Information

Security
(3170720)
UNIT 2 AND 3: STREAM CIPHERS AND BLOCK CIPHERS, BLOCK CIPHER
STRUCTURE, D ATA E N C RY P T I O N S TA N D A R D (DES) WITH EXAMPLE,
STRENGTH OF DES, DESIGN PRINCIPLES OF BLOCK CIPHER, AES WITH
S T R U C T U R E , I T S T R A N S F O R M AT I O N F U N C T I O N S , K E Y E X PA N S I O N , E X A M P L E
A N D I M P L E M E N TAT I O N , M U LT I P L E E N C RY P T I O N A N D T R I P L E D E S , B L O C K
CIPHER MODE
R E F E R E N C E B O O K - C RY P T O G R A P H Y A N D N E T W O R K S E C U R I T Y, P R I N C I P L E S
A N D P R A C T I C E S I X T H E D I T I O N , W I L L I A M S TA L L I N G S , P E A R S O N
CHAPTER -3 , CHAPTER-5 AND CHAPTER -6
 Road Map
 Stream ciphers and block ciphers
 Block Cipher structure
 Data Encryption standard (DES) with example
 strength of DES
 Multiple DES (2-DES and 3-DES)
 Block Cipher Mode
 Design principles of block cipher
 AES with structure, its transformation
functions, key expansion, example
Classical vs. Modern Cryptography
 Modern Cryptography

For example, Key =64bit then possible keyspace =

264
Modern Cryptography
 Modern Stream Cipher
 A stream cipher is one which encrypts digital data stream one bit or
one byte at a time
 Example: vernam Cipher , RC4, SEAL etc.
Modern Block Cipher
 Modern Block Cipher
 A Symmetric-key modern block cipher encrypts an n-bit block of
plaintext or decrypts an n-bit block of ciphertext.
 The encryption or decryption algorithm uses a k-bit key.
 Invertibility of encryption and decryption algorithms and same
secret key.
 If the message has fewer than n bits, padding must be added to
make it an n-bit block.
 If the message has more than n bits, it should be divided into n-
bit blocks & the appropriate padding must be added to the last
block if necessary.
Modern Block Cipher-substitution and transposition

 A modern block cipher can be designed to act as a substitution

cipher or a transposition cipher.
 In substitution cipher, plaintext and ciphertext can have a
different number of 0’s and 1’s.
 If the cipher is designed as a substitution cipher, a 1-bit or 0-bit in
the plaintext can be replaced by either a 0 or a 1.
plaintext: 0110 1001 1001 0110
ciphertext: 0100 0111 1011 0111
 Hence, plaintext and ciphertext can have different numbers of 1’s.
Modern Block Cipher-substitution and transposition

 If the cipher is designed as a transposition cipher, the bits are

only reordered (transposed).
plaintext: 0110 1001 1001 0110
ciphertext: 1101 0101 0100 0011

 Hence, there is the same number of 1’s in the plaintext and in

the ciphertext.

 Modern block ciphers are designed as substitution ciphers

because the inherent characteristics of transposition (preserving
number of 1’s and 0’s)make the cipher to vulnerable to
exhaustive-search attack.
Difference between Stream cipher and Block
Cipher
Stream Cipher
Basic A stream cipher is a type of
symmetric-key cipher that converts
the plain text into cipher text by
converting one bit/byte of plain text
at a time.
Block Cipher
A block cipher is a symmetric key
cipher that converts the plain text
into cipher text by converting
plaintext block-wise at a time

Complexity Complex Comparatively Simple Design

No of bits used 8 bits 64bits or more
Confusion and Relies on confusion only Uses both confusion and diffusion
Diffusion
Reversibility It is easier to reverse the encrypted it is difficult to reverse the
text to plain text in a stream cipher. encrypted text to plain text in the
block cipher
Algorithm CFB (Cipher feedback ) ECB (Electronic Code Book)
Model used OFB (output feedback) CBC (Cipher Block Chaining)
Example Fish, RC4, SEAL etc DES, RC5, Blowfish etc
Motivation towards Feistel Cipher structure
Motivation towards Feistel Cipher structure
Motivation towards Feistel Cipher structure

An arbitrary reversible substitution cipher (the ideal block cipher) for a large block size
is not practical, however, from an implementation and performance point of view.
 Component of Modern Block Cipher
 Modern Block ciphers normally are not designed as a single unit.
 To provide required properties of a modern block cipher, such as
diffusion and confusion, a modern block cipher is made of a
combination of
 Transposition units(P-boxes)
 Substitution units (S-boxes)
 Some other units (such as XOR operation, circular shift
operation, swap operation etc..)
 Confusion and Diffusion
 In cryptography, confusion and diffusion are two properties of the
operation of a secure cipher which were identified by Claude
Shannon.
 Confusion and Diffusion
Diffusion
 It hides the relationship between plaintext and ciphertext.
 Diffusion implies that each symbol (character or bit) in the ciphertext
is dependent on some or all symbols in plaintext.
 In other words, if single symbol in plaintext is changed, several or all
symbols in the ciphertext will be changed.
 It is achieved by use of transposition or permutation algorithm.
 it is used by block ciphers.
 It increases the redundancy of plain text by spreading it across the
rows and column
 Confusion and Diffusion
Confusion
 Confusion refers to making the relationship between the key and the
ciphertext as complex and involved as possible
 It hides the relationship between key and ciphertext.
 In other words, if single bit in key is changed, most or all bits in the
ciphertext will be changed.
 It is achieved by use of complex substitution algorithm.
 One aim of confusion is to make it very hard to find the key even if
one has a large number of plaintext-ciphertext pairs produced with
the same key.
 it is used by both block and stream ciphers
 Confusion Diffusion

Confusion andWhile
Diffusion
Confusion is a cryptographic technique
diffusion is used to create
which is used to create faint cipher
cryptic plain texts.
texts.

This technique is possible through While it is possible through

substitution algorithm. transportation algorithm.

In confusion, if one bit within the While in diffusion, if one image within
secret’s modified, most or all bits the plain text is modified, many or all
within the cipher text also will be image within the cipher text also will
modified. be modified

In confusion, vagueness is increased in While in diffusion, redundancy is

resultant. increased in resultant.

Both stream cipher and block cipher

uses confusion. Only block cipher uses diffusion.

