0% found this document useful (0 votes)
9 views

ISS_Unit_2

The document discusses block ciphers, focusing on their structure, operation, and security features, including the Fiestel cipher and the Data Encryption Standard (DES). It compares DES with the Advanced Encryption Standard (AES) in terms of key length, block size, algorithm structure, and security. Additionally, it explains various block cipher modes of operation and the concepts of confusion and diffusion in encryption.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
9 views

ISS_Unit_2

The document discusses block ciphers, focusing on their structure, operation, and security features, including the Fiestel cipher and the Data Encryption Standard (DES). It compares DES with the Advanced Encryption Standard (AES) in terms of key length, block size, algorithm structure, and security. Additionally, it explains various block cipher modes of operation and the concepts of confusion and diffusion in encryption.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

UNIT – 2

 Block Cipher structure

A block cipher encrypts data in fixed-size blocks usually 64 or 128 bits at a time.

The encryption algorithm processes each block of data separately using the cryptographic
key to transform the plaintext into the ciphertext.

Block ciphers function on complex mathematical computation and permutation to


ensure that the data encrypted is safe.

The strength of the cipher depends upon the key length. However, any size of the block is
acceptable. The following aspects can be kept in mind while selecting the size of a block:

o Avoid very small block sizes


o Do not have very large block sizes
o Multiples of 8-bit.

How it Works:

1. Keystream Generation: A stream cipher generates a pseudorandom keystream


based on the secret key. This keystream is typically the same length as the plaintext.

2. Encryption: The plaintext is combined with the keystream using a bitwise operation
(usually XOR). For example, if the plaintext is P and the keystream is K, the
ciphertext C is produced as: [ C = P \oplus K ]

3. Decryption: The same keystream is used to decrypt the ciphertext: [ P = C \oplus K ]

Advantages:

 Speed: Stream ciphers are generally faster than block ciphers, especially for small
amounts of data.

 Memory E iciency: They can be more memory-e icient since they do not require
the entire block of data to be processed at once.

Disadvantages:

 Error Propagation: An error in the ciphertext a ects only the corresponding bit in
the plaintext.

 Security Concerns: If the same keystream is used for multiple messages (key
reuse), it can lead to vulnerabilities.
The Fiestel cipher is a structure used in the design of symmetric key block ciphers. The
Fiestel structure is characterized by its use of a series of rounds, where each round
consists of a series of operations that transform the input data.

Structure of the Fiestel Cipher

1. Block Size: The plaintext is divided into two halves, typically referred to as the left
half (L) and the right half (R). Each half is usually of equal size.

2. Key: A key schedule is used to derive subkeys from the main key. These subkeys are
used in each round of the cipher.

3. Rounds: The Fiestel cipher operates through multiple rounds (often 16 or more).
Each round consists of the following steps:
 Round Function (F): A function that takes the right half (R) and a subkey as
input and produces an output. This function typically includes non-linear
operations, such as substitutions and permutations, to provide confusion
and di usion.

 XOR Operation: The output of the round function is XORed with the left half
(L).

 Swapping: After the XOR operation, the left and right halves are swapped for
the next round.

4. Final Round: After the last round, the final left and right halves are combined to
produce the ciphertext.

 Data Encryption Standard


 Avalanche E ect

It refers to the phenomenon where a small change in the input (such as flipping a single bit)
results in a significant and unpredictable change in the output (ciphertext).

Ideally, changing one bit of the plaintext or the key should change approximately half of the
bits in the ciphertext.

Security: The avalanche e ect enhances security by making it di icult for an attacker to
predict how changes in the plaintext or key will a ect the ciphertext.

 Strength of DES

The strength of DES can be evaluated based on several factors :

1. Key Length: DES uses a 56-bit key, In practice, DES is vulnerable to brute-force
attacks, where an attacker tries all possible keys until the correct one is found.

2. Block Size: DES operates on 64-bit blocks of data.

3. Structure: DES employs a Feistel structure, which allows for the same algorithm to
be used for both encryption and decryption. While this structure provides some
security benefits, the overall strength of DES is limited by its key length and block
size.

4. Resistance to Attacks: DES has been subjected to various cryptanalysis


techniques, including:

 Linear Cryptanalysis: A method that exploits linear approximations to


describe the behavior of the cipher.

 Di erential Cryptanalysis: A technique that analyzes how di erences in


input can a ect the resultant di erence at the output.

 AES and DES di erence :

1. Key Length

 DES: Uses a fixed key length of 56 bits. Although it can be extended to 112 or 168
bits through a method called Triple DES (3DES), the original DES is limited to 56 bits.

 AES: Supports multiple key lengths: 128 bits, 192 bits, and 256 bits. This flexibility
allows AES to provide a higher level of security.

2. Block Size
 DES: Operates on 64-bit blocks of data. This relatively small block size makes it
more susceptible to certain types of attacks, such as birthday attacks.

 AES: Operates on 128-bit blocks of data. The larger block size enhances security
and e iciency, especially for modern applications.

