UNIT 2

Symmetric Key Ciphers

Modern Block Ciphers
• DES
• AES
•Modern block ciphers prioritize security, efficiency, and flexibility, with
many used in various applications, such as data encryption, secure
communication protocols, and digital signatures.
•Examples of symmetric ciphers are
• Data Encryption Standard (DES)
• Advanced Encryption Standard (AES)
Symmetric Cipher Model
•Symmetric Encryption is the most basic and old method of encryption. It
uses only one key for the process of both the encryption and decryption
of data. Thus, it is also known as Single-Key Encryption.
•Ciphers or algorithms can be either symmetric or asymmetric. Symmetric
ones use the same key (called a secret key or private key) for
transforming the original message, called plaintext, into ciphertext and
vice versa.
A symmetric cipher model is composed
of five essential parts:
1. Plain Text (x): This is the original data/message that is to be communicated to
the receiver by the sender. It is one of the inputs to the encryption algorithm.
2. Secret Key (k): It is a value/string/textfile used by the encryption and
decryption algorithm to encode and decode the plain text to cipher text and
vice-versa respectively. It is independent of the encryption algorithm.
3. Encryption Algorithm (E): It takes the plain text and the secret key as inputs
and produces Cipher Text as output. It implies several techniques such as
substitutions and transformations on the plain text using the secret key.
E(x, k) = y
4. Cipher Text (y): It is the formatted form of the plain text (x) which is
unreadable for humans, hence providing encryption during the transmission. It
is completely dependent upon the secret key provided to the encryption
algorithm. Each unique secret key produces a unique cipher text.
5. Decryption Algorithm (D): It performs reversal of the encryption
algorithm at the recipient’s side. It also takes the secret key as input and
decodes the cipher text received from the sender based on the secret
key. It produces plain text as output.

