modern symmetric key cipher

MODERN SYMMETRIC KEY CIPHER

Ms. Sharmistha Roy

Assistant Professor, School of Computer Engineering

KIIT University

Two key aspects of cryptographic algorithms are:

Algorithm Types: defines what size of plain text should be encrypted in each step of the algorithm.

Algorithm modes: defines the details of the cryptographic algorithm, once the type is decided.

Symmetric Key Algorithm Types and Modes

The generation of cipher text from plain text itself can be done in two basic ways:

Stream Ciphers: it involves the encryption & decryption of one plain text character (such as a bit/byte) at a time.

Let us consider a plain text PT= Pay 100 (in ASCII format/ text format). Let us assume that the binary value is 01011100

Let us consider a key 10010101. Let us assume that we apply XOR operation as the

encryption algorithm. So the cipher text will be 01011100 + 10010101 = 11001001

(in binary) and ZTU91^% (in text).

Algorithm Types

Block Ciphers: in Block ciphers, rather than encrypting one byte at a time, a block of bytes is encrypted at one go.

A single key is used to encrypt the whole block even if the key is made of multiple values.

During decryption also each block would be translated back to the original form.

For e.g. PT= FOUR_AND_FOUR. Using Block cipher, FOUR will be encrypted first, followed by _AND_ and finally FOUR.

An obvious problem with block cipher is repeating text. For repeating text patterns, the same cipher is generated. A solution to this problem is to use of chaining mode.

Practically, the blocks used in block cipher generally contain 64 bits or more.

Since, stream ciphers encrypt only one byte at a time, so it is very time consuming & is unnecessary in real life.

Algorithm Types

A symmetric-key modern block cipher encrypts an n-bit block of plaintext or decrypts an n-bit block of cipher text. The encryption or decryption algorithm uses a k-bit key.

A modern block cipher can be designed to act as a substitution cipher or a transposition cipher

Modern Block Ciphers

n- bit plain text n- bit plain text

Encryption Decryption

n- bit cipher text n- bit cipher text

k-bit key

Modern Block Ciphers: Modern block ciphers normally are keyed substitution ciphers in which the key allows only partial mappings from the possible inputs to the possible outputs.

It is one of the most widely used types of cryptographic algorithms which provide encryption of quantities of information, and/or a cryptographic checksum to ensure the contents have not been altered.

It provide secrecy /authentication servicesWe continue to use block ciphers because they are

comparatively fast, and because we know a fair amount about how to design them.

Modern Block Ciphers

P-Box: Permutation box parallels the traditional transposition cipher for characters.

It transposes bits. There are three types of P-Box:

Straight P-BoxCompression P-BoxExpansion P-Box

Components of a Modern Block Cipher

Invertibility: A straight P-box can be used in the encryption cipher & its inverse in the decryption cipher.

A straight P-box is invertible, but compression & expansion P-boxes are not.


S-Box: An S-box (substitution box) can be thought of as a miniature substitution cipher.

Modern block ciphers normally use keyless S-Boxes. An S-box is an m × n substitution unit, where m and n are not

necessarily the same. Eg:- for input x1, x2, x3, …. Xn and output y1, y2, y3, …. Ym, the

relation between them can be represented as a set of equations

y1 = f1 (x1, x2, x3, …. Xn )

y2 = f2 (x1, x2, x3, …. Xn )

……

ym = fm (x1, x2, x3, …. Xn )

An S-Box may or may not be invertible. In an invertible S-box, the number of input bits should be the same as the number of output bits.


S-Box: The following table defines the input/output relationship for an S-box of size 3 × 3. The leftmost bit of the input defines the row; the two rightmost bits of the input define the column. The three output bits are values on the cross section of the selected row and column.

Based on the table, an input of 010 yields the output 111. An input of 101 yields the output of 010.

Now in the decryption table, the input of 111 will give the output 010.


Exclusive- OR: XOR is reversible:- when used twice, it produces the original value.


