Cryptography & System

Security
 Unit - 2

Symmetric and Asymmetric key

Cryptograph y and key
Management
 Block Cipher Principles
• Principle for Number of Rounds in the Block
Cipher Algorithm
• Principle for Function (Feistel Network) in the
Block Cipher Algorithm
• Principles for Key Scheduling
 Block Cipher Principles
1. Principle for Number of Rounds in the Block Cipher
Algorithm
• The greater the number of rounds , the more difficult it is to
perform cryptanalysis.

2. Principle for function (Feistel Network)in the block Cipher

Algorithm
• It must be difficult to re-assemble the substitution performed
by the function F.
• F is non liner which means it is difficult to established any
relation between inputs to F and outputs to F and outputs from P.
 Block Cipher Principles
3. Principle for key scheduling

• Subkey selection should be such that is difficult to

work backwards to drive the main key.

• Subkey should be hard to guess as well

• The key schedule should produce avalanche effect.

Need for Modes of Operation
Block Cipher Modes of Operation
Different Modes of Block Cipher
Application/Real time usage of block cipher
modes operations
 Block Cipher Modes of Operation
Block cipher modes of operation are

1. Electronic Code Block(ECB) Mode

2. Cipher Block Chaining(CBC) Mode
3. Cipher Feedback Mode(CFB)
4. Output Feedback Mode (OFB)
5. Counter Mode(CTR)
 1. Electronic Code Book Mode:
The input for this mode of operation is plaintext block of 64 bits, hence
ciphertext generated by ECB is 64bits

Fig : EBC Encryption

 1. Electronic Code Book Mode:
The input for this mode of operation is plaintext block of 64 bits, hence
ciphertext generated by ECB is 64 bits

Fig : EBC Decryption

 1. Electronic Code Book Mode:
The input for this mode of operation is plaintext block of 64 bits, hence
ciphertext generated by ECB is 64 bits

Fig : EBC Decryption

 1. Electronic Code Book Mode:
The input for this mode of operation is plaintext block of 64 bits, hence
ciphertext generated by ECB is 64 bits

Fig : EBC Decryption

 1. Electronic Code Book Mode:
•The mathematical operation for generating the ciphertext using ECB is
Cn=(Pn)K
Where, Pn is the Nth plaintext
Cn is corresponding ciphertext

•The plaintext is first divided into blocks of size 64bits.If last bock is not having
sufficient number of bits i.e. 64bits,then necessary number of bits is appended to
the plaintext to complete the block size.

•Then process each block by using same key. But if two blocks are identical , then
ciphertext block generated are also same.

•Here encryption algorithm may be Data encryption standard(DES) or Advanced

encryption standard (AES) or any block cipher used.
 1. Electronic Code Book Mode:
Advantages
• We can process multiple blocks independently.
• If any plain text or cipher text block lost, it does not affect on the
output of other block.
• Parallel processing during encryption and decryption helps to
increase the speed and the performance of the algorithm

Disadvantages.
• If two plaintext blocks are identical, then the ciphertext block
generated are also same, therefore known plaintext attack is
possible.
 2.Cipher Block Chaining Mode
• In CBC mode drawback of EBC is overcome.

• In CBC,like ECB plaintext is divided into blocks of size 64 bits, if

last block of plaintext is not having sufficient number of bits i.e.
64 bits then the necessary number of bits are appended to the
plaintext.

• An initialization vector is selected .It is nothing but random

number which helps to increase the security (IV).

• A key is used for encryption of all the blocks. Then perform XOR
operation between the first plaintext block and initialization
vector.

• The output is 64 bits block, which is encrypted using the secret

key, After that we will get ciphertext.
2.Cipher Block Chaining Mode

Figure : CBC Encryption

2.Cipher Block Chaining Mode

Figure : CBC Encryption

2.Cipher Block Chaining Mode

Figure : CBC Decryption

2.Cipher Block Chaining Mode

Figure : CBC Decryption

 2.Cipher Block Chaining Mode
Initialization Vector (IV)

• IV is used to provide semantic security i.e. identical blocks of plain

text generate different cipher text .

