Cryptography and Network Security:

Principles and Practice

Eighth Edition

Chapter 4
Block Ciphers and the Data
Encryption Standard

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Modern Encryption Techniques
• Secret Key (Symmetric) Cryptography
– Simplified Data Encryption Standard
– Data Encryption Standard
– Advanced Encryption Standard
• Public Key (Asymmetric) Cryptography
– RSA (Rivest-Shamir-Adleman)
– ECC (Elliptic Curve Cryptography)
– NTRU (Number Theorist aRe Us)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Symmetric Cryptography

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Asymmetric Cryptography

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Simplified Data Encryption Standard
(S-DES)
Developed by Professor Edward Schaefer of Santa Clara University.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved

S-DES: An Overview
• Similar properties and structure to DES, with
much smaller parameters.
• Encryption
– It takes an 8-bit block of plain text and a 10-bit key as
input and produces an 8-bit block of cipher text as
output.
• Decryption
– It takes an 8-bit block of cipher text and the same 10-
bit key used to produce that ciphertext as input and
produces the original 8-bit block of plaintext.
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
S-DES Algorithm
Algorithm involves 5 functions
1. An initial permutation (IP).
2. A complex function, fk , that involves both permutation
and substitution operations and depends on a key input.
3. A simple permutation function that switches the two
halves of the data (SW).
4. The function fk again.
5. A permutation function that is the inverse of the initial
one (IP-1).

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

S-DES Algorithm
C  (IP -1  f K 2  SW  f K1  IP)
or
Ciphertext  IP -1 (f K 2 (SW(f K1 (IP(plaintext)))))
where
K1  P8(Shift(P10(key)))
K 2  P8(Shift(Shift(P10(key))))
and
Plaintext  IP (f K1 (SW(f K 2 (IP(cipher text)))))
-1

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
S-DES Key Generation
• It depends on the use of a 10-bit key shared between
sender and receiver.
• From this key, two 8-bit subkeys are produced for use in
particular stages of the encryption and decryption
algorithm.
• First permute the key in the following fashion,

P10(k1,k2,k3,k4,k5,k6,k7,k8,k9,k10)=(k3,k5,k2,k7,k4,k10,k1,k9,k8,k6)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

S-DES Key Generation (contd.)
• Next perform a circular-left shift (LS-1), or rotation,
separately on the first five bits and the second five bits.

LS-1(k1,k2,k3,k4,k5)=(k2,k3,k4,k5,k1)

• Next apply P8, which permutes 8 of the 10 bits according

to the following rule,

P8(k1,k2,k3,k4,k5,k6,k7,k8,k9,k10)=(k6,k3,k7,k4,k8,k5,k10,k9)

• The result is subkey 1 (K1)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

S-DES Key Generation (contd.)
• To get the second subkey (K2), perform again a 2-bit
circular-left shift LS-2 on the product of LS-1

LS-2(LS-1(k1,k2,k3,k4,k5)=LS-2(k2,k3,k4,k5,k1)=(k4,k5,k1, k2,k3)

• Finally, P8 is applied again to produce K2.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Example - Key Generation
• Permute 10-bit key: 1010000010
P10(1010000010) = 1000001100
• Perform circular left shift, separately, on first 5 bits and second 5 bits
(LS-1).
LS-1(10000) = 00001 and LS-1(01100) = 11000
• Pick out and permute 8 of the 10 bits: (P8)
P8(0000111000) = 10100100 Result is K1
• Now perform circular left shift of 2 bit positions, on first 5 bits and
second 5 bits (LS-2) on the result LS-1.
LS-2(00001) = 00100 and LS-2(11000) = 00011
• Apply (P8) again.
P8(0010000011) = 01000011 Result is K2
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
 1 2 3 4 5 6 7 8 9 10
101000001 0

P10=(k3,k5,k2,k7,k4,k10,k1,k9,k8,k6)
1000001100
P8=(k6,k3,k7,k4,k8,k5,k10,k9) 01100
10000

00001 11000
000011100

10100100

K1

00100 00011
00100

01000011
K2

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Practice Question
• By using the following data show the complete working for Encryption and
Decryption for S-DES.

