UNIT-2 CNS Notes
UNIT-2 CNS Notes
The traditional symmetric -key ciphers that we have studied so far character- oriented
ciphers.With the advent of the computer, we need bit oriented ciphers. This is because the
information to be encrypted is not just text; it can also consists of numbers, graphics, audio,
video data.It is convenient to convert these types of data into stream o bits, to encrypt the stream
and then to send the encrypted stream. In addition , when the text is treated is treated at the bit
level, each character is replaced by 8 or 16 bits, which means number of symbols becomes 8 or
16 times larger. Mixing the larger number of symbols increases security.
A symmetric - key modern block cipher encrypts an n-bit block o plaintext or decrypts an n -bit block of
ciphertext. The encryption or decryption algorithm uses a k-bit key.
The decryption algorithm must be the inverse of the encryption algorithm, and both operation must use
the same secret key that Bob can retrieve the message sent by Alice. If the message has fewer than n bits ,
padding must be added to make it an n-bit block; if the message has more than n bits, it should be divided
into n -bit blocks and the appropriate padding must be added to the last block if it necessary. The common
values for n are 64,128,256,or 512 bits.
Example:
How many padding bits must be added to a message of 100 characters if 8-bit ASCII is used for
encoding and the block cipher accepts blocks of 64 bits?
Solution:
Encoding 100 characters using 8-bit ASCII results in an 800-bit message. The plaintext must be divisible
by 64. If | M | and |Pad| are the length of the message and the length of the padding,
Substitution or Transposition
A modern block cipher can be designed to act as a substitution cipher. This is the same idea as
used in traditional ciphers, except symbols to be substituted or transposed are bits instead of
characters.If the cipher is designed as a substitution cipher, a 1-bit or 0-bit in the plaintext can be
replaced either a 0’s or a 1’s.
In either case, the number of n-bit possible plaintext or ciphertexts is , because each of the n
Example:
Suppose that we have a block cipher where n = 64. If there are 10 1’s in the ciphertext, how
many trial-and-error tests does Eve need to do to recover the plaintext from the intercepted
ciphertext in each of the following cases?
a. The cipher is designed as a substitution cipher.
b. The cipher is designed as a transposition cipher.
Solution:
a. In the first case, Eve has no idea how many 1’s are in the plaintext. Eve needs to try all
possible 264 64-bit blocks to find one that makes sense.
b. In the second case, Eve knows that there are exactly 10 1’s in the plaintext. Eve can
launch an exhaustive-search attack using only those 64-bit blocks that have exactly 10
1’s.
Fig: A transposition block cipher modeled as a permutation
Full-Size Key Substitution Block Ciphers
A full-size key substitution cipher does not transpose bits; it substitutes bits. We can model the
substitution cipher as a permutation if we can decode the input and encode the output.
Example:
Show the model and the set of permutation tables for a 3-bit block substitution cipher.
solution
Figure 5.3 shows the model and the set of permutation tables. The key is also much longer,
élog240,320 = 16 bits.
A full-size key n-bit transposition cipher or a substitution block cipher can be modeled as a
permutation, but their key sizes are different:
Note:
D-BOX:
Modern block ciphers normally are keyed substitution ciphers in which the key allows only
partial mappings from the possible inputs to the possible outputs. A D-box (Diffusion box)
parallels the traditional transposition cipher for characters. It transposes bits.
We find there are three types of D- boxes in modern block ciphers: straight D- Boxes, expansion
D- boxes and compression D-boxes.
Straight D-boxes: A straight D- box, with n- input and n-outputs is a permutation. There are
n! mappings. D-boxes are normally keyless which means that the mapping is predetermined.
Figure 5.5 The possible mappings of a 3 × 3 D-box
Straight D-Boxes: D-boxes are normally keyless which means that the mapping is
predetermined. If the d-box is implemented in hardware, it is prewired; if it is implemented in
software, a permutation table shows the rule of mapping. In second case, the entries in the table
are the inputs and the position of the entries of the entries are the outputs. The given table shows
an example of a straight permutation table when n is 64.
