SlideShare a Scribd company logo

CNS2 unit 2.pdf

P
Padamata Rameshbabu

The document discusses Feistel block ciphers and their structure. A Feistel cipher uses multiple rounds of processing on a plaintext block, with each round consisting of a substitution step followed by a permutation step. The block is divided into two halves, and in each round the left half is combined with the right half and key using a round function, while the right half remains unchanged. The halves are then swapped. Feistel ciphers like DES use different subkeys derived from the main key in each round. The decryption process follows the same structure but with subkeys used in reverse order.

Engineering
1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Feistel Block Cipher Feistel Cipher is not a specific scheme of block cipher. It is a design model from which many different block ciphers are derived. DES is just one example of a Feistel Cipher. A cryptographic system based on Feistel cipher structure uses the same algorithm for both encryption and decryption. Encryption Process The encryption process uses the Feistel structure consisting multiple rounds of processing of the plaintext, each round consisting of a “substitution” step followed by a permutation step. Feistel Structure is shown in the following illustration −  The input block to each round is divided into two halves that can be denoted as L and R for the left half and the right half.
 In each round, the right half of the block, R, goes through unchanged. But the left half, L, goes through an operation that depends on R and the encryption key. First, we apply an encrypting function ‘f’ that takes two input − the key K and R. The function produces the output f(R,K). Then, we XOR the output of the mathematical function with L.  In real implementation of the Feistel Cipher, such as DES, instead of using the whole encryption key during each round, a round-dependent key (a subkey) is derived from the encryption key. This means that each round uses a different key, although all these subkeys are related to the original key.  The permutation step at the end of each round swaps the modified L and unmodified R. Therefore, the L for the next round would be R of the current round. And R for the next round be the output L of the current round.  Above substitution and permutation steps form a ‘round’. The number of rounds are specified by the algorithm design.  Once the last round is completed then the two sub blocks, ‘R’ and ‘L’ are concatenated in this order to form the ciphertext block. The difficult part of designing a Feistel Cipher is selection of round function ‘f’. In order to be unbreakable scheme, this function needs to have several important properties that are beyond the scope of our discussion. Decryption Process The process of decryption in Feistel cipher is almost similar. Instead of starting with a block of plaintext, the ciphertext block is fed into the start of the Feistel structure and then the process thereafter is exactly the same as described in the given illustration. The process is said to be almost similar and not exactly same. In the case of decryption, the only difference is that the subkeys used in encryption are used in the reverse order. The final swapping of ‘L’ and ‘R’ in last step of the Feistel Cipher is essential. If these are not swapped then the resulting ciphertext could not be decrypted using the same algorithm. Number of Rounds The number of rounds used in a Feistel Cipher depends on desired security from the system. More number of rounds provide more secure system. But at the same time, more rounds mean the inefficient slow encryption and decryption processes. Number of rounds in the systems thus depend upon efficiency–security tradeoff. Block Cipher Design Principles Block ciphers are built in the Feistel cipher structure. Block cipher has a specific number of rounds and keys for generating ciphertext. For defining the complexity level of an algorithm few design principles are to be considered. These are explained as following below :
Number of Rounds – The number of Rounds is regularly considered in design criteria, it just reflects the number of rounds to be suitable for an algorithm to make it more complex, in DES we have 16 rounds ensuring it to be more secure while in AES we have 10 rounds which makes it more secure. Design of function F – The core part of the Feistel Block cipher structure is the Round Function. The complexity of cryptanalysis can be derived from the Round function i.e. the increasing level of complexity for the round function would be greatly contributing to an increase in complexity. To increase the complexity of the round function, the avalanche effect is also included in the round function, as the change of a single bit in plain text would produce a mischievous output due to the presence of avalanche effect. Key schedule algorithm – In Feistel Block cipher structure, each round would generate a sub-key for increasing the complexity of cryptanalysis. The Avalanche effect makes it more complex in deriving sub-key. Decryption must be done very carefully to get the actual output as the avalanche effect is present in it. Triple DES The speed of exhaustive key searches against DES after 1990 began to cause discomfort amongst users of DES. However, users did not want to replace DES as it takes an enormous amount of time and money to change encryption algorithms that are widely adopted and embedded in large security architectures. The pragmatic approach was not to abandon the DES completely, but to change the manner in which DES is used. This led to the modified schemes of Triple DES (sometimes known as 3DES). Incidentally, there are two variants of Triple DES known as 3-key Triple DES (3TDES) and 2-key Triple DES (2TDES). 3-KEY Triple DES Before using 3TDES, user first generate and distribute a 3TDES key K, which consists of three different DES keys K1, K2 and K3. This means that the actual 3TDES key has length 3×56 = 168 bits. The encryption scheme is illustrated as follows −
