Cryptography and Encryption

Techniques

1
Terminologies
 Cryptography: Schemes for encryption and
decryption
 Encryption algorithm:
algorithm technique or rules selected
for encryption.
 Key:
Key is secret value used to encrypt and/or decrypt
the text.
 Cryptanalysis: The study of “breaking the code”.
 Cryptology: Cryptography and cryptanalysis
together constitute the area of cryptology.

2
Introduction
What is cryptography ?
 Cryptography is the study of Encryption and decryption
 Greek kryptos means “hidden” and graphia means “writtings”
 Encryption is an ancient form of information protection. …
dates back 4,000 years.
 process by which plaintext is converted into ciphertext.
 Decryption is the inverse of Encryption.

3
 Introduction ….
 Cryptography has five components:
 Plaintext: This is what you want to encrypt.
 Ciphertext: The encrypted output.
 Enciphering or encryption: The process by which plaintext is
converted into ciphertext.
 Encryption algorithm: The sequence of data processing steps
that go into transforming plaintext into ciphertext.
 Secret Key: a key is a string of characters used within an
encryption algorithm for altering data so that it appears random.
 Deciphering or decryption: Recovering plaintext from
ciphertext.
 Decryption algorithm: The sequence of data processing steps
that go into transforming ciphertext back into plaintext.
 Security depends on the secrecy of the key, not the secrecy of the
algorithm
4
Introduction ….
Simplified Encryption Model:

5
 Introduction …
 A sender S wanting to transmit message M to a
receiver R
 To protect the message M, the sender first encrypts it
into meaningless message M’
 After receipt of M’, R decrypts the message to obtain
M
 M is called the plaintext
 What we want to encrypt
 M’ is called the ciphertext
 The encrypted output

6
Introduction…
 Notation
Given
P=Plaintext
C=CipherText

C = EK (P) Encryption
P = DK ( C) Decryption

7
 Services Provided by Cryptography
Confidentiality
 provides privacy for messages and stored data by hiding

Message Integrity
 provides assurance to all parties that a message remains
unchanged
Non-repudiation
It is a security service that ensures that an entity cannot refuse the
ownership of a previous commitment or an action.
It is an assurance that the original creator of the data cannot deny
the creation or transmission of the said data to a recipient or third
party.
Authentication
 Authentication provides the identification of the originator.
 8 It confirms to the receiver that the data received has been sent
 Cipher Techniques

Transposition Cipher Vs Substitution Cipher

9
Building Blocks of Encryption Techniques
 Two building blocks of all classical encryption techniques
are substitution and transposition.
 Substitution means replacing an element of the plaintext
with an element of cipher text.
 each element in the plaintext (bit, letter, group of bits or
letters) is mapped into another element
 If the plaintext is viewed as a sequence of bits, then substitution
involves replacing plaintext bit patterns with ciphertext bit
patterns.
 Transposition means rearranging the order of
appearance of the elements of the plaintext.
 Transposition is also referred to as permutation.

10
Substitution Cipher
 Types of Substitution cipher:
o Caesar Cipher
o Modified Caesar Cipher
o Monoalphabetic Ciphers
o Play fir matrix

Polyalphabetic ciphers
o Vigenere cipher
o One-time pad (reading assignment)

11
Caesar Cipher Substitution
 The earliest known use of a substitution cipher, and the
simplest, was by Julius Caesar.
 The Caesar cipher involves replacing each letter of the
alphabet with the letter standing three places further
down the alphabet
 Note that the alphabet is wrapped around, so that the
letter following Z is A.
 We can define the transformation by listing all
possibilities, as follows:

12
 Activity
 Convert it ....to Caesar Ciphertext?
 Plaintext: are you ready
 Ciphertext: duh brx uhdgb

Plaintext a b c d e f g h i j k l mn o p q r s t u v w x y z
Ciphertext D E F G H I J K L M N O P Q R S T U V WX Y Z A B C

13
Caesar Cipher
 The algorithm can be expressed as, for each plaintext
letter P, substitute ciphertext letter C.
 C = E(3, p) = (p + 3) mod 26
 Mathematically give each letter a number

 General Caesar algorithm as:

c = E(k, p) = (p + k) mod (26)
p = D(k, c) = (c – k) mod (26)
 Where k is [0 to 25]. Secret-key

