Professional Documents
Culture Documents
NETWORK SECURITY
PART-A
UNIT-2
UNIT - 2
SYMMETRIC CIPHERS: Symmetric Cipher Model, Substitution Techniques,
Transposition Techniques, Simplified DES, Data encryption standard (DES), The strength of
DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles and Modes of
Operation, Evaluation Criteria for Advanced Encryption Standard, The AES Cipher.
TEXT BOOK:
1. Cryptography and Network Security, William Stalling, Pearson Education, 2003.
REFERENCE BOOKS:
1. Cryptography and Network Security, Behrouz A. Forouzan, TMH, 2007.
2. Cryptography and Network Security, Atul Kahate, TMH, 2003.
UNIT - 2
SYMMETRIC CIPHERS: Symmetric Cipher Model, Substitution Techniques,
Transposition Techniques, Simplified DES, Data encryption standard (DES), The strength of
DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles and Modes of
Operation, Evaluation Criteria for Advanced Encryption Standard, The AES Cipher.
1. SYMMETRIC CIPHERS
We assume that it is impractical to decrypt a message on the basis of the Cipher text plus
knowledge of the encryption/decryption algorithm. In other words, we do not need to keep
the algorithm secret; we need to keep only the key secret.
Y=E (K, X)
The intended receiver with the key is able to invert the transformation:
X=D (K, Y)
1. The Type of operations used for transforming plaintext to cipher text. All
encryption algorithms are based on two general principles:
Substitution: each element in the plaintext (bit, letter, group of bits or letters)
is mapped into another element,
Transposition: elements in the plaintext are rearranged.
If both sender and receiver use the same key, the system is referred to as
symmetric, single-key, secret-key, or conventional encryption.
If the sender and receiver use different keys, the system is referred to as
asymmetric, two-key, or public-key encryption.
A block cipher processes the input one block of elements at a time, producing an
output block for each input block.
A stream cipher processes the input elements continuously, producing output one
element at a time, as it goes along.
Or
CRYPTOGRAPHY [DEC-2013 / JAN-2014 (4M)]
The word cryptography was derives from combining 2 Greek words. “Krypto” it
means “hidden” and “graphene” meaning “writing”. Cryptography is the art of secret
information writing or secret data writing.
The main goal of cryptography is a data secure from unauthorized persons or
attackers or hackers.
Cryptography is a method of storing and transmitting data in a particular form so that
only those for whom it is intended can read and process it.
Advantages
Enter (key) length will be generally short.
Symmetric key cipher can be joined together to prepare stronger ciphers.
It hides those secret or confidential messages and your protection or privacy may be
sheltered or protected or safe.
application
On line banking.
On line transaction.
Media data base system.
Medical application. Etc
The objective of attacking an encryption system is to recover the key in use rather
than simply to recover the plaintext of a single cipher text. There are two general approaches
to attacking a conventional encryption scheme:
Brute-force attack: The attacker tries every possible key on a piece of cipher text
until an intelligible translation into plaintext is obtained. On average, half of all
possible keys must be tried to achieve success.
If either type of attack succeeds in deducing the key, then future and past messages
encrypted with that key are compromised.
The following table summarizes the various types of cryptanalytic attacks based on the
amount of information known to the cryptanalyst.
6 SUBSTITUTION TECHNIQUES
The two basic building blocks of all encryption techniques are substitution and
transposition. A substitution technique is one in which the letters of plaintext are replaced by
other letters or by numbers or symbols.1 If the plaintext is viewed as a sequence of bits, then
substitution involves replacing plaintext bit patterns with cipher text bit patterns.
The encryption rule is simple; replace each letter of the alphabet with the letter
standing 3 places further down the alphabet.
The alphabet is wrapped around so that Z follows A.
Example:
Note that the alphabet is wrapped around, so that the letter following Z is A.
We can define the transformation by listing all possibilities, as follows:
Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
Cipher: d e f g h i j k l m n o p q r s T u v w x y z a b c
Let us assign a numerical equivalent to each letter:
a b c d e f g H i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25
Then the algorithm can be expressed as follows. For each plaintext letter p, substitute
the cipher text letter.