The encryption-decryption process is as follows −  Encrypt the plaintext blocks using single DES with key K1.  Now decrypt the output of step 1 using single DES with key K2.  Finally, encrypt the output of step 2 using single DES with key K3.  The output of step 3 is the ciphertext.  Decryption of a ciphertext is a reverse process. User first decrypt using K3, then encrypt with K2, and finally decrypt with K1. Due to this design of Triple DES as an encrypt–decrypt–encrypt process, it is possible to use a 3TDES (hardware) implementation for single DES by setting K1, K2, and K3 to be the same value. This provides backwards compatibility with DES. Second variant of Triple DES (2TDES) is identical to 3TDES except that K3is replaced by K1. In other words, user encrypt plaintext blocks with key K1, then decrypt with key K2, and finally encrypt with K1 again. Therefore, 2TDES has a key length of 112 bits. Triple DES systems are significantly more secure than single DES, but these are clearly a much slower process than encryption using single DES. International Data Encryption Algorithm (IDEA) In cryptography, block ciphers are very important in the designing of many cryptographic algorithms and are widely used to encrypt the bulk of data in chunks. By chunks, it means that the cipher takes a fixed size of the plaintext in the encryption process and generates a fixed size ciphertext using a fixed- length key. An algorithm’s strength is determined by its key length.
The Simplified International Data Encryption Algorithm (IDEA) is a symmetric key block cipher that:  uses a fixed-length plaintext of 16 bits and  encrypts them in 4 chunks of 4 bits each  to produce 16 bits ciphertext.  The length of the key used is 32 bits.  The key is also divided into 8 blocks of 4 bits each. This algorithm involves a series of 4 identical complete rounds and 1 half- round. Each complete round involves a series of 14 steps that includes operations like:  Bitwise XOR  Addition modulo  Multiplication modulo +1 After 4 complete rounds, the final “half-round” consists of only the first 4 out of the 14 steps previously used in the full rounds. To perform these rounds, each binary notation must be converted to its equivalent decimal notation, perform the operation and the result obtained should be converted back to the binary representation for the final result of that particular step. Key Schedule: 6 subkeys of 4 bits out of the 8 subkeys are used in each complete round, while 4 are used in the half-round. So, 4.5 rounds require 28 subkeys. The given key, ‘K’, directly gives the first 8 subkeys. By rotating the main key left by 6 bits between each group of 8, further groups of 8 subkeys are created, implying less than one rotation per round for the key (3 rotations).
Decryption Decryption works like encryption, but the order of the round keys is inverted, and the subkeys for the odd rounds are inversed. For instance, the values of subkeys K1–K4 are replaced by the inverse of K49–K52 for the respective group operation, K5 and K6 of each group should be replaced by K47 and K48 for decryption. Weak keys  The very simple key schedule makes IDEA subject to a class of weak keys; some keys containing a large number of 0 bits produce weak encryption.  These are of little concern in practice, being sufficiently rare that they are unnecessary to avoid explicitly when generating keys randomly. A simple fix was proposed: XORing each subkey with a 16-bit constant, such as 0x0DAE.  Larger classes of weak keys were found in 2002.  This is still of negligible probability to be a concern to a randomly chosen key, and some of the problems are fixed by the constant XOR proposed earlier, but the paper is not certain if all of them are. A more comprehensive redesign of the IDEA key schedule may be desirable. Advanced Encryption Standard The more popular and widely adopted symmetric encryption algorithm likely to be encountered nowadays is the Advanced Encryption Standard (AES). It is found at least six time faster than triple DES. A replacement for DES was needed as its key size was too small. With increasing computing power, it was considered vulnerable against exhaustive key search attack. Triple DES was designed to overcome this drawback but it was found slow. The features of AES are as follows −  Symmetric key symmetric block cipher  128-bit data, 128/192/256-bit keys  Stronger and faster than Triple-DES  Provide full specification and design details  Software implementable in C and Java Operation of AES AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation network’. It comprises of a series of linked operations, some of which involve replacing inputs by specific outputs (substitutions) and others involve shuffling bits around (permutations). Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four rows for processing as a matrix −
Unlike DES, the number of rounds in AES is variable and depends on the length of the key. AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each of these rounds uses a different 128-bit round key, which is calculated from the original AES key. The schematic of AES structure is given in the following illustration − Encryption Process Here, we restrict to description of a typical round of AES encryption. Each round comprise of four sub-processes. The first round process is depicted below −
