Unit-01

EC723PE: Network Security and Cryptography

Dr. Mohammad Fayazur Rahaman

Associate Professor, mfrahaman_ece@mgit.ac.in

Dept. of Electronics and Communications Engineering,

Mahatma Gandhi Institute of Technology, Gandipet, Hyderabad-75

AY2023 - 2024, B.Tech. ECE IV-Year I-Semester (R18)

1 / 130
Unit-01
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 2 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 3 / 130
Background

• Information Security requirements have changed in recent times

• Traditionally provided by physical and administrative mechanisms
• Computer use requires automated tools to protect files and other
stored information
• Use of networks and communications links requires measures to
protect data during transmission

4 / 130
Definitions

• Computer Security - generic name for the collection of tools

designed to protect data and to thwart hackers
• Network Security - measures to protect data during their
transmission
• Internet Security - measures to protect data during their
transmission over a collection of interconnected networks

5 / 130
Aim of Course

• Our focus is on Internet Security

• Consists of measures to deter, prevent, detect, and correct
security violations that involve the transmission of information

6 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 7 / 130
Attacks, Mechanisms and Services

• Need systematic way to define requirements

• Consider three aspects of information security:
I. Security Attack
II. Security Mechanism
III. Security Service
• Consider in reverse order

8 / 130
9 / 130
III. Security Service
• is something that enhances the security of the data processing
systems and the information transfers of an organization
• intended to counter security attacks
• make use of one or more security mechanisms to provide the
service
• replicate functions normally associated with physical documents.
Eg. Documents
◦ have signatures, dates;
◦ need protection from disclosure, tampering, or destruction;
◦ be notarized or witnessed;
◦ be recorded or licensed

10 / 130
II. Security Mechanism
• a mechanism that is designed to detect, prevent, or recover from
a security attack
• no single mechanism that will support all functions required
• however one particular element underlies many of the security
mechanisms in use: cryptographic techniques
• hence our focus on this area

I. Security Attack
• any action that compromises the security of information owned by
an organization
• information security is about how to prevent attacks
• have a wide range of attacks
• often threat & attack mean same
11 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 12 / 130
Security Attacks
General Categories

13 / 130
b. Interruption: d. Modification:
• An asset of the system is destroyed • An unauthorised party not only
or becomes unavailable or unusable gains access but also tampers
• This is an attack on availability with an asset
• Examples include destruction of • This is an attack on integrity
piece of hardware, the cutting of a • Example includes changing values in
communication lines, or disabling of a data file, altering a program so
the file management system that it performs differently etc.
c. Interception: e. Fabrication:
• An unauthorised party gains ac- • An unauthorised party inserts
cess to an asset counterfeit objects into the system
• This is an attack on confidentiality • This is an attack on authenticity
• Examples include wiretapping to • Examples include the insertion of
capture data in a network, the illicit spurious messages in a network or
copying of files or programs the addition of records to your file

14 / 130
Classification of attacks
• A passive attack attempts to learn or make use of information from the system
but does not affect system resources.
• An active attack attempts to alter system resources or affect their operation.

15 / 130
i. Passive attacks - eavesdropping ◦ Could observe the frequency
on, or monitoring of transmissions to: and length of messages being
a. Release message contents, exchanged
◦ A telephone conversation, an
electronic mail message, or a
transferred file may contain
sensitive confidential data
◦ The common technique to pre-
vent eavesdropping is content
encryption
b. Monitor traffic flows
◦ The opponent could determine
the location and identity of
communicating hosts

16 / 130
ii. Active attacks – modification of rised effect
data stream to: d. Denial of service: Prevents or
a. Masquerade of one entity (pre- inhibits the normal use or man-
tend) as some other agement of communications facil-
◦ Example, authentication se- ity
quences can be captured and ◦ For example, an entity might
replaced after a valid authenti- suppress all messages directed
cation sequence has taken place to a particular destination
b. Replay previous messages: In- ◦ Or overload a target with mes-
volves the passive capture of a sages so as to degrade perfor-
data unit and its subsequent re- mance
transmission
c. Modify messages in transit
◦ Some portion of a legitimate
message is altered, or that
message are delayed or re-
order to produce an unautho-
17 / 130
iii. Passive attacks Vs Active attacks
◦ Passive attacks are difficult to detect,
• measures are available to prevent their success
◦ On the other hand, it is quite difficult to prevent active attacks absolutely.
• The goal is to detect them and to recover from any disruption or delays
caused by them

18 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 19 / 130
Security Services

20 / 130
I. Confidentiality: Confidentiality protects transmitted data from passive
attacks.
a. It offers different levels of protection for release of message contents,
• broad protection for all user data over time (by using virtual circuit)
and,
• narrower forms, such as safeguarding single messages or specific
message fields.
b. Additionally, confidentiality involves protecting traffic flow from analysis,
• ensuring attackers cannot observe the communication’s source,
destination, frequency, or other characteristics on a communications
facility.

21 / 130
II. Authentication: The authentication service ensures the genuineness of
communications.
a. For single messages, it verifies that the message indeed comes from the
claimed source.
b. In ongoing interactions, like terminal-to-host connections, authentication
has two aspects:
• At connection initiation, it verifies the authenticity of both entities
involved.
• Throughout the connection, it prevents any interference that could
allow a third party to impersonate one of the legitimate parties for
unauthorized transmission or reception.

22 / 130
III. Integrity: Like confidentiality, integrity can apply to a stream of messages, a
single message, or selected message fields.
a. Connection-oriented integrity service for a stream of messages ensures no
duplication, insertion, modification, reordering, replays, or data destruction.
b. Connectionless integrity service for individual messages provides protection
against message modification only.
c. Integrity service is concerned with detecting active attacks, not
prevention.
• Automated recovery mechanisms are preferred for restoring data
integrity.

23 / 130
IV. Non-repudiation: This prevents either sender or receiver from denying a
transmitted message
a. When a message is sent, the receiver can prove that the message was
infact sent by the alleged sender
b. When a message is received, the sender can prove that the message was
in fact received by the alleged receiver
V. Access control: It is the ability to limit and control the access to host
systems and applications via communications links
a. Each entity trying to gain access must first be identified (authenticated),
so that access rights can be tailored to the individual
VI. Availability Various attacks can cause loss or reduction in system availability.
a. Automated countermeasures like authentication and encryption can
mitigate some attacks.
b. Physical actions may be necessary to prevent or recover from availability
loss in a distributed system.

