Symmetric Encryption

Schemes: DES
Dr. Renu Mary Daniel
Assistant Professor
Department of CSE-Cyber Security
IIIT, Kottayam
 Symmetric key cryptography

XY9
Eve 8@!
#%

Will
Will
meet at
Alice Bob meet at
DXC
DXC XY9
8@!
#%

2
 Cryptanalysis
• Brute force: Try every key
• Ciphertext-only attack:
• Attacker knows the ciphertext of several messages encrypted with the same
key.
• Possible to recover plaintext (also possible to deduce the key) by looking at
the frequency of letters.
• Ciphertext Only attack on Caesar Cipher:
• Ciphertext: ZHOFRPH WR WKH FLSKHU FODVV
• Most common trigram in English: THE
• Digrams: TO, IS, IN, HE
• Attacker gets the key!!!
 Cryptanalysis Example
• Known-plaintext attack:
• Attacker observes pairs of plaintext/ciphertext encrypted with the same key.
• Possible to deduce the key and/or devise algorithm to decrypt the ciphertext.

• Known plaintext attack on XOR_Algo:

• Suppose attacker gets a pair (CT: 0110, PT:1010)
• Key: 1100
 Cryptanalysis
• Chosen-Plaintext attack:
• Attacker can choose the plaintext and look at the paired ciphertext.
• Attacker has more control than known-plaintext attack and maybe able to gain more
information about the key.
• Adaptive Chosen-Plaintext attack:
• Attacker chooses a series of plaintexts, basing the next plaintext on the result of the previous
encryption.
• Chosen-Ciphertext attack:
• Attacker can choose ciphertexts and get the corresponding plaintext from a decryption oracle.
• The attacker can then use this information to try to recover the secret key used for decryption.
• Caesar cipher:
• Query with ciphertext: GGGG
• suppose the PT output is JJJJ, then key will be 3
Cryptanalysis – Chosen Plain-Text Attack

• The attacker chooses a plaintext :

AAAAAAAAAA (10 characters)
• Let's say the ciphertext is:
AYUSHAYUSHAY
• Derive the key: AYUSH
 Traffic Padding
• Traffic Padding is a technique used to add extra data to a network
traffic stream in an attempt to obscure the true content of the traffic
and make it more difficult to analyze.
 Block Cipher
• A block cipher encrypts a block of given plaintext using a key and a cryptographic algorithm.
• A block cipher processes the data blocks of fixed size (64 bit, 128 bit, etc.).
• Typically, a message's size exceeds a block's size.
• As a result, the lengthy message is broken up into a number of sequential message blocks,
and the cipher operates on these blocks one at a time.
 Stream Cipher
• A stream cipher is a cryptographic algorithm that encrypts messages in a continuous stream, one
bit of data at a time.
• It encrypts a given plain text to a cipher text using a secret key.
• It can sometimes do the encryption in a continuous stream, by taking one byte of data at a time.
• E.g:- Vernam Cipher
 Confusion
• Caesar cipher:
• Given ciphertext only, we can derive the key based on statistical analysis.
• There is a linear relationship between the ciphertext and the key.
• Confusion means that each binary digit (bit) of the ciphertext should
depend on several parts of the key, obscuring the connections
between the two.
• The property of confusion hides the relationship between the
ciphertext and the key.
• Confusion maybe attained using Substitution boxes (S-boxes).
S-Box Example
 Diffusion
• In Caesar cipher, suppose the:
• Plain Text = THE CAT SLEPT ON THE MAT.
• Cipher Text = WKH FDW VOHSW RQ WKH PDW
• Patterns in the plaintext are visible in the ciphertext.
• Diffusion refers to dissipating the statistical structure of plaintext over the
bulk of ciphertext.
• For example, diffusion ensures that any patterns in the plaintext, such as
redundant bits, are not apparent in the ciphertext.
• Diffusion is provided by permutation boxes.
• If we change a single bit of the plaintext, then about half of the bits in the
ciphertext should change, and vice versa.
 Permutation-Box (P Box)
• An example of a 64-bit P-box which
spreads the input S-boxes to as many
output S-boxes as possible.
• 1100 0101 1101 0000

