Block

Block Ciphers
Ciphers and
and Data
Data
Encryption
Encryption Standard
Standard
(Chap-3)
(Chap-3)
 Algorithm Types
• It defines what size of plain text
should be encrypted in each step
of algorithm, its of two types

– Stream Cipher
– Block Cipher
 Stream Cipher
• Plaintext is encrypted one bit at a time
• Suppose message is “ BAT ”
• In binary it can be a series of 1 and 0;
• Every bit will be applied with a encryption
algorithms
• Apply XOR with a key operation will get a
cipher text
Eg..
Plaintext CAT-> 2 0 19
key BAT-> 1 0 19
Bits form is: perform XOR
operation
00010 00000 10011
00001 00000 10011
00011 00000 00000
 Block Ciphers
• A block of bits is encrypted at one
go
• Suppose a plaint text is
FOUR_AND_FOUR
• It can be encrypted in blocks of
“FOUR”, “AND”, and “FOUR”
 How to use a block cipher?
• Block ciphers encrypt fixed size blocks
– E.g. 64-bit blocks
• We need some way to encrypt a message of
arbitrary length
• It defines five ways to do it
– Called modes of operations

6
 Algorithm Modes
• It is a combination of a series of
the basic algorithm steps on block
cipher and kind of feedback from
the previous steps
 Five Modes of Operation
– Electronic codebook mode (ECB)

– Cipher block chaining mode (CBC) – most

popular
– Output feedback mode (OFB)

– Cipher feedback mode (CFB)

– Counter mode (CTR)

8
 (1) Electronic Code Book
(ECB)
• The plaintext is broken into blocks, P1, P2, P3, ...
• Each block contains 64 bits each
• Each block is encrypted independently of the other
blocks
• For all blocks in a message, the same key is used for
encryption
• At the Receiver end, the incoming data is divided into
64-bit blocks and used the same key for decryption

9
 (2) Cipher Block Chaining
(CBC)
 The plaintext is broken into blocks: P1 , P2 , P3 , ...
 Each plaintext block is XORed chained  with the previous
ciphertext block before encryption (hence the name):

Ci  E K Ci  1  Pi 

C0  IV

 Use an Initial Vector IV  to start the process.

 Decryption : Pi  Ci  1  D K (Ci )
 Application : general block-oriented transmission.
11
Cipher Block Chaining (CBC)

12
 (3) Cipher feedback mode
• Plaintext blocks: p1, p2, …
• Key: k
• Basic idea: construct key stream k 1, k2, k3, …
• Encryption:
c0 IV

ki Ek (ci  1 ), for i 1

ci  pi  ki , for i 1

13
 The plaintext is a sequence of segments of s bits
(where s block-size): P1, P2 , P3 , P4 , 
 Encryption is used to generate a sequence of keys,
each of s bits: K1 , K 2 , K 3 , K 4 , 
 The ciphertext is C1 , C2 , C3 , C4 , , where
Ci  Pi  Ki
 How to generate the key stream?

14
(a) Encryption in CFB Mode

15
 (4) Output feedback mode

• Plaintext blocks: p1, p2, …

• Key: k
• Basic idea: construct key stream k 1, k2, k3, …
• Encryption:
k0 IV

ki  Ek (ki  1 ), for i 1

ci  pi  ki , for i 1

16
Output Feedback (OFB)
Mode
Cipher Feedback

Output Feedback

18
 (5) Counter Mode (CTR)
• Plaintext blocks: p1, p2, p3, …
• Key: k
• Basic idea: construct key stream k 1, k2, k3, …
• Encryption:

T1 = IV
C = (IV, C1, C2, C3, ...)

19
 DES : Basic Principles
• DES is a Block Cipher.
• It Encrypts data in blocks of size
64 bits each
• 64 bits of plain text goes as the
input to DES, which produces 64
bits of Cipher Text.
• The key length is 56 Bits.
How Does DES
Works ???
 Key Size (56 Bits)
How ???
• The Initial Key Consists of 64 bits.
•
• Before the DES process starts, every 8th bit of
the key is discarded to produce a 56 bit key.

• Bit positions (8, 16, 24, 32, 40,48,56,64) are

discarded.

