This document provides an overview of block ciphers and public key cryptography. It discusses the principles of block ciphers, including block cipher modes of operation. Popular block ciphers like DES, AES, Triple DES and Blowfish are described. The document also covers public key cryptography principles and algorithms like RSA and Diffie-Hellman key exchange. It provides details on elliptic curve cryptography and the arithmetic behind it.
2. BLOCK CIPHERS & PUBLIC KEY
CRYPTOGRAPHY
• Block Ciphers:
– Block cipher principles
– Block cipher modes of operation
– Data Encryption Standard (DES)
– Advanced Encryption Standard (AES)
– Triple DES
– Blowfish
– RC5 algorithm 2
3. BLOCK CIPHERS & PUBLIC KEY
CRYPTOGRAPHY
• Public key cryptography:
– Principles of public key cryptosystems
– The RSA algorithm, Key management
– Diffie Hellman Key exchange
– Elliptic curve arithmetic
– Elliptic curve cryptography
3
4. Introduction to Block Ciphers
• A block cipher is one in which a block of
plaintext is treated as a whole and used to
produce a ciphertext block of equal length.
• Typically, a block size of 64 or 128 bits is used.
As with a stream cipher, the two users share a
symmetric encryption key
4
7. Block Cipher Principles
• The cryptographic strength of a Feistel cipher
derives from three aspects of the design:
• Number of rounds,
• Function F, and
• Key schedule algorithm
7
8. Block Cipher Principles
• Number of Rounds
– The greater the number of rounds, the more
difficult it is to perform cryptanalysis, even for a
relatively weak F.
– In general, the criterion should be that the
number of rounds is chosen so that known
cryptanalytic efforts require greater effort than a
simple brute-force key search attack
8
9. Block Cipher Principles
• Design of function F
– The heart of a Feistel block cipher is the function F
– Difficult to “unscramble” the substitution
– Function F should be nonlinear.
– Algorithm should have good Avalanche Properties.
– Bit Independence Criterion (BIC), (which states that output
bits j and k should change independently when any single input bit i is
inverted for all i, j, and k)
9
10. Block Cipher Principles
• Key Schedule Algorithm
– With any Feistel block cipher, the key is used to
generate one sub key for each round.
– In general, we would like to select sub keys to
maximize the difficulty of deducing individual
subkeys and the difficulty of working back to the
main key.
– No general principles for this have yet been
promulgated
– Key schedule should guarantee key/ciphertext
Strict Avalanche Criterion and Bit Independence
Criterion 10
13. i. Electronic Code Block
• Each block of plaintext bits is encoded
independently using the same key.
13
14. ii. Cipher Block Chaining
• The input to the encryption algorithm is the
XOR of the next block of plaintext and the
preceding block of ciphertext.
14
15. iii. Cipher Feedback
• Preceding ciphertext is used as input to the
encryption algorithm to produce
pseudorandom output, which is XORed with
plaintext to produce next unit of ciphertext
15
16. iv. Output Feedback
• Similar to CFB, except that the input to the
encryption algorithm is the preceding
encryption output, and full blocks are used.
16
17. v. Counter
• Each block of plaintext is XORed with an
encrypted counter.
• The counter is incremented for each subsequent
block
17
20. DES - History
• In 1971, IBM developed an algorithm, named
LUCIFER which operates on a block of 64 bits,
using a 128-bit key
• Walter Tuchman, an IBM researcher, refined
LUCIFER and reduced the key size to 56-bit, to
fit on a chip.
• In 1977, the results of Tuchman’s project of
IBM was adopted as the Data Encryption
Standard by NSA (NIST).
20
21. DES - History
• It is a symmetric key block cipher.
• It follows feistel structure
• DES was most widely used until the introduction
of AES (2001)
21
37. DES - Encryption
• There are two inputs to the encryption
function:
– Plaintext to be encrypted
– Key
• In this case, the plaintext must be 64 bits in
length and the key is 56 bits in length
37
38. DES - Encryption
• Processing of the plaintext proceeds in three phases.
– First, the 64-bit plaintext passes through an initial
permutation (IP) that rearranges the bits to produce the
permuted input.
– This is followed by a phase consisting of sixteen rounds of
the same function, which involves both permutation and
substitution functions.
– The output of the last (sixteenth) round consists of 64 bits
that are a function of the input plaintext and the key.
– The left and right halves of the output are swapped to
produce the pre output.
– Finally, the preoutput is passed through a permutation
[IP -1] that is the inverse of the initial permutation function,
to produce the 64-bit ciphertext.
38
39. DES - Encryption
• Initially, the key is passed through a
permutation function.
• Then, for each of the sixteen rounds, a subkey
(Ki) is produced by the combination of a left
circular shift and a permutation.
• The permutation function is the same for each
round, but a different subkey is produced
because of the repeated shifts of the key bits.
39
41. DES - Example
• The Avalanche Effect
– A small change in either the plaintext or the key
should produce a significant change in the
ciphertext.
– In particular, a change in one bit of the plaintext or
one bit of the key should produce a change in
many bits of the ciphertext.
– This is referred to as the avalanche effect
41
44. Cracking DES
• 1998
• John Gilmore
• $220,000
• 56-bit DES key space 4.5 days
• Deep Crack Computer, 27 boards each
containing 64 chips, capable of testing 90
billion keys a second
44
47. Advanced Encryption Standard
• The Advanced Encryption Standard (AES) was
published by the National Institute of
Standards and Technology (NIST) in 2001.
• AES is a symmetric block cipher that is
intended to replace DES as the approved
standard for a wide range of applications
47
48. Advanced Encryption Standard
• plaintext block size 128 bits, or 16 bytes.
• The key length 128 or 192 or 256 bits (16,
24, or 32 bytes ).
• The algorithm is referred to as AES-128, AES-
192, or AES-256, depending on the key length
48
56. SubBytes
• A simple substitution of each byte provide a
confusion
• Uses one S-box of 16x16 bytes containing a
permutation of all 256 8-bit values
• Each byte of state is replaced by byte indexed by
row (left 4-bits) & column (right 4-bits)
– eg. byte {95} is replaced by byte in row 9 column 5
– which has value {2A}
• S-box constructed using defined transformation
of values in Galois Field- GF(28) 56
61. ShiftRows
• Shifting, which permutes the bytes.
• A circular byte shift in each each
– 1st row is unchanged
– 2nd row does 1 byte circular shift to left
– 3rd row does 2 byte circular shift to left
– 4th row does 3 byte circular shift to left
• In the encryption, the transformation is called ShiftRows
• In the decryption, the transformation is called InvShiftRows
and the shifting is to the right
61
63. MixColumns
• The forward mix column transformation,
called MixColumns, operates on each column
individually. Each byte of a column is mapped
into a new value that is a function of all four
bytes in that column
63
65. AddRoundKey
• In the forward add round key transformation,
called AddRoundKey, the 128 bits of State are
bitwise XORed with the 128 bits of the round
key.
65
67. AES Key Expansion
• The AES key expansion algorithm takes as
input a four-word (16-byte) key and produces
a linear array of 44 words (176 bytes).
• This is sufficient to provide a four word round
key for the initial AddRoundKey stage and
each of the 10 rounds of the cipher.
67
69. AES Key Expansion
• RotWord performs a one-
byte circular left shift on a
word. This means that an
input word [B0, B1, B2, B3]
is transformed into [B1, B2,
B3, B0].
• SubWord performs a byte
substitution on each byte of
its input word, using the S-
box.
• The result of steps 1 and 2 is
XORed with a round
constant, Rcon[j].
69
71. Key expansion Example
• For example, suppose that the round key for
round 8 is
EA D2 73 21 B5 8D BA D2 31 2B F5 60 7F 8D 29 2F
• Then the first 4 bytes (first column) of the round key
for round 9 are calculated as follows:
71
74. Meet in Middle Attack:
• Thus, the use of double DES results in a
mapping that is not equivalent to a single DES
encryption. But there is a way to attack this
scheme, one that does not depend on any
particular property of DES but that will work
against any block encryption cipher.
• The algorithm, known as a meet-in-the-
middle attack
C = E(K2, E(K1, P))
P = D(K1, D(K2, C))
74
75. Meet in Middle Attack:
C = E(K2, E(K1, P))
P = D(K1, D(K2, C))
• Given a known pair, (P, C), the attack proceeds as
follows. First, encrypt P for all 256 possible values of K1.
• Store these results in a table and then sort the table by
the values of X.
• Next, decrypt C using all 256 possible values of K2.
• As each decryption is produced, check the result
against the table for a match.
• If a match occurs, then test the two resulting keys
against a new known plaintext–ciphertext pair.
• If the two keys produce the correct ciphertext, accept
them as the correct keys. 75
80. Blowfish
• The keys are stored in k array
K1,k2 …. Kj
• The sub keys are stored in P array
P1, P2, …. P18
• There are four S-boxes, each with 256 32-bit
entries
S1,0,S1,1, S1,2,S1,3…S1,255
S2,0,S2,1, S2,2,S2,3…S2,255
S3,0,S3,1,S3,2,S3,3…S3,255
S4,0,S4,1, S4,2,S4,3…S4,255
1<= j <= 14
80
84. RC5
• Designed by Ronald Rivest (of RSA fame)
– used in RSA Data Security, Inc.’s products
• Can vary key size
• Can vary data size
• Can vary number of rounds
• Very clean and simple design
• Easy implementation on various CPUs
• Yet still regarded as secure
84
85. RC5
• RC5 is a family of ciphers RC5-w/r/b
– w = word size in bits (16/32/64), block data=2w
– r = number of rounds (0..255)
– b = number of bytes in key (0..255)
• nominal version is RC5-32/12/16
– i.e. 32-bit words so encrypts 64-bit data blocks
– using 12 rounds
– with 16 bytes (128-bit) secret key
85
86. RC5
Simple operations:
1. Addition: modulo 2w
2. Bitwise XOR
3. Circular shift (rotation):
x <<< y, x is left rotate y bits
A Substitution-permutation round:
1. Substitution depends on both
words
2. Permutation depends on both
words
3. Substitution depends on key
86
87. RC5
• split input into two halves A & B
L0 = A + S[0];
R0 = B + S[1];
for i = 1 to r do
Li = ((Li-1 XOR Ri-1) <<< Ri-1) + S[2 x i];
Ri = ((Ri-1 XOR Li) <<< Li) + S[2 x i + 1];
• each round is like 2 DES rounds
• note rotation is main source of non-linearity
• need reasonable number of rounds (eg 12-16)
87
88. RC5
• RFC2040 defines 4 modes used by RC5
– RC5 Block Cipher, is ECB mode
– RC5-CBC, is CBC (cipher block chaining) mode
– RC5-CBC-PAD, is CBC with padding by bytes with
value being the number of padding bytes
– RC5-CTS, a variant of CBC which is the same size
as the original message, uses ciphertext stealing to
keep size same as original
88
90. Introduction to public key cryptography
• The development of public-key cryptography
is the greatest and perhaps the only true
revolution in the entire history of
cryptography.
90
91. Terminology Related to Asymmetric
Encryption
• Asymmetric Keys
– Two related keys, a public key and a private key,
that are used to perform complementary
operations, such as encryption and decryption or
signature generation and signature verification.
• Public Key Certificate
– A digital document issued and digitally signed by
the private key of a Certification Authority that
binds the name of a subscriber to a public key.
– The certificate indicates that the subscriber
identified in the certificate has sole control and
access to the corresponding private key.
91
92. Terminology Related to Asymmetric
Encryption
• Public Key (Asymmetric) Cryptographic
Algorithm
– A cryptographic algorithm that uses two related keys,
a public key and a private key.
– The two keys have the property that deriving the
private key from the public key is computationally
infeasible.
• Public Key Infrastructure (PKI)
– A set of policies, processes, server platforms, software
and workstations used for the purpose of
administering certificates and public-private key pairs,
including the ability to issue, maintain, and revoke
public key certificates.
92
95. Public-Key Cryptosystems
• Asymmetric algorithms rely on one key for
encryption and a different but related key for
decryption.
• These algorithms have the following
important characteristic.
– It is computationally infeasible to determine the
decryption key given only knowledge of the
cryptographic algorithm and the encryption key
– Either of the two related keys can be used for
encryption, with the other used for decryption
95
96. Six ingredients
• Plaintext:
– This is the readable message or data that is fed into
the algorithm as input.
• Encryption algorithm:
– The encryption algorithm performs various
transformations on the plaintext.
• Public and private keys:
– This is a pair of keys that have been selected so that if
one is used for encryption, the other is used for
decryption.
– The exact transformations performed by the algorithm
depend on the public or private key that is provided as
input.
96
97. Six ingredients
• Ciphertext:
– This is the scrambled message produced as
output.
– It depends on the plaintext and the key.
– For a given message, two different keys will
produce two different ciphertexts.
• Decryption algorithm:
– This algorithm accepts the ciphertext and the
matching key and produces the original plaintext.
97
98. Essential steps
1. Each user generates a pair of keys to be used for
the encryption and decryption of messages.
2. Each user places one of the two keys in a public
register or other accessible file. This is the public
key. The companion key is kept private. Each
user maintains a collection of public keys
obtained from others.
3. If Bob wishes to send a confidential message to
Alice, Bob encrypts the message using Alice’s
public key.
4. When Alice receives the message, she decrypts
it using her private key. No other recipient can
decrypt the message because only Alice knows
Alice’s private key. 98
103. Application for public key cryptosystems
• Encryption/decryption:
– The sender encrypts a message with the
recipient’s public key.
