UNIT -2

SYMMETRIC KEY CRYPTOGRAPHY

MATHEMATICS OF SYMMETRIC KEY CRYPTOGRAPHY: Algebraic structures -
Modular arithmetic-Euclid‟s algorithm- Congruence and matrices - Groups, Rings,
Fields- Finite fields- SYMMETRIC KEY CIPHERS: SDES – Block cipher Principles of
DES – Strength of DES – Differential and linear cryptanalysis - Block cipher design
principles – Block cipher mode of operation – Evaluation criteria for AES – Advanced
Encryption Standard - RC4 – Key distribution

ALGEBRAIC STRUCTURES

MODULAR ARITHMETIC:
Several important cryptosystems make use of modular arithmetic. This is when the
answer to a calculation is always in the range 0 – m where m is the modulus. To calculate the
value of n mod m, you take away as many multiples of m as possible until you are left with an
answer between 0 and m.
If n is a negative number then you add as many multiples of m as necessary to get an
answer in the range 0 – m.
Examples
17 mod 5 = 2 7 mod 11 = 7
20 mod 3 = 2 11 mod 11 = 0
-3 mod 11 = 8 -1 mod 11 = 10
25 mod 5 = 0 -11 mod 11 = 0
Two numbers a and b are said to be “congruent modulo n” if
(a mod n) = (b mod n)  a ≡ b(mod n)
The difference between a and b will be a multiple of n
So a-b = kn for some value of k
E.g: 4 9  1419  -1  -6 mod 5
73  4(mod 23); 21  -9(mod 10)
If a  0 (mod n), then n|a.

CONGRUENCE AND MATRICES

As a congruence relation, mod expresses that two arguments have the same remainder with
respect to a given modulus. For example, expresses the fact that both 7 and 4 have a remainder of
1 when divided by 3.
The following two expressions are equivalent:
Another way of expressing it is to say that the expression is the same as saying that is an integral
multiple of .Again, all the arguments may be integers, integer variables, or integer variable
expressions. For example, all of the following are valid,with the obvious meanings:
(x2 + y + 1) K (a + 1) (mod [m + n]) x K y (mod m) 7 K 4 (mod 3)
ma - b
Cryptography & Network Security Page 1
a K b (mod m) a K b (mod m) 3 a mod m = b mod m

Properties of Congruences and Matrices:

1. a  b (mod n) if n|(a-b)
2. a  b (mod n) implies b  a (mod n)
3. a  b (mod n) and b  c (mod n) imply a  c (mod n)
Proof of 1.
If n|(a-b), then (a-b) = kn for some k. Thus, we can write a = b + kn.
Therefore,(a mod n) = (remainder when b + kn is divided by n) = (remainder when b is divided
by n) = (b mod n).
Examples:
23  8 (mod 5) because 23 -8 =15 = 5x3
-11  5 (mod 8) because -11-5 =-16 = 8x(-2)
81  0 (mod 27) because 81-0=81 = 27x3

Properties of Modular Arithmetic:

1. [(a mod n) + (b mod n)] mod n = (a + b) mod n

2. [(a mod n) - (b mod n)] mod n = (a - b) mod n
3. [(a mod n) x (b mod n)] mod n = (a x b) mod n
Examples:
11 mod 8 = 3; 15 mod 8 = 7
[(11 mod 8 ) + (15 mod 8)] mod 8 = 10 mod 8 = 2
(11 + 15) mod 8 = 26 mod 8 = 2
[(11 mod 8 ) - (15 mod 8)] mod 8 = -4 mod 8 = 4
(11 - 15) mod 8 = -4 mod 8 = 4
[(11 mod 8 ) x (15 mod 8)] mod 8= 21 mod 8 = 5
(11 x 15) mod 8 = 165 mod 8 = 5
Exponentiation:
Exponentiation is done by repeated multiplication, as in ordinary arithmetic.
To find (117 mod13) do the followings
112 121  4(mod13)
4
11&(11
Cryptography )  4 Security
2 2
Network  3(mod13)
2
Page 2
11 11 4  3  132  2(mod13)
7
Modular Division:
What is 5 ÷ 3 mod 11?
We need to multiply 5 by the inverse of 3 mod 11
When you multiply a number by its inverse, the answer is 1.
Thus the inverse of 2 is ½ since 2* ½ = 1
The inverse of 3 mod 11 is 4 since 3*4=1 mod 11
Thus 5 ÷ 3 mod 11 = 5*4 mod 11 = 9 mod 11

