CRYPTOGRAPHY AND NETWORK SECURITY

UNIT - 2
Symmetric Encryption
Mathematics of Symmetric Key Cryptography, Introduction to Modern Symmetric Key Ciphers,
Data Encryption Standard, Advanced Encryption Standard
Symmetric encryption is a form of cryptosystem in which encryption and decryption are performed
using the same key. It is also known as conventional encryption, Symmetric encryption, secret key
or single-key encryption.
SYMMETRIC CIPHER MODEL:
Symmetric encryption is a form of cryptosystem in which encryption and decryption are
performed using the same key. It is also known as conventional encryption. Symmetric encryption,
also referred to as conventional encryption or single-key encryption.
A symmetric encryption scheme has five ingredients
• Plaintext: This is the original intelligible message or data that is fed into the algorithm
as input.
• Encryption algorithm: The encryption algorithm performs various substitutions and
transformations on the plaintext.
• Secret key: The secret key is also input to the encryption algorithm.The key is a value
independent of the plaintext and of the algorithm. The algorithm will produce a different output
depending on the specific key being used at the time.The exact substitutions and transformations
performed by the algorithm
depend on the key.
• Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and
the secret key. For a given message, two different keys will produce two different ciphertexts. •
Decryption algorithm: This is essentially the encryption algorithm run inreverse. It takes the
ciphertext and the secret key and produces the originalplaintext.

There are two requirements for secure use of

conventional encryption:
1. We need a strong encryption algorithm. At a minimum, we would like the algorithm to be
such that an opponent who knows the algorithm and hasaccess to one or more cipher texts would
be unable to decipher the ciphertext or figure out the key.
2. Sender and receiver must have obtained copies of the secret key in a secure fashion and
must keep the key secure.

PITS, CHINTALAPUDI 1 DEPT OF CSE

Let us take a closer look at the essential elements of a symmetric encryption
scheme, using below Figure. A source produces a message in plaintext, . The elements of are
letters in some finite alphabet. Traditionally, the alphabet usually consisted of the 26 capital
letters. Now a days, the binary alphabet {0, 1} is typically used. For encryption, a key of the form
is generated. If the key is generated at the message source, then it must also be provided to the
destination by means of some secure channel. Alternatively, a third party could generate the key
and securely deliver it to both source and destination

With the message and the encryption key as input, the encryption algorithm forms the
ciphertext .We can write this as This notation indicates that is produced by using encryption

PITS, CHINTALAPUDI 2 DEPT OF CSE

algorithm E as a function of the plaintext , with the specific function determined by the value of
the key . The intended receiver, in possession of the key, is able to invert the transformation:
X=D(K,Y)

Cryptographic systems are characterized along three

independent dimensions:
1. The type of operations used for transforming plaintext to ciphertext. All encryption
algorithms are based on two general principles: substitution, in which each element in the
plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition, in
which elements in the plaintext are rearranged. The fundamental requirement is that no
information be lost (that is, that all operations are reversible).
2. The number of keys used. If both sender and receiver use the same key, the system is
referred to as symmetric, single-key, secret-key, or conventional encryption. If the sender and
receiver use different keys, the system is referred to as asymmetric, two-key, or public-key
encryption.
3. The way in which the plaintext is processed. A block cipher processes the input one block
of elements at a time, producing an output block for each input block. A stream cipher processes
the input elements continuously, producing output one element at a time, as it goes along.
SUBSTITUTION TECHNIQUES
1) Caesar cipher (or) shift cipher
The earliest known use of a substitution cipher and the simplest was by Julius Caesar. The Caesar
cipher involves replacing each letter of the alphabet with the letter standing 3 places further down
the alphabet.
plain: meet me after the toga party
cipher: PHHW PH DIWHU WKH WRJD SDUWB
Note that the alphabet is wrapped around, so that letter following „z‟ is „a‟.
Then the algorithm can be expressed as follows. For each plaintext letter , substitute The
cipher text letter
C = E(3, p) = (p + 3) mod 26
A shift may be of any amount, so that the general Caesar algorithm is
C = E(k, p) = (p + k) mod 26
Where K takes on a value in the range 1 to 25.The decryption algorithm is simply

PITS, CHINTALAPUDI 3 DEPT OF CSE

p = D(k, C) = (C - k) mod 26

Drawbacks
 There are only 25 keys totry.
 The language of the plaintext is known and easily recognizable
2) Monoalphabetic Ciphers:
With only 25 possible keys, the Caesar cipher is far from secure. A dramatic increase in the key
space can be achieved by allowing an arbitrary substitution. Before proceeding, we define the
term permutation. A permutation of a finite set of elements is an ordered sequence of all the
elements of , with each element appearing exactly once. For example, if , S = {a, b, c} there are
six permutations of S :
abc, acb, bac, bca, cab, cba
In general, there are 3! permutations of a set of elements, because the first element can be chosen
in one of n ways, the second in ways, the third in ways, and so on.
Recall the assignment for the Caesar cipher:
plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
If, instead, the “cipher” line can be any permutation of the 26 alphabetic characters, then there
are 26! or greater than 4 * 1026 possible keys.
Such an approach is referred to as a monoalphabetic substitution cipher, because a single
cipher alphabet (mapping from plain alphabet to cipher alphabet) is used per message.