C = E (3, p) = (p + 3) mod 26
A shift may be of any amount, so that the general Caesar algorithm is
C = E (k, p) = (p + k) mod 26
Where k takes on a value in the range 1 to 25. The decryption algorithm is simply
p = D (k, C) = (C - k) mod 26
If it is known that a given cipher text is a Caesar cipher, then a brute-force
cryptanalysis is easily performed: simply try all the 25 possible keys.
Three important characteristics of this problem enabled us to use a brute force cryptanalysis:
1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.
Instead of shifting alphabets by the fixed amount as in Caesar cipher, any random
permutation is assigned to the alphabets. This type of encryption called
Monoalphabetic substitution cipher.
For example, a replaced by Q, B by D, C by T etc. then it will be comparatively
stronger than Caesar.
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
The plaintext encrypted two letters at a time, according to the following rules:
Repeating plaintext letters that are in the same pair are separated with a filler
letter, such as x, so that balloon would be treated as ba lx lo on.
Two plaintext letters that fall in the same row of the matrix are each replaced by
the letter to the right, with the first element of the row circularly following the
last.
For example, ar is encrypted as RM.
Two plaintext letters that fall in the same column are each replaced by the letter
beneath, with the top element of the column circularly following the last.
For example, mu is encrypted as CM.
Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its
own row and the column occupied by the other plaintext letter. Thus, hs become
BP and ea becomes IM (or JM, as the enciphered wishes).
Security much improved over Monoalphabetic as here two letters are encrypted at a
time and hence there are 26 X 26 =676 diagrams and hence it needs a 676 entry
frequency table.
However, it can break even if a few hundred letters known as much of plaintext
structure retained in the cipher text.
C = PK mod 26
Where C and P are row vectors of length 3 representing the plaintext and cipher text,
and K is a 3 X 3 matrix representing the encryption key
Key is an invertible matrix K modulo 26, of size m. For example:
Encryption and decryption can give by the following formulae: Hill Cipher
Encryption: C =E (K, P) = PK mod 26
The strength of the Hill cipher is that it completely hides single-letter frequencies.
Although the Hill ciphers strong against a cipher text-only attack, it easily broke with
a known plaintext attack.
Collect m pair of plaintext-cipher text, where m is the size of the key.
Write the m plaintexts as the rows of a square matrix P of size m.
Write the m cipher texts as the rows of a square matrix C of size m.
We have that C=PK mod 26.
If P is invertible, then K=13-1C mod 26,
If P is not invertible, then collect more plaintext-cipher text pairs until an invertible P
obtained.
To encrypt a message, a key needed that is as long as the message. Usually, the key a
repeating
We can express the Vigenere cipher in the following manner. Assume a sequence of
plaintext letters P =𝑃0 , 𝑃1 , 𝑃2 ...... 𝑃𝑛−1 and a key consisting of the sequence of letters
K =𝐾0 , 𝐾1 , 𝐾2 … 𝐾𝑚 −1 , where typically m 6 n. The sequence of cipher text letters C =
𝐶0 , 𝐶1 , 𝐶2 … … 𝐶𝑛−1 is calculated as follows:
C = 𝐶0 , 𝐶1 , 𝐶2 … … 𝐶𝑛−1 = E (K, P) = E [(𝐾0 , 𝐾1 , 𝐾2 … 𝐾𝑚 −1 ,), (P =𝑃0 , 𝑃1 ,
𝑃2 ...... 𝑃𝑛 −1 )] = (𝑃0 +𝐾0 , ) mod 26, ( 𝑃1 + 𝐾1 ) mod 26 .......... (𝑃𝑚 −1 +𝐾𝑚 −1 ) mod 26,
(𝑃𝑚 +𝐾0 , ) mod 26, (𝑃𝑚 +1 + 𝐾1 ) mod 26, c, (𝑃2𝑚 −1 + 𝐾𝑚 −1 ) mod 26,........
Thus, the first letter of the key is added to the first letter of the plaintext, mod 26, the
second letters are added, and so on through the first m letters of the plaintext.
For the next m letters of the plaintext, the key letters are repeated. This process
continues until all of the plaintext sequence is encrypted.
A general equation of the encryption process is
To encrypt a message, a key is needed that is as long as the message. Usually, the key
is a repeating keyword. For example, if the keyword is deceptive, the message “we
are discovered save yourself” is encrypted as
Key: d e c e p t i v e d e c e p t i v e d e c e p t i v e
Plaintext: w e a r e d i s c o v e r e d s a v e y o u r s e l f
Cipher text: Z I C V T W Q N G R Z G V T W A V Z H C Q Y G L M G J
Expressed numerically, we have the following result.
