INTRODUCTION & MODERN BLOCK CIPHERS

INTRODUCTION:
Computer data often travels from one computer to another, leaving the safety of its protected
physical surroundings. Once the data is out of hand, people with bad intention could modify or
forge your data, either for amusement or for their own benefit. Cryptography can reformat and
transform our data, making it safer on its trip between computers. The technology is based on the
essentials of secret codes, augmented by modern mathematics that protects our data in powerful
ways.
• Computer Security - generic name for the collection of tools designed to protect data and to
thwart hackers
• Network Security - measures to protect data during their transmission
• Internet Security - measures to protect data during their transmission over a collection of
interconnected networks

In Cryptography and Network Security we mainly focuses on two broad areas: cryptographic
algorithms and protocols, which
have a broad range of applications; and network and Internet security, which rely
heavily on cryptographic techniques.
Cryptographic algorithms and protocols can be grouped into four main areas:
• Symmetric encryption: Used to conceal the contents of blocks or streams of
data of any size, including messages, files, encryption keys, and passwords.
• Asymmetric encryption: Used to conceal small blocks of data, such as encryption
keys and hash function values, which are used in digital signatures.
• Data integrity algorithms: Used to protect blocks of data, such as messages,
from alteration.
• Authentication protocols: These are schemes based on the use of cryptographic
algorithms designed to authenticate the identity of entities.

A definition of COMPUTER SECURITY

• Computer security: The protection afforded to an automated information system in
order to attain the applicable objectives of preserving the integrity, availability and
confidentiality of information system resources (includes hardware, software, firmware,
information/data, and telecommunications)NIST 1995

UNIT - 1 Page 1
 INTRODUCTION & MODERN BLOCK CIPHERS

Three key objectives (the CIA triad)

• Confidentiality
– Data confidentiality: Assures that confidential information is not disclosed to
unauthorized individuals
– Privacy: Assures that individual control or influence what information may be
collected and stored
• Integrity
– Data integrity: assures that information and programs are changed only in a
specified and authorized manner
– System integrity: Assures that a system performs its operations in unimpaired
manner
• Availability: assure that systems works promptly and service is not denied to authorized
users
Key Security Concepts

Other concepts to a complete security picture

• Authenticity: the property of being genuine and being able to be verified and trusted;
confident in the validity of a transmission, or a message, or its originator
• Accountability: generates the requirement for actions of an entity to be traced uniquely
to that individual to support nonrepudiation, deference, fault isolation, etc
Levels of security breach impact
• Low: the loss will have a limited impact, e.g., a degradation in mission or minor damage
or minor financial loss or minor harm
• Moderate: the loss has a serious effect, e.g., significance degradation on mission or
significant harm to individuals but no loss of life or threatening injuries
• High: the loss has severe or catastrophic adverse effect on operations, organizational
assets or on individuals (e.g., loss of life)
Examples of security requirements: Confidentiality
• Student grade information is an asset whose confidentiality is considered to be very high
– The US FERPA Act: grades should only be available to students, their parents,
and their employers (when required for the job)

UNIT - 1 Page 2
 INTRODUCTION & MODERN BLOCK CIPHERS

• Student enrollment information: may have moderate confidentiality rating; less damage if
enclosed
• Directory information: low confidentiality rating; often available publicly
Examples of security requirements: Integrity
• A hospital patient‟s allergy information (high integrity data): a doctor should be able to
trust that the info is correct and current
– If a nurse deliberately falsifies the data, the database should be restored to a
trusted basis and the falsified information traced back to the person who did it
• An online newsgroup registration data: moderate level of integrity
• An example of low integrity requirement: anonymous online poll (inaccuracy is well
understood)
Examples of security requirements: Availability
• A system that provides authentication: high availability requirement
– If customers cannot access resources, the loss of services could result in financial
loss
• A public website for a university: a moderate availably requirement; not critical but
causes embarrassment
• An online telephone directory lookup: a low availability requirement because
unavailability is mostly annoyance (there are alternative sources)
Challenges of computer security
1. Computer security is not simple
2. One must consider potential (unexpected) attacks
3. Procedures used are often counter-intuitive
4. Must decide where to deploy mechanisms
5. Involve algorithms and secret info (keys)
6. A battle of wits between attacker / admin
7. It is not perceived on benefit until fails
8. Requires constant monitoring
9. Too often an after-thought (not integral)
Regarded as impediment to using system
Network Security: It can be defined as “measures adopted to prevent the unauthorized use,
misuse, modification or denial of use of knowledge, facts, data or capabilities”. Three aspects of
IS are:
Security Attack: Any action that comprises the security of information
Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a
security.
Security Service: It is a processing or communication service that enhances the security of
the data processing systems and information transfer. The services are intended to counter

UNIT - 1 Page 3
 INTRODUCTION & MODERN BLOCK CIPHERS

THE OSI SECURITY ARCHITECTURE

To assess effectively the security needs of an organization and to evaluate and choose various
security products and policies, the manager responsible for security needs some systematic way
of defining the requirements for security and characterizing the approaches to satisfying those
requirements. The OSI security architecture was developed in the context of the OSI protocol
architecture, which is described in Appendix H. However, for our purposes in this chapter, an
understanding of the OSI protocol architecture is not required. For our purposes, the OSI security
architecture provides a useful, if abstract, overview of many of the concepts.. The OSI security
architecture focuses on security attacks, mechanisms, and services. These can be defined briefly
as follows:
Security Attacks, Services And Mechanisms To assess the security needs of an organization
effectively, the manager responsible for security needs some systematic way of defining the
requirements for security and characterization of approaches to satisfy those requirements. One
approach is to consider three aspects of information security:
 Security attack – Any action that compromises the security of information owned by an
organization.
 Security mechanism – A mechanism that is designed to detect, prevent or recover from
a security attack.
 Security service – A service that enhances the security of the data processing systems
and the information transfers of an organization. The services are intended to counter
security attacks and they make use of one or more security mechanisms to provide the
service.
Table 1.1. Threats and Attacks (RFC 2828)
Threat
A potential for violation of security, which exists when there is a circumstance, capability,
action, or event that could breach security and cause harm. That is, a threat is a possible
danger that might exploit a vulnerability.
Attack
An assault on system security that derives from an intelligent threat; that is, an intelligent
act that is a deliberate attempt (especially in the sense of a method or technique) to evade
security services and violate the security policy of a system.