Example: Design an 8 × 8 permutation table for a straight P-box that moves the two middle
bits (bits 4 and 5) in the input word to the two ends (bits 1 and 8) in the output words. Relative
positions of other bits should not be changed.
Solution: We need a straight P-box with the table [4 1 2 3 6 7 8 5]. The relative positions
of input bits 1, 2, 3, 6, 7, and 8 have not been changed, but the first output takes the fourth input
and the eighth output takes the fifth input.
Compression D-Boxes:
A compression D-box is a D-box with n inputs and m outputs where m < n. Some of the inputs
are blocked and do not reach the output(see the table). The compression D-boxes used in modern
block ciphers normally are keyless with a table showing the rule for transposing bits. We need to
know that a table for a compression D- box has m entries, but the content of each entry is from 1
to n with some missing values(those inputs that are blocked).The given example the compression
box note that the input 7,8,9,15,16,23,24,and 25 are blocked.
It means that compression D- box are used when we need to permute bits and the same time
decrease the number of bits for the next stage.
Expansion D-Boxes:
An expansion P-box is a P-box with n inputs and m outputs where m > n. Here some of the
inputs are connected to more than one input(see table).The expansion D-boxes used in modern
block ciphers normally are keyless, where a table shows the rules for transposing bits. We need
to know that a table for expansion D-box has m entries, but m-n of the entries are are
repeated(those inputs are mapped more than one output).Note that the each of the inputs
1,3,9,and 12 is mapped to two outputs.
Table Example of a 12 × 16 permutation expansion D-box table
Invertibility: A straight D- box is invertible. This means that we can use a straight D-box in the
encryption cipher and its inverse in the decryption cipher. The mapping defined by a straight D-
box is a permutation, and thus may be referred to as P-box. The permutation tables, however
need to be the inverses of each other.
Figure 5.6 shows how to invert a permutation table represented as a one-dimensional table.
Note: A straight D-box is invertible, but compression and expansion D-boxes are not.
In a compression D- box, an input can be during encryption; the decryption algorithm does not
have a clue how to replace the dropped bit(a choice between a 0-bit or 1-bit).In an expansion D-
box, an input may be mapped to more than oneoutput during encryption; the encryption
algorithm does not have a clue which of the several inputs are mapped to an output.
S-Boxes:
Example1:
The S-box is linear because a1,1 = a1,2 = a1,3 = a2,1 = 1 and a2,2 = a2,3 = 0. The relationship can be
represented by matrices, as shown below:
Example2:
where multiplication and addition is in GF(2). The S-box is nonlinear because there is no linear
relationship between the inputs and the outputs.
S-box Example 1:
The following table defines the input/output relationship for an S-box of size 3 × 2. The leftmost
bit of the input defines the row; the two rightmost bits of the input define the column. The two
output bits are values on the cross section of the selected row and column.
Based on the table, an input of 010 yields the output 01. An input of 101 yields the output of 00.
Example2:
Figure shows an example of an invertible S-box. For example, if the input to the left box is 001,
the output is 101. The input 101 in the right table creates the output 001, which shows that the
two tables are inverses of each other.
(s-box Example)
Exclusive-Or:
An important component in most block ciphers is the exclusive-or operation. In last session
addition and sustraction operations in the GF( ) field are performed by a single operation called
The inverse of a component in a cipher makes sense if the component represents a unary
operation (one input and one output). For example, a keyless P-box or a keyless S-box can be
made invertible because they have one input and one output. An exclusive operation is a binary
operation. The inverse of an exclusive-or operation can make sense only if one of the inputs is
fixed (is the same in encryption and decryption). For example, if one of the inputs is the key,
which normally is the same in encryption and decryption, then an exclusive-or operation is self-
invertible, as shown in Figure.
Circular Shift:
Another component found in some modern block ciphers is the circular shift operation.
Shifting can be to the left or to the right. The circular left-shift operation shifts operation shifts
each bit in an circular left-shift operation shifts each bit in an n-bits word k – position to shifts
each bit in an n- bits are leftost bits.
In given figure both left and right operations in case where n=8,and k=3.
Swap:
The swap operation is a special case of the circular shift operation where k = n/2.
