LokmanyaTilakJankalyanShikshanSanstha’s

PRIYADARSHINI J. L. COLLEGE OF ENGINEERING, NAGPUR

An Autonomous Institute, Affiliated to RTM Nagpur University
Accredited with Grade “A” by NAAC
846, New Nandanvan Layout, Nagpur – 440 009

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

Programme: Computer Science & Engineering Semester: VII

(CBCS)
Course Code: BTECHCSE701T Course Title:Cryptography and Network Security
Name of course Teacher:Mrs. Anuradha Hiwase Year of Study: 2022-23

UNIT II: Symmetric key cryptography

Symmetric key cryptography: Block ciphers and its components, Stream cipher, Blowfish, DES, AES,
RC4, Key distribution

❖ Block ciphers and its components

The basic scheme of a block cipher is depicted as follows −

1. A block cipher takes a block of plaintext bits and generates a block of ciphertext bits, generally of same size.
The size of block is fixed in the given scheme. The choice of block size does not directly affect to the
strength of encryption scheme. The strength of cipher depends up on the key length.
2. A modern block cipher is a cipher which encrypts m-bit block of plaintext and decrypts m-bit block of
ciphertext. For encryption or decryption, modern block cipher facilitate a K bit key and the decryption
algorithm should be inverse of encryption algorithms and for both encryption and decryption similar key is
used.
3. A block cipher works on a plaintext block of n bits to make a cipher text block of n bits. There are possible
multiple plaintext blocks and, for the encryption to be reversible (i.e., for decryption to be applicable), each
should create a unique cipher text block. Such transformation is known as reversible, or non-singular.
4. Block cipher modes of operation have been produced to delete the chance of encrypting identical blocks of
text the similar method, the ciphertext formed from the previous encrypted block is used to the next block.
A block of bits is known as an initialization vector (IV).
There are various components of Modern Block Cipher which are as follows −

Prepared By : Mrs.Anuradha Hiwase 1

1. Straight D-box
2. Compression D-box
3. Expansion D-box

D-boxes − A D-box is a permutation box having similar features as traditional transposition ciphers.
D-boxes transpose bits. There are three types of D-boxes which are as follows −

Straight D-box − It creates n inputs, permutes them and supports n outputs. In this, the second input after
permutation is the first to be outputted. The first letter in input is permuted to second place, third on fourth place
and fourth on third place. There are n! Possible way of mapping in D-box.

Compression D-box − This is a D-box with n inputs and m outputs, where m<n. There are various inputs are
blocked and do not reach the output. Compression D-boxes are used when it is required to permute bits and at
the similar time reduce the number of bits for the next stage.

Expansion D-box − This is a D-box with n inputs and m outputs, where m >n i.e., there are various inputs are
connected to more than one output it is used when it is required to transpose bits and the same increase the
multiple bits for the next stage.

Prepared By : Mrs.Anuradha Hiwase 2

 S-boxes − These are substitution boxes same to the substitution cipher. The input to an S-box can be a
n-bit word but the output can be a m-bit word, where m and n are not essentially the same.

Circular Shift − It can also discovered in modern block ciphers, it can be such as leftshift or right-shift.
In the circular left shift, shift each bit in n-bit word with m position to the left and the leftmost m-bits are
deleted from the left and become the rightmost bits.

❖ Stream cipher

1. A stream cipher is an encryption technique that works byte by byte to transform plain text into code that's
unreadable to anyone without the proper key.
2. Stream ciphers are linear, so the same key both encrypts and decrypts messages. And while cracking them
can be difficult, hackers have managed to do it.
3. A typical stream cipher encrypts plaintext one byte at a time, although a stream cipher may be designed to
operate on one bit at a time or on units larger than a byte at a time.
4. Figure 6.8 is a representative diagram of stream cipher structure. In this structure a key is input to a
pseudorandom bit generator that produces a stream of 8-bit numbers that are apparently random.
5. For now, we simply say that a pseudorandom stream is one that is unpredictable without knowledge of the
input key. The output of the generator, called a keystream, is combined one byte at a time with the plaintext
stream using the bitwise exclusive-OR (XOR) operation.
6. For example, if the next byte generated by the generator is 01101100 and the next plaintext byte is 11001100,
then the resulting ciphertext byte is

