Cryptography and Network Security

UNIT-II:
Introduction to Modern Symmetric
Key Ciphers

Dr. Dwiti Krishna Bebarta

Contents

Introduction to Modern Symmetric Key Ciphers

 Modern Block Ciphers

 Modern Stream Ciphers
Symmetric Key Cryptography

Symmetric Key Cryptography, also referred to as

conventional encryption or single-key encryption, was the
only type of encryption in use prior to the development of
public-key encryption in the 1970s.
Block cipher encryption/decryption scheme
• A block cipher is an encryption/decryption scheme in which a
block of plaintext is treated as a whole and used to produce a
ciphertext block of equal length.
• Many block ciphers have a Feistel structure. Such a structure
consists of a number of identical rounds of processing. In each
round, a substitution is performed on one half of the data being
processed, followed by a permutation that interchanges the two
halves. The original key is expanded so that a different key is used
for each round.
• The Data Encryption Standard (DES) has been the most widely
used encryption algorithm until recently. It exhibits the classic
Feistel structure. DES uses a 64-bit block and a 56-bit key.
• DES has been shown to be highly resistant to cryptanalysis
A modern block cipher
If P is the plaintext, C is the ciphertext, and K is the key,
 Cryptanalysis

As cryptography is the science and art of creating secret codes,

cryptanalysis is the science and art of breaking those codes.
Row Transposition Cipher
PT: Attack postponed until two am
Encryption and Decryption Tables for Substitution Cipher
 Components of a Modern Block Cipher

Modern block ciphers normally are keyed substitution

ciphers in which the key allows only partial mappings
from the possible inputs to the possible outputs.

P-Boxes / D-Boxes (diffusion box)

A P-box (permutation box) parallels the traditional
transposition cipher for characters. It transposes bits.
 Three types of P-boxes

all 6 possible mappings of a 3 × 3 P-box.

 Example

Design an 8 × 8 permutation table for a straight P-box that

moves the two middle bits (bits 4 and 5) in the input word to
the two ends (bits 1 and 8) in the output words. Relative
positions of other bits should not be changed.

Solution
We need a straight P-box with the table [4 1 2 3 6 7 8 5].
The relative positions of input bits 1, 2, 3, 6, 7, and 8 have not
been changed, but the first output takes the fourth input and
the eighth output takes the fifth input.
1 2 3 4 5 6 7 8
9 10 11 12 13 14 15 16
17 18 19 20 21 22 23 24
25 26 27 28 29 30 31 32
33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48
49 50 51 52 53 54 55 56
57 58 59 60 61 62 63 64

4 1 2 3 6 7 8 5
12 9 10 11 14 15 16 13
20 17 18 19 22 23 24 21
28 25 26 27 30 31 32 29
36 33 34 35 38 39 40 37
44 41 42 43 46 47 48 45
52 49 50 51 54 55 56 53
60 57 58 59 62 63 64 61
Compression P-Boxes

A compression P-box is a P-box with n inputs and m

outputs where m < n.

4 1 2 3 6 7 8 5 4 2 3 6 7 5
12 9 10 11 14 15 16 13 12 10 11 14 15 13
Example of a
20 17 18 19 22 23 24 21 20 18 19 22 23 21
64 × 48
28 25 26 27 30 31 32 29 permutation 28 26 27 30 31 29
36 33 34 35 38 39 40 37 table 36 34 35 38 39 37
44 41 42 43 46 47 48 45 44 42 43 46 47 45
52 49 50 51 54 55 56 53 52 50 51 54 55 53
60 57 58 59 62 63 64 61 60 58 59 62 63 61
 Expansion P-Boxes

An expansion P-box is a P-box with n inputs and m

outputs where m > n.

4 1 2 3 6 7 8 5
12 9 10 11 14 15 16 13
20 17 18 19 22 23 24 21
Example of a
28 25 26 27 30 31 32 29 64 × 80
36 33 34 35 38 39 40 37 permutation 33 36 33 34 35 38 39 40 37 40
44 41 42 43 46 47 48 45 table
52 49 50 51 54 55 56 53
60 57 58 59 62 63 64 61
1 4 1 2 3 6 7 8 5 8
9 12 9 10 11 14 15 16 13 16
17 20 17 18 19 22 23 24 21 24
25 28 25 26 27 30 31 32 29 32
41 44 41 42 43 46 47 48 45 48
49 52 49 50 51 54 55 56 53 56
57 60 57 58 59 62 63 64 61 64
 P-Boxes: Invertibility

A straight P-box is invertible, but compression and

expansion P-boxes are not.
 Example 5.7

Invert a permutation table represented as a one-dimensional

table.
Example:

Position 1 2 3 4 5 6
Plain text 0 1 1 0 0 1
Permutation key 6 3 4 5 2 1
Cipher text 1 1 0 0 1 0

Position 1 2 3 4 5 6
Cipher text 1 1 0 0 1 0
Inverted
6 5 2 3 4 1
Permutation key
Plain text 0 1 1 0 0 1
 Example:

Position 1 2 3 4 5 6
Plain text 1 1 0 0 1 1
Permutation key 3 6 1 4 2 5
Cipher text 0 1 1 0 1 1

Position 1 2 3 4 5 6
Cipher text 0 1 1 0 1 1
Inverted
3 5 1 4 6 2
Permutation key
Plain text 1 1 0 0 1 1

Find inverted table

3 6 1 4 2 5
S-Box
An S-box (substitution box) can be thought of as a minute
substitution cipher.