• These bits can be used for parity checking to

ensure that the key does not contain any error
 56 Bit key
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48

49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
Key Discarding Process
 DES - Basics
• DES uses the two basic techniques of
cryptography – Substitution Technique
(confusion) and Transposition
Technique (diffusion).
• DES consists of 16 Steps, each of which
is known as round
• Each round performs the steps of
Substitution and Transposition
 Level of steps in DES
1. The 64 bit plain text block is handed
over to an Initial Permutation (IP)
function
2. The IP is performed on plain text
3. The IP produces two halves of the
permuted block:
– LPT (Left Plain Text)
– RPT (Right Plain Text)
 Level of steps in DES
4. Each of LPT and RPT go through 16
rounds of encryption process

5. In the End, LPT and RPT are rejoined,

and a Final Permutation (FP) is
performed on the combined block

6. The result produces 64-bit cipher text.

Broad Level steps in
DES
DES Encryption
Overview
 Initial Permutation (IP)
• IP happens only once and it happens
before the first round
• It suggests how the transposition in IP
should proceed
• It says that the IP replaces the first bit
of the original plain text block with the
58th bit of the original plain text block
• 2nd bit with 50th bit and so on.
Idea of IP
 IP TABLE
58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4

62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8

57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3

61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7
 Initial Permutation IP
• The resulting 64 bits text block is
divided into two half blocks (each
32 bits)
• 16 rounds are performed on these
two blocks
Permutation on 56 Bit Key

57 49 41 33 25 17 9 1 58 50 42 34 26 18
10 2 59 51 43 35 27 19 11 3 60 52 44 36
63 55 47 39 31 23 15 7 62 54 46 38 30 22
14 6 61 53 45 37 29 21 13 5 28 20 12 4
Details Of one Round in
DES
 Step 1 : Key
Transformation
• For each round, 56 bit key is available

• From this 56 bit key, a different 48-bit sub key

is generated during each round using a
process called as Key Transformation

• In this method, a 56 bit key is divided into two

halves, each of 28 bits

• These halves are circularly shifted by 1 or 2

positions, depending on the round
 Number of Key bits
shifted per round

Roun
d 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Shift
1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
In DES, the Permuted Choice 2 (PC-2) step reduces the 56-bit key to a
48-bit subkey for use in each round of encryption by selecting specific bits
according to a predefined table. Here's how the PC-2 step works:
Key Process:

: After the initial key (64 bits) is reduced to 56 bits by removing the
1.Input

parity bits, the 56-bit key is divided into two halves of 28 bits each.
2.Shifts: The two halves are shifted left (circular shift) based on the
round number.
3.Combination: After shifting, the two 28-bit halves are concatenated,
forming a 56-bit block again.
Permuted Choice 2 (PC-2):

•
: The 56-bit concatenated block is then passed through a predefined
PC-2 Table

table called PC-2. This table specifies which 48 bits (out of the 56) will be
selected for use in each round.
The PC-2 table selects specific bit positions from the 56-bit key according
to its predefined structure. Here's what the PC-2 table looks like:
This table shows which positions from the 56-bit block are selected to
form the 48-bit subkey. Each number in the table represents the bit
position from the 56-bit input, and these bits are chosen to construct the
final 48-bit subkey.
Example:
•If bit position 14 from the 56-bit input is selected, the first bit of the 48-bit subkey will be the 14th bit from the original 56-bit key.

•This process continues until 48 bits are selected according to the PC-2
table.
Thus, Permuted Choice 2 (PC-2) reduces the 56-bit key to a 48-bit
subkey by simply selecting specific bits from the original 56-bit block
based on the PC-2 table. This 48-bit subkey is used in each round of DES
encryption.
PC-2 Table Positions
14 17 11 24 1 5
3 28 15 6 21 10
23 19 12 4 26 8
16 7 27 20 13 2
41 52 31 37 47 55
30 40 51 45 33 48
44 49 39 56 34 53
46 42 50 36 29 32
 56 Bit key

57 49 41 33 25 17 9 1 58 50 42 34 26 18
10 2 59 51 43 35 27 19 11 3 60 52 44 36
63 55 47 39 31 23 15 7 62 54 46 38 30 22
14 6 61 53 45 37 29 21 13 5 28 20 12 4
 56 Bit key

57 49 41 33 25 17 9 1 58 50 42 34 26 18
10 2 59 51 43 35 27 19 11 3 60 52 44 36
63 55 47 39 31 23 15 7 62 54 46 38 30 22
14 6 61 53 45 37 29 21 13 5 28 20 12 4
 After Round-1
• 56 Bit Key:

49 41 33 25 17 9 1 58 50 42 34 26 18 10
2 59 51 43 35 27 19 11 3 60 52 44 36 57
55 47 39 31 23 15 7 62 54 46 38 30 22 14

6 61 53 45 37 29 21 13 5 28 20 12 4 63
 How to Select 48 bit
Key from 56 Bit key
• Since the Key Transformation process involves
permutation as well as selection of a 48 bit
sub-set of the original 56-bit key, It is called
as Compression Permutation

14 17 11 24 1 5 3 28 15 6 21 10
23 19 12 4 26 8 16 7 27 20 13 2
41 52 31 37 47 55 30 40 51 45 33 48
44 49 39 56 34 53 46 42 50 36 29 32

18 bit number is discarded

 Step 2 : Expansion
Permutation
• The RPT is expanded from 32 bits
to 48 bits
• The RPT is divided into 8 blocks,
with each block consists of 4 bits
• For per 4-bit block, 2 more bits are
added.
Division of 32 bit RPT
into Eight 4-bit block
RPT Expansion Process
Expansion Permutation
Table
32 1 2 3 4 5 4 5 6 7 8 9