3. Algorithm Structure

 DES: Utilizes a Feistel structure, which divides the data block into two halves
and processes them through multiple rounds (16 rounds). The same algorithm is
used for both encryption and decryption, with the order of the subkeys reversed
during decryption.

 AES: Uses a substitution-permutation network (SPN) structure. It consists of


multiple rounds (10, 12, or 14 rounds, depending on the key length) that involve
substitution (using S-boxes), permutation (shifting rows and mixing columns),
and key addition.

4. Number of Rounds

 DES: Performs 16 rounds of processing.

 AES: The number of rounds depends on the key length:

 10 rounds for 128-bit keys

 12 rounds for 192-bit keys

 14 rounds for 256-bit keys

5. Security

 DES: Considered insecure for most applications today due to its short key length. It
is vulnerable to brute-force attacks, and in 1998, DES was successfully broken
in a matter of days using distributed computing.

 AES: Considered highly secure and is widely used in various applications, including
government and financial systems. As of now, no practical attacks have been found
against AES that can break it in a reasonable time frame.

6. Performance

 DES: Generally slower than AES due to its structure and the number of rounds.
The 64-bit block size can also lead to ine iciencies in processing larger data sets.

 AES: Typically faster than DES, especially in software implementations.


 Block Cipher Modes of Operation

Block ciphers, such as AES and DES, encrypt data in fixed-size blocks (e.g., 128 bits for
AES). However, many applications require the encryption of data that is larger than the
block size or that is not a multiple of the block size. To address this, various modes of
operation have been developed.

1. Electronic Codebook (ECB)

 Description: The simplest mode of operation. Each block of plaintext is encrypted


independently using the same key.

 Advantages:

 Simple to implement.

 Parallelizable (blocks can be encrypted simultaneously).

 Disadvantages:

 Identical plaintext blocks produce identical ciphertext blocks, which can


reveal patterns in the data.

 Not secure for most applications due to the lack of di usion.

2. Cipher Block Chaining (CBC)


 Description: Each block of plaintext is XORed with the previous ciphertext block
before being encrypted. An initialization vector (IV) is used for the first block to
ensure that identical plaintexts produce di erent ciphertexts.

 Advantages:

 Provides better security than ECB by ensuring that identical plaintext blocks
will encrypt to di erent ciphertexts.

 Patterns in the plaintext are less visible.

 Disadvantages:

 Not parallelizable (each block depends on the previous one).

 Requires an IV, which must be unique and random for each encryption
session.

3. Cipher Feedback (CFB)


 Description: A mode that turns a block cipher into a self-synchronizing stream
cipher. The previous ciphertext block is encrypted and then XORed with the
current plaintext block to produce the ciphertext.

 Advantages:

 Can encrypt data of arbitrary length (not limited to block size).

 Allows for partial block encryption.

 Disadvantages:

 Not parallelizable.

 Error propagation: an error in one block a ects the decryption of subsequent


blocks.
4. Output Feedback (OFB)

 Description: Similar to CFB, but instead of using the previous ciphertext block, it
uses the output of the encryption of the previous block (the keystream) to XOR
with the plaintext.

 Advantages:

 Can encrypt data of arbitrary length.

 Errors do not propagate; an error in one block does not a ect others.

 Can be parallelized.

 Disadvantages:

 Requires an IV.

 If the same key and IV are used, it can lead to vulnerabilities.


5. Counter (CTR)

 Description: Converts a block cipher into a stream cipher. A counter value is


encrypted, and the resulting ciphertext is XORed with the plaintext. The counter is
incremented for each block.

 Advantages:

 Highly parallelizable, as each block can be processed independently.

 Can encrypt data of arbitrary length.

 E icient for high-speed applications.


 Disadvantages:

 Requires a unique counter for each encryption session to avoid


vulnerabilities.

 If the same key and counter are reused, it can lead to security issues.

 Confusion :
 refers to making the relationship between the plaintext (the original message) and
the ciphertext (the encrypted message) as complex and intricate as possible.
 so that even if an attacker knows the ciphertext, they cannot easily deduce the key
or the plaintext.

Key Characteristics of Confusion:

 Complexity: The encryption process should be complex enough that small changes
in the key result in significant changes in the ciphertext.

 Non-linearity: Confusion is often achieved through non-linear transformations,


such as substitution operations (e.g., S-boxes in block ciphers like AES).

Di usion

The goal of di usion is to ensure that changes in the plaintext (or the key) a ect many bits
of the ciphertext, making it di icult for an attacker to infer any information about the
plaintext from the ciphertext.

Key Characteristics of Di usion:

 Bit Mixing: The encryption process should mix the bits of the plaintext thoroughly so
that each bit of the ciphertext is influenced by multiple bits of the plaintext.

 Avalanche e ect : A change in a single bit of the plaintext should ideally change
about half of the bits in the ciphertext. This property helps to obscure patterns in the
plaintext.

 Permutation: Di usion is often achieved through permutation operations, such as


bit-shifting and mixing, which rearrange the bits of the data.

You might also like