1-2 Introduction Chyptography and Network Security 1-3 ntroduction

Cryptography and Network Security

GTU Summer-18, Winter-19 1.1.1 Need of Security

1.1 Introduction of Security
to keep in safe place 131.
ke the
valuable assets
? It is necessary
T. Security is required because the widespread use of data processing equipment,
How to protect the safe place n o w a day.
valuable assets.
But bank is not a
There security of information felt to be valuable to an organization was provided
bank to protect the in o u r country.
are so many example
where bank robbery primarily by physical and administrative means.

from a bank during opening hours. o.

the crime stealing of Network security measures are needed to protect data during their transmission.
B a n k robbery is effective.
difficult and not always
Protecting assets was Following are the examples of security violations.
because many
factors working against the 1. User A transmits a sensitive information file to user B. The unauthorised user
is easier nwo
Now aday, protection alarm and camera
silently prote
systems silently
potential
criminal. Very sophisticated Cis able to monitor the transmission and capture a copy of the file during its
banks. transmission.
secure places like ie. rugged filing cabinets

Traditionally
information security provided by physical 2. A message is sent from a customer to a stockbroker with instructions for
mechanisms 1e. personnel screening procedures various transactions. Subsequently, the investments lose value and the
administrative
with locks and
customer denies sending the message.
during hiring process.
to recover high
stolen cash and value assets, 3. While transmitting the message between two users, the unauthorised user
are designed
Asset protection systems The system has the capacity to track, protect
intercepts the message, alters its contents to add or delete entries, and then
and deter crime.
apprehend criminals forwards the message to destination user.
in real-time.
and manage critical assets
have become s o effective that a person
The techniques of criminal investigation 1.1.2 Terminology
material, voice, retinal pattern, fingerprints
etc.
can be iderntified by genetic
to protect data Basic terminology used for security purposes are as follows:
and communications links requires
measures
.Use of networks a.Cryptography: The art or science the principles and methods of
encompassing
during transmission.
transforming an plaintext message into one that is unintelligible and then
of methods of protecting data from
Data security is the science and study retransforming that message back to its original form.
unauthorized disclosure and modification. b. Plaintext: The original message.
collaboration while managing risk
Data and information security is about enabling c.Ciphertext: The transformed message produced as output, It depends on the
with an approach that balances availability versus the confidentiality of data.
plaintext and key.
Computer security : Generic name for the collection of tools designed to protect
d. Cipher : An algorithm for transforming plaintext message into one that is
data and to thwart hackers.
unintelligible by transposition and/or substitution methods.
Network security: Measures to protect data during their transmission. e. Key Some critical information used by the cipher, known only to the sender and
a
over
Internet security: Measures to protect data during their transmission receiver.
collection of interconnected networks. f. Encipher (encode) : The process of converting plaintext to ciphertext using a cipher
and a key
Protecting valuables
Following are certain aspects for the need of security: 8. Decipher (decode) : The process of converting ciphertext back into plaintext using
1. Increasing threat of attacks. a cipher and a key.
2. Fast growth of computer networking for information h. Cryptanalysis The study of principles and methods of transforming an
sharing. unintelligible message back into an intelligible message without knowledge of the
3. Availability of number of tools
and resources on Internet.
4. Lack of specialized resources that
may be allotted for securing system.
TECHNICAL PUBLICATIONS -
An up thrust for knowledge
 introduction
key. Also called code-breaking. Cryptanalysis is to break
Cryptography and Network Secunty 1-5 introductian,
an
Cryptanalyst can do any or all of the three different things
2. Integrity
1. Attempt to break a single message. Integrity refers to the trustworthiness of information resources.
2. Attempt torecognize patterns encrypted messages, in order to be
in Integrity should not be altered without detection.
able to
break subsequent ones by applying strainghtforward decryption
a It includes the
concept of "data integrity" namely, that data have not
algorithm. been changed
inappropriately, whether by accident or
deliberately malign activity.
3. Attempt to find general weakness in an encryption algorithm, witho It also includes "origin" or"source integrity" that is, that the data
actually came
necessarily having intercepted any messages. from the person or
entity you think it did, rather than an imposter.
i. Cryptology: Both cryptography and cryptanalysis. Integrity ensures that information is
not changed or altered in transit. Under
certain attack models, an
i. Code : An algorithm for transforming an
plaintext message into
adversary may not have to power to impersonate an
an authenticated party or understand a confidential communication, but
unintelligible one using a code-book. may have the
ability to change the information being transmitted.

1.1.3 Security Goals .On a more restrictive view, however, of information system includes
integrity an

only preservation without corruption of whatever was transmitted or entered into

the system, right or wrong.
Security goals are as follows
1. Confiderntially 3. Availability

2. Integrity Availability refers, to the availability of information resources. An information

system that is not available when you need it is at least as bad as none at all.
3. Availability
Availability means that people who are authorized to use information are not
1. Confidentiality prevented from doing so. It may be much worse, depending on how reliant the
access and disclosure to authorized organization has become on a functioning computer and communications
Confidentiality refers to limiting information infrastructure.
users and preventing a c c e s s by or
disclosure to unauthorized ones.
Almost all modern organizations
be secret from individuals who are not are
highly dependent on functioning information
Sensitive information should kept systems. Many literally could not operate without them.
authorized to see the information.
Availability, like other aspects of security, may be affected by purely technical
are authentication
methods like user-Ds
Underpinning the goal of confidentiality issues (eg a malfunctioning8 part of a
users, and supporting computer or communications device),
data system's
and passwords that uniquely identify
a natural phenomena (e-g. wind or water), or human causes
user's to the data systems (accidental or
control methods that limit each identified
access
deliberate).
.For example, an object service is
resources.
or
thought to be available if
Confidentiality i. It is present in a usable form.
Confidentiality is not only applied storage of
to
ii. It has capacity enough
data but also applies to the transmission of to meet the services needs.
ii. The service is
completed acceptable period of time.an
information.
means that people cannot read ecure By combining these goals, we can construct the availability. The data item, service
Confidentiality
either while it is on a integrity Availablily or system is available if
sensitive information, i. There is
or while it is traveling acrosS a a
timely response to our
request.
computer ii. The service and system can be used
network.
between
easily.
Relatlonship
ii. Concurrency is controlled.
between Confidentiality Fig. 1.1.1
confidentiality integrity and
Fig. 1.1.1 Relationship
Integrity and Availability.
availability
TECHNICAL PUBLICATIONS An up thrust
for knowledge
thuust for kngwledge
 Cryptography and Network Security rouuClon
Cryptography and Network Security 1-7 Introduction
iv. It follows the fault tolerance.
. Resources are allocated fairly. b. Data origin authentication

Peer entity authentication used in association with a

logical connection to provide
confidence in the
University Questions identity of the entities connected.
and data integrity. Data origin outhentication enables the
1. Explain data confidentiality,
data authentication recepient to verify that the message have
GTU: Summer-18, Marks3 not been tempered in transit (data
integrity) and they originally from expected
sender (authenticity).
2. Define following principles of security:
3. Availability GTU: Winter-19, Marks 3 Data origin authentication
does not provide protection against the duplication or
1. Confidentiality 2. Integrity
modification of data units. This type of service supports applications like electronic
Architecture mail where there prior interactions between the
1.2 OSI Security are no
communicating entities.
architecture for OSI. The
OSI security architechr 2. Access control
X.800 recommends sending
asses security needs
of organization and help them to I t is the to limit and control the access to host
define systematic way to
on
ability systems and applications via
and fields. communications links.
choose various security products
focuses on:
This service controls who can have access to a resource.
The OSI security architecture mainly
a) Security attack: information.
3. Data confidentiality
which comprises the organizaion secured Confidentiality is the concealment of information or resources. It is the protection
Any action
of transmitted data from passive attacks
b) Security mechanism:
A process desígned to detect, prevent
receiver from a security attack.
.Confidentiality is classified into
1. Connection confidentiality: The protection of all user data on a connection.
c) Security service: 2. Connectionless confidentiality: The protection of all user data in a single data
attack by making use of
intended to counter security
The security service are
block.
mechanísm.
the one o r more security 3. Selective field confidentiality: The confidentiality of selected fields within the
user data on a connection or in a single data block.
1.3 Security Services
of 4. Traffic flow confidentiality : The protection of the information that might be
X800 defines a security service as a service provided by a protocol layer
adequate security of the systems
or derived from observation of traffic flows.
open systems, which
ensures
cOTnmunicating
s data transfers. 4. Data integrity
.Integrity can apply to a stream of messages a single message or selected fields
L.80 divides security services into five different categories.
within a message.
2. Access control 3. Data confidentiality
1 Authertication Modification causes loss of message integrity.
4 Data integrity 5 Nonrepudiation
Data integrity can be classified as
1. Authertdication 1. Connection integrity with recovery
B in
Aatnerntication is the process of determining whether
someone or somethng * 2. Connection integrity without recovery
act, w 6what it prívate computer netwo
is declared to be. In public and 3. Selective field connection integrity
cathersication is cormanonly done throagh the use of login passwords. 4 Connectionless integrity
Twospecific auttenticatian services are defined in X.800 5. Selective field connectionless integrity
a Peet entity authestication
TECHNICAL PUBLICATIONS An up thrust for knowledge
TECHAL PIUBLMCATIGHS An up trust for knoodgs
 Introduction
1-8
and Network
Security Cryptography and Network Security 1-9
Cryptography introduction
for the integrity
of all user data
data on a
provides of anv
Connection integrity
with recovery
insertion,
deletion o r replay any data 2. Pervasive security mechanisms: Mechanisms that are not specific to any
modification,

connection and
detects any
with recovery
attempted. particular OSIsecurity service or protocol layer.
entire data sequence without recovery Trusted
withinan
provides only
detection a.
functionality That which is perceived to be correct with respect to
:
without recovery some criteria.
integrity of selected field.
for the integrity
Connection

connection integrity provides b. Event detection: Detection

Selective field
data block
connection.
transferred over a of security
relevant events.
data of a
within the user
of single a
connectionless data C. Security label: The marking bound to resource that names or designates the
for the integrity
. C o n n e c t i o n l e s s integrity
provides data modification. security attributes of that resource
detection of
take the form of d.
block and may Security recovery: Deals with requests from mechanisms, such as event
handling and management functions and takes recovery actions.
5. Nonrepudiation receiver from denying a transmitted
or
either sender
prevents
Nonrepudiation 1.5 Security Attacks GTU Summer-17, Winter-18, 19
message the alleged sender in fact sent
the receiver can prove that Computer based systems have three valuable components: Hardware, software
.When a message is sent,
and data.
the message.
the alleged receiver in fact
the sender can prove that Securities of these components evaluated in terms of
When a message is received,
are
vulnerability, threats,
received the message.
attacks and control.
A n assault on system security that derives from an intelligent threat; that is, an
1 . 4 Security Mechanism
intelligent act that is a deliberate attempt to evade security services and violate the
follows security poicy of a system.
X800 defined security mechanisms as
be incorporated into the appropriate
1 Specific security mechanisms: May Asset
of the OSI security services.
protocol layer in order to provide some Asset means people, property and information.
to transform data into a
a. Encipherment: The use of mathematical algorithms People may incude employees and customers along with other invited persons
form that is not readily intelligible. such as contractors or guests.

b. Digital signature : Data appended to, or a ryptographic transformation of,

a
Vulnerability
data unit that allows a recipient of the data unit to prove the source and Vulnerability refers to the security flaws in a system that allows an attack to be
integrity the data unit and protect against forgery. successful.
t0
c Access control: A variety of mechanisms that enforce access rights Weaknesses or gaps in a security program that can be exploited by threats to gain
resources unauthorized access to an asset. Vulnerability is a weakness or gap in our
d Data integrity: A variety of mechanisms used to ensure the integrity of a daa protection efforts.

urit or stream of data units. Example: In design, implementation or procedure, that might be exploited to
e. Authenticafion exchange : A mechanúsm intended to ensure the identity of a cause loss or harmn.

entity by neans of intormation exchange. Threat

Traffic padding Anything that can exploit vulnerability, intentionally or accidentally, and obtain,
: The insertion of bits into gaps in a data stream to frustra damage, or destroy an asset. A threat is what we're trying to protect against.
traffic analysis attempts.
.Threat refers to the source and means of a particular type of attack.
Notarization: The use of a trusted third party to assure certain properties
data enchange
Cryptography and ANetwork
Securty
10
Introduction 1- 11
Introduction

se Cyptography and Network Secunty

the best approaches to
to oaches
A threat assessment performed to
is
determine

of threat.
securing8 a
o r class 1.5.1 Passive Attack
system against
a particular threat,
which exists when there is a circum. in eavesdropping on, or
violation of security, mstance Passive attacks those, wherein the attacker indulges
are
A potential for could breach security and cause harm. That learn or make use of
event that is, a A passive attack attempts to
capability. action, or monitoring of data transmission.
might exploit vulnerability. affect system resources.
that information from the system but does not
threat is a possible danger
the potential and tendenc: that is in transit. The term passive
focus more on analyzing of The attacker aims to obtain information
Where risk assessments threat assessments focus mor modifications to the
fall prey to various attacks, on indicates that the attacker does not attempt to perform any
one's resources to
resources
attacker's data.
analyzing the
one develop specific security
policies to implement n Passive attacks are of two types:
.Analyzing threats can help 1. Release of message contents 2. Traffic analysis
and understand the specitic implementation needs fn o
line with policy priorities 1.5.1. A telephone conversation, an
Release of message content is shown in Fig.
securing one's resources.
contain sensitive or confidential
electronic mail message and a transferred file may
depending on their mode of attack. From viruses .
from learning the content of
Threats come in many forms, information we would like to prevent an opponent
threats have evolved into sophisticated programs
trojans, spyware and bots, these transmissions.
intended to harm computers.

Risk asset result of a threat

or destruction of an as a
The potentiai for loss, damage assets, threats, and
the intersection of
exploiting vulnerability. Risk
is Read content of
Opponent
message from sender
vuinerabilities. to receiveer

The formula used to determine risk is

Risk = Asset + Threat + Vulnerability Internet

R A + T+ V Sender Receiver

o r destroy 1.5.1 Release of message contents

Risk is function of threats exploiting vulnerabilities to obtain damage
a Fig.
vuBnerabilities then there s
assets. Thus, threats may exist, but if there are no Traffic analysis: Mask the contents of message so that opponents could not
little/no risk extract the information from the message. Encryption is used for masking

can have but if

vulnerability, have n o threat, then you have
you Fig. 1.5.2 shows the traffic analysis.
Sinilarly, you
littte/no risk.
ntroB
tro sed as proactive measure. Control is
is a action, device, procedure,
techiqse that removes or reduces a vuinerability Observe pattern of
Opponent messages from sender
A threat s biocked by control of vulnerability. to receiver

ritercaphir, nterruption, modification and fabrication are the system secu

threats. Internet
Sender
Recerve
Fig. 1.5.2 Traffic analysis

TECHNCAL PUBLCATIONS TECHNICAL PUBLICATIONS An up thrust

for knomedge
An up thrust for knowedge
 ntroduction
Passive attacks are very ifficult to detect because they do not involye Cryptography and Network Security
aiternation of data. It is feasible to prevent the success of aftack, usually by
involve any 1 13
introduction

of encryption
means

1.5.2 Active Attac*

Active atacks involve some modiñcation of the data stream or the creation o
a Capture message from
false stream. These attacks can not be prevented easily. Opponent sender to receiver, 1ater
replay message to receiver
Active attacks can be subdivided into four types
1 Masquerade 2 Replay
3. Modificztion of message 4 Denial of service Internet

Sender
1. Masquerade Receiver
takes place when one
entity pretends to be a different Fig. 1.5.4 Replay
entity. Fig. 1.5.3 shows
masquerade. 3. Modification of message
.It involves some change to the
original It
effect. Fig. 1.5.5 shows the modification of message. produces an unauthorized
message.

