Advanced Cryptographic Techniques and

Encryption Modes

Prof. Dr. Hesham El Zouka

Computer Engineering Department
College of Engineering & Technology
AASTMT - ALEXANDRIA
 Information Security
Table of contents
➢ Introduction to Modern Block Ciphers
➢ International Data Encryption Algorithm (IDEA)
➢ Advanced Encryption Standard (AES) – Overview and Structure
➢ AES Encryption & Decryption Process
➢ Challenges in Symmetric Key Cryptography
➢ Quantum Cryptography – An Emerging Trend
➢ Encryption Modes of Operation (ECB, CBC, CFB, OFB, CTR, CBC-MAC)
➢ Summary
Block Ciphers: Foundations of Symmetric Key Encryption

❖ Block Ciphers & Key Sizes

❑ DES: 56-bit key – Vulnerable to brute force attacks. No longer secure.
❑ 3DES: 112-bit or 168-bit key – Better than DES but slow and phased out by NIST.
❑ IDEA (International Data Encryption Algorithm)
➢ 64-bit block cipher, 128-bit key.
❑ AES (Advanced Encryption Standard)
➢ 128-bit block cipher with key sizes of 128, 192, or 256 bits.
 International Data Encryption Algorithm (IDEA)
❖ Developers:
• Xu Lai & James Massey (ETH Zurich, Switzerland).

❖ Key Characteristics:
Block Cipher – 64-bit block size
Key Length – 128 bits
Encryption Rounds – 17 (or 8 as per description)
Mathematical Operations – XOR , Addition modulo 216 , Multiplication modulo 216 +1

❖ Performance: Faster than DES in software implementation

❖ Patent: Initially patented; Patent expired in 2011 (PGP).
IDEA Encryption: Structure & Operational Overview

➢ The decryption process in IDEA is identical to the encryption operation, except that the subkeys are
applied in reverse order.
 IDEA: One Round Overview
• The encryption process consists of 17 rounds, categorized into even and odd rounds.
• 64-bit input is divided into four 16-bit sub-blocks: Xa, Xb, Xc, Xd.
• Each round performs operations to generate new values: Xa’, Xb’, Xc’, Xd ‘.
• Odd rounds utilize four subkeys (Kᵢ):
• First round: K₁, K₂, K₃, K₄
• Round 3: K₇, K₈, K₉, K₁₀
• Even rounds utilize two subkeys (Kᵢ):
• Round 2: K₅, K₆
• Round 4: K₁₁, K₁₂
 IDEA: Key Expansion
❖ The 128-bit key is expanded into multiple subkeys used in encryption rounds.
❖ The key is divided into eight 16-bit subkeys:
➢ First set: K₁, K₂, K₃, K₄, K₅, K₆, K₇, K₈

❖ The key is then cyclically shifted to generate additional subkeys:

➢ Next set: K₉, K₁₀, K₁₁, K₁₂, K₁₃, K₁₄, K₁₅, K₁₆
❖ This process ensures all rounds have the necessary encryption subkeys.
 IDEA: Odd Round Operations

❑ The decryption process is achieved by applying the inverse operations of the respective round keys.
IDEA: Even Round
 The Security of IDEA
IDEA has been around for almost 15 years (1991 – 2006)
• Designed by Xuejia Lai and Jim Massey
• Its only limitation is its small block size
Purposes
• It is available under license
• It is widely used, e.g., in PGP
• its patent expired in 2012
 Advanced Encryption Standard (AES)
❑ Developed by: Joan Daemen & Vincent Rijmen (Belgium)

❑ Key Sizes: 128, 192, or 256 bits

❑ Block Size: 128-bit fixed length
❖ Key Properties:
➢ Iterative rather than a Feistel cipher
➢ Processes data in 4 groups of 4 bytes
➢ Operates on the entire block in each round

❖ Designed for:
➢ Strong resistance against known cryptographic attacks
➢ High performance with efficient implementation on various CPUs

➢ Simplicity in design for easier adoption

 AES: Features & Security Strengths
❑ AES Properties:
➢ Type: Private-key symmetric block cipher
➢ Key Sizes: 128, 192, or 256 bits
➢ Block Size: 128 bits
❑ Cipher Characteristics:
➢ Iterative rather than a Feistel cipher
➢ Uses a 4X4 byte matrix in column-major order
➢ Operates on the entire block in every encryption round
❑ AES Design Objectives:
➢ Strong Security – Resistant to brute-force and advanced cryptanalysis techniques.
➢ High Performance – Faster and more efficient than Triple-DES, optimized for various CPUs.
➢ Reliability & Transparency – Long-term security (20–30 years) with NIST approval and multi-platform.
 Advanced Encryption Standard (AES) Overview

❑ Rijndael Algorithm – Developed by Belgian cryptographers.

