Cryptography and Network Security-Module-I.pdf

Cryptography and Network Security
-Dr.Manjunath Kotari
Professor & Head-CSE
Alva’s Institute of Engineering & Technology, Moodbidri
8/23/2025
Courtesy: William stallings, “Cryptography and Network Security”, Pearson Publication,
Seventh Edition.
1

CLASSICAL ENCRYPTION TECHNIQUES
Module-1
8/23/2025
Seventh Edition.
2

A MODEL FOR NETWORK SECURITY
Figure 1.1 : Model for Network Security
8/23/2025
Seventh Edition.
3

▪ All the techniques for providing security have two components:
1. A security-related transformation on the information to be sent.
Examples include the encryption of the message, which scrambles
the message so that it is unreadable by the opponent, and the
addition of a code based on the contents of the message, which can
be used to verify the identity of the sender.
2. Some secret information shared by the two principals and, it is
hoped, unknown to the opponent. An example is an encryption key
used in conjunction with the transformation to scramble the message
before transmission and unscramble it on reception.
8/23/2025
Seventh Edition.
4

▪ A trusted third party may be needed to achieve secure transmission.
― For example, a third party may be responsible for distributing the secret
information to the two principals while keeping it from any opponent.
― Or a third party may be needed to arbitrate disputes between the two
principals concerning the authenticity of a message transmission.
▪ This general model shows that there are four basic tasks in designing a
particular security service:
1. Design an algorithm for performing the security-related transformation.
The algorithm should be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the
security algorithm and the secret information to achieve a particular
security service.
8/23/2025
Seventh Edition.
5

Figure 1.2 : Network Access Security Model
▪ Figure 1.2 reflects a concern for protecting an information system from
un wanted access.
▪ The hacker can be someone who, with no malign intent, simply gets
satisfaction from breaking and entering a computer system.
▪ The intruder can be a disgruntled employee who wishes to do damage
or a criminal who seeks to exploit computer assets for financial gain
(e.g., obtaining credit card numbers or performing illegal money
transfers).
▪ Another type of unwanted access is the placement in a computer system
of logic that exploits vulnerabilities in the system and that can affect
application programs as well as utility programs, such as editors and
compilers. 8/23/2025
Seventh Edition.
6

▪ Programs can present two kinds of threats:
1. Information access threats: Intercept or modify data on behalf of users
who should not have access to that data.
2. Service threats: Exploit service flaws in computers to inhibit use by
legitimate users
▪ Viruses and worms are two examples of software attacks. Such attacks
can be introduced into a system by means of a disk that contains the
unwanted logic concealed in otherwise useful software. They can also
be inserted into a system across a network
8/23/2025
Seventh Edition.
7

▪ The security mechanisms needed to cope with unwanted access fall into
two broad categories
1. The first category might be termed a gate keeper function. It includes
password-based login procedures that are designed to deny access to
all but authorized users and screening logic that is designed to detect
and reject worms, viruses, and other similar attacks.
2. Once either an unwanted user or unwanted software gains access, the
second line of defense consists of a variety of internal controls that
monitor activity and analyze stored information in an attempt to detect
the presence of unwanted intruders.
8/23/2025
Seventh Edition.
8

BASIC CONCEPTS
▪ Plaintext: The original message
▪ Cipher text : The coded message
▪ Enciphering / Encryption: The process of converting plaintext to cipher text using a cipher
and a key
▪ Deciphering / Decryption: the process of restoring the plaintext from the cipher text
▪ Cryptanalysis : techniques used for deciphering a message without any knowledge of the
enciphering details .Also called code breaking
▪ Cryptology : Both cryptography and cryptanalysis
8/23/2025
Seventh Edition.
9

SYMMETRIC CIPHER MODEL
Fig: Simplified Model of Symmetric Encryption
8/23/2025
Seventh Edition.
10

▪ A symmetric encryption scheme has five ingredients
1. Plaintext: The original intelligible message or data that is fed into
algorithm as
input
2. Encryption algorithm: performs various substitution and
transformations on the plaintext
3. Secret key: input to the encryption algorithm.
4. Cipher text: scrambled message produced as output
5. Decryption algorithm: takes cipher text and secret key and produces
the original plaintext
▪ Two requirements for secure use of symmetric encryption
– a strong encryption algorithm
– a secret key known only to sender / receiver 8/23/2025
Seventh Edition.
11

▪ A source produces a message in
plaintext,X = [X1, X2, ..,XM].
▪ For encryption, a key of the form K =
[K1, K2,….,KJ] is generated.
▪ If the key is generated at the message
source, then it must also be provided
to the destination by means of some
secure channel
▪ Alternatively, a third party could
generate the key and securely deliver
it to both source and destination
Fig: Model of Symmetric
Cryptosystem
8/23/2025
Seventh Edition.
12