• The value of IV different for each operation.

 2.Cipher Block Chaining Mode
Advantages

• For identical plaintext block ,different cipher text is created hence it is

secured

• Hash value i.e. Last ciphertext block helps to identify if the

message is original or modified mode.

Disadvantages

• Parallel operation can not be performed

• Lost/missing of any block of ciphertext stops the decryption process.

 3.Cipher Feedback Mode
• Converts block cipher into stream cipher

• No need to pad message to integral number of blocks.

• Operate in real-time: each character encrypted and transmitted

immediately

• Input processed s bits at a time

• Preceding ciphertext used as input to cipher to produce pseudo-

random output

• XOR output with plaintext to produce ciphertext

• Typical applications:
o General-purpose stream-oriented transmission;
o authentication
3.Cipher Feedback Mode Encryption
3.Cipher Feedback Mode

Figure : CFB Encryption

3.Cipher Feedback Mode

Figure : CFB Encryption

3.Cipher Feedback Mode

Figure : CFB Encryption

3.Cipher Feedback Mode

Figure : CFB Decryption

3.Cipher Feedback Mode

Figure : CFB Decryption

3.Cipher Feedback Mode

Figure : CFB Decryption

 3.Cipher Feedback Mode
Advantages of CFB

•It is difficult for applying cryptanalysis since there is some data

loss due to use of shift register.

•By converting a block cipher into stream cipher,CFB mode

provides some of the advantageous features of a block cipher too.

Disadvantages of CFB
•The error of transmission get propagates due to changing of
blocks
 4.Output Feedback Mode
• Converts block cipher into stream cipher

• Similar to CFB, except input to encryption algorithm is preceding

encryption output

• Typical applications: stream-oriented transmission over noisy

channels (e.g. satellite communications)

• Advantage compared to OFB: bit errors do not propagate

• Disadvantage: more vulnerable to message stream modification

attack
4.Output Feedback Mode

Figure : OFB Encryption

4.Output Feedback Mode

Figure : OFB Encryption

4.Output Feedback Mode

Figure : OFB Encryption

4.Output Feedback Mode

Figure : OFB Decryption

4.Output Feedback Mode

Figure : OFB Decryption

4.Output Feedback Mode

Figure : OFB Decryption

 4.Output Feedback Mode
Advantages of OFM

• Holds great resistance towards bit transmission errors

• It also decreases dependency or relationship of cipher on
plaintext

Disadvantage of OFM

• Repeatedly encrypting the initialization vector may produce the

same state that has occurred before.
• This is an unlikely situation but in such a case,the plaintext will
start to be encrypted by the same data as it was previously .
 5.Counter Mode
• In counter mode block cipher worked as stream cipher .

Counter is used whose value is change in each round.

• Initially user set some value to counter.

• Encryption algorithm(DES algo) processes to counter value and

key.

• This encrypted value is XOR with block of plain text . The result is
a
block of ciphertext.

• For 2 identical block of plaintext, 2 different blocks of cipher text

generated.
5.Counter Mode
 5.Counter Mode
Advantages
• The counter mode may be faster than of cipher block chaining
mode
• Encryption can be done in parallel mode
• Processing of plain text blocks can be done randomly

Disadvantages
• Integrity of message is not maintained
• It requires a synchronous counter at sender and receiver
• Reuse of counter value, compromise the security.
Key features of modes of operation
 Feistel Cipher

• Feistel cipher is a design model designed to create different block

ciphers, such as DES.

• The model uses substitution and permutation alternately.

• This cipher structure is based on the Shannon model proposed in 1945.

• The Feistel cipher is a design model or structure used to build various

symmetric block ciphers, such as DES.
 Feistel Cipher

The Feistel block cipher uses the same encryption and decryption
algorithms.

The Feistel cipher proposed the structure that implements

substitution and permutation alternately.

