Dilla University

College of Engineering and Technology

School of Computing and Informatics, Department of comp.sci

Welcome to CoSc 4031

Computer Security
Chapter Three
Cryptography and Encryption Techniques

Dilla University, Department of Computer Science

 Outline
• Basic cryptographic terms
• Historical background
• Symmetric and Public Key Cryptography
• Symmetric key cryptography
– One time pads
– Stream vs. block ciphers
– Block cipher modes
• Example symmetric key algorithms
– DES
– Triple DES (two variants)
– AES
• Public key cryptography
– One-way functions
– RSA
• Asymmetric crypto primitives
• Cryptographic hash functions

Dilla University, Department of

Computer Science
 Introduction
• Computer data often travels from one computer to
another, leaving the safety of its protected
physical surroundings.

• Once the data is out of hand, people with bad

intention could modify or forge your data, either
for amusement or for their own benefit.

• Cryptography can reformat and transform our data,

making it safer on its trip between computers.

Dilla University, Department of

Computer Science
 Introduction
• Encryption or cryptography the name means
secret writing.

• probably the strongest defense in the arsenal

of computer security protection.

• Well-disguised data cannot easily be read,

modified, or fabricated.

Dilla University, Department of

Computer Science
 Introduction
• Cryptography conceals data against unauthorized access.
• is the art and science of making a cryptosystem that is
capable of providing information security.

• deals with the actual securing of digital data.

• design of mechanisms based on mathematical algorithms.

• cryptosystem is an implementation of cryptographic
techniques and their accompanying infrastructure to
provide information security services.
• A cryptosystem is also referred to as a cipher system.

Dilla University, Department of

Computer Science
 Introduction

• study of secure communications techniques that allow only

the sender and intended recipient of a message to view its
contents.

Dilla University, Department of

Computer Science
 Basic cryptographic terms
• plaintext - the original message
• ciphertext - the coded message

• cipher - algorithm for transforming plaintext to

ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext

• decipher (decrypt) - recovering ciphertext from plaintext

• cryptography - or science encompassing the principles
and methods of transforming an intelligible message into
one that is unintelligible, and then retransforming that
message back to its original form.

Dilla University, Department of

Computer Science
 Basic cryptographic terms
• cryptanalysis (codebreaking) - the
study of principles/ methods of
deciphering ciphertext without knowing
key
• cryptology - the field of both
cryptography and cryptanalysis
• Encoding, enciphering, encryption.

Dilla University, Department of

Computer Science
 Cont. …

• Cryptography has five ingredients:

– Plaintext
– Encryption algorithm
– Secret Key
– Ciphertext
– Decryption algorithm
• Security depends on the secrecy of
the key, not the secrecy of the
algorithm
Dilla University, Department of
Computer Science
 Cont. …
Simplified Encryption Model

Dilla University, Department of

Computer Science
 Cont. …
Description:
• A sender S wanting to transmit message M to a
receiver R
• To protect the message M, the sender first
encrypts it into an unintelligible message M’
• After receipt of M’, R decrypts the message to
obtain M
• M is called the plaintext
– What we want to encrypt
• M’ is called the ciphertext
– The encrypted output

Dilla University, Department of

Computer Science
 Cont. …
Notation:

• Given
– P=Plaintext
– C=CipherText
– k=key shared by sender and receiver
• C = EK (P) Encryption
• P = DK (C) Decryption

Dilla University, Department of

Computer Science
History: Caesar Cipher

• Caesar Cipher: The earliest known

example of a substitution cipher in
which each character of a message is
replaced by a character three position
down in the alphabet.
– Plaintext: are you ready
– Ciphertext: duh brx uhdgb

Dilla University, Department of

Computer Science
 Cont. …

• If we represent each letter of the

alphabet by an integer that
corresponds to its position in the
alphabet:
– The formula for replacing each character ‘p’
of the plaintext with a character ‘c’ of the
ciphertext can be expressed as:
c = E3(p ) = (p + 3) mod 26

Dilla University, Department of

Computer Science
 Cont. …
• A more general version of this cipher
that allows for any degree of shift:
– c = Ek(p ) = (p + k) mod 26
• The formula for decryption would be
– p = Dk(c ) = (c - k) mod 26
• In these formulas
– ‘k’ is the secret key. The symbols ’E’ and ’D’
stand for Encryption and Decryption
respectively, and p and c are characters in the
plain and cipher text respectively.

Dilla University, Department of

Computer Science
 History: Enigma
• Before war broke out in
1939 the Germans had
planned a special way of
keeping their
communications secret. The
army, navy and air force
were told to encode their
messages using cipher
machines called ENIGMA.
Dilla University, Department of
Computer Science
 Cont. …
• Enigma could put a message into code in over
150 MILLION MILLION MILLION
different ways.
• The Germans believed that no one could
crack the Enigma code. But the Allies knew
that if they could, they would be able to find
out their enemy's military secrets.

Dilla University, Department of

Computer Science
 Cont. …

• The Enigma machine looked like

a typewriter in a wooden box.
An electric current went from
the keyboard through a set of
rotors and a plugboard to light
up the 'code' alphabet.

Dilla University, Department of

Computer Science
 Cont. …

• In the 1930's Polish cipher

experts secretly began to
try to crack the code. Just
before war broke out they
managed to pass models and
drawings of Enigma to
British and French code-
breakers.
• Later Enigma was broken.

