Chapter 20
Symmetric Encryption and
Message Confidentiality
Symmetric Encryption
• Also referred to as:
o
o
Conventional encryption
Secret-key or single-key encryption
• Only alternative before public-key
encryption in 1970’s
o
Still most widely used alternative
• Has five ingredients:
o
o
o
o
o
Plaintext
Encryption algorithm
Secret key
Ciphertext
Decryption algorithm
Cryptography
Classified along three
independent dimensions:
The type of
operations used
for transforming
plaintext to
ciphertext
• Substitution – each
element in the
plaintext is mapped
into another element
• Transposition –
elements in plaintext
are rearranged
The number of
keys used
• Sender and receiver
use same key –
symmetric
• Sender and receiver
each use a different
key - asymmetric
The way in which
the plaintext is
processed
• Block cipher –
processes input one
block of elements at a
time
• Stream cipher –
processes the input
elements
continuously
Computationally Secure
Encryption Schemes
• Encryption is computationally secure if:
o Cost of breaking cipher exceeds value of information
o Time required to break cipher exceeds the useful lifetime of the
information
• Usually very difficult to estimate the
amount of effort required to break
• Can estimate time/cost of a brute-force
attack
Plaintext (2w bits)
Round 1
L0
wbits
wbits
R0
K1
F
L1
R1
Round i
Ki
F
Li
Ri
Round n
Kn
F
Ln
Rn
Ln+1
Rn+1
Ciphertext (2wbits)
Figure20.1 Classical Feistel Network
Block Cipher Structure
• Symmetric block cipher consists of:
o A sequence of rounds
o With substitutions and permutations controlled by key
• Parameters and design features:
Block size
Key size
Number of
rounds
Subkey
generatio
n
algorithm
Ease of
analysis
Fast
software
encryption
/decryptio
n
Round
function
Most widely used
encryption scheme
Adopted in 1977 by
National Bureau of
Standards (Now
NIST)
FIPS PUB 46
Algorithm is
referred to as the
Data Encryption
Algorithm (DEA)
Minor variation of
the Feistel network
Data
Encryption
Standard
(DES)
K1
P
E
K2
A
D
K3
B
E
C
(a) Encryption
K3
C
D
K2
B
E
K1
A
D
(b) Decryption
Figure20.2 TripleDES
P
Plaintext
Add round key
w[0, 3]
Add round key
Substitutebytes
Expand key
Inversesub bytes
Shift rows
Inverseshift rows
Mix columns
Inversemix cols
Add round key
w[4, 7]
Round 10
Key
Add round key
Inversesub bytes
Round 9
Round 1
Plaintext
Inverseshift rows
Shift rows
Mix columns
Round 10
Add round key
Inversemix cols
w[36, 39]
Add round key
Substitutebytes
Inversesub bytes
Shift rows
Inverseshift rows
Add round key
w[40, 43]
Add round key
Ciphertext
Ciphertext
(a) Encryption
(b) Decryption
Figure20.3AES Encryption and Decryption
Round 1
Round 9
Substitutebytes
State
S
SubBytes
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
State
ShiftRows
State
MixColumns
M
M
M
M
State
r0
r1
r2
r3
r4
r5
r6
r7
r8
r9
r10
r11
r12
AddRoundKey
State
Figure20.4 AES Encryption Round
r13
r14
r15
Table 20.2
AES S-Boxes
(a) S-box
y
x
0
1
2
3
4
5
6
7
8
9
A
B
C
D
E
F
0
63
7C
77
7B
F2
6B
6F
C5
30
01
67
2B
FE
D7
AB
76
1
2
CA
B7
82
FD
C9
93
7D
26
FA
36
59
3F
47
F7
F0
CC
AD
34
D4
A5
A2
E5
AF
F1
9C
71
A4
D8
72
31
C0
15
3
04
C7
23
C3
18
96
05
9A
07
12
80
E2
EB
27
B2
75
4
5
09
53
83
D1
2C
00
1A
ED
1B
20
6E
FC
5A
B1
A0
5B
52
6A
3B
CB
D6
BE
B3
39
29
4A
E3
4C
2F
58
84
CF
6
D0
EF
AA
FB
43
4D
33
85
45
F9
02
7F
50
3C
9F
A8
7
8
51
CD
A3
0C
40
13
8F
EC
92
5F
9D
97
38
44
F5
17
BC
C4
B6
A7
DA
7E
21
3D
10
64
FF
5D
F3
19
D2
73
9
60
81
4F
DC
22
2A
90
88
46
EE
B8
14
DE
5E
0B
DB
A
B
E0
E7
32
C8
3A
37
0A
6D
49
8D
06
D5
24
4E
5C
A9
C2
6C
D3
56
AC
F4
62
EA
91
65
95
7A
E4
AE
79
08
C
BA
78
25
2E
1C
A6
B4
C6
E8
DD
74
1F
4B
BD
8B
8A
D
E
70
E1
3E
F8
B5
98
66
11
48
69
03
D9
F6
8E
0E
94
61
9B
35
1E
57
87
B9
E9
86
CE
C1
55
1D
28
9E
DF
F
8C
A1
89
0D
BF
E6
42
68
