CRYPTOGRAPHY & NETWORK

SECURITY(BCS703)
 INTRODUCTION
• Cryptography and Network Security are crucial for
protecting information in the digital age.

• Cryptography, at its core, uses mathematical algorithms to

transform readable data (plaintext) into an unreadable
format (ciphertext), ensuring confidentiality and integrity
during transmission and storage.

• Network security encompasses various measures to

safeguard entire networks from unauthorized access,
threats, and data breaches.

• Together, they form a robust defense system for sensitive

information.
 Course Outcomes:

CO Description RBT

C403.1 Analyze Classical and Symmetric Encryption Techniques for security L4

applications.
C403.2 Apply Public Key Cryptography and Key Exchange Protocols in L3
modern secure communication systems.

C403.3 Develop Secure Systems Using Cryptographic Hash Functions and L3

Key Management techniques.

C403.4 Analyze and evaluate the user authentication and Web Security L3
Mechanisms.
C403.5 Examine the different Network Security Protocols. L4
 Cryptography:
• Cryptography is the practice of securing communication by
converting readable information into an unreadable format, making
it incomprehensible to unauthorized parties.
Key Concepts:
• Encryption: The process of converting plaintext into ciphertext using an algorithm
and a key.
• Decryption: The reverse process of transforming ciphertext back into plaintext
using the same key and algorithm.
• Key: A piece of information used in both encryption and decryption processes.

Types of Cryptography:
• Symmetric-key cryptography: Uses the same key for both encryption and
decryption.
• Asymmetric-key cryptography: Employs separate keys for encryption and
decryption (public and private keys).
• Hash functions: Create unique fingerprints of data, used for integrity checks.
 Network Security:
• Network security refers to the measures implemented to
protect a network and its resources from unauthorized access,
misuse, or damage.

Key Concepts:
• Confidentiality: Ensuring that information is accessible only to
authorized individuals.
• Integrity: Guaranteeing that data remains accurate and hasn't
been tampered with.
• Availability: Ensuring that authorized users can access
network resources when needed.
• Authentication: Verifying the identity of users and devices
accessing the network.
Components of Network Security:
• Firewalls: Act as barriers between the network
and the outside world, filtering traffic based on
predefined rules.
• Intrusion Detection Systems (IDS): Monitor
network traffic for suspicious activity and alert
administrators.
• Access control: Restricts access to network
resources based on user roles and permissions.
• Virtual Private Networks (VPNs): Create secure,
encrypted connections over public networks.
 CRYPTOGRAPHY & NETWORK SECURITY(BCS703)
MODULE-1
A model for Network Security,
Classical encryption techniques: Symmetric
cipher model, Substitution ciphers-Caesar Cipher,
Monoalphabetic Cipher, Playfair Cipher, Hill
Cipher, Polyalphabetic Ciphers, One time pad,
Steganography.

Block Ciphers and Data Encryption Standards:

Traditional Block Cipher structures, data
Encryption Standard (DES), A DES Example, The
strength of DES, Block cipher design principles.
 A MODEL FOR NETWORK SECURITY
• A message is to be transferred from one party to another across some sort of Internet
service.

A security-related transformation on the information to be sent, Examples include the

encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can
be used to verify the identity of the sender.

Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation
to scramble the message before transmission and unscramble it on reception.
A general model(Figure 1.4), which reflects a concern for protecting
an information system from unwanted access. Most readers are
familiar with the concerns caused by the existence of hackers, who
attempt to penetrate systems that can be accessed over a network.
The hacker can be someone who, with no malign intent, simply gets
satisfaction from breaking and entering a computer system. The
intruder can be a disgruntled employee who wishes to do damage or a
criminal who seeks to exploit computer assets for financial gain (e.g.,
obtaining credit card numbers or performing illegal money transfers).
• The security mechanisms needed to cope with
unwanted access fall into two broad categories
(Figure 1.4).
• The first category might be termed a gatekeeper
f u n c t i o n . I t i n c l u d e s p a s s wo rd - b a s e d l o g i n
procedures that are designed to deny access to all
but authorized users and screening logic that is
designed to detect and reject worms, viruses, and
other similar attacks. Once either an unwanted user
or unwanted software gains access,
• The second line of defense consists of a variety of
internal controls that monitor activity and analyze
stored information in an attempt to detect the
presence of unwanted intruders.
CLASSICAL ENCRYPTION TECHNIQUES
SYMMETRIC CIPHER MODEL
 Cryptanalysis and Brute-Force Attack
• The objective of attacking an encryption
system is to recover the key in use rather than
simply to recover the plaintext of a single
ciphertext.
• There are two general approaches to attacking
a conventional encryption scheme:
 Substitution Techniques
• The two basic building blocks of all encryption
techniques are substitution and transposition.