Dilla University, Department of

Computer Science
 History: Sigaba
• It was suited for
fixed station secure
communications, and
used by U.S. for high-
level communications,
was the only machine
system used by any
participant to remain
completely unbroken
by an enemy during
World War II.
Dilla University, Department of
Computer Science
 History:B-21 Machine by Boris
Hagelin
• Patterned on the
Enigma and produced
for the Swedish
General staff, Boris
Hagelin of Sweden
developed the B-21
machine in 1925. It
also had the capability
to be connected to an
electric typewriter.

Dilla University, Department of

Computer Science
 History:BC-38 by Crypto AG Zug

• Boris Hagelin of
Sweden developed a
long line of cipher
systems, beginning
with the B-21, B-211,
C-35, C-36, C-38
(which later became
America's M-209).

Dilla University, Department of

Computer Science
 History: BID 590 (Noreen)
• The BID 590 was a
British built crypto
machine and was used
by Canada's foreign
service communicators
at various diplomatic
missions to
communicate with
various government
departments.

Dilla University, Department of

Computer Science
 History: H-4605 (Crypto AG)
• The Crypto AG H4605
was designed as an
off-line, keyboard
operated cipher
machine with twin
printing (of cipher and
plain text) system with
automatic 5-letter
grouping. It's a solid
piece of equipment,
almost 'battleship
grade’.
Dilla University, Department of
Computer Science
History: Japanese "Enigma" Rotor
Cipher Machine
Produced by Germans for Japanese

Dilla University, Department of

Computer Science
Japanese Purple machine
¨ Electromechanical stepping switch machine
modelled after Enigma
¨ Used telephone stepping switches instead of rotors
¨ Purple was broken with the help of MAGIC.
¨ Pearl Harbor attack preparations encoded in
Purple, decoded hours before attack.

Dilla University, Department of

Computer Science
 History: KY-28 (Nestor)
• The KY-28 was an
analog, voice
encryption device
based on transistor
circuitry and was the
shipboard/airborne
member of the
NESTOR family of
equipment.
Dilla University, Department of
Computer Science
 History: Racal-Milgo 64-1027C
Datacryptor
• The Racal-Milgo 64-
1027C Datacryptor
was used to send and
receive secure data via
computer. This is the
commercial version of
the KG-84, and has
ability to be loaded via
the KYK-13 Fill device.

Dilla University, Department of

Computer Science
 History: The “Clock Cryptograph”

• It is basically a
nicely implemented
Wheatstone cipher
disk. It was in
active use in the
Danish armed
forces from 1934
(or a little earlier)
until around 1948.
Dilla University, Department of
Computer Science
 History: People in Breaking Codes

• Bletchley Park was

the home of the
secret Government
Code and Cypher
School. This was the
centre of British
code-breaking during
the war.

Dilla University, Department of

Computer Science
 Cont. …
• The code-breakers in Bletchley Park were
specially chosen from among the cleverest
people in England. Some were brilliant
mathematicians or linguists.
• Alan Turing, a Cambridge mathematician
and code-breaker who helped to invent one
of the world's first computers at Bletchley
Park.

Dilla University, Department of

Computer Science
 History: Computer and Code
Breaking
• Colossus was built
for the code-
breakers at
Bletchley Park by
post office
engineers in 1943.
• One of the earliest
computers.

Dilla University, Department of

Computer Science
 History: Computer and Code
Breaking
• The computer was as
big as a room - 5
metres long, 3
metres deep and 2.5
metres high - and
was made mainly
from parts used for
post office telephone
and telegraph
systems.
Dilla University, Department of
Computer Science
 History: Computer and Code
Breaking
• This Cray XMP was
donated to the museum by
Cray Research, Inc. It
denotes the newest era of
partnership between NSA
and the American
computer industry in the
employment of computers
for cryptologic processes.

Dilla University, Department of

Computer Science
 Cryptography
• Cryptographic systems are generally classified along 3
independent dimensions:
1.Type of operations used for transforming
plain text to cipher text. (substitution ,
transposition)
2. The number of keys used (1 (symmetric key or conventional
encryption or single key)or 2 (public key encryption))

3.The way in which the plain text is processed

(block or stream)

Dilla University, Department of

Computer Science
 Cryptography
• process of attempting to discover X or K or both is
known as cryptanalysis.

• The strategy used by the cryptanalysis depends on the

nature of the encryption scheme and the information
available to the cryptanalyst.
• various types of cryptanalytic attacks
• Cipher text only
• Known plaintext
• Chosen plaintext
• Chosen cipher text
• Steganography

Dilla University, Department of

Computer Science
ENCRYPTION TECHNIQUES
• Substitution
• Transposition
• A substitution technique is one in which the
letters of plaintext are replaced by other
letters or by numbers or symbols.

• If the plaintext is viewed as a sequence of

bits, then substitution involves replacing
plaintext bit patterns with cipher text bit
patterns.

Dilla University, Department of

Computer Science
ENCRYPTION TECHNIQUES
• Caesar cipher (or) shift cipher
• Monoalphabetic Ciphers

• Polyalphabetic cipher
– Playfair cipher
– Hill cipher
– Vigenere cipher

Dilla University, Department of

Computer Science
 Symmetric and Public Key
Cryptography

• There are two fundamentally different

cryptographic systems
– Symmetric cryptosystem/ Private key
– Asymmetric cryptosystem/ Public key

Dilla University, Department of

Computer Science
 Cont. …
Keyless Original
plaintext ciphertext plaintext
Encryption Decryption

Symmetric key

Original
plaintext ciphertext plaintext
Encryption Decryption

Asymmetric key
Original
plaintext ciphertext plaintext
Encryption Decryption
Dilla University,
Department of Computer
Science
 Symmetric Cryptosystem
• Also called secret-key/private-key cryptosystem
• The same key is used to encrypt and decrypt a
message
– P = DK [EK (P) ]
• Have been used for centuries in a variety of forms
• The key has to be kept secret
• The key has to be communicated using a secure
channel
• They are still in use in combination with public key
cryptosystems due to some of their advantages

Dilla University, Department of

Computer Science
 One-Time Pads
• Name → set of sheets of paper with
keys, glued into a pad

• The sender would tear off enough

number of pages

• The receiver needs a pad identical to

the one used by the sender
Dilla University,
Department of Computer
Science
 One-Time Pads (cont.)
• The sender would write the keys one at a time
above the letters of the plaintext.
K1 k2 k3 k4 ... Kn
p1 p2 p3 p4 ... pn

• The plaintext is enciphered using a pre-arranged

chart
– Vignere Tableau
– all 26 letters in each column in some scrambled order
– select the substitution in row pi, column Ki
• Problems:
– Unlimited number of keys & Absolute
synchronization between sender and receiver

Dilla University,
Department of Computer
Science
 Cont. …

Dilla University, Department of

Computer Science
 Vernam Cipher Example
Plaintext
V E R N A M C I P H E R
21 4 17 13 0 12 2 8 15 7 4 17
Random numbers
76 48 16 82 44 3 58 11 60 5 48 88
Sum
97 52 33 95 44 15 60 19 75 12 52 105
Sum mod 26
19 0 7 17 18 15 8 19 23 12 0 1
Ciphertext
t a h r s p i t x m a b

Dilla University, Department of

Computer Science
 Vernam Cipher
• Encryption method is completely unbreakable
for a ciphertext only attack.

• it requires a very long key which is

expensive to produce and expensive to
transmit.

• Once a key is used, it is dangerous to reuse

it for a second message; any knowledge on
the first message would give knowledge of
the second.

Dilla University, Department of

Computer Science
 TRANSPOSITION TECHNIQUES
• Rail fence: is simplest of such cipher, in which the
plaintext is written down as a sequence of diagonals
and then read off as a sequence of rows.

• E.g Plaintext = meet at the school house, depth=2

Row Transposition Ciphers: A more complex scheme
is to write the message in a rectangle, row by row,
and read the message off, column by column, but
permute the order of the columns.
• E.g Plaintext = meet at the school house, Order of
the column becomes the key of the algorithm.

Dilla University, Department of

Computer Science
 TRANSPOSITION TECHNIQUES

• A pure transposition cipher is easily recognized

because it has the same letter frequencies as the
original plaintext.
•

Dilla University, Department of

Computer Science
 Block and Stream Ciphers
Block Ciphers
• Block ciphers break messages into fixed
length blocks, and encrypt each block
using the same key.
• The Data Encryption Standard (DES) is
an example of a block cipher, where
blocks of 64 bits are encrypted using a
56-bit key.

Dilla University, Department of

Computer Science
 Formal Definition of a Block Cipher

• Let E be an encipherment algorithm, and

let Ek(b) be the encipherment of the
message b with key k.
• Let a message m=b1b2...where each bi is
of a fixed length.
• A block cipher is a cipher for which
Ek(m) = Ek(b1)Ek(b2)...

Dilla University, Department of

Computer Science
 Stream Ciphers

• Stream ciphers, like block ciphers,

break message into fixed length
blocks, but use a sequence of keys to
encrypt the blocks.

Dilla University, Department of

Computer Science
 Formal Definition of a Stream
Cipher
• Let E be an encipherment algorithm, and
let Ek(b) be the encipherment of the
message b with key k.
• Let a message m=b1b2...where each bi is
of a fixed length, and let k = k1k2....
• A stream cipher is a cipher for which
Ek(m) = Ek1 (b1)Ek2(b2)...

Dilla University, Department of

Computer Science
 Block Cipher Modes
• We discuss 3 (many others)
• Electronic Codebook (ECB) mode
– Encrypt each block independently
– There is a serious weakness
• Cipher Block Chaining (CBC) mode
– Chain the blocks together
– Better than ECB, virtually no extra work
• Counter Mode (CTR) mode
– Like a stream cipher (random access)

Dilla University,
Department of Computer
Science
 ECB Mode
• Notation: C=E(P,K)
• Given plaintext P0,P1,…,Pm,…
• Obvious way to use a block cipher is
Encrypt Decrypt
C0 = E(P0, K), P0 = D(C0, K),
C1 = E(P1, K), P1 = D(C1, K),
C2 = E(P2, K),… P2 = D(C2, K),…
• For a fixed key K, this is an electronic
version of a codebook cipher (no additive)

Dilla University,
Department of Computer
Science
 ECB Cut and Paste Attack
• Suppose plaintext is
Alice digs Bob. Trudy digs Tom.
• Assuming 64-bit blocks and 8-bit ASCII:
P0 = “Alice di”, P1 = “gs Bob. ”,
P2 = “Trudy di”, P3 = “gs Tom. ”
• Ciphertext: C0,C1,C2,C3
• Trudy cuts and pastes: C0,C3,C2,C1
• Decrypts as
Alice digs Tom. Trudy digs Bob.

