BCSE309L – Cryptography and Network

Security
M ODULE - 2

2
Symmetric Key Cryptography

Refer lab materials…

3
Block Ciphers and Stream
Ciphers
Block Ciphers
Block Ciphers

6
Stream Ciphers
Data Encryption Standard (DES)
Data Encryption Standard
Data Encryption Standard

16 × 2 + 2 = 34 permutations
 Data Encryption Standard
• DES uses a 56-bit key.
• Actually, the initial key consists of 64 bits.
• However, before the DES process even starts,
every 8th bit of the key is discarded to produce
a 56-bit key.
• That is bit positions 8, 16, 24, 32, 40, 48, 56,
and 64 are discarded.
12
General Depiction of DES Encryption Algorithm
Data Encryption Standard
 Data Encryption Standard
• In the first step, the 64-bit plain text block is handed over to an
initial Permutation (IP) function.
• The initial permutation is performed on plain text.
• Next, the initial permutation (IP) produces two halves of the
permuted block; saying Left Plain Text (LPT) and Right Plain
Text (RPT).
• Now each LPT and RPT go through 16 rounds of the
encryption process.
• In the end, LPT and RPT are rejoined and a Final Permutation
(FP) is performed on the combined block
• The result of this process produces 64-bit ciphertext.
 Data Encryption Standard
• Initial permutation (IP) happens only once and it
happens before the first round.
• It suggests how the transposition in IP should
proceed, as shown in the figure.
• For example, it says that the IP replaces the first bit of
the original plain text block with the 58th bit of the
original plain text, the second bit with the 50th bit of
the original plain text block, and so on.
 Data Encryption Standard
Initial and Final Permutations

Permutation is a reordering of the bit positions for each of the inputs

18
 Data Encryption Standard
Feistel Structure

A Round in DES(Encryption site)

 Data Encryption Standard
Feistel Structure

A Round in DES(Encryption site)

 Data Encryption Standard
Feistel Structure

DES Function
Feistel Structure Data Encryption Standard

Expansion of P Box
 Data Encryption Standard
Feistel Structure
 Data Encryption Standard
Feistel Structure

S-Boxes
25
 Data Encryption Standard
Feistel Structure

S-Box Rule

Ex: 000111
Row=01 1
Col=0011 3
Data Encryption Standard
Data Encryption Standard

12
 Data Encryption Standard

The input to the S-box is 101100. What is the output?

101100
ROW10 2
COL0110 6
ANSWER = 02
Data Encryption Standard
Data Encryption Standard

13
 Data Encryption Standard

Straight Permutation Table

General Depiction of DES Encryption Algorithm
Round Key Generator
 Data Encryption Standard

The DES satisfies both the desired properties of block cipher. These
two properties make cipher very strong.
• Avalanche effect − A small change in plaintext results in the
very great change in the ciphertext.
• Completeness − Each bit of ciphertext depends on many bits of
plaintext.
The Strength of DES
DES for Practice

37
 DES
Round Key Generator
39
 Practice – DES
Key = [231457799BBCDFF1]
Find the key for first 3 rounds of DES

40
 Practice – DES
Key of 8th round = [A21036331ECB5873]
Find the key for 9th and 10th rounds of DES

Note:
Key in Hexa = 231457799BBCDFF1
Key in binary = 0010 0011 0001 0100 0101
0111 0111 1001 1001 1100 1011 1111 1111
0001  64 bits
 Practice – DES
Consider the plaintext 0123456789ABCDEF and key 1111222233334444. Apply DES
algorithm to find the ciphertext after first round.

Straigh permutation

42
SDES
 SDES
• Simplified Data Encryption Standard is a simple version of Data
Encryption Standard having a 10-bit key and 8-bit plain text.
• It is much smaller than the DES algorithm as it takes only 8-bit
plain text whereas DES takes 64-bit plain text.
• It was developed for educational purpose so that understanding
DES can become easy.
• It is a block cipher algorithm and uses a symmetric key for its
algorithm i.e. they use the same key for both encryption and
decryption.
• It has 2 rounds for encryption which use two different keys.
 SDES
• First, we need to generate 2 keys before encryption.
• After generating keys we pass them to each individual
round for S-DES encryption.
• The S-DES decryption algorithm takes an 8-bit block of
ciphertext and the same 10-bit key used to produce that
ciphertext as input and produces the original 8-bit block
of plaintext
SDES
 SDES
• Encryption - five functions:
1. An initial permutation (IP)
2. A complex function labeled fk, which involves both
permutation and substitution operations and depends on a
key input
3. A simple permutation function that switches (SW) the two
halves of the data
4. The function fk again
5. A permutation function that is the inverse of the initial
permutation
 SDES
SDES Key Generation:
• The function fk takes as input not only the
data passing through the encryption
algorithm, but also an 8-bit key.
Shift 1 time left
• Here a 10-bit key is used from which two 8-
bit subkeys are generated.
• The key is first subjected to a permutation
(P10).
• Then a shift operation is performed.
• The output of the shift operation then passes
Shift 2 times left
through a permutation function that produces
an 8-bit output (P8) for the first subkey (K1).
• The output of the shift operation also feeds
into another shift of 2 times left and another
instance of P8 to produce the second subkey
(K2).
 SDES Plaintext (8 bit) 11110011
Key (10 bit) : 1010000010

SDES Key Generation:

• S-DES depends on the use of a 10-bit key shared between sender
and receiver.
• From this key, two 8-bit subkeys are produced for use in
particular stages of the encryption and decryption algorithm.
• First, permute the key in the following fashion. Let the 10-bit key
be designated as (k1, K2, k3, k4, k5, k6, k7, k8, k9, k10).
• Then the permutation P10 is defined as:
P10 (k1, K2, k3, k4, k5, k6, k7, k8, k9, k10) =
(k3, k5, K2, k7, k4, k10 10, k1, k9, k8, k6)
 SDES

• This table is read from left to right; each position in the table
gives the identity of the input bit that produces the output bit in
that position.
• So the first output bit is bit 3 of the input; the second output bit
is bit 5 of the input, and so on.
• For example,
– key (1010000010) is permuted to (10000 01100).
 SDES
• Next, perform a circular left shift (LS-1), or rotation,
separately on the first five bits and the second five bits.
• In our example LS-1:
10000 01100  00001 11000
• Next we apply P8, which picks out and permutes 8 of
the 10 bits according to the following rule:

• Subkey 1 (K1) is (10100100)

 SDES
• We then go back to the pair of 5-bit strings produced
by the two LS-1 functions and performs a circular left
shift of 2 bit positions on each string.
• In our example,
• LS-1: 10000 01100  00001 11000
The value LS-2: 00001 11000  00100 00011
• Finally, P8 is applied again to produce K2.
• In our example, the result is (01000011).
 SDES
S-DES encryption
Plaintext (8 bit) 11110011
1. Initial Permutation
– The input to the algorithm is an 8-bit block of
plaintext, which we first permute using the IP
function

Permuted output = 10111101

 SDES
2. The Function fk
– The most complex component of S-DES is the
function fk, which consists of a combination of
permutation and substitution functions.
– The functions can be expressed as follows.
• Let L and R be the leftmost 4 bits and rightmost 4 bits of
the 8-bit input to fK, and let F be a mapping (not
necessarily one to one) from 4-bit strings to 4-bit strings.
• Then we let
SDES

L R
R

Merge with R
 SDES

a. Expanded Permutation (EP)

b. S-boxes (S0 and S1)

c. Permutation P4
 SDES
a. Expanded Permutation (EP)
• It takes a 4-bit input and converts it into an 8-
bit output

L R
1234
R  1101
E/P output = 11101011
 SDES L R
• XOR R

EP output = 11101011
Subkey 1 (K1) = 10100100
XOR = 0100 1111
Merge with R
0100
1111
• The first 4 bits (first row of the preceding matrix) are fed
into the S-box S0 to produce a 2- bit output
• Remaining 4 bits (second row) are fed into S1 to produce
another 2-bit output
 SDES
b. S-boxes (S0 and S1)
It is a basic component of a symmetric key algorithm
R
that performs substitution
S0 S1

0100 1111
Merge with R
 SDES
The S-boxes operate as follows.
• The first and fourth input bits are treated as a 2-bit
number that specify a row of the S-box, and the
second and third input bits specify a column of the S-
box.
• The entry in that row and column, in base 2, is the 2-
bit output. For example, 0100  row 0, column 2 of
S0, which is 3, or (11) in ) binary.
0100  00=0 row, 10=2 column
3 (from s0)
1111 11=3 row, 11=3 column
3 (from s1)
 1111
1111 SDES 1111
c. Permutation P4
After P4  1111 1111
Permuted output L  1011 R1101
R
XOR (L,P4)
1011
1111
0100
Merge with R

Merge (XOR output and R)  0100 1101

R
 L R
SDES R

Merge with R

3. Switch (SW)
• The switch function (SW) interchanges the left
and right 4 bits
0100 1101
After Swap  1101 0100
• So the second instance of f K operates on a
different 4 bits.
 SDES
Round 2:
• EP, S0, S1, and P4 functions are
the same
• The key input is K2.
• Finally apply inverse
permutation to get the ciphertext.
• Round 1 output : 1101 0100 SDES
1234
• L = 1101 R=0100
1. EP (R) 0010 1000
• XOR (EP (R) ,K2) = 0010 1000
0100 0011  K2
XOR = 0110 1011
2. S0,S1 0110 1011
S0 S1
R0,C3=2 R3,C1=1
1001
3. P4 1001  0101
Xor with L 1101 XOR 0101 = 1000
Merge with R  1000 0100
IP-1  01000001 Ciphertext is 01000001
 SDES
Example for practice
Plaintext : 10010111
Key : 1010000010

Ciphertext : ?
Practice

66
SDES
 SDES
Example for practice
Plaintext : 10111011
Key :1101101110
K1=?
K2=?
Ciphertext : ?
Recovered plaintext = ?
 Key generation
Key :1101101110

69
 Key generation
Key :1101101110

70
 Key generation
• K1=11111000
• K2=10010111

71
Plaintext : 10111011 Encryption

L R
R

Merge with R

72
Plaintext : 10111011 Encryption

73
Plaintext : 10111011 L R
R

Merge with R
 Encryption

Plaintext = 10111011
Ciphertext = 11110011

75
Decryption
 Decryption

Ciphertext = 11110011
Plaintext = 10111011

77
 SDES
Example 2
Plaintext : 10010111
K1 : 10100100
K2 : 01000011

Ciphertext = ?
Plaintext=?