Substitution replaces plain text elements with ciphertext.

Permutation changes the order of the plain text elements rather

than being replaced by another element as done with substitution.
Feistel Cipher
Feistel Cipher
 Feistel Cipher Encryption Example

• The Feistel cipher

encryption process
involves numerous
rounds of processing
plain text.

• Each round includes the

substitution step and
then the permutation
step.

• Check out the following

example describing the
encryption structure
used for this design
model.
 Feistel Cipher
Step 1 –
• The first step involves the plain text being divided into blocks of a fixed size,
with only one block being processed at a time.
•
• The encryption algorithm input consists of a plain text block and a key K.

Step 2 –
• The plain text block is divided into two halves.

• The left half of the plain text block will be represented as LE0, and the right
half of the block will be RE0.

• Both halves of the plain text block (LE0 and RE0) will go through numerous
rounds of processing plain text to produce the ciphertext block.
 Data encryption standard (DES)
DES Algorithm : Introduction
• Developed in early 1970’s at IBM and submitted to NBS.
• DES is landmark in cryptographic algorithms.
• DES works based on Feistel Cipher Structure.
• DES is symmetric cipher algorithm and use block cipher method for encryption and
decryption.

Figure : Process of DES

 Data encryption standard (DES)
Key Discarding Process
 Data encryption standard (DES)
Steps of DES

• Step – 1: 64-bit plain text block is given to

Initial Permutation (IP) function.
• Step – 2: IP performed on 64-bit plain text
block.
• Step – 3: IP produced two halves of the
permuted block known as Left Plain Text
(LPT) and Right Plain Text (RPT).
• Step – 4: Each LPT and RPT performed 16-
rounds of encryption process.
• Step – 5: LPT and RPT rejoined and Final
Permutation (FP) is performed on
combined block.
• Step – 6: 64-bit Cipher text block is
generated.
 Data encryption standard (DES)
Steps of DES

• Step – 1: 64-bit plain text block is given to

Initial Permutation (IP) function.
• Step – 2: IP performed on 64-bit plain text
block.
• Step – 3: IP produced two halves of the
permuted block known as Left Plain Text
(LPT) and Right Plain Text (RPT).
• Step – 4: Each LPT and RPT performed 16-
rounds of encryption process.
• Step – 5: LPT and RPT rejoined and Final
Permutation (FP) is performed on
combined block.
• Step – 6: 64-bit Cipher text block is
generated.
 Data encryption standard (DES)
Initial Permutation (IP) & Generate LPT -RPT
• Initial Permutation performed only once.
• Bit sequence have changed as per IP table.
For Example: 1st bit takes 40th Position,
58th bit take 1st position

Output of IP is divided into two equal halves known as LPT, RPT.

(LPT – 32 bits, RPT – 32 bit)
 Data encryption standard (DES)
16 Rounds of Encryption

• Step – 1: Key Transformation (56-bit

key)
-Key Bit Shifted per round
-Compression Permutation
• Step – 2:
Expansion permutation of Plain Text
and X-OR (P.T. size: 48 bit, C.T. size: 48
bit)
• Step – 3: S-box Substitution
• Step – 4: P-box (Permutation)
• Step – 5: X-OR and Swap.
 Data encryption standard (DES)
Step – 1: Key Bit Shifted per Round
• 56-bit key is divided into two halves each of 28-bits.
• Circular left shift is performed on each half.
• Shifting of Bit position is depending on round.
• For round number 1,2,9 and 16 shifts are done
• by one position.
• For remaining rounds shift is done by 2 positions.
 Data encryption standard (DES)
Compression Permutation

• 56-bit input with bit shifting position

• Generates 48-bit key (Compression of Key bit)
• Drop 9, 18, 22, 25, 35, 38, 43 and 54 bits.
• Generated 48 bits keys are as below:
 Data encryption standard (DES)
Step – 2: Expansion Permutation and X-OR