Opponent Message from opponent

that appears to be from sender

Opponent Opponent modifies

message from sender
iemet to receiver

Sender
Receiver
Internet
Fig. 1.5.3 Masquerade
For Sender
exampie Authentication sequences can be
: Receiver
authentication sequence has taken captured and replayed after a valid Fig. 1.5.5 Modification of message
tew
privileges to obtain extra place, thus enabling an
authorized
privileges by impersonating an entity thatentity
with For example, a
message meaning "Allow Rupali Dhotre
privileges. has those accounts "
is modified to mean "Allow
to read confidential file
Mahesh Awati to read confidential file
Interruption attacks are called as accounts".
Replay masquerade attacks. 4. Denial of service
involves he passive capture of a data unit and its
Fabrication use Denial Of Service (DOS) attacks.
produce an unauthorized effect. subsequent retransmission .DOS prevents the
Fig 1.54
o
normal use or management of communications facilities.
shows replay
attack. Another form of service denial is the
disruption of an erntire network, either by
disabling the network or by overloading it with messages so as to
performance. degrade
Fig. 1.5.6 shows denial of service attack.
TECHNICAL PUBLICATIONS An up thrust for
knowledge TECHNICAL PUBLICATIONS
 Securty
introduction
ACR rapy and Nework Cryptography and Wetwork Secuity -15 introduction

When the target receives a SYN packet, it replies with TCP SYN ACK packet,
which acknowledges the SYN packet and sends connection setup information back
to the source of the SYN
provcad by sever
The target also places the new connection information into a pending connection
buffer.
F o r a real TCP connection, the source would send a final TCP ACK packet when
it receives the SYN ACK.
However, for this attack, the source ignores the SYN ACK and continues to send
SYN packets. Eventually, the target's pending connection buffer fills up and it can
service
1.5.6 Denial of no longer respond to new connection
Fig. requests.
of the wide variety of potential
al
dicult to prerent active attack because 1.5.3 Difference between Passive and Active Attack
t s
vuinerabilities.
pysicei software and network
attacks were single source attacks, mneaning
that a sinee SI. Passive attacks Active attacks
The s type of DOS No.
another system and cause something on that system to
STstem was used to attack
S Y N Sood is the most widely used DOS attack. Passive attacks are in the nature of Active attacks involve some modification of
eavesdropping or, or moitoring ot, the data stream or the creation of a faise
SYN Hood DOS attack.
Fig 15.7 shows the transmíssions. stream.

Source Server Types: Release of message contents and Types: Masquerade, repiay, modification
traffic analysis of message and deniai of service.

Target to detect. Fasy to detect.

system 3.
Very difficult
. The emphasis in dealirng with passive It is quite difficult to prevent active attacks
attacks is on prevertion rather than absoButely.
Legimate connecion attempt detection.
TCP SYN packet It does not affect the system. It aftects the system.
***

TCP SYN ACK packet

1.5.4 Man-in-the-Middle Attack
TCP ACK packet
. I n cryptography, a Man-In-The-Middle (MITM) attack is an attack in which an
Syn fiood DOS attack attacker is able to read, insert and modify at will, meassages between two parties
without either party knowing that the link between them has been compromised.
TCP SYN packet
The attacker must be able to observe and intercept messages going between the
TCP SYN ACK two victims. The MITM attack can work against public-key cryptography and is
packet
The final TCP ACK also particularly applicable to the original Diffie-Hellman key exchange protocol,
packet is never sent
when used without authentication.
Fig. 1.5.7 SYN food DOs The MITM attack may include one or more of
attack
Source system sends a
large number of TCP SYN 1. Eavesdropping, including traffic analysis and possibly a
known-plaintex
SYN packets are used to
begin a new
packets
TCP
to the
target system. The
*
attack.
connection.
TECHNICAL PUBLICATIQNS TECHNICAL PUBLICATIONSAn up thrust for knowledge
 Introduction

16
Introduction and Network Security 1- 17
Cryptography
Security
and Network whose
Cryptography
does with Certificate Authority,
be verified by
a

message
.

the receiver a
on w h a t
secrecy requirement.
Public keys can
attack, depending s e c u r e channel.
2. Chosen ciphertext
public key is distributed through a

that it decrypts.
3. Substitution attack
University Questions
4 Replay attacks instance jam all
communicatin
ons security attacks.
GTU: Summer-17, Marks 4
may for Briefly explain any two active
GTU: Winter-18, Marks 4
attacker 1.
The parties to
service attack. The defense is
for both
5. Denial of in middle attack.
the parties. treat Discuss man
one of
GTU: Winter-18, Marks 4
2.
before attacking status messages
and to their crypto system.
Explain diferent type of
authenticated attacks on
send 3.
periodically
disappearance with paranoia. rat ner Explain cryptanalytic
attacks with example of any encryption algorithm.
to active manipulation of
the meassages, 4.
GTU: Winter-19, Marks 7
used to refer
MITM is typically
than passively eavesdropping
encryption 1 . 6 Finite Fields
attack against public-key
successful MITM such that the
Example of a
communicate with
Bob and that Mallory wishes to
is a nonempty set together with a binary operation (*)
wishes to
Alice message to Bob. To get
A group
Suppose or possibly
deliver a false
following three properties are satisfied:
the conversation,
eavesdrop on
If Bob sends his public key to (a*b)*c a*(b*c). For all a, b, ce G.
ask Bob for his public key.
=
:
1. Associativity
started. Alice must m a n - i n - t h e - m i d d l e attack c a n begin. ea. For all a e G.
able to intercept it, a element ee G such that a*e =

Alice, but Mallory is 2. Identity: There is an

which she has the private, element b e G such that

Alice a public key for For each element a e G, there is an

Mallory can simply send 3. Inverses :

then encrypts her
this public key to be Bob's, a*b = b*a = e.
matching, key. Alice, believing back to Bob. contains (denoted |G|).
Order of
and sends the ernciphered message is the number of elements it
Group G
message with Mallory's key
Order of a
such that g" e (denoted lg|). =

it the smallest positive integer n

the keeps a copy, and reenciphers a n element g e G is
Mallory again intercepts, deciphers sentmessage,to Alice. When Bob receives
the newly group, the
order of each element of the
using the public key Bob originally Here g g*g'... *g n (times). In
=
a finite
it came from Alice.
enciphered message, he will believe group divides
the order of the group.
that
This shows the need for Alice and Bob to have s o m e way to e n s u r e
example Properties of Groups
using the correct public keys of each other. Otherwise, such attacks F o r all ge G, g° = e.
they are
truly
are generally possible in principle, against any message sent using public-key
F o r all n, m2 1, ge G,
technology 1. g =gn-i *g
Defenses against the
attack
2. g" *gm =gn+m
The possibility a man-in-the-middle attack remains a serious security problem
of
even for many public-key based cryptosystems. Various defenses against MITM 3. (g")l = g-" = (g)"
attacks use authentication techniques that are based on mn

1. Public keys 4. (gm)n =

g
G have a*b = bta (commutativity) then G is
2. Stronger mutual authentication I f G is a group and for all a, b, e we

called an Abelian Group.

3. Secret
keys (high information entropy secrets)
In an Abelian group G, for all a, be G, then (a *b) = b-l*a= a-l+b-1
4.
Passwords (low information
entropy secrets)
5. Other criteria, such as
voice recognition or other biometrics
The integrity of public keys must generally be assured in some manner, but need

not be secret, whereas rne

passwords and shared
secret keys have the
adal TECHNICAL PUBLICATIONS An up thrust for knowledge
 Introduction Cryptography and Network Security 1-19 Introduction
1-18
and Network Security
Cryptography
(a+b) mod n = (ra + jn+Iy + kn) mod n
1 . 7 Modular Arithmetic
problems (including prok mod
in cryptography), are concerned and
withmany practical
modular arithmetic. In arithmetic m o imbers
d..s (Ta +Ib + (j+ k) n) n
number theory
modern
Much of
where we identify
all n = Ta +b) mod n

arithmetic o n
the integers,
concerned with = [(a mod n) + (b mod n)] mod n
are That is,
multiple of N.
we

which differ by an exact

for some integer m. Examples for the above three properties
+ mN
x y
mod N if x =
y
classes. We usual. 11 mod 8 = 3; 15 mod 8 = 7
divides all the integers into N equivalence ally
identification numbers 0, 1, N-1. I(11 mod 8) + (15 mod 8)] mod 8 10 mod 8 = 2
This members, that is,
the . ,

denote these by their "simplest" define a mod n to be the remainda. (11 1 5 ) mod 8 = 26 mod 8 = 2
is positive integer,
integer and n a
is
x n+(a mod n);
If a an
I(11 mod 8) - (15 mod 8)] mod 8 = - 4 mod 8 = 4
when a is divided by n. Then, a =[a/n]
(11 15) mod 8 = - 4 mod 8 = 4
Example: 11 mod 7 =4; - 11 and 7 =3.
relation on the integers. An equivalence class
: = n is an equivalence I(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5
Theorem
remainder on division by n. The
which have the same
consists of those integers classes modulo n. Rather than say the (11 x 15) mod 8 = 165 mod 8 55
also knoWn as congruence
equivalence classes are
modulo n.
Properties of modular arithmetic
say that they are congruent
integers a and b are equivalent
we
Let, Zn = {0, 1, 2 , . , (n - 1)} be the set of residues modulo n.

Definition Property Expression

to a modulo n is called the residue class [a].
The set of all integers congruent
mod 3: Commutative laws (w+x)mod n =(x +w) mod n
Example: Residue classes
10) = 6,-3,0,3,6,- W XX mod n- (x*w) mod n
Associative laws 1 1wX+yl mod n-w +x + yl mod n
-5,-2, 1,4,7,
2. 1(w XX) Xyl mod n =fw x(x xy)l mod n
21 ,4,-1,2, 5, 8,.
The modulo operator has the following properties Distribuive taw wx ylmodn [(w xx) +(wxylmod n
1. a =bmod n if n|(a - b).
ldentities w mod nW mod n
2 (a mod n) = (b mod n) implies a =b mod n.
(1Xw mod n W mod n
3. a =b mod n implies b = a mod n.
4 a sb mod n and b=cmod n imply a =c mod n.
Additive inverse (w For each we2 there exists az Such thatw +L0 mod n
**www.wwwwww.iwwwwww.wawwwwwwwwwww dN ww.www w
nmm wwww.w..ww.www. w.www.www.w.www.www.wwwww.w.w.ww.www.w
** v s

Properties of modular arithmetic operations: If (a + b) = (a + c) mod n, then b mod

=c n (due to the existence of an additivve
1. la mod n) + (b mod n] mod n inverse)
(a + b) mod =
n
2 Ia mod n) - (b mod n)] mod n = (a - b) mod n I f (a x b) = (a x c) mod n, then b = c mod
(only ifn is
3 Ia mod n) (b mod n}] mod n =(ax b) mod n to the
a
relatively prime to n; due
x
possible absence of a
multiplicative inverse).
Proof of property 1: eg 6x3 18 = 12 mod 8 and
Define (a mod n) =
ra and (b mod for 6 x7 42 = 2 mod 8 but
n) = n,. Then a =
Ia + jn and b =
Tb**
Some iîntegers j and k. Then,
3 7 mod 8 (6 is not relatively prime to 8)
TECHNICAL PUBLICATIONS An up thrust
for knowledge
TECHNICAL PURI IGATIONS
Cryptography and Network Security
20 Introduction Cyptography and Network Security 1-21 Introduction

inverse holds (rom aa rin

ring to0
then the property of multiplicative a 1.7.1 Modular Exponentiation
n is prime
field). modulo 7. Modular exponentiation is a type of exponentiation performed over a modulus.
modular addition and multiplication
Following table provides Doing a modular exponentiation means calculating the remainder when dividing
4 5
0 1 2
****************************;***
3 **************;************
by a positive integer m (called
the modulus) a positive integer b (called the base)
********ke***********

2
5 raised to the e-th power (e is called the exponent).
U U -******* *************"
*s ********* *******************
0 I n other words, problems take the form where given base b, exponent e, and
Z
*******************"***"
modulus m, one wishes to calculate c.
~****
0
*********:***
1 *****

Many public-key encryption algorithms use modular exponentiation raising a

number a (base) to some power b (exponent) mod p.

1
c ab = a a... a mod p
3
6
5
Example 1.7.1 Tofind 11 mod53
6 2 3

Solution: 13 = 8 +4 +1 so 1113 = 118*4+1 = 113«114111

(a) Addition modulo07

We can compute successive squares of 11 to obtain, 11,114,11*,11 and then

3 5 6
12 multiply together 11 *11* *118 to get the answer 113.
0
0
Because we are working mod 53, we will "take mods" at every stage of the
3 6
0 1 calculation.
3
2 6
********** Thus we have
11 mod 53 = 11
2
************************************
11 121, 121 mod 53 121 - 2*53 15
5
11 = (112)2 =152 mod 53 225 mod 53 =225 4*53 13
6

b) Multiplication modulo 7 118= (114)2 =13 mod 53 = 169 mod 53 - 3*53 10

Therefore 115 mod 53 11* 13 * 10 1430 mod 53 = 1430 26*53+ 52
TAT

The answer is 1115 mod 53 52.

1.8 Euclidean Algorithm

The Euclidean algorithm is for
an
algorithm finding the greatest common divisor
of two positive integers.
ve
The greatest common divisor of two integers is defined as: An
the
integer c is called
gcd(a, b) (read as the greatest common divisor of
integers a and b) if the
following 2 conditions hold:
1) c a Uclb
(c) Additive and multiplicative inverses modulo 7 2) For any common divisor d of a and b, dc
Table 1.7.1 Arithmetic modulo 7
TECHNICAL PUBLICATIONS An up thrust
for knowledge
 Cyptography and Network Security
1-22 Introduction Cryptography and Network Security 1-23 Introduction

of all the common divisor

is the greatest
Rule 2 ensures that the divisor c
of a 1.8.1 Extended Euclidean Algorithm
and b. trial and Anotho.
is by error. . One of the consequences of the Euclidean algorithm is as follows
could find the gcd of two integers
One way we
prime factorization
and from the Given integers a and b, there is always an integral solution to the equation
is that we could prime
factorize each integer on ax + by = gcd(a,b).
integers. However, both of
which factors are
common
between the two
these .Furthermore, the Extended Euclidean Algorithm can be used to find values of
as soon as
the integers are relatively large.
become very time consuming x and y to satisfy the equation above. The algorithm will look similar to the proof
and efficient algorithm to determinone the
However, Euclid devised a fairly simple makes use of the division algor
in some manner.

gcd of two integers.

The algorithm basically gorithm .Consider writing down the steps of Euclid's algorithm:
repeatedly. a = 91b+I1 where 0<r<b
to find the gcd(a, b),
where a and b are integers with
trying b =
92T1t T2 where 0 < I2 <'1
Let's say you are

ab>0. T1 93T2 * I3/ where 0 < I3 < 2

out the following:
Euclid's algorithm says to write
a = 9b +T1, where 0<r<b
Ti i+2i+1tri+2, where 0 ri+2 < i41
b where 0 < r2 <1
=
92r1 +T2
where 0 < I3 < T2 where 0
I q 3T2 +T3 Tk-2 1kTk-1 +Ik <
Ik <
Tk1
Tk-19k+1"k
. Consider solving the second to last equation for rk You get
Where 0 < Ti+2< ri+1
2Ti+ 1 +Ii+2
i+ TkTk-2-9kk-1 or
gcd(a, b)= Tk-2-9kk-1
Now, solve the previous equation for rg-1
Tk-1 9k+1k Tk-1Tk3 1T-v
Eucid's algorithm says that the gcd(a, b) = k and substitute this value into
the previous derived equation:
Consider computing gcd(125, 87) gcd(a, b) Tk-2- 9k(Tk-39k-1fk-2)
125 167 +38 gcd(a, b) = (1+99k-1)k-2 -9k'k-3

872*38+11 Now we have expressed gcd(a, b) as a linear combination

38 3*1145 of ry-2 and rk-a Next
we can substitute for of rk-2 in erms of rk-3 and rk-4 so that the
gcd(a, b) can be
11 2'541 expressed as the linear combination of rk-3 and ry-4. Eventually, by continuing this
5 51 process, gcd(a, b) will be expressed as a linear combination of a and as desired.
b
Thus, we find gcd(125, 87) 1 Find integers and y such that: 135x +50y 5.
x =

Use Euclid's algorithm to compute gcd(135, 50):

Exampls 1.8.1 Ftnd gcdl125, 20)
135 2* 50 +35
Solution 125 6 * 20 + 5
50 1* 35 + 15
2045,
Thus, the gdé125, 20) 5 35 2 * 15 + 5
15 3 *5

TECHNICAL PUBLICATIONS An up thrust for

knowledge
TECHAICAL PUBLICATIONS An up thirust for
knowiaigo
 and Network Security
1-24 Introduction ntroduction
Cryptography and Network Security 1 -25
Cryptography
the problem:
ntro
to solve
Euclidean algorithm *
5.
the Extended 2 15 +
Therefore, GCD(48, 30) = 6
let's last equation 35
=
use
Now, from the second
to
35-2* 15,
GCD(105, 80)
But, we have that
to last equation
50 1 *35+5. 105 1 80 + 25 gcd(80, 25)
from the third
15 =
50 35, previously
derived equation
Now, substitute
this value into the 80 = 3 25 +5 gcd (25, 5)

5 35-2*(50 35) 25 5 5+0gcd( 5, 0)

5 3*35 -2 *50 Therefore, GCD(105, 80) = 5
expression for 35 as
the first equation
to determine
an a
inea
Now, finally use

combination of 135 and 50 1.8.2 Greatest Common Divisor

35 135 -2 *50.
.Definition. A positive integer d is called the greatest common divisor of the
Plug this into our last equation: *
nonzero integers a and b if
*50) 2 50
3 *(135 2 i) d is a divisor of both a and b, and
-

5 3* 135 8 *50 ii) Any divisor of both a and b is also a divisor of d.