14
Modified Caesar Cipher
 In this version of Caesar cipher, the cipher text alphabets
corresponding to the original plain text alphabets may not
necessarily be three places down the order, but instead, can be
any places down the order
 First we must translate our message into our numerical alphabet
 Choose the number you want to shift by
 Then we add the B-shift to each number
 E.g 1. The name 'James' encrypted with a B-shift of 7 is:
 J = 9 + 7 = 16
 A=0+7=7
 M = 12 + 7 = 19
 E = 4 + 7 = 11
 S = 18 + 7 = 25
 16 = Q, 7 = H, 19 = T, 11= L, 25 = Z.
 QH T L Z
15
Modified Caesar Cipher
 E.g.2. The phrase 'is a spy' using the same B-shift.
 I = 8 + 7 = 15,
 S = 18 + 7 = 25

 A=0+7=7

 S = 18 + 7 = 25

 P = 15 + 7 = 22

 Y = 24 + 7 = 31

 So 15 is P, 25 is Z, 7 is H, 25 is Z again, and 22 is W, but what

is 31?
 Use mod 26
 Since, 31 mod 26 = 5, which corresponds to F
 So “is a spy” = PZHZWF

16
Monoalphabetic Cipher
 Rather than just shifting the alphabet could shuffle (jumble)
the letters arbitrarily each plaintext letter maps to a different
random ciphertext letter.
 Hence, key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters
Ciphertext:WIRFRWAJUHYFTSDVFSFUUFYA

17
 Playfair Cipher
 The best-known multiple-letter encryption cipher is the
Playfair, which treats diagrams in the plaintext as single
units and translates these units into ciphertext diagrams.
 It was the first literal digraph substitution cipher.
 The scheme was invented in 1854 by Charles Wheatstone,
 but bears the name of Lord Playfair who promoted the use
of the cipher.
 Used in WWI and WWII

18
Playfair Key Matrix
 a 5X5 matrix of letters based on a keyword
 fill in letters of keyword (no duplicates, i & j)
 fill rest of matrix with other letters
 E g. using the keyword (key) simple

s i/j m p l
e a b c d
f g h k n
o q r t u
v w x y z
19
 Playfair Cipher rule
 First, a plaintext message is split into pairs of two letters (digraphs).
 If there is an odd number of letters, a Z is added to the last letter. Let us say we
want to encrypt the message “hide money”. It will be written as −
HI DE MO NE YZ
 Use filler letter to separate repeated letters
eg. "balloon" encrypts as "ba lx lo on" Encrypt two letters together
 If both the letters are in the same row: Take the letter to the right of each
one (going back to the leftmost if at the rightmost position).
ac--bd
 If both the letters are in the same column: Take the letter below each one
(going back to the top if at the bottom).
ag_>gq
 If neither of the above rules is true: Form a rectangle with the two letters
and take the letters on the horizontal opposite corner of the rectangle.
ar--bq
20
Activity 1
Eg. Keyword. Now write
the letters keyword in the
first squares of a five by
five matrix:
Then finish filling up the
remaining squares of the matrix
with the remaining letters of the
alphabet, in alphabetical order

For example, the sentence “Why, don’t you?”

becomes
WH YD ON TY OU
Ciphertext :YI EA ES VK EZ
21
 instruments

Activity2
 Q: construct the playfair matrix using the keyword
MONARCHY ?
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z

Plaintext: Ethiopia
Ciphertext: klbfhvsb
Would you pleas tray this: “instruments” with the above
keyword
22
 Polyalphabetic ciphers
 Another way to improve on the simple monoalphabetic technique is to
use different monoalphabetic substitutions as one proceeds through the
plaintext message.
 The general name for this approach is polyalphabetic substitution
cipher.
 All these techniques have the following features in common:
• A set of related monoalphabetic substitution rules is used.
• A key determines which particular rule is chosen for a given
transformation.
 The best known, and one of the simplest, such algorithm is referred to
as the Vigenère cipher.
 In this scheme, the set of related monoalphabetic substitution rules
consists of the 26 Caesar ciphers, with shifts of 0 through 25.
23
Vigenere Cipher
 Vigenere Cipher is a method of encrypting alphabetic text. It
uses a simple form of polyalphabetic substitution.
 The table consists of the alphabets written out 26 times in
different rows, each alphabet shifted cyclically to the left
compared to the previous alphabet, corresponding to the 26
possible Caesar Ciphers.
 At different points in the encryption process, the cipher uses a
different alphabet from one of the rows.
 The alphabet used at each point depends on a repeating
keyword.

