UNIVERSITY OF INFORMATION TECHNOLOGY – VNU-HCM

FACULTY OF COMPUTER NETWORKS AND COMMUNICATIONS

Modern Cryptography
Block Ciphers: DES/AES
Public-key Cryptography: RSA
PHỤC VỤ MỤC ĐÍCH GIÁO DỤC
FOR EDUCATIONAL PURPOSE ONLY

A. OVERVIEW

A. OVERVIEW
1. Introduction and learning objective.
The learning objective of this lab is for students to get familiar with the concepts in
modern cryptography, particularly in block cyphers - DES and AES – and public-key
cryptography - RSA. After finishing the lab, students should be able to gain first-hand
experience with DES encryption algorithms, encryption modes, padding, and initial
vector (IV) and RSA algorithm. This lab will cover the following topics regarding:

• DES, 2DES, 3DES, AES Encryption.

• Mode of operation and padding.
• Avalanche effect and strength of DES cypher.
• RSA encryption.
• Public-key cryptosystem for Confidentiality/Authentication

2. Backgrounds and Prerequisites

a) Block cyphers: DES/AES
To ensure everything goes smoothly and you achieve better results in this lab, you are
expected to be familiar with block cypher concepts and gain enough background
knowledge about DES cypher, mode of operations and strength of DES.
 Lab: Modern Cryptography

2
Stream cypher and Block cypher

Theorem 2.1
A stream cypher is one that encrypts a digital data stream one bit or one byte at a
time. (Figure 1)
Examples: autokeyed Vigenère cypher and the Vernam cypher.

In the ideal case, a one-time pad version of the Vernam cypher would be used, in
which the keystream (ki) is as long as the plaintext bit stream (pi). If the
cryptographic keystream is random, then this cypher is unbreakable by any means
other than acquiring the keystream (perfect secrecy). However, the keystream must
be provided to both users in advance via some independent and secure channel.
A block cypher is one in which a block of plaintext is treated as a whole and used to
produce a cyphertext block of equal length (Figure 1). Typically, a block size of 64 or
128 bits is used. As with a stream cypher, the two users share a symmetric encryption
key. Using some of the modes of operation, a block cypher can be used to achieve
the same effect as a stream cypher.

Figure 1 Stream cypher and Block cypher.

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

3
Feistel cypher structure

Theorem 2.2
Feistel proposed that we can approximate the ideal block cypher by utilizing the
concept of a product cypher, alternates substitutions and permutations (i.e. the
execution of two or more simple cyphers in sequence in such a way that the final
result or product is cryptographically stronger than any of the component cyphers).
(Figure 2.2). Feistel cypher structure is used by DES, and a number of significant
symmetric block cyphers are currently in use (TDEA, TLS).

According to Feistel, in the encryption process, plaintext will be divided into two halves
LE0 and RE0. Then, they will be processed in 16 rounds (all rounds have the same
structure, using different subkeys Ki). In each round, the left side is modified
(substitution)
LEi = REi—1 REi = LEi—1 F(REi—1, Ki)
where: Ki is the key in round i is generated from the original key K, F is a pseudorandom
function indexed by key Ki. Finally, both sides are swapped (permutation)

Figure 2 Feistel Cypher Structure (16 rounds)

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

4
Data Encryption Standard (DES)

Theorem 2.3
DES (Data Encryption Standard) is a symmetric key algorithm for the encryption
of digital data. It was developed in the early 1970s at IBM and based on the Feistel
cypher structure. DES was approved as a standard in 1976 by NIST (National
Institute of Standards and Technology) and published as an official Federal
Information Processing Standard (FIPS) for the United States in 1977. DES was
widely used around the world until 1999. NIST introduced a new standard using 3-
DES, and then it was replaced by AES in 2001.

The general depiction of DES encryption is shown in Figure 3. In case of DES, the
plaintext block must be 64 bits in length and the key is 56 bits in length.

Figure 3 General Depiction of DES Encryption Algorithm

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

5
Mode of operation

A block cypher takes a fixed-length block of text of length b bits and a key as input and
produces a b-bit cyphertext block. If the amount of plaintext to be encrypted is greater
than b bits, then the block cypher can still be used by breaking the plaintext up into b-
bit blocks. When multiple blocks of plaintext are encrypted using the same key, several
security issues arise.

