Data Encryption Techniques And

Standards

R S Jamgekar
 Syllabus
Introduction, Encryption Methods: Symmetric, Asymmetric,
Cryptography, Substitution Ciphers. Transposition Ciphers,
Stegnography applications and limitations, Block Ciphers
and methods of operations, Feistal Cipher, Data Encryption
Standard (DES), Triple DES, DES Design Criteria, Weak Keys
in DES Algorithms, Advance Encryption Standard (AES).
Overview
 Cryptographic algorithms and protocols

 Symmetric encryption-

 Protects contents of data of any size.

 Asymmetric encryption-

 Used to protect small blocks of data.

 Data integrity algorithms-

 Used to protect blocks of data from alteration.

 Authentication protocols-

 designed to authenticate the identity of entities.

Requirements of conventional encryption
 strong encryption algorithm

 Sender and receiver must have obtained copies of the secret

key in a secure fashion

Symmetric key cryptography
 It is also called as private/ secrete/ traditional / single
key cryptography
 It uses one key shared by both sender and receiver

 If this key is disclosed communications are

compromised
 It is also called as is symmetric, parties are equal hence
does not protect sender from receiver forging a message
& claiming is sent by sender
Model of Symmetric Cryptosystem
Model of Symmetric Cryptosystem
 plaintext

X = [X1, X2, .......... , XM]

 Encryption key

K = [K1, K2, .......... , KJ]

 Cipher text

Y = [Y1, Y2, ……….. , YN]

 Y = E(K, X)

 X = D(K, Y)
Characteristics of cryptographic system
 The type of operations used for transforming plaintext to

ciphertext.

 The number of keys used.

 The way in which the plaintext is processed.

 Cryptanalysis and Brute-Force Attack

 Objective of cryptanalysis is to recover key not just message

 Cryptanalysis:

 Rely on knowledge of the general characteristics of the

plaintext
 Rely on plaintext–ciphertext pairs

 Brute-force attack:

 The attacker tries every possible key on a piece of ciphertext

 Brute Force Search
 always possible to simply try every key

 most basic attack, exponential in key length

 assume either know / recognise plaintext

 Asymmetric Key Cryptography
 Asymmetric encryption is a form of cryptosystem in which
encryption and decryption are performed using the different
keys—one a public key and one a private key. It is also known as
public-key encryption.
 Asymmetric encryption can be used for confidentiality,
authentication, or both.
 In symmetric cryptography same key is used for encryption and
decryption. if this key is disclosed communications are
compromised.
 It is also called as two key cryptography.
Asymmetric key cryptography
Asymmetric key cryptography
Components of asymmetric key cryptography
 Plaintext: Input text or input data.

 Encryption algorithm: The encryption algorithm performs

various transformations on the plaintext.

 Public and private keys: This is a pair of keys that have been

selected so that if one is used for encryption, the other is used for
decryption.

 Cipher text: This is the scrambled message produced as output. It

depends on the plaintext and the key.

 Decryption algorithm: This algorithm accepts the cipher text and

the matching key and produces the original plaintext.

 The essential steps are the following
1. Each user generates a pair of keys to be used for the
encryption and decryption of messages.
2. Each user places one of the two keys in a public register or
other accessible file.
3. If Bob wishes to send a confidential message to Alice, Bob
encrypts the message using Alice’s public key.
4. When Alice receives the message, she decrypts it using her
private key. No other recipient can decrypt the message
because only Alice knows Alice’s private key.
Encryption techniques

 Substitution Method

 Transposition Method
SUBSTITUTION TECHNIQUES
 Substitution technique is one in which the letters of plaintext are replaced

by other letters or by numbers or symbols.

 If the plaintext is viewed as a sequence of bits, then substitution involves

replacing plaintext bit patterns with cipher text bit patterns.

 This method is invented by Julius Caesar hence cipher also called as

Caesar cipher
 Plain & cipher:

a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V WX Y Z A B C

 plain: meet me after the toga party

 cipher: PHHW PH DIWHU WKH WRJD SDUWB
Transposition Techniques
 Substitution method uses replacement of character by
character or specific pattern by other pattern.
 Only 26 characters are available.

 A very different kind of mapping is achieved by

performing some sort of permutation on the plaintext
letters.
 mematrhtgpry

 etefeteoaat
Transposition Techniques
Steganography
 Steganography is the practice of concealing a file, message,
image, or video within another file.
 Steganography is the art and science of invisible
communication.
 Various techniques of steganography are

 Character marking:

 Invisible ink

 Pin punctures

 Typewriter correction ribbon

Types of Steganography
Advantages and limitations of
Steganography
 Simple techniques of encryption and decryption.

 This method featured security, capacity, and robustness.

 Drawbacks:

 Limited size data can be encrypted.