While The relation between the cipher

The relation between the cipher text text and the plain text is masked by
and the key is masked by confusion. diffusion.
 Transposition Units (P-boxes)
 A P-box parallels the traditional transposition cipher for
characters.
 It transposes bits.
 There are 3 types:
 Straight P-box
 Compression P-box
 Expansion P-box

Mapping between input and outputs of these boxes are predetermined.

Only straight P-box is invertible.
 Substitution Units (S-box)
 An S-box (substitution box) can be thought of as a miniature
substitution cipher.
 However S-box, can have same or different number of input and
outputs.
 In other words, input to S-box could be a n bit word and output
can be an m bit word, where m and n are not necessary same.

No. of input bits  No. of output bits

 Substitution Units (S-box)

No. of input bits = No. of output bits

 Exclusive – OR (XOR)
 The important component of Modern Block ciphers is exclusive-or
operation. It has 5 properties.

1. Closure: result of two n-bit words is one n-bit word.

2. Associativity: one can use more than on XOR operation in any
order. X  (Y  Z) = (X  Y)  Z
3. Commutatively: can swap input without affecting output
i.e. (x  y)= (y x)
4. Existence of identity: XORing with identity element does not
change the word (x  0 ) = x
5. Existence of inverse: each word is additive inverse of itself, a
word XOR with itself yields an identity . (x  x) = 0
 Exclusive – OR (XOR)
 The inverse of an XOR operation make sense only if one of the
input is fixed (is the same in encryption and decryption)
 For example, if one the input is key, which normally is the same in
both encryption and decryption, then XOR is self invertible.

Y= X  K X= Y  K
Circular Shift
Circular Shift
Product Cipher
Product Cipher
Product Cipher
Two Classes of Product Cipher

Traditional Block Cipher structure

Two Classes of Product Cipher
 Feistel Cipher Structure
Feistel designed a very intelligent and interesting cipher that has been used for
decades.
 Final Version of
Feistel Cipher
Structure

Input
 Plaintext: 2w bit
 A Key K

Output
 Ciphertext: 2w bit

LE1 = RE0
RE1= LE0  F(K1, RE0)
 Final Version of
Feistel Cipher
Structure

Input
 Plaintext: 2w bit
 A Key K

Output
 Ciphertext: 2w bit

LE1 = RE0
RE1= LE0  F(K1, RE0)
 Feistel Cipher Structure-Encryption Process
 Feistel Cipher is not a specific scheme of block cipher.
 It is a design model from which many different block ciphers are
derived. DES is just one example of a Feistel Cipher.
 A cryptographic system based on Feistel cipher structure uses the
same algorithm for both encryption and decryption.
 The encryption process uses the Feistel structure consisting multiple
rounds of processing of the plaintext, each round consisting of a
“substitution” step followed by a permutation step.
 Separate Subkey is generated from KEY K using Subkey generation
algorithm.
 The plaintext block is divided into two halves, L0 and R0 and they pass
through n round.
Feistel Cipher Structure-Encryption Process

Each round uses a different key

 Feistel Cipher Structure-Encryption Process
 All rounds have the same structure.
 A substitution is performed on the left half of the data.
 This is done by applying a round function F to the right half of
the data and then taking the exclusive-OR of the output of that
function and the left half of the data.
 The round function has the same general structure for each
round but is parameterized by the round subkey Ki.
 Following this substitution, a permutation is performed that
consists of the interchange of the two halves of the data.
 This structure is a particular form of the substitution-
permutation network (SPN) proposed by Shannon.
 Feistel Cipher Structure-Decryption Process
 The process of decryption
in Feistel cipher is almost
similar except that
subkeys used in the
reverse order.
 The rule is as follows:
 Use the ciphertext as
input to the
algorithm, but use the
subkeys Ki in reverse
order.
 That is, use Kn in the
first round, Kn-1 in the
second round, and so
on, until K1 is used in
the last round.
 Feistel Cipher Structure-Decryption Process
At every round, the intermediate value of the decryption process
is equal to the corresponding value of the encryption process
with the two halves of the value swapped.

First, consider the encryption process. We see that

LE16 = RE15
RE16 = LE15  F(RE15, K16) The XOR has the following properties:
[A  B]  C = A [B  C]
DD=0
On the decryption side, E0=E
LD1 = RD0 = LE16 = RE15
RD1 = LD0  F(RD0, K16)
= RE16  F(RE15, K16)
= [LE15  F(RE15, K16)]  F(RE15, K16)
= LE15  [F(RE15, K16)  F(RE15, K16) ] = LE15  0 = LE15
 Feistel Cipher Structure
Design Features
 Block size:
 Larger block sizes mean greater security but reduced
encryption / decryption speed for a given algorithm
 Preferable 64 or 128bits
 Key Size:
 Larger key size means greater security but may decrease
encryption / decryption speed.
 Preferable 64 or 128bits
 Number of Rounds
 The essence of the Feistel cipher is that a single round offers
inadequate security but that multiple rounds offer increasing
security.
 A typical size is 16 rounds.
 Feistel Cipher Structure
Design Features
 Subkey Generation Algorithm
 Greater complexity in this algorithm should lead to slower the
process
 Round Function:
 Greater complexity in this Function should lead to slower the
process
 Fast Software Encryption/Decryption:
 the speed of execution of the algorithm becomes a concern.
 Ease of analysis:
Data Encryption
Standard
(DES)
 DES
 It is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST).
 Block Size: 64 bit
 Key Size= 64 bit (only 56bits are effective – 8bit are parity bit –
every 8th bit are considered as parity bit)
 Number of round: 16  Feistel Structure
Actually, the initial key consists of 64 bits. However, before the DES process even
starts, every 8th bit of the key is discarded to produce a 56 bit key. That is bit position
8, 16, 24, 32, 40, 48, 56 and 64 are discarded.
Key Expansion Algorithm
DES
 Initial Permutation (IP)
M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010 1010 1111 0000 1010 1010

Here the 58th bit of M is "1", which becomes the first bit of IP. The 50th bit of M is "1",
which becomes the second bit of IP. The 7th bit of M is "0", which becomes the last bit of IP.

Initial Permutation
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
the first bit of the output is taken from the
58th bit of the input; the second bit from the 62 54 46 38 30 22 14 6
50th bit, and so on, with the last bit of the 64 56 48 40 32 24 16 8
output taken from the 7th bit of the input.
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
 Final Permutation (IP-1)
the first bit of the output is taken from the 40th bit of the input; the second bit
from the 8th bit, and so on, with the last bit of the output taken from the 25th
bit of the input.