3) Playfair Cipher
The best-known multiple-letter encryption cipher is the Playfair, which treats digrams in the
plaintext as single units and translates these units into ciphertextdigrams. The Playfair algorithm
is based on the use of a 5 5 matrix of letters constructed using a keyword.
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z

PITS, CHINTALAPUDI 4 DEPT OF CSE

In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the
keyword (minus duplicates) from left to right and from top to bottom,and then filling in the
remainder of the matrix with the remaining letters in alphabetic order. The letters I and J count as
one letter. Plaintext is encrypted two letters at a time, according to the following rules:
1. Repeating plaintext letters that are in the same pair are separated with a fillerletter, such as
x, so that balloon would be treated as ba lx lo on.
2. Two plaintext letters that fall in the same row of the matrix are each replaced bythe letter
to the right, with the first element of the row circularly following thelast. For example, ar is
encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by the letter beneath, with
the top element of the column circularly following the last. For example, mu is encrypted as CM.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and
the column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM (or
JM, as the encipherer wishes).

example
Plaintext = meet me at the school house
Splitting two letters as a unit => me et me at th es ch ox ol ho us ex
Corresponding cipher text => CL KL CL RS PD IL HY AV MP HF XL IU

Strength of playfair cipher

Playfair cipher is a great advance over simple mono alphabetic ciphers. Since there are 26 letters,
26x26 = 676 diagrams are possible, so identification of individual diagram is more difficult.
3) Polyalphabetic ciphers
a) Vigenere cipher:
To encrypt a message, a key is needed that is as long as the message. Usually, the key is a
repeating keyword. For example, if the keyword is deceptive, the message “we are discovered
save yourself” is encrypted as
Key : deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Expressed numerically, we have the following result.

PITS, CHINTALAPUDI 5 DEPT OF CSE

 Key 3 4 2 4 15 19 8 21 4 3 4 2 4 15
Plaintext 22 4 0 17 4 3 8 18 2 14 21 4 17 4
ciphertext 25 8 2 21 19 22 16 13 6 17 25 6 21 19

Key 19 8 21 4 3 4 2 4 15 19 8 21 4
Plaintext 3 18 0 21 4 24 14 20 17 18 4 11 5
ciphertext 22 0 21 25 7 2 16 24 6 11 12 6 9

Strength of Vigenere cipher

 There are multiple cipher text letters for each plaintext letter.
 Letter frequency information is obscured.
b) Vernam cipher
Theultimatedefenseagainstsuchacryptanalysisistochooseakeywordthatisaslongastheplain
textandhasnostatisticalrelationshiptoit.SuchasystemwasintroducedbyanAT&Tengineern
amedGilbertVernamin1918.Hissystemworksonbinarydata(bits)ratherthanletters.Thesyst
emcanbeexpressedsuccinctly as follows

ci = pi ki
where

pi=ithbinarydigitofplaintext

ki =ithbinary digit ofkey

ci =ithbinary digit ofciphertext

= exclusive-or (XOR)operation

PITS, CHINTALAPUDI 6 DEPT OF CSE

Example :

One Time Pad:

It is an unbreakable cryptosystem. The key is of same length as the message. Once a key is used, it is
discarded and never used again.
An example should illustrate our point. Suppose that we are using a Vigenère scheme with 27
characters in which the twenty-seventh character is the space character, but with a one-time key that
is as long as the message.
Consider the cipher text
ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
We now show two different decryptions using two different keys:
ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS key:
PXLMVMSYDOFUYRVZWCTNLEBNECVGDUPAHFZZLMNYIH

plaintext: MR MUSTARD WITH THE CANDLESTICK IN THE HALL

ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS key:

MFUGPMIYDGAXGOUFHKLLLMHSQDQOGTEWBQFGYOVUHWT
plaintext: MISS SCARLET WITH THE KNIFE IN THE LIBRARY
Suppose that a cryptanalyst had managed to find these two keys. Two poSsible plaintexts are produced.
How is the cryptanalyst to decide which is the correct decryption?

TRANSPOSITION TECHNIQUES:
a) Rail fence
Rail fence is simplest of such cipher, in which the plaintext is written down as a sequence of diagonals
and then read off as a sequence of rows.
For example, to encipher the message “meet me after the toga party” with a rail fence of
depth 2, we write the following:
mematrhtgpryetefeteoaat
The encrypted message is

PITS, CHINTALAPUDI 7 DEPT OF CSE

MEMATRHTGPRYETEFETEOAAT

b) Row Transposition Ciphers:

A more complex scheme is to write the message in a rectangle, row by row, and read the message
off, column by column, but permute the order of the columns. The order of columns then becomes
the key of the algorithm.
For example,
Key: 4312567
Plaintext: attackpostponeduntiltwoamxyz
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
A pure transposition cipher is easily recognized because it has the same letter frequencies as the
original plaintext.
TRADITIONAL BLOCK CIPHER STRUCTURE
Stream Ciphers and Block Ciphers
A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. Examples
of classical stream ciphers are the auto keyed Vigenère cipher and the Vernam cipher.

A block cipher is one in which a block of plaintext is treated as a whole and used to produce a
cipher text block of equal length. Typically, a block size of 64 or 128 bits is used.

PITS, CHINTALAPUDI 8 DEPT OF CSE

 THE FEISTEL CIPHER:

 Feistel cipher is the execution of two or more simple ciphers in sequence in such a way
that the final result or product is cryptographically stronger than any of the component
ciphers.

 In particular, Feistel proposed the use of a cipher that alternates substitutions

and permutations, where these terms are defined as follows:

 Substitution: Each plaintext element or group of elements is uniquely replaced by

a corresponding ciphertext element or group of elements.

 Permutation: A sequence of plaintext elements is replaced by a permutation of that

sequence. That is, no elements are added or deleted or replaced in the sequence, rather the
order in which the elements appear in the sequence is changed.

FEISTEL CIPHER STRUCTURE:

The left-hand side of Figure 3.3 depicts the structure proposed by Feistel.

 The inputs to the encryption algorithm are a plaintext block of length 2w bits and a key .
The plaintext block is divided into two halves, L0 and R0.

 The two halves of the data pass through n rounds of processing and then combine to
produce the ciphertext block.

 Each round i has as inputs Li-1 and Ri-1 derived from the previous round, as well as a
subkey Ki derived from the overall K. In general, the subkeys Ki are different from K and
from each other.
All rounds have the same structure. A substitution is performed on the left half of the data. This is
done by applying a round function F to the right half of the data and then taking the exclusive-OR

PITS, CHINTALAPUDI 9 DEPT OF CSE

 of the output of that function and the left half of the data.

Following this substitution a Permutation is performed that consists of the interchange of the
two halves of the data.

PITS, CHINTALAPUDI 10 DEPT OF CSE

 The exact realization of a Feistel network depends on the choice of the following parameters
and design features:

Block size: Larger block sizes mean greater security (all other things being equal) but reduced
encryption/decryption speed for a given algorithm. Traditionally, a block size of 64 bits has been
considered a reasonable tradeoff and was nearly universal in block cipher design. However, the
new AES uses a 128-bit block size.

Key size: Larger key size means greater security but may decrease encryption/ decryption speed.
The greater security is achieved by greater resistance to brute-force attacks and greater confusion.
Key sizes of 64 bits or less are now widely considered to be inadequate, and 128 bits has become
a common size.

Number of rounds: The essence of the Feistel cipher is that a single round offers inadequate
security but that multiple rounds offer increasing security. A typical size is 16 rounds.

Subkey generation algorithm: Greater complexity in this algorithm should lead to greater
difficulty of cryptanalysis.

Round function F: Again, greater complexity generally means greater resistance to cryptanalysis.
DATA ENCRYPTION STANDARD (DES):
DES is a Symmetric-key algorithm for the encryption of electronic data.

Data Encryption Standard (DES) is a widely-used method of data encryption using a private
(secret) key

DES applies a 56-bit key to each 64-bit block of data. The process can run in several modes and
involves 16 rounds or operations.

Overall Structure

DES (and most of the other major symmetric ciphers) is based on a cipher known as the Feistel
block cipher.

Looking at the left-hand side of the figure, we can see that the processing of the plaintext proceeds
in three phases.

1. First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges the bits
to produce the permuted input.

2. This is followed by a phase consisting of sixteen rounds of the same function, which involves
both permutation and substitution functions. The output of the last (sixteenth) round consists
PITS, CHINTALAPUDI 11 DEPT OF CSE
 of 64 bits that are a function of the input plaintext and the key. The left and right halves of the
output are swapped to produce the pre output.