• A substitution technique is one in which the

letters of plaintext are replaced by other
letters or by numbers or symbols.
• If the plaintext is viewed as a sequence of bits,
then substitution involves replacing plaintext
bit patterns with ciphertext bit patterns.
 Caesar Cipher
• The earliest known, and the simplest, use of a
substitution cipher was by Julius Caesar. The
Caesar cipher involves replacing each letter of
the alphabet with the letter standing three
places further down the alphabet.
To cipher a given text, we need an integer value, known as a shift/key.
The shift indicates the number of spots each letter of the text has been
moved down. The encryption can be represented using modular
arithmetic by first transforming the letters into numbers
Let's encrypt the phrase "Go to Valley" using
the Caesar Cipher with a key of 9.
Plain Text: Go to Valley
G : position of G is 6
C=(6+9)mod 26=15 i.e p
o: =(14+9)mod 26 =23mod 26=23 i.e x
t: =(19+9)mod26= 28 mod 26= (28-26)=2 ie c.
Continuing the same for the remaining
characters we get cipher text as:
Px Cx EJUUNH
 Monoalphabetic Cipher
• A type of simple substitution cipher in which each
letter of the plaintext is replaced with the other 25
characters and the order of replaced is not fixed.
 Ex:
• Encrypt the word ATTACK using monoalphabetic
cipher
Cipher text: QZZQEA
 Playfair Cipher
• The best-known multiple-letter encryption cipher is
the Playfair, which treats digrams in the plaintext as
single units and translates these units into ciphertext
digrams.
Rules for Encryption
• Two plaintext letters that fall in the same column are each replaced by the letter
beneath, with the top element of the column circularly following the last
• Two plaintext letters that fall in the same row
of the matrix are each replaced by the letter
to the right, with the first element of the row
circularly following the last.
 Hill Cipher
• Hill cipher is a polygraphic substitution cipher based on
linear algebra. Each letter is represented by a number
modulo 26.
• the Hill Cipher uses a polygraphic substitution cipher,
which means homogeneous substitution over many
levels of blocks.
• This polygraphic substitution cipher allows Hill Cipher to
function easily with digraphs (two-letter blocks),
trigraphs (three-letter blocks), or any other multiple-sized
blocks to create a uniform cipher.
• Hill Cipher is based on linear algebra, advanced matrices
(matrix multiplication and matrix inverses), and modulo
arithmetic principles.
Encryption
• Encrypting using the Hill cipher depends on
the following operations −
E(K, P) = (K*P) mod 26
• Here K is our key matrix, and P is the
vectorized plaintext.
• For example, consider the plaintext “paymoremoney”
and use the encryption key

• Check the key matrix size and split the plain text
• The first three letters of the plaintext “pay” are
represented by the vector (15 0 24).
C = PK mod 26
• Same procedure is repeated for next set of letters
“mor” , “emo”, “ney”. We get the cipher texts as
“MWB”, “KAS”, “PDH”
• So Plaintext “paymoremoney” is encrypted as
RRLMWBKASPDH
• Decryption requires using the inverse of the
matrix K
 Polyalphabetic Ciphers
• One of the way to improve on the simple
monoalphabetic technique is to use different
monoalphabetic substitutions as one proceeds
through the plaintext message.
 Vigenere Cipher
• The vigenere cipher is an algorithm that uses a
number of linked caesar ciphers to encrypt an
alphabetic text.
• It is based on the alphabets of a keyword. This
cipher is a representation of a polyalphabetic
substitution.
• It is simple to understand and use this
algorithm.
• The Vigenère cipher uses a 26×26 table with A to Z as
the row heading and column heading This table is
usually referred to as the Vigenère Tableau,
Vigenère Table or Vigenère Square. We shall use
Vigenère Table.