Byte Substitution (SubBytes) The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result is in a matrix of four rows and four columns. Shiftrows Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re- inserted on the right side of row. Shift is carried out as follows −  First row is not shifted.  Second row is shifted one (byte) position to the left.  Third row is shifted two positions to the left.  Fourth row is shifted three positions to the left.  The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other. MixColumns Each column of four bytes is now transformed using a special mathematical function. This function takes as input the four bytes of one column and outputs four completely new bytes, which replace the original column. The result is another new matrix consisting of 16 new bytes. It should be noted that this step is not performed in the last round. Addroundkey The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the round key. If this is the last round then the output is the ciphertext. Otherwise, the resulting 128 bits are interpreted as 16 bytes and we begin another similar round. Decryption Process The process of decryption of an AES ciphertext is similar to the encryption process in the reverse order. Each round consists of the four processes conducted in the reverse order −  Add round key  Mix columns  Shift rows  Byte substitution Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the encryption and decryption algorithms needs to be separately implemented, although they are very closely related. AES Analysis In present day cryptography, AES is widely adopted and supported in both hardware and software. Till date, no practical cryptanalytic attacks against AES has been discovered. Additionally, AES has built-in flexibility of key length, which allows a
degree of ‘future-proofing’ against progress in the ability to perform exhaustive key searches. However, just as for DES, the AES security is assured only if it is correctly implemented and good key management is employed. Block Cipher modes of Operation Encryption algorithms are divided into two categories based on the input type, as a block cipher and stream cipher. Block cipher is an encryption algorithm that takes a fixed size of input say b bits and produces a ciphertext of b bits again. If the input is larger than b bits it can be divided further. For different applications and uses, there are several modes of operations for a block cipher. Electronic Code Book (ECB) – Electronic code book is the easiest block cipher mode of functioning. It is easier because of direct encryption of each block of input plaintext and output is in form of blocks of encrypted ciphertext. Generally, if a message is larger than b bits in size, it can be broken down into a bunch of blocks and the procedure is repeated. Procedure of ECB is illustrated below: Advantages of using ECB –  Parallel encryption of blocks of bits is possible, thus it is a faster way of encryption.  Simple way of the block cipher.
Disadvantages of using ECB –  Prone to cryptanalysis since there is a direct relationship between plaintext and ciphertext. Cipher Block Chaining(CBC) – Cipher block chaining or CBC is an advancement made on ECB since ECB compromises some security requirements. In CBC, the previous cipher block is given as input to the next encryption algorithm after XOR with the original plaintext block. In a nutshell here, a cipher block is produced by encrypting an XOR output of the previous cipher block and present plaintext block. The process is illustrated here: Advantages of CBC –  CBC works well for input greater than b bits.  CBC is a good authentication mechanism.  Better resistive nature towards cryptanalysis than ECB. Disadvantages of CBC –  Parallel encryption is not possible since every encryption requires a previous cipher.
Cipher Feedback Mode (CFB) – In this mode the cipher is given as feedback to the next block of encryption with some new specifications: first, an initial vector IV is used for first encryption and output bits are divided as a set of s and b-s bits.The left-hand side s bits are selected along with plaintext bits to which an XOR operation is applied. The result is given as input to a shift register having b-s bits to lhs,s bits to rhs and the process continues. The encryption and decryption process for the same is shown below, both of them use encryption algorithms. Advantages of CFB –  Since, there is some data loss due to the use of shift register, thus it is difficult for applying cryptanalysis. Disadvantages of using ECB –  The drawbacks of CFB are the same as those of CBC mode. Both block losses and concurrent encryption of several blocks are not supported by the encryption. Decryption, however, is parallelizable and loss-tolerant.
Output Feedback Mode (OFB)– The output feedback mode follows nearly the same process as the Cipher Feedback mode except that it sends the encrypted output as feedback instead of the actual cipher which is XOR output. In this output feedback mode, all bits of the block are sent instead of sending selected s bits. The Output Feedback mode of block cipher holds great resistance towards bit transmission errors. It also decreases the dependency or relationship of the cipher on the plaintext. Advantages of OFB –  In the case of CFB, a single bit error in a block is propagated to all subsequent blocks. This problem is solved by OFB as it is free from bit errors in the plaintext block. Disadvantages of OFB-  The drawback of OFB is that, because to its operational modes, it is more susceptible to a message stream modification attack than CFB.
Counter Mode (CTR) – The Counter Mode or CTR is a simple counter-based block cipher implementation. Every time a counter-initiated value is encrypted and given as input to XOR with plaintext which results in ciphertext block. The CTR mode is independent of feedback use and thus can be implemented in parallel. Its simple implementation is shown below: Advantages of Counter –  Since there is a different counter value for each block, the direct plaintext and ciphertext relationship is avoided. This means that the same plain text can map to different ciphertext.  Parallel execution of encryption is possible as outputs from previous stages are not chained as in the case of CBC. Disadvantages of Counter-  The fact that CTR mode requires a synchronous counter at both the transmitter and the receiver is a severe drawback. The recovery of plaintext is erroneous when synchronisation is lost.
CNS2 unit 2.pdf

