Data Security and Encryption

(CSE348)

1
Lecture # 6

2
 Review
• have considered:
– classical cipher techniques and terminology
– monoalphabetic substitution ciphers
– cryptanalysis using letter frequencies
– Playfair cipher
– polyalphabetic ciphers
– transposition ciphers
– product ciphers and rotor machines
– stenography
3
 Chapter 3

Block Ciphers and the Data

Encryption Standard

4
 Block Ciphers and the Data Encryption
Standard

All the afternoon Mungo had been working on Stern's

code, principally with the aid of the latest messages
which he had copied down at the Nevin Square drop.
Stern was very confident. He must be well aware
London Central knew about that drop. It was obvious
that they didn't care how often Mungo read their
messages, so confident were they in the
impenetrability of the code.
—Talking to Strange Men, Ruth Rendell

5
 Modern Block Ciphers
 now look at modern block ciphers
 one of the most widely used types of cryptographic
algorithms
 provide secrecy /authentication services
 focus on DES (Data Encryption Standard)
 We will see block cipher design principles

6
 Block vs Stream Ciphers
• block ciphers process messages in blocks, each of
which is then en/decrypted
• like a substitution on very big characters
– 64-bits or more
• stream ciphers process messages a bit or byte at a
time when en/decrypting
• many current ciphers are block ciphers
– better analysed
– broader range of applications

7
Block vs Stream Ciphers

8
 Block vs Stream Ciphers

 A block cipher is one in which a block of plaintext is

treated as a whole and used to produce a ciphertext
block of equal length

 Typically, a block size of 64 or 128 bits is used

 As with a stream cipher, the two users share a

symmetric encryption key

9
 Block vs Stream Ciphers

 A stream cipher is one that encrypts a digital data

stream one bit or one byte at a time

 In the ideal case, a one-time pad version of the

Vernam cipher would be used, in which the
keystream (k ) is as long as the plaintext bit stream
(p)

10
 Block Cipher Principles
 Most symmetric block ciphers are based on a Feistel
Cipher Structure
 needed since must be able to decrypt ciphertext to
recover messages efficiently
 block ciphers look like an extremely large
substitution
 would need table of 264 entries for a 64-bit block
 instead create from smaller building blocks
 using idea of a product cipher

11
 Block Cipher Principles
 A block cipher operates on a plaintext block of n bits
to produce a ciphertext block of n bits

 An arbitrary reversible substitution cipher for a large

block size is not practical

 however, from an implementation and performance

point of view

 In general, for an n-bit general substitution block

cipher, the size of the key is n x 2n
12
 Block Cipher Principles
 For a 64-bit block, which is a desirable length to
thwart statistical attacks

 the key size is 64x 264 = 270 = 1021 bits

 In considering these difficulties, Feistel points out

that what is needed is an approximation to the ideal
block cipher system for large n

 built up out of components that are easily realizable

13
Ideal Block Cipher

14
 Ideal Block Cipher
 Feistel refers to an n-bit general substitution as
an ideal block cipher

 because it allows for the maximum number of

possible encryption mappings from the plaintext
to ciphertext block

 4-bit input produces one of 16 possible input

states, which is mapped by the substitution
cipher into a unique one of 16 possible output
states
15
 Ideal Block Cipher
 Each of which is represented by 4 ciphertext bits

 encryption and decryption mappings can be

defined by a tabulation
 a tiny 4-bit substitution shows that each possible
input can be arbitrarily mapped to any output
 which is why its complexity grows so rapidly

16
 Claude Shannon and Substitution-
Permutation Ciphers
 Feistel proposed that we can approximate the ideal
block cipher by utilizing the concept of a product
cipher

 which is the execution of two or more simple ciphers

in sequence

 In such a way that the final result or product is

cryptographically stronger than any of the
component ciphers

17
 Claude Shannon and Substitution-
Permutation Ciphers
 In particular, Feistel proposed the use of a cipher
that alternates substitutions and permutations

 as a practical application of a proposal by Claude

Shannon

18
 Claude Shannon and Substitution-
Permutation Ciphers
 Claude Shannon’s 1949 paper has the key ideas that
led to the development of modern block ciphers

 Critically, it was the technique of layering groups of

S-boxes separated by a larger P-box to form the S-P
network, a complex form of a product cipher

 He also introduced the ideas of confusion and

diffusion, notionally provided by S-boxes and P-boxes
(in conjunction with S-boxes)

19
 Claude Shannon and Substitution-
Permutation Ciphers
 Claude Shannon introduced idea of substitution-
permutation (S-P) networks in 1949 paper
 form basis of modern block ciphers
 S-P nets are based on the two primitive
cryptographic operations seen before:
 substitution (S-box)
 permutation (P-box)
 provide confusion & diffusion of message & key

