Block Cipher Principles-Lec2

Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01

Saint Luis University-Madrid
Block Cipher Principles

A block cipher transform a plaintext block of n letters into an encrypted block. The length of block n
cannot be too short in order to secure the cryptographic scheme. For example, n= 1 gives a
monoalphabetic cipher. Such schemes, as we have seen, are vulnerable to frequency analysis and
bruteforce attacks. However, an arbitrary reversible substitution cipher for a large block size n is not
practical.
Claude Shannon theoretically deduced the following principles that should be followed to design secure
cryptographic systems. These principles aim at thwarting cryptanalysis based on known statistical
properties of the plaintext.
Q-What are Shannon principles to design secure cryptographic system?
1. Confusion. In Shannon’s original definitions, confusion makes the relation between the key and the
ciphertext as complex as possible. Ideally, every letter in the key influences every letter of the
ciphertext block.
2. Diffusion. Diffusion refers to the property that the statistics structure of the plaintext is dissipated
into long range statistics of the ciphertext. In contrast to confusion, diffusion spreads the influence of a
single plaintext letter over many ciphertext letters.
The Feistel Network:
Product ciphers use the two classical encryption forms: substitution and transposition, alternatively in
multiple rounds to achieve both confusion and diffusion respectively. Shannon was the first to investigate
the product cryptosystem (so called substitution-permutation network) and show that some sophisticated
heuristic ciphers were nothing other than products of some simpler ciphers. Most importantly, Shannon
identified the necessary condition of the cipher strength increases as a result of cascading simple ciphers.
One possible way to build a secret key algorithm using substitution-permutation network is to break the
input into manageable-sized chunks, do a substitution on each small chunk, and then take the outputs of
all the substitutions and run them through a permuter that is as big as the input, which shuffles the letters
around. Then the process is repeated, so that each letter winds up as an input to each of the substitutions.
The Feistel network shown in Fig. 1 is a particular form of the substitution-permutation network.
The exact realization of a Feistel network depends on the choices of the following parameters and design
features.
1. Block size: Larger block size means greater security, but reduces encryption/decryption speed.
2. Key size: Larger key size means greater security but may decrease encryption/decryption speed.
3. Number of rounds: Multiple rounds offer increasing security.
4. Subkey generation algorithm: Greater complexity in subkey generation leads to greater security.
5. Round function: Greater complexity
CSCI 4650 - M01
Figure 1: Fiestel Cipher
Data Encryption Standard (DES)
The Data Encryption Standard (DES) was designed to encipher sensitive but non classified data. It is bit-
oriented, unlike the other ciphers we have seen. It uses both transposition and substitution and for that
reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.
The sets of 64 bits are referred to as blocks. The overall scheme for DES encryption is illustrated in Figure
2.
As with any encryption scheme, there are two inputs to the encryption function: the plaintext to be
encrypted and the key. In this case, the plaintext must be 64 bits in length and the key is 56 bits in length.
Looking at the left-hand side of the figure, we can see that the processing of the plaintext proceeds in
three phases. First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges the bits
to produce the permuted input. This is followed by a phase consisting of sixteen rounds of the same
function, which involves both permutation and substitution functions. The output of the last
(sixteenth)round consists of 64 bits that are a function of the input plaintext and the key.
The left and right halves of the output are swapped to produce the preoutput. Finally, the preoutput is
passed through a permutation [IP -1] that is the inverse of the initial permutation function, to produce the
64-bit ciphertext. With the exception of the initial and final permutations, DES has the exact structure of a
CSCI 4650 - M01
Feiste cipher, as shown in Figure 1. The right-hand portion of Figure 3.5 shows the way in which the 56-bit
key is used. Initially, the key is passed through a permutation function. Then, for each of the sixteen
rounds, a subkey (Ki) is produced by the combination of a left circular shift and a permutation. The
permutation function is the same for each round, but adifferent subkey is produced because of the
repeated shifts of the key bits.
Figure 2: General Description of DES Encryption
Initial Permutation (IP) Final Permutation (IP-1)
3 5
58 50 42 26 18 10 2 40 8 48 16 24 64 32
4 6
3 5
60 52 44 28 20 12 4 39 7 47 15 23 63 31
6 5
3 5
62 54 46 30 22 14 6 38 6 46 14 22 62 30
8 4
4 5
64 56 48 32 24 16 8 37 5 45 13 21 61 29
0 3
3 5
57 49 41 25 17 9 1 36 4 44 12 20 60 28
3 2
3 5
59 51 43 27 19 11 3 35 3 43 11 19 59 27
5 1
3 5
61 53 45 29 21 13 5 34 2 42 10 18 58 26
7 0
3 4
63 55 47 31 23 15 7 33 1 41 9 17 57 25
9 9
CSCI 4650 - M01
Figure 3, shows a single round of preprocessing in DES.
64 bits
(8 words of 6 bits)
Figure 3: Single Round of DES Algorithm
The 32-bit right half of the 64-bit input data block is expanded by into a 48-bit block. This is referred to as
the expansion permutation step, or the E-step.
The 48 bits of the expanded output produced by the E-step are XORed with the round key. This is referred
to as key mixing.
Expansion (E table)
32 1 2 3 4 5
4 5 6 7 8 9
1
8 9 10 11 13
2
1 1
12 14 15 17
3 6
1 2
16 18 19 21
7 0
2 2
20 22 23 25
The output produced by the 1 4 previous step is broken into eight
2 2
six-bit words. Each six-bit word 24 26 27 29 goes through a substitution step;
5 8
its replacement is a 4-bit word. The substitution is carried out with an
2 3
28 30 31 1
9 2
CSCI 4650 - M01
S-box. So after all the substitutions, we again end up with a 32-bit word. The 48-bit input word is divided
into eight 6-bit words and each 6-bit word fed into a separate S-box. Each S-box produces a 4-bit output.
Therefore, the 8 S-boxes together generate a 32-bit output as in Figure 4 Each of the eight S-boxes
consists of a 4×16 table lookup for an output 4-bit word. The first and the last bit of the 6-bit input word
are decoded into one of 4 rows and the middle 4 bits decoded into one of 16 columns for the table
lookup.
Figure 4: Substitution with 8 S-boxes
The 32-bits of the previous step then go through a P-box based. What comes out of the P-box is then
XORed with the left half of the 64-bit block that we started out with. The output of this XOR ing operation
gives us the right half block for the next round.
Permutation P
16 7 20 21
29 12 28 17
1 15 23 26
5 18 31 10
2 8 24 14
32 27 3 9
19 13 30 6
22 11 4 25
CSCI 4650 - M01
CSCI 4650 - M01
Key Generation
The cipher consists of 16 rounds, or iterations. Each round uses a separate key of 48 bits. These round
keys are generated from the key block by dropping the parity bits (reducing the effective key size to 56
bits), permuting the bits, and extracting 48 bits (see Figure 5). A different set of 48 bits is extracted for
each of the 16 rounds
Figure 5: DES key schedule generation
PC-1 and PC-2 are permutation tables; LSH is a table of left shifts (rotations).
DES Decryption: uses the same algorithm as encryption, except that the application of the subkeys is
reversed. Additionally, the initial and final permutations are reversed.
CSCI 4650 - M01
Advanced Encryption Standard
In January 1997, researchers world-over were invited by NIST to submit proposals for a new standard to
be called Advanced Encryption Standard (AES). From 15 serious proposals, the Rijndael algorithm
proposed by Vincent Rijmen and Joan Daemen, two Belgian cryptographers won the contest.
1. AES is a block cipher with a block length of 128 bits.

