DM 426

Computers and
Information Security
Fall 2023/2024
Lecture # 3

Modern Symmetric-key Ciphers

1
 Contents

1. Block Cipher Principles

2. Data Encryption Standard (DES)

3. Advanced Encryption Standard (AES)

 Shannon’s Substitution-Permutation
(S-P) Networks
❑Claude Shannon introduced idea of substitution permutation (S-P) networks in his 1949
paper
❑Two primitive cryptographic operations:
➢ Substitution (S-box) = Replace n-bits by another n-bits
Diffusion:
• Dissipate statistical structure of plaintext over bulk of ciphertext.
• One bit change in plaintext changes many bits in ciphertext.
• Can not do frequency analysis.
➢ Permutation (P-box) = Bits are rearranged.
No bits are added/removed.
Confusion:
• Make relationship between ciphertext and key as complex as possible.
❑Combination S-P = Product cipher
 Components of a Modern Block Cipher
P-Boxes:
A P-box (permutation box) parallels the traditional
transposition cipher for characters. It transposes bits.
Three types of P-boxes
Inputs

Outputs

5.4
Components of a Modern Block Cipher cont.
S-Box
An S-box is an m × n substitution unit, where m and n are not
necessarily the same.
Example
The figure below shows an example of an invertible S-box. For example, if the input
to the left box is 001, the output is 101. The input 101 in the right table creates the
output 001, which shows that the two tables are inverses of each other.

5.5
 Two Classes of Product Ciphers

Modern block ciphers are all product ciphers, but they are divided into two classes.
1. Feistel ciphers
2. Non-Feistel ciphers

Feistel Ciphers
Feistel designed a very intelligent and interesting cipher that has been used for decades. A
Feistel cipher can have three types of components:
self-invertible, invertible, and noninvertible.
• Self-invertible means that the function is its own inverse: if you apply it twice, you get back your original
input.
• A function f is said to be invertible when it has an inverse. It is represented by f−1

Non-Feistel Ciphers
A non-Feistel cipher uses only invertible components. A component in the encryption cipher
has the corresponding component in the decryption cipher.
5.6
 Feistel Cipher Structure
❑A practical implementation of
Shanon’s S-P Networks
❑Partitions input block in 2 halves
➢Perform a substitution on right data
half based on a function of right half
& subkey (Round Function or
Mangler function)
➢Then permutation by swapping halves
➢Repeat this “round” of S-P many
times
❑Invertible
 Feistel Cipher Design Elements
Most modern block ciphers are a variation of Feistel Cipher
with different:
1. Block size
2. Key size
3. Number of rounds
4. Subkey generation algorithm
5. Round function
6. Fast software en/decryption
7. Ease of analysis
 Data Encryption Standard (DES)

❑ Published by NIST in 1977.

❑ A variation of IBM’s Lucifer algorithm developed by Feistel.
❑ For commercial and unclassified government applications.
❑ 8 octet (64 bit) key.
Each octet with 1 odd parity bit 56-bit key
❑ Efficient hardware implementation.
❑ Used in most financial transactions.
❑ Computing power goes up 1 bit every 2 years.
❑ 56-bit was secure in 1977 but is not secure today.
❑ Now we use DES three times Triple DES = 3DES.
 DES Encryption Overview
❑16 rounds using 64-bit DES uses 16 rounds. Each round
block and 48-bit subkey of DES is a Feistel cipher.
General structure of DES A round in DES
(encryption site)
 Initial and Final Permutations
Initial and final permutation steps in DES

The initial and final permutations are straight P-boxes that are
inverses of each other.
6.11
 DES Function
The heart of DES is the DES function. The DES function applies a
48-bit key to the rightmost 32 bits to produce a 32-bit output.
Whitener (XOR)
After the expansion
permutation, DES uses
DES function the XOR operation on the
expanded right section
and the round key. Note
that both the right section
and the key are 48-bits in
length. Also note that the
round key is used only in
this operation.
6.12
 DES Round in Full
Right Half i-1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

32 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1

Round Key i

+
O 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48

input symbol input symbol input symbol input symbol input symbol input symbol input symbol input symbol
control

control

control

control

control

control

control

control
S1 S2 S3 S4 S5 S6 S7 S8

output symbol output symbol output symbol output symbol output symbol output symbol output symbol output symbol

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25

Left Half i-1

+
O 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

Right Half i

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
 DES Sub-Key Generation
The round-key generator creates sixteen 48-bit keys out of a 56-
bit cipher key.

6.14
 Avalanche Effect
Diffusion
The idea of diffusion is to hide the relationship between the
ciphertext and the plaintext.
Confusion
The idea of confusion is to hide the relationship between the
ciphertext and the key.
Avalanche Effect
❑Key desirable property of encryption algorithm
❑A change of one input or key bit results in changing approx half output
bits = Diffusion
❑Making attempts to “home-in” by guessing keys impossible
❑DES exhibits strong avalanche
 Strength of DES
❑Bit-wise complement of plaintext with complement of key results in
complement of ciphertext
❑Brute force search requires 255 keys
❑Recent advances have shown, it is possible
➢in 1997 on Internet in a few months
➢in 1998 on dedicated h/w in a few days
➢in 1999 above combined in 22hrs!
❑Statistical Attacks:
➢Timing attacks: calculation time depends upon the key.
Particularly problematic on smartcards
➢Differential cryptanalysis
➢Linear cryptanalysis
Advanced Encryption Standard
(AES)
 Advanced Encryption Standard (AES)

❑Published by NIST in Nov 2001: FIPS PUB 197

❑Based on a competition won by Rijmen and Daemen (Rijndael)
from Belgium
❑22 submissions, 7 did not satisfy all requirements 15 submissions 5
finalists: Mars, RC6, Rijndael, Serpent, Twofish. Winner: Rijndael.
❑Rijndael allows many block sizes and key sizes
❑AES restricts it to:
➢ Block Size: 128 bits
➢ Key sizes: 128, 192, 256 (AES-128, AES-192, AES-256)
❑An iterative rather than Feistel cipher
➢ operates on entire data block in every round
❑Byte operations: Easy to implement in software
General design of AES encryption cipher
 Basic Structure of AES

❑ AES-128: 10
❑ AES-192: 12
❑ AES-256: 14
 1. Substitute Bytes
Each byte is replaced by byte indexed by row (left 4-bits) &
column (right 4-bits) of a 16x16 table
 2. Shift Rows
❑1st row is unchanged
❑2nd row does 1 byte circular shift to left
❑3rd row does 2 byte circular shift to left
❑4th row does 3 byte circular shift to left
 3. Mix Columns
❑Effectively a matrix multiplication in GF(28) using prime
polynomial m(x) = x8+x4+x3+x+1
 4. Add Round Key
❑XOR state with 128-bits of the round key
Key=0f1571c947d9e8590cb7add6af7f6798
Text=0123456789abcdeffedcba9876543210
 Key expansion in AES

7.25
Key Expansion in AES-128
 AES Decryption

• AES decryption is not identical to

encryption
• But each step has an inverse