• Assume input 10-bit key, K, is: 1010000010

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Matlab Code
• p10=[3 5 2 7 4 10 1 9 8 6]

• p8=[6 3 7 4 8 5 10 9]

• key=[1 0 1 0 0 0 0 0 1 0]

• p10_conv=key(p10)

• L=p10_conv(1:5)

• R=p10_conv(6:10)

• LS_shift1=circshift(L,[1-1])

• RS_shift1=circshift(R,[1 -1])

• LRresult1=[LS_shift1,RS_shift1]

• P8_conv1=LRresult1(p8)

• k1=P8_conv1

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

 S-DES Encryption
• Initial and final permutations
IP IP-1
2 6 3 1 4 8 5 7 4 1 3 5 7 2 8 6

• The Function fk
– Let L and R be left and right halves of 8-bit input to fk .
– Let F be a map from 4-bit strings to 4-bit strings, and
SK be the subkey (K1 or K2) and  XOR is the bit-by-
bit exclusive-OR function.
fk(L, R) = (L  F(R, SK), R)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

 Mapping F
• Input is 4-bit number (n1n2n3n4).
– Expansion/permutation operation

E/P
n4 n1 n2 n3
4 1 2 3 2 3 4 1 n2 n3 n4 n1

– 8-bit subkey K1 is added to output of E/P using

exclusive-OR.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Mapping F (contd.)
– First 4 bits fed to S-box S0,second 4 bits fed to
S-box S1.
 S-box uses 1st and 4th bits to specify a
row,2nd and 3rd bits to specify a column. Entry
in that position (base 2) is 2-bit output.
– 4-bits produced by S-Boxes (S0 & S1) are
permuted using P4.
P4 = (k2k4k3k1)
– Output of P4 is output of F.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

The Switch function
• The function fk only alters the leftmost 4-bits of the input.
• Switch function interchanges left and right 4 bits so that
second instance of fk operates on a different 4 bits.
• In this second instance, the E/P, S0, S1, and P4 functions
are same.
• The key input isK2.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
 12345678
01110010
11000011
+ 10100100 1010
10101001
01100111
1001
+ 1010
0111 11000011

1101
10100100
+ K1
0111
1 0 3 2 0110
S0
3 2 1 0
IP 2 3
0 2 1 3
2 6 3 1 4 8 5 7 10 11
3 1 3 2
0111
E/P S1 0 1 2 3
4 1 2 3 2 3 4 1 2 0 1 3
3 0 1 0 +
2 1 0 3 1101 1001
P4 = (k2k4k3k1)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

 11101011
+ 01000011 1001
10011101
10101000
1101
+ 1001
0111 11101011

1110

01000011
+ K2
1000
1 0 3 2 1010
S0
3 2 1 0
IP-1 2 3
0 2 1 3
4 1 3 5 7 2 8 6 10 11
3 1 3 2
0111
E/P S1 0 1 2 3
4 1 2 3 2 3 4 1 2 0 1 3
3 0 1 0 +
2 1 0 3 1110 1101
P4 = (k2k4k3k1)
01110111

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Practice Question
• By using the following data show the complete working for Encryption and
Decryption for S-DES.

• Assume a 8-bit plaintext, P: 01110010

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Matlab Code
• IP=[2 6 3 1 4 8 5 7]

• EP=[4 1 2 3 2 3 4 1]

• p4=[2 4 3 1]

• s0=[1 0 3 2;3 2 1 0;0 2 1 3;3 1 3 2]

• s1=[0 1 2 3;2 0 1 3;3 0 1 0;2 1 0 3]

• PT=[0 1 1 1 0 0 1 0]

• step 1 apply IP on data

• step 2 break into left and right

• step3 apply EP on right bits

• step4 XOR of EP and k1

• XOR1=xor(EP_conv,k1)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Matlab Code
• step5 divide xor ans into right and left and apply so & s1

• L1=bin2dec('00') 0

• L2=bin2dec('11')3

• sbox0=s0(L1+1,L2+1)

• sbox0_conv=dec2bin(sbox0)

• R1=bin2dec('01')

• R2=bin2dec('11')

• sbox1=s1(R1+1,R2+1)

• sbox1_conv=dec2bin(sbox1)

• step6 COMBINE ABOVE BITS AND APPLY P4 p4=[0 1 1 1]

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
 12345678
01110111
11101011
+ 01000011 1110 11101101
10101000
1101
+ 1110
0111 11101011