UNIT - 1 Page 4
 INTRODUCTION & MODERN BLOCK CIPHERS

SECURITY ATTACKS:
Security attacks can be classified in terms of Passive attacks and Active attacks as per X.800
and RFC 2828
Different kinds of attacks are:
Interruption
Sender Receiver
S R

An asset of the system is destroyed or becomes unavailable or unusable. It is an attack on

availability
Examples:
i.
Destruction of some hardware
ii.
Jamming wireless signals
iii.
Disabling file management systems
Interception

Sender Receiver
S R

H
Hacker
An unauthorized party gains access to an asset. Attack on confidentiality.
Examples:
i.
Wire tapping to capture data in a network.
ii. Illicitly copying data or programs
iii. Eavesdropping
Modification:
S R

H
When an unauthorized party gains access and tampers an asset. Attack is on Integrity.
Examples:
i.
Changing data file
ii.
Altering a program and the contents of a message

UNIT - 1 Page 5
 INTRODUCTION & MODERN BLOCK CIPHERS

Fabrication
S R

An unauthorized party inserts a counterfeit object into the system. Attack on

Authenticity. Also called impersonation
Examples:
i. Hackers gaining access to a personal email and sending message ii.
ii. Insertion of records in data files
iii. Insertion of spurious messages in a network

A useful means of classifying security attacks used both in X.800 and RFC 2828, is in terms of
passive attacks and active attacks. It attempts to learn or make use of information from the
system but does not affect system resources. An active attack attempts to alter system resources
or affect their operation.

Passive Attacks:
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal
of the opponent is to obtain information that is being transmitted. Two types of passive attacks
are the release of message contents and traffic analysis. The release of message contents is easily
understood. A telephone conversation, an electronic mail message, and a transferred file may
contain sensitive or confidential information. We would like to prevent an opponent from
learning the contents of these transmissions.

Release of Message Contents

A second type of passive attack, traffic analysis, is subtler. Suppose that we had a way of
masking the contents of messages or other information traffic so that opponents, even if they
captured the message, could not extract the information from the message. The common
technique for masking contents is encryption.

UNIT - 1 Page 6
 INTRODUCTION & MODERN BLOCK CIPHERS

Traffic Analysis

Passive attacks are very difficult to detect, because they do not involve any alteration of the data.
Typically, the message traffic is sent and received in an apparently normal fashion, and neither
the sender nor receiver is aware that a third party has read the messages or observed the traffic
pattern. However, it is feasible to prevent the success of these attacks, usually by means of
encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than
detection.

Active Attacks
Active attacks involve some modification of the data stream or the creation of a false stream and
can be subdivided into four categories: masquerade, replay, modification of messages, and denial
of service.

A Masquerade takes place when one entity pretends to be a different entity. A masquerade
attack usually includes one of the other forms of active attack.

Masquerade
Replay involves the passive capture of a data unit and its subsequent retransmission to produce
an unauthorized effect.

UNIT - 1 Page 7
 INTRODUCTION & MODERN BLOCK CIPHERS

Replay

Modification of messages simply means that some portion of a legitimate message is altered, or
that messages are delayed or reordered, to produce an unauthorized effect. For example, a
message meaning “Allow John Smith to read confidential file accounts ” is modified to mean
“Allow Fred Brown to read confidential file accounts.

Modification of Messages
The denial of service prevents or inhibits the normal use or management of communications
facilities. This attack may have a specific target; for example, an entity may suppress all
messages directed to a particular destination (e.g., the security audit service). Another form of
service denial is the disruption of an entire network, either by disabling the network or by
overloading it with messages so as to degrade performance.

Denial of Service

UNIT - 1 Page 8
 INTRODUCTION & MODERN BLOCK CIPHERS

SECURITY SERVICES:
A processing or communication service that is provided by a system to give a specific kind of
protection to system resources; security services implement security policies and are
implemented by security mechanisms.
X.800 divides these services into five categories and fourteen specific services
AUTHENTICATION DATA INTEGRITY
The assurance that the communicating entity is The assurance that data received are
the one that it claims to be. exactly as sent by an authorized entity (i.e.,
Peer Entity Authentication contain no modification, insertion,
Used in association with a logical connection to deletion, or replay).
provide confidence in the identity of the entities Connection Integrity with Recovery
connected. Provides for the integrity of all user data on
Data-Origin Authentication a connection and detects any modification,
In a connectionless transfer, provides assurance insertion, deletion, or replay of any data
that the source of received data is as claimed. within an entire data sequence, with
recovery attempted.
ACCESS CONTROL Connection Integrity without Recovery
The prevention of unauthorized use of a As above, but provides only detection
resource (i.e., this service controls who can have without recovery.
access to a resource, under what conditions
access can occur, and what those accessing the Selective-Field Connection Integrity
resource are allowed to do). Provides for the integrity of selected fields
within the user data of a data block
DATA CONFIDENTIALITY transferred over a connection and takes the
The protection of data from unauthorized form of determination of whether the
disclosure. selected fields have been modified,
Connection Confidentiality inserted, deleted, or replayed.
The protection of all user data on a connection.
Connectionless Confidentiality Connectionless Integrity
The protection of all user data in a single data Provides for the integrity of a single
block connectionless data block and may take the
Selective-Field Confidentiality form of detection of data modification.
The confidentiality of selected fields within the Additionally, a limited form of
user data on a connection or in a single data replay detection may be provided.
block.
Traffic-Flow Confidentiality Selective-Field Connectionless Integrity
The protection of the information that might be Provides for the integrity of selected fields
derived from observation of traffic flows. within a single connectionless data block;
takes the form of determination of whether
the selected fields have been modified.