More Related Content

PPTX
Unit 2
KRAMANJANEYULU1
 
PPTX
presentation based on data encryption standards
Swati Sharma
 
PPTX
information security(Feistal Cipher)
Zara Nawaz
 
PDF
Aes 128 192_256_bits_project_report
sakhi rehman
 
PPTX
Block Ciphers and the data encryption standard.pptx
AmbikaVenkatesh4
 
PDF
Final report
Jagbir Kalirai
 
PPT
Unit II.ppt.............................
r47381047
 
PDF
Chapter 3-block-cipher-des1
Shiraz316
 
Unit 2
KRAMANJANEYULU1
 
presentation based on data encryption standards
Swati Sharma
 
information security(Feistal Cipher)
Zara Nawaz
 
Aes 128 192_256_bits_project_report
sakhi rehman
 
Block Ciphers and the data encryption standard.pptx
AmbikaVenkatesh4
 
Final report
Jagbir Kalirai
 
Unit II.ppt.............................
r47381047
 
Chapter 3-block-cipher-des1
Shiraz316
 

Similar to CNS2 unit 2.pdf (20)

PPTX
Block Ciphers and DES.pptx
DrAnilKannur1
 
PPTX
CNS Module 3_AES. in cryptography and network security
bodamaddy
 
PPTX
Information and data security block cipher and the data encryption standard (...
Mazin Alwaaly
 
PDF
Block Ciphers and the Data Encryption Standard
Dr.Florence Dayana
 
PDF
Network Security UNIT-II
rathnadeepa2
 
PDF
icwet1097
Sapna Agarwal
 
PPT
4255596.ppt
ShahidMehmood285010
 
PDF
Renas Rajab Asaad
Renas Rekany
 
PDF
CNS_UNIT2_2024.pdf. Notes
mrudulareddy226
 
PPTX
Strength of des & block cipher principle
Santosh Gupta
 
PDF
Network security R.Rathna Deepa 2nd M.sc.,Computer Science
RathnaDeepa1
 
PPTX
Software EngineeringModule 2 (Complete).pptx
20PZSB7038SachinP1
 
PPT
DES.ppt
RizwanBasha12
 
PDF
Paper on Optimized AES Algorithm Core Using FeedBack Architecture
Dhaval Kaneria
 
PPT
Ch06
Joe Christensen
 
PDF
Iaetsd an survey of efficient fpga implementation of advanced encryption
Iaetsd Iaetsd
 
PPTX
Data Encryption standard in cryptography
NithyasriA2
 
PPT
CNS Module srrggdfgdfhdhdghdghdfgdfgdfgdfgdf
RudhhiShah
 
PPTX
Module 1-Block Ciphers and the Data Encryption Standard.pptx
SridharCS7
 
PDF
Performance Analysis of Data Encryption Standard DES
ijtsrd
 
Block Ciphers and DES.pptx
DrAnilKannur1
 
CNS Module 3_AES. in cryptography and network security
bodamaddy
 
Information and data security block cipher and the data encryption standard (...
Mazin Alwaaly
 