2. AES allows for three different key lengths: 128, 192, or 256 bits.
3. Encryption consists of 10 rounds of processing for 128-bit keys, 12 rounds for 192-bit keys, and
14 rounds for 256-bit keys.
4. Except for the last round in each case, all other rounds are identical.
5. Each round of processing includes
 One single-byte based substitution step (SubBytes)
 A row-wise permutation step) ShiftRows)
 A column-wise mixing step (MixColumns)
 Addition of the round key.
6. The processing steps used in a single round, it is a 128-bit block as consisting of a 4×4 matrix of
bytes, arranged as follows:
7. Each round of processing works on the input state array and produces an output state array.
8. The output state array produced by the last round is rearranged into a 128-bit output block.
The Rijndael proposal for AES defined a cipher in which the block length and the key length can be
independently specified to be 128, 192, or 256 bits. The AES specification uses the same three key
size alternatives but limits the block length to 128 bits.
CSCI 4650 - M01
Addition
Example: 57 + 83 = D4
or with the polynomial notation:
( x6 + x4 + x2 + x + 1 ) + ( x7 + x + 1) = x7 + x6 + x4 + x2
Multiplication
Example: 57 · 83 = ‘C1’
or:
(x6 + x4 + x2 + x + 1) ( x7 + x + 1) =
x13 + x11 + x9 + x8 + x7 +
x7 + x5 + x 3 + x2 + x +
x6 + x4 + x2 + x + 1
= x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 + 1
x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 + 1modulo x8 + x4 + x3 + x + 1
x7 + x6 + 1
CSCI 4650 - M01
Substitute Bytes
1. a simple substitution of each byte