24
 Vigenere Cipher
 The Vigenère cipher uses a 26×26 table with A to Z as the row heading and column heading
 This table is usually referred to as the Vigenère Tableau, Vigenère Table or Vigenère Square.
 We shall use Vigenère Table. The first row of this table has the 26 English letters.
 Starting with the second row, each row has the letters shifted to the left one position in a cyclic way.


25
Vigenere Cipher working rule
 write the plaintext out
 write the keyword repeated above it
 use each key letter as a caesar cipher key
 encrypt the corresponding plaintext letter

26
Activity
 Q: encrypt the given plaintext letter using Vigenère
Cipher, use keyword deceptive

 plaintext:

wearediscoveredsaveyourself
 Key:

deceptivedeceptivedeceptive

 Ciphertext:

zicvtwqngrzgvtwavzhcqyglmgj

27
Transposition Cipher
 All the techniques examined so far involve the substitution of
a ciphertext symbol for a plaintext symbol.
 A very different kind of mapping is achieved by performing
some sort of permutation on the plaintext letters.
 This technique is referred to as a transposition cipher.

28
Transposition Cipher
 Types of Transposition Cipher Techniques:
 Spartans cipher
 Rail fence cipher
 Simple Columnar Transposition
 Route cipher
 Book cipher/running key cipher

29
Classical Transposition
 Spartans cipher , fifth century B.C.
Start the war today

Encryption: rearrange the text in 3 columns

S t a
r t t
h e w
a r t
o d a Rewrite it by reading
down y
Srhaoytterdatwta
30
Rail Fence
 The simplest of such ciphers is the rail fence technique, in
which the plaintext is written down as a sequence of diagonals
and then read off as a sequence of rows
 For example, to encipher the message “MEET ME AFTER THE
GOOD PARTY” with a rail fence of depth 2 (number of rows,
which is the key), we write the following

 The ciphertext is MEMATRHGOPRYETEFETEODAT

With depth of 3

31
Columnar Transposition
• Write the message in rows of a fixed length, and then
read out again column by column.
• The columns are chosen in some scrambled order.
• Both the length of the rows and the permutation of the
columns are usually defined by a keyword.

32
Key Columnar Transposition
Example: Let the key word be: ZEBRA.
Z E B R A
W E A R E
D I S C O
V E R E D
F L E E A
T O N C E
The message:
EODAEASRENEIELORCEECWDVFT.

33
Route Cipher
The plaintext is first written out in a grid of given dimensions,
then we read it off in a pattern given in the key.
Example: The key say: read message from top right corner down and
to the left.
W D V F T
E I E L O
A S R E N
R C E E C
E O D A E
The message:
TONCEADOEFLEEECRVERSADIEW.

34
 Cryptanalysis

35
 Cryptanalysis
 Typically, the objective of attacking an encryption system is to
recover the key in use rather then simply to recover the plaintext of
a single ciphertext
 general approaches:
 Cryptanalytic attack
 exploits the characteristics of the algorithm
 Brute-force attack
 try every possible key on a piece of cipher text
 Letter frequency analysis attack
 Objective to recover key not just message

36
Cryptanalytic Attacks

37
Cryptanalysis…
 A brute-force attack: involves trying every possible key
until an intelligible translation of the ciphertext
into plaintext is obtained.
 On average, half of all possible keys must be tried to achieve
success.
 given a ciphertext Caesar cipher, then a brute-force is easy
performed:
 simply try all the 25 possible keys.
 Assuming language of the plaintext is known.
 Thus, Caesar cipher is far from secure.
 Eg: try to break this Caesar cipher
BRXDUHKDFNLQJ

38
Brute Force Search
 always possible to simply try every key
 assume either know / recognise plaintext
 impractical if we use an algorithm that employs a large
number of keys.
 most basic attack, proportional to key size

39
Language Redundancy and Cryptanalysis
 Human languages are redundant
 Letters are not equally commonly used
 In English E is by far the most common letter
 followed by T,R,N,I,O,A,S
 Other letters like Z,J,K,Q,X are fairly rare
 Have tables of single, double & triple letter frequencies
for various languages