• 32-bit RPT of IP is expanded to 48-bits

• Expansion permutation steps:
• 32-bit RPT is divided into 8-blocks each of 4-bits

Figure : Process of DES

 Data encryption standard (DES)
48-bit RPT is XORed with 48-bit Key and
output is given to S-Box.
 Data encryption standard (DES)
Step – 3: S-BOX Substitution
 Data encryption standard (DES)
Step - 4: P-BOX Permutation
• Output of s-box is given to p-box
• 32-bit is permuted with 16 x 2 permutation table

For Example:
16th bit of S-box takes 1st Position as per below
permutation table.
 Data encryption standard (DES)

Step – 5: XOR and SWAP

• 32-bit LPT is XORed with 32-bit p-box.
• 1st round of encryption is completed. Now remaining 15
rounds will be performed same as 1st round.
 Data encryption standard (DES)
Step – 5: XOR and SWAP
• 32-bit LPT is XORed with 32-bit p-box.
• 1st round of encryption is completed. Now remaining 15
rounds will be performed same as 1st round.
 Data encryption standard (DES)
Step – 5: XOR and SWAP
• 32-bit LPT is XORed with 32-bit p-box.
• 1st round of encryption is completed. Now remaining 15
rounds will be performed same as 1st round.
 Data encryption standard (DES)
Final Permutation
• At the end of the 16 rounds, the final permutation is performed (only once).

For Example:
40th bit of input takes 1st Position as per below permutation table.

The output of the final permutation is the 64-bit encrypted block (64-bit cipher text
block).
Data encryption standard (DES)
 Data encryption standard (DES)

Decryption :

Perform all steps from bottom to up for decryption

 Data Encryption standard (DES)

Double DES Encryption

• Double DES performs the same operations as DES only difference is that double
DES use two keys K1 & K2.

• First it performs encryption on plain text P, which is encrypted using K1 and

obtains first cipher text C1.

• Again, cipher text C1 is encrypted by using another key K2 & generate final cipher
text C2.

● Mathematically It can be denoted as below ,

•Ciphertext C = Encryption(K2,Encryption(K1,Plaintext P))

•Plaintext P= Decryption (K1,Decryption(K2,Ciphertext C))

Double DES Encryption
 Double Data encryption standard (DES)
Double DES Decryption
• Decryption of double DES is reverse of encryption.
• First it performs decryption on cipher text C2,
which is decrypted using K2 and obtains cipher text
C1.
• Again, cipher text C1 is decrypted by using another
key K1 & generate original plain text P.
Double DES Decryption
 Triple Data encryption standard (DES)

• In today’s world almost all digital services like internet communication,

medical and military imaging systems, multimedia system needs a high
level security.

• There is a need for security level in order to safely store and transmit
digital images containing critical information.

• This is because of the faster growth in multimedia technology, internet

and cell phones. Therefore there is a need for image encryption
techniques in order to hide images from such attacks.

• In this system we use Triple DES (Data Encryption Standard) in order to

hide image. Such Encryption technique helps to avoid intrusion attacks.
Triple Data encryption standard (DES)
 Triple Data encryption standard (DES)
Introduction

• DES is a symmetric block cipher (shared secret key), it uses a key

length of 56-bits.

• In Triple DES, each of the three rounds can be performed either

encryption or decryption process using DES algorithm. It
generates eight different possible modes for Triple DES. Triple DES
is stronger than single DES because it performs more rounds of
encryption.

• Triple DES encrypts input data three times. The three keys are
referred to as K1, K2 and K3.
Triple DES works with two ways:
 Triple DES with 3 Keys
Encryption

• Triple DES performs the same operation as double DES. Triple DES using
three keys K1, K2 & K3 while encrypting plain text.

• First it performs encryption on plaintext P, which is encrypted using K1 and

obtains first cipher text C1.

• Again, this cipher text is encrypted using key K2 which obtain the second
cipher text C2.

• Which is again encrypted using K3 & generate final cipher text C3.
Triple DES encryption using 3 keys
 Triple DES with 3 Keys
Decryption

• Decryption of Triple DES is reverse of encryption.

