Symmetric Key Algorithms

[Symmetric Key Algorithm - Introduction, Algorithm types & Modes, Overview of Symmetric Key Cryptography, DES(Data Encryption Standard) Algorithm,
IDEA(International Data Encryption Algorithm) algorithm, RC5(Rivest Cipher 5)algorithm.[8]]]

CLASSIFICATION OF CRYPTOGRAPHY
The encryption algorithms are classified into two broad categories: Symmetric Key and Asymmetric Key encryption as shown in Fig. 2.

Conventional Encryption Principles

A Conventional/Symmetric encryption scheme has five ingredients:

1. Plain Text: This is the original message or data which is fed into the algorithm as input.
2. Encryption Algorithm: This encryption algorithm performs various substitutions andtransformations on the plain text.
3. Secret Key: The key is another input to the algor thm. The substitutions and transformationsperformed by algorithm depend on the key.
4. Cipher Text: This is the scrambled (unreadable) message which is output of the encryptionalgorithm. This cipher text is dependent on plaintext and secret
key. For a given plaintext, twodifferent keys produce two different cipher texts.
5. Decryption Algorithm: This is the reverse of encryption algorithm. It takes the cipher text andsecret key as inputs and outputs the plain text

The important point is that the security of conventional encrypt on depends on the secrecy of thekey, not the secrecy of the algorithm i.e. it is not necessary to
keep the algorithm secret, but onlythe key is to be kept secret. This feature that algorithm need not be kept secret made it feasible for wide spread use and
enabled manufacturers develop low cost chip implementation of dataencryption algorithms. With the use of conventional algorithm, the principal security
problem ismaintaining the secrecy of the key.

Feistel Cipher Structure

The input to the encryption algorithm are a plaintext block of length 2w bits and a keyK. the plaintext block is divided into two halves L0 and R0.
The two halves of the data passthrough „n‟ rounds of processing and then combine to produce the cipher text block. Each
round „i‟ has inputs Li-1 and Ri-1, derived from the previous round, as well as the subkey Ki,derived from the overall key K. in general, the
subkeys Ki are different from K and from eachother.All rounds have the same structure. A substitution is performed on the left half of the data
(as similar to S-DES). This is done by applying a round function F to the right halfof the data and then taking the XOR of the output of that function and
the left half of the data.
The round function has the same general structure for each round but is parameterized by the
round subkey ki. Following this substitution, a permutation is performed that consists of the
interchange of the two halves of the data. This structure is a particular form of the
substitution-permutation network. The exact realization of a Feistel network depends on the
choice of the following parameters and design features:
Block size - Increasing size improves security, but slows cipher
Key size - Increasing size improves security, makes exhaustive key searching
harder, but may slow cipher
Number of rounds - Increasing number improves security, but slows cipher
Subkey generation - Greater complexity can make analysis harder, but slows
cipher
Round function - Greater complexity can make analysis harder, but slows cipher
Fast software en/decryption & ease of analysis - re more recent concerns for
practical use and testing
The process of decryption is essentially the same as the encryption process. The rule is as
follows: use the cipher text as input to the algorithm, but use the subkey k i in reverse order.
i.e., kn in the first round, kn-1 in second round and so on. For clarity, we use the notation LEi
and REi for data traveling through the decryption algorithm. The diagram below indicates
that, at each round, the intermediate value of the decryption process is same (equal) to the
corresponding value of the encryption process with two halves of the value swapped.
, REi || LEi (or) equivalently RD16-i || LD16-i
After the last iteration of the encryption process, the two halves of the output are swapped, so
that the cipher text is RE16 || LE16. The output of that round is the cipher text. Now take the
cipher text and use it as input to the same algorithm. The input to the first round is RE 16 ||
LE16, which is equal to the 32-bit swap of the output of the sixteenth round of the encryption
process. Now we will see how the output of the first round of the decryption process is equal
to a 32-bit swap of the input to the sixteenth round of the encryption process.
First consider the encryption process,
LE16 = RE15
RE16 = LE15(+) F (RE15, K16)
On the decryption side, LD1 =RD0 = LE16 =RE15
RD1 = LD0 (+) F (RD0, K16)
= RE16 F (RE15, K16)
= [LE15 F (RE15, K16)] F (RE15, K16)
= LE15
Therefore, LD1 = RE15 RD1 = LE15 In general, for the ith iteration of the encryption
algorithm, LEi = REi-1 REi = LEi-1 F (REi-1, Ki)
Finally, the output of the last round of the decryption process is RE0 || LE0. A 32-bit swap
recovers the original plaintext.
Symmetric key cryptography or private key cryptography,