24 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 25 / 130
Security Mechanisms

26 / 130
 I. Cryptographic algorithms: A reversible cryptographic mechanism is simply an encryption
algorithm that allows data to be encrypted and subsequently decrypted. Irreversible
cryptographic mechanisms include hash algorithms and message authentication codes, which
are used in digital signature and message authentication applications.
II. Data integrity: This category covers a variety of mechanisms used to assure the integrity of a
data unit or stream of data units.
III. Digital signature: Data appended to, or a cryptographic transformation of, a data unit that
allows a recipient of the data unit to prove the source and integrity of the data unit and protect
against forgery.
IV. Authentication exchange: A mechanism intended to ensure the identity of an entity by means
of information exchange.
V. Traffic padding: The insertion of bits into gaps in a data stream to frustrate traffic analysis
attempts.
VI. Routing control: Enables selection of particular physically or logically secure routes for certain
data and allows routing changes, especially when a breach of security is suspected.
VII. Notarization: The use of a trusted third party to assure certain properties of a data exchange.
VIII. Access control: A variety of mechanisms that enforce access rights to resources.

27 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 28 / 130
Model for Network Security

29 / 130
 i. Illustrated in the general Figure 1.4 where a message is transferred between two
principals across the internet.
ii. Both principals (Sender and Recipient) must cooperate for the exchange to
occur.
iii. Logical information channel is established by defining a route through the
internet and using communication protocols (e.g., TCP/IP) by the two principals.
iv. Necessary to protect information transmission from opponents threatening
confidentiality, authenticity, etc.
v. Security techniques involve two components:
• Security-related transformation on information (e.g., encryption) to make it
unreadable by opponents.
• Use of shared secret information (e.g., encryption key) unknown to
opponents for secure transformation and reception.

30 / 130
 vi. A trusted third party may be required for secure transmission.
vii. Roles of a third party:
• Distributing secret information to the principals while keeping it secure from
opponents.
• Arbitrating disputes between principals regarding message authenticity.
viii. Four basic tasks in designing a security service:
a. Designing a secure algorithm for the security-related transformation to
prevent opponent interference.
b. Generating secret information for use with the algorithm.
c. Developing methods for distributing and sharing the secret information.
d. Specifying a protocol for the two principals to use the security algorithm
and secret information to achieve a specific security service.

31 / 130
Model for Network Access Security

32 / 130
 i. Figure 1.5 illustrates a general model for protecting information systems from
unwanted access.
ii. Concerns caused by hackers attempting to penetrate systems over a network.
iii. Unwanted access can be caused by:
• Hackers seeking unauthorized entry.
• Disgruntled employees wishing to cause damage.
• Criminals exploiting computer assets for financial gain.
iv. Threats posed by unwanted access:
• Information access threats: Intercepting or modifying data for unauthorized
users.
• Service threats: Exploiting service flaws to inhibit use by legitimate users.
v. Software attacks include viruses and worms, introduced via external storage
devices or network.
vi. Security mechanisms for unwanted access fall into two categories:
I. Gatekeeper function: Password-based login procedures and screening logic
to deny access to unauthorized users and reject attacks.
II. Second line of defense: Internal controls monitoring activity and
analyzing stored information to detect unwanted intruders. 33 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 34 / 130
Background
• Conventional encryption, also known as symmetric encryption or single-key
encryption, was the only encryption type before public-key encryption.
• It remains the most widely used encryption method.

35 / 130
 i. An original message is known as the plaintext, while the coded message is called
the ciphertext.
ii. The process of converting from plaintext to ciphertext is known as enciphering
or encryption;
iii. restoring the plaintext from the ciphertext is deciphering or decryption.
iv. The many schemes used for encryption constitute the area of study known as
cryptography
v. Techniques used for deciphering a message without any knowledge of the
enciphering details fall into the area of cryptanalysis.
vi. Cryptanalysis is what the layperson calls “breaking the code.”
vii. The areas of cryptography and cryptanalysis together are called cryptology.

36 / 130
Conventional Encryption Model

37 / 130
 i. Figure 2.1 illustrates the conventional encryption process.
ii. The original message (plaintext) is converted into random-looking data
(ciphertext).
iii. Encryption process involves an algorithm and a key.
iv. The key is independent of the plaintext and changes the output of the
algorithm.
v. Ciphertext can be transformed back to plaintext using decryption algorithm
and the same key.
vi. Security of conventional encryption relies on:
• Powerful encryption algorithm making decryption impractical from ciphertext
alone.
• Secrecy of the key, not the algorithm, is crucial for security.
vii. Conventional encryption is widely used due to the ability to use low-cost chip
implementations of encryption algorithms, as the algorithm need not be kept
secret.
viii. The main security concern with conventional encryption is maintaining the
secrecy of the key.
38 / 130
39 / 130
 ix. Figure 2.2 illustrates the essential elements of a conventional encryption
scheme.
x. Message Source produces a message in plaintext, represented as :

X = [X1 , X2 , ..., XM ]

xi. The M elements of plaintext X are letters in a finite alphabet (e.g., 26 capital
letters traditionally or binary alphabet - 0, 1).
xii. A key K is generated for encryption and is represented as:

K = [K1 , K2 , ..., Kn ]

xiii. If the key is generated at the source, it must be securely provided to the
destination.
• Alternatively, a third party can generate the key and securely deliver it to both
source and destination.

40 / 130
xiv. Using the message X and encryption key K, the encryption algorithm
generates ciphertext Y represented as
Y = EK (X)
• The notation Y = EK (X) indicates that Y is the result of using encryption
algorithm E as a function of plaintext X, with the specific function
determined by the key K.
xv. The intended receiver, possessing the key K, can invert the transformation
using the decryption algorithm to recover the original plaintext:
X = DK (Y)
xvi. An opponent, aware of the encryption (E) and decryption (D) algorithms but
without access to K or X, may attempt to recover K or X or both.
• If the opponent targets a specific message, the effort focuses on recovering
X by generating a plaintext estimate, X.
c
• If the opponent aims to read future messages as well, the focus shifts to
recovering K by generating an estimate, Kc .
41 / 130
Cryptography
Cryptographic systems are classified along three independent dimensions:
I. Type of operations for transforming plaintext to ciphertext:
a. Substitution: Mapping each plaintext element to another element.
b. Transposition: Rearranging elements in the plaintext.
c. Most systems use multiple stages of substitutions and transpositions.
II. Number of keys used:
a. Symmetric Encryption: Sender and receiver use the same key for encryp-
tion and decryption (also known as single-key, secret-key, or conventional
encryption).
b. Asymmetric Encryption: Sender and receiver use different keys (also
known as two-key or public-key encryption).
III. Way in which plaintext is processed:
a. Block Cipher: Processes input one block at a time, producing an output
block for each input block.
b. Stream Cipher: Processes input elements continuously, producing output
one element at a time.
42 / 130
Cryptanalysis and Brute-force Attack
• Objective of attacking an encryption system: Recovering the key K in use, not just
the plaintext X of a single ciphertext.
• Two general approaches to attacking conventional encryption:
I. Cryptanalysis: Relying on the algorithm’s nature and sometimes knowledge
of plaintext characteristics or sample plaintext-ciphertext pairs.
◦ Attempts to deduce a specific plaintext or the key being used.
II. Brute-force attack: Trying every possible key on a ciphertext until an
intelligible translation into plaintext is obtained.
◦ On average, half of all possible keys must be tried for success.
• Catastrophic effect of successful attack: All future and past messages encrypted
with the compromised key are compromised.