40
English Letter Frequencies

41
More Definitions
 Unconditional security
 No matter how much computer power or time is available, the
cipher cannot be broken since the ciphertext provides
insufficient information to uniquely determine the
corresponding plaintext
 Computational security
 Given limited computing resources (eg time needed for
calculations is greater than age of universe), the cipher cannot
be broken
 It either takes too long, or is too expensive,

42
 Cryptographic Systems

Private key (Symmetric key), Public key (Asymmetric key)

43
Cryptographic systems
Characterized along three dimensions:
 operations used for transforming
 Substitution: Replace (bit, letter, group of bits letters
 Transposition:
Transposition Rearrange the order
 Product :use
: multiple stages of both
 number of keys used
 Symmetric:
Symmetric same key , secret-key, private-key
 Asymmetric:
Asymmetric different key , public-key
 way in which the plaintext is processed
 block cipher
 Stream cipher

44
Cryptographic Systems
 There are two fundamentally different cryptographic systems
 Symmetric cryptosystem/ Private key
 Asymmetric cryptosystem/ Public key

 Symmetric: the same key is used to encrypt the data

 Both sides of the communication must have the same key
 Examples: DES, AES, Blowfish, RC2, RC5, IDEA…
 Asymmetric: different keys are used to encrypt and
decrypt the data
 Example: RSA,DH, Elgamal…

45
 K1 K2
Encryption
Encryption Decryption
Decryption
M C M

 More formally, using maths:

 Notation
 Plain text: M
 Encrypted text: C
 Encryption with key K1 : E K1(M) = C
 Decryption with key K2 : D K2(C) = M

 Algorithms
 Symmetric K1 = K2
Symmetric:
 Asymmetric: K1 ≠ K2
46
Symmetric ciphering
 Also called secret-key/private-key cryptosystem
 The same key is used to encrypt and decrypt a message
C = DK [EK (P)]

• Have been used for centuries in a variety of forms

• The key has to be kept secret
• The key has to be communicated using a secure channel
• They are still in use in combination with public-key
cryptosystems due to some of their advantages

47
Requirements
 Two requirements for secure use of symmetric
encryption:
 a strong encryption algorithm
 a secret key known only to sender / receiver
 mathematically have:
C = E(K, P ) done by sender side
P = D(K, C ) receiver side
 Assume encryption algorithm is known
 implies a secure channel to distribute key

48
Asymmetric ciphering
 Asymmetric Cryptography
 Also called public-key cryptosystem
 keys for encryption and decryption are different but form a unique pair
C = DKD [EKE (P)]
 Only one of the keys need to be private while the other can be public.

 Invented by Diffie and Hellman in 1976.

 It is a revolutionary concept since it avoids the need of using a
secure channel to communicate the key.
 It has made cryptography available for the general public and
made many of today’s on-line application feasible.

49
Block vs Stream Ciphers
 Block ciphers process messages into blocks, each of
which is then en/decrypted
 like a substitution on very big characters
 64-bits or more
 Stream ciphers process messages a bit or byte at a
time when en/decrypting
 many current ciphers are block ciphers

50
Substitution-Permutation Ciphers…
 Substitution Operation
 a binary word is replaced by some other binary word
 the whole substitution function forms the key
 if use n bit words, the key is 2n ! bits, grows rapidly
 will call them S-Boxes
 Permutation Operation
 a binary word has its bits reordered (permuted)
 the re-ordering forms the key
 if use n bit words, the key is n! bits, which grows more
slowly, and hence is less secure than substitution
 will call these P-Boxes

51
Substitution-Permutation Ciphers…
 In cryptography, confusion and diffusion are two properties of the
operation of a secure cipher which were identified by Shannon.
 Shannon's mixing transformations are a special form of product
ciphers where
 S-Boxes
 provide confusion of input bits
 Making the relationship between the key and the ciphertext as complex and
involved as possible
 P-Boxes
 provide diffusion across S-box inputs
 It hides the relationship between the ciphertext and the plaintext
 The property that redundancy in the statistics of the plaintext is "dissipated" in the
statistics of the ciphertext

52
Substitution-Permutation Ciphers…

Basic elements of product ciphers.

(a) P-box. (b) S-box. (c) Product.

