MODULE 1

A model for Network Security, Classical encryption techniques: Symmetric

cipher model, Substitution ciphers-Caesar Cipher, Monoalphabetic Cipher,
Playfair Cipher, Hill Cipher, Polyalphabetic Ciphers, One time pad,
Steganography. Block Ciphers and Data Encryption Standards: Traditional
Block Cipher structures, data Encryption Standard (DES), A DES Example, The
strength of DES, Block cipher design principles.

A model for Network Security

A model for network security involves the secure transfer of messages between two cooperating parties
over the Internet using protocols like TCP/IP. To protect the communication from threats such as loss of
confidentiality or authenticity, security techniques are applied. These techniques rely on two key
components: a security-related transformation (e.g., encryption) and secret information (e.g., a
shared encryption key) known only to the communicating parties. Sometimes, a trusted third party is
involved to distribute secret keys or settle disputes regarding message authenticity.
The model defines four essential tasks in creating a security service: (1) designing a strong algorithm,
(2) generating secret keys, (3) distributing the keys securely, and (4) specifying a protocol that uses both
the algorithm and key for secure communication.
Beyond communication security, systems must also be protected from unwanted access like hackers,
insiders, and malicious software (e.g., viruses and worms). Such threats fall into information access
(unauthorized data use) and service threats (disruption of legitimate use). Defenses include
gatekeeper functions like password logins and virus scanning, and internal controls that detect and
respond to intrusions.

Symmetric cipher Model

A symmetric encryption scheme involves five key components:
1. Plaintext – The original readable message or data.
2. Encryption algorithm – Performs substitutions and transformations on the plaintext.
 3. Secret key – An independent value used by the algorithm to produce di erent outputs for
di erent keys.
4. Ciphertext – The scrambled, unreadable output dependent on both plaintext and key.
5. Decryption algorithm – Reverses the encryption to recover the original plaintext using the key.

For secure use, two main requirements exist:

1. A strong encryption algorithm, so that even with access to the algorithm and ciphertexts (and
possibly the corresponding plaintexts), an opponent cannot decipher or discover the key.
2. The secret key must be securely shared between sender and receiver and kept confidential.
Importantly, the algorithm need not be secret; only the key must be. This enables cost-e ective
hardware implementations and wide adoption. The primary challenge lies in maintaining key secrecy.
In detail, a plaintext message X = [X₁, X₂, ..., Xₘ], consisting of symbols from a finite alphabet (usually
binary {0,1}), is encrypted using a key K = [K₁, K₂, ..., Kⱼ], resulting in ciphertext Y = [Y₁, Y₂, ..., Yₙ] through
the function:
Y = E(K, X)
The receiver, having the key, recovers the plaintext:
X = D(K, Y)
An opponent who observes Y but lacks access to X or K may try to estimate X (Xₙ) or recover the key
(Kₙ), assuming they know the encryption (E) and decryption (D) algorithms. The attacker may focus on
a single message or attempt to access future communications by discovering the key.
Cryptography
Cryptographic systems are defined by three independent dimensions:
1. Type of Operations:
o Substitution: Each element in the plaintext is replaced with another (e.g., bit, letter,
group).
o Transposition: Elements are rearranged in the plaintext.
o These operations must be reversible to ensure no information is lost.
o Most systems use a combination of both, known as product systems.
2. Number of Keys Used:
o Symmetric encryption: Same key used by both sender and receiver; also called single-
key, secret-key, or conventional encryption.
o Asymmetric encryption: Di erent keys used by sender and receiver; also called two-key
or public-key encryption.
3. Plaintext Processing Method:
o Block cipher: Processes input in fixed-size blocks, producing one output block per input
block.
o Stream cipher: Processes input continuously, outputting one element at a time.

Cryptanalysis and Brute-Force Attack

Cryptanalysis
Cryptanalysis involves methods used to break encryption and reveal plaintext or the encryption key.
The most challenging scenario is a ciphertext-only attack, where only encrypted data is available:
 In some cases, not even the encryption algorithm is known.
 Brute-force attack is one option — trying all possible keys — but it becomes impractical with a
large key space.
 Analysts may apply statistical tests and use general knowledge about the type of plaintext (e.g.,
English text, EXE file).
  Ciphertext-only attacks are easiest to defend against due to limited information available to
the attacker.

 Ciphertext Only: Most difficult for the attacker due to limited information.

 Known Plaintext: Easier than ciphertext-only because some plaintext–ciphertext pairs are available.

 Chosen Plaintext: The cryptanalyst can encrypt selected messages to study how plaintext affects
ciphertext.

 Chosen Ciphertext: The cryptanalyst can decrypt selected ciphertexts to learn more about the
encryption.

 Chosen Text: The cryptanalyst can choose both plaintext and ciphertext for encryption/decryption —
gives maximum flexibility and information.

With more data, attacks become easier:

 Known-plaintext: Uses known plaintext–ciphertext pairs to find the key.
 Probable-word: Relies on guessing known parts of the message.
 Chosen-plaintext: Attacker chooses plaintext to study ciphertext output.
 Chosen-ciphertext/text: Rare; attacker can decrypt chosen data.
Security levels:
 Unconditionally secure: Impossible to break, even with unlimited resources.
 Computationally secure: Too costly or time-consuming to break in practice.

Brute-force attacks involve testing every possible key:

 On average, half of all keys must be tried (X/2 for X keys).
 Success depends on the analyst's ability to recognize the correct plaintext.
 Recognition is easier with plain English but harder with compressed or binary data.
 Thus, brute-force attacks often require prior knowledge of plaintext structure and automated
detection mechanisms to identify valid plaintext from gibberish.

Substitution techniques
 The two basic building blocks of all encryption techniques are substitution and transposition.
 A substitution technique is one in which the letters of plaintext are replaced by other letters or by
numbers or symbols.
 If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit
patterns with ciphertext bit patterns.

1. Caesar Cipher
The Caesar Cipher is one of the earliest and simplest substitution ciphers, used by Julius Caesar. Each
letter in the plaintext is shifted K positions forward in the alphabet. For example, with K = 3:
 Plain: abcdefghijklmnopqrstuvwxyz
 Cipher: d e f g h i j k l m n o p q r s t u v w x y z a b c
So, the message:
Plaintext: meet me after the toga party
Ciphertext: PHHW PH DIWHU WKH WRJD SDUWB
The Caesar Cipher uses the following formulas:
 Encryption: C = (P + K) mod 26
 Decryption: P = (C - K) mod 26
Where letters are assigned values from 0 to 25 (a = 0, b = 1, ..., z = 25).
Brute-force attacks are feasible because:
1. The algorithm is publicly known.
2. Only 25 possible keys exist.
3. The language of the plaintext (e.g., English) is known and recognizable.
This allows trying all keys and spotting the correct message easily. However, in modern encryption
schemes like Triple DES, the key space is enormous (2¹⁶⁸ ≈ 3.7 × 10⁵⁰), making brute-force attacks
impractical. Recognition also becomes harder if the plaintext is compressed or in an unknown
format.
2. Monoalphabetic Cipher
 A monoalphabetic cipher is a substitution cipher where each plaintext letter is replaced with a
fixed corresponding letter from a shu led cipher alphabet.
 It allows 26! (≈ 4 × 10²⁶) possible keys, making brute-force attacks impractical compared to
Caesar cipher’s 25 keys.
 Despite this, it remains vulnerable to frequency analysis because letter patterns (like E, T, and
digrams like TH) remain unchanged in the ciphertext.
 Attackers can analyze letter frequency in the ciphertext and compare it with standard English
distributions to guess mappings.
 Example: If Z appears most frequently in ciphertext, it likely represents common letters like E.
 Even partial decryption (guessing a few letters) often reveals the rest of the message using
digram/trigram logic.
 A countermeasure is using homophones—multiple cipher symbols for the same plaintext
letter (like assigning E as 16, 74, 35, etc.).
 Despite this, homophones still allow pattern detection, so modern systems use
polyalphabetic or block-based encryption instead.
Example :
Plaintext: DOG
Encryption:
 D→R
  O→G
 G→U
Ciphertext = RGU
If an attacker sees enough encrypted messages, they may find that G is common and guess it
represents a common letter like E or T. From there, they can try to decode more using letter patterns.

