Block Ciphers

•Block cipher is an encryption and decryption method which operates on

the blocks of plain text. A block cipher takes a block of plaintext bits and
generates a block of ciphertext bits, generally of same size.

•Each block is of equal size and has fixed no of bits. The generated ciphertext
has blocks equal to the number of blocks in plaintext and also has the same
number of bits in each block as of plain text.

•Most modern block ciphers are designed to encrypt data in fixed-size blocks of
either 64 or 128 bits. Block cipher has a specific number of rounds and keys
for generating ciphertext.

•Block cipher uses the same key for encryption and decryption.
 Block Ciphers
•Block cipher is an encryption method which
divides the plain text into blocks of fixed size.
Each block has an equal number of bits.

•At a time, block cipher operates only on one

block of plain text and applies key on it to
produce the corresponding block of
ciphertext.

•While decryption also only one block of

ciphertext is operated to produce its
corresponding plain text. Data Encryption
Standard (DES) is the best example of it.
 Padding in Block Cipher
•Block ciphers process blocks of fixed sizes (say 64 bits). The length of
plaintexts is mostly not a multiple of the block size. For example, a 150-bit
plaintext provides two blocks of 64 bits each with third block of balance 22
bits.

•The last block of bits needs to be padded up with redundant information so

that the length of the final block equal to block size of the scheme. In our
example, the remaining 22 bits need to have additional 42 redundant bits
added to provide a complete block. The process of adding bits to the last
block is referred to as padding.

•Too much padding makes the system inefficient. Also, padding may render
the system insecure at times, if the padding is done with same bits always.
 Block cipher principles
•The design of a block cipher involves several important principles to ensure
the security and efficiency of the algorithm. Some of these principles are:

•Number of Rounds: It just reflects the number of rounds to be suitable for

an algorithm to make it more complex, in DES we have 16 rounds ensuring it
to be more secure while in AES we have 10 rounds which makes it more
secure.

•Design of function F: The complexity of cryptanalysis can be derived from

the Round function i.e. the increasing level of complexity for the round
function would be greatly contributing to an increase in complexity.
 Block cipher principles
•Confusion and Diffusion: The cipher should provide confusion and diffusion
to make it difficult for an attacker to determine the relationship between the
plaintext and ciphertext. Confusion means that the ciphertext should be a
complex function of the key and plaintext, making it difficult to guess the key.
Diffusion means that a small change in the plaintext should cause a
significant change in the ciphertext, which makes it difficult to analyze the
encryption pattern.

•Key Size: The key size should be large enough to prevent brute-force attacks.
A larger key size means that there are more possible keys, making it harder
for an attacker to guess the correct one. A key size of 128 bits is considered to
be secure for most applications.
 Block cipher principles
•Key Schedule: The key schedule should be designed carefully to ensure that the
keys used for encryption are independent and unpredictable.

•Block Size: The block size should be large enough to prevent attacks that
exploit statistical patterns in the plaintext. A block size of 128 bits is generally
considered to be secure for most applications.

•Avalanche Effect: The cipher should exhibit the avalanche effect, which means
that a small change in the plaintext or key should cause a significant change in
the ciphertext. This ensures that any change in the input results in a complete
change in the output.

•Overall, a good block cipher design should be resistant to various attacks,

efficient, and easy to implement.
 Asymmetric Encryption
•In Asymmetric Encryption algorithms, you use two different keys, one for
encryption and the other for decryption. The key used for encryption is the
public key, and the key used for decryption is the private key. But both the keys
must belong to the receiver.
For example, if Alice needs to send a message to Bob, both the
keys, private and public, must belong to Bob.
 RSA Algorithm
•RSA algorithm is a public key encryption technique and is considered as the
most secure way of encryption. It was invented by Rivest, Shamir and Adleman
in year 1978 and hence name RSA algorithm.

•The RSA algorithm is an asymmetric cryptography algorithm; this means that

it uses a public key and a private key (i.e two different, mathematically linked
keys). As their names suggest, a public key is shared publicly, while a private
key is secret and must not be shared with anyone.

•We need to generate public and private keys before running the functions to
generate ciphertext and plaintext.
 Steps in RSA Algorithm
•Choose two large prime numbers (p and q)
•Calculate n = p*q and z = (p-1)(q-1)
•Choose a number e where 1 < e < z (Prime number)
•Calculate d such that e*d mod z = 1
•You can bundle private key pair as (n,d)
•You can bundle public key pair as (n,e)
•Once you generate the keys, you pass the parameters to the functions that
calculate your ciphertext and plaintext using the respective key.
If the plaintext is m, ciphertext = me mod n.
If the ciphertext is c, plaintext = cd mod n
 cryptosystems
•Different keys are used for encryption and decryption. Each receiver possesses a unique
decryption key, generally referred his private key.