• The first row of this table has the 26 English letters.

Starting with the second row, each row has the
letters shifted to the left one position in a cyclic way.

• For example, when B is shifted to the first position

on the second row, the letter A moves to the end.
For example, suppose the plaintext is MICHIGAN TECHNOLOGICAL UNIVERSITY and the
keyword is HOUGHTON. Then, the keyword must be repeated as follows:
Vernam Cipher
Encryption Algorithm
•Assign a number to each character of the plain text and the key
according to alphabetical [Link] the number into binary
form.
•Bitwise XOR both the number (Corresponding plain-text character
number and Key character number).
•Subtract the number from 26 if the resulting number is greater than
or equal to 26, if it isn't then leave it.

For the Decryption apply the just reverse process of

encryption
 Ex:
Plain-Text: O A K
Key: S O N
O ==> 14 = 0 1 1 1 0
S ==> 18 = 1 0 0 1 0
Bitwise XOR Result: 1 1 1 0 0 = 28
the resulting number is greater than 26, subtract
26 from it.
28 - 26 = 2 ==> C
CIPHER-TEXT: C
FInal CIpher text : COH
• Ex:
Plain-Text: RAMSWARUPK
Key: RANCHOBABA
 Ex:
Plain text : Hello ,key- NCBTA
Cipher text: UGMEO
 One time pad
• The key is to be used to encrypt and decrypt a
single message, and then is discarded.
• Each new message requires a new key of the
same length as the new message. Such a
scheme,known as a one-time pad, is
unbreakable.
Advantages of the One-Time Pad:
1. Perfect Secrecy : When used correctly, the one-
time pad offers complete security, meaning that the
ciphertext reveals no information about the plaintext.
2. Randomness : If the key is truly random and kept
secret, the ciphertext will also be random, making it
immune to frequency analysis and other forms of
cryptanalysis.
3. Simplicity : The concept is straightforward; it
simply requires a random key of equal length to the
message.
Disadvantages of the One-Time Pad:
1. Key Distribution Problem : Each sender and receiver must have
access to the same key, which can be a significant logistical
challenge, especially for large quantities of data.
2. Key Management : Generating and securely managing large
amounts of random keys can be impractical. For heavily used
systems, millions of random characters may be needed regularly.
3. Limited Utility : Due to the difficulties in key distribution and
management, the one-time pad is primarily useful for low-
bandwidth channels that require very high security.

For everymessage to be sent, a key of equal length is needed by

both sender and receiver.
Ex 1:
Input: Message = HELLO, Key = MONEY
Plain text — H E L L O ?
7 4 11 11 14
Key — M O N E Y ?
12 14 13 4 24
Plain text + key ?
19 18 24 15 38 ?
19 18 24 15 12 (= 38 – 26)
Cipher Text : T S Y P M
• Ciphertext to Message
Cipher Text — T S Y P M ?
19 18 24 15 12
Key — M O N E Y?
12 14 13 4 24

Decryption: Cipher text - key ?

7 4 11 11 -12 ?
7 4 11 11 14
Message ? H E L L O
Ex2:
Input: Message = SAVE, Key = LIFE

Cipher Text :- DIAI

Ex3: In the One-time pad version of a Vignere Cipher, Key
stream is 9,0,1,7,23, 15, 21, 14, 11, 11, 2,8, 9. In this scheme,
encryption is done by shifting with number mentioned in the key.
Encrypt the plain text sendmoremoney and using the Cipher text
obtained, find a key such that Cipher text decrypts to
c a s h n o t n e e d e d .
(06 Marks)

a) Encrypt the plaintext "sendmoremoney" with the key stream 9, 0, 1,

7, 23, 15, 21, 14, 11, 11, 2, 8, 9.