-8. We will use the notation gcd(a, b), or simply (a, b), for the greatest common
to the equation is x =
3, y =

So, a set of solutions divisor of a and b.

20) and gcd (50, 60).
Example 1.8.2 Using Euclidean algorithm calculate gcd
(16,
Greatest Common Divisor ged(ab) is the largest number that divides both a and b.
If and b share factors, they called
Solution: gcd (16, 20) a no common are
relatively prime.
Step 1:a 20, b1 = 16 Step 2: a2 = 16 b2 =4 Example 1.8.4 Find gcd(1403, 1081).
16 4 x 4 +0
20 16 x 1+4
Solution: 1403 =1081.1 + 322
Here r =0 and so the last non-zero reminder is r2 =4.
1081 = 322.3+ 115
Thus gcd (16, 20) = 4
322= 115.2 + 92
gcd (50, 60)
115 = 92.1 + 23
a1 60, b1 =50
92=23.4 + 0
a1 b191 t71 =50 x 1+ 10
The last nonzero remainder is
a250, b2 =10 =b292 +12 = 10 x 5+0
23, so gcd(1403, 1081) = 23.

Here r2 =0 and so the last non-zero remainder is r 10. Thus gcd (50, 60)= 1
Example 1.8.5 Find gcd (120 70).
Solution: 120 = 70 +50
Example 1.83 Using Euctidean algorithm calculate GCD (48, 30) and GCD (105, 80.
70 = 50 +20
Solution: Using Euclidean algorithm calculate GCD: 50 20x 2+10
CCD(48, 30)
20= 10x 2 +0
48 1x30 +18 gcd(30, 18)
30 1x18 12 gcd (18, 12) Therefore gcd (120,70) = 10.
18 1x12 +6
gcd( 12, 6) It is always possible to write gcd(a, b) as a linear combinations of a and b. That is,
12 there exist integers x and such that
2x6+0 gcd(6, 0 y gcd(a, b) ax+by (x or y may =
be negative).

TECHNICAL TECHNICAL PUBLICATIONS An up thrust

for knowiedge
PUBLICATIONS An up thrust for
knowledge
 Cryptography and
Network Secunty
1-26 Introducto
is the
smallest p o s i i t . . Cryptography and Network Security 1-27
it, gcd(a, b)
e Introduction
in fact, though we have not proved
the Euclidean algorithm to find gcd inea
Combination of a and b.
Once we use

to write gcd(a, b)
in the form ax+by. 1.10 Symmetric Cipher Model
can then retrace our steps
A symmetric encryption model has five ingredients Plaintext, Encryption
1.9 Conventional Cryptosystem algorithm, Secret key, Ciphertext and Decryption algorithm.
destination across some
from source to .Fig. 1.10.1 shows the conventional encryption model.
A message is to be transferred for the exchange of
the data.
must cooperate Secret keyy
intermet. Both the sides
is established by defining a route throueh shared by
sender and recipients
A logical information channel
to destination.
internet from source

have two components:

All the techniques for providing security
transformation on the information to be sernt.
1. A security related
the two principles, it is hoped, unkne

8-
2. Some secret information shared by

Fig.
to the opponent.
1.9.1 shows the network security model.
8
Trusted third Plaintext Encryption Decryption Plaintext
parny nput algorithm
algorithmn Output
Fig. 1.10.1 Conventional encryption model
Plaintext is the original message or data that is fed into the
algorithm input.
as

Sender Receiver Encryption algorithm performs various substitutions and transformations on the
plaintext.
Transformation Transformation Secret key is a value
independent of the plaintext and of the algorithm. The exact
Wessage Secret t Information Secret VieSsage
substitutions and transformations
performed by the algorithm depend on the key.
message Channel message Ciphertext is the scrambled message produced as output. It depends on the
plaintext and the secret key.
Secret Decryption algorithm takes the ciphertext and the secret key and
information Opponent
Secret original plaintext. produces the
information
The original
Fig. 1.9.1 Network
security model intelligible message, referred to as plaintext is converted into random
A
nonsense, referred to as ciphertext. The science and art of
trusted third party is needed to to make them secure is manipulating messages
achieve called
Basic tasks in
secure transmission. cryptography
designing An
Design an algorithm forparticular security
a
1. service. original message to be
transformed is called the
plaintext and the resulting
2. Generate the
performing the security related
transformation.
message after the transformation is called the
ciphertext.
secret information to The process of
be used with the converting the plaintext into ciphertext is called
3.
Develop methods for the distribution and algorithm. reverse process is called encryption. The
decryption. The encryption process consists of an
Specify a protocol to be used by the twosharing the secret informa of the
of tion.
4. algorithm and a key. The key controls the
algorithm
security algorithm and the secret principles that makes u The objective is to
design an encryption technique so that it would be
service. information to achieve ecurity
difficult or
impossible for an unauthorized party to understand the contents ofvery
a
particula" the
ciphertext.
TECHNICAL PUBLICATIONS An up thrust
for knowledge TECHNICAL PUBLICATIONS An up thrust for
knowledge
 and Network
Security
1-28 Introduclion
Cyptography
decrypting the
cipher Cryptography and Network Securlty 1-29 Introduction
message only by ertext usin
the original used, the algorithm
will
A user can
recover

upon the
secret key
the algorihc
prod University Question
the secret key. Depending

different output.
If the secret key
changes,
the output of
zorithm also 1. What are the essential ingredients of a symmetric cipher ?
GTU: Winter-17, Marks 4
changes. depends on
factors.
on several fant.
the several
conventional encryption
m u s t be diffi.
Th 1.11 Cryptography
The security of the Decryption message
must be powerful. he
encryption algorithm The algorithm is upon Cryptography is the study of secure communications
on the secrecy
of the key only. all bu .
techniques that allow only
algorithm depend the diagram, the message source is the the sender and intended recipient of message to view its contents. The term is
a
in
secret. As shown
only key is to keep key K input and cin derived from the Greek word kryptos, which means hidden.
plaintext ie. X
with the message
X and encryption
as
ciphertex Cryptography is the science of secret writing that brings numerous techniques to
Y, we can write this as,
safeguard information that is present in an unreadable format.
Y = EK, X) 1.10.1)
algorithm E as a function of the nlaintet By using cryptographic systems, the sender can first encrypt a message and then
Y is to be produced by using encryption able to invert pass on it through the network. The receiver on the other hand can decrypt the
X. The intended receiver in possession of the key, is the message and restore its original content.
transformation.
Characteristics of cryptography:
X = D[K, Y) (1.10.2)
1. The types of operations used for transforming plaintext
An opponent, observing Y but not having access to K or X, must attempt th to ciphertext.
recover X and K or both X and K. It is assumed that the opponent does have 2. The number of keys used.
knowledge of the encryption (E) and decryption (D) algorithms. 3. The way in which the plaintext is processed.
Cryptography is an art or science encompassing the principles and methods of
1.10.1 Advantages of Symmetric Key Cryptography transforming a plaintext message into one that is unintelligible, and then that
1. message back to its original form.
High rates of data throughput.
2. Keys for symmetric-key ciphers are
relatively short. Cryptanalysis: The study of methods for obtaining the meaning of encrypted
information without accessing the secret information.
3. Symmetric-key ciphers can be used as
primitives to construct various cryptograpic
mechanisms (i.e. pseudorandom nunmber generators). Cryptography is where security engineering meets mathematics
4. Cryptology = Cryptography + ryptanalysis
Symmetric-key ciphers can be composed to produce stronger ciphers.
5.
Symmetric-key encryption is peroeived to have an extensive Some Major Applications:
history. 1. To protect
privacy, confidentiality
1.10.2 Disadvantages of Symmetric Key 2. Insuring data
integrity for detecting and preventing
1.
Cryptography manipulation
unauthorized data
Key must remain secret at both ends.
3. Authentication, the means by which two parties can
2. In large
networks, there are many positively identify each
keys pairs to be
managed other.
3. Sound cryptographic practices dictates that the
4. Digital signature mechanisms key changed frequenty be 4 Non-repudiation t o hold people responsible for their actions.
require either large keys or the arising from symmetric-key on
encryptio
typical There are a number of
block ciphers, stream
cryptographic primitive's basic building blocks, such as
use of third trusted ciphers, and hash functions. Block ciphers may either have
parties. one key for both encryption and decryption, in which case they're called shared
Key or have
separate keys for encryption and decryption, in which case they're

TECHNICAL TECHNICAL PUBLICATIONS An up thrust for knowiedge

PUBLICATIONS An up thast mr (nu
 - 30
Introduction Cryptography and Network Security 1-31 Introduction
Cryptography
and
Network Security

A digital
signature
scheme is a
pecial type of
special -

asymmetric. Chosen plaintext

called public key or 1.Encryption algorithm
using the sin
asymmetric crypto primitive.
is to be
found
2.Ciphertext
straightforward
example letter in the alnkPe
which each 3.Plain text message chosen
Perhaps
the most method, in
algorithm would
is by cryptanalyst
substitution cipher to this together with its corresponding decrypted
key supplied in
mono-alphabetic
The with the
key plaintext generated with the secret key.
by
shifted integer
an
value.

a problem
arises in sharing
the
ntended
However, others. Chosen ciphertext 1. Encryption algorithm
integervalue. discovered by
without letting it be
recipient 2.Cipher text
3.Purported ciphertext chosen by cryptanalyst,
University Questions together with its corresponding decrypted
plaintext generated with the secret key.
terms in brief
1. Discuss the following
Chosen text 1.Encryption algorithimn
Brute force attack
GTU: Summer-17, Marks 3
Cryptography 2.Cipher text
Passive attack, Cryptanalysis.
the following terms in brief : 3.Plaintext message chosen by
2. Discuss
GTU Winter-17, Marks 3 cryptanalyst
together with its corresponding iphertext
generated with the secret key.
1.12 Cryptanalysis 4Purported ciphertext chosen by cryptanalyst
together with its corresponding decrypted
any cipher
to break text message to obtain the original plain
The process of trying plaintext generated with the secret key.
text message itself is called as cryptanalysis.
is the art of deciphering encrypted communications without
Cryptanlysis 1.12.1 Cryptanalysis Attacks
knowing the proper keys
There are four general types of
Cryptanalysis is the breaking of codes. The person attempting a cryptanalysis cryptanalytic attacks. Each of them assumes that the
cryptanalyst has complete knowledge of the encryption algorithm used.
called as a cryptanalyst.
1. Ciphertext-only attack
Brute force attack: The attacker tries every possible key on a piece of cipher text
2. Known-plaintext attack
until an intelligible translation into plaintext is obtained. 3. Chosen-plaintext attack
Types of Attacks on Encrypted Messages
4. Adaptive chosen plaintext attack.
ST.No. Types of attack 1.
Known to cryptanalyst Ciphertext only attack:
-

The cryptanalyst has the

Ciphertext only 1.Encryption algorithm ciphertext of several messages, of all of which have been
encrypted using the same encryption algorithm.
2.Cipher text The analyst
may be able to capture one more
plaintext messages as well as
or
Known plaimtext their encryptions.
1.Encryption algorithm
2.Cipher text Better yet to deduce the key used to encrypt the
other messages messages, in order to decrypt
3.One or more plaintext ciphertext pairs formed encrypted with the same keys.
Given C =E^(Pi), C2
with the
secret key. =E,(P2).. C=E,(Pi)
Deduce Either P, P2,
P,K or an algorithm to infer Pi+1 from
Ci1 E&(P1)
TECHNICAL PUBLICATIONS An up thrust for TECHNICAL PUBLICATIONS -
An up thrust for
knowledge
knowledge
 Network Secury
1-32 Introduction Cyptography and Network Security 1 33 Introduction
Cyptography and

messages
2. Known-plaintext attack
not only to the ciphertext
of several
es, but also If either type of attack succeeds in deducing the key, the effect is
T h e cryptanalyst has
access
catastrophic All future and past messages encrypted with that key are
those messages.
to the plaintext of messages.
compromised.
to encrypt the
J o b is to
deduce the key used with the same ko
to decrypt any new messages
encrypted key. 1.13 Vulnerability and Threat
OR an algorithm attack. Computer based systems have three valuable components Hardware, software and
I t is also referred
to as probable word
a

Pi, Ci =
Ex(P)
=E,(P), P2.C2 =E,(P2).
data.
Given P, C Securities of these components are evaluated in terms of vuinerability, threats,
algorithm to infer P+1 from Ci+1 =E^(P+1)
Deduce: Either K or an
attacks and control.

3. Chosen-plaintext attack An assault on system security that derives from an intelligent threat; that is, an
than a known plaintext attack because the cryptanalvst caan intelligent act that is a deliberate attempt to avade security services and violate the
This is more powerful
to encrypt. security policy of a system.
choose specific plaintext biocks

The cryptanalyst not only has access to the ciphertext and associated plaintext fn
Asset
several messages, but he also chooses
the plaintext that gets encrypted. Asset neans people, property and information.
Given P, C =E,(P), Pz,C2 E,Pa)...P, Ci =Ek(P)
=

People may include employees and customers with invited persons such
along as
where the cryptanalyst gets to choose P, P2, contractors or guests.

