Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
18 views17 pages

Module 5

The document explains the workings of block ciphers, specifically the DES algorithm, detailing the processes of key generation, encryption, and decryption. It highlights the importance of confusion and diffusion for security, the use of Cipher Block Chaining (CBC) to prevent identical plaintext blocks from producing identical ciphertexts, and the rationale behind the 3-DES encryption method. Additionally, it contrasts block ciphers with stream ciphers, which encrypt data bit by bit.

Uploaded by

dikerdiganto
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
18 views17 pages

Module 5

The document explains the workings of block ciphers, specifically the DES algorithm, detailing the processes of key generation, encryption, and decryption. It highlights the importance of confusion and diffusion for security, the use of Cipher Block Chaining (CBC) to prevent identical plaintext blocks from producing identical ciphertexts, and the rationale behind the 3-DES encryption method. Additionally, it contrasts block ciphers with stream ciphers, which encrypt data bit by bit.

Uploaded by

dikerdiganto
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Block Ciphers:

Permutation:
Alternate way :
Suppose p1= 2341

Bit position 1 2 3 4
P1 2 3 4 1
(p1)-1 4 1 2 3

When p1[1]=2
then p1-1[2]=1
When p1[2]=3
then p1-1[3]=2
When p1[3]=4
then p1-1[4]=3
When p1[4]=1
then p1-1[1]=4

Formula: When p1[i]=x , then p1-1[x]=i, 1-based indexed array.


So the DES standard is that message is divided into 64 bit blocks, and since every
block has 64 bits, so every bit has a position number from 1 to 64, We will look for
the bit position X in the table, and add the row and column number and we will get
the new position for bit X.
Suppose the value at position 32= x;
32 is in row 25 and column 4, so the new position = 25+4=29, so x will be placed
on position 29.

P1-1 is also calculated similar way.


16 48-bit key generation :

The 56-bit secret key is possessed by both the sender and receiver. They both have
the same secret key
They use this key to derive the 16 48-bit secret key ,which is required for DES.

 First the 56-bit secret key goes through P1(permutation function)


 After the permutation, the 56-bit key is divided into 2 blocks(C0,D0), each
block consist of 28 bits.
 On C0, 1-bit rotate left is done, the first bit will go at the end of C0, and every
other bit will move 1 bit left from their original position.
 On D0, 1-bit rotate left is done, the first bit will go at the end of D0, and every
other bit will move 1 bit left from their original position
 After the rotation C0->C1 and D0->D1
 After achieving C1 and D1, Permutation PC1 is applied on C and permutation
PC2 is applied on D1.
 After permutation, 4 bits are discarded from C1 and 4 bits are discarded from
D1 to get 48 bit secret key k1.
 After permutation from C1 delete the bits from these position: 9,18,22,25
 After permutation from D1 delete the bits from these positions: 35,38,48,54
For k-th round , where k=2,3,4,5,6,……..16
 We take Ck-1 and Dk-1
 Ck-1 and Dk-1 , 1 or 2 bit left shift is done
o If k=2,9,16 then 1 bit shift
o Otherwise 2 bit shift
 After the left bit shift we get Ck and Dk
 Then permutation is done on both Ck and Dk
 Then 4 bits are discarded from Ck and Dk ,then joined together, and we get
the k-th key
Single DES round

 64-bit input message is divided into 2 blocks of 32 bit L n and Rn, where
n=1,2,3….16
 The Rn becomes Ln+1
 Rn goes through Mangler Function , where the n-th secret key is applied on
the Rn , then bit-wise XOR operation is done on R n and Ln . We get Rn+1
 After that we combine Ln+1 and Rn+1 , we the 64 bit input for n+1-th round
We are doing XOR , so while encryption C= A XOR B , for decryption we can write B=
A XOR C
Inside the mangler function, 32-bit Rn is expanded to 48-bit then it is XOR with n-th
round secret key , we get output A

DES achieves security by “confusion” and “diffusion”.

On the average, 256/2 keys need to be searched so that is about


72,000,000,000,000,000 (72 quadrillion keys). On a PC, it would take 4 microsecs to
run the DES algorithm it would take 4,500 years to break DES.
It is the key size that matters. Minimum key size must be 128 bits, Currents
standards use 128,256,512,1024 etc size keys

Now , in DES the plaintext is 64bit long, what if out plaintext is much larger,
Our plaintext will be divived into equal size blocks ,then encrypt it.
Suppose the plaintext was divided into M n blocks, where n=1,2,3,4,….. so Mi
(DES) Ci , but if Mi=Mj then Ci=Cj , hackers can use this information to calculate
the key by reverse engineering
TO avoid this problem where Mi=Mj leads to Ci=Cj , we can use Cipher Block
Chaining(CBC) method. It makes sure that even if M i=Mj , Ci!=Cj

So the sender will pick a random binary number IV, M 1 XOR IV  E, then E is
encrypted using k, we get C1 , then C1 is passed as IV for M2
Similarly, the receiver will use k to decrypt C1 and do bit-wise XOR with IV to get M 1

Only drawback of CBC is that it is sequential , while ECB was parallel.


In 3-DES , you can notice that first time it is encrypted(E) , the second time it is
decrypted(D) and 3rd time it is encrypted(E) again,
Now the question arises why not EEE that is encrypted in all round
In DES , we do initial permutation(IP) and final permutation(IP -1) which are inverse of
each other, it means that they cancel each other out.
Now if we do EEE , the permutation happens like this
IP…IP-1  IP…IP-1  IP…IP-1
The 1st round IP-1 gets canceled out by 2nd round IP, and the IP-1 gets canceled out
by 3rd round IP , that leaves us with only 1 round of IP…IP -1 , We add the permutation
only to increase the time it takes to crack the DES using brute force attack. So if we
did EEE , the hacker will only need to go through 1 round of IP…IP -1
SO when we do EDE, the permutation happens like this
IP…IP-1  IP-1…IP  IP…IP-1
Which will take the hacker longer time to crack.

Another reason why it is EDE instead of EEE :


The reason is interoperability. A 3-DES machine can communicate with 1-DES
machine without changing the hardware or any protocol, if we set K 1= K2= K3

Now the question is the when we do EDE , doesn’t the decryption in the 2nd
round generates the original message? The answer is no, because we are using a
different key in the 2nd round to decrypt the ciphertext, which will not generate out
original message.
Stream Ciphers:

In block ciphers, we divided the plaintext into blocks and then encrypt the blocks ,
but in stream cipher we encrypt the plaintext bit by bit
We will draw a line from the i-th tap position and draw n(number of tap bits)-1 xor
gates, because xor gate needs 2 input and the last tap position only has 1 input, so
there is 1 less number of xor gate compared to number of tap bits

You might also like