Cryptography

and Network
Security
Sixth Edition
by William Stallings
 Chapter 3
Block Ciphers and the Data
Encryption Standard
“All the afternoon Mungo had been working on
Stern's code, principally with the aid of the latest
messages which he had copied down at the Nevin
Square drop. Stern was very confident. He must be
well aware London Central knew about that drop. It
was obvious that they didn't care how often Mungo
read their messages, so confident were they in the
impenetrability of the code.”
—Talking to Strange Men,
Ruth Rendell
 Stream Cipher
For practical reasons the bit-
In the ideal case a one-time
stream generator must be
pad version of the Vernam
Encrypts a digital data implemented as an
cipher would be used, in
stream one bit or one byte algorithmic procedure so
which the keystream is as
at a time that the cryptographic bit
long as the plaintext bit
stream can be produced by
stream
both users
Examples: If the cryptographic It must be
• Autokeyed Vigenère cipher keystream is random, computationally
• Vernam cipher then this cipher is impractical to predict
unbreakable by any future portions of the
means other than bit stream based on
acquiring the previous portions of
keystream the bit stream
• Keystream must be
provided to both users in
advance via some
independent and secure
channel
• This introduces The two users need
insurmountable logistical only share the
problems if the intended generating key and
data traffic is very large
each can produce the
keystream
 Block Cipher

A block of
plaintext is treated
Typically a block
as a whole and
size of 64 or 128
used to produce a
bits is used
ciphertext block of
equal length

The majority of
As with a stream network-based
cipher, the two symmetric
users share a cryptographic
symmetric applications make
encryption key use of block
ciphers
Stream Cipher and
Block Cipher
 Table 3.1
Encryption and Decryption Tables for Substitution Cipher of Figure 3.2
 Feistel Cipher
• Proposed the use of a cipher that alternates
substitutions and permutations
• Each plaintext element or group of elements
Substitutions is uniquely replaced by a corresponding
ciphertext element or group of elements

• No elements are added or deleted or replaced

Permutation in the sequence, rather the order in which the
elements appear in the sequence is changed

• Is a practical application of a proposal by Claude

Shannon to develop a product cipher that alternates
confusion and diffusion functions
• Is the structure used by many significant symmetric
block ciphers currently in use
 Diffusion and Confusion
• Terms introduced by Claude Shannon to capture the
two basic building blocks for any cryptographic system
• Shannon’s concern was to thwart cryptanalysis based
on statistical analysis

Diffusion
• The statistical structure of the plaintext is dissipated into long-range statistics of the
ciphertext
• This is achieved by having each plaintext digit affect the value of many ciphertext
digits

Confusion
• Seeks to make the relationship between the statistics of the ciphertext and the value
of the encryption key as complex as possible
• Even if the attacker can get some handle on the statistics of the ciphertext, the way in
which the key was used to produce that ciphertext is so complex as to make it difficult
to deduce the key
Feistel Cipher
Structure
 Feistel Cipher Design
Features
• Block size
• Round function F
• Larger block sizes mean greater • Greater complexity generally
security but reduced
means greater resistance to
encryption/decryption speed for a
cryptanalysis
given algorithm
• Fast software
• Key size
encryption/decryption
• Larger key size means greater
• In many cases, encrypting is
security but may decrease
encryption/decryption speeds embedded in applications or utility
functions in such a way as to
• Number of rounds preclude a hardware
implementation; accordingly, the
• The essence of the Feistel cipher is
speed of execution of the
that a single round offers
algorithm becomes a concern
inadequate security but that
multiple rounds offer increasing • Ease of analysis
security
• If the algorithm can be concisely
• Subkey generation algorithm and clearly explained, it is easier to
• analyze that algorithm for
Greater complexity in this
cryptanalytic vulnerabilities and
algorithm should lead to greater
therefore develop a higher level of
difficulty of cryptanalysis
assurance as to its strength
Feistel Example
 Data Encryption Standard (DES)

• Issued in 1977 by the National Bureau of Standards (now

NIST) as Federal Information Processing Standard 46
• Was the most widely used encryption scheme until the
introduction of the Advanced Encryption Standard (AES)
in 2001
• Algorithm itself is referred to as the Data Encryption
Algorithm (DEA)
• Data are encrypted in 64-bit blocks using a 56-bit key
• The algorithm transforms 64-bit input in a series of steps
into a 64-bit output
• The same steps, with the same key, are used to reverse the
encryption
 DES
Encryption
Algorithm
Table 3.2

DES
Example
(Table can be found on
page 75 in textbook)

Note: DES subkeys are shown as eight 6-bit values in hex format
Table 3.3 Avalanche Effect in DES: Change in Plaintext
Table 3.4 Avalanche Effect in DES: Change in Key
 Table 3.5
Average Time Required for Exhaustive Key Search
 Strength of DES
• Timing attacks
• One in which information about the key or the
plaintext is obtained by observing how long it takes
a given implementation to perform decryptions on
various ciphertexts
• Exploits the fact that an encryption or decryption
algorithm often takes slightly different amounts of
time on different inputs
• So far it appears unlikely that this technique will
ever be successful against DES or more powerful
symmetric ciphers such as triple DES and AES
Block Cipher Design Principles:
Number of Rounds

In general, the
criterion should be
If DES had 15 or
that the number of
The greater the fewer rounds,
rounds is chosen so
number of rounds, differential
that known
the more difficult it is cryptanalysis would
cryptanalytic efforts
to perform require less effort
require greater
cryptanalysis than a brute-force
effort than a simple
key search
brute-force key
search attack
Feistel Example
 Block Cipher Design Principles:
Design of Function F
• The heart of a Feistel The algorithm should have good
block cipher is the avalanche properties
function F
• The more nonlinear F, the Bit
Strict avalanche
more difficult any type of independence
criterion (SAC)
criterion (BIC)
cryptanalysis will be
• The SAC and BIC States that any output States that output bits
j and k should change
criteria appear to bit j of an S-box should
change with probability independently when
any single input bit i is
strengthen the 1/2 when any single input
bit i is inverted for all i , j inverted for all i , j ,
effectiveness of the and k

confusion function
Block Cipher Design Principles:
Key Schedule Algorithm
• With any Feistel block cipher, the key is used to
generate one subkey for each round
• In general, we would like to select subkeys to
maximize the difficulty of deducing individual
subkeys and the difficulty of working back to the
main key
• It is suggested that, at a minimum, the key
schedule should guarantee key/ciphertext Strict
Avalanche Criterion and Bit Independence
Criterion
 Summary
• Traditional Block Cipher • The strength of DES
Structure • Use of 56-bit keys
• Stream ciphers • Nature of the DES
• Block ciphers algorithm
• Feistel cipher • Timing attacks

• The Data Encryption • Block cipher design

Standard (DES) principles
• Encryption • DES design criteria
• Decryption • Number of rounds
• Design of function F
• Avalanche effect
• Key schedule algorithm