Split and Combine:
Two other operations found in some block ciphers are split and combine. The split operation
normally splits an n-bit word in the middle, creating two equal length words. The combine
operation normally concatenates two equal- length words to create an n-bit word.
they are termed as and . To generate key for round 1, both and are
circularly shifted left 1 bit position. Then the output is passed to permuted choice 2 (PC2)
function to generate . At the same time it is also passed to the next round. In round 2, as
shown in table it is also 1 bit circularly shifted left. For other rounds you can see the table.
The PC2 function takes 56 bits of input, suppose the bits are 1, 2, 3, …, 56. From these bits 8 bits
are dropped and remaining 48 bits are only considered as the key for the particular round.
DES Decryption
The decryption operation is same as encryption, the only difference is that in encryption we give
give the keys in reverse order, i.e. to round 1, to round 2, to round 3, …, and to
round 16.
DES Example
For this example, the plaintext is a hexadecimal palindrome. The plaintext, key, and
resulting ciphertext are as follows:
Table 3.5 below shows the progression of the algorithm. The first row shows the 32-bit
values of the left and right halves of data after the initial permutation. The next 16 rows
show the results after each round. Also shown is the value of the 48-bit subkey generated
for each round. Note that Li = Ri -1. The final row shows the left- and right-hand values
after the inverse initial permutation. These two values combined form the ciphertext.
Table 3.5
The Avalanche Effect
A desirable property of any encryption algorithm is that a small change in either the
plaintext or the key should produce a significant change in the ciphertext. In particular, a
change in one bit of the plaintext or one bit of the key should produce a change in many
bits of the ciphertext. This is referred to as the avalanche effect. If the change were
small, this might provide a way to reduce the size of the plaintext or key space to be
searched.
Using the example from Table 3.5, Table 3.6 shows the result when the fourth bit of the
plaintext is changed, so that the plaintext is 12468aceeca86420. The second column of
the table shows the intermediate 64-bit values at the end of each round for the two
plaintexts. The third column shows the number of bits that differ between the two
intermediate values. The table shows that, after just three rounds, 18 bits differ between
the two blocks. On completion, the two ciphertexts differ in 32 bit positions.
Table 3.6
Table 3.7 shows a similar test using the original plaintext of with two keys that differ in
only the fourth bit position: the original key, 0f1571c947d9e859, and the altered key,
1f1571c947d9e859. Again, the results show that about half of the bits in the ciphertext
differ and that the avalanche effect is pronounced after just a few rounds.
Table 3.7
DES Strengths
Since its adoption as a federal standard, there have been lingering concerns about the
level of security provided by DES. These concerns, by and large, fall into two areas: (i)
key size and (ii) the nature of the algorithm.
The Use of 56-Bit Keys: With a key length of 56 bits, there are 256 possible keys, which is
approximately 72* 1016 keys. Thus, on the face of it, a brute-force attack appears impractical.
Assuming that, on average, half the key space has to be searched, a single machine performing one
DES encryption per microsecond would take more than a thousand years to break the cipher.
However, the assumption of one encryption per microsecond is overly conservative. As
far back as 1977, Diffie and Hellman postulated that the technology existed to build a
parallel machine with 1 million encryption devices, each of which could perform one
encryption per microsecond. This would bring the average search time down to about 10
hours. The authors estimated that the cost would be about $20 million in 1977 dollars.
DES finally and definitively proved insecure in July 1998, when the Electronic Frontier
Foundation (EFF) announced that it had broken a DES encryption using a special-
purpose “DES cracker” machine that was built for less than $250,000. The attack took
less than three days. The EFF has published a detailed description of the machine, enabling
others to build their own cracker. And, of course, hard-ware prices will continue to drop as
speeds increase, making DES virtually worthless. It is important to note that there is more
to a key-search attack than simply running through all possible keys. Unless known
plaintext is provided, the analyst must be able to recognize plaintext as plaintext. If the
message is just plain text in English, then the result pops out easily, although the task of
recognizing English would have to be automated. If the text message has been
compressed before encryption, then recognition is more difficult. And if the message is
some more general type of data, such as a numerical file, and this has been compressed,
the prob- lem becomes even more difficult to automate. Thus, to supplement the brute-
force approach, some degree of knowledge about the expected plaintext is needed, and
some means of automatically distinguishing plaintext from garble is also needed.
