Cryptography and Network Security

Unit – II Advanced Encryption Standard:

Introduction,
Traditional Symmetric -Key Ciphers:
Transformations,
Introduction, Key Expansion,
Substitution Ciphers, The AES Ciphers,
Transposition Ciphers, Examples,
Stream and Block Ciphers. Analysis of AES.
Data Encryption Standard (DES):
Introduction,
DES Structure,
DES Analysis,
Security of DES,
Multiple DES,
Examples of Block Ciphers influenced
by DES.
Traditional Symmetric -Key Ciphers: Introduction
Symmetric encryption, also referred to as
conventional encryption or single key
encryption was the only type of encryption
in use prior to the development of public-
key encryption in 1976.
Types of Cryptosystems
Fundamentally, there are two types of cryptosystems based on the manner in which
encryption-decryption is carried out in the system −
•Symmetric Key Encryption
•Asymmetric Key Encryption
The main difference between these cryptosystems is the relationship between the
encryption and the decryption key. Logically, in any cryptosystem, both the keys are
closely associated. It is practically impossible to decrypt the ciphertext with the key
that is unrelated to the encryption key.
Symmetric Key Encryption
The encryption process where same keys are used for encrypting and decrypting the
information is known as Symmetric Key Encryption.
The study of symmetric cryptosystems is referred to as symmetric cryptography.
Symmetric cryptosystems are also sometimes referred to as secret key cryptosystems.
A few well-known examples of symmetric key encryption methods are − Digital
Encryption Standard (DES), Triple-DES (3DES), IDEA, and BLOWFISH.
 The symmetric encryption scheme has five ingredients
 Plaintext: This is the original intelligible message or data that is fed to the
algorithm as input.
 Encryption algorithm: The encryption algorithm performs various substitutions
and permutations on the plaintext
 Secret Key: The secret key is also input to the encryption algorithm. The
exact substitutions and permutations performed depend on the key used, and
the algorithm will produce a different output depending on the specific key
being used at the time.
 Ciphertext: This is the scrambled message produced as output. It depends on
the plaintext and the key. The ciphertext is an apparently random stream of
data, as it stands, is unintelligible.
 Decryption Algorithm: This is essentially the encryption algorithm run in
reverse. It takes the ciphertext and the secret key and produces the original
plaintext
There are two requirements for a symmetric key cryptosystem
1. We assume it is impractical to decrypt a message on the basis of the cipher
text plus knowledge of the encryption/decryption algorithm. In other words,
we do not need to keep the algorithm secret; we need to keep only the key
secret.

2. Sender and the receiver must have obtained copies of the secret key in a
secure fashion and must keep the key secure. If someone can discover the
key and knows the algorithm, all communications using this key is readable.
Asymmetric cryptography
Asymmetric cryptography, also known as
public key cryptography, uses public and
private keys to encrypt and decrypt data.
The keys are simply large numbers that
have been paired together but are not
identical (asymmetric). One key in the
pair can be shared with everyone; it is
called the public key. The other key in
the pair is kept secret; it is called the
private key. Either of the keys can be
used to encrypt a message; the opposite
key from the one used to encrypt the
message is used for decryption.
Hashing
In hashing, a fixed-length message digest is
created out of a variable-length message. The
digest is normally much smaller than the
message. To be useful, both the message and the
digest must be sent to Bob. Hashing is used to
provide check values, which were discussed
earlier in relation to providing data integrity.
Hash and data Integrity
 Steganography
Steganography is the hiding of a secret message within
an ordinary message and the extraction of it at its
destination. Steganography takes cryptography a step
farther by hiding an encrypted message so that no one
suspects it exists. Ideally, anyone scanning your data will
fail to know it contains encrypted data.
 Substitution Ciphers
The name substitution cipher comes from
the fact that each letter that you want to
encipher is substituted by another letter or
symbol, but the order in which these appear
is kept the same.

