Eg.

We can encrypt the message “She is listening” using the 6-character

keyword “PASCAL”.

Let us see how we can encrypt the message “She is listening” using the 6-character
keyword “PASCAL”. The initial key stream is (15, 0, 18, 2, 0, 11). The key stream is
the repetition of this initial key stream (as many times as needed).

TRANSPOSITION CIPHERS

A transposition cipher does not substitute one symbol for another, instead it changes
the location of the symbols.

 Keyless Transposition Ciphers

 Keyed Transposition Ciphers
 Combining Two Approaches

Keyless Transposition Ciphers

Simple transposition ciphers, which were used in the past, are keyless.

1. A good example of a keyless cipher using the first method is the rail fence
cipher. The cipher text is created reading the pattern row by row. For example,
to send the message “Meet me at the park” to Bob, Alice writes

She then creates the cipher text “MEMATEAKETETHPR”.

2. Alice and Bob can agree on the number of columns and use the second method.
Alice writes the same plaintext, row by row, in a table of four columns.
She then creates the cipher text “MMTAEEHREAEKTTP”.

Keyed Transposition Ciphers

The keyless ciphers permute the characters by using writing plaintext in one way
and reading it in another way The permutation is done on the whole plaintext to
create the whole cipher text. Another method is to divide the plaintext into
groups of predetermined size, called blocks, and then use a key to permute the
characters in each block separately.

Alice needs to send the message “Enemy attacks tonight” to Bob..

The key used for encryption and decryption is a permutation key, which shows
how the character are permuted.

The permutation yields

 Combining Two Approaches

Steganography

 Plaintext message may be hidden in one of two ways.

1. Conceal the existence of the message-Steganography.

2. Render the message unintelligible to outsiders by various transformations

of the text- Cryptography
 A simple but time consuming form of steganography is the one in which an
arrangement of words or letters within an apparently normal text spells out
the real message.
 For example, the sequence of first letters of each word of the overall message
spells out the hidden message.
 Some other techniques that have been used historically are listed below:
 Character marking: Selected letters of printed or typewritten text are
overwritten in pencil. The marks are ordinarily not visible unless the
paper is held at an angle to bright light.
 Invisible ink: A number of substances can be used for writing but leave
no visible trace until heat or some chemical is applied to the paper.
  Pin punctures: Small pin punctures on selected letters are ordinarily not
visible unless the paper is held up in front of alight.
 Typewriter correction ribbon: Used between lines typed with a ribbon
the results of black typing with the correction tape are visible only under a
strong light.
 Although these techniques may seem ancient, they have modern
equivalents.
 For example, suppose an image has a resolution of 2048 X 3072 pixels
where each pixel is denoted by 24 bits (Kodak CD photo format).
 The least significant bit of each 24-bit pixel can be changed without
greatly affecting the quality of the image.
 The result is that you can hide a 2.3-megabyte message in a single digital
snapshot.
 There are now a number of software packages available that take this type
of approach to steganography.
 Steganography has a number of drawbacks when compared to encryption.
a. It requires a lot of overhead to hide a relatively few bits of information.
b. Once the system is discovered, it becomes virtually worthless.
 The advantage of steganography is that it can be employed by parties who
have something to lose if the fact of their secret communication is
discovered.

Rotor Machines
 The basic principle of the rotor machine is illustrated in figure. The machine
consists of a set of independently rotating cylinders through which electrical
pulse can flow.
 Each cylinder has 26 input and 26 output pins, with internal wiring that
connect each input pin to unique output pin.
 If we associate each input and output pin with a letter of the alphabet, then a
single cylinder defines a monoalphabetic sub stitution.
 If we use multiple cylinders then we will obtain polyalphabetic substitution.
 Block Cipher Principles

Stream Cipher and Block Cipher

• A stream cipher is one that encrypts a data stream one bit or one byte at a
time. Example of stream cipher is the autokeyes, vigenere cipher and vernam
cipher.

• A Block Cipher is one in which a block of plaintext is treated as a whole and

used to produce a cipher text block of equal length. Example of block cipher
is DES.