43 / 130
Cryptanalysis
• Table 3.1 summarizes cryptanalytic attacks based on the information known to
the cryptanalyst.
• The most challenging problem is when only ciphertext is available.
◦ In some cases, the encryption algorithm may also be unknown,
◦ but it is generally assumed that the opponent knows the algorithm used for
encryption.
• Trying all possible keys (Brute-force attack) is one approach when the algorithm
and ciphertext are known, but it becomes impractical with a large key space.
• Relying on ciphertext analysis: Opponent applies various statistical tests to the
ciphertext to gain insights into the concealed plaintext’s type (e.g., English or French
text, file types like EXE or Java source).

44 / 130
45 / 130
46 / 130
Cryptanalysis depends on having some general idea about the type of plaintext
concealed in the ciphertext.
a. Ciphertext-only attack: Easiest to defend against due to the limited
information available to the opponent.
b. Known-plaintext attack: Analyst has both plaintext messages and their
corresponding encryptions, enabling deduction of the key based on
transformations.
c. Chosen-plaintext attack: Possible if the analyst can insert a chosen message
into the system, deliberately picking patterns to reveal the key’s structure.
d. Chosen ciphertext and Chosen text: are two less commonly employed attack
types
Relatively weak algorithms are vulnerable to ciphertext-only attacks, but encryption
algorithms are generally designed to withstand known-plaintext attacks.

47 / 130
Two more definitions
I. Encryption Scheme is Unconditionally Secure if Ciphertext does not contain
enough information to uniquely determine the corresponding plaintext,
regardless of the amount of ciphertext available.
• However, with the exception of the one-time pad, no encryption algorithm
is unconditionally secure.
• Therefore, every user strives for securing Encryption Algorithms that meets the
criteria:
a. The cost of breaking the cipher exceeds the value of the encrypted
information.
b. The time required to break the cipher exceeds the useful lifetime of
the information.
II. An Encryption Scheme is Computationally Secure if either of the above
criteria is met.
• Unfortunately, it is difficult to Estimate Cryptanalysis Effort, i.e, determining
the effort required to cryptanalyze ciphertext successfully is very challenging.
48 / 130
◦ Brute-Force Approach: Involves trying every possible key until an intelligible
translation of ciphertext into plaintext is obtained.
• On average, half of all possible keys must be tried for success.
• Computation Time for Various Key Spaces is shown in (Table 2.2)
• Time taken for various key spaces, assuming 1 micro sec per single decryption
• Performance using massively parallel organizations of microprocessors can
achieve much higher processing rates.
• At a processing rate of 1 million keys per microsecond, DES may no longer
be considered computationally secure.
◦ Cryptanalysis for Conventional Encryption: Exploits traces of structure or
pattern in the plaintext that may survive encryption and be detected in the
ciphertext. 49 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 50 / 130
Steganography
i. Steganography: A technique not classified as encryption, but rather involves
hiding the existence of a plaintext message.
• While cryptography makes the message unintelligible through
transformations, steganography conceals the message’s presence.
• Simple Form of Steganography: An arrangement of words or letters
within an innocent-looking text conceals the real message.
ii. Historical Techniques:
a. Character marking: Select letters overwritten in pencil, visible at an angle
to bright light.
b. Invisible ink: Substances that leave no visible trace until exposed to heat or
chemicals.
c. Pin punctures: Small punctures on letters, visible against light.
d. Typewriter correction ribbon: Results visible under strong light.

51 / 130
 iii. Contemporary Equivalents:
a. Hiding messages using least significant bits of frames on a CD.
b. Kodak Photo CD format: Each pixel contains 24 bits of RGB color info,
least significant bit of each pixel can be altered to hide a 2.3-megabyte
message in a single digital snapshot.
Example:
• Carrier Message: today nothing special happened. the front line was quite.
company bravo takes it easy. only a few shots were fired. many men are on their
way home. we stay calm
• Message: today nothing special happened. the front line was quite. company
bravo takes it easy. only a few shots were fired. many men are on their way home.
we stay calm
• Secret Message: attac tomorow

52 / 130
Source: Wikipedia

53 / 130
iv. Steganography drawbacks compared to encryption:
• Requires significant overhead to hide relatively few bits of information.
• Once discovered, the system becomes virtually worthless.
v. Overcoming drawbacks:
• More effective schemes proposed, like using the insertion method dependent
on a key.
• Combination of encryption followed by steganography can enhance security.
vi. Advantages of steganography:
• Suitable for parties with very little to lose if secret communication is
discovered.
• Conceals the fact of secret communication, not necessarily the content.
• Encryption may raise suspicion or indicate the importance of the
communication.

54 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 55 / 130
Classical Encryption Techniques
Substitution and transposition are the two fundamental building blocks of all
encryption techniques.
I. Substitution: Involves replacing elements of plaintext with other elements or
symbols based on a fixed rule or algorithm.
a. Caesar Cipher
b. Monoalphabetic Chipers
c. Playfair Cipher
d. Hill Cipher
e. Polyalphabetic Ciphers
II. Transposition: Rearranges the order of elements in plaintext to form the
ciphertext.
III. Combining Substitution and Transposition: Some encryption systems utilize
both substitution and transposition to enhance security and complexity.

56 / 130
I.a) Caesar Cipher
i. The earliest and simplest substitution cipher used by Julius Caesar.
ii. Each letter of the alphabet is replaced by the letter standing three places further
down the alphabet.
iii. Caesar Cipher Example:

iv. The alphabet wraps around, so the letter following Z is A.

v. Caesar Cipher Algorithm:

• Assign numerical equivalents to each letter from 0 to 25 (a to z).
• For each plaintext letter p, substitute the ciphertext letter C using the formula:
C = (p + k) mod 26, where k is the shift value (in this case, 3).
• The shift value (k) can be any amount, allowing various Caesar cipher ver-
sions.
57 / 130
 vii. The Caesar Cipher Decryption Algorithm: For a given ciphertext C and key k,
the plaintext p is obtained using the formula:
p = (C - k) mod 26 .
viii. Brute-Force Approach for Caesar Cipher:
• If the ciphertext is suspected to be a Caesar cipher, all 25 possible keys (k=1
to 25) are tried to obtain the plaintext.
ix. Three characteristics that enabled to use brute-force cryptanalysis:
a. Encryption and decryption algorithms are known.
b. Only 25 keys to try in the Caesar Cipher.
c. The language of the plaintext is known, making it easy to recognize the correct
decryption.
x. Impracticality of Brute-Force Cryptanalysis:
• In most networking situations, the use of algorithms with a large number of
keys makes brute-force cryptanalysis impractical.
• Ex: the DES algorithm makes use of 56-bit key, giving a key space of 256 or
greater than 7 × 1016 possible keys

