www.studentsfocus.

com
UNIT II BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY
Data Encryption Standard-Block cipher principles-block cipher modes of operation-Advanced
Encryption Standard (AES)-Triple DES-Blowfish-RC5 algorithm. Public key cryptography:
Principles of public key cryptosystems-The RSA algorithm-Key management - Diffie Hellman
Key exchange-Elliptic curve arithmetic-Elliptic curve cryptography.
UNIT-II / PART-A
1. Brief the strengths of triple DES.
Strength of Triple DES
Key size will increase to 56 x 3 = 168 bits. Meet in the middle attack would now
require 2112 trials. This is not practical now and far into the future.
2. What is an elliptic curve ?
An elliptic curve is defined by an equation in two variables, with coefficients. For
cryptography, the variables and coefficients are restricted to elements in a finite field,
which results in the definition of a finite abelian group.

3. State the difference between private key and public key algorithm.

Public key encryption / Asymmetric Private key encryption/ Symmetric

encryption encryption
One algorithm is used for encryption and The same algorithm with the same key is
decryption with a pair of keys. used for encryption and decryption
The sender and the receiver must each have The sender and receiver must share the
one of the matched pair of keys. algorithm and the key.
One of the 2 keys must be kept secret and The key must be kept secret
the other is public.
It is impossible to decipher a message if no It is impossible to decipher a message if no
other information is available other information is available
4. Give the five modes of operation of block cipher.
ü Electronic Codebook Mode
ü Cipher Block Chaining Mode
ü Cipher Feedback Mode
ü Output Feedback Mode
ü Counter Mode
5. Give the problems in symmetric key cryptography.
ü The first problem is that of key agreement or key distribution
ü The second problem is the same key is used for encryption and decryption one key per
communication parties is required.
ü If there are n – users , total of n(n-1)/2 keys are required.

