UNIT-2

SYMMETRIC KEY CIPHERS

BLOCK CIPHER PRICNIPLLES

Stream Ciphers and Block Ciphers

A stream cipher is one that encrypts a digital data stream one bit or one byte at
a time.

Examples of classical stream ciphers are the autokeyed Vigenère cipher and the
Vernam cipher.

In the ideal case, a one-time pad version of the Vernam cipher wouldbe used, in
which the keystream (Ki) is as long as the plaintext bit stream (Pi). If the
cryptographic keystream is random, then this cipher is unbreakable by anymeans
other than acquiring the keystream.

The bit-stream generator is akey-controlled algorithm and must produce a bit

stream that is cryptographicallystrong.

A block cipher is one in which a block of plaintext is treated as a whole andused

to produce a ciphertext block of equal length. Typically, a block size of 64 or128
bits is used. As with a stream cipher, the two users share a symmetric
encryptionkey.

44
Motivation for the Feistel Cipher Structure

A block cipher operates on a plaintext block of n bits to produce a

ciphertextblock of n bits. There are 2npossible different plaintext blocks and,
forthe encryption to be reversible (i.e., for decryption to be possible), each
mustproduce a unique ciphertext block.

The logic of a general substitution cipher for A 4-bit input produces one of 16
possible input states, which is mapped by thesubstitution cipher into a unique one
of 16 possible output states, each of which isrepresented by 4 ciphertext bits.

45
46
Block Cipher Principles

A block cipher is designed by considering its three critical aspects which are
listed as below:

1. Number of Rounds
2. Design of Function F
3. Key Schedule Algorithm

1. Number of Rounds

The number of rounds judges the strength of the block cipher algorithm. It is
considered that more is the number of rounds, difficult is for cryptanalysis to
break the algorithm.

It is considered that even if the function F is relatively weak, the number of

rounds would make the algorithm tough to break.

2. Design of Function F

The function F of the block cipher must be designed such that it must be
impossible for any cryptanalysis to unscramble the substitution. The criterion
that strengthens the function F is it non-linearity.

More the function F is nonlinear, more it would be difficult to crack it. Well, while
designing the function F it should be confirmed that it has a good avalanche
property which states that a change in one-bit of input must reflect the change
in many bits of output.

The Function F should be designed such that it possesses a bit independence

criterion which states that the output bits must change independently if there is
any change in the input bit.

3. Key Schedule Algorithm

It is suggested that the key schedule should confirm the strict avalanche effect
and bit independence criterion.

DATA ENCRYPTION STANDARD

The Data Encryption Standard (DES) is a symmetric-key block cipher published

by the National Institute of Standards and Technology (NIST).

DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure.

The block size is 64-bit. Though, key length is 64-bit, DES has an effective key

47
length of 56 bits, since 8 of the 64 bits of the key are not used by the encryption
algorithm (function as check bits only). General Structure of DES is depicted in
the following illustration –

Since DES is based on the Feistel Cipher, all that is required to specify DES is −

➢ Round function
➢ Key schedule
➢ Any additional processing − Initial and final permutation
Initial and Final Permutation

The initial and final permutations are straight Permutation boxes (P-boxes) that
are inverses of each other. They have no cryptography significance in DES. The
initial and final permutations are shown as follows −

48
Round Function

The heart of this cipher is the DES function, f. The DES function applies a 48-
bit key to the rightmost 32 bits to produce a 32-bit output.

Expansion Permutation Box −Since right input is 32-bit and round key is a 48-
bit, we first need to expand right input to 48 bits. Permutation logic is graphically
depicted in the following illustration

49
The graphically depicted permutation logic is generally described as table in DES
specification illustrated as shown

• XOR (Whitener). − After the expansion permutation, DES does XOR

operation on the expanded right section and the round key. The round key
is used only in this operation.
• Substitution Boxes. − The S-boxes carry out the real mixing (confusion).
DES uses 8 S-boxes, each with a 6-bit input and a 4-bit output. Refer the
following illustration −

50
The S-box rule is illustrated below

There are a total of eight S-box tables. The output of all eight s-boxes is
then combined in to 32 bit section.

Straight Permutation − The 32 bit output of S-boxes is then subjected to

the straight permutation with rule shown in the following illustration:

Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.
The process of key generation is depicted in the following illustration

51
ADVANCED ENCRYPTION STANDARD

The Advanced Encryption Standard (AES) was published by the National

Institute ofStandards and Technology (NIST) in 2001. AES is a symmetric block
cipher that isintended to replace DES as the approved standard for a wide range
of applications.

AES is a block cipher intended to replace DES for commercial applications. It

uses a 128-bit block size and a key size of 128, 192, or 256 bits.

AES does not use a Feistel structure. Instead, each full round consists offour
separate functions: byte substitution, permutation, arithmetic operations over a
finite field, and XOR with a key.

General Structure

Figure shows the overall structure of the AES encryption process. The cipher
takes a plaintext block size of 128 bits, or 16 bytes. The key length can be 16,
24, or 32bytes (128, 192, or 256 bits). The algorithm is referred to as AES-128,
AES-192, orAES-256, depending on the key length.

52
Advanced Encryption Standard is found at least six time faster than triple DES.
A replacement for DES was needed as its key size was too small. With increasing
computing power, it was considered vulnerable against exhaustive key search
attack. Triple DES was designed to overcome this drawback but it was found slow.