Deduce Either Kor an algorithm to infer Pi+1 from Ci+1 =Ex(P+1) Vulnerability
4. Adaptive chosen plaintext attack
Vulnerability refers to the security flaws in a system that allows an attack to be
successful.
Not orniy can the cryptanalyst cho0se the plaintext that is encrypted, but he can
also Weakrnesses or gaps in a security program that can be exploited by threats to gain
modify his choice based on the result of previous
encryption. unauthorized access to an asset. Vulnerability is a weakness or gap in our
A cryptanalyst might just be able to choose one large block of plaintext to be protection efforts.
encrypted- in chosen plaintext attack.
Example In design, implementation or procedure, that might be exploited to
Exampie 1.121 What is the objective af attacking an encryption system ? Write the tuo cause loss or harm.
ayproaches to attack a comoentional encryption scheme
GTU: Summer-12, Marks 7 Threat
Anything that can exploit vulnerability, intentionally or accidentally and obtain,
Solution : The objective of attacking an
encryption system is to recover the key n 15e damage or destroy an asset. A threat is what we're trying to protect against.
rather then simply to recover the plaintext of a single ciphertext. There are two Ben eral
approaches to attacking a conventional encryption scheme: Threat refers to the source and means of a particular type of attack.
1. Cryptanalysis A threat assessment is performed to determine the best approaches to securing a
Cryptanalytic attacks rely on the nature of the Jus
perhaps some knowiedge of the general algorithm system against a particular threat or class of threat.
some sample characteristics of the plaintext or even

plaintext-ciphertext pairs. This type of attack ack exploits the

A potential for violation of security, which exists when there is a circumstance,
characteristics
deduce the key
of the algorithm to attempt to deduce explo or
capability, action or event that could breach security and case
harm. That is, a

being used a
specific plainte threat is a possible danger that might exploit vuinerability.
2. Brute-force attack The attacker tries Where risk assessments focus more on analyzing the potential and tendency of
until every possible key hertext

inteligible
an on a
piece of one's resources to fall prey to various attacks, threat assessments focus more on
possible keys must betranslation into plaintext
tried to achieve
is obtained. On average, ha" analyzing the attacker's resources.
success
TECHNICAL PUBLICATIONS An up thrust for knowledge
TECHNICAL PUBLICATIONS An ua t
 1- 34
introductio Cryptography and Network Security 1- 35 introduction
aC ewok Sec
ypograPY to implen
security policies in 1.14.1 Caesar Cipher
deveiop speciic
threats can help one
and specific needs
implementation n e
o
Analyzing and
understand
Caesar cipher is a special case of substitution techniques wherein
policy priorities each alphabet in
ine with a message is replaced by an alphabet three places down the line.
securing one's resources.

on their mode of attack.

attack. From
From viruses to
in many forms,
depending
into sophisticated Dr .Caesar cipher is susceptible to a statistical ciphertext only attack.
Ihreats come

and bots,
threats
have
evolved
grams
trojans, spyware For example,
intended to harm computers
Plaintext hellow world
a result of
Risk or
destruction of an asset as a
threat Ciphertext KHOOR ZRUOG
damage
.The potential for loss, Risk is the intersection of assets, threats and
exploiting vulnerability. List of all possible combination of letters.
vuinerabilities.
Plain a b cd e fg hi
determine risk is ik m n
.The formula used
to
Threat + vulnerability D E F G H I J KL MN O P
Risk = Asset + Cipher
ww.wiiwww.wwwwwiowwewwwwwwwwwwwwweevaiavrivne
Q R S TU V
eynemme erenn
R A+ T+ V t
vulnerabilities to obtain damage or destrou
W

function of threats exploiting

Plain X

Risk is a
vulnerabilities then there is little
if there are no
assets. Thus, threats may exist, but Cipher W X Y Z A B CC

no risk.
have threat, then you have Numerical equivalent to each letter is given below.
Similarly, you can have vunerability, but if you no

little / no risk. b c d e f g h i j k 1 mn o 9r
P
xY 2
Control 4 5 6 7 89 10 11 12 13 14 15 16 17 18 19
wwwwwww.wwwwwwwwwwwww.wwwowwwwwwwwwwvwwwwwwwwwwwwwiwwsvooww.wwwetwnae
20 21 22 23 24 25
Control is used as proactive measure. Control is a action, device, procedure or eiwiie
Owadnwwnwenvwww.wwvoiwwwwwwiwrdinrwwwe Noeidiu oiwivvwtivieieiwn

The algorithm be
technique that removes or reduces a vulnerability. can
expressed as follows. For each plaintext letter P, substitute
the ciphertext letter C
A threat is blocked by comtrol of vulnerability. C E(3, P) = (P + 3) mod 26
Interception, interruption, modification and fabrication are the system security
A shift may be of any amount, so that the
threats. general Caesar algorithm is
C E(K, P) = (P + K) mod 26
Brute force attack
The attacker tries every possible where K = Values from 1 to 25
key on a
piece of cipher text until an
intelligio
translation into plaintext is obtained. The decryption algorithm is simply
Brute force attack is P DK, C) = (C - K) mod 26
automated process of trial and
an
used to
person's user name, password, credit-card number
error gue I f it is known that a given
of cryptographic keys. ciphertext is a Caesar cipher, then a brute force
114 Substitution Techniques cryptanalysis easily performed : Simply try all the 25
is
possible keys.
Demerits
A substitution .The encryption and
cipher changes characters in the decryption algorithms are known.
A substitution plaintext to produce to cip ed
hertext

technique is one in which the letters of 2. There are

only keys to try.
25
other letters or by numbers or symbols, plaintext are
repla 3. The
language of the plaintext is known and easily recognizable.
If the
plaintext is viewed as a sequence of bits, then
plaintext bit patterns with ciphertext bit substitution involves TEP
patterns. TECHNICAL PUBLICATIONS An up thruet for
knowledge
TECHNICAL PUBLICATIONS An
up thrut for knouedgs
 Ciyptography and Network Secunty
1 36
Introducion Cyptography and
Nefwork Security 1 - 37
Introduction

1.14.2 Monoalphabetic Cipher 1.14.4 Hill Cipher

with another
letter of the alphabet
Monoalphabetic cipher
substitutes one
letter o takes
substituting according regular to a patter .The encryption algorithm m successive
plaintext letters and substitutor for
the alphabet. However, rather than any
them m ciphertext letters.

substituted for any other

letter, as long as each letter has a
letter can be
substitute left and vice versa.
unique The substitution is determined by m linear equations in which each character is
assigned a numerical value (a = 0, b = 1, c = 2, . . z = 25), the system can be
described as follows :
a b C = (K P1 + Ki2 P2 + Ki3 Pa) mod 26
Plaintext
C2 (K21 P1 + Kz2 P2 + K23 Pa) mod 26
Ciphertext www w wwwwwwwwwwww iwnvwwwiwwww.wwww.wwwwwwwwww*
*w.
*************vo C3 (K1 Pi + K32 P2 + Ka3 P3) mod 26
.This can be expressed in term of column vectors and matrices
Plaintext
(C1 (K11 K12 Ki3 P
Ciphertext wAwwwwwwwnwwwwwwwwwwowwwww.
C2 K21 K22 K23 P2 mod 26

For example C3 K31 K32 K33 Pa

Plaintext message : hello how are you or C KP mod 26

Ciphertext message: acggk akr moc wky Where C and P are column vectors of length 3, representing the plaintext and
Monoalphabetic ciphers are easy to break because they reflect the ciphertext.
of the original alphabet. frequency data Kis a 3x3 matrix, representing the encrypting key.
Homophonic Substitution Cipher .For example:
Plaintext = Paymoremoney
It provides multiple substitutes letter. Forfor a
single example, A be
by D, H, P, R; B can be replaced by E, Q, S, T etc.
can
replaced (17 17 5
Key (K) =
21 18 21
1.14.3 Playfair Cipher 2 2 19
The playfair algorithm is based The first three letters of the plaintext are represented by the vector.
on the use of a 5 x 5 matrix of letters
using a keyword. constructed (17 17 5(15
For
(375 11
example : Monarchy is the
keyword.
C KP mod 26 =| 21 18 21 0mod 26 =| 819 mod 26 =| 13=LNS
2 2 19 24 486 18
M
AR For plaintext pay, ciphertext is LNS.
B D
*anddpso*ssuenensassa***:*********ssa* The entire ciphertext is LNSHDLEWMTRW
G I/J
Decryption requires using the inverse of the matrix K.
O S
*************esor
V
amwmuiwwm
W
A
Z
Thegeneral terms in Hill cipher is
Cipher C= E(K, P) = KP mod 26
The matrix is
constructed by filling in the Plaintext P = D(K, P) = K'c mod 26 K KP =P
and from top to letters of the
bottom and then keyword from left to g
remaining letters in alphabetic order.filling in the
remainder of the matrix witn the Advantage0s
1. It
.The letters I and J count completely hides single letter frequency.
as one
letter. 2. Hill
cipher is
strong against a ciphertext only attack.
. 5y using larger matrix, more frequency information hiding is possible.
TECHNICAL PUBLICATIONS An up thrust for TECHNICAL PUBLICATIONS An up thrust for knowledge
knowledge
oryptography arnd Network Seciunity
- 38 Introductio Cryptography end
Network Securty
39
Introduction

Disadvantage
known plaintext attack. In polyalphabetic substitution, each occurrence of a
character can have differernt
1. Easily broken with a
The a
atibstitute. relationship between a character in the
the ciphertext is one to many. plaintext to a character in
1.14.5 Polyalphabetic Substitution

Plaintext
.An example of polyaiphabetic substitution is the
Vigenere cipher.
.The Vigenere cipher chooses a
sequence of keys, represented by a string. The
S t u v wx letters are applied to successive plaintext characters, and when the key
ik 1mn P end of the
bcd g is reached, the key start over. key
P QR S T U V w x y

ABC DE FGH J K iM NO
MNO P a R S T U V, W X
Y z Fig. 1.14.1 shows a tableall or table to
8CDE FG H K implement this cipher efficiently,
R S T UV XY Z AB (See Fig. 1.14.1 on previous page)
C EFGH KL M O P
DEFG4 K MNO P 0 R S
TU
VW X Y Z A B C .For example : Let the message be THE BOY HAS THE
BAG and let the key be
VIG.
EFGH K i MN0 PO R S
T U V W X Y Z A BC n
Key = VIG VIG VIG VIG VIG
J L OPQR S T U VW X Y Z A BC DE
F G H. K

K LMN 0 PQR V W X Y Z A B C DE F
ST U Plaintext = THE BOY HAS THE BAG

K NO P R S TUV WXY Z A B C D E Fi G
Ciphertext = OPKWWECTYOPKWIM
KLM NOPG V W X Y Z A BC D E F G HRS T

KMNo PORS TUV Wx Y ZA B C DEF GH

The strength of this cipher is that there are
multiple ciphertext letters for each
plaintext letter, one for each
unique letter of the keyword.
MNOF R S T UV Wx Y Z A BCD E F G H
N0 P R STU W X Y ZA B C D E F G H J K 1.14.6 One Time Pad
MNO 0 R STUV W XY Z A BC D EFG H I JK L The key string is chosen at random and at least as
long as the message, so it does
N PO RST W Y ZA BCDE FGHIJK L M not repeat.
PCR S.7 V W X Y Z A B CDEF G HI J KL, MN Each message requires a new key of the same length as the new message. It
new
PRS 7
w YZA BCD E F G H J K L M N produces random output that bears no statistical relationship to the plaintext.
RS W Y 2 A BCD E F GH J K L MN O P Vernam cipher uses a one time pad, which is discarded after a single use, and
R S T
W XY 2 AB CDEFGH JKL NN O P therefore is suitable only for short messages.
STU V W YZ EC DE FG H I J KLM N O PO For example :
T Vw YZ 6 B C, DEF G H J K L M NOP a R
V WX Y Z
E CD E FGH J K L MN O P Q R S Plaintext
WX Y
Z B C DE 14 12
FGHI JKL M N O P a
W YZ A BC
1
R S
DEF G HJ KL N B 2 A R
M N O P QR S T Key
XY 2 A BCDE FG H JK L M NOPQ RST U V 13
yY 2 A
BC D E F H
K L MNO PQR s TU. V W Totat 13 2 17
zZ A BC DEF GH JKL MNO Pa R STU V WA
Subtract 26 13 3 17
Fig. 1.14.1
if25
S E D R
Ciphertext N

TECHNICAL PUBLICATIONS Ai up tuust for

TECHNICAL PUBLCATIONS An up th/rust for knowledge
knowMedge
 Cryptography and
Network Security
aaawaanzssutaM
40
Introdue
but, in practice, has tu Cryptograpyand Network Socurity 1-41
The one time
difficulties.
pad offers complete security

quantities of randon
tidatheny Solution: key FNGINEERING plaintext COMPUTER
intrduciGr

problem of making large

=

. There is the practical with one tirne

kerys.
is also major problérm
2. Key distribution arnd protectiorn pad
and Polyalphabetic Cin
1.14.7 Comparison
between Monoalphabetic ipher
Monoalphabetic Cipher Polyalphabetie Cipher
e a aiphasetic Eack aipkaeic chat
ncea key is disse, be mapy6
Plaintext =
MPUTER MP ET ER
Cipher tet FLSETNI
Example 1.143 Eplan Plasoit Cyhe n brail. ind ot
ipher he
tet
lilning
KeyGOVERNMENT
PlainsedtPAIFAIR GT ter-17, arks 7
Sokusion
key =KSVERSMENT plaintes = PLAYFA12

GTO Sunmer-12, Marhs

Piaintext = PLAYFAIR PL AY FA IB

Cipher tert = KQYETHBS

Example 1.14A Ezplain Playfair Cigher in detail. Find out cipher sext for the folioneing
ghen plain text and key.
Key COVERNMENT
Plaintext PLAYFAIR GTU Winter-18, Marks 4
Solution : Key =
GUJAR
Plain text =
Surgical Strike
Sokved Eamples
U
Exaple 1142 pai oto api substiution technique in detail, Find out cp C D

Key=ENGANEERING N

Plastest COMPUTER K T U Summer-17,

M a r k s

TECHNICAL PUBLICATIONS An up thrust for knowiedge

TECHNCAL PUELKCATIONS An up thrust for knowtedge
 2
Cyptography and Network Securty
r uors, and
vetwork
Securit
1-43
introduction
0
Cyplograpry

Z Corresponding C i p h e
pher:
E

3 A
Plain text = Su rg ic al St ri ke 3
20 10 24
12 4
5

OP GU MC 10 Y
Cipher text = PA UJ UD JM
me at the usual place using the Hl
Example 1.14.5 Encryp the message "meet E

20 13 1 11 3

9 L
the key
***

7 GTU :Winter-18, Mals

13 4
Plaintext mod 26 2
Solution : Ciphertext =
Key x ****

C KP mod 26
Example
1.14.6 Given key
12
1 pair from plain text "me" > 17 17 5
K=21 18 21
(9x12+4x4 4> mod 26 =>1 2 2 19
5x12+7x4 88 andplaintext ney Find outthe ciphertext applying Hl Cipher 1s Hl cipher strog
2 pair from plain text "et"
against ciphertext only attack or known plaintext attack ? Justify the answer.
GTU: Summer-19, Marks 7
9x4+ 4x19 (112)
5x4+7x19 153 mod 2623 Solution Key K =
17 17
21 18
5
21 and ney
2 2 19
Cipher text for "meet" is "ukix
To get plain text from cipher text, we need to find the inverse of K 17 17 51131 17x13+17x4 +17 x24 697 21
21 18 21||. =21x13+18x4+21x24 = 849 mod 26 =|17=
A =
9x7-5 x4) => 43 2 2 192 2x13+2x4 +19x24 490 22
=17)
Adj (A) => | 43 % 26 Plaintext= ney
Ciphertext = vIw
Find the multiplier for 17, using 17xX = 1 mod 26 =>X = 23

161-92 5-14 Erample 1.14.7 How cryptanalyst can exploit the reguiaritiesof thelanguageHo
-115 207 Mod 26251525Add Add 26 for -ve values) diagrams cam soloe this problem 7 se the key hiddern GTU
nd encrypt the mege
Message using playfair cipher. Summer-l19, Marks 7
P CK => For the cipher text of "uk" Solution:
12 20 5x20 +12x10 220 Yptanalyst knows the nature of the plaintext (e.g., noncompressed Engisn
15 25 10 15x20+25x10550 ,then the analyst can exploit the regularities of the language to be solved is
To see
Hence the plain text is "me". how such aa cryptanalysis might proceed. The ciphertext
UZQSOVTt AMOPVGPOZPEVSGZWSzOPFPESXUDBMETSXAIZ
EPHZHMDZSHZOwSFPAPPDTSVPQUZwYMXUZUHSX
TEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
TECHNICAL PUBLICATIONS An up thrust for knowledge TECHNICAL PUBLICATIONSAn up thrust for knowledge
 1 44 Introduction Notwork Socury 1-45 Introduction
Cryptography and
Notwork Secuty Ciyptography and
letters can be determino.
d
the and
relative frequency of Examplo 1.14.8 Perform encryption in playfair cipher algorithm wíth plain text as
the English.
A s a first step, distribution for
INFORMATION AND NETrWORK SECURITY", keyuord is "MONARCH
standard frequency be sufficient
compared to a alone might
t
this technique but (Note: 1. Put j and both
i combine as a
single field in 5
*
5 matrix).
w e r e long enough, an exact match.
expect
If the
cannot
message
relatively short
we
message, GTU Winter-19, Marks 7
this is a (in percen
because
relative frequencies of the letters
in the ciphertext
entages Solution
I n any case, the
areas follows: M N A
Z 11.67 D 5.00 W 3.33 G1.67
C0.00
F 3.33 B11.67 Y B
P 13.33 H 5.83 V 4.17 T 2.50
L 0.00 U 8.33
Y 1.67
S 8.33 E 5.00 Q 2.50 I K
K 0.00 R 0.00 M 6.67
A 1.67 JO.83 S
0 7.50 X 4.17
10.83 N 0.00
P and Z are the equivalents of plain letters e and

I t seems likely that cipher letters

which is which. INFORMATION AND NETWORK SECURITY
t,but it is not certain Plaintext :

M and H are all of relatively

high frequency and probably IN FO RM AT IO NA ND NE TW OR KS EC
UR IT YZ
T h e letters S, U, O,
n, o, r, s).
letters from the set (a, h, i, FA RM RY GM QZ MNIT LE ZM SK
WD
correspond to plain Ciphertext: GA PH MO RS
(namely, A, B, G, Y, L, ) are likely included
The letters with the lowest frequencies to proceed at this point
There are a number of ways
in the set (b, j, k q, v, x, z). University Questions
and start to fill in the plaintext to see GTU: Winter-17, Marks 3
We could make some tentative assignments is 1. Write a brief note on hill cipher.
of a message. A more systematic approach
if it looks like a reasonable "skeleton" GTU: Summer-18, Marks 4
2. Describe monoalphabetic cipher.
to look for other regularities. GTU: Summer-18, Marks 7
3. Explain playfair cipher with example.
F o r example, certain words may be known to be in
the text. Or we could look for
GTU: Summer-18, Marks 3
deduce their plaintext equivalents. 4. Explain one pad cipher with example.
time
repeating sequences of cipher letters and try to 3 GTU: Winter-18, Marks 3
A powerful tool is to look at the of two-letter combinations, known
frequency 5. Explain the VERNAM cypher method.

transposition cipher is easily recognized?

