Block Cipher cryptosystems

.Prof. Dr
Qasim Mohammed Hussein
 Block cipher
• A block cipher is a symmetric encryption that
operates on a plaintext block of n bits to
produce a ciphertext block of n bits.
• Typically, a block size of 64 or a block128 bits is
used There are 2n possible different plaintext
blocks and, for the encryption to be reversible,
each must produce a unique ciphertext block.
• Such a transformation is called reversible, or
nonsingular
Block cipher
 Block cipher
• A nonsingular and singular transformations for n  = •
2 illustrate as

• For reversible mappings, the number of different

transformations is
Block cipher
 Feistel cipher (FC)
• FC is a design model from which many
different block cipher are derived.
• A cryptographic system based of FC structure
use the same algorithm for both encryption
and decryption.
• Feistel cipher structure consists multiple
rounds of processing the plaintext, each
round consisting of a “substitution” step
followed by a permutation step.
 Feistel cipher
■ Substitution: Each plaintext element or group
of elements is uniquely replaced by a
corresponding ciphertext element or group of
elements.
Permutation: A sequence of plaintext elements
is replaced by a permutation of that sequence.
The order in of the elements appear in the
sequence is changed
 Diffusion and confusion
• Diffusion means that if we change a character of the
plaintext, then several characters of the ciphertext
should change.
• In diffusion, the statistical structure of the plaintext is
dissipated into long-range statistics of the ciphertext.
•  Confusion means that each binary digit of the
ciphertext should depend on several parts of the key,
obscuring the connections between the two. Also, it
means that each character of the ciphertext should
depend on several parts of the key
 Feistel cipher design features
Feistel network depends on the choice of the following
parameters and design features:
• Block size: Increasing size improves security, but
slows cipher. A block size of 64 bits or 128 bits.
• Key size: Increasing size improves security, makes
exhaustive key searching harder, but may slow
cipher. Key sizes of 128 bits has become a common
size.
• Number of rounds: Increasing number improves
security, but slows cipher. A typical size is 16 rounds.
 Feistel cipher design features
• Subkey generation algorithm: Greater complexity in this
algorithm should lead to greater difficulty of cryptanalysis.
• Round function F: Again, greater complexity generally means
greater resistance to cryptanalysis.
•  There are two other considerations in the design of a Feistel
cipher:
1) Fast software encryption/decryption: In many cases,
encryption is embedded in applications or utility functions in
such a way as to preclude a hardware implementation.
Accordingly, the speed of execution of the algorithm becomes a
concern.
2) Ease of analysis: Develop a higher level of assurance as to its
strength.
 Feistel example
• Suppose blocks size = 32, key size is 24 bits.
• Suppose that at the end of encryption round
fourteen, the value of the intermediate block
is DE7F03A6. Then LE14 = DE7F, RE14 = 03A6,
the value of K15 is 12DE52.
• After round 15, we have
• LE15 = 03A6 and RE15 = F(03A6, 12DE52)
⊕DE7F.
 Feistel example

To decryption, We assume that

LD1 = RE15 and RD1 = LE15, LD2 = RE14 and RD2 = LE14.
So, LD1 = F(03A6, 12DE52) ⊕DE7F and RD1 = 03A6.
Then, LD2 = 03A6 = RE14 and RD2 =
• F(03A6, 12DE52) ⊕[F(03A6, 12DE52) ⊕DE7F] = DE7F = LE14.
 Padding in block scheme
• A large block size make attacker harder, but
need padding.
• The plaintext length may be not multiple of
block size. The last block of bits need to add
other bits.
• The process of adding bits to the last block is
referred to as padding.
• Preferred Block size is a multiple of 8 bit , easy
to implemen.t
 Popular Block cipher schemes
• DATA ENCRYPTION STANDARD (DES) (1977). It
is now considered as broken due primarily to
its small key size.
• Triple DES: based on repeated DES
applications. Its respected but insufficient
compared to new faster block cipher.
• Advance encryption standards (AES).
• IDEA: sufficiently strong block cipher.
 Popular Block cipher schemes
• For DEA, data are encrypted in 64-bit blocks
using a 56-bit key.
 The algorithm transforms 64-bit input in a
series of steps into a 64-bit output.
 The same steps, with the same key, are used
to decryption.
 DATA ENCRYPTION STANDARD (DES)
• DES uses 16 round Feistel structure.
• Block size = 64 bits
• Key length = 64 bits, effective key length =48
since 8 of the key not used by the encryption
process.
• It require to specify:
 Round function
 Key schedule
 Any additional processing- initial and final
permutation
DES encryption algorithm
 DES encryption
The processing of the 64-bit plaintext proceeds in
three phases.
1) passes through an initial permutation (IP)
2) 16 rounds of the same function, which
involves both permutation and substitution
functions. The left and right halves of the
output are swapped to produce the preoutput.
The output of the last round consists of 64
bits .
3) A final permutation, being the inverse of IPf, to
produce the 64-bit ciphertext
What difference between Feistel cipher & DES algorithm
 The Avalanche Effect
• Desirable property of any encryption algorithm is
that a small change in either the plaintext or the key
should produce a significant change in the
ciphertext.
• In particular, a change in one bit of the plaintext or
one bit of the key should produce a change in many
bits of the ciphertext. This is referred to as the
avalanche effect.
• If the change were small, this might provide a way
to reduce the size of the plaintext or key space to be
searched.
 Initial & final permutation
The initial & final permutation are permutation
boxes (P-poxes) that are inverses of each other.
 Round Function
The heart of this
cipher is the DES
function, f. The DES
function applies a
48-bit key to the
rightmost 32 bits to
produce a 32-bit
output
 Expansion Permutation Box
•  Since right input is 32-bit and round key is
a 48-bit, there is a need to expand right
input to 48 bits