1001
01000011
+ K2
1000
1 0 3 2 1010
S0
3 2 1 0
IP 2 3
0 2 1 3
2 6 3 1 4 8 5 7 10 11
3 1 3 2
0111
E/P S1 0 1 2 3
4 1 2 3 2 3 4 1 2 0 1 3
3 0 1 0 +
2 1 0 3 1001 1101
P4 = (k2k4k3k1)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

 11000011
+ 10100100 1101
11011001
01100111
1001
+ 1101
0111 11000011

1010
10100100
+ K1
0111
1 0 3 2 0110
S0
3 2 1 0
IP-1 2 3
0 2 1 3
4 1 3 5 7 2 8 6 10 11
3 1 3 2
0111
E/P S1 0 1 2 3
4 1 2 3 2 3 4 1 2 0 1 3
3 0 1 0 +
2 1 0 3 1010 1001
P4 = (k2k4k3k1)
01110010

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Analysis of S-DES
• Brute-force attack is feasible, 210 = 1024 possible
10-bit keys.
• Known plaintext?
– Suppose we know a sinlge 8-bit plaintext and
corresponding 8-bit ciphertext, and key is unknown.
• Each ci is a polynomial function of pj's and kj's.
• This means 8 non-linear equations in 10
unknowns.
• Alternating linear maps with these nonlinear maps
results in complex polynomial expressions for the
ciphertext bits, making cryptanalysis difficult.
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Stream Cipher (1 of 2)
• Encrypts a digital data stream one bit or one byte at a time
– Examples:
 Autokeyed Vigenère cipher
 Vernam cipher
• In the ideal case, a one-time pad version of the Vernam cipher
would be used, in which the keystream is as long as the
plaintext bit stream
– If the cryptographic keystream is random, then this cipher is
unbreakable by any means other than acquiring the
keystream
 Keystream must be provided to both users in advance
via some independent and secure channel
 This introduces insurmountable logistical problems if the
intended data traffic is very large
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Stream Cipher (2 of 2)
• For practical reasons the bit-stream generator must be
implemented as an algorithmic procedure so that the
cryptographic bit stream can be produced by both users
– It must be computationally impractical to predict future
portions of the bit stream based on previous portions of
the bit stream
– The two users need only share the generating key and
each can produce the keystream

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Block Cipher
• A block of plaintext is treated as a whole and used to
produce a ciphertext block of equal length
• Typically a block size of 64 or 128 bits is used
• As with a stream cipher, the two users share a symmetric
encryption key
• The majority of network-based symmetric cryptographic
applications make use of block ciphers

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 4.1 Stream Cipher and Block Cipher

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 4.2 General n-bit-n-bit Block
Substitution (shown with n = 4)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 4.1 Encryption and Decryption Tables for
Substitution Cipher of Figure 4.2
Plaintext Ciphertext Ciphertext Plaintext
0000 1110 0000 1110
0001 0100 0001 0011
0010 1101 0010 0100
0011 0001 0011 1000
0100 0010 0100 0001
0101 1111 0101 1100
0110 1011 0110 1010
0111 1000 0111 1111
1000 0011 1000 0111
1001 1010 1001 1101
1010 0110 1010 1001
1011 1100 1011 0110
1100 0101 1100 1011
1101 1001 1101 0010
1110 0000 1110 0000
1111 0111 1111 0101

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Feistel Cipher
• Feistel proposed the use of a cipher that alternates substitutions and
permutations
• Substitutions
– Each plaintext element or group of elements is uniquely replaced
by a corresponding ciphertext element or group of elements
• Permutation
– No elements are added or deleted or replaced in the sequence,
rather the order in which the elements appear in the sequence is
changed
• Is a practical application of a proposal by Claude Shannon to develop
a product cipher that alternates confusion and diffusion functions
• Is the structure used by many significant symmetric block ciphers
currently in use

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Diffusion and Confusion
• Terms introduced by Claude Shannon to capture the two basic building blocks
for any cryptographic system
– Shannon’s concern was to thwart cryptanalysis based on statistical
analysis
• Diffusion
– The statistical structure of the plaintext is dissipated into long-range
statistics of the ciphertext
– This is achieved by having each plaintext digit affect the value of many
ciphertext digits
• Confusion
– Seeks to make the relationship between the statistics of the ciphertext
and the value of the encryption key as complex as possible
– Even if the attacker can get some handle on the statistics of the
ciphertext, the way in which the key was used to produce that ciphertext is
so complex as to make it difficult to deduce the key