53
Cryptographic Algorithms
 Block ciphers (secret/symmetric key, DES)
 Hashes (digital signature)
 Diffie-Hellman key exchange
 RSA (public key encryption and digital signature)
 ElGamal digital signature
 IDEA, RC2, RC5, Blowfish, and many more

54
Symmetric Block Cipher Algorithms
 DES (Data Encryption Standard)
 3DES (Triple DES)
 AES (Advanced Encryption Standard)

55
Feistel Cipher Structure
 It is block cipher symmetric encryption algorithms, first
described by Horst Feistel of IBM in 1973.
 It is depends on the choice of the following parameters
 Block size: larger block sizes mean greater security
 Key Size: larger key size means greater security
 Number of rounds: multiple rounds offer increasing security
 Subkey generation algorithm: greater complexcity will lead to
greater difficulty of cryptanalysis.
 Fast software encryption/decryption: the speed of execution of the
algorithm becomes a concern.

56
Feistel Cipher Structure
Steps:
1. Input of plaintext and key K.
2. Plaintext is divided into two halves L0 and R0.
3. These two halves pass through N round of processing
to produce CipherText block.
4. The key K is derived from subkey generation
algorism .
5. These two halves combine by applying a round
function ‘F’ on right half of data and then taking
X-OR operation of the output of F with left half of
data.
57
58
Data Encryption Standard (DES)
 Most widely used block cipher in world
 Adopted in 1977 by NBS (now NIST)
 NBS-National Bureau of Standards
 NIST - National Institute of Standards and Technology
 Encrypts 64-bit data using 56-bit key
 Has widespread use
 Has been considerable controversy over its security

59
Symmetric DES…
 The basic process in enciphering a 64-bit data block
using the DES consists of:
 an initial permutation (IP)
 16 rounds of a complex key dependent calculation f
 a final permutation, being the inverse of IP

60
Symmetric DES...
• DES Utilizes block cipher.
- During the encryption process, the plaintext is divided into fixed length
blocks of 64 bits.
• The key is 56 bits wide. 8-bit out of the total 64-bit block key
is used for parity check.
• 56-bit key gives 256 ( 7.2*1016) possible key variations.
• DES algorithm involves carrying out combinations of
substitutions and permutations between the text to be
encrypted and the key,
• while making sure the operations can be performed in both
directions (for decryption).

61
DES Encryption Overview
Symmetric DES
It reorders the input data bits

Initial Permutation (IP) Final Permutation (FP)

IP IP-1
58 50 42 34 26 18 10 2 40 8 48 16 56 24 64 32
60 52 44 36 28 20 12 4 39 7 47 15 55 23 63 31
62 54 46 38 30 22 14 6 38 6 46 14 54 22 62 30
64 56 48 40 32 24 16 8 37 5 45 13 53 21 61 29
57 49 41 33 25 17 9 1 36 4 44 12 52 20 60 28
59 51 43 35 27 19 11 3 35 3 43 11 51 19 59 27
61 53 45 37 29 21 13 5 34 2 42 10 50 18 58 26
63 55 47 39 31 23 15 7 33 1 41 9 49 17 57 25

“First Bit of the output is taken from the 58th bit of the input, etc...”

63
Symmetric DES...
• DES Encryption starts with an initial permutation (IP) of
the 64 input bits.
• These bits are then divided into two 32-bit halves called
L and R.
• The encryption then proceeds through 16 rounds, each
using the L and R parts, and a roundkey.
• The R and roundkeys are processed in the so called f-
function, and exclusive-or of the output of the f-
function with the existing L part to create the new R
part.
• The new L part is simply a copy of the incoming R part.

64
Symmetric DES...
• In the final round, the L and R parts are swapped once
more before the final permutation (FP) producing the
output block.
• Decryption is identical to encryption, except that the
subkeys are used in the opposite order.
• That is, roundkey 16 is used in round 1, roundkey 15 is
used in round 2, etc., ending with roundkey 1 being
used in round 16.
• The f-function mixes the bits of the R portion using the
roundkey for the current round.

65
One Round of DES Algorithm

66
One Round of Processing in DEA
 The 32-bit right half of the 64-bit input data block is
expanded by into a 48-bit block.
 This is referred to as the expansion permutation step, or
the E-step.
 The E-step involves the following:
 attach an additional bit on the left to each 4-bit word that is the
last bit of the previous 4-bit word
 attach an additional bit to the right of each 4-bit word that is the
beginning bit of the next 4-bit word.
 The 56-bit key is divided into two halves,
 each half shifted separately, and the combined 56-bit key
permuted/contracted to yield a 48-bit round key.