Block Ciphers and the Data Encryption Standard
Dr.Florence Dayana
 
Network Security UNIT-II
rathnadeepa2
 
icwet1097
Sapna Agarwal
 
4255596.ppt
ShahidMehmood285010
 
Renas Rajab Asaad
Renas Rekany
 
CNS_UNIT2_2024.pdf. Notes
mrudulareddy226
 
Strength of des & block cipher principle
Santosh Gupta
 
Network security R.Rathna Deepa 2nd M.sc.,Computer Science
RathnaDeepa1
 
Software EngineeringModule 2 (Complete).pptx
20PZSB7038SachinP1
 
DES.ppt
RizwanBasha12
 
Paper on Optimized AES Algorithm Core Using FeedBack Architecture
Dhaval Kaneria
 
Ch06
Joe Christensen
 
Iaetsd an survey of efficient fpga implementation of advanced encryption
Iaetsd Iaetsd
 
Data Encryption standard in cryptography
NithyasriA2
 
CNS Module srrggdfgdfhdhdghdghdfgdfgdfgdfgdf
RudhhiShah
 
Module 1-Block Ciphers and the Data Encryption Standard.pptx
SridharCS7
 
Performance Analysis of Data Encryption Standard DES
ijtsrd
 
Ad

More from Padamata Rameshbabu (9)

PDF
CD NOTErvvtvvevbvtgv4tgtgtgtgtvefeveS.pdf
Padamata Rameshbabu
 
PDF
Ch03-LexicalAnalysis in compiler design subject.pdf
Padamata Rameshbabu
 
PDF
05SyntaxAnalysis in compiler design notespdf
Padamata Rameshbabu
 
PPTX
Ch03-LexicalAnalysis chapter2 in compiler design.pptx
Padamata Rameshbabu
 
PPT
51114.-Compiler-Design-Syntax-Analysis-Top-down.ppt
Padamata Rameshbabu
 
PPTX
LexicalAnalysis chapter2 i n compiler design.pptx
Padamata Rameshbabu
 
PPT
51114.-Compiler-Design-Syntax-Analysis-Top-down.ppt
Padamata Rameshbabu
 
DOCX
CNS unit -1.docx
Padamata Rameshbabu
 
PDF
Http tutorial
Padamata Rameshbabu
 
CD NOTErvvtvvevbvtgv4tgtgtgtgtvefeveS.pdf
Padamata Rameshbabu
 
Ch03-LexicalAnalysis in compiler design subject.pdf
Padamata Rameshbabu
 
05SyntaxAnalysis in compiler design notespdf
Padamata Rameshbabu
 
Ch03-LexicalAnalysis chapter2 in compiler design.pptx
Padamata Rameshbabu
 
51114.-Compiler-Design-Syntax-Analysis-Top-down.ppt
Padamata Rameshbabu
 
LexicalAnalysis chapter2 i n compiler design.pptx
Padamata Rameshbabu
 
51114.-Compiler-Design-Syntax-Analysis-Top-down.ppt
Padamata Rameshbabu
 
CNS unit -1.docx
Padamata Rameshbabu
 
Http tutorial
Padamata Rameshbabu
 
Ad

Recently uploaded (20)

PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
DOCX
573137875-Attendance-Management-System-original
AYUSHMANAV
 
PDF
Arduino robotics embedded978-1-4302-3184-4.pdf
AbdullahEmam4
 
PPTX
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PDF
composite construction of structures.pdf
AinieButt1
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PPTX
additive manufacturing of ss316l using mig welding
premcdr7799
 
PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PPTX
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PDF
Well-logging-methods_new................
ZafriFarid
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
Project quality management in manufacturing
BarMusaTetik
 
573137875-Attendance-Management-System-original
AYUSHMANAV
 
Arduino robotics embedded978-1-4302-3184-4.pdf
AbdullahEmam4
 
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
composite construction of structures.pdf
AinieButt1
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
additive manufacturing of ss316l using mig welding
premcdr7799
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PPT on Performance Review to get promotions
prashant593122
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
Sustainable Sites - Green Building Construction
mhdumerali
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
Well-logging-methods_new................
ZafriFarid
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 

