Encryption Specialist Notes

Module 1 Intro & History

Kerckhoff’s Principle

A cryptosystem should be secure even if everything about the system, except the key,
is publicly known.

Mono-Alphabet Substitution

 Caesar
o Every letter shifted a fixed number of spaces
 Atbash
o Hebrew code
o A becomes Z, B becomes Y, C becomes X, etc.
 Affine
o Alphabet is mapped to some numerical value
 Rot13
o Permutation of Caesar Cipher
o All characters are rotated 13 character
Mono-Alphabet Substitution Weakness

 Preserves
o Underlying letter
o Word frequency

Multi-Alphabet Substitution

 Cipher Disk
o Leon Alberti (1466)
o Each time turn of the disk produced a new cipher
 Vigenere Cipher
o Most widely known
o Uses a series of different Mono-Alphabet Ciphers
o Uses a chart
 Enigma Machine
o Used by Germans in WWII
Module 2 Symmetric Cryptography & Hashes

Symmetric Cryptography

 Same key used to encrypt message & decrypt message

 Faster than asymmetric
 Issue of exchanging keys

Information Theory Cryptography Concepts

 Diffusion
o Changes to one character in plain text affects multiple characters in the
cipher text
 Confusion
o Makes the relationship between frequencies of the cipher text & the
actual key as complex as possible
 Avalanche
o Small change yields large effects in the output

Substitution

 Changing some part of the plain text for some matching part of cipher text

Transposition

 Swapping of blocks of cipher text

Substitution & Transposition

 All modern block cipher algorithms use both

 Increases the security of the resultant cipher text

Binary Math

 AND
o Is there a “one” in BOTH the first & second number?
o Numbers are compared one digit at a time
 OR
o Is there a “one” in the first number
 Or the second number
 Or in both
o Each place is compared one at a time
o First the 1’s place, then the 2’s, then the 4’s, etc.
  XOR (Exclusive OR)
o Is there a “one” in one of the numbers, but NOT both
o Numbers are compared one at a time

Block Cipher vs. Stream Cipher (two types of Symmetric Algorithms)

 Block Cipher
o Encrypts the data in blocks
 Stream Cipher
o Encrypts data as a stream, one bit at a time

Symmetric Block Cipher Algorithms

 The Feistel Network

o Larger block size & Key
 Increase Security
o More rounds
 Increase Security
The Feistel Function

o Splits the block of plain text into two parts

o Round Function F is applied to one half
o Output of each round function F is then XOR’d w/ the other half
o The process is repeated a given number of times
 Unbalanced Feistel Cipher
o Modified structure where both parts are not of equal lengths
o Used in Skipjack algorithm
 DES
o 56-bit key applied to a 64-bit block
o Feistel Cipher w/ 16 rounds & a 48-bit round key for each round
o Uses eight S-boxes
 3DES
o Uses a “key bundle”
 K1
 K2
 K3
o Each key is standard 56-bit key
 DESx
o Uses a technique called “Key Whitening”
 Just XOR a key with text either
 Before a round function
 After a round function
 Or both
 AES
o AKA Rijndael block cipher
 o FIPS 197
o Key Sizes
 128 (AES 128)
 192 (AES 192)
 256 (AES 256)
o Not based on a Feistel network
 Substitution-permutation matrix instead
o 4x4 column-major order called “state”
o Version of AES w/ a larger block size have additional columns in the
state

AES General Overview

1. Key Expansion (Round keys derived from the cipher key using Rijndael’s key
schedule)
2. Initial Round
o AddRoundKey - Each byte of the state is combined w/ the round key
using XOR
3. Rounds
o SubBytes – Substitution step where each byte is replaced w/ another
according to the lookup table
o ShiftRows – Transposition step where each row of the state is shifted
cyclically a number of steps
o MixColumns – Mixing operation which operated on the columns of the
state, combing the four bytes in each column
o AddRoundKey –
4. Final Round (no MixColumns)
o SubBytes
o ShiftRows
o AddRoundKey

AES Specifics

1. In the SubBytes step, each byte is substituted for another byte using an 8-bit
substitution box, called the Rijndael S-box
2. The ShiftRows step shifts the bytes in each row by a certain amount
a. 1st row (unchanged)
b. 2nd row (shifted one to the left)
c. 3rd row (shifted by two)
d. Etc.
3. In the MixColumns step the four bytes of each column of the state are
combined using an invertible linear transformation. It takes four bytes as input
and outputs four bytes.
4. ShiftRows & MixColumns provides diffusion in the cipher
5. In the AddroundKey step, the subkey is XORd w/ the state. For each round, a
subkey is derived from the main key (using Rijndael’s key schedule); each
subkey is the same size as the state.

 Blowfish
o Symmetric Block Cipher
o Intended as a replacement for DES
 Like DES it is a 16 round Feistel cipher working on 64-bit blocks
 Unlike DES it can have varying key sizes (32-bit – 448-bit)
 Serpent
o Symmetric Block Cipher
o Designed by
 Ross Anderson
 Eli Biham
 Lars Knudsen
o Block size of 128 bits
o Can have a key size of
 128
 192
 256
o Substitution-permutation network
o Uses 32 rounds w/ a block of four 32-bit words
 Each round applies one of eight 4-bit to 4-bit S-boxed 32 times in
parallel
 Twofish
o One of five finalist to replace DES
o Block size of 128 bits
 Skipjack
o Designed by NSA for the clipper chip
 A chip w/built-in encryption
o 80-bit key to encrypt or decrypt 64-bit data blocks
 Unbalanced Feistel network w/ 32 rounds
 IDEA
o Designed as a replacement for DES
o Block cipher
 64-bit blocks
 128-bit key
o Series of eight identical transformations
 CAST
o Two well-known versions
 CAST-128
 12 or 16 rounds
 64-bit blocks
 Key sizes
o 8-bit increments
  Ranging from 40 bits to 128 bits (only 8-bit
increments)
 CAST-256
 A candidate in the AES contest
 Based on the earlier CAST-128

 TEA
o Simple algorithm
o Feistel cipher
 64 rounds
 SHARK
o 64-bit block
 128-bit key
 6 rounds