UNIT - 1 Page 9
 INTRODUCTION & MODERN BLOCK CIPHERS

NONREPUDIATION
Provides protection against denial by one
of the entities involved in a communication
of having participated in all or part of the
communication.

Non repudiation, Origin

Proof that the message was sent by the
specified party.

Non repudiation, Destination

Proof that the message was received by the
specified party

SECURITY MECHANISMS:
The mechanisms are divided into those that are implemented in a specific protocol layer, such as
TCP or an application-layer protocol, and those that are not specific to any particular protocol
layer or security service.

UNIT - 1 Page 10
 INTRODUCTION & MODERN BLOCK CIPHERS

SPECIFIC SECURITY MECHANISMS PERVASIVE SECURITY

May be incorporated into the appropriate MECHANISMS
protocol layer in order to provide some of the Mechanisms that are not specific to any
OSI security services. particular OSI security service or
protocol layer.
Encipherment
The use of mathematical algorithms to Trusted Functionality
transform data into a form that is not readily That which is perceived to be correct
intelligible. The transformation and with respect to some criteria (e.g., as
subsequent recovery of the data depend on an established by a security policy).
algorithm and zero or more encryption keys.
Digital Signature Security Label
Data appended to, or a cryptographic The marking bound to a resource
transformation of, a data unit that allows a (which may be a data unit) that names
recipient of the data unit to prove the source or designates the security attributes of
and integrity of the data unit and protect that resource.
against forgery (e.g., by the recipient).
Access Control Event Detection
A variety of mechanisms that enforce access Detection of security-relevant events.
rights to resources.
Data Integrity Security Audit Trail
A variety of mechanisms used to assure the Data collected and potentially used to
integrity of a data unit or stream of data facilitate a security audit, which is an
units. independent review and examination of
Authentication Exchange system records and activities.
A mechanism intended to ensure the identity
of an entity by means of information Security Recovery
exchange. Deals with requests from mechanisms,
Traffic Padding such as event handling and
The insertion of bits into gaps in a data management functions, and takes
stream to frustrate traffic analysis attempts. recovery actions.
Routing Control
Enables selection of particular physically
secure routes for certain data and allows
routing changes, especially when a breach of
security is suspected.
Notarization
The use of a trusted third party to assure
certain
properties of a data exchange.

UNIT - 1 Page 11
 INTRODUCTION & MODERN BLOCK CIPHERS

A MODEL FOR NETWORK SECURITY

A message is to be transferred from one party to another across some sort of internet. The two
parties, who are the principals in this transaction, must cooperate for the exchange to take place.
A logical information channel is established by defining a route through the internet from source
to destination and by the cooperative use of communication protocols (e.g., TCP/IP) by the two
principals. using this model requires us to:
– design a suitable algorithm for the security transformation
– generate the secret information (keys) used by the algorithm
– develop methods to distribute and share the secret information
– specify a protocol enabling the principals to use the transformation and secret information for a
security service

MODEL FOR NETWORK ACCESS SECURITY

UNIT - 1 Page 12
 INTRODUCTION & MODERN BLOCK CIPHERS

 using this model requires us to:

– select appropriate gatekeeper functions to identify users
– implement security controls to ensure only authorized users access designated
information or resources
 trusted computer systems can be used to implement this model

CONVENTIONAL ENCRYPTION
Symmetric encryption also referred to as conventional encryption or single-key encryption was
the only type of encryption in use prior to the development of public key encryption in the 1970s.
Some basic terminologies used:
• plaintext - the original message
• ciphertext - the coded message
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - restoring the plaintext from the ciphertext
• cryptography - study of encryption principles/methods
• cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext
without knowing key
• cryptology - the field of both cryptography and cryptanalysis

SYMMETRIC CIPHER MODEL

A symmetric encryption scheme has five ingredients:
• Plaintext: This is the original intelligible message or data that is fed into the algorithm as
input.
• Encryption algorithm: The encryption algorithm performs various substitutions and
transformations on the plaintext.
• Secret key: The secret key is also input to the encryption algorithm. The key is a value
independent of the plaintext and of the algorithm. The algorithm will produce a different output
depending on the specific key being used at the time. The exact substitutions and transformations
performed by the algorithm depend on the key.
• Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and
the secret key. For a given message, two different keys will produce two different ciphertexts.
The ciphertext is an apparently random stream of data and, as it stands, is unintelligible.
• Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the
ciphertext and the secret key and produces the original plaintext.
Two requirements for secure use of symmetric encryption:
– a strong encryption algorithm
– Sender and receiver must have obtained copies of the secret key in a secure fashion and must
keep the key secure. If someone can discover the key and knows the algorithm, all
communication using this key is readable.

UNIT - 1 Page 13
 INTRODUCTION & MODERN BLOCK CIPHERS

We assume that it is impractical to decrypt a message on the basis of the ciphertext plus
knowledge of the encryption/decryption algorithm. In other words, we do not need to keep the
algorithm secret; we need to keep only the key secret. This feature of symmetric encryption is
what makes it feasible for widespread use.

If the key is generated at the message source, then it must also be provided to the destination by
means of some secure channel. Alternatively, a third party could generate the key and securely
deliver it to both source and destination.

Cryptography:
Cryptographic systems are generally classified along 3 independent dimensions:
Type of operations used for transforming plain text to cipher text:
All the encryption algorithms are based on two general principles: substitution, in which each
element in the plaintext is mapped into another element, and transposition, in which elements in
the plaintext are rearranged.
The number of keys used:
If the sender and receiver uses same key then it is said to be symmetric key (or) single key (or)
conventional encryption. If the sender and receiver use different keys then it is said to be
public key encryption.
The way in which the plain text is processed:
A block cipher processes the input one block of elements at a time, producing an output block for
each input block. A stream cipher processes the input elements continuously, producing output
one element at a time, as it goes along.