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 4.3 Feistel Encryption and
Decryption (16 rounds)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Feistel Cipher Design Features (1 of 2)
• Block size
– Larger block sizes mean greater security but reduced
encryption/decryption speed for a given algorithm
• Key size
– Larger key size means greater security but may
decrease encryption/decryption speeds
• Number of rounds
– The essence of the Feistel cipher is that a single round
offers inadequate security but that multiple rounds offer
increasing security
• Subkey generation algorithm
– Greater complexity in this algorithm should lead to
greater difficulty of cryptanalysis
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Feistel Cipher Design Features (2 of 2)
• Round function F
– Greater complexity generally means greater resistance
to cryptanalysis
• Fast software encryption/decryption
– In many cases, encrypting is embedded in applications
or utility functions in such a way as to preclude a
hardware implementation; accordingly, the speed of
execution of the algorithm becomes a concern
• Ease of analysis
– If the algorithm can be concisely and clearly explained,
it is easier to analyze that algorithm for cryptanalytic
vulnerabilities and therefore develop a higher level of
assurance as to its strength
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Feistel Example

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Data Encryption Standard (DES)
• Issued in 1977 by the National Bureau of Standards (now
NIST) as Federal Information Processing Standard 46
• Was the most widely used encryption scheme until the
introduction of the Advanced Encryption Standard (AES) in
2001
• Algorithm itself is referred to as the Data Encryption
Algorithm (DEA)
– Data are encrypted in 64-bit blocks using a 56-bit key
– The algorithm transforms 64-bit input in a series of
steps into a 64-bit output
– The same steps, with the same key, are used to
reverse the encryption

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Figure 4.5 General Depiction of DES
Encryption Algorithm

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Permutation Tables for DES
Initial Permutation (IP) Inverse Initial Permutation (IP-1)
58 50 42 34 26 18 10 2 40 8 48 16 56 24 64 32
60 52 44 36 28 20 12 4 39 7 47 15 55 23 63 31
62 54 46 38 30 22 14 6 38 6 46 14 54 22 62 30
64 56 48 40 32 24 16 8 37 5 45 13 53 21 61 29
57 49 41 33 25 17 9 1 36 4 44 12 52 20 60 28
59 51 43 35 27 19 11 3 35 3 43 11 51 19 59 27
61 53 45 37 29 21 13 5 34 2 42 10 50 18 58 26
63 55 47 39 31 23 15 7 33 1 41 9 49 17 57 25

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Permutation Tables for DES
Expansion Permutation (E) Permutation Function (P)
32 1 2 3 4 5 16 7 20 21 29 12 28 17
4 5 6 7 8 9 1 15 23 26 5 18 31 10
8 9 10 11 12 13 2 8 24 14 32 27 3 9
12 13 14 15 16 17 19 13 30 6 22 11 4 25
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

DES Mechanism
• The 64-bit block being enciphered is broken into two
halves.
• The right half goes through one DES round, and the result
becomes the new left half.
• The old left half becomes the new right half, and will go
through one round in the next round.
• This goes on for 16 rounds, but after the last round the left
and right halves are not swapped, so that the result of the
16th round becomes the final right half, and the result of
the 15th round (which became the left half of the 16th
round) is the final left half.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