2. uses one table of 16x16 bytes containing a permutation of all 256 8-bit values
3. each byte of state is replaced by byte indexed by row (left 4-bits) & column (right 4-bits)
4. byte {95} is replaced by byte in row 9 column 5 which has value {2A}
Example:
CSCI 4650 - M01
In decryption uses shifts to right instead of shift to left.
MixColumns
Transformation during decryption is given by
Example
CSCI 4650 - M01
Round Key Addition: XORing each byte with a round key
AES Key Expansion
1. AES Key Expansion algorithm is used to derive the128-bit round key from the original 128-bit
encryption key.
2. the 128-bit input block is arranged in the form of a state array, the algorithm first
arranges the 16 bytes of the encryption key in the form of a 4 × 4 array of bytes
j 1 2 3 4 5 6 7 8 9 10
RC[j 1
01 02 04 08 10 20 40 80 3
] B
CSCI 4650 - M01
AES Key Expansion Example

CSCI 4650 - M01
Modes of Operation
A block cipher takes a fixed-length block of text of length b bits and a key as input and produces a bbit
block of ciphertext. If the amount of plaintext to be encrypted is greater than b bits, then the block. cipher
can still be used by breaking the plaintext up into b-bit blocks. When multiple blocks of plaintext are
encrypted using the same key, a number of security issues arise. To apply a block cipher in a variety of
applications, five modes of operation have been defined by NIST as summarized in Table (1).
1. Electronic Code Book (ECB)

2. Cipher Block Chaining (CBC)
3. Cipher Feedback (CFB)
4. Output Feedback (OFB)
5. Counter (CTR).
Table 1: Block Cipher Modes of Operation
Electronic Codebook Mode (ECB): Electronic codebook mode is the most obvious way to use a block
cipher.
Encryption
𝐶𝑗 = 𝐸𝐾(𝑃𝑗), 𝑗 = 1, … 𝑁
CSCI 4650 - M01
Decryption
𝑃𝑗 = 𝐷𝐾(𝐶𝑗), 𝑗 = 1, … 𝑁
ECB Mode
Properties:
1. Identical plaintext. The same plaintext block always maps to the same ciphertext
block.
2. Chaining dependencies. Reordering the plaintext blocks induces a reordering of the
same ciphertext blocks.
3. Error propagation. An error in a ciphertext block results in a deciphering error
only in the corresponding plaintext block.
Cipher Block Chaining Mode (CBC)