We are given the plaintext "sendmoremoney" and the key stream "9 0
1 7 23 15 21 14 11 11 2 8 9". To encrypt, we shift each letter of the
plaintext by the corresponding number in the key stream:
The ciphertext is: beokjdmsxzpmh.
• Finding a Key for New Plaintext
• We need to find a key that will decrypt
"beokjdmsxzpmh" to "cashnotneeded". We
use the same shifting principle:

K=(C−P)

t
f
Key :
v
zewdwptftvmie
 Stegnography
• Steganography is a technique that facilitates
hiding of a message that is to be kept secret
inside other messages.
• The sender used methods such as invisible ink,
tiny pin punctures on specific characters,
minute variations betweenhandwritten
characters, pencil marks on handwritten
characters, etc.
 Traditional Block cipher Structure
• A block cipher is a symmetric encryption algorithm that
encrypts data in fixed-size chunks (called blocks) using a
secret key.
• 'symmetric', we mean that the size of input text and
output text (ciphertext) is same bits.
• Block size: Common sizes are 64 bits, 128 bits, or 256 bits.
• Symmetric key: The same key is used for both encryption
and decryption.
• Block cipher techniques are fundamental encryption
methods used in data security.
• These are widely applied in secure communications, file
encryption, and network security (e.g., SSL/TLS, VPNs).
 Popular Block Cipher Algorithms

• DES (Data Encryption Standard)

• 3DES (Triple DES)
• AES (Advanced Encryption Standard)
• Blowfish
• Twofish
• IDEA (International Data Encryption
Algorithm)
• A block cipher is an encryption/decryption scheme in
which a block of plaintext is treated as a whole and
used to produce a ciphertext block of equal length.
• Many blockciphers have a Feistel structure. Such a
structure consists of a number of identical rounds of
processing.
• In each round, a substitution is performed on one half of the
data being processed, followed by a permutation that
interchanges the two halves.
• The original key is expanded so that a different key is used
for each round.
• Many symmetricblock encryption algorithms in current use
are based on a structure referred to as aFeistel block cipher.
• A block cipher is one in which a block of plaintext is treated
as a whole and used to produce a ciphertext block of equal
length.
 Fiestal Structure
• A Feistel structure is a design model used to build block
ciphers.
• Instead of encrypting a whole block in one go, it splits the
block into two halves and repeatedly processes them
through multiple rounds of substitutions and permutations.
• This structure was introduced by Horst Feistel and is used in
many famous ciphers (e.g., DES, Blowfish, Twofish).
• Feistel cipher proposed a structure which
implements;substitution and permutation;alternately to
obtain cipher text from the pain text and vice-versa. and each
block has to undergo many rounds where eachround has the
same function.
• Block cipher is a type of encryption algorithm that processes
fixed-size blocks of data, usually 64 or 128 bits, to produce
ciphertext.
Feistel proposed the use of a cipher that alternates substitutions and
permutations, where these terms are defined as follows:
• Substitution: Each plaintext element or group of elements is
uniquely replaced by a corresponding ciphertext element or group
of elements.
• Permutation: A sequence of plaintext elements is replaced by a
permutation of that sequence. That is, no elements are added or
deleted or replaced in the sequence, rather the order in which the
elements appear in the sequence is changed.
Fiestal Structure
Let’s say we have a plaintext block (e.g.,
64 bits):
Split it into Left half (LE₀) and Right half
(RE₀).

For each round i (out of N total rounds):

[Link] a round function F to one half
(usually the right half).
[Link] the result with the other half
using XOR.
[Link] the halves.
Equations:
For round i:
LEi = RE i-1
REi = LE i-1 XOR F(RE i-1 ,Ki )
LEi , REi = left & right halves after round i
Ki= round key derived from main key
F = round function (can involve
substitution, permutation, expansion,
etc.)
After the last round, the two halves are
combined → ciphertext.
 The design features of Feistel cipher
• Block Size:The block cipher is considered more secure if the
block size is larger. But the larger block size can reduce the
execution speed of encryption and decryption. Generally, the
block size of a block cipher is of 64-bit. But, the modern-day
block cipher such as AES has 128-bit block size.
qDiffusion and Confusion : These two concepts are
fundamental to the design of block ciphers.
Diffusion ensures that a change in a single bit of
plaintext results in a significant change in the
ciphertext, spreading the influence of that bit
across the output. Confusion aims to make the
relationship between the ciphertext and the key
as complex as possible, thwarting attempts to
deduce the key from the ciphertext. Effective use
of complex substitution algorithms enhances both
diffusion and confusion.
Fiestal Decryption Algorithm
The main strength of a Feistel cipher is that the same structure
can be used for encryption and decryption — only the order of
the keys changes.