Final Permutation The initial and

40 8 48 16 56 24 64 32 final permutations
39 7 47 15 55 23 63 31 are straight P-
38 6 46 14 54 22 62 30 boxes that are
37 5 45 13 53 21 61 29
inverses
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
of each other and
34 2 42 10 50 18 58 26 they are
33 1 41 9 49 17 57 25 predetermined
 DES Rounds
DES uses
the first 16output
bit of the rounds.
is takenEach
from the round
40th bit of of DEStheissecond
the input; a Feistel
bit
from the 8th bit, and so on, with the last bit of the output taken from the 25th
cipher.
bit of the input.
DES Function
 DES Functions – Expansion P Box
Since RI−1 is a 32-bit input and KI is a 48-bit key, we first need to expand R I−1 to 48 bits.
 DES Functions – XOR
Whitener (XOR)
After the expansion permutation, DES uses the XOR
operation on the expanded right section and the round
key. Note that both the right section and the key are 48-
bits in length. Also note that the round key is used only in
this operation.
 DES Functions – S-Boxes
S-Boxes
The S-boxes do the real mixing (confusion). DES uses 8
S-boxes, each with a 6-bit input and a 4-bit output
S-Box Rule
Role of S-BOX
DES Functions – Straight Permutation
 Key Generation
(PC1)
The round-key
generator creates
sixteen 48-bit
keys out of a 56-
(PC2) bit cipher key.

(PC2)

(PC2)
 Parity Drop Table -Permuted Choice -1

Number of bits shift in each round

Compression Permutation – Permuted Choice 2

 DES Decryption
 The same algorithm as encryption.
 Reversed the order of key (Key16, Key15, … Key1).
 The initial and final permutations are reversed.
 DES -Example
Plaintext = 0123456789ABCDEF
Key= 133457799BBCDFF1

M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111

L = 0000 0001 0010 0011 0100 0101 0110 0111

R = 1000 1001 1010 1011 1100 1101 1110 1111

K = 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001

Step 1: Create 16 subkeys, each of which is 48-bits long
K = 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001

PC-1
Parity Drop

C0 D0

Example: From the original 64-bit key

we get the 56-bit permutation
K+ = 1111000 0110011 0010101 0101111 0101010 1011001 1001111 0001111
Next, split this key into left and right halves, C0 and D0, where each half has 28 bits.

Example: From the permuted key K+, we get

C0 = 1111000 0110011 0010101 0101111

D0 = 0101010 1011001 1001111 0001111
1 2 3 4 5 6 7 8 9 10 11 12
0 0 0 1 0 0 1 1 0 0 1 1 Key= 133457799BBCDFF1
13 14 15 16 17 18 19 20 21 22 23 24
0 1 0 0 0 1 0 1 0 1 1 1
25 26 27 28 29 30 31 32 33 34 35 36
0 1 1 1 1 0 0 1 1 0 0 1
37 38 39 40 41 42 43 44 45 46 47 48
1 0 1 1 1 0 1 1 1 1 0 0
49 50 51 52 53 54 55 56 57 58 59 60
1 1 0 1 1 1 1 1 1 1 1 1
61 62 63 64
0 0 0 1
Step 1: Create 16 subkeys, each of which is 48-bits long
Left Shift Operation
To do a left shift, move each bit one place to the left, except for the first bit, which is
cycled to the end of the block.

C1 and D1 are calculated from C0 and D0

C2 and D2 are calculated from C1 and D1
And so on
C16 and D16 are calculated from C15 and D15

C0 = 1111000011001100101010101111
D0 = 0101010101100110011110001111
C1 = 1110000110011001010101011111
D1 = 1010101011001100111100011110
C2 = 1100001100110010101010111111
D2 = 0101010110011001111000111101
Step 1: Create 16 subkeys, each of which is 48-bits long
Left Shift Operation
C3 = 0000110011001010101011111111
D3 = 0101011001100111100011110101
C4 = 0011001100101010101111111100
D4 = 0101100110011110001111010101
C5 = 1100110010101010111111110000
D5 = 0110011001111000111101010101
C6 = 0011001010101011111111000011
D6 = 1001100111100011110101010101
C7 = 1100101010101111111100001100
D7 = 0110011110001111010101010110
C8 = 0010101010111111110000110011
D8 = 1001111000111101010101011001
C9 = 0101010101111111100001100110
D9 = 0011110001111010101010110011
C10 = 0101010111111110000110011001
D10 = 1111000111101010101011001100
C11 = 0101011111111000011001100101
D11 = 1100011110101010101100110011
C12 = 0101111111100001100110010101
D12 = 0001111010101010110011001111
C13 = 0111111110000110011001010101
D13 = 0111101010101011001100111100
C14 = 1111111000011001100101010101
D14 = 1110101010101100110011110001
C15 = 1111100001100110010101010111
D15 = 1010101010110011001111000111
C16 = 1111000011001100101010101111
D16 = 0101010101100110011110001111
Step 1: Create 16 subkeys, each of which is 48-bits long
PC-2 – Compression P-box (56bit to 48bit)
We now form the keys Kn, for 1<=n<=16, by applying the following permutation table to
each of the concatenated pairs CnDn. Each pair has 56 bits, but PC-2 only uses 48 of these.

Example: For the first key we have

C1D1 = 1110000 1100110 0101010 1011111 1010101 0110011 0011110 0011110

which, after we apply the permutation PC-2, becomes

K1 = 000110 110000 001011 101111 111111 000111 000001 110010

Step 1: Create 16 subkeys, each of which is 48-bits long
PC-2 – Compression P-box (56bit to 48bit)
For the other keys we have
K2 = 011110 011010 111011 011001 110110 111100 100111 100101
K3 = 010101 011111 110010 001010 010000 101100 111110 011001
K4 = 011100 101010 110111 010110 110110 110011 010100 011101
K5 = 011111 001110 110000 000111 111010 110101 001110 101000
K6 = 011000 111010 010100 111110 010100 000111 101100 101111
K7 = 111011 001000 010010 110111 111101 100001 100010 111100
K8 = 111101 111000 101000 111010 110000 010011 101111 111011
K9 = 111000 001101 101111 101011 111011 011110 011110 000001
K10 = 101100 011111 001101 000111 101110 100100 011001 001111
K11 = 001000 010101 111111 010011 110111 101101 001110 000110
K12 = 011101 010111 000111 110101 100101 000110 011111 101001
K13 = 100101 111100 010111 010001 111110 101011 101001 000001
K14 = 010111 110100 001110 110111 111100 101110 011100 111010
K15 = 101111 111001 000110 001101 001111 010011 111100 001010
K16 = 110010 110011 110110 001011 000011 100001 011111 110101
 Step 2 : Encode each 64-bit block of data
Initial Permutation

Example: Applying the initial permutation to the block of text M, we get

M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010 1010 1111 0000 1010 1010
 Step 2 : Encode each 64-bit block of data
Divide Block into Left half and Right half
Next divide the permuted block IP into a left half L0 of 32 bits, and a right half R0 of 32
bits.