EUCLIDEAN ALGORITHM:
• an efficient way to find the GCD(a,b)
• uses theorem that:
– GCD(a,b) = GCD(b, a mod b)
• Euclidean Algorithm to compute GCD(a,b) is:
Euclid(a,b)
if (b=0) then return a;
else return Euclid(b, a mod b);

Greatest Common Divisor (GCD):

 a common problem in number theory
 GCD (a,b) of a and b is the largest integer that divides evenly into both a and b
 eg GCD(60,24) = 12
 define gcd(0, 0) = 0 , gcd(n,0) = n
 often want no common factors (except 1) define such numbers as relatively prime
 eg GCD(8,15) = 1
 hence 8 & 15 are relatively prime
Example GCD (1970,1066)
GCD(a,b) = GCD(b,a mod b)
1970 = 1 x 1066 + 904 gcd(1066, 904)
1066 = 1 x 904 + 162 gcd(904, 162)
904 = 5 x 162 + 94 gcd(162, 94)
162 = 1 x 94 + 68 gcd(94, 68)
94 = 1 x 68 + 26 gcd(68, 26)
68 = 2 x 26 + 16 gcd(26, 16)
26 = 1 x 16 + 10 gcd(16, 10)
16 = 1 x 10 + 6 gcd(10, 6)
10 = 1 x 6 + 4 gcd(6, 4)
6=1x4+2 gcd(4, 2)
Cryptography & Network Security Page 3
 4=2x2+0 gcd(2, 0)
GROUP:
• A group is a set, G, together with an operation • (called the group law of G) that
combines any two elements a and b to form another element, denoted a • b or ab.
• The operation satisfies four conditions called the group axioms
– Closure
– associative
– identity
– inversion
To qualify as a group, the set and operation, (G, •), must satisfy four requirements known as
the group axioms:

Closure:
For all a, b in G, the result of the operation, a • b, is also in G.
Associativity
For all a, b and c in G, (a • b) • c = a • (b • c).
Identity element
There exists an element e in G, such that for every element a in G, the
equation e • a = a • e = a holds. Such an element is unique , and thus one speaks of the identity
element.
Inverse element
For each a in G, there exists an element a−1 such that
a • a −1= a−1 • a = e, where e is the identity element.
• The result of an operation may depend on the order of the operands.
• The result of combining element a with element b need not yield the same result as
combining element b with element a; the equation
a•b=b•a
may not always be true.
• Groups for which the commutativity equation a • b = b • a always holds are called
abelian groups

CYCLIC GROUP:
• A cyclic group or monogenous group is a group that is generated by a single element.
• It consists of a set of elements with a single invertible associative operation, and it
contains an element g such that every other element of the group may be obtained by
repeatedly applying the group operation or its inverse to g.
• Each element can be written as a power of g in multiplicative notation, or as a multiple
of g in additive notation. This element g is called a generator of the group.
• define exponentiation as repeated application of operator
• example: a3 = a.a.a
• and let identity be: e=a0
Cryptography & Network Security Page 4
 • a group is cyclic if every element is a power of some fixed element
• ie b = ak for some a and every b in group
• a is said to be a generator of the group
RING {R, +, X}:
• A set equipped with two binary operations that generalize the arithmetic
operations of addition and multiplication.
• Through this generalization, theorems from arithmetic are extended to non-numerical
objects such as polynomials, series, matrices and functions.
• a set of “numbers” with two operations (addition and multiplication) which form an
abelian group with addition operation and multiplication:
• has closure if a and b € R, then ab € R
• is associative a(bc)=(ab)c for all a,b,c € R
• distributive over addition: a(b+c) = ab + ac
• if multiplication operation is commutative, it forms a commutative ring ab=ba
• if multiplication operation has an identity and no zero divisors, it forms an integral
domain
• Multiplicative identity : a.1 =1.a = a
• No zero divisor: a,b € R and ab=0, then either a=0/b=0
A ring is a set R equipped with binary operations + and · satisfying the following three sets of
axioms, called the ring axioms
1. R is an abelian group under addition, meaning that
– (a + b) + c = a + (b + c) for all a, b, c in R (+ is associative).
– a + b = b + a for all a, b in R (+ is commutative).
– There is an element 0 in R such that a + 0 = a for all a in R (0 is the additive
identity).
– For each a in R there exists −a in R such that a + (−a) = 0 (−a is the additive
inverse of a).
2. R is a monoid under multiplication, meaning that:
– (a ⋅ b) ⋅ c = a ⋅ (b ⋅ c)
for all a, b, c in R (⋅ is associative).
– There is an element 1 in R such that a ⋅ 1 = a and 1⋅ a = a
for all a in R (1 is the multiplicative identity).
3. Multiplication is distributive with respect to addition:
– a ⋅ (b + c) = (a ⋅ b) + (a ⋅ c)
for all a, b, c in R (left distributivity).
– (b + c) ⋅ a = (b ⋅ a) + (c ⋅ a)
for all a, b, c in R (right distributivity).

