CPIT 425 Chapter Three: Symmetric Key Cryptography

Index 2 A.Introduction A.1 Terminology A.2 Symmetric Key Algorithms-Introduction B. Stream Cipher B.1 A5/1 B 2 RC4 C. Block Cipher C.1 Components of Block Cipher C.2 Electronics Code Book Mode (ECB) C.3 Cipher Block Channing Mode (CBC) D. Product Cipher E. Fiestal Cipher F. Data Encryption Standard (DES) G. Conclusion

C. Terminology Symmetric uses same key for encryption and decryption process. – To encrypt: C = E(K, P) – To decrypt: P = D (K, E(K,P)) Asymmetric uses different key for encryption and decryption process. – To encrypt: C = E (K E,P) – To decrypt: P = D (K D, E (K E,P)) 3

C.1. Symmetric Key Algorithms Other terms for symmetric-key encryption are single-key, one-key, and private-key encryption. Use of the latter term can sometimes conflict with the term private key in public key cryptography Disadvantage: key distribution Symmetric-key algorithms can be divided into: – Stream ciphers: encrypt the bits of the message one at a time – Block ciphers: take a number of bits and encrypt them as a single unit 4

C.1. Symmetric Key Algorithms 1. Stream Cipher A stream cipher is a symmetric cipher where convert one symbol of Plaintext immediately into a symbol of Ciphertext. Algorithms: – Use one of the algorithms to generate the Key Stream (S) from the Key (K) – C = P  S; where C is the ciphertext, and P is the plaintext 5

C.1. Symmetric Key Algorithms 1. Stream Cipher - Types 1.In a synchronous stream cipher, a stream of pseudo-random digits is generated independently of the plaintext and ciphertext messages, and then combined with the plaintext (to encrypt) or the ciphertext (to decrypt). 2.Asynchronous stream ciphers use several of the previous N ciphertext digits to compute the keystream. (e.g., Cipher-Feedback Mode) 6

Stream Ciphers Not as popular today as block ciphers We’ll discuss two examples A5/1 – Based on shift registers – Used in GSM mobile phone system RC4 – Based on a changing lookup table – Used many places Part 1  Cryptography 7

Example: linear feedback shift registers (LFSR) Example : x 12 +x 6 +x 4 +x+1 corresponds to LFSR of length 12 b1b1b1b1 b2b2 b3b3 b4b4b4b4 b5b5 b6b6b6b6 b7b7 b8b8 b9b9 b 10 b 11 b 12

Table 1.1 Truth table of the XOR operation Inputoutput 0000 0 0101 1 1010 1 11110 XOR OPERATION

C.1. Symmetric Key Algorithms 1. Stream Cipher – Example (1): A5/1 1.A5/1 initialization: 1.Register X hold 19 bits of the key (x 0, x 1, x 2, …, x 18 ) 2.Register Y hold 22 bits of the key (y 0, y 1, y 2, …, y 21 ) 3.Register Z hold 23 bits of the key (z 0, z 1, z 2, …, z 22 ) 2.A5/1 key stream bit: 1.m = maj (x 8, y 10, z 10 ) 2.if (x 8 =m) then X steps 3.if (y 10 =m) then Y steps 4.if (z 10 =m) then Z steps 5.s = x 18  y 21  z 22 6.Go to step 1 10

C.1. Symmetric Key Algorithms 1. Stream Cipher – Example (1): A5/1 When register X steps, the following occur – t = x13 ⊕ x16 ⊕ x17 ⊕ x18 – xi = xi−1 for i = 18, 17, 16,..., 1 – x0 = t for registers Y and Z, each step consists of – t = y20 ⊕ y21 – yi = yi−1 for i = 21, 20, 19,..., 1 – y0 = t and – t = z7 ⊕ z20 ⊕ z21 ⊕ z22 – zi = zi−1 for i = 22, 21, 20,..., 1 – z0 = t 11

A5/1 A5/1 consists of 3 shift registers – X: 19 bits (x 0,x 1,x 2, …,x 18 ) – Y: 22 bits (y 0,y 1,y 2, …,y 21 ) – Z: 23 bits (z 0,z 1,z 2, …,z 22 ) Part 1  Cryptography 12