DES Mechanism (contd.)
• Fundamentally DES performs only two operations on its
input,
– Bit shifting, and
– Bit substitution.
• The key controls exactly how this process works. By doing
these operations repeatedly and in a non-linear manner
you end up with a result which can not be used to retrieve
the original without the key.
• Those familiar with chaos theory should see a great deal of
similarity to what DES does.
• By applying relatively simple operations repeatedly a
system can achieve a state of near total randomness.
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
DES Mechanism (contd.)
• For each iteration a 48 bit subset of the 56 bit key
is fed into the encryption block.
• Decryption is the inverse of the encryption
process.
• The key is usually stored as a 64-bit number,
where every eighth bit is a parity bit.
• The parity bits are pitched during the algorithm,
and the 56-bit key is used to create 16 different
48-bit subkeys - one for each round.
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
DES Key Generation
• In order to generate 16  48-bit subkeys from the 56-bit
key, the following process is used.
• First, the key is loaded according to the Permutation
Choice 1 (PC-1) and then halved.
• Then each half is rotated by 2 bits in every round except
the first, second, 9th and last rounds.
• The reason for this is that it makes it secure against
related-key cryptanalysis.
• Then 48 of the 56 bits are chosen according to a
compression permutation.
• The subkeys used by the 16 rounds are formed by the
key schedule which consists of,
– An initial permutation of the key (PC-1) which selects 56-bits in
two 28-bit halves Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Key Schedule Calculation
Permutation Choice One (PC-1) Permutation Choice Two (PC-2)
57 49 41 33 25 17 9 14 17 11 24 1 5 3 28
1 58 50 42 34 26 18 15 6 21 10 23 19 12 4
10 2 59 51 43 35 27 26 8 16 7 27 20 13 2
19 11 3 60 52 44 36 41 52 31 37 47 55 30 40
63 55 47 39 31 23 15 51 45 33 48 44 49 39 56
7 62 54 46 38 30 22 34 53 46 42 50 36 29 32
14 6 61 53 45 37 29
21 13 5 28 20 12 4

The key rotation schedule KS is specified as:

Round 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
KS 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
Total 1 2 4 6 8 10 12 14 15 17 19 21 23 25 27 28
Rot

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

 Key with parity bits(64 bit
DES Key Generation key)

Parity drop(PC-1)

56 bits
28 bits 28 bits

Shift left Shift left

Rounds Shift 28 bits 28 bits

Compression
1,2,9,16 One bit P-Box (PC-2)

others Two bits Round Key 1

Shift left Shift left

28 bits 28 bits
Compression
P-Box

Round Key 2

Shift left Shift left

28 bits 28 bits

Compression
P-Box
Round Key 16
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Example
• key=0 0 0 0 1 1 1 1 0 0 0 1 0 1 0 1 0 1 1 1 0 0 0 1 1 1 0 0 1 0 0 1 0 1 0 0 0 1 1 1 1 1 0 1
10011110100001011001

• Apply PC1 on key

Permutation Choice One (PC-1) Permutation Choice One (PC-1)

57 49 41 33 25 17 9 0 1 1 0 1 0 0
1 58 50 42 34 26 18 0 1 1 1 1 1 1
10 2 59 51 43 35 27 0 0 0 1 0 0 0
19 11 3 60 52 44 36 1 0 0 1 0 1 0
63 55 47 39 31 23 15 0 0 0 1 0 0 0
7 62 54 46 38 30 22 1 0 0 0 1 0 0
14 6 61 53 45 37 29 1 1 1 1 1 0 1
21 13 5 28 20 12 4 0 0 1 0 1 1 0

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

• Apply LS-1 on Left and right bits

• L=1101000111111000100010010100

• 1 2 3 4 5 6 7 8 9 10 28

• Ls-L=1 1 0 1 0 0 0 1 1 1 1 1 1 0 0 0 1 0 0 0 1 0 0 1 0 1 0 0

• Ls-R=0010001000100111110100101100

• Combine Left and Right bits

Permutation Choice Two (PC-2) Permutation Choice Two (PC-2)

14 17 11 24 1 5 3 28 0 1 1 1 1 0 0 0
15 6 21 10 23 19 12 4 0 0 1 1 0 0 1 1
26 8 16 7 27 20 13 2 1 1 0 0 0 0 1 1
41 52 31 37 47 55 30 40 0 0 1 0 0 0 0 0
51 45 33 48 44 49 39 56 1 1 0 1 1 0 1 0
34 53 46 42 50 36 29 32 0 1 1 1 0 0 0 0

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

S-Box
• The S-boxes are somewhat different from the other
permutations.
• While all the others are set up according to "bit x goes to
bit y", the input bits can be viewed differently for the S-
boxes.
• If the input is {d1,d2,d3,d4,d5,d6} then the two-bit number
{d1,d6} and the four-bit number {d2,d3,d4,d5} are used as
indices to the table.
• For the 48-bit word {d1,d2..d48}, the word {d1..d6} is sent
to S-box 1, the word {d7,,d12} to S-box 2, etc. The output
of S-box 1, {o1..o4}, that of S-box 2, {o5..o8} etc. are
concatenated to form the output.
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
 Mangler Function using S-Boxes

