VIETNAMNATIONALUNIVERSITY, HANOI

UNIVERSITY OF ENGINEERING AND TECHNOLOGY

LITERATURE REVIEW
NETWORK SECURITY

SYMMETRIC BLOCK ENCRYPTION ALGORITHMS

Lecturer: DR. Nguyen Dai Tho

Student’s name: Cao Nguyen Hung
Student ID Number: 19020035
Major: Computer Science

HÀ NỘI – 2022
2
Contents
LIST OF FIGURES.............................................................................................................................4
ABBREVATIONS................................................................................................................................5
Symmetric key algorithms......................................................................................................................6
Data Encrytion Standard........................................................................................................................7
Triple DES.............................................................................................................................................8
Advanced Encryption Standard..............................................................................................................9
References...........................................................................................................................................14

3
 LIST OF FIGURES
Figure 1. Triple DES..............................................................................................................................8
Figure 2. Key-Block-Round Combinations..........................................................................................11
Figure 3. Pseudo Code for the Cipher...................................................................................................12

4
 ABBREVATIONS

DES Data Encrytion Standard

AES Advanced Encryption Standard

5
Symmetric key algorithms
Symmetric key algorithms are sometimes called secret key algorithms. This is because these
types of algorithms typically use a key that is kept secret by the systems involved in the
encryption and decryption process. This single key is used for encryption and decryption.

Symmetric key algorithms tend to be very secure. Generally, they are considered more secure
than asymmetric key algorithms. There are some symmetric key algorithms that are
considered almost unbreakable. Symmetric key algorithms are also very fast. This is why they
are often used in situations where there is a large amount of data that needs to be encrypted.

In a symmetric key algorithm, the key is shared between two systems. This can be
problematic. You have to find a way to get the keys for all the systems that have to encrypt or
decrypt data using symmetric key algorithms. Having to manually distribute keys to all
systems can be a very tedious task. Sometimes this can only be done by copying the key from
a central location. You can imagine how troublesome that would be. On Windows systems,
you can choose to use Group Policy or some kind of script to copy the key to the necessary
systems. This helps, but administrators are still responsible for ensuring that group policies or
scripts work properly.

There are hundreds of different symmetric key algorithms available. Each has its own
strengths and weaknesses. Some of the more common examples are DES, 3DES, AES, IDEA,
RC4, and RC5.

6
Data Encrytion Standard
Data Encryption Standard (DES) is an outdated symmetric key method of data encryption. It
was adopted in 1977 for government agencies to protect sensitive data and was officially
retired in 2005. IBM researchers originally designed the standard in the early 1970s. In 1977,
it was adopted by the National Bureau of Standards (now the National Institute of Standards
and Technology (NIST)) as the official Federal Information Processing Standard (FIPS) for
encrypting commercial and sensitive but unclassified government computer data.

In DES the key is 64-bit, which is 8 bites but for each bite, there’s one parity bit. Therefore,
the actual value in the key is only 56-bit. And the oppo cipher text is again a 64-bit block.
And the oppo cipher text is again a 64-bit block. DES have 16 rounds of operations. From the
origin of 56-bit key, 16 subkeys are geenerated. DES power concerns fall into two categories:
algorithmic concerns and 56-bit key usage concerns. The first concern concerns the possibility
of cryptanalysis by exploiting the characteristics of the DES algorithm. Over the years, many
attempts have been made to find and exploit weaknesses in the algorithm, making DES the
most studied encryption algorithm today. Despite many approaches, so far no one has
succeeded in uncovering a fatal weakness in DES. The process of decryption with DES is
essentially the same as the encryption process. It works as follows: Use the cipher text as
input to this but then for sub keys, they use in reverse order. That is use key 16 at the first
round of decryption. Use key 15 in the second round of decryption. That is for decryptuon, we
run the same algorithm.

But only the keys in reverse order. We call that diffusion is one of the principles in encryption
and it is typically achieved through permutation. In DES, permutation works by changing the
positions of the bits. DES has 16 rounds of operations. Each DES round has the same
operations and uses a different per round key. Each DES round takes as input the server text
produced by the previous round and outputs text for the next round. The input is divided iinto
the left half and the right half. The output left half is just the right half of the input. The right
half of the output is a result of the left half of the input and the output of the function. The
mangler fuction takes this input, the 32-bit input right half, expands it to 48-bit, then with the
48- bit program key. Then use the s-boxes to substitute the 48-bit value into a 32-bit value.
We can also use abgebra to represent your in a death round.