Explain the rail fence cipher. Why pure
a
digrams. 6.
Summer-19, Marks
GTU: 3
Key hidden
and weakness.
with example and mention its strength
Message message , Explain one time pad algorithm GTU: Winter-19, Marks 3
Using playfair cipher polyalphabetic cipher ?
monoalphabetic cipher and
a
8. What is the diferemce between a
4
GTU: Winter-19, Marks

1.15 Transposition Techniques

to form the
the characters in the plaintext
A transposition cipher rearranges

ciphertext. The letters are not changed.

the plaintext in wo rows, proceeding
********YAiyayy irii fence cipher is composed by writing
h e rail
across, then down.
Plaintext =me sx sa ge aown, then across and reading
the ciphertext

Ciphertext = od xd qe fn

An up thrust for knowledge

TECHNICAL PUBLICATIONS
 1-46 Cyptogrep/nya n d

Cyptography and
Network Secunty Introduction
"meet
me
arter this party" th
wih
a
rail fen SolvedE x a m p l e s

example, to
enciphere
the message
tence Encryp the message "GTU E
ror
the following
Example 1.15.1 E n c r
amination" using the
your calculations and the result.Hil cipher algorithm
we write
ofdepth 2, t
h
matrir
e m a
i P with thekey
15
e f GTU: Winter-19, Marks 7
e
The ciphertext is
Solution:

5x6+17x19 3531
MEMATRHSATETEFETIPRY

reartangement
of the
the letto.
letters
a transposition cipher
requires o 5 171 6 4x6+15x19309 mod 26 | = P
Attacking
ciphertext. has the
the same
A pure transposition
ipher is easily
recognized
because it
\ete 20+17x4= mod 2626 =12 M
mod
frequencies as
the original plaintext.
is suitable for self study.
L4x20+15x4140
10K
Plaintext: The book 5x23+17x01 115 L]
L4x23+15x0 9 mod 26 =
Key:564132
6 4 1 3 2 15o
Key 5x12+17x8 196] mod 14 o
Plaintext: t
k
e b 15|8|4x12+15xs168
26 124
b e 5x13+17x01 651
5 17 l4x13+15x052 mod26
S e f 4 15]0
t 5 17 19 5x19+17x8 231 mod 26
Ciphertext : BSLEDOIFFOUELYESBSUTKTOSHIART.
415]8 4x19+15x8 196 14 o
014
1.15.1 Difference Between Substitution Cipher and Transposition Cipher 5 1714 (5x14+17x13-|28mod 26 =
wwwww.x
415|13 +15x13251
Substitution Cipher Transportation Cipher Plain text:GTU Examination
Deimition A substitution technique is one in
wiich the ietters of plain text are
Transposition cipher does not
substitute one symbol for another
Ciphertext: PX MK LO OM NA XO AR
the
replaced by other ietters or number instead it changes the location of
symbois. University Questions
pe MMoncalphabetic and Pokyalphabetic Keyiess and keyed transportation transportatiom techniques.
and
sstitaon cpter. Write diferences between substitution techniques
epher. GTU Summer-17, Marks 3
Each lefter refains s positior but
GTU: Winter-17, Marks7
anges IS Kientt
Each letter retains its identíty 4Explain transposition techniques with appropriate example.
A * changes its position GTU Summer-18, Marks 4
S Explain columnar transposition cipher technigue:
The last leters of tte aiphabet which Kegs very ciose to the
correct Ke?
areosty low zequency tend to wil reveal long sections of ieg

piaintext.
Raii tence cipher

TECHCAL PUBLICATIONS An up thrust for knowledge ECHNICAL PUBLICATIONS An up thrust for knowedge
 cK pners Nework Securitv 2-3
2-2 cyptographyand
and Network Secunty
Stream Ciphers nd Block Ciphers
Ciyptography

decrypting
d the data, copy a block of
ciphertext, decrypt it and
2.1 Stream Cipherss with the preceding block of ciphertext. XOR the result
on blocks of data. Ex to be the
A block cipher operates and operates on each Taking encipherment algorithm with key
breaks the plaintext
into blocks
block initialization vector, the cipher block
K and I to be the
Algorithm
Co = Ex (m, D)
chaining technique is
independently.

blocks are 8 or
16 bytes long
Usually of the encryption function. Ci Ex(17; ®Ci-1) for i> 0
depends on the design
Security of block ciphers faster than
Software implementations
of block ciphers run
softwate 21.1 Advantages and Disadvantage of Block Cipher

implementation of
the stream ciphers.
Advantages:
not affect other blocks.
Errors in transmitting
one block generally do 1. High diffusion
using the same key, identical plaintas
Each block is enciphered independently,
ext
2. Immunity to insertation of symbols
blocks.
blocks produce identical ciphertext
and the cipher you are using operates
.Suppose that plaintext is 227 bytes long on Disadvantages
16-byte blocks. 1. Slowness of encryption
them using the key table.
Algorithm grabs the first 16-bytes data, encrypts
of 2. Error propagation.
Algorithm produces 16-bytes of ciphertext. 2.2 Block Ciphers
After first block, algorithm takes next block. GTU: Winter-14, 17, 18, 19
The key table does not change from block to block. .Stream cipher algorithms are designed to accept a crypto key and a stream of
plaintext to produce a stream of ciphertext.
Plaintext= 227 bytes
227 .Fig. 2.2.1 shows the stream cipher.
Block size 16 bytes =

16 14 blocks plus 3 bytes Stream cipher is similar to a one Key stream

Algorithm encrypts 14 blocks and 3 bytes remain. time pad.
.For encrypting last 3 bytes data padding is used. A stream cipher encrypts smaller
block of data, Ciphertext
.Extra
bytes are added
make the last block size to 16 bytes.
to typically bits or bytes.
Whoever decrypts the ciphertext must be able to A key stream generator outputs a
recognize the padding. stream of bits
One problem with block ciphers is that if the same block of Kj, K2, K3.Ki. PlaintexX
two plaintext appears This key stream is XORed with a
places, it encrypts to the same ciphertext.
To avoid having these kinds of stream of
plaintext bits Pay 150
copies in the ciphertext, feedback modes are
useu P, P2,
Cipher block chaining does not require the extra information to P3..Pto produce the Fig. 2.2.1 Stream cipher
occupy bit paces
spa stream of
s0
every bit in the block is part of the ciphertext bits.
message.
Before a plaintext block is Ci P Ki
enciphered, that block is XOR'ed with preceu
ceding
At
ciphertext block. identical
to the description end, the ciphertext bits are XORed with an key stream
I n addition to the key, recover the
this technique requires an initialization OR
vector to X
he plaintext bits.
initial plaintext block. P C; K;
The system security depends entirely on the insides of the keystream generator.
TECHNICAL PUBLICATONS An up thrust for knowledge
TECHNICAL PUBLICATIONS An up thrust for knowiedge
 Stresm Ciphers and Block c
2-4 Notwork Securi 2-5
Gryptogrsphiy srid
Network Securily Cyptogrophyend Stream Ciphers and Block Ciphers
Stream Cipher
of
Advantages and
Disadvantages
half of the data being processed, followed
2.2.1 by permutation
a
that interchanges
the two halves.

Advantages is expanded s0 that a different

transformation The original key key is used for each round. Many
1. Speed of a4TOmetric block encryptin algorithms in current use are based on a structure
2. Luw error propayation. referred toas a Feistel block cipher
Disadvantages
1 Low diffusion modifications.
2.3.1 Feistel Cipher
and
malicions ineETtation
2. Susceptibility ko
Fia, 2.3.1 shows the classical Feistel network. The inputs to the encryption
between Stream
and Block Ciphor are a plaintext block of length 2w bits and a
2.2.2 Comparlson algorithm
is divided into two halves i.e. Left (LG) and Right (R).
key K. The plaintext block
Block cipher
Stresm cipher
design features
Parameters and
Block ciphers operate om larger blonk of are considered
ori sthallef units of Following parameters
trea tiplrts tipeETa data.
plairiext 1. Block size 2. Key size
Fastet thaf blenk cipher Swer thn stream ipher
3. Number of rounds 4. Subkey generation algorithmss
elemTit
Block cipher proces#es the input one block
streatii tifpher processes the iriput of elemernt at a im6, producing an otput 5. Round function 6. Fast software encryption/ decryption.
i r e élement
itiitilsly pfenuri, tnitpiit bloek for each input block,
7. Ease of analysis
Requires more code.
block size gives greater security
4
1. Security depends upon the block size. Larger
Reuse of key is possible, normal. Block size is 64-bit and
rky tne tire f ky ust but encryption / decryption speed is reduced
Ex, DES AES uses 128-bit block size.
Ex,( tirue pad
size. Because of longer key
7 Applualini . te tuse Ciiriettitis on the Applicatiom- Iatabase, file eneryptio, 2. Greater security is achieved by using longer key
of 64 bits or less are now
size, again speed of algorithm decreases. Key sizes
bits have become a common size.
Sstream cipher is mure suitable fot hardware Easier to implenent in soltware. widely considered to be inadequate and 128
implenientation, 3. Number of rounds are 16 in most of the algorithm.
In Feistel cipher, single
offer greater security.
University Questions round offers insufficient security and multiple rounds
leads to greater dificulty
subkey generation algorithm, greater complexity
GTU: Winter-14, Marks 7
In
Define block cipher. Explain design principles of block cipher.
1.
of cryptanalysis.
2What are the dferences beliuren sbreum ciper and block
3
eipher?GTU Wlnter-17, Marke 3 . Kound function is again greater complexity for greater resistance to

Differentiate block cipher and a stream cipher. GTU: Winter-18, Marks

4. Diferetiate block cipher and stream cipher algoríthm with example
cryptanalysis. of the
The speed of execution
St encryption / decryption:
software
GTU Wnter-19, Marks algorithm becomes a concern.
to
2.3 Block Cipher Structure Feistel
Cipher aBe of analysis There is great benefit in making
the algorithm easy

A block cipher is analysis.

an
encryption/decryption scheme in which a block of
ntext!

plaint
treated as a whole and used to produce a ciphertext block of equal length. Decryption Algorlthm the subkeys Ki n reverse
but use
block ciphertext as input to the algorithm,
tmber
.
Many ciphers have
Feistel structure. Such a
a
structure consists of a n
e

identical rounds of processing. In cach round, a

substitution is perfor order
An up thrust for knowledge
TECHNICAL PUBLICATIONS An up thrust
for knowledge TECHNICAL PUBLICATIONS
 Stream Ciphers and
Cyptography and
Nefwork Security
2-6 Block Cipher
Block
Cryptography and Network Secuity 2-7
Stream Ciphers and Block Ciphers
Plaintext (2w bits)
Key Consider the encryption process

LE16 RE5
RE46 LE15 x F(RE15 K1s)
RONund1 L bs wDits RK Subkey
generation
algorithm On the decryption side
D RDo - LEj6 = RE15

RD =
LD xF(RD0, K16) RE16 F(RE15 K16)
= x

=
[(LE15 *
F(RE15, K16}) F(RE15, K
x

W e have LDj = RE15 and RD = LE5

For the iteration of the encryption algorithm,
LE= RE-1
RE= LE-1 x F(RE;_v K)

Finally, the output of the last round of the decryption process is RE| LE9- A 32 bit
swap recovers the original plaintext, demonstrating the vaiidity of the Feistel decryption
process.

2.4 Simple DES

.Takes an 8-bit block plaintext, a 10-bit key and produces an 8-bit block of
cipher-text.
Decryption takes the 8-bit block of cipher-text, the same 10-bit key and produces
the original 8-bit block of plaintext.
It was designed as a test block cipher for leaming about modern cryptanalytic
differential cryptanalysis and
techniques such as linear cryptanalysis,
linear-differential cryptanalysis.
the schedule of
T h e same key is used for encryption and decryption. Though,
that the is the of
addressing the key bits is altered so decryption reverse

encryption
IP. Then, it is
An input block to beencrypted is subjected to an initial permutation
mereaeeetepieeeeoe applied to two rounds of key-dependent computation. Finally, it is applied to a
permutation which is the inverse of the initial permutation.
plaintext = b^bzbgb4bsbgbybg
key = k1k2kgkak_ksk7kgk gk 10
Fig. 2.3.A Clasal teietel networ
The put of the first
1and sA te derryption Subkey generation
32 bit swap
16 19nd f he ercryptiom process equal to a
he input so the is
First, produce two subkeys Kj and K2:
prseos.
Ki = P8LS,(P10(key))

thrust for knowledge

TECHAI PIBLIGAfONS TECHNICAL PUBLICATIONS An up
kn up hrust
or krnonsdy
 Stream Ciphers and
and Blo
Block Ciphen
2-8
Network Secuiy
Cyptography and Network Securty
Cryptography and 2-9
Stream phers and Block Ciphers
K2 PS(LS,(LS,(P10key)))
f L, R)= (L + Fk (R), R)
substitution operators.
bit
where P8, P10, LS1 and LS2 are
differ10 bits in a Fr (R) = P4 ( SO( lhs( EP(R)+K ))
returns the same
nt s1( rhs(EP(R)+K )) )
For example, P10 takes
10 bits and
k3kskak7k4k 1ok1kgkgk
order 4 bits to 8 bits
,

P100k1k2kkgkskskykgkgk10)
=

wwwwwwww****** ***owsseweewenoymmmemumnwww.
operators in this notation: ***********wwweeitvwenwwwnewwwmrewnmneeaun
to write such bit substitution
2 2
It's convenient www
******
www.
*****

**
*"********""*****"****w **************www 4
w**ww*********************************** *
P10: (10 bits to 10 bits) P4 (4 bits to 4 bits)
awww.

