International Journal of Computer Engineering and Applications, Volume XII, Special Issue, April 18, www.ijcea.com ISSN 2321-3469
CRYPTOGRAPHIC BLOCK CIPHER ALGORITHMS
Anil Gopal Sawant Dr. Vilas N. Nitnaware Research Scholar, Ph.D. Student Principal JJT University, Rajasthan, India D. Y. Patil School of Engineering Academy, Pune [email protected] [email protected]
Abstract — Today, billions of people all over the world parameters and compared them to choose the best data communicate by various ways including electronic networks, encryption algorithm so that we can be used in future work. such as e-mail, Social network, ATMs, e-commerce or mobile phones. Also now a day’s, world research is happening in Keywords— Cryptography, Internet of things, Digitization, Block artificial intelligence and Internet of things makes electronic cipher. devices are increasingly connected with each other and also interact with each other which creates huge data. The rapid I. INTRODUCTION increase of Digitization resulted to an increased reliance Cryptography is a technique of protecting secure on cryptography. Modern era has seen the rise of computing information from unwanted individuals by converting it into devices, especially hand held devices. Information, in large unintelligible form. It is an art to transform or change the quantity, can be digitalized and stored on these devices. Also data to make it secure and immune against security attacks. these information must be shared to others devices, connected either via wired or wireless links, which are insecure channels. Cryptography[1,2] is used for secure Information is a long term resource to any individual and/or communication of the electronic channel in the presence of organization and hence privacy of the information is of great third parties to secured the data with respect to importance. Cryptographyis a way to ensure the authentication, confidentiality, authentication, data integrity, access control integrity, accessibility, confidentiality, and identity of user data and non-repudiation. An original message is known as the and also maintained the security and privacy of user data. plaintext, while the encrypted message is called the cipher- Encryption is the process of converting normal data or plaintext text[18]. The way of transforming from plaintext to cipher- to something incomprehensible or cipher-text by applying text is known as enciphering or encryption[18, 19] and again mathematical transformations or formulae. These mathematical restoring the plaintext from the cipher-text is deciphering or transformations or formulae used for encryption processes are called algorithms. We have analysed data encryption algorithms decryption[25]. DES, Triple DES, AES, IDEA, RC5, TWOFISH, THREEFISH and BLOWFISH etc. All These Block Cipher Algorithms are symmetric key cryptographic algorithms. In this paper, we have analysed various encryption algorithms on the basis of different
1
CRYPTOGRAPHIC BLOCK CIPHER ALGORITHMS
Access Control :Only authorised users can access the data. This is done to avoid unauthorized user access. A key is used at the time of encryption and decryption process. The security level of cryptography is determined by key length[18].
II. OVERVIEW OF VARIOUS ALGORITHMS In this section we will discuss about various cryptographic algorithms to be analysed for their performance evaluation[15]. To start the algorithm analysis firstly we should know that what is Algorithm actually. “An algorithm is a sequence of unambiguous instructions for solving a problem”, i.e., for obtaining a required output for Figure 1. Process of Cryptography any legitimate input in a finite amount of time. We are taking The many schemes used for encryption constitute the area eight encryption algorithms under consideration those are Basic terminologies in cryptography are as follows: DES, Triple DES, AES, IDEA, RC5, TWOFISH, THREEFISH and This terminology is very important to understand because in BLOWFISH [18] etc. every algorithm