DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

Mrs. MEENATCHI R M.E.,

Assistant Professor
Mobile: 7708806558
E-mail: [email protected]
Course Name:STORAGE AREA NETWORKS
Course Code: 17CS754

TIMINGS:
Monday :
Tuesday :
Wednesday :
Thursday :
Friday :

Online Class Link:

02/09/21 Mrs. MEENATCHI R 17CS754 1

Mrs. MEENATCHI R 17CS754 02/09/21 2
MODULE – 1 [TH -08]

Classical Encryption Techniques Symmetric Cipher Model, Cryptography,

Cryptanalysis and Brute-Force Attack, Substitution Techniques, Caesar
Cipher, Monoalphabetic Cipher, Play fair Cipher, Hill Cipher, Polyalphabetic
Cipher, One Time Pad. Block Ciphers and the data encryption standard:
Traditional block Cipher structure, stream Ciphers and block Ciphers,
Motivation for the feistel Cipher structure, the feistel Cipher, The data
encryption standard, DES encryption, DES decryption, A DES example, results,
the avalanche effect, the strength of DES, the use of 56-Bit Keys, the nature of
the DES algorithm, timing attacks, Block cipher design principles, number of
rounds, design of function F, key schedule algorithm
02/09/21 3
Mrs. MEENATCHI R 17CS754
 BLOCK CIPHER DESIGN PRINCIPLES

It is a data encryption method that takes in a block of plain text and generates a block of
ciphertext of roughly the same size. A ciphertext can be defined as an unreadable output
from an encryption algorithm. Also referred to as cipher, the ciphertext cannot be read
until it is converted back into plain text using a key.
How does a block cipher differ from any other cipher? As you can guess from the name,
in a block cipher, the process of encryption is executed on a block of plain text, not the
individual text bits.

02/09/21 Mrs. MEENATCHI R 17CS754 4

HOW DOES A BLOCK CIPHER WORK?
As stated above, a block cipher is a form of encryption where plain text is first divided
into multiple blocks, each with a fixed size. Essentially, each block has the same number
of data bits. At any given time, the encryption process operates on a single block of
plain text – and applies the encryption key to convert it into a block of ciphertext.

Each block is of the same size (for example, 64 bits). For instance, a 160-bit plain text is
encrypted into 2 blocks of 64-bits each, while the third block will have the remaining
balance of 32 bits. It will be padded with an additional 32 bits to maintain the same size
as other blocks.

02/09/21 Mrs. MEENATCHI R 17CS754 5

Similarly, the decryption process operates on a single ciphertext block to convert it back
into plain text. Among the most effective block cipher examples, the Data Encryption
Standard (or DES) published by the National Institute of Standards & Technology is a
block cipher with symmetric keys.

02/09/21 Mrs. MEENATCHI R 17CS754 6

How is the block cipher encryption/decryption process beneficial compared to other
methods?

Instead of working on a single data bit, the block ciphering process operates on the
entire block at a time – hence it is much faster than other forms of ciphering.
As each block’s size is the same, this process does not impact the overall strength of the
encryption. It remains the same for all blocks.
There is no possibility of having a smaller block size (that is easier to decrypt for
hackers using dictionary attacks) or larger block sizes (that lead to inefficient operation).

02/09/21 Mrs. MEENATCHI R 17CS754 7

WHAT ARE THE PRINCIPLES OF BLOCK CIPHER?
A block cipher is designed on the following three principles:
Number of Rounds
Function F Design
Key Schedule Algorithm
Let us take a close look at each of these three principles of a block cipher.
Number of Rounds
This block cipher design principle indicates the overall strength of the ciphering
algorithm. In short, the more the number of rounds, the greater is the strength of the
block cipher – making it more difficult to break into or decrypt the algorithm. In the
event of a weak Function F design, the number of rounds can determine how easy (or
difficult) it is to break into the algorithm.
02/09/21 Mrs. MEENATCHI R 17CS754 8
Simultaneously, a higher number of rounds can also make the encryption and decryption
process slow and inefficient. Hence in practice, this design principle is always a trade
between efficiency and security.

02/09/21 Mrs. MEENATCHI R 17CS754 9

Function F Design
Based on the Feistel structure, the entire encryption process consists of multiple rounds
of plain text processing – where the input block of each round is denoted by two halves
namely, L (for left half) and R (for right half).
Function F is essentially an encrypting function that takes in the encryption key “K” and
“R” as the inputs and produces the encrypted output. It is the block cipher design
principle that determines security. Function F should be designed in such a way that it
cannot be unscrambled or substituted. The higher the non-linearity of function F, the
more is its strength.
In other words, this function must be designed based on the bit independence criteria,
meaning the output bits must be independently changed whenever there is any change in
the input bits.
02/09/21 Mrs. MEENATCHI R 17CS754 10
Key Schedule Algorithm
The key schedule algorithm calculates the round keys. This algorithm differs according
to the block ciphering schemes or methods. For example, the key schedule algorithm in
the DES scheme divides the 56-bit key into two halves of 28-bit each. Similarly, the
Serpent algorithm uses the 256-bit key for generating 132 words with a length of 32
bits.

02/09/21 Mrs. MEENATCHI R 17CS754 11

WHICH ARE THE POPULAR EXAMPLES OF BLOCK CIPHER?
Many Block Cipher examples are operational in the domain of data encryption. Here are
some of the popular ones:
Digital Encryption Standard (DES)
Initially published by IBM in 1975, DES encrypts data in blocks of 64-bits each. This
means that 64 bits of plain text data go as input into DES that in turn produces 64 bits of
ciphertext. Its short key size of 56 bits makes it highly insecure for modern applications.