UNIT - 1 Page 14
 INTRODUCTION & MODERN BLOCK CIPHERS

CRYPTANALYSIS:
The process of attempting to discover X or K or both is known as cryptanalysis. The strategy
used by the cryptanalysis depends on the nature of the encryption scheme and the information
available to the cryptanalyst. There are various types of cryptanalytic attacks based on the
amount of information known to the cryptanalyst.
Cipher text only – A copy of cipher text alone is known to the cryptanalyst.
Known plaintext – The cryptanalyst has a copy of the cipher text and the corresponding
plaintext.
Chosen plaintext – The cryptanalysts gains temporary access to the encryption machine. They
cannot open it to find the key, however; they can encrypt a large number of suitably chosen
plaintexts and try to use the resulting cipher texts to deduce the key.
Chosen cipher text – The cryptanalyst obtains temporary access to the decryption machine, uses
it to decrypt several string of symbols, and tries to use the results to deduce the key.
Cryptanalysis
Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some
knowledge of the general characteristics of the plaintext or even some sample plaintext–
ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to
deduce a specific plaintext or to deduce the key being used.
Brute-force attack: The attacker tries every possible key on a piece of ciphertext until an
intelligible translation into plaintext is obtained. On average, half of all possible keys must be
tried to achieve success.
Types of Attacks on Encrypted Messages

UNIT - 1 Page 15
 INTRODUCTION & MODERN BLOCK CIPHERS

CLASSICAL ENCRYPTION TECHNIQUES

There are two basic building blocks of all encryption techniques: substitution and transposition.
I. SUBSTITUTION TECHNIQUES A substitution technique is one in which the letters of
plaintext are replaced by other letters or by numbers or symbols. If the plaintext is viewed as a
sequence of bits, then substitution involves replacing plaintext bit patterns with cipher text bit
patterns.
CAESAR CIPHER (OR) SHIFT CIPHER The earliest known use of a substitution
cipher and the simplest was by Julius Caesar. The Caesar cipher involves replacing each letter of
the alphabet with the letter standing 3 places further down the alphabet.
Plain : meet me after the toga party
cipher: PHHW PH DIWHU WKH WRJD SDUWB
Note that the alphabet is wrapped around, so that the letter following Z is A. We can define the
transformation by listing all possibilities, as follows:
Plain : a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Let us assign a numerical equivalent to each letter:
When letters are involved, the following conventions are used in this book. Plaintext is always in
lowercase; ciphertext is in uppercase; key values are in italicized lowercase.

a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12

n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25

Then the algorithm can be expressed as follows. For each plaintext letter p, substitute the
ciphertext letter C:
C = E(3, p) = (p + 3) mod 26
A shift may be of any amount, so that the general Caesar algorithm is
C = E(k, p) = (p + k) mod 26
where takes on a value in the range 1 to 25.The decryption algorithm is simply
p = D(k, C) = (C - k) mod 26

Three important characteristics of this problem enabled us to use a bruteforce cryptanalysis:

1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.

UNIT - 1 Page 16
 INTRODUCTION & MODERN BLOCK CIPHERS

MONOALPHABETIC CIPHERS:
With only 25 possible keys, the Caesar cipher is far from secure. Hence, another approach
referred to as monoalphabetic substitution cipher is introduced, in which instead of taking any
permutation(possibility) of 26 characters then there are 26! or greater than possible keys.
Monoalphabetic cipher can use a key in different order. For example
Using the key “zebras” the ciphertext will be as follows.
A B C D E F G H I J K L M N O P
Z E B R A S C D F G H I J K L M

Q R S T U V W X Y Z
N O P Q T U V W X Y

PlainText : hello
CipherText :DAIIL
The cryptanalyst may try to break the ciphertext by looking at the ciphertext and identifying the
frequency of letters in the text, comparing it with the relative frequency of the letters in English
Text, and the looking at the frequency of two-letter word(digram), three letter words(trigram)
and so on.
Monoalphabetic ciphers are easy to break because they reflect the frequency data of the original
alphabet.
A countermeasure is to provide multiple substitutes, known as homophones, for a single letter.

PLAYFAIR CIPHER:
The best known multiple letter encryption cipher is the playfair, which treats digrams in the
plaintext as single units and translates these units into cipher text digrams.
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
The playfair algorithm is based on the use of 5x5 matrix of letters constructed using a keyword.
Let the keyword be „monarchy‟. The matrix is constructed by filling in the letters of the
keyword (minus duplicates) from left to right and from top to bottom, and then filling in the
remainder of the matrix with the remaining letters in alphabetical order.
The letter „i‟ and „j‟ count as one letter. Plaintext is encrypted two letters at a time according to
the following rules:
 Repeating plaintext letters that would fall in the same pair are separated with a filler letter
such as „x‟. so that balloon would be treated as ba lx lo on.

UNIT - 1 Page 17
 INTRODUCTION & MODERN BLOCK CIPHERS

 Two Plaintext letters that fall in the same row of the matrix are each replaced by the letter
to the right, with the first element of the row circularly following the last. For example, ar
is encrypted as RM.

 Two Plaintext letters that fall in the same column are replaced by the letter beneath, with
the top element of the column circularly following the last. For example, mu is encrypted
as CM.

 Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row
and the column occupied by the other plaintext letter. Thus, hs becomes BP and ea
becomes IM (or JM, as the encipherer wishes).

Plaintext = meet me at the school house

Splitting two letters as a unit => me et me at th es ch ox ol ho us ex
Corresponding cipher text => CL KL CL RS PD IL HY AV MP HF XL IU
Strength of playfair cipher
 Playfair cipher is a great advance over simple mono alphabetic ciphers.
 Since there are 26 letters, 26x26 = 676 digrams are possible, so identification of
individual digram is more difficult.
 Frequency analysis is much more difficult.
HILL CIPHER:
The Hill Cipher was invented by Lester S. Hill in 1929, and like the other Digraphic Ciphers it
acts on groups of letters. Unlike the others though it is extendable to work on different sized
blocks of letters. So, technically it is a polygraphic substitution cipher, as it can work on
digraphs, trigraphs (3 letter blocks) or theoretically any sized blocks.