5 2 74 10
****
1 9 8 6
wwww.w************
*****"********NNWwwwrwwwmmwwmwwwwwwwww.wwr
********************Z

**ww aww*www
wwwwwnsavmwwwww.
*********
*********************1N*P*DeNWwmNmONmwwmmmwmiwmmwwww.Mmwwwv
P8: (10 bits to 8 bits) Ihs (8 bits to 4 bits )
wwwwswwwwwwwwiwwwww
******
ww.w
** ****w
***

10 9
7 4
waiwswwwwwwwwwwwaawwwwww.w.wwww.wwwww.wwwwwww
wwww.www..*********************www. 3 4
***** ******************

bit" 5 bit words) : 10 bits to 10 bits rhs (8 bits to 4 bits)

LS (left shift 1 on
**** ******wwAwwwwww.wnwwwevwwwwwwagww
wwwww**** * *************wwwwwwww.wwwww.
*****w*wvw wew w

2 3
weuwx
4
auaxnaun
1 7 8
wwwww.axww wwwww.wwww*ww***
10
***wwAww.a
6
wwawwswi
wwwwwwwwwww.wwwwwwwwwawwwww.ww
* ********wwwwwwwwwww. ww.w.wwwwwww.t

LS, (left shift bit" 2 on 5 bit words): 10 bits to 10 bits SO(b b2 bab4) = The [bjb4,b2b3 ] cell from the "S-box" S0 below, and similarly for
www.wauwwwwwwwwwwwws
S1.
3 4 5 1 2 8 9 6 7
wwww. wiwawwwwwiwwwwwww. *****wwwwwww.wmwwww.wmwwww..3
S0
Encryption
The plain text is split into 8-bit blocks; each block is encrypted separately iven a
plaintext block, the cipher text is defined using the two subkeys Kj and K2, ä
follows: 3
Ciphertext IP(fk,( SWlK,(IP( plaintext ))))
where:
S1
Initial Permutation (IP) : 8 bits to 8 bits
ywwwrarsomarm*e wv u
***""*""N ****** www
www.wwe wwwwvwwww.wwwwwwww

2
3 7
knnararwowm i mwww.

IP- (8 bits to 8 bits)

vwnww n. "r**"**
1
"www*w.w*vw********"
4
2

Switch (SW) : 8 bits to 8 bits Algorithmn:

he block of 12 bits is written in the form LoRo, where Lo consists of the first 6 bits
iwwyNmmniu

R o consists of the last 6 bits. The ith round of the algorithm transforms an input
w**
*****

6
unnun 8 1 2 wwen i-1 Ri-1 to the output L;R, using an 8-bit Ki derived from
and fk () is computed as follows. ig. 2.4.1 shows one round of a Feistel system.
We write exclusive-or
(XOR) as +.

TECHNICAL PUBLICATIONS - An up thrust for knowledge

TECHNICAL PUBLICATIONS An up thrust for
knowledge
 Stream Apners and
Block c
Cryptography
and Network Security
2- 10
ciphers Cyptography end Nefwork Security 2 - 11
Stream Ciphers and Block Ciphers
R T h e 6-bits are
expanded using the
following expansion function. The expansion
function takes 6-bit input and produces an &-bit output. This output is the
the two S-boxes.
input for

Fig. 2.4.3 The expansion function, E(R-1)

round of Feistel system 2. The 8-bit output from the previous step is Exclusive-ORed with the
Fig. 2.4.1 One
a
key K;
follows: 3. The is divided into two blocks. The first block
8-bit output
the ith round is found as consists of the first
The output for 4 bits and the last four bits make the second block. The first block is the
Li =
Ri-1 and R; =
Li-1 fR-1, K;) for the first S-box (S1) and the second block is the
input
.This operation is performed for a certain number of rounds, say n, and produces input for the second S-box
(S2).
LRg 4. The S-boxes take 4-bits as input and produce 3-bits of output. The first bit of
.Theciphertext will be R,in the input is used to select the row from the S-box, 0 for the first row and 1 for
Encryption and decryption are done the same way except the keys are selected in the second row. The last 3 bits are used to select the column.
the reverse order. 5. The output from the S-boxes is combined to form a single block of 6-bits.
.The for will be These 6 bits will be the output of the function f{Ri-1, Ki .
keys encryption K1, K2. . . . .

Kn and for decryption will be Kq, ..

Example: Let the output from the expander function be 11010010.

Function f{Ri-1, K;): The function Solution: 1101 will be the input for the S1 box and 0010 will be the input for the
fRi-1, K; ), depicted in the Fig. 2.4.2 below, is
S2 box. The output from the $1 box will be 111, the first of the input is 1 so select the
described in following steps.
second row and 101 will select the 6th column. Similarly the output from the $2 box will
be 110. In above
example we have the S1 output 111 and $2 output 110. So the output
for the function

fRi-1, Ki) will be 111110, the S1 output followed by the $2 output.

ER 2.5 Data Encryption Standard GTU: Summar-18, Winter-18,19
the
DES Encryption standard (DES) is a symmetric key block cipher published by
National Institute of Standards and Technology (NIST).
It
encrypts data in 64-bit block
4 bits oits
4 DES is
symmetric key algorithm The same algorithm and key is used for both
encryption and decryption.
S
Key size is 56-bit.
i.e. Pboxes, which is called
he encryption process
initial
is made of two permutations
and final
Fig. 2.4.2 The
permutation.
Functlon fRj.1, K)
TECHNICAL PUBLICATIONS An up thrust for
TECHNICAL PUBLICATIONS An up thrust for knowledge
nowledge
 Stream Cphers and Biock Cirs and N e t w o r k Security 13 Stream Ciphers and Bock Ciprers
2-12 cptography

for hat reason is phase consisting of 16 rounds of the same function, which involves
Then there is
a
and
substitution
arnd
Sorneti
DES uses
both transposition
its input, cutput
and key are
each 64
each
64-bits lorg both permutation
and substitution functions.

referred to as a product cipher. the sixteenth round consists of 64-bits that are a function of the
are referred to as blocks. The output of
The sets of 64-bits ions rounds uses aa separa and the key.
consists of 16 rounds or iterations.
Each
Each rounds uses
separate kev.
ey t input plaintext
The aipher The left and right
halves of the output are swapped to produce the pre-output. At
48-bits.
Fig 25.1 shows DES encryption algorithm First, the 64-bit plainte+
xtuce last, the pre-output
is passed through a permutation (P) that is the inverse of
the bits to prodic
passe the initial permutation function, to produce the 64-bit ciphertext.
that reartanges
Ehrough an nitial
Permutation (P) the
Initial permutation
permuted nput
Key (64 bit) . Table shows the initial permutation and its inverse. The input to a table consist of
Plain test (4 t )
64-bits numbered from 1 to 64.

. The 64 entries in the permutation table contain a permutation of the numbers from
Permutedd 1 to 64. Each entry in the permutation table indicates the positon of a numbered
Ir germutator Choice
input bit in the output, which also consists of 64-bits.
56
Permutation (IP) table
Initial
56 ,

Permuted Left crcular 2

Rosnd choice 2
***

20 2

56 46 2

56
Pemuted1 b6
Round 2 Let circular
choice 2 shh 33 9
49

59 51 43 35 19

45 29 2.1 L3
6
33 55 39 3I 23

Inverse Initial Permutation (IP)

cwwww.wweaaoows
24 B2
Round 166 Permuted 48
choice 2 Left circular .

16 shift 39 47 25

8 14 62 30

32 bit swap 13 b
********
2 20 60
4
9 2

Inverss initial 42 10
penmutation **** ********

4 9 A9
wwwww.wvwwwwww.w ************
****
w.aw wwowwwwww.wwww.wwwewwwwwwww.wwwwwwwwwwww

Ciphertext (84 bit)

Fig. 2.5.1 DES encryption algorithm
TECHNICAL PUBLICATIONS An up thrust TECHNICAL PUBLICATIONS -
An up thrust for knowledge
for knowledge
 Stream Ciphers and
Cryptography and
Network Security
2-14
Cphen Coyptogrephy and
Network Secunty 2- 15
Stream Ciphers and Block Ciphers
Round L = R-1
2.5.1 Details of Single
round of DES algorithm.
The left and right halr.
lves R Li-1 XF (R,-1/K)
2.5.2 shows single ies, labeled t a
Fig
64-bit intermediate value
are treated as separate
32-bit quantities,
labeled and
L
The left output (L;) 15 Simply copy of the right input (R- 1). The right output (R) is
be summar+sed in the .
fol owing
round can
processing at each the XOR of left input (i - 1) and right input (R - 1) and key for this stage is K. In this
T h e overall

formulae ctaore, the substitution and permutation both functions are used.

28 bits 28 bits
Fig. 2.5.3 shows role of S-boxes in the function F. It consists of set
of eight
32 bits
32bits S-boxes, each of which accepts 6 bits as input and produces 4 bits as output.

R(32 bits)

Left shift Leftshit

Expansion
permutation

48
48
4 8 bits
Dits
KY48 bits)

48
Pemutation
cOnttacGio
-0

SUDsitutionchoice

32

Permutation

32 bits
Fig. 2.5.3 S-boxes in the function (F)
XOR
The 48 bit input block is divided into 8 subblocks and each subblock is given to a
S-box. The S-box transforms the 6 bit input into a 4 bit output.
First and last bits of the input to box S; form a 2-bit binary number to select one
of four substitutions defined by the four rows in the table for S. Two bits can
store any decimal number between 0 and 3. This specifies the row number. The
middle four bits select one of the sixteen columns.
Fig. 2.5.2 Single round of DES
algorithm
TECHNICAL PUBLICATIONS An up thrust
TECHNICAL PUBLICATIONS An up thrust for knowledge
for knowledge
 Stream Ciphers and Block
Oryptbgraphy
and Network Secunty
2-16
Cipherg CVplography
and Network Security 2-17
Stream Ciphers and Block
vi ****
wwemweru
Ciphers
value for DES
gives the S-box 15 0 8
** wwww
tabBe 11 2 14 13 3
Folowing 12 9
12 5 10 6 1
8 3 10
14413 1 2 15 11 13
0 11 7 4 9 1 10 4 3 5 2 15
106 12 11 ************ ******
*******
8 6
2 13 4 13 12 3 14 10
015 74 ************** 15 6
2
15 12 9 7 3 10 5
***** ******* 9

8 13 6 2 ********
0
***- 11 1 10 7 9
4 1 14 **
6
**
5 U 15 14 3 12
14 10 0
www.wwwwwwwwwwwwwwwwww
* *****ontwwn meviemmwe
5 11 3 6 13 ** ******* ****
2 4 www.wwiww *w w w *wwdn
15 1 2 8 www *
4 15 111 10
wawwmmw
2 8
13 9
******: ******* **
14 012 7
* **wwww 1 15 13 810 7 412 5 6 11 14
**
9 7 2 I3 12 0 5
****** 9 2
3 10
151 8 6 en*-*********************** ************** ****** : *******¢ 7 114 19 12 14 2 06 10 13 15
. s*****"?** ** *****************--
3 5 8
14 12 0 1 10 6 9
**************************"*****************************earens*
2 5
313 4 7 15 ************************* ***************
2 1 147 4 10 8 13 1512 9 5 6 111
. hiwwwwww.wwwwwwwwwwwww.iwwwwwwwwwwwwwwwwww.wwwwwwwwwweww.
413 15 8 12 6 99 3 2 wwww.w wwwww.w.w w
10 15 ***
wwwwwwwwwwAwwwwwwvwime
014 7 11 *****
****
**********************************o*
. Fig, 2.5.4 shows the selection of an entry in a S-box based n the 6-bit
3 154 2 11 7 12 05 14 9 input. For
138 101 www wwww.wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwiww.
example, in S2, for input 101101, the row is 11 and the column is 0110. The value
** * *****www.wwwwwweuooowos

7
in row 3, column 6 which select row 3 and column 6 of S2 box. The output is 4.
10 9 14 6 3 15 5 13 12 11 2
*** :****** *

13 7 9 346
******
10 2 8 5 1412 11
***
15
1
13 6 4 9 15 3 1 2 I2 10 14 7
***** ******* es***************************** **********

10 6 15 14 3 II 2 12
******* ************* " ***************************** * * ************* ***************wwwwwww.

4 bit columnn
7 13 14 3 6 9 10 1 2 5 11 12 4 15 numoer

115 6 15 0 3 7 212 11 10 14 9 2 bit row

10 6 9 11 7 13
number
12
151 3 14 5 2 84
Fig. 2.5.4 Selecting entry in S-box
10. 1 13 8 94 5 11 12 7 2 14
vywwANENIewaaavwwiav0* w***r ***w ww m *****"*********w****w
ww.

n** ew
iwn 2.5.2 Key Generation
*r"""***"****
1 4
10 11 6 3
***********************"?********in***
15 13 14 64-bit key is used as input to the algorithm. The initial 64-bit key is transformed
**********************************i**************:
14
into a 56-bit
P5 ***************************w
7 13
**opo
1 0 15 10 33 9
********
key by discarding every 8h bit of the initial key.
*******"********************************************
10 13 7 9 14 rom 56-bit key, a different 48-bit subkey is generated during each round using a
12 5 6 3 0
12 ***************"ve*g*ve**********"******** process calledkey transformation. as
14 21 3 6 15 3
0 9 10 5
he
******NPewe uew130****************
*******aaN*NIAtwwwuenw*"* resulting 56-bit key is then treated as two 28-bit quantities, labeled Co and Do
12 1 10 15 9 2
13 3 4 14 7 5 11 At each round,
C_ and D are separately subjected to a circular left shift, or
10 15 2 7
**** rotation, of 1 or 2-bits.
12 9 5 6
6 1 13 14 0 11 3
1415 5 2 8 nese shifted values serve as input to the next round. They also serve as input to
7 6
****** a***ge*e**jas. 4 10 13 11 emuted choice Two, which produces a 48-bit output that serves as input to the
************maxsasri
function F(Ri-1 K).
urrsssonganm

4 3 2129 5 ***************** an*a************

***
ar ************ 15 10 11 141 7
13
*********w****od***Y*** vsiAdAwepedcodwkimnwarnvrivm 6
* * * * * * *w i o v i e w

TECHNICAL PUBLICATIONS An up
thrust for knowledge TECHNICAL PUBLICATIONS An up thrust for knowledge
 Stream Ciphers and Block r
2-1 a n a Network Security 19
and Network
Secunty Cryptography Stream Ciphers and Block Ciphers
Cryptography

2.5.3 DES Encryption

Tp
Key
permutation
to an initial h
is subjected a permutation
be enciphered finally to
A block to
complex
key-dependent
and
computation which Permuted
choice 1
initial permutation P
inverse of the
can be simply defined in terms
computation the kev
function KS, called the key
The key-dependent
called the cipher
function, and
a schedule.
s

function f, the block consisting of

s..

and R of bits, LR denotes bits s

Given two blocks L
of R.
L followed by the bits block to be enciphered
Initial permutation:
The 64-bits of the input are fr Left Left
1.
permutation,
called the initial
permutation. shift shift
subjected to the which uses the na
computation: The computation ermute
2. Key dependent pre-output block consists,
input block as its input
to produce the
Ciphe
on two blocks, one of 32-bits and one of 48-bits. Pemuted
function fwhich operates block in an iteration choice 2
32-bits. Let the 64 bits of the input Left
produces a block of 32-bit block R. Using the notati shifts
Left
shifts
followed by a
consist of a 32-bit block L
block is then LR. Let K be a block of
defined in the introduction the input
Then the output L' R of an iteration wi
48 bits chosen from the 64-bit key.
input LR is defined by Pemuted
chhoice 2
KN
L' R . (2.5 Left Left
R' L(+) f(R, K) shifts shifts

where (+) denotes bit-by-bit addition modulo 2.

As before, let the permuted input block be LR. Finally, let Lo and Ro be respective Permuted -K16
choice 2
L and R and let L and R, be respectively L' and R of equation (2.4.1) hence Land
are respectively Ln-/ and R,-1 and K is Kn ie. when n is in the range from 1 to l, Fig. 2.5.5 Key gene tion techniques

Kn = KS(n, KEY)
Then Ln Rp-1
R Ln-1 (+) {Ra-1, KT with
K determined by the bits in 48 distinct bit positions of KEY. KS is called the
The
key schedule.
pre-output block is then R16L16
3. Key schedule :
Key generation techniques is shown in the Fig. 2.5.5 2.5.4 DES Decryption
(See Fig. 2.5.5 on next page).
The input of the
first iteration of the calculation is the permuted input block ne
permutation IP
applied to the pre-output block is the inverse of the initial
P applied to the
is the output of the 16" iteration
then RL' is the At each iteration tation input. Consequently, to decipher it is only necessary to
different block K of key bits is chosen from the pre-output block. K the very same algorithm to an enciphered message block, taking care that at each
64-bit key KEY. Let
designated by Aen o f the computation the same block of key bits K is used during decipherment
a function which takes a
integer n in the range from 1 KEY# as

input and yields as

output a 48-bit block Kn which is a
to 16 and a 64-bit bloc
bits
fror sed during the encipherment of the block only in a reverse order. For the
KEY i.e. permuted selection O iteraA 1ent calculation with R1oL10 as the permuted input, K10 is used in the first
0 in the second, and so on, with K, used in the 16 iteration.