Theorem 2.4
Mode of operation is a technique for enhancing the effect of a cryptographic
algorithm or adapting the algorithm for an application, such as applying a block
cypher to a sequence of data blocks or a data stream. The five modes are intended to
cover a wide variety of applications of encryption for which a block cypher could be
used. To apply a block cypher in a variety of applications, five modes of operation
have been defined by NIST (SP 800-38A):
• ECB - Electronic Code Book
• CBC - Cypher Block Chaining
• CFB - Cypher Feedback
• OFB - Output Feedback
• CTR - Counter

Figure 4 Block Cypher Modes of Operation

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

6
b) Public-key Cryptography – RSA

Symmetric encryption has evolved from classical to modern but also leaves a lot to be
desired. Two of the most difficult problems associated with symmetric encryption are:

• Key distribution - the issue of secret key exchange between sender and receiver:
Key distribution under symmetric encryption requires either (1) that two
communicants already share a key, which somehow has been distributed to
them; or (2) the use of a key distribution center. A secure channel is required for
key exchange so that the key must be kept secret and known only to the sender
and receiver. This will be difficult to implement and establishing such a secure
channel will be costly and time-consuming.

• Digital signatures: If the use of cryptography was to become widespread, not

just in military situations but for commercial and private purposes, then
electronic messages and documents would need the equivalent of signatures
used in paper documents. Besides, there is no basis to blame if the key is
revealed.

Diffie and Hellman achieved an astounding breakthrough in 1976, by coming up with a

method that addressed both problems and was radically different from all previous
approaches to cryptography, going back over four millennia. That is public key
cryptography or asymmetric cryptography. The development of public-key
cryptography is the greatest and perhaps the only true revolution in the entire history
of cryptography.

To discriminate between the two, we refer to the key used in symmetric encryption as
a secret key. The two keys used for asymmetric encryption are referred to as the
public key (often denoted as PU) and the private key (often denoted as PR). The
plaintext is denoted by M, the cyphertext is denoted by C.

There are 2 main approaches in Public-key cryptography:

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

7
Figure 5 Two Approaches in Public-Key Cryptography

• Public-Key Cryptosystem for Confidentiality: Encryption with public key

(Error! Reference source not found.). If Bob wishes to send a confidential
message to Alice, Bob encrypts the message using Alice’s public key. When Alice
receives the message, she decrypts it using her private key. No other recipient
can decrypt the message because only Alice knows Alice’s private key.
▪ Encryption: C = E(M, PU)
▪ Decryption: M = D(C, PR)
• Public-Key Cryptosystem for Authentication: Encryption with public key
(Figure 3.1). In this case, Alice prepares a message to Bob and encrypts it using
Alice’s private key before transmitting it. Bob can decrypt the message using
Alice’s public key. Because the message was encrypted using Alice’s private key,
only Alice could have prepared the message. Therefore, the entire encrypted
message serves as a digital signature.
▪ Encryption: C = E(M, PR)
▪ Decryption: M = D(C, PU)

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

8
3. Lab environment and Tools
Operating system:
• 1 PC running Window
Tools
• Cryptool 2: CrypTool 2 - CrypTool Portal

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

9
B. LAB TASKS - BLOCK CYPHER
1. DES – AES Encryption (OPTIONAL)
Task 1.1
Describe in detail (step-by-step) how DES encryption works by using CrypTool.
When it comes to repetitive steps, you don’t have to describe each step in the series,
you just need to describe the first one.

Tips: Using Cryptool 2, you can have a step-by-step look at the encryption process of the
Data Encryption Standard (DES). Open template DES Visualization by searching at the
Startcenter tab. You can also modify both input blocks (plain text and key). Then, click
"Play" and see how DES works in the central block (DES Visualization) (Figure 6).

Figure 6 DES visualization using CrypTool 2

Advanced Task 1.1

Describe in detail how AES Encryption works, using template AES Visualization in
Cryptool 2.