LD(Left decryption)
RD(Right decryption)
• The process of decryption with a Feistel cipher is essentially
the same as the encryption process.
The rule is as follows: Use the ciphertext as input to the
algorithm,but use the subkeys Ki in reverse order. That is, use
Kn in the first round, Kn-1 in the second round, and so on until K1
is used in the last round.
 The Data Encryption Standard
• The most widely used symmetric key block cipher encryption
scheme is based on the Data Encryption Standard (DES) adopted in
1977 by the National Institute of Standards and Technology (NIST).
The algorithm itself is referred to as the Data Encryption Algorithm
(DEA).
For DES, data are encrypted in 64-bit block size using a 56-bit key size
(64 bits but 8 bits used for parity). and 16 rounds of fiestal structure.
The algorithm transforms 64-bit input in a series of steps into a 64-bit
output. The same steps, with the same key, are used to reverse the
encryption.
DES is based on the two attributes of Feistel cipher i.e. Substitution
(also called confusion) and Transposition (also called diffusion).
DES consists of 16 steps, each of which is called a round. Each round
performs the steps of substitution and transposition along with other
operations.
DES Encryption Algorithm
• The encryption starts with a 64-bit
plaintext that needs to be encrypted
using a 64-bit key. Plaintext is passed
to Initial Permutation function and
key is permuted using Permuted
Choice 1 (PC-1).
• The 64-bit plaintext block is input
into an Initial Permutation (IP)
function that rearranges the order
of [Link] initial permutation (IP)
happens only once and it happens
before the first round.
• The 64-bit initial key is converted
into 56-bit effective key. This 56-bit
key further generates 48-bit subkeys
for each of the 16 Feistel rounds.
• 32-bit block after permutation is the
output of mangler function.
• 32-bit Swap and Inverse Initial
Permutation:
• There are two inputs to the encryption function: the plaintext to be encrypted
and the [Link] plaintext must be 64 bits in length and the key is 56 bits in
length.
Looking at the left-hand side of the figure, we can see that the processing of the
plaintext proceeds in three phases.
First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges
the bits to produce the permuted [Link] order of bits is changed using
predefined table. The IP table is a 8×8 matrix (64 entries) where each entry
specifies the new position of a bit from the original plaintext.

The initial permutation (IP) happens only once and it happens before the first round.
The permutation this function do is fixed and does not depend on the plaintext. This rearranged
64-bit plaintext then go through 16 rounds. Each of this round uses a different 48-bit subkey
from the previous round subkey. These subkeys are generated from 64-bit key.
This is followed by a phase consisting of sixteen rounds of the same
function, which involves both permutation and substitution functions.
The output of the last (sixteenth) round consists of 64 bits that are a
function of the input plaintext and the key.
The left and right halves of the output are swapped to produce the
preoutput.
Finally, the preoutput is passed through a permutation [IP-1] that is
the inverse of the initial permutation function, to produce the 64-bit
ciphertext. With the exception of the initial and final permutations,
DES has the exact structure of a Feistel cipher.
Key Transformation/Key Schedule
• The right-hand portion of Figure shows the way in which the 56-bit
key is used.
• The 64-bit initial key is converted into 56-bit effective key. This 56-
bit key further generates 48-bit subkeys for each of the 16 Feistel
rounds.
• Conversion of 64-bit Key into 56-bit Key
Initial key first go through Permuted Choice 1 (PC-1)/compression P-
Box which reduces the key to 56 bits. In PC-1 every eighth bit in key is
discarded. That is bit positions 8, 16, 24, 32, 40, 48, 56, and 64 are
discarded.

These discarded bits are called parity bits which are used for error checking. Remaining
56 bits are split into two 28-bit halves:

Left Half (Ci): First 28 bits.

Right Half (Di): Last 28 bits
Generating 48-bit Round Subkeys
For each of the 16 rounds, right half (Ci) and left half (Di)
undergo circular left shift operation.