3. Playfair Cipher
 The Playfair cipher is a digram-based encryption method that encrypts two letters at a time,
unlike simple substitution ciphers.
 It uses a 5×5 matrix of letters, created using a keyword (e.g., "MONARCHY"), inserting letters
left to right, top to bottom, removing duplicates. Letters I and J are treated as one.
Example Matrix (from keyword "MONARCHY"):

 Encryption Rules:
1. Duplicate letters in a pair are separated with a filler (usually 'x'): e.g., balloon → ba lx lo
on.
2. If the letters are in the same row, replace each with the letter to its right, wrapping
around: ar → RM.
3. If in the same column, replace each with the letter below, wrapping around: mu → CM.
4. If they form a rectangle, replace each letter with the letter in its row and the other’s
column: hs → BP, ea → IM or JM.
 Treating I/J as one saves space and is usually contextually unambiguous.
 With 676 digrams (26×26), frequency analysis is much harder than with single-letter ciphers.
 Historically strong: Used by the British Army in WWI and Allied forces in WWII.
 Still, it leaves language structure partially intact, so with a few hundred ciphertext letters, it
can still be broken.
Simple Example:
Let’s encrypt: "HELP"
Break into pairs: HE LP
1. HE:
o H (Row 2, Col 2), E (Row 3, Col 1) → Rectangle rule
o Cipher: C F
2. LP:
o L (Row 4, Col 1), P (Row 4, Col 2) → Same row → Shift right
o Cipher: P Q
Encrypted text: CFPQ
4. Hill Cipher
Hill cipher a multiletter cipher, was developed by the mathematician Lester Hill in 1929. Concepts
From Linear Algebra
 We are concerned with matrix arithmetic modulo 26
 Inverse of a square matrix M = M-1 = M(M -1) = M -1M = I, where I is the identity matrix
 I is a square matrix that is all zeros except for ones along the main diagonal from upper left to lower
right.

The Hill Algorithm

The Hill Cipher encrypts m letters at a time by treating them as a vector and multiplying with the key
matrix:
 Let P = (p₁ p₂ ... pₘ) be the plaintext vector
 Let K be the m×m key matrix
 Then the ciphertext is:
C = P × K mod 26
 Decryption is done by:
P = C × K⁻¹ mod 26
Example from text:
Plaintext: “pay” → P = (15, 0, 24)
Key matrix:
K = |17 17 5 |
 |21 18 21|
| 2 2 19 |
Then,
C = (15 0 24) × K = (303 303 531) mod 26 = (17 17 11) → "RRL"
Strength of the Hill Cipher
 Hides single-letter frequencies completely.
 A larger matrix (e.g., 3×3) also hides diagram (two-letter) frequencies, unlike monoalphabetic
ciphers.
 Stronger than Playfair and monoalphabetic substitution ciphers.
 Resistant to ciphertext-only attacks due to high confusion introduced by matrix
multiplication.
 However, it is vulnerable to known-plaintext attacks.
If an attacker has m plaintext–ciphertext pairs of length m, they can reconstruct the key matrix:
o Let Y = XK, then
K = X⁻¹Y

5. Polyalphabetic Ciphers – Introduction

Polyalphabetic substitution ciphers enhance monoalphabetic techniques by using multiple
substitution rules across the message. A key determines which substitution rule is applied at each
point. This approach helps obscure letter frequency patterns in plaintext.

