Information and Network Security

Ch 3: Block Ciphers and the Data

Encryption Standard
 Block vs Stream Ciphers
• A block cipher is one in which a block of
plaintext is treated as a whole and used to
produce a ciphertext block of equal length.
– a block size of 64 or 128 bits is used.
– Eg:DES,AES
• A stream cipher is one that encrypts a
digital data stream one bit or one byte at a
time.
– eg:Vigenère cipher and the Vernam cipher.

Dr. Benita Jaison, MCA Dept., St. Francis College.

block cipher

Dr. Benita Jaison, MCA Dept., St. Francis College.

Stream Ciphers

Dr. Benita Jaison, MCA Dept., St. Francis College.

Symmetric Block Cipher Algorithms
• DES (Data Encryption Standard)
• 3DES (Triple DES)
• AES (Advanced Encryption Standard)
• IDEA (International Data Encryption
Algorithm)
C = E(K, P) Encryption
P = D(K, C) Decryption

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Block Cipher Principles
• most symmetric block ciphers are based
on a Feistel Cipher Structure

• block ciphers look like an extremely large

substitution
 Feistel Cipher Structure
• Horst Feistel, working at IBM Thomas J
Watson Research Labs devised a suitable
invertible cipher structure in early 70's.
• Feistel’s invented an easily inverted structure
which is adapted in Shannon's S-P network.
 Feistel Cipher Structure
• Feistel Cipher partitions input block into
two halves which are processed through
multiple rounds which perform a
substitution on left data half, based on
round function of right half & subkey, and
then have permutation swapping
halves.
• Same h/w or s/w is used for both
encryption and decryption using keys in
reverse order.
 Feistel Cipher Structure
• Horst Feistel devised the feistel cipher
– based on concept of invertible product cipher
• partitions input block into two halves
– process through multiple rounds which
– perform a substitution on left data half
– based on round function of right half & subkey
– then have permutation swapping halves
• One layer of S-boxes and the following P-box are
used to form the round function.
Feistel Cipher Encryption & Decryption
Feistel Cipher Structure
 DES
• DES is the Data Encryption Standard.
• most widely used block cipher in world
• adopted in 1977 by NBS (now NIST)
– as FIPS PUB 46
• DES is based on the feistel cipher
structure.
• Plaintext of block size 64 bits is used.
• Key length is 56 bits.
• 16 rounds of encryption to produce the cipher
text.
Dr. Benita Jaison, MCA Dept., St. Francis College.
 DES Encryption steps
1. Encryption starts with an initial permutation of the 64
input bits.
2. These bits are then divided into two 32-bit halves
called L and R.
3. The encryption then proceeds through 16 rounds,
each using the existing L and R parts, and a subkey.
4. The R and subkeys are processed in a function f,
and the output of the f function are exclusive-or'ed
with the existing L part to create the new R part.
5. The left and Right half will be swapped.
6. In the final round, the L and R parts are swapped
once more before the final permutation producing
the output block.

Dr. Benita Jaison, MCA Dept., St. Francis College.

 DES Decryption
• Decryption is identical to encryption,
except that the subkeys are used in the
opposite order.
• Subkey 16 is used in round 1, subkey 15
is used in round 2, etc., ending with
subkey 1 being used in round 16.

Dr. Benita Jaison, MCA Dept., St. Francis College.

How DES works

Dr. Benita Jaison, MCA Dept., St. Francis College.

 DES-The f function
The f function mixes the bits of the R portion using
the subkey for the current round.
1. First the 32-bit R value is expanded to 48 bits
using a permutation E.
2. The 48 bit value is then exclusive-or'ed with the
subkey k.
3. The 48 bits are then divided into eight 6-bit
chunks, each of which is fed into a S-Box that
mixes the bits and produces a 4-bit output.
4. The 4-bit outputs from 8 S-Box are combined into
a 32-bit value, and permuted once again to
produce the f-function output.

Dr. Benita Jaison, MCA Dept., St. Francis College.

DES-The f function

Dr. Benita Jaison, MCA Dept., St. Francis College.

 DES-Subkey Generation
1. To generate the subkeys, start with the
56-bit key (64 bits with the parity bits).
2. These are permuted and divided into two
halves called C and D.
3. For each round, C and D are each shifted
left circularly one or two bits.
4. The 48-bit subkey is then selected from
the current C and D bits. (8bits removed
after permutation).

Dr. Benita Jaison, MCA Dept., St. Francis College.

