Cryptography and

Network Security
Eighth Edition
by William Stallings

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 Chapter 4
Block Ciphers and the Data
Encryption Standard
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Stream Cipher
➢ Stream cipher encrypts a digital data stream one bit or one byte at a time.
▪ Example, Autokeyed Vigenère cipher, Vernam cipher, and one-time pad version of the
Vernam cipher → the ideal case, in which the keystream (𝑘𝑖 ) is as long as the plaintext
bit stream (𝑝𝑖 ).
➢ If the cryptographic keystream is random, then this cipher is unbreakable.
➢ The keystream must be provided to both users in advance via some independent and
secure channel. This introduces insurmountable logistical problems if the intended data
traffic is very large.
➢ Accordingly, for practical reasons, the bit-stream generator must be implemented as an
algorithmic procedure, so that the cryptographic bit stream can be produced by both
users.
➢ It must be computationally
impractical to predict future
portions of the bit stream
based on previous portions of
the bitstream.
 Block Cipher
➢ In Block Cipher, a block of plaintext is treated as a whole and used to
produce a ciphertext block of equal length.
➢ Typically, a block size of 64 or 128 bits is used.
➢ As with a stream cipher, the two users share a symmetric encryption key.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 Motivation for the Feistel Cipher Structure
➢ A block cipher operates on a plaintext block of 𝒏 bits to produce
a ciphertext block of 𝒏 bits → there are 𝟐𝒏 possible different
plaintext blocks, and each must produce a unique ciphertext block;
reversible → for decryption to be possible.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 Motivation for the Feistel Cipher Structure
❑ General n-bit-n-bit Block Substitution (shown with n = 4)

➢ This figure illustrates the logic

of a general substitution
cipher for n = 4. A 4-bit input
produces one of 16 possible
input states → is mapped by
the substitution cipher → a
unique one of 16 possible
output states; represented by 4
ciphertext bits.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 Motivation for the Feistel Cipher Structure
❑ General n-bit-n-bit Block Substitution (shown with n = 4)
➢ These tables can be used to define any
Table: Encryption and decryption tables for
reversible mapping between plaintext substitution cipher of the previous Figure.
and ciphertext.
➢ For such a transformation, the mapping
itself constitutes the key.
➢ Feistel refers to this as the ideal block
cipher; reversible → 2𝑛 ! possible
transformations, mappings, or keys.
➢ The key determines the specific
mapping from among all possible
mappings. Then the required key length
is (4 bits) × (24 rows) = 64 bits →
impractical for large values of n.
➢ Feistel proposed an approximation to
the ideal block cipher by utilizing the
concept of a product cipher.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Feistel Cipher
• Feistel proposed the use of a cipher that alternates substitutions and
permutations (i.e., product cipher)

•Each plaintext element or group of elements is uniquely replaced by a

Substitutions corresponding ciphertext element or group of elements

•A sequence of plaintext elements is replaced by a permutation of that

Permutation sequence.
•No elements are added or deleted or replaced in the sequence.

• The product cipher alternates confusion and diffusion functions. → to

thwart attempts to cryptanalysis.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 Diffusion and Confusion
Diffusion
•The statistical structure of the plaintext is dissipated into long-range statistics of the
ciphertext → to thwart attempts to cryptanalysis
• This is achieved by having each plaintext digit affect the value of many ciphertext digits;
equivalent to having each ciphertext digit be affected by many plaintext digits

Confusion

•Seeks to make the relationship between the statistics of the ciphertext and the value of the
encryption key as complex as possible. → again to thwart attempts to discover the key.

•Even if the attacker can get some handle on the statistics of the ciphertext, the way in which
the key was used to produce that ciphertext is so complex as to make it difficult to deduce the
key

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

▪ Feistel Cipher Structure
(DES uses this structure )

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 Feistel (DES) Decryption Equation

➢ These equations prove that DES decryption is an inverse process of DES encryption.

Example

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 Data Encryption Standard (DES)
• Issued in 1977 by the National Bureau of Standards (NIST now) as
Federal Information Processing Standard 46
• Was the most widely used encryption scheme until the introduction
of the Advanced Encryption Standard (AES) in 2001
• In DES,
• Data are encrypted in 64-bit blocks using a 56-bit key
• The algorithm transforms 64-bit input plaintext in a series of steps
into a 64-bit output ciphertext.
• The same steps, with the same key, are used to reverse the
encryption

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Initial and Final Permutations
➢ Each of these permutations
takes a 64-bit input and
permutes them according
to a predefined rule.