3. Finally, the pre output is passed through a permutation that is the inverse of the initial
permutation function, to produce the 64-bit cipher text. With the exception of the initial and
final permutations, DES has the exact structure of a Feistel cipher,
The right-hand portion of below figure shows the way in which the 56-bit key is used. Initially,
the key is passed through a permutation function. Then, for each of the sixteen rounds, a subkey
(Ki ) is produced by the combination of a left circular shift and a permutation. The permutation
function is the same for each round, but a different sub key is produced because of the repeated
shifts of the key bits.

Details of Single Round

Below figure shows the internal structure of a single round. Again, begin by focusing on the left-
hand side of the diagram.

 The left and right halves of each 64-bit intermediate value are treated as separate 32-bit
quantities, labeled L (left) and R (right).

 As in any classic Feistel cipher, the overall processing at each round can be summarized in the
following formulas:

PITS, CHINTALAPUDI 12 DEPT OF CSE

  The round key Ki is 48 bits. The R input is 32 bits. This R input is first expanded to 48 bits by
using a table that defines a permutation plus an expansion that involves duplication of 16 of
the R bits .

 The resulting 48 bits are XORed with Ki . This 48-bit result passes through a substitution
function that produces a 32-bit output, which is permuted .

.S-Box Design in DES :

The role of the S-boxes in the function F is illustrated in Figure 3.7.The substitution consists of a
set of eight S-boxes, each of which accepts 6 bits as input and produces 4 bits as output

PITS, CHINTALAPUDI 13 DEPT OF CSE

 Key Generation

 Returning to above figure 3.4, we see that a 64-bit key is used as input to the algorithm.

 The bits of the key are numbered from 1 through 64; every eighth bit is ignored and The key is
first subjected to a permutation .

 The resulting 56-bit key is then treated as two 28-bit quantities, labelled C0 and D0. At each
round, Ci-1 and Di-1 are separately subjected to a circular left shift.

 These shifted values serve as input to the next round. They also serve as input to the part
labeled Permuted Choice .which produces a 48-bit output that serves as input to the Function
F(Ri-1, Ki).
DES Decryption:

Whatever process we following in the encryption that process is used for decryption also but
the order of key is changed on input message (cipher text).

Reverse order of keys are K16, K15 ,……, K1.

Strengths of DES:

 The DES is a symmetric key block cipher which takes 64bits cipher text and 56 bit key as an
input and produce 64 bits cipher text as output.

 The DES function is made up of P & S boxes

 P-boxes transpose bits

 S-boxes Substitution bits to generating the cipher text.

The use of 56bits keys: 56 bit key is used in encryption, there are 256 possible keys,which is
approximately 256=7.2×1016 keys, by this a brute force attack on such number of keys is
impractical. A machine performing one DES encryption per microsecond would take more than a
thousand years to break the cipher.

PITS, CHINTALAPUDI 14 DEPT OF CSE

 The nature of algorithm: Cryptanalyst can perform cryptanalysis by exploiting the characteristic
of DES algorithm but no one has succeeded in finding out the weakness. This is possible because,
in DES, they using 8-substitution tables or S-boxes in each iteration & one P-box transition for the
every individual iteration.

Avalanche Effect:

key desirable property of an encryption algorithm

a small change in either the plain text or the key should produce a significant change in the cipher
text(this property is called Avalanche Effect)

DES exhibits strong avalanche Effect

Timing Attacks:

Timing attack is one in which information about the key or the plaintext is obtained by observing
how long it takes a given implementation to perform decryptions on various ciphertexts.
The authors conclude that DES appears to be fairly resistant to a successful timing attack

BLOCK CIPHER DESIGN PRINCIPLES

Although much progress has been made in designing block ciphers that are cryptographically
strong, the basic principles have not changed
There are three critical aspects of block cipher design:
 The number of rounds,
 Design of the function F,
 Key scheduling
Number of Rounds

The greater the number of rounds, the more difficult it is to perform cryptanalysis, even for a
relatively weak F.

In general, the criterion should be that the number of rounds is chosen so that known cryptanalytic
efforts require greater effort than a simple brute-force key search attack. This criterion was
certainly used in the design of DES.

Design of Function F

The heart of a Feistel block cipher is the function F. in DES, this function relies on the use of S-
boxes.

Design Criteria For F: The function F provides the element of confusion in a Feistel cipher.
Thus, it must be difficult to “unscramble” the substitution performed by F. One obvious criterion
is that F be nonlinear.

Several other criteria should be considered in designing F. We would like the algorithm to have
good avalanche properties. Recall that, in general, this means that a change in one bit of the input
should produce a change in many bits of the output.