Example: From IP, we get L0 and R0

L0 = 1100 1100 0000 0000 1100 1100 1111 1111
R0 = 1111 0000 1010 1010 1111 0000 1010 1010
 Step 2 : Encode each 64-bit block of data
16 -rounds

Ln = Rn-1
Rn = Ln-1  f(Rn-1,Kn)

Round 1:
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
L1 = R0 = 1111 0000 1010 1010 1111 0000 1010 1010
R1 = L0  f(R0,K1) -> First expansion to convert 32bit Right half into 48bit
16 -rounds
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
L1 = R0 = 1111 0000 1010 1010 1111 0000 1010 1010
R1 = L0  f(R0,K1)

Calculation of f(R0,K1)
1. First expansion to convert 32bit Right half into 48bit
Example: We calculate E(R0) from R0 as follows:
R0 = 1111 0000 1010 1010 1111 0000 1010 1010
E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101

2. XOR with Subkey

K1 = 000110 110000 001011 101111 111111 000111 000001 110010
E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101
K1  E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111.
16 -rounds
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
L1 = R0 = 1111 0000 1010 1010 1111 0000 1010 1010
R1 = L0  f(R0,K1)

Calculation of f(R0,K1)
3. Substitution units (S-Boxes)
Write the previous result, which is 48 bits, in the form:

Kn  E(Rn-1) =B1B2B3B4B5B6B7B8,

where each Bi is a group of six bits. We now calculate

S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8)

where Si(Bi) referrers to the output of the i-th S box

16 -rounds
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
L1 = R0 = 1111 0000 1010 1010 1111 0000 1010 1010
R1 = L0  f(R0,K1) S1 Table

Calculation of f(R0,K1)
3. S-Boxes

K1  E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111.

For S1 Box:
011000  0101
Row: 0
Column : 12
Final result of S-Boxes
S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) = 0101 1100 1000
0010 1011 0101 1001 0111
16 -rounds
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
L1 = R0 = 1111 0000 1010 1010 1111 0000 1010 1010
R1 = L0  f(R0,K1)

Calculation of f(R0,K1)
4. Permutation of f= P(S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8))

The permutation P is defined in the following table. P yields a 32-bit output from
a 32-bit input by permuting the bits of the input bloc

S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) =
0101 1100 1000 0010 1011 0101 1001 0111
we get
f = 0010 0011 0100 1010 1010 1001 1011 1011
16 -rounds
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
L1 = R0 = 1111 0000 1010 1010 1111 0000 1010 1010
R1 = L0  f(R0,K1)
====================================================================
L0 = 1100 1100 0000 0000 1100 1100 1111 1111
f = 0010 0011 0100 1010 1010 1001 1011 1011

Now , Finally L0 XOR with output of f function

R1 = L0  f(R0,K1)

= 1100 1100 0000 0000 1100 1100 1111 1111


0010 0011 0100 1010 1010 1001 1011 1011

R1 = 1110 1111 0100 1010 0110 0101 0100 0100

16 -rounds
In next round
L 2 = R1
R2 =L1 + f(R1, K2), and so on for 16 rounds.

At the end of the sixteenth round we have the blocks L16 and R16.

We then reverse the order of the two blocks into the 64-bit block R16L16

and apply a final permutation IP-1 as defined by the following table:

16 -rounds
Example: If we process all 16 blocks using the method defined previously, we get, on the
16th round,

L16 = 0100 0011 0100 0010 0011 0010 0011 0100

R16 = 0000 1010 0100 1100 1101 1001 1001 0101

We reverse the order of these two blocks and apply the final permutation to

R16L16 = 00001010 01001100 11011001 10010101 01000011 01000010 00110010 00110100

IP-1 = 10000101 11101000 00010011 01010100 00001111 00001010 10110100 00000101

which in hexadecimal format is 85E813540F0AB405.

This is the encrypted form of M = 0123456789ABCDEF: namely, C =

85E813540F0AB405.
 DES –Example 2
Plaintext = 02468ACEECA86420
Key= 0F1571C947D9E859
Ciphertext=da02ce3a89ecac3b
 DES –The Avalanche Effect
 A desirable property of any encryption algorithm is that a small
change in either the plaintext or the key should produce a significant
change in the ciphertext.
 In particular, a change in one bit of the plaintext or one bit of the key
should produce a change in many bits of the ciphertext. This is
referred to as the avalanche effect.
 Strengths of DES
 The use of 56 bit keys
 With a key length of 56 bits, there are 256 possible keys, which is
approximately 7.2 * 1016 keys.  a brute-force attack appears
impractical (but in current era, due to advancement in technology
it is possible)
 The Nature of the DES Algorithm
 The design criteria for S- boxes were not made public. no one has
so far succeeded in discovering the supposed fatal weaknesses in
the S-boxes
 Timing Attacks
 A timing attack is one in which information about the key or the
plaintext is obtained by observing how long it takes a given
implementation to perform decryptions on various ciphertexts.
 It so far appears unlikely that this technique will ever be successful
against DES or more powerful symmetric ciphers such as triple DES
and AES.
Problem with DES
Weakness of DES
 Weakness of DES
Weak Key
 A weak key is the one which after parity drop operation,
consists either of all 0's,all 1's or half 0's and half 1's
 Four out of the 256 keys are weak keys
 Weak keys create same 16 round keys.
 Weakness of DES
 What the key scheduling algorithms does it just pemutates
and shift operations so if we do with the shift operation and
permutation for this bits it almost results the same.
 That means there is non-linearity in the key scheduling its just
transposition so these keys are considered as the weak keys
 If we encrypt a block with a weak key and subsequently
encrypt the result with the same weak key, we get the original
block
 Weakness of DES
Semi-weak keys create only 2 different round keys; k1, k2 and repeated 8 times
There are six key pairs that are called semi-weak keys
The round keys created from each pair are the same in different order
 Weakness of DES
Semi-weak keys create only 2 different round keys; k1, k2 and repeated 8 times
There are six key pairs that are called semi-weak keys
The round keys created from each pair are the same in different order
 Multiple DES
Major limitation of DES
• Key length is too short (56 bits).
• Question: So can we apply DES multiple times to
increase the strength of encryption?
• Advantage: We could then preserve the existing
investment in software and equipment.

