Symmetric (Private) key cryptography

Symmetric key cryptography is a type of encryption scheme in which the similar key is used
both to encrypt and decrypt messages. Such an approach of encoding data has been largely used
in the previous decades to facilitate secret communication between governments and militaries.

Symmetric-key cryptography is called a shared-key, secret-key, single-key, one-key and

eventually private-key cryptography. With this form of cryptography, it is clear that the key
should be known to both the sender and the receiver that the shared. The complexity with this
approach is the distribution of the key.

Symmetric key cryptography schemes are usually categorized such as stream ciphers or block
ciphers. Stream ciphers work on a single bit (byte or computer word) at a time and execute some
form of feedback structure so that the key is repeatedly changing.

A block cipher is so-called because the scheme encrypts one block of information at a time
utilizing the same key on each block. In general, the same plaintext block will continually
encrypt to the same ciphertext when using the similar key in a block cipher whereas the same
plaintext will encrypt to different ciphertext in a stream cipher.

Block ciphers can operate in one of several modes which are as follows −

 Electronic Codebook (ECB) mode is the simplest application and the shared key can be
used to encrypt the plaintext block to form a ciphertext block. There are two identical
plaintext blocks will always create the same ciphertext block. Although this is the most
common mode of block ciphers, it is affected to multiple brute-force attacks.
 Cipher Block Chaining (CBC) mode insert a feedback structure to the encryption scheme.
In CBC, the plaintext is exclusively-ORed (XORed) with the prior ciphertext block prior
to encryption. In this mode, there are two identical blocks of plaintext not encrypt to the
similar ciphertext.
 Cipher Feedback (CFB) mode is a block cipher implementation as a selfsynchronizing
stream cipher. CFB mode enable data to be encrypted in units lower than the block size,
which can be beneficial in some applications including encrypting interactive terminal
 input. If it is using 1-byte CFB mode. Each incoming character is located into a shift
register the similar size as the block, encrypted, and the block transmitted. At the
receiving side, the ciphertext is decrypted and the more bits in the block are discarded.
 Output Feedback (OFB) mode is a block cipher implementation conceptually same to a
synchronous stream cipher. OFB avoids the similar plaintext block from making the same
ciphertext block by using an internal feedback structure that is independent of both the
plaintext and ciphertext bitstreams.

Data Encryption Standard

The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST).

DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size
is 64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the
64 bits of the key are not used by the encryption algorithm (function as check bits only). General
Structure of DES is depicted in the following illustration –
Since DES is based on the Feistel Cipher, all that is required to specify DES is −

 Round function
 Key schedule
 Any additional processing − Initial and final permutation

Initial and Final Permutation

The initial and final permutations are straight Permutation boxes (P-boxes) that are
inverses of each other. They have no cryptography significance in DES. The initial and final
\permutations are shown as follows –
 Round Function

The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to
the rightmost 32 bits to produce a 32-bit output
Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we first
need to expand right input to 48 bits. Permutation logic is graphically depicted in the following
illustration –

The graphically depicted permutation logic is generally described as table in DES specification
illustrated as shown –
XOR (Whitener). − After the expansion permutation, DES does XOR operation on the expanded
right section and the round key. The round key is used only in this operation.

Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-boxes,
each with a 6-bit input and a 4-bit output. Refer the following illustration –

The S-box rule is illustrated below –

There are a total of eight S-box tables. The output of all eight s-boxes is then combined in to 32
bit section.

Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight permutation
with rule shown in the following illustration:

Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The process of
key generation is depicted in the following illustration –
DES Analysis

The DES satisfies both the desired properties of block cipher. These two properties make cipher
very strong.

Avalanche effect − A small change in plaintext results in the very great change in the ciphertext.

Completeness − Each bit of ciphertext depends on many bits of plaintext.

During the last few years, cryptanalysis have found some weaknesses in DES when key selected
are weak keys. These keys shall be avoided.

DES has proved to be a very well designed block cipher. There have been no significant
cryptanalytic attacks on DES other than exhaustive key search.
What are the Variations of DES?

There are two main variations of Data Encryption Standard are as follows −

Double DES − Double DES is an encryption approach which need two instance of DES on same
plain text. In both instances it uses multiple keys to encrypt the plain text. Both keys are needed
at the time of decryption.

The 64 bit plain text goes into first DES instance which than transformed into a 64 bit middle
text utilizing the first key and thus it goes to second DES instance which provides 64 bit cipher
text by utilizing second key.

Double DES is easy as it does that normal DES does. Double DES need two keys to say K1 and
K2 in this algorithm. It can implement DES on the original plain text using K1 to receive the
encrypted text in cryptography. Therefore, it again implements DES on the encrypted text but
this time with the other key K2 in this algorithm.

The final output is the encryption of encrypted text with the original plain text encrypted twice
with two different keys as display in the figure −

While the doubly encrypted ciphertext block is first decrypted utilizing the key K2 to create
singly encrypted ciphertext by plaintext or original text. Therefore, this ciphertext block is
decrypted using the key K1 to acquire the original plain text block in cryptography.
Generally, the cryptanalysis for the basic version of DES needed a search of 256 thus the
assumption is Double DES needed 2128 keys which is not true for the message. Therefore, a
Meet-in-the-middle attack is the disadvantage of double DES in this. Usually, this attack
contains encryption from one end, decryption from the other and connecting the results in the
middle therefore the name in the message.

Triple DES − There are two versions of Triple DES which are as follows −

Triple DES with Two Keys − While in triple DES with two keys there are only two keys K1
used by the first and third process and K2 used in the second process in this.

Basically, first, the plain text is encrypted with key K1 then the output of step one is decrypted
with K2 and final the output second step is encrypted with key K1 in cryptography. It is also
known as encrypt decrypt encrypt (ECE) mode in cryptography.

Triple DES with Three Keys − In Triple DES, the plain text block P is first encrypted with a key
K1 then encrypts with a second key K2 and finally with a third key K3 where K1, K2, and K3
are distinct from each other in this algorithm. This is Decryption is completed in reverse order in
this method. Hence, this algorithm is generally used in PGP and S/MIME in cryptography.