i) Vigenère Cipher
Encryption Process:
 A keyword (e.g., "DECEPTIVE") is repeated to match the length of the plaintext.
 Each letter of the plaintext is shifted by the corresponding letter in the key, using the formula:
Ci = (Pi + Ki mod m) mod 26
Vigenère Cipher
Plaintext: help
Keyword: key
(Extend the keyword: keyk)
Numerical equivalents (A=0, ..., Z=25):
Plaintext → h e l p → 7 4 11 15
Key → k e y k → 10 4 24 10
Encryption (Ci = (Pi + Ki) mod 26):
 (7 + 10) mod 26 = 17 → R
 (4 + 4) mod 26 = 8 → I
 (11 + 24) mod 26 = 9 → J
 (15 + 10) mod 26 = 25 → Z
Ciphertext: RIJZ
Strengths:
 Multiple ciphertext letters can represent the same plaintext letter, depending on key position.
 Frequency analysis is more di icult because individual letter statistics are hidden.
Weaknesses:
 If keyword length is known or guessed, ciphertext can be broken into blocks and analyzed like
monoalphabetic ciphers.
 Repeating sequences in ciphertext (e.g., "VTW") can help identify key length through common
factor analysis.
Improvement:
 Use a nonrepeating key as long as the plaintext (autokey system), though this too is vulnerable
because plaintext and key share statistical patterns.
ii) Vernam Cipher
Process:
 Uses binary data instead of letters.
 Each bit of plaintext is XORed with a key bit:
Ci = Pi ⊕ Ki, where ⊕ denotes XOR.
 Decryption is identical: Pi = Ci ⊕ Ki

Vernam Cipher – Small Example

 This works on binary (bits).

 Plaintext (in binary): 10101010
Key: 01101100
 XOR Operation (⊕):
10101010
⊕ 01101100
-----------
11000110
Ciphertext: 11000110
To decrypt:
11000110
⊕ 01101100
-----------
10101010 (original plaintext)

Strength:
 If the key is truly random, as long as the plaintext, and never reused (one-time pad), it becomes
theoretically unbreakable.
 This method completely removes statistical patterns, making cryptanalysis ine ective.
Conclusion
Polyalphabetic ciphers like Vigenère and Vernam aim to overcome the frequency weaknesses of
monoalphabetic ciphers. While Vigenère adds complexity through repeating keys, only the Vernam
cipher (with a non-repeating truly random key) achieves perfect secrecy.

One-Time Pad (OTP) Cipher

The One-Time Pad (OTP) is a special case of the Vernam cipher, but it uses a random key that is:
 Exactly the same length as the message,
 Used only once, and then discarded.
This makes OTP:
 Unbreakable, if used correctly,
 Completely resistant to frequency analysis,
 The only cipher that provides perfect secrecy.
Key Features
 It produces ciphertext with no pattern, so cryptanalysis is impossible.
 Two completely di erent keys can decrypt the same ciphertext into di erent valid messages,
making it impossible to know the original message without the exact key.
 But OTP has practical issues, such as:
o Generating and sharing large amounts of random keys.
o Securely distributing those keys between sender and receiver.

Small Example (Own Example)

Let’s say we want to encrypt the plaintext:

MEET

Step 1: Convert letters to numbers (A=0, B=1, ..., Z=25)

Plaintext: M E E T Ciphertext: (12+17) (4+0) (4+13) (19+3)

12 4 4 19 = 29 4 17 22
=3 4 17 22 (mod 26)
Key: R A N D
=D E R W (Encryption)
17 0 13 3

Ciphertext: D E R W
3 4 17 22
Key: 17 0 13 3

Plaintext: (3−17) (4−0) (17−13) (22−3)

= -14 4 4 19
= 12 4 4 19 (mod 26)
=M E E T (Decryption)
Steganography
I. Definition: Steganography hides the existence of a message, while cryptography hides the
meaning of a message.
II. Simple Example: A basic form involves using the first letters of each word in a sentence to form
a hidden message.
III. Historical Techniques:
 Character marking with pencil visible only under angled light.
 Invisible ink revealed by heat or chemicals.
 Pin punctures visible only when paper is held to light.
 Typewriter correction ribbons visible only under strong light.
IV. Modern Technique: Messages can be hidden in the least significant bits of pixels in a digital
image (e.g., a Kodak Photo CD image can store up to 130 kB secretly).
V. Drawbacks and Use: Steganography has low capacity and, if discovered, becomes useless.
However, it avoids suspicion and is useful where even revealing the existence of a message is
risky. It can be combined with encryption for extra security.