➢ These permutations are

keyless straight
permutations that are the Initial and Final Permutation Tables
inverse of each other.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 Initial and Final Permutations

▪ Example,
Using the initial permutation table, determine the output of the
initial permutation box when the input is given in hexadecimal
as: 0X0002 0000 0000 0001
✓ Solution
- The input has only two 1s (bits 15 and bit 64)
- From the previous table, 15 → 63 and 64 → 25
- Then, the output is 0x0000 0080 0000 0002

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 DES Function

❑ DES Function
It applies a 48-bit key to the
rightmost 32 bits (Ri−1) to
produce a 32-bit output.
➢ Expansion P-box
- Expansion permutation

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 DES Function

➢ S-Boxes
- Substitution-boxes do the real mixing (confusion).
- DES uses 8 S-boxes, each with a 6-bit input and a 4-bit output.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 DES Function
❑ DES Function
➢ S-Boxes
- The 48-bit data from XOR is
divided into eight 6-bit
chunks, and each chunk is fed
into a box → The result of
each box is 4-bit; (for 𝟖
boxes→ 𝟖 × 𝟒 = 𝟑𝟐 bits).

- The substitution in each box follows a pre-determined rule based on

a 4-row by 16- column table.
- The combination of bits 1 and 6 of the input defines one of 4 rows.
- the combination of bits 2 through 5 defines one of the 16 columns.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 DES Function

❑ DES Function
➢ S-Boxes
- Because each S-box has its own table, we need eight tables.
- For example,

S-box 1

S-box 2

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 DES Function

❑ DES Function
➢ S-Boxes
▪ Example,
If the input to S-box 1 is 100011. What is the output?

✓ Solution
100011
11 defines the row ; 3

The remaining bits are 0001 defines the column; 1

The result is 12 in decimal, which in binary is 1100

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 DES Function

❑ DES Function
➢ Straight P-box
- Straight permutation; 32-bit input → 32-bit output.
- Example of Straight permutation table

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 DES Function

❑ DES Function
➢ Key Generation
▪ Parity Drop
– The preprocess before key
expansion; compression
transposition step.
– It drops the parity bits (bits
8, 16, 24, 32, …, 64)
from the 64-bit key and
permutes the rest of the
bits according to the flowing
Table.
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 DES Example
The plaintext, key, and
resulting ciphertext in
hexadecimal

The progression of
DES algorithm at
each round.
 The Avalanche Effect

❑ The Avalanche Effect

➢ Refers to that a small change in either the plaintext or the key
should produce a significant change in the ciphertext.
➢ Using the previous example, the following table shows the result
when the 4th bit of the plaintext is changed, so that the plaintext
is 12468aceeca86420.
➢ The 2nd column of the table shows the intermediate 64-bit
values at the end of each round for the two plaintexts.
➢ The 3rd column shows the number of bits that differ between the
two intermediate values.
 Avalanche Effect in DES: Change in Plaintext
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table can be found on page 107 in the textbook)
 ➢ The following table shows a similar test using two keys that differ in
only the 4th bit position; the original key, 0f1571c947d9e859, and the
altered key, 1f1571c947d9e859.

Avalanche Effect in DES: Change in Key

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. (Table can be found on page 107 in the textbook)
 Table 4.5
Average Time Required for Exhaustive Key Search

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 Block Cipher Design Principles:
Number of Rounds

In general, the
criterion should be
If DES had 15 or
that the number of
The greater the fewer rounds,
rounds is chosen so
number of rounds, differential
that known
the more difficult it cryptanalysis would
cryptanalytic efforts
is to perform require less effort
require greater
cryptanalysis than a brute-force
effort than a simple
key search
brute-force key
search attack

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 Block Cipher Design Principles:
Design of Function F
•The heart of a Feistel block cipher is the
function F
•The more nonlinear F, the more difficult
any type of cryptanalysis will be

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 Block Cipher Design Principles:
Key Schedule Algorithm
• With any Feistel block cipher, the key is used
to generate one subkey for each round
• In general, we would like to select subkeys to
maximize the difficulty of deducing individual
subkeys and the difficulty of working back to
the main key

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.