The features of AES are as follows −

• Symmetric key symmetric block cipher

• 128-bit data, 128/192/256-bit keys
• Stronger and faster than Triple-DES
• Provide full specification and design details
• Software implementable in C and Java

Operation of AES

53
AES is an iterative rather than Feistel cipher. It is based on ‘substitution–
permutation network’. It comprises of a series of linked operations, some of which
involve replacing inputs by specific outputs (substitutions) and others involve
shuffling bits around (permutations).

Interestingly, AES performs all its computations on bytes rather than bits.
Hence, AES treats the 128 bits of a plaintext block as 16 bytes. These 16 bytes
are arranged in four columns and four rows for processing as a matrix −

Unlike DES, the number of rounds in AES is variable and depends on the length
of the key. AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and
14 rounds for 256-bit keys. Each of these rounds uses a different 128-bit round
key, which is calculated from the original AES key.

The schematic of AES structure is given in the following illustration

Encryption Process

Here, we restrict to description of a typical round of AES encryption. Each round

comprise of four sub-processes. The first round process is depicted below −

54
Byte Substitution (SubBytes)

The 16 input bytes are substituted by looking up a fixed table (S-box) given in
design. The result is in a matrix of four rows and four columns.

Shiftrows

Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall
off’ are re-inserted on the right side of row. Shift is carried out as follows −

• First row is not shifted.

• Second row is shifted one (byte) position to the left.
• Third row is shifted two positions to the left.
• Fourth row is shifted three positions to the left.
• The result is a new matrix consisting of the same 16 bytes but shifted with
respect to each other.

[ b0 | b1 | b2 | b3 ] [ b0 | b1 | b2 | b3 ]
| b4 | b5 | b6 | b7 | -> | b5 | b6 | b7 | b4 |
| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |
[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 | b14 ]
MixColumns

Each column of four bytes is now transformed using a special mathematical

function. This function takes as input the four bytes of one column and outputs
four completely new bytes, which replace the original column. The result is
another new matrix consisting of 16 new bytes. It should be noted that this step
is not performed in the last round.

[ c0 ] [ 2 3 1 1 ] [ b0 ]
| c1 | = | 1 2 3 1 || b1 |
| c2 | | 1 1 2 3 || b2 |
[ c3 ] [ 3 1 1 2 ][ b3 ]

55
Addroundkey

The 16 bytes of the matrix are now considered as 128 bits and are XORed to the
128 bits of the round key. If this is the last round then the output is the
ciphertext. Otherwise, the resulting 128 bits are interpreted as 16 bytes and we
begin another similar round.

Decryption Process

The process of decryption of an AES ciphertext is similar to the encryption

process in the reverse order. Each round consists of the four processes
conducted in the reverse order −

• Add round key

• Mix columns
• Shift rows
• Byte substitution

Since sub-processes in each round are in reverse manner, unlike for a Feistel
Cipher, the encryption and decryption algorithms needs to be separately
implemented, although they are very closely related.

BLOWFISH ALGORITHM

Blowfish is an encryption technique designed by Bruce Schneier in 1993 as an

alternative to DES Encryption Technique. It is significantly faster than DES and
provides a good encryption rate with no effective cryptanalysis technique found
to date. It is one of the first, secure block cyphers not subject to any patents
and hence freely available for anyone to use.

1. blockSize: 64-bits
2. keySize: 32-bits to 448-bits variable size
3. number of subkeys: 18 [P-array]
4. number of rounds: 16
5. number of substitution boxes: 4 [each having 512 entries of 32-bits each]

Blowfish Encryption Algorithm

The entire encryption process can be elaborated as:

56
Lets see each step one by one:

Step1: Generation of subkeys:

• 18 subkeys{P[0]…P[17]} are needed in both encryption as well as decryption

process and the same subkeys are used for both the processes.
• These 18 subkeys are stored in a P-array with each array element being a
32-bit entry.
• It is initialized with the digits of pi(?).
• The hexadecimal representation of each of the subkeys is given by:

57
 Now each of the subkey is changed with respect to the input key as:

P[0] = P[0] xor 1st 32-bits of input key

P[1] = P[1] xor 2nd 32-bits of input key
.
.
.
P[i] = P[i] xor (i+1)th 32-bits of input key
(roll over to 1st 32-bits depending on the key length)
.
.
.
P[17] = P[17] xor 18th 32-bits of input key
(roll over to 1st 32-bits depending on key length)

The resultant P-array holds 18 subkeys that is used during the entire
encryption process

Step2: initialise Substitution Boxes:

• 4 Substitution boxes(S-boxes) are needed{S[0]…S[4]} in both encryption

aswell as decryption process with each S-box having 256
entries{S[i][0]…S[i][255], 0&lei&le4} where each entry is 32-bit.
• It is initialized with the digits of pi(?) after initializing the P-array.

Step3: Encryption:

• The encryption function consists of two parts:

a. Rounds: The encryption consists of 16 rounds with each round(Ri)

58
 taking inputs the plainText(P.T.) from previous round and corresponding
subkey(Pi). The description of each round is as follows:

The description of the function ” F ” is as follows:

Here the function “add” is addition modulo 2^32.

59
b. Post-processing: The output after the 16 rounds is processed as follows: