1. Symmetric Encryption and Message Confidentiality
2.1 Symmetric Encryption Principles
2.2 Symmetric Block Encryption Algorithms
2.3 Random and Pseudorandom Numbers
2.4 Stream Ciphers and RC4
2.5 Cipher Block Modes of Operation

2. 2.1 Symmetric Encryption Principles
Q. Explain model of Conventional encryption ?
Also referred to as conventional encryption, secret-key or single-key encryption.
Fig : Simplified Model of Symmetric Encryption

3. Symmetric encryption consist of 5 ingredients.
Plaintext: original message or data provided to algorithm as input.
Encryption algorithm : Performs various substitutions and transformations on the plaintext.
Secret key : It is also an input to the algorithm. Exact substitution and transformations depends on the key.
Cipher-text : Scrambled message produced as O/P. It depends upon plaintext and secret key. For a same message two different key will produce two different cipher-texts.
Decryption algorithm : reverse of encryption. Its I/P is ciphertext and same secret key and generates the original plaintext.

4. There are basic two requirements for secure use of encryption.
Need a strong encryption algorithm.
Sender and receiver must have obtained copies of secret key in a secure fashion. Should also keep it secure.
mathematically have:
Y = E(K, X)
X = D(K, Y)
Security of symmetric encryption depends on secrecy of the key, not the secrecy
of the algorithm. i.e. we did not need to keep the algorithm secret but need to keep the key secret.This feature of symmetric encryption is responsible for its widespread.

5. Cryptography
Cryptography : Cryptography is the science of information security. The word is derived from the Greek kryptos, meaning hidden. Cryptography is classified using three dimensions.
The type of operations used for transforming plaintext to chiper-text :
All encryption algorithm are based on two general principles:
Substitution, in which each element in the plaintext (bit, letter, group of bits, or letters)are mapped into another element.
Transposition, in which element in the plaintext are rearranged. Fundamental requirement is that no information be lost.
Generally this system are product system which involve multiple substitution and transposition.

6. 3. The way in which the plaintext is processed :
2. The number of key used :
If both sender and receiver use the same key, the system is referred to as symmetric, single-key, or conventional encryption.
If the sender and receiver each use a different key, the system is referred to as asymmetric, two-key, or public-key encryption.
3. The way in which the plaintext is processed :
A block cipher which processes one block of elements at a same time and produces an O/P block for each I/P block.
A stream cipher processes the I/P elements continuously , producing O/P one element at a time, as it goes along.

7. Q. What is cryptanalysis
Q. What is cryptanalysis ? List and explain 4 kinds of cryptanalysis attacks? Explain the DES algorithm in details ?
The process of recovering the plaintext or key is known as Cryptanalysis .
Strategy used by cryptanalysis depends upon the nature of the encryption scheme and the information available to the cryptanalyst.
Cryptanalytic attacks are based on the amount of information known to the cryptanalyst.
There are two general approaches:
Cryptanalysis
Brute-force attacks

8. Cryptanalysis:
It depends on the nature of the algorithm plus some knowledge of the general characteristics of the plaintext or even some sample plaintext- cipher-text pairs.
This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used.

9. Brute-force attacks:
In this attacker tries every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.
On average, half of all possible keys must be tried to achieve success.
If either type of attack succeeds in deducing the key, the effect is catastrophic(large scale disaster): All future and past messages encrypted with that key are compromised

11. Feistel Cipher Structure
In cryptography, a Feistel cipher is a symmetric structure used in the construction of block ciphers, named after the German born physicist and cryptographer Horst Feiste.
It is also commonly known as a Feistel network. A large proportion of block ciphers use the scheme, including the Data Encryption Standard (DES).
The Feistel structure has the advantage that encryption and  decryption  operations are very similar, even identical in some cases, requiring only a reversal of the key schedule.
Therefore the size of the code or circuitry required to implement such a cipher is nearly halved (divided into two parts).
A Feistel network is an iterated cipher with an internal function called a round function

12. Working :
I/P to the encryption algorithm is plaintext block of length 2w bits and a key K.
Plaintext block is divided into two halves, L0 and R0.
The two halves of the data passes through n rounds of processing then they are combined to produce the cipher text block.
Each round i has an inputs Li-1 and Ri-1 i.e. derived from previous round as well as sub-key Ki which is derived from the overall K.
The sub-keys Ki are generated using sub-key generation algo.

