[CS304] Introduction to Cryptography and Network Security

Course Instructor: Dr. Dibyendu Roy Winter 2023-2024

Scribed by: Siddharth Gupta (202151156) Lecture (Week # 3)

Initial Permutation (IP)

IP:(0, 1)64 ⇒ (0, 1)64

IP(m1m2.......m64) ⇒ = m58m50......m7

Algorithm of f function
f(Ri,Ki)=Xi+1 where Ri is 32 bit
ki is 48 bit
xi+1 is 32 bit

f(Ri,ki)=P(S(E(Ri) + ki))

f: (0, 1)32 x (0, 1)42 ⇒ (0, 1)32

E will expend 32 bit to 48 bit

E : (0, 1)32 ⇒ (0, 1)48

E(x1x2x3......x32)=y1y2y3.........y48

S-box of f

S:(0, 1)48 ⇒ (0, 1)32

S(X)=y X ⇒ 48bit y=32bit

X=B1B2B3B4B5B6B7B8

length of Bi=6bit

S1S2S3S4S6S7S8

Si:(0, 1)6 ⇒ (0, 1)4 for all i=1,2,3...8

S(Bi(6bit))=Ci(4bit)

S(x)=(S1(B1)S2(B2).....S8(B8))

Si : (0, 1)6 ⇒ (0, 1)4

r=(2*b1+b6) 0¡=r¡=3

C=integral representation (b2b3b4b5b6) 0¡=c¡=15

1
Key Scheduling Algorithm of DES

k-key size of DES=64bit where 8 bit are for pointing check

k1,k2,k3,...k16

input : 64bit key k=k1k2k3....k64 output : 16 round keys ki 1¡=i¡=16 where length of ki is 8bit

i) Define 1¡=i¡=16 where vi=1 i ∈ 1, 2, 3otherwisevi = 2

ii) Discard parity check bit

iii) T=PC1( k) PC1 : Si:(0, 1)56 ⇒ (0, 1)56

iv) (C0,D0)=T length of C0=48 bit length D0=48bit

v) for i=1 to 16

Ci ⇐= (Ci-1 ⇐= Vi )
Di ⇐= (Di-1 ⇐= Vi )
Ki=PC2(Ci,Di)

PC2 : (0, 1)56 =⇒ (0, 1)48

PC1(k1.....k64)=PC1(K1......k63) =k49k41....k58...k4

DES(M,K)=c

DES(M̃,K̃)=c̃

Ks(K)=k1....k16

ks(k̃)=k̃1........k̃16

Ip(M),Ĩp(M̃)

R1=L0 + f(R1,K1) R1= L0 + f( R1, K1)

k̃1+ E(R̃0)=Ẽ(R0) + k̃1=E(R0) + K1

Brute force attack

k1k2k3........k256

DES(M,K)=c1

DES(M̃,K)=c2
attacker DES(Mi,Ki)=c if C != C1 discard ki from S

if C̃!=C2 discard ki from S

Attack Model

2
 1.Ciphertext Only Attack

Attacker is only getting ciphertext

Goal: To get back the plaintext or recover the secretkey

2.Know Plaintext Attack

Attacker know some plaintext and corresponding ciphertext

Goal: find a plaintext corresponding to a different ciphertext or find a secret key of the ciphertext

2.Know Plaintext Attack

Attacker know some plaintext and corresponding ciphertext

Goal: find a plaintext corresponding to a different ciphertext or find a secret key of the ciphertext

3.Choosen Plaintext Attack

Attacker choose plaintext of his/her choise and he/she will allowed to get corresponding cipher-
text.
Goal: generate a new plaintext ciphertext pair or find the secret key.

3.Choosen Ciphertext Attack

Attacker choose some cipher and his/her is provided corresponding plaintext

Goal: generate a different valid plaintext ciphertext pair or find the secret key.

k1k2k3........k256

M =⇒ DES(M, K) = c1

M̃ =⇒ DES( M, K) = c2

attacker DES(Mi,Ki)=ci if Ci != C1 ⇒ ki! = k

if C̃i !=C2 ⇒ k̃i! = k

DES is providing 56-bit security

2*56=112bit security

k ⇒ 128bit = (k0, k1)amongthis128bitthereare16prioritycheckbits

Double DES

Attacker is having one valid plaintext ciphertext pair

P,C ⇒ DoubleDES

select ki (Xi,ki) EnsDES(p,ki)=xi (Xi,ki) EnsDES(p,ki)=yi (yj,kj)

Triple DES secret secretkey k=(k0,k1)

n-bit exhaustive secret - 2n

3
 Algorithm which can find n-bit key in 2n/2
to get an n-bit security you need to use 2n bit triple layer setup

R∈y
A binary operation * on a set s is a mapping from SXS to S that is * is a rule which assigns to
each ordered pair of elements form s to an element of S

* : SXS ⇒ S∗ : (a, b) = cbelongstoS∗ : (b, a) = ddbelongstoS

it is not nessassry that c=d

Group

A group (G,*) consist of a set G with a binary operation on G satisfying three azions

1. The Group operation is associative (a*b)*c=a*(b*c)

2. There is an element I belongs to G called as identity element such that a*I=I*a for all a
belongs to G

3. for each a belongs to G there exits an element a−1 belong to G called the inverse of a such
that
a x a−1 =1= a−1 x a for all a belongs to G