A5/1 At each step: m = maj(x 8, y 10, z 10 ) – Examples: maj(0,1,0) = 0 and maj(1,1,0) = 1 If x 8 = m then X steps – t = x 18  x 17  x 16  x 13 – x i = x i  1 for i = 18,17,…,1 and x 0 = t If y 10 = m then Y steps – t = y 21  y 20 – y i = y i  1 for i = 21,20,…,1 and y 0 = t If z 10 = m then Z steps – t = z 22  z 21  z 20  z 7 – z i = z i  1 for i = 22,21,…,1 and z 0 = t Keystream bit is x 18  y 21  z 22 Part 1  Cryptography 13

A5/1 Each value is a single bit Key is used as initial fill of registers Each register steps or not, based on (x 8, y 10, z 10 ) Keystream bit is XOR of right bits of registers Part 1  Cryptography 14 y0y0 y1y1 y2y2 y3y3 y4y4 y5y5 y6y6 y7y7 y8y8 y9y9 y 10 y 11 y 12 y 13 y 14 y 15 y 16 y 17 y 18 y 19 y 20 y 21 z0z0 z1z1 z2z2 z3z3 z4z4 z5z5 z6z6 z7z7 z8z8 z9z9 z 10 z 11 z 12 z 13 z 14 z 15 z 16 z 17 z 18 z 19 z 20 z 21 z 22 X Y Z     x0x0 x1x1 x2x2 x3x3 x4x4 x5x5 x6x6 x7x7 x8x8 x9x9 x 10 x 11 x 12 x 13 x 14 x 15 x 16 x 17 x 18

A5/1 In this example, m = maj(x 8, y 10, z 10 ) = maj(1,0,1) = 1 Register X steps, Y does not step, and Z steps Keystream bit is XOR of right bits of registers Here, keystream bit will be 0  1  0 = 1 Part 1  Cryptography X Y Z    

C.1. Symmetric Key Algorithms 1. Stream Cipher – Example (2): RC4 1.RC4 initialization: for i = 0 to 255 S[i] = i K[i] = key [ i mod N ] next i j = 0 for i = 0 to 255 j = ( j + S[i] + K[i] ) mod 256 swap ( S[i], S[j] ) next i 16 Note: The entire algorithm is byte based. key[i] for i=0, 1, …, N-1, where key[i] is a byte FYI

C.1. Symmetric Key Algorithms 1. Stream Cipher – Example (2): RC4 2.RC4 key stream byte: 1.i = j = 0 2.i = ( i + 1 ) mod j = ( j + S[i] ) mod swap ( S[i], S[j] ) 5.t = ( S[i] + S[j] ) mod keystreamByte = S[t] 17 FYI

RC4: Example2: 18 Lets consider the stream cipher RC4, but instead of the full 256 bytes, we will use 8 x 3-bits. That is, the state vector S is 8 x 3-bits. We will operate on 3-bits of plaintext at a time since S can take the values 0 to 7, which can be represented as 3 bits. Assume we use a 4 x 3-bit key of K = [ ]. And a plaintext P = [ ] The first step is to generate the stream. Initialise the state vector S and temporary vector T. S is initialised so the S[i] = i, and T is initialised so it is the key K (repeated as necessary). S = [ ] T = [ ]

RC4: Example2(cont): 19 Solution: i, j = 0; while (true) { i = (i + 1) mod 8; j = (j + S[i]) mod 8; Swap (S[i], S[j]); t = (S[i] + S[j]) mod 8; k = S[t]; } The first iteration: S = [ ] i = (0 + 1) mod 8 = 1 j = (0 + S[1]) mod 8 = 3 Swap(S[1],S[3]) S = [ ] t = (S[1] + S[3]) mod 8 = 7 k = S[7] = 5 Remember, P = [ ] So our first 3-bits of ciphertext is obtained by: k XOR P 5 XOR 1 = 101 XOR 001 = 100 = 4

C.1. Symmetric Key Algorithms 2. Block Cipher Encrypts a group of plaintext symbols as one block. – It works on blocks of plaintext and produce blocks of ciphertext – The columnar transposition is an example of block ciphers A block cipher might take a 128-bit block of plaintext as input, and output. 20

C.1. Symmetric Key Algorithms 2. Block Cipher – Modes 1: ECB ECB (Electronic Codebook) Mode – Suppose we have multiple plaintext block P 0, P 1, P 2, …, P N, and a fixed key K We encrypt using the formula: C i = E(P i, K)for i = 0, 1, 2, …, N We decrypt using the formula: P i = D(C i, K) for i = 0, 1, 2, …, N – Problem: in case C i = C j the attacker knows that P i = P j Solution: add a random text to the plaintexts P i = P j, so C i ≠ C j 21

