Data Encryption Standard (DES)

Stream ciphers, if the plaintext is processed one bit at a time. In other words, the algorithm selects
one bit of plaintext, performs a series of operations on it, and then outputs one bit of ciphertext.
• Stream ciphers could be regarded as block ciphers with a block size of one.
• Some symmetric encryption algorithms that are generally referred to as stream ciphers
actually process data in bytes, and hence could be regarded as block ciphers with a block
size of eight.

Block ciphers, if the plaintext is processed in blocks (groups) of bits at a time. In other words,
the algorithm selects a block of plaintext bits, performs a series of operations on them, and then
outputs a block of ciphertext bits. The number of bits that are processed each time is normally a
fixed number that is referred to as the block size of the block cipher. For example, the symmetric
encryption algorithms DES and AES have block sizes of 64 and 128, respectively.
• Block ciphers are often used in modes of operation that effectively convert them into
stream ciphers. The block cipher is used to generate a keystream, which is then used to
encrypt the data using a simple stream cipher.
DES is based on what is known as a Feistel Cipher. Rather than being a specific cipher, a Feistel
Cipher is a design blueprint from which many different block ciphers could be derived. DES is
just one example of a Feistel Cipher, but by far the most famous one.

ENCRYPTION USING A FEISTEL CIPHER

1. Split the 64 bits of plaintext into the left 32 bits L0 and the right 32 bits R0.
2. Apply a carefully designed mathematical function f that takes as input the key K and R0,
and computes the output f (𝑅0 , K).
3. XOR the output of the mathematical function with L0, to compute a new 32-bit sequence
X = 𝐿0 ⊕ f (𝑅0 , K).
4. Let the new ‘right 32 bits’ R1 be X.
5. Let the new ‘left 32 bits’ L1 be the previous ‘right 32 bits’ 𝑅0 .
6. Repeat the process from step 2 to step 5, except using 𝑅1 instead of 𝑅0 , and 𝐿1 instead of
𝐿0 . This sequence of steps (step 2 to step 5) is known as a round of the block cipher. The
function f used is often referred to as the round function.
7. Repeat step 6 for as many rounds as specified by the algorithm design. Once the last round
(round number m) is completed then the last ‘left 32 bits’ 𝐿𝑚 are joined with the last ‘right
32 bits’ Rm to form the 64 bits of the ciphertext, which is formed by concatenating Rm and
𝐿𝑚 (in that order).
The difficult part of designing a Feistel Cipher is the choice of the round function f. This function
needs to have several important properties. Normally, it’s a combination of substitution and
permutation.

DECRYPTION USING A FEISTEL CIPHER

The cleverness of the Feistel Cipher design concept only becomes clear when we consider
decryption. It turns out that decryption is almost the same as encryption and that this holds
regardless of the choice of the round function f. Instead of starting with 64 bits of plaintext, we
input 64 bits of ciphertext into the start of the Feistel Cipher algorithm and then process it in exactly
the same way as described in encryption process. The end result will be the correct 64 bits of
plaintext.

The reason that we say almost the same is that in real instances of the Feistel Cipher, such as DES,
instead of using the whole encryption key during each round, a round-dependent key (often
referred to as a subkey) is derived from the encryption key. This means that each round uses a
different key, although all these subkeys are related to the original key. In the case of decryption,
the only difference is that these subkeys must be used in the reverse order to encryption. Note that
the final swapping of 𝐿𝑚 and 𝑅𝑚 in step 7 of the Feistel Cipher is crucial. If we did not swap
these around at the end of step 7 then the resulting ciphertext could not be decrypted using the
same algorithm.

Feistel Network depend on some parameters which are also known as Block Cipher Design
principle:

• Block Size
• Key Size
• Number of Rounds
• Subkey generation algorithm
• Round function f

DES: DES is an example of a Feistel Cipher. It has a 64-bit block size, a 64-bit key length and
uses 16 rounds. Note that DES has an effective key length of 56 bits, since 8 of the 64 bits of the
key are not used by the encryption algorithm (they are check bits).

• In DES plaintext first go through an initial permutation. Then all the 6 steps of Feistel
cipher is followed, and finally after last round it’s again go through a permutation which is
the inverse of initial permutation.
• Round function of DES is a combination of substitution and permutation
• AS for Key scheduler or generation of sub key, the 56 bit key first go through a permutation
function. Then, for each of the sixteen rounds, a subkey is produced by the combination of
a left circular shift and a permutation. The permutation function is the same for each round,
but a different subkey is produced because of the repeated shifts of the key bits.
Triple DES: It is a modified use of DES. There are two variants of Triple DES known as 3-key
Triple DES (3TDES) and 2-key Triple DES (2TDES).

Before using 3TDES we first generate and distribute a 3TDES key K, which consists of three
different DES keys K1, K2 and K3. This means that the actual 3TDES key has length 3 × 56 = 168
bits.
To encrypt a 64-bit plaintext using 3TDES:

1. first encrypt the plaintext using single DES with key K1;
2. now decrypt the result of step 1 using single DES with key K2;
3. finally, encrypt the result of step 2 using single DES with key K3; the result of this
encryption is the ciphertext.

