CS-484

Information Security
AYESHA KANWAL-SEECS
Agenda
DES Encryption
DES Cryptanalysis
Double DES
Triple DES
Secret Key vs. Secret
Algorithm
• Secret algorithm: additional hurdle
• Hard to keep secret if used widely:
• Reverse engineering, social engineering

• Commercial: published
• Wide review, trust

• Military: avoid giving enemy good ideas

Cryptanalysis Scheme
Ciphertext only:
◦ Exhaustive search until “recognizable plaintext”
◦ Need enough ciphertext

Known plaintext:
◦ Secret may be revealed (by spy, time), thus <ciphertext, plaintext>
pair is obtained
◦ Great for monoalphabetic ciphers

Chosen plaintext:
◦ Choose text, get encrypted
◦ Pick patterns to reveal the structure of the key
Unconditional vs. Computational
Security
Unconditional security
◦ No matter how much computer power is available, the cipher cannot be
broken
◦ The ciphertext provides insufficient information to uniquely determine the
corresponding plaintext
◦ Only one-time pad scheme qualifies

Computational security
◦ The cost of breaking the cipher exceeds the value of the encrypted info
◦ The time required to break the cipher exceeds the useful lifetime of the info
Recap:
Block Ciphers
vs Stream
Ciphers

6
 Block Cipher Principles
● Substitution-Permutation (S-P) networks form the basis of modern block ciphers.

● S-P nets are based on the two primitive cryptographic operations seen before:
○ Substitution (S-box)
○ Permutation (P-box)

Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 7
Hall, 2017.
 ● Substitution*: Each plaintext element or group of elements is uniquely
replaced by a corresponding ciphertext element or group of elements.

● Permutation*: A sequence of plaintext elements is replaced by a

permutation of that sequence. That is, no elements are added or deleted
or replaced in the sequence, rather the order in which the elements
appear in the sequence is changed.

Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 8
Hall, 2017.
Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 9
Hall, 2017.
 ● Substitution is not enough. Permutation must also be used otherwise,
cipher is susceptible to cryptanalysis.

● Final recommendation proposed by Claude Shannon: develop a product

cipher that alternates confusion and diffusion functions.

Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 10
Hall, 2017.
Shannon suggests two methods for frustrating statistical cryptanalysis:
diffusion and confusion.

● #1 In diffusion*, the statistical structure of the plaintext is dissipated into

long-range statistics of the ciphertext. This is achieved by having each
plaintext digit affect the value of many ciphertext digits; generally, this
is equivalent to having each ciphertext digit be affected by many
plaintext digits.

Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 11
Hall, 2017.
 ● In a binary block cipher, diffusion can be achieved by repeatedly
performing some permutation on the data followed by applying a
function to that permutation;
● The effect is that bits from different positions in the original plaintext
contribute to a single bit of ciphertext.

Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 12
Hall, 2017.
 ● #2 In confusion*, seeks to make the relationship between the statistics
of the ciphertext and the value of the encryption key as complex as
possible, again to thwart attempts to discover the key.

Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 13
Hall, 2017.
 ● Thus, even if the attacker can get some handle on the statistics of the
ciphertext, the way in which the key was used to produce that ciphertext
is so complex as to make it difficult to deduce the key. This is achieved by
the use of a complex substitution algorithm. In contrast, a simple linear
substitution function would add little confusion.

Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 14
Hall, 2017.
Feistel Cipher Structure
Feistel cipher implements Shannon’s S-P network concept
◦ based on invertible product cipher

Process through multiple rounds which

◦ partitions input block into two halves
◦ perform a substitution on left data half
◦ based on round function of right half & subkey
◦ then have permutation swapping halves
Feistel Cipher
Structure
Feistel Cipher
Decryption
● The rule is as follows: Use the ciphertext as input to the algorithm, but use
the subkeys Ki in reverse order. That is, use Kn in the first round, Kn–1 in the
second round, and so on until K1 is used in the last round. This is a nice
feature because it means we need not implement two different algorithms,
one for encryption and one for decryption.

● Watch “Feistel Cipher - Computerphile” at

https://www.youtube.com/watch?v=FGhj3CGxl8I *

● https://www.youtube.com/watch?v=8l9xAvuGJFo&t=713s

18
 The exact realization of a Feistel network depends on the choice of the
following parameters and design features:
1. Block size
2. Key size
3. Number of rounds
4. Subkey generation algorithm
5. Round function F

Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 20
Hall, 2017.
DES Algorithm
Features:
Block size = 64 bits
Key size = 56 bits (in reality, 64 bits, but 8 are used as parity-check
bits for error control, see next slide)
Number of rounds = 16
16 intermediary keys, each 48 bits
Key length in DES
•In the DES specification, the key length is 64 bit
•8 bytes; in each byte, the 8th bit is a parity-check bit
DES rounds
Initial Permutation (IP)
•This table specifies the input permutation on a 64-bit block.
•The meaning is as follows:
The first bit of the output is taken from the 58th bit of the input; the second
bit from the 50th bit, and so on, with the last bit of the output taken from the
7th bit of the input.
•This information is presented as a table for ease of presentation:
• it is a vector, not a matrix.
Single Round of DES Algorithm