FIELD:
A field is a set F that is a commutative group with respect to two compatible
operations, addition and multiplication (the latter excluding zero), with "compatible" being
Cryptography & Network Security Page 5
formalized by distributivity, and the limitation that the additive and the multiplicative identities
are distinct (0 ≠ 1).
The most common way to formalize this is by defining a field as a set together with
two operations, usually called addition and multiplication, and denoted by + and ·, respectively,
such that the following axioms hold.
• Closure of F under addition and multiplication
For all a, b in F both a + b and a · b are in F
• Associativity of addition and multiplication
For all a, b, and c in F, the following equalities hold:
a + (b + c) = (a + b) + c
a · (b · c) = (a · b) · c.
• Commutativity of addition and multiplication
For all a and b in F, the following equalities hold:
a+b=b+a
a · b = b · a.
• Existence of additive and multiplicative identity elements
– There exists an element of F, called the additive identity element and
denoted by 0, such that
for all a in F, a + 0 = a.
– Likewise, there is an element, called the multiplicative identity element
and denoted by 1, such that
for all a in F, a · 1 = a.
To exclude the trivial ring, the additive identity and the multiplicative identity are
required to be distinct.
• Existence of additive inverses and multiplicative inverses
– For every a in F, there exists an element −a in F, such that
a + (−a) = 0.
– For any a in F other than 0, there exists an element a−1 in F, such that
a · a−1 = 1.
The elements a + (−b) and a · b −1 are also denoted a − b and a/b, respectively. In other
words, subtraction and division operations exist.
• Distributivity of multiplication over addition
– For all a, b and c in F, the following equality holds:
a · (b + c) = (a · b) + (a · c).

Cryptography & Network Security Page 6

DIVISORS:
• say a non-zero number b divides a if for some m have a=mb (a,b,m all integers)
• that is b divides into a with no remainder
• denote this b|a
• and say that b is a divisor of a
• eg. all of 1,2,3,4,6,8,12,24 divide 24
• eg. 13 | 182; –5 | 30; 17 | 289; –3 | 33; 17 | 0

SYMMETRIC KEY CIPHERS

 Symmetric-key algorithms are algorithms for cryptography that use the
same cryptographic keys for both encryption of plaintext and decryption of cipher text.
The keys, in practice, represent a shared secret between two or more parties that can be
used to maintain a private information link.
 They are divided into Block ciphers and Stream ciphers.

Block vs Stream Ciphers:

• Block ciphers process messages in blocks, each of which is then en/decrypted
• Stream ciphers process messages a bit or byte at a time when en/decrypting
• many current ciphers are block ciphers
• It has broader range of applications
Data Encryption Standard (SDES)
 most widely used block cipher in world
 adopted in 1977 by NBS (now NIST)
 encrypts 64-bit data using 56-bit key
 has widespread use
DES History

Cryptography & Network Security Page 7

  IBM developed Lucifer cipher
 by team led by Feistel
 used 64-bit data blocks with 128-bit key
 then redeveloped as a commercial cipher with input from NSA and others
 in 1973 NBS issued request for proposals for a national cipher standard
 IBM submitted their revised Lucifer which was eventually accepted as the DES
DES – Basics
• DES uses the two basic techniques of cryptography - confusion and diffusion.
• At the simplest level, diffusion is achieved through numerous permutations and
confusions is achieved through the XOR operation.
DES Encryption :

DES - The 16 Rounds:

The basic process in enciphering a 64-bit data block and a 56-bit key using the DES consists of:
– An initial permutation (IP)
– 16 rounds of a complex key dependent calculation f
– A final permutation, being the inverse of IP
Initial Permutation IP
 first step of the data computation
 IP reorders the input data bits
 even bits to LH half, odd bits to RH half
 quite regular in structure (easy in h/w)

