Cryptography

Learning Objectives

 Upon successful completion of this chapter, you will be understanding :

DES- Data standard Encryption- versions

Limitation of symmetric encryption
Diffie Hellman – Key Exchange
Background: A few “key” concepts

• Encryption: plaintext -> ciphertext

• Decryption: ciphertext -> plaintext

• Cryptographic function: mathematical function or algorithm used to

encrypt/decrypt

• Key: parameter for a cryptographic function

• Symmetric vs. asymmetric keys

 Data Encryption Standard (DES)

• A Symmetric key encryption algorithm for data encryption

• Based on Fiestel cipher

• Goal of DES is to completely scramble the data and key so that every bit of cipher text depends on
every bit of data and ever bit of key

• DES is a block Cipher Algorithm

• Encodes plaintext in 64 bit blocks

• One parity bit for each of the 8 bytes thus it reduces to 56 bits

• It is the most used algorithm

• Standard approved by US National Bureau of Standards for Commercial and no classified US
government use in 1993
 Data Encryption Standard (DES)
• initial permutation (IP) happens only
once and it happens before the first
round.
• It suggests how the transposition in IP
should proceed, For example, it says that
the IP replaces the first bit of the original
plain text block with the 58th bit of the
original plain text.
• the resulting 64-bit permuted text block
is divided into two half blocks. Each half-
block consists of 32 bits.
 Data Encryption Standard (DES)
64-bit input 56-bit key

• Originally the key is 64 bits L1 R1

48-bit k1
transformed into 56 bit key.
F(L1, R1, K1)
• Discard every 8 bit
th
48-bit k2
L2 R2
• From the 56 bit key a 48 bit sub
key is generated for each round. F(L2, R2, K2)

48-bit k3
• The 56 bit key is shifted and 8 bits L3 R3
of it will be discarded result in 48
bit key this is called compression
permutation F(L16, R16, K16)

48-bit k16
• This give us different key each L17 R17
round
 Data Encryption Standard (DES)
64-bit input 56-bit key

• Now we have L1 and R1 each 32 bits L1 R1

48-bit k1

long and a key of 48 bits.

F(L1, R1, K1)
• R1 should be 48 bits so we perform 48-bit k2
L2 R2
Expansion Permutation
F(L2, R2, K2)
• R1 is divided into 8 blocks each of 4 bits
48-bit k3
L3 R3
• Each block is expanded to 6 bit block by
adding 2 more bits
• 48 bit R1 is XOR-ed with 48 bit key 1 F(L16, R16, K16)

block at a time L17 R17

48-bit k16
 Data Encryption Standard (DES)
64-bit input 56-bit key

• The result of the previous step is given L1 R1

48-bit k1

to the next step “Substitution”

F(L1, R1, K1)

• Each 6 bit block from the XOR in R1 48-bit k2

L2 R2
and Key is substituted with a 4 bit
block resulting in a 32 bit text F(L2, R2, K2)

48-bit k3
• The text is then XOR-ed with L1 giving L3 R3

a 32 bit R2
• R1 is used as L2 F(L16, R16, K16)

48-bit k16
• This happens 16 rounds L17 R17
Data Encryption Standard (DES)
64-bit input 56-bit key

48-bit k1
L1 R1 • DES run in reverse to decrypt
F(L1, R1, K1)
• Cracking DES
48-bit k2
L2 R2 • 1997: 140 days
F(L2, R2, K2)
• 1999: 14 hours

L3 R3
48-bit k3 • Triple-DES uses DES 3 times in
tandem
• Output from 1 DES is input to
F(L16, R16, K16) next DES
48-bit k16
L17 R17
Check the Notes down below
Triple-DES (3-
DES)
 AES (Advanced Encryption Standard)
• Came to replace DES and Triple DES
• Harder to implement than DES
• It is a block Cipher with a variable key size (128/192/256) bits and a data block size
of 128 bits
• Relies on substitution-permutation network principle
• AES performs operations on bytes of data rather than in bits. Since the block size is 128 bits, the
cipher processes 128 bits (or 16 bytes) of the input data at a time.
• The number of rounds depends on the key length as follows :