6. Write down the purpose of S-Boxes in DES.

The role of the S-boxes in the function F is that the substitution consists of a set of eight S-
boxes ,each of which accepts 6 bits as input and produces 4 bits as follows: The first and
last bits of the input to box Si form a 2-bit binary number to select one of four substitutions
defined by the four rows in the table for Si. The middle four bits select one of the sixteen
columns. For example, in S1,for input 011001,the row is 01 and the column is 1100.The
 www.studentsfocus.com
value in row 1,column 12 is 9,so the output is 1001.
7. Define Diffusion & confusion. / Difference between diffusion & confusion.
ü The process of confusion, makes the use of the key so complex, that even when an
attacker knows the statistics, it is still difficult to deduce the key.
ü Confusion can be accomplished by using a complex substitution algorithm.
ü Ex: DES
ü Diffusion means that changing a single character of the input will change many
characters of the output. ie) every part of the input affects every part of the output,
making analysis much harder. This can be accomplished by permutation.
8. Write in short about DES (data encryption standard.).
Since DES is based on the Feistel Cipher, all that is required to specify DES is −
ü Round function
ü Key schedule
ü Any additional processing − Initial and final permutation
9. Write about Block Ciphers.
A block cipher is a method of encrypting text (to produce cipher text) in which a
cryptographic key and algorithm are applied to a block of data (for example, 64
contiguous bits) at once as a group rather than to one bit at a time.
10. Write in short about (advanced encryption standard)AES.
ü AES is an iterative cipher based on ‘substitution–permutation network’.
ü It is found at least six time faster than triple DES.
ü AES performs all its computations on bytes rather than bits. Hence, AES treats the
128 bits of a plaintext block as 16 bytes.
ü These 16 bytes are arranged in four columns and four rows for processing as a matrix
ü AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for
256-bit keys.
ü Each of these rounds uses a different 128-bit round key, which is calculated from
the original AES key.
11. Write in short about triple DES.
ü Triple Data Encryption Standard (DES) is a type of computerized cryptography where
block cipher algorithms are applied three times to each data block.
ü The key size is increased in Triple DES to ensure additional security through
encryption capabilities.
ü Each block contains 64 bits of data. Three keys are referred to as bundle keys with 56
bits per key.
ü There are three keying options in data encryption standards:
1. All keys being independent
2. Key 1 and key 2 being independent keys
3. All three keys being identical
Key option #3 is known as triple DES.
The triple DES key length contains 168 bits but the key security falls to 112 bits.
12. What are the strengths of DES algorithm ?
ü Avalanche effect: a slight(a char or bit ) change in the plaintext will drastically
change the cipher text.
ü Completeness: each bit of cipher text depends upon multiple bits of plaintext.
ü It’s not a group cipher, hence DES instances can be applied many times to a plaintext.
 www.studentsfocus.com
(2DES 3DES).
ü Trying (2^56) combinations is not that easy.
13. Specify the application of public key cryptography.
ü Encryption/Decryption.
ü Digital signature.
ü Key exchange.
14. Write down the difference between Conventional encryption & Public key encryption.
ü For symmetric encryption, the same key is used to encrypt the message and to decrypt
it. This key must be random, or cryptographically generated in a way that makes it look
random.
ü For public-key encryption, instead the recipient generates two keys together, a public
encryption key and a private decryption key. The message is encrypted with the public
key, and can only be decrypted with the private key.
15. Explain the avalanche effect. / what is meant by avalanche effect in DES?
In cryptography, the avalanche effect refers to an attractive property of block ciphers and
cryptographic hash functions algorithms.
The avalanche effect is satisfied if the output changes significantly (e.g., half the output
bits flip) cause of a slight change in input (e.g., flipping a single bit).
16. What is differential cryptanalysis ?
Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block
ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest
sense, it is the study of how differences in information input can affect the resultant
difference at the output.
17. What is difference between Rijindeal & AES ?
ü AES is a specification defined by the National Institute of Standards & Technology of
the United States (NIST).
ü AES is the successor of the Data Encryption Standard (DES).
ü AES has been announced in FIPS PUB 197 on November 26, 2001. Federal Information
Processing Standards Publications (FIPS PUB) are issued by NIST after approval by the
US Secretary of Commerce.
ü Rijndael is a symmetric key encryption algorithm created by Joan Daemen and
Vincent Rijmen. It is a block cipher, with variable block size, variable key length &
variable round number. Block length and key length can be independently specified to
any multiple of 32 bits from 128 bits to 256 bits.
ü The Rijndael cipher as been selected as the Advanced Encryption Standard (AES). In
the Rijndael AES variant the block size is restricted to 128 bits and key length to 128,
192 or 256 bits only.
18. What is the purpose of the state array ?
A single 128-bit block is depicted as a square matrix of bytes. This block is copied into the
State array, which is modified at each stage of encryption or decryption. After the final
stage, State is copied to an output matrix.
19. What is Feistel cipher?
This cipher can be used to approximate the simple substitution cipher by utilizing the
concept of a product cipher, which is the performing of two or more basic ciphers in
sequence in such a way that the final result or product is cryptographically stronger than
 www.studentsfocus.com
any of the component ciphers.
20. What is a Shift rows?
ü In shift row, a row shift moves an individual byte from one column to another,
which is a linear distance of a multiple of 4 bytes.
ü In Forward Shift Row, each row perform circular left shift. Second Row a 1-byte
circular left shift is performed.
ü Third Row a 2-byte circular left shift is performed. For the Fourth Row a 3-byte
circular left shift is performed. In Inverse Shift Row, each row perform circular right
shift.
21. How the key is expanded in AES ?
AES (Rijndael) uses a key schedule to expand a short key into a number of separate
round keys. This is known as the Rijndael key schedule. The three AES variants have a
different number of rounds. Each variant requires a separate 128-bit round key for each
round plus one more.
22. What is a meet-in-middle attack ?
ü Meet-in-the-middle is a known attack that can exponentially reduce the number of
brute force permutations required to decrypt text that has been encrypted by more than
one key. Such an attack makes it much easier for an intruder to gain access to data.
ü The meet-in-the-middle attack targets block cipher cryptographic functions. The
intruder applies brute force techniques to both the plaintext and cipher text of a block
cipher. He then attempts to encrypt the plaintext according to various keys to achieve an
intermediate cipher text (a text that has only been encrypted by one key).
Simultaneously, he attempts to decrypt the cipher text according to various keys,
seeking a block of intermediate cipher text that is the same as the one achieved by
encrypting the plaintext.
ü If there is a match of intermediate cipher text, it is highly probable that the key used to
encrypt the plaintext and the key used to decrypt the cipher text are the two encryption
keys used for the block cipher.
23. What primitive operations are used in RC5?
ü Key expansion
ü Encryption
ü Decryption
24. What are the disadvantages with ECB mode of operation?
When two messages which has two blocks of plaintexts in common are encrypted with
ECB mode the corresponding cipher text blocks will be the same.
25. Define Quadratic sieve
The quadratic sieve algorithm (QS) is an integer factorization algorithm and, in practice,
the second fastest method known (after the general number field sieve). It is still the fastest
for integers under 100 decimal digits or so, and is considerably simpler than the number
field sieve. It is a general-purpose factorization algorithm, meaning that its running time
depends solely on the size of the integer to be factored, and not on special structure or
properties.
26. Why do some block cipher modes of operation only use encryption while others use
both encryption & decryption ?
 www.studentsfocus.com
ü Some modes of operation (eg CTR) work in such a way that only known values are
ever encrypted, forming a stream of pseudo-random data that is then combined with
the plaintext by a keyless reversible operation (often xor) to form the cipher text.
ü Other modes (eg CBC) directly encrypt secret (ie plaintext) values, meaning decryption
is required to find out what the secret value was.
ü One of the biggest advantages of a scheme that does not require decryption is that it
can be implemented in hardware with reduced footprint (ie it's smaller). Moreover, for
block ciphers such as AES it can often be easier to implement efficient encryption than
decryption because the internal coefficients have been optimized for this direction.
27. Write about elliptic curve cryptography.
ü Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on
the algebraic structure of elliptic curves over finite fields.
ü ECC requires smaller keys compared to non-ECC cryptography (based on plain Galois
fields) to provide equivalent security.
ü Elliptic curves are applicable for encryption, digital signatures, pseudo-random
generators and other tasks. They are also used in several integer
factorization algorithms that have applications in cryptography, such as Lenstra elliptic
curve factorization.
UNIT-II / PART-B
1. Explain AES algorithm with all its round functions.
ü AES is a non-Feistel cipher that encrypts and decrypts a data block of 128 bits. It
uses 10, 12, or 14 rounds.
ü The key size, which can be 128, 192, or 256 bits, depends on the number of rounds.
AES Parameters.

Rijndael was designed to have the following characteristics:

ü Resistance against all known attacks , Speed and code compactness on a wide
range of platforms
ü Design simplicity

AES – Overall structure

ü The input to the encryption and decryption algorithms is a single 128-bit block. This
block is copied into the State array, which is modified at each stage of encryption or
decryption. After the final stage, State is copied to an output matrix.
ü The 128-bit key is depicted as a square matrix of bytes. This key is then expanded
into an array of key
 www.studentsfocus.com
ü schedule words; each word is four bytes and the total key schedule is 44 words for
the 128-bit key.