Key Schedule Algorithm

PITS, CHINTALAPUDI 15 DEPT OF CSE
 With any Feistel block cipher, the key is used to generate one subkey for each round. In general, we
would like to select sub keys to maximize the difficulty of deducing individual subkeys and the
difficulty of working back to the main key.

BLOCK CIPHER MODES OF OPERATION

 Mode of operation is a Technique for enhancing the effect of a cryptographic algorithm

 A four modes are intended to cover virtually all possible applications of encryption
for which a block cipher could be used

Mode Description Typical Application

Electronic Codebook Each block of 64 plaintext bits is Secure transmission of

encoded independently using the same single and small values
(ECB) key. (e.g., an encryption
key)
The input to the encryption algorithm --General-purpose block
Cipher Block Chaining is the XOR of the next 64 bits of oriented Transmission
(CBC) plaintext and the preceding 64 bits of
ciphertext --Authentication
Input is processed bits at a time.
Preceding ciphertext is used as input --General-purpose block
Cipher Feedback to the encryption algorithm to produce oriented Transmission
(CFB) pseudorandom output, which is
XORed with plaintext to produce next --Authentication
unit of ciphertext

Input is processed bits at a time.

Preceding ciphertext is used as input --General-purpose block
Output Feedback to the encryption algorithm to produce oriented Transmission
(OFB) pseudorandom output, which is
XORed with plaintext to produce next --Authentication
unit of ciphertext
Each block of plaintext is XORed with
--General-purpose block
an encrypted counter. The counter is
Counter (CTR) oriented Transmission--
incremented for each subsequent
Useful for high-speed
block.
requirements

Electronic Codebook (ECB)

 The simplest mode is the electronic codebook (ECB) mode, in which plaintext is handled one
block at a time and each block of plaintext is encrypted using the same key (Figure 6.3).

 The term codebook is used because, for a given key, there is a unique ciphertext for every b-
bit block of plaintext.

PITS, CHINTALAPUDI 16 DEPT OF CSE

 We can define ECB mode as follows

Advantages:
 The ECB method is ideal for a short amount of data, such as an encryption key.
Thus, if you want to transmit a DES key securely, ECB is the appropriate mode to
use.
 The most significant characteristic of ECB is that the same b-bit block of plaintext,
if it appears more than once in the message, always produces the same ciphertext.
Disadvantages:
 For lengthy messages, the ECB mode may not be secure. If the message is highly
structured, it may be possible for a cryptanalyst to exploit these regularities.
 For example, if it is known that the message always starts out with certain
predefined fields, then the cryptanalyst may have a number of known plaintext ciphertext
pairs to work with.

Cipher Block Chaining Mode(CBC)

To overcome the security deficiencies of ECB, we would like a technique in which the
same plaintext block, if repeated, produces different cipher text blocks.

A simple way to satisfy this requirement is the cipher block chaining (CBC) mode (Figure 6.4). In
this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and
the preceding ciphertext block; the same key is used for each block. In effect, we have chained
together the processing of the sequence of plaintext blocks
We can define CBC mode as follows

PITS, CHINTALAPUDI 17 DEPT OF CSE

 Initialization Vector:
 To produce the first block of ciphertext, an initialization vector (IV) is XORed with
the first block of plaintext.
 On decryption, the IV is XORed with the output of the decryption algorithm
to recover the first block of plaintext.
 The IV must be known to both the sender and receiver but be unpredictable by a third
party.
 For maximum security, the IV should be protected against unauthorized changes.

Cipher Feedback Mode(CFB)

For AES, DES, or any block cipher, encryption is performed on a block of b bits. In the case of
DES,b=64 and in the case of AES,b=128 . However, it is possible to convert a block cipher into a
stream cipher, using one of the three modes to be discussed in this and the next two sections:
cipher feedback (CFB) mode, output feedback (OFB) mode, and counter (CTR) mode.

● Message is treated as a stream of bits.

● Result is feed back for next stage (hence name)

● CFB-64 is used most often (most efficient)

● Applications: stream data encryption, authentication

The encryption function is

We can define CBC mode as follows

PITS, CHINTALAPUDI 18 DEPT OF CSE

 Output feedback mode:

The output feedback (OFB) mode is similar in structure to that of CFB. As can be seen in Figure
6.6, it is the output of the encryption function that is fed back to the shift register in OFB, whereas
in CFB, the ciphertext unit is fed back to the shift register. The other difference is that the OFB
mode operates on full blocks of plaintext and ciphertext, not on an n-bit subset. Encryption can be
expressed as

PITS, CHINTALAPUDI 19 DEPT OF CSE

 .
We can define OFB mode as follows

Advantage of OFB:
 One advantage of the OFB method is that bit errors in transmission do not propagate.
 For example, if a bit error occurs in C1 only the recovered value of is P1
affected; subsequent plaintext units are not corrupted.

