Cryptography and

Network Security
Eighth Edition
by William Stallings

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Lecture slides prepared for “Cryptography and Network Security”, 8/e, by William
Stallings, Chapter 4 – “Block Ciphers and the Data Encryption Standard”.

1
 Chapter 3
Classical Encryption
Techniques
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Symmetric encryption, also referred to as conventional encryption or single-

key
encryption, was the only type of encryption in use prior to the development of
public-key
encryption in the 1970s. It remains by far the most widely used of the two
types
of encryption. Part One examines a number of symmetric ciphers. In this
chapter, we
begin with a look at a general model for the symmetric encryption process;
this will
enable us to understand the context within which the algorithms are used.
Next, we
examine a variety of algorithms in use before the computer era. Finally, we
look briefly
at a different approach known as steganography. Chapters 4 and 6 introduce
the two
most widely used symmetric cipher: DES and AES.

2
 Definitions
Plaintext Ciphertext Enciphering/encryption
•The process of converting
•An original message •The coded message from plaintext to ciphertext

Deciphering/decryption Cryptography Cryptographic

•Restoring the plaintext from the system/cipher
•The area of study of the
ciphertext
many schemes used for •A scheme
encryption

Cryptanalysis Cryptology
•Techniques used for •The areas of cryptography
deciphering a message and cryptanalysis
without any knowledge of
the enciphering details

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Before beginning, we define some terms. An original message is known as

the
plaintext, while the coded message is called the ciphertext. The process of
converting
from plaintext to ciphertext is known as enciphering or encryption;
restoring the
plaintext from the ciphertext is deciphering or decryption. The many
schemes used
for encryption constitute the area of study known as cryptography Such a
scheme
is known as a cryptographic system or a cipher. Techniques used for
deciphering a
message without any knowledge of the enciphering details fall into the area
of cryptanalysis.
Cryptanalysis is what the layperson calls “breaking the code.” The areas of
cryptography and cryptanalysis together are called cryptology.

3
 © 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

A symmetric encryption scheme has five ingredients (Figure 3.1)

■ Plaintext: This is the original intelligible message or data that is fed into the
algorithm as input.

■ Encryption algorithm: The encryption algorithm performs various substitutions

and transformations on the plaintext.

■ Secret key: The secret key is also input to the encryption algorithm. The key is
a value independent of the plaintext and of the algorithm. The algorithm will
produce a different output depending on the specific key being used at the
time. The exact substitutions and transformations performed by the algorithm
depend on the key.

■ Ciphertext: This is the scrambled message produced as output. It depends on

the plaintext and the secret key. For a given message, two different keys will
produce two different ciphertexts. The ciphertext is an apparently random
stream of data and, as it stands, is unintelligible.

■ Decryption algorithm: This is essentially the encryption algorithm run in

reverse. It takes the ciphertext and the secret key and produces the original
plaintext.

4
 Symmetric Cipher Model
• There are two requirements for secure use of
conventional encryption:
• A strong encryption algorithm

• Sender and receiver must have obtained copies

of the secret key in a secure fashion and must
keep the key secure

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

There are two requirements for secure use of conventional encryption:

1. We need a strong encryption algorithm. At a minimum, we would like the

algorithm
to be such that an opponent who knows the algorithm and has access to
one or more ciphertexts would be unable to decipher the ciphertext or figure
out the key. This requirement is usually stated in a stronger form: The
opponent
should be unable to decrypt ciphertext or discover the key even if he or
she is in possession of a number of ciphertexts together with the plaintext
that
produced each ciphertext.

2. Sender and receiver must have obtained copies of the secret key in a
secure
fashion and must keep the key secure. If someone can discover the key and
knows the algorithm, all communication using this key is readable.

5
We assume that it is impractical to decrypt a message on the basis of the
ciphertext plus knowledge of the encryption/decryption algorithm. In other
words,
we do not need to keep the algorithm secret; we need to keep only the key
secret.
This feature of symmetric encryption is what makes it feasible for widespread
use.
The fact that the algorithm need not be kept secret means that manufacturers
can
and have developed low-cost chip implementations of data encryption
algorithms.
These chips are widely available and incorporated into a number of products.
With
the use of symmetric encryption, the principal security problem is maintaining
the
secrecy of the key.