Cryptography & Network Security Page 8

DES Round Structure
 uses two 32-bit L & R halves
 as for any Feistel cipher can describe as:
 Li = Ri–1
 Ri = Li–1 xor F(Ri–1, Ki)
 takes 32-bit R half and 48-bit subkey and:
o expands R to 48-bits using perm E
o adds to subkey
o passes through 8 S-boxes to get 32-bit result
o finally permutes this using 32-bit perm P
The use of the key can be seen in the right hand portion of figure.
 • Initially the key is passed through a permutation function (PC1 )
 • For each of the 16 iterations, a subkey (Ki) is produced by a combination of a left
circular shift and a permutation (PC2 ) which is the same for each iteration. However, the
resulting subkey is different for each iteration because of repeated shifts.

Cryptography & Network Security Page 9

The common formulas used to describe the relationships between the input to one round and its
output (or the input to the next round) are:

Cryptography & Network Security Page 10

E – Box Expansion:
 The E-box expansion permutation - here the 32-bit input data from Ri−1 is expanded and
permuted to give the 48 bits necessary for combination with the 48 bit key.
 The E-box expansion permutation delivers a larger output by splitting its input into 8, 4-
bit blocks and copying every first and fourth bit in each block into the output in a defined
manner.
 The security offered by this operation comes from one bit affecting two substitutions in
the S-boxes. This causes the dependency of the output bits on the input bits to spread
faster, and is known as the avalanche affect.

The bit by bit addition modulo 2 (or exclusive OR) of the E-box output and 48 bit subkey Ki.
Substitution Boxes S
 have eight S-boxes which map 6 to 4 bits
 each S-box is actually 4 little 4 bit boxes
 outer bits 1 & 6 (row bits) select one rows
 inner bits 2-5 (col bits) are substituted
 result is 8 lots of 4 bits, or 32 bits
 row selection depends on both data & key
 feature known as autoclaving (autokeying)
Example: For input 011001
The row is 01(row 1) & column is 1100(col 12),The value in row 1, col 12 is 9
So the output is 1001.

Cryptography & Network Security Page 11

DES - Swapping of Left and Right Halves
• The 64-bit block being enciphered is broken into two halves.
• The right half goes through one DES round, and the result becomes the new left half.
• The old left half becomes the new right half, and will go through one round in the next
round.
• This goes on for 16 rounds, but after the last round the left and right halves are not
swapped.
DES Key Schedule
• forms subkeys used in each round
• consists of:
• initial permutation of the key (PC1) which selects 56-bits in two 28-bit halves
Cryptography & Network Security Page 12
 • 16 stages consisting of:
• selecting 24-bits from each half
• permuting them by PC2 for use in function f,
• rotating each half separately either 1 or 2 places depending on the key
rotation schedule K
DES decryption
Decryption uses the same algorithm as encryption except the application of subkeys is reversed
(SK16 … SK1).
Avalanche Effect
 key desirable property of encryption algorithm
 where a change of one input or key bit results in changing approx half output bits
 making attempts to “home-in” by guessing keys impossible
 DES exhibits strong avalanche.

STRENGH OF DES
 With a key length of 56 bits, there are possible keys, which is approximately 7.2 * 10 ^ 6
keys.
 Brute force attack becomes impractical in DES
 cryptanalysis is possible by exploiting the characteristics of the DES algorithm.
 The focus of concern has been on the eight substitution tables, or S-boxes, that are used
in each iteration.

DIFFERENTIAL AND LINEAR CRYPTANALYSIS

Differential Cryptanalysis:
 one of the most significant recent (public) advances in cryptanalysis
 known by NSA in 70's cf DES design
 Murphy, Biham & Shamir published in 90’s
 powerful method to analyse block ciphers
 used to analyse most current block ciphers with varying degrees of success
 DES reasonably resistant to it, cf Lucifer
 a statistical attack against Feistel ciphers
 uses cipher structure not previously used
 design of S-P networks has output of function f influenced by both input & key
 hence cannot trace values back through cipher without knowing value of the key
 differential cryptanalysis compares two related pairs of encryptions
 with a known difference in the input
 searching for a known difference in output
 when same subkeys are used