• 1010 1110 0000 0110

Types of P-Boxes 0 1 0 1 1

1 1 1 0 0
 Claude Shannon
• Proposed the idea of confusion and
diffusion.
• Year: 1945
• Complexity is implemented through
a well-defined and repeatable series
of substitutions and permutations.
 Plain Text Encoding
• Each character in the plaintext "Hello Mike" is represented by a single byte in the ASCII encoding,
where 1 byte equals 8 bits.
 Padding of Plain text
• Block Size: DES operates on blocks of 64 bits (which is 8 bytes).
• This means that the input plaintext must be in multiples of 8 bytes.
• Example:
• Plaintext: "Hello Mike" (10 characters)
• Length: 10 bytes (since each character is 1 byte).
• Padding Required: 16 bytes (next multiple of 8) - 10 bytes (original
length) = 6 bytes of padding.
• Padding Value: In PKCS#7 padding, if 6 bytes are added, each byte will be 0x06
in hexadecimal.
• Original Plaintext: "Hello Mike" (10 bytes)
• Padded Plaintext: "Hello Mike\x06\x06\x06\x06\x06\x06" (16 bytes)
 Block Cipher Modes of Operation
• A block cipher operates on fixed-size blocks (e.g., 64 bits in DES, 128 bits in
AES).
• But most real-world data is longer or shorter than a single block.
• Modes of operation allow block ciphers to handle data of any length by
processing multiple blocks or padding the last block if necessary.
• Types:
• Electronic Code Book
• Cipher Feedback
• Cipher Block Chaining
• Output Feedback
• Counter
Electronic Code Book (ECB)
• Plaintext is handled one block at a
time and each block of plaintext is
encrypted using the same key.
• The most significant characteristic
of ECB is that if the same b-bit
block of plaintext appears more
than once in the message, it
always produces the same
ciphertext.
• For lengthy messages, the ECB
mode may not be secure.
 ECB-Penguin

• Identical plaintext blocks produce identical ciphertext blocks, which can leak patterns and make it less secure for
many applications.
 Cipher Block Chaining

P1 IV

• IV – Initial value of 64 bits

• The input to the encryption algorithm is the
E(K, (P1 IV)) XOR of the current plaintext block and the
preceding ciphertext block;
• the same key is used for each block.
• Therefore, repeating patterns of b bits are
not exposed.
• As with the ECB mode, the CBC mode
requires that the last block be padded to a
full b bits if it is a partial block.
E(K, (P1 IV))

(P1 IV)
(P1 IV IV)

(b) Decryption
 Feistel Structure (1970)

• Horst Feistel : German-American cryptographer who

worked on the design of ciphers at IBM.
• A Feistel structure is a design framework used in
many symmetric encryption algorithms (DES,
blowfish, etc.).
• The input block of data is split into two halves.
• The encryption process involves multiple rounds, where
in each round:
• one half is transformed using a round function and a subkey,
and then the result is combined with the other half using an
XOR operation.
• The two halves are then swapped before the next round.
• This structure ensures that the decryption process mirrors
the encryption process, making it efficient and secure.
L (32 bits) R (32 bits)
Feistel
K1 Structure-
F Encryption

R L

K2
F
N such rounds

The input block of data is split into two

halves.
R The encryption process involves
L multiple rounds, where in each round:

one half is transformed using a round

function and a subkey, and then the
result is combined with the other half
using an XOR operation.
R L
The two halves are then swapped
before the next round.
R L ⨁ 𝐹 ( 𝑅 , 𝐾1) Feistel
K2 Structure-
F Decryption

K1
F

L R
 Data Encryption Standard
• Symmetric Block Cipher.
• Implementation of Feistel Structure.
• Plaintext block size = 64 bits.
• Ciphertext block size = 64 bits.
• Main key = 64 bits
• Sub key = 56 bits
• Size of the round key = 48 bits
• No: of rounds = 16 rounds.
• DES is replaced by the Advanced Encryption Standard in 2001.
 Putting it all together
• Step 1 (Block Division):
• First, divide the plaintext into 64-bit blocks (the block size of DES).
• Step 2 (Padding):
• If necessary, pad the final block to make it 64 bits.
• Step 3 (Encryption Using DES):
• Apply DES (which uses the Feistel structure) to each block individually.
• DES will use its Feistel network to process each 64-bit block.
• Step 4: CBC Mode Application:
• In CBC mode, the encryption of each block is dependent on the previous ciphertext block.
• The first block is XORed with an initialization vector (IV).
• The subsequent blocks are XORed with the previous ciphertext block before being
encrypted by DES.
 General Structure of DES

