DMI-ST.

JOHN THE BAPTIST UNIVERSITY LILONGWE,

MALAWI

Subject Name: Cryptography and Network Security

Unit I Detail Notes

School of Computer Science

055 CS 82 Cryptography and Network Security

1
www.dmisjbu.edu.mw
 Syllabus
Unit I
OSI Security Architecture - Classical Encryption techniques – Cipher Principles – Data
Encryption Standard – Block Cipher Design Principles and Modes of Operation - Evaluation
criteria for AES – AES Cipher – Triple DES – Placement of Encryption Function – Traffic
Confidentiality

TABLE OF CONTENTS

2
www.dmisjbu.edu.mw
INTRODUCTION .....................................................................................................................
4 BASICS OF CNS
....................................................................................................................... 5
OSI SECURITY ARCHITECTURE ......................................................................................... 6
SECURITY ATTACK ...................................................................................................................... 6
1. PASSIVE ATTACKS ........................................................................................................... 6
2. ACTIVE ATTACKS .............................................................................................................
7
SECURITY SERVICES ................................................................................................................... 9
AUTHENTICATION ...................................................................................................................
9
ACCESS CONTROL ....................................................................................................................
9
DATA CONFIDENTIALITY ...................................................................................................... 9
DATA INTEGRITY ................................................................................................................... 10
NONREPUDIATION .................................................................................................................
10
SECURITY MECHANISM ...........................................................................................................
10 CLASSICAL ENCRYPTION TECHNIQUES .......................................................................
11
SUBSTITUTION TECHNIQUES ...........................................................................................
15
1. CAESAR CIPHER
...................................................................................................................... 15
2. MONOALPHABETIC
CIPHERS............................................................................................. 16 TRANSPOSITION
TECHNIQUES .............................................................................................. 19 DATA
ENCRYPTION STANDARD ..................................................................................... 19
BLOCK CIPHER DESIGN PRINCIPLES ..............................................................................
27 BLOCK CIPHER MODES OF OPERATION ........................................................................
31 Triple DES with Two Keys......................................................................................................
32
ADVANCED ENCRYPTION STANDARD (AES) ............................................................... 33

3
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

INTRODUCTION

Cryptography is a method of protecting information and communications through the use of codes, so that
only those for whom the information is intended can read and process it. It also refers to secure information
and communication techniques derived from mathematical concepts and a set of rule-based calculations
called algorithms, to transform messages in ways that are hard to decipher. It is associated with plaintext
into ciphertext based on encryption then vice versa (ciphertext to plaintext) based on decryption.
Network security is the process of taking physical and software preventive measures to protect the
underlying networking infrastructure from unauthorized people or program from accessing your networks
and the devices connected to them. It consists of:
 Protection
 Detection
 Reaction
Network security has different methodologies or ways to secure a network are such as: Access control, anti-
malware, application security, behavioural analytics, data loss prevention, email security, firewalls,
intrusion detection and prevention, mobile device and wireless security, network segmentation, vpn and
web security.
Computer security is a protection afforded to an automated information system in order to attain the
applicable objectives of preserving the integrity, availability, and confidentiality of information system
resources (includes hardware, software, firmware, information/ data, and telecommunications). Computer
security has three key objectives that are at the heart of computer security:
1. CONFIDENTIALITY
• Data confidentiality
 Assures that private or confidential information is not made available or disclosed to
unauthorized personnel
• Privacy
 Assures that individuals control or influence what information related to them may be
collected and stored and by whom and to whom that information may be disclosed.
2. INTEGRITY
• Data integrity
 Assures that information and programs are changed only in a specified and authorized
manner.

4
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

• System integrity
 Assures that a system performs its intended function in an unimpaired manner, free from
deliberate or
 inadvertent unauthorized manipulation of the system.
3. AVAILABILITY
• Assures that systems work promptly and service is not denied to authorized users.

Data
&
Services

Availability

BASICS OF CNS
An original message is known as the plaintext, while the coded message is called the ciphertext. The
process of converting from plaintext to ciphertext is known as enciphering or encryption; restoring the
plaintext from the ciphertext is deciphering or decryption. The many schemes used for encryption
constitute the area of study known as cryptography.
Such a scheme is known as a cryptographic system or a cipher. Techniques used for deciphering a message
without any knowledge of the enciphering details fall into the area of cryptanalysis. Cryptanalysis is what
the layperson calls “breaking the code” The areas of cryptography and cryptanalysis together are called
cryptology.

Plain text Encryption Ciphertext Plain text

Decryption

Readable Readable
format non- Non-Readable format format non-
encrypted data encrypted data
encrypted data

5
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

OSI SECURITY ARCHITECTURE

ITU-T Recommendation X.800, Security Architecture for OSI, defines such a systematic approach. The OSI
security architecture is useful to managers as a way of organizing the task of providing security. This
architecture was developed as an international standard, computer and communications vendors have
developed security features for their products and services that relate to this structured definition of services
and mechanisms.
The OSI security architecture focuses on security attacks, mechanisms, and services.
These can be defined briefly as
• Security attack: Any action that compromises the security of information owned by an organization.
• Security mechanism: A process (or a device incorporating such a process) that is designed to detect,
prevent, or recover from a security attack.
• Security service: A processing or communication service that enhances the security of the data processing
systems and the information transfers of an organization. The services are intended to counter security
attacks, and they make use of one or more security mechanisms to provide the service.
SECURITY ATTACK
The security attacks can be classified into two types:
• A passive attack attempts to learn or make use of information from the system but does not affect
system resources.
• An active attack attempts to alter system resources or affect their operation.
1. PASSIVE ATTACKS
Two types of passive attacks are the release of message contents and traffic analysis.
The release of message contents is easily understood (Figure 1.5a). A telephone conversation, an electronic
mail message, and a transferred file may contain sensitive or confidential information. We would like to
prevent an opponent from learning the contents of these transmissions.
A second type of passive attack, traffic analysis, is subtler (Figure 1.5b). Suppose that we had a way of
masking the contents of messages or other information traffic so that opponents, even if they captured the
message, could not extract the information from the message. The common technique for masking contents
is encryption. If we had encryption protection in place, an opponent might still be able to observe the pattern
of these messages.
Passive attacks are very difficult to detect, because they do not involve any alteration of the data. Typically,
the message traffic is not sent and received in an apparently normal fashion and the sender nor receiver is
aware that a third party has read the messages or observed the traffic pattern.

