Review

• What is security: history and definition

• Security policy, mechanisms and services
• Security models
 Outline
• Overview of Cryptography
• Classical Symmetric Cipher
• Modern Symmetric Ciphers (DES)
 Basic Terminology
• plaintext - the original message
• ciphertext - the coded message
• cipher - algorithm for transforming plaintext to ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - recovering ciphertext from plaintext
• cryptography - study of encryption principles/methods
• cryptanalysis (codebreaking) - the study of principles/
methods of deciphering ciphertext without knowing key
• cryptology - the field of both cryptography and
cryptanalysis
 Classification of Cryptography
• Number of keys used
– Hash functions: no key
– Secret key cryptography: one key
– Public key cryptography: two keys - public,
private
• Type of encryption operations used
– substitution / transposition / product
• Way in which plaintext is processed
– block / stream
Secret Key vs. Secret Algorithm

• Secret algorithm: additional hurdle

• Hard to keep secret if used widely:
– Reverse engineering, social engineering
• Commercial: published
– Wide review, trust
• Military: avoid giving enemy good ideas
 Cryptanalysis Scheme
• Ciphertext only:
– Exhaustive search until “recognizable plaintext”
– Need enough ciphertext
• Known plaintext:
– Secret may be revealed (by spy, time), thus
<ciphertext, plaintext> pair is obtained
– Great for monoalphabetic ciphers
• Chosen plaintext:
– Choose text, get encrypted
– Pick patterns to reveal the structure of the key
 Unconditional vs. Computational
Security
• Unconditional security
– No matter how much computer power is available,
the cipher cannot be broken
– The ciphertext provides insufficient information to
uniquely determine the corresponding plaintext
– Only one-time pad scheme qualifies
• Computational security
– The cost of breaking the cipher exceeds the value
of the encrypted info
– The time required to break the cipher exceeds the
useful lifetime of the info
 Brute Force Search
• Always possible to simply try every key
• Most basic attack, proportional to key size
• Assume either know / recognise plaintext

Key Size (bits) Number of Time required at 1 Time required at 106

Alternative Keys decryption/µs decryptions/µs
32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours
128 2128 = 3.4  1038 2127 µs = 5.4  1024 5.4  1018 years
years
168 2168 = 3.7  1050 2167 µs = 5.9  1036 5.9  1030 years
years
26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 6.4  106 years
(permutation) years
 Outline
• Overview of Cryptography
• Classical Symmetric Cipher
– Substitution Cipher
– Transposition Cipher
• Modern Symmetric Ciphers (DES)
Symmetric Cipher Model
 Requirements
• Two requirements for secure use of
symmetric encryption:
– a strong encryption algorithm
– a secret key known only to sender / receiver
Y = EK(X)
X = DK(Y)

• Assume encryption algorithm is known

• Implies a secure channel to distribute key
 Classical Substitution Ciphers
• Letters of plaintext are replaced by other
letters or by numbers or symbols
• Plaintext is viewed as a sequence of bits,
then substitution replaces plaintext bit
patterns with ciphertext bit patterns
 Caesar Cipher
• Earliest known substitution cipher
• Replaces each letter by 3rd letter on
• Example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
 Caesar Cipher
• Define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

• Mathematically give each letter a number

a b c d e f g h i j k l m

0 1 2 3 4 5 6 7 8 9 10 11 12

n o p q r s t u v w x y Z

13 14 15 16 17 18 19 20 21 22 23 24 25

• Then have Caesar cipher as:

C = E(p) = (p + k) mod (26)
p = D(C) = (C – k) mod (26)
 Example 30.3

Use the shift cipher with key = 15 to encrypt the message

“HELLO.”

Solution
We encrypt one character at a time. Each character is
shifted 15 characters down. Letter H is encrypted to W.
Letter E is encrypted to T. The first L is encrypted to A. The
second L is also encrypted to A. And O is encrypted to D.
The cipher text is WTAAD.

30.15
 Example 30.4

Use the shift cipher with key = 15 to decrypt the message

“WTAAD.”

Solution
We decrypt one character at a time. Each character is
shifted 15 characters up. Letter W is decrypted to H. Letter
T is decrypted to E. The first A is decrypted to L. The
second A is decrypted to L. And, finally, D is decrypted to
O. The plaintext is HELLO.