67
DES Expansion Permutation
 Input 32 bits Expansion/Permutation
1 2 3 4 5 6 7 8 9 10
11 12 13 14 15 16 17 18
19 20 21 22 23 24 25 26 27
28 29 30 32 The 32-bit half-block of data is
expanded to 48 bits.
E
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
 Output 48 bits 12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
One Round of Processing in DEA
 The 48 bits of the expanded output produced by the E-
step are XORed with the round key.
 This is referred to as key mixing.
 The output produced by the previous step is broken into
eight six-bit words.
 Each six-bit word goes through a substitution step.
 The substitution is carried out with an S-box.

69
The S-Box for the Substitution Step in Each
Round
 The 48-bit input word is divided into eight 6-bit words
and each 6-bit word fed into a separate S-box.
 Each S-box produces a 4-bit output. Therefore, the 8 S-
boxes together generate a 32-bit output.
 The overall substitution step takes the 48-bit input back
to a 32-bit output.
 Each of the eight S-boxes consists of a 4×16 table
lookup for an output 4-bit word.
 The first and the last bit of the 6-bit input word are decoded into
one of our rows and
 The middle 4 bits into one of 16 columns for the table lookup.

70
The S-Box for the Substitution Step in Each Round

71
 DES S-Boxes

72
S-Box for the Substitution Step in Each Round
The S-Box

If S1 is the function defined in this table and B is a block of 6 bits, then S1(B) is
determined as follows: The first and last bits of B represent in base 2 a number in the
decimal range 0 to 3 (or binary 00 to 11). Let that number be i. The middle 4 bits of B
represent in base 2 a number in the decimal range 0 to 15 (binary 0000 to 1111). Let that
number be j. Look up in the table the number in the i-th row and j-th column. It is a
number in the range 0 to 15 and is uniquely represented by a 4 bit block. That block is the
output S1(B) of S1 for the input B. For example, for input block B = 011011 the first bit is
"0" and the last bit "1" giving 01 as the row. This is row 1. The middle four bits are
"1101". This is the binary equivalent of decimal 13, so the column is column number 13.
In row 1, column 13 appears 5. This determines the output; 5 is binary 0101, so that the
73
output is 0101. Hence S1(011011) = 0101.
 P-Box Permutation Step in Each Round
 The 32-bits of the previous step then go through a P-box
based permutation.

The first output bit will be the 16th

bit of the input, the second
output bit the 7th bit of the input,
and so on.

 What comes out of the P-box is then XORed with the left
half of the 64-bit block that we started out with.
 The output of this XORing operation gives us the right
half block for the next round.

74
DES Round Structure

 Li = Ri–1
 Ri = Li–1  F(Ri–1, Ki)

75
DES Round Key Generation
 The initial 64-bit key may be represented as 8 bytes,
with the last bit of each byte used as a parity bit.

Initial Key

 The relevant 56 bits are subject to a permutation at the

beginning before any round keys are generated.
(permutation choice 1)

PC-1

76
DES Round Key Generation…
 To generate the roundkeys, start with the 56-bit key
(64 bits if you include the parity bits).
 These are permuted and divided into two halves called
C and D.
 For each round, C and D are each shifted left circularly
one or two bits.
 Then Contraction/Permuted choice(PC-2)
 Remove 9 18 22 25 and 35 38 43 54 position bits
 The 48-bit roundkey is then selected from the current C
and D bits.

77
 DES Round Key Generation….
Left Shift

Contraction/Permuted Choice (PC-2)

PC-2
14 17 11 24 1 5
Selects/Extracts the 48-bit subkey for each
3 28 15 6 21 10
round from the 56-bit key-schedule state.
23 19 12 4 26 8
16 7 27 20 13 2
41 52 31 37 47 55
30 40 51 45 33 48
44 49 39 56 34 53
46 42 50 36 29 32

78
DES Round Key Generation…

79
One Round of Processing in DEA
 The goal of the substitution step implemented by the S-box is
to introduce diffusion in the generation of the output from
the input.
 Diffusion means that each plaintext bit must affect as many
ciphertext bits as possible.
 The strategy used for creating the different round keys from
the main key is meant to introduce confusion into the
encryption process.
 Confusion in this context means that the relationship between the
encryption key and the ciphertext must be as complex as possible.