❑ AES Parameters:
➢ Key Sizes: 128, 192, or 256 bits.
➢ Block Size: Fixed at 128 bits.
➢ Number of Rounds: 10, 12, or 14, based on key size.
➢ Expanded Key Sizes: 176, 208, or 240 bytes.
❑ AES Design Requirements:
➢ The algorithm must be a symmetric block cipher.
➢ The full design must be publicly available.
 AES Encryption Process: Key Expansion and Rounds
▪ Number of Rounds
The number of rounds (Nr) is determined by:
𝑁𝑟 = 6 + max(𝑁𝑏 , 𝑁𝑘 )
▪ Where

𝑁𝑘 is the number of 32-bit words in the key.

𝑁𝑏 is the number of 32-bit words in the block.
 AES Encryption Overview
❖ AES processes 128-bit data blocks using a 4×4 byte matrix.
➢ Each block is divided into four sub-blocks, which are processed independently.
❖ AES encryption consists of multiple rounds:
➢ AES encryption uses 10, 12, or 14 rounds, depending on the key size.
❖ Each encryption round consists of four key transformations:
➢ SubBytes – Non-linear byte substitution using the Rijndael S-box.
➢ ShiftRows – Cyclic shift applied to each row of the state matrix.
 MixColumns and AddRoundKey Steps in AES
❖ MixColumns Step
➢ Each column undergoes an invertible linear transformation, combining four
bytes to generate another four bytes.
❖ AddRoundKey Step
➢ A 4×4 matrix of key bits is XORed with the state matrix to incorporate the
round key into the encryption process.
 Advanced Encryption Standard (AES) Overview
The AES encryption process consists of four main stages:
1. Initialization: The input state undergoes an initial transformation by XORing with the round key.
2. Main Rounds (Nr-1 rounds): Each round includes the following operations:
➢ SubBytes: Nonlinear byte substitution using an S-Box.
➢ ShiftRows: Row-wise permutation to enhance diffusion.
➢ MixColumns: Column-wise mixing for additional diffusion.
➢ AddRoundKey: XOR operation with the corresponding round key.

3. Final Round: Similar to the main rounds but excludes the MixColumns step.
4. Output: The transformed state serves as the encrypted output.
Key Observations:
• Each step is invertible, facilitating straightforward decryption when the key is known.
• The operations primarily rely on XOR and table lookups, ensuring high efficiency and speed.
• This structured process enhances security and performance, making AES a widely adopted standard.
 AES Key Expansion Overview
❑ The AES key expansion process derives a set of round keys from the original encryption key:

• A 128-bit key (organized as four 4-byte columns) is expanded into 44 columns.

• In general, the required key columns are (Nr + 1) × Nb, where Nr is the number of encryption rounds, and Nb is the block
size in columns.

• The expansion follows a structured process involving key transformation, substitution, and XOR operations using Rijndael
key-expansion constants.

This method ensures that each round key is unique and cryptographically secure, reinforcing AES's resistance to attacks.
 AES State and Round Key Generation
o The AES encryption process initializes a state array from the 128-bit plaintext.
o A round key (rk) array is generated from the 128-bit encryption key.
o The round keys are derived through key expansion and applied sequentially during encryption
rounds to ensure security.
 AES MixColumns Transformation
o Lookup-Based Optimization: Uses precomputed tables to accelerate the MixColumns operation.
o Enhances Data Mixing: Applies matrix multiplication over a finite field to strengthen security.
o Improves Efficiency: Reduces computational complexity, making encryption faster.
 MixColumn Table

❖ Heading: MixColumn Operation Table

❖ Table Structure: Displays hexadecimal values for multiplication.
❖ Rows & Columns: Represent high-order and low-order nibbles.
❖ Purpose: Used in AES to enhance data scrambling.
❖ Application: Helps in secure data transformation and cryptanalysis.
 SubBytes Transformation in AES
❖ SubBytes Operation: Performs byte substitution using a 16×16 S-box lookup.
❖ Lookup Process: Each byte is replaced based on S-box mapping using row and column indices.
❖ Transformation Effect: Enhances confusion by making output bytes non-linearly dependent.
 AES S-Box Lookup and Substitution
❖ AES S-Box: A 16×16 lookup table used in the SubBytes step of AES.
❖ Substitution: Maps input byte (e.g., Hex 95) to a new value (e.g., 2A) using the S-Box.
❖ Purpose: Enhances security by introducing non-linearity in AES encryption.
 AES SubBytes Transformation Example
❖ Demonstrates the SubBytes transformation in AES.
❖ Shows the state matrix before and after substitution.
❖ Uses S-Box lookup to replace each byte.
 AES ShiftRows Transformation
❑ ShiftRows transformation cyclically shifts rows in the AES state matrix.