The Hill Cipher uses an area of mathematics called Linear Algebra, and in particular requires the
user to have an elementary understanding of matrices. It also makes use of Modulo Arithmetic
(like the Affine Cipher). Because of this, the cipher has a significantly more mathematical nature
than some of the others. However, it is this nature that allows it to act (relatively) easily on larger
blocks of letters.

Encryption
To encrypt a message using the Hill Cipher we must first turn our keyword into a key matrix (a 2
x 2 matrix for working with digraphs, a 3 x 3 matrix for working with trigraphs, etc). We also
turn the plaintext into digraphs (or trigraphs) and each of these into a column vector. We then
perform matrix multiplication modulo the length of the alphabet (i.e. 26) on each vector. These
vectors are then converted back into letters to produce the ciphertext.

UNIT - 1 Page 18
 INTRODUCTION & MODERN BLOCK CIPHERS

2x2Example
We shall encrypt the plaintext message "short example" using the
keyword hill and a 2 x 2 matrix. The first step is to turn the keyword
into a matrix. If the keyword was longer than the 4 letters needed, we
The keyword written as
would only take the first 4 letters, and if it was shorter, we would fill
a matrix.
it up with the alphabet in order (much like a Mixed Alphabet).

With the keyword in a matrix, we need to convert this into a key

matrix. We do this by converting each letter into a number by its
position in the alphabet (starting at 0). So, A = 0, B = 1, C= 2, D = 3, The key matrix (each
etc. letter of the keyword is
converted to a number).
We now split the plaintext into digraphs, and write these as column vectors. That is, in the first
column vector we write the first plaintext letter at the top, and the second letter at the bottom.
Then we move to the next column vector, where the third plaintext letter goes at the top, and the
fourth at the bottom. This continues for the whole plaintext.

The plaintext "short example" split into column vectors.

Now we must convert the plaintext column vectors in the same way that we converted the
keyword into the key matrix. Each letter is replaced by its appropriate number.

The plaintext converted into numeric column vectors.

Now we must perform some matrix multiplication. We multiply the key matrix by each column
vector in turn. We shall go through the first of these in detail, then the rest shall be presented in
less detail. We write the key matrix first, followed by the column vector.

To perform matrix multiplication we "combine" the top row of the key matrix with the column
vector to get the top element of the resulting column vector. We then "combine" the bottom row
of the key matrix with the column vector to get the bottom element of the resulting column
vector. The way we "combine" the four numbers to get a single number is that we multiply the
first element of the key matrix row by the top element of the column vector, and multiply the

UNIT - 1 Page 19
 INTRODUCTION & MODERN BLOCK CIPHERS

second element of the key matrix row by the bottom element of the column vector. We then add
together these two answers.

That is, we follow the rules given by the

algebraic method shown to the left.
The algebraic rules of matrix multiplication.

In our case we perform the two calculations on

the right. We then right these two answers out
in a column vector as shown below.
The calculations performed when doing a
matrix multiplication.

The shorthand for the matrix multiplication.

Next we have to take each of these numbers, in our resultant column vector, modulo 26
(remember that means divide by 26 and take the remainder).

Reducing the resultant column vector modulo 26.

Finally we have to convert these numbers back to letters, so 0 becomes "A" and 15 becomes "P",
and our first two letters of the ciphertext are "AP".

The whole calculation: converting to numbers; the matrix multiplication; reducing modulo 26;
converting back to letters.

UNIT - 1 Page 20
 INTRODUCTION & MODERN BLOCK CIPHERS

This gives us a final ciphertext of "APADJ TFTWLFJ".

Decryption process:
To decrypt a ciphertext encoded using the Hill Cipher, we must find the inverse matrix. Once we
have the inverse matrix, the process is the same as encrypting. That is we multiply the inverse
key matrix by the column vectors that the ciphertext is split into, take the results modulo the
length of the alphabet, and finally convert the numbers back to letters.
Since the majority of the process is the same as encryption, we are going ot focus on finding the
inverse key matrix (not an easy task), and will then skim quickly through the other steps (for
more information see Encryption above).
In general, to find the inverse of the key matrix, we perform the calculation below, where K is
the key matrix, d is the determinant of the key matrix and adj(K) is the adjugate matrix of K.

General method to calculate the inverse key matrix.

2 x 2 Example

We shall decrypt the example above, so we are using the keyword

hill and our ciphertext is "APADJ TFTWLFJ". We start by writing
The keyword written as
out the keyword as a matrix and converting this into a key matrix as
a matrix.
for encryption. Now we must convert this to the inverse key matrix,

UNIT - 1 Page 21
 INTRODUCTION & MODERN BLOCK CIPHERS

for which there are several steps.

The key matrix (each

letter of the keyword is
converted to a number).
Step 1 - Find the Multiplicative Inverse of the Determinant
The determinant is a number that relates directly to the entries of the matrix. It is found by
multiplying the top left number by the bottom right number and subtracting from this the product
of the top right number and the bottom left number. This is shown algebraically below. Note that
the notation for determinant has straight lines instead of brackets around our matrix.

Algebraic method to calculate the determinant of a 2 x 2 matrix.

Once we have found this value, we need to take the number modulo 26. Below is the way to
calculate the determinant for our example.

Calculating the determinant of our 2 x 2 key matrix.

We now have to find the multiplicative
inverse of the determinant working modulo
26. That is, the number between 1 and 25 that
gives an answer of 1 when we multiply it by If d is the determinant, then we are looking for
the determinant. So, in this case, we are the inverse of d.
looking for the number that we need to
multiply 15 by to get an answer of 1 modulo
26. There are algorithms to calculate this, but
The multiplicative inverse is the number we
it is often easiest to use trial and error to find multiply 15 by to get 1 modulo 26.
the inverse.