The EFF approach addresses this issue as well and introduces some automated
techniques that would be effective in many contexts. Fortunately, there are a number of
alternatives to DES, the most important of which are AES and triple DES.
The Nature of the DES Algorithm: Another concern is the possibility that cryptanalysis is possible by
exploiting the characteristics of the DES algorithm. The focus of concern has been on the eight
substitution tables, or S-boxes, that are used in each iteration. Because the design criteria for these
boxes, and indeed for the entire algorithm, were not made public, there is a suspicion that the boxes
were constructed in such a way that cryptanalysis is possible for an opponent who knows the
weaknesses in the S-boxes. This assertion is tantalizing, and over the years a number of regularities
and unexpected behaviors of the S-boxes have been discovered. Despite this, no one has so far
succeeded in discovering the supposed fatal weaknesses in the S-boxes.
The overall structure of DES encryption is shown in figure. As with any encryption
scheme, there are two inputs to the encryption function: the plaintext to be encrypted
and the key. In this case, the plaintext must be 64 bits in length and the key is 56 bits in
length. Looking at the left-hand side of the figure, we can see that the processing of the
plaintext proceeds in three phases. First, the 64-bit plaintext passes through an initial
permutation (IP) that rearranges the bits to produce the permuted input. This is followed
by a phase consisting of sixteen rounds of the same function, which involves both
permutation and substitution functions. The output of the last (sixteenth) round consists
of 64 bits that are a function of the input plaintext and the key. The left and right halves
of the output are swapped to produce the preoutput. Finally, the preoutput is passed
through a permutation [IP-1] that is the inverse of the initial permutation function, to
produce the 64-bit ciphertext. With the exception of the initial and final permutations,
DES has the exact structure of a Feistel cipher.
The right-hand portion of the Figure shows the way in which the 56-bit key is used.
Initially, the key is passed through a permutation function. Then, for each of the sixteen
rounds, a subkey (Ki ) is produced by the combination of a left circular shift and a
permutation. The permutation function is the same for each round, but a different subkey
is produced because of the repeated shifts of the key bits.
INITIAL PERMUTATION
The 64 bits input to the initial permutation are to . The output is X=IP(M), it is to
as shown below. Similarly suppose the inputs to inverse permutation are to , then
Expansion permutation input bits are: 1, 2, 3,…, 32. The output bits are 32, 1, 2, 3, 4, 5, …,1
as shown below
Input output
The permutation (P) function takes 32 bits: 1, 2, 3, …, 32 and produces 32 bit outputs 16, 7, 20,
…, 25 as shown below.
Input output
S-Box: There are 8 s-boxes, each runs under a Table named to . Each S-box takes 6 bit
input and gives 4 bit output. So in total for all the 8 boxes the 48 bit input is converted to 32 bit
output.
Suppose the input value of S1 are: 011001. The first and last bit together is 01, stands for row 1
and 4 middle bits 1100 stands for column 12. the value in row 1 and column 12 of S1 is 9, so the
output 4 bits are 1001.
Advanced Encrypted Standard (AES)
AES is a block cipher. It was published by National Institute of Standards and Technology in
2001. The block size is 128 bits. There are three variants of AES, with key size 128/192/256 bits,
so it is called AES-128, AES-192 or AES-256 respectively. It is an iterative cipher rather than a
fiestel cipher unlike DES. If key size is 16 bytes (128 bits), then it operates in 10 rounds. If key
size is 24 bytes (192 bits), then it operates in 12 rounds. If key size is 32 bytes (256bits), then it
operates in 14 rounds. The general architecture of AES is as given below.
For AES-128 we have one zeroth round, and 10 more round i.e. round 0 to round 10. The input
plain text 128 bits can be treated as a 4×4 matrix, each element of the matrix is a byte. This
matrix passes through all the rounds, it is called as state array. The key is 128 bits it can be also
arranged in 4×4 matrix, each element of the matrix is a byte. The four bytes in a column of this
matrix is called as a word. So, there are 4 words in the key matrix. From these four words we
expand another 40 words, so total 44 words are available. From these 44 words we create 11
keys, each key 4 words.
