modern symmetric key cipher
DESCRIPTION
comp securityTRANSCRIPT
MODERN SYMMETRIC KEY CIPHER
Ms. Sharmistha Roy
Assistant Professor, School of Computer Engineering
KIIT University
Two key aspects of cryptographic algorithms are:
Algorithm Types: defines what size of plain text should be encrypted in each step of the algorithm.
Algorithm modes: defines the details of the cryptographic algorithm, once the type is decided.
Symmetric Key Algorithm Types and Modes
The generation of cipher text from plain text itself can be done in two basic ways:
Stream Ciphers: it involves the encryption & decryption of one plain text character (such as a bit/byte) at a time.
Let us consider a plain text PT= Pay 100 (in ASCII format/ text format). Let us assume that the binary value is 01011100
Let us consider a key 10010101. Let us assume that we apply XOR operation as the
encryption algorithm. So the cipher text will be 01011100 + 10010101 = 11001001
(in binary) and ZTU91^% (in text).
Algorithm Types
Block Ciphers: in Block ciphers, rather than encrypting one byte at a time, a block of bytes is encrypted at one go.
A single key is used to encrypt the whole block even if the key is made of multiple values.
During decryption also each block would be translated back to the original form.
For e.g. PT= FOUR_AND_FOUR. Using Block cipher, FOUR will be encrypted first, followed by _AND_ and finally FOUR.
An obvious problem with block cipher is repeating text. For repeating text patterns, the same cipher is generated. A solution to this problem is to use of chaining mode.
Practically, the blocks used in block cipher generally contain 64 bits or more.
Since, stream ciphers encrypt only one byte at a time, so it is very time consuming & is unnecessary in real life.
Algorithm Types
A symmetric-key modern block cipher encrypts an n-bit block of plaintext or decrypts an n-bit block of cipher text. The encryption or decryption algorithm uses a k-bit key.
A modern block cipher can be designed to act as a substitution cipher or a transposition cipher
Modern Block Ciphers
n- bit plain text n- bit plain text
Encryption Decryption
n- bit cipher text n- bit cipher text
k-bit key
Modern Block Ciphers: Modern block ciphers normally are keyed substitution ciphers in which the key allows only partial mappings from the possible inputs to the possible outputs.
It is one of the most widely used types of cryptographic algorithms which provide encryption of quantities of information, and/or a cryptographic checksum to ensure the contents have not been altered.
It provide secrecy /authentication servicesWe continue to use block ciphers because they are
comparatively fast, and because we know a fair amount about how to design them.
Modern Block Ciphers
P-Box: Permutation box parallels the traditional transposition cipher for characters.
It transposes bits. There are three types of P-Box:
Straight P-BoxCompression P-BoxExpansion P-Box
Components of a Modern Block Cipher
Invertibility: A straight P-box can be used in the encryption cipher & its inverse in the decryption cipher.
A straight P-box is invertible, but compression & expansion P-boxes are not.
Components of a Modern Block Cipher
S-Box: An S-box (substitution box) can be thought of as a miniature substitution cipher.
Modern block ciphers normally use keyless S-Boxes. An S-box is an m × n substitution unit, where m and n are not
necessarily the same. Eg:- for input x1, x2, x3, …. Xn and output y1, y2, y3, …. Ym, the
relation between them can be represented as a set of equations
y1 = f1 (x1, x2, x3, …. Xn )
y2 = f2 (x1, x2, x3, …. Xn )
……
ym = fm (x1, x2, x3, …. Xn )
An S-Box may or may not be invertible. In an invertible S-box, the number of input bits should be the same as the number of output bits.
Components of a Modern Block Cipher
S-Box: The following table defines the input/output relationship for an S-box of size 3 × 3. The leftmost bit of the input defines the row; the two rightmost bits of the input define the column. The three output bits are values on the cross section of the selected row and column.
Based on the table, an input of 010 yields the output 111. An input of 101 yields the output of 010.
Now in the decryption table, the input of 111 will give the output 010.
Components of a Modern Block Cipher
Exclusive- OR: XOR is reversible:- when used twice, it produces the original value.
