|| Jai Sri Gurudev ||

SJB Institute of Technology

#67, BGS Health & Education City, Dr. Vishnuvardhan Road,
Kengeri, 
       Bengaluru – 560060, KARNATAKA, INDIA

Module 1- Classical Encryption Techniques

Semester
7th

Cryptography
(18CS744)

By
Manjula H S
Assistant professor
Department of Computer Science and Engineering
 Introduction

14.03.22 09:56 2
14.03.22 09:56 3
14.03.22 09:56 4
14.03.22 09:56 5
 Symmetric - Key Cryptography
Symmetric key encryption :
also referred to as conventional / secret -
key / single - key encryption
most widely used of the two types of
encryption
3

5
2

14.03.22 09:56 Simplified Model of Symmetric Encryption 6

 Model of Symmetric Cryptosystem

14.03.22 09:56 7
 Symmetric - Key Cryptography
Symmetric key encryption components :
(a) plaintext : original message or data fed
into algorithm as input
(b) encryption algorithm: performs
various substitutions and transformations
on the plaintext
(c) secret key : is also input to the algorithm,
the substitutions and transformations…..
performed by the algorithm….
depends on the key

14.03.22 09:56 8
 Symmetric - Key Cryptography
Symmetric key encryption components :
(d) cipher text : scrambled message
produced as output ; depends on the
plaintext and secret key
(e) decryption algorithm takes ciphertext
and the same secret key as the input and
produces the original plaintext
two requirements for secure use of
symmetric encryption :
• strong encryption algorithm
• sender and receiver having copies of
secret key in a secured fashion
14.03.22 09:56 9
 Symmetric - Key Cryptography
Symmetric key encryption components :
the algorithm should be strong to prevent
an opponent to decrypt ciphertext or
discover the key
even if he / she is in possession of a
number of ciphertexts together with the
plaintext that produced the ciphertext
secrecy of the key is extremely important
- not of the algorithm
low-cost chip implementations of data encryption
algorithms have been developed by manufacturers
14.03.22 09:56 10
 Model of Symmetric Cryptosystem

14.03.22 09:56 11
 Symmetric - Key Cryptography
Generic classification of cryptographic
systems :

• type of operations used for transforming

plaintext to ciphertext

• the number of keys used

• the way in which the plaintext is

processed
14.03.22 09:56 12
 Symmetric - Key Cryptography
Generic classification of cryptographic
systems :
(a) type of operations used for transforming
plaintext to ciphertext :
• substitution : each element in plaintext
(bit, letter, group of bits or letters) is
mapped into another element
• transposition : elements in the plaintext
are rearranged

14.03.22 09:56 13
 Symmetric - Key Cryptography
Substitution :

Transposition :

14.03.22 09:56 14
 Symmetric - Key Cryptography
Generic classification of cryptographic
systems :
(b) the number of keys used :

14.03.22 09:56 15
 Symmetric - Key Cryptography
Generic classification of cryptographic
systems :
(c) the way in which the plaintext is processed :
• Block Cipher : processes the input block

of elements one at a time, producing an

output block for each input block
• Stream Cipher : processes the input
elements continuously, producing
output, one element at a time

14.03.22 09:56 16
 Symmetric - Key Cryptography
Cryptanalysis:

the process of attempting to discover the

plaintext or key

strategy used by the cryptanalyst ……..

depends on the nature of encryption
scheme and information available to
cryptanalyst

14.03.22 09:56 17
 Symmetric - Key Cryptography
Cryptanalysis
an encryption scheme is computationally
secure if the ciphertext generated meets
one or both of the following criteria :
• the cost of breaking the cipher exceeds
the value of encrypted information
• the time required to break the cipher
(difficult to estimate) exceeds the useful
lifetime of the information
assuming that the algorithm is flawless, a
brute-force method can be used to break
14.03.22 09:56 18
 Symmetric - Key Cryptography
Cryptanalysis
brute-force method involves trying every
possible key until an intelligible translation
of ciphertext to plaintext is obtained

(ex. DES) insecure

Average time required for exhaustive key search

14.03.22 09:56 20
14.03.22 09:56 21
 Substitution Techniques

14.03.22 09:56 22
14.03.22 09:56 23
14.03.22 09:56 24
14.03.22 09:56 25
 Alphabets

14.03.22 09:56 26
14.03.22 09:56 27
14.03.22 09:56 28
14.03.22 09:56 29
 Playfair Cipher

14.03.22 09:56 30
14.03.22 09:56 31
14.03.22 09:56 32
14.03.22 09:56 33
14.03.22 09:56 34
14.03.22 09:56 35
 Symmetric - Key Cryptography
Symmetric block encryption algorithms