Prepared By : Mrs.Anuradha Hiwase 3

The stream cipher is similar to the one-time pad . The difference is that a onetime pad uses a genuine random
number stream, whereas a stream cipher uses a pseudorandom number stream.
----------------------------------------------------------------------------------------------------------------------------------------
-

S.NO Block Cipher Stream Cipher

Stream Cipher Converts the plain text into

Block Cipher Converts the plain text into cipher
1. cipher text by taking 1 byte of plain text at a
text by taking plain text’s block at a time.
time.

Block cipher uses either 64 bits or more than 64

2. While stream cipher uses 8 bits.
bits.

3. The complexity of block cipher is simple. While stream cipher is more complex.

4. Block cipher Uses confusion as well as diffusion. While stream cipher uses only confusion.

While in-stream cipher, reverse encrypted text

5. In block cipher, reverse encrypted text is hard.
is easy.

The algorithm modes which are used in block The algorithm modes which are used in stream
6. cipher are ECB (Electronic Code Book) and CBC cipher are CFB (Cipher Feedback) and OFB
(Cipher Block Chaining). (Output Feedback).

Block cipher works on transposition techniques like While stream cipher works on substitution
7. rail-fence technique, columnar transposition techniques like Caesar cipher, polygram
technique, etc. substitution cipher, etc.

Block cipher is slow as compared to a stream While stream cipher is fast in comparison to
8.
cipher. block cipher.

9. Suitable for applications that require strong Suitable for applications that require strong

Prepared By : Mrs.Anuradha Hiwase 4

S.NO Block Cipher Stream Cipher

encryption, such as file storage and internet encryption, such as file storage and internet
communications communications

More secure than stream ciphers when the same Less secure than block ciphers when the same
10.
key is used multiple times key is used multiple times

11. key length is Typically 128 or 256 bits key length is Typically 128 or 256 bits

12. Operates on fixed-length blocks of data Encrypts data one bit or byte at a time

-------------------------------------------------------------------------------------------------------------- Blowfish

Prepared By : Mrs.Anuradha Hiwase 5

Prepared By : Mrs.Anuradha Hiwase 6
Prepared By : Mrs.Anuradha Hiwase 7
Lets see each step one by one:
Step1: Generation of subkeys:
18 subkeys{P[0]…P[17]} are needed in both encryption as well as decryption process and the same
subkeys are used for both the processes.
These 18 subkeys are stored in a P-array with each array element being a 32-bit entry.
It is initialized with the digits of pi(?).
The hexadecimal representation of each of the subkeys is given by:
P[0] = "243f6a88"
P[1] = "85a308d3"
.
.
.
P[17] = "8979fb1b"

Now each of the subkey is changed with respect to the input key as:
P[0] = P[0] xor 1st 32-bits of input key
P[1] = P[1] xor 2nd 32-bits of input key
.
.
.
P[i] = P[i] xor (i+1)th 32-bits of input key
(roll over to 1st 32-bits depending on the key length)
.
.
.
P[17] = P[17] xor 18th 32-bits of input key
(roll over to 1st 32-bits depending on key length)
The resultant P-array holds 18 subkeys that is used during the entire encryption process
Step2: initialise Substitution Boxes:
4 Substitution boxes(S-boxes) are needed{S[0]…S[4]} in both encryption aswell as decryption process
with each S-box having 256 entries{S[i][0]…S[i][255], 0&lei&le4} where each entry is 32-bit.
Prepared By : Mrs.Anuradha Hiwase 8
 It is initialized with the digits of pi(?) after initializing the P-array. You may find the s-boxes in here!
Step3: Encryption:
The encryption function consists of two parts:
a. Rounds: The encryption consists of 16 rounds with each round(Ri) taking inputs the plainText(P.T.)
from previous round and corresponding subkey(Pi). The description of each round is as follows:

The description of the function ” F ” is as follows:

Here the function “add” is addition modulo 2^32.

b. Post-processing: The output after the 16 rounds is processed as follows:

Prepared By : Mrs.Anuradha Hiwase 9

Decryption
The decryption process is similar to that of encryption and the subkeys are used in reverse{P[17] – P[0]}. The
entire decryption process can be elaborated as:

Lets see each step one by one:

Step1: Generation of subkeys:
18 subkeys{P[0]…P[17]} are needed in decryption process.
These 18 subkeys are stored in a P-array with each array element being a 32-bit entry.
It is initialized with the digits of pi(?).
The hexadecimal representation of each of the subkeys is given by:
P[0] = "243f6a88"
P[1] = "85a308d3"
.
Prepared By : Mrs.Anuradha Hiwase 10
.
.
P[17] = "8979fb1b"
Note: See encryption for the initial values of P-array.
Now each of the subkeys is changed with respect to the input key as:
P[0] = P[0] xor 1st 32-bits of input key
P[1] = P[1] xor 2nd 32-bits of input key
.
.
.
P[i] = P[i] xor (i+1)th 32-bits of input key
(roll over to 1st 32-bits depending on the key length)
.
.
.
P[17] = P[17] xor 18th 32-bits of input key
(roll over to 1st 32-bits depending on key length)
The resultant P-array holds 18 subkeys that is used during the entire encryption process
Step2: initialize Substitution Boxes:
4 Substitution boxes(S-boxes) are needed{S[0]…S[4]} in both encryption aswell as decryption process
with each S-box having 256 entries{S[i][0]…S[i][255], 0&lei&le4} where each entry is 32-bit.
It is initialized with the digits of pi(?) after initializing the P-array. You may find the s-boxes in here !
Step3: Decryption:
The Decryption function also consists of two parts:
1. Rounds: The decryption also consists of 16 rounds with each round(Ri)(as explained above)
taking inputs the cipherText(C.T.) from previous round and corresponding subkey(P[17-i])(i.e for
decryption the subkeys are used in reverse).
2. Post-processing: The output after the 16 rounds is processed as follows:

❖ Data encryption standard (DES)

Data encryption standard (DES) has been found vulnerable to very powerful attacks and therefore, the
popularity of DES has been found slightly on the decline. DES is a block cipher and encrypts data in blocks of
size of 64 bits each, which means 64 bits of plain text go as the input to DES, which produces 64 bits of
Prepared By : Mrs.Anuradha Hiwase 11
ciphertext. The same algorithm and key are used for encryption and decryption, with minor differences. The
key length is 56 bits. The basic idea is shown in the figure:

We have mentioned that DES uses a 56-bit key. Actually, the initial key consists of 64 bits. However, before
the DES process even starts, every 8th bit of the key is discarded to produce a 56-bit key. That is bit positions
8, 16, 24, 32, 40, 48, 56, and 64 are discarded.

Thus, the discarding of every 8th bit of the key produces a 56-bit key from the original 64-bit key.
DES is based on the two fundamental attributes of cryptography: substitution (also called confusion) and
transposition (also called diffusion). DES consists of 16 steps, each of which is called a round. Each round
performs the steps of substitution and transposition. Let us now discuss the broad-level steps in DES.
In the first step, the 64-bit plain text block is handed over to an initial Permutation (IP) function.
a) The initial permutation is performed on plain text.
b) Next, the initial permutation (IP) produces two halves of the permuted block; saying Left Plain Text (LPT)
and Right Plain Text (RPT).
c) Now each LPT and RPT go through 16 rounds of the encryption process.
d) In the end, LPT and RPT are rejoined and a Final Permutation (FP) is performed on the combined block

Prepared By : Mrs.Anuradha Hiwase 12

e) The result of this process produces 64-bit

ciphertext.