Dilla University,
Department of Computer
Science
 ECB Weakness
• Suppose Pi = Pj
• Then Ci = Cj and Trudy knows Pi = Pj
• This gives Trudy some information, even
if she does not know Pi or Pj
• Trudy might know Pi
• Is this a serious issue?

Dilla University,
Department of Computer
Science
 CBC Mode

• Blocks are “chained” together

• A random initialization vector, or IV, is
required to initialize CBC mode
• IV is random, but need not be secret
Encryption Decryption
C0 = E(IV  P0, K), P0 = IV  D(C0, K),
C1 = E(C0  P1, K), P1 = C0  D(C1, K),
C2 = E(C1  P2, K),… P2 = C1  D(C2, K),…

Dilla University,
Department of Computer
Science
 CBC Mode
• Identical plaintext blocks yield different
ciphertext blocks
• Cut and paste is still possible, but more
complex (and will cause garbles)
• If C1 is garbled to, say, G then
P1  C0  D(G, K), P2  G  D(C2, K)
• But P3 = C2  D(C3, K), P4 = C3  D(C4, K),…
• Automatically recovers from errors!

Dilla University,
Department of Computer
Science
 Counter Mode (CTR)

• CTR is popular for random access

• Use block cipher like stream cipher
Encryption Decryption
C0 = P0  E(IV, K), P0 = C0  E(IV, K),
C1 = P1  E(IV+1, K), P1 = C1  E(IV+1, K),
C2 = P2  E(IV+2, K),… P2 = C2  E(IV+2, K),…
• CBC can also be used for random access!!!

Dilla University,
Department of Computer
Science
 Popular Example of Symmetric
Cryptosystem:DES

• In 1973, the NBS (National Bureau of Standards, now called

NIST - National Institute of Standards and Technology)
published a request for an encryption algorithm that would
meet the following criteria:
– have a high security level
– be easily understood
– not depend on the algorithm's confidentiality
– be adaptable and economical
– be efficient and exportable

• In late 1974, IBM proposed "Lucifer", which was then modified

by NSA (National Security Agency) in 1976 to become the DES
(Data Encryption Standard). DES was approved by the NBS in
1978. The DES was standardized by the ANSI under the name
of ANSI X3.92, also known as DEA (Data Encryption
Algorithm).
Dilla University, Department of
Computer Science
 DES- Example of Symmetric Cryptosystem …

• DES Utilizes block cipher, which means that during the

encryption process, the plaintext is broken into fixed
length blocks of 64 bits.
• The key is 56 bits wide. 8-bit out of the total 64-bit
block key is used for parity check (for example, each
byte has an odd number of bits set to 1).
• 56-bit key gives 256 ( 7.2*1016) possible key
variations.
• DES algorithm involves carrying out combinations,
substitutions and permutations between the text to be
encrypted and the key, while making sure the operations
can be performed in both directions (for decryption).
• The combination of substitutions and permutations is
called a product cipher.
Dilla University, Department of
Computer Science
 DES- Example of Symmetric Cryptosystem …

• DES was best suited for implementation in hardware,

probably to discourage implementations in software,
which tend to be slow by comparison during that time.
• Modern computers are so fast that satisfactory
software implementations for DES are possible.
• DES is the most widely used symmetric algorithm
despite claims whether 56 bits is long enough to
guarantee security.
• Using current technology, 56-bit key size is vulnerable
to a brute force attack.

Dilla University, Department of

Computer Science
 DES- Example of Symmetric Cryptosystem …

• DES Encryption starts with an initial permutation (IP) of the 64

input bits. These bits are then divided into two 32-bit halves
called L and R. The encryption then proceeds through 16 rounds,
each using the L and R parts, and a subkey.
• The R and subkeys are processed in the so called f-function, and
exclusive-or of the output of the f-function with the existing L
part to create the new R part. The new L part is simply a copy of
the incoming R part.
• In the final round, the L and R parts are swapped once more
before the final permutation (FP) producing the output block.
• Decryption is identical to encryption, except that the subkeys are
used in the opposite order. That is, subkey 16 is used in round 1,
subkey 15 is used in round 2, etc., ending with subkey 1 being used
in round 16.

Dilla University, Department of

Computer Science
 Cryptography
DES Algorithm - Overall and Detail Structure

Dilla University, Department of

Computer Science
 DES- Example of Symmetric Cryptosystem …

• The f-function mixes the bits of the R portion using

the Subkey for the current round. First the 32-bit R
value is expanded to 48 bits using a permutation E.
That value is then exclusive-or'ed with the subkey.
• The 48 bits are then divided into eight 6-bit chunks,
each of which is fed into an S-Box that mixes the bits
and produces a 4-bit output. A little bit funny
operation!!
• Those 4-bit outputs are combined into a 32-bit value,
and permuted once again to produce the f-function
output.