TECHNICAL PUBLICATIONS An up thrust for

knowledge TECHNICAL PUBLICATIONS An up thrust for knowledge
 Cyptography and Nenvor* Secunty 2 20 Stream Ciphers and Block
2.5.5 DES Weak Keys
Ciphers
With many block ciphers there are some keys that should be avoided, becaus
reduced cipher complexity. ecause of
These keys are such that the same sub-key is generated in more than one
rouna
and they include nd,
Weak keys The
: same sub-key is generated for every round and DES has
weak kevs 4
Semi-weak keys : Only two sub-keys are
generated on alternate rounds and
DES has 12 of these (in 6 and
pairs).
3. Demi-semi weak keys : Have four
sub-keys generated.
None of these cause a
problem since they are a
tiny fraction of all available kevs
however they MUST be avoided
by any key generation program.
2.5.6 Advantages of DES
1 As 56-bit
keys are used there are 70 quadrillion possible
specific key cannot be identified easily. key values and hence a

2 As the
length of the key is increased the security
increases. provided by the algorithm also
3. The of the DES
security algorithm resides in the
key.
2.5.7 Disadvantages of DES
1. As it is
is
a
symmetric algorithm both sender and receiver must have
a
possibility that the key is intercepted. same key, there
2. The design of S boxes makes it
3 . It is susceptible to differential
susceptible to linear
cryptanalysis attack.
advantage of which DES cryptanalysis attack and brute force
attack taking
crackers have been
4. It has certain weak designed.
keys
which generate the
algorithm like when all key bits are either 0s or ls or if key for all cycles of t
same
Os or 1s. They are 0000000 one half of the
0000000, 0000000 fft, ffffff key bitS a
5. Some initial
keys produce only two subkeys while 0000000, fffff fffff.
are called
possible weak keys. some
produce only four. Tne
Possible techniques for improving DESs
Multiple enciphering with DES
Extending DES to 128-bit data paths and 112-bit keys
Extending the key expansion calculation.

TECHNICAL PUBLICATIONS An up thrust

for knowiedge
 Stream Ciphers and Block Cphers
N e w o r k Secunty
2-21
and
Cryptography

Design Principles
Block Cipher
2.5
are as follows:
for the S-boxes
criteria bits.
The
S-box should be too close a linear function of the input
No output bit of any
of an S-box should include all
16 possible output bit combinations.
Each row
2 must differ in at
to an S-box differ in exactly one bit, the outputs
3 Tf two inputs
least two bits.
must
to an S-box difter in the two middle bits exactly, the outputs
4 If two inputs
least two bits.
differ in at
first two bits and are identical in their last
inputs to an S-box differ in their
5. If two must not be the same.
two bits, the two outputs
difference betwen inputs, no more than 8 of the 32 pairs of
non zero 6-bit
6. For any output difference.
may result in the
difference same
that
inputs exhibiting
P are as follows.
Criteria for permutation
distributed so that two of them
bits from each S-box at round i are
1. The four output end bits.
round (i + 1) and the other two affect
affect middle bits of
on the next round,
from each S-box affect six different S-boxes
2. The four output bits
S-box.
and no two affect the same
if an output bit from S
affects a middlle bits of Stock on the
3. For two S-boxes j, k,
next round, then an output bit
from Sy cannot affect a middle bit of S.

University Questions
1. Write a short note on DES. GTU: Summer-18, Marks 7
2. Discuss in detail encryption and decryption process of DES. GTU: Winter-18, Marks 77
in DES and also give steps of one round in DES
3. Draw block diagram to show broad level steps
with another diagram. GTU: Winter-19, Marlks 7
2.6 Confusion and Diffusion GTU: Winter-18, Summer-19

Difusion
Diffusion is making output dependent on previous input (plain/cipher-text).
ldeally, each output bit is influenced by every previous input Dit.

statistical analysis. In
e are measures to thwart cryptanalysis based on

diffusion, the statistical structure of the plaintext is dissipated into long range
statistics of the cipher-text.

TECHNICAL PUBLICATIONS An up thrust for knowledge

Cryptography and Network Security 2-22 Stream Ciphers and Biock
iphers Secu
and Notwork ecurily 23
the
Cryplography
Stream Ciphers and B/ock
each plaintext letter
aftect value of manyN Cphers
This achieved by having
is
to kbe sent is
cipher-text digits, which is equivalent to saying that each cipher-text . T h edata
to
encrypted using a substitution
digit means
the ata is first broken into permutation network, which
blocks, in 4x4 rows,
affected by many plaintext digits. stituted for a newv one in line with the with each
byte being
The letter frequencies in the cipher-text will be more nearly equal than in encryption key.
the .The key features of AES
plaintext. 1. Symmetric key symmetric block cipher
Confusion Data of 128 bits
confusion makes the relation between theko
ates relation 2.
I n Shannon's original definitions,
as possible.
Confusion is making the key a Compared to
triple-DES it tends to be faster and stronger
and the cipher-text as complex output
every bit infiuences outne Design details and specifications
dependent on the key. Idealy, every key the and the secret 1 bit
4. are
complete
between cipher-text
Confusion tries to hide the connection key. 5. Resistance against all known attacks.
Confusion seeks to make the relationship between the statistics of the cipherta and code
ext 6. Speed compactness on a wide range of
platforms.
as poSsible. This is achieved
and the value of the encryption key as complex by 7. Design simplicity.
the use of a complex substitution algorithm. These operations became
.Encryption consists of 10 rounds of
processing for 128-bit keys, 12 rounds for
cornerstone of modern block cipher design.
192-bit keys, and 14 rounds for 256-bit keys. Except for the last round in each
case, all other rounds are identical.
2.6.1 Distinguish between Diffusion and Confusion
wwmmawmseunoausgouyoonyu niayinn .Each round of processing includes one single-byte based substitution
step,
No. Diffusion Confusion row-wise permutation step, a column-wise mixing step, and the addition of the
round key. The order in which these four steps are executed is different for
Diffusion hides the relation between the Confusion hides the relation between the
encryption and decryption.
ciphertext and the plaintext. ciphertextand key
Fig. 2.7.1 shows AES encryption and decryption
Ifasingle gymbol in the plaintext is a single bit in the key is changed,most process.
changed, several or all symbols in the or all bíts in the ciphertext will also be (See Fig. 2.7.1 on next page)
ciphertextwill also be changed changed
n diffusion, the statistical structure of theIn confusion, the relationship between the To appreciate the processing steps used in
128-bit block
a single round, it is best to think of a

plain text 1s dissipated into longrange statistics of the cipher text and the valueof consisting
as of a 4 x 4 array of bytes, arranged as follows:
statistics of the cipher text. This is achievedthe encryption key is made complex. It byteo byte4 byteg byte 12 |
y permitation achieved by substitution wwnomnmuwiwe
wwnnn9iD Ý I * * w *"
1" * * * byte bytes byte9 byte13
byte2 byte6 byte10 byte14
University Questions byte3 byte byte1 byte15]
1. Explain the diference between diffusion and confusion. GTU Winter-18, Marks4
Notice that the first four bytes of 128-bit input block occupy the first column in
a
4 array of bytes. The next four bytes occupy the second column, and
2. Which two methods are used to the 4 x so

frustrate statistical cryptanalysis ? on. The 4 x 4 array of bytes shown above is referred to as the state array in AES.

GTU: Summer-19, Marks 3 n Advanced Encryption Standard, the process goes through several rounds:
2.7 AES with Structure 9 Key Adding: The encryption key is added to the data, fusing them together.
GTU: Summer-17,19, Winter-17,18 4Substitution : Each byte of the cipher block is substituted for a new one,
Advanced Encryption Standard (AES) is a block cipher with a block lengtn 128
according to the cipher schedule.
bits. AES allows for three different
key lengths: 128, 192, or 256 bits. o w Shifting: The rows ofbytes shift around to different positions.
AES is a non-Feistel cipher that 4
encrypts and decrypts a data block of l 8-bits. C Mixing : The columns of bytes are further complicated through
mathematical equations
TECHNICAL PUBLICATIONS An up thrust TECHNICAL PUBLICATIONS An up thrust for knowledge
for knowledge
 Stream Ciphers and Block Cinh Security
Cryplograpnya n d Network. 2- 25
2-24 Stream
and Network Secunty Ciphers and Block Ciphers
CrYptography Plaintext
EP 2 : It is
ed ShiftRows
called for
Plaintext 2. shifting the
rows of the state
array during the
Key forward process. The
corresponding transformation during
Add round key
ShiftRows for Inverse Shif-Kow decryption is denot
noted
-w[0, 3 Transformation. Fig. 2.7.2 shows one round of
Add round key encryption and one round of decryption process.

Inverse sub bytes

Expand key
Substtute bytes
Inverse shift rows
Substitute bytes
Shit rowsS Inverse mix columns
Inverse mix columns
Mix columns
Shift rows Round key round key
-W[4, 7
Add round key
Add round Key
Înverse sub bytes Mix columns Inverse substitute bytes

Inverse shiftrows
KOund key
Substitute bytes
Add round key Inverse shift rows

Shift rows

Encryption round Decryption round

Mix columns Inverse.mix columns and one round of
Fig. 2.7.2 One round of encryption decryption process
Add round key w136, 39]- Add round key
3.STEP 3:it is called MixColumns for mixing up of the bytes in each column
separately during the forward process. The corresponding transformation during
column
SUbstitute bytes Inverse sub bytes decryption is denoted InvMixColumns and stands for inverse mix
here is to further scramble the 128-bit input block.
transformation. The goal is up
Shift rows The shift-rows step along with the mix-column step causes each bit
of the
Inverse shift rows ciphertext to depend on every bit of the plaintext after 10 rounds of processing
Add round key the
w140, 43 Addround key STEP 4 this round is called AddRoundKey for adding the round key to
The corresponding step
Output of the previous step during the forward process.
Ciphertext for inverse add round key
(a) Encryption Ciphertext auring decryption is denoted InvAddRoundKey
(b) Decryptlon transformation
Fig. 2.7.1 AES encryptlon and decryption process is very similar
to the encryptiorn
Decryption Process: The decryption
1.STEP 1: It is called subbytes for byte-by-byte substitution during the
forward

Process but this works in the reverse of the same process.

process. The corresponding substitution
r called

step used during

decryption 5 d e n c e each round consists of the four processes carried out in
the reverse order:
InvSubBytes. This step consists of using a 16 x 16 lookup table tohe Add round key, Mix columns, Shift rows and Byte substitution.
replacement byte for a given byte in the input state array. The
lookup table are created by using the notions of entric/28)
GFZ
or Advanced Encryption Standard (AES) cipher the encryption and the
and bit scramblingto multiplicative inverses aecryption have to be separately applied and implemenfed.
the destroy bit-level correlations inside each
byte.
An up thrust for knowledge
TECHNICAL PUBLICATIONS
PUBLICATIONS An up thrust
for knowledge
TECHNICAL
 Streem Cphers and Blook
2-26 Security
Dypkagrapy and Netrwork Securiy iphers tography and Network
27
Stream Ciphers and
the "Mix columns" step. 5/ock Ciphers
T h e last round for encryption
does not involve
columns" step.
The last 1. S e c u r i t y

involve the "Inverse mix This ofers to the etfort required to

round for decryption does not
Comments about the AES structure:
1 AES stracture is not
a
parameters are also consider for evaluation.cryptanalyse an
algorithm. Following
Actual security compared to other
a. submitted algorithms.
Feistel structure.

is expanded nto an array of forty-four

Randomness:The extent to which the
algorithm output is indistinguishable
2 The ker that is provided as input 32-bit from a random permutation on the input block.
wOrds, w). of the mathematical basis for
Soundness the
algorithm's security.
3 Four diterent stages are used, one of permutation and three of substitution.
d. Other security factors raised by the
with AddRoundke public during the evaluation
For both aryption and deayption, the ipher begins an
stage, process.
olowad dy nine zounds that each inctades ali tour stages, foilowed by aa 2. Cost
tenth
rond af hree stages. a. Licensing requirements When the AES is
issued, the algorithm specified in the
of the ABS shall be available on a worldwide,
Ori the AdáRoundkey sage make use key non-exclusive, royalty free basis.
é. The AddRoundiey stage is, in effct a form of Vemam Cipher and by itself would h. Computational efficiency: The evaluation of
computational efficiency will be
b e fOidenie applicable to both hardware and software implementations.

T. E a stae a asiy easbie c Memory requirements: The memory requirement for implementing the algorithm
in hardware and software will be considered.
& The deyptiom algarithm makes use of the expanded key in reverse order.
9 Once its estaished hat al four 3. Algorithm and implementation Characteristics
stages are reversible, it is easy to verify that
eypir does recover the plaintext. This includes a variety of considerations,
category including flexibility, suitability for
12 The mnal round of both
encryption and decryptian consists of only three stages
a hardware and software implementations; and
variety of simplicity, which will mke an
analysis of security more straight forward.
27.1 Advantages of AES
The following criteria were used in the final evaBuation
npie to e a
very robIst protocoB since this 1. General security: NIST relied on the public securiy analysis conducted by the
can be applied to both hardware
soetware.
2 I
yptographic community.
is
aiso very robust for hackers
because of its large Software implementations: It includes execution speed, performs across a variety
here are very higher as ike key sizes. The key sizes used
128, 192 and 256 bits for of platforms and variation of
3 A encryption. speed with key size.
large set of
applications such as
e-business, data storage in an 3. Restricted
and wireless communication encrypted forma space environments.
make use of these AES
4 protocols in a extent. large 4.Hardware implementations.
CommercialBy this cipher protocol is among the most 5. Attacks
the world widely used ones all arou on
implementations
6.
Encryption versus decryptions.
2.7.2 Evaiuation Criteria for AES 7. Key agility.

NIST evaluation criteria for AES are 8.

Other
versatility and
. Security .
Potential
flexibility
for instruction level
2. Cost parallelismn.
3.
Algorithm and implementation characteristics.