• 128 bit key – 10 rounds

• 192 bit key – 12 rounds

• 256 bit key – 14 rounds

 AES
• AES performs operations on
bytes of data rather than in
bits. Since the block size is
128 bits, the cipher
processes 128 bits (or 16
bytes) of the input data at a
time.
• Key Expantion:
 AES Key Expansion
• Takes as input a four-word (16 byte) key and produces a linear array of 44 words
(176) bytes
• This is sufficient to provide a four-word round key for the initial AddRoundKey stage and each
of the 10 rounds of the cipher
• Key is copied into the first four words of the expanded key
• The remainder of the expanded key is filled in four words at a time
• Each added word w[i] depends on the immediately preceding word, w[i – 1],
and the word four positions back, w[i – 4]
• In three out of four cases a simple XOR is used
• For a word whose position in the w array is a multiple of 4, a more complex function is used
AES Encryption
• AES considers each block as a 16 byte (4 byte x 4 byte = 128 ) grid in
a column major arrangement.
{ b0 | B1 | B2 | B3 |
b4 | B5 | B6 | B7 |
b8 | b9 | b10| b11|
b12 | b13 | b 14 | b15}

• Each round comprises of 4 steps :

• SubBytes
• ShiftRows
• MixColumns
• Add Round Key
• The last round doesn’t have the MixColumns round.
 AES Encryption
• SubBytes :
This step implements the substitution. In this step each byte is substituted by
another byte.
• The result of this step is a 16 byte (4 x 4 ) matrix like before.
• The next two steps implement the permutation.
• ShiftRows :
This step is just as it sounds. Each row is shifted a particular number of times.
• MixColumns :
This step is basically a matrix multiplication.
• Add Round Keys :
Now the resultant output of the previous stage is XOR-ed with the
corresponding round key. Here, the 16 bytes is not considered as a grid but just
as 128 bits of data.
AES Decryption
• The stages in the rounds can be easily undone as these stages have
an opposite to it which when performed reverts the changes.Each
128 blocks goes through the 10,12 or 14 rounds depending on the
key size.
• The stages of each round in decryption is as follows :
• Add round key
• Inverse MixColumns
• ShiftRows
• Inverse SubByte
• The decryption process is the encryption process done in reverse
 AES Implementation
• AES decryption cipher is not identical Two separate changes are
needed to bring the
to the encryption cipher decryption structure in line
with the encryption structure
• The sequence of transformations differs
although the form of the key schedules The first two stages of the
decryption round need to be
is the same. interchanged

• Has the disadvantage that two separate

software or firmware modules are The second two stages of the
decryption round need to be
needed for applications that require interchanged

both encryption and decryption.

 AES Applications
• Wireless security: AES is used in securing wireless networks, such as Wi-Fi networks, to ensure data
confidentiality and prevent unauthorized access.
• Database Encryption: AES can be applied to encrypt sensitive data stored in databases. This helps protect
personal information, financial records, and other confidential data from unauthorized access in case of a
data breach.
• Secure communications: AES is widely used in protocols like such as internet communications, email, instant
messaging, and voice/video calls.It ensures that the data remains confidential.
• Data storage: AES is used to encrypt sensitive data stored on hard drives, USB drives, and other storage
media, protecting it from unauthorized access in case of loss or theft.
• Virtual Private Networks (VPNs): AES is commonly used in VPN protocols to secure the communication
between a user’s device and a remote server. It ensures that data sent and received through the VPN remains
private and cannot be deciphered by eavesdroppers.
• Secure Storage of Passwords: AES encryption is commonly employed to store passwords securely. Instead of
storing plaintext passwords, the encrypted version is stored. This adds an extra layer of security and protects
user credentials in case of unauthorized access to the storage.
• File and Disk Encryption: AES is used to encrypt files and folders on computers, external storage devices, and
cloud storage. It protects sensitive data stored on devices or during data transfer to prevent unauthorized
access.
Encryption Algorithm
Summary