 Lots of overhead is required to hide the data.

 Once the system is discovered the mechanism becomes

worthless.
Steganography
Steganography
BLOCK CIPHER PRINCIPLES
 A block cipher operates on a plaintext block of n bits to

produce a cipher-text block of n bits. There are 2n possible

different plaintext blocks and, for encryption to be
reversible, each must produce a unique cipher-text block.
Such a transformation is called reversible, or nonsingular.
BLOCK VS STREAM CIPHER
The Feistel Cipher

 Feistel ciphers are a special class of iterated block ciphers

where the cipher-text is calculated from the plaintext by
repeated application of the same transformation or round
function.
 Feistel proposed the use of a cipher that alternates
substitutions and permutations
 Substitution
 Permutation
 Permutation
 Permutations are the different ways in which a collection of items
can be arranged.
 The different ways in which the alphabets A, B and C can be
grouped together, taken all at a time, are ABC, ACB, BCA, CBA, CAB,
BAC.
 Note that ABC and CBA are not same as the order of arrangement
is different. The same rule applies while solving any problem in
Permutations.
 The number of ways in which n things can be arranged, taken all
at a time, nPn = n!, called ‘n factorial.’
 Permutation
 The word ‘INDIA’ contains 5 letters and ‘I’ comes twice.

 When a letter occurs more than once in a word, we divide

the factorial of the number of all letters in the word by the

number of occurrences of each letter.

 Therefore, the number of words formed by ‘INDIA’ = 5!/2! =

60.
DIFFUSION AND CONFUSION

 Introduced by Claude Shannon

 cipher needs to completely obscure statistical properties of

original message

 diffusion – dissipates statistical structure of plaintext over

bulk of cipher-text

 confusion – makes relationship between cipher-text and

key as complex as possible

Feistel Cipher Structure
 Horst Feistel devised the feistel cipher

 based on concept of invertible product cipher

 partitions input block into two halves

 process through multiple rounds which

 perform a substitution on left data half

 based on round function of right half & subkey

 then have permutation swapping halves

 implements Shannon’s S-P net concept

Data Encryption standard
 Most widely used block cipher in the world.
 Adopted by NIST in 1977.
 Based on the Feistel cipher structure with 16 rounds of
processing.
 Block = 64 bits
 Key = 56 bits
 To achieve high degree of diffusion and confusion.
 Diffusion: making each plaintext bit affect as many cipher-text
bits as possible.
 Confusion: making the relationship between the encryption
key and the cipher-text as complex as possible.
Encryption (Round)
(Key Generation)

[1]
The F function of DES
 P-Box (Permutation Box)

48-bit input

S-Box 1 S-Box 2 S-Box 3 S-Box 4 S-Box 5 S-Box 6 S-Box 7 S-Box 8

32-bit output
 Box S1

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
1 0 15 7 4 14 2 13 1 10 6 12 11 6 5 3 8
2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

• For example, S1(101010) = 6 = 0110.

36
 Avalanche Effect
 Avalanche effect:

 A small change in the plaintext or in the key results in a

significant change in the cipher-text.

 an evidence of high degree of diffusion and confusion

 a desirable property of any encryption algorithm

 DES exhibits a strong avalanche effect

 Changing 1 bit in the plaintext affects 34 bits in the

ciphertext on average.
 1-bit change in the key affects 35 bits in the ciphertext on

average.
 Attacks on DES
 Brute-force key search
 Needs only two plaintext-ciphertext samples
 Trying 1 key per microsecond would take 1000+ years on average, due to
the large key space size, 256 ≈ 7.2×1016.

 Differential cryptanalysis
 Possible to find a key with 247 plaintext-ciphertext samples
 Known-plaintext attack

 Liner cryptanalysis:
 Possible to find a key with 243 plaintext-ciphertext samples
 Known-plaintext attack

38
Modes of operations
 Electronic Codebook (ECB)

 Cipher-Block Chaining (CBC)

 Cipher Feedback (CFB)

 Output Feedback (OFB)

 Counter (CTR)
 Electronic Codebook (ECB)
 Enciphering.
 Input:
 k-bit key K
 n-bit plaintext blocks M = M1M2 . . . Mt
 Algorithm:
 Cj = EK(Mj)
 Output
 n-bit cipher-text blocks C = C1C2 . . . Ct
 Deciphering
 Input:
 k-bit key K
 n-bit cipher-text blocks C = C1C2 . . . Ct
 Algorithm:
 Mj = DK(Cj).
Electronic Codebook (ECB)
 Properties:

 Identical plaintext. The same plaintext block always maps to

the same cipher-text block
 Chaining dependencies. Reordering the plaintext blocks
induces a reordering of the same cipher-text blocks.
 Error propagation. An error in a cipher-text block results in
a deciphering error only in the corresponding plaintext
block.
Cipher Block Chaining Mode (CBC)
 Before encryption a block of the plaintext is XOR’ed with the result
of encryption of the previous block Enciphering.
 Input:

 k-bit key K

 n-bit initialization vector C0

 n-bit plaintext blocks M = M1M2 . . . Mt

 Algorithm:

 Cj = E K (Cj−1 ⊕ Mj)

 Output:

 n-bit cipher-text blocks C = C0C1 . . . Ct

 Cipher Block Chaining Mode (CBC)
 Deciphering.