58 / 130
59 / 130
I.b) Monoalphabetic Ciphers
i. Caesar cipher with only 25 possible keys is not secure.
• Increasing key space using arbitrary substitution allows for greater security.
ii. Permutations and Key Space: For a set of n elements, there are n! permutations.
• In the Caesar cipher, the "cipher" line can be any permutation of the 26
alphabetic characters.
iii. With arbitrary substitution, there are 26! or greater than 4 × 1026 possible keys.
• This makes brute-force techniques for cryptanalysis impractical due to the
enormous key space.
iv. The approach of using a single cipher alphabet (mapping) per message is known
as a monoalphabetic substitution cipher.
• Each plaintext letter is consistently replaced with a corresponding cipher let-
ter throughout the message.
• The monoalphabetic substitution cipher significantly increases the com-
plexity and security of the encryption.

60 / 130
 v. Frequency Analysis: Cryptanalysts use frequency analysis to determine the
relative frequency of letters in the ciphertext.
• A standard frequency distribution for English, as shown in Figure 3.5, is
used for comparison.
• Frequency analysis is based on the fact that certain letters are more
common in English text.
vi. Relative Frequencies of Ciphertext: Cryptanalysts calculate the relative
frequencies of letters in the ciphertext, represented as percentages.
• These relative frequencies provide insights into the potential mapping
between plaintext and ciphertext letters.

61 / 130
62 / 130
 vii. Monoalphabetic ciphers are relatively easy to break due to their reflection of
the frequency data of the original alphabet.
viii. Homophones: A countermeasure to enhance security is to introduce multiple
substitutes, known as homophones, for a single letter in the plaintext.
• Each homophone represents a different cipher symbol for a specific letter.
• Homophones are assigned to letters either in rotation or randomly, adding
complexity to the encryption process.
• However, even with homophones, the structure of the plaintext can still be
observed through multiple-letter patterns
ix. Two Principal Methods for Strengthening Substitution Ciphers:
I. Encrypting Multiple Letters of plaintext
II. Multiple Cipher Alphabets

63 / 130
I.c) Playfair Cipher
The Playfair cipher is a multiple-letter encryption technique that treats plaintext
digrams as single units and translates them into ciphertext digrams. It utilizes a 5 x
5 matrix of letters formed from a keyword.

i. Matrix Construction:
• Matrix constructed using a key-
word (e.g., "monarchy").
• Keyword letters (excluding dupli-
cates) fill the matrix left to right,
top to bottom.
• Remaining letters filled in alpha-
betic order.
• I and J treated as one letter.

64 / 130
 ii. Encryption Rules:
• Repeating plaintext letters in a pair separated by a filler letter (e.g.,
"balloon" -> "ba lx lo on").
• Letters in the same matrix row replaced by the letter to the right (circularly).
• Letters in the same matrix column replaced by the letter beneath
(circularly).
• Otherwise, each plaintext letter in a pair replaced by the letter in its own
row and the column occupied by the other letter.
iii. Advantages and Historical Use:
• Playfair cipher improves upon monoalphabetic ciphers.
• Increased complexity due to 676 possible digrams.
• Greater range of relative frequencies for individual letters, making frequency
analysis difficult.
• Used by the British Army in World War I and Allied forces in World War II.
iv. Weaknesses:
• Despite initial confidence, Playfair cipher is relatively easy to break.
• Leaves significant structure of the plaintext language intact.
• A few hundred letters of ciphertext often sufficient for decryption. 65 / 130
v. Effectiveness of Playfair Cipher and bution is flatter than plaintext, it
Others still retains structure for cryptanal-
• The plot labeled "plaintext" repre- ysis. Other ciphers, such as Vi-
sents the typical frequency dis- genère, are also shown on the plot.
tribution of alphabetic characters
in ordinary text. This distribution
remains the same for monoalpha-
betic substitution ciphers, with
different letters substituted.
• The plot also illustrates the fre-
quency distribution resulting from
encrypting the text using the Play-
fair cipher. This plot showcases the
extent to which the frequency dis-
tribution is masked by encryption.
• While the Playfair cipher’s distri-
66 / 130
I.d) Hill Cipher
i. The Hill encryption algorithm substi- iii. For instance, given the plaintext
tutes m successive plaintext letters "paymoremoney" and the key matrix
with m ciphertext letters based on K:
m linear equations.

• The first three letters of the

plaintext become the vector (15 0
24).
• Each character is assigned a numer- • When multiplied by K and reduced
ical value (a = 0, b = 1, · · · , z = modulo 26, it results in (17 17 11),
25). which is "RRL".
ii. The encryption key is represented by iv. Continuing this process, the entire
an m x m matrix K, and operations plaintext "paymoremoney" encrypts
are performed modulo 26. to "RRLMWBKASPDH".
67 / 130
 vi. Decryption involves using the in-
verse of matrix K.
• The inverse matrix K−1 can be
computed using modular arith- viii. The Hill cipher is strong against
metic. ciphertext-only attacks as it con-
ceals single-letter frequencies.
• Larger matrices hide more fre-
quency information, including
two-letter frequencies.
vii. In general terms, the Hill system can • However, the Hill cipher is vulnera-
be expressed as: ble to known plaintext attacks.

68 / 130
I.e) Polyalphabetic Ciphers: Vigenère Cipher
i. The Vigenère cipher is one of the simplest and best-known examples of a polyal-
phabetic substitution cipher.
ii. It operates based on the following principles:
I. A set of related monoalphabetic substitution rules is used.
II. A key determines which particular rule is chosen for a given transformation.
iii. This set of substitution rules consists of the 26 Caesar ciphers with shifts of 0
through 25.
iv. Each cipher is denoted by a key letter, which is the ciphertext letter that substi-
tutes for the plaintext letter a.
• For example, a Caesar cipher with a shift of 3 is denoted by the key value 3.