The strength of this cipher is that there are multiple cipher text letters for each plaintext
letter, one for each unique letter of the keyword.
Thus, the letter frequency information obscured, however, not all knowledge of the
plaintext structure lost.
His system works on binary data (bits) rather than letters. The system can be
expressed succinctly as follows (Above figure 3)
The cipher text is generated by performing the bitwise XOR of the plaintext and the
key. Because of the properties of the XOR, decryption simply involves the same
bitwise operation.
7 TRANSPOSITION TECHNIQUES
e tefeteoaat
The encrypted message is
MEMATRHTGPRYETEFETEOAAT
This sort of thing would be trivial to crypt analyze.
A more complex scheme is to write the message in a rectangle, row by row, and read
the message off, column by column, but permute the order of the columns. The order
of the columns then becomes the key to the algorithm. For example,
Thus, in this example, the key is 4312567. To encrypt, start with the column that is
labelled 1, in this case column 3. Write down all the letters in that column. Proceed to
column 4, which is labelled 2, then column 2, then column 1, then columns 5, 6, and 7.
A pure transposition cipher is easily recognized because it has the same letter
frequencies as the original plaintext. For the type of columnar transposition just
shown, cryptanalysis is fairly straightforward and involves laying out the cipher text
in a matrix and playing around with column positions. Diagram and trigram frequency
tables can be useful.
The transposition cipher can be made significantly more secure by performing more
than one stage of transposition. The result is a more complex permutation that is not
easily reconstructed. Thus, if the foregoing message is re-encrypted using the same
algorithm,
To visualize the result of this double transposition, designate the letters in the original
plaintext message by the numbers designating their position. Thus, with 28 letters in the
message, the original sequence of letters is
Which has a somewhat regular structure. But after the second transposition, we have
DES encrypts 64-bit blocks using a 56-bit key and produces a 64-bit cipher text.
Same steps, with the same key, used to reverse the encryption with the order of the
keys reversed. The DES widely used.
Encryption function has two inputs: the plaintext to be encrypted and the key.
The followed criteria need to be taken into account when designing a block cipher:
Number of Rounds: The greater the number of rounds. The more difficult it is to perform
cryptanalysis, even for a weak function. The number of rounds chosen so that efforts required
to crypt analyze it becomes greater than a simple brute-force attack.
Design of Function F: F should be nonlinear and should satisfy strict avalanche criterion
(SAC) and bit independence criterion (BIC).
S-Box Design: S-Box obviously should non-linear and should satisfy SAC, BIC, and
Guaranteed Avalanche criteria. One more obvious characteristic of the S-box is its size.
Larger S-Boxes provide good diffusion but also result in greater look-up tables. Hence,
general size is 8 to 10.
Key schedule Algorithm: With any Feistel block cipher, the key used to generate one sub
key for each round. In general, sub keys should be selected such that it should be deduced sub
keys from one another or main key from the sub key.
1. This is the simplest mode in which plaintext is handled one block at a time and each
block of plaintext is encrypted using the same key.
2. The term codebook is used because, for a given key, there is a unique cipher text for
every -bit block of plaintext.
3. Therefore, we can imagine a huge codebook in which there is an entry for every possible
b-bit plaintext showing its corresponding cipher text.
4. For a message longer than b bits, the procedure is simply to break the message into b-bit
blocks, padding the last block if necessary.
Decryption is performed one block at a time, always using the same key.
For lengthy messages, ECB mode may be not secure. If the message has repetitive
elements, then these elements can be identified by the analyst.
Thus, the ECB method is ideal for a short amount of data, such as an encryption key.
Lists the following criteria and properties for evaluating and constructing block cipher modes
of operation that are superior to ECB:
Overhead: The additional operations for the encryption and decryption operation when
compared to encrypting and decrypting in the ECB mode.
Error recovery: The property that an error in the ith cipher text block is inherited by
only a few plaintext blocks after which the mode resynchronizes.
Error propagation: The property that an error in the ith cipher text block is inherited by
the ith and all subsequent plaintext blocks. What is meant here is a bit error that occurs in
the transmission of a cipher text block, not a computational error in the encryption of a
plaintext block.
