Symmetric Key Cryptography

Page 1: Introduction

• Course: The Campus of Tomorrow, Higher Colleges of Technology CSF-3603

• Topic: Cryptography and Data Protection

• Focus: Symmetric Key Cryptography

Page 2: Course Learning Objectives (CLOs)

• CLO2: Apply modern symmetric cryptography, including algorithmic structures and modes of operation.

Page 3: Lesson Objectives

• Explain the mechanism of DES cipher

• Differentiate between DES and 3-DES algorithms

• Analyze the security of DES and 3-DES algorithms

• Explain the mechanism of AES cipher

• Analyze the security of AES

• Explain modes of operation: ECB, CBC, CTR.

Page 4: DES Overview

• Definition: Data Encryption Standard (DES) is a symmetric-key block cipher.

• Type: Implementation of a Feistel Cipher.

• Specifications:

  • Block size: 64 bits

  • Key size: 56 bits

  • Number of rounds: 16 (identical operations with different subkeys)

Page 5: DES Execution Steps

1. Initial Permutation (IP)

2. Divide message into left (L) and right (R) halves.

3. Feed right half (Ri) into function (F).

4. Output is XORed with left half (Li).

5. Repeat n rounds of encryption.

6. Each round uses a key K.

7. Generate new L and R for each round.

8. Produce a new subkey K each round.

Page 6: DES Round Structure

• DES consists of 16 rounds that perform:

  1. Split plaintext into 32-bit halves (Li and Ri).

  2. Feed Ri into function f; XOR output with Li.

  3. Swap left and right halves.

Page 7: Initial Permutation

• Public knowledge before any rounds.

• Permutation done using an initial permutation (IP) table.

Page 8: Round Function f

• Core: Applies a 48-bit key to 32-bit input, producing a 32-bit output.

Page 9: Expansion Permutation Box

• Expands right input (32 bits) to match round key (48 bits).

Page 10: XOR and S-boxes

• XOR bits with round key (48 bits).

• 8 S-boxes for mixing (confusion) using 6-bit input to 4-bit output.

Page 11: S-box Rule

• Details of how S-boxes operate and produce outputs.

Page 12: Combining S-box Outputs

• Combines outputs from all 8 S-boxes into a 32-bit section.

Page 13: Straight Permutation

• The 32-bit output from S-boxes undergoes straight permutation.

Page 14: Inverse Permutation (IP-1)

• After 16 rounds, concatenate blocks 'L' and 'R', then permute using IP-1 table.

Page 15: DES Components

• Visual representation:

  • P = Plaintext (64 bits)

  • DES = Ciphertext (64 bits)

  • K = Key (56 bits)

Page 16: DES Phase 1

• Plaintext goes through an initial permutation (IP) to shuffle bits.

Page 17: DES Phase 2

• Permuted bits and K are processed in a main module for 16 rounds using function F.

Page 18: DES Phase 3

• Final ciphertext produced through inverse permutation (IP-1).

Page 19: Encryption Summary

• P = Plaintext (64 bits), K = Key (56 bits), C = Ciphertext (64 bits)

• Encryption mirrors Feistel cipher structure.

Page 20: DES Strengths

• Properties:

  • Avalanche effect: small plaintext changes lead to large ciphertext changes.

  • Completeness: each ciphertext bit depends on many plaintext bits.

Page 21: DES Weaknesses

• Key space too small (2^56), making it vulnerable to brute-force attacks.

• Modern machines can crack DES within hours.

Page 22: Triple DES Overview

• 3DES improves DES by extending key size:

  • Runs DES algorithm three times with three different keys (K1, K2, K3).

Page 23: Triple DES Key Generation

• Generates 3-DES key K consisting of K1, K2, K3.

• Encryption process:

  1. Encrypt with K1

  2. Decrypt with K2

  3. Encrypt with K3

• Decryption follows reverse order.

Page 24: 3-DES Security Analysis

• Benefits: 168-bit key length overcomes brute-force attacks.

• Drawbacks: Slower than DES due to 3 times more rounds; 64-bit block size is less desirable.

Page 25: AES Introduction

• AES: Advanced Encryption Standard, a widely used symmetric encryption algorithm.

• Considered faster than Triple DES and offers larger key sizes.

Page 26: AES Specification

• Characteristics:

  • Symmetric key, symmetric block cipher.

  • 128-bit data with 128/192/256-bit keys.

  • Operates on a block of 4 columns of 4 bytes – iterative operation.

Page 27: AES Conceptual Scheme

• Inputs: Plaintext (128 bits) and AES key (128-192-256 bits) lead to Ciphertext (128 bits).

Page 28: AES Rounds

• Most rounds are identical; initial and final rounds vary.

Page 29: High-Level Description

• Initial Round:

  • AddRoundKey: Combine state with round key.

• Subsequent Rounds:

  • SubBytes, ShiftRows, MixColumns, AddRoundKey.

• Final Round: SubBytes, ShiftRows, AddRoundKey (no MixColumns).

Page 30: Changing Plaintext to State Text

• Data transformation example in hex format.

Page 31: Encryption Process Example

• Sample 128-bit input state and corresponding hex representation.

Page 32: Sub Bytes Operation

• Substitution of each byte, providing confusion using a single S-box of 16x16 bytes.

Page 33: Shift Row Operation

• Circular shifts of bytes in the state matrix to the left.

Page 34: Mix Column Operation

• Transforms each column of four bytes using mathematical functions.

Page 35: Add Round Key Operation

• XORs the 16 bytes of the state with 128 bits of the round key.

Page 36: AES Security Analysis

• More secure than DES due to larger key sizes.

• No known practical cryptanalytic attacks.

• Widely adopted in hardware and software.

Page 37: Modes of Operation

• Various modes improve security by ensuring block ciphers can handle larger messages.

Page 38: Electronic Code Book (ECB)

• Simplest and weakest mode.<br> - Identical plaintexts encrypt to identical ciphertexts.<br> - Susceptible to known-plaintext attacks, making it less secure.

Page 39: Cipher Block Chaining (CBC)

• Stronger than ECB; each block produces different outputs.<br> - Utilizes an Initialization Vector (IV) for secure operation.

Page 40: Counter Mode (CTR)

• Used in high-speed applications; generates keystream from counter.<br> - Not dependent on previous plaintext blocks; synchronous counters required.