Feistel Cipher structure

first described by Horst Feistel of IBM in

1973

many symmetric block encryption

algorithms have this structure

14.03.22 09:56 36
 Symmetric - Key Cryptography
Symmetric block encryption algorithms
Feistel Cipher structure
+ • input : 2w bits plaintext
• key K
+ • round function F

• sequence of rounds
+
• each round performs
substitutions and
permutations conditioned
14.03.22 09:56
by a secret key value 37
 Symmetric - Key Cryptography
Symmetric block encryption algorithms
Feistel Cipher structure : features
(a) inputs to encryption algorithm are a
plaintext block of length 2w bits and a key K
(b) plaintext block is divided into two halves
L0 and R0
(c) the two halves pass through n rounds of
processing and then combine to produce the
ciphertext block
(d) each round i has the following inputs :
• Li-1 and Ri-1 derived from the previous round
• subkey Ki derived from the overall key K
14.03.22 09:56 38
 Symmetric - Key Cryptography
Symmetric block encryption algorithms
Feistel Cipher structure : features
(e) subkeys Ki are different from K and
from each other and are generated from
the key by a subkey generation algorithm
(f) processing in each round :
• a round function F (parameterised by the

round subkey Ki ) is applied to the right

half of the data
• the output of F is XORed with the left
half of data
•14.03.22
a permutation
09:56 is performed - the two 39

halves of the data are interchanged

 Symmetric - Key Cryptography
Symmetric block encryption algorithms
Feistel Cipher structure : features
exact implementation of a symmetric
block cipher depends on the choice of
parameters and features :
• block size : larger means more secure ;
128-bit block is commonly used
• key size : larger means more secure, but
performance reduces; common is 128 bits
• number of rounds : typical size is 16

14.03.22 09:56 40
 Symmetric - Key Cryptography
Symmetric block encryption algorithms
Feistel Cipher structure : features
parameters and features (contd.) :
• subkey generation algorithm : more
complex means more difficult for
cryptanalysis
• round function : more complexity is better
• fast software encryption / decryption
• ease of analysis

14.03.22 09:56 41
 Symmetric - Key Cryptography
Symmetric block encryption algorithms
Feistel Cipher structure : features
Decryption :
• use ciphertext as input to the algorithm
• use subkeys in the reverse order : Kn in
the first round, Kn-1 in the second and K1
in the last round →

same i.e. single algorithm can be used

both for encryption and for decryption
14.03.22 09:56 42
 Symmetric - Key Cryptography
Symmetric block encryption algorithms
DES - the Data Encryption Standard
stages
1

17
Li-1 F(Ri-1,Ki)
18

19

14.03.22 09:56 16 sub-keys are generated, one for iteration (stages 2 - 17) 43
 Symmetric - Key Cryptography
Symmetric block encryption algorithms
DES
concerns about DES key length (56-bits) :
56 bits → 256 or 7.2 x 1016 keys
Electronic Frontier Foundation (EFF)
broke a DES encryption in 1998 using a
special-purpose “ DES cracker ” machine
in less than 3 days
if the only form of attack that could be made on
encryption algorithms is only brute-force with
faster machines …..use longer keys
14.03.22 09:56 44
 Symmetric - Key Cryptography
Symmetric block encryption algorithms
DES

14.03.22 09:56 Time to break a code (assuming 106 decryptions / μsec) 45

 Symmetric - Key Cryptography
Symmetric block encryption algorithms
DES

DES (56-bit key) code would take about 10

hours to crack using 106 decryptions / μsec
using 128-bit key, it would take over 1018
years to break the code using EFF cracker

128-bit key is guaranteed to result in an

algorithm that is unbreakable by brute force

14.03.22 09:56 46
 Symmetric - Key Cryptography
Symmetric block encryption algorithms
Triple DES (3DES) - ANSI standard X9.17
FIPS PUB 46-3
3DES uses :
• three keys and
• three executions of DES algorithm
C = E(K3, D(K2, E(K1, P)))
P = plaintext
C = ciphertext
E [ K, X ] = encryption of X using key K
D [ K, Y ] = decryption of Y using key K
14.03.22 09:56 47
 Symmetric - Key Cryptography
Symmetric block encryption algorithms
3DES

E (K1, P) D (K2, A) E (K3, B)