AES – Data structures : Input , state array and output Key , expanded key

Four different stages are used, one of permutation and three of substitution:
ü Substitute bytes: Uses an S-box to perform a byte-by-byte substitution of the block
ü Shift Rows: A simple permutation
ü Mix Columns: A substitution that makes use of arithmetic over GF(28)
ü Add Round Key: A simple bitwise XOR of the current block with a portion of the
expanded key
ü For both encryption and decryption, the cipher begins with an AddRoundKey
stage, followed by nine rounds that each includes all four stages, followed by a
tenth round of three stages.
AES Round Structure :
 www.studentsfocus.com

ü Only the AddRoundKey stage makes use of the key. For this reason, the cipher
begins and ends with an AddRoundKey stage.
ü For the Substitute Byte, ShiftRows, and MixColumns stages, an inverse function is
used in the decryption algorithm. For the AddRoundKey stage, the inverse is
achieved by XORing the same round key to the block.
Substitute byte formation :
ü The forward substitute byte transformation, called SubBytes, is a simple table
lookup.
ü AES defines a 16 x 16 matrix of byte values, called an S-box (Table 5.4a), that
contains a permutation of all possible 256 8-bit values.
ü Each individual byte of State is mapped into a new byte in the following way: The
leftmost 4 bits of the byte are used as a row value and the rightmost 4 bits are used
as a column value. These row and column values serve as indexes into the S-box to
select a unique 8-bit output value.
ShiftRows Transformation
Forward and Inverse Transformations
ü The forward shift row transformation, called ShiftRows, is depicted in Figure . The
first row of State is not altered. For the second row, a 1-byte circular left shift is
performed. For the third row, a 2-byte circular left shift is performed. For the fourth
row, a 3-byte circular left shift is performed. The following is an example of
ShiftRows:

Mix columns transformation :

Forward and Inverse Transformations The forward mix column transformation, called
MixColumns, operates on each column individually. Each byte of a column is mapped into
a new value that is a function of all four bytes in that column.
Add Round key
Forward and Inverse Transformations
In the forward add round key transformation, called AddRoundKey, the 128 bits of State
are bitwise XORed with the 128 bits of the round key.
2. Explain RSA Algorithm to perform encryption and decryption to the system with p = 7
q = 11 e = 17 M = 8. Explain the possible attacks on RSA.
 www.studentsfocus.com
RSA : Algorithm
ü Block cipher asymmetric algorithm developed by Rivest, Shamir & Adleman .
ü It is the best known & widely used public-key scheme and based on exponentiation
in a finite (Galois) field over integers modulo a prime.
ü Security due to cost of factoring large numbers
ü factorization takes O(e log n log log n) operations (hard)
ü Each user will be provided with pair of keys one of which is public key used for
encryption and the other is private used for decryption.
ü Plaintext and cipher text are integers between 0 and n – 1 for some n. (eg . 1024 bits)
Ingredients of RSA Algorithm

The ingredients are the following:

p, q, two prime numbers (private, chosen)
n = pq (public, calculated)
e, with gcd( ᶲ (n),e) = 1; 1 < e <ᶲ(n) (public, chosen)
d≡ e-1(mod ᶲ (n)) (private, calculated)

RSA Key Setup

This key setup is done once (rarely) when a user establishes (or replaces) their public key.
ü Each user generates a public/private key pair by:
ü selecting two large primes at random - p, q
ü computing their system modulus N=p .q
ü ø (N)= (p-1) (q-1)
ü selecting at random the encryption key e where 1< e < ø(N), gcd (e ,ø (N)) =1
ü solve following equation to find decryption key d e. d=1 mod ø(N) and 0 ≤ d ≤ N
ü Publish their public encryption key: KU = {e, N}
ü Keep secret private decryption key: KR = {d, p, q}
RSA Use
ü To encrypt a message M the sender:
ü obtains public key of recipient KU={e ,N}
ü computes: C=Me mod N, where 0 ≤ M < N
ü To decrypt the cipher text C the owner:
ü uses their private key KR={d,p,q}
ü computes: M=Cd mod N
ü note that the message M must be smaller than the modulus N (block if needed)

RSA Algorithm :
 www.studentsfocus.com

RSA Example
1. Select primes: p=7 & q=11
2. Compute n = pq =7×11=77
3. Compute ø(n)=(p–1)(q-1)=6×10=60
4. Select e : gcd(e,60)=1; choose e=17
5. Determine d: de=1 mod 60 and d < 60
Now, we need to compute d = e-1 mod f(n) by using backward substitution of GCD
algorithm:
According to GCD:
60 = 17 * 3 + 9
17 = 9 * 1 + 8
9=8*1+1
8=1*8+0
Therefore, we have:
1=9–8
= 9 – (17 – 9)
= 9 – (17 – (60 – 17 * 3))
= 60 – 17*3 – (17 – 60 + 17*3)
= 60 – 17 *3 + 60 – 17*4
= 60*2 – 17*7
Hence, we get d = e mod f(n) = e mod 60 = -7 mod 60 = (53-60) mod 60 = 53
-1 -1

So, the public key is {17, 77} and the private key is {53, 77}, RSA encryption and
decryption is following:
 www.studentsfocus.com
Encryption Decryption
Plaintext cipher text Plaintext
8 57 8

817 Mod 77= 57 5753 Mod 77 = 8

PU= (17, 77) PR= (53, 77)

Publish public key KU={17,77}

6. Keep secret private key KR={53,7,11}
7. Given message M = 8 ( 8 < 77)
8. Encryption: C = 817 mod 77 = 57
Decryption: M = 5753 mod 77 = 8