description, we are going to discuss these common terms: A. DES (Data Encryption Standard) Plain-text: The original text or message used in It was developed in the early 1975 at IBM labs by communication in called as Plain text[20]. Example: John Horst Fiestel. The DES was approved by the NBS (National sends “Hello” to Perry. Here “Hello” is Plain text or Original Bureau of Standards, now called NIST (National Institute of message. The original message to be encrypted. Standards and Technology) in 1978. The DES was Encryption: Encryption is a process of converting Plain text standardized by the ANSI (American National Standard into Cipher text. This non-readable message can securely be Institute) under the name of ANSI X3.92, better known as communicated over the unsecure network. Encryption DEA (Data Encryption Algorithm)[4]. The DES was once a process is done using encryption algorithm. The process of predominant symmetric-key algorithm[6] for the encryption mapping the original data to a meaningless form. of electronic data. DES uses 56 bits key for encryption and Key: A key is a numeric or Alpha-numeric text decryption. It completes the 16 rounds of encryption on each (mathematical formula). In encryption process it takes place 64 bits block of data. Data encryption standard works on a on Plain text and in decryption process it takes place on particular principle. Data encryption standard is a symmetric cipher text. The confidential key is the input to encryption encryption[9] system that uses 64-bit blocks, 8 bits (one algorithm. The algorithm in turn produces different outputs octet) of which are used for parity checks (to verify the key's for different keys used[19]. integrity)[25]. Each of the key's parity bits (1 every 8 bits) is Cipher-text: The plain text is encrypted in un-readable used to check one of the key's octets by odd parity, that is, message. This message has no meaning is called Cipher Text. each of the parity bits is adjusted to have an odd number of The meaningless message obtained after encryption process. '1's in the octet it belongs to[14]. DES is now considered to Decryption: The encryption process in reverse order form be insecure for various other applications. This is mainly the decryption process. The output of this decryption process because to the 56-bit key size being too small to provide is the original message. security. But now it is an outdated symmetric key data Key Size: Key size is the length of key which is measure in encryption method[18]. bits, used in different algorithm with different key sizes[26].
Block Size : Key cipher works on fixed length string of bits B. DES (Triple Data Encryption Standard) called Block size. This block size can changes from In cryptography techniques, Triple Data Encryption Standard algorithm to algorithm[15]. (3DES) is the common name for the Triple Data Encryption Round :Round of encryption means that how much time Algorithm (TDEA) symmetric-key block cipher, which encryption function is executed in complete encryption applies the Data Encryption Standard (DES) encryption process till it gives cipher text as output. algorithm three times to each data block. Triple-DES is also proposed by IBM in 1978 as a substitute to DES. So, 3DES is simply the DES symmetric encryption algorithm[19], used A. Main Objectives of Cryptography three times on the same data. Three DES is also called as T- Confidentiality: Only an authorized recipient should be able DES. It uses the simple DES encryption algorithm three to extract the contents of the message from its encrypted times to enhance the security of encrypted text[14]. form.
Integrity: The recipient should be able to determine if the message has been altered. Assuming receiver that received message has not been altered in any way from the original message[19]. Authentication: The sender and receiver can confirm each other’s identity and the origin/destination of the information. Non-repudiation: The emitter should not be able to deny sending the message.