Decryption of a 3TDES ciphertext consists of the reverse process. In other words, we first
decrypt using K3, then encrypt with K2, and finally decrypt with K1.

2-KEY TRIPLE DES

The variant of Triple DES known as 2TDES is identical to 3TDES except that K3 is replaced by
K1. In other words, we encrypt with K1, then decrypt with K2, and then encrypt with K1 again.
Hence 2TDES has a key length of 112 bits. Note that although both the first and third steps
involve encrypting with K1, the results in each case are different since the ‘plaintexts’ on which
the encryption operation is conducted are different.
 Advanced Encryption Standard (AES)

Development of AES: In 1998, NIST issued a call for proposals for a new block cipher
standard to be referred to as the AES. The three main requirements for candidate algorithms
proposed by NIST were:

1. the block size should be 128 bits;

2. the block cipher should be designed to offer variable key lengths of 128, 192 and 256 bits,
in order to allow for future developments in exhaustive key search efforts; these key
lengths are all currently well beyond the capabilities of state-of-the-art exhaustive key
search techniques;
3. the block cipher had to operate at a faster speed than Triple DES across a range of different
computing platforms.

In contrast to the development of DES, it was specified that the selection process would be by an
open public ‘competition’ and that the chosen algorithm and design details must be made freely
available. There are probably two reasons why such a decision was made:

Confidence: to allay the suspicions that hung over the development process for DES and thus to
maximise public confidence in, and international adoption of, the resulting encryption standard;

Expertise: to benefit from the dramatic increase in public expertise in cryptology that had taken
place between the 1970s and the 1990s by:
• encouraging the best cryptographic designers to take part;
• obtaining the widest scrutiny of the candidate algorithms.

The result of this call was 15 candidate proposals, which were quickly reduced to 11. In 1999, after
a public consultation process, this was reduced to five candidates. Finally in 2000, the winning
algorithm Rijndael was selected. Rijndael was designed by two Belgian cryptographers, Joan
Daemen and Vincent Rijmen, who at that time were working for a Belgian card payment
organisation and a Belgian university, respectively.

Design of AES: Unlike DES, AES is not designed to an explicit blueprint such as the Feistel
Cipher. However, it is based on a design principle often referred to as a substitution–permutation
network. This simply means that the design is based on a series of linked operations, some of which
involve replacing inputs by specific outputs (substitutions) and others involve shuffling bits around
(permutations).

It is worth noting that AES performs all its computations on bytes rather than bits. Hence AES
first interprets the 128 bits of a plaintext block as 16 bytes. AES then computes a number of rounds.
Similarly, to DES, each of these rounds uses a different 128-bit round key, which is calculated
from the original AES key. Unlike DES, the number of rounds is variable, depending on the length
of the AES key. AES employs 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14
rounds for 256-bit keys. One round of AES is depicted in Figure. Each round takes 16 bytes of
input and produces 16 bytes of output by applying the following four processes:

Substitute Bytes: In Substitute Bytes Transformation or SubBytes Transformation the 16 input

bytes are substituted by looking up a fixed table (S-box). The 16 new bytes that result is arranged
in a square consisting of four rows and four columns.
Here is an example of the SubBytes transformation:

Shift rows: Each of the four rows of the square resulting from the byte substitution process is go
through a left circular shift. More precisely, the first row is left alone, the second row is shifted
one (byte) position to the left, the third row is shifted two positions to the left and the fourth row
is shifted three positions to the left. The result is a new square consisting of the same 16 bytes,
with the property that all the entries that used to be in one column have been moved so that they
now lie in different columns.

Mix columns: Each column of four bytes is now transformed using a special mathematical
function, the details of which form part of the algorithm. This function takes as input the four bytes
of one column and outputs four completely new bytes, which replace the original column. The
result is another new square consisting of 16 new bytes.
Add round key: The 16 bytes of the square resulting from the mix-columns process are now
considered as 128 bits and are XORed to the 128 bits of the round key. If this is the last round then
the output is the ciphertext. Otherwise, the resulting 128 bits are interpreted as 16 bytes and we
begin another round, commencing with a new byte substitution process.

The first matrix is State, and the second matrix is the round key.

The most important issue to note is that the whole AES encryption process is based on a series of
table lookups and XOR operations, which are very fast operations to perform on a computer.

AES DECRYPTION

Decryption of an AES ciphertext simply consists of conducting the encryption process in the
reverse order. In particular:
• each round consists of the four processes conducted in the order: add round key, mix
columns, shift rows, byte substitution;
• each process ‘reverses’ the corresponding encryption process: for example, add round key
involves XORing the ciphertext with the appropriate round key, while mix columns
involves applying the inverse of the function used during encryption;
• the round keys are applied in the opposite order to encryption;

Hence, unlike for a Feistel Cipher, the encryption and decryption algorithms do have to be
separately implemented, although they are very closely related.