This calculation gives us an answer of 1 modulo 26.

So the multiplicative inverse of the determinant modulo 26 is 7. We shall need this number later.
Step 2 - Find the Adjugate Matrix
The adjugate matrix is a matrix of the same size as the original. For a 2 x 2 matrix, this is fairly
straightforward as it is just moving the elements to different positions and changing a couple of

UNIT - 1 Page 22
 INTRODUCTION & MODERN BLOCK CIPHERS

signs. That is, we swap the top left and bottom right numbers in the key matrix, and change the
sign of the the top right and bottom left numbers. Algebraically this is given below.

The adjugate matrix of a 2 x 2 matrix.

Again, once we have these values we will need to take each of them modulo 26 (in particular, we
need to add 26 to the negative values to get a number between 0 and 25. For our example we get
the matrix below.

The adjugate matrix of the key matrix.

Step 3 - Multiply the Multiplicative Inverse of the Determinant by the Adjugate Matrix
To get the inverse key matrix, we now multiply the inverse determinant (that was 7 in our case)
from step 1 by each of the elements of the adjugate matrix from step 2. Then we take each of
these answers modulo 26.

Multiplying the multiplicative inverse of the determinant by the adjugate to get the inverse key
matrix.
That is:

Now we have the inverse key matrix, we have to convert the ciphertext into column vectors and
multiply the inverse matrix by each column vector in turn, take the results modulo 26 and
convert these back into letters to get the plaintext.

UNIT - 1 Page 23
 INTRODUCTION & MODERN BLOCK CIPHERS

The decryption of the first digraph.

We get back our plaintext of "short example".

POLYALPHABETIC CIPHERS:
Another way to improve on the simple monoalphabetic technique is to use different
monoalphabetic substitutions as one proceeds through the plaintext message. The general name
for this approach is polyalphabetic substitution cipher.
All these techniques have the following features in common:
1. A set of related monoalphabetic substitution rules is used.
2. A key determines which particular rule is chosen for a given transformation.
VIGEN`ERE CIPHER The best known, and one of the simplest, polyalphabetic ciphers is the
Vigenère cipher. In this scheme, the set of related monoalphabetic substitution rules consists of
the 26 Caesar ciphers with shifts of 0 through 25. Each cipher is denoted by a key letter, which is
the ciphertext letter that substitutes for the plaintext letter a.
We can express the Vigenère cipher in the following manner. Assume a sequence of plaintext
letters P = p0, p1, p2, …. , pn-1 and a key consisting of the sequence of letters K = k0, k1, k2,…,
km-1 , where typically m<n .The sequence of ciphertext letters C = C0, C1, C2, Á , Cn-1is
calculated as follows:

C = C0, C1, C2, Á , Cn-1 = E(K, P) = E[(k0, k1, k2, .., km-1), (p0, p1, p2, …., pn-1)]
= (p0 + k0) mod 26, (p1 + k1) mod 26, … , (pm-1 + km-1) mod 26,
(pm + k0) mod 26, (pm+1 + k1) mod 26,… , (p2m-1 + km-1) mod 26, …

UNIT - 1 Page 24
 INTRODUCTION & MODERN BLOCK CIPHERS

Thus, the first letter of the key is added to the first letter of the plaintext, mod 26, the second
letters are added, and so on through the first m letters of the plaintext. For the next m letters of
the plaintext, the key letters are repeated. This process continues until all of the plaintext
sequence is encrypted. A general equation of the encryption process is
Ci = (pi + k)mod 26

Similarly, decryption is a generalization of

pi = (Ci - k)mod 26

To encrypt a message, a key is needed that is as long as the message. Usually, the key is a
repeating keyword. For example, if the keyword is deceptive, the message “we are discovered
save yourself” is encrypted as
Key : deceptivedeceptivedeceptive
Plaintext : wearediscoveredsaveyourself
Ciphertext : ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Expressed numerically, we have the following result.

key 3 4 2 4 15 19 8 21 4 3 4 2 4 15
plaintext 22 4 0 17 4 3 8 18 2 14 21 4 17 4
ciphertext 25 8 2 21 19 22 16 13 6 17 25 6 21 19

key 19 8 21 4 3 4 2 4 15 19 8 21 4
plaintext 3 18 0 21 4 24 14 20 17 18 4 11 5
ciphertext 22 0 21 25 7 2 16 24 6 11 12 6 9

The strength of this cipher is that there are multiple ciphertext letters for each plaintext letter, one
for each unique letter of the keyword. Thus, the letter frequency information is obscured.
However, not all knowledge of the plaintext structure is lost.

Autokey System:
Vigenère proposed what is referred to as an autokey system, in which a keyword is concatenated
with the plaintext itself to provide a running key. For our example,
Key : deceptivewearediscoveredsav
Plaintext : wearediscoveredsaveyourself
Ciphertext : ZICVTWQNGKZEIIGASXSTSLVVWLA
Even this scheme is vulnerable to cryptanalysis. Because the key and the plaintext share the same
frequency distribution of letters, a statistical technique can be applied.

