Professional Documents
Culture Documents
CRYPTOGRAPHY AND
NETWORK SECURITY
Introduction :
STREAM CIPHERS & BLOCK CIPHERS
A stream cipher is one that encrypts a digital data
stream one bit or one byte at a time.
Plain text is divided in to number of streams.
BLOCK CIPHER
A block cipher is one in which a block of plaintext is
treated as a whole and used to produce a cipher text
block of equal length.
Plain text is divided in to number of blocks.
Typically, a block size of 64 or 128 bits is used.
• Confusion and diffusion area unit the
properties for creating a secure cipher.
• Confusion = Substitution
– a --> b Caesar Cipher
• Diffusion = Transposition or Permutation
– abcd --> dacb
BLOCK CIPHER PRINCIPLES
Three principles
NUMBER OF ROUNDS
DESIGNING FUNCTION F
KEY SCHEDULE ALGORITHM
NUMBER OF ROUNDS:
The Number of rounds should be based on the user wish.
If the number rounds may be increased then the algorithm is more
complex.
DESIGNING FUNCTION F
Complicated function should be designed instead of simple
function .
Non linear function should be designed instead of linear function.
F(x)=ax+b
Key Schedule Algorithm:
Key should be scheduled carefully because a small changes in key
value may cause big change in the cipher text.
Mode of Operation
5 modes:
ELECTRONIC CODE BOOK (ECB)
CIPHER BLOCK CHAINING (CBC)
CIPHER FEEDBACK MODE (CFB)
OUTPUT FEEDBACK MODE (OFB)
COUNTER MODE (CTR)
ELECTRONIC CODE BOOK (ECB)
The simplest (and not to be used anymore) of the
encryption modes is the electronic codebook (ECB)
mode .
The message is divided into blocks, and each block is
encrypted separately.
It is given by
of plaintext to be corrupt.
CIPHER FEEDBACK MODE
It is very similar to CBC, makes a block cipher into a
self-synchronizing stream cipher.
OUTPUT FEEDBACK MODE
The output feedback (OFB) mode makes a block cipher
into a synchronous stream cipher.
It generates key stream blocks, which are
then XOR with the plaintext blocks to get the cipher
text.
COUNTER MODE (CTR)
CTR mode is well suited to operate on a multi-
processor machine,
Blocks can be encrypted in parallel.
The counter can be any function which produces a
through unchanged.
But the left half, L, goes through an operation that
‘round’.
DES (DATA ENCRYPTION STANDARD)
ALGORITHM
Invented in the year 1977.
DES is a block cipher and encrypts data in blocks of
discarded.
DES is based on the two fundamental attributes of
cryptography
substitution (also called confusion) transposition (also
called diffusion).
DES consists of 16 steps, each of which is called a round.
Each round performs the steps of substitution and
transposition.
STEPS IN DES
In the first step, the 64-bit plain text block is handed over to
an initial Permutation (IP) function.
The initial permutation is performed on plain text.
Next, the initial permutation (IP) produces two halves of the
rounds.
Step-1: Key transformation:
◦ We have noted initial 64-bit key is transformed into a 56-bit
key by discarding every 8th bit of the initial key.
◦ Thus, for each a 56-bit key is available.
◦ From this 56-bit key, a different 48-bit Sub Key is generated
during each round using a process called key transformation.
Step-2: Expansion Permutation:
◦ Recall that after the initial permutation, we had two 32-bit plain text
areas called Left Plain Text(LPT) and Right Plain Text(RPT).
◦ During the expansion permutation, the RPT is expanded from 32 bits
to 48 bits.
◦ Bits are permuted as well hence called expansion permutation.
Then the expansion permutation process expands the 32-bit
RPT to 48-bits.
Now the 48-bit key is XOR with 48-bit RPT and the
An input "011011" has outer bits "01" and inner bits "1101"; the
corresponding output would be "1001".
P-BOX
permutation box (or P-box) is a method of bit-
shuffling used to permute or transpose bits across
S-boxes inputs.
THREE TYPES
Straight
expansion
Compression
P-BOX
SWAPPING
• It is the process of interchanging Left Plain Text(LPT) and Right
Plain Text(RPT) to get the corresponding cipher text.
Drawbacks
The 56 bit key size is the largest defect of DES.
DES was not designed for application and therefore it
before.