AES structure
In AES-128 we have 11 rounds. The zeroth round is AddRoundKey operation. The Round 1 to 9
has 4 different stages, those are (i) Substitute Bytes, (ii) ShiftRows, (iii) Mix Columns, and (iv)
AddRound Key. The Round 10 has only three stages, (i) Substitution bytes, (ii) Shift Rows, and
(iii) Add Round Key. The 4 word key (each word is 4 bytes) is extended to 44 words, so that 11
different keys are generated and used in these 11 rounds.
Add Round Key
It is just Vernam cipher. The 128 bits of the state are bitwise XORed with the 128 bits of the
round key. The inverse add round key is identical to the add round key because the XOR
operation is its own inverse.
AddRoundKey together with other 3 stages, provides confusion, diffusion, and non-linearity
Confusion – Makes relationship between ciphertext and key as complex as possible.
Diffusion – Each plaintext digit affect the value of many ciphertext digits.
NonLinearity – No linear relationship between plain text and key with cipher text
Substitute Byte Transformation
It is just a table look up activity. AES defines a 16×16 matrix of byte values, called a S-box, that
contains all possible permutation of 256 bytes. Each individual byte of a state is mapped into a
new byte. The table below and example represents the bytes in 2 hexadecimal digits.
For example suppose we have a byte EA. E stands for the first 4 bits, A stands for the next 4 bits.
The first hexadecimal digit represents the row value and the 2 nd hexadecimal digit represent the
column value. So, in row E and column A, the value is 87, hence EA is replaced by 87. The
inverse s-box can be used for decryption to perform inverse substitute byte operation. It is similar
to S-box operation.
Shift Rows
The shift row transformation is performed as follows. Row i does i-1 byte circular shift left, for
i=1, 2, 3,4. Similarly, the inverse shift row transformation is performed as follows. Row i does i-
1 byte circular shift right, for i=1, 2, 3,4. An example of shift row operation is as given below.
Blowfish Encryption Algorithm
1. blockSize: 64-bits
2. keySize: 32-bits to 448-bits variable size
4. number of rounds: 16
P[0] = "243f6a88"
P[1] = "85a308d3"
.
.
.
P[17] = "8979fb1b"
Now each of the subkey is changed with respect to the input key as:
The resultant P-array holds 18 subkeys that is used during the entire encryption process
Step3: Encryption:
In cryptography, block ciphers are very important in the designing of many cryptographic
algorithms and are widely used to encrypt the bulk of data in chunks. By chunks, it means that
the cipher takes a fixed size of the plaintext in the encryption process and generates a fixed size
ciphertext using a fixed-length key. An algorithm’s strength is determined by its key length.
The Simplified International Data Encryption Algorithm (IDEA) is a symmetric key block
cipher that:
This algorithm involves a series of 4 identical complete rounds and 1 half-round. Each complete
round involves a series of 14 steps that includes operations like:
Bitwise XOR
Addition modulo
Multiplication modulo +1
After 4 complete rounds, the final “half-round” consists of only the first 4 out of the 14 steps
previously used in the full rounds. To perform these rounds, each binary notation must be
converted to its equivalent decimal notation, perform the operation and the result obtained should
be converted back to the binary representation for the final result of that particular step.
Key Schedule: 6 subkeys of 4 bits out of the 8 subkeys are used in each complete round, while 4
are used in the half-round. So, 4.5 rounds require 28 subkeys. The given key, ‘K’, directly gives
the first 8 subkeys. By rotating the main key left by 6 bits between each group of 8, further
groups of 8 subkeys are created, implying less than one rotation per round for the key (3
rotations).
