Encryption and computer

security

B L O C K C I P H E R S A N D D ATA E N C R Y P T I O N S TA N D A R D ( D E S )
CHAPTER 4

AN-NAJAH UNIVERSITY
ADNAN SALMAN

An-Najah University - adnan salman

 Topics

 Block Cipher Principles

 The Data Encryption Standard (DES)
 Simplified-DES
 DES Details
 DES Issues and Attacks
 3DES, AES and Other Block Ciphers

An-Najah University - adnan salman

 objectives

 Modern block ciphers

 One of the most widely used types of cryptographic
algorithms
 Provide secrecy /authentication services
 Focus on DES (Data Encryption Standard)
 To illustrate block cipher design principles

An-Najah University - adnan salman

 Modern Block Ciphers

 A stream cipher: is one that encrypts a digital data

stream one bit or one byte at a time.
 Block Ciphers: A block cipher is one in which a block
of plaintext is treated as a whole and used to produce
a ciphertext block of equal length.
 Encrypt data one block at a time
 Used in broader range of applications
 Typical block size 64 – 128 bits 128 bits
 Most algorithms based on a structure referred to as Feistel
block cipher

An-Najah University - adnan salman

 Block vs Stream Ciphers

An-Najah University - adnan salman

 Block cipher principles

 n-bits block cipher takes n-bit plaintext and produces

n-bit ciphertext
 There are 2n possible different plaintext blocks
 Encryption must be reversible (decryption possible)
 Each plaintext block must produce unique ciphertext
block
 Total transformations is 2n!

An-Najah University - adnan salman

 Ideal block cipher

 How many possible different keys?

 For a block size of n=2, there is a 2n! = 24 different keys

 Good, makes harder for brute force attack
 What is the length of the key that maps the plaintext
to ciphertext
 For a block size of n = 2, the length of the key = n*2n = 8

An-Najah University - adnan salman

 Ideal Block Cipher

 A 4-bit input produces one of 16 possible input

states, which is mapped by the substitution cipher
into a unique one of 16 possible output, each of
which is represented by 4 ciphertext bits.

An-Najah University - adnan salman

 Encryption/decryption table

Block size = n = 4
Key length = n*2n = 64

An-Najah University - adnan salman

 Ideal Block Cipher

 n-bit input maps to 2n possible input states

 Substitution used to produce 2n output states
 Output states map to n-bit output
 Ideal block cipher allows maximum number of
possible encryption mappings from plaintext block
 Problems with ideal block cipher:
 Small block size: equivalent to classical substitution cipher;
cryptanalysis based on statistical characteristics feasible
 Large block size: key must be very large; performance /
implementation problems
 64-bit block require key size of 64 * 264 = 1021
An-Najah University - adnan salman
 The Feistel Cipher

 Feistel proposed the use of a cipher that alternates

substitutions and permutations:
 Substitution: Each plaintext element or group of elements is
uniquely replaced by a corresponding ciphertext element or group
of elements.
 Permutation: A sequence of plaintext elements is replaced by a
permutation of that sequence. No elements are added or deleted
or replaced in the sequence, the order of elements is changed.
 The essence of the approach is
 develop a block cipher with a key length of k bits and a block
length of n bits.
 allowing a total of 2k possible transformations instead of 2n!

An-Najah University - adnan salman

 Diffusion And Confusion

 A strongly ideal cipher: all statistics of the ciphertext

are independent of the particular key used.
 Shannon suggests two methods for frustrating
statistical cryptanalysis: diffusion and confusion.
 Diffusion: the statistical structure of the plaintext is dissipated
into long-range statistics of the ciphertext. Achieved by having
each plaintext digit affect the value of many ciphertext digits.
 Example: Encrypt a message M = m1 , m2 , m3 , ... of characters
with an averaging operation by adding k successive letters to get a
ciphertext letter yn .

An-Najah University - adnan salman

 Diffusion And Confusion

 A strongly ideal cipher: all statistics of the ciphertext

are independent of the particular key used.
 Shannon suggests two methods for frustrating
statistical cryptanalysis: diffusion and confusion.
 Confusion: seeks to make the relationship between the
statistics of the ciphertext and the value of the encryption key
as complex as possible, to thwart attempts to discover the key.
 Achieved by using a complex substitution algorithm.
 A simple linear substitution function would add little confusion.