27
DES Rounds
DES Round i
DES “f(•)” Function
S-Box
Example (S1)
DES Key Generation (K1– K16)
DES Permuted Choice 1 and 2 (PC-
1, PC-2)
DES Weak Keys
Cryptanalysis of DES
Double DES
Triple DES
 Advanced Encryption Standard (AES)
● Based on number theory and finite fields
● Very important in cryptography

● Rijndael was selected as AES in Oct 2000

● Designed by Rijmen-Daemen in Belgium
● Has iterative rather than Feistel structure

Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 41
Hall, 2017.
 Rijndael
● Resistant against known attacks
● Speed is fast and code is compact on many CPUs
● Simple design

● Watch “AES Explained (Advanced Encryption Standard) -

Computerphile“, https://www.youtube.com/watch?v=O4xNJsjtN6E*

Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 42
Hall, 2017.
 AES Structure
● State → a data block of 4 columns of 4 bytes
AES instead processes the entire data block as a single matrix during each round
using substitutions and permutation.

● Key is expanded to array of words

The key that is provided as input is expanded into an array of forty-four 32-bit words,
w[i]. Four distinct words (128 bits) serve as a round key for each round;

Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 43
Hall, 2017.
Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 44
Hall, 2017.
 ● Has 10 / 12 / 14 rounds in which the state undergoes:

Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 45
Hall, 2017.
 Four different stages are used, one of permutation and three of substitution:
● Substitute bytes: Uses an S-box to perform a byte-by-byte substitution of the
block.
● ShiftRows: A simple permutation.
● MixColumns: A substitution that makes use of arithmetic over GF(28).
● AddRoundKey: A simple bitwise XOR of the current block with a portion of the
expanded key.

Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 46
Hall, 2017.
AES
Encryptio
n and
Decryptio
n Process

Source: William Stallings,

Cryptography and Network
Security: Principles and
Practice, 7th Edition, published
by Pearson Education, Inc., 47
publishing as Prentice Hall,
2017.
Source: William Stallings,
Cryptography and Network Security:
Principles and Practice, 7th Edition,
published by Pearson Education,
Inc., publishing as Prentice Hall, 48
2017.
 Block Cipher
The Advanced Encryption Standard (AES), also called Rijndael, is a symmetric
block cipher with a block length of 128 bits and support for key lengths of 128,
192, and 256 bits. It was published by NIST (National Institute of Standards and
Technology) in 2001. Here, we assume a key length of 128 bits, which is likely to
be the one most commonly implemented.

49
 AES Block Cipher
The AES Algorithm:
 AES operates on a 4 × 4 column-wise order array of bytes, called the state. For instance, if there are 16
bytes, these bytes are represented as this two-dimensional array:

 The key size used for an AES cipher specifies the number of transformation rounds that convert the
plaintext into the ciphertext . The number of rounds are as follows:
10 rounds for 128-bit keys.
12 rounds for 192-bit keys.
14 rounds for 256-bit keys.
 Each round consists of several processing steps, including one that depends on the encryption key
itself. A set of reverse rounds are applied to transform ciphertext back into the original plaintext using
the same encryption key.

50
 AES Block Cipher
The AES Encryption Algorithm:
 The AES algorithm can be broken into three phases: the initial round, the main rounds, and
the final round. All of the phases use the same sub-operations in different combinations as
follows:
Initial Round
AddRoundKey
Main Rounds (1,2…Nr-1)
SubBytes
ShiftRows
MixColumns
AddRoundKey
Final Round (Nr)
SubBytes
ShiftRows
AddRoundKey

51
 AES Block Cipher
AddRoundKey: In this operation, the 128 bits of State are bitwise XORed with the 128
bits of the round key. Here is an example where the first matrix is State, and the second
matrix is the round key.

e.g.

 =

52
 AES Block Cipher
SubBytes: A nonlinear substitution step where each entry (byte) of the current state matrix is
substituted by a corresponding entry in the AES S-Box. For instance: byte (6E) is substituted by
the entry of the S-Box in row 6 and column E, i.e., by (9F). (The byte input is broken into two 4-
bit halves. The first half determines the row and the second half determines the column).

e.g.:
state =  S_box(State) =

53
 AES Encryption Cipher
ShiftRows: A transposition step where the four rows of the state are shifted
cyclically to the left by offsets of 0, 1, 2, and 3.

e.g.:
e.g.:

54
 AES Block Cipher
MixColumns: a linear mixing operation which multiplies fixed matrix against current
State Matrix:

Unlike standard matrix multiplication, MixColumns performs matrix multiplication as per

Galois Field (28).

e.g.:

55
 AES Block Cipher
The AES Decryption Algorithm:
 AddRoundKey:
Add Roundkey transformation is identical to the forward add round key transformation,
because the XOR operation is its own inverse.
 Inverse SubBytes:
This operation can be performed using the inverse S-Box. It is read identically to the S-Box
matrix.
 InvShiftRows:
Inverse Shift Rows performs the circular shifts in the opposite direction for each of the last
three rows, with a one-byte circular right shift for the second row, and so on.
 InvMixColumns:
The inverse mix column transformation is defined by the following matrix multiplication in
Galois Field (28):

56
 ● Only AddRoundKey stage uses key (see Figure 6.8 Inputs for Single
AES Round p190)

● Each stage is easily reversible

● Decryption is encryption done in reverse order (the keys in reverse

order)

Source: William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition, published by Pearson Education, Inc., publishing as Prentice 57
Hall, 2017.
Summary
Modern Ciphers
DES
AES