Electronics Code Book Mode Encryption 22

Electronics Code Book Mode Decryption 23

C.1. Symmetric Key Algorithms 2. Block Cipher – Modes 2: CBC CBC (Cipher Block Chaining) Mode – The ciphertext from a block is used to obscure the plaintext of the next block before it is encrypted. The formulas are: C i = E(P i  C i-1, K)for i = 0, 1, 2, …, N P i = D(C i, K)  C i-1 for i = 0, 1, 2, …, N – What is about C 0 ; we don’t have C -1 ? An initialization vector, or IV, is used to take the place of C -1. IV should be randomly selected, and it sends as the first block. – Problem: if a single-bit error causes two entire blocks to be garbled; it is a big problem in wireless environment. Solution: Use stream ciphe rs. 24

Cipher Block Channing Mode Encryption 25

Cipher Block Channing Mode Decryption 26

C.1. Symmetric Key Algorithms 2. Block Cipher – Advantages (Integrity) Block ciphers used for confidentiality and integrity. A message authentication code, or MAC, uses a block cipher to ensure data integrity by encrypting the data un CBC mode, and use the final block only, called MAC. C 0 = E(P 0  IV, K), C 1 = E(P 1  C 0, K), … C N-1 = E(P N-1  C N-2, K) = MAC The recipient repeats the process on the plaintext and re-calculate the MAC. 27

Review Questions 1- find the key stream then encrypt the letter A by using A5/1 method, where the letter is given in ASCII code. The ASCII value for A is = X Z Y 2- Complete the solution of example 2 in slide number 18 by using RC4 method ?

Components of a Modern Block Cipher  P-Boxes  S-Boxes  Exclusive OR  Circular shift  Swap  Split and Combine 29

P-Box A P-box (permutation box) parallels the traditional transposition cipher for characters. It transposes bits. 30

Permutation Table for a 64 Bit Straight P-Box 31

S-Box An S-box (substitution box) can be thought of as a miniature substitution cipher. Like P-Box, S-Box can be straight, compression or expansion 32

XOR 33

Circular Shift 34

Swap 35

Split and Combine 36

Product Cipher Shannon introduced the concept of a product cipher. A product cipher is a complex cipher combining substitution, permutation, and other components. 37

Product Cipher 38

Fiestel Cipher Partitions input block into two halves that are processed through multiple rounds which perform a substitution on left data half based on round function of right half & subkey then have permutation swapping halves F(Ri−1,Ki ) = P-box(S-boxes(Expand(Ri−1) ⊕ Ki )) 39

C.1. Symmetric Key Algorithms 2. Block Cipher – Example (1): Data Encryption Standard (DES) most widely used block cipher in world adopted in 1977 by NBS (now NIST) – as FIPS PUB 46 encrypts 64-bit data using 56-bit key had widespread use based upon Fiestel cipher has been considerable controversy over its security 40

C.1. Symmetric Key Algorithms 2. Block Cipher – Example (1): DES 41

C.1. Symmetric Key Algorithms 2. Block Cipher – Example (1): DES Runs 16 rounds for each block of the plaintext – Each block consists of 64 bits. It uses a 56-bit key. In each round of DES: A.Key: 1.Dividing them into 2 halves (28bit each) 2.Bit-shift left 3.Compress the key (56bit → 48bit) B.Block of the Plaintext: 1.Dividing them into L i and R i (32bit each) 2.Expansion permutation (32bit → 48bit) 3.Addition of subkey (48bit  48bit) 4.S-boxes (map 6bits → 4bits) 5.P-box (change permutation) 42

C.1. Symmetric Key Algorithms 2. Block Cipher – Example (1): DES A. Key: 1. Divide the key into 2 parts according to Parity- bit drop table : 2. Bit-shift left according to the round number: 43

C.1. Symmetric Key Algorithms 2. Block Cipher – Example (1): DES 3. Compress the key (56bit → 48bit) 44

C.1. Symmetric Key Algorithms 2. Block Cipher – Example (1): DES B. Plaintext 1. Expansion Permutation 45

C.1. Symmetric Key Algorithms 2. Block Cipher – Example (1): DES 2. Addition of Subkey: For each round i, we have the right part of the plaintext R i after the expansion, and the subkey for this round K i (both of them are 48 bits.) Find: K i  R i 46

C.1. Symmetric Key Algorithms 2. Block Cipher – Example (1): DES 3. S-boxes: The main purpose of S-boxes is to offer protection against cryptanalytic. There are 8 distinct S-boxes that are used in each round. In: 6 bits × 8 S-box = 48 bits Out: 4 bits × 8 S-box = 32 bits 47