CNS2 unit 2.pdf

  • 1. Feistel Block Cipher Feistel Cipher is not a specific scheme of block cipher. It is a design model from which many different block ciphers are derived. DES is just one example of a Feistel Cipher. A cryptographic system based on Feistel cipher structure uses the same algorithm for both encryption and decryption. Encryption Process The encryption process uses the Feistel structure consisting multiple rounds of processing of the plaintext, each round consisting of a “substitution” step followed by a permutation step. Feistel Structure is shown in the following illustration −  The input block to each round is divided into two halves that can be denoted as L and R for the left half and the right half.
  • 2.  In each round, the right half of the block, R, goes through unchanged. But the left half, L, goes through an operation that depends on R and the encryption key. First, we apply an encrypting function ‘f’ that takes two input − the key K and R. The function produces the output f(R,K). Then, we XOR the output of the mathematical function with L.  In real implementation of the Feistel Cipher, such as DES, instead of using the whole encryption key during each round, a round-dependent key (a subkey) is derived from the encryption key. This means that each round uses a different key, although all these subkeys are related to the original key.  The permutation step at the end of each round swaps the modified L and unmodified R. Therefore, the L for the next round would be R of the current round. And R for the next round be the output L of the current round.  Above substitution and permutation steps form a ‘round’. The number of rounds are specified by the algorithm design.  Once the last round is completed then the two sub blocks, ‘R’ and ‘L’ are concatenated in this order to form the ciphertext block. The difficult part of designing a Feistel Cipher is selection of round function ‘f’. In order to be unbreakable scheme, this function needs to have several important properties that are beyond the scope of our discussion. Decryption Process The process of decryption in Feistel cipher is almost similar. Instead of starting with a block of plaintext, the ciphertext block is fed into the start of the Feistel structure and then the process thereafter is exactly the same as described in the given illustration. The process is said to be almost similar and not exactly same. In the case of decryption, the only difference is that the subkeys used in encryption are used in the reverse order. The final swapping of ‘L’ and ‘R’ in last step of the Feistel Cipher is essential. If these are not swapped then the resulting ciphertext could not be decrypted using the same algorithm. Number of Rounds The number of rounds used in a Feistel Cipher depends on desired security from the system. More number of rounds provide more secure system. But at the same time, more rounds mean the inefficient slow encryption and decryption processes. Number of rounds in the systems thus depend upon efficiency–security tradeoff. Block Cipher Design Principles Block ciphers are built in the Feistel cipher structure. Block cipher has a specific number of rounds and keys for generating ciphertext. For defining the complexity level of an algorithm few design principles are to be considered. These are explained as following below :
  • 3. Number of Rounds – The number of Rounds is regularly considered in design criteria, it just reflects the number of rounds to be suitable for an algorithm to make it more complex, in DES we have 16 rounds ensuring it to be more secure while in AES we have 10 rounds which makes it more secure. Design of function F – The core part of the Feistel Block cipher structure is the Round Function. The complexity of cryptanalysis can be derived from the Round function i.e. the increasing level of complexity for the round function would be greatly contributing to an increase in complexity. To increase the complexity of the round function, the avalanche effect is also included in the round function, as the change of a single bit in plain text would produce a mischievous output due to the presence of avalanche effect. Key schedule algorithm – In Feistel Block cipher structure, each round would generate a sub-key for increasing the complexity of cryptanalysis. The Avalanche effect makes it more complex in deriving sub-key. Decryption must be done very carefully to get the actual output as the avalanche effect is present in it. Triple DES The speed of exhaustive key searches against DES after 1990 began to cause discomfort amongst users of DES. However, users did not want to replace DES as it takes an enormous amount of time and money to change encryption algorithms that are widely adopted and embedded in large security architectures. The pragmatic approach was not to abandon the DES completely, but to change the manner in which DES is used. This led to the modified schemes of Triple DES (sometimes known as 3DES). Incidentally, there are two variants of Triple DES known as 3-key Triple DES (3TDES) and 2-key Triple DES (2TDES). 3-KEY Triple DES Before using 3TDES, user first generate and distribute a 3TDES key K, which consists of three different DES keys K1, K2 and K3. This means that the actual 3TDES key has length 3×56 = 168 bits. The encryption scheme is illustrated as follows −
