits
combine to form 11, which corresponds to row 3 of the S-box.
 The middle 4 bits combine to form 0110, which corresponds to the
column 6 of the same S-box.
 The entry under row 3, column 6 of S-box 1 is 6. (Remember to
count rows and columns from 0 and not from 1). The value 0110 is
3/2/2018

substituted for 101101.

 63 01/27/2025

Block Ciphers: Triple DES

♥ A popular variant of DES is triple DES, or 3DES. 3DES was developed in

1999 by IBM – by a team led by Walter Tuchman. 3DES has a 168-bit key and
enciphers blocks of 64 bits.
♥ There are four versions of 3DES.
♥ The first simply encrypts the plaintext three times, using three different keys:
K1, K2, and K3

♥ It is known as DES-EEE3 mode (the Es indicate that there are three encryption
operations, where as the numeral 3 indicates that three different keys are used).
♥ DES-EEE3 can be expressed using the following notation, where E(K, P)
represents the encryption of plaintext P with key K :
3/2/2018

♥ E(K1, E(K2, E(K3, P))) DES-EEE3 has an effective key length of 168 bits.
 64 01/27/2025

Block Ciphers: Triple DES

♥ The second variant (DES-EDE3) also uses three keys but replaces the second
encryption operation with a decryption operation:

E(K1, D(K2, E(K3, P)))

♥ The third version of 3DES (DES-EEE2) uses only two keys, K 1 and K2, as follows:

E(K1, E(K2, E(K1, P)))

♥ The fourth variant of 3DES (DES-EDE2) also uses two keys but uses a decryption
operation in the middle: E(K1, D(K2, E(K1, P)))
♥ Both the third and fourth variants have an effective key length of 112 bits .

♥ In DES-EDE2, the reason for using decryption as the second step is the backwards
compatibility with single DES when it is used with K1 = K2.
3/2/2018
♥ That is when K1 = K2 = K then it collapses to single DES
C = E(D(E(P, K), K), K) = E(P, K).
 65

Thank you