Algorithm Type Key Size Features

DES Block 56 bits Most Common, Not

Cipher strong enough
TripleDES Block 168 bits Modification of DES,
Cipher (112 effective) Adequate Security
Blowfish Block Variable Excellent Security
Cipher (Up to 448 bits)

AES Block Variable Replacement for DES,

Cipher (128, 192, or Excellent Security
256 bits)

RC4 Stream Variable Fast Stream Cipher,

Cipher (40 or 128 bits) Used in most SSL
implementations
 Symmetric Encryption
Limitations

• Any exposure to the secret key compromises secrecy of cipher-text.

• A key needs to be delivered to the recipient of the coded message for it

to be deciphered.

• Potential for eavesdropping attack during transmission of key

So four people walk into a bar…
Alice, Bob, and Trudy

• Alice and Bob want to speak privately over a public channel

• Trudy is always eavesdropping on Alice and Bob

secure secure
sender receiver

Alice Bob

Trudy
Diffie-Hellman Key Exchange
• First published public-key algorithm

• A number of commercial products employ this key exchange technique

• Purpose is to enable two users to securely exchange a key that can then be
used for subsequent symmetric encryption of messages

• The algorithm itself is limited to the exchange of secret values

• Its effectiveness depends on the difficulty of computing discrete logarithms

Diffie-Hellman key exchange- The concept
• Alice and Bob derive a shared secret key over a public channel (no prior
arrangements)

• Publicly agree on two public values, and

• Each choose a private value, and

• Use clever math to compute a shared secret,

• Trudy never overhear enough information to derive the shared secret

 The Technical Details Of The Diffie-hellman Key
Exchange
• The next step is for Alice to pick a secret integer a that she does not reveal to anyone,
while at the same time Bob picks an integer b that he keeps secret. Bob and Alice use
their secret integers to compute:

• They next exchange these computed values, Alice sends A to Bob and Bob sends B to
Alice. Note that Eve gets to see the values of A and B, since they are sent over the
insecure communication channel. Finally, Bob and Alice again use their secret integers
to compute:
Mathematically…

• The values that they compute, A’ and B’ respectively, are actually

the same. This common value is their exchanged key.

• BCS…

• ==

• ==
 Alice Bob
p=353; p=353; g=3;
g=3;

𝑿 𝑨 =𝟗𝟕 𝑿 𝑩 =𝟐𝟑𝟑

𝒀 𝑨 𝒀𝑩

𝒀 𝑩 =𝟐𝟒𝟖 𝒀 𝑨 =𝟒𝟎

K K
Alice Darth Bob
q=353; q=353; q=353;
a=3; a=3;
𝑿 𝑨 =𝟗𝟕 a=3;
𝑿 𝑩 =𝟐𝟑𝟑

𝒀 𝑨 =𝟒𝟎

𝑿 𝑫 𝟏=𝟏𝟑𝟏
𝑿 𝑫 𝟐=𝟏𝟑𝟕
𝟏𝟑𝟏
𝒀 𝑫 𝟏=𝟑 𝒎𝒐𝒅 𝟑𝟓𝟑=𝟐𝟕𝟒
𝟏𝟑𝟕
𝒀 𝑫 𝟐=𝟑 𝒎𝒐𝒅 𝟑𝟓𝟑=𝟑𝟎𝟏
𝒀 𝑫 𝟐=𝟑𝟎𝟏 𝒀 𝑫 𝟏=𝟐𝟕𝟒

K2 K2

𝒀 𝑩 =𝟐𝟒𝟖

K1 K1

K2 K2 K1 K1

𝒀𝑨 𝒀𝑩
Show videos
The Diffie-hellman Key Exchange Summary
Diffie-hellman Key
Exchange
The End
Lab Work
Bag Issue
• "How can I send an encrypted message to someone I don't trust
and can't share the encryption key with????”