  • 4. The encryption-decryption process is as follows −  Encrypt the plaintext blocks using single DES with key K1.  Now decrypt the output of step 1 using single DES with key K2.  Finally, encrypt the output of step 2 using single DES with key K3.  The output of step 3 is the ciphertext.  Decryption of a ciphertext is a reverse process. User first decrypt using K3, then encrypt with K2, and finally decrypt with K1. Due to this design of Triple DES as an encrypt–decrypt–encrypt process, it is possible to use a 3TDES (hardware) implementation for single DES by setting K1, K2, and K3 to be the same value. This provides backwards compatibility with DES. Second variant of Triple DES (2TDES) is identical to 3TDES except that K3is replaced by K1. In other words, user encrypt plaintext blocks with key K1, then decrypt with key K2, and finally encrypt with K1 again. Therefore, 2TDES has a key length of 112 bits. Triple DES systems are significantly more secure than single DES, but these are clearly a much slower process than encryption using single DES. International Data Encryption Algorithm (IDEA) In cryptography, block ciphers are very important in the designing of many cryptographic algorithms and are widely used to encrypt the bulk of data in chunks. By chunks, it means that the cipher takes a fixed size of the plaintext in the encryption process and generates a fixed size ciphertext using a fixed- length key. An algorithm’s strength is determined by its key length.
  • 5. The Simplified International Data Encryption Algorithm (IDEA) is a symmetric key block cipher that:  uses a fixed-length plaintext of 16 bits and  encrypts them in 4 chunks of 4 bits each  to produce 16 bits ciphertext.  The length of the key used is 32 bits.  The key is also divided into 8 blocks of 4 bits each. This algorithm involves a series of 4 identical complete rounds and 1 half- round. Each complete round involves a series of 14 steps that includes operations like:  Bitwise XOR  Addition modulo  Multiplication modulo +1 After 4 complete rounds, the final “half-round” consists of only the first 4 out of the 14 steps previously used in the full rounds. To perform these rounds, each binary notation must be converted to its equivalent decimal notation, perform the operation and the result obtained should be converted back to the binary representation for the final result of that particular step. Key Schedule: 6 subkeys of 4 bits out of the 8 subkeys are used in each complete round, while 4 are used in the half-round. So, 4.5 rounds require 28 subkeys. The given key, ‘K’, directly gives the first 8 subkeys. By rotating the main key left by 6 bits between each group of 8, further groups of 8 subkeys are created, implying less than one rotation per round for the key (3 rotations).
  • 6. Decryption Decryption works like encryption, but the order of the round keys is inverted, and the subkeys for the odd rounds are inversed. For instance, the values of subkeys K1–K4 are replaced by the inverse of K49–K52 for the respective group operation, K5 and K6 of each group should be replaced by K47 and K48 for decryption. Weak keys  The very simple key schedule makes IDEA subject to a class of weak keys; some keys containing a large number of 0 bits produce weak encryption.  These are of little concern in practice, being sufficiently rare that they are unnecessary to avoid explicitly when generating keys randomly. A simple fix was proposed: XORing each subkey with a 16-bit constant, such as 0x0DAE.  Larger classes of weak keys were found in 2002.  This is still of negligible probability to be a concern to a randomly chosen key, and some of the problems are fixed by the constant XOR proposed earlier, but the paper is not certain if all of them are. A more comprehensive redesign of the IDEA key schedule may be desirable. Advanced Encryption Standard The more popular and widely adopted symmetric encryption algorithm likely to be encountered nowadays is the Advanced Encryption Standard (AES). It is found at least six time faster than triple DES. A replacement for DES was needed as its key size was too small. With increasing computing power, it was considered vulnerable against exhaustive key search attack. Triple DES was designed to overcome this drawback but it was found slow. The features of AES are as follows −  Symmetric key symmetric block cipher  128-bit data, 128/192/256-bit keys  Stronger and faster than Triple-DES  Provide full specification and design details  Software implementable in C and Java Operation of AES AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation network’. It comprises of a series of linked operations, some of which involve replacing inputs by specific outputs (substitutions) and others involve shuffling bits around (permutations). Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four rows for processing as a matrix −
  • 7. Unlike DES, the number of rounds in AES is variable and depends on the length of the key. AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each of these rounds uses a different 128-bit round key, which is calculated from the original AES key. The schematic of AES structure is given in the following illustration − Encryption Process Here, we restrict to description of a typical round of AES encryption. Each round comprise of four sub-processes. The first round process is depicted below −