30.16
Cryptanalysis of Caesar Cipher
• Only have 25 possible ciphers
– A maps to B,..Z
• Given ciphertext, just try all shifts of
letters
• Do need to recognize when have plaintext
• E.g., break ciphertext "GCUA VQ DTGCM"
 Monoalphabetic Cipher
• Rather than just shifting the alphabet
• Could shuffle (jumble) the letters arbitrarily
• Each plaintext letter maps to a different
random ciphertext letter
• Key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
 Monoalphabetic Cipher
Security
• Now have a total of 26! = 4 x 1026 keys
• Is that secure?
• Problem is language characteristics
– Human languages are redundant
– Letters are not equally commonly used
 Example 1

The following shows a plaintext and its corresponding

ciphertext. Is the cipher monoalphabetic?

Solution
The cipher is probably monoalphabetic because both
occurrences of L’s are encrypted as O’s.

30.20
 Example 30.2

The following shows a plaintext and its corresponding

ciphertext. Is the cipher monoalphabetic?

Solution
The cipher is not monoalphabetic because each
occurrence of L is encrypted by a different character. The
first L is encrypted as N; the second as Z.

30.21
 English Letter Frequencies

Note that all human languages have varying letter frequencies, though the
number of letters and their frequencies varies.
 Example Cryptanalysis
• Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ

VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX

EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

• Count relative letter frequencies (see text)

• Guess P & Z are e and t
• Guess ZW is th and hence ZWP is the
• Proceeding with trial and error finally get:
it was disclosed yesterday that several informal but

direct contacts have been made with political

representatives of the viet cong in moscow

 One-Time Pad
• If a truly random key as long as the message
is used, the cipher will be secure - One-Time
pad
• E.g., a random sequence of 0’s and 1’s XORed
to plaintext, no repetition of keys
• Unbreakable since ciphertext bears no
statistical relationship to the plaintext
• For any plaintext, it needs a random key of
the same length
– Hard to generate large amount of keys
• Have problem of safe distribution of key
 Transposition Ciphers
• Now consider classical transposition or
permutation ciphers
• These hide the message by rearranging
the letter order, without altering the actual
letters used
• Can recognise these since have the same
frequency distribution as the original text
 Rail Fence Cipher
• Write message letters out diagonally over
a number of rows
• Then read off cipher row by row
• E.g., write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t

• Giving ciphertext
MEMATRHTGPRYETEFETEOAAT
 Product Ciphers
• Ciphers using substitutions or transpositions
are not secure because of language
characteristics
• Hence consider using several ciphers in
succession to make harder, but:
– Two substitutions make another substitution
– Two transpositions make a more complex
transposition
– But a substitution followed by a transposition
makes a new much harder cipher
• This is bridge from classical to modern ciphers
 Rotor Machines
• Before modern ciphers,
rotor machines were
most common complex
ciphers in use
• Widely used in WW2
– German Enigma, Allied
Hagelin, Japanese
Purple
• Implemented a very
complex, varying
substitution cipher
 Outline
• Overview of Cryptography
• Classical Symmetric Cipher
• Modern Symmetric Ciphers (DES)
 Block vs Stream Ciphers
• Block ciphers process messages in into
blocks, each of which is then en/decrypted
• Like a substitution on very big characters
– 64-bits or more
• Stream ciphers process messages a bit or
byte at a time when en/decrypting
• Many current ciphers are block ciphers, one
of the most widely used types of
cryptographic algorithms
 Block Cipher
• Divide input bit stream into n-bit sections, encrypt only that
section, no dependency/history between sections

Courtesy:
Andreas
Steffen

• In a good block cipher, each output bit is a function of all n input

bits and all k key bits
 Stream Cipher
• Stream ciphers

• Rather than divide bit stream into discrete blocks, as block ciphers do,
XOR each bit of your plaintext continuous stream with a bit from a
pseudo-random sequence
• At receiver, use same symmetric key, XOR again to extract plaintext
 Block Cipher Principles
• Most symmetric block ciphers are based on a
Feistel Cipher Structure
• Block ciphers look like an extremely large
substitution
• Would need table of 264 entries for a 64-bit
block
• Instead create from smaller building blocks
• Using idea of a product cipher
Ideal Block Cipher
 Substitution-Permutation Ciphers
• Substitution-permutation (S-P) networks
[Shannon, 1949]
– modern substitution-transposition product cipher
• These form the basis of modern block ciphers
• S-P networks are based on the two primitive
cryptographic operations
– substitution (S-box)
– permutation (P-box)
• provide confusion and diffusion of message
 Confusion and Diffusion
• Cipher needs to completely obscure statistical
properties of original message
• A one-time pad does this
• More practically Shannon suggested S-P
networks to obtain:
• Diffusion – dissipates statistical structure of
plaintext over bulk of ciphertext
• Confusion – makes relationship between
ciphertext and key as complex as possible
 Feistel Cipher Structure
• Feistel cipher implements Shannon’s S-P
network concept
– based on invertible product cipher
• Process through multiple rounds which
– partitions input block into two halves
– perform a substitution on left data half
– based on round function of right half & subkey
– then have permutation swapping halves
 Feistel
Cipher
Structure
 Feistel
Cipher
Decryption
DES (Data Encryption Standard)
• Published in 1977, standardized in 1979.
• Key: 64 bit quantity=8-bit parity+56-bit
key
– Every 8th bit is a parity bit.
• 64 bit input, 64 bit output.
64 bit M 64 bit C
DES
Encryption