Circular-shift: Shifting can be to the left or to the right. Circular left shift operation shifts each bit in an n-bit word k

positions to the left. Circular right shift operation shifts each bit in an n-bit word k

positions to the right


Figure : Circular shifting an 8-bit word to the left or right

Split & Combine: Two other operations found in some block ciphers are split and combine.


Figure : Split and combine operations on an 8-bit word

Swap: The swap operation is a special case of the circular shift operation where k = n/2.


Figure : Swap operation on an 8-bit word

A product cipher is a complex cipher combining substitution, permutation, and other components discussed in previous sections.

Shannon introduced the concept of a product cipher. Diffusion: The idea of diffusion is to hide the relationship

between the cipher text and the plaintext. If a single symbol in the PT is changed, several or all symbols in

the CT will also be changed. Confusion: The idea of confusion is to hide the relationship

between the cipher text and the key. If a single bit in the key is changed, most or all bits in CT will also

be changed. Rounds: Diffusion and confusion can be achieved using iterated

product ciphers where each iteration is a combination of S-boxes, P-boxes, and other components. .

Product Ciphers

Non-Feistel Ciphers: it uses S-Box, P-Box, XOR operation. Also called Substitution-Permutation Network. Example: AES

Classes of Product Ciphers

Feistel Ciphers: Uses Split & Combine, Swap, XOR, Circular Shift operation. Example: DES

Classes of Product Ciphers

An algorithm mode is a combination of a series of the basic algorithm steps on block cipher and some kind of feedback from the previous step.

Algorithm Modes

Algorithm Modes

Electronic Code Block (ECB)

Cipher Block Chaining (CBC)

Cipher Feedback (CFB)

Output Feedback (OFB)

These two modes work on block ciphers

These two modes work on block ciphers acting as

stream ciphers

The simplest mode of operation is called the ECB mode. Here incoming plain text message is divided into blocks of 64 bits

each. Each block is encrypted independently. For all blocks in a message, the same key is used for encryption.

Here E: Encryption; K: Secret key; Pi: Plain text; D: Decryption; Ci : Cipher text

Electronic Code Block

In ECB, a PT block always produces the same CT block, which provides some clue to a cryptanalyst.

In CBC mode, each plaintext block is XORed with the previous cipher text block before being encrypted.

Feedback mechanism is used by chaining, in order to produce two different cipher text blocks for two identical plain text block.

Initialization Vector(IV): IV should be known by the sender & the receiver. It should be agreed upon by sender & receiver when the secret key

is established. It can be part of the secret key

Cipher Block Chaining Mode

Here E: Encryption; K: Secret key; Pi: Plain text; D: Decryption; Ci : Cipher text; IV: Initial Vector (C0)

Cipher Block Chaining Mode

ECB & CBC modes encrypt and decrypt blocks of the message. The block size, n, is predetermined by the underlying cipher. Ex: n=64.

In some situations, we need to use DES or AES as secure ciphers, but the plaintext or cipher text block sizes are to be smaller

E: Encryption; K: Secret key; Pi: Plain text; D: Decryption; Ci : Cipher text; IV: Initial Vector (C0); Si: Shift register; Ti: Temporary register

Cipher Feedback Mode

CFB as Stream Cipher

In this mode each bit in the cipher text is independent of the previous bit or bits. This avoids error propagation.

E: Encryption; K: Secret key; Pi: Plain text; D: Decryption; Ci : Cipher text; IV: Initial Vector (C0); Si: Shift register; Ti: Temporary register

Output Feedback Mode

OFB as Stream Cipher

In the counter (CTR) mode, there is no feedback. It uses sequence numbers called as counters as the inputs to the

algorithm. After each block is encrypted, to fill the register, the next counter

value is used. A n- bit counter is initialized to a predetermined value(IV) and

increment based on a predefined rule. The size of the counter block is the same as that of the plain text

block. Counter is incremented for each block. For encryption, counter is encrypted and then XORed with the

plain text block to get the cipher text.

Counter Mode

E: Encryption; K: Secret key; Pi: Plain text; Ci : Cipher text; IV: Initial Vector; ki : Encryption key

Counter Mode

CTR as Stream Cipher

modern symmetric key cipher

Documents