•Double DES
•Triple DES
 Double DES
Apply two iterations of DES with two keys K1 and K2

It only takes twice as long to break double DES using brute force. Because DES has 56-bit
security, double DES has 2× 256= 257 security
 Meet in middle attack on Double DES
 Using a known-plaintext attack called meet-in-the-middle
attack is possible on Double DES.
 This attack involves encryption from one end and decryption
from other end and matching the results in the middle.

Vulnerable to “meet in the middle” attack

 Adversary has a known plaintext P and ciphertext C
 Works forward encrypting P with all possible K1 (256
combination)
 Works backward decrypting C with all possible K2 (256
combination)
 Stores results and searches for matches
 “Meet In The Middle” Attack
“I’ll try all K1 and
store the results in
a table”
“I’ll try all K2
and store the
results in
another table”

Table of all possible M Table of all possible M

created by encrypting P “Now I’ll compare created by decrypting C
the two and look
for any matches”
 “Meet In The Middle” Attack
M K1
M’s (and keys K1 and K2
that created them) kept in 1010001…10 0110100…01
sorted tables “So this
◦ 256 runs to create each table might be
K1 and
◦ Match gives plausible values K2”
for K1 and K2 “These
match”
“Double DES” not
computationally secure
M K2

1010001…10 1100110…00
 Triple DES
 There are two variants of Triple DES known as 3-key Triple DES
(3TDES) and 2-key Triple DES (2TDES).

2-key Triple DES

 2-key Triple DES
 Use three stages of DES for encryption and decryption.
 The 1st , 3rd stage use 𝐾1 key and 2nd stage use 𝐾2 key
 It’s much stronger than double DES
 By the use of triple DES with 2-key encryption, it raises the cost
of meet-in-the-middle attack to 2112.
Meet-in-the-middle attack  2-key Triple DES
 3-key Triple DES
 Although the attacks meet-in-the-middle impractical, anyone
using two-key 3DES may feel some concern.
 Thus, many researches now feel that 3-key 3DES (Effective key
length of 168 bits) is the preferred alternative.
 Use three stages of DES for encryption and decryption with three
different keys.
 3-key 3DES has an effective key length of 168 bits and is defined
as,
C = EK3[DK2[EK1[P]]]

P = DK1[EK2[DK3[C]]]
 3-key Triple DES

C = EK3[DK2[EK1[P]]]

P = DK1[EK2[DK3[C]]]
 Block Cipher Mode
Mode of Operation:- In Cryptography, an algorithm used in
conjunction with a block cipher that make up complete encryption
algorithm
 How to use Block Cipher?
• Block ciphers encrypt fixed-size blocks
– e.g. DES encrypts 64-bit blocks
• We need some way to encrypt a message of
arbitrary length
– e.g. a message of 1000 bytes
• NIST (National Institute of Standards and
Technology ) defines several ways to do it
– called modes of operation
 Five Mode of Operation

– Electronic codebook mode (ECB)

– Cipher block chaining mode (CBC) – most
popular
– Output feedback mode (OFB)
– Cipher feedback mode (CFB)
– Counter mode (CTR)
 Electronic codebook mode (ECB)
 ECB is the simplest mode of operation.
 The plain text is divided into N blocks.
 The block size is n bits.
 If the plaintext size is not multiple of the block size , the text is
padded to make the last block the same size other blocks.
 Same key is used to encrypt and decrypt each block.
 Each block is encrypted independently:
Ci = EK(Pi)
 For a given key, this mode behaves like we have a gigantic codebook,
in which each plaintext block has an entry, hence the name
Electronic Code Book.
Electronic codebook mode (ECB)
 Electronic codebook mode (ECB)
 Patterns at the block level are preserved.
 For example equal blocks in the plain text
become equal block in the cipher text.
 If any person finds out the cipher text block
1,5 and 10 are the same ,that person knows
that plaintext blocks 1, 5 and 10 are the same.
 This is a leak in security
 Electronic codebook mode (ECB)
 Strength: it’s simple.
 Weakness:
 Repetitive information contained in the plaintext
may show in the ciphertext, if aligned with blocks.
 If the same message (e.g., an SSN) is encrypted
(with the same key) and sent twice, their
ciphertexts are the same.
 Typical application: secure transmission of short
pieces of information (e.g. a temporary encryption
key)
 Cipher block chaining mode (CBC)
 CBC is a technique in which the same plaintext block, if
repeated, produces different ciphertext blocks.
 In this scheme, the input to the encryption algorithm is the
XOR of the current plaintext block and the preceding
ciphertext block; the same key is used for each block.
 This way, each cipher text block depends on all plaintext
blocks processed up to that point.
 To produce the first block of ciphertext, an initialization
vector (IV) is XOR with first block of plaintext.
 On decryption, IV is XOR with output of decryption algorithm
to produce first block of plaintext.
Cipher block chaining mode (CBC)

C0=IV C0=IV
Ci= E(K, Pi  Ci-1) Pi= D(K, Ci )  Ci-1
 Cipher block chaining mode (CBC)
 An initialization vector (IV) or starting variable is a block of
bits that is used by several modes to randomize the
encryption and hence to produce distinct cipher texts even if
the same plain text is encrypted multiple times.
 The initialization vector (IV) should be known by the sender
and the receiver.
 Typically, IV is either a fixed value or is sent encrypted in ECB
mode before the rest of ciphertext.
 Cipher Block Chaining mode (CBC)

