Professional Documents
Culture Documents
Claude Shannon theoretically deduced the following principles that should be followed to design secure
cryptographic systems. These principles aim at thwarting cryptanalysis based on known statistical
properties of the plaintext.
Q-What are Shannon principles to design secure cryptographic system?
1. Confusion. In Shannon’s original definitions, confusion makes the relation between the key and the
ciphertext as complex as possible. Ideally, every letter in the key influences every letter of the
ciphertext block.
2. Diffusion. Diffusion refers to the property that the statistics structure of the plaintext is dissipated
into long range statistics of the ciphertext. In contrast to confusion, diffusion spreads the influence of a
single plaintext letter over many ciphertext letters.
Product ciphers use the two classical encryption forms: substitution and transposition, alternatively in
multiple rounds to achieve both confusion and diffusion respectively. Shannon was the first to investigate
the product cryptosystem (so called substitution-permutation network) and show that some sophisticated
heuristic ciphers were nothing other than products of some simpler ciphers. Most importantly, Shannon
identified the necessary condition of the cipher strength increases as a result of cascading simple ciphers.
One possible way to build a secret key algorithm using substitution-permutation network is to break the
input into manageable-sized chunks, do a substitution on each small chunk, and then take the outputs of
all the substitutions and run them through a permuter that is as big as the input, which shuffles the letters
around. Then the process is repeated, so that each letter winds up as an input to each of the substitutions.
The Feistel network shown in Fig. 1 is a particular form of the substitution-permutation network.
The exact realization of a Feistel network depends on the choices of the following parameters and design
features.
1. Block size: Larger block size means greater security, but reduces encryption/decryption speed.
2. Key size: Larger key size means greater security but may decrease encryption/decryption speed.
3. Number of rounds: Multiple rounds offer increasing security.
4. Subkey generation algorithm: Greater complexity in subkey generation leads to greater security.
5. Round function: Greater complexity
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
The Data Encryption Standard (DES) was designed to encipher sensitive but non classified data. It is bit-
oriented, unlike the other ciphers we have seen. It uses both transposition and substitution and for that
reason is sometimes referred to as a product cipher. Its input, output, and key are each 64 bits long.
The sets of 64 bits are referred to as blocks. The overall scheme for DES encryption is illustrated in Figure
2.
As with any encryption scheme, there are two inputs to the encryption function: the plaintext to be
encrypted and the key. In this case, the plaintext must be 64 bits in length and the key is 56 bits in length.
Looking at the left-hand side of the figure, we can see that the processing of the plaintext proceeds in
three phases. First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges the bits
to produce the permuted input. This is followed by a phase consisting of sixteen rounds of the same
function, which involves both permutation and substitution functions. The output of the last
(sixteenth)round consists of 64 bits that are a function of the input plaintext and the key.
The left and right halves of the output are swapped to produce the preoutput. Finally, the preoutput is
passed through a permutation [IP -1] that is the inverse of the initial permutation function, to produce the
64-bit ciphertext. With the exception of the initial and final permutations, DES has the exact structure of a
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
Feiste cipher, as shown in Figure 1. The right-hand portion of Figure 3.5 shows the way in which the 56-bit
key is used. Initially, the key is passed through a permutation function. Then, for each of the sixteen
rounds, a subkey (Ki) is produced by the combination of a left circular shift and a permutation. The
permutation function is the same for each round, but adifferent subkey is produced because of the
repeated shifts of the key bits.
3 5
58 50 42 26 18 10 2 40 8 48 16 24 64 32
4 6
3 5
60 52 44 28 20 12 4 39 7 47 15 23 63 31
6 5
3 5
62 54 46 30 22 14 6 38 6 46 14 22 62 30
8 4
4 5
64 56 48 32 24 16 8 37 5 45 13 21 61 29
0 3
3 5
57 49 41 25 17 9 1 36 4 44 12 20 60 28
3 2
3 5
59 51 43 27 19 11 3 35 3 43 11 19 59 27
5 1
3 5
61 53 45 29 21 13 5 34 2 42 10 18 58 26
7 0
3 4
63 55 47 31 23 15 7 33 1 41 9 17 57 25
9 9
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
64 bits
(8 words of 6 bits)
The 32-bit right half of the 64-bit input data block is expanded by into a 48-bit block. This is referred to as
the expansion permutation step, or the E-step.
The 48 bits of the expanded output produced by the E-step are XORed with the round key. This is referred
to as key mixing.
Expansion (E table)
32 1 2 3 4 5
4 5 6 7 8 9
1
8 9 10 11 13
2
1 1
12 14 15 17
3 6
1 2
16 18 19 21
7 0
2 2
20 22 23 25
The output produced by the 1 4 previous step is broken into eight
2 2
six-bit words. Each six-bit word 24 26 27 29 goes through a substitution step;
5 8
its replacement is a 4-bit word. The substitution is carried out with an
2 3
28 30 31 1
9 2
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
S-box. So after all the substitutions, we again end up with a 32-bit word. The 48-bit input word is divided
into eight 6-bit words and each 6-bit word fed into a separate S-box. Each S-box produces a 4-bit output.
Therefore, the 8 S-boxes together generate a 32-bit output as in Figure 4 Each of the eight S-boxes
consists of a 4×16 table lookup for an output 4-bit word. The first and the last bit of the 6-bit input word
are decoded into one of 4 rows and the middle 4 bits decoded into one of 16 columns for the table
lookup.
The 32-bits of the previous step then go through a P-box based. What comes out of the P-box is then
XORed with the left half of the 64-bit block that we started out with. The output of this XOR ing operation
gives us the right half block for the next round.
