Symmetric Encryption and message Confidentiality

UNIT 2

• Symmetric Encryption and message Confidentiality
• Symmetric Encryption Principles
• Symmetric Block Encryption Algorithms
• Cipher Block Modes of Operations

• Encryption : A main information of message is been converted into a cipher text or unreadable form, so that form is called as an Encryption
• Symmetric means with a help of single key a message is converted to unreadable form

Symmetric Encryption Principles

• A Symmetric Encryption Principles has five components
• Plain Text - This is the original message / data that is fed into the algorithms as an input
• Encryption Algorithm - It performs various substitution and transformation on the plain text
• Secret key - It is given to algorithms. The exact substitution and transformation performed by the algorithm depends on key
• Cipher text - This is scramble message produce as output
• Decryption Algorithm - This is essentially a reverse of the encryption algorithm. It takes cipher text and same key and produce the plain text

Requirements

• Two requirements for secure use of symmetric encryption :
• A strong encryption algorithm
• A secret key known only to sender / receiver
• Mathematically have :
• Y=E(K,X)
• X=D(K,Y)
• Assume encryption algorithm is known, but we need to keep only the key secret
• Implies a secure channel to distribute key

​

Cryptography

• It is nothing but the study of encryption principles/methods, it can characterize by
• types of encryption operations used
• Substitution (plain text = DTE cipher text = AXM)
• Transposition (Plain text = DTE cipher text =TED)
• product
• Number of keys used
• single-key or private
• Two-key or public
• Way in which plaintext is processed
• Block
• Stream

Cryptanalysis

• It is a science of recovering plaintext of the message without having access to key
• Objective to recover key not just message
• General approaches to recover the plaintext
• cryptanalytic attack: it rely on the nature of the algorithm, and some knowledge of the general characteristics of the pain text or even some sample plaintext-cipher text pairs
• brute-force attack : it is the one that doesn't use any intelligence and enumerate all possibilities
• if either succeed all key use compromised

Types of Cryptanalytic Attacks

• 1) Chiphertext only
• It is a case in which only the encrypted message is available for attack.
• C₁=E_K(P₁), C₂=E_k(P₂)
• Task : To Fine the Plain Text and Key

Types of Cryptanalytic Attacks

• 2) Known Plaintext
• The attacker knows or can guess the plaintext for some part of the ciphertext
• P₁C₁=E_k(P₁), P₂C₂=E_K(P₂)
• Task: To find the Key

Types of Cryptanalytic Attacks

• 3) Chosen Plaintext
• Select plaintext and obtain ciphertext this attack occur when attacker gain access to the target encryption device.
• P₁C₁=E_K(P₁) P₂C₂=E_K(P₂) where p₁ or p₂ can be chosen
• Task: To find the key

• 4) Chosen Ciphertext
• Select ciphertext anb obtain plaintext
• C₁P₁=D_K(C₁) C₂P₂=D_K(C₂)
• Task: To find the key

Types of Cryptanalytic Attacks

• 5) Chosen Text
• Select plaintext or ciphertext to en/decrypt
• P₁C₁=E_K(P₁) P₂C₂=E_K(P₂)
• C₁P₁=D_K(C₁) C₂P₂=D_K(C₂)

​

• An encryption scheme: Computationally secure if
• The cost of breaking the cipher exceeds the value of information
• The time required to break the cipher exceeds the life time of information.

Brute Force Search

• Always possible to simply try every key
• Most basic attack, proportional to key size
• Assume either know / recognize plaintext

Feistel Cipher Structure

• Feistel Structure was describe by Horst Feistel of IBM in 1973
• based on concept of invertible product cipher
• it is an example of the general structure used by all symmetric block cipher
• Partitions input block into two halves
• process through multiple rounds which
• perform a substitution on left data half
• based on round function of right half and subkey
• then have permutation swapping halves

Feistel cipher Design Elements

• Block size : 128 bits
• key size : 128 bits
• Number of rounds : 16
• Sub key generation algorithm
• Round function
• The addition two consideration are
• Fast software en/decryption
• Ease of analysis

Symmetric Block Cipher Algorithms

• A block cipher processes the plaintext into fixed sized blocks and produce block of ciphertext of equal size for each plaintext block.
• The three most important symmetric block cipher are
• DES (Data Encryption Standard)
• 3DES (Triple DES)
• AES (Advanced Encryption Standard)