Dilla University, Department of

Computer Science
The S-Box S-Box

If S1 is the function defined in this table and B is a block of 6 bits, then S1(B) is determined as
follows: The first and last bits of B represent in base 2 a number in the decimal range 0 to 3 (or
binary 00 to 11). Let that number be i. The middle 4 bits of B represent in base 2 a number in the
decimal range 0 to 15 (binary 0000 to 1111). Let that number be j. Look up in the table the number in
the i-th row and j-th column. It is a number in the range 0 to 15 and is uniquely represented by a 4 bit
block. That block is the output S1(B) of S1 for the input B. For example, for input block B = 011011
the first bit is "0" and the last bit "1" giving 01 as the row. This is row 1. The middle four bits are
"1101". This is the binary equivalent of decimal 13, so the column is column number 13. In row 1, column
13 appears 5. This determines the output; 5 is binary 0101, so that the output is 0101. Hence
S1(011011) = 0101. Dilla University, Department of
Computer Science
 Cryptography
DES- Algorithm, the f-function

Dilla University, Department of

Computer Science
 DES- Generating Subkey

• To generate the subkeys, start with the 56-bit

key (64 bits if you include the parity bits).
These are permuted and divided into two
halves called C and D.
• For each round, C and D are each shifted left
circularly one or two bits (the number of bits
depending on the round).
• The 48-bit subkey is then selected from the
current C and D bits.

Dilla University, Department of

Computer Science
 Cont. …

Dilla University, Department of

DES- Algorithm - Key Schedule and Subkey
Computer Science Generation
 DES- Permutation principles

Initial Permutation (IP) Final Permutation(FP)

-1
IP IP
58 50 42 34 26 18 10 2 40 8 48 16 56 24 64 32
60 52 44 36 28 20 12 4 39 7 47 15 55 23 63 31
62 54 46 38 30 22 14 6 38 6 46 14 54 22 62 30
64 56 48 40 32 24 16 8 37 5 45 13 53 21 61 29
57 49 41 33 25 17 9 1 36 4 44 12 52 20 60 28
59 51 43 35 27 19 11 3 35 3 43 11 51 19 59 27
61 53 45 37 29 21 13 5 34 2 42 10 50 18 58 26
63 55 47 39 31 23 15 7 33 1 41 9 49 17 57 25
“First Bit of the output is taken from the 58th bit of the input, etc...”
 DES- Permutation principles

Expansion/Permutation Contraction/Permuted Choice (PC-2)

The 32-bit half-block of data is Selects/Extracts the 48-bit subkey for

expanded to 48 bits. each round from the 56-bit key-schedule
state.
E PC-2

32 1 2 3 4 5 14 17 11 24 1 5

4 5 6 7 8 9 3 28 15 6 21 10

8 9 10 11 12 13 23 19 12 4 26 8

12 13 14 15 16 17 16 7 27 20 13 2

16 17 18 19 20 21 41 52 31 37 47 55

20 21 22 23 24 25 30 40 51 45 33 48

24 25 26 27 28 29 44 49 39 56 34 53

28 29 30 31 32 1 46 42 50 36 29 32
 Attack on DES
• Cracking: The most basic method of attack for any
cypher is brute force - trying every possible key in
turn.
• The length of the key determines the number of
possible keys, and hence the feasibility of the
approach.
• DES is not adequate with this regard due to its key size
• In academia, various proposals for a DES-cracking
machine were advanced.
In 1977, Diffie and Hellman proposed a machine costing an estimated US$20 million
which could find a DES key in a single day.
By 1993, Wiener had proposed a key-search machine costing US$1 million which would
find a key within 7 hours.

However, none of these early proposals were ever

implemented. Dilla University, Department of
Computer Science
 Cont. …
• The vulnerability of DES was practically demonstrated in 1997,
where RSA Security sponsored a series of contests, offering a
$10,000 prize to the first team that broke a message encrypted
with DES for the contest. That contest was won by the DESCHALL
Project, led by Rocke Verser, Matt Curtin, and Justin Dolske, using
idle cycles of thousands of computers across the Internet.
• The feasibility of cracking DES quickly was demonstrated in 1998
when a custom DES-cracker was built by the Electronic Frontier
Foundation (EFF), a cyberspace civil rights group, at the cost of
approximately US$250,000. Their motivation was to show that
DES was breakable in practice as well as in theory.

Dilla University, Department of

Computer Science
 Cont. …
DES- Example of Symmetric Cryptosystem …

The EFF's US$250,000 DES

cracking machine
contained 1,856 custom
chips and could brute force
a DES key in a matter of
days - the photo shows a
DES Cracker circuit board
fitted with several Deep
Crack chips.
Dilla University, Department of
Computer Science
 Example of Symmetric
… Cryptosystem: Triple DES
• A variant of DES, Triple DES (3-DES), provides enhanced security
by executing the core algorithm three times in a row.
• With triple length key of three 56-bit keys K1, K2 & K3,
encryption is:
Encrypt with K1
Decrypt with K2
Encrypt with K3
• Decryption is the reverse process:
Decrypt with K3
Encrypt with K2
Decrypt with K1

• Setting K3 equal to K1 in these processes gives us a double length

key K1, K2.
• Setting K1, K2 and K3 all equal to K has the same effect as using a
single-length (56-bit key).
• Thus it is possible for a system using triple-DES to be compatible
with a system using single-DES.
Dilla University, Department of
Computer Science
 Advanced Encryption Standard

"It seems very simple."