▪ With the message X and the encryption key K
as input, the encryption algorithm forms the
ciphertext Y = [Y1, Y2,… ,YN].
Y = E(K, X)
▪ The intended receiver, in possession of the
key, is able to invert the transformation:
X = D(K, Y)
Fig: Model of Symmetric Cryptosystem
Cryptanalyst: This entity attempts to intercept the ciphertext and potentially
the key (K) to deduce the original plaintext (X) or the secret key (K), aiming
to compromise the security of the system.
The cryptanalyst's outputs are estimated plaintext and estimated key
8/23/2025
Seventh Edition.
13

CRYPTOGRAPHY
▪ Cryptographic systems are characterized along three independent
dimensions
▪ The type of operations used for transforming plaintext to ciphertext
- Substitution
- Transposition
▪ The number of keys used
- symmetric, single-key, secret-key, or conventional encryption
- asymmetric, two-key, or public-key encryption
▪ The way in which the plaintext is processed
- Block cipher
- Stream cipher 8/23/2025
Seventh Edition.
14

CRYPTANALYSIS AND BRUTE-FORCE ATTACK
▪ There are two general approaches to attacking a conventional encryption
scheme
1. Cryptanalysis
- rely on the nature of the algorithm plus some knowledge of the
general characteristics of the plaintext or even some sample
plaintext–ciphertext pairs
- exploits the characteristics of the algorithm to attempt to deduce a
specific plaintext or to deduce the key being used
2. Brute-force attack
- The attacker tries every possible key on a piece of ciphertext until an
intelligible translation into plaintext is obtained
- On average, half of all possible keys must be tried to achieve success
8/23/2025
Seventh Edition.
15

Table 1:Types of attacks on Encrypted
Messages
8/23/2025
Seventh Edition.
16

▪ The ciphertext-only attack is the easiest to defend against because the
opponent has the least amount of information to work with.
▪ In many cases, however, the analyst has more information. The analyst
may be able to capture one or more plaintext messages as well as their
encryptions. Or the analyst may know that certain plaintext patterns will
appear in a message. For example, a file that is encoded in the Postscript
format always begins with the same pattern, or there may be a
standardized header or banner to an electronic funds transfer message,
and so on. All these are examples of known plaintext. With this
knowledge, the analyst may be able to deduce the key on the basis of the
way in which the known plaintext is transformed.
8/23/2025
Seventh Edition.
17

▪ If the analyst is able somehow to get the source system to insert into the
sys tem a message chosen by the analyst, then a chosen-plaintext attack is
possible.
▪ In general, if the analyst is able to choose the messages to encrypt, the
analyst may deliberately pick patterns that can be expected to reveal the
structure of the key.
▪ chosen ciphertext and chosen text are less commonly employed as
cryptanalytic techniques but are nevertheless possible avenues of attack.
▪ An encryption scheme is unconditionally secure if the ciphertext
generated by the scheme does not contain enough information to
determine uniquely the corresponding plaintext, no matter how much
ciphertext is available.
8/23/2025
Seventh Edition.
18

SUBSTITUTION TECHNIQUE
▪ letters of plaintext are replaced by other letters or by numbers or
symbols
▪ If the plaintext is viewed as a sequence of bits, then substitution involves
replacing plaintext bit patterns with ciphertext bit patterns
Caesar Cipher
▪ involves replacing each letter of the alphabet with the letter standing
three places further down the alphabet. For example,
▪ plain: meet me after the toga party
cipher: PHHW PH DIWHU WKH WRJD SDUWB
8/23/2025
Seventh Edition.
19

plain text : a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher text: d e f g h i j k l m n o p q r s t u v w x y z a b c
0 1 2 3 4 5 6 7 8 9 10 11 12
A B C D E F G H I J K L M
13 14 15 16 17 18 19 20 21 22 23 24 25
N O P Q R S T U V W X Y Z
8/23/2025
Seventh Edition.
20

▪ Then the algorithm can be expressed as follows. For each plaintext letter
p, substitute the ciphertext letter C
C = E(3, p) = (p + 3) mod 26
▪ A shift may be of any amount, so that the general Caesar algorithm is
where k takes on a value in the range 1 to 25
▪ The decryption algorithm is simply
C = E(k, p) = (p + k) mod
26
p = D(k,C) = (C - k)
mod 26
8/23/2025
Seventh Edition.
21

Problem:
Construct the ciphertext for the message “program” using Caesar cipher
with key =15
8/23/2025
Seventh Edition.
22

▪ If it is known that a given ciphertext is a Caesar cipher, then a brute-force
cryptanalysis is easily performed: simply try all the 25 possible keys
Table 2: Brute force
cryptanalysis
8/23/2025
Seventh Edition.
23