02/09/21 Mrs. MEENATCHI R 17CS754 12

Triple DES
Also known as 3DES or TDES, Triple DES is a symmetric key block cipher that applies
the DES algorithm to each data block three times. Each block size is 64-bits with key
sizes of 56, 112, or 168 bits. Published in 1995, Triple DES is now available in two
variants namely, 3-key Triple-DES (or 3TDES) and 2-key Triple-DES (or 2TDES).

02/09/21 Mrs. MEENATCHI R 17CS754 13

Advanced Encryption Standard (AES)
Originally named Rijndael, AES is primarily a specification released in 2001 by the
U.S-based National Institute of Standards and Technology. With block sizes of 128-bits,
AES has a range of key sizes ranging from 128, 192, and 256 bits. Among the most
popular encryption algorithms, AES has been tested to run at least six times faster than
Triple DES. Based on the Substitution-Permutation Network technology, AES
comprises a series of linked operations – that either involves replacing inputs with
specific outputs (or substitution) or shuffling bits (or permutations).

02/09/21 Mrs. MEENATCHI R 17CS754 14

International Data Encryption Algorithm (IDEA)
Initially proposed as a replacement for DES, IDEA is another symmetric key block
cipher used in data encryption. With individual block sizes of 64 bits, IDEA has a key
size of 128 bits. Although restricted, IDEA encryption is used in many applications,
including the PGP protocol. As a later addition, the Simplified IDEA is among the
widely accepted block cipher examples that operate on plain text with a fixed length of
16-bits and encrypts them into 4 equal blocks of 4-bits each.

02/09/21 Mrs. MEENATCHI R 17CS754 15

Twofish
Derived from the earlier Blowfish block cipher, Twofish has a block size of 128-bits
with key sizes of 128, 192, and 256-bits. Initially published in 1998, Twofish was
among the five chosen finalists for the AES contest. Suitably fast for both 8-bit and 32-
bit CPUs, Twofish is used for encryptions in applications with frequently changing
keys.
Serpent
Ranked second in the AES contest, Serpent is another block cipher with symmetric keys
that has a block size of 128-bits and key sizes varying from 128, 192, to 256-bits. Like
AES, Serpent is based on the Substitution-Permutation Network technology and
operates on a block of four words with 32-bits each.

02/09/21 Mrs. MEENATCHI R 17CS754 16

WHAT ARE THE DIFFERENT MODES OF OPERATION IN BLOCK CIPHER?
As defined by the NIST, there are different modes in which block cipher operates. These
modes of operations are useful in enhancing the block ciphering algorithm to
accommodate wider encryption applications. Each of these five modes of operation
generates different properties that can add to the ciphering technology’s overall security.
Let us discuss each of these five modes of operations in greater detail:
Electronic Code Book or ECB Mode
Among the easiest operation modes, the block cipher in this mode processes a series of
message blocks that are sequentially arranged.

02/09/21 Mrs. MEENATCHI R 17CS754 17

In simple terms, the algorithm takes in the first plain text block for encryption and
produces the first block of ciphertext before moving on to the next block. Each
processed block is 64-bits, and the output ciphertext is also divided into 64-bit blocks.
Additionally, every block is decrypted independently at a given time to obtain the
corresponding plain text block.
Being a deterministic mode of operation, ECB is not widely used in applications as it is
easy for any hacker to guess the partial information in application data. For example,
through the trial-and-error method, hackers can guess an employee’s salary range by
deciphering the ECB ciphertext.

02/09/21 Mrs. MEENATCHI R 17CS754 18

Cipher Block Chaining or CBC Mode
The CBC mode of operation overcomes the limitations of ECB by providing a non-
deterministic system. So, even if every plain text block is repeated, the CBC mode of
encryption does not produce the same output. This is achieved through chaining – which
produces a block of ciphertext based on the inputs provided by the current (and
previous) text block.
Through the CBC mode of operation, the current block of plain text is added to the
previous block – with the output encrypted using a key. Similarly, decryption occurs in
the reverse mode – meaning by decrypting the current ciphertext block and adding the
previous block of ciphertext.
CBC is widely used in applications that require both data authentication and symmetric
encryption.
02/09/21 Mrs. MEENATCHI R 17CS754 19
Cipher Feedback or CFB Mode
While the CBC mode of block ciphering encrypts a fixed number of plain text bits at
any given time, the CFB mode differs by encrypting some plain text values one at any
given time. In other words, the CFB mode can be used for implementing stream
ciphering in applications that require them.
Additionally, each ciphertext block is entered as an input to the next plain text block
during the encryption process. The CFB mode also differs from the ECB mode as each
ciphertext block encryption is dependent on the input plain text block, the encryption
key, and the previous ciphertext block.
CFB mode is commonly used in applications that are designed to work on smaller data
units in place of blocks.

02/09/21 Mrs. MEENATCHI R 17CS754 20

Output Feedback or OFB Mode
The OFB mode works similarly to that of the CFB mode of operation. The only
difference being this mode sends the encrypted output as the feedback in place of the
ciphertext. Every bit of the output block is sent back instead of selected bits.
The OFB mode helps in reducing errors during bit transmission and in decreasing
dependency of the output cipher on the plain text input.

02/09/21 Mrs. MEENATCHI R 17CS754 21

Counter or CTR Mode
The Counter or CTR mode is based on the CFB mode of operation – without the
feedback part. In place of the feedback, a counter (or sequence of numbers) is used as
the input into the encryption process along with the key. For each encrypted text block,
the counter value is incremented by 1.
In the CTR mode, every ciphertext block does not depend on the previous ciphertext
block. In other words, CTR mode can be used to convert a block cipher into a stream
cipher. Like the CFB or OFB mode, CTR offers advantages like zero propagation of
transmission errors.

02/09/21 Mrs. MEENATCHI R 17CS754 22

Mrs. MEENATCHI R 17CS754 02/09/21 23