Diffusion: How the plaintext statistics are reflected in the cipher text. Low entropy
plaintext blocks should not be reflected in the cipher text blocks. Roughly, low entropy
equates to predictability or lack of randomness
Security: Whether or not the cipher text blocks leak information about the plaintext
blocks.
To overcome the security deficiencies of ECB, a technique is needed in which the same
plaintext block, if repeated, produces different cipher text blocks.
A simple way to satisfy this requirement is the cipher block chaining (CBC) which is
shown in the figure.
In this mode, the input to the encryption algorithm is the X-OR of the current plaintext
block and the preceding cipher text block; the same key is used for each block.
The input to the encryption function for each plaintext block has no fixed relationship to
the plaintext block.
Therefore, repeating patterns will not produce the same cipher text.
The last block is padded to a full b bits if it is a partial block.
For decryption, each cipher block is passed through the decryption algorithm. The result
is X-OR ed with the preceding cipher text block to produce the plaintext block.
The expressions for CBC are: Modes: Operations
Encryption:
Cj = E (K, [Cj-1 Pj])
Decryption:
D (K, Cj) = D (K, E (K, [Cj-1 Pj]))
D (K, Cj) = Cj-1 Pj
Cj-1 D (K, Cj) = Cj-1 Cj-1 Pj = Pj
DES is a block cipher, but it may be used as a stream cipher if the Cipher Feedback Mode
(CFM) or the Output Feedback Mode (OFB) is used. CFB scheme is depicted below.
In addition, the contents of the shift register are shifted left by s bits and C1 is placed
in the rightmost s bits of the shift register.
This process continues until all plaintext units have been encrypted.
Decryption: The same scheme used except that the received cipher text unit is X-
ORed with the output of the encryption function to produce the plaintext unit.
The main disadvantage of this scheme is that bit error in one cipher text propagates to
This mode used in ATM (asynchronous transfer mode) and IP Sec (IP security) nowadays.
In the original design, the order of transformations in each round is not the same in the cipher
and reverse cipher. Shown in below figure 5.
1st, the order of sub bytes and shift rows is changed in the reverse cipher.
2nd, the order of mix columns and Add round key is changed in the reverse cipher.
This difference in ordering is needed to make each transformation in the cipher
aligned with its inverse in the reverse cipher.
Consequently, the decryption algorithm as a whole is the inverse of the encryption
algorithm.
We have shown only three rounds, but the rest is the same.
Note that the round keys are used in the reverse order.
Note that the encryption and decryption algorithms in the original are not similar.
OR
Figure 11: cipher and inverse cipher of the original design or AES Encryption and
Decryption
11.2 Alternative design
1. Sub Bytes / shift rows pairs
Sub bytes change the contents of each bytes without changing the order of the
bytes in the state; shift rows change the order of the bytes in the state without
changing the content of the bytes. This implies that we can change the order of
these two transformations in the inverse cipher without affecting the invertibility
of the whole algorithm. Below fig 6 shows the idea.
Note that the combination of two transformations in the cipher and inverse cipher
are the inverse of each other.
Now we can show the cipher and inverse cipher for the alternate design.
Note that we still need to use two add round key transformations in the
decryption.
In other words, we have nine InvAddRoundKey and two Addroundkey
transformation as shown in below fig8
Figure 14: cipher and reverse cipher in alternate design or AES Encryption and
Decryption in alternate design
Figure 10 (b). Shows the expansion for the 128-bit key. Each word is four bytes, and
the total key schedule is 44 words for the 128-bit key. Note that the ordering of bytes
Within a matrix is by column.
So, for example, the first four bytes of a 128-bit plaintext input to the encryption
cipher occupy the first column of the in matrix, the second four bytes occupy the
second column, and so on. Similarly, the first four bytes of the expanded key, which
form a word, occupy the first column of the w matrix.
functions: Sub Bytes, Shift Rows, Mix Columns, and Addroundkey, which are
described subsequently.
The final round contains only three transformations, and there is a initial single
transformation (Addroundkey) before the first round, which can be considered Round
0. Each transformation takes one or more 4 X 4 matrices as input and produces a 4 X
4 matrix as output.