2
International Journal of Computer Engineering and Applications, Volume XII, Special Issue, April 18, www.ijcea.com ISSN 2321-3469
Add Round Key: In this step, round key is added to the output of the previous step during the forward encryption process. This step normally differs from others because of various key size. In AES encryption process[23,24], it uses different round keys. These keys are applied along with other mathematical operations on an array of data in this process. This data is present in blocks of particular size. This array is called state array. This encryption process includes following process: Figure 2. 3DES Structure 1. Initially derive the different round keys from cipher key. In this technique, same data is encrypted two times 2. Initialize the state array with block data or plaintext. more using DES. This makes the encryption more stronger 3. then Start with initial state array by adding round key. and more difficult to break and hence three times secured. 4. Perform the process of state manipulation in nine rounds. Triple DES is basically a Block cipher which uses generally 5. After tenth round of manipulation, we will get the final 48 rounds i.e. Three times the DES in its computation, and output as cipher text. By following above process we get the also key length of 168 bits. 3-DES also Uses the Block size final encrypted text or cipher text. of 64 bits for encryption[14]. The main advantage of Triple
DES is that it is three times secure (as it is combination or D. Blowfish three DES algorithms with different keys at each level) than Blowfish was developed by bruce schneier in 1993. It is DES that’s why it is preferred over simple DES encryption basically a symmetric block cipher algorithm having variable algorithm. It provide adequate security to the data but it is not length key from 32 bits to 448 bits in sizes. It operates on the good because it consumes more time and its encryption block size 64 bits[8]. It is a generally 16-round Feistel cipher speed also less than DES encryption algorithm[9]. and uses large key dependent S-Boxes. Each S-box contains
32 bits of data. C. AES (Advanced Encryption Standard) National Institute of Standards and Technology (NIST) announced an initiative to choose a successor to DES in 1997 and NIST selected the Advanced Encryption Standard[9,12] as a replacement to DES and 3DES in 2001. AES (Advanced Encryption standard) is developed by Vincent Rijmen, Joan Daeman in 2001[4,5]. The Advanced Encryption Standard (AES) is a symmetric block cipher used to protect classified information and is implemented in software and hardware throughout the world for sensitive data encryption[13]. AES is actually, three different block ciphers algorithm, AES-128, AES-192 and AES-256. Each cipher encrypts and decrypts data in blocks of 128 bits using cryptographic keys of 128 Figure 4. Blowfish Function F. bits, 192 bits and 256 bits, respectively. Advanced encryption Above Diagram shows the Blowfish’s F- function. The standard generally there are used 10 rounds for 128-bit keys, function splits the 32 bit input into four 8-bit quarters, and 12 rounds are used for 192-bit keys, and 14 rounds are used uses the quarters as input to S-boxes. The outputs are then for 256-bit keys[21]. In each case, all other rounds are added (Mod) modulo 232 and XORed to produce the final identical, except for the last round. Each round in encryption 32-bit output which is encrypted data. For Decryption process[25] further follows some steps to complete each Process at another end the same process which normally round till n. Each round possess four rounds i.e. Substitute takes place, but it is in reverse order[21]. Till now, no attack byte, Shift rows, Mix Column and Add round key[17]. has been found successful against Blowfish encryption algorithm[10]. Blowfish is a variable key length algorithm and it is having 64-bit block cipher[8]. The algorithm consist of two sub parts, one is key expansion part and second data encryption part. Data encryption process is done by completing 16 rounds with the help of fiestel network. Each and every Figure 3. AES Round Steps round generally consist of key dependent permutation in P- Substitution round: In this step, Sub-Bytes are byte by byte Box and key/data dependent substitution in S-Box[15]. one after the other substituted during the encryption process. Blowfish algorithm provides a best encryption rate in Shift Rows: In this step, shifting the rows of the state array software. It is much faster than that of DES and IDEA during the forward encryption process i.e. S-Box process. algorithm. In many encryption experiments the Blowfish Mix Column: In this step, Mix Columns are mixing up of the encryption algorithm is declared best because of security bytes in each column separately in the session of the forward level that is offers and speed of encryption, which is better encryption process. than the most of the encryption algorithm available in today’s world[19]. 3