Initial Permutation (IP):

As we have noted, the initial permutation (IP) happens only once and it happens before the first round. It
suggests how the transposition in IP should proceed, as shown in the figure. For example, it says that the IP
replaces the first bit of the original plain text block with the 58th bit of the original plain text, the second bit
with the 50th bit of the original plain text block, and so on.
This is nothing but jugglery of bit positions of the original plain text block. the same rule applies to all the
other bit positions shown in the figure.

As we have noted after IP is done, the resulting 64-bit permuted text block is divided into two half blocks.
Each half-block consists of 32 bits, and each of the 16 rounds, in turn, consists of the broad-level steps
outlined in the figure.

Prepared By : Mrs.Anuradha Hiwase 13

Step-1: Key transformation:

We have noted initial 64-bit key is transformed into a 56-bit key by discarding every 8th bit of the initial key.
Thus, for each a 56-bit key is available. From this 56-bit key, a different 48-bit Sub Key is generated during
each round using a process called key transformation. For this, the 56-bit key is divided into two halves, each
of 28 bits. These halves are circularly shifted left by one or two positions, depending on the round.
For example: if the round numbers 1, 2, 9, or 16 the shift is done by only one position for other rounds, the
circular shift is done by two positions. The number of key bits shifted per round is shown in the figure.

After an appropriate shift, 48 of the 56 bits are selected. for selecting 48 of the 56 bits the table is shown in the
figure given below. For instance, after the shift, bit number 14 moves to the first position, bit number 17
moves to the second position, and so on. If we observe the table carefully, we will realize that it contains only
48-bit positions. Bit number 18 is discarded (we will not find it in the table), like 7 others, to reduce a 56-bit
key to a 48-bit key. Since the key transformation process involves permutation as well as a selection of a 48-bit
subset of the original 56-bit key it is called Compression Permutation.

Because of this compression permutation technique, a different subset of key bits is used in each round. That
makes DES not easy to crack.

Step-2: Expansion Permutation:

Recall that after the initial permutation, we had two 32-bit plain text areas called Left Plain Text(LPT) and
Right Plain Text(RPT). During the expansion permutation, the RPT is expanded from 32 bits to 48 bits. Bits
are permuted as well hence called expansion permutation. This happens as the 32-bit RPT is divided into 8
blocks, with each block consisting of 4 bits. Then, each 4-bit block of the previous step is then expanded to a
corresponding 6-bit block, i.e., per 4-bit block, 2 more bits are added.

Prepared By : Mrs.Anuradha Hiwase 14

This process results in expansion as well as a permutation of the input bit while creating output. The key
transformation process compresses the 56-bit key to 48 bits. Then the expansion permutation process expands
the 32-bit RPT to 48-bits. Now the 48-bit key is XOR with 48-bit RPT and the resulting output is given to the
next step, which is the S-Box substitution.

------------------------------------------------------------------------------------------------------------------------------------

❖ Advanced Encryption Standard (AES)

Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by
the U.S National Institute of Standards and Technology (NIST) in 2001. AES is widely used today as it is a
much stronger than DES and triple DES despite being harder to implement.
Points to remember
AES is a block cipher.
The key size can be 128/192/256 bits.
Encrypts data in blocks of 128 bits each.
That means it takes 128 bits as input and outputs 128 bits of encrypted cipher text as output. AES relies on
substitution-permutation network principle which means it is performed using a series of linked operations
which involves replacing and shuffling of the input data.
Working of the cipher :
AES performs operations on bytes of data rather than in bits. Since the block size is 128 bits, the cipher
processes 128 bits (or 16 bytes) of the input data at a time.
The number of rounds depends on the key length as follows :
128 bit key – 10 rounds
192 bit key – 12 rounds
256 bit key – 14 rounds
Creation of Round keys :
A Key Schedule algorithm is used to calculate all the round keys from the key. So the initial key is used to
create many different round keys which will be used in the corresponding round of the encryption.

Prepared By : Mrs.Anuradha Hiwase 15

Encryption :
AES considers each block as a 16 byte (4 byte x 4 byte = 128 ) grid in a column major arrangement.