80
Strength of DES – Key Size
 56-bit keys have 256 = 7.2 x 1016 values
 brute force search looks hard
 recent advances have shown is possible
 in 1997 on Internet in a few months
 in 1998 on dedicated h/w (EFF) in a few days
 in 1999 above combined in 22hrs!
 now considering alternatives to DES

81
Symmetric DES...
• Cracking: The most basic method of attack for any cipher is
brute force - trying every possible key in turn.
• The length of the key determines the number of possible
keys, and hence the feasibility of the approach.
• DES is not adequate with this regard due to its key size
• In academia, various proposals for a DES-cracking machine
were advanced.
 In 1977, Diffie and Hellman proposed a machine, which could find a
DES key in a single day.
 By 1993, Wiener had proposed a key-search machine costing US $1
million which would find a key within 7 hours.

82
Symmetric DES...
 DES finally and definitively proved insecure in July
1998, when the Electronic Frontier Foundation (EFF)
announced that it had broken a DES encryption using a
special-purpose "DES cracker" machine that was built
for less than $250,000.
 The attack took less than three days.
 The EFF has published a detailed description of the
machine, enabling others to build their own cracker
[EFF98].

83
Symmetric DES...

 The EFF's US$250,000 DES

cracking machine contained
1,856 custom chips and
could brute force a DES key
in a matter of days.
 The photo shows a DES
Cracker circuit board fitted
with several Deep Crack
chips.

84
Multiple Encryption with DES for a More
Secure Cipher
 As you already know, the DES cryptographic system was shown
not to be very secure about 15 years ago.
 We can obviously use AES cryptography that is designed to be
extremely secure, but the world of commerce and finance does
not want to give up on DES that quickly
 because of all the investment that has already been in DES-related
software and hardware.
 So that raises questions like: How about a cryptographic system
that carries out repeated encryption with DES? Would that be
more secure?
 We will now show that whereas double DES may not be that much
more secure than regular DES, we can expect triple DES to be
very secure.

85
Double DES
 The simplest form of multiple encryption with DES is
double DES that has two DES-based encryption stages using
two different keys.
 Let’s say that P represents a 64-bit block of plaintext.
 Let E represent the process of encryption that transforms a
plaintext block into a ciphertext block.
 Let’s use two 56-bit encryption keys K1 and K2 for a double
application of DES to the plaintext.
 Let C represent the resulting block of ciphertext. We have
C = E(K2, E(K1, P))
P = D(K1, D(K2, C))
 where D represents the process of decryption.
86
Triple-DES with Two-Keys
 Triple-DES with two keys is a popular alternative to
single-DES,
 but suffers from being 3 times slower to run.
 Although there are no practical attacks, have some
indications of attack approaches.
 Hence some are now adopting Triple-DES with three
keys for greater security.

87
Triple-DES with Two-Keys…
 Hence must use 3 encryptions
 would seem to need 3 distinct keys
 but can use 2 keys with E-D-E sequence
 C = EK1[DK2[EK1[P]]]
 nb encrypt & decrypt equivalent in security
 if K1=K2 then can work with single DES
 standardized in ANSI X9.17 & ISO8732
 no current known practical attacks

88
Triple-DES with Three-Keys
 Although there are no practical attacks on two-key
Triple-DES, have some indications
 can use Triple-DES with Three-Keys to avoid even
these
 C = EK3[DK2[EK1[P]]]
 has been adopted by some Internet applications, eg
PGP, S/MIME
 PGP- Pretty Good Privacy
 MIME- Multipurpose Internet Mail Extension

 Three-key 3DES has an effective key length of 168 bits

89
 Triple-DES with Three-Keys…
• With triple length key of three 56-bit keys K1, K2 & K3,
encryption is:
- Encrypt with K1
- Decrypt with K2
- Encrypt with K3

• Decryption is the reverse process:

- Decrypt with K3
- Encrypt with K2

• Setting
- Decrypt withto
K3 equal K1 K in these processes gives us a double length key
1
K1 , K 2 .
• Setting K1, K2 and K3 all equal to K has the same effect as using a
single-length (56-bit key).
• Thus it is possible for a system using triple-DES to be compatible with
a system using single-DES.
90
Triple DES…

91