• DES Example:
• http://page.math.tu-berlin.de/~
kant/teaching/hess/krypto-ws2006/des.htm
 XOR & Substitution Boxes
• XOR (Whitener).  The XOR operation on the
expanded right section and the round key.
• Substitution Boxes. S-boxes carry out the real
mixing (confusion). DES uses 8 S-boxes, each
with a 6-bit input and a 4-bit output.  
 S-boxes
• There are a total of eight S-box tables. The
output of all eight s-boxes is then combined in
to 32 bit section.
 S-boxes
Straight Permutation :32-bit output of S-boxes
is then subjected to the straight permutation
with following rule.
 Key Generation
• The round-
key generator
creates
sixteen 48-bit
keys out of a
56-bit cipher
key.
 DES Analysis
• The DES satisfies both the desired properties of block
cipher that make cipher very strong.
• Avalanche effect : A small change in plaintext results
in the very great change in the ciphertext.
• Completeness :Each bit of ciphertext depends on
many bits of plaintext.
• During the last few years, cryptanalysis have found
some weaknesses in DES when key selected are weak
keys. These keys shall be avoided.
• There have been no significant cryptanalytic attacks
on DES other than exhaustive key search.
 DES example
• There is an example about how DES Works in
Detail, it is available at the link:

• https://
uomustansiriyah.edu.iq/media/lectures/9/9_2
018_12_30!04_26_44_PM.pdf
 Triple DES
• There are two variants of Triple DES known as
3-key Triple DES (3TDES) and 2-key Triple DES
(2TDES).
• Before using 3TDES, user first generate three
different DES keys K1, K2 and K3 , length 3×56 =
168 bits. 
Triple DES
 TDES encryption-decryption process
• Encrypt the plaintext blocks using single DES with
key K1.
• Decrypt the output of step 1 using single DES with
key K2.
• Finally, encrypt the output of step 2 using single
DES with key K3.
• The output of step 3 is the ciphertext.
• Decryption of a ciphertext is a reverse process.
User first decrypt using K3, then encrypt with
K2, and finally decrypt with K1.
 Advanced Encryption Standard (AES)
• The more popular and widely adopted
symmetric encryption algorithm is the
Advanced Encryption Standard (AES).
• The features of AES are as follows −
• Symmetric key symmetric block cipher
• 128-bit data, 128/192/256-bit keys
• Stronger and six time faster than Triple-DES
• Provide full specification and design details
• Software implementable in C and Java
 AES
• AES performs all its computations on bytes rather than
bits.
• AES treats the 128 bits of a plaintext block as 16 bytes.
• The 16 bytes are arranged in four columns and four
rows for processing as a matrix.
• Number of rounds in AES is variable and depends on
the length of the key.
• AES uses 10 rounds for 128-bit keys, 12 rounds for 192-
bit keys and 14 rounds for 256-bit keys.
• Each of these rounds uses a different 128-bit round key,
which is calculated from the original AES key.
AES structure
 AES Encryption Process
If last round
outputciphertext
Else go to next
round

Input= 16 bytes are substituted by looking up a S-

box .output is in a matrix of 4 rows and 4 columns.
Shift the 4 rows of the matrix to the left as
follows: R1<<0; R2<<1 ; R3<< 2; R4<<3 ; output:
new 16 byte new matrix
special mathematical function transform each
column (4 B) to new 4B. The result is a new 16 byte
.matrix. This step is not performed in the last round