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

10
2. Mode of Operation - Padding
Task 2.1
Using template Block modes of Symmetric cyphers in Cryptool 2 to show the
difference between two modes of operation: ECB and CBC, when encrypting the
smiley picture. Comparing both results and explain why. (Figure 7)

Figure 7 Block modes of Symmetric cyphers in CrypTool 2

Task 2.2
Using DES with different modes of operation (channing mode) to encrypt the
following plaintext:

• Plaintext: UNIVERSITY OF INFORMATION TECHNOLOGY

• Key: Your student ID (8-digit number). Example: 18521234
• Padding mode: PKCS7
• Mode of operation:
a. DES - mode ECB
b. DES - mode CBC
c. DES - mode CFB
d. DES - mode OFB

The output needs to convert to HEX format.

• Find out and compare the differences of the results of 4 channing modes: ECB,
CBC, CFB, OFB

• Find out and describe how PKCS7 padding mode works. What happen if
we don’t use padding in each mode? (set Padding Mode to None). Explain why.

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

11
Tips: You can use template DES cypher in Cryptool 2 for this task. In the DES cypher
block, it is possible to set different Channing Modes in Configuration section. You can
also change the output format to Hexadecimal by modify String Encoder block.

Figure 8 DES Channing Modes in CrypTool 2

3. Avalanche Effect and Error Propagation

An essential property of every block encryption is the avalanche effect. A good
avalanche effect is achieved when a small change in the input (plaintext or key) results
in a significant change in the cyphertext. The objective of this task is to help students
understand this property in DES encryption.

Task 3.1
Using the following plaintext and key:

- Plain text: STAYHOME

- Key(hex): Your Student ID. Example: 18520042

By using CrypTool 2, please do the following experiments:

1. Keep the original key, modify bit(s) to change the plaintext to STAYHOMA.
Check the modifications made and the resulting avalanche effect after each
single round of DES.
2. Keep the original plaintext, change an arbitrary bit in the key. Then, check the
modifications made and the resulting avalanche effect after each single round
of DES.
3. Apply both changes above and check the modifications made and the resulting
avalanche effect after each single round of DES.
Observe and comment on the impact of making these changes in DES encryption.

Tips: You should using template Avalanche (DES) in Cryptool 2. At the beginning of
the presentation (after pressing "Play") you can modify the key and/or plaintext.
Check Enable to change single bits and click on the bit you would like to flip (Figure
9). Then, click Done and you can check the modifications made and the resulting

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

12
avalanche effect after each single round of DES. You will also get other relevant
statistical data and a general overview of the bits affected by the initial modification.

Figure 9 Change input data in Avalanche Visualization

Advanced Task 3.2

SEED Lab - Secret-Key Encryption Lab (Task 5)
To understand the error propagation property of various encryption modes, we
would like to do the following exercise:
- Create a text file that is at least 1000 bytes long
- Encrypt the file using the AES-128
- Unfortunately, a single bit of the 55th byte in the encrypted file got corrupted.
You can achieve this corruption using the bless hex editor.
- Decrypt the corrupted cyphertext file using the correct key and IV.
How much information can you recover by decrypting the corrupted file, if
the encryption mode is ECB, CBC, CFB, or OFB, respectively?

4. Strength of DES and other block cyphers: AES, 3DES

Task 4.1
Perform a (brute-force attack) on DES cypher to solve the following cypher- text.
Knowing that the cypher-text was encrypted using ECB mode.

95 C8 EA FE 7B E9 5D BD 70 65 DE 31 62 8C 90 8A E4 16 98 18 E1 DC DE 83 00
A1 22 5D EF 6E AA C6 F1 80 12 08 CB DA 0D 22

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

13
Determine the estimated time needed to brute-force (using multiple cores of your
CPU) for each of the following cases:

- Without knowing the key

- Knowing that the key pattern is 11-11-11-**-**-**-**-** (* is an arbitrary
value)
- Knowing that the key pattern is 11-11-11-11-11-**-**-**

Tips: CrypTool 2 supports performing brute-force attacks on DES cypher. Using

template DES Brute-force Analysics. Note that you need to modify this template and
adapt with lab task before using:

Figure 10 DES Brute-force attack in CrypTool 2

Advanced Task 4.2

Padding Oracle Attack on DES

Padding Oracle Attack (POA) is an attack which uses the padding validation of a
crypto-graphic message to decrypt the cyphertext. In symmetric cyphers, the
padding oracle attack can be applied to the CBC mode of operation, where the
"oracle"(usually a server) leaks data about whether the padding of an encrypted
message is correct or not. Such data can allow attackers to decrypt (and sometimes
encrypt) messages through the oracle using the oracle’s key without knowing the
encryption key.