TECHNICAL PUBLICATIONS An up TECHNICAL PUBLICATIONS An up thrust for knowiedge

thrust for
knowledge
 Stream Ciphers and Block
ock Ciphen
Chpturaphy ant Netwrh e u t y

betwaen AE8 and DES

2.7.3 Comparlson
ARS DES
Parameters
No
h4-bits
128-bits
Block slaee
56-bits ( effective
Key length
28, 192, 250-bits
length)
neryption primitlves
Subatitutieon, shift, hit mixing Substitution, Permutation
Confuslon, Diffuslon Confusion, Diffusion
Cryptographic primitivea
8 Deslgn rationale Cloaed Open www.a

University Questions
1 laboate AlS eneryption with neat sketche. GTU: Summer-17, Marks 7
2plain atvalanache effoet in DS and discuss strength of DES in brief.
GTU: Summer-17, Marks
3. Explain AES encryption detail
in
GTU: Winter-17, Marks 7
4. Describe mrious step8 of AES.
GTU: Summer-18, Marks 7
5. Discuss in detail encryption and decryption process of AES.
6.
GTU: Winter-18, Marks 7
Explain four different stages of AES (advance
encryption standard) structure.
7. Briefly describe mix
GTU: Summer-19, Marks 7
columns and add round
key in AES algorithm. GTU: Winter-19, Marks
2.8 Short Questlons and Answers
Q.1 Explain the avalanche offect.
Ans. A desirable property of any
the plaintext or the
key should produce
encryption algorithm is that a small change me er

particular, a
change one of the
I
a
significant change in the
In

change in many bits of the plaintext or one

bit of the cipher
ciphertext. key should pl
Q.2 What ls a brute force attack
?
Ans.: A brute force attack
consists
password until you find the right one. of trying every possible code,
Q.3 What is DES ?
de,
combina
combination

Ans. DES is
Standard Number symmetric
a
cipher defined in
46 in 1977 as the Federal Information F I S

for sensitive but non-classified tederal

government approved
tion
Processin
Processing 7 t h

intornation.
vulnerable to a brute force attack usirng DES utilizes encryption je" key size
a 56-bit
current key. This key
technologv
 Multiple E
3-2 Encryption and Security 3-3
Triple DES
Network

and Nework Security and

Cyptography aphy Multiple Encryption and Triple DES
CIYP
GTU: Winter-17, 19, DES have
3 . 1 Double DES Summe Attacks on DES typically been brute force
attacks. Here is the double
blocks of 64 bits.
and enciphers
encryption:

112-bit key
Double DES has a
p E(K1,P)> E(K2,E(K1,p)) = C
K2 in this algorithm. Jt.
Double DES uses two keys to say Ki and kirst perfoms 1sing all
using 236
all 2
possible keys and store the results. The stored
to get the encrypted text in cru Encrypt p results will
DES on the original plain text using Ki nclude all possib encryptions p> E(K1,p).
Phy
the encrypted text but this time with th
Here, it again performs
DES on
other ke Then decrypt
C using all possible keys.
K in this algorithm. pK2,C) DK2,E({K2,EK1,p)) ECK1,p) ->

is the encryption encrypted text with the oriod

of
Firstly, the final output Pa A f t e r decrypting witn eacn key, check for a match with the stored outputs of the
different
twice with
two keys shown in the structur
text encrypted given 56 possible encryptions. When we have a match, we have located a possibly
below correct pair of keys. Now, perhaps more than one pair of keys will result in a
C ExalExP) match, but the number of pairs of keys that return matches should be small.
T=ExiP) ExalExP)
ExP Temporary Final Cipher
Original piaintext Encrypt
(P) Encrypt Cipher text (T) text(C)
University Questions

1. What is meant by meet in - the middle attack in double DES ? Explain the same in brief.
K2
K1
GTU Winter-17, Marks 4
Fig. 3.1.1
double DES?
2. How meet in the
middle attnck is performed on
GTU: Summer-19, Marks 4
Using two encryption stages
and two keys. 3. What is a meet-in-the-middle attack in double DES? GTU: Winter-19, Marks 4
is follows,
A) The plain text to iphertext
as

the 3.2 Triple DES GTU: Summer-17, 18

C Ex(Ex,(P)) where K and K2 are key.
follows, .Triple DES is simply another mode of DES operation. It takes three 64-bit keys, for
B) Ciphertext plain text is
to as
an overall key length of 192 bits.
P DxDx, (C) The procedure for encryption is exactly the same as regular DES, but it is repeated
Meet-in-the-middle attack is the drawback of
double DES in this. Mainly, th
matching three times. Hence the name triple DES.
from the other and
attack involves encryption from one end, decryption Triple DES uses 2 or 3 keys.
theresults in the middle hence the name in the message. Ihe data is encrypted with the first key (K), decrypted with the second key (K2),
and Hellman m
Meet-in-the-middle attack was first introduced by Diffie resof and
it is generic method to analyze high-level structu finally encrypted again with the third key (K3).
cryptanalysis of DES and a
in many products including
e DES with three keys is used quite extensively
cryptographic algorithms. into PGP and S/MIME.
I t s fundamental idea is the target algorithm can be decompoSed
that if master

involves portio1,l Brute force search impossible on Triple DES.

smaller parts and the computation of each part only
then we can investigate the security level of each part separately a Cet-in-middle attacks need 256 Plaintext-Ciphertext pairs per key.
keys,
combinethe results from both sides. Cupher text is produced EKa 1Dx2 lEK1
S u m e t h a t we
as C
Let's assu
This attack requires knowing some plaintext/ciphertext pairs. P
the
Fig. 3.2.1 shows the 3DES method with three key.
have a plaintext/ciphertext pair; i.e., we know the plaintext if
corresponding ciphertext C.
riple DES runs three times slower than standard DES, but
is much more secure

used properly.

-An up thrust for knowledgo ECHNICAL PUBLICATIONS- An up thrust for knowiedge

TECHNICAL PUBLICATIONS
 Multiple yption and
Network Security
4
Triple t Nefwork Security 3-5
Ciyptography and araphy and
Plaintext
Multiple ncryption and Triple I
ECR and CBC mode works
.Where on block
Key 1 works on
block ciphe acting as stream
ciphers, and CFB and
OFB mode
DES Encryption ciphers.
1Ged
. E C B is used for transmitting sirngle value in secure
a

DES Encryption
Key 2
encty
ina blocks of text
authentication, CFB is used formanner, CBC is used for
data
authentication, OFB is used for transmitting encrypted
4ata. CTR is used for transmitting block-oriented transmitting encrypted stream of
DES Encryption
- Key 3
o s of operation enable the
applications.
repeated and secure use of block a
single A block cipher by itselt allows cipher under a

Ciphertext of the cipher's block length. encryption only of a single data block
method
Fig. 3.2.1 3DES with three key
When targeting a variable-1ength message, the data must
is the same as the cenarate cipher blocks. Typically, the last block must also
first be partitioned into
.The procedure for decrypting something procedure for be extended to match
encryption, except it is
executed in reverse. cipher's block length using suitable padding scheme.
the a

Like DES, data is encrypted and decrypted

in 64-bit chunks. Modes of operation have primarily been defined for encryption and authentication.
While modes of operation are
commonly associated with
.Thereare some weak keys that one should be aware of: If all three keys, the fri symmetric encryption,
and second keys, or the second and third keys are the same, then the encrypton they may also be applied to
public-key encryption primitives such RSA in as

procedure is essentially the same as standard DES. This sihuation is to be avoided principle.
because it is the same as using a really slow version of regular DES.
3.3.1 Electronic Code Book (ECB)
The input key for DES is 64-bits long; the actual key used by DES is only 56-bis
A block of plaintext encrypts into block of Block size is 64-bits. Each
in length. The least significant (right-most) bit in each byte is a parity
bit, and a
Ciphertext.
should be set so that there are always an odd number of 1s in every byte. These block is encrypted independently.
bits are ignored, so only the seven most
parity bits of each byte ar
significant Plaintext patterns are not concealed since identical blocks of plaintext give
used, resulting in a key length of 56-bits. This means that the effective key identical blocks of ciphertext. It is not necessary to encrypt the file linearly.
strength for Triple DES is actually 168-bits because each of the three keys contais
8 parity bits that are not used
during the encryption process.
User
naly
can
encrypt the 10 blocks in the middle first, then the blocks
the blocks in the beginning. Because of this, encrypted files are accessed
at the end, and

randomly like a data base.

University Questions It 1s
very easy to parallelize the process. Pad the last block with some regular
1. Explain triple DES with two Pattern 1.e. zeros, ones to make it a complete block.
keys.
GTU:Summer-17, Marks 4
2 Explain double and triple DES. End of file character is used to denote the final plaintext byte before padding
GTU: Summer-18, Marks
LB method is ideal for a short amount of data, such as an encryption key.
3.3 Block
Cipher Mode Operation GTO Summer-17, 18, 19, Winter-1 1 9
Fig. 3.3.1 shows ECB mode.
The modes of operation of block allow
n of 64 bits.
ciphers are configuration methods that
Ode, the plain block where each block is
text is divided into
large data streams, without the risk of coP in Th a
those ciphers to work with
is used for the encryption
the provided security Dlock is encrypted separately. The same key makes the block of
the key and
E a c h block is encrypted using
There ciphertext.
Code

are five types of operations in

block cipher modes, ECB (Electr made
Block) mode, CHC (Cipher Block Chaining)
mode, CFB (Cipher Feedbat
OFE (Output Feedback) mode and CTR (
Counter) mode.
TECHHICAL PUBLICATONS An up thrunt An up thrust for
knowledge
for knowledgo TECHNICAL PUBLICA TIONS
 Multiple Encryption and:
3-6 and
Networh Security 3 7
and
Network Security Cnptography
Multiple Encryption and Triple DES
Agrahy Time N
iphertext is als
also decrypted
Time2

Time1 PN block
of using the same key and the result of the
decryption will urill be XOR with the first block of
ciphertext and form the
second
K
Encrypt block of
plain text. same
procedure is used for all the
blocks.
Enct En The plaintext
is XORed with the
previous ciphertext block before it is
mode is iterative mode.
encrypted.
Encryption . The CBC
CN block is
After a plaintext encrypted, the
resulting ciphertext is also stored in a
feedback register.
CN next plaintext block is encrypted, it is XORed
ho
Before with feedback
the next input to the encrypting routine. register to
become

K
Decrypt Decrypt Decrypt ,Theencryption of each block depends on all the previous blocks.

Aeiphertext block is decrypted normally and also saved in a feedback register.

2 Decryption PN Ater the next block is decrypted, it is XORed with the results of
the feedback
P

Fig. 3.3.1 ECB mode register.

divided into a block, each of 64 bits. The Mathematically it is
At the receiver side, the data is
same
key
which is used for encryption is used
for decryption. It takes the 64-bit ciphertov C E eCi-1)
convert the ciphertext into the plain text.
by using key
and the P = Ci-1 D,(C;)
the ECB mode may not be secure.
For lengthy messages, I t hides patterns in the plaintext.
Used in secure transmission of single values i.e. an encryption key.
that there is always some random looking ciphertext to
ECB has security problems that limit its usability.
In order to guarantee
apply to the actual plaintext, the process is started with a block of random bits
Pattens in the plaintext can yield patterns in the ciphertext. called the Initialization Vector (IV).

I t is also easy to modify a ciphertext message by adding, removing or switching Fig. 3.3.2 shows cipher block chaining mode.
encrypted blocks. P1 P2 Co - C2
Synchronization error is unrecoverable.

3.3.2 Cipher Block Chaining Mode (CBC)

Key D Decryption
Cipher block Mode at the sender
side, the plain text is divided into blocks. this Encryption
box

mode IV[nitialization IV is box

Vector) is used which can be a random block of text
used to make the ciphertext of each block Exclusive
IV
unique. OR
The first block of
plain text and IV is combined using the XOR
encrypted the resultant message using the key operation Co PA P2
and form the firsS C2 Po
ciphertext. the first block of ciphertext is used as IV for the second
text. the same
procedure will be bloc Encryption Decryption
followed for all blocks of plain text. Fig. 3.3.2 CBC
At the receiver side, the
ciphertext is divided blocks. The first bloc ciphertext

decrypted using the same key which is into When used in

block
is the
implementations add the IV
to
most CBC
decrypted

result will be XOR with the IV and form used for encryption. n The CEworking messages,
the first block of
second
Deginning of the
message in plaintext.
plain text ** blain text.

TECHNICAL PUBLICATIONS An up thrust TECHNICAL PUBLICATIONS An up thrust for knowledge

for knowledge
 and Network Secuity
O y p t o g r a p n Ya n dNetwork 9
Multiple Encryption and Triple DES Multiple Encryption and
Security
3-8 Triple DES
Ciyptography and Network with respect
CFB is self recovering to
block will
atfect that ciphertext
block and all
block synchronization errors as w
bit error in a plaintext
A single
subsequent ciphertext blocks. Advantages

1.
Simplicity

CBC mode is selfrecovering.

Two blocks are affected by an error, but the system recovers and conin
able. used on a byte boundarv.
be
error is unrecoversto
nues Need not
blocks. Synchronization
to the
block cipher is randomized.
work correctly for all subsequent 3. Input
size is the same: size as the plaintext size.
Encryption is not parallelizable. access property.
Cipherte

random
and has a
Decryption is parallelizable Disadvantages

(CFB) is not parallelizable.

Feedback Mode Encryption
3.3.3 Cipher 1.
than a defined block size. Plaintext is somewhat difficult to manipulate.
D a t a is encrypted in units that are smaller 2.

to convert the DES

into stream cipher using cipher feedback mode Feedback Mode
. I tis possible
in the torm of units h e r e each unit is of R 3.3.4 Output
. I n this mode, the data is encrypted
The output feedback (OFB) mode is similar in structure to that
of CFB. Fig. 3.3.4
bits.
shows output feedback mode.
block chaining mode, N is initialized. the IV is kept in the shi#
Like cipher Initialization Vector (V)
register. It is encrypted using the key and
form the ciphertext.
Fig. 3.3.3 shows CFB encryption and decryption process.
Ciphertext Block cipher Block cipher Block cipher
Key- encryptioon Key encryption Key encryption
Shift register Shift register Plaintext Plaintext Plaintext

Key Encrypt Decrypt

Ciphertext Ciphertext Ciphertext

Fig. 3.3.4 Output feedback (OFB) mode encryption

K Select discard
t is the output of the encryption function that is fed back to the shift register in
OFB, whereas in CFB, the ciphertext unit is fed back to the shift register.
P
ne other difference is that the OFB mode operates on full biocks of plaintext and
ciphertext, not on an s-bit subset.
Ciphertext Plaintext
Advantages and Limitations of OFB
Fig. 3.3.3 CFB Modes Needs an Initialization vector which is unique tor
eacn USe
More than one
message can be
encrypted with the same key, ed that Z Bit errors do
not
different initialization vector is used.
3 More vulnerable
propagate
to ation
.CFB speed is the message stream mOu
same as
the block cipher. ender & receiver must
Encryption is not remain in sync
parallelizable, decryption is
parallelizable and has
has a
a
t
random
5.
access property. Only use with full block feedback
TECHNICAL PUBLICATIONS An up thrust
for knowledge ECHNICAL PUBLICATIONS An up thrust for knowiedgs
 Multiple Enciyption and Security 3-111
Network Secunty
3-10 Tiple DEs otography
and
Network

Multiple otion and Triplo DES

Cryptography and

University Q u e s t i o n s
3.3.5 Counter Mode
the inn.
in counter mode use sequence
numbers as
nput to the Discuss selectronic code book and cipher feedback mode with neat
Block ciphers diagrams.
algorithm.
be encrypted
with the same key, provided
that
GTU Summer-17, Marks 7
More than one message can a
2 Dis the following block Cipher modes of operation in detail with neat
sketches:
is used. nmode
different initialise vector -Cipher block chaining
manipulate, any change
in ciphertext directly aff - Counter mode
Plaintext is very easy
to the GTU: Winter-17, Marks 7
3.3.5 shows counter mode. mode of DES operation.
plaintext. Fig. Counter 1 3 Explain cipher feedback
Counter GTU: Summer-18, Marks 4
4. Explain counter mode of DES operation. GTUSummer-18, Marks 4
Encrypt EExplain working of ECB. Why ECB (electronic code book) is
rarely used to encrypt message i
Key Encypt Key
GTU: Summer-19, Marks 4
&Whu CFB (cipher feedback nmode) encrypted messages are less subject to tampering than OFB
2 (output feedback mode) ? GTU Summer-19, Marks 3
7. Explain CFB algorithm mode with diagram.
GTU: Winter-19, Marks 3
8. Explain Counter (CTR) algorithm mode with diugram.
GTU: Winter-19, Marks 3
(a) Encryption
3.4 Short Questions and Answers
Counter Counter 1
Q.1 What is triple encryption ?
Ans. The function follows an encrypt decrypt encrypt (EDE) sequence. There is
Key Encrypt Key- Encrypt to the use of
no
cryptographic significance decryption for the second stage.
Q.2 How many keys are used in triple encryption ?
C2 Ans,:
Tuchman proposed a triple encryption method that uses only two keys.
Q.3 Why is the middle portion of 3DES a decryption rather than an encryption ?
P2 AnS. Decryption requires that the keys be applied in reverse order: P=Dkl|[Ekl[P]|.
(b) Decryption This results in a dramatic
increase in cryptographic strengtn.
Fig. 3.3.5 Counter mode
34 Why ECB mode is not secure for lengthy message
Synchronization error is unrecoverable. Ans.
A
ciphertext error affects only the corresponding bit of For lengthy messages, the ECB mode may not be secure because the messageis
plaintext. Striuctured, it may be possible for a cryptanalyst to exploit these regularities.
Encryption: The counter is encrypted and then XORed with the
produce the ciphertext block. plaintext D k to
3.5 Multiple Choice Questions
Q.1
Advantages which is the largest disadvantage of the symmetric encryption
1. Simple to
implement. More complex and therefore more time-consuming calculatonis
2. It Problem of the secure transmission of the Secret Key.
provides confidentiality.
3. Random CLess secure encryption function.
access of block is possible. dIsn't used
Efficiency is same as block any more.
cipher.
TECHNICAL PUBLICATIONS An up thrust for ECHNICAL PUBLICATIONS-An up thrust for knowledge
knowledge