Disadvantage of OFB:
 The disadvantage of OFB is that it is more vulnerable to a message stream
modification attack than is CFB.
Counter Mode

Although interest in the counter (CTR) mode has increased recently with applications to ATM
(asynchronous transfer mode) network security and IP sec (IP security)

 A counter, equal to the plaintext block size is used. The only requirement is that
the counter value must be different for each plaintext block that is encrypted.
 Typically, the counter is initialized to some value and then incremented by 1 for
each subsequent block (modulo 2b where b is the block size).
 For encryption, the counter is encrypted and then XORed with the plaintext block to

PITS, CHINTALAPUDI 20 DEPT OF CSE

 produce the ciphertext block; there is no chaining

We can define CTR mode as follows

Advantages of CTR mode:

 Hardware and software efficiency: Unlike the three chaining modes, encryption (or
decryption) in CTR mode can be done in parallel on multiple blocks of plaintext or
ciphertext.
 Preprocessing: The execution of the underlying encryption algorithm does not
depend on input of the plaintext or ciphertext. Therefore, if sufficient memory
is available and security is maintained.
 Random access: The i th block of plaintext or ciphertext can be processed in random-
access fashion. With the chaining modes, block Ci cannot be computed until the i - 1 prior
block are computed.
 Provable security: It can be shown that CTR is at least as secure as the other modes
discussed in this section.
 Simplicity: Unlike ECB and CBC modes, CTR mode requires only the
implementation of the encryption algorithm and not the decryption algorithm.

IDEA (International Data Encryption Algorithm):

IDEA originally called “IPES” (Improved proposed Encryption Standard).

IDEA is one of a number of conventional encryption algorithms that have been proposed in recent
years to replace DES

IDEA is one of the most successful of these proposals. For example, IDEA is included in PGP.
PITS, CHINTALAPUDI 21 DEPT OF CSE
 Details of IDEA algorithm:

IDEA operates with 64 bit plain text and cipher text blocks and is controlled b a 128 bit

key. It avoids substitution boxes & lookup tables used in the block cipher.

The algorithm structure has been chosen such that different key sub-blocks are used; the
encryption process is identical to the decryption process.
Encryption process in IDEA:

 The design principle behind IDEA is mixing of arithmetical operations form

different algebraic groups.

 The underling operations are

1. Exclusive-OR.

2. Addition of integers modulo 216

3. Multiplication modulo 210+1

 The algorithm structure has been chosen such that when different key sub-blocks are used,
the encryption process is identical to the decryption process

 The IDEA algorithm consists of eight rounds followed by a final transformation function.
The algorithm divides the input into four 16-bit subblocks. Each of the rounds takes four
16-bit subblocks as input and produces four 16-bit output blocks. The final transformation
also produces four %-bit blocks, which are concatenated to form the 64-bit ciphertext.

 Each of the rounds also makes use of six 16-bit subkeys, whereas the final transformation
uses four subkeys, for a total of 52 subkeys

PITS, CHINTALAPUDI 22 DEPT OF CSE

 Key Expansion (Encryption):

 The 128-bit key is expanded into 52 16-bit keys: K1, K2,....K52. (in diagram we
represented these keys with Z1 to z52)
Step 1: Keys K1….K8 are generated by taking 8 chunks of 16-bits each

 Step 2: Keys K9…K16 are generated by starting from the 25th bit, wrapping around the
first 25 bits at the end, and taking 16-bit chunks.

 Step 3: Wrap around 25 more bits to the end, and generate keys K17…K24. This process
is repeated until all keys K1…K52 are generated
Details of a Single Round:

64 bit data is divided into 4 16bit data blocks. These 4 blocks are processed through 8 rounds and
transformed by the above arithmetical operations among each other and with 6 16 bit subkeys.

PITS, CHINTALAPUDI 23 DEPT OF CSE

PITS, CHINTALAPUDI 24 DEPT OF CSE
 BLOW FISH ALGORITHM:

Blow fish is a symmetric block cipher developed by bruce schner in year 1993.

Blow fish is designed to have following characteristics

Speed: Blowfish encrypts data on 32 bit microprocessor at a rate of 18 clock cycles per byte.

Compact: it can run in less than 5k memory.

Simple: very easy to implements.

Variably secure: the key length is variable and can be as long as 448 bits. This allows a trade off
between higher speed and higher security.

Blowfish is a feistal type model.

ALGORITHM:

 Blowfish is feistel type model, iterating a simple encryption function 16 times.

 Blowfish block size is 64 & key can be upto 448 bits.