UNIT - 1 Page 25
 INTRODUCTION & MODERN BLOCK CIPHERS

VERNAM CIPHER The ultimate defense against such a cryptanalysis is to choose a keyword
that is as long as the plaintext and has no statistical relationship to it. Such a system was
introduced by an AT&T engineer named Gilbert Vernam in 1918. His system works on binary
data (bits) rather than letters.The system can be expressed succinctly as follows

ci = pi ⊕ ki
where
pi=ith binary digit of plaintext
ki=ith binary digit of key
ci =ith binary digit of ciphertext
⊕ = exclusive-or (XOR) operation

the ciphertext is generated by performing the bitwise XOR of the plaintext and the key. Because
of the properties of the XOR, decryption simply involves the same bitwise operation:

pi = ci⊕ ki
One-Time Pad
It is an improvement to the Vernam cipher that yields the ultimate in security. In this
technique using a random key that is as long as the message, so that the key need not be
repeated. In addition, the key is to be used to encrypt and decrypt a single message, and then is
discarded.
Each new message requires a new key of the same length as the new message. Such a
scheme, known as a one-time pad, is unbreakable. It produces random output that bears no
statistical relationship to the plaintext. Because the ciphertext contains no information
whatsoever about the plaintext, there is simply no way to break the code.
An example should illustrate our point. Suppose that we are using a Vigenère scheme
with 27 characters in which the twenty-seventh character is the space character, but with a one-
time key that is as long as the message. Consider the ciphertext

ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS

We now show two different decryptions using two different keys:

Ciphertext : ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS

UNIT - 1 Page 26
 INTRODUCTION & MODERN BLOCK CIPHERS

Key : pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih

Plaintext : mr mustard with the candlestick in the hall

Ciphertext : ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS

Key : mfugpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt

Plaintext : miss scarlet with the knife in the library

Two fundamental difficulties:

1. There is the practical problem of making large quantities of random keys.

2. Even more daunting is the problem of key distribution and protection. For every
message to be sent, a key of equal length is needed by both sender and receiver.
Because of these difficulties, the one-time pad is of limited utility and is useful primarily
for low-bandwidth channels requiring very high security.

TRANSPOSITION TECHNIQUES
All the techniques examined so far involve the substitution of a cipher text symbol for a
plaintext symbol. A very different kind of mapping is achieved by performing some sort of
permutation on the plaintext letters. This technique is referred to as a transposition cipher.
Rail fence is simplest of such cipher, in which the plaintext is written down as a
sequence of diagonals and then read off as a sequence of rows.
Example
To encipher the message “meet me after the toga party” with a rail fence of depth 2, we
write the following:
mematrhtgpry
etefeteoaat
The encrypted message is
MEMATRHTGPRYETEFETEOAAT
ROW TRANSPOSITION CIPHERS: A more complex scheme is to write the message
in a rectangle, row by row, and read the message off, column by column, but permute the order
of the columns. The order of the columns then becomes the key to the algorithm. For example
Key : 4 3 1 2 5 6 7
Plaintext : a t t a c k p
ostpone
duntilt
woamxyz
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

UNIT - 1 Page 27
 INTRODUCTION & MODERN BLOCK CIPHERS

Thus, in this example, the key is 4312567.To encrypt, start with the column 1, in this case
column 3.Write down all the letters in that column. Proceed to column 4, which is labeled 2, then
column 2, then column 1, then columns 5, 6, and 7.
A pure transposition cipher is easily recognized because it has the same letter frequencies as the
original plaintext. The transposition cipher can be made significantly more secure by performing
more than one stage of transposition. The result is more complex permutation that is not easily
reconstructed.
Key : 4 3 1 2 5 6 7
Input : t t n a a p t
mtsuoao
dwcoixk
nlypetz
Output: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ
Rotor Machine:
Combine Substitution and Transposition Methods
• produce ciphers that are very difficult to break
Rotor Machines in World War II: German “Enigma” and Japanese “Purple”
• Breaking by the Allies was a significant factor in the outcome of the war (Turing)

STEGANOGRAPHY
A plaintext message may be hidden in any one of the two ways. The methods of steganography
conceal the existence of the message, whereas the methods of cryptography render the message
unintelligible to outsiders by various transformations of the text.
A simple form of steganography, but one that is time consuming to construct is one in which an
arrangement of words or letters within an apparently innocuous text spells out the real message.
e.g., (i) the sequence of first letters of each word of the overall message spells out the real
(hidden) message.
(ii) Subset of the words of the overall message is used to convey the hidden message. Various
other techniques have been used historically, some of them are

UNIT - 1 Page 28
 INTRODUCTION & MODERN BLOCK CIPHERS

 Character marking – selected letters of printed or typewritten text are overwritten in

pencil. The marks are ordinarily not visible unless the paper is held to an angle to bright
light.
 Invisible ink – a number of substances can be used for writing but leave no visible trace
until heat or some chemical is applied to the paper.
 Pin punctures – small pin punctures on selected letters are ordinarily not visible unless
the paper is held in front of the light.
 Typewritten correction ribbon – used between the lines typed with a black ribbon, the
results of typing with the correction tape are visible only under a strong light.

Drawbacks of steganography
i. Requires a lot of overhead to hide a relatively few bits of information.
ii. Once the system is discovered, it becomes virtually worthless.

BLOCK CIPHER MODES OF OPERATION

In this chapter, we will discuss the different modes of operation of a block cipher. These are
procedural rules for a generic block cipher. Interestingly, the different modes result in different
properties being achieved which add to the security of the underlying block cipher.
A block cipher processes the data blocks of fixed size. Usually, the size of a message is larger
than the block size. Hence, the long message is divided into a series of sequential message
blocks, and the cipher operates on these blocks one at a time.

ELECTRONIC CODE BOOK (ECB) MODE

This mode is a most straightforward way of processing a series of sequentially listed message
blocks.
Operation
 The user takes the first block of plaintext and encrypts it with the key to produce the first
block of ciphertext.
 He then takes the second block of plaintext and follows the same process with same key
and so on so forth.
The ECB mode is deterministic, that is, if plaintext block P1, P2,…, Pm are encrypted twice
under the same key, the output ciphertext blocks will be the same.
In fact, for a given key technically we can create a codebook of ciphertexts for all possible
plaintext blocks. Encryption would then entail only looking up for required plaintext and select
the corresponding ciphertext. Thus, the operation is analogous to the assignment of code words
in a codebook, and hence gets an official name − Electronic Codebook mode of operation (ECB).
It is illustrated as follows −

UNIT - 1 Page 29
 INTRODUCTION & MODERN BLOCK CIPHERS

Analysis of ECB Mode

In reality, any application data usually have partial information which can be guessed. For
example, the range of salary can be guessed. A ciphertext from ECB can allow an attacker to
guess the plaintext by trial-and-error if the plaintext message is within predictable.
For example, if a ciphertext from the ECB mode is known to encrypt a salary figure, then a small
number of trials will allow an attacker to recover the figure. In general, we do not wish to use a
deterministic cipher, and hence the ECB mode should not be used in most applications.

