Unit-4

Multiple Encryption and Triple DES: Multiple encryption and triple DES, Electronic
Code Book, Cipher Block Chaining Mode, Cipher Feedback mode, Output Feedback
mode, Counter mode.

Multiple encryption and triple DES

✅ Multiple Encryption and Triple DES (3DES)

🔐 1. Multiple Encryption – Overview

Multiple Encryption means applying an encryption algorithm more than once using one or
more keys to increase security. The idea is that if a single encryption can be broken, applying
it multiple times should increase the difficulty of an attack.

However, naive multiple encryption (e.g., applying the same cipher twice with the same
key) does not always double the security, especially for symmetric ciphers like DES,
because of meet-in-the-middle attacks.

🔁 2. Triple DES (3DES) – A Form of Multiple Encryption

Triple DES (3DES) was developed to overcome the weaknesses of the original DES (Data
Encryption Standard), which has a short 56-bit key and is vulnerable to brute-force attacks.

📌 How Triple DES Works

It applies the DES algorithm three times to each data block. There are three keying options:

🔸 Keying Options in Triple DES

Effective Key
Mode Description Number of Keys
Length
Keying Encrypt with K1, Decrypt 3 independent keys (K1
168 bits
Option 1 with K2, Encrypt with K3 ≠ K2 ≠ K3)
Keying
K1 = K3, K2 is different 2 keys 112 bits
Option 2
Keying All keys are the same (K1 = K2 = 56 bits (equivalent
1 key
Option 3 K3) to DES)

🧮 3DES Operation: EDE Mode

Most commonly used form:

EDE Mode:
C = E(K1, D(K2, E(K1, P)))
(Encrypt with K1 → Decrypt with K2 → Encrypt with K3)

Here:

• P = Plaintext
• C = Ciphertext
• E() = DES Encryption
• D() = DES Decryption

✅ Decryption is just the reverse:

P = D(K1, E(K2, D(K1, C)))

🔒 Why Not Just Double Encryption (2DES)?

Because of the Meet-in-the-Middle attack, 2DES does not provide double the security. The
attack can reduce the time complexity from 2¹¹² to approximately 2⁵⁷.

Hence, 3DES was introduced to significantly raise the security level.

📉 Limitations of 3DES

• Slow performance (compared to AES)

• Small block size (64 bits) — vulnerable to block collisions in large data sets
• Deprecation: NIST has disallowed 3DES for new applications; AES is now the
standard.

✅ Summary

Feature DES 2DES 3DES

Key Size 56 bits 112 bits (2 keys) 112 or 168 bits
Weak (brute-force Not secure (meet-in-the- Secure (for legacy
Security
possible) middle) use)
Current
Obsolete Insecure Legacy systems only
Use

3DES EDE Mode – Diagram

+----------------+
Plaintext --> | DES Encrypt | --+
| with K1 | |
+----------------+ |
 v
+----------------+ Intermediate Cipher
| DES Decrypt | <--
| with K2 |
+----------------+
|
v
+----------------+
| DES Encrypt |
| with K3 |
+----------------+
|
v
Ciphertext

Decryption Process (Reverse Order)

+----------------+
Ciphertext -->| DES Decrypt | --+
| with K3 | |
+----------------+ |
v
+----------------+ Intermediate Cipher
| DES Encrypt | <--
| with K2 |
+----------------+
|
v
+----------------+
| DES Decrypt |
| with K1 |
+----------------+
|
v
Plaintext

Electronic Code Book

🔐 Electronic Code Book (ECB) Mode – Explained

Electronic Code Book (ECB) is the simplest mode of operation for a block cipher
like DES or AES.

📘 How ECB Works

 • The plaintext is divided into blocks (e.g., 64-bit for DES, 128-bit for AES).
• Each block is encrypted independently using the same key.

🧱 ECB Encryption Diagram

Plaintext Block 1 ──► [Encrypt with Key] ──► Ciphertext Block 1

Plaintext Block 2 ──► [Encrypt with Key] ──► Ciphertext Block 2
Plaintext Block 3 ──► [Encrypt with Key] ──► Ciphertext Block 3
...