6
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

2. ACTIVE ATTACKS
Active attacks involve some modification of the data stream or the creation of a false stream and can be
subdivided into four categories: masquerade, replay, modification of messages, and denial of service.
A masquerade takes place when one entity pretends to be a different entity (Figure a). A masquerade attack
usually includes one of the other forms of active attack. For example, authentication sequences can be
captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized
entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges.

7
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

Replay involves the passive capture of a data unit and its subsequent retransmission to produce an
unauthorized effect (Figure b).

Modification of messages simply means that some portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an u nauthorized effect . For example, a message meaning
“Allow John Smith to read confidential file accounts” is modified to mean “Allow Fred Brown to read
confidential file account.

8
www.dmisjbu.edu.mw
055 CS 82 Cryptography and Network Security

9
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

The denial of service prevents or inhibits the normal use o r management of communications facilities.
This attack may have a specific target.Active attacks present the opposite characteristics of passive attacks.
Whereas passive attacks are difficult to detect, measures are available to prevent their success.

SECURITY SERVICES
X.800 defines a security service as a service that is provided by a protocol layer of communicating o pen
systems and that ensures adequate security of the systems or of data transfers. Perhaps a clearer definition
is found in RFC 2828, which provides the following definition: a processing or communication service that
is provided by a system to give a spe cific kind of protection to system resources; security services
implement security policies and are implemented by security mechanisms. The services are divided into
five categories:
AUTHENTICATION
The assurance that the communicating entity is the one that it claims to be, this has two types

• Peer Entity Authentication : Used to associate with a logical connection to provide confidence in
the identity of the entities connected.

• Data-Origin Authentica tion: It provides assurance that the source of received data is claimed
ACCESS CONTROL
The prevention of unauthorized use of a resource
DATA CONFIDENTIALITY
The protection of data from unauthorized disclosure. It has different types such as:

• Connection Confidentiality: The protection of all user data on a connection

• Connectionless Confidentiality: The protection of all user data in a single data block

• Selective-Field Confidentiality: The confidentiality of selected fields within the user data on a
connection or in a single data block

• Traffic -Flow Confidentiality: The protection of the information that might be derived from
observation of traffic flows.

10
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

DATA INTEGRITY
The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification,
insertion, deletion, or replay). It has different types such as:
• Connection Integrity with Recovery: Provides for the integrity of all user data on a connection and
detects any modification, insertion, deletion or replay of any data within an entire data sequence,
with recovery attempted.
• Connection Integrity without Recovery: Provides only detection without recovery
• Selective-Field Connection Integrity: Provides for the integrity of selected fields within the user data
of a data block transferred over a connection and takes the form of determination of whether the
selected fields have been modified insertion, deletion or replayed.
• Connectionless Integrity
• Selective-Field Connectionless Integrity
NONREPUDIATION
Provides protection against denial by one of the entities involved in a communication of having participated
in all or part of the communication. It has different types such as:
• Nonrepudiation, Origin: Proof that the message was sent by the specified party
• Nonrepudiation, Destination: Proof that the message was received by the specified party
SECURITY MECHANISM
The mechanisms are divided into those that are implemented in a specific protocol layer, such as TCP or an
application-layer protocol, and those that are not specific to any particular protocol layer or security service
• Feature designed to detect, prevent, or recover from a security attack
• No single mechanism that will support all services required
1. Specific security mechanisms:
Those that are implemented in a specific protocol layer, such as TCP or an application-layer protocol
encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding,
routing control, notarization
2. Pervasive security mechanisms:
• trusted functionality, security labels, event detection, security audit trails, security recovery
• those that are not specific to any particular protocol layer or security service

11
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

CLASSICAL ENCRYPTION TECHNIQUES

Their several types of classical encryption techniques such as: 
Symmetric Cipher Model
• Cryptanalysis and Brute-Force Attack  Substitution Techniques
• Caesar Cipher
 Monoalphabetic Ciphers
• Playfair Cipher
• Hill Cipher
 Polyalphabetic Ciphers
• One-Time Pad
 Transposition Techniques
 Rotor Machines
 Steganography
OVERVIEW OF CLASSICAL ENCRYPTION TECHNIQUES
• Symmetric encryption is a form of cryptosystem in which encryption and decryption are performed
using the same key. It is also known as conventional encryption.
• Symmetric encryption transforms plaintext into ciphertext using a secret key and an encryption
algorithm. Using the same key and a decryption algorithm, the plaintext is recovered from the
ciphertext. Two types of attack on an encryption algorithm are:
 cryptanalysis, based on properties of the encryption algorithm
 brute-force, which involves trying all possible keys
• Traditional (pre computer) symmetric ciphers use substitution and/or transposition techniques.
Substitution techniques map plaintext elements (characters, bits) into ciphertext elements.
Transposition techniques systematically transpose the positions of plaintext elements.
• Rotor machines are sophisticated pre computer hardware devices that use substitution techniques.
• Steganography is a technique for hiding a secret message within a larger one in such a way that others
cannot discern the presence or contents of the hidden message.

SYMMETRIC CIPHER MODEL

A symmetric encryption scheme has five elements:

12
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

• Plaintext: This is the original intelligible message or data that is fed into the algorithm as input.