An-Najah University - adnan salman

 Feistel Cipher Structure

 Approach:
 Plaintext split into halves

 Subkeys (or round keys) generated from key

 Round function, F, applied to right half to perform

substitution
 Apply substitution on left half using XOR

 Apply permutation: interchange to halves

 Implements Shannon’s S-P net concept

An-Najah University - adnan salman

Feistel Cipher Structure

An-Najah University - adnan salman

 Feistel Cipher Design Elements

 The exact realization of a Feistel network depends on

the choice of the following parameters and features:
 Block size: Larger block sizes mean greater security but
reduced encryption/decryption speed for a given algorithm.
 Key size: Larger key size means greater security but may
decrease encryption/decryption speed (greater resistance to
brute-force attacks and greater confusion).
 Number of rounds: multiple rounds increases security.
 Subkey generation algorithm: Greater complexity lead to
greater difficulty of cryptanalysis.
 Round function F: Greater complexity generally means greater
resistance to cryptanalysis.

An-Najah University - adnan salman

 Feistel Example

An-Najah University - adnan salman

 Data Encryption Standard (DES)

 Symmetric block cipher

 64-bit input block, 64-bit output block, 64-bit key

 One of most used encryption systems in world

 Developed in 1977

 Used in other ciphers, e.g. 3DES

 Simplified DES (S-DES)

 Cipher using principles of DES

 Developed for education (not real world use)

An-Najah University - adnan salman

 Simplified DES

 Input (plaintext) block size: 8-bits

 Output (ciphertext) block size: 8-bits
 Key: 10-bits
 Rounds: 2
 Round keys generated using permutations and left
shifts
 Encryption: initial permutation, round function,
switch halves
 Decryption: Same as encryption, except round keys
used in opposite order
An-Najah University - adnan salman
Simplified DES

 IP: Initial permutation

 fk : A complex, 2-input function
 SW: a simple permutation that swaps
the two parts
 fk : A complex, 2-input function
-1
 IP : Inverse permutation of the IP

An-Najah University - adnan salman

 S-DES – Key generation

 P10 – permutation:
 Input: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10

 Output: 3, 5, 2, 7, 4, 10, 1, 9, 8, 6

 P8 – Selection and permutation

 Input: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10
 Output: 6, 3, 7, 4, 8, 5, 10, 9

 LS-1 : left shift 1 position

 LS-2: left shift 2 positions

An-Najah University - adnan salman

 S-DES - Encryption
 IP – Initial permutation

 EP – Expansion and permutation

 S-Box0 and S-box1

An-Najah University - adnan salman

 S-DES - Encryption: S-Box
 S-DES and DES perform substitutions using S-Boxes
 S-Box considered as a matrix: input used to select
row/column; selected element is output
 4-bit input: bit1; bit2; bit3; bit4
 bit1 , bit4 species row (0, 1, 2 or 3 in decimal)
 Bit2, bit3 species column
 2-bit output

An-Najah University - adnan salman

 S-DES - Encryption
 P4 – Selection and permutation
 Input: 1 2 3 4

 Output: 2 4 3 1

 IP-1 – Inverse IP
 4, 1, 3, 5, 7, 2, 8, 6

An-Najah University - adnan salman

 S-DES Example

An-Najah University - adnan salman

 DES Encryption
Algorithm

An-Najah University - adnan salman

 Single Round of DES – key gen

An-Najah University - adnan salman

 Single Round of DES
key gen

An-Najah University - adnan salman

 Single Round of DES – key gen

An-Najah University - adnan salman

 DES – Key gen - Example
Original key
K = 133457799BBCDFF1
K = 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001

Permuted choice 2
C0 =1111000 0110011 0010101 0101111
D0 = 0101010 1011001 1001111 0001111
Left shift
C1 =1110000 1100110 0101010 1011111
D1 = 1010101 0110011 0011110 0011110