Using the template Padding Oracle Attack on DES, your task is to observe and
describe how to perform this attack on DES.

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

14
Advanced Task 4.3
Compare the strengths and differences of DES, Triple-DES (3DES), and AES. Why
shouldn’t we use double-DES (2DES) encryption?

C. LAB TASK - PUBLIC-KEY CRYPTOGRAPHY

1. Number Theory
Before starting with the public key encryption algorithm, we will kick off with some
number theory revision, specifically checking for prime numbers, greatest common
divisor (GCD), and modulo.

Task 1.1
Write a program (with your own programming language) to fulfil the following
requirements:

1. Prime number:
• Generate a random prime number with 8 bits, 16 bits, 64 bits
• Determine the 10 largest prime numbers under 10 first Mersenne
prime numbers.
• Check if an arbitrary integer less than 289 -1 is prime or not

2. Determine the greatest common divisor (gcd) of 2 arbitrary “large” integers

(which are as large as possible that you can handle)

3. Compute the modular exponentiation ax mod p. Your program should be able

to compute in case of “large” exponents (x>40), for example, 740mod 19

Tips:

• To check large prime numbers, you can find out and use the Miller-Rabin1
algorithm. You can find out about Mersenne prime number at Mersenne prime -
Wikipedia
• To determine the greatest common divisor, you should use the Euclid algorithm
• Modular multiplication has the following property:

(a × b)≡[(a mod n)×(b mod n)] mod n

It can be applied in computing modular exponentiation in the case of “large” exponents.

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

15
2. RSA Public-Key Encryption
RSA is one of the first public-key cryptosystems and is widely used for secure
communication. This cypher was developed in 1977 by Ron Rivest, Adi Shamir, and Len
Adleman at MIT and first published in 1978. In the RSA scheme, the plaintext and
cyphertext are integers between 0 and n - 1 for some n. A typical size for n is 1024 bits
or 309 decimal digits.
That is, n is less than 21024. RSA algorithm can be summarized as follows:

1. Select two “large” prime numbers p and q/ (p = q), then calculate n = p.q
2. Calculate f (n)= (p -1)(q -1)
3. Select e such that e is relatively prime to f (n) and less than f (n).
4. Determine d such that e.d ≡ 1 mod f (n) (d can be calculated using the extended
Euclid’s algorithm)
5. The resulting keys are public key PU = (e, n) and private key PR = (d, n)
6. To encrypt a plaintext input of M:
• Encryption for Confidentiality: C = E(M, PU)= Me mod n
• Encryption for Authentication: C = E(M, PR)= Md mod n
7. To decrypt cyphertext input of C:
• Decryption for Confidentiality: M = D(C, PR)= Cd mod n
• Decryption for Authentication: M = D(C, PU)= Ce mod n

Figure 11 Example of RSA Algorithm

When using RSA to process multiple blocks of data, each plaintext symbol could be
assigned a unique code of two decimal digits (e.g., a = 00, A = 26). A plaintext block
consists of four decimal digits, or two alphanumeric characters. Figure 12illustrates the
sequence of events for the encryption of multiple blocks, and Figure 12 gives a specific
example. The circled numbers indicate the order in which operations are performed.

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

16
Figure 12 RSA Processing of Multiple Blocks

Task 2.1
To get acquainted with RSA, your task is to use CrypTool 2 or other tools to perform
the following experiments:

1. Determine public key PU and private key PR, if:

• p1 = 11, q1 = 17, e1 = 7 (decimal)
• p2 = 20079993872842322116151219
• q2 = 676717145751736242170789, e2 = 17 (decimal)
• p3 = F7E75FDC469067FFDC4E847C51F452DF
• q3 = E85CED54AF57E53E092113E62F436F4F, e3 = 0D88C3
(hexadecimal)

(Note: Remember to check if the above values are prime numbers or not before

calculating the keys)

2. Using key which generated by p1, q1, e1 to encrypt and decrypt the plaintext M=5
in both cases Encryption for Confidentiality and Encryption for Authentication.

