e-PG Pathshala Information Technology Information security Module 5:Stream ciphers and block ciphers, Feistel cipher Stream Ciphers: Stream cipher takes one bit or one byte at a time from digital data and encrypts. Vernam cipher is an example of stream cipher. pi = ith digit from binary form of plaintext, Ki = ith digit from binary form of key, ci = ith digit from binary form of ciphertext = exclusive – or (XOR) operation pi=ci ki Block Cipher: Block of plaintext is taken at a time and ciphertext block is produced. The block is of 64 bits or 128 bits. The block cipher processes n bits from the plaintext block to produce n bits of a ciphertext block. 1 0 1 1 4 bit plaintext 1 1 0 0 4 bit ciphertext Block Cipher – block size 2, 2n possible plaintext: plaintext ciphertext 00 10 Each time unique ciphertext block is 01 11 created. Reversible mapping. 10 01 11 00 e-PG Pathshala Information Technology Information security plaintext ciphertext 00 11 For 00 and 01, same ciphertext is generated. So irreversible mapping 01 11 10 01 11 10 Feistel - Ideal block cipher: 0000 1111 0001 1100 0010 1010 0011 1000 0100 0110 0101 0100 0110 0010 0111 0000 1000 1101 e-PG Pathshala Information Technology Information security 1001 1011 1010 1001 1011 0111 1100 0101 1101 0011 1111 0001 4 bit input. 16 possible inputs are mapped with 16 possible outputs, represented by 4 ciphertext bits. This type of block is referred as Ideal Block Cipher. Because it allows plaintext- ciphertext mapping for all possible inputs. Problem with Feistel - Ideal block cipher: Ideal block cipher is like substitution cipher. As the block size is small, Vulnerable to statistical analysis. For large block size , ideal block building implementation and ideal block storing is infeasible. For 4 bits, 16 rows are needed. Required length of key is 64 bits (4 bits of16 rows). For n bits, nx2n bits. e-PG Pathshala Information Technology Information security To prevent statistical attacks, block length must be 64 bits. So requires 64x264 bits. Feistel Cipher: Block cipher having k bits in key and n bits in a block. So 2k possible transformations not 2n!. Feistel suggested to use substitution and permutation alternatively to produce ciphertext. • Substitution- Each plaintext element is replaced by a corresponding element. Replacement is unique. • Permutation -The order of plaintext element is changed. Feistel cipher suggests confusion and diffusion. – to suppress statistical cryptanalysis: Diffusion One plaintext digit affects in deriving the value of several ciphertext digit. Message M=m1m2m3…. k consecutive letters are added to derive the letter of ciphertext yn k yn (mni )mod 26 i1 Statistical relation between plaintext and ciphertext is intricate and it is tricky to derive key. Confusion The statistical relationship between ciphertext and encryption key is so complex that it is difficult to derive key. Confusion is created by applying substitution algorithm in complex way. e-PG Pathshala Information Technology Information security Feistel Cipher Structure : Input : plaintext block (2w bits length), Key K Procedure 1. Divide Plaintext block to create two blocks of equal length, LE0 and RE0. 2. Perform n rounds, to get the ciphertext block. Each round is denoted by I having inputs LEi-1 and REi-1 generated by the preceding round. Subkey Ki is derived from overall K. e-PG Pathshala Information Technology Information security Round function F is applied to the right half REi-I , take output and exclusive – OR with left half and substitute for the right half of REi. LEi will be substituted with REi-1. LEi = REi-I REi= LEi-1 F(REi-I , Ki) 3. Output of the nth round LEn || REn 4. Permutation is performed by interchanging two halves of the data and combined. REn || LEn Strength of Feistel network: Strength depends on following parameters. Block size – Larger block more security Key size – Larger key size more security Number of rounds – More rounds more security Subkey generation algorithm – complex algorithm- difficult for cryptanalysis to generate key Round function F – complex function , greater resistance to cryptanalysis. Feistel Cipher Structure – Decryption: Input : ciphertext block of length 2w bits Key : subkey Ki in reverse order. Assuming 16 rounds are performed. LDi = RDi-1 RDi = LDi-1 F(RDi-1, Ki) Design of Block Cipher: 1. Number of Rounds – More number of rounds, difficult for cryptanalytic attack. Even if function F is easy to break, more number of rounds make cipher strength high. 2. Function F design F adds confusion. F must be difficult to evaluate through linear equations. F must produce avalanche effect. One bit change produces change in several bits. F must follow bit independence criteria. Bit i is flipped for any i,j,k then output bit j and k should be changed independently. 3. Key generation Generate one subkey for each round. Subkeys should be derived in such way that individual subkeys cannnot be determined. From the subkey, one should not be able to derive main key. e-PG Pathshala Information Technology Information security .