RSA Attacks Counter-measures

i)Brute force: This involves trying all ü The defense against the brute-force
possible private keys. approach is the same for RSA as for other
cryptosystems, namely, use a large key
space.
ü Thus, the larger the number of bits in d,
the better. But encryption and decryption
are difficult.
ii)Mathematical attacks: There are several To avoid values of n that may be factored
approaches, all equivalent in effort to more easily, the algorithm's inventors
factoring the product of two primes. suggest the following constraints on p and q:
The Factoring Problem ü p and q should differ in length by only a
Three approaches to attack RSA few digits. Thus, for a 1024-bit key (309
mathematically: decimal digits), both p and q should be
ü Factor n into its two prime factors. This on the order of magnitude of 1075 to
enables calculation of 10100.
ᶲ(n) = (p- 1) x (q- 1), which, in turn, ü Both (p- 1) and (q- 1) should contain a
enables determination of large prime factor.
d ≡ e - 1 (mod ᶲ(n)). ü gcd(p- 1, q - 1) should be small.
ü Determine ᶲ (n) directly, without first
determining p and q. Again, this
enables determination of
d ≡ e - 1 (mod ᶲ (n)).
ü Determine d directly, without first
determining ᶲ (n).
iii)Timing attacks: These depend on the i)Constant exponentiation time: Ensure
running time of the decryption algorithm. that all exponentiations take the same
ü A timing attack is somewhat analogous amount of time before returning a result.
to a burglar guessing the combination of a ii)Random delay: Better performance
safe by observing how long it takes for could be achieved by adding a random
someone to turn the dial from number to delay to the exponentiation algorithm to
number. confuse the timing attack.
If modular exponentiation is accomplished iii)Blinding: Multiply the cipher text by a
bit by bit, with one modular multiplication random number before performing
 www.studentsfocus.com
performed at each iteration and an exponentiation. This process prevents the
additional modular multiplication attacker from knowing what cipher text
performed for each 1 bit, the attack bits are being processed inside the
proceeds bit-by bit starting with the computer and therefore prevents the bit-
leftmost bit, bk. by-bit analysis essential to the timing
attack.
iv)Chosen cipher text attacks: This type of Optimal asymmetric encryption padding
attack exploits properties of the RSA Message M to be encrypted is padded. A
algorithm. set of optional parameters P is passed
The basic RSA algorithm is vulnerable to through a hash function H.
a chosen cipher text attack (CCA). CCA is The output is then padded with zeros to
defined as an attack in which adversary get the desired length in the overall data
chooses a number of cipher texts and is block (DB). Next, a random seed is
then given the corresponding plaintexts, generated and passed through another
decrypted with the target's private key. hash function, called the mask generating
function (MGF).
The resulting hash value is bit-by-bit
XORed with DB to produce a masked
DB.
The concatenation of the masked seed
and the masked DB forms the encoded
message EM.
The EM is then encrypted using RSA.
3. Explain about the Diffie Hellman algorithm with an example. (Apr/May’17)
ü The purpose of the algorithm is to enable two users to securely exchange a key that
can then be used for subsequent encryption of messages.
ü The algorithm itself is limited to the exchange of secret values.
ü The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of
computing discrete logarithms.
 www.studentsfocus.com

The result is that the two sides have exchanged a secret value.

Ex : ὰ = 3 XA = 97 and XB = 233
A computes YA = 397 mod 353 = 40.
B computes YB = 3233 mod 353 = 248.
After they exchange public keys, each can compute the common secret key:
A computes K = (YB)XA mod 353 = 24897 mod 353 =160.
B computes K = (YA)XB mod 353 = 40233 mod 353 = 160.

Man-in-the-Middle Attack
Suppose Alice and Bob wish to exchange keys, and Darth is the adversary. The attack
proceeds as follows:
1. Alice sends an encrypted message M: E(K2, M).
 www.studentsfocus.com
2. Darth intercepts the encrypted message and decrypts it, to recover M.
3. Darth sends Bob E(K1, M) or E(K1, M'), where M' is any message. In the first case,
Darth simply wants to eavesdrop on the communication without altering it. In the
second case, Darth wants to modify the message going to Bob.
This vulnerability can be overcome with the use of digital signatures and public-key
Certificates.
4. Describe DES algorithm with neat diagram and explain the steps.(Apr/May’17)
ü In DES data are encrypted in 64-bit blocks using a 56-bit key. The algorithm
transforms 64-bit input in a series of steps into a 64-bit output. The same steps, with
the same key, are used to reverse the encryption.

(i) First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges the
bits to produce the permuted input.

Permutation table
i)Each entry in the permutation table indicates the position of a numbered input bit in the
output
(ii) This is followed by a phase consisting of sixteen rounds of the same function, which
involves both permutation and substitution functions.
iii) For each of the sixteen rounds, a sub key (Ki) is produced by the combination of a left
circular shift and a permutation. The permutation function is the same for each round,
but a different sub key is produced.
(iv) The output of the last (sixteenth) round consists of 64 bits that are a function of the
input plaintext and the key. The left and right halves of the output are swapped to
produce the pre-output.
(v) Finally, the pre-output is passed through a permutation that is the inverse of the initial
permutation function, to produce the 64-bit cipher text.
 www.studentsfocus.com

DES ROUND STRUCTURE

ü The left and right halves of each 64-bit intermediate value are treated as separate 32-
bit quantities, labeled L (left) and R (right).
ü Each round can be summarized in the following formulae:

ü The round key is 48 bits. The input is 32 bits. This input is first expanded to 48 bits
by using a table that defines a permutation plus an expansion that involves
duplication of 16 of the bits.
 www.studentsfocus.com
The resulting 48 bits are XOR-ed with reduced key for the round. This 48-bit result
ü passes through a substitution function that produces a 32-bit output, which is then
permuted.
ü The substitution consists of a set of eight S-boxes, each of which accepts 6 bits as
input and produces 4 bits as output.
ü The first and last bits of the input to box form a 2-bit binary number to select one of
four substitutions defined by the four rows in the table for Si.
ü The middle four bits select one of the sixteen columns. The decimal value in the cell
selected by the row and column is then converted to its 4-bit representation to
produce the output. For example, in S1, for input 011001, the row is 01 (row 1) and
the column is 1100 (column 12) and assuming a value in row 1, column 12 is 9, the
output is 1001.

DES S- BOXES
Key Generation:
ü A 64-bit key is used as input to the algorithm. The bits of the key are numbered
from 1 through 64; every eighth bit is ignored.