▪ Three important characteristics of this problem enabled us to use a bruteforce
cryptanalysis
- The encryption and decryption algorithms are known
- There are only 25 keys to try
- The language of the plaintext is known and easily recognizable
8/23/2025
Seventh Edition.
24

MONOALPHABETIC CIPHER
▪ The “cipher” line can be any permutation of the 26 alphabetic
characters,then there are 26! possible keys
▪ This would seem to eliminate brute-force techniques for cryptanalysis
▪ single cipher alphabet (mapping from plain alphabet to cipher
alphabet) is used per message
▪ English language- the nature of the plaintext is known
8/23/2025
Seventh Edition.
25

0 1 2 3 4 5 6 7 8 9 10 11 12
A B C D E F G H I J K L M
13 14 15 16 17 18 19 20 21 22 23 24 25
N O P Q R S T U V W X Y Z
Example: Plain Text: MYSURU
cipher text: BFXPIP
8/23/2025
Seventh Edition.
26

Fig:Relative Frequency of Letters in English Text
8/23/2025
Seventh Edition.
27

MONOALPHABETIC CIPHER EXAMPLE: GZGEWVGRNCP
CT G Z G E W V G R N C P
PT E E E
PT E E T E
PT E E T E A
PT E E T E L A
PT E E T E L A N
PT E E T E P L A N
PT E X E C U T E P L A N
8/23/2025
Seventh Edition.
28

8/23/2025
Seventh Edition.
29

PROS AND CONS
Pros
1.Better security than Caeser cipher
Cons
1.Monoalphabetic ciphers are easy to break because they reflect the
frequency data of the original alphabet
2.Prone to guessing attack using the English letter frequency of occurrence of
letters
8/23/2025
Seventh Edition.
30

PLAYFAIR CIPHER
▪ Multiple-letter encryption cipher which treats digrams in the plaintext as single
units and translates these units into ciphertext digrams
▪ The Playfair algorithm is based on the use of a 5 * 5 matrix of letters constructed
using a keyword.
▪ For the encryption process let us consider the following example
key: monarchy
Plaintext: instruments
8/23/2025
Seventh Edition.
31

▪ The Playfair Cipher Encryption Algorithm:
The Algorithm consists of 2 steps:
1. Generate the key Square(5×5):
- The key square is a 5×5 grid of alphabets that acts as the key for encrypting the
plaintext.
- The initial alphabets in the key square are the unique alphabets of the key in
the order in which they appear followed by the remaining letters of the
alphabet in order. M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
8/23/2025
Seventh Edition.
32

2.Algorithm to encrypt the plain text: The plaintext is split into pairs of two
letters (digraphs). If there is an odd number of letters, a Z is added to the last
letter.
For example
PlainText: "instruments"
After Split: 'in' 'st' 'ru' 'me' 'nt' ‘sz’
Rule 1: Pair cannot be made with same letter. Break the letter in single and add a
bogus letter to the previous letter.
example : Plain Text:“hello”
After Split:‘he’‘lx’‘lo’ --- Here ‘x’ is the bogus letter.
8/23/2025
Seventh Edition.
33

Rule 2: If the letter is standing alone in the process of pairing, then add an extra
bogus letter with the alone letter
e.g.,: Plain Text:“helloe”
After Split:‘he’‘lx’‘lo’‘ez’ -----Here ‘z’ is the bogus letter.
Rule 3: If both the letters are in the same column |↓| wrap around i.e.,Take the letter
below each one (going back to the top if at the bottom).
e.g.,: Diagraph: "me"
Encrypted Text: cl (m -> c, e -> l)
8/23/2025
Seventh Edition.
34

Rule 4: If both the letters are in the same row |→| wrap around i.e.,Take the letter
to the
right of each one (going back to the leftmost if at the rightmost position).
Example : Diagraph: "st“
Encrypted Text: tl(s -> t, t -> l)
If neither of the above rules is true: Form a rectangle with the two letters and take
the letters on the horizontal opposite corner of the rectangle.
Example: Diagraph: "nt“
Encrypted Text: rq (n -> r, t -> q)
8/23/2025
Seventh Edition.
35

For example
Plain Text: "instrumentsz"
Encrypted Text: gatlmzclrqtx
Encryption
i -> g n -> a s -> t t -> l r -> m u -> z m -> c e -> l
n -> r t -> q s -> t z -> x
8/23/2025
Seventh Edition.
36

Problems
1. Encrypt the plaintext “Attack postponed to tomorrow and do not use
our secret paper until further info” using the monoalphabetic cipher
technique
Secret key: the brown fox jumps over the lazy dog
Note: Ignore the second and latter occurrence of alphabets in the
key
8/23/2025
Seventh Edition.
37

Using this Playfair matrix:
Encrypt this message: Must see you over Cadogan West. Coming at
once.
8/23/2025
Seventh Edition.
38