In otherwords the message you want to keep A Caesar cipher is one of the simplest (and
secret (called the plaintext) is transformed easiest cracked) encryption methods. It is a
into the enciphered message (called the Substitution Cipher that involves replacing
ciphertext) by using a different alphabet. It is each letter of the secret message with a
useful to keep track of the different alphabets different letter of the alphabet which is a
by always writing your plaintext in lowercase fixed number of positions further in the
and your ciphertext in uppercase. alphabet.
Example
In this example, each letter in the plaintext message has been shifted 3 letters down in the alphabet.
Plaintext: This is a secret message
Ciphertext: wklv lv d vhfuhw phvvdjh
Atbash Cipher
The Atbash cipher is a very specific
case of a substitution cipher where the
letters of the alphabet are reversed. In
other words, all A’s are replaced with
Zs, all Bs are replaced with Ys, and so
on.
Example:
Plaintext: This is a secret message
Ciphertext: Gsrh rh z hvxivg nvhhztv
Polyalphabetic Ciphers
In a polyalphabetic cipher,
the substitution may change
throughout the message. In
other words, the letter A
may be encoded as the
letter K for part of the
message, but later on it
might be encoded as the
letter W.
Transposition Ciphers
Transposition Ciphers are a bit different One example of a transposition
to Substitution Ciphers. Whereas cipher, is to reverse the order of the
Substitution ciphers replace each letter letters in a plaintext. So "a simple
with a different letter or symbol to example" becomes "ELPMAXE
produce the ciphertext, in a ELPMIS A". Another, similar, way to
Transposition cipher, the letters are just encrypt a message would be to
moved around. reverse the letters of each word, but
not the order in which the words are
The letters or words of the plaintext are written. In this case "a simple
reordered in some way, fixed by a given example" becomes "A ELPMIS
rule (the key). ELPMAXE". Both of these are
available in the activity at the
bottom of the page.
What is a block cipher?
A block cipher is an encryption algorithm that encrypts a fixed size of n-
bits of data - known as a block - at one time.

The usual sizes of each block are 64 bits, 128 bits, and 256 bits.
For example, a 64-bit block cipher will take in 64 bits of plaintext and
encrypt it into 64 bits of ciphertext.

In cases where bits of plaintext is shorter than the block size, padding
schemes are called into play.

Majority of the symmetric ciphers used today are actually block ciphers.
DES, Triple DES, AES, IDEA, and Blowfish are some of the commonly used
encryption algorithms that fall under this group.
What is a stream cipher?
 A stream cipher is an encryption algorithm that encrypts 1 bit or byte of
plaintext at a time.
 It uses an infinite stream of pseudorandom bits as the key.
 For a stream cipher implementation to remain secure, its pseudorandom
generator should be unpredictable and the key should never be reused.
 Stream ciphers are designed to approximate an idealized cipher, known as
the One-Time Pad.
 The One-Time Pad, which is supposed to employ a purely random key, can
potentially achieve "perfect secrecy". That is, it's supposed to be fully
immune to brute force attacks. The problem with the one-time pad is that, in
order to create such a cipher, its key should be as long or even longer than
the plaintext.
 In other words, if you have 500 MegaByte video file that you would like to
encrypt, you would need a key that's at least 4 Gigabits long.
FEISTEL BLOCK CIPHER

 Feistel Cipher is not a specific scheme of block cipher.

 It is a design model from which many different block ciphers

are derived.

 DES is just one example of a Feistel Cipher.

 A cryptographic system based on Feistel cipher structure

uses the same algorithm for both encryption and decryption.
Fiestal Encryption Process

The encryption process uses

the Feistel structure consisting
multiple rounds of processing of
the plaintext, each round
consisting of a “substitution”
step followed by a permutation
step.
Fiestal Encryption Process Steps :

 The input block to each round is divided into two halves that can be
denoted as L and R for the left half and the right half.
 In each round, the right half of the block, R, goes through unchanged.
But the left half, L, goes through an operation that depends on R and
the encryption key.
 First, we apply an encrypting function ‘f’ that takes two input the key K
and R. The function produces the output f (K,R).
 Then, we XOR the output of the mathematical function with L.
 In real implementation of the Feistel Cipher, such as DES, instead of
using the whole encryption key during each round, a round-dependent
key ‘a subkey’ is derived from the encryption key.
 This means that each round uses a different key, although all these
subkeys are related to the original key.
Fiestal Encryption Process Steps contd…

 The permutation step at the end of each round swaps the modified
L and unmodified R.

 Therefore, the L for the next round would be R of the current

round. And R for the next round be the output L of the current
round.

 Above substitution and permutation steps form a ‘round’. The

number of rounds are specified by the algorithm design.

 Once the last round is completed then the two sub blocks, ‘R’ and
‘L’ are concatenated in this order to form the ciphertext block.
Decryption Process
 The process of decryption in Feistel cipher is almost
similar.
 Instead of starting with a block of plaintext, the
ciphertext block is fed into the start of the Feistel
structure and then the process thereafter is exactly the
same as described in the given illustration.
 The process is said to be almost similar and not exactly
same.
 In the case of decryption, the only difference is that the
subkeys used in encryption are used in the reverse
order.
Data Encryption Standard (DES):
DES Originally designed by researchers at IBM in the early 1970s,
DES was adopted by the U.S. government as an official Federal
Information Processing Standard (FIPS) in 1977 for the encryption of
commercial and sensitive yet unclassified government computer data.

