Cryptography and

Network Security
Chapter 3
Fifth Edition
by William Stallings

Lecture slides by Lawrie Brown

 Chapter 3 – Block Ciphers and
the Data Encryption Standard

All the afternoon Mungo had been working on

Stern's code, principally with the aid of the latest
messages which he had copied down at the
Nevin Square drop. Stern was very confident.
He must be well aware London Central knew
about that drop. It was obvious that they didn't
care how often Mungo read their messages, so
confident were they in the impenetrability of the
code.
—Talking to Strange Men, Ruth Rendell
 Modern Block Ciphers
 now look at modern block ciphers
 one of the most widely used types of
cryptographic algorithms
 provide secrecy /authentication services
 focus on DES (Data Encryption Standard)
 to illustrate block cipher design principles
 Block vs Stream Ciphers
 block ciphers process messages in blocks,
each of which is then en/decrypted
 like a substitution on very big characters
 64-bits or more
 stream ciphers process messages a bit or
byte at a time when en/decrypting
 many current ciphers are block ciphers
 better analysed
 broader range of applications
Block vs Stream Ciphers
 Block Cipher Principles
 most symmetric block ciphers are based on a
Feistel Cipher Structure
 needed since must be able to decrypt ciphertext
to recover messages efficiently
 block ciphers look like an extremely large
substitution
 would need table of 264 entries for a 64-bit block
 instead create from smaller building blocks
 using idea of a product cipher
Ideal Block Cipher

permutation
Claude Shannon and Substitution-
Permutation Ciphers
 Claude Shannon introduced idea of substitution-
permutation (S-P) networks in 1949 paper
 form basis of modern block ciphers
 S-P nets are based on the two primitive
cryptographic operations seen before:
 substitution (S-box)
 permutation (P-box)
 provide confusion & diffusion of message & key
 Confusion and Diffusion
 cipher needs to completely obscure
statistical properties of original message
 a one-time pad does this
 more practically Shannon suggested
combining S & P elements to obtain:
 diffusion – dissipates statistical structure
of plaintext over bulk of ciphertext
 confusion – makes relationship between
ciphertext and key as complex as possible
 Feistel Cipher Structure
 Horst Feistel devised the Feistel cipher
 based on concept of invertible product cipher
 partitions input block into two halves
 process through multiple rounds which
 perform a substitution on left data half
 based on round function of right half & subkey
 then have permutation swapping halves
 implements Shannon’s S-P net concept
Feistel Cipher Structure
Feistel Cipher Structure
Feistel Cipher Design Elements
 block size
 key size
 number of rounds
 subkey generation algorithm
 round function
 fast software en/decryption
 ease of analysis
Data Encryption Standard (DES)
 most widely used block cipher in world
 adopted in 1977 by NBS (now NIST)
 as FIPS PUB 46
 encrypts 64-bit data using 56-bit key
 has widespread use
 has been considerable controversy over
its security
 DES History
 IBM developed Lucifer cipher
 by team led by Feistel in late 60’s
 used 64-bit data blocks with 128-bit key
 then redeveloped as a commercial cipher
with input from NSA and others
 in 1973 NBS issued request for proposals
for a national cipher standard
 IBM submitted their revised Lucifer which
was eventually accepted as the DES
 DES Design Controversy
 although DES standard is public
 was considerable controversy over design
 in choice of 56-bit key (vs Lucifer 128-bit)
 and because design criteria were classified
 subsequent events and public analysis
show in fact design was appropriate
 use of DES has flourished
 especially in financial applications
 still standardised for legacy application use
DES Encryption Overview
 Initial Permutation IP
 first step of the data computation
 IP reorders the input data bits
 even bits to LH half, odd bits to RH half
 quite regular in structure (easy in h/w)
 no cryptographic value
 example:
IP(675a6967 5e5a6b5a) = (ffb2194d 004df6fb)
 DES Round Structure
 uses two 32-bit L & R halves
 as for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1  F(Ri–1, Ki)
 F takes 32-bit R half and 48-bit subkey:
 expands R to 48-bits using perm E
 adds to subkey using XOR
 passes through 8 S-boxes to get 32-bit result
 finally permutes using 32-bit perm P
DES Round Structure
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
 Table
4.2

DES
Exampl
e
(Table can be found on
page 106 in the textbook)

© 2020 Pearson Education, Inc., Hoboken, NJ. Note: DES subkeys are shown as eight 6-bit values in hex format
All rights reserved.
 Table 4.3 Avalanche Effect in DES: Change in Plaintext
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
(Table can be found on page 107 in the textbook)
 Table 4.4 Avalanche Effect in DES: Change in Key
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.
(Table can be found on page 107 in the textbook)
 Table 4.5
Average Time Required for Exhaustive Key
Search

© 2020 Pearson Education, Inc., Hoboken, NJ.

All rights reserved. (Table can be found on page 109 in the textbook)
 Strength of DES

Timing attacks
One in which information about the key or the
plaintext is obtained by observing how long it
takes a given implementation to perform
decryptions on various ciphertexts
Exploits the fact that an encryption or decryption
algorithm often takes slightly different amounts of
time on different inputs
So far it appears unlikely that this technique will
ever be successful against DES or more
powerful symmetric ciphers such as triple DES
and AES
© 2020 Pearson Education, Inc., Hoboken, NJ.
All rights reserved.