ü The key is first subjected to a permutation governed by a table labelled Permuted

Choice . This is nothing but permutation of numbers (referring to bit positions).
ü The resulting 56-bit key is then treated as two 28-bit strings, labelled Ci, Di.
ü At each round, Ci, Di are separately subjected to a circular left shift or (rotation) of 1
or 2 bits, as governed by Table.
ü These shifted values serve as input to the next round. They also serve as input to the
part labelled Permuted Choice Two , which produces a 48-bit output that serves as
input to the function F(Ri-1, Ki ).
DES Decryption:

ü Decryption uses the same algorithm as encryption, except that the application of the
sub-keys are reversed.
ü ie) sub key of round 16 in encryption - sub key of round 1 in decryption
 www.studentsfocus.com
ü sub key of round 15 in encryption - sub key of round 2 in decryption and so on.
Strength of DES
Avalanche effect :
• Key desirable property of encryption algorithm Where a change of one input or key
bit results in changing more than half output bits.
• DES exhibits strong avalanche.
• 56-bit keys have 256 = 7.2 x 1016 values.
• Brute force search looks hard.
Completeness Effect : Completeness effect means that each bit of the cipher text needs to
depend on many bits on the plaintext.
The diffusion and confusion produced by D-boxes and S-boxes in DES, show a very strong
completeness effect.
Attacks on DES
• Brute force attack
• Differential crypt analysis
• Linear crypt analysis
5. Explain the DES structure including key generation phase. Also explain the various
modes of operation.
Key Generation:
ü A 64-bit key is used as input to the algorithm. The bits of the key are numbered
from 1 through 64; every eighth bit is ignored.

ü The key is first subjected to a permutation governed by a table labelled Permuted

Choice . This is nothing but permutation of numbers (referring to bit positions).
ü The resulting 56-bit key is then treated as two 28-bit strings, labelled Ci, Di.
ü At each round, Ci, Di are separately subjected to a circular left shift or (rotation) of 1
or 2 bits, as governed by Table.
ü These shifted values serve as input to the next round. They also serve as input to the
part labelled Permuted Choice Two , which produces a 48-bit output that serves as
input to the function F(Ri-1, Ki ).
Modes of operation
Electronic Code Book (ECB) Mode
This mode is a most straightforward way of processing a series of sequentially listed
message blocks.
Operation
ü The user takes the first block of plaintext and encrypts it with the key to produce
the first block of cipher text.
ü He then takes the second block of plaintext and follows the same process with same
key and so on so forth.
ü The ECB mode is deterministic, that is, if plaintext block P1, P2,…, Pm are
 www.studentsfocus.com
encrypted twice under the same key, the output cipher text blocks will be the same.
Encryption Decryption

Limitation :
A cipher text from ECB can allow an attacker to guess the plaintext by trial-and-error if
the plaintext message is within predictable.
Cipher Block Chaining (CBC) Mode
CBC mode of operation provides message dependence for generating cipher text and
makes the system non-deterministic.
Operation
The operation of CBC mode is depicted in the following illustration. The steps are as
follows −
ü Load the n-bit Initialization Vector (IV) in the top register.
ü XOR the n-bit plaintext block with data value in top register.
ü Encrypt the result of XOR operation with underlying block cipher with key K.
ü Feed cipher text block into top register and continue the operation till all plaintext
blocks are processed.
ü For decryption, IV data is XORed with first cipher text block decrypted. The first
cipher text block is also fed into to register replacing IV for decrypting next cipher text
block.

Analysis of CBC Mode

In CBC mode, the current plaintext block is added to the previous cipher text block, and
then the result is encrypted with the key. Decryption is thus the reverse process, which
involves decrypting the current cipher text and then adding the previous cipher text block
to the result.

Advantages & disadvantages

ü Advantage of CBC over ECB is that changing IV results in different cipher text for
identical message.
ü On the drawback side, the error in transmission gets propagated to few further block
during decryption due to chaining effect.
ü It is worth mentioning that CBC mode forms the basis for a well-known data origin
 www.studentsfocus.com
authentication mechanism. Thus, it has an advantage for those applications that
require both symmetric encryption and data origin authentication.
Cipher Feedback (CFB) Mode
In this mode, each cipher text block gets ‘fed back’ into the encryption process in order to
encrypt the next plaintext block.

Operation
The operation of CFB mode is depicted in the following illustration. For example, in the
present system, a message block has a size ‘s’ bits where 1 < s < n. The CFB mode requires
an initialization vector (IV) as the initial random n-bit input block. The IV need not be
secret. Steps of operation are −

ü Load the IV in the top register.

ü Encrypt the data value in top register with underlying block cipher with key K.
ü Take only ‘s’ number of most significant bits (left bits) of output of encryption process
and XOR them with ‘s’ bit plaintext message block to generate cipher text block.
ü Feed cipher text block into top register by shifting already present data to the left and
continue the operation till all plaintext blocks are processed.
ü Essentially, the previous cipher text block is encrypted with the key, and then the result
is XORed to the current plaintext block.
ü Similar steps are followed for decryption. Pre-decided IV is initially loaded at the start
of decryption.

Analysis of CFB Mode

ü CFB mode differs significantly from ECB mode, the cipher text corresponding to a
given plaintext block depends not just on that plaintext block and the key, but also
on the previous cipher text block. In other words, the cipher text block is dependent
of message.
ü CFB has a very strange feature. In this mode, user decrypts the cipher text using
only the encryption process of the block cipher. The decryption algorithm of the
underlying block cipher is never used.
ü Apparently, CFB mode is converting a block cipher into a type of stream cipher.
Advantages & disadvantages

ü By converting a block cipher into a stream cipher, CFB mode provides some of the
advantageous properties of a stream cipher while retaining the advantageous
 www.studentsfocus.com
properties of a block cipher.
ü On the flip side, the error of transmission gets propagated due to changing of
blocks.
Output Feedback (OFB) Mode
ü It involves feeding the successive output blocks from the underlying block cipher
back to it. These feedback blocks provide string of bits to feed the encryption
algorithm which act as the key-stream generator as in case of CFB mode.

ü The key stream generated is XOR-ed with the plaintext blocks. The OFB mode
requires an IV as the initial random n-bit input block. The IV need not be secret.