Identical plaintext blocks yield different ciphertext blocks

 Stream Mode of Operation
 ECB and CBC modes encrypt and decrypt blocks of the
message.
 Block size n is predetermine by the underlying cipher ; for
example , for DES n = 64 for AES n =128
 In some situations, we need use DES or AES as secure cipher ,
but the plain text or cipher text block size are to be smaller.
 For example , to encrypt and decrypt 8-bit characters , you
would not want to use one of the traditional cipher like Caesar
cipher.
 Solution: Convert block cipher into stream cipher
 Cipher FeedBack Mode
 Output FeedBack Mode
 Counter Mode
 Cipher FeedBack mode (CFB)
 In the Cipher Feedback Mode (CFB) is data encrypted in units
smaller than the block size.
 This mode can be used to encrypt any number of bits e.g.
single bits or single characters (bytes) before sending across an
insecure data link.
 Input : Shift register ( b bits)
 Plaintext is divided into s bits (1< s < b)
 Message is treated as sequence of bits
 It added to output of Block Cipher.
 And final result is feedback for next stage
 Standard allows any number of bits (1, 8, 64 or 128 etc) to be
feedback.
Cipher FeedBack mode (CFB) - Encryption
Cipher FeedBack mode (CFB) - Decryption
Cipher FeedBack mode (CFB)
 Cipher FeedBack mode (CFB)
 Just like CBC , patterns at the block level are not preserved.
 More than one message can be encrypted with the same key ,
but the value of the IV should be changed for each message.
 This means that sender needs to use a different IV each time
sender sends a message.
 The block cipher is used as a stream cipher.
 Appropriate when data arrives in bits/bytes.
 A ciphertext segment depends on the current and all
preceding plaintext segments
Cipher FeedBack mode (CFB)
Output FeedBack mode (OFB)
Encryption

Decryption
 Output FeedBack mode (OFB)
 Each bit in the cipher text is independent of the previous bit or bits.
This avoids error propagation.
 If an error occur in transmission , it does not affect the bits that
follow.
 Advantage:
 more resistant to transmission errors; a bit error in a ciphertext segment
affects only the decryption of that segment.
 IV should be generated randomly each time and sent with the ciphertext.
 Output FeedBack mode (OFB)
 Each bit in the cipher text is independent of the previous bit or bits.
This avoids error propagation.
 If an error occur in transmission , it does not affect the bits that
follow.
 Advantage:
 more resistant to transmission errors; a bit error in a ciphertext segment
affects only the decryption of that segment.
 Disadvantage:
 Cannot recover from lost ciphertext segments; if a ciphertext segment
is lost, all following segments will be decrypted incorrectly (if the
receiver is not aware of the segment loss).
 IV should be generated randomly each time and sent with the ciphertext.
Output FeedBack mode (OFB)
Output FeedBack mode (OFB)
CounTeR mode (CTR)
Encryption

Decryption
Encryption

Decryption
 CounTeR mode (CTR)
Strengths:
 Needs only the encryption algorithm
 Fast encryption/decryption; blocks can be processed
(encrypted or decrypted) in parallel; good for high speed links
 Random access to encrypted data blocks
Summary of all modes
 BLOCK CIPHER DESIGN PRINCIPLES
 There are following three design principle of Block ciphers are
concerned.
 Number of rounds
 Design of Function F
 Key scheduling mechanism
 BLOCK CIPHER DESIGN PRINCIPLES
Number of rounds

 The greater the number of rounds, the more difficult it is to perform

crypt- analysis, even for a relatively weak F.
 In general, the criterion should be that the number of rounds is chosen
so that known cryptanalytic efforts require greater effort than a simple
brute-force key search attack.
 This criterion is attractive, because it makes it easy to judge the strengt
h of an algorithm and to compare different algorithms.
 BLOCK CIPHER DESIGN PRINCIPLES
Design of Function F
 The heart of a Feistel block cipher is the function F.
 The function F provides the element of confusion in a Feistel
cipher.
• One obvious criterion is that F be nonlinear
 The more nonlinear F, the more difficult any type of
cryptanalysis will be.
• Have good avalanche properties.
 Strict avalanche criterion (SAC), which states that whenever a
single input bit is complemented, each of the output bits
changes with a 50% probability.
• Bit independence criterion (BIC)
 It states that When a single input bit is changed (inverted), two
output bits should change independently of each other
 BLOCK CIPHER DESIGN PRINCIPLES
Key Scheduling Algorithm

 In Feistel Block cipher structure, each round would generate a

sub-key for increasing the complexity of cryptanalysis.
 We would like to select subkeys to maximize the difficulty of
deducing individual subkeys and the difficulty of working back
to the main key.
 No general principles for this have yet been proposed.
 Hall suggests that, at minimum, the key schedule should
guarantee key/ciphertext Strict Avalanche Criterion and Bit
Independence Criterion.
Advanced
Encryption
Standard (AES)
 Background
 NIST issued a new version of DES in 1999 (FIPS PUB 46-3)
 DES has 2 attractions
 168-bit key length
 Removes vulnerability to brute force attack
 The underlying algorithm in 3DES is same as in DES
 Easy to understand
 Nothing new-it does not need to further evaluate
 Resistant to cryptanalytic attack now
 Therefore 3DES was considered an appropriate choice for standardized algorithm for decades
to come
 But DES suffers some drawbacks
 DES was not efficient algorithm in software and 3DES involves three DES rounds, hence
3 times slower
 Both DES and 3DES use a 64-bit block size
 Because of these drawbacks, 3DES is not a reasonable candidate for long term-NIST issued
therefore a new call for the selection of new standard-called as Advanced Encryption
Standard
 Background
• NIST issued a call for new Advanced Encryption Standard in
1997, for an algorithm:
o Security strength equal or better than 3DES
o Improved efficiency as compared to 3DES
• In addition to this general criteria, NIST specified that
o AES must be a symmetric cipher
o Block length of 128-bits
o Support for key length of 128, 192 and 256 bits
• Finally on 2 October 2000, NIST officially announced Rijndael
as new AES
 Advance Encryption Standard (AES)
 AES is a non-Feistel cipher that encrypts and decrypts a data
block of 128 bits.
 It uses 10, 12, or 14 rounds.
 The key size, which can be 128, 192, or 256 bits, depends on the
number of rounds.

AES has defined three versions, with 10, 12, and 14

rounds.
Each version uses a different cipher key size (128, 192,
or 256), but the round keys are always 128 bits.
Advance Encryption Standard (AES)
AES Conceptual Scheme

Plaintext (128 bits)

AES Key (128-256 bits)

Ciphertext (128 bits)

General design of AES encryption cipher
 Data units in AES
 Data block viewed as 4-by-4 table of bytes know as state
 Key is also viewed as 4-by-4 table of bytes.