"It is very simple. But if you don't know
what the key is it's virtually
indecipherable."
—Talking to Strange Men, Ruth Rendell

Dilla University, Department of

Computer Science
 Origins
• clear a replacement for DES was needed
– have theoretical attacks that can break it
– have demonstrated exhaustive key search attacks
• can use Triple-DES – but slow, has small
blocks
• US NIST issued call for ciphers in 1997
• 15 candidates accepted in Jun 98
• 5 were shortlisted in Aug-99
• Rijndael was selected as the AES in Oct-2000
• issued as FIPS PUB 197 standard in Nov-2001
Dilla University, Department of
Computer Science
 The AES Cipher - Rijndael
• designed by Rijmen-Daemen in Belgium
• has 128/192/256 bit keys, 128 bit data
• an iterative rather than feistel cipher
– processes data as block of 4 columns of 4 bytes
– operates on entire data block in every round
• designed to be:
– resistant against known attacks
– speed and code compactness on many CPUs
– design simplicity

Dilla University, Department of

Computer Science
 AES
Encryption
Process

Dilla University, Department of

Computer Science
 AES Structure
➢ data block of 4 columns of 4 bytes is state
➢ key is expanded to array of words
➢ has 9/11/13 rounds in which state undergoes:
⚫ byte substitution (1 S-box used on every byte)
⚫ shift rows (permute bytes between
groups/columns)
⚫ mix columns (subs using matrix multiply of groups)
⚫ add round key (XOR state with key material)
⚫ view as alternating XOR key & scramble data bytes
➢ initial XOR key material & incomplete last
round
➢ with fast XOR & table lookup implementation
Dilla University, Department of
Computer Science
AES Structure

Dilla University, Department of

Computer Science
 Some Comments on AES
1. an iterative rather than feistel cipher
2. key expanded into array of 32-bit words
1. four words form round key in each round
3. 4 different stages are used as shown
4. has a simple structure
5. only AddRoundKey uses key
6. AddRoundKey a form of Vernam cipher
7. each stage is easily reversible
8. decryption uses keys in reverse order
9. decryption does recover plaintext
10. final round hasDillaonly 3 stages
University, Department of
Computer Science
 Substitute Bytes
• a simple substitution of each byte
• uses one table of 16x16 bytes containing a
permutation of all 256 8-bit values
• each byte of state is replaced by byte
indexed by row (left 4-bits) & column (right
4-bits)
– eg. byte {95} is replaced by byte in row 9 column 5
– which has value {2A}
• S-box constructed using defined
transformation of values in
• designed to be resistant to all known attacks

Dilla University, Department of

Computer Science
Substitute Bytes

Dilla University, Department of

Computer Science
Substitute Bytes Example

Dilla University, Department of

Computer Science
 Shift Rows
• a circular byte shift in each each
– 1st row is unchanged
– 2nd row does 1 byte circular shift to left
– 3rd row does 2 byte circular shift to left
– 4th row does 3 byte circular shift to left
• decrypt inverts using shifts to right
• since state is processed by columns, this step
permutes bytes between the columns

Dilla University, Department of

Computer Science
Shift Rows

Dilla University, Department of

Computer Science
 Mix Columns
• each column is processed separately
• each byte is replaced by a value
dependent on all 4 bytes in the column
• effectively a matrix multiplication in
using prime poly m(x) =x8+x4+x3+x+1

Dilla University, Department of

Computer Science
Mix Columns

Dilla University, Department of

Computer Science
 Add Round Key
➢ XOR state with 128-bits of the round key
➢ again processed by column (though
effectively a series of byte operations)
➢ inverse for decryption identical
⚫ since XOR own inverse, with reversed keys
➢ designed to be as simple as possible
⚫ a form of Vernam cipher on expanded key
⚫ requires other stages for complexity /
security
Dilla University, Department of
Computer Science
Add Round Key

Dilla University, Department of

Computer Science
AES Round

Dilla University, Department of

Computer Science
 AES Key Expansion
➢takes 128-bit (16-byte) key and expands
into array of 44/52/60 32-bit words
➢start by copying key into first 4 words
➢then loop creating words that depend on
values in previous & 4 places back
⚫in 3 of 4 cases just XOR these together
⚫1st word in 4 has rotate + S-box + XOR
round constant on previous, before XOR 4th
back

Dilla University, Department of

Computer Science
AES Key Expansion

Dilla University, Department of

Computer Science
AES S-BOX

Dilla University, Department of

Computer Science
AES round constant

Dilla University, Department of

Computer Science
 Key Expansion Rationale
• designed to resist known attacks
• design criteria included
– knowing part key insufficient to find many
more
– invertible transformation
– fast on wide range of CPU’s
– use round constants to break symmetry
– diffuse key bits into round keys
– enough non-linearity to hinder analysis
– simplicity of description
Dilla University, Department of
Computer Science
 AES
Example
Key
Expansion

Dilla University, Department of

Computer Science
 AES Decryption
• AES decryption is not identical to
encryption since steps done in reverse
• but can define an equivalent inverse
cipher with steps as for encryption
– but using inverses of each step
– with a different key schedule
• works since result is unchanged when
– swap byte substitution & shift rows
– swap mix columns & add (tweaked) round
key

Dilla University, Department of

Computer Science
AES Decryption

Dilla University, Department of

Computer Science
 Implementation Aspects
• can efficiently implement on 8-bit CPU
– byte substitution works on bytes using a
table of 256 entries
– shift rows is simple byte shift
– add round key works on byte XOR’s
– mix columns requires matrix multiply which
works on byte values, can be simplified to
use table lookups & byte XOR’s