C.1. Symmetric Key Algorithms 2. Block Cipher – Example 1 (S.Box): DES 48 The input to S-box 1 is What is the output? If we write the first and the sixth bits together, we get 11 in binary, which is 3 in decimal. The remaining bits are 0001 in binary, which is 1 in decimal. We look for the value in row 3, column 1, in Table 3.1 (S-box 1). The result is 12 in decimal, which in binary is So the input yields the output Table 3.1 S-box 1

C.1. Symmetric Key Algorithms 2. Block Cipher – Example (1): DES 4. P-boxes: For each round i, there are 32 bits out from the S- Boxes. Change their permutation to: 49

C.1. Symmetric Key Algorithms 2. Block Cipher – Example1 (P.Box): DES The following permutation table is used to permute an 8- bit input: IP = [ ] A.Draw the internal connections of both the corresponding IP-box and the inverse IP-box (IP-1 -box). B.Find the inverse permutation table IP-1. 50

C.1. Symmetric Key Algorithms 2. Block Cipher – Example (1): DES 51

C.1. Symmetric Key Algorithms 2. Block Cipher – Example (1): DES 5. Constructing the ciphertext : For each round i L(i) = R(i-1) R(i) = L(i-1)  P(S(E(R(i-1))  K(i))) 52

Example 2: DES Plain text = p= [ ] P4= [2431] IP= [ ]; IP-1=[ ] E/P= [ ] P8=[ ] S0= S1=

Solution: Example 2 (DES)

C.1. Symmetric Key Algorithms 2. Block Cipher – Example (2): 3DES Triple DES – effectively increases the key length. It uses two keys and three stages: C = E (P, K) ; encrypt the plaintext P with the key K P = D (C, K) ; for decryption It takes 2 55 key search to attack DES Moving to encryption with two keys according to: 1.C = E (E (P, K 1 ), K 2 ) is not secure, WHY? require 2 55 to break 2.C = E (D (E (P,K 1 ), K 2 ), K 1 ) 56 Triple DES encryption Triple DES decryption

Review Questions The following input is applied to the eight S-boxes (S1: S8) of the DES algorithm. The input is specified as eight 6 bits hexadecimal numbers. Find the corresponding 32 bits output and specify it as a hexadecimal number. See table 3.2 3E 19 0F 24 1D 2A 39 2B 3 E  The following permutation table is used to permute an 8-bit input: IP = [ ] A.Draw the internal connections of both the corresponding IP-box and the inverse IP-box (IP-1 -box). B.Find the inverse permutation table IP complete the example 2(DES) by using k2=

S1 S2 S6 S4 S5 S3 S7 S8 Table: 3.2

Confusion and Diffusion Confusion: the interceptor should not be able to predict what will happen to the ciphertext by changing one character in the plaintext Confusion: the key does not relate in a simple way to the ciphertext (in particular, each character of ciphertext should depend on several parts of the key) – An algorithm providing good confusion has a complex functional relationship between the plaintext/key pair and the ciphertext – Question: Does Caesar cipher provide good confusion? No – “ Confusion” = Substitution (on time pad) – Diffusion: distributing the information from single plaintext letters over the entire output Diffusion: change of one character in the plaintext results in several characters changed in the ciphertext – Good diffusion means that the interceptor needs access to much of the ciphertext to be able to infer the algorithm – “ Diffusion” = Transposition or Permutation – Question: Which one provides better diffusion? Substitution cipher or Transposition cipher 59

C.1. Symmetric Key Algorithms Stream Cipher vs. Block Cipher 60

C.1. Symmetric Key Algorithms Other Examples 61

Conclusion Modern symmetric ciphers come in two variants: block ciphers and stream ciphers. The mostly used block cipher is used to be DES. To use a block cipher one needs to also specify a mode of operation: – The simplest mode is ECB mode, which has problems associated with it: same plaintext will always generate same ciphertext; suffers from possible insertion/deletion attacks. – Hence it is common to use a more advanced mode such as CBC mode. 62

Conclusion Symmetrical cryptography is reasonably secure, more efficient, and more suitable for encryption of large messages - provide message confidentiality. But it has key exchange problem and does not support non-repudiation. 63

Terms and Concepts Symmetric & Asymmetric Block & Stream Cipher key distribution key stream bit / key stream byte Initialization Vector Confusion & Diffusion MAC 64