Changing Plaintext to State

Block size = 128 bit hence 128/8 = 16 byte

Each word contains 4 byte  total 4 word
Data units in AES
Text to state conversion
Data units in AES
 General design of AES encryption cipher

• It takes a 4 words (16byte -128bit) as input and

Key Expansion produce array of 44 words as output

Initial
• AddRoundKey : Each byte of the state is combined
Transformation with the round key [w0, w1, w2, w3] using bitwise XOR
/Pre-Round
• SubBytes : non-linear substitution step (Use-S-
box)
Rounds • ShiftRows : transposition step
• MixColumns : mixing operation of each column.
• AddRoundKey : bitwise XOR between state and key

• SubBytes
Final Round • ShiftRows
• AddRoundKey
AES Encryption and Decryption
Key Expansion
Algorithm
 Initial Transformation - AddRoundKey
AddRoundKey proceeds one column at a time. AddRoundKey adds a round key word
with each state column matrix;
State State

Key 
AddRoundKey
Structure of each round
To provide security, AES uses four types of
transformations: substitution, permutation,
mixing, and key-adding.
 SubBytes- Byte Substitutions
 A simple substitution of each byte
 provide a confusion

 Uses one S-box of 16x16 bytes containing a permutation of all 256 8-bit values

 Each byte of state is replaced by byte indexed by row (left 4-bits) & column
(right 4-bits)
 eg. byte {95} is replaced by byte in row 9 column 5
 which has value {2A}
 SubBytes- Byte Substitutions
The SubBytes operation involves 16 independent byte-to-byte transformations.
X= First four bits determine Row in S-Box • Interpret the byte as two hexadecimal
Y= Last four bits determine Col in S-Box digits xy
• SW implementation, use row (x) and
column (y) as lookup pointer

S1,1 = xy16
x’y’16
 Encryption
S- table
SubByte Operation

Decryption
S- table
InvSubByte
Operation
SubBytes- Byte Substitutions
 Shift Rows
• A circular byte shift in each
 1st row is unchanged
 2nd row does 1 byte circular shift to left
 3rd row does 2 byte circular shift to left
 4th row does 3 byte circular shift to left
• Since state is processed by columns, this step permutes bytes
between the columns
 Shift Rows
• A circular byte shift in each
 1st row is unchanged
 2nd row does 1 byte circular shift to left
 3rd row does 2 byte circular shift to left
 4th row does 3 byte circular shift to left
Shift Rows
Shift Rows
 Inverse Shift Rows
• Inverse shift row rotates bytes to the right instead of left as in
case of encryption
• Therefore a circular byte shift in each
 1st row is unchanged
 2nd row does 1 byte circular shift to right
 3rd row does 2 byte circular shift to right
 4th row does 3 byte circular shift to right
 Mix Column
• ShiftRows and MixColumns provide diffusion to the cipher
• Each column of state is processed separately.
• Each byte is replaced by a value dependent on all 4 bytes in
the column
• Effectively a matrix multiplication in Galois Field GF(28) using
prime polynomial m(x) =x8+x4+x3+x+1
 Mix Column

The MixColumns transformation operates at the column level; it

transforms each column of the state to a new column.
 Mix Column

r1=(02*63) (03*9c)  (01*7b) (01*ca)

r2=(01*63) (02*9c)  (03*7b) (01*ca)
r3=(01*63) (01*9c)  (02*7b) (03*ca)
r4=(03*63) (01*9c)  (01*7b) (02*ca)
 Mix Column – Finite Field(28) multiplication
r1=(02*63) (03*9c)  (01*7b) (01*ca)

02=0000 0010
63=0110 0011
In GF(28)
Number represents as x7+x6+x5+x4+x3+x2+x+1
So 02 = x7+x6+x5+x4+x3+x2+x+1  x
Similarly, 63 = x7+x6+x5+x4+x3+x2+x+1 = x6+x5+ x+1

02*63 = x *(x6+x5+ x+1 ) = x7+x6+ x2+x = 1100 0110 = c6

 Mix Column – Finite Field(28) multiplication

But in GF(28) = {0, ….. , x7+x6+x5+x4+x3+x2+x+1 } that is higher than 7 power of x is not
allowed
Mix Column – Finite Field(28) multiplication

Solution, Divide the

result with irreducible
polynomial x8+x4+x3+x+1

r1=(02*63) (03*9c)  (01*7b) (03*ca) = c8

 Mix Column – Finite Field(28) multiplication
r2=(01*63) (02*9c)  (03*7b) (01*ca)

(01*63)(0000 0001) * (0110 0011)  1 *(x6+x5+ x+1)

(02*9c) (0000 0010) * (1001 1100)  x * (x7+x4+ x3+x2)
(03*7b) (0000 0110) * (0111 1011)  (x+1) * (x6+x5+x4+x3+ x+1)
(01*ca)  (0000 0001) *(1100 1010)  1 *(x7+x6+x3+x )

x6+x5+ x+1 + x8+x5+ x4+x3+ x7+x6+x5+x4+ x2+x+ x6+x5+x4+x3+ x+1 + x7+x6+x3+x

= x8+x4+x3+x2 = 100011100
Hence needs to divide it with x8+x4+x3+x+1 =100011011
 Inverse Mix Column
Constant matrices used by MixColumns and InvMixColumns
 Inverse Mix Column

•Each column of the state matrix is multiplied by given matrix

•Each byte of the column is multiplied by the constant byte

using irreducible polynomial m(x) = x8 + x4 + x3 + x + 1 in GF(28)
Add RoundKey / Inverse Add RoundKey

Inverse Add round key is essentially

the same as Add round key as it just
adds (XOR) each key byte to each
byte of the state matrix
Add RoundKey / Inverse Add RoundKey


Inputs for single
AES round
Key Expansion Algorithm
Key Expansion Algorithm
 Key Expansion Algorithm

Input – 4 words Output – 40 words

Key Expansion Algorithm

W4= W0  g(W3)
Key Expansion Algorithm

W5= W1  W4
Key Expansion Algorithm

W6= W2  W5
Key Expansion Algorithm

W7= W3  W6
 Each added word w[i] depends on the
immediately preceding word, w[i- 1], and the
word four positions back, w[i-4].
 In three out of four cases, a simple XOR is
used.
 For a word whose position in the w array is a
multiple of 4, a more complex function g is
used
Similarly,