• In triple DES decryption process final cipher text C3 decrypt

using K3, result is cipher text C2.

• C2 will be decrypt with K2 and get C1 cipher text.

• Then C1 cipher text decrypt with K1 key and get original plain
text P.
Triple DES decryption using 3 keys
 Triple DES with 2 Keys
Encryption
• Triple DES performs the same operation as double DES.
• Triple DES using two keys K1 & K2 while encrypting plain text.
• First it performs encryption on plaintext P, which is
encrypted using K1 obtains first cipher text C1.
• Again, this cipher text is encrypted using key K2 which
obtain the second cipher text C2.
• Which is again encrypted using K1 & generate final cipher
text C3.
Triple DES encryption using 2 keys
 Triple DES with 2 Keys
Decryption
• Decryption of Triple DES is reverse of encryption.
• In triple DES decryption process final cipher
text C3 decrypt using K1, result is cipher text C2.
• C2 will be decrypt with K2 and get C1 cipher text.
• Then C1 cipher text decrypt with K1 key and get
original plain text P.
Triple DES decryption using 2 keys
 Triple DES
Advantages

• The image can only be viewed by the receiver as the image is encrypted using
Triple DES and the key is only known to the sender and receiver.

• Since the image is encrypted using Triple DES, it is more secure than DES.

• Since the key is entered by the sender and receiver and is not stored in the
database, it makes the encryption and decryption more secure.

Disadvantages

• The file size to be transmitted becomes large since it contains encrypted data.

• Since the file size is huge it can be suspected to contain some critical information.
 Types of Cryptography
These are broadly classified into two types,

• Symmetric key cryptography

• Asymmetric key cryptography
 The RSA Cryptosystem
• In cryptography, RSA is an algorithm for public key
encryption.

• It was the first algorithm known to be suitable for

signing as well as encryption, and one of the first
great advances in public key cryptography.

• RSA is still widely used in electronic commerce

protocols, and is believed to be secure given
sufficiently long keys.
 RSA: History
• The RSA algorithm was officially invented in 1977 by
three research scientists working at MIT.
Dr. Ron Rivest, Dr. Adi Shamir, and Dr. Len Adleman.

• The initials of their surnames compose the letters of

RSA.
 RSA Algorithm
• Modern technology makes use of the RSA Algorithm to encrypt and decrypt data.

• The RSA algorithm generates two unique keys for encryption and decryption,
making it an asymmetric cryptographic algorithm.

• The fundamental operations in RSA are encryption and decryption, based on a pair
of keys: a public key and a private key.
RSA Algorithm
 RSA Key Generation
1. Selection of Prime Numbers (p and q):

RSA begins with selecting two large prime numbers,

denoted as p and q. These primes are kept secret.

The selection of large and random prime numbers ensures

the algorithm’s security,
 RSA Key Generation
2. Calculation of n (n = p * q):

The next step is calculating n, which is the product

of p and q (n = p * q).

The number ‘n’ functions as the modulus for both

the public and private keys, and it is a component
present in the public key.
 RSA Key Generation
3. Calculation of the Totient Function (φ(n)):

• The totient function, denoted as φ(n), is calculated as (p – 1) * (q – 1).

• φ(n) represents the count of numbers less than n that are coprime to n.

• In the context of RSA, it ensures that the chosen e (part of the public key) and
d (part of the private key) function correctly for the encryption and decryption
processes.
 RSA Key Generation

4. Selection of e (the Public Key Exponent):

• e is chosen as a substantially prime integer to n and falls within the 1 < e < φ(n)

• Additionally, e must be coprime to φ(n), which means e and φ(n) should have no
common factors other than 1.

• Commonly, values like 3, 5, or 65537 are used as e due to their properties that
make computations efficient.
RSA Algorithm
RSA Algorithm
RSA Algorithm
RSA Algorithm
RSA Algorithm
RSA Algorithm