• Encryption algorithm: The encryption algorithm performs various substitutions and transformations on
the plaintext.

• Secret key: The secret key is also input to the encryption algorithm. The key is a value independent of the
plaintext and of the algorithm. The algorithm will produce a different output depending on the specific
key being used at the time. The exact substitutions and transformations performed by the algorithm depend
on the key

• Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret
key. For a given message, two different keys will produce two different ciphertexts. The ciphertext is an
apparently random stream of data and, as it stands, is unintelligible.

• Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the cipher text
and the secret key and produces the original plaintext.

Simplified Model of Symmetric Encryption There

are two requirements for secure use of conventional encryption:
1. We need a strong encryption algorithm. At a minimum, we would like the algorithm to be such that
an opponent who knows the algorithm and has access to one or more ciphertexts would be unable to
decipher the ciphertext or figure out the key. This requirement is usually stated in a stronger form: The
opponent should be unable to decrypt ciphertext or discover the key even if he or she is in possession of a
number of ciphertexts together with the plaintext that produced each ciphertext.

2. Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep
the key secure. If someone can discover the key and knows the algorithm, all communication using this key
is readable.

13
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

Model of Symmetric Cryptosystem

With the message X and the encryption key K as input, the encryption algorithm forms the ciphertext Y=
[Y1, Y2,…YN]. We can write this as Y=E (K, X) This notation indicates that is produced by using
encryption algorithm E as a function of the plaintext X, with the specific function determined by the value
of the key K.
The intended receiver, in possession of the key, is able to invert the transformation:
X=D (K, Y)
An opponent, observing Y but not having access K to X or, may attempt to recover X or K or both X and
K. It is assumed that the opponent knows the encryption (E) and decryption (D) algorithms. If the opponent
is interested in only this particular message, then the focus of the effort is to recover X by generating a
plaintext estimate X. Often, however, the opponent is interested in being able to read future messages as
well, in which case an attempt is made to recover K by generating an estimate K.
Cryptographic systems are characterized along three independent dimensions:
The type of operations used for transforming plaintext to ciphertext:
All encryption algorithms are based on two general principles: substitution, in which each element in the
plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition, in which
elements in the plaintext are rearranged. The fundamental requirement is that no information be lost (that
is, that all operations are reversible). Most systems, referred to as product systems, involve multiple stages
of substitutions and transpositions.

1. The number of keys used. If both sender and receiver use the same key, the system is referred to
as symmetric, single-key, secret-key, or conventional encryption. If the sender and receiver use different
keys, the system is referred to as asymmetric, two-key, or public-key encryption.
14
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

2. The way in which the plaintext is processed. A block cipher processes the input one block of
elements at a time, producing an output block for each input block. A stream cipher processes the input
elements continuously, producing output one element at a time, as it goes along.
3. Cryptanalysis and Brute-Force Attack
Typically, the objective of attacking an encryption system is to recover the key in use rather than simply to
recover the plaintexts of a single ciphertext. There are two general approaches to attacking a conventional
encryption scheme:
• Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm and some knowledge of
the general characteristics of the plaintext or even some sample plaintext– ciphertext pairs. This type of
attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the
key being used. Attacks using Cryptanalysis:
Known-Plaintext Analysis (KPA): Attacker decrypts ciphertext with known partial plaintext.
Chosen-Plaintext Analysis (CPA): Attacker uses ciphertext that matches arbitrarily selected plaintext via
the same algorithm technique.
Ciphertext-Only Analysis (COA): Attacker uses known ciphertext collections.
Man-in-the-Middle (MITM) Attack: Attack occurs when two parties use message or key sharing for
communication via a channel that appears secure but is actually compromised. Attacker employs this attack
for the interception of messages that pass through the communications channel. Hash functions prevent
MITM attacks.
Adaptive Chosen-Plaintext Attack (ACPA): Similar to a CPA, this attack uses chosen plaintext and
ciphertext based on data learned from past encryptions.
• Brute-force attack: The attacker tries every possible key on a piece of cipher text until an
intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to
achieve success. It involves trying every possible key until an intelligible translation of the ciphertext into
plaintext is obtained.
SUMMARY OF ATTACKS BASED ON CRYPTANALYSIS
TYPE OF ATTACK KNOWN TO CRYPTANALYST
Ciphertext Only Encryption algorithm
Ciphertext
Known Plaintext Encryption algorithm
Ciphertext
Plaintext message chosen by cryptanalyst, together with its corresponding
Chosen Plaintext ciphertext generated with the secret key

15
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

Chosen Plaintext Encryption algorithm

Ciphertext
Plaintext message chosen by cryptanalyst, together with its corresponding
Chosen Plaintext ciphertext generated with the secret key
Chosen Ciphertext Encryption algorithm
Ciphertext
Ciphertext chosen by cryptanalyst, together with its corresponding decrypted
Chosen Text plaintext generated with the secret key
Chosen Text Encryption algorithm
Ciphertext
Plaintext message chosen by cryptanalyst, together with its corresponding
Chosen Plaintext ciphertext generated with the secret key
Ciphertext chosen by cryptanalyst, together with its corresponding decrypted
Chosen Text plaintext generated with the secret key

SUBSTITUTION TECHNIQUES
The two basic building blocks of all encryption techniques are substitution and transposition. A substitution
technique is one in which the letters of plaintext are replaced by other letters or by numbers or symbols.1 If
the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with
ciphertext bit patterns.
1. CAESAR CIPHER
The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar. The Caesar cipher
involves replacing each letter of the alphabet with the letter standing three places further down the alphabet.
For example, plain: meet me after the toga party
cipher: PHHW PH DIWHU WKH WRJD SDUWB
Note that the alphabet is wrapped around, so that the letter following Z is A. We can define the
transformation by listing all possibilities, as follows: plain: a b c d e f g h i j k l m n o p q r s t u v w x y
z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Let
us assign a numerical equivalent to each letter:

When letters are involved, the following conventions are used in this book. Plaintext is always in lowercase;
ciphertext is in uppercase; key values are in italicized lowercase.
Let us assign a numerical equivalent to each letter:

16
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

a b c d e f g h i j k l m
0 `1 2 3 4 5 6 7 8 9 10 11 12

n o p q r s t u v w x y z
13 14 15 16 `17 18 19 20 21 22 23 24 25

Then the algorithm can be expressed as follows. For each plaintext letter, substitute the cipher text letter:
C = E(3, p) = (p + 3) mod 26
A shift may be of any amount, so that the general Caesar algorithm is C = E
(k, p) = (p + k) mod 26 where takes on a value in the range 1 to 25. The
decryption algorithm is simply p = D (k, C) = (C - k) mod 26
If it is known that a given ciphertext is a Caesar cipher, then a brute-force cryptanalysis is easily performed:
simply try all the 25 possible keys. Three important characteristics of this problem enabled us to use a brute
force cryptanalysis:
• The encryption and decryption algorithms are known.
• There are only 25 keys to try.
• The language of the plaintext is known and easily recognizable.
2. MONOALPHABETIC CIPHERS
With only 25 possible keys, the Caesar cipher is far from secure. A dramatic increase in the key space can
be achieved by allowing an arbitrary substitution. A permutation of a finite set of elements is an ordered
sequence of all the elements of, with each element appearing exactly once. For example, if S = {a, b, c},
there are six permutations of: abc, acb, bac, bca, cab, cba
In general, there are n! permutations of a set of elements, because the first element can be chosen in one of
n ways, the second in n-1 ways, the third in n-2 ways, and so on.
Recall the assignment for the Caesar cipher:
plain: a b c d e f g h I j kl m n o p q r s t u v w x y z cipher: D E F G H I J K L M N O P Q R S T U
VWXYZAB C
If, instead, the “cipher” line can be any permutation of the 26 alphabetic characters, then there are 26! or
greater than 4*1026 possible keys. This is 10 orders of magnitude greater than the key space for DES and
would seem to eliminate brute-force techniques for cryptanalysis. Such an approach is referred to as a
monoalphabetic substitution cipher, because a single cipher alphabet (mapping from plain alphabet to
cipher alphabet) is used per message.
The ciphertext to be solved is

17
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
As a first step, the relative frequency of the letters can be determined and compared to a standard frequency
distribution for English. If the message were long enough, this technique alone might be sufficient, but
because this is a relatively short message, we cannot expect an exact match. In any case, the relative
frequencies of the letters in the ciphertext (in percentages).

3. Playfair Cipher
The best-known multiple-letter encryption cipher is the Playfair, which treats diagrams in the plaintext as
single units and translates these units into ciphertext diagrams. The Playfair algorithm is based on the use
of a 5 × 5 matrix of letters constructed using a keyword. Here is an example, solved by Lord Peter Wimsey
in Dorothy Sayers’s Have His Carcase
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z

In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the keyword
(minus duplicates) from left to right and from top to bottom, and then filling in the remainder of the matrix
with the remaining letters in alphabetic order. The letters I and J count as one letter. Plaintext is encrypted
two letters at a time, according to the following rules:
1. Repeating plaintext letters that are in the same pair are separated with a filler letter, such as x, so
that balloon would be treated as ba lx lo on.
2. Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to the
right, with the first element of the row circularly following the last. For example, ar is encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by the letter beneath, with the
top element of the column circularly following the last. For example, mu is encrypted as CM.

4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and the
column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM (or JM, as the
encipherer wishes).
The Playfair cipher is a great advance over simple monoalphabetic ciphers. For one thing, whereas there are
only 26 letters, there are 26 × 26 = 676 diagrams, so that identification of individual diagrams is more
difficult. Furthermore, the relative frequencies of individual letters exhibit a much greater range than that
18
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

of diagrams, making frequency analysis much more difficult. For these reasons, the Playfair cipher was for
a long time considered unbreakable. It was used as the standard field system by the British Army in World
War I and still enjoyed considerable use by the U.S. Army and other Allied forces during World War II.
4. Hill Cipher
Another interesting multiletter cipher is the Hill cipher, developed by the mathematician Lester Hill in 1929.
Define the inverse M-1of a square matrix M by the equation M(M-1) = M-1M=I, where I is the identity
matrix. I is a square matrix that is all zeros except for ones along the main diagonal from upper left to lower
right. The inverse of a matrix does not always exist, but when

𝐴𝐴

it does, it satisfies the preceding equation. For example,

To explain how the inverse of a matrix is computed, we begin by with the concept of determinant. For any
square matrix (m × m), the determinant equals the sum of all the products that can be formed by taking
exactly one element from each row and exactly one element from each column, with certain of the product
terms preceded by a minus sign. For a 2 × 2 matrix,

(𝐾11 𝐾12) 𝐾21

𝐾22
The determinant is k11k22 -k12k21. For a 3×3 matrix, the value of the determinant is. k11k22k33 +
k21k32k13 + k31k12k23 - k31k22k13 - k21k12k33 - k11k32k23. If a square matrix A has a nonzero
determinant, then the inverse of the matrix is computed as [A-1]ij=(det A)-1 (-1)i+j (Dij)where (Dij ) is the
sub determinant formed by deleting the jth row and the ith column of A, det(A) is the determinant of A, and
(det A)-1 is the multiplicative inverse of (det A) mod 26. Continuing our example,

We can show that 9-1mod26=3, because9×3=27mod26=1.Therefore, we compute the inverse of A as