Cryptography & Network Security Page 13

 
 have some input difference giving some output difference with probability p
 if find instances of some higher probability input / output difference pairs occurring
 can infer subkey that was used in round
 then must iterate process over many rounds (with decreasing probabilities)

LINEAR CRYPTANALYSIS:
 another recent development
 also a statistical method
 must be iterated over rounds, with decreasing probabilities

Cryptography & Network Security Page 14

  developed by Matsui et al in early 90's
 based on finding linear approximations
 can attack DES with 243 known plaintexts, easier but still in practise infeasible
 find linear approximations with prob p != ½
 P[i1,i2,...,ia]  C[j1,j2 ,...,jb] = K[k1,k2,...,kc]
 where ia,jb,kc are bit locations in P,C,K
 gives linear equation for key bits
 get one key bit using max likelihood alg
 using a large number of trial encryptions
 effectiveness given by: |p–1/2 |

BLOCK CIPHER DESIGN PRINCIPLES AND MODES OF OPERATION

 basic principles still like Feistel in 1970‟s
 number of rounds
 more is better, exhaustive search best attack
 function f:
 provides “confusion”, is nonlinear, avalanche
 key schedule
 complex subkey creation, key avalanche
MODES OF OPERATION
• Mode of operation is a technique for enhancing the effect of a cryptographic algorithm.
• Five Mode of operations are there
– Electronic code book
– Cipher block chaining
– Cipher feedback mode
– Output feedback mode
– Counter mode
ELECTRONIC CODEBOOK BOOK (ECB)
 message is broken into independent blocks which are encrypted
 each block is a value which is substituted, like a codebook, hence name
 each block is encoded independently of the other blocks
Ci = DESK1 (Pi)
 uses: secure transmission of single values

Cryptography & Network Security Page 15

Advantages and Limitations of ECB
 repetitions in message may show in ciphertext
 if aligned with message block
 particularly with data such graphics
 or with messages that change very little, which become a code-book analysis problem
 weakness due to encrypted message blocks being independent
 main use is sending a few blocks of data
CIPHER BLOCK CHAINING (CBC)
 message is broken into blocks
 but these are linked together in the encryption operation
 each previous cipher blocks is chained with current plaintext block, hence name
 use Initial Vector (IV) to start process
Ci = DESK1(Pi XOR Ci-1)
C-1 = IV
 uses: bulk data encryption, authentication .

Cryptography & Network Security Page 16

Advantages and Limitations of CBC
 each ciphertext block depends on all message blocks
 thus a change in the message affects all ciphertext blocks after the change as well as the
original block
 need Initial Value (IV) known to sender & receiver
o however if IV is sent in the clear, an attacker can change bits of the first block,
and change IV to compensate
o hence either IV must be a fixed value (as in EFTPOS) or it must be sent encrypted
in ECB mode before rest of message
 at end of message, handle possible last short block
o by padding either with known non-data value (eg nulls)
o or pad last block with count of pad size
 eg. [ b1 b2 b3 0 0 0 0 5] <- 3 data bytes, then 5 bytes pad+count
CIPHER FEEDBACK (CFB)
 message is treated as a stream of bits
 added to the output of the block cipher
 result is feed back for next stage (hence name)
 standard allows any number of bit (1,8 or 64 or whatever) to be feed back
 denoted CFB-1, CFB-8, CFB-64 etc
 is most efficient to use all 64 bits (CFB-64)
Ci = Pi XOR DES K1(Ci-1)
C-1 = IV
 uses: stream data encryption, authentication

Cryptography & Network Security Page 17

Advantages and Limitations of CFB
 appropriate when data arrives in bits/bytes
 most common stream mode
 limitation is need to stall while do block encryption after every n-bits
 note that the block cipher is used in encryption mode at both ends
 errors propagate for several blocks after the error

OUTPUT FEEDBACK (OFB)

 message is treated as a stream of bits
 output of cipher is added to message
 output is then feed back (hence name)
 feedback is independent of message
 can be computed in advance
Ci = Pi XOR Oi
Oi = DESK1(Oi-1)
O-1 = IV
 uses: stream encryption over noisy channels.