Shift Rows :
This step is just as it sounds. Each row is shifted a
particular number of times.
The first row is not shifted
The second row is shifted once to the left.
The third row is shifted twice to the left.
The fourth row is shifted thrice to the left.
(A left circular shift is performed.)
[ b0 | b1 | b2 | b3 ] [ b0 | b1 | b2 | b3 ]
| b4 | b5 | b6 | b7 | -> | b5 | b6 | b7 | b4 |
| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |
[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 | b14 ]
Mix Columns :
This step is basically a matrix multiplication. Each
column is multiplied with a specific matrix and thus the
position of each byte in the column is changed as a
result.
This step is skipped in the last round.
[ c0 ] [ 2 3 1 1 ] [ b0 ]
| c1 |= | 1 2 3 1 | | b1 |
| c2 | | 1 1 2 3 | | b2 |
[ c3 ] [ 3 1 1 2 ] [ b3 ]
Add Round Keys :
Now the resultant output of the previous stage is XOR-
ed with the corresponding round key.
Here, the 16 bytes is not considered as a grid but just
decimal values
XOR Operation
Take 64 bit plain text
Keys are stored in an array (k)
◦ K1,k2,k3…k14
◦ Each has 32 bit
◦ 32*14 = 448
Initialize an array (p)
◦ 18 sub keys{P[0]…P[17]} are needed in both encryption as
well as decryption process and the same sub keys are used for
both the processes.
◦ These 18 sub keys are stored in a P-array with each array
element being a 32-bit entry.
Initialize Substitution Boxes:
◦ 4 Substitution boxes(S-boxes) are needed{S[0]…S[4]} in both
encryption as well as decryption process.
◦ Each S-box having 256 entries{S[i][0]…S[i][255} where each
entry is 32-bit.
The hexadecimal representation of each of the sub keys
is given by:
P[0] = "243f6a88"
P[1] = "85a308d3"
...
P[17] = "8979fb1b"
Step3: Encryption:
The encryption function consists of two parts:
a. Rounds: The encryption consists of 16 rounds with
each round(Ri) taking inputs the plaintext(P.T.) from
previous round and corresponding sub key(Pi).
The description of each round is as follows:
DESCRIPTION OF THE FUNCTION ”F ”
b. POST-PROCESSING:
Stream Ciphers
Plain text is divided in to number of streams.
In stream cipher, one byte is encrypted at a time while
bits.
Stream Cipher follows the sequence of pseudorandom
number stream.
One of the benefits of following stream cipher is to
encryption.
Plaintext is encrypted in blocks, with each block having a
ENCRYPTION
e
C = M mod n
7
C = 88 mod 187
4 2 1
C = [(88 mod 187) * (88 mod 187) * (88 mod 187)]
mod 187(BY MODULAR ARITHMETIC)
1
88 mod 187 = 88
2
88 mod 187 = 7744 mod 187 = 77
4
88 mod 187 = 59,969,536 mod 187 = 132
7
88 mod 187 = (88 * 77 * 132) mod 187
=89 4,432 mod 187
CIPHER TEXT = 11
DECRYPTION
d
M = C mod n
23
M = 11 mod 187,
23 1 2 4 8
11 mod 187 = [(11 mod 187) * (11 mod 187) * (11 mod 187) * (11
8
mod 187) * (11 mod 187)] mod 187
1
11 mod 187 = 11
2
11 mod 187 = 121
4
11 mod 187 = 14,641 mod 187 = 55
8
11 mod 187 = 214,358,881 mod 187 = 33
23
11 mod 187 = (11 * 121 * 55 * 33 * 33) mod 187
= 79,720,245 mod 187
= 88
The Security of RSA
Five possible approaches to attacking the RSA algorithm
are
◦ • Brute force: This involves trying all possible private keys.
◦ • Mathematical attacks: There are several approaches, all
equivalent in effort to factoring the product of two primes.
◦ • Timing attacks: These depend on the running time of the
decryption algorithm.
◦ • Hardware fault-based attack: This involves inducing hardware
faults in the processor that is generating digital signatures.
◦ • Chosen ciphertext attacks: This type of attack exploits
properties of the RSA algorithm
DIFFIE HELLMAN KEY EXCHANGE
ALGORITHM
Not an Encryption algorithm
It Exchange Symmetric / Secret key
It is an Asymmetric Encryption technique
In order to send the message between the sender and