K1 K2 K3 K4 K5 K6
Multiplication modulo +1
*
Addition modulo
+
^ Bitwise XOR
The 16-bit plaintext can be represented as X1 || X2 || X3 || X4, each of size 4 bits. The 32-bit key
is broken into 8 subkeys denoted as K1 || K2 || K3 || K4 || K5 || K6 || K7 || K8, again of size 4 bits
each. Each round of 14 steps uses the three algebraic operation-Addition modulo (2^4),
Multiplication modulo (2^4)+1 and Bitwise XOR. The steps involved are as follows:
DES advantages:
DES has been around a long time (since 1977), even now no real weaknesses
have been found: the most efficient attack is still brute force.
DES is an official United States Government standard; the Government is
required to re-certify, DES every five years and ask it be replaced if necessary.
DES has been re-certified in 1983, 1987, 1992.
DES is also an ANSI and ISO standard - anybody can learn the details and
implement it.
Since DES was designed to run on 1977 hardware, it is fast in hardware and
relatively fast in software.
DES Disadvantages
The 56-bit key size is the biggest defect of DES. Chips to perform one million of DES
encrypt or decrypt operations a second are available (in 1993). A $1 million DES
cracking machine can search the entire key space in about 7 hours.
Hardware implementations of DES are very fast; DES was not designed for software and
hence runs relatively slowly.
As the technology is improving lot more day by day so there is a possibility to break the
encrypted code, so AES is preferred than DES.
As we know in DES only one private key is used for encryption as well as for decryption
because it is symmetric encryption technique so if we lost that key to decrypt the data
then we cannot get the readable data at the receiving end
Encryption algorithms are divided into two categories based on the input type, as a block cipher
and stream cipher. Block cipher is an encryption algorithm that takes a fixed size of input say b
bits and produces a ciphertext of b bits again. If the input is larger than b bits it can be divided
further. For different applications and uses, there are several modes of operations for a block
cipher.
Advantages of CBC –
CBC works well for input greater than b bits.
CBC is a good authentication mechanism.
Disadvantages of CBC –
Parallel encryption is not possible since every encryption requires a previous cipher.
Since, there is some data loss due to the use of shift register, thus it is difficult for
applying cryptanalysis.
Advantages of OFB –
In the case of CFB, a single bit error in a block is propagated to all subsequent blocks.
This problem is solved by OFB as it is free from bit errors in the plaintext block.
Counter Mode –
The Counter Mode or CTR is a simple counter-based block cipher implementation. Every time a
counter-initiated value is encrypted and given as input to XOR with plaintext which results in
ciphertext block. The CTR mode is independent of feedback use and thus can be implemented in
parallel.
Since there is a different counter value for each block, the direct plaintext and ciphertext
relationship is avoided. This means that the same plain text can map to different
ciphertext.
Parallel execution of encryption is possible as outputs from previous stages are not
chained as in the case of CBC.
Fermat’s little theorem: It states that if p is a prime number, then for any integer a, the number
a p – a is an integer multiple of p.
Special Case: If a is not divisible by p, Fermat’s little theorem is equivalent to the statement that
a p-1-1 is an integer multiple of p.
ap-1 ≡ 1 (mod p)
OR
ap-1 % p = 1
Here a is not divisible by p.
Example 1:
Eulers theorm: It is an be represented in the form (2n - 1)*(2n / 2) )) where n is a prime number and 2n - 1
is a Mersenne prime number. It is a product of a power of 2 with a Mersenne prime number
Some Examples (Perfect Numbers) which satisfy Euclid Euler Theorem are:
Explanations:
1) 6 is an even perfect number.
So, is can be written in the form
(22 - 1) * (2(2 - 1)) = 6
where n = 2 is a prime number and 2^n - 1 = 3 is a Mersenne prime number
The Chinese Remainder Theorem (CRT) is a technique to reduce modular calculations with large moduli
to similar calculations for each of the (mutually co-prime) factors of the modulus.
DISCRETE LOGARITHMS
Discrete logarithms are fundamental to a number of public-key algorithms, includ- ing Diffie-
Hellman key exchange and the digital signature algorithm (DSA). This section provides a brief
overview of discrete logarithms. For the interested reader, more detailed developments of this
topic can be found in [ORE67] and [LEVE90].