48-bit input
6-bits 6-bits 6-bits 6-bits 6-bits 6-bits 6-bits 6-bits
Kn (+)
S Box1 S Box2 S Box3 S Box4 S Box5 S Box6 S Box7 S Box8

4-bits 4-bits 4-bits 4-bits 4-bits 4-bits 4-bits 4-bits

32-bit permutation

32-bit output
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
S-Box (contd.)
14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
S1
4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10
3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5
S2
0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15
13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9

10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8
13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1
S3
13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7
1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
S-Box (contd.)
7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15
13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9
S4
10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4
3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14

2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9
14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6
S5
4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14
11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3

12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11
10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8
S6
9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6
4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
S-Box (contd.)
4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1
13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6
S7
1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2
6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12

13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7
1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2
S8
7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8
2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

P-Box
• The output of each of the 8 S-boxes is concatenated to form a 32-bit number, which is
then permutated with a P-box.
• This P-box is a straight permutation, and the resulting number is XOR-ed with the left
half of the input block with which we started at the beginning of this round.
• Finally, if this is not the last round, we swap the left and right halves and start again.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Strength of DES
• A brute-force attack is impractical with a key
length of 56 bits since there are 256 possible keys,
which is approximately 7.2 x 1016 keys.
• Strength can be increased by compression of
plain text before encryption.
• Strength of DES has become questionable since
very powerful machines is in action which can do
parallel execution in a bit of time to break the
cipher text.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Security Provided by DES
• The security provided by the DES depends on several
factors:
– Mathematical soundness, length of key, key management, input
data formatting, mode of operation, implementation, application
and threat.
• The DES was developed to protect unclassified computer
data in federal computer systems against a number of
passive and active attacks in communications and storage
systems.
• It was assumed that a knowledgeable person might seek to
comprise the security system with resources commensurate
to the value of the information to be obtained.
• Applications included Electronic Funds Transfer, privacy
protection of personal information, personal authentication,
password protection, access control, etc.
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Table 4.2 DES Example

Note: DES subkeys are shown as eight 6-bit values in hex format
Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Table 4.3 Avalanche Effect in DES: Change in Plaintext

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 4.4 Avalanche Effect in DES: Change in Key

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Table 4.5 Average Time Required for Exhaustive
Key Search

Time Required
Key Size Number of Time Required at 10 9
at 1013
(bits) Cipher Alternative Keys Decryptions/s Decryptions/s
56 DES 256 ≈ 7.2 × 1016 255 ns = 1.125 years 1 hour

128 AES 2128 ≈ 3.4 × 1038 2127 ns = 5.3 × 1021 years 5.3 × 1017 years

168 Triple DES 2168 ≈ 3.7 × 1050 2167 ns = 5.8 × 1033 years 5.8 × 1029 years

192 AES 2192 ≈ 6.3 × 1057 2191 ns = 9.8 × 1040 years 9.8 × 1036 years

256 AES 2256 ≈ 1.2 × 1077 2255 ns = 1.8 × 1060 years 1.8 × 1056 years

26 characters Monoalphabetic 2! = 4 × 1026 2 × 1026 ns = 6.3 × 109 6.3 × 106 years

(permutation) years

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

DES Encryption

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Example
• PlainText= 0 0 0 0 0 0 1 0 0 1 0 0 0 1 1 0 1 0 0 0 1 0 1 0 1 1 0 0 1 1 1 0 1 1 1 0 1 1 0 0 1
01010000110010000100000

• Apply IP

Initial Permutation (IP) Initial Permutation (IP)

58 50 42 34 26 18 10 2 0 1 0 1 1 0 1 0

60 52 44 36 28 20 12 4 0 0 0 0 0 0 0 0
Left
62 54 46 38 30 22 14 6 0 1 0 1 1 0 1 0
bits
64 56 48 40 32 24 16 8 0 0 0 0 0 0 0 0

57 49 41 33 25 17 9 1 0 0 1 1 1 1 0 0
1 1 1 1 0 0 0 0
59 51 43 35 27 19 11 3
Right 0 0 1 1 1 1 0 0
61 53 45 37 29 21 13 5 bits
0 0 0 0 1 1 1 1
63 55 47 39 31 23 15 7