•Receiver needs to publish an encryption key, referred to as his public key.

•This type of cryptosystem involves trusted third party which certifies that a particular
public key belongs to a specific person or entity only.

•Encryption algorithm is complex enough to prohibit attacker from deducing the plaintext
from the ciphertext.

•Though private and public keys are related mathematically, it is not be feasible to calculate
the private key from the public key. The best part of any public-key cryptosystem is in
designing a relationship between two keys.
 Diffie-Hellman Algorithm
•Diffie-Hellman algorithm is one of the most important algorithms used for establishing a
shared secret. At the time of exchanging data over a public network, we can use the shared
secret for secret communication.

•We will take four variables, i.e., P (prime), G (the primitive root of P), and a and b (private
values).

•The variables P and G both are publicly available. The sender selects a private value, either
a or b, for generating a key to exchange publicly. The receiver receives the key, and that
generates a secret key, after which the sender and receiver both have the same secret key
to encrypt.
Algebraicall
y, 5th step
can be
shown as
follows: k =k
a b

It means
that both
the users
have the
symmetric
secret key
to encrypt.
 Block Cipher
•Block cipher is an encryption method which divides the plain text into blocks
of fixed size. Each block has an equal number of bits. At a time, block cipher
operates only on one block of plain text and applies key on it to produce the
corresponding block of ciphertext. Typically a block size of 64 or 128 bits is
used.

•While decryption also only one block of ciphertext is operated to produce its
corresponding plain text. Data Encryption Standard (DES) is the best example
of it.
The strength of cipher
depends upon the key
length.
 Block Cipher
•Block cipher has a specific number of rounds and keys for generating
ciphertext. For defining the complexity level of an algorithm few design
principles are to be considered.

•Number of Rounds –
The number of Rounds is regularly considered in design criteria, it just reflects
the number of rounds to be suitable for an algorithm to make it more complex,
in DES we have 16 rounds ensuring it to be more secure while in AES we have
10 rounds which makes it more secure.
 Block Cipher
Design of function F –The core part of the Feistel Block cipher structure is the
Round Function. The complexity of cryptanalysis can be derived from the
Round function i.e. the increasing level of complexity for the round function
would be greatly contributing to an increase in complexity.

•To increase the complexity of the round function, the avalanche effect is also
included in the round function, as the change of a single bit in plain text would
produce a mischievous output due to the presence of avalanche effect.

•In cryptography, the avalanche effect is the desirable property of

cryptographic algorithms, typically block ciphers and cryptographic hash
functions, wherein if an input is changed slightly, the output changes
significantly.
 Block Cipher
Key schedule algorithm –
In Feistel Block cipher structure, each round would generate a sub-key for
increasing the complexity of cryptanalysis. The Avalanche effect makes it more
complex in deriving sub-key. Decryption must be done very carefully to get the
actual output as the avalanche effect is present in it.
 (DES)
•DES is a block cipher and encrypts data in blocks of size of 64 bits each, which
means 64 bits of plain text go as the input to DES, which produces 64 bits of
ciphertext. The same algorithm and key are used for encryption and
decryption, with minor differences. The key length is 56 bits. The basic idea is
shown in the figure:
 (DES)
•We have mentioned that DES uses a 56-bit key. Actually, the initial key consists
of 64 bits. However, before the DES process even starts, every 8th bit of the
key is discarded to produce a 56-bit key. That is bit positions 8, 16, 24, 32, 40,
48, 56, and 64 are discarded.
Initial Permutation (IP):
For example, it says that the IP replaces the first bit of the original plain text block with the
58th bit of the original plain text, the second bit with the 50th bit of the original plain text
block, and so on.
This is nothing but jugglery of bit positions of the original plain text block. the same rule
applies to all the other bit positions shown in the figure.
Expansion Permutation Box − Since right
input is 32-bit and round key is a 48-bit, we
first need to expand right input to 48 bits.