5
 © 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Let us take a closer look at the essential elements of a symmetric encryption

scheme, using Figure 3.2.

6
 Cryptographic Systems
• Characterized along three independent dimensions:

The type of operations

The number of keys The way in which the
used for transforming
used plaintext is processed
plaintext to ciphertext

Symmetric,
single-key, secret-
Substitution Block cipher
key, conventional
encryption

Asymmetric, two-
Transposition key, or public-key Stream cipher
encryption

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Cryptographic systems are characterized along three independent

dimensions:

1. The type of operations used for transforming plaintext to ciphertext.

All
encryption algorithms are based on two general principles: substitution, in
which each element in the plaintext (bit, letter, group of bits or letters) is
mapped into another element, and transposition, in which elements in the
plaintext are rearranged. The fundamental requirement is that no information
be lost (i.e., that all operations are reversible). Most systems, referred to as
product systems , involve multiple stages of substitutions and transpositions.

2. The number of keys used. If both sender and receiver use the same
key, the
system is referred to as symmetric, single-key, secret-key, or conventional
encryption. If the sender and receiver use different keys, the system is
referred

7
to as asymmetric, two-key, or public-key encryption.

3. The way in which the plaintext is processed. A block cipher processes

the
input one block of elements at a time, producing an output block for each
input block. A stream cipher processes the input elements continuously,
producing output one element at a time, as it goes along.

7
 Cryptanalysis and
Brute-Force Attack

Cryptanalysis Brute-force attack

• Attack relies on the nature of the
algorithm plus some knowledge of the
general characteristics of the plaintext
• Attack exploits the characteristics of
the algorithm to attempt to deduce a
specific plaintext or to deduce the key
being used
• Attacker tries every possible key on
a piece of ciphertext until an
intelligible translation into plaintext
is obtained
• On average, half of all possible keys
must be tried to achieve success

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Typically, the objective of attacking an encryption system is to recover the

key in
use rather than simply to recover the plaintext of a single ciphertext. There
are two
general approaches to attacking a conventional encryption scheme:

• Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm

plus
perhaps some knowledge of the general characteristics of the plaintext or
even some sample plaintext–ciphertext pairs. This type of attack exploits the
characteristics of the algorithm to attempt to deduce a specific plaintext or to
deduce the key being used.

• Brute-force attack: The attacker tries every possible key on a piece of

ciphertext
until an intelligible translation into plaintext is obtained. On average, half
of all possible keys must be tried to achieve success.

8
If either type of attack succeeds in deducing the key, the effect is catastrophic:
All future and past messages encrypted with that key are compromised.

8
 he choose some plaintext and
asks to encrypt it
with the cipher text and the
original plaintext that he knows
he can figure the algorithm

he have the algorithm

he asks to decrypt a cipher text
into plain text and so he obtain the key

3 & 4 together

(Table is on page 68
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved. in the textbook)

Table 3.1 summarizes the various types of cryptanalytic attacks based on

the
amount of information known to the cryptanalyst. The most difficult problem
is
presented when all that is available is the ciphertext only . In some cases, not
even
the encryption algorithm is known, but in general, we can assume that the
opponent
does know the algorithm used for encryption. One possible attack under
these
circumstances is the brute-force approach of trying all possible keys. If the
key space
is very large, this becomes impractical. Thus, the opponent must rely on an
analysis
of the ciphertext itself, generally applying various statistical tests to it. To use
this
approach, the opponent must have some general idea of the type of plaintext
that

9
is concealed, such as English or French text, an EXE file, a Java source
listing, an
accounting file, and so on.

The ciphertext-only attack is the easiest to defend against because the

opponent has the least amount of information to work with. In many cases,
however,
the analyst has more information. The analyst may be able to capture one or
more
plaintext messages as well as their encryptions. Or the analyst may know that
certain
plaintext patterns will appear in a message. For example, a file that is encoded
in the
Postscript format always begins with the same pattern, or there may be a
standardized
header or banner to an electronic funds transfer message, and so on. All these
are
examples of known plaintext . With this knowledge, the analyst may be able to
deduce
the key on the basis of the way in which the known plaintext is transformed.