 Blow fish encryption 64bits blocks of plaintext into 64 bit block of cipher.

 Blow fish make use of a key that ranges from 32bits to 448 bits (one to fourteen 32
bit keys).

 The keys are stored in a k-array (one to 14 32 bits)

K1,K2----Kj where 1≤ j ≤14.

 That key is used to generate 18 “32 bit” subkeys & four “8*32”bits S-boxes.

 The subkeys are stored in the p-array

P1,P2,------P18

 There are four s-boxes(each s-box size is 8*32 bits) each with 256 32bit entries.

S1,0, S1,1, S1,255

S2,0, S2,1,------------------S2,255

S3,0, S3,1,------------------S3,255

S4,0, S4,1,------------------S4,255

PITS, CHINTALAPUDI 25 DEPT OF CSE

 Encryption and Decryption

Blowfish uses two primitive operations:

Addition: Addition of words, denoted by +, is performed modulo 232.

Bitwise exclusive-OR: This operation is denoted by

In the above figure

 The plaintext is divided into two 32-bit halves LE, and RE,. We use the variables LE, and
RE, to refer to the left and right half of the data after round i has completed. The algorithm
can be defined by the following pseudocode:

Single round of Blowfish

The function F is shown in below Figure. The 32-bit input to F is divided into 4 bytes. If we label
those bytes a, b, c, and d, then the function can be defined as follows:

PITS, CHINTALAPUDI 26 DEPT OF CSE

 CAST-128

 In cryptography, CAST-128 (alternatively CAST5) is a symmetric-key block cipher.

 CAST-128, also known as CAST5

 CAST-128 algorithm was created in 1996 by Carlisle Adams and Stafford Tavares. The
CAST name is based on the initials of its inventors

 CAST-128 is a 12- or 16-round Feistel network with a 64-bit block size and a key size of
between 40 to 128 bits (but only in 8-bit increments). The full 16 rounds are used when
the key size is longer than 80 bits.

 CAST-128 uses four primitive operations:

1. Addition and subtraction: Addition of words, denoted by +, is performed modulo 232.

The inverse operation, denoted by -, is subtraction modulo 232.

2. Bitwise exclusive-OR: This operation is denoted by

3. Left circular rotation: The cyclic rotation of word x left by y bits is denoted by x <<< y.
The CAST-128 encryption algorithm can be defined by the following pseudocode. The plaintext
is divided into two 32-bit halves L0, and R0. We use the variables Li and Ri, to refer to the left
and
right half of the data after round i has completed. The ciphertext is formed by swapping the output
of the sixteenth round; that is, the ciphertext is the concatenation of R16 and L16.

PITS, CHINTALAPUDI 27 DEPT OF CSE

 Features of CAST-128:

There are several notable features of CAST worthy of comment.,

CAST makes use of fixed S-boxes. The designers felt that fixed S-boxes with good nonlinearity
characteristics are preferable to random S-boxes as might be obtained if the S-boxes were key
dependent. The subkey-generation process used in CAST-128 is different from that employed in
other symmetric encryption algorithms described in the literature.

The CAST designers were concerned to make subkeys as resistant to known cryptanalytic
attacks as possible and felt that the use of highly nonlinear S-boxes provided this strength. We
have seen other approaches with the same goal.

For example. Blowfish uses the encryption algorithm itself to generate the subkeys.

The function F is designed to have good confusion, diffusion. and avalanche properties. It uses S-
box substitutions, mod 2 addition and subtraction, exclusive- OR operations, and key-dependent
rotation.

The strength of the F function is based primarily on the strength of the S-boxes, but the further use
of these arithmetic. Boolean, and rotate operators adds to its strength. Finally, F is not uniform
from round to round, as was described. This dependence of F on round number may provide.
ADVANCED ENCRYPTION STANDARD

 The Advanced Encryption Standard (AES) was published by the National Institute of
Standards and Technology (NIST) in 2001.

PITS, CHINTALAPUDI 28 DEPT OF CSE

  AES is a block cipher intended to replace DES for commercial applications.

 It uses a 128-bit block size and a key size of 128, 192, or 256 bits.the algorithm is
referred as AES-128,AES-192 OR AES-256

 AES does not use a Feistel structure. Instead, each full round consists of four
separate functions: byte substitution, permutation, arithmetic operations over a finite
field, and XOR with a key.