Dilla University, Department of

Computer Science
 Implementation Aspects
➢can efficiently implement on 32-bit CPU
⚫redefine steps to use 32-bit words
⚫can precompute 4 tables of 256-words
⚫then each column in each round can be
computed using 4 table lookups + 4 XORs
⚫at a cost of 4Kb to store tables
➢designers believe this very efficient
implementation was a key factor in its
selection as the AES cipher

Dilla University, Department of

Computer Science
 Summary: AES
• have considered:
– the AES selection process
– the details of Rijndael – the AES cipher
– looked at the steps in each round
– the key expansion
– implementation aspects

Dilla University, Department of

Computer Science
Other Symmetric Block Ciphers
(Reading Assignment I: Network Security
Essentials Applicationa and Standards,2nd
Ed.,William Stalling, page:42-46)
– IDEA (International Data Encryption Algorithm)
– Blowfish
– RC5

Dilla University, Department of

Computer Science
 Public/Asymmetric key
cryptography
• Also called public-key cryptosystem
– keys for encryption and decryption are different but form a unique
pair
– P = DKD [EKE (P) ]
– Only one of the keys need to be private while the other can be
public
• Invented by Diffie and Hellman in 1976

• Uses Mathematical functions whose inverse is not known by

Mathematicians of the day
• It is a revolutionary concept since it avoids the need of using
a secure channel to communicate the key
• It has made cryptography available for the general public
and made many of today’s on-line application feasible

Dilla University, Department of

Computer Science
 Cont. …
• Which one of the encryption or decryption key is
made public depends on the use of the key
– If Hana wants to send a confidential message to
Ahmed
– She encrypts the message using Ahmed’s public
key
– Send the message
– Ahmed will then decode it using his own private
key
– On the other hand, if Ahmed needs to make sure
that a message sent by Hana really comes from
her, how can he make that?

Dilla University, Department of

Computer Science
 Cont. …
• Using digital signature
– Hana has to first encrypt a digital signature using
her private key
– Then encrypt the message (signature included) with
Ahmed’s public key
– Sends the encrypted message to Ahmed
– Ahmed decrypts the message using his private key
– Ahmed then decrypts the signature using Hana’s
public key
– If successful, he insures that it comes from Hana

Dilla University, Department of

Computer Science
Public-key Cryptosystem: Example
RSA
• RSA is from R. Rivesh, A. Shamir and L. Aldermen
• Principle: No mathematical method is yet known to efficiently
find the prime factors of large numbers
• In RSA, the private and public keys are constructed from
very large prime numbers (consisting of hundred of decimal
digits)
• One of the keys can be made public

• Breaking RSA is equivalent to finding the prime factors: this

is know to be computationally infeasible
• It is only the person who has produced the keys from the
prime number who can easily decrypt the messages

Dilla University, Department of

Computer Science
 Cont. …
Public-key Cryptosystem: Average time
required for exhaustive key search

Key Size Number of Time required at 106

(bits) Alternative Keys Decryption/µs
32 232 = 4.3 x 109 2.15 milliseconds

56 256 = 7.2 x 1016 10 hours

128 2128 = 3.4 x 1038 5.4 x 1018 years

168 2168 = 3.7 x 1050 5.9 x 1030 years

Dilla University, Department of

Computer Science
 Summary
Public-key Cryptosystem
– A pair of keys (private, public)
– If you have the private key, you can easily
decrypt what is encrypted by the public
key
– Otherwise, it is computationally infeasible
to decrypt what has been encrypted by the
public key

Dilla University, Department of

Computer Science
 Hash functions

• One application of cryptography in distributed

systems is the use of hash functions
• A hash function H takes a message m of
arbitrary length and produces a bit string h,
h= H (m)
• When the hash value h is sent with the
message m, it enables to determine whether m
has been modified or not

Dilla University, Department of

Computer Science
 Cont. …
• Properties of hash functions
One-way function: It is computationally infeasible to
find m that corresponds to a known output of h
• Collision resistance
• Weak-collision resistance: It is computationally
infeasible, given m and H, to find m’ ≠ m such
that H(m) = H(m’)
• Strong-collision resistance: Given H, it is
computationally infeasible to find any two
different input values m and m’, such that H(m)
= H(m’)

Dilla University, Department of

Computer Science
 RSA- Example of Asymmetric/Public-Key Cryptosystem

• The RSA algorithm

• Used for both public key encryption and digital
signatures.
• Security is based on the difficulty of factoring large
integers.

• Major Activities
• Key Generation (Algorithm)
• Encryption
• Digital signing
• Decryption
• Signature verification

Dilla University, Department of

Computer Science
 RSA: Cont. …
• Generate two large random primes, p and q
• Compute n = pq and (φ) phi = (p-1)(q-1)
• Choose an integer e, 1 < e < φ, such that gcd(e,
phi) = 1
• Compute the secret exponent d, 1 < d < φ, such
that
d = e-1 mod φ , i.e. φ divides (ed-1)
• The public key is (n, e) and the private key is
(n, d).
Keep all the values d, p, q and φ secret
n is known as the modulus
e is known as the public exponent or encryption exponent
d is known as the secret exponent or decryption exponent.
Dilla University, Department of
Computer Science
 RSA: Cont. …
RSA- Encryption
• Sender A does the following
• Obtains the recipient B's public key (n, e)
• Represents the plaintext message as a positive integer m
• Computes the ciphertext c = m^e mod n
• Sends the ciphertext c to B

RSA- Decryption

• Recipient B does the following

• Uses his private key (n, d) to compute m = c^d mod n
• Extracts the plaintext from the message representative m

Dilla University, Department of

Computer Science
 RSA: Cont. …
• RSA- Digital signing
• Sender A does the following
• Creates a message digest of the information to be sent
• Represents this digest as an integer m between 0 and n-1
• Uses her private key (n, d) to compute the signature
s = md mod n.
• Sends this signature s to the recipient, B.