It was the first encryption algorithm approved by the U.S. government

for public disclosure. This ensured that DES was quickly adopted by
industries such as financial services, where the need for strong
encryption is high.
The simplicity of DES also saw it used in a wide variety of embedded
systems, smart cards, SIM cards and network devices requiring
encryption like modems, set-top boxes and routers.
 DES Algorithm and Structure

Permutation: Each of several possible ways in which

number of things can be ordered or arranged, i.e.
arranging bits.
Initial Permutation:
Firstly, each bit of a block is subject
to initial permutation, which can be
represented by the following initial
permutation (IP) table:
IP
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
This permutation table shows, when
reading the table from left to right then
from top to bottom, that the 58th bit of
the 64-bit block is in first position, the
50th in second position and so forth.
Details of Single round:
Once the initial permutation is
completed, the 64-bit block is The overall processing of each
divided into two 32-bit blocks, round can be summarized in the
respectively denoted L and R (for following formulae’s
left and right). The initial status of
these two blocks is denoted L0 and Li=Ri-1 : i value range is 1 to 16
R0: Ri=Li-1 XOR F(Ri-1,Ki)
L0
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
R0
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
It is interesting to note that L0 contains
all bits having an even position in the
initial message, whereas R0 contains
bits with an odd position.
Expansion / permutation S-Box Substitution
The 32 bits of the R0 block are
expanded to 48 bits using a table
called an expansion table (denoted E),
in which the 48 bits are mixed
together and 16 of them are
duplicated:

E
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1

As such, the last bit of R0 (that is, the 7th

bit of the original block) becomes the This phase consists of 8-boxes, each of which accepts 6-bits
first, the first becomes the second, etc. as input and produces 4 bits of output. Then S1(B) :S1 is the
The resulting 48 bits are XORed with 48 function defined in the table, B is the block of 6- Bits (input).
bit key.
S-Box substitution explained:
The above function is determined as follows: Example
The first and the last bits of B (input) represent in base2, a Let B=011011
number in the decimal range 0 to 3 (or binary 00 01 10 11). First bit 0
Let the number be i
The middle bits of B represent in base2, a number in the Last bit 1
decimal range 0 to 15 (or binary 0000 through 1111) let this
be j. [01 indicates row 1]
Look up in the table the number in the i th row and j th
column. The number is in the range 0-15 represented by 4-
bit block. [Middle 4 bits 1101 , corresponds to
column 13]
i.e. (row1, col13) 5 (or binary 0101)
therefore, Si 0101

in the same way all other s-boxes are processed and

finally we get a combination of all these.
i.e. 4 bits X 8 boxes 32 bits
8 S-Box tables
for reference
Permutation (P) Rounds 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
The obtained 32-bit block is then subject to a Bits rotate 112222221 2 2 2 2 2 2 1
permutation P here is the table:
16 7 20 21 29 12 28 17
1 15 23 26 5 18 31 10
2 8 24 14 32 27 3 9
19 13 30 6 22 11 4 25

Key Generation
64 bit key is used as input and reduced to
56-bits by eliminating bit position
(8,16,24,32,40,48,56,64) i.e. every 8th position
bit is ignored.. 56-bit is again divided into
two parts, i.e. 28-bit and 28-bit labeled Co
and Do.
At each round Ci-1 and Di-1 are
separately subjected to a circular left shift or
rotation of 1 or 2 bits as indicated by the Example of left
table :
circular shift
Similarly, the permuted choice 1 and PC-1 and
permuted choice 2 PC-2 are processed.
 DES Security
DES is the old "data encryption
standard" from the seventies. Its
key size is too short for proper
security (56 effective bits; this can
be brute-forced, as has been
demonstrated more than ten years
ago). Also, DES uses 64-bit blocks,
which raises some potential issues
when encrypting several gigabytes
of data with the same key (a
gigabyte is not that big nowadays).
Brute force attack on DES
For symmetric-key ciphers, a brute
force attack typically means a brute-
force search of the key space; that is,
testing all possible keys in order to
recover the plaintext used to
produce a particular ciphertext.
In a brute force attack, the expected
number of trials before the correct
key is found is equal to half the size
of the key space. For example, if
there are 264 possible keys, a brute
force attack would, on average, be
expected to find a key after 263 trials.
3DES (Multiple DES) is a trick to reuse
DES implementations, by cascading
three instances of DES (with distinct
keys). 3DES is believed to be secure up
to at least "2112" security (which is quite
a lot, and quite far in the realm of "not
breakable with today's technology"). But
it is slow, especially in software (DES was
designed for efficient hardware
implementation, but it sucks in software;
and 3DES sucks three times as much).

Triple-DES is a method of using DES to provide additional security. Triple-DES

can be done with two or with three keys. Since the algorithm performs an
3DES Contd…
Blowfish is a block cipher proposed by Bruce
Schneier, and deployed in some softwares.
Blowfish can use huge keys and is believed
secure, except with regards to its block size,
which is 64 bits, just like DES and 3DES.