HILL CIPHER
▪ Multi-letter cipher
▪ Developed by the mathematician Lester Hill in 1929
▪ Encrypts group of letters: digraph, trigraph or polygraph
▪ Review few terminologies from linear algebra
- matrix arithmetic modulo 26
- Square matrix
- Determinant
- Multiplicative inverse
8/23/2025
Seventh Edition.
39

The Hill Algorithm
C = E(K,P) = PK mod 26
P = D(K,C) = CK-1 mod 26 = PKK-1 mod 26
K11 K12 K13
(C1,C2,C3)=(P1,P2,P3) K21 K22 K23 mod 26
K31 K32 K33
C1 = (P1 K11 + P2 K21 + P3 K31 ) mod 26
C2 = (P1 K12 + P2 K22 + P3 K32 ) mod 26
C3 = (P1 K13 + P2 K23 + P3 K33 ) mod 26
Encryption
8/23/2025
Seventh Edition.
40

EXAMPLE: ENCRYPTION
▪ Plain text: pay more money
▪ Key: 17 17 5
21 18 21
2 2 19
PT: pay mor emo ney
P A Y M O R E M O N E Y
15 0 24 12 14 17 4 12 14 13 4 24
8/23/2025
Seventh Edition.
41

▪ Encrypting : pay
K11 K12 K13
(C1,C2,C3)=(P1,P2,P3) K21 K22 K23 mod 26
K31 K32 K33
17 17 5
(C1,C2,C3)=(15 0 24) 21 18 21 mod 26
2 2 19
= (15*17+0*21+24*2 15*17+0*18+24*2 15*5+0*21+24*19) mod 26
= (303 303 531) mod 26
= (17 17 11)
(C1,C2,C3) = (R R L)
8/23/2025
Seventh Edition.
42

▪ Encrypting : mor
K11 K12 K13
(C1,C2,C3)=(P1,P2,P3) K21 K22 K23 mod 26
K31 K32 K33
17 17 5
(C1,C2,C3)=(12 14 17) 21 18 21 mod 26
2 2 19
= (12*17+14*21+17*2 12*17+14*18+17*2 12*5+14*21+17*19) mod 26
= (532 490 677) mod 26
= (12 22 1)
(C1,C2,C3) = (M W B)
8/23/2025
Seventh Edition.
43

▪ Encrypting : emo
K11 K12 K13
(C1,C2,C3)=(P1,P2,P3) K21 K22 K23 mod 26
K31 K32 K33
17 17 5
(C1,C2,C3)=(4 12 14) 21 18 21 mod 26
2 2 19
= (4*17+12*21+14*2 4*17+12*18+14*2 4*5+12*21+14*19) mod 26
= (348 312 538) mod 26
= (10 0 18)
(C1,C2,C3) = (K A S)
8/23/2025
Seventh Edition.
44

▪ Encrypting : ney
K11 K12 K13
(C1,C2,C3)=(P1,P2,P3) K21 K22 K23 mod 26
K31 K32 K33
17 17 5
(C1,C2,C3)=(13 4 24) 21 18 21 mod 26
2 2 19
= (13*17+4*21+24*2 13*17+4*18+24*2 13*5+4*21+24*19) mod 26
= (353 341 605) mod 26
= (15 3 7)
(C1,C2,C3) = (P D H)
8/23/2025
Seventh Edition.
45

PT P A Y M O R E M O N E y
CT R R L M W B K A S P D H
Plain text: pay more money
Cipher text: rrlmwbkaspdh
8/23/2025
Seventh Edition.
46

8/23/2025
Seventh Edition.
47

8/23/2025
Seventh Edition.
48

8/23/2025
Seventh Edition.
49

8/23/2025
Seventh Edition.
50

8/23/2025
Seventh Edition.
51

8/23/2025
Seventh Edition.
52

8/23/2025
Seventh Edition.
53

8/23/2025
Seventh Edition.
54

8/23/2025
Seventh Edition.
55

8/23/2025
Seventh Edition.
56

8/23/2025
Seventh Edition.
57

8/23/2025
Seventh Edition.
58

8/23/2025
Seventh Edition.
59

8/23/2025
Seventh Edition.
60

8/23/2025
Seventh Edition.
61

8/23/2025
Seventh Edition.
62

VIGENERE CIPHER
▪ Vigenère cipher is an algorithm that uses a number of linked caesar
ciphers to encrypt an alphabetic text.
▪ It is based on the alphabets of a keyword.
▪ This cipher is a representation of a polyalphabetic substitution.
▪ It is simple to understand and use this algorithm
▪ Encryption
The plaintext(P) and key(K) are added modulo 26.
Ei = (Pi + Ki) mod 26
▪ Decryption
Di = (Ei - Ki) mod 26
8/23/2025
Seventh Edition.
63