69 / 130
 vi. The Vigenère cipher can be expressed as follows.
• Let’s assume a sequence of plaintext letters P = p0 , p1 , p2 , . . . , pn−1 and
• a key consisting of the sequence of letters K = k0 , k1 , k2 , . . . , km−1 , where
typically m ≤ n.
• The sequence of ciphertext letters C = C0 , C1 , C2 , . . . , Cn−1 is calculated as:
◦ The first letter of the key is added to the first letter of the plaintext, modulo
26.
◦ The second letter of the key is added to the second letter of the plaintext
(mod 26), and so on till the first m letters of the plaintext.
◦ For the next m letters of the plaintext, the key letters are repeated.
◦ This process continues until all of the plaintext sequence is encrypted.
vii. Mathematically, the encryption process can be summarized by the equation:
Ci = (pi + k i mod m ) mod 26

viii. Similarly, decryption follows a similar pattern:

pi = (Ci − k i mod m ) mod 26
70 / 130
 ix. To encrypt a message, a key is needed that is as long as the message.
x. Usually, the key is a repeating keyword. For example, if the keyword is
"deceptive", the message “we are discovered save yourself” is encrypted
as follows:
Key : deceptive deceptive deceptive
Plaintext : we are discovered save yourself
Ciphertext : ZICVTWQNGRZGVTWAVZHCQYGLMGJ
xi. The Vigenère cipher improves upon simple monoalphabetic substitution by in-
troducing variability through the keyword and providing a stronger encryption
mechanism.
xii. The strength of the Vigenère cipher is its ability to obscure letter frequencies
• However, frequency information still remains, as shown in Figure 3.6.
xiii. Another highly secure encryption method involves the use of a random key that
is truly as long as the message, with no repetitions.
• This scheme, known as a one-time pad, is considered to be unbreakable
• The key is used only once and then discarded
71 / 130
II. Transposition
i. In contrast to substitution ciphers, transposition ciphers involve permuting
the order of plaintext letters to create the ciphertext.
ii. Rail Fence Technique: The rail fence technique is one of the simplest
transposition ciphers.
• To encipher a message, the plaintext is written down in a zigzag pattern
along diagonals and then read off row by row to create the ciphertext.
• Example: Enciphering "meet me after the toga party" with a rail fence
of depth 2:

• The ciphertext obtained by reading the rows is:

• Rail fence ciphers are relatively easy to implement but are considered weak
and can be vulnerable to cryptanalysis
72 / 130
iii. The columnar transposition cipher is a more complex transposition technique
that provides better security compared to simple rail fence ciphers.
• In this scheme, the plaintext message is first written in a rectangle, row
by row, and then read off column by column, but with the columns’ order
permuted based on a specific key.

73 / 130
iv. Multiple-Stage Transposition Cipher: A pure transposition cipher involves
rearranging the letters of the plaintext to form the ciphertext, resulting in the
same letter frequencies as the original message.
• To enhance security, a multiple-stage transposition cipher can be used,
where the ciphertext undergoes additional transpositions.

74 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 75 / 130
Background

i. This section aims to illustrate the principles of modern cryptographic

techniques, with a focus on conventional encryption algorithms.
ii. Data Encryption Standard (DES): DES is one of the widely used conventional
encryption algorithms.
iii. Studying DES provides insights into the principles used in other conventional
encryption algorithms.
iv. DES and most conventional encryption algorithms have a complex structure.
v. To ease understanding, we begin with a simplified version of DES.

76 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 77 / 130
Simplified DES
Overview
i. S-DES takes an 8-bit block of plain- key input.
text and a 10-bit key as input, pro- c. Switch Function (SW):
ducing an 8-bit block of ciphertext Switches the two halves of the
as output. data.
ii. The decryption algorithm uses the d. Second Complex Function (fK
same 10-bit key to retrieve the orig- again): Similar to the first fK but
inal plaintext from the ciphertext. using a different part of the key.
iii. Encryption Algorithm functions: e. Final Permutation (IP−1 ): The
a. Initial Permutation (IP): Rear- inverse of the initial permutation.
ranges the bits of the plaintext iv. The use of multiple stages of per-
block. mutation and substitution makes S-
b. Complex Function (fK ): In- DES more complex, increasing its re-
volves permutation and substi- sistance to cryptanalysis.
tution operations based on the 78 / 130
79 / 130
 v. Subkeys:
a. The function fK takes the data and an 8-bit key as input.
b. S-DES uses a 10-bit key, which generates two 8-bit subkeys (K1 and K2 ).
c. The 10-bit key undergoes permutation (P10), a shift operation and then a
permutation (P8) to produce the first subkey (K1 ).
d. Another shift and a permutation (P8) generate the second subkey (K2 ).
vi. We can concisely express the encryption algorithm as a composition of
functions:

vii. Decryption is essentially the reverse of encryption:

80 / 130
S-DES Key Generation
i. S-DES uses a 10-bit key that is • For example, the key (1010000010)
shared between the sender and re- is permuted to (1000001100) using
ceiver. P10.
ii. From this 10-bit key, two 8-bit sub-
keys are generated for specific stages
of the encryption and decryption algo-
rithm.
iii. Permutation P10: The 10-bit key
is permuted using P10, which rear-
ranges the bits in a specific fashion.
• P10 is defined by a table that maps
input bits to output positions.

81 / 130
iii. Circular Left Shift (LS-1): The
first five bits and the second five
bits of the permuted key are sepa-
rately subjected to a circular left shift. • The result is subkey 1 (K1 ).
• The result is two sets of 5-bit val- v. Circular Left Shift (LS-2): Both
ues: (00001) and (11000) from our sets of 5-bit values undergo a circu-
example. lar left shift of 2 bit positions.
• These two 5-bit sets form the two • In our example, (00001 11000) be-
8-bit subkeys (K1 and K2 ) used comes (00100 00011).
in different stages of the S-DES en- vi. Permutation P8 (again): P8 is ap-
cryption and decryption algorithm. plied once more to the shifted 5-bit
iv. Permutation P8: P8 selects and strings to produce subkey 2 (K2 ).
permutes 8 out of the 10 bits ac- vii. These subkeys add another layer of
cording to the rule: complexity to the S-DES process,
contributing to its overall security and
effectiveness as a symmetric block ci-
pher.
82 / 130
S-DES Encryption
Encryption involves the sequential
application of the following functions
I. Initial and Final Permutations:
• The 8-bit block of input plaintext
is first permuted using the below
function

• At the end of the algorithm, the

inverse permutation is used:

• Note that the second permuta-

tion is the reverse of the first.
i.e., IP−1 (IP(X)) = X
83 / 130
II. The function fK ; This function • Let F be a mapping (not necessar-
consists of combination of permu- ily one-to-one) from 4-bit strings
tation and substitution functions to 4-bit strings
• Let L and R be the leftmost 4 bits • Then
and rightmost 4 bits of the 8-bit
input
where SK is a subkey

84 / 130
III. Mapping function F: The input is • The 8-bit subkey K1 =
a 4-bit number (n1 n2 n3 n4 ) (k11 , k12 , k13 , k14 , k15 , k16 , k17 , k18 )
• The first operation is an expan- is exclusive-ORed as
sion / permutation operation

• Renaming these 8 bits as:

• Depicting the result as

85 / 130
III. Mapping function F (Continua- S-box
tion) • The 4-bit produced by S0 and S1
• The first row (four bits) are fed undergo a further permutation as
into S-box S0 to produce a 2-bit follows:
output and similarly second row
into S1 to produce another 2-bit
output

IV. The switch Function (SW): This

function interchanges the left and
right 4 bits so that the second in-
stance of fK operates on a different
• The 1st and 4th input bits to the 4 bits
S-box are treated as 2-bit index • In this second instance, the E/P,
to specify a row of S-box. The S0, S1, and P4 functions are the
2nd and 3rd input bits are treated same
as index to specify a column of • The key input is K2
86 / 130
Analysis of Simplified DES
i. Brute-Force Attack on S-DES: S-DES is vulnerable to a brute-force attack due
to its 10-bit key.
ii. With 210 = 1024 possible key combinations, an attacker can try each one to
analyze results and determine plausible plaintext.