DES-Subkey Generation
56 bits (8bits removed after
permutation)

24 x2 bits (8bits removed

after permutation )

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Feistel Cipher Design Elements
• How the choice of parameters and design features used in
Feistel structure:
– block size - increasing block size improves security, but
slows cipher
– key size - increasing key size improves security, makes
exhaustive key searching harder, but may slow cipher
– number of rounds - increasing rounds improves security,
but slows cipher
– subkey generation algorithm - greater complexity can make
analysis harder, but slows cipher
– round function - greater complexity can make analysis
harder, but slows cipher
– fast software en/decryption - more recent concern for
practical use
– ease of analysis - for easier validation & testing of
strength
Time to Break a DES Code (assuming
106 decryptions/s)

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Strength of DES
• Strength of DES depends on 2 categories:
– The weakness of the algorithm and the key length
• 56 bit key has 2 56 possible key or 7.2 X 10 26 keys which may
take 1000 years to break the cipher.
• Later “DES cracker” developed by EFF could break it in 3 days.
• Some knowledge of the plaintext is required. If it is compressed
before encryption then it will be difficult.
• If the only attack possible is brute force then use longer keys.
• Now as crackers perform million decryptions per micro sec DES
code can be broken in 10 hours.
• If a 128 bit key is used then EFF cracker will take 10 18 years to
break the code. A high speed cracker will take 1 million years to
break the code. So 128 bit is guaranteed to be given an
unbreakable algorithm by brute force.
Dr. Benita Jaison, MCA Dept., St. Francis College.
 Triple-DES
• Triple-DES with three keys is a popular
alternative to single-DES, but suffers from
being 3 times slower to run.
• The use of encryption & decryption stages
are equivalent, but the chosen structure
allows for compatibility with single-DES
implementations

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Triple-DES
• Three-key: key length = 56*3 = 168 bits
• Encryption Decryption encryption to get
the ciphertext.
• Decryption encryption Decryption to get
back the plaintext.

C = E(K3,D(K2,E(K1, P))) Encryption

P =D(K1,E(K2,D(K3, C))) Decryption

• Triple DES has been adopted by some

Internet applications, eg : PGP, S/MIME
Dr. Benita Jaison, MCA Dept., St. Francis College.
Triple DES

Dr. Benita Jaison, MCA Dept., St. Francis College.

 IDEA (International Data Encryption
Algorithm)
• IDEA, is patented by the Swiss firm called Ascom.
• IDEA is best known block cipher algorithm used
within the popular encryption program PGP.
• IDEA encrypts a 64-bit block of plaintext to 64-bit
block of ciphertext.
• The plaintext block in IDEA is divided into four quarters,
each 16 bits long.
• The key used for IDEA is of size 128-bit.
• IDEA uses 52 subkeys, each 16 bits long.
• It has nine rounds.
• IDEA uses a cross-footed round, rather than a Feistel
round, is the most striking distinguishing factor.
• IDEA, also use multiplication, addition, and XOR to
avoid the use of S-boxes.
Dr. Benita Jaison, MCA Dept., St. Francis College.
 IDEA (International Data Encryption Algorithm)
• 64 bit plaintext → 4 blocks X 16 bit
• 128 bit key →52 keys each of 16 bit
• 9 rounds
• Stored in a key array k[1],k[2],k[3],….k[52]
• 6 keys will used for the first 8 rounds and
last round use 4 keys.
– K[1],k[2],k[3],k[4],k[5],k[6]
– K[7],k[8],k[9],k[10],k[11],k[12]
– ………………………………..
– K[43],k[44],k[45],k[46],k[47],k[48]
– K[49],k[50],k[51],k[52] (9th round)
Dr. Benita Jaison, MCA Dept., St. Francis College.
 Description of IDEA
• Let the four quarters of the plaintext be called A, B, C, and D, and the 52
subkeys called K(1) through K(52).

• Before round , the following is done:

1. Multiply A by K(1). Add K(2) to B. Add K(3) to C. Multiply D by K(4).
2. Calculate A xor C (call it E) and B xor D (call it F).
3. Multiply E by K(5). Add the new value of E to F.
4. Multiply the new value of F by K(6). Add the result, which is also the new value
of F, to E.
5. Change both A and C by XORing the current value of F with each of them;
change both B and D by XORing the current value of E with each of them.
6. Swap B and C.

• Repeat all of the steps seven times, using K(7) through K(12) the second time,
up to K(43) through K(48) the eighth time. Note that the swap of B and C is not
performed after round 8.
• Then in the ninth round multiply A by K(49). Add K(50) to B. Add K(51) to C.
Multiply D by K(52).
Dr. Benita Jaison, MCA Dept., St. Francis College.
 Subkey generation
• The 128-bit key of IDEA is taken as the first eight
subkeys, K(1) through K(8).
• The next eight subkeys are obtained the same
way, after a 25-bit circular left shift, and this is
repeated until all encryption subkeys are derived.
• This method of subkey generation is regular, and
this may be a weakness.
• IDEA is considered to be highly secure, having
stood up to all forms of attack so far tried by the
academic community.
•

Dr. Benita Jaison, MCA Dept., St. Francis College.