Cryptography & Network Security Page 18

Advantages and Limitations of OFB
 used when error feedback a problem or where need to encryptions before message is
available
 superficially similar to CFB
 but feedback is from the output of cipher and is independent of message
 a variation of a Vernam cipher
 hence must never reuse the same sequence (key+IV)
 sender and receiver must remain in sync, and some recovery method is needed to ensure
this occurs
 originally specified with m-bit feedback in the standards
 subsequent research has shown that only OFB-64 should ever be used
COUNTER (CTR)
 a “new” mode, though proposed early on
 similar to OFB but encrypts counter value rather than any feedback value
 must have a different key & counter value for every plaintext block (never reused)
Ci = Pi XOR Oi
Oi = DESK1(i)
 uses: high-speed network encryptions

Cryptography & Network Security Page 19

Advantages and Limitations of CTR
 efficiency
o can do parallel encryptions
o in advance of need
o good for bursty high speed links
 random access to encrypted data blocks
 provable security (good as other modes)
 but must ensure never reuse key/counter values, otherwise could break (cf OFB)

MULTIPLE ENCRYPTION & TRIPLEDES:

• Multiple encryption is a technique in which an encryption algorithm is used multiple
times.
• Triple DES is one of the multiple encryption scheme using multiple keys..
Double DES:
• Consits of two encryption stages.
• Uses two keys k1 and k2.
C= E(k2,E(k1,P).
P=D(k1,D(k2,C)).
It uses a keylength of 56 X 2=112 bits resulting an increase in cryptographic strength.

Cryptography & Network Security Page 20

Disadvantages of Double DES:
• Reduction to a single stage.
• Meet in the middle attacks.
– Meet-in-the-middle is a known attack that can exponentially reduce the number of
brute force permutations required to decrypt text that has been encrypted by more
than one key. Such an attack makes it much easier for an intruder to gain access to
data.
Triple-DES with Two-Keys:
• It has 3 encryptions
– would seem to need 3 keys
• but can use 2 keys with E-D-E sequence
• Encryption
C = E(K1,D(K2,E(K1,P)))
• Decryption
P = D(K1,E(K2,D(K1,C)))

Triple-DES with Three-Keys:

• Uses 3 keys with E-D-E sequence
• Encryption
C = E(K3,D(K2,E(K1,P)))
• Decryption
P = D(K1,E(K2,D(K3 ,C)))
• has been adopted by some Internet applications, eg PGP, S/MIME

Cryptography & Network Security Page 21

EVALUATION CRITERIA FOR AES
The three categories of criteria were:
1.Security:
 This refers to the effort required to cryptanalyze an algorithm. The emphasis in the
evaluation was on the practicality of the attack.
 Because the minimum key size for AES is 128 bits, brute-force attacks with current and
projected technology were considered impractical. Therefore, the emphasis, with respect
to this point, is cryptanalysis other than a brute-force attack.

2. Cost:
 NIST intends AES to be practical in a wide range of applications. Accordingly, AES
must have high computational efficiency, so as to be usable in high-speed applications,
such as broadband links.
3.Algorithm and implementation characteristics:
 This category includes a variety of considerations, including flexibility; suitability for a
variety of hardware and software implementations; and simplicity, which will make an
analysis of security more straightforward

ADVANCED ENCRYPTION STANDARD(AES) :

AES Requirements
 private key symmetric block cipher
Cryptography & Network Security Page 22
  128-bit data, 128/192/256-bit keys
 stronger & faster than Triple-DES
AES Evaluation Criteria
 initial criteria:
o security – effort to practically cryptanalyse
o cost – computational
o algorithm & implementation characteristics
 final criteria
o general security
o software & hardware implementation ease
o implementation attacks
o flexibility (in en/decrypt, keying, other factors)
AES Cipher - Rijendael
 designed by Rijmen-Daemen in Belgium
 has 128/192/256 bit keys, 128 bit data
 an iterative rather than feistel cipher
o treats data in 4 groups of 4 bytes
o operates an entire block in every round
 designed to be:
o resistant against known attacks
o speed and code compactness on many CPUs
o design simplicity
 processes data as 4 groups of 4 bytes (state)
 has 9/11/13 rounds in which state undergoes:
o byte substitution (1 S-box used on every byte)
o shift rows (permute bytes between groups/columns)
o mix columns (subs using matrix multiply of groups)
o add round key (XOR state with key material)
 initial XOR key material & incomplete last round
 all operations can be combined into XOR and table lookups - hence very fast & efficient .