Closely related to the known-plaintext attack is what might be referred to as a

probable-word attack. If the opponent is working with the encryption of some
general
prose message, he or she may have little knowledge of what is in the
message.
However, if the opponent is after some very specific information, then parts of
the
message may be known. For example, if an entire accounting file is being
transmitted,
the opponent may know the placement of certain key words in the header of
the
file. As another example, the source code for a program developed by
Corporation
X might include a copyright statement in some standardized position.

9
 If the analyst is able somehow to get the source system to insert into the
system
a message chosen by the analyst, then a chosen-plaintext attack is possible.
In general,
if the analyst is able to choose the messages to encrypt, the analyst may
deliberately
pick patterns that can be expected to reveal the structure of the key.

Table 3.1 lists two other types of attack: chosen ciphertext and chosen text.
These are less commonly employed as cryptanalytic techniques but are
nevertheless
possible avenues of attack.

9
 Encryption Scheme Security
• Unconditionally secure
• No matter how much time an opponent has, it
is impossible for him or her to decrypt the
ciphertext simply because the required
information is not there

• Computationally secure
• The cost of breaking the cipher exceeds the
value of the encrypted information
• The time required to break the cipher
exceeds the useful lifetime of the
information
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Two more definitions are worthy of note. An encryption scheme is

unconditionally
secure if the ciphertext generated by the scheme does not contain enough
information to determine uniquely the corresponding plaintext, no matter how
much ciphertext is available. That is, no matter how much time an opponent
has, it
is impossible for him or her to decrypt the ciphertext simply because the
required
information is not there. With the exception of a scheme known as the one-
time pad
(described later in this chapter), there is no encryption algorithm that is
unconditionally
secure. Therefore, all that the users of an encryption algorithm can strive
for is an algorithm that meets one or both of the following criteria:

• The cost of breaking the cipher exceeds the value of the encrypted
information.

10
• The time required to break the cipher exceeds the useful lifetime of the
information.

An encryption scheme is said to be computationally secure if either of the

foregoing two criteria are met. Unfortunately, it is very difficult to estimate the
amount of effort required to cryptanalyze ciphertext successfully.

All forms of cryptanalysis for symmetric encryption schemes are designed

to exploit the fact that traces of structure or pattern in the plaintext may survive
encryption and be discernible in the ciphertext. This will become clear as we
examine
various symmetric encryption schemes in this chapter. We will see in Part
Three
that cryptanalysis for public-key schemes proceeds from a fundamentally
different
premise, namely, that the mathematical properties of the pair of keys may
make it
possible for one of the two keys to be deduced from the other.

10
 Brute-Force Attack

Involves trying every possible key until an intelligible means good and understandable text

translation of the ciphertext into plaintext is obtained

On average, half of all possible keys must be tried to

achieve success

To supplement the brute-force approach, some

degree of knowledge about the expected plaintext
is needed, and some means of automatically
distinguishing plaintext from garble is also needed
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

A brute-force attack involves trying every possible key until an intelligible

translation of the ciphertext into plaintext is obtained. On average, half of all
possible
keys must be tried to achieve success. That is, if there are X different keys,
on
average an attacker would discover the actual key after X/2 tries. It is
important to
note that there is more to a brute-force attack than simply running through all
possible
keys. Unless known plaintext is provided, the analyst must be able to
recognize
plaintext as plaintext. If the message is just plain text in English, then the
result pops
out easily, although the task of recognizing English would have to be
automated. If
the text message has been compressed before encryption, then recognition
is more
difficult. And if the message is some more general type of data, such as a

11
numerical
file, and this has been compressed, the problem becomes even more difficult
to
automate. Thus, to supplement the brute-force approach, some degree of
knowledge
about the expected plaintext is needed, and some means of automatically
distinguishing plaintext from garble is also needed.