CRYPTOGRAPHIC BLOCK CIPHER ALGORITHMS
E. Twofish Twofish algorithm is also a symmetric block cipher having fiestel structure[7]. It is also developed and explained by bruce schneier in 1998. Twofish also uses block ciphering like Blowfish. It is efficient for software that runs in smaller processor (smart cards) and embedding in hardware[21]. It allows implementers to customize encryption speed, key setup time, and code size to balance performance. Twofish is license-free, un-patented and freely available for use[22]. In twofish encryption algorithm uses different key sizes 128, 192 and 256 bits[25]. It uses the block size of 128 bits and there are generally 16 rounds of encryption takes place in this encryption algorithm called as Twofish. This round function encrypts the data. This round function Figure 5. RC5 encryption algorithm repeatedly encrypts the data 16 times and then gives final Above Figure is showing the basic working procedure of cipher text after 16th round [26]. RC5 encryption algorithm. RC5 works with two 32 bit Twofish contains total 16 rounds of data encryption and we registers A and B which contains the initial input text or plain get the final 128 bit cipher text after completing 16 rounds of text as well as the output cipher at the end of encryption. encryption [18]. Twofish encryption algorithm also provides First we load plain text into the registers A and B then good level of security but encryption speed is less as encryption and decryption functions are applied on it. compared to blowfish algorithm[23]. H. IDEA (International Data Encryption Algorithm) F. Threefish IDEA (International Data Encryption algorithm) is a block Threefish is a symmetric key block cipher designed encryption algorithm designed by Xuejia Lai and James L by bruce schneier, Niels Ferguson, Stefan Lucks, Doug and it was first described in 1991.The original algorithm Whiting, Mihir bellare, jesse walker. It was first published in went through few modifications and finally it got named as year 2008. Threefish block cipher algorithm is directly International Data Encryption Algorithm (IDEA)[3]. related to Blowfish algorithm and Twofish algorithm [22]. IDEA is a Block cipher that operates with 64 bit plain text Threefish algorithm is tweakable block cipher[7]. Tweakable and cipher text blocks and is controlled by 128 bit key. This block cipher generally take three inputs, a key, a tweak and algorithm works on 64-bit plain text and cipher text block at block of massage[23]. here unique tweak value which is used one time. For encryption purpose, the 64- bit plain text is to encrypt every block of massage[1]. The tweak value is 128 divided into four 16 bits parts of sub-blocks. In this, we bits for all block sizes. Threefish encryption uses three type denote these four blocks as P1 for 16 bits, P2 for16 bits, P3 of keys 256 bits, 512 bits or 1024 bits. In Threefish, the key for 16 bits and last P4 for 16 bits. Each of these blocks goes size is equal to the block size. It means it uses three block through 8 rounds and one output transformation phase. In sizes i.e. 256, 512 or 1024 bits. It applies encryption in 72 each of these eight rounds, some arithmetic and logical rounds generally, but in case of 1024 bit block size its operations are performed[27]. Till eight rounds, the same encryption rounds are 72. Threefish uses no S-BOX or other sequences of operations are repeated. In the last phase, output table lookups in order to avoid timing attacks[18]. transformation phase, we perform only arithmetic operations. Threefish encryption algorithm uses following At the beginning of the encryption process, the 64 bit plain round function. Threefish-256 and Threefish-512 apply this text is divided in four equal size blocks and ready for round1 round 72 times. Threefish-1024 applies this round 80 times. input. The output of round1 is the input of round2. Similarly, the output of round2 is the input of round3, and so on. G. RC5 Finally, the output of round8 is the input for output RC5 is a symmetric-key block cipher designed by Ronald transformation, whose output is the resultant 64 bit cipher Rivest in 1994. RC stands for “Rivest Cipher” or it is also text assumed as C1 for 16bits, C2 for 16 bits, C3 for 16 bits called “Ron’s Code”. AES (Advanced Encryption Standard) and C4 for 16 bits. is directly based on RC5[16]. It uses key sizes 0 to 2040 bits but suggested count is 128 bits. RC5 uses block sizes of 32, 64 or 128 bits but 64 bits are suggested. It is fiestel-like network [18]. It has 1 to 255 encryption rounds but 12 rounds are suggested originally. It is suitable for hardware and software implementation, because it uses only those operations which are available in typical microprocessor [19]. The RC5 encryption algorithm is a block cipher that converts plain text data blocks of 16, 32, and 64 bits into cipher text blocks of the same length[15]. The algorithm is done set of iterations called rounds r that takes values.
