Module 5:Stream Ciphers and Block Ciphers, Feistel Cipher

e-PG Pathshala Information Technology Information security

Module 5:Stream ciphers and block ciphers, Feistel cipher

Stream Ciphers:

 Stream cipher takes one bit or one byte at a time from digital data and encrypts.  Vernam cipher is an example of stream cipher.

 pi = ith digit from binary form of plaintext, Ki = ith digit from binary form of key, ci = ith digit from binary form of ciphertext

 = exclusive – or (XOR) operation

 pi=ci  ki Block Cipher:

 Block of plaintext is taken at a time and ciphertext block is produced.  The block is of 64 bits or 128 bits.  The block cipher processes n bits from the plaintext block to produce n bits of a ciphertext block. 1 0 1 1 4 bit plaintext

1 1 0 0 4 bit ciphertext

Block Cipher – block size 2, 2n possible plaintext: plaintext ciphertext

00 10

Each time unique ciphertext block is 01 11 created. Reversible mapping.

10 01

11 00 e-PG Pathshala Information Technology Information security

plaintext ciphertext

00 11 For 00 and 01, same ciphertext is generated. So irreversible

mapping 01 11

10 01

11 10

Feistel - Ideal block cipher:

0000 1111

0001 1100

0010 1010

0011 1000

0100 0110

0101 0100

0110 0010

0111 0000

1000 1101 e-PG Pathshala Information Technology Information security

1001 1011

1010 1001

1011 0111

1100 0101

1101 0011

1111 0001

4 bit input. 16 possible inputs are mapped with 16 possible outputs, represented by 4 ciphertext bits.

This type of block is referred as Ideal Block Cipher. Because it allows plaintext- ciphertext mapping for all possible inputs.

Problem with Feistel - Ideal block cipher:

 Ideal block cipher is like substitution cipher.

 As the block size is small, Vulnerable to statistical analysis.

 For large block size , ideal block building implementation and ideal block storing is infeasible.

 For 4 bits, 16 rows are needed. Required length of key is 64 bits (4 bits of16 rows). For n bits, nx2n bits. e-PG Pathshala Information Technology Information security

 To prevent statistical attacks, block length must be 64 bits. So requires 64x264 bits.

Feistel Cipher:

 Block cipher having k bits in key and n bits in a block. So 2k possible transformations not 2n!.

 Feistel suggested to use substitution and permutation alternatively to produce ciphertext.

• Substitution- Each plaintext element is replaced by a corresponding element. Replacement is unique.

• Permutation -The order of plaintext element is changed.

Feistel cipher suggests confusion and diffusion. – to suppress statistical cryptanalysis:

 Diffusion

One plaintext digit affects in deriving the value of several ciphertext digit.

Message M=m1m2m3…. k consecutive letters are added to derive the letter of ciphertext yn

k yn  (mni )mod 26 i1

Statistical relation between plaintext and ciphertext is intricate and it is tricky to derive key.

 Confusion

The statistical relationship between ciphertext and encryption key is so complex that it is difficult to derive key.

Confusion is created by applying substitution algorithm in complex way. e-PG Pathshala Information Technology Information security

Feistel Cipher Structure :

Input : plaintext block (2w bits length), Key K

Procedure

1. Divide Plaintext block to create two blocks of equal length, LE0 and RE0.

2. Perform n rounds, to get the ciphertext block.

Each round is denoted by I having inputs LEi-1 and REi-1 generated by the preceding round.

Subkey Ki is derived from overall K. e-PG Pathshala Information Technology Information security

Round function F is applied to the right half REi-I , take output and exclusive – OR with left half and substitute for the right half of REi. LEi will be substituted with

REi-1.

LEi = REi-I

REi= LEi-1  F(REi-I , Ki)

3. Output of the nth round LEn || REn

4. Permutation is performed by interchanging two halves of the data and combined. REn ||

LEn

Strength of Feistel network: Strength depends on following parameters.  Block size – Larger block more security  Key size – Larger key size more security  Number of rounds – More rounds more security  Subkey generation algorithm – complex algorithm- difficult for cryptanalysis to generate key  Round function F – complex function , greater resistance to cryptanalysis.

Feistel Cipher Structure – Decryption: Input : ciphertext block of length 2w bits Key : subkey Ki in reverse order. Assuming 16 rounds are performed. LDi = RDi-1 RDi = LDi-1  F(RDi-1, Ki)

Design of Block Cipher: 1. Number of Rounds – More number of rounds, difficult for cryptanalytic attack. Even if function F is easy to break, more number of rounds make cipher strength high. 2. Function F design F adds confusion. F must be difficult to evaluate through linear equations. F must produce avalanche effect. One bit change produces change in several bits. F must follow bit independence criteria. Bit i is flipped for any i,j,k then output bit j and k should be changed independently. 3. Key generation Generate one subkey for each round. Subkeys should be derived in such way that individual subkeys cannnot be determined. From the subkey, one should not be able to derive main key. e-PG Pathshala Information Technology Information security