• Digital signature:
– The sender “signs” a message with its private key.
Signing is achieved by a cryptographic algorithm
applied to the message or to a small block of data
that is a function of the message.
• Key exchange:
– Two sides cooperate to exchange a session key.
Several different approaches are possible,
involving the private key(s) of one or both parties.
103
105. RSA Algorithm
• By Rivest, Shamir & Adleman of MIT in 1977
• Best known & widely used public-key scheme
105
106. Intuition behind RSA Algorithm
• I would like to receive encrypted message
from everyone
• I obtain a private key and public key
• I publish my public key and keep my private
key secret
• Everyone can use my public key to encrypt
their message to me
• I am the only one who can decrypt the
message using the private key
106
107. RSA algorithm in our daily life
• When buying something from ebay, they send
their public key to your browser
• Your information gets encrypted using ebay’s
public key and sent to them
• They use their private key to decrypt the
encrypted data
107
108. RSA example
• Message: m
• Encryption(public key) : (5,14)
c=me mod n
• Decryption (private key) : (5,14)
p=cd mod n
108
109. Key Management
• Generate two large random prime numbers
p and q
• Find n=p.q
• Find Φ(n)=(p-1)(q-1)
• Choose the public key e, such that
1<e< Φ(n)
gcd (e, Φ(n)) = 1
gcd(e,n)=1
• Compute the private key d, such that
1<d< Φ(n)
e.d=1(mod Φ(n))
• The private key is (e,n) and public key is (d,n)
109
110. Why RSA special?
• Given two large prime numbers p and q, a
composite number n can be computed as
n = p.q
• But, given just n, there is no known algorithm
to effectively find p and q
110
116. Examples of RSA
• Message = 15, p=7, q= 11, e =7
• Message= 88, p = 17, q = 11, e =7
116
117. Security of RSA
• Five possible approaches to attacking the RSA
algorithm are
• Brute force:
– This involves trying all possible private keys.
• Mathematical attacks:
– There are several approaches, all equivalent in effort to
factoring the product of two primes.
• Timing attacks:
– These depend on the running time of the decryption
algorithm.
• Hardware fault-based attack:
– This involves inducing hardware faults in the processor
that is generating digital signatures.
• Chosen ciphertext attacks:
– This type of attack exploits properties of the RSA
algorithm. 117
119. Diffie Hellman Key exchange
• The first published public-key algorithm
appeared in the seminal paper by Diffie and
Hellman that defined public-key cryptography
[DIFF76b] and is generally referred to as Diffie-
Hellman key exchange
119
122. Diffie Hellman Example
• Find the secret key shared between user A and
user B using Diffie Hellman algorithm for the
following
• q = 353, α=3, XA=45 and XB=50
122
123. Diffie Hellman Example
• Find the secret key shared between user A and
user B using Diffie Hellman algroithm fo rthe
following
• q = 353, α=3, XA=97 and XB=233
YA = 397 mod 353 = 40.
YB = 3233 mod 353 = 248.
A computes K = (YB)XA mod 353 = 24897 mod 353 = 160.
B computes K = (YA)XB mod 353 = 40233 mod 353 = 160.
123
125. Man-in-the-Middle Attack
• Darth prepares for the attack by generating two
random private keys XD1 and XD2 and then
computing the corresponding public keys YD1 and
YD2.
• Alice transmits YA to Bob.
• Darth intercepts YA and transmits YD1 to Bob. Darth
also calculates K2 = (YA)XD2 mod q.
• Bob receives YD1 and calculates K1 = (YD1)XB mod q.
• Bob transmits YB to Alice.
• Darth intercepts YB and transmits YD2 to Alice.
Darth calculates K1 = (YB)XD1 mod q.
• Alice receives YD2 and calculates K2 = (YD2)XA mod q.125
126. Man-in-the-Middle Attack
• The key exchange protocol is vulnerable to such
an attack because it does not authenticate the
participants.
• This vulnerability can be overcome with the use
of digital signatures and public-key certificates
126
127. Elliptic curve arithmetic
• What are Elliptic Curves?
– y2 = x3 + ax + b a, b ϵ ℝ
–4a3 + 27b2 ≠ 0
• Characteristics of Elliptic Curve
– Forms an abelian group
– Symmetric about the x-axis
– Point at Infinity acting as the identity element
127
136. Reference
1. William Stallings, Cryptography and Network
Security, 6th Edition, Pearson Education,
March 2013.
2. Charlie Kaufman, Radia Perlman and Mike
Speciner, “Network Security”, Prentice Hall of
India, 2002.
136