EXAMPLE:
Plaintext: we are discovered save yourself
Key: deceptive
8/23/2025
Seventh Edition.
64

8/23/2025
Seventh Edition.
65

▪ The strength of this cipher is that there are multiple ciphertext letters for each
plaintext letter, one for each unique letter of the keyword. Thus, the letter
frequency information is obscured.
Cryptanalysis
▪ Determining the length of the keyword
▪ Key and the plaintext share the same frequency distribution of letters, a
statistical techniques can be applied
8/23/2025
Seventh Edition.
66

8/23/2025
Seventh Edition.
67

ONE – TIME PAD
▪ Random key that is as long as the message
▪ The key need not be repeated
▪ In addition, the key is to be used to encrypt and decrypt a single message and
then is discarded
▪ Each new message requires a new key of the same length as the new message
▪ Such a scheme, known a one-time pad, is unbreakable.
▪ No statistical relationship to the plain text
▪ Because the ciphertext contains no information whatsoever about the plaintext,
there is simply no way to break the code
8/23/2025
Seventh Edition.
68

EXAMPLE
▪ Consider the ciphertext
ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
▪ We now show two different decryptions using two different keys:
ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih
plaintext mr mustard with the candlestick in the hall
ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
key : pftgpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt
plaintext: miss scarlet with the knife in the library
8/23/2025
Seventh Edition.
69

▪ Suppose that a cryptanalyst had managed to find these two keys.
▪ Two possible plaintexts are produced. How is the cryptanalyst to decide which is the correct
decryption (i.e., which is the correct key)?
▪ If the actual key were produced in a truly random fashion, then the cryptanalyst cannot say that one
of these two keys is more likely than the other.
▪ Thus, there is no way to decide which key is correct and therefore which plaintext is correct.
▪ In fact, given any plaintext of equal length to the ciphertext, there is a key that produces that
plaintext. Therefore, if you did an exhaustive search of all possible keys, you would end up with
many legible plaintexts, with no way of knowing which was the intended plaintext.
▪ Therefore, the code is unbreakable.
▪ The security of the one-time pad is entirely due to the randomness of the key
8/23/2025
Seventh Edition.
70

Two fundamental difficulties
▪ The practical problem of making large quantities of random keys
▪ Even more daunting is the problem of key distribution and protection
▪ Because of these difficulties, the one-time pad is of limited utility and is useful
primarily for low-bandwidth channels requiring very high security
8/23/2025
Seventh Edition.
71

PERFECT SECRECY
▪ The one-time pad is the only cryptosystem that exhibits what referred to as
perfect secrecy
▪ perfect secrecy is the notion that , given an encrypted message (or ciphertext)
from a perfectly secure encryption system(or cipher), absolutely nothing will
be revealed about the unencrypted message(or plaintext) by the cipherext.
8/23/2025
Seventh Edition.
72

STEGANOGRAPHY
▪ Steganography is the practice of concealing a message within another
message or physical object in a way that the hidden message is not obvious
to an observer.
▪ It differs from cryptography, which aims to make a message unreadable, as
steganography focuses on concealing the very existence of the message
itself
▪ A simple form of steganography, but one that is time-consuming to con
struct, is one in which an arrangement of words or letters within an
apparently innocuous text spells out the real message.
▪ For example, the sequence of first letters of each word of the overall
message spells out the hidden message.
8/23/2025
Seventh Edition.
73

Figure : A Puzzle for Inspector Morse
a subset of the words of the overall message is used to convey the hidden
message. See if you can decipher this; it’s not too hard.
8/23/2025
Seventh Edition.
74

▪ Various other techniques have been used historically; some examples are
the following
▪ Character marking: Selected letters of printed or typewritten text are
over written in pencil. The marks are ordinarily not visible unless the
paper is held at an angle to bright light.
▪ Invisible ink: A number of substances can be used for writing but leave
no visible trace until heat or some chemical is applied to the paper.
▪ Pin punctures: Small pin punctures on selected letters are ordinarily not
visible unless the paper is held up in front of a light.
▪ Typewriter correction ribbon: Used between lines typed with a black
ribbon, the results of typing with the correction tape are visible only
under a strong light
8/23/2025
Seventh Edition.
75

▪ Steganography has a number of drawbacks when compared to
encryption. It requires a lot of overhead to hide a relatively few bits of
information
▪ Alternatively, a message can be first encrypted and then hidden using
steganography.
▪ The advantage of steganography is that it can be employed by parties
who have something to lose should the fact of their secret
communication (not necessar ily the content) be discovered.
▪ Encryption flags traffic as important or secret or may identify the sender
or receiver as someone with something to hide.
8/23/2025
Seventh Edition.
76