56 bits
 DES Top View
56-bit Key
64-bit
48-bitInput
K1
Generate keys
Permutation Initial Permutation
48-bit K1
Round 1
48-bit K2
Round 2
…... 48-bit K16
Round 16

Swap Swap 32-bit halves

Permutation Final Permutation

64-bit Output
Bit Permutation (1-to-1)

1 2 3 4 32
Input: 0 0 1 0 ……. 1

1 bit

Output 1 0 1 1 …….. 1
22 6 13 32 3
 Per-Round Key Generation
Initial Permutation of DES key

C i-1 28 bits D i-1 28 bits

Circular Left Shift Circular Left Shift

One
round Permutation Round 1,2,9,16:
with Discard single shift
Others: two bits
48 bits
Ki
Ci 28 bits Di 28 bits
 A DES Round
32 bits Ln 32 bits Rn

E
One 48 bits
Mangler
Round Function 48 bits
Encryption S-Boxes Ki

32 bits

32 bits Ln+1 32 bits Rn+1

 Mangler Function
4 4 4 4 4 4 4 4

6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6

+ + + + + + + +

S1 S2 S3 S4 S5 S6 S7 S8 The permutation produces

“spread” among the
4 4 4 4 4 4 4 4 chunks/S-boxes!

Permutation
 Bits Expansion (1-to-m)
1 2 3 4 5 32
Input: 0 0 1 0 1……. 1

Output

1 0 0 1 0 1 0 1 …….. 1 0

1 2 3 4 5 6 7 8 48
 S-Box (Substitute and Shrink)
• 48 bits ==> 32 bits. (8*6 ==> 8*4)
• 2 bits used to select amongst 4
substitutions for the rest of the 4-bit
quantity
2 bits I1
row I2
I3 Si O1
O2
I4 O3
I5 O4

4 bits I6
column i = 1,…8.
 S-Box Examples
Each row and column contain different numbers.

0 1 2 3 4 5 6 7 8 9…. 15

0 14 4 13 1 2 15 11 8 3

1 0 15 7 4 14 2 13 1 10

2 4 1 14 8 13 6 2 11 15

3 15 12 8 2 4 9 1 7 5

Example: input: 100110 output: ???

 DES Standard
• Cipher Iterative Action • Key Generation Box :
: – Input: 56 bits
– Input: 64 bits
– Output: 48 bits
– Key: 48 bits
– Output: 64 bits

One round (Total 16 rounds)

 DES Box Summary
• Simple, easy to implement:
– Hardware/gigabits/second,
software/megabits/second
• 56-bit key DES may be acceptable for non-
critical applications but triple DES (DES3)
should be secure for most applications today
• Supports several operation modes (ECB CBC,
OFB, CFB) for different applications
 Tutorial Questions
Q1:What are the essential Ingredients of a
symmetric cipher?

Q2:What are the two basic functions used in

encryption algorithms?

Q3:What is the difference between a block

cipher and a stream cipher?
Q4:Suppose that Alice's RSA public key is (N;
e) and her private key is (N; d) where e is
the encryption exponent, d is the
decryption exponent, and N is the product
of two prime numbers p and q. We are
given that p = 7; q = 11 and e = 17.If Bob
encrypts the message M = 8 with the RSA
algorithm using Alice's public key, what is
the Ciphertext C that Bob sends to Alice?
To show that Alice can decrypt C to obtain
M.
Q5: Using this Play fair matrix:

Encrypt this message:

“Must see you over Cadogan West. Coming
at once”
Q6:Jack is sending Tommy a message with
RSA. The public key is 3, while N is 55.
What is the value of d that Tommy must
use to decrypt the message?
Q7: The following is a key for
transposition cipher.

Encrypt the word “HELLO MY DEAR”

using the above key. Also decrypt to
form the original message.
Q8:Encrypt the message “THIS IS AN
EXERCISE” using a shifted cipher with a key
of 20. Ignore the space between words.
Decrypt the massage to the original
plaintext.
Figure 30.19 Modes of operation for block ciphers

30.57
Figure 30.20 ECB mode

30.58
Figure 30.21 CBC mode

30.59
Figure 30.22 CFB mode

30.60
Figure 30.23 OFB mode

30.61