Advanced cryptography

Master 1 Cyber Security

Dr. Yasmine Harbi

[email protected]
Chapter 3
CRYPTOGRAPHIC ALGORITHMS

2
 Outline
• Modern cryptographic algorithms
– Symmetric key algorithms
• Block ciphers
• Stream ciphers

3
Modern cryptographic goals

4
 Shannon principle

• Confusion : hides the

relationship between the
ciphertext and the key.
• Diffusion : hides the
relationship between the
ciphertext and the plaintext.

5
 Kerckhoffs principle

« a cryptosystem should be
secure, even if everything
about the system, except the
key, is public knowledge »

6
 Symmetric key cryptography
• Symmetric key algorithms (a.k.a. secret key algorithms) use
the same cryptographic key for both the encryption and the
decryption.

• Both parties must exchange and maintain the secret key →

One of the major challenge of symmetric key algorithms.
• Block ciphers and stream ciphers are two types of
symmetric key cryptosystems. 7
 Block ciphers
• Divide the plaintext into fixed-size blocks.
• Encrypt each block separately using the
symmetric key.
• Decrypt each cipher block separately using the
symmetric key.
• For example : DES, AES, Blowfish, …

8
 Modes of operation
Mode Description
Electronic codebook (ECB) Encrypts each block separately
Cipher block chaining (CBC) Chains each block and needs initialization
vector (random value)
Cipher feedback (CFB) Encrypts the initialization vector and adds
it to the plaintext block
CFB encryption is similar to CBC
decryption
Output feedback (OFB) Similar to CFB except that the input of the
next block encryption is the preceding
encryption output
Counter (CTR) Each plaintext block is added to an
encrypted counter which is incremented
for next blocks

9
Electronic CodeBook (ECB)

10
Cipher Block Chaining (CBC)

11
Cipher FeedBack (CFB)

12
Output FeedBack (OFB)

13
Counter (CTR)

14
 Padding
• A method to add data to the end of plaintext
in order to be multiple of the block size.
• It is applied before the encryption and
removed from the decrypted data.
• It can be used with classical ciphers,
symmetric block ciphers, and asymmetric
ciphers.
• We have bit padding and byte padding.

15
 Byte padding
Scheme Description
Zero padding The block is padded with zero bytes

The block is padded with zero bytes and

ANSI X9.23 the last byte of the block is set to the
number of bytes added

The block is padded with random bytes

ISO 10126 and the last byte of the block is set to the
number of bytes added

PKCS #7 The block is padded with the number of

bytes that are added

16
 Iterative cipher
• Takes fixed-size blocks of plaintext and applies
an invertible transformation known as
the round function to output the ciphertext.
• Each iteration referred to as a round.
• Different round keys are derived from the
main secret key using a key scheduling
algorithm.

17
Substitution permutation network
• Takes a block of the plaintext and the key and
applies several rounds consisting of substitution
box and permutation box to produce the
ciphertext.
• S-box substitutes a small block of input bits with
another block of output bits.
• P-box permutes the bits and returns them into
the S-boxes of the next round.
• Decryption is done using the inverses of the S-
boxes and P-boxes and applying the round keys in
reversed order.
18
Substitution permutation network
19
 Feistel cipher
• Divides the plaintext into two equal-sized
halves and applies the round function on one
half and the output is XORed with the other
half. The two halves are then swapped.
• The round function does not have to be
invertible as SPN.

20
Illustration of a round in Feistel cipher
21
 Data Encryption Standard
Overview
• Initiated by IBM and adopted in 1977 by the
National Institute of Standards and Technology
(NIST).
• It is a 16-round Feistel cipher that encrypts 64-bit
blocks using 56-bit key to get 64-bit enciphered
blocks.
• Sixteen 48-bit round keys are derived by the 56-
bit main key using a key scheduling algorithm.
• Due to the small key size, 3DES based on 112-bit
key was introduced in 1995.
• DES is not considered as secure cipher!
22
Data Encryption Standard
Description

23
 Advanced Encryption Standard
Overview
• Proposed in 2000 during the contest organized
by NIST to replace DES and 3DES (broken in
1998).
• We have AES-128, AES-192, and AES-256
where the number of rounds is 10, 12, and 14,
respectively.
• Unlike DES, the entire data block of 128 bits is
processed in parallel during each round based
on SPN → performance improvement

24
Advanced Encryption Standard
Description

25
 Advanced Encryption Standard
High-level steps
1. Perform an exclusive-or operation called
AddRoundKey of the round key and the plaintext.
2. Perform a substitution operation called
SubstituteBytes
3. Perform a permutation operation called ShiftRows
4. Perform an operation called MixColumns
5. Perform AddRoundKey
6. Goto (2)

Remark: The last round during encryption/decryption

does not include MixColumns

26
Add Round Key

27
Substitute Bytes

28
Inverse Substitute Bytes

29
Shift Rows

30
Mix Columns

31
Inverse Mix Columns

32
Key expansion

33
 Stream ciphers
• Encrypt the plaintext (one byte at a time) with a
pseudorandom key stream based on exclusive-or
operation.
• Decrypt the ciphertext with the pseudorandom key
stream based on exclusive-or operation.
• For example:
P = 100011010101111011011
K = 010010101101001101101
C = 110001111000110110110
• Stream ciphers use CFB and OFB modes.
• RC4 is the most common stream cipher.

34