20
 Confusion and Diffusion
• The terms diffusion and confusion were introduced
by Claude Shannon
• To capture the two basic building blocks for any
cryptographic system

• Shannon's concern was to thwart cryptanalysis based

on statistical analysis

• Every block cipher involves a transformation of a

block of plaintext into a block of ciphertext

21
 Confusion and Diffusion
• where the transformation depends on the key

• The mechanism of diffusion seeks to make the

statistical relationship between the plaintext
and ciphertext

• as complex as possible in order to thwart

attempts to deduce the key

22
 Confusion and Diffusion
• Confusion seeks to make the relationship
between:

• the statistics of the ciphertext and the value of

the encryption key as complex as possible

• again to thwart attempts to discover the key

23
 Confusion and Diffusion
• So successful are diffusion and confusion

• In capturing the essence of the desired

attributes of a block cipher

• That they have become the cornerstone of

modern block cipher design

24
 Confusion and Diffusion
• cipher needs to completely obscure statistical
properties of original message

• a one-time pad does this

• more practically Shannon suggested

combining S & P elements to obtain:

25
 Confusion and Diffusion
• diffusion – dissipates statistical structure of
plaintext over bulk of ciphertext

• confusion – makes relationship between

ciphertext and key as complex as possible

26
 Feistel Cipher Structure
• Horst Feistel, working at IBM Thomas J Watson
Research Labs
• devised a suitable invertible cipher structure in
early 70's.
• One of Feistel's main contributions was the
invention of a suitable structure
• which adapted Shannon's S-P network in an easily
inverted structure
27
Feistel Cipher Structure

28
 Feistel Cipher Structure
• It partitions input block into two halves which
are processed through multiple rounds

• which perform a substitution on left data half,

based on round function of right half & subkey

• and then have permutation swapping halves

29
 Feistel Cipher Structure
• Essentially the same h/w or s/w is used for
both encryption and decryption

• with just a slight change in how the keys are

used

• One layer of S-boxes and the following P-box

are used to form the round function

30
 Feistel Cipher Structure
• Horst Feistel devised the feistel cipher
– based on concept of invertible product cipher
• partitions input block into two halves
– process through multiple rounds which
– perform a substitution on left data half
– based on round function of right half & subkey
– then have permutation swapping halves
• implements Shannon’s S-P net concept

31
 Feistel Cipher Structure
• Figure illustrates the classical feistel cipher
structure, with data split in 2 halves

• processed through a number of rounds

• which perform a substitution on left half

using output of round function on right half
& key, and a permutation which swaps
halves, as listed previously

32
 Feistel Cipher Structure
• The LHS side of this figure shows the flow
during encryption, the RHS in decryption

• The inputs to the encryption algorithm are

a plaintext block of length 2w bits and a
key K

33
 Feistel Cipher Structure
• The plaintext block is divided into two
halves, L0 and R0

• The two halves of the data pass through n

rounds of processing and then combine to
produce the ciphertext block

34
 Feistel Cipher Structure
• Each round i has as inputs Li–1 and Ri–1,
derived from the previous round, as well as
a subkey Ki, derived from the overall K

• In general, the subkeys K are different

from K and from each other

• The process of decryption with a Feistel

cipher is essentially the same as the
encryption process
35
 Feistel Cipher Structure
• The rule is as follows:
• Use the ciphertext as input to the
algorithm, but use the subkeys Ki in reverse
order
• That is, use Kn in the first round, Kn–1 in the
second round, and so on until K1 is used in
the last round

36
 Feistel Cipher Structure
• This is a nice feature because it means we
need not implement two different
algorithms
• one for encryption and one for decryption

• See discussion in text for why using the

same algorithm with a reversed key order
produces the correct result

37
 Feistel Cipher Structure
• noting that at every round

• the intermediate value of the decryption

process is equal to the corresponding value
of the encryption process

• with the two halves of the value swapped

38
Feistel Cipher Structure

39
 Feistel Cipher Design Elements
 block size
 key size
 number of rounds
 subkey generation algorithm
 round function
 fast software en/decryption
 ease of analysis

40
 Feistel Cipher Design Elements
 The exact realization of a Feistel network depends on
the choice of the following parameters and design
features:

 block size - increasing size improves security, but

slows cipher

 key size - increasing size improves security, makes

exhaustive key searching harder, but may slow
cipher

41
 Feistel Cipher Design Elements
 number of rounds - increasing number improves
security, but slows cipher

 subkey generation algorithm - greater complexity

can make analysis harder, but slows cipher

 round function - greater complexity can make

analysis harder, but slows cipher

42
 Feistel Cipher Design Elements
 fast software en/decryption - more recent concern
for practical use

 ease of analysis - for easier validation & testing of

strength

43
 Summary
• have considered:
– block vs stream ciphers
– Feistel cipher design & structure

44