D(y, k) = x
•
 2.1.1 Data Encryption Standard
(DES)
• The Data Encryption Standard (DES) is a symmetric-key block cipher that was widely used
for many years. It was developed by IBM in the 1970s and was adopted as a federal
standard by the U.S. government in 1977.
• DES played a significant role in the history of cryptography. It was the first widely
adopted symmetric-key block cipher and helped to establish the importance of
cryptography in modern computing.
• However, due to its vulnerabilities, it has been largely replaced by more secure
algorithms like the Advanced Encryption Standard (AES).
Key Features:
1.Symmetric Encryption: DES uses the same secret key for both encryption and decryption,
meaning the key must be securely shared between the communicating parties.
2.Block size: DES is a block cipher that processes fixed-size blocks of data. It takes a 64-bit
block of plaintext as input and produces a 64-bit block of ciphertext.
3.Key Size: DES uses a 56-bit key, although the original key length is 64 bits. The 8 bits are
used for parity (error-checking) purposes, effectively reducing the key's security to 56 bits.
4.Rounds of Encryption: DES consists of 16 rounds of a series of complex transformations,
including substitution, permutation, and mixing of the plaintext and key. These rounds make
the encryption process nonlinear and more secure against cryptanalysis.
5.Feistel Structure: DES is based on a Feistel network, where the encryption and decryption
processes use the same algorithm but in reverse order.
Applications of DES (Historical Context):
•Data Encryption in Legacy Systems:
• Used for securing data in older systems and applications, including ATMs,
banking systems, and government communications.
•Cryptographic Protocols:
• DES was widely used in early versions of cryptographic protocols such as
SSL/TLS, IPsec, and various file encryption tools.
DES Is No Longer Recommended
•Insufficient Key Length: The 56-bit key length is vulnerable to brute-force attacks.
•Outdated Security: DES does not meet current cryptographic standards and is
susceptible to various attacks.
•Better Alternatives Available: Algorithms like AES provide much stronger security
and performance.
 2.1.2 Advanced Encryption Standard (AES)
• The Advanced Encryption Standard (AES) is a symmetric-key block cipher that has become
the de facto standard for secure data encryption.
• It was selected through a rigorous competition by the U.S. National Institute of Standards
and Technology (NIST) in 2001 and has been widely adopted by governments, businesses,
and individuals worldwide.
• AES is a powerful and versatile encryption algorithm that has become the gold standard
for secure data protection.
• AES is widely regarded as one of the most secure encryption algorithms available today
and is trusted by governments, financial institutions, and organizations worldwide for
safeguarding sensitive data.
Key features:
•Symmetric-key:
The same key is used for both encryption and decryption.
•Block cipher:
Data is processed in fixed-size blocks (128 – 10 rounds, 192-12 rounds, or 256 bits-14
rounds).
•Rijndael algorithm:
AES is based on the Rijndael algorithm, which was developed by Belgian cryptographers Joan
Daemen and Vincent Rijmen.
•Key length:
AES supports three key lengths: 128, 192, and 256 bits.
•Number of rounds:
The number of rounds depends on the key length: 10 rounds for 128-bit keys, 12 rounds for
192-bit keys, and 14 rounds for 256-bit keys.
Each round consists of several processing steps, which include substitutions, permutations,
and mixing of the input plaintext and encryption key
AES Encryption Process:
•The AES encryption process involves several steps performed over multiple rounds. Each
round consists of four primary transformations:
•Initial Round:
• AddRoundKey: The plaintext block is XORed with the first round key derived from the
original encryption key.
•Main Rounds (9, 11, or 13 rounds based on key size): Each of these rounds includes four
transformations:
• SubBytes: A non-linear substitution step where each byte in the block is replaced with a
corresponding value from a fixed substitution box, called the S-Box. This step provides
non-linearity to the encryption, making it resistant to linear and differential cryptanalysis.
• ShiftRows: A permutation step where the rows of the state (a 4x4 matrix representation
of the block) are shifted cyclically to the left. The first row remains unchanged, the
second row is shifted one byte to the left, the third row two bytes, and the fourth row
three bytes. This operation ensures that the columns are mixed and creates diffusion in