11
 Strong Encryption
• The term strong encryption refers to encryption
schemes that make it impractically difficult for
unauthorized persons or systems to gain access to
plaintext that has been encrypted
• Properties that make an encryption algorithm
strong are:
• Appropriate choice of cryptographic algorithm
• Use of sufficiently long key lengths
• Appropriate choice of protocols
• A well-engineered implementation
• Absence of deliberately introduced hidden flaws

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

For users, security managers, and organization executives, there is a

requirement for strong encryption to protect data. The term strong encryption
is an imprecise one, but in general terms, it refers to encryption schemes that
make it impractically difficult for unauthorized persons or systems to gain
access to plaintext that has been encrypted. [NAS18] lists the following
properties that make an encryption algorithm strong: appropriate choice of
cryptographic algorithm, use of sufficiently long key lengths, appropriate
choice of protocols, a well-engineered implementation, and the absence of
deliberately introduced hidden flaws. The first two factors relate to
cryptanalysis, discussed in this section, and the third factor relates to the
discussion in Part Six. The last two factors are beyond the scope of this
book.

12
 Substitution Technique

• Is one in which the letters of plaintext are

replaced by other letters or by numbers or
symbols

• If the plaintext is viewed as a sequence of bits,

then substitution involves replacing plaintext
bit patterns with ciphertext bit patterns

• 𝑐 = 𝑝 + 𝑘 𝑀𝑜𝑑𝑢𝑙𝑜 𝑀.

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

The two basic building blocks of all encryption techniques are substitution
and transposition. We examine these in the next two sections. Finally, we
discuss a
system that combines both substitution and transposition.

A substitution technique is one in which the letters of plaintext are replaced

by
other letters or by numbers or symbols. If the plaintext is viewed as a
sequence of bits,
then substitution involves replacing plaintext bit patterns with ciphertext bit
patterns.

13
 Caesar Cipher
• Simplest and earliest known use of a substitution cipher

• Used by Julius Caesar

• Involves replacing each letter of the alphabet with the

letter standing three places further down the alphabet

• Alphabet is wrapped around so that the letter following Z

is A

plain: meet me after the toga party

cipher: PHHW PH DIWHU WKH WRJD SDUWB

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

The earliest known, and the simplest, use of a substitution cipher was by
Julius
Caesar. The Caesar cipher involves replacing each letter of the alphabet with
the
letter standing three places further down the alphabet.

14
 Caesar Cipher Algorithm
• Can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

• Mathematically give each letter a number

a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

• Algorithm can be expressed as:

c = E(3, p) = (p + 3) mod (26) key=3

• A shift may be of any amount, so that the general Caesar algorithm is:

C = E(k , p ) = (p + k ) mod 26

• Where k takes on a value in the range 1 to 25; the decryption algorithm is

simply:

p = D(k , C ) = (C - k ) mod 26
© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Note that the alphabet is wrapped around, so that the letter following Z is A.

An algorithm can be expressed as follows. For each plaintext letter p ,

substitute
the ciphertext letter C

15
 Figure 3.3

Brute-Force
Cryptanalysis
of
Caesar Cipher
(This chart can be found on page 71 in the
textbook)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

If it is known that a given ciphertext is a Caesar cipher, then a brute-force

cryptanalysis is easily performed: simply try all the 25 possible keys. Figure
3.3
shows the results of applying this strategy to the example ciphertext. In this
case, the
plaintext leaps out as occupying the third line.

Three important characteristics of this problem enabled us to use a brute-

force
cryptanalysis:

1. The encryption and decryption algorithms are known.

2. There are only 25 keys to try.

3. The language of the plaintext is known and easily recognizable.

16
 Transposition Technique
• Is one in which the letters of a plaintext are permuted in a way to
preserve the block elements. Expansion Permutation and Permutation
Choice are also possible. by other letters or by numbers or symbols

• 𝑐 =𝑝 𝑀𝑜𝑑𝑢𝑙𝑜 𝑀.

• Key: 4 3 1 2 5 6 7

• Plaintext: a t t a c k p

• o s t p o n e

• d u n t i l t

• w o a m x y z

• Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

The two basic building blocks of all encryption techniques are substitution
and transposition. We examine these in the next two sections. Finally, we
discuss a
system that combines both substitution and transposition.

A substitution technique is one in which the letters of plaintext are replaced

by
other letters or by numbers or symbols. If the plaintext is viewed as a
sequence of bits,
then substitution involves replacing plaintext bit patterns with ciphertext bit
patterns.

17