Traditional Block Cipher structures

Stream Ciphers
1. A stream cipher encrypts digital data one bit or one byte at a time.
2. Classical examples include the autokeyed Vigenère cipher and the Vernam cipher.
3. If the keystream is truly random, the cipher becomes unbreakable, but both users must
securely share the keystream in advance.
4. To avoid logistical issues for large data, a bit-stream generator is used—a key-controlled
algorithm that must be cryptographically strong and unpredictable.
5. Both users need only share the key, and they can then independently generate the same
keystream.
Block Ciphers
6. A block cipher encrypts a block of plaintext as a whole, producing a ciphertext block of equal
size, commonly 64 or 128 bits, using a shared symmetric key.
7. Block ciphers are more broadly applicable than stream ciphers and are used in the majority of
network-based symmetric cryptographic applications.
Motivation for the Feistel Cipher Structure
1. A block cipher encrypts a block of n plaintext bits into n ciphertext bits, requiring a unique,
reversible mapping for decryption.
2. For n-bit input, there are 2ⁿ possible plaintexts, hence 2ⁿ! possible reversible mappings, forming
the basis of an ideal block cipher.
3. An example of a substitution cipher for n = 4 shows how each plaintext maps uniquely to a
ciphertext via a lookup table.
4. However, for large n (like 64 bits), the key size becomes impractical (e.g., 64 × 2⁶⁴ = 2⁷⁰ ≈ 10²¹
bits) to store or compute.
5. For small n, the cipher resembles a classical substitution cipher, which is vulnerable to
statistical attacks due to limited variation.
6. Attempting to simplify implementation with structured mappings (e.g., linear equations)
reduces key size (to n² bits), but increases vulnerability to cryptanalysis.
7. This structured form is essentially the Hill cipher applied to binary, which is known to be weak
against known-plaintext attacks.
8. Feistel recognized the need for a practical approximation to the ideal block cipher using
realizable building blocks, leading to the development of the Feistel cipher structure.
The Feistel Cipher
1. Feistel proposed the approximation of the ideal block cipher using a concept called a product
cipher, which involves executing two or more simple ciphers in sequence to build a stronger
overall cipher.
2. A Feistel cipher uses a key of k bits and a block size of n bits, which results in 2ᵏ
transformations, a practical alternative to the 2ⁿ! transformations of the ideal cipher.
3. The Feistel structure alternates between substitutions and permutations:
o Substitution: Plaintext elements or groups are uniquely replaced by corresponding
ciphertext elements.
o Permutation: Elements are reordered without being altered or replaced.
4. This approach follows Claude Shannon’s proposal of alternating confusion and di usion
functions to enhance security.
Di usion and Confusion
5. Di usion and confusion, coined by Shannon, are two essential cryptographic concepts
designed to resist statistical attacks:
o Di usion spreads the statistical structure of the plaintext across many ciphertext digits,
hiding patterns.
 o For example, in binary ciphers, di usion is achieved by permuting data and applying
functions, so each ciphertext bit depends on many plaintext bits.
6. Confusion makes the relationship between the ciphertext and the encryption key as complex
as possible, making it hard to deduce the key even when ciphertext statistics are known.
7. The goal of both methods is to make cryptanalysis di icult by hiding patterns and key
relationships.
8. Together, confusion and di usion form the foundation of modern block cipher design,
including the Feistel structure.

I. Basic Structure:
 A plaintext block of 2w bits is divided into two halves: L₀ and R₀.
 The cipher performs n rounds (commonly 16), each using a unique subkey Kᵢ derived from the
main key K.
II. Round Operation:
 In each round, the right half is input into a round function F along with a subkey.
 The output of F is XORed with the left half to form the new right half.
 Then, the halves are swapped.
 Final round output does not include a swap, simplifying decryption.
III. Substitution and Permutation:
 Substitution: Using the function F(REᵢ, Kᵢ₊₁) on the right half.
 Permutation: Achieved by swapping left and right halves.
IV. Design Parameters:
 Block size: Larger blocks = better di usion but slower processing (e.g., AES uses 128 bits).
 Key size: Larger keys = more secure (resistance to brute-force), e.g., 128 bits or more.
  Number of rounds: More rounds = more secure; 16 is typical.
 Subkey generation: More complex subkey generation increases resistance to attacks.
 Round function F: Complexity in F boosts resistance to cryptanalysis.
V. Design Considerations:
 Fast software execution: Important where hardware implementation is not feasible.
 Ease of analysis: Simpler algorithms are easier to study for vulnerabilities, improving trust.