IDEA (Diagram)

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Rijndael Algorithm
• 3DES had drawbacks
– Algorithm is sluggish in software
– Only uses 64-bit block size
• Plaintext block size can be 4 words(4x 32 bits)
• Key lengths can be either of 128, 192, and 256
bits.

Dr. Benita Jaison, MCA Dept., St. Francis College.

Difference between Rijndael and AES
• Rijndael is a block cipher with both a
variable block length and a variable key
length.
• The block and key lengths can be
independently fixed to any multiple of 32,
ranging from 128 to 256 bits.
• The AES fixes the block length to 128 bits,
and supports key lengths of 128 bits.

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Advanced Encryption Standard (AES)
• Plain text is of 128 bits and key used is of
128 bits.
• The plaintext and the key of 128 bits is
represented in a 4X4 byte matrix. The 4 ×
4 matrix of bytes is referred to as the state
array.

Dr. Benita Jaison, MCA Dept., St. Francis College.

Advanced Encryption Standard (AES)
• AES process the entire block of data as a
single matrix known as state array during
each round.
• The 128 bits key provided as input is
expanded into an array of 44 keys.(4 keys
for Add round key + 40 keys for 10 rounds)

Dr. Benita Jaison, MCA Dept., St. Francis College.

Advanced Encryption Standard (AES)

• There are altogether 10 rounds. AES begins with

an Add round key followed by 9 rounds of
subByte, ShiftRow, MixColumn and
AddRoundKey (4 stage) and the last round (3
stages).

Dr. Benita Jaison, MCA Dept., St. Francis College.

 Why GF(28 ) in AES?
• AES operates on bytes (8-bit values), so
GF(28 ) is ideal for efficient operations.
– The S-Box uses the multiplicative inverse in
GF(28 ).
– The MixColumns step relies on matrix
multiplication in GF(28 ).
• A Galois field is a finite field with pn elements
for a prime p.

Dr. Benita Jaison, MCA Dept., St. Francis College.

Dr. Benita Jaison, MCA Dept., St. Francis College.
Dr. Benita Jaison, MCA Dept., St. Francis College.
Dr. Benita Jaison, MCA Dept., St. Francis College.
Advanced Encryption Standard (AES)
• For encryption, each round consists of the
following four steps: 1) Substitute bytes, 2) Shift
rows, 3) Mix columns, and 4) Add round key.
• For decryption, each round consists of the
following four steps: 1)Inverse shift rows, 2)
Inverse substitute bytes, 3) Add round key and
4) Inverse mix columns.
• The last round for encryption does not involve
the “Mix columns” step and decryption does not
involve the “Inverse mix columns” step.

Dr. Benita Jaison, MCA Dept., St. Francis College.

Advanced Encryption Standard (AES)

Dr. Benita Jaison, MCA Dept., St. Francis College.

Advanced Encryption Standard (AES)
• 1)Addroundkey: A simple bitwise XOR of
the plaintext byte matrix with the
Addroundkey. The XOR ed result is given
as an input to the next round.

Dr. Benita Jaison, MCA Dept., St. Francis College.

Advanced Encryption Standard (AES)
2)Substitute bytes: In this stage a byte-by-byte
substitution of the XORed output is performed with
the corresponding values in the S-box. This makes
use of a substitution box (S-box) which is a 8-bit or
16 bit look-up table used for substitution mechanism.
Built using GF(2⁸) arithmetic. S-Box maps each byte
using multiplicative inverse + affine transformation.

Dr. Benita Jaison, MCA Dept., St. Francis College.

Dr. Benita Jaison, MCA Dept., St. Francis College.
Advanced Encryption Standard (AES)
3)Shift row: This stage makes a simple
permutation that is performed row by row .For the
first row of the resultant matrix no rotation is
performed. For the second a rotate over 1 cell(4
byte) is performed.For the third row a rotate over 2
cells (8 byte) is performed and for the fourth row a
rotate over 3 cells (12 bytes)byte is performed.

Dr. Benita Jaison, MCA Dept., St. Francis College.

Advanced Encryption Standard (AES)
• 4)Mix columns: A substitution that alters each byte
in a column as a function of all the bytes in the
column.

• During this operation, each column is multiplied by a

known matrix, Uses matrix multiplication in GF(2⁸).
• For the 128 bit key is the matrix used is

Dr. Benita Jaison, MCA Dept., St. Francis College.