Cipher block chaining mode involves a vector bit sum operation of the message block with the previous
ciphertext block prior to enciphering.
Encryption
𝐶1 = 𝐸𝐾(𝑃𝑗 ⊕ 𝐼𝑉),
CSCI 4650 - M01
𝐶𝑗 = 𝐸𝐾(𝑃𝑗 ⊕ 𝐶𝑗-1), 𝑗 = 2, … 𝑁
Decryption
𝑃1 = 𝐷𝐾(𝐶1) ⊕ 𝐼𝑉,
𝑃𝑗 = 𝐷𝐾(𝐶𝑗) ⊕ 𝐶𝑗-1, 𝑗 = 2, … 𝑁
Properties: CBC Mode

1. Identical plaintext. The same sequence of ciphertext blocks result when the same key and the same
initialization vector are used.
2. Chaining dependencies. The chaining mechanism causes 𝐶𝑗 to depend on 𝐶𝑗-1 and 𝑃𝑗 , so
enciphering is not independent of reordering.
3. Error propagation. An error in a ciphertext block 𝐶𝑗 affects decipherment of 𝐶𝑗 and 𝐶𝑗+1.
Cipher Feedback Mode (CFB)
In the figure below (CFB scheme), it is assumed that the unit of transmission is s bits; a common value is s
= 8. As with CBC, the units of plaintext are chained together, so that the ciphertext of any plaintext unit is a
function of all the preceding plaintext. In this case, rather than blocks of b bits, the plaintext is divided into
segments of s bits.
First, consider encryption. The input to the encryption function is a b-bit shift register that is initially set to
some initialization vector (IV). The leftmost (most significant) s bits of the output of the encryption
function are XORed with the first segment of plaintext P1 to produce the first unit of ciphertext C1, which
is then transmitted. In addition, the contents of the shift register are shifted left by s bits, and C1 is placed in
the rightmost (least significant) s bits of the shift register. This process continues until all plaintext units
have been encrypted.
CSCI 4650 - M01
For decryption, the same scheme is used, except that the received ciphertext unit is XORed with the output
of the encryption function to produce the plaintext unit.
Output feedback (OFB)
The output feedback (OFB) mode is similar in structure to that of CFB. For OFB, the output of the
encryption function is fed back to become the input for encrypting the next block of plaintext (Figure)
OFB Mode
CSCI 4650 - M01
Counter (CTR)
Figure below depicts the CTR mode. A counter equal to the plaintext block size is used. The counter value
must be different for each plaintext block that is encrypted. Typically, the counter is initialized to some
value and then incremented by 1 for each subsequent block.
CTR Mode

Block Cipher Principles-Lec2

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Block Cipher Principles-Lec2

Uploaded by

Copyright:

Available Formats

Anas Abbood Computer Security Spring 2021

CSCI 4650 - M01

Block Cipher Principles

The Feistel Network:

Figure 1: Fiestel Cipher

Data Encryption Standard (DES)

Figure 2: General Description of DES Encryption

Initial Permutation (IP) Final Permutation (IP-1)

Figure 3, shows a single round of preprocessing in DES.

Figure 3: Single Round of DES Algorithm

Figure 4: Substitution with 8 S-boxes

Figure 5: DES key schedule generation

Advanced Encryption Standard

1. AES is a block cipher with a block length of 128 bits.

x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 + 1modulo x8 + x4 + x3 + x + 1

1. a simple substitution of each byte

In decryption uses shifts to right instead of shift to left.

Transformation during decryption is given by

Round Key Addition: XORing each byte with a round key

AES Key Expansion

AES Key Expansion Example

1. Electronic Code Book (ECB)

Table 1: Block Cipher Modes of Operation

Cipher Block Chaining Mode (CBC)

Properties: CBC Mode

Cipher Feedback Mode (CFB)

Output feedback (OFB)

You might also like