Round 2 Keys
W8= W4  g(W7)
W9= W5  W8
W10= W6  W9
W11= W7  W10
 What is function g()?
The function g consists of the following sub-
function:

1. RotWord
It performs a one-byte circular left shift
on a word.
RotWord[b0,b1,b2,b3] =
[b1,b2,b3,b0]
2. SubWord performs a byte substitution on
each byte of its input word using the S-
box
3. SubWord(RotWord(temp)) is XORed with
RCon[j] – the round constant
 What is function g()?
1. RotWord
It performs a one-byte circular left shift
on a word.
RotWord[b0,b1,b2,b3] =
[b1,b2,b3,b0]
 What is function g()?
2. SubWord performs a byte substitution on
each byte of its input word using the S-
box
 What is function g()?
3. SubWord(RotWord(temp)) is XORed with
RCon[j] – the round constant
 What is function g()?
RCON is a word in which the three rightmost bytes are zero
It is different for each round and defined as:
RCon[j] = (RCon[j],0,0,0)
where RCon[1] =1 , RCon[j] = 2 * RCon[j-1]
Multiplication is defined over GF(28) but can be implement in Table
Lookup
 Key Expansion Example (1st round)

• Example of expansion of a 128-bit cipher key

Cipher key = 2b7e151628aed2a6abf7158809cf4f3c
w0=2b7e1516 w1=28aed2a6 w2=abf71588 w3=09cf4f3c

i wi-1 RotWord SubWord Rcon[i/4] ti w[i-4] wi

4 09cf4f3c cf4f3c09 8a84eb0 0100000 8b84eb0 2b7e151 a0fafe17
1 0 1 6
5 a0fafe17 - - - - 28aed2a 88542cb
6 1
6 88542cb - - - - Abf7158 23a3393
1 8 9
7 23a3393 - - - - 09cf4f3c 2a6c760
9 5
 Key Expansion Rational
 The Rijndael developers designed the expansion key algorithm to
be resistant to known cryptanalytic attacks.
 Design criteria included:
 The inclusion of round constant eliminates the symmetry, or similarity,
between the ways in which round keys are generated in different rounds.
 Knowledge of a part of the cipher key or round key does not enable
calculation of many other round-key bits.
 Fast on wide range of CPU’s
 Simplicity of description
AES Example
Key Expansion
Key Expansion
 Round output

Initial Round

Round 1

Round 2

Round 3

Round 4

Round 5
 Round output

Round 6

Round 7

Round 8

Round 9

Round 10

Ciphertext
 AES Security
 AES was designed after DES.
 Most of the known attacks on DES were already tested on AES.
 Brute-Force Attack
 AES is definitely more secure than DES due to the larger-size key.
 Statistical Attacks
 Numerous tests have failed to do statistical analysis of the
ciphertext
 Differential and Linear Attacks
 There are no differential and linear attacks on AES as yet.
 Implementation Aspects
 The algorithms used in AES are so simple that they can be
easily implemented using cheap processors and a minimum
amount of memory.

 Very efficient

 Implementation was a key factor in its selection as the AES

cipher

 AES animation:
https://www.youtube.com/watch?v=gP4PqVGudtg
Which is the largest disadvantage of the symmetric Encryption?
A. More complex and therefore more time-consuming calculation
B. Problem of the secure transmission of the Secret Key.
C. Less secure encryption function.
D. Isn't used any more.
Triple-DES procedure is C = E (k1, D (k2, E (k1,m))).
A. True
B. False
 The Data Encryption Standard (DES) is an example of a ...
A. Conventional cryptosystem
B. Asymmetric cryptosystem
C. Caesar's cryptosystem
D. All of these

In the AES-128 algorithm there are mainly __________ similar rounds and _________
round is different from other round.
A. 5 similar rounds having 2 pair ; every alternate
B. 9 ; the last
C. 8 ; the first and last
D. 10 ; no

Which of the following modes of operation in DES is used for operating?

A. Cipher Feedback Mode (CFB)
B. Cipher Block chaining (CBC)
C. Electronic code book (ECB)
D. Output Feedback Modes (OFB)
When do we compare the AES with DES, which of the following functions from
DES does not have an equivalent AES function in cryptography?
A. f function
B. permutation p
C. swapping of halves
D. xor of subkey with function f

All the below-stated processes are performed in the AES (Advanced Encryption
Standard) Algorithm. Which of the following process(s) are not performed in the
final round of the AES?
A. Substitution bytes
B. Shift rows
C. Mix columns
D. Add round key

For which of the following should EBC (Electronic Code Book) process not be used
for encryption?
A. For large block sizes
B. For fixed block sizes
C. For small block sizes
D. None of the above
Which of the following is the main disadvantage of the ECB (Electronic Code
Book)?
A. It requires large block size
B. Padding is done to make the plain text divisible into blocks of fixed size
C. It is prone to cryptanalysis since there is a direct relationship between plain text and
cipher text.
D. None of the above

Which of the following options is not correct according to the definition of the Cipher Block
Chaining (CBC)?
E. CBC is a mode of operation for stream ciphers.
F. Initialization vector (IV) is used in CBC in the initial phase.
G. It has better resistive nature towards cryptanalysis than ECB
H. None of the above

Which of the following modes of operations can be followed for both stream ciphers as well
as block ciphers?
I. CBC (Cipher Block Chaining)
J. ECB (Electronic Code Book)
K. CFB (Cipher text Feed Back)
L. All of the above
Which of the following properties are the characteristic properties of a block cipher
technique which differs from stream cipher?
A. Avalanche effect
B. Completeness
C. Both a. and b.
D. None of the above

Which one is DES?

a) Block cipher
b) Bit cipher
c) Stream clipher
d) None of the above

Which one of the following is not a possible key length for the Advanced Encryption Standard
Rijndael cipher?
A. 56 bits
B. 128 bits
C. 192 bits
D. 256 bits
What is the minimum number of cryptographic keys required to achieve a higher level of
security than DES with the Triple DES algorithm?
A. 1
B. 2
C. 3
D. 4

Which of the following is not type of permutation in P-boxes?

A. Plain permutation
B. Straight permutation
C. Expansion permutation
D. Compression permutation

TDES means:
E. Triple digital encryption standard
F. Triangulardata encryption standard
G. Triple data encryption standard
H. Triangular digital encryption standard