Feistel Encryption Algorithm – Summary

1. Input:
o A plaintext block of 2w bits is divided into two halves: L₀ and R₀.
o A key K is used to derive n subkeys (K₁ to Kₙ), each unique.
2. Process:
o The encryption is performed over n rounds (e.g., 16).
o In each round i:
 Compute:
LEᵢ = REᵢ₋₁
REᵢ = LEᵢ₋₁ ⊕ F(REᵢ₋₁, Kᵢ)
o Function F is applied to the right half and subkey to produce a substitution.
o A permutation follows: the two halves are swapped after every round.
o Final output (ciphertext): REₙ || LEₙ
3. Structure:
o The design follows the substitution-permutation network (SPN) proposed by Shannon.
o Ensures strong confusion and di usion properties.

Feistel Decryption Algorithm

1. Input:
o The ciphertext is used as input.
o The same structure as encryption is reused, but subkeys are reversed (Kₙ to K₁).
2. Process:
o In each round i:
 Compute:
LDᵢ = RDᵢ₋₁
RDᵢ = LDᵢ₋₁ ⊕ F(RDᵢ₋₁, Kₙ₊₁₋ᵢ)
3. Observation:
o At each round, the decryption values are the swapped values of the encryption round.
 o For example, output of encryption round i: LEᵢ || REᵢ
⇒ Decryption round (n–i): LDₙ₋ᵢ = REᵢ, RDₙ₋ᵢ = LEᵢ

Proof of Correctness
1. Final Encryption Output:
o After 16 rounds:
LE₁₆ = RE₁₅,
RE₁₆ = LE₁₅ ⊕ F(RE₁₅, K₁₆)
2. Decryption Input:
o Let this be RD₀ = LE₁₆ = RE₁₅ and LD₀ = RE₁₆
3. Decryption Round 1:
o LD₁ = RD₀ = RE₁₅
o RD₁ = LD₀ ⊕ F(RD₀, K₁₆)
→ Substituting:
= RE₁₆ ⊕ F(RE₁₅, K₁₆)
= (LE₁₅ ⊕ F(RE₁₅, K₁₆)) ⊕ F(RE₁₅, K₁₆)
= LE₁₅ (using XOR property: A ⊕ A = 0)
4. Therefore:
o LD₁ = RE₁₅, RD₁ = LE₁₅
o Output of first decryption round is RE₁₅ || LE₁₅, which matches the input to round 16 of
encryption.
5. Conclusion:
o This pattern continues through all 16 rounds.
o The final decryption output is R₀ || L₀, which is a 32-bit swap of the original input,
recovering the original plaintext.

Feistel Cipher Example

Given:
  Block size = 32 bits (two 16-bit halves)
 Key size = 24 bits
 Let round 15 of encryption = round 2 of decryption
Encryption at Round 15
 From Round 14:
o LE14 = DE7F
o RE14 = 03A6
 Let K15 = 12DE52
 Apply the Feistel structure:
o LE15 = RE14 = 03A6
o RE15 = F(03A6, 12DE52) ⊕ DE7F
Decryption at Round 2
 Inputs to round 2 = outputs from round 1:
o LD1 = RE15
o RD1 = LE15
 Substituting values:
o LD1 = F(03A6, 12DE52) ⊕ DE7F
o ⇒ RD2 = LD1 ⊕ F(RD1, K15)
o ⇒ RD2 = [F(03A6, 12DE52) ⊕ DE7F] ⊕ F(03A6, 12DE52)
o Using XOR property: A ⊕ B ⊕ A = B
o So: RD2 = DE7F = LE14
 Also:
o LD2 = RD1 = 03A6 = RE14
Final Values after Decryption Round 2
 LD2 = RE14 = 03A6
 RD2 = LE14 = DE7F