Figure 9 shows that the output of each round is a 4 X 4 matrix, with the output of the
final round being the cipher text. Also, the key expansion function generates N + 1
round key, each of which is a distinct 4 X 4 matrix. Each round key serves as one of
the inputs to the Addroundkey transformation in each round.
The left and right halves are treted as separate 32-bit quantities, labelled L (left) and R
(right).
The overall processing at each round can be summarized as:
𝐿𝑖 = 𝑅𝑖 -1
𝑅𝑖 = 𝐿𝑖 -1 ⊕ {F (𝑅𝑖 -1,𝑘𝑖 )}
Expansion (E)
The 32-bit input first expanded to 48 bits. o Bits of input split into groups of 4 bits.
Each group wrote as groups of 6 bits by taking the outer bits from the two adjacent
groups.
For example: … efgh ijkl mnop … is expanded to … defghi hijklm lmnopq …
Substitution (S-Box)
This 48-bit result input to S-Boxes that perform a substitution on input and produces a 32-bit
output.
It is easy to understand S-Box by the following figure:
Permutation (P)
The result permuted using a permutation table.
A 64-bit key used as input to the algorithm while only 56 bits actually used. Every eighth
bit ignored. Sub-keys at each round generated as given below:
The key first permuted using a table named Permuted Choice One table (6).
The resulting 56-bit key divided into two 28-bit quantities, C0 and D0. At each round, Ci-
1 and Di-1 separately subjected to a circular left shift of 1 or 2 bits, as governed by a table.
Moreover, these shifted values forwarded to the next round. They are also inputting to a
permutation table Permuted Choice Two table (7).
The table produces a 48-bit output that serves as the round key ki.
A. Stream ciphers
A stream cipher is one that encrypts a digital data stream one bit or one byte at a time.
Examples: one time pad
In which the key stream (ki) is as long as the plaintext bit stream (pi).
If the cryptographic key stream is random, then this cipher is unbreakable by any
means other than acquiring the key stream.
However, the key stream must be provided to both users in advance via some
independent and secure channel.
(Figure 13)
portions of the bit stream. The two users need only share the generating key, and each can
produce the key stream.
B. Block ciphers
A block cipher is one in which a block of plaintext is treated as a whole and used to
produce a cipher text block of equal length.
Typically, a block size of 64 or 128 bits is used.
As with a stream cipher, the two users share a symmetric encryption key (Figure 14).
[JUNE/JULY-2013(8M)]
0r
The inputs to the encryption algorithm are a plaintext block of length 2w bits and a key K.
The plaintext block is divided into two halves 𝐿𝑂 and 𝑅𝑂
The two halves of the data pass through rounds of processing and then combine to
produce the cipher text block.
Each round has as inputs 𝐿𝑖−1 and 𝑅𝑖−1 derived from the previous round, as well as a sub
key 𝐾𝑖 derived from the overall K.
Any number of rounds could implement and all rounds have the same structure.
A substitution is performed on the left half of the data. This done by applying around
function F.
The Round Function F: F takes the right-half block of the previous round and a sub key as
input.
The output of the function XORed with the left half of the data.
Dept. of ECE, BGSIT, BG Nagara, Mandya Page 37
NETWORK SECURITY 10EC832
The process of decryption with a Feistel cipher is same as the encryption process.
The cipher text input to the algorithm and the sub keys used in reverse order. That is, sub
key of the last round in encryption used in the first round in decryption, second last in the
second round, and so.
The exact realization of a Feistel network depends on the choice of the following
parameters:
Block size: Larger block sizes mean greater security but reduced encryption/decryption
speed for a given Traditionally, a block size of 64 bits used which gives enough security
without greatly affecting the speed.
Key size: Larger key size means greater security but may decrease encryption/ decryption
speed. The greater security achieved by greater resistance to brute-force attacks and
greater confusion. Key sizes of 64 bits or less now widely considered to inadequate, and
128 bits has become a common size.
The number of rounds: The essence of the Feistel cipher that a single round offers
inadequate security but that multiple rounds offer increased security. A typical size 16
rounds.
