Lecture 02

Cryptography and
Modern cryptography | Feistel
Network Security structure and DES

Annaba University – Electronic Department, 2023 Dr. Seif Allah Nasri

 Cryptographic
Ciphers

Stream ciphers Block ciphers

Block Ciphers : Encrypt data in fixed-size blocks (like 64 ,128, or 256 bits), use complex transformations
(Example are: DES and AES). More suited for hardware implementations, are more resilient to transmission
errors, and are ideal for encrypting large amounts of data.

Stream Ciphers : Encrypt data bit by bit or byte by byte, generating a keystream that is combined with the
plaintext. Examples include RC4 and Salsa20. Stream ciphers are often faster, use less memory, are more suited
for software implementations, and are ideal for real-time or streaming applications.
Stream Ciphers

• Encrypts a digital data stream one bit or one byte at a time.

• One time pad is example; but practical limitations.

• Typical approach for stream cipher:

• Key (K ) used as input to bit-stream generator algorithm.
• Algorithm generates cryptographic bit stream (Ki ) used to encrypt plaintext.
• Users share a key; use it to generate keystream.
Block Ciphers

• Encrypt a block of plaintext as a whole to produce same sized ciphertext

• Typical block sizes are 64 or 128 bits

• Modes of operation used to apply block ciphers to larger plaintexts

Fiestel structure

• Type of Structure: Symmetric method used in the construction of block ciphers.

• Inventor: Named after Horst Feistel, a cryptographer at IBM.

• Division of Data: Splits the plain text into two halves.

• Rounds: Typically involves multiple rounds of processing the two halves.

• Subkeys: Each round uses a different subkey derived from the main key.

• Processing: Involves mixing one half with a subkey and then combining it with the other half.

• Reversibility: Designed to be easily reversible for decryption with the correct key.

• Usage: Utilized in many encryption algorithms, including DES, Blowfish, and Twofish.
Fiestel structure
• Block and Key Lengths: The Feistel Cipher works with blocks of data of a certain bit length (n-

bit). The key length can vary, and it's not directly tied to the number of transformations or

rounds in the cipher.

• Operations - Substitution and Transposition: The cipher typically involves a series of rounds

where a combination of substitution and transposition (permutation) operations are applied.

These operations are part of the round function, which is applied to one half of the data block.

• Diffusion and Confusion Principles: The design of the Feistel Cipher employs the principles

of diffusion (spreading the influence of the plaintext and key throughout the ciphertext) and

confusion (obscuring the relationship between the ciphertext and the plaintext/key).
Fiestel structure
Typical Approach:

• Splitting Plaintext: The plaintext is divided into two equal halves.

• Generating Subkeys: Each round of the encryption process uses a subkey derived from

the main encryption key.

• Round Function Application: A round function, F, is applied to one half of the data

(typically the right half, but this can vary).

• Combining with XOR: The output of the round function is combined with the other half

(typically the left half) using the XOR operation.

• Swapping Halves: After each round, the two halves of the data are swapped. This process

continues for a predefined number of rounds.

Fiestel structure

Diffusion in the Feistel Cipher

Purpose: The goal of diffusion in the Feistel Cipher is to ensure that a change in a single bit of the
plaintext or the key affects many bits in the ciphertext. This spreading out of the information makes it
more difficult for an attacker to deduce any meaningful patterns from the ciphertext.

Implementation: In a Feistel Cipher, diffusion is achieved through the permutation (transposition)

and mixing processes that occur in each round. The data is repeatedly rearranged and combined in
such a way that the input's statistical structure is widely dispersed across the output. This means that
the output bits are influenced by multiple parts of the input and key, making it challenging to trace
back any particular bit of the ciphertext to a specific bit of the plaintext or key.
Fiestel structure

Confusion in the Feistel Cipher

Purpose: Confusion seeks to make the relationship between the ciphertext and the key as complex as
possible. By doing so, it ensures that even if an attacker can find some patterns or statistical
characteristics in the ciphertext, deducing the key remains difficult.

Implementation: In Feistel Ciphers, confusion is typically achieved through the use of complex
substitution algorithms in the round function. These substitutions are non-linear and often involve S-
boxes (substitution boxes) or other non-linear transformations. These complex operations obscure the
direct relationship between the key and the ciphertext, making it hard to perform cryptanalysis or
reverse-engineer the key from the ciphertext.
Fiestel structure
Fiestel structure

➢ Exact implementation depends on various design features:

➢ Block size, e.g. 64, 128 bits: larger values leads to more diffusion.
➢ Key size, e.g. 128 bits: larger values leads to more confusion, resistance against brute force
➢ Number of rounds, e.g. 16 rounds
➢ Subkey generation algorithm: should be complex.

➢ Other factors include fast encryption in software and ease of analysis.

➢ Trade-off : Security vs performance
Fiestel example
Data Encryption Standard (DES)

➢ Type of Algorithm: Symmetric-key block cipher.

Developed in the early 1970s.
Adopted by the U.S. government in 1977.
➢ Block Size: Encrypts data in 64-bit blocks.
➢ Key Size: Uses a 56-bit key.
➢ Security: Initially considered secure, but later became vulnerable to brute-force attacks due
to advancements in computing power.
➢ Legacy: Although superseded by more advanced algorithms like AES, DES was one of the
first encryption standards widely used internationally and played a pivotal role in the
evolution of digital encryption.
Data Encryption Standard (DES)

➢ Principles used in other ciphers, e.g. 3DES, IDEA

➢ Simplified DES (S-DES)

➢ Cipher using principles of DES
➢ Developed for education (not real-world use)
Simplified DES (S-DES)

➢ I Input (plaintext) block: 8-bits

➢ I Output (ciphertext) block: 8-bits
➢ I Key: 10-bits
➢ I Rounds: 2
➢ I Round keys generated using permutations and left shifts
➢ I Encryption: initial permutation, round function, switch halves
➢ I Decryption: Same as encryption, except round keys used in opposite order
Simplified DES (S-DES)
Simplified DES (S-DES)

S-DES Operations

I P10 (permutate)
Input : 1 2 3 4 5 6 7 8 9 10
Output: 3 5 2 7 4 10 1 9 8 6

I P8 (select and permutate)

Input : 1 2 3 4 5 6 7 8 9 10
Output: 6 3 7 4 8 5 10 9

I P4 (permutate)
Input : 1 2 3 4
Output: 2 4 3 1
Simplified DES (S-DES)

S-DES Operations
➢ EP (expand and permutate)
Input : 1 2 3 4
Output: 4 1 2 3 2 3 4 1

➢ IP (initial permutation)
Input : 1 2 3 4 5 6 7 8
Output: 2 6 3 1 4 8 5 7

➢ IP-1 (inverse of IP)

➢ LS-1 (left shift 1 position)
➢ LS-2 (left shift 2 positions)
S-DES Key Generation
S-DES Encryption Details
S-DES S-Boxes
S-DES Example

➢ Plaintext: 01110010
➢ Key: 1010000010
➢ Ciphertext: 01110111
S-DES Example
S-DES Example
S-DES