  • 8. Byte Substitution (SubBytes) The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result is in a matrix of four rows and four columns. Shiftrows Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re- inserted on the right side of row. Shift is carried out as follows −  First row is not shifted.  Second row is shifted one (byte) position to the left.  Third row is shifted two positions to the left.  Fourth row is shifted three positions to the left.  The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other. MixColumns Each column of four bytes is now transformed using a special mathematical function. This function takes as input the four bytes of one column and outputs four completely new bytes, which replace the original column. The result is another new matrix consisting of 16 new bytes. It should be noted that this step is not performed in the last round. Addroundkey The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the round key. If this is the last round then the output is the ciphertext. Otherwise, the resulting 128 bits are interpreted as 16 bytes and we begin another similar round. Decryption Process The process of decryption of an AES ciphertext is similar to the encryption process in the reverse order. Each round consists of the four processes conducted in the reverse order −  Add round key  Mix columns  Shift rows  Byte substitution Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the encryption and decryption algorithms needs to be separately implemented, although they are very closely related. AES Analysis In present day cryptography, AES is widely adopted and supported in both hardware and software. Till date, no practical cryptanalytic attacks against AES has been discovered. Additionally, AES has built-in flexibility of key length, which allows a
  • 9. degree of ‘future-proofing’ against progress in the ability to perform exhaustive key searches. However, just as for DES, the AES security is assured only if it is correctly implemented and good key management is employed. Block Cipher modes of Operation Encryption algorithms are divided into two categories based on the input type, as a block cipher and stream cipher. Block cipher is an encryption algorithm that takes a fixed size of input say b bits and produces a ciphertext of b bits again. If the input is larger than b bits it can be divided further. For different applications and uses, there are several modes of operations for a block cipher. Electronic Code Book (ECB) – Electronic code book is the easiest block cipher mode of functioning. It is easier because of direct encryption of each block of input plaintext and output is in form of blocks of encrypted ciphertext. Generally, if a message is larger than b bits in size, it can be broken down into a bunch of blocks and the procedure is repeated. Procedure of ECB is illustrated below: Advantages of using ECB –  Parallel encryption of blocks of bits is possible, thus it is a faster way of encryption.  Simple way of the block cipher.
  • 10. Disadvantages of using ECB –  Prone to cryptanalysis since there is a direct relationship between plaintext and ciphertext. Cipher Block Chaining(CBC) – Cipher block chaining or CBC is an advancement made on ECB since ECB compromises some security requirements. In CBC, the previous cipher block is given as input to the next encryption algorithm after XOR with the original plaintext block. In a nutshell here, a cipher block is produced by encrypting an XOR output of the previous cipher block and present plaintext block. The process is illustrated here: Advantages of CBC –  CBC works well for input greater than b bits.  CBC is a good authentication mechanism.  Better resistive nature towards cryptanalysis than ECB. Disadvantages of CBC –  Parallel encryption is not possible since every encryption requires a previous cipher.
  • 11. Cipher Feedback Mode (CFB) – In this mode the cipher is given as feedback to the next block of encryption with some new specifications: first, an initial vector IV is used for first encryption and output bits are divided as a set of s and b-s bits.The left-hand side s bits are selected along with plaintext bits to which an XOR operation is applied. The result is given as input to a shift register having b-s bits to lhs,s bits to rhs and the process continues. The encryption and decryption process for the same is shown below, both of them use encryption algorithms. Advantages of CFB –  Since, there is some data loss due to the use of shift register, thus it is difficult for applying cryptanalysis. Disadvantages of using ECB –  The drawbacks of CFB are the same as those of CBC mode. Both block losses and concurrent encryption of several blocks are not supported by the encryption. Decryption, however, is parallelizable and loss-tolerant.
  • 12. Output Feedback Mode (OFB)– The output feedback mode follows nearly the same process as the Cipher Feedback mode except that it sends the encrypted output as feedback instead of the actual cipher which is XOR output. In this output feedback mode, all bits of the block are sent instead of sending selected s bits. The Output Feedback mode of block cipher holds great resistance towards bit transmission errors. It also decreases the dependency or relationship of the cipher on the plaintext. Advantages of OFB –  In the case of CFB, a single bit error in a block is propagated to all subsequent blocks. This problem is solved by OFB as it is free from bit errors in the plaintext block. Disadvantages of OFB-  The drawback of OFB is that, because to its operational modes, it is more susceptible to a message stream modification attack than CFB.
  • 13. Counter Mode (CTR) – The Counter Mode or CTR is a simple counter-based block cipher implementation. Every time a counter-initiated value is encrypted and given as input to XOR with plaintext which results in ciphertext block. The CTR mode is independent of feedback use and thus can be implemented in parallel. Its simple implementation is shown below: Advantages of Counter –  Since there is a different counter value for each block, the direct plaintext and ciphertext relationship is avoided. This means that the same plain text can map to different ciphertext.  Parallel execution of encryption is possible as outputs from previous stages are not chained as in the case of CBC. Disadvantages of Counter-  The fact that CTR mode requires a synchronous counter at both the transmitter and the receiver is a severe drawback. The recovery of plaintext is erroneous when synchronisation is lost.