Chapter –Three

Symmetric‐Key Encryption

By:
Alemwork
Debark University
 Symmetric‐Key Encryption : Block ciphers and Stream ciphers
Block ciphers : Widely used block ciphers
• Some of the block cipher algorithms widely used today are:
i. Feistel Cipher
ii. DES
iii. Double DES
iii. Triple DES
iv.AES
v.Three More Block Ciphers:
a. IDEA
b. Blowfish
c. RC6
vi. TEA
vii. Block Cipher Modes
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
i. Feistel Cipher
• A Feistel cipher, named after block cipher pioneer Horst Feistel, is a general cipher
design principle, not a specific cipher.
• In a Feistel cipher, the plaintext P is split into left and right halves,
P = (L0, R0),
and for each round i = 1, 2, . . . , n new left and right halves are computed according to
the rule
Li = Ri−1 and Ri = Li−1 ⊕ F(Ri−1,Ki ), where Ki is the subkey for round i.
• The subkey is derived from the key K according to a key schedule algorithm.
• Finally, the ciphertext C is the output of the final round, C = (Ln, Rn).
• The beauty of a Feistel cipher is that we can decrypt, regardless of the particular round
function F.
• To do so, we simply solve the above equations for Ri−1 and Li−1, respectively, which
allows us torun the process backward.
• For i = n, n − 1, . . . , 1, the decryption rule is
Ri−1 = Li
Li−1 = Ri ⊕ F(Ri−1,Ki )
And the final result is the original plaintext P = (L0,R0).
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
i. Feistel Cipher
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. DES
• The Data Encryption Standard, known as DES, is a simple block cipher developed way
back in the 1970s.
• The design is based on the Lucifer cipher, a Feistel cipher developed by IBM.
• To summarize,
• DES is a Feistel cipher with 16 rounds;
• DES has a 64-bit blocklength;
• DES uses 64-bit key length out of which every eighth bit is taken out for parity
checking.
• Thus, actually, DES uses a 56-bit key;
• each round of DES uses a 48-bit subkey and each subkey consists of a 48-bit subset
of the 56-bit key.
Outline of the DES Algorithm
• DES operates on two inputs to the encryption function: a 64-bit block of plaintext to be
encrypted and the 56-bit key k.
• Note: Actually, the function expects a 64-bit key as input. However, only 56 of these
bits are ever used; the other 8 bits can be used as parity bits or simply set arbitrarily.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. DES
• The processing of the plaintext proceeds in three phases:
• In first phase, the 64-bit plaintext passes through an initial permutation (IP) that
rearranges the bits to produce the permuted input. This permuted input is then
broken into a right half and a left half, each 32-bit long.
• Second phase consists of 16 rounds of an identical operation, called the function F,
in which data are combined with the key. In each round (see Figure):
• The key bits are shifted, and then 48 bits are selected from the 56 bits of the
key.(sub key generation)
• The right half of the data is expanded to 48 bits via an expansion
permutation, combined with 48 bits of a shifted and permuted key via an
XOR, sent through 8 S-boxes producing 32 new bits, and permuted again.
• The output of Function F is then combined with the left half via another XOR.
• The result of these operations becomes the new right half; the old right half
becomes the new left half.
• These operations are repeated 16 times, making 16 rounds of DES.
• The output of the last round consists of 64 bits. The left and right halves of
the output are swapped to produce thepre output.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. DES
• In the final phase, the preoutput is passed through an inverse permutation (IP-1)
of the initial permutation function, to produce the 64-bit ciphertext.
• With the exception of the initial and final permutations, DES has the exact structure of
a Feistel cipher, as shown inFigure.
• For each round i = 1, 2, . . . , 16, new left and right halves are computed according to
the rule
Li = Ri−1
Ri = Li−1 ⊕ F(Ri−1,Ki)
where Ki is the subkey for round i.
 Symmetric‐Key Encryption: Block ciphers and Stream ciphers
Block ciphers: Widely used block ciphers
ii. DES
• The overall scheme for DES encryption is illustrated in the following Figure:

Figure: General Depiction of DES Encryption Algorithm

 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption: Block ciphers and Stream ciphers

Block ciphers: Widely used block ciphers
ii. DES

Figure: One round ofDES

 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption: Block ciphers and Stream ciphers

Block ciphers: Widely used block ciphers
ii. DES
The Initial Permutation
• The initial permutation occurs before round 1; it transposes the input block as
described in the following Table.
• This table, like all other tables, should be read left to right, top to bottom.
• For example, the initial permutation moves bit 58 of the plaintext to bit position 1, bit
50 to bit position 2, bit 42 to bit position 3, and so forth.
Table: Initial Permutation

58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7

• The input to a table consists of 64 bits numbered from 1 to 64.