TRANSPOSITION TECHNIQUES
The transposition techniques are based A very different kind of mapping is achieved by performing some
sort of permutation on the plaintext letters. This technique is referred to as a transposition cipher. The
simplest cipher is the rail fence technique where the plaintext is written down as a sequence of diagonals
and then read off as a sequence of rows. For example, to encipher the message “meet me after the toga
party” with a rail fence of depth 2, we write the following:
mematrhtgpry

19
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

etefeteoaat
More complex scheme is to write the message in a rectangle, row by row, and read the message off, column
by column, but permute the order of the columns. The order of the columns then becomes the key to the
algorithm.
Key: 4 3 1 2 5 6 7
Plain text : a t t a c k p
ostpone
duntilt
woamxyz
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
• Thus, in this example, the key is 4312567.
Thus, in this example, the key is 4312567.To encrypt, start with the column that is labeled 1, in this case
column 3. Write down all the letters in that column. Proceed to column 4, which is labeled 2, then column
2, then column 1, then columns 5, 6, and 7.A pure transposition cipher is easily recognized because it has
the same letter frequencies as the original plaintext. For the type of columnar transposition just shown,
cryptanalysis is fairly straightforward and involves laying out the ciphertext in a matrix and playing around
with column positions. Diagram and trigram frequency tables can be useful.
The transposition cipher can be made significantly more secure by performing more than one stage of
transposition. The result is a more complex permutation that is not easily reconstructed.
DATA ENCRYPTION STANDARD
The most widely used encryption scheme is based on the Data Encryption Standard (DES) adopted in 1977.
The algorithm itself is referred to as the Data Encryption Algorithm (DEA).
For DES, data are encrypted in 64-bit blocks using a 56-bit key. The algorithm transforms 64-bit input in a
series of steps into a 64-bit output.

DES Encryption
There are two inputs to the encryption function: the plaintext to be encrypted and the key. The plaintext
must be 64 bits in length and the key is 56 bits in length.
General Depiction of DES Encryption Algorithm Phase
1:
Looking at the left-hand side, we can see that the processing of the plaintext proceeds in three phases. First,
the 64-bit plaintext passes through an initial permutation (IP) that rearranges the bits to produce the
permuted input.
Phase 2:

20
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

This is followed by a phase consisting of 16 rounds of the same function, which involves both permutation
and substitution functions. The output of the last (sixteenth) round consists of 64 bits that are a function of
the input plaintext and the key. The left and right halves of the output are swapped to produce the pre output.
Phase 3:
Finally, the pre output is passed through a permutation (IP-1) that is the inverse of the initial permutation
function, to produce the 64-bit ciphertext. The right-hand portion of Figure shows the way in which the
56bit key is used.
Operation on key:
Initially, the key is passed through a permutation function. Then, for each of the 16 rounds, a subkey (Ki) is
produced by the combination of a left circular shift and a permutation. The permutation function is the same
for each round, but a different subkey is produced because of the repeated shifts of the key bits.

21
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

Initial Permutation
The input to a table consists of 64 bits numbered from 1 to 64. The 64 entries in the permutation table
contain a permutation of the numbers from 1 to 64. Each entry in the permutation table indicates the position
of a numbered input bit in the output, which also consists of 64 bits.
Permutation Tables for DES (a) Initial Permutation (IP)

58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
Inverse Initial Permutation (IP-1)
40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25
Expansion Permutation (E)
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1

21
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

Permutation
Function (P
16 7 20 12
1 15 23 18
2 8 24 21 29 27 28 17
19 13 30 26 5 11 31 10
14 32 3 9
Consider the following 64-bit input M: 6 22 4 25
M1 M2 M3 M4 M5 M6 M7 M8
M9 M10 M11 M12 M13 M14 M15 M16
M17 M18 M19 M20 M21 M22 M23 M24
M25 M26 M27 M28 M29 M30 M31 M32
M33 M34 M35 M36 M37 M38 M39 M40
M41 M42 M43 M44 M45 M46 M47 M48
M49 M50 M51 M52 M53 M54 M55 M56
M57 M58 M59 M60 M61 M62 M63 M64
where Mi is a binary digit. Then the permutation X = IP(M) is as follows:
M58 M50 M42 M34 M26 M18 M10 M2
M60 M52 M44 M36 M28 M20 M12 M4
M62 M54 M46 M38 M30 M22 M14 M6
M64 M56 M48 M40 M32 M24 M16 M8
M57 M49 M41 M33 M25 M17 M9 M1
M59 M51 M43 M35 M27 M19 M11 M3
M61 M53 M45 M37 M29 M21 M13 M5
M63 M55 M47 M39 M31 M23 M15 M7
Inverse permutation Y = IP-1 (X) = IP-1(IP(M)), Therefore we can see that the original ordering of the bits
is restored.

22
23
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

Details of Single Round

The below figure 2.9 shows the internal structure of a single round. The left and right halves of each 64-bit
intermediate value are treated as separate 32-bit quantities, labeled L (left) and R (right). The overall
processing at each round can be summarized in the following formulas:
Li= Ri-1
Ri= Li-1 x F (Ri-1, Ki)

The round key Ki is 48 bits. The R input is 32 bits. This R input is first expanded to 48 bits by using a table
that defines a permutation plus an expansion that involves duplication of 16 of the R bits. The resulting 48
bits are XORed with Ki. This 48-bit result passes through a substitution function that produces a 32-bit
output, which is then permuted.
Definition of S-Boxes
The substitution consists of a set of eight S-boxes, each of which accepts 6 bits as input and produces 4 bits
as output. The first and last bits of the input to box Si form a 2-bit binary number to select one of four
substitutions defined by the four rows in the table for Si. The middle four bits select one of the sixteen
columns.
The decimal value in the cell selected by the row and column is then converted to its 4- bit representation
to produce the output.

www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

For example, in S1 for input 011001, the row is 01 (row 1) and the column is 1100 (column 12). The value
in row 1, column 12 is 9, so the output is 1001.