41
99
2D
0F
B0
54
BB
16
Table
20.2
Table
20.2
AES
S-Boxes
AES
S-Boxes
(b) InverseS-box
y
x
0
0
52
1
09
2
6A
3
D5
4
30
5
36
6
A5
7
38
8
BF
9
40
A
A3
B
9E
C
81
D
F3
E
D7
F
FB
1
7C
E3
39
82
9B
2F
FF
87
34
8E
43
44
C4
DE
E9
CB
2
3
54
08
7B
2E
94
A1
32
66
A6
28
C2
D9
23
24
3D
B2
EE
76
4C
5B
95
A2
0B
49
42
6D
FA
8B
C3
D1
4E
25
4
72
F8
F6
64
86
68
98
16
D4
A4
5C
CC
5D
65
B6
92
5
6
6C
90
70
D8
48
AB
50
00
FD
8C
ED
BC
B9
D3
DA
0A
5E
F7
15
E4
46
58
57
05
A7
B8
8D
B3
9D
45
84
06
7
D0
2C
1E
8F
CA
3F
0F
02
C1
AF
BD
03
01
13
8A
6B
8
9
3A
96
91
AC
11
74
41
22
4F
E7
67
AD
DC
35
EA
85
97
E2
F2
F9
CF
37
CE
E8
F0
1C
B4
75
E6
DF
73
6E
A
47
F1
1A
71
1D
29
C5
89
6F
B7
62
0E
AA
18
BE
1B
B
C
FC
1F
56
DD
3E
A8
4B
33
C6
88
D2
07
79
C7
20
31
9A
B1
DB
12
C0
10
FE
59
78
27
CD
80
5A
EC
F4
5F
D
60
51
7F
A9
19
B5
4A
0D
2D
E5
7A
9F
93
C9
9C
EF
E
F
A0
17
E0
2B
3B
04
4D
7E
AE
BA
2A
77
F5
D6
B0
26
C8
E1
EB
69
BB
14
3C
63
83
55
53
21
99
0C
61
7D
Shift
Rows
Decryption does
reverse
On encryption left rotate
each row of State by
0,1,2,3 bytes respectively
Mix Columns and Add Key
• Mix columns
o Operates on each column individually
o Mapping each byte to a new value that is a function of
all four bytes in the column
o Use of equations over finite fields
o To provide good mixing of bytes in column
• Add round key
o Simply XOR State with bits of expanded key
o Security from complexity of round key expansion and
other stages of AES
Stream Ciphers
Processes input
elements
continuously
Key input to a
pseudorandom
bit generator
• Produces stream of
random like
numbers
• Unpredictable
without knowing
input key
• XOR keystream
output with
plaintext bytes
Table20.3 Speed Comparisons of Symmetric Ciphers on a Pentium 4
Cipher
Key Length
Speed (Mbps)
DES
56
21
3DES
168
10
AES
128
61
RC4
Variable
Source: />
113
S
0
1
2
3
4
253 253 255
keylen
K
T
(a) Initial stateof S and T
T
T[i]
j =j +S[i] +T[i]
S
S[i]
S[j]
i
Swap
(b) Initial permutation of S
j =j +S[i]
S
S[i]
i
S[j]
S[t]
Swap
t =S[i] +S[j]
(c) Stream Generation
Figure20.5 RC4
k
Table 20.4
Block Cipher Modes of Operation
Electronic Codebook
(ECB)
• Simplest mode
• Plaintext is handled b bits at a time and each
block is encrypted using the same key
• “Codebook” because have unique ciphertext
value for each plaintext block
o Not secure for long messages since repeated plaintext is seen
in repeated ciphertext
• To overcome security deficiencies you need a
technique where the same plaintext block, if
repeated, produces different ciphertext blocks
IV
Time=1
P1
Time=2
P2
Time=N
PN
CN–1
Encrypt
K
K
C1
Encrypt
K
C2
Encrypt
CN
(a) Encryption
C1
Decrypt
K
C2
K
CN
Decrypt
K
Decrypt
CN–1
IV
P1
P2
(b) Decryption
Figure20.6 Cipher Block Chaining(CBC) Mode
PN
CM–1
IV
Shift register
b – s bits
s bits
Shift register
b – s bits
s bits
64
K
64
K
Encrypt
P1
64
K
Encrypt
64
Select
s bits
Shift register
b – s bits
s bits
Encrypt
64
Discard
b – s bits
Select
s bits
P2
s
s
64
Discard
b– s bits
Select
s bits
PM
s
s
Discard
b– s bits
s
s
s
C1
C2
(a) Encryption
CM
CM–1
IV
Shift register
b – s bits
s bits
Shift register
b – s bits
s bits
64
K
64
K
Encrypt
64
Select
s bits
Discard
b – s bits
64
K
Encrypt
Select
s bits
64
Discard
b– s bits
Select
s bits
s
s
C1
Encrypt
64
s
s
P1
Shift register
b – s bits
s bits
Discard
b– s bits
s
s
s
C2
P2
(b) Decryption
Figure20.7 s-bit Cipher Feedback (CFB) Mode
PM
CM
Counter
Encrypt
K
Counter +1
Encrypt
K
P1
Counter +N – 1
P2
C1
Encrypt
K
PN
C2
CN
(a) Encryption
Counter
Encrypt
K
C1
Counter +1
Encrypt
K
C2
P1
Counter +N – 1
Encrypt
K
CN
P2
(b) Decryption
Figure20.8 Counter (CTR) Mode
PN
FRN
FRN
Framerelay
network
FRN
FRN
= end-to-end encryption device
= link encryption device
FRN = frame relay node
Figure20.9 Encryption Across a FrameRelay Network