After circular shift operation is performed, Ci and Di are again

combined into 56-bit block. This block then go through
Permutation Choice 2 (PC-2). The PC-2 selects and arrange
48 bits out of the 56 to form the round subkey (Ki).
Each 48-bit subkey (Ki) is XORed with the expanded right half in the
Feistel Round. FOllows what happens in every single Feistel round.(in
next slide)
 Feistel Rounds (1 - 16)
• Every round receives 64-bits permuted plaintext from the Initial
Permutation function and 48-bit transformed subkey (Ki).
• The permuted 64-bit plaintext is divided into two halves called as Left
Plaintext (LPT) and Right Plaintext (RPT).
• Both of these halves are 32 bit in size. The right half or Right Plaintext
(RPT) is processed using Mangler (F) function. Mangler (F) function
involves expansion, key mixing, substitution (S-boxes), and permutation (P-
box) of RPT.
• In this permutation 32-bit Right Plaintext (RPT) is
expanded into 48 bits using expansion box or E-box
table. The 48-bit expanded block is generated by
arranging the bits as in E-Box table.
This expanded block is XORed (⊕ ) with the 48-bit
round subkey that is generated during key
transformation process. The XOR or Exclusive
OR operation returns '0' as output if both inputs
are same, else the out will be '1'. After XOR is
performed, the resulting 48-bit block is split into
eight chunks of 6-bit size each. Each of the chunk is
then fed into a different S-box Substitution (S1 to
S8).

The substitution consists of a set of eight S-boxes,

each of which accepts 6 bits as input
and produces 4 bits as output.
• After that we combine all of these 4-bit chunks to get 32-bit
block as output using P-box permutation table. This
permutation is called Transposition. The mangler function
finishes here.
• 32-bit block after permutation is the output of mangler
function.
 32-bit Swap and Inverse Initial Permutation
• After these 16 rounds we get two blocks (Left and Right) of 32-bit
each.
• The two 32-bit halves are again swapped back, resulting in a 64-bit
block. This step is called 32-bit Swap in DES encryption algorithm.
• Finally, the block undergoes an Inverse Initial Permutation (IP-1).
This is essentially the inverse of the initial permutation applied at
the beginning.
-Take 64-bit preoutput (after the swap)
-Reorder bits according to IP⁻¹ table → get 64-bit ciphertext
• The IP⁻¹ ensures that the final ciphertext is in proper bit order.

Preoutput Bit Position IP⁻¹ Output Position

1 40
2 8
3 48
... ...
64 25
The Avalanche Effect
• A change in one bit of the plaintext or one bit
of the key should produce a change in many
bits of the ciphertext.
• If the change were small, this might provide a
way to reduce the size of the plaintext or key
space to be searched.
 DES Decryption
• Decryption in DES follows the same process as encryption but in
reverse order. Since DES is a symmetric-key algorithm, the same key
is used for both encryption and decryption, but the subkeys (round
keys) are applied in reverse order.

• Reverse Subkey Application: The 16 round keys generated during

key scheduling are used in reverse order (from K16​ to K1​) during
decryption.
• Inverse Feistel Function: The Feistel network structure ensures that
decryption mirrors encryption. Each round performs the same
operations (expansion, S-box substitution, permutation), but with
reversed subkeys.
• Final Permutation (FP): After 16 rounds, the output undergoes the
Inverse Initial Permutation (IP), reversing the initial shuffling.
 DES Example
Let M be the plain text message M = 0123456789ABCDEF, where M
is in hexadecimal (base 16) [Link] K be the hexadecimal key K =
133457799BBCDFF1

Rewriting M and K in binary format, we get the 64-bit block of text:

M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010
1011 1100 1101 1110 1111
L = 0000 0001 0010 0011 0100 0101 0110 0111
R = 1000 1001 1010 1011 1100 1101 1110 1111
K = 00010011 00110100 01010111 01111001 10011011 10111100
11011111 11110001
• Step 1: Create 16 subkeys, each of which is 48-bits long.