14.03.22 09:56 P = D(K1, E(K2, D(K3, C))) 48

 Symmetric - Key Cryptography
Symmetric block encryption algorithms
3DES
with three distinct keys 3DES has an
effective key length of 168 bits
FIPS 46-3 allows use of two keys with
K1 = K3 i.e. effective key length of 112 bits

ultimately, Advance Encryption Standard

(AES) is intended to replace 3DES, but
3DES continues to coexist as an approved
algorithm for the foreseeable future
14.03.22 09:56 49
 Symmetric - Key Cryptography
Location of Encryption Devices
countering threats to network security :
encryption is the most common and
powerful approach

issues :
what to encrypt ?
where to locate the encryption devices ?
• link encryption
• end-to-end encryption
14.03.22 09:56 50
 Symmetric - Key Cryptography
Location of Encryption Devices

14.03.22 09:56 Encryption across a packet-switching network 51

 Symmetric - Key Cryptography
Location of Encryption Devices
Link encryption
each vulnerable link is equipped with an
encryption device at both ends
all traffic over the all links is secured →
provides high level of security
issues :
requires many encryption devices
since each switch has to read the header
to route the packet, the message has to
be decrypted at each switch →
vulnerable ;
also in public PSN, user has no control
14.03.22 09:56 52
 Symmetric - Key Cryptography
Location of Encryption Devices
End-to-end encryption
encryption is carried out at the two end
systems
encrypted data is transmitted across the
network to the destination host →
security against attacks on the network
links or switches

14.03.22 09:56 53
 Symmetric - Key Cryptography
Location of Encryption Devices

bytes
/ TOS of datagram
4
(#)
4

4
TTL = 64
unchanged during travel
of datagram from S to D 4
unchanged during travel
of datagram from S to D 4

40

14.03.22 09:56 (#) maximum size of datagram : 65,535 bytes 54

 Symmetric - Key Cryptography
Location of Encryption Devices
End-to-end encryption
issues :
sending host encrypting the entire data
including header → packet-switching
node unable to read header / route packet
sending host encrypting only user data and
not packet header → header vulnerable →
user data is secure, but traffic pattern is not
greater security is provided by a combination of
link and end-to-end encryption methods
14.03.22 09:56 55
 Symmetric - Key Cryptography
Key Distribution
symmetric encryption → two parties must
share the same key → key must be
protected from access by others
frequent key changes are desirable to
limit the amount of compromised data
should the attacker learn the key
strength of cryptographic system is
governed by the key distribution technique
i.e. delivering a key to two parties (who
wish to exchange data) without allowing
others to know the key
14.03.22 09:56 56
 Symmetric - Key Cryptography
Key Distribution
key distribution methods between two
parties S and R :
1. a key could be selected by S and
physically delivered to R
2. a third party could select the key and
physically deliver it to S and R
both the above methods are infeasible in
a large wide-area distributed system
14.03.22 09:56 57
 Symmetric - Key Cryptography
Key Distribution
key distribution methods between two
parties S and R :
3. if S and R have previously used a key,
one party could transmit the new key to
the other, encrypted using the old key
issue : if an attacker gains access to one
key, all subsequent keys are revealed
4. if S and R have an encrypted connection
to a third party K, K could deliver a key on
the encrypted links to S and R
14.03.22 09:56 58
 Symmetric - Key Cryptography
Key Distribution
two types of keys identified
session key :
when two end systems (hosts) wish to
communicate they establish a logical
connection i.e. VC
for the duration of the logical connection,
all user data is encrypted using a one-
time session key
at the conclusion of connection, session
key is destroyed
14.03.22 09:56 59
 Symmetric - Key Cryptography
Key Distribution
two types of keys identified
permanent key :
used between entities for the purpose of
distributing session keys

The configuration of the key distribution

mechanism consists of two elements:
• Key Distribution Centre (KDC)
• Security Service Module (SSM)
14.03.22 09:56 60
 Symmetric - Key Cryptography
Key Distribution
Key Distribution Centre (KDC)
determines which systems are allowed to
communicate with each other

when permission is granted for two

systems to establish a connection….

the KDC provides a one-time session key

for that connection
14.03.22 09:56 61
 Symmetric - Key Cryptography
Key Distribution
Security Service Module (SSM)
consists of functionality at one protocol
layer

performs end-to-end encryption

obtains session key on behalf of users

14.03.22 09:56 62
 Symmetric - Key Cryptography
Key Distribution
automated approach
provides flexibility and
dynamic method to …
SSM
allow number of hosts
SSM ey C
to exchange data
k D
s ing& K
d u M
e S
r ypt y S
c b
connection
request packet enared session key
sh delivered

connection setup
data exchange encrypted
SSM by SSMs using their SSM
session keys

14.03.22 09:56
Automated Key distribution for connection-oriented protocol63