BLOCK CIPHERS AND THE DATA ENCRYPTION STANDARD
8/23/2025
Seventh Edition.
77

TOPICS COVERED
➢Traditional block Cipher structure
➢The data encryption standard
➢A DES example
➢The strength of DES
➢Block cipher design principles
8/23/2025
Seventh Edition.
78

TRADITIONAL BLOCK CIPHER STRUCTURE
Stream Ciphers and Block Ciphers
▪ stream ciphers process messages a bit or byte at a time when en/decrypting
▪ Ex: autokeyed Vigenère cipher
Fig: Steam cipher using algorithmic bit stream
generator
8/23/2025
Seventh Edition.
79

▪ block ciphers process messages in blocks, each of which is then en/decrypted
▪ Typically, a block size of 64 or 128 bits is used
▪ many current ciphers are block ciphers
Fig: Block cipher
8/23/2025
Seventh Edition.
80

MOTIVATION FOR THE FEISTEL CIPHER STRUCTURE
▪ Most symmetric block ciphers are based on a Feistel Cipher Structure
▪ A block cipher operates on a plaintext block of n bits to produce a ciphertext block of n bits.
▪ There are 2n possible different plaintext blocks and, for the encryption to be reversible (i.e., for decryption to be
possible), each must produce a unique ciphertext block. Such a transformation is called reversible, or nonsingular.
▪ The following examples illustrate nonsingular and singular transformations for n = 2.
▪ So if we limit ourselves to reversible mappings, the number of different
transformations is 2n
a ciphertext of 01 could have
been produced by one of two
plaintext blocks
8/23/2025
Seventh Edition.
81

TABLE:ENCRYPTION AND DECRYPTION TABLES FOR SUBSTITUTION
CIPHER FOR N=4
▪ Feistel refers to this as the ideal block cipher, because it allows for the maximum number of possible
encryption mappings from the plaintext block
8/23/2025
Seventh Edition.
82

THE FEISTEL CIPHER
▪ Feistel proposed that we can approximate the ideal block cipher by utilizing the concept of a product cipher, which is the
execution of two or more simple ciphers in sequence in such a way that the final result or product is cryptographically
stronger than any of the component ciphers.
▪ Develop a block cipher with a key length of k bits and a block length of n bits, allowing a total of 2k possible
transformations, rather than the 2n transformations available with the ideal block cipher.
▪ Feistel proposed the use of a cipher that alternates substitutions and permutations
▪ Substitution: Each plaintext element or group of elements is uniquely replaced by a corresponding
ciphertext element or group of elements.
▪ Permutation: A sequence of plaintext elements is replaced by a permutation of that sequence. That is, no
elements are added or deleted or replaced in the sequence, rather the order in which the elements appear in the
sequence is changed.
8/23/2025
Seventh Edition.
83

▪ Claude Shannon introduced idea of substitution-permutation (S-P) networks in
1949 paper
▪ form basis of modern block ciphers
▪ S-P nets are based on the two primitive cryptographic operations seen before:
1. substitution (S-box)
2. permutation (P-box)
▪ provide confusion & diffusion of message & key
▪ more practically Shannon suggested combining S & P elements to obtain:
▪ diffusion – dissipates statistical structure of plaintext over bulk of ciphertext
▪ confusion – makes relationship between ciphertext and key as complex as
possible
8/23/2025
Seventh Edition.
84

FEISTEL CIPHER STRUCTURE
8/23/2025
Seventh Edition.
85

▪ The inputs to the encryption algorithm are a plaintext block of length 2w bits
and a key K.
▪ The plaintext block is divided into two halves, L0 and R0.
▪ The two halves of the data pass through n rounds of processing and then
combine to produce the ciphertext block.
▪ Each round i has as inputs Li-1 and Ri-1 derived from the previous round, as well
as a subkey Ki derived from the overall K.
▪ In general, the subkeys Ki are different from K and from each other.
▪ All rounds have the same structure.
▪ A substitution is performed on the left half of the data by applying a round
function F to the right half of the data and then taking the exclusive-OR of the
output of that function and the left half of the data.
8/23/2025
Seventh Edition.
86

▪ Following this substitution, a permutation is performed that consists of the
interchange of the two halves of the data.
Feistel Decryption Algorithm
▪ same as the encryption process.The rule is as follows:
▪ Use the ciphertext as input to the algorithm, but use the subkeys Ki in reverse
order.
▪ That is, use Kn in the first round, Kn-1 in the second round, and so on, until K1 is
used in the last round.
8/23/2025
Seventh Edition.
87