CIPHER BLOCK CHAINING (CBC) MODE

CBC mode of operation provides message dependence for generating ciphertext and makes the
system non-deterministic.
Operation
The operation of CBC mode is depicted in the following illustration. The steps are as follows −
 Load the n-bit Initialization Vector (IV) in the top register.
 XOR the n-bit plaintext block with data value in top register.
 Encrypt the result of XOR operation with underlying block cipher with key K.
 Feed ciphertext block into top register and continue the operation till all plaintext blocks
are processed.
 For decryption, IV data is XORed with first ciphertext block decrypted. The first
ciphertext block is also fed into to register replacing IV for decrypting next ciphertext
block.

UNIT - 1 Page 30
 INTRODUCTION & MODERN BLOCK CIPHERS

Analysis of CBC Mode

In CBC mode, the current plaintext block is added to the previous ciphertext block, and then the
result is encrypted with the key. Decryption is thus the reverse process, which involves
decrypting the current ciphertext and then adding the previous ciphertext block to the result.
Advantage of CBC over ECB is that changing IV results in different ciphertext for identical
message. On the drawback side, the error in transmission gets propagated to few further block
during decryption due to chaining effect.
It is worth mentioning that CBC mode forms the basis for a well-known data origin
authentication mechanism. Thus, it has an advantage for those applications that require both
symmetric encryption and data origin authentication.

CIPHER FEEDBACK (CFB) MODE

In this mode, each ciphertext block gets „fed back‟ into the encryption process in order to encrypt
the next plaintext block.

Operation
The operation of CFB mode is depicted in the following illustration. For example, in the present
system, a message block has a size „s‟ bits where 1 < s < n. The CFB mode requires an
initialization vector (IV) as the initial random n-bit input block. The IV need not be secret. Steps
of operation are −
 Load the IV in the top register.
 Encrypt the data value in top register with underlying block cipher with key K.
 Take only „s‟ number of most significant bits (left bits) of output of encryption process
and XOR them with „s‟ bit plaintext message block to generate ciphertext block.
 Feed ciphertext block into top register by shifting already present data to the left and
continue the operation till all plaintext blocks are processed.
 Essentially, the previous ciphertext block is encrypted with the key, and then the result is
XORed to the current plaintext block.
 Similar steps are followed for decryption. Pre-decided IV is initially loaded at the start of
decryption.

UNIT - 1 Page 31
 INTRODUCTION & MODERN BLOCK CIPHERS

Analysis of CFB Mode

CFB mode differs significantly from ECB mode, the ciphertext corresponding to a given
plaintext block depends not just on that plaintext block and the key, but also on the previous
ciphertext block. In other words, the ciphertext block is dependent of message.
CFB has a very strange feature. In this mode, user decrypts the ciphertext using only the
encryption process of the block cipher. The decryption algorithm of the underlying block cipher
is never used.
Apparently, CFB mode is converting a block cipher into a type of stream cipher. The encryption
algorithm is used as a key-stream generator to produce key-stream that is placed in the bottom
register. This key stream is then XORed with the plaintext as in case of stream cipher.
By converting a block cipher into a stream cipher, CFB mode provides some of the advantageous
properties of a stream cipher while retaining the advantageous properties of a block cipher.
On the flip side, the error of transmission gets propagated due to changing of blocks.

OUTPUT FEEDBACK (OFB) MODE

It involves feeding the successive output blocks from the underlying block cipher back to it.
These feedback blocks provide string of bits to feed the encryption algorithm which act as the
key-stream generator as in case of CFB mode.
The key stream generated is XOR-ed with the plaintext blocks. The OFB mode requires an IV as
the initial random n-bit input block. The IV need not be secret.
The operation is depicted in the following illustration −

UNIT - 1 Page 32
 INTRODUCTION & MODERN BLOCK CIPHERS

COUNTER (CTR) MODE

It can be considered as a counter-based version of CFB mode without the feedback. In this mode,
both the sender and receiver need to access to a reliable counter, which computes a new shared
value each time a ciphertext block is exchanged. This shared counter is not necessarily a secret
value, but challenge is that both sides must keep the counter synchronized.
Operation
Both encryption and decryption in CTR mode are depicted in the following illustration. Steps in
operation are −
 Load the initial counter value in the top register is the same for both the sender and the
receiver. It plays the same role as the IV in CFB (and CBC) mode.
 Encrypt the contents of the counter with the key and place the result in the bottom
register.
 Take the first plaintext block P1 and XOR this to the contents of the bottom register. The
result of this is C1. Send C1 to the receiver and update the counter. The counter update
replaces the ciphertext feedback in CFB mode.
 Continue in this manner until the last plaintext block has been encrypted.
 The decryption is the reverse process. The ciphertext block is XORed with the output of
encrypted contents of counter value. After decryption of each ciphertext block counter is
updated as in case of encryption.

UNIT - 1 Page 33
 INTRODUCTION & MODERN BLOCK CIPHERS

Analysis of Counter Mode

It does not have message dependency and hence a ciphertext block does not depend on the
previous plaintext blocks.
Like CFB mode, CTR mode does not involve the decryption process of the block cipher. This is
because the CTR mode is really using the block cipher to generate a key-stream, which is
encrypted using the XOR function. In other words, CTR mode also converts a block cipher to a
stream cipher.
The serious disadvantage of CTR mode is that it requires a synchronous counter at sender and
receiver. Loss of synchronization leads to incorrect recovery of plaintext.
However, CTR mode has almost all advantages of CFB mode. In addition, it does not propagate
error of transmission at all.

UNIT - 1 Page 34