Key Generation
The 64-bit key is used as input to the algorithm. The bits of the key are numbered from 1 through 64; every
eighth bit is ignored. The key is first subjected to a permutation governed by a table labeled Permuted
Choice One. The resulting 56-bit key is then treated as two 28-bit quantities, labeled C0 and D0.
At each round, Ci-1 and Di-1 are separately subjected to a circular left shift, or rotation, of 1 or 2 bits. These
shifted values serve as input to the next round. They also serve as input to Permuted Choice 2, which
produces a 48-bit output that serves as input to the function F(Ri-1, Ki).
DES Key Schedule Calculation
1 2 3 4 5 6 7 8
9 10 11 12 13 14 15 16
17 18 19 20 21 22 23 24
25 26 27 28 29 30 31 32
33 34 35 36 37 38 39 40
41 42 43 44 45 46 47 48
49 50 51 52 53 54 55 56
57 58 59 60 61 62 63 64

b) Permuted Choice One (PC-1)

57 49 41 33 25 17 9
1 58 50 42 34 26 18

24
25
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

10 2 59 51 43 35 27
19 11 3 60 52 44 36
63 55 47 39 31 23 15
7 62 54 46 38 30 22
14 6 61 53 45 37 29
21 13 5 28 20 12 4

(c) Permuted Choice Two (PC-2)

14 17 11 24 1 5 3 28
15 6 21 10 23 19 12 4
26 8 16 7 27 20 13 2
41 52 31 37 47 55 30 40
51 45 33 48 44 49 39 56
34 53 46 42 50 36 29 32

(d) Schedule of Left Shifts

Round number:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Bits rotated: 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1 DES
Decryption:
As with any Feistel cipher, decryption uses the same algorithm as encryption, except that the application of
the subkeys is reversed. Additionally, the initial and final permutations are reversed.
The Avalanche Effect:
A desirable property of any encryption algorithm is that a small change in either the plaintext or the key
should produce a significant change in the ciphertext. In particular, a change in one bit of the plaintext or
one bit of the key should produce a change in many bits of the ciphertext.

www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

THE STRENGTH OF DES

The strength of DES depends on two factors: key size and the nature of the algorithm.
1. The Use of 56-Bit Keys
With a key length of 56 bits, there are 256 possible keys, which is approximately 7.2 x 1016. Thus, a
bruteforce attack appears impractical.
2. The Nature of the DES Algorithm
In DES algorithm, eight substitution boxes called S-boxes that are used in each iteration. Because the design
criteria for these boxes, and indeed for the entire algorithm, were not made public, there is a suspicion that
the boxes were constructed in such a way that cryptanalysis is possible for an opponent who knows the
weaknesses in the S-boxes. Despite this, no one has so far succeeded in discovering the supposed fatal
weaknesses in the S-boxes.
3. Timing Attacks
A timing attack is one in which information about the key or the plaintext is obtained by observing how
long it takes a given implementation to perform decryptions on various ciphertexts. A timing attack exploits
the fact that an encryption or decryption algorithm often takes slightly different amounts of time on different
inputs.
Attacks on DES:
Two approaches are:
1. Differential crypt analysis
2. Linear crypt analysis
Differential Cryptanalysis
Differential cryptanalysis is the first published attack that is capable of breaking DES in less than 255
complexities. The need to strengthen DES against attacks using differential cryptanalysis played a large
part in the design of the S-boxes and the permutation P.
• One of the most significant recent (public) advances in cryptanalysis
• Powerful method to analyze block ciphers
• Used to analyze most current block ciphers with varying degrees of success
Differential Cryptanalysis Attack:
• The differential cryptanalysis attack is complex. The rationale behind differential cryptanalysis is
to observe the behavior of pairs of text blocks evolving along each round of the cipher, instead of
observing the evolution of a single text block.
• Consider the original plaintext block m to consist of two halves m0, m1. Each round of DES maps
the right-hand input into the left-hand output and sets the right-hand output to be a function of the
left-hand input and the subkey for this round. So, at each round, only one new 32-bit block is

27
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

created. If we label each new block m1(2 ≤ i ≤17), then the intermediate message halves
are related as follows: mi+1 = mi-1 f(mi, Ki), i = 1, 2, ..., 16
• In differential cryptanalysis, we start with two messages, m and m', with a known XOR difference
Δm= m m', and consider the difference between the intermediate message halves: mi= mi mi' Then
we have:
Δmi+1 = mi+1 m‟i-1
= [mi-1 f(mi,ki ] )] [ m‟i-1 f(m‟i,ki)]
= Δmi-1 [ f(mi,ki ) f(m‟i,ki)]
• Let us suppose that there are many pairs of inputs to f with the same difference yield the same
output difference if the same subkey is used.
• Therefore, if we know Δmi-1 and Δmi with high probability, then we know Δmi+1 with high
probability. Furthermore, if a number of such differences are determined, it is feasible to determine
the subkey used in the function f.
Linear Cryptanalysis
• This attack is based on the fact that linear equation can be framed to describe the
transformations.
• The principle of linear crypt analysis is as follows Length of CT and PT =n bits; key=mbit
Block of cipher text is c[1]c[2]…c[n]; Block of key is k[1]k[2]….k[m]
A[I,j,..k] = A[i] A[j] . A[k]
Can attack DES with 247 known plaintexts, still in practice infeasible
Find linear approximations with prob p != ½
P[i1,i2,...,ia](+)c[j1,j2,...,jb] = k[k1,k2,...,kc]Where ia, jb, kc are bit locations in p, c, k
BLOCK CIPHER DESIGN PRINCIPLES
There are three critical aspects of block cipher design:
1. Number of rounds, 2.
Design of the function F
3. Key scheduling.
Number of Rounds
• When the greater the number of rounds, the more difficult it is to perform cryptanalysis, even for a
relatively weak F.
• The number of rounds is chosen so that known cryptanalytic efforts require greater effort than a
simple brute-force key search attack

28
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

• When round DES S= 16, a differential cryptanalysis attack is slightly less efficient than brute
force, the differential cryptanalysis attack requires 255 operations.

