1

Mastering Blockchain
Third Edition

Chapter 3, Symmetric Cryptography

Outline 2

• Introduction 

• Working with the the OpenSSL command line 

• Cryptographic primitives 

• Advanced Encryption Standard 

Cryptography  3

A generic cryptographic
model is shown here.

P, E, C, and D represent
plaintext, encryption,
ciphertext, and
decryption, respectively.
Cryptography services 4

• Confidentiality 

• Integrity 

• Authentication 

• Non-repudiation 

• Accountability 
Cryptographic primitives  5

As shown in the preceding

cryptographic primitive
taxonomy diagram,
cryptography is mainly divided
into three categories:
• Keyless primitives
• Symmetric key
primitives/cryptography
• Asymmetric key
primitives/cryptography
Keyless primitives  6

• Random numbers 

• RNGs 

• PRNGs 

• Hash functions 
Hash functions 7

Hash functions compress arbitrary messages into fixed-

length digests. They are easy to compute. 

The security properties of hash functions are:

1. Pre-image resistance 
2. Second pre-image resistance 
3. Collision resistance 
SHA256 8

As shown in the preceding diagram, SHA-256 takes the input message and divides it into equal blocks of
512 bits. Initial values (or initial hash values) of the initialization vector are composed of eight 32 bit words
(256 bits) that are fed into the compression function with the first message. Subsequent blocks are fed
into the compression function until all blocks are processed and finally, the output hash is produced.
Design of SHA-3 (Keccak)  9

The diagram shows

the sponge and
squeeze model,
which is the basis
of SHA-3 or
Keccak.
Symmetric cryptography  10

• Uses the same key for encryption and decryption

• Types of keys
• Public key

• Private key

• Ephemeral key

• Master key
Stream ciphers 11

Stream ciphers are encryption

algorithms that apply
encryption algorithms on a bit-
by-bit basis (one bit at a time)
to plaintext using a keystream.

Operation of a stream cipher

Block ciphers 12

Block ciphers are encryption

algorithms that break up the text to
be encrypted (plaintext) into blocks
of a fixed length and apply the
encryption block by block.

Operation of a block cipher

Block encryption modes 13

Electronic codebook mode 

Cipher block chaining mode  Counter mode 

Advanced Encryption Standard (AES)  14

After state initialization four operations are performed in

sequence to encrypt the input:

1. AddRoundKey: In this step, the state array is XORed

with a subkey, which is derived from the master key.
2. SubBytes: This is the substitution step where a
lookup table (S-box) is used to replace all bytes of the
state array.
3. ShiftRows: This step is used to shift each row to the
left, except for the first one, in the state array in a
cyclic and incremental manner.
4. MixColumns: Finally, all bytes are mixed in a linear
fashion (linear transformation), column-wise.

This is one round of AES. In the final round (either the

10th, 12th, or 14th round, depending on the key size),
stage 4 is replaced with AddRoundKey to ensure that the
first three steps cannot be simply reversed.
 15

Exercise

• Search and find a way to encrypt plaintext into an AES 256-bit encrypted output, using
the OpenSSL command line tool.
Summary 16

In this presentation, we…

• Explored symmetric key cryptography.

• Considered some cryptographic primitives.

• Looked at stream and block ciphers.

• Covered the working modes of block ciphers.

• Learned about AES