Sub key generation algorithm: Greater complexity in this algorithm leads to greater
difficulty of cryptanalysis
The focus of concern has been on the eight substitution tables, or S-boxes, that are
used in each iteration. Because the design criteria for these boxes, and indeed for the
entire algorithm, were not made public, there is a suspicion that the boxes were
constructed in such a way that cryptanalysis is possible for an opponent who knows
the weaknesses in the S-boxes. This assertion is tantalizing, and over the years a
number of regularities and unexpected behaviors of the S-boxes have been
discovered. Despite this, no one has so far succeeded in discovering the supposed
fatal weaknesses in the S-boxes.
Differential Cryptanalysis
Each round of DES maps the right-hand input into the left-hand output and sets the
right-hand output to be a function of the left-hand input and the sub key for this
round. So, at each round, only one new 32-bit block is created.
If we label each new block m1(2 I 17), then the intermediate message halves are
related as follows:
In differential cryptanalysis, we start with two messages, m and m', with a known XOR
difference m = m m' and consider the difference b/w the intermediate message
halves: 𝑚𝑖 = 𝑚𝑖 𝑚𝑖+1
′
. then we have
Now, suppose that many pairs of inputs to f with the same difference yield the same
output difference if the same sub key is used. To put this more precisely, let us say
that X may cause Y with probability p, if for a fraction p of the pairs in which the
input XOR is X, the output XOR equals Y.
We want to suppose that there are a number of values of X that have high probability
of causing a particular output difference. Therefore, if we know Dmi-1 and Dmi with
high probability, then we know Dmi+1 with high probability.
Furthermore, if a number of such differences are determined, it is feasible to
determine the sub key used in the function f.
The overall strategy of differential cryptanalysis is based on these considerations for a
single round.
The procedure is to begin with two plaintext messages m and m' with a given
difference and trace through a probable pattern of differences after each round to yield
a probable difference for the cipher text.
there are two probable patterns of differences for the two 32-bit halves: (m17||m16).
Next, we submit m and m' for encryption to determine the actual difference under the
unknown key and compare the result to the probable difference. If there is a match,
Then we suspect that all the probable patterns at all the intermediate rounds are
correct. With that assumption, we can make some deductions about the key bits. This
procedure must be repeated many times to determine all the key bits.
Linear Cryptanalysis
We now give a brief summary of the principle on which linear cryptanalysis is based. For a
cipher with n-bit plaintext and cipher text blocks and an m-bit key, let the plaintext block be
labelled P[1], ... P[n], the cipher text block C[1], ... C[n], and the key K[1], ... K[m]. Then
define
The objective of linear cryptanalysis is to find an effective linear equation of the form:
1. There is the practical problem of making large quantities of random keys. Any heavily
used system might require millions of random characters on a regular basis.
Supplying truly random characters in this volume is a significant task.
2. Another problem is that of key distribution and protection. For every message to sent,
a key of equal length needed by both sender and receiver.
Because of these difficulties, the one-time pad used where very high security required.
The one-time pad is the only cryptosystem that exhibits perfect secrecy.
The main idea of steganography is to hide secret messages in the other cover digital
Medias such as a text, video, and audio, image etc. show that someone or hacker or other
person cannot know the presence of the secret information.
There are three basic types of steganography
a. Pure or Stegano-graphy.
b. secret key Stegano-graphy.
c. Public key Stegano-graphy.
a. Pure-steganography: is embedding the secret information or message into the thing (item)
without using any private keys. Pure Stegano-graphy is entirely depends upon secrecy. In this
steganography uses a cover image in which information is to be embedded.
Secret key steganography: in this technique uses the individual key for combine the
Information into The thing (item), so this will be similar to symmetric key. For a Decryption
it will be uses the same-key, which will be utilized to encryption.
Encryption used for private - key and Decryption used for public- key & it is saved in a
public database.
Applications
of the data; the function fk again; and finally a permutation function that is the inverse of the
initial permutation( I𝑃 −1 ) .
The function fk takes as input not only the data passing through the encryption
algorithm, but also an 8-bit key. Here a 10-bit key is used from which two 8-bit sub keys are
generated. The key is first subjected to a permutation (P10). Then a shift operation is
performed. The output of the shift operation then passes through a permutation function that
produces an 8-bit output (P8) for the first sub key (K1). The output of the shift operation also
feeds into another shift and another instance of P8 to produce the second sub key (K2).