C2 =11000 0110011 0010101 010111111 C3 = 0000110 0110010 1010101 1111111

D2 = 01010 1011001 1001111 000111101 D3 = 0101011 0011001 1110001 1110101

An-Najah University - adnan salman

 DES – key gen - Example

C1 =1110000 1100110 0101010 1011111 D1 = 1010101 0110011 0011110 0011110

C1D1 = 1110000 1100110 0101010 1011111 1010101 0110011 0011110 0011110

Permuted choice 2

K1 = 000110 110000 001011 101111 111111 000111 000001 110010

An-Najah University - adnan salman

DES Encryption Algorithm
encryption

An-Najah University - adnan salman

 Single Round of DES – Encryption

An-Najah University - adnan salman

 Single Round of DES – Encryption

Expansion permutation E

Substitution/choice (S-box)

An-Najah University - adnan salman

 DES-Substitution choice - SBox

An-Najah University - adnan salman

Definition of DES S-Boxes
An-Najah University - adnan salman
 Des – Encryption – Example

M = 00000001 00100011 01000101 01100111 10001001 10101011 11001101 11101111

IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010 1010 1111 0000 1010 1010

L0 =1100 1100 0000 0000 1100 1100 1111 1111 R0 = 1111 0000 1010 1010 1111 0000 1010 1010

Li = Ri-1

L1 = 1111 0000 1010 1010 1111 0000 1010 1010

Ri = Li −1  f ( Ri −1 , K i )

An-Najah University - adnan salman

 Des – Encryption – Example
Expand/Permutation (E – table)
R0 = 1111 0000 1010 1010 1111 0000 1010 1010

E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101

K1+E(R0)
E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
K1+E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111
Substitution Box

An-Najah University - adnan salman

 Des – Encryption – Example
Substitution Box

Group results in groups of 6-bits

K1+E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111

= B1B2B3B4B5B6B7B8

Calculate Si(Bi) for i = 1 ... 8

B1 = 011000 = b1b2b3b4b5b6
B1 = 011000 = b1b2b3b4b5b6
Row = b1b6=00 = 0
Column = b2b3b4b5=1100 = 12
S1(B1) = S1[0][12] = 5 S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) =
S2(B2) = S2[1][8] = 12 0101 1100 1000 0010 1011 0101 1001 0111
S3(B3) = S3[0][15]=8
An-Najah University - adnan salman
 Des – Encryption – Example
Permutation P

f = P(S1(B1)S2(B2)...S8(B8))
= P(0101 1100 1000 0010 1011 0101 1001 0111)
= 0010 0011 0100 1010 1010 1001 1011 1011
R1 = L0 + f(R0 , K1 )
R1 = 1111 0000 1010 1010 1111 0000 1010 1010
+ 0010 0011 0100 1010 1010 1001 1011 1011
=1110 1111 0100 1010 0110 0101 0100 0100
Repeat these step for the 16 round

This example is taken from here

An-Najah University - adnan salman
 A DES example

 First row: left and right

halves after the IP
 The next 16 rows show the
results after each round.
 Final row: The left- and right-
hand values after the IP-1.

An-Najah University - adnan salman

 The Avalanche Effect

 Desired (Avalanche effect ): small change in the key

or plaintext produces large change in ciphertext.
 A change in one bit of the plaintext or one bit of the key should
produce a change in many bits of the ciphertext.

An-Najah University - adnan salman

The Avalanche Effect – Change in Plaintext

number of
bits that
differ

• Bit-4 of the plaintext is changed to 12468aceeca86420.

An-Najah University - adnan salman
 Attacks on DES – Brute force

 How much time is required for a brute-force attack

for various key sizes.

An-Najah University - adnan salman

 Attacks on DES – Brute force

 Only 56 bits used in encryption (8-bits parity check)

 256 = 7.2 x 1016
 1977: estimated cost of $20M to build machine to break it in 10
hours
 1998: A machine was built for $250k to break it in 56 hours

 1999: break DES in 22 hours and 15 minutes

 2016: Single GeForce GTX 1080 Ti GPU (costing < $1000)

recovers a key in an average of 15 days
 A chosen-plaintext attack utilizing can recover the DES key for
a single chosen plaintext in 25 seconds

An-Najah University - adnan salman

 Attacks on DES – Brute force

 Fortunately, there are a number of alternatives to

DES, the most important of which are AES and triple
DES,

An-Najah University - adnan salman