Chapter 2

Block Cipher and Data Encryption

Standard
Simplified DES

2
 What is Simplified DES
• Developed 1996 as a teaching tool
– Santa Clara University\
• Prof. Edward Schaefer
– Takes an 8-bit block plaintext, a 10 –bit key and
produces an 8-bit block of ciphertext
– Decryption takes the 8-bit block of ciphertext,
the same 10-bit key and produces the original
8-bit block of plaintext

3
S-DES Structure

4
 Five Functions to Encrypt
• IP – an initial permutation

• fk - a complex, 2-input function

• SW – a simple permutation that swaps the two nybles

• fk - a complex, 2-input function; again

• IP – inverse permutation of the initial permutation

5
Key generation for S-DES

6
S-DES Encryption detail

7
 Simplified DES Example

Assume input 10-bit key, K, is: 1010000010

Then the steps for generating the two 8-bit round keys, K1 and K2, are:
1. Rearrange K using P10: 1000001100
2. Left shift by 1 position both the left and right halves: 00001 11000
3. Rearrange the halves with P8 to produce K1: 10100100
4. Left shift by 2 positions the left and right halves: 00100 00011
5. Rearrange the halves with P8 to produce K2: 01000011
K1 and K2 are used as inputs in the encryption and decryption stages.
Assume a 8-bit plaintext, P: 01110010
Then the steps for encryption are:
1. Apply the initial permutation, IP, on P: 10101001
2. Assume the input from step 1 is in two halves, L and R: L=1010, R=1001
3. Expand and permutate R using E/P: 11000011

8
 Cont…
XOR input from step 3 with K1: 10100100 XOR 11000011 = 01100111
5. Input left halve of step 4 into S-Box S0 and right halve into S-Box S1:
a. For S0: 0110 as input: b1,b4 for row, b2,b3 for column
b. Row 00, column 11 -> output is 10
c. For S1: 0111 as input:
d. Row 01, column 11 -> output is 11
6. Rearrange outputs from step 5 (1011) using P4: 0111
7. XOR output from step 6 with L from step 2: 0111 XOR 1010 = 1101
8. Now we have the output of step 7 as the left half and the original R as the right half.
Switch the halves and move to round 2: 1001 1101
9. E/P with right half: E/P(1101) = 11101011
10. XOR output of step 9 with K2: 11101011 XOR 01000011 = 10101000
11. Input to s-boxes:
a. For S0, 1010
b. Row 10, column 01 -> output is 10
c. For S1, 1000
d. Row 10, column 00 -> output is 11
9
 Cont…
12. Rearrange output from step 11 (1011) using P4: 0111
13. XOR output of step 12 with left halve from step 8: 0111 XOR 1001 = 1110
14. Input output from step 13 and right halve from step 8 into inverse IP
a. Input us 1110 1101
b. Output is: 01110111
So our encrypted result of plaintext 01110010 with key 1010000010 is: 01110111
Other examples (encrypt or decrypt) could be:
Plaintext: 11010101; Key: 0111010001; Ciphertext: 01110011
Plaintext: 01001100; Key: 1111111111; Ciphertext: 00100010
Plaintext: 00000000; Key: 0000000000; Ciphertext: 11110000
Plaintext: 11111111; Key: 1111111111; Ciphertext: 00001111

10
 Claude Shannon and Substitution-
Permutation Ciphers
• Claude Shannon introduced idea of substitution-
permutation (S-P) networks in 1949 paper
• form basis of modern block ciphers
• S-P nets are based on the two primitive
cryptographic operations seen before:
– substitution (S-box)
– permutation (P-box)
• provide confusion & diffusion of message & key

11
 Confusion and Diffusion
• cipher needs to completely obscure statistical
properties of original message
• more practically Shannon suggested combining S & P
elements to obtain:
• diffusion –dissipates statistical structure of plaintext
over bulk of ciphertext (in particular – one change in
the plaintext triggers many changes in the ciphertext)
• confusion – makes relationship between ciphertext and
key as complex as possible (in particular, each character
of the ciphertext depends on many parts of the key)

12
 Feistel Cipher Structure
• Horst Feistel devised the feistel cipher
– based on concept of invertible product cipher
• partitions input block into two halves
– process through multiple rounds which
– perform a substitution on left data half
– based on round function of right half & subkey
– then have permutation swapping halves
• implements Shannon’s S-P net concept

13
Feistel Cipher Structure

14
 Cont…
• The inputs to the encryption algorithm are a
plaintext block of length 2w bits and a key K
• The plaintext block is divided into two halves, L0 and
R0
• two halves of the data pass through n rounds of
processing and then combine to produce the
ciphertext block
• Each round i has as inputs Li-1 and Ri-1 as well as a
subkey Ki

15
 Cont…
• Substitution:
- Apply round function F to the right half of the
data
- F is parametrized by round sub key Ki
- Take Exclusive OR of the output of F and the
Left half of the data
Permutation:
Interchange the two half of the data
16
Feistel Cipher En/Decryption

17
 On encryption side
• Use the ciphertext as input to the algorithm
• use the subkeys Ki in reverse order, Kn in the
first round, Kn-1 in the second round, and so on
until K1 is used in the last round On encryption
side :
LE16 = RE15
RE16 = LE15 x F(RE15, K16)

18
 On Decryption side

LD1 = RD0 = LE16 = RE15

RD1 = LD0 x F(RD0, K16)
= RE16 x F(RE15, K16)
Thus we can generalize encryption as:
LEi = REi-1
REi =LEi-1 x F(REi-1, Ki)