87 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 88 / 130
Block Cipher Principles
Background
i. Symmetric Block Encryption Al- iii. Motivation for Feistel Block Ci-
gorithms: pher:
• Based on Feistel block cipher • Secure data encryption.
structure. • Confusion and diffusion tech-
• Key role in modern encryption. niques.
ii. Stream Ciphers vs. Block Ciphers: • Data transformation and mixing.
• Stream ciphers process data bit by iv. Implications of Feistel Cipher:
bit. • Enhances encryption strength.
• Block ciphers process data in fixed- • Enables iterative processing.
size blocks. • Facilitates parallel encryption.

89 / 130
Stream Ciphers and Block Ciphers
I. Stream Ciphers:
• Stream ciphers encrypt data one bit or byte at a time.
• Examples include autokeyed Vigenère cipher and Vernam cipher.
• Encrypts data in a continuous flow, suitable for real-time communication.
II. Block Ciphers:
• Block ciphers process fixed-size blocks of plaintext to produce ciphertext.
• Commonly use a block size of 64 bits.
• Widely applied in network-based cryptographic applications.

90 / 130
91 / 130
Motivation for the Feistel Cipher Structure
I. Block Cipher Basics:
• Block ciphers transform n-bit plaintext blocks into n-bit ciphertext blocks.
• Reversibility is crucial for decryption; each plaintext block must have a unique
ciphertext block.
II. Reversible (Nonsingular) Transformation:
• Reversible transformation ensures each plaintext block maps to a unique
ciphertext block.
• This uniqueness allows for reliable decryption.
• Example for n = 2:
◦ 2n = 22 = 4 possible plaintext blocks.
◦ All 4 plaintext blocks must produce distinct ciphertext blocks for reversibil-
ity.
n
◦ Limiting to reversible mappings yields 2(2 −1) = 2(4−1) = 23 = 8 distinct
transformations.

92 / 130
III. Singular Transformation:
• In a singular transformation, a ciphertext block could correspond to multi-
ple plaintext blocks.
• Not suitable for reliable decryption.
• Example for n = 2:
◦ If ciphertext ’01’ corresponds to two different plaintext blocks, the trans-
formation is singular.
IV. General Substitution Cipher (n = 4):
• In a general substitution cipher, a 4-bit input maps to a unique 4-bit output.
• Produces 16 possible input states and 16 corresponding output states.
• A tabulation defines encryption and decryption mappings.
93 / 130
94 / 130
V. Ideal Block Cipher Challenges:
• Ideal reversible substitution ciphers for large block sizes are not practical
due to implementation and performance issues.
• Mapping itself becomes the key, making it complex and unwieldy.
• Example: Reversible mapping for n = 4 requires a key length of n ∗ 2n bits.
◦ Key Size Calculation: For a 64-bit block size (to prevent statistical at-
tacks), key length is 64 ∗ 264 = 270 = 1021 bits.
VI. Feistel’s Approach:
• Feistel suggests approximating the ideal block cipher for large n.
• Uses components that are easily implementable.
• Addresses challenges of practicality and performance.

95 / 130
The Feistel Cipher
I. Introduction to Feistel Cipher:
• Feistel proposed a way to approximate the simple substitution cipher.
• Introduced the concept of a product cipher, combining multiple ciphers for
enhanced security.
• The final result of a product cipher is stronger than its individual components.
II. Product Cipher and Alternating Substitutions and Permutations:
• Feistel’s approach involves alternating substitutions and permutations.
• Cryptanalysis strength is improved through this alternating process.
• Derived from Claude Shannon’s idea of a product cipher with confusion and
diffusion functions.
III. Diffusion and Confusion:
• Diffusion spreads the influence of plaintext over the ciphertext.
• Confusion adds complexity by making the relationship between plaintext and
ciphertext less obvious.
• Feistel cipher effectively balances diffusion and confusion for security.
96 / 130
IV. Feistel Cipher Structure:
• Developed by Feistel in the context of product ciphers.
• Alternates between substitutions and permutations.
• Proven to be a robust and effective cryptographic structure.
V. Significance of Feistel Cipher:
• Feistel cipher structure has been in use for over a quarter century.
• Based on Claude Shannon’s proposal from 1945.
• Virtually all significant symmetric block ciphers used today are built upon
the Feistel cipher structure.

97 / 130
Diffusion and Confusion
I. Introduction to Diffusion and Confusion:
• Claude Shannon introduced the concepts of diffusion and confusion as funda-
mental building blocks in cryptography.
• Aimed to counter statistical analysis in cryptanalysis.
II. Thwarting Statistical Analysis:
• Cryptanalysts exploit statistical patterns in plaintext to deduce encryption
keys.
• Strongly ideal cipher: Ciphertext statistics are independent of the key (im-
practical).
III. Diffusion - Spreading Statistical Structure:
• In diffusion, statistical structure of plaintext spreads into long-range statis-
tics of ciphertext.
• Achieved by having each plaintext digit affect multiple ciphertext digits.
• Statistical patterns in plaintext become less evident in ciphertext.

98 / 130
IV. Example of Diffusion:
• Encrypting a message M = m1 , m2 , m3 , · · · by averaging characters.

• Adding successive letters to generate a ciphertext letter.

• Letter and digram frequencies become more equal in ciphertext.
V. Binary Block Cipher and Diffusion:
• In a binary block cipher, diffusion involves permutations followed by func-
tions.
• Different bits from plaintext contribute to a single ciphertext bit.
• Increases complexity of statistical relationship between plaintext and cipher-
text.