Permutation P
16 7 20 21
29 12 28 17
1 15 23 26
5 18 31 10
2 8 24 14
32 27 3 9
19 13 30 6
22 11 4 25
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
Key Generation
The cipher consists of 16 rounds, or iterations. Each round uses a separate key of 48 bits. These round
keys are generated from the key block by dropping the parity bits (reducing the effective key size to 56
bits), permuting the bits, and extracting 48 bits (see Figure 5). A different set of 48 bits is extracted for
each of the 16 rounds
PC-1 and PC-2 are permutation tables; LSH is a table of left shifts (rotations).
DES Decryption: uses the same algorithm as encryption, except that the application of the subkeys is
reversed. Additionally, the initial and final permutations are reversed.
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
In January 1997, researchers world-over were invited by NIST to submit proposals for a new standard to
be called Advanced Encryption Standard (AES). From 15 serious proposals, the Rijndael algorithm
proposed by Vincent Rijmen and Joan Daemen, two Belgian cryptographers won the contest.
7. Each round of processing works on the input state array and produces an output state array.
8. The output state array produced by the last round is rearranged into a 128-bit output block.
The Rijndael proposal for AES defined a cipher in which the block length and the key length can be
independently specified to be 128, 192, or 256 bits. The AES specification uses the same three key
size alternatives but limits the block length to 128 bits.
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
Addition
Example: 57 + 83 = D4
or with the polynomial notation:
( x6 + x4 + x2 + x + 1 ) + ( x7 + x + 1) = x7 + x6 + x4 + x2
Multiplication
Example: 57 · 83 = ‘C1’
or:
(x6 + x4 + x2 + x + 1) ( x7 + x + 1) =
x13 + x11 + x9 + x8 + x7 +
x7 + x5 + x 3 + x2 + x +
x6 + x4 + x2 + x + 1
= x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 + 1
x7 + x6 + 1
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
Substitute Bytes
Example:
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
MixColumns
Example
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
1. AES Key Expansion algorithm is used to derive the128-bit round key from the original 128-bit
encryption key.
2. the 128-bit input block is arranged in the form of a state array, the algorithm first
arranges the 16 bytes of the encryption key in the form of a 4 × 4 array of bytes
j 1 2 3 4 5 6 7 8 9 10
RC[j 1
01 02 04 08 10 20 40 80 3
] B
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
Modes of Operation
A block cipher takes a fixed-length block of text of length b bits and a key as input and produces a bbit
block of ciphertext. If the amount of plaintext to be encrypted is greater than b bits, then the block. cipher
can still be used by breaking the plaintext up into b-bit blocks. When multiple blocks of plaintext are
encrypted using the same key, a number of security issues arise. To apply a block cipher in a variety of
applications, five modes of operation have been defined by NIST as summarized in Table (1).
Electronic Codebook Mode (ECB): Electronic codebook mode is the most obvious way to use a block
cipher.
Encryption
𝐶𝑗 = 𝐸𝐾(𝑃𝑗), 𝑗 = 1, … 𝑁
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
Decryption
𝑃𝑗 = 𝐷𝐾(𝐶𝑗), 𝑗 = 1, … 𝑁
ECB Mode
Properties:
1. Identical plaintext. The same plaintext block always maps to the same ciphertext
block.
2. Chaining dependencies. Reordering the plaintext blocks induces a reordering of the
same ciphertext blocks.
3. Error propagation. An error in a ciphertext block results in a deciphering error
only in the corresponding plaintext block.
Encryption
𝐶1 = 𝐸𝐾(𝑃𝑗 ⊕ 𝐼𝑉),
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
𝐶𝑗 = 𝐸𝐾(𝑃𝑗 ⊕ 𝐶𝑗-1), 𝑗 = 2, … 𝑁
Decryption
𝑃1 = 𝐷𝐾(𝐶1) ⊕ 𝐼𝑉,
𝑃𝑗 = 𝐷𝐾(𝐶𝑗) ⊕ 𝐶𝑗-1, 𝑗 = 2, … 𝑁
In the figure below (CFB scheme), it is assumed that the unit of transmission is s bits; a common value is s
= 8. As with CBC, the units of plaintext are chained together, so that the ciphertext of any plaintext unit is a
function of all the preceding plaintext. In this case, rather than blocks of b bits, the plaintext is divided into
segments of s bits.
First, consider encryption. The input to the encryption function is a b-bit shift register that is initially set to
some initialization vector (IV). The leftmost (most significant) s bits of the output of the encryption
function are XORed with the first segment of plaintext P1 to produce the first unit of ciphertext C1, which
is then transmitted. In addition, the contents of the shift register are shifted left by s bits, and C1 is placed in
the rightmost (least significant) s bits of the shift register. This process continues until all plaintext units
have been encrypted.
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
For decryption, the same scheme is used, except that the received ciphertext unit is XORed with the output
of the encryption function to produce the plaintext unit.
The output feedback (OFB) mode is similar in structure to that of CFB. For OFB, the output of the
encryption function is fed back to become the input for encrypting the next block of plaintext (Figure)
OFB Mode
Anas Abbood Computer Security Spring 2021
CSCI 4650 - M01
Saint Luis University-Madrid
Counter (CTR)
Figure below depicts the CTR mode. A counter equal to the plaintext block size is used. The counter value
must be different for each plaintext block that is encrypted. Typically, the counter is initialized to some
value and then incremented by 1 for each subsequent block.
CTR Mode