Each round comprises of 4 steps :

SubBytes
ShiftRows
MixColumns
Add Round Key
The last round doesn’t have the MixColumns round.
The SubBytes does the substitution and ShiftRows and MixColumns performs the permutation in the
algorithm.
SubBytes :
This step implements the substitution.
In this step each byte is substituted by another byte. Its performed using a lookup table also called the S-box.
This substitution is done in a way that a byte is never substituted by itself and also not substituted by another
byte which is a compliment of the current byte. The result of this step is a 16 byte (4 x 4 ) matrix like before.
The next two steps implement the permutation.
ShiftRows :
This step is just as it sounds. Each row is shifted a particular number of times.
The first row is not shifted
The second row is shifted once to the left.
The third row is shifted twice to the left.
The fourth row is shifted thrice to the left.
(A left circular shift is performed.)

Prepared By : Mrs.Anuradha Hiwase 16

Add Round Keys :
Now the resultant output of the previous stage is XOR-ed with the corresponding round key. Here, the 16 bytes
is not considered as a grid but just as 128 bits of data.

After all these rounds 128 bits of encrypted data is given back as output. This process is repeated until all the
data to be encrypted undergoes this process.
Decryption :
The stages in the rounds can be easily undone as these stages have an opposite to it which when performed
reverts the changes.Each 128 blocks goes through the 10,12 or 14 rounds depending on the key size.
The stages of each round in decryption is as follows :
Add round key
Inverse MixColumns
ShiftRows
Inverse SubByte
The decryption process is the encryption process done in reverse so i will explain the steps with notable
differences.
Inverse MixColumns :
This step is similar to the MixColumns step in encryption, but differs in the matrix used to carry out the
operation.

Inverse SubBytes :
Inverse S-box is used as a lookup table and using which the bytes are substituted during decryption.

AES and DES are both examples of symmetric block ciphers but have certain dissimilarities.

Prepared By : Mrs.Anuradha Hiwase 17

 AES DES

1. AES stands for Advanced Encryption Standard DES stands for Data Encryption Standard

2. The date of creation is 2001. The date of creation is 1977.

3. Byte-Oriented. Bit-Oriented.

4. Key length can be 128-bits, 192-bits, and The key length is 56 bits in DES.
256-bits.

5. Number of rounds depends on key length: DES involves 16 rounds of identical

10(128-bits), 12(192-bits), or 14(256-bits) operations

6. The structure is based on a The structure is based on

substitution-permutation network. a Feistel network.

7. The design rationale for AES is open. The design rationale for DES is closed.

8. The selection process for this is secret but The selection process for this is secret.
accepted for open public comment.

9. AES is more secure than the DES cipher and is DES can be broken easily as it has known
the de facto world standard. vulnerabilities. 3DES(Triple DES) is a
variation of DES which is secure than the
usual DES.

10. The rounds in AES are: Byte Substitution, Shift The rounds in DES are: Expansion, XOR
Row, Mix Column and Key Addition operation with round key, Substitution
and Permutation

11. AES can encrypt 128 bits of plaintext. DES can encrypt 64 bits of plaintext.

12. It can generate Ciphertext of 128, 192, 256 bits. It generates Ciphertext of 64 bits.

13. AES cipher is derived from an aside-channel DES cipher is derived from Lucifer
square cipher. cipher.

16. It is faster than DES. It is slower than AES.

17. It is flexible. It is not flexible.

18. It is efficient with both hardware and software. It is efficient only with hardware.

Prepared By : Mrs.Anuradha Hiwase 18

RC4
➢ RC4 means Rivest Cipher 4 invented by Ron Rivest in 1987 for RSA Security.
➢ It is a Stream Ciphers. Stream Ciphers operate on a stream of data byte by byte.
➢ RC4 stream cipher is one of the most widely used stream ciphers because of its simplicity and speed of
operation.
➢ It is a variable key-size stream cipher with byte-oriented operations.
➢ It uses either 64 bit or 128-bit key sizes.
➢ It is generally used in applications such as Secure Socket Layer (SSL), Transport Layer Security (TLS),
and also used in IEEE 802.11 wireless LAN std.