 Input:

 k-bit key K

 n-bit cipher-text blocks C = C0C1 . . . Ct

 Algorithm:

 Mj = Cj−1 ⊕ DK(Cj).

 Output:

 n-bit plaintext blocks M = M1M2 . . . Mt

Cipher Block Chaining Mode (CBC)
 Cipher Feedback Mode (CFB)
 Cipher feedback mode allows one to process blocks of size r < n at
a time. The typical value for r is 1, while n may be of size 64, using
DES.
 Enciphering.
 Input:
 k-bit key K
 n-bit initialization vector I1
 r-bit plaintext blocks M = M1M2 . . . Mt

 Algorithm:
 Cj = Mj ⊕ Lr(EK(Ij))
 Ij+1 = Rn−r(Ij )|| Cj

 Deciphering
 Mj = Cj ⊕ Lr(EK(Ij))
Cipher Feedback mode
Output Feedback Mode (OFB)
 Error propagation is avoided.

 Key stream is produced independently.

 Enciphering.

 Input:

 k-bit key K

 n-bit initialization vector

 r-bit plaintext blocks M = M1M2 . . . Mt

 Algorithm:

 Ij = EK(Ij−1)

 Cj = Mj ⊕ Lr(Ij)

 Deciphering : Mj = Cj ⊕ Lr(Ij)
Counter
Multiple encryption
 Multiple encryption is a technique in which an encryption
algorithm is used multiple times. In the first instance,
plaintext is converted to ciphertext using the encryption
algorithm. This ciphertext is then used as input and the
algorithm is applied again. This process may be repeated
through any number of stages.
 Triple DES makes use of three stages of the DES algorithm,
using a total of two or three distinct keys.
 Five modes of operation have been standardized by NIST for
use with symmetric block ciphers such as DES
TRIPLE DES
 Given the potential vulnerability of DES to a brute-force attack, there
has been considerable interest in finding an alternative.
 One approach is to design a completely new algorithm, of which AES
is a prime example or modify existing one DES.
 Double DES

 Two encryption stages

 Two keys

 Encryption

 C = E(K2, E(K1, P))

 Decryption

 P = D(K1, D(K2, C))

Double DES
 MEET-IN-THE-MIDDLE ATTACK
 Use of double DES requires mapping of blocks.

 C = E(K2, E(K1, P))

 and

 X = E(K1, P) = D(K2, C)
 Triple DES
 Use three stages of encryption with three different keys.

 Requiring a key length of 56 * 3 = 168 bits

 Tuchman proposed a triple encryption that uses only 2 keys

 C = E(K1, D(K2, E(K1, P)))

 P = D(K1, E(K2, D(K1, C))) is similar to

 C = E(K1, D(K1, E(K1, P))) = E(K1, P)

 P = D(K1, E(K1, D(K1, C))) = D(K1, C)

 Cost of a brute-force key search on 3DES is on the order of

2112 ≈ (5 * 1033)
Triple DES

 C = E(K3, D(K2, E(K1, P)))

 A number of Internet-based applications have adopted three-

key 3DES, including PGP and S/MIME

ADVANCED ENCRYPTION STANDARD
 AES is a block cipher intended to replace DES for commercial
applications.
 AES is a symmetric block cipher

 It uses a 128-bit block size and a key size of 128, 192, or 256 bits.

 AES does not use a Feistel structure.

 four separate functions

 byte substitution,
 permutation,
 arithmetic operations over a finite field
 XOR with a key.
FINITE FIELD ARITHMETIC
 In AES, all operations are performed on 8-bit bytes.

 Arithmetic operations of addition, multiplication, and

division are performed over the finite field.

 Involve arithmetic operations on integers

 Arithmetic follows the ordinary rules of polynomial

arithmetic
 AES STRUCTURE
 The cipher takes a plaintext block size of 128 bits, or 16 bytes.

 The cipher takes a plaintext block size of 128 bits, or 16 bytes.

 The key length can be 16, 24, or 32 bytes (128, 192, or 256 bits).

 The algorithm is referred to as AES-128, AES-192, or

AES-256, depending on the key length.

 The cipher consists of rounds, where the number of rounds

depends on the key length.

Fiestel network