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

17
3. Use the keys above to encrypt the following message: The University of
Information Technology Determine the cyphertext as Base64.

4. Find the corresponding plain text of each following cyphertext, knowing that
they are encrypted by one of the three given keys above.

• raUcesUlOkx/8ZhgodMoo0Uu18sC20yXlQFevSu7W/FDxIy0YRHMyXcHdD9
PBvIT2aUft5fCQEGomiVVPv4I
• C8 7F 57 0F C4 F6 99 CE C2 40 20 C6 F5 42 21 AB AB 2C E0 C3
• Z2BUSkJcg0w4XEpgm0JcMExEQmBlVH6dYEpNTHpMHptMQ7NgTHlgQrN
MQ2BKTQ==
• 00101000 00010100 11111111 10110111 00101110 11001010 11101100
01100111 10111111 00111111 01101000 11001111 00110000 10010100
01010100 11110101 01001100 11101110 11101111 01011011 00000100

Tips: You can use the RSA Cypher template or build your own template to solve these
problem in CrypTool 2

Figure 13 RSA Cypher template in CrypTool 2

Task 2.2
Your task is to write a program to illustrate how simple RSA cypher works, meet the
following requirements:

• Generating keypair (PU, PR) using the given “valid” inputs p, q, e or generate a
randomized keypair if p, q, e are not given.
Note that the keypair is as “large” as possible
• Use the generated keys to encrypt/decrypt the message. The message can be
numeric or string.

Check the results of your application with some examples input as in Task 2.1.

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

18
Tips: When writing this application, you need to solve some problems, such as
Generating/testing large prime numbers (you can use the Miller-Rabin algorithm),
finding the greatest common divisor (you can use Euclid’s algorithm), applying
modular multiplication and exponentiation properties to calculate “large” ax mod n, ...

D. REQUIREMENTS
You are expected to complete all tasks in sections B and C (Lab tasks). Advanced
tasks are optional, and you could get bonus points for completing those tasks. We
prefer you work in a team of two or three for the highest efficiency.
Your submission must meet the following requirements:
▪ You need to submit a detailed lab report in .pdf format using the report
template provided on the UIT Courses website.
▪ Your report presents what you have done, so carefully prepare the
report.
▪ Either a Vietnamese or English report is accepted; that’s up to you. The report
written in the mixing of multiple languages is not allowed (except for the
untranslatable keywords).
▪ When it comes to programming tasks (require you to write an application or
script), please attach all source code and executable files (if any) in your
submission. Please also list the important code snippets followed by
explanations and screenshots when running your application in your
report. Simply attaching a code without any explanation will not receive
points.
Your submissions must be your own. You are free to discuss with other classmates
to find the solution. However, copying reports is prohibited, even if only a part of
your report. Both reports of the owner and the copier will be rejected. Please
remember to cite any source of the material (website, book,…) that influences your
solution.

Notice: Combine your lab report and all related files into a single ZIP file (.zip), name
it as follow:
StudentID1_StudentID2_ReportLabX.zip

E. REFERENCES
[1] William Stallings, Cryptography and network security: Principles and practice, 7th ed,
Pearson Education, 2017. Chapter 3, chapter 4, chapter 6, chapter 7

Faculty of Computer Networks NETWORK SECURITY

and Communications
 Lab: Modern Cryptography

19
[2] Wenliang Du (Syracuse University), SEED Cryptography Labs
https://seedsecuritylabs.org/Labs_20.04/Crypto/

[3] Wenliang Du (Syracuse University), SEED Cryptography Labs

https://seedsecuritylabs.org/Labs_20.04/Files/Crypto_Encryption

Training platforms and related materials

▪ ASecuritySite-https://asecuritysite.com
▪ Cryptopals-https://cryptopals.com

Attention: Don’t share any materials (slides, readings, assignments, labs, etc..) out of our
class without my permission!

Faculty of Computer Networks NETWORK SECURITY

and Communications