Strength of DES

• The strength of DES fall into two categories
• Concerns about the algorithms
• Concerns about the use of a 56 bit key
• In the first concern the cryptanalysis tries numerous attempts to find and exploit the weakness in the algorithm, but couldn't succeed.
• The second concern is key length, with the 56 bit key length there are 256 possible keys, which is approximately 7.2*10¹⁶ keys.
• DES finally and definitively proved insecure in July 1998 when EFF announce that is has broken DES encryption using a special purpose "DES Cracker" machine

Data Encryption Standard (DES)

• It follows Feistel Cipher structure
• Block size : 64 bit
• No of Round : 16 round
• Key size : Actually 64 bit it will convert into 56 bit
• No of sub keys 16 Sub Keys
• No of Sub size : 48 bit sub key size
• Cipher text : 64 bit

Triple-DES with Three-Keys

• Disadvantage of DES is the key length size as it is 56 bit it is very easy for cryptanalyst to break the key, so to overcome this 3DES algorithm was introduce
• 3DES has effectively key length of 168 bit and 64 bit block size
• To encrypt : C = E(K3,D(k2,E(K1,P)))
• To Decrypt : p =D(K1,E(K2,D(K3,C)))

Origins of AES

• Clearly a replacement for DES was needed
• Have theoretical attacks that can break it
• Have demonstrate exhaustive key search attacks
• can use Triple-DES - but slow, has small blocks
• US NIST issued call for ciphers in 1997
• 15 candidates accepted in jun 98
• 5 were shortlisted in Aug 99
• Rijndael was selected as the AES in Oct-2000
• issued as FIPS PUB 197 standard in Nov -2001

The AES Cipher - Rijndael

• Design by Dr. Joan Daemen and Dr. Vincent Rijmen
• It has 128/192/256 bit keys, 128 bit block data
• it is an iterative rather than feistel cipher
• processes data as bock of 4 columns of 4 bytes
• operates on entire data block in every round
• it is designed to be
• resistant against known attacks
• speed and code compactness on many CPUs
• design simplicity

AES

Encryption

Process

AES Structure

• Data block of 4 columns of 4 bytes is state
• key is expanded to array of words
• it has 9/11/13 rounds in which state undergoes
• byte substitution ( 1 S-box used on every byte)
• shift rows (permute bytes between groups/columns)
• mix columns (subs using matrix multiply of groups)
• add round key (XOR state with key material)
• view as alternating XOR key & scramble data bytes

Cipher Block Modes of Operations

• A block cipher processes the data blocks of fixed size. Usually, the size of a message is larger than the block size. Hence, the long message is divided into a series of sequential message blocks, and the cipher operates on these blocks one at a time.
• Electronic Code Book (ECB) Mode
• Cipher Block Chaining (CBC) Mode
• Cipher Feedback (CFB) Mode
• Output Feedback (OFB) Mode
• Counter (CTR) Mode

Electronic Code Book (ECB) Mode

• This mode is a most straightforward way of processing a series of sequentially listed message blocks.
• Operation
• The user takes the first block of plaintext and encrypts it with the key to produce the first block of ciphertext.
• He then takes the second block of plaintext and follows the same process with same key and so on so forth.
• The ECB mode is deterministic, that is, if plaintext block P1, P2,…, Pm are encrypted twice under the same key, the output ciphertext blocks will be the same.

​

• In fact, for a given key technically we can create a codebook of ciphertexts for all possible plaintext blocks. Encryption would then entail only looking up for required plaintext and select the corresponding ciphertext. Thus, the operation is analogous to the assignment of code words in a codebook, and hence gets an official name − Electronic Codebook mode of operation (ECB).

It is illustrated as follows −

Analysis of ECB Mode

• In reality, any application data usually have partial information which can be guessed. For example, the range of salary can be guessed. A ciphertext from ECB can allow an attacker to guess the plaintext by trial-and-error if the plaintext message is within predictable.
• For example, if a ciphertext from the ECB mode is known to encrypt a salary figure, then a small number of trials will allow an attacker to recover the figure. In general, we do not wish to use a deterministic cipher, and hence the ECB mode should not be used in most applications.

Cipher Block Chaining (CBC) Mode

• CBC mode of operation provides message dependence for generating ciphertext and makes the system non-deterministic.
• Operation :
• Load the n-bit Initialization Vector (IV) in the top register.
• XOR the n-bit plaintext block with data value in top register.
• Encrypt the result of XOR operation with underlying block cipher with key K.
• Feed ciphertext block into top register and continue the operation till all plaintext blocks are processed.
• For decryption, IV data is XORed with first ciphertext block decrypted. The first ciphertext block is also fed into to register replacing IV for decrypting next ciphertext block.

Analysis of CBC Mode

• In CBC mode, the current plaintext block is added to the previous ciphertext block, and then the result is encrypted with the key. Decryption is thus the reverse process, which involves decrypting the current ciphertext and then adding the previous ciphertext block to the result.
• Advantage of CBC over ECB is that changing IV results in different ciphertext for identical message. On the drawback side, the error in transmission gets propagated to few further block during decryption due to chaining effect.
• It is worth mentioning that CBC mode forms the basis for a well-known data origin authentication mechanism. Thus, it has an advantage for those applications that require both symmetric encryption and data origin authentication.

Cipher Feedback (CFB) Mode

• In this mode, each ciphertext block gets ‘fed back’ into the encryption process in order to encrypt the next plaintext block.
• Operation
• The operation of CFB mode is depicted in the following illustration. For example, in the present system, a message block has a size ‘s’ bits where 1 < s < n. The CFB mode requires an initialization vector (IV) as the initial random n-bit input block. The IV need not be secret. Steps of operation are −
• Load the IV in the top register.
• Encrypt the data value in top register with underlying block cipher with key K.
• Take only ‘s’ number of most significant bits (left bits) of output of encryption process and XOR them with ‘s’ bit plaintext message block to generate ciphertext block.
• Feed ciphertext block into top register by shifting already present data to the left and continue the operation till all plaintext blocks are processed.
• Essentially, the previous ciphertext block is encrypted with the key, and then the result is XORed to the current plaintext block.
• Similar steps are followed for decryption. Pre-decided IV is initially loaded at the start of decryption.

Analysis of CFB Mode

• CFB mode differs significantly from ECB mode, the ciphertext corresponding to a given plaintext block depends not just on that plaintext block and the key, but also on the previous ciphertext block. In other words, the ciphertext block is dependent of message.
• CFB has a very strange feature. In this mode, user decrypts the ciphertext using only the encryption process of the block cipher. The decryption algorithm of the underlying block cipher is never used.
• Apparently, CFB mode is converting a block cipher into a type of stream cipher. The encryption algorithm is used as a key-stream generator to produce key-stream that is placed in the bottom register. This key stream is then XORed with the plaintext as in case of stream cipher.
• By converting a block cipher into a stream cipher, CFB mode provides some of the advantageous properties of a stream cipher while retaining the advantageous properties of a block cipher.
• On the flip side, the error of transmission gets propagated due to changing of blocks.

Output Feedback (OFB) Mode

• It involves feeding the successive output blocks from the underlying block cipher back to it. These feedback blocks provide string of bits to feed the encryption algorithm which act as the key-stream generator as in case of CFB mode.
• The key stream generated is XOR-ed with the plaintext blocks. The OFB mode requires an IV as the initial random n-bit input block. The IV need not be secret.
• The operation is depicted in the following illustration

Counter (CTR) Mode

• It can be considered as a counter-based version of CFB mode without the feedback. In this mode, both the sender and receiver need to access to a reliable counter, which computes a new shared value each time a ciphertext block is exchanged. This shared counter is not necessarily a secret value, but challenge is that both sides must keep the counter synchronized.

​

• Operation
• Both encryption and decryption in CTR mode are depicted in the following illustration. Steps in operation are −
• Load the initial counter value in the top register is the same for both the sender and the receiver. It plays the same role as the IV in CFB (and CBC) mode.
• Encrypt the contents of the counter with the key and place the result in the bottom register.
• Take the first plaintext block P1 and XOR this to the contents of the bottom register. The result of this is C1. Send C1 to the receiver and update the counter. The counter update replaces the ciphertext feedback in CFB mode.
• Continue in this manner until the last plaintext block has been encrypted.
• The decryption is the reverse process. The ciphertext block is XORed with the output of encrypted contents of counter value. After decryption of each ciphertext block counter is updated as in case of encryption.

Analysis of Counter Mode

• It does not have message dependency and hence a ciphertext block does not depend on the previous plaintext blocks.
• Like CFB mode, CTR mode does not involve the decryption process of the block cipher. This is because the CTR mode is really using the block cipher to generate a key-stream, which is encrypted using the XOR function. In other words, CTR mode also converts a block cipher to a stream cipher.
• The serious disadvantage of CTR mode is that it requires a synchronous counter at sender and receiver. Loss of synchronization leads to incorrect recovery of plaintext.
• However, CTR mode has almost all advantages of CFB mode. In addition, it does not propagate error of transmission at all.