• It makes it easy to judge the strength of an algorithm and to compare different algorithms.
Design of Function F
This is the most important function
Criteria needed for F,

• It must be difficult to “unscramble” the substitution performed by F.

• The function should satisfy strict avalanche criterion (SAC) which states that any output bit j of
an S-box should change with probability 1/2 when any single input bit i is inverted for all i, j.

• The function should satisfy bit independence criterion (BIC), which states that output bits j and
k should change independently when any single input bit i is inverted for all i, j, and k.
Key Schedule Algorithm

• The key is used to generate one sub key for each round.

• The sub keys to maximize the difficulty of deducing individual sub keys and the difficulty of
working back to the main key.
STREAM CIPHER AND BLOCK CIPHER
A stream cipher is one that encrypts a digital data stream one bit or one byte at a time.
A block cipher is one in which a block of plaintext is treated as a whole and used to produce a cipher
text block of equal length. Typically, a block size of 64 o r 128 bits is used.

29
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

Many block ciphers have a Feistel structure. Such a structure consists of a number of identical rounds of
processing.

• In each round, a substitution is performed on one half of the data being processed, followed by a
permutation that interchanges the two halves.
• The original key is expanded so that a different key is used for each round.
• The Data Encryption Standard (DES) has been the most widely used encryption algorithm. It
exhibits the classic Feistel structure.
• The DES uses a 64-bit block and a 56-bit key. Two important methods of cryptanalysis are
differential cryptanalysis and linear cryptanalysis. DES has been shown to be highly resistant to
these two types of attack.
• A block cipher operates on a plaintext block of n bits to produce a ciphertext block of n bits. There
are possible different plaintext blocks and, for the encryption to be reversible (i.e., for decryption
to be possible), each must produce a unique ciphertext block. Such a transformation is called
reversible, or non-singular
• In particular, Feistel proposed the use of a cipher that alternates substitutions and permutations,
where these terms are defined as follows:
Substitution: Each plaintext element or group of elements is uniquely replaced by a corresponding
ciphertext element or group of elements.
Permutation: A sequence of plaintext elements is replaced by a permutation of that sequence. That is, no
elements are added or deleted or replaced in the sequence, rather the order in which the elements appear in
the sequence is changed.
Two methods for frustrating statistical cryptanalysis are:
Diffusion – Each plaintext digit affects many ciphertext digits, or each ciphertext digit is affected by many
plaintext digits.
Confusion – Make the statistical relationship between a plaintext and the corresponding ciphertext as
complex as possible in order to thread attempts to deduce the key.

30
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

Feistel cipher structure

The left-hand side of figure 2.12 depicts the structure proposed by Feistel. The input to the encryption
algorithm is a plaintext block of length 2w bits and a key K. the plaintext block is divided into two halves
L0 and R0. The two halves of the data pass through n rounds of processing and then combine to produce
the ciphertext block. Each round i has inputs Li-1 and Ri-1, derived from the previous round, as well as
the subkey Ki, derived from the overall key K.
In general, the subkeys Ki are different from K and from each other. All rounds have the same structure.
A substitution is performed on the left half of the data (as similar to S-DES). This is done by applying a
round function F to the right half of the data and then taking the XOR of the output of that function and
the left half of the data. The round function has the same general structure for each round but is
parameterized by the round subkey ki. Following this substitution, a permutation is performed that
consists of the interchange of the two halves of the data.
This structure is a particular form of the substitution-permutation network.

31
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

The features of Feistel network are:

Block size - Increasing size improves security, but slows cipher

Key size - Increasing size improves security, makes exhaustive key searching harder, but may slow cipher

Number of rounds - Increasing number improves security, but slows cipher

Subkey generation - Greater complexity can make analysis harder, but slows cipher

Round function - Greater complexity can make analysis harder, but slows cipher

• The process of decryption is essentially the same as the encryption process.

• The rule is as follows: use the cipher text as input to the algorithm, but use the subkey ki in reverse
order. i.e., kn in the first round, kn-1 in second round and so on.
• For clarity, we use the notation LEi and REi for data traveling through the decryption algorithm and
LDi and RDi.
• The above diagram indicates that, at each round, the intermediate value of the decryption process
is same (equal) to the corresponding value of the encryption process with two halves of the value
swapped.
BLOCK CIPHER MODES OF OPERATION
• Block Cipher is the basic building block to provide data security. To apply the block cipher to various
applications, NIST has proposed 4 modes of operation. The block cipher is used to enhance the
security of the encryption algorithm
Multiple Encryption and Triple DES
The vulnerability of DES to a brute-force attack has been detected by using two approaches are:
1. One approach is to design a completely new algorithm, of which AES is a prime example
2. Another alternative, which would preserve the existing investment in software and
equipment, is to use multiple encryptions with DES and multiple keys. Double DES
• The simplest form of multiple encryptions has two encryption stages and two keys.
Given a plaintext P and two encryption keys K1 and K2, cipher text C is generated
as: C=E (K2, E (K1, P)
• Decryption requires that the keys be applied in reverse order: P=D (K1, D (K2,
C))
For DES, this scheme apparently involves a key length of 56 * 2 = 112 bits, resulting in a dramatic increase
in cryptographic strength.