▪ Example: Suppose that the blocks at each stage are 32 bits (two 16-bit halves)
and that the key size is 24 bits. Suppose that at the end of encryption round
fourteen, the value of the intermediate block (in hexadecimal) is DE7F03A6.
Then
▪ LE14 = DE7F and RE14 = 03A6. Also assume that the value of K15 is 12DE52.
▪ After round 15, we have LE15 = 03A6 and RE15 = F(03A6, 12DE52) ⊕DE7F.
▪ Now let’s look at the decryption. We assume that LD1 = RE15 and RD1 = LE15, as
shown in Figure and we want to demonstrate that LD2 = RE14 and RD2 = LE14.
▪ So, we start with LD1 = F(03A6, 12DE52) ⊕ DE7F and RD1 = 03A6. Then, from
Figure 3.3, LD2 = 03A6 = RE14 and RD2 = F(03A6, 12DE52) ⊕ [F(03A6,12DE52)
⊕ DE7F] = DE7F = LE14.
8/23/2025
Seventh Edition.
88

Fig: Feistel example
8/23/2025
Seventh Edition.
89

Feistel Cipher Design Elements
▪ Block size: Larger block sizes mean greater security but reduced encryption/decryption
speed for a given algorithm. Traditionally, a block size of 64 bits has been considered a
reasonable tradeoff
▪ Key size: Larger key size means greater security but may decrease encryption/ decryption
speed. Key sizes of 64 bits or less are now widely considered to be inadequate, and 128 bits
has become a common size.
▪ Number of rounds: The essence of the Feistel cipher is that a single round offers inadequate
security but that multiple rounds offer increasing security. A typical size is 16 rounds.
▪ Subkey generation algorithm: Greater complexity in this algorithm should lead to greater
difficulty of cryptanalysis.
▪ Round function F: Again, greater complexity generally means greater resistance to
cryptanalysis.
8/23/2025
Seventh Edition.
90

▪ There are two other considerations in the design of a Feistel cipher:
▪ Fast software encryption/decryption: In many cases, encryption is embedded in
applications or utility functions in such a way as to preclude a hardware
implementation.
▪ Ease of analysis: if the algorithm can be concisely and clearly explained, it is easier
to analyze that algorithm for cryptanalytic vulnerabilities and therefore develop a
higher level of assurance as to its strength.
8/23/2025
Seventh Edition.
91

DATA ENCRYPTION STANDARD(DES)
▪ Is landmark in cryptographic algorithms
▪ adopted in 1977 by NBS (now NIST)
▪ Based on Feistel structure
▪ Symmetric cipher algorithm and use block cipher method for encryption and
decryption
8/23/2025
Seventh Edition.
92

Fig: General depiction of DES Encryption Algorithm
▪ First, the 64-bit plaintext passes through an initial
permutation (IP) that rearranges the bits to produce the
permuted input.
▪ This is followed by a phase consisting of sixteen rounds of
the same function, which involves both permutation and
substitution functions.
▪ The output of the last (sixteenth) round consists of 64 bits
that are a function of the input plaintext and the key.
▪ The left and right halves of the output are swapped to
produce the preoutput.
▪ Finally, the preoutput is passed through a permutation [IP-
1] that is the inverse of the initial permutation function, to
produce the 64-bit ciphertext
DES Encryption
8/23/2025
Seventh Edition.
93

Fig: General depiction of DES Encryption Algorithm
▪ The right-hand portion of Figure shows the way
in which the 56-bit key is used.
▪ Initially, the key is passed through a
permutation function.
▪ Then, for each of the sixteen rounds, a subkey
(Ki) is produced by the combination of a left
circular shift and a permutation.
▪ The permutation function is the same for each
round, but a different subkey is produced
because of the repeated shifts of the key bits.
8/23/2025
Seventh Edition.
94

KEY DISCARDING PROCESS
Example:
8/23/2025
Seventh Edition.
95

Key transformation
▪ initially 64-bit key is transformed into a 56-bit key by discarding every 8th bit of the initial
key.
▪ From this 56-bit key, a different 48-bit Sub Key is generated during each round using a
process called key transformation.
▪ For this, the 56-bit key is divided into two halves, each of 28 bits.
▪ These halves are circularly shifted left by one or two positions, depending on the round.
▪ For example, if the round numbers 1, 2, 9, or 16 the shift is done by only one position for
other rounds, the circular shift is done by two positions.
Fig: number of key bits shifted per round
8/23/2025
Seventh Edition.
96

▪ After an appropriate shift, 48 of the 56 bit are selected
▪ Since the key transformation process involves permutation as well as a selection of a 48-
bit subset of the original 56-bit key it is called Compression Permutation.
8/23/2025
Seventh Edition.
97

1. In the first step, the 64-bit plaintext block is handed
over to an initial Permutation (IP) function.
2. The initial permutation is performed on plain text.
3. Next, the initial permutation (IP) produces two halves
of the permuted block; Left Plain Text (LPT) and Right
Plain Text (RPT).
4. Now each LPT and RPT the go through 16 rounds of
encryption process.
5. In the end, LPT and RPT are rejoined and a Final
Permutation (FP) is performed on the combined block
6. The result of this process produces 64 bit cipher text.
8/23/2025
Seventh Edition.
98