4
International Journal of Computer Engineering and Applications, Volume XII, Special Issue, April 18, www.ijcea.com ISSN 2321-3469
that that the strength of the each encryption algorithm TWOFISH THREEFISH RC5 IDEA depends upon the key management, type of cryptography, Parameters number of keys, Key Length, Rounds, Block size, number of Development Bruce Bruce schneier, Ron rivest Xuejia bits used in a key. Longer the key length and data length Schneier in Niels Ferguson, in 1994 Lai more will be the power consumption that will lead to more 1998 Stefan Lucks in and heat dissipation and requires more computation time which 2008 James in simply indicates that the system takes more time to encrypt 1991 the data i.e. slower the encryption process but stronger the encryption. All the keys are based upon the mathematical Key Length 128, 192, 256 256,512, 1024 0 to 2040 128 properties and their strength decreases with respect to time. A (Bits) bits key good cryptographic system strikes a balance between what is size(128 suggested) possible and what is acceptable. Thus considerable research Rounds 16 For 256,512 1 to 8 effort is still required for secured communication. key = 72 255(64 For 1024 key = suggested) 80 Block Size 128 256,512 and 34 , 64, 64 (Bits) 1024 128(64 Parameters DES 3DES AES BLOWFISH suggested) Attacks Differential Improved Co- Linear Development In early IBM in Vincent Bruce Found attack, Related-Key relation attack 1970 by 1978. Rijmen, Schneier in Related key Boomerang attack, IBM and Joan 1993 attack Attack Timing Published Daeman attack in 1977. in 2001 Level Of Secure Secure Secure Secure Key Length 64 (56 168,112 128,192, Variable key Security (Bits) usable) 256 length i.e. Encryption Fast Fast Slow Fast 32 – 448 Speed Rounds 16 48 10,12,14 16 Block Size 64 64 64 64 (Bits) Attacks Exclusive Related Key No attack is Found Key search, Key recovery found to be Linear attack attack, successful cryptanalys Side against is, channel blowfish. Differential attack analysis
Level Of Adequate Adequate Excellent Highly secure Security security security security
Encryption slow slow slow Very fast Speed
Figure 6. IDEA encryption Process As the IDEA is a symmetric key algorithm, it uses the same References key for encryption and for decryption. The decryption process is the same as the encryption process except that the [1] W. Diffiee and M. Hellman, “New Directions in Cryptography”, sub keys are derived using a different algorithm[11]. The size IEEE Transaction Information Theory IT-22, (1976),pp. 644- of the cipher key is 128 bits. In the encryption process we use 654. [2] Coppersmith, D. "The Data Encryption Standard (DES) and Its total 52 keys (round1 to round8 and output transformation Strength Against Attacks. "IBM Journal of Research and phase), generated from a 128 bit cipher key[15]. Each round Development, May 1994, pp. 243 - 250. (round1 to round8) we use six sub keys. Each sub-key [3] M. Thaduri, S. Yoo and R. Gaede, “ An Efficient Implementation consists of 16 bits and the output transformation uses 4 sub- of IDEA encryption algorithm using VHDL”, Elsevier, (2004). [4] A. Nadeem, “A performance comparison of data encryption keys. algorithms”,IEEE information and Communication Technologies , (2006), pp. 84-89. III. COMPARATIVE TABLE [5] Daemen J., and Rijmen V. (2009)"Rijndael: The Advanced Table 1. Comparison of Various Algorithms on the basis of Different Encryption Standard."D r. Dobb's Journal, March 2001,PP. 137- Parameters 139. [6] E. Biham and A. shamir, "A differential cryptoanalysis of data encryption standard", Springer-verlog, (1993). IV. CONCLUSIONS [7] I. Landge, T. Bharmal and P. Narwankar, “Encryption and In this paper, we have analysed various different decryption of data using two fish algorithm”, World Journal of encryption algorithms. Each algorithm has its own benefits Science and Technology, vol. 2, no. 3, (2012), pp. 157-161. according to different parameters compared. It is observed 5