the data.
• MixColumns: A mixing operation where the columns of the state are mixed using a
mathematical transformation over a finite field (Galois Field GF(2^8)). Each column is
transformed by multiplying it with a fixed polynomial matrix. This step provides further
diffusion by mixing the bytes within each column.
• AddRoundKey: The state is XORed with a round-specific subkey derived from the original
encryption key using a key schedule algorithm. This step introduces the key-dependent
aspect to the encryption.
• Final Round: The final round is similar to the main rounds but omits the MixColumns step:
• SubBytes
• ShiftRows
• AddRoundKey
AES Decryption Process:
•AES decryption is the reverse of the encryption process, using the same key but with the
transformations applied in reverse order:
1.Inverse Initial Round:
• Inverse AddRoundKey: The ciphertext block is XORed with the last round key.
2.Inverse Main Rounds: Each of these rounds includes four transformations in reverse
order:
• Inverse ShiftRows: Rows are shifted right instead of left.
• Inverse SubBytes: The inverse of the S-Box is applied to each byte.
• Inverse AddRoundKey: The state is XORed with the round key.
• Inverse MixColumns: The columns are multiplied by the inverse matrix of the
MixColumns step.
3.Inverse Final Round: The final round of decryption is similar to the inverse main rounds
but omits the Inverse MixColumns step.
Security:
•AES is considered to be a very secure algorithm. It has been extensively analyzed by
cryptographers and has not been found to be vulnerable to any practical attacks.
•The large key sizes and the complex structure of the algorithm make it difficult for attackers
to break.
Applications:
AES is used in a wide variety of applications, including:
•Data encryption: AES is used to encrypt data at rest and in transit.
•Secure communication: AES is used to encrypt data transmitted over networks, such
as the internet.
•Digital signatures: AES is used to create digital signatures, which can be used to verify
the authenticity of digital documents.
•Virtual Private Networks (VPNs): AES is commonly used in VPN protocols to secure
the communication between a user’s device and a remote server.
• Hardware encryption: AES is implemented in hardware on many
devices, such as smartphones, laptops, and servers.
Advantages
• Security: AES is a highly secure algorithm that has been proven to be
resistant to attacks.
• Efficiency: AES is efficient to implement in both software and hardware.
• Flexibility: AES supports multiple key lengths and block sizes, making it
suitable for a variety of applications.
• Standardization: AES is a widely adopted standard, which makes it easy
to use and interoperable with other systems.
 2.2 Cryptanalysis of Symmetric Key Ciphers
2.2.1 Linear Cryptanalysis
•Linear cryptanalysis is a known plaintext attack in which the attacker
studies probabilistic linear relations (called linear approximations)
between parity bits of the plaintext, the ciphertext, and the secret key.
•Linear cryptanalysis is a cryptanalytic attack used to analyze symmetric
key ciphers, particularly block ciphers. It was introduced by Mitsuru
Matsui in 1993 and is most famously applied to the Data Encryption
Standard (DES).
Key Concepts:
•Linear Approximation: The attack seeks to find an approximation of the
form:
Bias:
•The bias is the deviation from 50% in the probability that the linear approximation
holds true. The higher the bias, the more useful the approximation is in recovering the
key.
Steps in Linear Cryptanalysis:
•Collect Data:
• The attacker collects a large number of plaintext-ciphertext pairs.
•Compute Bias:
• The attacker calculates the probability with which certain linear approximations
hold.
•Determine Key Bits:
• By analyzing these biases, the attacker attempts to guess bits of the secret key. The
goal is to use these linear relations to reduce the search space of possible keys.
Attack Complexity:
•Linear cryptanalysis generally requires a large number of known plaintexts to
successfully find key bits. The attack complexity is typically measured in terms of the
number of plaintext-ciphertext pairs required (data complexity) and the time it
takes to process them (time complexity).
 2.2.2 Differential cryptanalysis
• Differential cryptanalysis is another form of cryptanalysis aimed at attacking symmetric key
ciphers, particularly block ciphers. It was independently discovered by Eli Biham and Adi
Shamir in the late 1980s but was found to have been known by IBM during the development
of the Data Encryption Standard (DES) in the 1970s.