Recall from Euler’s theorem [Equation (8.4)] that, for every a and n that are rela- tively prime,
where ϕ(n), Euler’s totient function, is the number of positive integers less than n and relatively prime
to n. Now consider the more general expression:
If a and n are relatively prime, then there is at least one integer m that satisfies Equation (8.10),
namely, M = ϕ(n). The least positive exponent m for which Equation (8.10) holds is referred to in
several ways:
are distinct (mod n) and are all relatively prime to n. In particular, for a prime number p, if a is a
primitive root of p, then
are distinct (mod p). For the prime number 19, its primitive roots are 2, 3, 10, 13, 14, and 15.
Not all integers have primitive roots. In fact, the only integers with primitive roots are those of
the form 2, 4, pa, and 2pa, where p is any odd prime and a is a positive integer. The proof is not
simple but can be found in many number theory books, including [ORE76].
With ordinary positive real numbers, the logarithm function is the inverse of expo- nentiation.
An analogous function exists for modular arithmetic.
Let us briefly review the properties of ordinary logarithms. The logarithm of a number is
defined to be the power to which some positive base (except 1) must be raised in order to equal
the number. That is, for base x and for a value y,
Consider a primitive root a for some prime number p (the argument can be developed for nonprimes
as well). Then we know that the powers of a from 1 through (p - 1) produce each integer from 1
through (p - 1) exactly once. We also know that any integer b satisfies
by the definition of modular arithmetic. It follows that for any integer b and a prim- itive root a
of prime number p, we can find a unique exponent i such that
This exponent i is referred to as the discrete logarithm of the number b for the base a (mod p). We
denote this value as dloga,p(b).10
Keep in mind that unique discrete logarithms mod m to some base a exist only if a is a primitive root
of m.
Table 8.4, which is directly derived from Table 8.3, shows the sets of discrete logarithms that
can be defined for modulus 19.
Table 8.4 Tables of Discrete Logarithms, Modulo 19
FEISTEL ALGORITHM:
The encryption process uses the Feistel structure consisting multiple rounds of processing of the plaintext,
each round consisting of a “substitution” step followed by a permutation step. The input block to each
round is divided into two halves that can be denoted as L and R for the left half and the right half.
Feistel Cipher is not a specific scheme of block cipher. It is a design model from which many
different block ciphers are derived. DES is just one example of a Feistel Cipher. A cryptographic
system based on Feistel cipher structure uses the same algorithm for both encryption and
decryption.
Encryption Process
The encryption process uses the Feistel structure consisting multiple rounds of processing of the
plaintext, each round consisting of a “substitution” step followed by a permutation step.
In real implementation of the Feistel Cipher, such as DES, instead of using the whole
encryption key during each round, a round-dependent key (a subkey) is derived from the
encryption key. This means that each round uses a different key, although all these
subkeys are related to the original key.
The permutation step at the end of each round swaps the modified L and unmodified R.
Therefore, the L for the next round would be R of the current round. And R for the next
round be the output L of the current round.
Above substitution and permutation steps form a ‘round’. The number of rounds are
specified by the algorithm design.
Once the last round is completed then the two sub blocks, ‘R’ and ‘L’ are concatenated in
this order to form the ciphertext block.
The difficult part of designing a Feistel Cipher is selection of round function ‘f’. In order to be
unbreakable scheme, this function needs to have several important properties that are beyond the
scope of our discussion.
Decryption Process
The process of decryption in Feistel cipher is almost similar. Instead of starting with a
block of plaintext, the ciphertext block is fed into the start of the Feistel structure and
then the process thereafter is exactly the same as described in the given illustration.
The process is said to be almost similar and not exactly same. In the case of decryption,
the only difference is that the subkeys used in encryption are used in the reverse order.
The final swapping of ‘L’ and ‘R’ in last step of the Feistel Cipher is essential. If these
are not swapped then the resulting ciphertext could not be decrypted using the same
algorithm.
Number of Rounds
The number of rounds used in a Feistel Cipher depends on desired security from the system.
More number of rounds provide more secure system. But at the same time, more rounds mean
the inefficient slow encryption and decryption processes. Number of rounds in the systems thus
depend upon efficiency–security tradeoff.