Cryptography & Network Security Page 23

Byte Substitution

 a simple substitution of each byte

 uses one table of 16x16 bytes containing a permutation of all 256 8-bit values
 each byte of state is replaced by byte in row (left 4-bits) & column (right 4-bits)
 eg. byte {95} is replaced by row 9 col 5 byte
 which is the value {2A}
 S-box is constructed using a defined transformation of the values in GF(28)

Cryptography & Network Security Page 24

  designed to be resistant to all known attacks
Shift Rows
 a circular byte shift in each
o 1st row is unchanged
o 2nd row does 1 byte circular shift to left
o 3rd row does 2 byte circular shift to left
o 4th row does 3 byte circular shift to left
 decrypt does shifts to right
 since state is processed by columns, this step permutes bytes between the columns

Mix Columns
 each column is processed separately
 each byte is replaced by a value dependent on all 4 bytes in the column
 effectively a matrix multiplication in GF(28) using prime poly m(x) =x8+x4+x3+x+1

Add Round Key

 XOR state with 128-bits of the round key
 again processed by column (though effectively a series of byte operations)
 inverse for decryption is identical since XOR is own inverse, just with correct round key
 designed to be as simple as possible

Cryptography & Network Security Page 25

AES Round:

AES Key Expansion

 takes 128-bit (16-byte) key
 and expands into array of 44/52/60 32-bit words
 start by copying key into first 4 words
 then loop creating words that depend on values in previous & 4 places back
o in 3 of 4 cases just XOR these together
o every 4th has S-box + rotate + XOR constant of previous before XOR together
 designed to resist known attacks

Cryptography & Network Security Page 26

AES Decryption
 AES decryption is not identical to encryption since steps done in reverse
 but can define an equivalent inverse cipher with steps as for encryption
 but using inverses of each step
 with a different key schedule
 works since result is unchanged when
 swap byte substitution & shift rows
 swap mix columns & add (tweaked) round key

RC4 ALGORITHM

 RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security.It is a variable
key size stream cipher with byte-oriented operations.
 The algorithm is based on the use of a random permutation.
 A variable-length key of from 1 to 256 bytes (8 to 2048 bits) is used to initialize a 256-
byte state vector S,with elements .
 At all times, contains a permutation of all 8-bit numbers from 0 through 255. For
encryption and decryption, a byte is generated from S by selecting one of the 255 entries
in a systematic fashion.
 As each value of is generated,the entries in S are once again permuted.

Initialization of S
 To begin,the entries of are set equal to the values from 0 through 255 in ascending
order; that is, .
 A temporary vector, T, is also created.If the length of the key is 256 bytes,then is
transferred to T.
 Otherwise, for a key of length keylen bytes, the first keylen elements of T are
copied from K, and then K is repeated as many times as necessary to fill out
T.These preliminary operations can be summarized as
 /* Initialization */
 for i = 0 to 255 do S[i] = i; T[i] = K[i mod keylen];
 Next we use T to produce the initial permutation of S.

Cryptography & Network Security Page 27

  This involves starting with and going through to ,and for each ,swapping with
another byte in according to a scheme dictated by :

/* Initial Permutation of S */

j = 0;
for i = 0 to 255 do
j = (j + S[i] + T[i]) mod 256;
Swap (S[i], S[j]);

Because the only operation on S is a swap, the only effect is a permutation. S still
contains all the numbers from 0 through 255.
Stream Generation

 Once the S vector is initialized, the input key is no longer used.

 Stream generation involves cycling through all the elements of ,and for each
swapping with another byte in S according to a scheme dictated by the current
configuration of S.
 After is reached,the process continues,starting over again at :

/* Stream Generation */
i, j = 0;
while (true)
i = (i + 1) mod 256;
j = (j + S[i]) mod 256;

Cryptography & Network Security Page 28

 Fig.Stream Generation

KEY DISTRIBUTION
 A typical stream cipher encrypts plaintext one byte at a time, although a stream cipher
may be designed to operate on one bit at a time or on units larger than a byte at a time. In
this structure,a key is input to a pseudorandom bit generator that produces a stream of 8 -
bit numbers that are apparently random.
 The output of the generator, called a keystream, is combined one byte at a time with the
plaintext stream using the bitwise exclusive-OR (XOR) operation.
 For example,if the next byte generated by the generator is 01101100 and the next
plaintext byte is 11001100, then the resulting ciphertext byte is
 11001100 plaintext 01101100 key stream 10100000 ciphertext

Cryptography & Network Security Page 29