14. All rounds have same structure.
Substitution is performed on left half of the data.
This is done by applying round function F to right half of data and performing XOR of O/P of function and left half of data .
Round function have same structure for each round but it is parameterized by round sub-key Ki.
After this Permutation is performed which consist of the interchanging of two halves of data.
Feistel structure is example of more general structure used by all symmetric block ciphers.
In general, a symmetric block ciphers consists of a sequence of rounds, with each round performing substitution and permutation.
Permutation : the act of rearrangement

15. The exact realization of a Feistel network depends on the choice of the following parameters and design features:
Block size - Increasing size improves security but reduces encryption/ decryption speed i.e. slows cipher
Key size - Increasing size improves security, makes exhaustive key searching harder, but may slow cipher. Modern algorithm uses 128 bits.
Number of rounds – Single round offers inadequate security, increasing number improves security, but slows cipher. A typical size is 16 rounds.
Subkey generation algorithm - Greater complexity can make analysis harder i.e. It leads to greater difficulty of cryptanalysis, but slows cipher
Round function - Greater complexity means greater resistance to cryptanalysis. Other consideration are:
Fast software en/decryption - More recent concern for practical use. The speed of execution of the algorithm becomes a concern.
Ease of analysis - For easier validation & testing of strength

16. The decryption with symmetric block cipher is same as encryption process.
Working : Uses cipher-text as I/P to algorithm, but use the sub-key Ki in reverse order.
i.e. It uses Kn in first round, Kn-1 in second round and so on until K1 is used in last round.
This is an superb feature as it means we need not implement two different algorithms one for encryption and one for decryption.

17. Decryption with a symmetric block cipher is essentially the same as the encryption process.
The rule is as follows: Use the ciphertext as input to the algorithm, but use the subkeys Ki in reverse order.
That is, use Kn in the first round, Kn 1 in the second round.
This is a nice feature, because it means we need not implement two different algorithms—one for encryption and one for decryption.

18. Average time required for exhaustive key search
Key Size (bits)
Number of Alternative Keys
Time required at 106 Decryption/µs 32
232 = 4.3 x 109
2.15 milliseconds 56
256 = 7.2 x 1016
10 hours
128
2128 = 3.4 x 1038
5.4 x 1018 years
168
2168 = 3.7 x 1050
5.9 x 1030 years

19. 2.2 Symmetric Block Encryption Algorithms
The most commonly used symmetric encryption algorithms are block ciphers.
A block cipher processes the plaintext input in fixed-sized blocks and produces a block of cipher-text of equal size for each plaintext block.
This Symmetric Block Encryption Algorithms focuses on the three most important symmetric block ciphers:
The Data Encryption Standard (DES),
Triple DES (3DES), and
The Advanced Encryption Standard (AES).

20. Data Encryption Algorithm :
Most widely used algorithm.
Adopted in 1977 by the National Bureau of Standards, now National Institute of standards and Technology (NIST) as Federal Information Processing Standard.
The algorithm is referred to as the Data Encryption Algorithm (DEA).
The Data Encryption Standard is a symmetric key algorithm for the encryption of electronic data.
Although now considered insecure, it was highly influential in the advancement of modern cryptography .

21. Data Encryption Algorithm
Description of Algorithm : DES is a block cipher as shown.
Figure 6.1 Encryption And Decryption With DES
The encryption process is made of two permutations (P-boxes), which we call initial and final permutations, and sixteen Feistel rounds.

22. Data Encryption Algorithm

23. Data Encryption Algorithm
Here the plaintext provided is 64 bit in length.
Key is 56 bit in length.
Longer plaintext amounts are processed in 64 bit blocks.
The DES is very much similar to Feistel Network.
It consist of sixteen rounds of processing.
From the original 56-bit key, sixteen sub-keys are generated, one for each round.

24. Data Encryption Algorithm
Strength of DES lies on two facts.
The Use Of 56-bit Keys: A more serious concern is key length 56-bit is used in encryption, there are 2 to the power 56 possible keys which are approximately 7.2*10 to the power 16 keys.
The Nature Of Algorithm : Cryptanalyst can perform cryptanalysis by exploiting the characteristics of DES algorithm but no one has succeeded in finding out the weakness.
The main disadvantage of DES is the Key size because the key size is only 56 bits. So, we may try cascading several DES applications

25. Triple DES
Triple DES (3DES) was first standardized for use in financial applications.
3DES is incorporated as part of the Data Encryption standard in 1999.
It uses 3 keys and 3 executions of DES algorithm.
The function follows as encrypt-decrypt-encrypt (EDE) sequence as shown in figure.
C=E(K3, D (K2, E(K1, P)))
Where C= Ciphertext
P= Plaintext
E[K,X] = encryption of X using key K
D[K,Y] = decryption of Y using key K

27. Triple DES
Decryption is simply same as encryption with the keys are reversed.
Function follows decrypt-encrypt-decrypt.
It is given as.
P=D(K1, E(K2,D(K3,C)))

29. Advance Encryption Standard
The more popular and widely adopted symmetric encryption algorithm likely to be encountered nowadays is the Advanced Encryption Standard (AES).
It is found at least six time faster than triple DES.
A replacement for DES was needed as its key size was too small.
With increasing computing power, it was considered vulnerable against exhaustive key search attack.
Triple DES was designed to overcome this drawback but it was found slow.
The features of AES are as follows −
Symmetric key symmetric block cipher
128-bit data, 128/192/256-bit keys
Stronger and faster than Triple-DES
Provide full specification and design details
Software implementable in C and Java

30. Operation of AES
AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation network’.
It comprises of a series of linked operations, some of which involve replacing inputs by specific outputs (substitutions) and others involve shuffling bits around (permutations).
AES performs all its computations on bytes rather than bits.
Hence, AES treats the 128 bits of a plaintext block as 16 bytes.
These 16 bytes are arranged in four columns and four rows for processing as a matrix .
 The number of rounds in AES is variable and depends on the length of the key.
AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each of these rounds uses a different 128-bit round key, which is calculated from the original AES key.