ü The operation is depicted in the following illustration −

Counter (CTR) Mode

ü It can be considered as a counter-based version of CFB mode without the feedback.
In this mode, both the sender and receiver need to access to a reliable counter, which
computes a new shared value each time a cipher text block is exchanged.

ü This shared counter is not necessarily a secret value, but challenge is that both sides
must keep the counter synchronized.

Operation
ü Both encryption and decryption in CTR mode are depicted in the following
illustration. Steps in operation are −
ü Load the initial counter value in the top register is the same for both the sender and
the receiver. It plays the same role as the IV in CFB (and CBC) mode.
ü Encrypt the contents of the counter with the key and place the result in the bottom
register.
ü Take the first plaintext block P1 and XOR this to the contents of the bottom register.
The result of this is C1. Send C1 to the receiver and update the counter. The counter
update replaces the cipher text feedback in CFB mode.
ü Continue in this manner until the last plaintext block has been encrypted.
ü The decryption is the reverse process. The cipher text block is XORed with the
output of encrypted contents of counter value. After decryption of each cipher text
block counter is updated as in case of encryption.
 www.studentsfocus.com

Analysis of Counter Mode

It does not have message dependency and hence a cipher text block does not depend on
the previous plaintext blocks.

Like CFB mode, CTR mode does not involve the decryption process of the block cipher.
This is because the CTR mode is really using the block cipher to generate a key-stream,
which is encrypted using the XOR function. In other words, CTR mode also converts a
block cipher to a stream cipher.

The serious disadvantage of CTR mode is that it requires a synchronous counter at sender
and receiver. Loss of synchronization leads to incorrect recovery of plaintext.

However, CTR mode has almost all advantages of CFB mode. In addition, it does not
propagate error of transmission at all.

6. Write about the various mechanisms in Public key cryptography techniques.

ü Public-Key Distribution Schemes (PKDS) - where the scheme is used to securely
exchange a single piece of information (whose value depends on the two parties, but
cannot be set). This value is normally used as a session key for a private-key scheme
ü Signature Schemes - used to create a digital signature only, where the private-key
signs (create) signatures, and the public-key verifies signatures
ü Public Key Schemes (PKS) - used for encryption, where the public-key encrypts
messages, and the private-key decrypts messages.
ü Public-key refers to a cryptographic mechanism. It has been named public-key to
differentiate it from the traditional and more intuitive cryptographic mechanism
known as: symmetric-key, shared secret, secret-key and also called private-key.
Symmetric-key cryptography is a mechanism by which the same key is used for both
encrypting and decrypting; it is more intuitive because of its similarity with what you
expect to use for locking and unlocking a door: the same key. This characteristic
requires sophisticated mechanisms to securely distribute the secret-key to both
parties2. Public-key on the other hand, introduces another concept involving key pairs:
one for encrypting, the other for decrypting. This concept, as you will see below, is
very clever and attractive, and provides a great deal of advantages over symmetric-
key: • Simplified key distribution • Digital Signature • Long-term encryption
 www.studentsfocus.com
However, it is important to note that symmetric-key still plays a major role in the
implementation of a Public-key Infrastructure or PKI.

ü Public-key is commonly used to identify a cryptographic method that uses an

asymmetric-key pair: a public-key and a private-key . Public-key encryption uses that
key pair for encryption and decryption. The public-key is made public and is
distributed widely and freely. The private-key is never distributed and must be kept
secret.

ü Encryption is a mechanism by which a message is transformed so that only the sender

and recipient can see. For instance, suppose that Alice wants to send a private message
to Bob. To do so, she first needs Bob’s public-key; since everybody can see his public-
key, Bob can send it over the network in the clear without any concerns. Once Alice has
Bob’s public-key, she encrypts the message using Bob’s public-key and sends it to Bob.
Bob receives Alice’s message and, using his private-key, decrypts it.

ü Digital signature is a mechanism by which a message is authenticated i.e. proving that

a message is effectively coming from a given sender, much like a signature on a paper
document. For instance, suppose that Alice wants to digitally sign a message to Bob. To
do so, she uses her private-key to encrypt the message; she then sends the message
along with her public-key (typically, the public key is attached to the signed message).
Since Alice’s public-key is the only key that can decrypt that message, a successful
decryption constitutes a Digital Signature Verification, meaning that there is no doubt
that it is Alice’s private key that encrypted the message.

ü The two previous paragraphs illustrate the encryption/decryption and

signature/verification principles. Both encryption and digital signature can be
combined, hence providing privacy and authentication.
7. Explain Triple DES in detail with suitable diagram.
Before using Triple DES, user first generate and distribute a Triple DES key K, which
consists of three different DES keys K1, K2 and K3. This means that the actual Triple DES
key has length 3×56 = 168 bits. The encryption scheme is illustrated as follows −

The encryption-decryption process is as follows −

ü Encrypt the plaintext blocks using single DES with key K1.
ü Now decrypt the output of step 1 using single DES with key K2.
ü Finally, encrypt the output of step 2 using single DES with key K3.
ü The output of step 3 is the cipher text.
ü Decryption of a cipher text is a reverse process. User first decrypt using
K3, then encrypt with K2, and finally decrypt with K1.
 www.studentsfocus.com

Keying options

The standards define three keying options:

ü Keying option 1

üAll three keys are independent.

üKeying option 1 is the strongest, with 3 × 56 = 168 independent key
bits.
ü Keying option 2

ü K1 and K2 are independent, and K3 = K1.

ü Keying option 2 provides less security, with 2 × 56 = 112 key bits. This option
is stronger than simply DES encrypting twice, e.g. with K1 and K2, because it
protects against meet-in-the-middle attacks.
ü Keying option 3

ü All three keys are identical, i.e. K1 = K2 = K3.

ü Keying option 3 is equivalent to DES, with only 56 key bits. It provides
backward compatibility with DES.
ü Second variant of Triple DES (TDES) is identical to TDES except that K3 is
replaced by K1.
ü In other words, user encrypt plaintext blocks with key K1, then decrypt with
key K2, and finally encrypt with K1 again. Therefore, 2TDES has a key length
of 112 bits.