XOR (Whitener). − After the expansion

permutation, DES does XOR operation on the
expanded right section and the round key. The
round key is used only in this operation.
Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-
boxes, each with a 6-bit input and a 4-bit output. There are a total of eight S-box
tables. The output of all eight s-boxes is then combined in to 32 bit section.
3-KEY Triple DES
Before using 3TDES, user first generate and distribute a 3TDES key K, which consists of
three different DES keys K1, K2 and K3. This means that the actual 3TDES key has length
3×56 = 168 bits. The encryption scheme is illustrated as follows −
The encryption-decryption process is as follows −
•Encrypt the plaintext blocks using single DES with
key K1.
•Now decrypt the output of step 1 using single DES
with key K2.
•Finally, encrypt the output of step 2 using single
DES with key K3.
•The output of step 3 is the ciphertext.
•Decryption of a ciphertext is a reverse process.
User first decrypt using K3, then encrypt with
K2, and finally decrypt with K1.
•Triple DES systems are significantly more secure
than single DES, but these are clearly a much
slower process than encryption using single DES.
 Blowfish
•Blowfish is a variable-length, symmetric, 64-bit block cipher.

•Blowfish is significantly faster than DES and available free for all uses.
However, it couldn't completely replace DES due to its small block size, which is
considered insecure.

•Blowfish features a 64-bit block size and takes a variable-length key, from 32
bits to 448 bits. Blowfish uses a single encryption key to both encrypt and
decrypt data.
 RC5 Algorithm
•In the RC5 algorithm, the input plain text block size, number of rounds and
key can be of variable length.

•Once the values of this are decided, the values will remain the same for a
particular execution of the cryptographic algorithm.

•The size of plain text block can be of 32 bits, 64 bits or 128 bits. The length of
the key can be of 0 to 255 bytes. The output generated by RC5 is the ciphertext
which has the size the same as plain text size.
 RC5 Algorithm
•In RC5, the plain text message is divided into two blocks A and B each of 32
bits. Then two subkeys are generated S[0] and S[1].

•These two subkeys are added into A and B respectively. This process produces
C and D respectively and marks the end of the one-time operation.

•Then the process of the round begins. In each round, the following operation
is performed.
Bitwise XOR.
Left circular shift.
addition to the next subkey, for both C and D.
 Details of Round
•In this section, we will discuss the result for one round. The process for the
first round will be the same for other rounds.
Step 1: XOR C and D
This is the first step in every round where C and D are XOR to form E.
Step 2: Circular left shift E
The output generated in step 1 i.e. E is now circular left-shifted by D positions.
Step 3: Add E and next subkey
In this step, E is added to the next subkey to form the F.

Note: Step 4 to step 6 are similar to Step 1 to step 3 only difference is the input
used for the operations.
 Details of Round
Step 4: XOR D and F
D and F are XORed to from G.
Step 5: circular left shift G
The output generated in step 4 i.e. G is now circular left-shifted by F position.
Step 6: Add G and next subkey
In this step, G is added to the next subkey to form the H.
Step 7: In these steps, the checking is done to ensure that all-round is done
properly. This is performed using the following steps.
Increment i by 1
check if i < r
if i is less than r then rename F as C and H as D. If i is greater than r then the
process will stop.
 Standard (AES)
•It is found at least six time faster than triple DES.

•A replacement for DES was needed as its key size was too small. With increasing
computing power, it was considered vulnerable against exhaustive key search
attack. Triple DES was designed to overcome this drawback but it was found slow.

•The features of AES are as follows −

Symmetric key symmetric block cipher
128-bit data, 128/192/256-bit keys
Stronger and faster than Triple-DES
Provide full specification and design details
Software implementable in C and Java
 Standard (AES)
•AES performs all its computations on bytes rather than bits. Hence, AES treats
the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in
four columns and four rows for processing as a matrix.

•Unlike DES, the number of rounds in AES is variable and depends on the
length of the key. AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit
keys and 14 rounds for 256-bit keys. Each of these rounds uses a different 128-
bit round key, which is calculated from the original AES key.

•A round consists of several processing steps that include substitution, transposition

and mixing of the input plaintext to transform it into the final output of ciphertext.
1. Substitution of the bytes

SubBytes transform is a simple transform which converts 8bit data

to other 8 bit data. For example, 8 bit data "00000000" is
transformed into "01100011".
2. Shifting the rows

Next comes the permutation step. In this step, all rows except the
first are shifted by one, as shown above.
3. Mixing the columns

It multiplies a constant matrix with each column in the state array to

get a new column for the subsequent state array. Once all the
columns are multiplied with the same constant matrix, you get your
state array for the next step. This particular step is not to be done in
the last round.
4. Adding the round key

In the final step, the message is XORed with the respective round
key. When done repeatedly, these steps ensure that the final
ciphertext is secure.
The steps listed above constitute one round, so there are nine,
11, and 13 rounds left to go for 128-bit AES encryption, 192-
bit AES encryption, and 256-bit AES encryption, respectively.