Block Cipher Principles

• block ciphers look like an extremely large substitution

• would need table of 264 entries for a 64-bit block

• arbitrary reversible substitution cipher for a large block size is not practical

– 64-bit general substitution block cipher, key size 264!

• most symmetric block ciphers are based on a Feistel Cipher Structure

• needed since must be able to decrypt cipher text to recover messages

efficiently.
Data Encryption Standard (DES)

• encrypts 64-bit data using 56-bit key

Since DES is based on the Feistel Cipher, all that is required to specify DES is −

 Round function

 Key schedule

 Any additional processing − Initial and final permutation

Initial and Final Permutation

 The initial and final permutations are straight Permutation boxes (P-boxes)
that are inverses of each other. They have no cryptography significance in
DES.

Round Function

 The heart of this cipher is the DES function, f. The DES function applies a 48-
bit key to the rightmost 32 bits to produce a 32-bit output.

 uses two 32-bit L & R halvesas for any Feistel cipher can describe as:
 o Li= Ri–1

o Ri= Li–1 xor F(Ri–1, Ki)

 takes 32-bit R half and 48-bit subkey and expands R to 48-bits using
Expansion Permutation E and adds to subkey.

 passes through 8 S-boxes to get 32-bit result

 finally permutes this using 32-bit Permutation Function P

Initial Permutation IP

• first step of the data computation

• IP reorders the input data bits

Substitution Boxes S
 • Each S-Box maps 6 to 4 bits

– outer bits 1 & 6 (row bits) select the row

– inner bits 2-5 (col bits) select the column

– For example, in S1, for input 011001,

• the row is 01 (row 1)

• the column is 1100 (column 12).

• The value in row 1, column 12 is 9

• The output is 1001.

• result is 8 X 4 bits, or 32 bits

DES Key Schedule

• forms subkeys used in each round

1. initial permutation of the key.

2. divide the 56-bits in two 28-bit halves

3. at each round
 – 3.1. Left shift each half (28bits) separately either 1 or 2 places based on
the left shift schedule.

• Shifted values will be input for next round

– 3.2. Combine two halfs to 56 bits, permuting them for use in function f

The DES satisfies both the desired properties of block cipher. These two properties
make cipher very strong.

 Avalanche effect − A small change in plaintext results in the very great change
in the cipher text.

 Completeness − Each bit of cipher text depends on many bits of plaintext.

During the last few years, cryptanalysis have found some weaknesses in DES when
key selected are weak keys. These keys shall be avoided.

DES has proved to be a very well designed block cipher. There have been no
significant cryptanalytic attacks on DES other than exhaustive key search.

Strength of DES
1. Key Size

 56-bit keys have 256 = 7.2 x 1016 values

 brute force search looks hard

 recent advances have shown is possible

o in 1997 on Internet in a few months

o in 1998 on dedicated hardware (EFF) in a few days

o in 1999 above combined in 22hrs!

 still must be able to recognize plaintext

 now considering alternatives to DES

2. Timing Attacks

 Attacks actual implementation of cipher.

 Use knowledge of consequences of implementation to derive knowledge of

some/all subkey bits.

 Specifically use fact that calculations can take varying times depending on the
value of the inputs to it.

3. Analytic Attacks

 now have several analytic attacks on DES

 these utilise some deep structure of the cipher

o by gathering information about encryptions

o can eventually recover some/all of the sub-key bits

o if necessary then exhaustively search for the rest

 generally these are statistical attacks include:

o differential cryptanalysis

o linear cryptanalysis

o related key attacks

Differential Cryptanalysis

• a statistical attack against Feistel ciphers

 • uses cipher structure not previously used

• design of S-P networks has output of function f influenced by both input & key

• hence cannot trace values back through cipher without knowing values of the
key

• Differential Cryptanalysis compares two related pairs of encryptions

Linear Cryptanalysis

• another recent development

• also a statistical method

• based on finding linear approximations to model the transformation of DES

• can attack DES with 247 known plaintexts, still in practise infeasible

Block Cipher Design Principles

• basic principles still like Feistel in 1970’s

• number of rounds

– more is better, exhaustive search best attack

• function f:

– provides “confusion”, is nonlinear, avalanche

• key schedule

– complex subkey creation, key avalanche

Modes of Operation

• block ciphers encrypt fixed size blocks

• e.g. DES encrypts 64-bit blocks, with 56-bit key

• need way to use in practice, given usually have arbitrary amount of information
to encrypt

• four were defined for DES in ANSI standard ANSI X3.106-1983 Modes of Use

• subsequently now have 5 for DES and AES

• have block and stream modes

1. Electronic Codebook Book (ECB)

 message is broken into independent blocks which are encrypted

 each block is a value which is substituted, like a codebook, hence name

 each block is encoded independently of the other blocks

Ci = DESK1 (Pi)

 uses: secure transmission of single values

Advantages and Limitations of ECB

• repetitions in message may show in cipher text

– if aligned with message block

– particularly with data such as graphics

– or with messages that change very little, which become a code-

book analysis problem

• weakness due to encrypted message blocks being independent

• main use is sending a few blocks of data

2. Cipher Block Chaining (CBC)

 message is broken into blocks

 but these are linked together in the encryption operation

 each previous cipher blocks is chained with current plaintext block,

hence name
  use Initial Vector (IV) to start process

o Ci = DESK1(Pi XOR Ci-1)

o C-1 = IV

 uses: bulk data encryption, authentication

Advantages and Limitations of CBC

Advantages and Limitations of CBC

• each ciphertext block depends on all message blocks

• thus a change in the message affects all ciphertext blocks after the change as
well as the original block

• need Initial Value (IV) known to sender & receiver

– however if IV is sent in the clear, an attacker can change bits of the first
block, and change IV to compensate

– hence either IV must be a fixed value or it must be sent encrypted in ECB

mode before rest of message

• at end of message, handle possible last short block

– by padding either with known non-data value (eg nulls)

– or pad last block with count of pad size

 • eg. [ b1 b2 b3 0 0 0 0 5] <- 3 data bytes, then 5 bytes pad+count

Cipher FeedBack (CFB)

• message is treated as a stream of bits

• added to the output of the block cipher

• result is feed back for next stage (hence name)

• standard allows any number of bit (1,8 or 64 or whatever) to be feed back

– denoted CFB-1, CFB-8, CFB-64 etc

• is most efficient to use all 64 bits (CFB-64)

Ci = Pi XOR DESK1(Ci-1)

C-1 = IV

• uses: stream data encryption, authentication

Advantages and Limitations of CFB

• appropriate when data arrives in bits/bytes

• most common stream mode

• limitation is need to stall while do block encryption after every n-bits

• note that the block cipher is used in encryption mode at both ends

• errors propagate for several blocks after the error

Output FeedBack (OFB)

• message is treated as a stream of bits

• output of cipher is added to message

• output is then feed back (hence name)

• feedback is independent of message

• can be computed in advance

Ci = Pi XOR Oi

Oi = DESK1(Oi-1)

O-1 = IV
 • uses: stream encryption over noisy channels

Advantages and Limitations of OFB

• used when error feedback a problem or where need to encryptions before

message is available

• superficially similar to CFB

• but feedback is from the output of cipher and is independent of message

• a variation of a Vernam cipher

– hence must never reuse the same sequence (key+IV)

• sender and receiver must remain in sync, and some recovery method is needed
to ensure this occurs

• originally specified with m-bit feedback in the standards

• subsequent research has shown that only OFB-64 should ever be used

Counter (CTR)

• a “new” mode, though proposed early on

• similar to OFB but encrypts counter value rather than any feedback value

• must have a different key & counter value for every plaintext block (never
reused)

Ci = Pi XOR Oi

Oi = DESK1(i)

• uses: high-speed network encryptions

Advantages and Limitations of CTR

• efficiency

– can do parallel encryptions

– in advance of need

– good for bursty high speed links

• random access to encrypted data blocks

• provable security (good as other modes)

– but must ensure never reuse key/counter values, otherwise could

break (cf OFB).