Blowfish is efficient in software, at least on

some software platforms (it uses key-
dependent lookup tables, hence performance
depends on how the platform handles memory
and caches).
IDEA, unlike the other block cipher
algorithms, is patented by the Swiss firm
of Ascom. They have, however, been
generous in allowing, with permission,
free noncommercial use of their
algorithm, with the result that IDEA is
best known as the block cipher
algorithm used within the popular
encryption program PGP.
IDEA uses 52 subkeys, each 16 bits long.
2 are used during each round proper, and 4 are used before every round and
after the last round.
It has 8 rounds.
The IDEA algorithm is interesting
in its own right. It includes some
steps which, at first, make it
appear that it might be a non-
invertible hash function instead of
a block cipher. Also, it is
interesting in that it entirely
avoids the use of any lookup
tables or S-boxes.
IDEA is a patented and universally
applicable block encryption
algorithm, which permits the
effective protection of transmitted
and stored data against
unauthorized access by third parties.
With a key of 128 bits in length, IDEA
is far more secure than the widely
known DES based on a 56-bit key.
AES (Advanced Encryption Standard)
is an iterative rather than Feistel cipher. It is based
on ‘substitution–permutation network’.

AES performs all its computations on bytes rather

than bits.
Hence, AES treats the 128 bits of a plaintext block
as 16 bytes.
These 16 bytes are arranged in four columns and
four rows for processing as a matrix.

Unlike DES, the number of rounds in AES is the first four bytes of a
128-bit input block
variable and depends on the length of the key.
occupy the first column
AES uses 10 rounds for 128-bit keys, 12 rounds for in the 4×4 matrix of
192-bit keys and 14 rounds for 256-bit keys. bytes. The next four
bytes occupy the
Each of these rounds uses a different 128-bit
second column, and so
round key, which is calculated from the original on.
ENCRYPTION KEY AND ITS EXPANSION
Assuming a 128-bit key, the key is also arranged in the form of
a matrix of 4×4 bytes. As with the input block, the first word from
the key fills the first column of the matrix, and so on.

The four column words of the key matrix are expanded into a
schedule of 44 word.
 OVERALL STRUCTURE OF AES
(Transformations)
Before any round-based
processing for encryption can
begin , the input state array is
XORed with the first four words of
the key Schedule.
For encryption, each round consists
of the following four steps:
1) Substitute bytes,
2) Shift rows,
3) Mix columns, and
4) Add round key.
For decryption, each round consists of the following four steps: 1)Inverse shift rows,
2) Inverse substitute bytes, 3) Add round key, and 4) Inverse mix columns.
AES each round Steps
Each round comprise of four
sub-processes. The first round
process is depicted below :
Byte Substitution
(SubBytes)
The 16 input bytes are
substituted by looking up a
fixed table (S-box) given in
design. The result is in a
matrix of four rows and
four columns.
Shiftrows
Each of the four rows of the
matrix is shifted to the left.  First row is not shifted.
Any entries that ‘fall off’  Second row is shifted one (byte) position to
the left.
are re-inserted on the right  Third row is shifted two positions to the
side of row. Shift is carried left.
out as follows −  Fourth row is shifted three positions to the
left.
 The result is a new matrix consisting of the
same 16 bytes but shifted with respect to
each other.
MixColumns
Each column of four bytes is now transformed
using a special mathematical function. This
function takes as input the four bytes of one
column and outputs four completely new
bytes, which replace the original column. The
result is another new matrix consisting of 16
new bytes. It should be noted that this step is
not performed in the last round.

Addroundkey
The 16 bytes of the matrix are now considered
as 128 bits and are XORed to the 128 bits of the
round key. If this is the last round then the
output is the ciphertext. Otherwise, the
resulting 128 bits are interpreted as 16 bytes
and we begin another similar round.
AES Analysis
In present day cryptography, AES is widely adopted and
supported in both hardware and software. Till date, no
practical cryptanalytic attacks against AES has been
discovered. Additionally, AES has built-in flexibility of
key length, which allows a degree of ‘future-proofing’
against progress in the ability to perform exhaustive
key searches.
However, just as for DES, the AES security is:
assured only if it is correctly implemented and
good key management is employed.
 AES ciphers

 AES has several different variants:

 AES-128
 AES-192
 AES-256
 A larger key size also resists better to large quantum computer attacks.
:
 The larger key sizes imply some CPU overhead (+20% for a 192-bit key, +40%
for a 256-bit key: internally, the AES is a sequence of "rounds" and the AES
standard says that there shall be 10, 12 or 14 rounds, for a 128-bit, 192-bit or
256-bit key, respectively).

 For practical purposes, 128-bit keys are sufficient to ensure security.