Each block:

Cᵢ = E(K, Pᵢ)

Where:

• Pᵢ = Plaintext block i
• Cᵢ = Ciphertext block i
• E() = Encryption function
• K = Encryption key

📉 Weaknesses of ECB

Issue Explanation
🔁 Pattern Identical plaintext blocks produce identical ciphertext blocks, which
Leaks reveals patterns.
Changes in one block don’t affect others — makes the system vulnerable
🧱 No Diffusion
to block analysis.
🧠 Predictable Not secure for large or structured data (like images, documents, etc.).

🖼 Example – ECB Pattern Leak (Image)

Encrypting an image using ECB preserves visible patterns, as the same pixel blocks encrypt
the same way.

✅ When to Use (and Not Use) ECB

Use Not Use

Testing small amounts of random data Large files, images, or structured data
Encrypting independent short values Any sensitive or patterned content
✅ Advantages of ECB

• Simple to implement
• Fast (can encrypt blocks in parallel)

❌ Disadvantages

• Not semantically secure

• Pattern leakage
• Vulnerable to replay attacks

🔐 Alternative Modes (Better Options)

• CBC (Cipher Block Chaining) – Adds chaining with an IV

• CFB (Cipher Feedback Mode)
• OFB (Output Feedback Mode)
• CTR (Counter Mode) – Fast and parallelizable

Cipher Block Chaining Mode

🔐 Cipher Block Chaining (CBC) Mode – Explained

Cipher Block Chaining (CBC) is a widely used mode of operation for block ciphers
(like DES or AES) that improves on the weaknesses of ECB.

📘 How CBC Works

• Each plaintext block is XORed with the previous ciphertext block before
encryption.
• The first block is XORed with a randomly chosen Initialization Vector (IV).

📊 CBC Encryption Diagram

IV
│
▼
Plaintext Block 1 ─⊕─► [Encrypt with Key] ──► Ciphertext Block 1
▲
│
Plaintext Block 2 ─⊕─◄────┘
│
▼
...

Mathematically:

C₁ = E(K, P₁ ⊕ IV)
C₂ = E(K, P₂ ⊕ C₁)
C₃ = E(K, P₃ ⊕ C₂)
...

Where:

• Pᵢ = Plaintext block i
• Cᵢ = Ciphertext block i
• ⊕ = XOR operation
• E() = Encryption function
• K = Key
• IV = Initialization Vector (random)

🔁 CBC Decryption Process

C₁ ──► [Decrypt with Key] ─⊕─► P₁ (uses IV)

▲
│
C₂ ──► [Decrypt with Key] ─⊕─► P₂ (uses C₁)
...

Mathematically:

P₁ = D(K, C₁) ⊕ IV
P₂ = D(K, C₂) ⊕ C₁
P₃ = D(K, C₃) ⊕ C₂
...

✅ Advantages of CBC

Feature Benefit
🔒 Pattern hiding Even if plaintext blocks repeat, ciphertext blocks do not repeat
🔁 Chaining Each block depends on all previous blocks (better diffusion)
🔐 IV Ensures unique ciphertext for identical plaintexts

❌ Limitations of CBC
 Issue Explanation
❌ Not parallelizable for encryption Each ciphertext block depends on the previous one
One bit error in a ciphertext block affects two
🛠 Error propagation
plaintext blocks during decryption
⚠ IV must be random and secret (or
Reusing IV can break the security
authenticated)

🔍 CBC vs ECB

Feature ECB CBC

Pattern hiding ❌ No ✅ Yes
Parallel encryption ✅ Yes ❌ No
Error propagation ❌ No ⚠ Yes (two blocks affected)
IV required ❌ No ✅ Yes

🧪 When to Use CBC

CBC is suitable when:

• You want strong block-level encryption

• You're okay with sequential processing
• You can securely handle and randomize the IV

Cipher Feedback mode

🔄 Cipher Feedback (CFB) Mode – Explained

Cipher Feedback (CFB) mode is a block cipher mode of operation that converts a block
cipher into a self-synchronizing stream cipher. It allows encryption of smaller data units
(e.g., bytes or bits) while preserving the security of a block cipher like DES or AES.