Symmetric key cryptography or private key cryptography, in layman language can be understood as the technique which uses a single key for the encryption as
well as the decryption of data. Technically, it is a technique which converts plaintext into cipher text and vice verse using the same key. The symmetric key
cryptography system involves the following. [2]
Plaintext: original information that is fed as input to the algorithm.
Encryption algorithm: algorithm which performs various permutations and substitutions on the plaintext
Secret key: also an input to the encryption algorithm, changing the key results in the generation of different output.
Cipher text: statement in which the actual information is hidden.
Decryption algorithm: reverse of the encryption algorithm; produces the original information.
Symmetric key cryptographic algorithms process
Some widely used Symmetric key cryptographic algorithms are given below:
i. DES (Data Encryption Standard)
ii. Triple Data Encryption Algorithm (TDEA or Triple DEA)
iii. AES (Advanced Encryption Standard).
iv. BLOWFISH

i. DES (Data Encryption Standard)

Data Encryption Standard (DES) is a cryptographic standard that was proposed as the algorithm for the secure and secret items in 1970 and was adopted as an
American federal standard by National Bureau of Standards (NBS) in 1973. DES is a block cipher, which means that during the encryption process, the
plaintext is broken into fixed length blocks and each block is encrypted at the same time. Basically it takes a 64 bit input plain text and a key of 64-bits (only 56
bits are used for conversion purpose and rest bits are used for parity checking) and produces a 64 bit cipher text by encrypt ion and which can be decrypted
again to get the message using the same key.[5]

ii. 3-DES(Triple–Data Encryption Standard)

As an improvement on Data Encryption Standard (DES), in the late 1970's IBM developed the Triple Data Encryption Standard (3DES). The Triple Data
Encryption Algorithm (3DES) is simply the DES used three times in succession. It is this successive use which makes 3DES much harder to crack than DES.
3DES solves the problem of the too-short 56 bit key length used in DES by utilizing a key length of 168 bits (three separate 64 bit keys are used to process the
same bit of unencrypted text). 3DES is still being widely used in financial transactions today and is seen as being fairly secure.[4]

iii. AES (Advanced Encryption Standard):

AES is a symmetric block cipher that can Block size 128 bit, three different Cipher keys 128, 192 and 256 bits. Basically, AES is based on a design principle
encryption algorithmsknown as – transposition, substitution, and transposition-substitution technique. Most AES calculation are uses a round function in special
finite field that is compared of four different byte-oriented transformation such as Sub byte, Shift row, Mix column , Add round key. Number of rounds to be
used depend on the length of key e.g. 10 round for 128 bit key, 12 rounds for 192-bit key and 14 rounds for 256 bit keys. At present the most common key size
likely to be used is the 128 bit key. Rijndael was selected as the AES in Oct-200 designed to have the following characteristics:[1] • Resistance to protect from
all known attacks. • Speed and code compactness depends on a wide range of platforms. • Design simpler.

1) Substitution bytes – In this step, each byte (ai,j) of matrix is replaced with a sub byte (si,j), that is Rijindeal S-Box. At the decryption end, the sub bytes are
inversed to reach the original state. 2) Shift Rows - The shift rows operation, shift each rows with a certain constraint. That is first row of matrix is left same, the
second, third and forth rows are shifted to one place left. 3) Mix Columns – In this step, the each column is multiplied with a fixed polynomial and the new
value of the columns is placed. 4) Add Round Key – This sub key is derived from the main key and the sub key is added into this step by applying XOR to the
matrix.
iv. Blowfish:

Blowfish is a symmetric block cipher that can be effectively Blowfish was designed in 1993 by Bruce Schneider as a fast alternative to existing encryption
algorithms .Blowfish is a symmetric key block cipher that uses a 64 bit block size and variable key length. It takes a variable-length key from 32 bits to 448
bits. Blowfish has variants of 14 rounds or less. Blowfish is one of the fastest block ciphers which has developed to date. Slowness kept Blowfish from being
used in some applications. Blowfish was created to allow a nyone to use encryption free of patents and copyrights. Blowfish has remained in the public domain
to this day. No attack is known to be successful against it, though it suffers from weak keys problem (Bruce, 1996) .[6]

3.1 Symmetric key algorithm types

3.2 Overview of Symmetric key cryptography
3.3 Data encryption standards
3.4 Over view of Asymmetric key cryptography
3.5 The RSA algorithm
3.6 Symmetric & Asymmetric key cryptography
3.7 Digital signature

3.1 SYMMETRIC KEY ALGORITHM TYPES

There are two aspects of algorithms: algorithm types and algorithms modes.
Algorithm Types:-An algorithms type defines what size of plain text should be encrypted in each step of algorithm. Algorithms types are two types.