Initial Permutation (IP)
▪ The initial permutation (IP) happens only once
▪ Bit sequence changed as per IP table
ex: 1st bit take 40th position
58th bit take the 1st position
Fig: Initial permutation table
8/23/2025
Seventh Edition.
99

DES Round Structure
▪ uses two 32-bit L & R halves
▪ as for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1 ⊕ F(Ri–1 , Ki )
▪ F takes 32-bit R half and 48-bit subkey:
- expands R to 48-bits using perm E
- adds to subkey using XOR
- passes through 8 S-boxes to get
32-bit result
Expansion(E
)
8/23/2025
Seventh Edition.
100

8/23/2025
Seventh Edition.
101

8/23/2025
Seventh Edition.
102

8/23/2025
Seventh Edition.
103

DES DECRYPTION
▪ With Feistel design, do encryption steps again using subkeys in reverse order (K16 …
K1)
▪ IP undoes final FP step of encryption
▪ 1st round with K16 undoes 16th encrypt round
▪ 16th round with K1 undoes 1st encrypt round
▪ final FP undoes initial encryption IP
▪ thus recovering original data value
8/23/2025
Seventh Edition.
104

DES EXAMPLE
▪ The plaintext,key, and resulting ciphertext are as follows:
Plaintext: 02468aceeca86420
Key: 0f1571c947d9e859
Ciphertext: da02ce3a89ecac3b
8/23/2025
Seventh Edition.
105

AVALANCHE EFFECT
▪ A small change in plain-text or key should create a significant change in the cipher-text.
▪ DES has been proved to be strong with regard to this property
▪ Ex:
plaintext: 0000000000000000
ciphertext:4789FD476E82A5F1 Key: 22234512987ABB23
plaintext: 0000000000000001
ciphertext: 048FD5C15A63F5F2
8/23/2025
Seventh Edition.
106

64-bit intermediate values at
the end of each round
Number of bits that differ between
the two intermediate values
Plaintext:
02468aceeca86420
8/23/2025
Seventh Edition.
107

Original key: 0f1571c947d9e859
Altered key: 1f1571c947d9e859
8/23/2025
Seventh Edition.
108

STRENGTH OF DES
1. Key size
2. Nature of algorithm
Key size
▪ 56-bit keys have 256 = 7.2 x 1016 values
▪ brute force search looks hard
▪ DES finally and definitively proved insecure in July 1998, when the Electronic Frontier Foundation
(EFF) announced that it had broken a DES encryption using a special-purpose “DES cracker”
machine that was built for less than $250,000.
▪ The attack took less than three days.
8/23/2025
Seventh Edition.
109

Nature of algorithm
▪ possibility that cryptanalysis is possible by exploiting the characteristics of the DES
algorithm.
▪ The focus of concern has been on the eight substitution tables or S-boxes, that are used
in each iteration
▪ Because the design criteria for these boxes, and indeed for the entire algorithm, were
not made public, there is a suspicion that the boxes were constructed in such a way that
cryptanalysis is possible for an opponent who knows the weaknesses in the S-boxes.
▪ no one has so far succeeded in discovering the supposed fatal weaknesses in the S-
boxes.
8/23/2025
Seventh Edition.
110

Timing Attacks
▪ a timing attack is one in which information about the key or the plaintext is obtained by
observing how long it takes a given implementation to perform decryptions on various
ciphertexts.
▪ A timing attack exploits the fact that an encryption or decryption algorithm often takes
slightly different amounts of time on different inputs.
▪ DES appears to be fairly resistant to a successful timing attack
8/23/2025
Seventh Edition.
111

BLOCK CIPHER DESIGN PRINCIPLES
▪ Three critical aspects of block cipher design:
1. The number of rounds
− The greater the number of rounds, the more difficult it is to perform cryptanalysis, even
for a relatively weak F
− The number of rounds is chosen so that known cryptanalytic efforts require greater effort
than a simple brute-force key search attack
2. Design of the function F
− The heart of a Feistel block cipher is the function F, which provides the element of
confusion in a Feistel cipher. Thus, it must be difficult to “unscramble” the substitution
performed by F.
− One obvious criterion is that F be nonlinear. the more difficult it is to approximate F by a
set of linear equations, the more nonlinear F is.
3. Key scheduling
− select subkeys to maximize the difficulty of deducing individual subkeys and the
difficulty of working back to the main key.
8/23/2025
Seventh Edition.
112

Cryptography and Network Security-Module-I.pdf

More Related Content

Recently uploaded (20)

Featured (20)

Cryptography and Network Security-Module-I.pdf