Ln+1 =R n

7
 Rn +1=Ln XORM ( Rn , K n)

Triple DES
Triple DES (3DES) was first standardized for use in financial applications in ANSI standard
X9.17 in 1985. 3DES was incorporated as part of the Data Encryption Standard in 1999 with
the publication of FIPS 46-3.

The main shortcoming of DES, is that it uses a 56-bit key which means the keyspace is
relatively small. To overcome this, we can run this multiple times, each using a different key.
The standard is to run DES three times. And this is called a triple DES.

Figure 1. Triple DES

The standard is to run the encrytion process, then decryption process, then the encryption
process again. And correspondingly for decryption, this will mean to run the decryption
process first, then the encryption process, then the decryption process again. And record that
with DES, the decryption process is actually the same as the encryption process, only that we
apply the keys in the reverse order. The advantage of using this order of operations, is that it
supports multipe key lengths. In particular if key 1 is the same as key 3, then the result is a
112-bit DES. If all three keys are different, then the result is a 168-bit DES. If we set key 2
the same as key 1, then the triple DES has in effect become a single DES with key three. This
8
is useful for compatibility. For example, a triple DES devide can be configured to
communicate with a single DES devide, by simply setting key 2, the same as key 1.

It is easy to see that 3DES is a powerful algorithm. Because the underlying cryptographic
algorithm is DEA, 3DES can claim the same resistance to cryptanalysis based on this
algorithm as DEA claims. Also, with a 168-bit key length, a brute force attack is practically
impossible.

Advanced Encryption Standard

3DES has two strong points that guarantee it will be widely used in the next few years. First,
with a key length of 168 bits, it overcomes the vulnerability to DEA brute force attack.
Second, the basic encryption algorithm in 3DES is the same as in DEA. Therefore, there is a
high degree of confidence that 3DES is very resistant to code breaking. If security is the only
factor to be considered, then 3DES will be the go to choice for a standardized cryptographic
algorithm for decades to come.

The main limitation of 3DES is that the algorithm is relatively slow in software. The DEA
was originally designed for hardware implementations in the mid-1970s and did not produce
efficient software code. 3DES, which has three times as many rounds as DEA, is respectively
slower. A side downside is that both DEA and 3DES use 64-bit block sizes. For both
efficiency and security reasons, a larger block size is desirable.

Because of these disadvantages, 3DES is not a reasonable candidate for long-term use. As a
replacement, NIST in 1997 issued a call for proposals for a new Advanced Encryption
Standard (AES), which should have equal or better security strength than 3DES and
significantly improve efficiency. In addition to these general requirements, NIST specifies
that AES must be a symmetric block cipher with a block length of 128 bits and support for
key lengths of 128, 192, and 256 bits. Evaluation criteria include security, compute efficiency,
memory requirements, hardware and software suitability, and flexibility.

In the first round of evaluation, 15 proposed algorithms were accepted. The second round
narrows the field down to five algorithms. NIST completed its review and published the final
standard (FIPS PUB 197) in November 2001. NIST selected Rijndael as the proposed AES
algorithm. The two researchers who developed and submitted Rijndael for AES are both
cryptographers from Belgium: Dr. Joan Daemen and Dr. Vincent Rijmen. OVERVIEW AES

9
uses a block length of 128 bits and a key length that can be 128, 192 or 256 bits. In the
description of this section, we assume a key length of 128 bits, which is probably the most
commonly implemented length.

First, bring in a part of ou key and we are going to perform an XOR operation. Then we are
going to do our round so that’s going to be substitute bytes. Then we are going to shift rows
and then finally we are going to mix columns and this is going to be our substitution and this
is going to be our permutation and finally at the end of each round. We're going to add our
key add around key like this and then this is going to be one round and the only thing to
mention is that the mixed columns in all the rounds except for the last one because this
permutation has no effect on the last round. It just pollutes the output doesn't make doesn't
make any different so it's exactly like this except that this one is missing on the last round
when you've got 128 bit key you have ten of these rounds when you have 192 bit key, you
have 12 of these rounds and when you have a 256 bit key you have 14 of these rounds but in
all regard though, exactly the same so this is also an XOR down here add round key.