An S-box is an m × n substitution unit, where m and

n are not necessarily the same.
In an S-box with three inputs and two outputs, we have

The S-box is linear because a1,1 = a1,2 = a1,3 = a2,1 = 1 and

a2,2 = a2,3 = 0. The relationship can be represented by
matrices, as shown below:
The following table defines the input/output relationship for an
S-box of size 3 × 2. The leftmost bit of the input defines the row;
the two rightmost bits of the input define the column. The two
output bits are values on the cross section of the selected row and
column.

Based on the table,

An input of 010 yields the output 01.
An input of 101 yields the output of 00.
An example of an invertible S-box. For example, if the input
to the left box is 001, the output is 101. The input 101 in the
right table creates the output 001, which shows that the two
tables are inverses of each other.

PT CT CT PT
010 111 111 010
110 001 001 110
101 010 010 101
011 100 100 011
Exclusive-Or
An important component in most block ciphers is the
exclusive-or operation.

Invertibility of the exclusive-or operation

PT key CT CT key PT
010 010 000 000 010 010
110 010 100 100 010 110
101 010 111 111 010 101
011 010 001 001 010 011
 Exclusive-Or (Continued)

An important component in most block ciphers is the

exclusive-or operation. addition and subtraction
operations in the GF(2n) field are performed by a single
operation called the exclusive-or (XOR).

The five properties of the exclusive-or operation in the

GF(2n) field makes this operation a very interesting
component for use in a block cipher: closure,
associativity, commutativity, existence of identity, and
existence of inverse.
Circular Shift
Another component found in some modern block ciphers
is the circular shift operation.
Swap
The swap operation is a special case of the circular shift
operation where k = n/2.
 Split and Combine

Two other operations found in some block ciphers are

split and combine.
Split and combine operations on an 8-bit word
Product Ciphers: It is a complex cipher combining
various components of modern block cipher.

Diffusion
The idea of diffusion is to hide the relationship between
the ciphertext and the plaintext.

Confusion
The idea of confusion is to hide the relationship between
the ciphertext and the key.

Rounds
Diffusion and confusion can be achieved using iterated
product ciphers where each iteration is a combination of
S-boxes, P-boxes, and other components.
A product cipher made of two rounds
Diffusion
and
confusion in
a block
cipher
 Two Classes of Product Ciphers
Modern block ciphers are all product ciphers, but they
are divided into two classes.
1. Feistel ciphers
2. Non-Feistel ciphers
Feistel Ciphers
Feistel designed a very intelligent and interesting cipher
that has been used for decades. A Feistel cipher can have
three types of components: self-invertible, invertible, and
noninvertible.
Non-Feistel Ciphers
A non-Feistel cipher uses only invertible components. A
component in the encryption cipher has the
corresponding component in the decryption cipher.
The first thought in Feistel cipher design

Diffusion hides the relationship between the

ciphertext and the plaintext.
Example: The plaintext and ciphertext are each 4 bits long and
the key is 3 bits long. Assume that the function takes the first and
third bits of the key, interprets these two bits as a decimal
number, squares the number, and interprets the result as a 4-bit
binary pattern. Show the results of encryption and decryption if
the original plaintext is 0111 and the key is 101.

Solution
Key processing:
The function extracts the first and third bits to get 11 in
binary or 3 in decimal. The result of squaring is 9, which is
1001 in binary.
Improvement of the previous Feistel design

L1 R1

f(R2,K)

L2 R2

Plaintext: 011100
f(R2,K) Split with L1:f(R
0113,K)
R1: 100
Key: 101
R2=R1: 100
F(R1,K): 100 ⊕101: 001
L3 R3 L2=L1 ⊕ F(R1,K): 011 ⊕ 001: 010
Ciphertext: 010100
Improvement of the previous Feistel design

1stRound: 1st Round: (Invertible Round 2)

Plaintext: 011100 Ciphertext: 010100
Split with L1: 011 R1: 100 Split with L2: 010 R2: 100
Key: 101 Key: 101
R2=R1: 100 R2=R1: 101
F(R1,K): 100 ⊕101 = 001 F(R2,K): 100 ⊕101 = 001
L2=L1 ⊕ F(R1,K) = 011 ⊕ 001= 010 L1=L2 ⊕ F(R3,K): 010 ⊕ 001 = 011
Ciphertext after round 1: 010100 Plaintext: 011100

2nd Round:
Plaintext: 010100 2nd Round: (Invertible Round 1)
Split with L2: 010 R2: 100 Ciphertext: 011100
Key: 101 Split with L3: 011 R3: 100
R3=R2 = 100 Key: 101
F(R2,K) = 100 ⊕101= 001 R3=R2: 100
L3=L2 ⊕ F(R2,K) = 010 ⊕ 001 = 011 F(R3,K): 100 ⊕101 = 001
Ciphertext: 011100 L2=L3 ⊕ F(R3,K) = 011 ⊕ 001 = 010
After this round: 010100
Final design of a Feistel cipher with two rounds
Block Cipher Design Principles:

Feistel Cipher Structure


Input block is partitioned into two halves, L
and R i-
1 i-1
 In round i,


 i
L =R
i-1
 R = L  F(K , R )
i i-1 i i-1
 Substitution followed by permutation
 Multiple rounds

Feistel Cipher Design Parameters/Features
 Block size
 Increasing size improves security, but slows cipher

 Key size
 Increasing size improves security, makes exhaustive key searching harder,
but may slow cipher

 Number of rounds
 Increasing number improves security, but slows cipher

 Subkey generation algorithm

 Greater complexity can make analysis harder, but slows cipher

 Round function
 Greater complexity can make analysis harder, but slows cipher

 Fast software encryption/decryption

 Ease of analysis
Feistel Decryption Algorithm
 Essentially same as the
encryption
Same algorithm but use
 


the subkeys Ki in reverse  

order
 F need not be a
reversible function  

 