CRYPTOGRAPHIC BLOCK CIPHER ALGORITHMS
[8] J. W. Cornwell, “Blowfish Survey”, Department of Computer Science, Columbus State University, Columbus. [9] R. Davis, “The data encryption standard in perspective”, Communications Society Magazine, IEEE, (2003), pp. 5 – 9. [10] B. Schneier, “Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish)”, [online] Available at: http://www.schneier.com/paper-blowfishfse.html. [11] J. Daemen, R. Govaerts and J. Vandewalle, “Weak Keys for IDEA”, Springer-Verlag, (1998). [12] M. Abutaha, M. Farajallah, R. Tahboub and M. Odeh, “Survey Paper: Cryptography Is the Science of Information Security”, published in International Journal of Computer Science and Security (IJCSS), vol. 5, no. 3, (2011). [13] L. Singh and R. K. Bharti, "Comparative performance analysis of cyptographic algorithms", International journal of advanced research in computer science and software engineering (IJARCSSE), vol. 3, no. 11, (2013). [14] A. Nadeem, “A performance comparison of data encryption algorithms”, IEEE information and Communication Technologies , (2006), pp. 84-89. [15] G. C. Kessler, “An Overview of Cryptography”, http://www.garykessler.net/library/crypto.html, (2006). [16] R. L. Rivest, “The RC5 Encryption Algorithm”, MIT laboratory for C.S, Cambridge. [17] J. V. Shanta, “Evaluating the performance of Symmetric Key Algorithms: AES (Advanced Encryption Standard ) and DES ( Data Encryption Standard ) in IJCEM International Journal of Computational Engineering & Management”, vol. 15, no. 4, (2012), pp.43-49. [18] W. Stallings, "Cryptography and Network Security: Principles and Practice", (1999), Prentice-Hall, New Jersey. [19] William Stallings “Network Security Essentials (Applications and Standards)”, Pearson Education, 2004. [20] E. Thambiraja, G. Ramesh, Dr. R. Umarani, “A Survey on Various Most Common Encryption Techniques” International Journal of Advanced Research in Computer Science and Software Engineering, VOL. 2, Issue 7 July 2012, Page 226-233. [21] Sumedha Kaushik, Ankur Singhal, “Network Security Using Cryptographic Techniques” International Journal of Advanced Research in Computer Science and Software Engineering, VOL.2, Issue 12 December 2012, Page 105-107. [22] Vishwa gupta, Gajendra Singh, Ravindra Gupta, “Advance cryptography algorithm for improving data security” International Journal of Advanced Research in Computer Science and Software Engineering, VOL.2, Issue 1 January 2012. [23] A L. Jeeva, Dr. V. Palanisamy, K. Kanagaram, “ Comparative Analysis Of Performance Efficiency and Security Measures of some Encryption Algorithms”International Journal of Engineering Research and Applications (IJERA), VOL.2, Issue 3,May-Jun 2012, Page 3033- 3037. [24] G. Ramesh, R. Umarani, “Performance Analysis of Most Common Encryption Algorithms on Different Web Browsers “I.J. Information Technology and Computer Science, Issue Nov 2012, Page 60-66. [25] Zirra Peter Buba & Gregory Maksha Wajiga “Cryptographic Algorithms for Secure Data Communication “in International Journal of Computer Science and Security IJCSS, Volume no 5, Issue 2, 2011. [26] Pranay Meshram,Pratibha Bhaisare, S.J.Karale,”,comparative study of selective encryption algorithm for wireless adhoc network” ,IJREAS Volume 2, Issue 2 , in International Journal of Research in Engineering & Applied Sciences 2016. [27] Diaa Salama Abdul. Elminaam, Hatem Mohamed Abdul Kader and Mohie Mohamed Hadhoud, “Performance Evaluation of Symmetric Encryption Algorithms”, international Journal of Computer Science and Network Security, VOL.8 No.12, December 2008.
6