Algorithm Types
Stream Cipher Block Cipher
Stream Cipher-In stream cipher the plain text is encrypted one byte at a time and the decryption happens one byte at a time.
Block Cipher-In block cipher the plain text is encrypted one block of text at a time and decryption also takes one block at a time.
Algorithms Modes:- The algorithm modes defines the details of the cryptography algorithm, once the type is decided. An algorithm mode is combination of a
series of the basic algorithm steps on the block cipher and some kind of feedback from the previous steps. There are 4 types of algorithm modes.
Electronic Code Book- ECB is the simplest mode of operation; the incoming plain text message is divided into blocks of 64 bits each. Each such block is then
encrypted independently of the other blocks. For all blocks in a message, the same key is used for encryption.
Cipher Block Chaining- CBC mode ensures that even if a block of plain text repeats in the input, these two identical plain text yields totally different cipher
text blocks in the output. For this a feedback mechanism is used.
Cipher Feedback- CFB mode encrypts data in units that‟s expectations, working style s smaller e.g. they could be of size 8 bits than a defined block size.
Output Feedback- OFB mode is extremely similar to the CFB. The only difference is that is the case of CFB, the cipher text is fed into the next stage of
encryption process. But in the case of OFB, the output of the Initial Vector (IV) encryption process is fed into the next stage of encryption process.

3.2 OVERVIEW OF SYMMETRIC KEY CRYPTOGRAPHY

An encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. Contrast this
with public key cryptology, which utilizes two keys - a public key to encrypt messages and a private key to decrypt them.
Symmetric-key systems are simpler and faster, but their main drawback is that the two parties must somehow exchange the key in a secure way. Public-key
encryption avoids this problem because the public key can be distributed in a non-secure way, and the private key is never transmitted. Symmetric-key
cryptography is sometimes called secret key cryptography.
Fig 3.1 Symmetric Key cryptography

3.3 DATA ENCRYPTION STANDARDS

The data encryption standard (DES) is a common standard for data encryption and a form of secret key cryptography (SKC), which uses only one key for
encryption and decryption. 1972, the National Bureau of Standards (NBS) approached the Institute for Computer Sciences and Technology (ICST) to devise an
encryption algorithm to secure stored and transmitted data. The algorithm would be publicly available, but its key would be top secret.
The National Security Agency (NSA) assisted with the cryptographic algorithm evaluation processes, and in 1973, submission invitations were posted in the
Federal Register. However, the submissions were unacceptable. In 1974, a second invitation was posted, which resulted in a submission from IBM. In 1975,
technical specifications were published for comments in the Federal Register, and analysis and review commenced. In 1977,NBS issued the algorithm, i.e.,
DES.

DES WORKING PRINCIPLE

DES is a block cipher. It encrypts data in block of size 64 bits. That is64 bits of plain text goes as the input to DES, which produce 64 bits of cipher text. The
same algorithm and

Key are used for encryption and decryption.

Actually the initial key consists of 64 bits. However before DES process even starts every eight bit of the key is discarded to produce 56 key.The bit position
8,16,24,32,56,64 are discarded.
DES is based on the two fundamental attributes Substitution (also called as confusion) And transposition (also called as Diffusion).
Steps of DES
1. The 64-bit plain text block is handed over to an initial Permutation (IP) function.
2. The Initial Permutation produces 2 halves of permuted block .let Left Plain Text(LPT) and Right Plain Text(RPT).
3. Each LPT and RPT go through 16 rounds of encryption process.
4. In the end LPT and RPT are rejoined and Final Permutation (FP) is performed on the combined block.
5. The result of the process 64 bit cipher text.
Fig 3.2 Steps to DES
Initial Permutation
The 64 bits of the input block to be enciphered are first subjected to the followingpermutation, called the initial permutation IP:
IP
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
Table 3.1 Initial Permutation
That is the permuted input has bit 58 of the input as its first bit, bit 50 as its second bit,and so on with bit 7 as its last bit.The computation which uses the
permuted input block as its input to produce the preoutput block consists, but for a final interchange of blocks,of 16 iterations of a calculation that is described
below in terms of the cipher function for which operates on two blocks, one of 32 bits and one of 48 bits, and produces a block of 32 bits.
Let the 64 bits of the input block to an iteration consist of a 32 bit block LPT followed by a 32 bit block RPT. Using the notation defined in the introduction,
the input block is then LR.
Rounds
Each of the 16 rounds in turn , consists of the following steps
Key Transformation
Expansion Permutation
S-Box Substitution
P-Box Permutation
XOR and Swap