The 16 Byte (128 bit) are

XORed with 128 bit of the
round key
 Decryption Process
• The process of decryption of an AES ciphertext is similar
to the encryption process in the reverse order.
• Each round consists of the four processes conducted in
the reverse order :
 Add round key
 Mix columns
 Shift rows
 Byte substitution
• Since sub-processes in each round are in reverse manner,
unlike for a Feistel Cipher, the encryption and decryption
algorithms needs to be separately implemented, although
they are very closely related.
 AES Analysis
• AES is widely adopted and supported in both
hardware and software.
• Till date, no practical cryptanalytic attacks
against AES has been discovered.
• Additionally, AES has built-in flexibility of key
length, which allows a degree of ‘future-
proofing’ against progress in the ability to
perform exhaustive key searches.
 BLOCK CIPHER DESIGN PRINCIPLES
1) Number of Rounds
• The greater the number of rounds, the more difficult
it is to perform cryptanalysis, even for a relatively
weak F.
• In general, the number of rounds is chosen so that
known cryptanalytic efforts require greater effort
than a simple brute-force key search attack.
• in DES with 16-round DES, the differential
cryptanalysis attack requires 255.1 operations, whereas
brute force requires 255.
 BLOCK CIPHER DESIGN PRINCIPLES
2) Design of Function F
• "F" is the heart of a Feistel block cipher, which provides
the element of confusion .
• One criterion is that F be nonlinear. The more nonlinear
F, the more difficult any type of cryptanalysis will be.
• The algorithm to have good avalanche properties.
• strict avalanche criterion (SAC) states that any output
bit j of an S- should change with probability 1/2 when
any single input bit i is inverted for all i, j.
• Bit independence criterion (BIC) states that output bits
j and k should change independently when any single
input bit i is inverted for all i, j, and k.
 BLOCK CIPHER DESIGN PRINCIPLES
• Key Schedule Algorithm
• Generate one subkey for each round.
• In general, select subkeys to maximize the
difficulty of deducing individual subkeys and the
difficulty of working back to the main key.
• No general principles for this have yet been
promulgated. But at minimum, the key schedule
should guarantee key/ciphertext Strict Avalanche
Criterion and Bit Independence Criterion.
•  
 ECB Mode / Block cipher modes

Analysis of A ciphertext from ECB can allow an

attacker to guess the plaintext by trial-and-error
if the plaintext message is within predictable.
• In general, we do not wish to use a
deterministic cipher, and hence the ECB mode
should not be used in most applications.
Cipher Block Chaining (CBC) Mode
 Analysis of CBC Mode
• In CBC mode, the current plaintext block is added to the
previous ciphertext block, and then the result is encrypted
with the key.
• Decryption is thus the reverse process, which involves
decrypting the current ciphertext and then adding the
previous ciphertext block to the result.
• Advantage of CBC over ECB is that changing IV results in
different ciphertext for identical message.
• Drawback , the error in transmission gets propagated to
few further block during decryption due to chaining effect.
• it has an advantage for those applications that require
both symmetric encryption and data origin authentication.
Cipher Feedback (CFB) Mode
 Analysis of CFB Mode
• The ciphertext corresponding to a given plaintext block depends
on plaintext block ,the key, and the previous ciphertext block.
In other words, the ciphertext block is dependent of message.
• CFB has a very strange feature. In this mode, user decrypts the
ciphertext using only the encryption process of the block cipher.
• CFB mode convert a block cipher into a type of stream cipher.
The encryption algorithm is used as a key-stream generator to
produce key-stream that is placed in the bottom register. This
key stream is then XORed with the plaintext
• CFB mode provides some of the advantageous properties of a
stream cipher while retaining the advantageous properties of a
block cipher.
• Errors of transmission gets propagated due to changing of block
Output Feedback (OFB) Mode
Counter (CTR) Mode
 Analysis of Counter Mode
• ciphertext block does not depend on the
previous plaintext blocks.
• CTR mode also converts a block cipher to a
stream cipher.
• The disadvantage of CTR mode is that it
requires a synchronous counter at sender and
receiver. Loss of synchronization leads to
incorrect recovery of plaintext.
• CTR mode does not propagate error of
transmission at all.
Block Cipher Modes of Operation
 Block cipher attack Techniques
• The generic attacks are:   •
• Linear cryptanalysis attack.it post a linear relationship
between the elements of plaintext, the ciphertext and
the key and tries to find a linear approximation to the
action of cipher.
…

• Differential cryptanalysis attack: It aims bitwise

difference in inputs to differences in the output in
order to reverse engineer the action of the encryption
algorithm.
 Block cipher attack Techniques
• Slide attack: It work by analyzing the key
schedule and exploiting weakness in it to break
the cipher.
• Related key attack: the attacker tries to
observe the operation of cipher under several
different keys whose values are initially
unknown, but where some mathematical
relationship connecting the keys is know to the
attacker.