⚙ Key Features of CFB:

Feature Description
🔐 Stream cipher-like Encrypts data in segments (e.g., 8-bit, 128-bit)
🔄 Chaining dependency Each ciphertext block depends on previous ciphertext
 Feature Description
🔁 Self-synchronizing Resynchronizes automatically after bit loss
📥 No padding needed Unlike ECB or CBC, works on variable-length inputs

📊 CFB Encryption Diagram (Block-wise)

+--------------------+
IV ─────► | Encrypt with Key K | ───► Temp Output
+--------------------+
│
▼
P₁ ─⊕─ Temp Output ───► C₁
│
▼
+--------------------+
C₁ ─────► | Encrypt with Key K | ───► Temp Output
+--------------------+
│
▼
P₂ ─⊕─ Temp Output ───► C₂
.
.

Mathematically:

C₁ = P₁ ⊕ E(K, IV)
C₂ = P₂ ⊕ E(K, C₁)
C₃ = P₃ ⊕ E(K, C₂)
...

🔁 CFB Decryption Process

+--------------------+
IV ─────► | Encrypt with Key K | ───► Temp Output
│
▼
P₁ = C₁ ⊕ Temp Output
│
▼
+--------------------+
C₁ ─────► | Encrypt with Key K | ───► Temp Output
│
▼
P₂ = C₂ ⊕ Temp Output

✅ Advantages of CFB Mode

Advantage Description
🔐 Encrypts partial blocks Supports byte-wise or bit-wise encryption
 Advantage Description
🔁 Self-synchronizing Resynchronizes after lost or corrupted bits
❌ No padding needed Can handle arbitrary-length plaintext
🛡 Chaining ensures Identical plaintext gives different ciphertexts (if IV
randomness changes)

❌ Disadvantages of CFB Mode

Limitation Description
🚫 Not parallelizable Cannot encrypt/decrypt in parallel
🔄 Error propagation A single-bit error in ciphertext corrupts two blocks of plaintext
⚠ IV must be unique Reusing IV breaks security guarantees

🔍 CFB vs Other Modes

Feature ECB CBC CFB OFB CTR

Parallel Encryption ✅ ❌ ❌ ❌ ✅
Padding Needed ✅ ✅ ❌ ❌ ❌
Pattern Leakage ❌ ✅ ✅ ✅ ✅
Bit-level Support ❌ ❌ ✅ ✅ ✅
Error Propagation ❌ 2 blocks 2 blocks Continuous 1 block

🧠 Use Cases of CFB Mode

• Secure terminal communication

• Encrypted streaming (audio/video)
• Byte-by-byte encryption scenarios (e.g., real-time systems)

Output Feedback mode

ChatGPT said:

🔁 Output Feedback (OFB) Mode – Explained

Output Feedback (OFB) mode is a block cipher mode that turns a block cipher
like AES or DES into a synchronous stream cipher. Unlike ECB or CBC, OFB encrypts
data as a stream, making it ideal for applications that require real-time processing.
⚙ Key Features of OFB

Feature Description
🔄 Synchronous stream cipher Encrypts data bit-by-bit or byte-by-byte
🔁 No error propagation Errors in ciphertext affect only the same bit/byte
📦 No padding needed Handles any data size — partial blocks allowed
📶 Uses a feedback loop Encryption output is fed back as the next input
🔐 Requires IV Initialization Vector must be unique and secure

📊 OFB Encryption Diagram

mathematica
CopyEdit
IV
│
▼
+--------------------+
| Encrypt with Key K | ──► Output₁
+--------------------+ │
▼
P₁ ─⊕─► C₁

Output₁ ─► Encrypt again ──► Output₂

│
▼
P₂ ─⊕─► C₂
...

Mathematically:

mathematica
CopyEdit
O₁ = E(K, IV)
C₁ = P₁ ⊕ O₁

O₂ = E(K, O₁)
C₂ = P₂ ⊕ O₂

O₃ = E(K, O₂)
C₃ = P₃ ⊕ O₃
...

🔁 OFB Decryption Process

OFB decryption uses the same keystream as encryption:

mathematica
CopyEdit
O₁ = E(K, IV)
P₁ = C₁ ⊕ O₁

O₂ = E(K, O₁)
P₂ = C₂ ⊕ O₂
...

✅ Same encryption process is used for both encryption and decryption — only XOR
changes!