32. Encryption Process
Here, we restrict to description of a typical round of AES encryption. Each round comprise of four sub-processes.
The first round process is depicted below −
Byte Substitution (SubBytes) : The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result is in a matrix of four rows and four columns.

33. Shift-Rows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-inserted on the right side of row.
Shift is carried out as follows −
First row is not shifted.
Second row is shifted one (byte) position to the left.
Third row is shifted two positions to the left.
Fourth row is shifted three positions to the left.
The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other.

34. Mix-Columns
Each column of four bytes is now transformed using a special mathematical function.
This function takes as input the four bytes of one column and outputs four completely new bytes, which replace the original column.
The result is another new matrix consisting of 16 new bytes. It should be noted that this step is not performed in the last round.

35. Add-Round-Key
A simple bitwise XOR of the current block with a portion of the expanded key.

36. Decryption Process
The process of decryption of an AES ciphertext is similar to the encryption process in the reverse order.
Each round consists of the four processes conducted in the reverse order :
Add round key
Mix columns
Shift rows
Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher,
The encryption and decryption algorithms needs to be separately implemented, although they are very closely related.

37. AES Analysis
In present day cryptography, AES is widely adopted and supported in both hardware and software.
Till date, no practical cryptanalytic attacks against AES has been discovered.
Additionally, AES has built-in flexibility of key length, which allows a degree of ‘future-proofing’ against progress in the ability to perform exhaustive key searches.
However, just as for DES, the AES security is assured only if it is correctly implemented and good key management is employed.

38. Stream Ciphers and RC4
Block cipher processes one block of element at a time.
Produces one O/P block of each I/P.
Stream ciphers processes the I/P elements continuously.
Produces O/P one element at a time , as it goes along.
Most popular stream cipher is RC4 (Ron’s Code 4).
RC4 :: Ron’s Code 4

39. Stream Cipher Structure
Stream Cipher encrypt plaintext one byte at a time.
But can be designed to process one bit at a time or more than one byte at a time.
Fig shows the Stream Cipher diagram.
Key is given input to Pseudorandom bit generator
which produces a stream of 8-bit random number.
The O/P of the generator , called a Keystream.
It is combined one byte at a time with plaintext stream using bitwise exclusive OR (XOR) operation.

40. Stream Cipher Structure
Fig : Stream Cipher Diagram.

41. Stream Cipher Structure
Consider an example
Byte generated by generator is
Plaintext byte is
Resulting cipher-text byte is given as
plaintext
Key stream
Ciphertext

42. Stream Cipher Structure
Decryption requires the use of same pseudorandom sequence
Ciphertext
Key stream
plaintext

43. Stream Cipher Structure
Important design considerations for a stream cipher:
The encryption sequence should have a large period(time period), the longer the period of repeat the more difficult it will be to do cryptanalysis.
The key-stream should approximate the properties of a true random number stream as close as possible, the more random-appearing the key-stream is, the more randomized the cipher-text is, making cryptanalysis more difficult.
To guard against brute-force attacks, the key needs to be sufficiently long. The same considerations as apply for block ciphers are valid here .Thus, with current technology, a key length of at least 128 bits is desirable.

44. Stream Cipher Structure
With a properly designed pseudorandom number generator, a stream cipher can be as secure as block cipher.
The primary advantage of a stream cipher is that stream ciphers are always faster and use far less code than do block ciphers.

45. The RC4 Algorithm
RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security.
It is a variable key-size stream cipher with byte oriented operations.
It normally uses 64 bit or 128 bit ciphers.
The algorithm is based on the use of a random permutation.
cipher can be expected to run very quickly in software.
It is used in the SSL/TLS secure web protocol, & in the WEP & WPA wireless LAN security protocols, Microsoft Point-to-Point Encryption, Kerberos, Bit torrent encryption protocol etc.
SSL : Secure socket layer.
WEP: Wired Equivalent privacy.
WPA : Wi-fi protection access
Transport Layer Security

46. The RC4 Algorithm The RC4 algorithm is very simple in nature.
Uses variable length key, from 1 to 256bytes (8 to 2048 bits) is used for initializing a 256-byte state vector S, with elements S[0], S[1],……,S[255].
S contains permutation of all 8-bit numbers from 0 to 255.

47. RC4 Block Diagram + Secret Key RC4 Key-stream Encrypted Text
Plain Text +

48. RC4 generates a pseudorandom stream of bits (a keystream).
As with any stream cipher, these can be used for encryption by combining it with the plaintext using bit-wise exclusive-or; decryption is performed the same.
To generate the keystream, the cipher makes use of a secret internal state which consists of two parts:
A permutation of all 256 possible bytes (denoted "S" below).
Two 8-bit index-pointers (denoted "i" and "j").