19
 Modern Block Ciphers
• now look at modern block ciphers
• one of the most widely used types of
cryptographic algorithms
• provide secrecy /authentication services
• focus on DES (Data Encryption Standard)
• to illustrate block cipher design principles

20
 Block vs Stream Ciphers
• block ciphers process messages in blocks,
each of which is then en/decrypted
• like a substitution on very big characters
– 64-bits or more
• stream ciphers process messages a bit or byte
at a time when en/decrypting
• many current ciphers are block ciphers
• broader range of applications
21
 Choice of parameters to provide
security
• Block size: Larger block sizes mean greater
security
• Key Size: Larger key size means greater security
• Number of rounds: Multiple rounds offer
increased security
• Subkey generation algorithm: Greater
complexity of the algortihm, difficult in crypt
analysis

22
Data Encryption Standard
(DES)

23
 Data Encryption Standard (DES)
• most widely used block cipher in world
• adopted in 1977 by NBS (now NIST)
– as FIPS PUB 46
• encrypts 64-bit data using 56-bit key
• has widespread use
• has been considerable controversy over its
security

24
Encryption and decryption with DES

25
General structure of DES

26
DES Encryption Overview

27
 DES Key Schedule
• 64-bit key is used as input to the algorithm
• bits of the key are numbered from 1 through 64
• every eighth bit is ignored, to make it 56 bits
• key is first subjected to a permutation
• resulting 56-bit key is then treated as two 28-
bit quantities and subjected to left shift
• resulting 56-bit key is then treated as two 28-
bit quantities
28
Cont…

29
Cont…

30
 Input data (plain text)
The input data passes through the following
phases:
- Initial Permutation: Rearranges input bits
- Rounds: 16 rounds
- 32 bit swap: left and right halves are swapped
- Inverse initial permutation

31
Position of input bits

32
 Initial and final permutation tables

6.33
Initial and final permutation tables
 Details of single round
• The left and right halves of each 64-bit
intermediate value are treated as separate 32-
bit quantities
DES uses 16 rounds. Each round of DES is a Feistel cipher.

• As in any classic Feistel cipher

Li = Ri-1
Ri = Li-1 x F(Ri-1, Ki)

35
Henric Johnson 36
 Expansion Permutation

Permutation Function (P)

16 7 20 21 29 12 28 17
1 15 23 26 5 18 31 10
2 8 24 14 32 27 3 9
19 13 30 6 22 11 4 25

37
 DES Round Structure
• uses two 32-bit L & R halves
• as for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1  F(Ri–1, Ki)
• F takes 32-bit R half and 48-bit subkey:
– expands R to 48-bits using perm E
– adds to subkey using XOR
– passes through 8 S-boxes to get 32-bit result
– finally permutes using 32-bit perm P
38
 Substitution Boxes S
• have eight S-boxes which map 6 to 4 bits
• each S-box is actually 4 little 4 bit boxes
– outer bits 1 & 6 (row bits) select one row of 4
– inner bits 2-5 used to select one of 16 columns
– The value selected, decimal value is converted
into 4 bit binary

39
S-Boxes
The S-boxes do the real mixing (confusion). DES uses 8 S-
boxes, each with a 6-bit input and a 4-bit output.

48-bit input

32-bit input
S-box rule
shows the permutation for S-box 1.

Table S-box 1
 Example

The input to S-box 1 is 100011. What is the output?

Solution
If we write the first and the sixth bits together, we get 11 in
binary, which is 3 in decimal. The remaining bits are 0001 in
binary, which is 1 in decimal. We look for the value in row 3,
column 1, in Table 6.3 (S-box 1). The result is 12 in decimal,
which in binary is 1100. So the input 100011 yields the output
1100.
 Example

The input to S-box 8 is 000000. What is the output?

Solution
If we write the first and the sixth bits together, we get 00 in
binary, which is 0 in decimal. The remaining bits are 0000 in
binary, which is 0 in decimal. We look for the value in row 0,
column 0, in Table 6.10 (S-box 8). The result is 13 in decimal,
which is 1101 in binary. So the input 000000 yields the output
1101.
Tables for All S-boxes

45
Tables for All S-boxes

46
 DES Decryption
• decrypt must unwind steps of data computation
• with Feistel design, do encryption steps again using
subkeys in reverse order (SK16 … SK1)
– IP undoes final FP step of encryption
– 1st round with SK16 undoes 16th encrypt round
– ….
– 16th round with SK1 undoes 1st encrypt round
– then final FP undoes initial encryption IP
– thus recovering original data value

47
 Triple DES
• Use three keys and three executions
of the DES algorithm (encrypt-
decrypt-encrypt)
C = EK3[DK2[EK1[P]]]
• C = ciphertext
• P = Plaintext
• EK[X] = encryption of X using key K
• DK[Y] = decryption of Y using key K

• Effective key length of 168 bits

48
 Triple DES
K1 K2 K1

A B
P E D E C

(a) Encryption

K1 K2 K1

B A
C D E D P

(b) Decryption
 Avalanche Effect
• A desirable property of any encryption
algorithm is that a small change in either the
plaintext or the key should produce a major
change in the ciphertext

50
 Exercise
Consider the DES encryption where the same bit pattern for plain text and key k
is given below as :
In hexadecimal notation: 0 1 2 3 4 5 6 7 8 9 A B C D E F
In binary notation: 0000 0001 0010 0011 0100 0101 0110 0111
1000 1001 1010 1011 0100 1101 1110 1111

I. Derive K1, the first-round subkey

II. Derive L0, R0
III. Perform single round DES encryption and derive L1,R1
 group assignment
Write the c program for the implementation of
group 1: DES encryption
group 2:DES decryption algorithm.

52