Components of a Modern Block Cipher
Circular-shift: Shifting can be to the left or to the right. Circular left shift operation shifts each bit in an n-bit word k
positions to the left. Circular right shift operation shifts each bit in an n-bit word k
positions to the right
Components of a Modern Block Cipher
Figure : Circular shifting an 8-bit word to the left or right
Split & Combine: Two other operations found in some block ciphers are split and combine.
Components of a Modern Block Cipher
Figure : Split and combine operations on an 8-bit word
Swap: The swap operation is a special case of the circular shift operation where k = n/2.
Components of a Modern Block Cipher
Figure : Swap operation on an 8-bit word
A product cipher is a complex cipher combining substitution, permutation, and other components discussed in previous sections.
Shannon introduced the concept of a product cipher. Diffusion: The idea of diffusion is to hide the relationship
between the cipher text and the plaintext. If a single symbol in the PT is changed, several or all symbols in
the CT will also be changed. Confusion: The idea of confusion is to hide the relationship
between the cipher text and the key. If a single bit in the key is changed, most or all bits in CT will also
be changed. Rounds: Diffusion and confusion can be achieved using iterated
product ciphers where each iteration is a combination of S-boxes, P-boxes, and other components. .
Product Ciphers
Non-Feistel Ciphers: it uses S-Box, P-Box, XOR operation. Also called Substitution-Permutation Network. Example: AES
Classes of Product Ciphers
Feistel Ciphers: Uses Split & Combine, Swap, XOR, Circular Shift operation. Example: DES
Classes of Product Ciphers
An algorithm mode is a combination of a series of the basic algorithm steps on block cipher and some kind of feedback from the previous step.
Algorithm Modes
Algorithm Modes
Electronic Code Block (ECB)
Cipher Block Chaining (CBC)
Cipher Feedback (CFB)
Output Feedback (OFB)
These two modes work on block ciphers
These two modes work on block ciphers acting as
stream ciphers
The simplest mode of operation is called the ECB mode. Here incoming plain text message is divided into blocks of 64 bits
each. Each block is encrypted independently. For all blocks in a message, the same key is used for encryption.
Here E: Encryption; K: Secret key; Pi: Plain text; D: Decryption; Ci : Cipher text
Electronic Code Block
In ECB, a PT block always produces the same CT block, which provides some clue to a cryptanalyst.
In CBC mode, each plaintext block is XORed with the previous cipher text block before being encrypted.
Feedback mechanism is used by chaining, in order to produce two different cipher text blocks for two identical plain text block.
Initialization Vector(IV): IV should be known by the sender & the receiver. It should be agreed upon by sender & receiver when the secret key
is established. It can be part of the secret key
Cipher Block Chaining Mode
Here E: Encryption; K: Secret key; Pi: Plain text; D: Decryption; Ci : Cipher text; IV: Initial Vector (C0)
Cipher Block Chaining Mode
ECB & CBC modes encrypt and decrypt blocks of the message. The block size, n, is predetermined by the underlying cipher. Ex: n=64.
In some situations, we need to use DES or AES as secure ciphers, but the plaintext or cipher text block sizes are to be smaller
E: Encryption; K: Secret key; Pi: Plain text; D: Decryption; Ci : Cipher text; IV: Initial Vector (C0); Si: Shift register; Ti: Temporary register
Cipher Feedback Mode
CFB as Stream Cipher
In this mode each bit in the cipher text is independent of the previous bit or bits. This avoids error propagation.
E: Encryption; K: Secret key; Pi: Plain text; D: Decryption; Ci : Cipher text; IV: Initial Vector (C0); Si: Shift register; Ti: Temporary register
Output Feedback Mode
OFB as Stream Cipher
In the counter (CTR) mode, there is no feedback. It uses sequence numbers called as counters as the inputs to the
algorithm. After each block is encrypted, to fill the register, the next counter
value is used. A n- bit counter is initialized to a predetermined value(IV) and
increment based on a predefined rule. The size of the counter block is the same as that of the plain text
block. Counter is incremented for each block. For encryption, counter is encrypted and then XORed with the
plain text block to get the cipher text.
Counter Mode
E: Encryption; K: Secret key; Pi: Plain text; Ci : Cipher text; IV: Initial Vector; ki : Encryption key
Counter Mode
CTR as Stream Cipher