99 / 130
VI. Confusion - Complex Relationship with Key:
• Confusion makes relationship between ciphertext statistics and encryption key
complex.
• Prevents deducing the key even with knowledge of ciphertext statistics.
• Achieved through a complex substitution algorithm.
• Simple linear substitution adds minimal confusion.
VII. Essence of Modern Block Cipher Design:
• Diffusion and confusion concepts effectively address desired attributes of
block ciphers.
• They form the foundation of modern block cipher design.
• Crucial in creating ciphers that resist statistical analysis and cryptanalysis.

100 / 130
Feistel Cipher - Encryption Structure
• The encryption structure proposed by
Feistel divides the plaintext block into
two halves and processes them through
multiple rounds to produce ciphertext.
• Each round has specific inputs, includ-
ing the previous round’s data and a
derived subkey.

101 / 130
 I. Round Structure:
• Encryption algorithm takes a plaintext block of length 2w bits and a key K.
• Plaintext is divided into two halves: LE0 and RE0 .
• The algorithm processes these halves through n rounds.
• Each round i uses inputs LEi−1 and REi−1 from the previous round, along
with a unique subkey Ki derived from the overall key K.
II. Subkeys and Round Function:
• Subkeys Ki are different from K and from each other.
• All rounds follow the same structure.
• The right half (REi−1 ) goes through a substitution process using a round
function F parameterized by subkey Ki .
• Result is combined with the left half (LEi−1 ) through an exclusive-OR oper-
ation.
• Round function F takes right-half block of w bits and a subkey of y bits,
producing a w-bit output: F (REi , Ki+1 ).
102 / 130
IV. Permutation and SPN:
• After substitution and exclusive-OR, a permutation is performed.
• Permutation interchanges the two halves of the data.
• This encryption structure is a specific form of a substitution-permutation
network (SPN) proposed by Shannon.
V. Flexibility in Round Number:
• Figure depicts 16 rounds, but any number of rounds can be implemented.
• Feistel cipher’s security and strength depend on the number of rounds used.
VI. Exact Realization of Feistel Network: The realization of a Feistel network
depends on the choice of the following parameters and design features:
a. Block Size:
• Larger block sizes enhance security (with other factors constant) but can
lead to reduced encryption/decryption speed.
• Greater security is achieved through increased diffusion.
• Traditional block size was 64 bits, offering a balance between security and
speed.
• The new AES employs a 128-bit block size for enhanced security.
103 / 130
b. Key Size:
• Larger key sizes provide higher security but may impact
encryption/decryption speed.
• Greater security results from improved resistance to brute-force attacks and
enhanced confusion.
• Key sizes of 64 bits or less are now considered inadequate; 128 bits is a
common choice.
c. Number of Rounds:
• The Feistel cipher’s strength increases with the number of rounds used.
• A typical number of rounds is around 16 for many designs.
d. Subkey Generation Algorithm:
• A more complex subkey generation algorithm contributes to greater
cryptanalysis resistance.
e. Round Function F:
• Increased complexity in the round function enhances resistance to
cryptanalysis.
104 / 130
Feistel Cipher - Decryption Structure
I. Decryption Rule:
• Decryption process in Feistel cipher is similar to encryption.
• Use ciphertext as input, but reverse the order of subkeys: Kn , Kn−1 , · · · , K1 .
• Reversed key order eliminates the need for separate encryption and decryption
algorithms.
II. Reversed Algorithm Validation:
• Encryption and decryption processes are shown in the same figure (earlier).
• Process: Encryption goes down the left, decryption goes up the right (16-
round algorithm).
• Notation: LEi , REi for encryption; LDi , RDi for decryption.
• Diagram demonstrates that each decryption round’s intermediate value
equals the corresponding encryption round’s value with swapped halves.
• Output of ith encryption round: LEi |REi .
• Corresponding output of (16 − i)th decryption round: REi |LEi or
LD16−i |RD16−i .
105 / 130
III. Validation Walkthrough:
• After last encryption iteration, output’s halves are swapped: ciphertext is
RE16 |LE16 .
• This output is the ciphertext.
• Using ciphertext as input to same algorithm for decryption.
• Input for first decryption round: RE16 |LE16 , equivalent to swapping output of
sixteenth encryption round.

106 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 107 / 130
Data Encryption Standard (DES)
DES Encryption
I. DES Overview:
• DES, adopted in 1977 as Federal
Information Processing Standard
46 (FIPS PUB 46), is a widely used
encryption scheme.
• Operates on 64-bit blocks of data
with a 56-bit key.
• Transformation process consists of
steps converting 64-bit input to
64-bit output.
• Same steps and key are used for
encryption and decryption.
108 / 130
 II. DES Scheme:
• Encryption involves plaintext (64 bits) and a 56-bit key.
• Processing of plaintext has three phases: initial permutation (IP), sixteen
rounds, and final permutation IP−1 .
• Each round employs a combination of permutation and substitution
functions.
• Output of the last round, after swapping halves, goes through final
permutation to produce 64-bit ciphertext.
• Except for initial and final permutations, DES has Feistel cipher structure.
III. Key Usage:
• 56-bit key undergoes initial permutation and produces subkeys for each
round.
• Each round generates a subkey (Ki ) through left circular shift and a
permutation.
• Subkeys change due to repeated shifts, enhancing security.

109 / 130
Initial Permutation
I. Permutation Functions:
• Initial permutation and its in-
verse are defined by tables.
• Tables specify the rearrange-
ment of bits for each function.
II. Inverse Property:
• Initial permutation (IP) and its
inverse are designed to be in-
verses of each other.
• To demonstrate this, consider a
64-bit input M, where each Mi is
a binary digit.

110 / 130
VI. Initial permutation X = IP (M ): • The design ensures that the initial
• Apply initial permutation: X = permutation and its inverse per-
IP(M). fectly cancel each other out.
• Permutation rearranges bits of M
according to Table shown
VII. Inverse Permutation IP −1 (X):
• Take inverse permutation: Y =
IP −1 (X) = IP −1 (IP (M )).
• Inverse permutation restores the
original bit ordering.

111 / 130
Details of Single Round
I. Single Round Overview:
• Figure illustrates the internal
structure of a single round in
DES.
• Each round involves processing
64-bit intermediate values.
• Intermediate values split into left
(L) and right (R) halves, each 32
bits.

112 / 130
II. Round Processing Summary: • XORed result goes through a
• Classic Feistel cipher princi- substitution function, yielding
ples guide the processing in each a 32-bit output.
round. • This 32-bit output is permuted

• The round key K is 48 bits in

length.
• R input (32 bits) is expanded to
48 bits using a permutation ta-
ble
• Resulting 48 bits are XORed with
K, enhancing security.

113 / 130
Role of S-Boxes in DES Function F
I. S-Boxes Overview:
• S-Boxes play a crucial role in
the DES function F
• Function F involves a set of eight
S-boxes, each taking 6 bits as in-
put and producing 4 bits as out-
put.
• Input’s first and last bits form
a 2-bit binary to select a substi-
tution row, and middle 4 bits
select a column.
• Cell’s decimal value is converted to
4-bit representation for output.

