MODERN SYMMETRIC CIPHERS

5-1 MODERN BLOCK CIPHERS

A symmetric-key modern block cipher encrypts an

n-bit block of plaintext or decrypts an n-bit block of
ciphertext. The encryption or decryption algorithm uses
a k-bit key.

5.2
5.1 Continued

Figure 5.1 A modern block cipher

5.3
 5.1.1 Substitution or Transposition

A modern block cipher can be designed to act as a

substitution cipher or a transposition cipher.

Note

To be resistant to exhaustive-search attack,

a modern block cipher needs to be
designed as a substitution cipher.

5.4
 5.1.2 Block Ciphers as Permutation Groups

Full-size key ciphers: the key is long enough to choose every possible mapping from
input to output. In practice, the key is smaller (partial-key), only some mappings
from the input to output are possible.
Full-sizeKey
Full-Size keyTransposition
ciphers areBlock
not used in practice, only partial-key ciphers are used.
Ciphers
In a full-size key transposition cipher We need to have n! possible keys, so the key should
have élog2 n!ù bits.

Example 5.3

Show the model and the set of permutation tables for a 3-bit block transposition
cipher where the block size is 3 bits.

Solution
The set of permutation tables has 3! = 6 elements, as shown in Figure 5.2.

5.5
5.1.2 Continued

Figure 5.2 A transposition block cipher modeled as a permutation

5.6
 5.1.2 Continued

Full-Size Key Substitution Block Ciphers

A full-size key substitution cipher does not transpose bits; it
substitutes bits. We can model the substitution cipher as a
permutation if we can decode the input and encode the
output.
Example 5.4

Show the model and the set of permutation tables for a 3-bit block substitution cipher.

Solution
Figure 5.3 shows the model and the set of permutation tables. The key is also much
longer, élog240,320 = 16 bits.

5.7
5.1.2 Continued

Figure 5.3 A substitution block cipher model as a permutation

5.8
 5.1.2 Continued

Note

A full-size key n-bit transposition cipher or a

substitution block cipher can be modeled
as a permutation, but their key sizes are different:
 Transposition: the key is élog2n! bits long.
 Substitution: the key is élog2(2n)! bits long.

5.9
 5.1.3 Components of a Modern Block Cipher

Two or more cascaded permutations can be always replaced with a single

permutation. Hence it is useless to have more than one stage of full-size key
ciphers, because the effect is the same as having a single stage.
Modern block ciphers normally are keyed substitution ciphers in which the key allows only
partial mappings from the possible inputs to the possible outputs.

For example, a common substitution cipher is DES which uses a 64-bit block cipher. If the
designer of DES had used a full-size key, the key would have been log2 (264 )! = 270 bits. The
key size for DES is only 56 bits which is only a very small fraction of the full-size key. This
means that DES uses only 256 mappings out of approximately
2^ 270 possible mappings.

5.10
5.1.3 P-Boxes
A P-box (permutation box) parallels the traditional transposition cipher
for characters. It transposes bits.
Figure 5.4 Three types of P-boxes

5.11
 5.1.3 Continued

S-Box
An S-box (substitution box) can be thought of as a
miniature substitution cipher.

Note
An S-box is an m × n substitution unit, where m and n
are not necessarily the same.

5.12
 5.1.5 Two Classes of Product Ciphers

Modern block ciphers are all product ciphers, but they are
divided into two classes.

1. Feistel ciphers

2. Non-Feistel ciphers

5.13
 5.1.5 Continued

Feistel Ciphers
Feistel designed a very intelligent and interesting cipher
that has been used for decades. A Feistel cipher can have
three types of components: self-invertible, invertible, and
noninvertible.

5.14
 5.1.5 Continued

Figure 5.15 The first thought in Feistel cipher design

Note
Diffusion hides the relationship between the
ciphertext and the plaintext.
5.15
 6.1.2 Overview

DES is a block cipher, as shown in Figure 6.1.

Figure 6.1 Encryption and decryption with DES

6.16
 6-2 DES STRUCTURE

The encryption process is made of two permutations (P-

boxes), which we call initial and final permutations, and
sixteen Feistel rounds.

6.17
6-2 Continue

Figure 6.2 General structure of DES

6.18
 6.2.1 Initial and Final Permutations

Figure 6.3 Initial and final permutation steps in DES

6.19
6.2.1 Continue

Table 6.1 Initial and final permutation tables

6.20
 6.2.1 Continued

Note
The initial and final permutations are straight P-boxes that are
inverses
of each other.
They have no cryptography significance in DES.

6.21
 6.2.2 Rounds

DES uses 16 rounds. Each round of DES is a Feistel cipher.

Figure 6.4
A round in DES
(encryption site)

6.22
 6.2.2 Continued

DES Function
The heart of DES is the DES function. The DES function
applies a 48-bit key to the rightmost 32 bits to produce a
32-bit output.

Figure 6.5
DES function

6.23
 6.2.2 Continue

Expansion P-box
Since RI−1 is a 32-bit input and KI is a 48-bit key, we first
need to expand RI−1 to 48 bits.

Figure 6.6 Expansion permutation

6.24
 6.2.2 Continue

Although the relationship between the input and output can

be defined mathematically, DES uses Table 6.2 to define
this P-box.
Table 6.6 Expansion P-box table

6.25
 6.2.2 Continue

Whitener (XOR)
After the expansion permutation, DES uses the XOR
operation on the expanded right section and the round key.
Note that both the right section and the key are 48-bits in
length. Also note that the round key is used only in this
operation.

6.26
 6.2.2 Continue

S-Boxes
The S-boxes do the real mixing (confusion). DES uses 8 S-
boxes, each with a 6-bit input and a 4-bit output. See
Figure 6.7.

Figure 6.7 S-boxes

6.27
6.2.2 Continue

Figure 6.8 S-box rule

6.28
 6.2.2 Continue

Table 6.3 shows the permutation for S-box 1. For the rest of
the boxes see the textbook.

Table 6.3 S-box 1

6.29