❑ Example shows how each row is shifted left by different offsets.

 AES AddRoundKey Operation
❖ The AddRoundKey step in AES applies a bitwise XOR between the state matrix and the round
key matrix.
❖ This operation is performed column-wise on the 128-bit state and 128-bit round key.
❖ It ensures the encryption key affects every round, enhancing security.
 Summary of AES: Four Stages
❑ AES encryption consists of four main stages:
➢ Substitute Bytes: Uses an S-box for byte-by-byte substitution.
➢ ShiftRows: A simple row-wise permutation.
➢ MixColumns: A substitution that transforms column data.
➢ AddRoundKey: A bitwise XOR with a portion of the expanded key.

❑ Each stage is reversible, allowing for decryption.

 Summary: Four Stages of AES Decryption
❑ AES decryption follows the reverse process of encryption.
➢ SubBytes: Uses an inverse S-box for substitution.
➢ ShiftRows: Shifts bytes to the right instead of left.
➢ MixColumns: Uses an inverse MixColumn table (skipped in the last round).
➢ AddRoundKey: Remains unchanged since XOR is its own inverse.

❑ Round keys are applied in reverse order, starting with KN and ending with K0 .
 Summary of Symmetric-Key Cryptosystems

➢ Not all cryptographic systems in the market are standard; some, like Rijndael (AES) and Triple DES, are widely accepted as standards.
➢ Non-standard models, such as Blowfish and RC4, are still in use but may have weaknesses or performance issues.
➢ Some algorithms, like Twofish and Serpent, are strong alternatives and remain popular despite not being official standards.
 Challenges of Symmetric Key Cryptography
❑ Scalability Issue: Requires 𝑁(𝑁−1)/2 unique keys for communication between 𝑁 users.

❑ Key Management Challenges:

➢ Distribution of keys.
➢ Secure storage and backup.
➢ Proper key disposal.
➢ Frequent key changes.
Quantum Cryptography: The Ultimate Unbreakable Security
 Quantum Communication: Photon Polarization and Basis
Alignment

✓ Alice and Bob use polarizers to encode and decode photons in horizontal/vertical and diagonal bases for secure communication.

✓ Bit transmission relies on photon polarization, with detection results ensuring information accuracy through basis alignment.
 The Quantum Advantage: Unhackable Cryptographic Systems

o Quantum Cryptography is based on the DARPA BB84 protocol.

o It is an unbreakable cryptosystem as it does not rely on numerical keys but on quantum principles.
o Ensures absolute security using quantum key distribution (QKD).
o Detects eavesdropping instantly due to quantum measurement principles.
o Keys are generated dynamically and cannot be copied or reused.
o Resistant to future quantum attacks, unlike classical cryptography.
o Used in high-security sectors, including government and military applications.
o Three countries are conducting research on this technology.
o It is already applied in Swiss banks for secure communication.
o Quantum Cryptography is based on the DARPA BB84 protocol.
 Key Insights and Future Directions in Advanced Cryptography

▪ The lecture covered advanced cryptographic techniques, focusing on block ciphers like
IDEA and AES, highlighting their structures, encryption processes, and security strengths.

▪ The importance of robust encryption standards like AES was emphasized, ensuring
resistance to brute-force and cryptanalysis attacks.

▪ Symmetric key cryptography faces challenges such as key management and scalability,
despite its efficiency and widespread use.

▪ Quantum cryptography was introduced as a future-proof solution, leveraging quantum

principles for unbreakable security through protocols like BB84.
References

❑ Books:
➢ Schneier, Bruce. Applied Cryptography. 2nd ed., Wiley, 1996.
➢ Stallings, William. Cryptography and Network Security: Principles and Practice. 8th ed., Pearson,
2020.

➢ Kaye, Phillip, Raymond Laflamme, and Michele Mosca. An Introduction to Quantum Computing.
Oxford University Press, 2007.
THANK YOU