Advantages :

ü Due to this design of Triple DES as an encrypt–decrypt–encrypt process, it is possible

to use a Triple DES (hardware) implementation for single DES by setting K1, K2, and
 www.studentsfocus.com
K3 to be the same value. This provides backwards compatibility with DES.

ü Triple DES systems are significantly more secure than single DES, but these are
clearly a much slower process than encryption using single DES.

8. Explain RC5 algorithm with neat diagram.

ü RC5 is a symmetric key block encryption algorithm developed by Ron Rivest.

ü The main features of RC5 are that it is quite fast as it uses only the primitive
computer operations (such as addition, XOR, shift, etc).
ü It allows for a variable number of rounds and a variable bit-size key to add to the
flexibility.
ü Different applications that demand varying security needs can set these values
accordingly. Another important aspect is that RC5 requires less memory for
execution and is, therefore, suitable not only for desktop computers, but also for
smart cards and other devices that have a small memory capacity.
ü RC5 is a family of ciphers RC5-w/r/b
ü w = word size in bits (16/32/64) nb data=2w
ü r = number of rounds (0..255)
ü b = number of bytes in key (0..255)
ü nominal version is RC5-32/12/16
ü ie 32-bit words so encrypts 64-bit data blocks
ü using 12 rounds
ü with 16 bytes (128-bit) secret key
RC5- Primitive operations
Three Primitive operations(and their inverses)
ü Two’s complement addition of words, modulo 2w
ü ‘+’
ü Inverse op , subtraction, ‘-’
ü Bit-wise exclusive OR of words, denoted by ⊕
ü A left-rotation of words
ü x <<< y , cyclic rotation of word x left by y bits
ü One word of the intermediate results is cyclically rotated by an
amount determined bits of another intermediate results.
ü The inverse operation is right-rotation, x>>>y
RC5 has Three parts:-
i. Key Expansion
ii. Encryption Algorithm
iii. Decryption Algorithm
RC5 – Key Expansion
ü RC5 uses 2r+2 sub key words (w-bits)
ü Sub keys are stored in array S[i], i=0..t-1
ü then the key schedule consists of
§ initializing S to a fixed pseudorandom value, based on constants e and
∏
§ the byte key is copied (little-endian) into a c-word array L
§ a mixing operation then combines L and S to form the final S array
 www.studentsfocus.com
RC5 – encryption
ü split input into two halves A & B
L0 = A + S[0];
R0 = B + S[1];
for i = 1 to r do
Li = ((Li-1 XOR Ri-1) <<< Ri-1) + S[2 x i];
Ri = ((Ri-1 XOR Li) <<< Li) + S[2 x i + 1];
ü each round is like 2 DES rounds

Decryption Algorithm
◦ (easily derived from encryption)
◦ Two w-bit words are denoted as A and B
for i = r down to 1 do
B = (( B – S[ 2 * i + 1 ]) >>> A) ⊕ A;
A = (( A – S[ 2 * i ] >>> B) ⊕ B;
B = B - S[1];
A = A - S[0];
RC5 Modes
• 4 modes used by RC5
– RC5 Block Cipher, is ECB mode
– RC5-CBC, is CBC mode
– RC5-CBC-PAD, is CBC with padding by bytes with value being the number of
padding bytes
9. Write in detail about elliptic curve cryptography.
ü Elliptic curve cryptography [ECC] is a public-key cryptosystem just like RSA,
Rabin, and El Gamal.
ü Every user has a public and a private key.
ü Public key is used for encryption/signature verification.
ü Private key is used for decryption/signature generation.
ü Elliptic curves are used as an extension to other current cryptosystems.
ü Elliptic Curve Diffie-Hellman Key Exchange
ü Elliptic Curve Digital Signature Algorithm

ECC- Algorithm

ü Both parties agree to some publicly-known data items

ü The elliptic curve equation y2 = x3 + ax + b mod p
ü values of a and b such that 4a3 + 27 b2 ≠ 0
ü prime, p
ü The elliptic group is computed from the elliptic curve equation
ü A base point, G, taken from the elliptic group.
ü Each user generates their public/private key pair
ü Private Key = an integer, x selected from the interval [1, p-1]
ü Public Key = product of private key and base point
(Product = x*G)
 www.studentsfocus.com
ü Suppose Alice wants to send to Bob an encrypted message.
ü Both agree on a base point, G.

– Alice and Bob create public/private keys.

– Alice : Private Key = nA
Public Key = PA = nA * G
– Bob : Private Key = nB
Public Key = PB = nB * G

– Alice takes plaintext message, M, and encodes it onto a point, PM, from the
elliptic group.
Encryption : Alice choose another random k – value from { 1,2,… p-1 }
Cipher text : Cm = { KG, Pm + KPB }

Decryption : by Bob
Take the first point from Cm - KG
Multiply KG and private key of Bob : Product = nB KG
Take the second point from Cm and subtract the product from it
Pm + KPB - nB KG
Substitute PB = nB * G Then Pm + K nB * G - nB KG = Pm

ECC is particularly beneficial for application where:

ü computational power is limited (wireless devices, PC cards)
ü integrated circuit space is limited (wireless devices, PC cards)
ü high speed is required.
ü intensive use of signing, verifying or authenticating is required.
ü signed messages are required to be stored or transmitted (especially for short
messages).
ü bandwidth is limited (wireless communications and some computer networks).
Advantages:
ü Shorter key lengths
ü Encryption, Decryption and Signature Verification speed up
ü Storage and bandwidth savings
10. Write in detail about the principles of Public key cryptosystems.
1. Asymmetric algorithms rely on one key for encryption and a different but related key
for decryption.
2. It is computationally infeasible to determine the decryption from encryption key and
encryption algorithm.
 www.studentsfocus.com
3.Either of the 2 keys (related) can be used for encryption with the other used for
decryption (In case of RSA algorithm)
4.A Public key encryption has following key ingredients:

A) Encryption

B) Authentication

a) Plaintext: This is a readable message or data that is feed into the algorithm as input.
b) Encryption Algorithm: The encryption algorithm performs various transformations on
the plain text.
c) Public and Private Keys: This is a pair of keys that has been selected so that if one is
used for encryption then the other is used for decryption.
d) Cipher text: This is the scrambled message produced as output. It depends on the key
and the energy algorithm used for a given message two different keys will produce two
different cipher text.
e) Decryption Algorithm: This algorithm accepts the cipher text and the matching key to
produce original plaintext.
The essential steps are the following:

ü Each user generates a pair of keys to be used for encryption and decryption of the
messages.
 www.studentsfocus.com
ü Each user places one of the two keys in a public register or other accessible file. This is
the Public key.
ü The companion key is Private As shown in Figure 5.1 that each user maintains a
collection of public keys obtained from others.
ü If Bob wishes to send a confidential message to Alice, Bob encrypts the message with
Alice’s Public key.
ü When Alice receives message. She decrypts it using private key. No other recipient can
decrypt the message because only Alice knows the private key.
ü With this approach, all Participants have access to Public keys and Private keys are
generated locally by each participants.
ü Never distributed, as long as users private key remains protected and secure, incoming
accumulation is secure.
ü At any time system can change its private key and intimate companion, public key to
replace old public key.
11. Explain about Blowfish algorithm with neat diagram.
ü Blowfish is a 64-bit block cipher invented by Bruce Schneier. Blowfish was designed
for fast ciphering on 32-bit microprocessors. Blowfish is also compact and has a
variable key length which can be increased to 448 bits.
ü Blowfish is suitable for applications where the key does not change frequently like
communication
ü links or file encryptors.
ü It is faster than DES when implemented on 32-bit microprocessors.

Round Structure :

ü The algorithm is based on the Feistel structure and has two important parts: The round
structure and the key expansion function.
ü There are 16 rounds, and each round are made of simple transformations which are
iterated. Each round consists of a key-dependent permutation, and a key and data-
dependent substitution.
ü All the operations are additions and XORs on 32 bit words, and lookups in 4 32-bit S-
Boxes.
ü Blowfish has a P-array, P0,P1,…,P18 each of which are 32 bit sub keys.
ü There are 4 S-Boxes, each of which maps an 8-bit input to 32-bits. The round structure
of Blowfish is illustrated in Fig.
 www.studentsfocus.com

Key Scheduling Algorithm - The sub keys are computed using the following method:

ü The P-array and then the four S-Boxes are initialized with a fixed string. The string is
the hexadecimal digits of π.
ü P1 is XOR-ed with 32 bits of the key, P2 is XOR-ed with the next 32 bits of the key,
and so on for all the bits of the key. If needed the key bits are cycled to ensure that all
the P-array elements are XOR-ed.
ü An all-zero string is encrypted with the Blowfish algorithm, with the sub keys P1 to
P18 obtained so far in steps 1 and 2.
ü P1 and P2 are replaced by the 64 bit output of step 3.
ü The output of step 3 is now encrypted with the updated sub keys to replace P3 and P4
with the cipher text of step 4.
ü This process is continued to replace all the P-arrays and the S-Boxes in order.

ü This complex key-scheduling implies that for faster operations the sub keys should be
precomputed and stored in the cache for faster access.

12. Describe the mathematical foundations of RSA algorithm. Perform encryption and
decryption for the following: p = 17, q= 7, e = 5, n = 119, message = “6” Use extended
Euclid’s algorithm to find the private key.
Mathematical foundation:
ü The functionality of the RSA algorithm is based on aspects of number theory involving
prime numbers and modulus operations.

ü The essential mathematics needed to understand RSA involve modulus operations and
Euler’s totient.

ü Euler’s Totient or simply the totient is a term that denotes all the integers smaller than
n that have no common factors with n. Another way of stating this is how many
numbers smaller than n are co-prime with n. The symbol for the totient of a number is
Φ(n).

ü For example, if n = 8 then you are asking how many numbers smaller than 8 have no
common factors with 8. The answer would be 3, 5, and 7. 1 is also included as a special
 www.studentsfocus.com
case, thus the totient of 8 would be 4. Another term for Euler’s totient is the Euler phi
function.
ü In modular arithmetic, the equal symbol is not used. Rather the congruence symbol is.
So, the mathematically correct way to write this is:
14 mod 12 ≡ 2
26 mod 12 ≡ 2
38 mod 12 ≡ 2

Sample method : for p =17 q = 11 & M = 88

1. Select primes: p=17 & q=11
2. Compute n = pq =17×11=187
3. Compute ø(n)=(p–1)(q-1)=16×10=160
4. Select e : gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161
6. Publish public key KU={7,187}
7. Keep secret private key KR={23,17,11}
8. Given message M = 88 ( 88<187)
Encryption: C = 887 mod 187 = 11
Note : Finding private key d ( ie) multiplicative inverse of e – 1 using extended Euclidean
algorithm) ie) d ≡ e – 1 mod ᶲ(n)
d* e ≡ 1 mod ᶲ(n) Here d * 7 ≡ 1 mod 160
According Extended Euclidean algorithm initial values
A1 = 1 A2 = 0 A3 = 160
B1 = 0 B2 = 1 B3 = 7
Find Q = └ A3/B3┘ ( take lowest nearest integer)
Then A1 = B1 ; A2= B2 ; A3 = B3
B1 = A1-QB1 ; B2 = A2-QB2; B3 = A3-QB3
Q A A A3 B B B
1 2 1 2 3
- 1 0 16 0 1 7
0
2 0 1 7 1 22 6
2
1 1 22 6 1 23 1

Since B3 = 1 ; Multiplicative inverse B2 = 23

d * 3 ≡ 1 mod 160
23 * 7 ≡ 1 mod 160 è d = 23