Introduction to DES
 DES (Data Encryption Standard) was the most widely used encryption scheme before AES was
introduced in 2001.
 Issued in 1977 by the National Bureau of Standards (now NIST) as FIPS PUB 46.
 The actual algorithm is referred to as the Data Encryption Algorithm (DEA).
DES Encryption
1. Inputs:
 o Plaintext: 64 bits
o Key: 64 bits, but only 56 bits are used (remaining 8 bits are parity or unused)
2. Encryption Process:
o Initial Permutation (IP): Rearranges 64-bit plaintext bits.
o 16 Rounds: Each round uses a combination of substitution and permutation, applied
using a subkey Ki.
o Swap Halves: After round 16, left and right halves are swapped to form the preoutput.
o Final Permutation (IP⁻¹): Inverse of the initial permutation is applied to get the final 64-
bit ciphertext.
3. Key Scheduling:
o The 64-bit key is first permuted.
o For each round, a subkey (Ki) is generated using:
 Left circular shifts of the key halves.
 A fixed permutation.
o This results in 16 unique subkeys (K1 to K16).
DES Decryption
 Same algorithm as encryption is used.
 The only change: apply the subkeys in reverse order (K16 to K1).
 The initial and final permutations are also reversed compared to encryption.
 DES follows the Feistel cipher structure, enabling identical processes for encryption and
decryption with key order reversal.
A DES EXAMPLE (FUCK THIS TOPIC)

The Strength of DES

The Use of 56-Bit Keys

 DES uses a 56-bit key, giving 2⁵⁶ = ~7.2 × 10¹⁶ possible keys.
 Brute-force attacks seem impractical with single machines: 1 encryption/µs = 1000+ years.
 However, parallel processing changes this:
o 1977: Di ie & Hellman suggested using 1 million devices → key can be cracked in ~10
hours.
o Cost then: ~$20 million.
 Modern hardware (no special hardware needed):
o Supercomputers can do 10¹³ encryptions/sec.

 ➤ Brute-force attacks on DES are now feasible.

 Alternative solutions: AES, Triple DES.
2. The Nature of the DES Algorithm
  Concern: cryptanalysis using internal structure of DES.
 Suspicions around S-boxes:
o Their design criteria were not made public.
o May contain hidden vulnerabilities.

 ➤ However, no e ective cryptanalytic attack exploiting S-boxes has yet been found.
3. Timing Attacks
 A timing attack derives key/plaintext based on decryption time variations.
 Exploits time di erences in handling di erent inputs.

 ➤ DES shows resistance to timing attacks.

Block Cipher Design Principles

Block cipher design depends on three key aspects:
1. Number of Rounds
 More rounds → harder cryptanalysis, even with a weak function F.
 Should be chosen so that known attacks require more e ort than brute-force.
 Example:
o DES (16 rounds): Di erential cryptanalysis requires 2⁵⁵.¹ ops
o Brute-force requires 2⁵⁵ ops
o If DES had 15 rounds or fewer, di erential cryptanalysis would be easier than brute force.
 Advantage: Easy to compare algorithm strengths.
2. Design of Function F
 Function F creates confusion, core to Feistel ciphers.
 F must be nonlinear to prevent easy cryptanalysis.
 Should exhibit strong avalanche properties:
o SAC (Strict Avalanche Criterion):
Each output bit j should change with 50% probability when any input bit i is flipped.
o BIC (Bit Independence Criterion):
Output bits j and k should change independently when any single input bit i is flipped.
 These properties strengthen the confusion function.
3. Key Schedule Algorithm
 Generates one subkey per round from the main key.
 Goals:
o Make it hard to deduce subkeys.
o Make it hard to reverse-engineer the main key.
 No universal rules yet, but:
o Should meet SAC and BIC with respect to key and ciphertext.