✅ Advantages of OFB

Advantage Explanation
🧩 No padding required Works with any data length
Bit errors in ciphertext only affect corresponding bits in
🛠 Error containment
plaintext
🔐 Good for noisy channels Ideal for satellite or radio links
🔁 Pre-computable
Can generate keystream ahead of time
keystream

❌ Disadvantages of OFB

Limitation Description
⚠ IV must be unique Reusing IV with same key reveals data
🚫 Not parallelizable Keystream must be generated in sequence
🧮 No integrity check Like all symmetric modes, it doesn't detect tampering
🔁 Sensitive to bit flips Bit flips in the keystream permanently affect decryption output

🔍 OFB vs Other Modes

Mode Stream-like Padding Error Propagation Parallelizable IV Needed

ECB ❌ ✅ ❌ ✅ ❌
CBC ❌ ✅ Two blocks ❌ ✅
CFB ✅ ❌ Two blocks ❌ ✅
OFB ✅ ❌ Only affected bit ❌ ✅
CTR ✅ ❌ One block ✅ ✅ (nonce)

🧠 Use Cases of OFB Mode

 • Secure voice/video streaming
• Real-time communication over unreliable networks
• Encrypted telemetry in IoT

Counter mode

🔢 Counter (CTR) Mode – Explained

Counter (CTR) Mode is a block cipher mode that turns a block cipher (like AES or DES)
into a highly efficient stream cipher by using a counter value that changes for every block.

⚙ Key Characteristics of CTR Mode

Feature Description
⚡ High performance Encryption and decryption are fully parallelizable
🔐 No pattern leakage Different counter values for each block eliminate repetition
📦 No padding needed Handles any length of plaintext
⏱ Preprocessing allowed Keystream can be precomputed in advance

📊 CTR Encryption Diagram

vbnet
CopyEdit
Nonce || Counter₁ ──► [Encrypt with Key] ──► Keystream₁ ─⊕─► Plaintext₁ =
Ciphertext₁
Nonce || Counter₂ ──► [Encrypt with Key] ──► Keystream₂ ─⊕─► Plaintext₂ =
Ciphertext₂
...

Mathematically:

mathematica
CopyEdit
Cᵢ = Pᵢ ⊕ E(K, Nonce || Counterᵢ)

Where:

• Cᵢ = Ciphertext block i
• Pᵢ = Plaintext block i
• K = Encryption key
• Nonce = Unique value (constant across message)
• Counterᵢ = Changing counter value per block
 • E() = Block cipher encryption function
• ⊕ = XOR operation

🔁 CTR Decryption

CTR uses the same encryption operation for decryption. You regenerate the keystream and
XOR with the ciphertext.

mathematica
CopyEdit
Pᵢ = Cᵢ ⊕ E(K, Nonce || Counterᵢ)

✔ Same as encryption — only inputs change.

✅ Advantages of CTR Mode

Feature Benefit
⚡ Fast and parallelizable Perfect for multicore or hardware implementations
🔁 Symmetric operation Same code for encryption and decryption
📦 No padding needed Works with variable-length data
⏱ Pre-computable keystream Can pre-generate and store the keystream
🔐 No error propagation Bit errors only affect corresponding bits

❌ Disadvantages of CTR Mode

Limitation Description
⚠ Counter must be unique Reusing the same counter/nonce breaks security (just like
per key IV in CBC/OFB)
🚫 No built-in integrity Needs separate authentication (like HMAC or AES-GCM)
🛠 Manual counter
You must ensure counters don’t repeat across blocks
management

🔍 CTR vs Other Modes

Mode Padding Needed Parallel Encryption Error Propagation IV/Nonce Needed

ECB ✅ ✅ ❌ ❌
CBC ✅ ❌ 2 blocks ✅
CFB ❌ ❌ 2 blocks ✅
Mode Padding Needed Parallel Encryption Error Propagation IV/Nonce Needed
OFB ❌ ❌ 1 block (bitwise) ✅
CTR ❌ ✅ 1 block only ✅ (Nonce)

📦 Use Cases of CTR Mode

• High-speed network encryption

• Disk encryption (like BitLocker)
• Secure video streaming
• Parallel processing environments (multicore CPUs, GPUs)