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Apply E/P on Right bits
Expansion Permutation (E) Expansion Permutation (E)

1 0 0 1 1 1 32 1 2 3 4 5

1 1 1 0 0 1 4 5 6 7 8 9

0 1 1 1 1 0 8 9 10 11 12 13
1 0 0 0 0 0 12 13 14 15 16 17
0 0 0 1 1 1 16 17 18 19 20 21
1 1 1 0 0 0 20 21 22 23 24 25
0 0 0 0 0 1 24 25 26 27 28 29
0 1 1 1 1 0 28 29 30 31 32 1

Xor with key 1

111001 111010 010001 100011 0 01111 110101 101000 101110

Apply S-Box
S1=111001, Row=3,Colomn=12 1010 0011 0010
S2=110010, Row=2,Colomn=9 0011
S3=010001, Row=1,Colomn=8 0010
S4=100011, Row=3,Colomn=1 1111
S5=001111, Row=1,Colomn=7 0001
S6=110101, Row=3,Colomn=10 0001
S7=101000, Row=2,Colomn=4 1100
S8=101110, Row=2,Colomn=7 0010

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

• Apply permutation on S-Box values
   
Permutation Function (P) Permutation Function (P)

1 1 1 0 0 0 0 0 16 7 20 21 29 12 28 17

1 1 0 1 0 0 1 0 1 15 23 26 5 18 31 10

0 1 1 1 0 0 1 0 2 8 24 14 32 27 3 9

0 1 0 0 0 1 0 1 19 13 30 6 22 11 4 25

• Perform XOR with left

• 10111010110100100010100001000101

• C.T AFTER round 3

• 1001100111101001101101110010001100001011101011100011101110011110

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Strength of DES
• Timing attacks
– One in which information about the key or the plaintext is
obtained by observing how long it takes a given
implementation to perform decryptions on various
ciphertexts
– Exploits the fact that an encryption or decryption algorithm
often takes slightly different amounts of time on different
inputs
– So far it appears unlikely that this technique will ever be
successful against DES or more powerful symmetric ciphers
such as triple DES and AES

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Block Cipher Design Principles:
Number of Rounds
• The greater the number of rounds, the more difficult it is to
perform cryptanalysis
• In general, the criterion should be that the number of
rounds is chosen so that known cryptanalytic efforts
require greater effort than a simple brute-force key search
attack
• If DES had 15 or fewer rounds, differential cryptanalysis
would require less effort than a brute-force key search

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Block Cipher Design Principles:
Design of Function F
• The heart of a Feistel block cipher is the function F

• The more nonlinear F, the more difficult any type of cryptanalysis will be

• The SAC and BIC criteria appear to strengthen the effectiveness of the
confusion function

The algorithm should have good avalanche properties

• Strict avalanche criterion (SAC)
– States that any output bit j of an S-box should change with probability 1/2
when any single input bit i is inverted for all i , j
• Bit independence criterion (BIC)
– States that output bits j and k should change independently when any
single input bit i is inverted for all i , j , and k

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Block Cipher Design Principles: Key
Schedule Algorithm
• With any Feistel block cipher, the key is used to generate one
subkey for each round
• In general, we would like to select subkeys to maximize the
difficulty of deducing individual subkeys and the difficulty of
working back to the main key
• It is suggested that, at a minimum, the key schedule should
guarantee key/ciphertext Strict Avalanche Criterion and Bit
Independence Criterion

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Summary
• Explain the concept of the avalanche effect
• Discuss the cryptographic strength of DES
• Summarize the principal block cipher design principles
• Understand the distinction between stream ciphers and block ciphers
• Present an overview of the Feistel cipher and explain how decryption
is the inverse of encryption
• Present an overview of Data Encryption Standard (DES)

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.

Copyright

This work is protected by United States copyright laws and is

provided solely for the use of instructors in teaching their
courses and assessing student learning. Dissemination or sale of
any part of this work (including on the World Wide Web) will
destroy the integrity of the work and is not permitted. The work
and materials from it should never be made available to students
except by instructors using the accompanying text in their
classes. All recipients of this work are expected to abide by these
restrictions and to honor the intended pedagogical purposes and
the needs of other instructors who rely on these materials.

Copyright © 2020 Pearson Education, Inc. All Rights Reserved.