Where
Decryption is also shown in above fig25 and is essentially the reverse of encryption:
P10 (k1, K2, k3, k4, k5, k6, k7, k8, k9, k10) = (k3, k5, K2, k7, k4, k10 10, k1, k9, k8, k6)
P10 can be concisely defined by the display:
The result is sub key 1 (K1). In our example, this yields (10100100). We then go back to the
pair of 5-bit strings produced by the two LS-1 functions and performs a circular left shift of 2
bit positions on each string. In our example, the value (00001 11000) becomes (00100
00011). Finally, P8 is applied again to produce K2. In our example, the result is (01000011).
23 S-DES ENCRYPTION
Encryption involves the sequential application of five functions.
The input to the algorithm is an 8-bit block of plaintext, which we first permute using
the IP function:
This retains all 8 bits of the plaintext but mixes them up.
The Function fk
The most complex component of S-DES is the function fk, which consists of a
combination of permutation and substitution functions. The functions can be expressed as
follows. Let L and R be the leftmost 4 bits and rightmost 4 bits of the 8-bit input to fk, and let
F be a mapping (not necessarily one to one) from 4-bit strings to 4-bit strings. Then we let
We now describe the mapping F. The input is a 4-bit number (n1 n2 n3 n4). The first
operation is an expansion/permutation operation:
e.g., R= 1101
The 8-bit sub key K1 = (k11, k12 12, k13 13, k14 14, k15 15, k16 16, k17 17, k18) is added
to this value using exclusive-OR:
The first 4 bits (first row of the preceding matrix) are fed into the S-box S0 to produce a 2- bit
output, and the remaining 4 bits (second row) are fed into S1 to produce another 2-bit output.
These two boxes are defined as follows:
The S-boxes operate as follows. The first and fourth input bits are treated as a 2-bit number
that specify a row of the S-box, and the second and third input bits specify a column of the S-
box. The entry in that row and column, in base 2, is the 2-bit output. For example, if
(p0,0 p0,3) = ) (00) and ( p0,1 p0,2) = (10), then the output is from row 0, column 2 of S0,
which is 3, or (11) in ) binary. Similarly, (p1,0 p1,3) and ( p1,1p1,2) are used to index into a
row and column of S1 to produce an additional 2 bits. Next, the 4 bits produced by S0 and S1
undergo a further permutation as follows:
2. with a block diagram. Explain Feistel encryption and decryption algorithm. [JUNE-2012 -
10M]
3. Write a note on one-time pad. [JUNE-2012 -4M]
4. With a block diagram, explain DES encryption and key generation technique. [[JUNE-
2012 -10M]
DEC-2012
1. With a neat diagram, explain the single round DES encryption. [DEC-2012(10M)]
94
2. Encrypt the plaintext “CRYPTOGRAPHY” using Hill cipher technique. Key K= .
57
[DEC-2012(10M)]
JUNE/JULY-2013
1. Explain the working of the Playfair cipher with an example. [JUNE/JULY-2013(10M)]
2. Distinguish block cipher and stream cipher with examples. [JUNE/JULY-2013(8M)]
3. Explain block cipher design principles. [JUNE/JULY-2013(8M)]
4. Briefly describe about steganography. [JUNE/JULY-2013(4M)]
DEC-2013 / JAN-2014
1. Define the terms cryptography and steganography.[ DEC-2013 / JAN-2014 (4M)]
6 24 1
2. Encrypt the message “ACT” using the Hill Cipher key K= 13 16 10 . And also the
20 17 15
calculations for the corresponding decryption of the cipher text to recover original plain text
8 5 10
𝐾 −1 = 21 8 21 . [DEC-2013 / JAN-2014 (10M)]
21 12 8
3. With the help of a block diagram, explain the overall structure of the S-DES. Explain the
role of sub key generation with suitable analysis. [DEC-2013 / JAN-2014 (10M)]
DEC-2014/JAN-2015
7 8
1. Encrypt the plain text “Hard work” using hill cipher with the key . [DEC -
19 3
2014/JAN-2015 (8M)]
2. With a neat diagram, explain the single round of DEC encryption. [DEC-2014 / JAN-2015
(8M)]
3. In S-DES 10 bit key is 1000100010. Find the sub key K1 and K2 if
𝑃10 = 3 5 2 7 4 10 1 9 8 6
𝑃8 = 6 3 7 4 8 5 10 9. [DEC-2014/JAN-2015 (8M)]