114 / 130
II. S-Box Structure and Key Contribution:
• Consider S-box structure without key (K) influence.
• Input’s 32 bits grouped into 4-bit sets, becoming 6-bit sets by using outer
bits from adjacent groups.

Input: : ... efgh ijkl ...

Output: : ... defghi hijklm ...

• Outer two bits of each 6-bit group select a substitution (S-box row).
• 4-bit output substitutes the middle four input bits.
III. Output and Permutation:
• Output from eight S-boxes is 32 bits.
• Permutation of S-box output ensures immediate influence on other S-boxes
in the next round.

115 / 130
Key Generation
I. Key Input and Initial Permutation:
• The 56-bit key undergoes initial permutation.
• Initial permutation governed by Permutated Choice One table.

116 / 130
II. Key Splitting and Circular Shifts: III. Permuted Choice Two and Func-
• Resulting 56-bit key divided into tion F:
two 28-bit parts: C and D. • Permuted Choice Two (Table
• At each round, C and D undergo 3.4b) transforms shifted C and D
circular left shifts of 1 or 2 bits into a 48-bit output.
(Table 3.4c). • This 48-bit output serves as in-
• Shifted values used as input for put for function F(R,K) in each
the next round and for Per- round.
muted Choice Two (Table 3.4b).

117 / 130
DES Decryption
As with any Feistel cipher, decryption uses the same algorithm as encryption,
except that the application ofthe subkeys is reversed.

118 / 130
Avalanche Effect
I. Desirable Property of Encryption:
• Encryption algorithms should exhibit the avalanche effect.
• Small changes in plaintext or key lead to significant changes in cipher-
text.
• Change in one bit of plaintext/key should result in changes in multiple bits
of ciphertext.
• Prevents reduction of plaintext/key space for potential attacks.
II. Avalanche Effect in DES:
• DES demonstrates a strong avalanche effect.
III. Change in plaintext
• Two plaintexts with a one-bit difference:
Plaintext A: 00000000 00000000 ... 10000000 00000000
Plaintext B: 00000000 00000000 ... 00000000 00000000
• Key: 0000001 1001011 ... 0011100 0110010
• After three rounds, 21 bits differ between A and B.
• After completion, the ciphertexts differ in 34 bit positions.
119 / 130
IV. Change in key
• Single plaintext: 01101000 10000101 ... 11101011 10100100
• Two keys with one-bit difference:
Key X: 1110010 1111011 ... 0110001 11011100
Key Y: 0110010 1111011 ... 0110001 11011100
• About half of the ciphertext bits differ, and avalanche effect is evident
after a few rounds.

120 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 121 / 130
Strength of DES
I. Key Size Concerns:
• DES key size is 56 bits, offering about 7.2 ∗ 1016 possible keys.
• Brute-force attack seems impractical, but advances in technology raise
concerns.
• Parallel machines and powerful processors reduce attack time significantly.
• AES and triple DES become important alternatives for enhanced security.
II. Algorithm Nature and S-Boxes:
• Cryptanalysis concerns focus on characteristics of DES algorithm.
• Attention on S-boxes (substitution tables) used in iterations.
• S-box design criteria and algorithm details not fully disclosed.
• No conclusive evidence of fatal weaknesses in S-boxes despite suspicions.

122 / 130
III. Timing Attacks:
• Timing attacks exploit varying decryption times for different inputs.
• Information about key or plaintext obtained by observing decryption
times.
• DES shows resistance to timing attacks, but avenues for exploration
suggested.
• Unlikely that this technique will be successful against DES, triple DES, or AES.

123 / 130
124 / 130
Where are we ?
2.2 Steganography
1. Introduction 2.3 Classical Encryption Techniques
1.1 Background 2.3.1 Substitution
1.2 Attacks, Mechanisms and Services 2.3.2 Transposition
1.3 Security Attacks 3. Conventional Encryption: Modern
1.4 Security Services Techniques
1.5 Security Mechanisms 3.1 Background
1.6 Model for Internetwork Security 3.2 Simplified DES
1.6.1 Model for Network Security 3.3 Block Cipher Principles
1.6.2 Model for Network Access Security 3.3.1 Stream Ciphers and Block Ciphers
2. Conventional Encryption: Classical 3.3.2 The Feistel Cipher
Techniques 3.3.3 Diffusion and Confusion
2.1 Conventional Encryption Model 3.3.4 Feistel Cipher structure
2.1.1 Cryptography 3.4 The Data Encryption standard (DES)
2.1.2 Cryptanalysis and Brute-force 3.5 Strength of DES
attack 3.6 Block Cipher Design Principles 125 / 130
Block Cipher Design Principles

Block cipher design principles, influenced by Feistel and DES, maintain

consistency over time. Here we explore three critical aspects:
I. Number of Rounds:
• Cryptographic strength in Feistel cipher depends on rounds, function F, and
key schedule.
• More rounds increase cryptanalysis difficulty, even with a relatively weak F.
• DES chose 16 rounds, making differential cryptanalysis less efficient than brute
force.
• Round count aids algorithm assessment and comparison, and impacts key
length.

126 / 130
 II. Design of Function F:
• Function F in Feistel cipher provides confusion, demanding unscrambling
difficulty.
• Nonlinearity is crucial to prevent approximation by linear equations.
• Good avalanche properties required: a change in input should yield changes
in many output bits.
• Strict avalanche criterion (SAC) demands high output bit change probability
when any input bit is inverted.
• Bit independence criterion (BIC) adds independence of output bits when
single input bit is inverted.
• SAC and BIC strengthen confusion function effectiveness.
III. S-Box Design:
• Research-intensive S-box design seeks nonlinearity, random-looking changes.
• S-box size (n x m) matters: Larger sizes resist cryptanalysis.
• Practical considerations limit n (8 to 10) due to lookup table size and design
complexity.
127 / 130
IV. Key Schedule Algorithm:
• Key schedule generates subkeys for each round.
• Subkey selection aims to enhance subkey deduction difficulty and resist
working back to main key.
• Adams suggests subkeys should satisfy Strict Avalanche Criterion and Bit
Independence Criterion.

128 / 130
References

[1] W. Stallings, Cryptography And Network Security: Principles and Practice.

Pearson Education.
Second Edition (** Prescribed Textbook).

[2] D. M. Behrouz A Forouzan, Cryptography And Network Security.

Tata McGraw Hill Education Private Limited.
Second Edition.
[3] OpenAI.com, “chatgpt - an openai based language models for dialogue,” 2023.
https://openai.com/blog/chatgpt/ [Accessed: Jul 2023].

129 / 130
Thank you

130 / 130