RC4 Block Diagram

Working of RC4

Encryption Procedure
1. The user inputs a plain text file and a secret key.
2. The encryption engine then generates the keystream by using KSA and PRGA Algorithm.
3. This keystream is now XOR with the plain text, this XORing is done byte by byte to produce the
encrypted text.
4. The encrypted text is then sent to the intended receiver, the intended receiver will then decrypted the
text and after decryption, the receiver will get the original plain text.
Decryption Procedure
Decryption is achieved by doing the same byte-wise X-OR operation on the Ciphertext.
Example: Let A be the plain text and B be the keystream (A xor B) xor B = A

Advantages

1. RC4 stream ciphers are simple to use.

2. The speed of operation in RC4 is fast as compared to other ciphers.
3. RC4 stream ciphers are strong in coding and easy to implement.
Prepared By : Mrs.Anuradha Hiwase 19
4. RC4 stream ciphers do not require more memory.
5. RC4 stream ciphers are implemented on large streams of data.

Disadvantages

1. If RC4 is not used with strong MAC then encryption is vulnerable to a bit-flipping attack.
2. RC4 stream ciphers do not provide authentication.
3. RC4 algorithm requires additional analysis before including new systems.
4. RC4 stream ciphers cannot be implemented on small streams of data.
5. RC4 fails to discard the beginning of output keystream or fails to use non-random or related keys for the
algorithm.
Key Management and Distribution

o Symmetric Key Distribution Using Symmetric Encryption

· A Key Distribution Scenario ierarchical Key Control Session Key Lifetime
· A Transparent Key Control Scheme Decentralized Key Control Controlling Key
Usage
o Symmetric Key Distribution Using Asymmetric Encryption
· Simple Secret Key Distribution
· Secret Key Distribution with Confidentiality and Authentication A Hybrid
Scheme
o Distribution Of Public Keys
· Public Announcement of Public Keys Publicly Available Directory
· Public-Key Authority Public-Key Certificates
o X.509 Certificates
· Certificates
· X.509 Version 3
o Public-Key Infrastructure
· PKIX Management Functions PKIX Management Protocols

KEY POINTS
◆ Key distribution is the function that delivers a key to two parties who wish to exchange secure encrypted
data. Some sort of mechanism or protocol is needed to provide for the secure distribution of keys.
◆ Key distribution often involves the use of master keys, which are infre- quently used and are long lasting,
and session keys, which are generated and distributed for temporary use between two parties.
◆ Public-key encryption schemes are secure only if the authenticity of the public key is assured. A public-key
certificate scheme provides the neces- sary security.
◆ X.509 defines the format for public-key certificates. This format is widely used in a variety of applications.

Prepared By : Mrs.Anuradha Hiwase 20

A public-key infrastructure (PKI) is defined as the set of hardware, software, people, policies, and procedures
needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography.
◆ Typically, PKI implementations make use of X.509 certificates.

◆ The original timestamp given so A can determine that

this is not an old mes- sage from the authority containing a key other than B’s current public key
◆ A stores B’s public key and also uses it to encrypt a message to B containing an
identifier of A (IDA) and a nonce (N1), which is used to identify this transaction uniquely.
◆ B retrieves A’s public key from the authority in the same manner as A retrieved B’s public key.
◆ At this point, public keys have been securely delivered to A and B, and they may begin their protected
exchange. However, two additional steps are desirable:
◆ B sends a message to A encrypted with PUa and containing A’s nonce (N1) as well as a new nonce
generated by B (N2). Because only B could have decrypted message (3), the presence of N1 in message
(6) assures A that the correspondent is B.
◆ A returns N2, which is encrypted using B’s public key, to assure B that its cor- respondent is A.
◆ Thus, a total of seven messages are required. However, the initial four mes- sages need be used only
infrequently because both A and B can save the other’s
public key for future use—a technique known as caching. Periodically, a user should
request fresh copies of the public keys of its correspondents to ensure currency.

Prepared By : Mrs.Anuradha Hiwase 21