Key Transformation
Let K be a block of 48 bits chosen from the 56-bit key. A different 48 bit sub key is generated during each round using a process called as Key transformation.
For this the 56-bit key is divided into 2 halves each of 28 bits. These halves are circularly shifted leftby one or two positions, depending on the round. For
example, if the round number is 1,2, 9 or 16, the shift is done by only positions. For other rounds, the circular shift is done by two positions.
Expansion Permutation
We had two 32 bit plain text called LPT and RPT. During expansion permutation the RPT is expanded from 32 bits to 48 bits. This happens as follows
The 32-bit RPT is divided into 8 blocks, having 4 bits in each block.Each 4 bit blocks of the previous step is then expanded to a corresponding 6 blocks, 2
more bits are added they are actually the repeated first and fourth of the 4 bit block.The Key transformation processes compress the 56 bit key to 48 bits. Then
the Expansion permutation process expands the 32 bit RPT to 48 bit. Now the 48 bit key and 48 bit RPT is XORed and the resulting is given to the S-box
Substitution.
S-Box Substitution
It is the process that accepts 48-bit input from the XOR operations and produces a 32 bit output using substitution technique. The Substitution is performed by 8
substitution boxes called as S-boxes. Each of 8 boxes has a 6 –bit input and 4 bit output.

Fig 3.3 S-Box substitution

P-Box Permutation
The output of S-box consists of 32 bits. these 32 bits are permuted using a P-box.
XOR and Swap
The 32 bit RPT and 32 bit LPT is XORed and swap means the LPT becomes and RPT
and vice versa.
Final Purmutation
At the end of the 16 rounds the final permutation is performed (only once).
The nature of DES algorithm: of more concern is that cryptanalysis is possible by exploiting the characteristics of DES. The focus is the eight S-boxes used in
each iteration. The design criteria for the complete algorithm has never been published and there has been speculation that the boxes were constructed in such a
way that cryptanalysis is possible by an opponent who knows the weakness in the S-boxes.

Although this has not been established, the US government s “‟s expectations, working style clipper project” raisesmany question. These are the main reasons
DES is now being replaced by the AES standard .Using a brute-force attack by simply searching for a key is possible. However, for 56-bit key, there are 256
possible key combinations, if we could search one key in 1 μs, then we need 2283 years to try all keys. (Distributed.net broke a DES-56 within 22 hours and 15

minutes, by using 100,000 PCs).

DES decryption
The decryption process with DES is essentially the same as the encryption process andis as follows:Use the cipher text as the input to the DES algorithm but
use the keys K in reverse order.
That is, use K16 on the first iteration, K15 on the second until K1Which is used on the 16th and last iteration
Variation of DES
In spite of its strength it is felt that with the tremendous advance in computer hard ware,DES is susceptible to possible attack. However because DES is already
proven to be a very competent algorithm, it would be nice to reuse DES by making it stronger by some means, rather than writing a new cryptography
algorithm. Two main variation of DES are

Double DES and Triple DES.

Double DES
Double DES is quite simple ,it does twice what DES normally does only once. Double
DES uses two keys K1 and K2. The final output is encryption of encrypted text.

Fig 3.4 Double DES decryption

Triple DES
Triple DES means DES three times.It comes in 2 flavour : one that uses 3 keys and second that uses 2 keys.

Triple DES with 3 keys – the plain text encrypted with K1 , then encrypted with K2,and finally with K3.where K1 ,K2, K3 are all different from each other.

Triple DES with 2 keys – the plain text encrypted with K1 , then encrypted with K2,and finally with K1.where K1 ,K2, are used.