64 bit
• Major characteristics:
• Round function 64 bit
• Key schedule
• Initial and final permutation

64 bit
Initial and Final Permutation
• Permutation (or
Transposition):
• This operation changes
the order of bits
according to a
predefined pattern.
• No bits are changed in
value; only their
positions are shuffled.
• The initial and final
permutations are
straight Permutation
boxes (P-boxes) that are
inverses of each other.
Round Function
• The heart of this cipher is
the DES function, f.
• The DES function applies a
48-bit key to the rightmost
32 bits to produce a 32-bit
output.
L (32 bits) R (32 bits)

Round Function F

K1 (48 bits)

R (32 bits) L (32 bits)

 Expansion Permutation Box : From 32 to 48 bits by bit repetition
32 bit original data

• Expansion Permutation
Box −
• Since right input is 32-bit
and round key is a 48-bit,
we first need to expand
right input to 48 bits.
• Permutation logic is
graphically depicted in the
following illustration:
 Round Function (cont..)
• XOR −
• After the expansion permutation, DES does XOR operation on the expanded
right section and the round key.
• The round key is used only in this operation.
• Substitution Boxes. −
• The S-boxes carry out the real mixing (confusion).
• DES uses 8 S-boxes, each with a 6-bit input and a 4-bit output.
• Refer the following illustration −
 S-Boxes in Round Function

• There are a total of eight S-

box tables.
• The output of all eight s-
boxes is then combined into
32 bit section.
 S-Box example

If the first 6 bits of the 48 bit is 011011

8 different S-Boxes
 Straight Permutation
• Straight Permutation −
• The 32 bit output of S-boxes is then subjected to the
straight permutation with rule shown in the following
illustration:
 DES
Architectur
e
 Key Generation: 64 -56 bit
conversion
• Let the following be the initial 64 bit key (8 blocks of 8 bits each).
• 11001100 00111111 00000011 …………………….. 10000010
• Suppose we use odd parity (adjust the 8th bit for parity):
• 11001101 00111111 00000010 …………………….. 10000011
• This process is only for error checking.
• The eighth bit in each block will be discarded for encryption/
decryption.
• So effectively, 56 bits is used for round key generation.
• 1100110 0011111 0000001 …………………….. 1000001
 Key Generation

• A 64-bit key is used as input to the algorithm.

• The bits of the key are numbered from 1 through 64;
• Every eighth bit is ignored.

• The key is first subjected to a permutation governed by a table labeled Permuted Choice One
 Shift left Operation

• In this shift operation each bit in the register is shifted to the left
one by one.
• After shifting, the LSB becomes empty, so the value of the MSB
is filled in there.
 Key Generation
• The resulting 56-bit key is then treated
as two 28-bit quantities and labeled .
• At each round, and are separately
subjected to a circular left shift or
(rotation) of 1 or 2 bits (as per table d).
• These shifted values serve as input to
the next round.
• They also serve as input to the part
labeled Permuted Choice Two (Table
c), which produces a 48-bit output.
 Key Expansion in AES
• Key in Text – ‘command’

Key: 01100011 01101111 01101101 01101101 01100001 01101110

01100100

Key: 01100011 01101111 01101101 01101101 01100001 01101110 01100100

Key Hex: 636F6D6D616E64

 Avalanche effect in DES
• A desirable property in any encryption algorithm.
• Avalanche effect:
• a small change in either the plaintext or the key should produce a significant
change in the ciphertext.
• A change in one bit of the plaintext or one bit of the key should produce a
change in many bits of the ciphertext
• In DES:
• 1 bit change in the PT – 34 bits change in CT on an average.
• 1 bit change in Key – 25 bit change in the CT on an average.
 The strength of DES
• The use of 56 bit keys.
• Bruteforce - possible keys keys
• A bruteforce appears impractical.
• A machine that can do one DES encryption per microsecond takes more than thousand
years to break the cipher.
• Suppose we have a cluster of such machines and we divide the keyspace among them for
bruteforce (DH77).
• If you had 1 million machines, you could divide the keyspace into 1 million parts, with each machine
responsible for checking keys.
• 10 hours to break.
• DES was finally broken in 1998 (DES cracker, Electronic Frontier Foundation (EFF))
• The DES cracker divided the keyspace among the different chips and processed them in parallel.
• Tested around 90 billion keys per second, which enabled it to find the correct key in less than three days.
• Cost = 250,000 dollars in 1998.