 AES parameters:

Key size(words/bytes/bits) 4/16/128 6/24/192 8/32/256

Plaintext block Size (words/bytes/bits) 4/16/128 4/16/128 4/16/128

Number of rounds 10 12 14

Round Key size (words/bytes/bits) 4/16/128 4/16/128 4/16/128

Expanded key size (words/bytes) 44/176 52/208 60/240

AES STRUCTURE

General structure

 The input to the encryption and decryption algorithms is a single 128-bit block. , this block
is depicted as a 4 * 4 square matrix of bytes.
 This block is copied into the State array, which is modified at each stage of encryption or
decryption.

 After the final stage, State is copied to an output matrix. These operations are depicted in
Figure 5.2a. Similarly, the key is depicted as a square matrix of bytes.

 This key is then expanded into an array of key schedule words. Figure 5.2b shows the
expansion for the 128-bit key. Each word is four bytes, and the total key schedule is 44
words for the 128-bit key

PITS, CHINTALAPUDI 29 DEPT OF CSE

 The cipher consists of N rounds, where the number of rounds depends on the key length: 10
rounds for a 16-byte key, 12 rounds for a 24-byte key, and 14 rounds for a 32-byte key (Table
5.1).

The first N-1 rounds consist of four distinct transformation functions: SubBytes, ShiftRows,
MixColumns, and AddRoundKey, which are described subsequently. The final round contains
only Three Transformations, and there is a initial single transformation (AddRoundKey) before
the first round,

PITS, CHINTALAPUDI 30 DEPT OF CSE

 Detailed Structure

 Figure 5.3 shows the AES cipher in more detail, indicating the sequence of
transformations in each round and showing the corresponding decryption function
Four different stages are used, one of permutation and three of substitution:

• Substitute bytes: Uses an S-box to perform a byte-by-byte substitution of the block

• ShiftRows: A simple permutation

• MixColumns: A substitution that makes use of arithmetic

• AddRoundKey: A simple bitwise XOR of the current block with a portion of the expanded key

PITS, CHINTALAPUDI 31 DEPT OF CSE

 AES TRANSORMATION FUNCTIONS

The four transformation functions are

 Substitute bytes
 ShiftRows
 MixColumns
 AddRoundKey
Substitute Bytes Transformation

 The forward substitute byte transformation, called SubBytes, is a simple table lookup
(Figure 5.5a).

 AES defines a16 *16 matrix of byte values, called an S-box (Table 5.2a), that contains a
permutation of all possible 256 8-bit values.

 Each individual byte of State is mapped into a new byte in the following way: The
leftmost 4 bits of the byte are used as a row value and the rightmost 4 bits are used as
a
column value. These row and column values serve as indexes into the S-box to select a
unique 8-bit output value. For example, the hexadecimal value3 {95} references row 9,
column 5 of the S-box,which contain the value {2A}

PITS, CHINTALAPUDI 32 DEPT OF CSE

 Shift Rows Transformation

 The first row of State is not altered.

 For the second row, a 1-byte circular left shift is performed.
 For the third row, a 2-byte circular left shift is performed.
 For the fourth row, a 3-byte circular left shift is performed The

following is an example of ShiftRows:

PITS, CHINTALAPUDI 33 DEPT OF CSE

 Mix columns Transformation

 The forward mix column transformation, called MixColumns, operates on each

column individually.
 Each byte of a column is mapped into a new value that is a function of all four bytes in
that column.

PITS, CHINTALAPUDI 34 DEPT OF CSE

 Add Round Key Transformation

 In the Add Round Key transformation, the 128 bits of State are bitwise XORed
with the 128 bits of the round key.
 The operation is viewed as a column wise operation between the 4 bytes of a State

column and one word of the round key; it can also be viewed as
a byte-level operation.

The following is an example of AddRoundKey:

AES KEY EXPANSION

 The AES key expansion algorithm takes as input a 4-word (16-byte) key and produces
a linear array of 44 words (176 bytes).
 This is sufficient to provide a 4-word round key for the initial Add Round Key stage
and each of the 10 rounds of the cipher.
 The key is copied into the first four words of the expanded key. The remainder of
the expanded key is filled in four words at a time.

PITS, CHINTALAPUDI 35 DEPT OF CSE

  Each added word w[i] depends on the immediately preceding word, w[i 1], and the
word four positions back,w[i 4].

PITS, CHINTALAPUDI 36 DEPT OF CSE

 In three out of four cases, a simple XOR is used. For a word whose position in the w array is a
multiple of 4, a more complex function is used. The function ‘g’ consists of the following sub
functions:

1. Root Word performs a one-byte circular left shift on a word. This means that an
input word [b0, b1, b2, b3] is transformed into [b1, b2, b3, b0].
2. Sub Word performs a byte substitution on each byte of its input word, using the S-box.
3. The result of steps 1 and 2 is XORed with a round constant, Rcon[j].

PITS, CHINTALAPUDI 37 DEPT OF CSE