8 9 10 11 12 13 12 13 14 15 16 17

16 17 18 19 20 21 20 21 22 23 24 25

24 25 26 27 28 29 28 29 30 31 32 1
Expansion Permutation
Table
32 1 2 3 4 5 4 5 6 7 8 9

8 9 10 11 12 13 12 13 14 15 16 17

16 17 18 19 20 21 20 21 22 23 24 25

24 25 26 27 28 29 28 29 30 31 32 1
 S-Box Substitution
• It is a Process that accepts the 48-
bit input from the XOR operation
involving the compressed key and
Expanded RPT and Produces a 32
bit output using Substitution
Technique
Way to S-Box
Substitution
S-Box Substitution
Selecting an Entry in a S-
Box based on the 6-bit
input
Example
 P-Box Permutation
• The output of S-box Contains 32
bits
• These 32 bits are permuted using
P-Box
 P-Box Permutation
16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10

2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25
XOR and SWAP
 Final Permutation
(IP inverse)
40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31

38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29

36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27

34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25
 DES Example - Key
K = 581FBC94D3A452EA
X = 3570E2F1BA4682C7
K = ( 0101 1000 0001 1111 1011 1100 1001 0100
1101 0011 1010 0100 0101 0010 1110 1010 )
C0 = ( 10111100110100
01101001000101 )
D0 = ( 11010010001011
10100001111111 )
 DES Example - Key
C1 = ( 0111 1001 1010 0011 0100 1000 1011 )
D1 = ( 1010 0100 0101 1101 0000 1111 1111 )
K1 = ( 001001 111010 000101 101001
111001 011000 110111 011010 )
C2 = ( 1111 0011 0100 0110 1001 0001 0110 )
D2 = ( 0100 1000 1011 1010 0001 1111 1111 )
K2 = ( 110110 101001 000111 011101
110101 111011 011101 001000 )
 DES Example - Data
K=581FBC94D3A452EA
X=3570E2F1BA4682C7
X = (x1, x2, x3, …, x64)
=( 0011 0101 0111 0000 1110 0010 1111 0001
1011 1010 0100 0110 1000 0010 1100 0111)
This plaintext X is first subjected to an Initial Permutation –
IP which gives
L0 = ( 1010 1110 0001 1011 1010 0001 1000 1001)
A E 1 B A 1 8 9
R0 = ( 1101 1100 0001 111 0001 0000 1111 0100)
D C 1 F 1 0 F 4
 DES Example - Data
E(R0) = ( 011011 111000 000011 111110
100010 100001 01110 101001)
1 = E(R0)  K1
= ( 010010 000010 000110 010111
011011 111001 101001 110011)
S501(1101) = S51(13) = 9 = 1001
S611(1100) = S63(12) = 6 = 0110
S711(0100) = S73(4) = 1 = 0001
S811(1001) = S83(9) = 12 = 1100
 DES Example - Data
B1 = (1010 0001 1110 1100 1001 0110 0001 1100)

P(B1) = (0010 1011 1010 0001 0101 0011 0110 1100)

R1 = P(B1)  L0
= (1000 0101 1011 1010 1111 0010 1110 0101)
8 5 B A F 2 E 5
 DES Example - Data
L1 = (1101 1100 0001 1111 0001 0000 1111 0100)
D C 1 F 1 0 F 4
E(R1) = ( 110000 001011 110111 110101
011110 100101 011100 001011)

2 = E(R1)  K2
= ( 000110 100010 110000 101000
101011 011110 000001 000011)
 DES Example - Data
S100(0011) = S11(3) = 1 = 0001
S210(0001) = S23(1) = 14 = 1110
S310(1000) = S33(8) = 11 = 1011
S410(0100) = S43(4) = 12 = 1100
S511(0101) = S51(5) = 14 = 1110
S600(1111) = S63(15) = 11 = 1011
S701(0000) = S73(0) = 13 = 1101
S801(0001) = S83(1) = 15 = 1111
 DES Example - Data
B2 = (0001 1110 1011 1100 1110 1011 1101 1111)

P(B2) = (0101 1111 0011 1110 0011 1001 1111 0111)

R2 = P(B2)  L1
= (1000 0011 0010 0001 0010 1001 0000 0011)
8 3 2 1 2 9 0 3
L2 = R1 = (1000 0101 1011 1010 1111 0010 1110 0101)
8 5 B A F 2 E 5
 DES Example - Data -
Done !
Y = (y1, y2,y3, …, y64)
=( 1101 0111 0110 1001 1000 0010 0010 0100
0010 1000 0011 1110 0000 1010 1110 1010)
=( D 7 6 9 8 2 2 4 2 8 3 E 0 A E A)