Δ𝑃=𝑃1⊕𝑃2ΔP=P 1​ ⊕P 2​ , where 𝑃1P 1​ and 𝑃2P 2​ are two plaintexts and ⊕⊕

• Input Difference: The difference between two plaintexts, usually denoted as

represents the XOR operation.

Δ𝐶=𝐶1⊕𝐶2ΔC=C 1​ ⊕C 2​ , where 𝐶1C 1​ and 𝐶2C 2​ are the ciphertexts after

• Output Difference: The difference between the corresponding ciphertexts,

encryption.
Characteristics:
• A key idea in differential cryptanalysis is identifying specific pairs of input differences and
their corresponding output differences after a certain number of encryption rounds, which
occur with high probability. These input/output pairs are known as differential
characteristics.
Differential Probability:
•The probability that a specific input difference will result in a specific output difference after a
certain number of rounds. If this probability is significantly different from random (e.g., 50%), it can
be exploited to recover information about the key.

Steps in Differential Cryptanalysis:

Chosen Plaintext: The attacker chooses pairs of plaintexts with a specific input difference and
computes their ciphertexts.
Track Differences: By analyzing how the input differences propagate through the rounds, the
attacker looks for patterns that are more likely to occur with certain key bits.
Key Recovery: Using the observed differentials and their probabilities, the attacker gradually
reduces the possible values of the secret key.
 2.2.3 Cryptanalytic techniques
• Cryptanalytic techniques are methods used to break cryptographic algorithms and uncover
secret information, such as plaintexts or cryptographic keys.
• These techniques vary based on the type of cryptosystem (e.g., block ciphers, stream
ciphers, public-key systems) and
• The information available to the attacker (ciphertext, known plaintext, chosen plaintext,
etc.).
cryptanalytic techniques:
1. Brute Force Attack
Description: This method involves trying every possible key combination until the correct one
is found. It is the most basic and exhaustive cryptanalytic technique.
Application: Any encryption algorithm, though impractical for algorithms with large key spaces
like AES-256.
Complexity: Depends on the key length; increases exponentially with longer keys.
Countermeasure: Using keys of sufficient length to make brute-force attacks infeasible (e.g.,
keys larger than 128 bits).
2. Frequency Analysis
•Description: This technique analyzes the frequency of characters or character patterns in
ciphertext. In classical ciphers, like substitution or Caesar ciphers, certain letters appear more
frequently in the ciphertext, which can be matched to common letter frequencies in the
language of the plaintext.
•Application: Classical ciphers (Caesar Cipher, Vigenère Cipher).
•Countermeasure: Use of complex, modern ciphers that eliminate predictable patterns in the
ciphertext.
3. Differential Cryptanalysis
Description: This technique analyzes the effect of differences in plaintext pairs on the
differences in their corresponding ciphertexts. By studying how these differences propagate
through the encryption process, attackers can discover key-related information.
Application: Block ciphers (e.g., DES, reduced-round versions of AES).
Complexity: Depends on the cipher’s structure, but often requires fewer plaintext-ciphertext
pairs than brute-force attacks.
Countermeasure: Use highly nonlinear S-boxes and well-designed diffusion layers (as in AES).
4. Linear Cryptanalysis
Description: Linear cryptanalysis tries to find linear relationships between the plaintext,
ciphertext, and key bits. The attacker searches for linear approximations that hold with a
probability significantly different from 50%, exploiting this bias to infer information about the
secret key.
Application: DES and other symmetric block ciphers.
Complexity: Typically requires a large number of known plaintext-ciphertext pairs (e.g., 2432
43 pairs for DES).
Countermeasure: Use highly nonlinear components and complex key scheduling to minimize
exploitable linear approximations.
5. Meet-in-the-Middle Attack
Description: This technique is used against encryption schemes with multiple layers, such as
double encryption. The attacker encrypts from one end (plaintext) and decrypts from the
other (ciphertext), meeting "in the middle" to reduce the effective key search space.

Complexity: Reduces the attack complexity from 22𝑘2 2k (double encryption) to 2 𝑘2 k ,

Application: Double encryption schemes (e.g., Double DES).

where 𝑘k is the key size.