32
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security
Reduction to a Single Stage
Suppose it were true for DES, for all 56-bit key values, that given any two keys K1 and K2, it would be
possible to find a key K3 such that:
E (K2, E (K1, P)) =E (K3, P)
Meet-in-the-Middle Attac k
The use of double DES results in a mapping that is not equivalent to a single DES encryption. But there is
a way to attack this scheme, one that does not depend on any particular property of DES but that will
work against any block encryption cipher. This algorithm, known as a meet-in-the-middle attack. It is
based on the observation that, if we have
C=E (K2, E (K1, P))
Then
X=E (K1, P) =D (K2, C)
Given a known pair, (P, C), the attack proceeds as follows. First, encrypt P for all 256
possible values of K1. Store these results in a table and then sort the table by the Values of X. Next, decrypt
C using all 256 possible values of K2. As each decryption is produced,
check the result against the table for a match.
If a match occurs, then test the two resulting keys against a new known plaintext–cipher text pair. If the
two keys produce the correct cipher text, accept them as the correct keys.
For any given plaintext P, there are 264 possible cipher text values that could be produced by double DES.
Double DES uses, in effect, a 112-bit key, so that there are 2112 possible keys.
Triple DES with Two Keys
To overcome the meet-in-the-middle attack is to use three stages of encryption with three different keys.
This is called ad Triple DES or 3DES
The known plain text attack in 2112. The key length of 56 * 3 = 168 bits which is a drawback.
The function follows an encrypt-decrypt-encrypt (EDE)sequence

3DES with two keys is a relatively popular alternative to DES There

are no practical cryptanalytic attacks on 3DES.

33
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

The
Tuchman cost of aa brute-force
proposed key search
triple encryption on that
method 3DES is on
uses thetwo
only order ofgiven
keys 2power112
plain text k 1, k 2. The final
cipher text is:

Its only advantage is that it allows users of 3DES to decrypt dat a encrypted by users of the older single
DES:

•
•
•

AES is a symmetric block cipher that is intended to replace DES as the approved standard for a wide range
of applications. C ompared to public -key ciphe rs such as RSA, the structure of AES and most symmetric
ciphers is quite complex and cannot be explained as easily as many other cryptographic, algorithms.
Finite Field Arithmetic
In AES, all operations are performed on 8-bit bytes. The arithmetic operat ions of addition, multiplication,
and division are performed over the finite fieldGF. A field is a set in which we can do addition, subtraction,
multiplication, and division without leaving the set. Division is defined with the following rule: a/b = a(b-

An example of a finite field (one with a finite number of elements) is the set pZconsisting of all the integers

The way of defining a finite field containing 2nelements; such a field is referred to as GF(2n). Consider the
set, S, of all polynomials of degree n - 1 or less with binary coefficients. T hus, each polynomial has the

34
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

ADVANCED ENCRYPTION STANDARD (AES)

1).

{0, 1, c, p - 1}, where p is a prime number and in which arithmetic is carried out modulo p.

form

Where each ai takes on the value 0 or 1. There are a total of 2ndifferent polynomials in S. For n = 3, the 23
= 8 polynomials in the set are

Appropriate definition of arithmetic operations, each such set S is a finite field.

The definition consists of the following elements.
1. Arithmetic follows the ordinary rules of polynomial arithmetic using the basic rules of algebra with the
following two refinements.
2. Arithmetic on the coefficients is performed modulo 2. This is the same as the XOR operation.
3. If multiplication results in a polynomial of degree greater than n - 1, then the n polynomial is reduced
modulo some irreducible polynomial m(x) of degree n. That is, we divide by m(x) and keep the remainder.
For a polynomial f(x), the remainder is expressed as r(x) = f(x) mod m(x). A polynomial m(x) is called
irreducible if and only if m(x) cannot be expressed as a product of two polynomials, both of degree
lower than that of m(x).
A polynomial in GF(2n) can be uniquely represented by its n binary coefficients (an-1an-2 ca0). Therefore,
every polynomial in GF(2n) can be represented by an n-bit number.

35
www.dmisjbu.edu.mw
 055 CS 82 Cryptography and Network Security

AES Structure
The cipher takes a plaintext block size of 128 bits, or 16 bytes. The key length can be 16, 24, or32 bytes
(128, 192, or 256 bits). The algorithm is referred to as AES-128, AES-192, orAES-256, depending on the
key length.
The input to the encryption and decryption algorithms is a single 128-bit block. The block is depicted as a
4 * 4 square matrix of bytes. This block is copied into the State array, which is modified at each stage of
encryption or decryption. After the final stage, State is copied to an output matrix. These operations are
depicted. Similarly, the key is depicted as a square matrix of bytes. This key is then expanded into an array
of key schedule words. The expansion for the 128-bit key. Each word is four bytes, and the total key
schedule is 44 words for the 128-bit key. Note that the ordering of bytes within a matrix is by column. The
first four bytes of a 128-bit plaintext input to the encryption cipher occupy the first column of the in matrix.
The second four bytes occupy the second column, and so on. Similarly, the first four bytes of the expanded
key, which form a word, occupy the first column of the w matrix. The cipher consists of N rounds, where
the number of rounds depends on the key length: 10 rounds for a 16-byte key, 12 rounds for a 24-byte key,
and 14 rounds for a 32-byte key

The first N - 1 round consist of four distinct transformation functions: Sub Bytes, Shift Rows, Mix Columns,
and AddRoundKey, which are described subsequently. The final round contains only three transformations,
and there is an initial single transformation (AddRoundKey) before the first round, which can be considered
Round 0. Each transformation takes one or more 4 * 4 matrices as input and produces a 4 * 4 matrix as
output Figure 5.1 shows that the output of each round is a 4 * 4 matrix, with the output of the final round
being the cipher text.

36
www.dmisjbu.edu.mw
055 CS 82 Cryptography and Network Security

37
www.dmisjbu.edu.mw
055 CS 82 Cryptography and Network Security

www.dmisjbu.edu.mw
www.dmisjbu.edu.mw
 36

www.dmisjbu.edu.mw