For the AES algorithm, the length of the input block, the output block and the State is 128
bits. This is represented by Nb = 4, which reflects the number of 32-bit words (number of
columns) in the State.

For the AES algorithm, the length of the Cipher Key, K, is 128, 192, or 256 bits. The key
length is represented by Nk = 4, 6, or 8, which reflects the number of 32-bit words (number of
columns) in the Cipher Key.

10
For the AES algorithm, the number of rounds to be performed during the execution of the
algorithm is dependent on the key size. The number of rounds is represented by Nr, where Nr
= 10 when Nk = 4, Nr = 12 when Nk = 6, and Nr = 14 when Nk = 8.

Figure 2. Key-Block-Round Combinations

At the start of the Cipher, the input is copied to the State array using the conventions. After an
initial Round Key addition, the State array is transformed by implementing a round function
10, 12, or 14 times (depending on the key length), with the final round differing slightly from
the first Nr -1 rounds. The final State is then copied to the output.

The round function is parameterized using a key schedule that consists of a one-dimensional
array of four-byte words derived using the Key Expansion routine.

The Cipher is described in the pseudo code in Fig. 5. The individual transformations –
SubBytes (), ShiftRows (), MixColumns (), and AddRoundKey () – process the State and are
described in the following subsections.

 Substitute bytes: Uses a table, referred to as an S-box,4 to perform a byte-by-byte

substitution of the block
 Shift rows: A simple permutation that is performed row by row.
 Mix columns: A substitution that alters each byte in a column as a function of all of
the bytes in the column.
 Add round key: A simple bitwise XOR of the current block with a portion of the
expanded key.

11
 Figure 3. Pseudo Code for the Cipher
The SubBytes () transformation is a non-linear byte substitution that operates independently
on each byte of the State using a substitution table (S-box). This S-box, which is invertible, is
constructed by composing two transformations:

- Take the multiplicative inverse in the finite field GF ( 28); the element {00} is
mapped to itself.

- Apply the following affine transformation (over GF (2)):

for 0 ≤ i < 8, where bi is the i th bit of the byte, and ci is the i th bit of a byte c with the value
{63} or {01100011}. Here and elsewhere, a prime on a variable indicates that the variable is
to be updated with the value on the right…

In the ShiftRows () transformation, the bytes in the last three rows of the State are cyclically
shifted over different numbers of bytes (differences). The first row, r = 0, is not shifted.
Specifically, the ShiftRows () transformation proceeds as follows:

12
where the shift value shift (r, Nb) depends on the row number, r, as follows (recall that Nb =
4):

The MixColumns () transformation operates on the State column-by-column, treating each

column as a four-term polynomial. The columns are considered as polynomials over GF( 28)
and multiplied modulo x 4 + 1 with a fixed polynomial a(x), given by

In the AddRoundKey () transformation, a Round Key is added to the State by a simple bitwise
XOR operation. Each Round Key consists of Nb words from the key schedule (described in
Sec. 5.2). Those Nb words are each added into the columns of the State, such that

where [wi] are the key schedule words and round is a value in the range 0 ≤ round ≤ Nr. In
Cryptography, the initial rounding Key addition occurs when round = 0, before the first
application of the round function. Applying the AddRoundKey () transformation to the Nr
rounds of the Cipher occurs when 1 ≤ round ≤ Nr.

13
References

[1] https://www.cryptomathic.com/news-events/blog/symmetric-key-encryption-why-
where-and-how-its-used-in-banking

[2] NETWORK SECURITY ESSENTIALS: APPLICATIONS AND STANDARDS

FOURTH EDITION - William Stallings

[3] https://www.sciencedirect.com/topics/computer-science/symmetric-key-algorithm/pdf

[4] https://www.youtube.com/watch?v=Y61qn_SQl40

[5] https://www.youtube.com/watch?v=2O4dsChgcg8

[6] https://www.youtube.com/watch?v=O4xNJsjtN6E

[7] https://www2.rivier.edu/journal/roaj-fall-2010/j455-selent-aes.pdf

14