Countermeasure: Use triple encryption (e.g., Triple DES).
 2.2.4 Overview on S-Box Design Principles
• The Substitution Box (S-Box) is a fundamental building block used in many symmetric
cryptographic algorithms, particularly in block ciphers like the Data Encryption Standard
(DES) and the Advanced Encryption Standard (AES).
• S-Boxes introduce nonlinearity into cryptographic systems, which is essential for resisting
linear and differential cryptanalysis.
• Designing a robust S-Box is crucial for ensuring the security of a cipher, and several
principles guide the design process.
Key Design Principles
Nonlinearity:
• Nonlinearity refers to the property of a function being far from any linear function. An S-
Box should ensure that there are no simple algebraic relationships between its input and
output values.
Avalanche Effect:
A small change in the input (e.g., flipping one bit) should cause a significant change in the
output. Ideally, changing one input bit should alter about half of the output bits.
Resistance to Differential Cryptanalysis:
Differential cryptanalysis examines how input differences affect output differences in a cipher.
An S-Box should ensure that any small change (difference) in the input should lead to a large
or unpredictable change in the output difference.
Bijectivity (Involutory S-Box):
An S-Box is bijective if it is a one-to-one mapping, meaning every input has a unique output,
and vice versa.
Balanced Output:
An S-Box is said to be balanced if the output bit distribution is uniform, meaning each possible
output bit (0 or 1) occurs equally often.
Algebraic Complexity:
The algebraic complexity of an S-Box refers to the degree and structure of the algebraic
equations that describe its input-output relationship.
Examples of S-Boxes and Their Design:
DES S-Box:
•DES uses eight different S-Boxes, each taking a 6-bit input and producing a 4-bit output.
These S-Boxes were designed with resistance to both differential and linear cryptanalysis,
though they are now considered relatively weak by modern standards.
AES S-Box:
•AES uses a single 8×8 S-Box, meaning it takes an 8-bit input and produces an 8-bit output.
The AES S-Box is based on inversion in a finite field (GF(2^8)) followed by an affine
transformation. It is bijective, ensuring invertibility for decryption.
Serpent S-Box:
•Serpent is a block cipher designed with strong security properties, including multiple S-
Boxes. Each S-Box is a 4×4 function (4-bit input, 4-bit output), and they are highly
nonlinear, with each being resistant to both linear and differential attacks.
 2.2.5 Modes of Operation of Block Ciphers
• Block ciphers, such as the Data Encryption Standard (DES) and Advanced Encryption
Standard (AES), process data in fixed-size blocks (e.g., 64 or 128 bits).
• To handle data of arbitrary length, modes of operation are used to dictate how blocks of
data are encrypted or decrypted.
• These modes define how to apply the block cipher repeatedly to encrypt larger amounts of
data and ensure secure handling of plaintexts that are not an exact multiple of the block
size.
Common Modes of Operation for Block Ciphers
1.Electronic Codebook (ECB) Mode
Description: The simplest mode. Each block of plaintext is encrypted independently using the
same key.
Operation:
𝐶𝑖=𝐸𝑘(𝑃𝑖)
where 𝑃𝑖P i​ is the plaintext block, 𝐶𝑖C i​ is the ciphertext block, and 𝐸𝑘E k​ is the encryption
function using key 𝑘k.
2. Cipher Block Chaining (CBC) Mode
Description: Each plaintext block is XORed with the previous ciphertext block before being
encrypted. The first block is XORed with an initialization vector (IV).
Operation:
𝐶𝑖=𝐸𝑘(𝑃𝑖⊕𝐶𝑖−1))
where 𝐶0=𝐼𝑉C 0​=IV (the initialization vector), and ⊕ denotes the XOR operation.
3. Cipher Feedback (CFB) Mode
Description: A stream cipher-like mode where the cipher's output is XORed with the
plaintext to produce ciphertext. The ciphertext is then used to modify the state for the next
block encryption.
Operation (encryption):
𝐶𝑖=𝑃𝑖⊕𝐸𝑘(𝐶𝑖−1)
where 𝐶0=𝐼𝑉C 0​=IV.
4. Output Feedback (OFB) Mode
Description: A mode similar to CFB, but the encryption function's output is fed back directly
to the next block. The plaintext is XORed with the encryption output to produce the
ciphertext.
Operation (encryption/decryption):
𝐶𝑖=𝑃𝑖⊕𝑂𝑖C i​=P i​⊕O i​
where 𝑂𝑖=𝐸𝑘(𝑂𝑖−1)O i​=E k​(O i−1​), with 𝑂0=𝐼𝑉O 0​=IV.
5. Counter (CTR) Mode
Description: Turns a block cipher into a stream cipher by combining the plaintext with the
output of the cipher applied to a counter. The counter is incremented for each subsequent
block.
Operation (encryption/decryption):
𝐶𝑖=𝑃𝑖⊕𝐸𝑘(Counter𝑖)
Comparison of Modes
Initialization Vector (IV)
•For modes like CBC, CFB, OFB, and CTR, the IV plays a critical role in
ensuring security.
The IV must be:
• Unique for each encryption session.
• Unpredictable (e.g., generated randomly or using a cryptographically secure
algorithm).
• Not reused with the same key (to prevent attacks like replay or key reuse
attacks).