• RSA- Signature verification

• Recipient B does the following
• Uses sender A's public key (n, e) to compute integer v = se mod n
• Extracts the message digest from this integer
• Independently computes the message digest of the information that
has been signed
• If both message digests are identical, the signature is valid
Dilla University, Department of
Computer Science
 RSA: Cont. …
• RSA- Key Generation Simple Example

• Select primes p=11, q=3.

• n = pq = 11*3 = 33
phi = (p-1)(q-1) = 10*2 = 20
• Choose e=3
Check gcd(e, p-1) = gcd(3, 10) = 1 (i.e. 3 and 10 are relatively prime - have
no common factors except 1) and check gcd(e, q-1) = gcd(3, 2) = 1,
therefore gcd(e, phi) = gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1
• Compute d (1<d<phi) such that d = e-1 mod phi = 3-1 mod 20
i.e. find a value for d such that phi divides ed-1 (20 divides 3d-1.)
Simple testing (d = 2, 3 ...) gives d = 7
Check: ed-1 = 3*7 - 1 = 20, which is divisible by phi (20).
• Public key = (n, e) = (33, 3)
Private key = (n, d) = (33, 7).

Dilla University, Department of

Computer Science
 Cryptography
Given
Public key = (n, e) = (33, 3)
Private key = (n, d) = (33, 7)

RSA- Encryption Example

• Now say we want to encrypt the message m = 7
c = m^e mod n = 7^3 mod 33 = 343 mod 33 = 13
Hence the ciphertext c = 13

RSA- Decryption Example

• To check decryption we compute
m = c^d mod n = 13 ^ 7 mod 33 = 62748517 mod 33 =7

Dilla University, Department of

Computer Science
 Cryptography
RSA- More Meaningful Example

Message: ATTACKxATxSEVEN
• Grouping the characters into blocks of three and computing a
message representative integer for each block:
ATT ACK XAT XSE VEN
• In the same way that a decimal number can be represented as the
sum of powers of ten, e.g. 135 = 1 x 102 + 3 x 101 + 5, we could
represent our blocks of three characters in base 26 using A=0,
B=1, C=2, ..., Z=25
• ATT = 0 x 262 + 19 x 261 + 19 = 513
ACK = 0 x 262 + 2 x 261 + 10 = 62
XAT = 23 x 262 + 0 x 261 + 19 = 15567
XSE = 23 x 262 + 18 x 261 + 4 = 16020
VEN = 21 x 262 + 4 x 261 + 13 = 14313

Dilla University, Department of

Computer Science
 Cryptography
RSA- More Meaningful Example – Key Generation

• We "generate" primes p=137 and q=131 (we cheat by

looking for suitable primes around √n)
• n = pq = 137*131 = 17,947
phi = (p-1)(q-1) = 136*130 = 17680
• Select e = 3
check gcd(e, p-1) = gcd(3, 136) = 1, OK and
check gcd(e, q-1) = gcd(3, 130) = 1, OK.
• Compute d = e-1 mod phi = 3-1 mod 17680 = 11787.
d = e-1 mod phi , i.e. phi divides (ed-1)
• Hence
public key, (n, e) = (17947, 3) and
private key (n, d) = (17947, 11787).
Dilla University, Department of
Computer Science
 Cryptography
Given
Public key = (n, e) = (17947, 3)
Private key = (n, d) = (17947, 11787)

RSA- More Meaningful Example – Encryption/Decryption

• To encrypt the first integer that represents "ATT“ (513), we
have
• c = m^e mod n = 5133 mod 17947 = 8363
• We can verify that our private key is valid by decrypting
• m = c^d mod n = 836311787 mod 17947 = 513

• Overall, our plaintext is represented by the set of integers m

• (513, 62, 15567, 16020, 14313)
• We compute corresponding cipher text integers c = m^e mod n
• (8363, 5017, 11884, 9546, 13366)

Dilla University, Department of

Computer Science
 Attack on cryptography
• Types of attacks
– The attacker has only the ciphertext and
his goal is to find the corresponding
plaintext
– The attacker has a ciphertext and the
corresponding plaintext and his goal is to
find the key
• A good cryptosystem protects against all
types of attacks
• Attackers use both Mathematics and
Statistics Dilla University, Department of
Computer Science
 Cont. …
• Cryptography and Intruders
– Eavesdropping (listening/spying the
message)
An intruder may try to read the message
If it is well encrypted the intruder will not know the
content
However, just the fact the intruder knows that there is
communication may be a threat (Traffic analysis)
– Modification
Modifying a plaintext is easy, but modifying encrypted
messages is more difficult
– Insertion of messages
Inserting new message into a cipher-text is difficult

Dilla University, Department of

Computer Science
 Cont. …
Cryptography and Intruders

Dilla University, Department of

Computer Science