Example: From the original 64-bit key

K = 00010011 00110100 01010111 01111001 10011011 10111100 11011111
11110001
we get the 56-bit permutation
K+ = 1111000 0110011 0010101 0101111 0101010 1011001 1001111 0001111
Next, split this key into left and right halves, C0 and D0, where each half has 28 bits.
 • From the permuted key K+, we get
C0 = 1111000 0110011 0010101 0101111
D0 = 0101010 1011001 1001111 0001111
With C0 and D0 defined, we now create sixteen blocks Cn and Dn, 1<=n<=16. Each pair of
blocks Cn and Dn is formed from the previous pair Cn-1 and Dn-1, respectively, for n = 1, 2, ..., 16, using
the following schedule of "left shifts" of the previous block. To do a left shift, move each bit one place to
the left, except for the first bit, which is cycled to the end of the block.
 Step 2: Encode each 64-bit block of data.

Example: Applying the initial permutation to the block of text M, given previously, we get
M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010 1010 1111 0000 1010 1010

Here the 58th bit of M is "1", which becomes the first bit of IP. The 50th bit of M is "1", which
becomes the second bit of IP. The 7th bit of M is "0", which becomes the last bit of IP.
Next divide the permuted block IP into a left half L0 of 32 bits, and a right half R0 of 32 bits.

Example: From IP, we get L0 and R0

L0 = 1100 1100 0000 0000 1100 1100 1111 1111
R0 = 1111 0000 1010 1010 1111 0000 1010 1010
Example: For n = 1, we have
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
L1 = R0 = 1111 0000 1010 1010 1111 0000 1010 1010
DES Example
 The strength of DES
• Use of 56 bit keys
1. With a key length of 56 bits, there are 2 56 possible keys,
which is approximatly.A brute force attack on such number of
keys is impossible.
2. A m a c h i n e i m p l e m e n t i n g o n e D E S e n c r y p t i o n p e r
microsecond would take more than thousands of years to
divide the cipher.
3. It is necessary that there is more to key-search attack than
easily running through all possible keys. If the message is
only plaintext in English, thus the result pops out simply,
although the task of identifying English would have to be
automated.
4. If the text message has been compressed before encryption,
then identification is more complex.
 The strength of DES-Contd
• The Nature of algorithm
Another concern is the possibility that cryptanalysis is possible
by exploiting the characteristics of the DES algorithm.
• Timing Attacks
1. A timing attack is a security exploit that allows an attacker to
spot vulnerabilities in a local or a remote system to extract
potentially responsive or secret data by acquiring the
concerned system's response time to several inputs. A
timing attack is a type of a broader class of attacks known as
Sidechannel attacks.
2. A timing attack is one in which information about the key or
the plaintext is obtained by observing how long it takes a
given implementation to perform decryptions on various
ciphertexts. This is a long way from knowing the actual key,
but it is an intriguing first step.
 Block cipher design principles
Block ciphers are built in the Feistel cipher
structure.
Block cipher has a specific number of rounds and
keys for generating ciphertext.
Some of these principles are:
• The number of rounds,
• Design of the function F,
• Key scheduling
1)The number of rounds

• The greater the number of rounds, the more

difficult it is to perform cryptanalysis, even for
a relatively weak F.
• it just reflects the number of rounds to be
suitable for an algorithm to make it more
complex,
• in DES we have 16 rounds ensuring it to be
more secure while in AES we have 10 rounds
which makes it more secure.
2) Design of the function F
• The function F provides the element of confusion in a
Feistel cipher, want it to be difficult to “unscramble” the
substitution performed by F
• One obvious criterion is that F be nonlinear. The more
nonlinear F, the more difficult any type of cryptanalysis
will be.
• One of the most intense areas of research in the field of
symmetric block ciphers is that of S-box design. Would
like any change to the input vector to an S-box to result
in random-looking changes to the output. The
relationship should be nonlinear and difficult to
approximate with linear functions.
3) Key scheduling
• A final area of block cipher design, and one that has received
less attention than S-box design, is the key schedule algorithm.
With any Feistel block cipher, the key schedule is used to
generate a subkey for each round.

• Would like to select subkeys to maximize the difficulty of

deducing individual subkeys and the difficulty of working back to
the main key. The key schedule should guarantee key/ciphertext
Strict Avalanche Criterion and Bit Independence Criterion.