• The 64 entries in the permutation table contain a permutation of the numbers from 1
to 64. Each entry in the permutation table indicates the position of a numbered input
bit in the output, which also consists of64 bits.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption: Block ciphers and Stream ciphers

Block ciphers: Widely used block ciphers
ii. DES
• Note: The initial permutation and the corresponding final permutation do not affect
DES‟s security.
• Since this bit-wise permutation is difficult in software, many software
implementations of DES leave out both the initial and final permutations.
The Key Transformation
• Initially, the 64-bit DES key is reduced to a 56-bit key by ignoring every eighth bit. This is
described in the following Table.
Table: KeyPermutation
57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption: Block ciphers and Stream ciphers

Block ciphers: Widely used block ciphers
ii. DES
• These extra eight bits can be used as parity check to ensure the key is error-free.
• After the 56-bit key is extracted, a different 48-bit subkey ki is generated for each of the
16 rounds of DES.
• These subkeys, Ki are determined in the following manner:
• First, the 56-bit key is divided into two 28-bit halves.
• Then, the halves are circularly shifted left by either one or two bits, depending on
the round.
• This shift is given in the following Table.
Table : Number of Key Bits Shifted per Round
Round 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Number 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption: Block ciphers and Stream ciphers

Block ciphers: Widely used block ciphers
ii. DES
• After being shifted, 48 out of the 56 bits are selected.
• Because this operation permutes the order of the bits as well as selects a subset of bits,
it is called a compression permutation.
• This operation provides a subset of 48 bits.
• The following Table defines the compression permutation (also called the permuted
choice).
Table: Compression Permutation
14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption: Block ciphers and Stream ciphers

Block ciphers: Widely used block ciphers
ii. DES
• For example, the bit in position 33 of the shifted key moves to position 35 of the
output, and the bit in position 18 of the shifted key is ignored.
• Because of the shifting, a different subset of key bits is used in each subkey.
• Each bit is used in approximately 14 of the 16 subkeys, although not all bits are used
exactly the same number of times.
The Expansion Permutation (Right –Half of the plaintext )
• This operation expands the right half of the data (not the key), Ri, from 32 bits to 48
bits. Because this operation changes the order of the bits as well as repeating certain
bits, it is known as an expansion permutation.
• This operation has two purposes:
• It makes the right half the same size as the key for the XOR operation and
• it provides a longer result that can be compressed during the substitution
operation.
• DES is designed to reach the condition of having every bit of the ciphertext depend on
every bit of the plaintext and every bit of the key as quickly as possible.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption: Block ciphers and Stream ciphers

Block ciphers: Widely used block ciphers
ii. DES
• The following Figure defines the expansion permutation.
32-bit input

48-bit output
• This is sometimes called the E-box.
• For each 4-bit input block, the first and fourth bits each represent two bits of the output
block, while the second and third bits in input block each represent one bit of the
output block.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption: Block ciphers and Stream ciphers

Block ciphers: Widely used block ciphers
ii. DES
• The following Table shows which output positions correspond to which input positions.
Expansion P‐Box table

• For example, the bit in position 3 of the input block moves to position 4 of the output
block, and the bit in position 21 of the input block moves to positions 30 and 32 of the
output block.
• Although the output block is larger than the input block, each input block generates a
unique output block.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption: Block ciphers and Streamciphers

Block ciphers: Widely used block ciphers
ii. DES
The S‐Box Substitution
• After the compressed key is XOR ed with the expanded block, the 48-bit result moves
to a substitution operation.
• The substitutions are performed by eight substitution boxes, or S-boxes.
• Each S-box has a 6-bit input and a 4-bit output, and there are eight different S-boxes.
(The total memory requirement for the eight DES S-boxes is 256 bytes.)
• The 48 bits are divided into eight 6-bit sub-blocks.
• Each separate block is operated on by a separate S-box:
• The first block is operated on by S-box 1, the second block is operated on by
S-box 2, and so on.
• Each S-box is a table of 4 rows and 16 columns.
• Each entry in the box is a 4-bit number.
• The 6 input bits of the S-box specify under which row and column number to look for
the output.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption: Block ciphers and Streamciphers

Block ciphers: Widely used block ciphers
ii. DES
The S‐Box Substitution

• The input bits specify an entry in the S-box in a very particular manner.
• Consider an S-box input of 6 bits, labeled b0, b1, b2, b3, b4 and b5.
• Bits b0 and b5 are combined to form a 2-bit number, from 0 to 3, which
corresponds to a row in thetable.
• The middle 4 bits, b1 through b4 are combined to form a 4- bitnumber, from
0 to 15, which corresponds to acolumn in the table.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption: Block ciphers and Streamciphers

Block ciphers: Widely used block ciphers
ii. DES
The S‐Box Substitution
• We give S-box 1 below, where the input to the S-box is denoted b0, b1, b2, b3, b4, b5.
• The first and last input bits are used to index the row, while the middle four
bits index the column.

• We can rewrite the bits of S-box 1 in hexadecimals:

 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption: Block ciphers and Streamciphers

Block ciphers: Widely used block ciphers
ii. DES
The S‐Box Substitution
• Example:
• Assume that the input to the sixth S-box (i.e., bits 31 through 36 of the XOR
function) is 110011.
• The first and last bits combine to form 11, which corresponds to row 3 of the sixth
S-box.
• The middle 4 bits combine to form 1001, which corresponds to the column 9 of the
same S-box.
• The entry under row 3, column 9 of S-box 6 is 14. (Remember to count rows and
columns from 0 and not from 1.)
• The value 1110 is substituted for110011.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. DES
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. DES
The P‐Box Permutation
• The 32‐bit output of the S-box substitution is permuted according to a P-box.
• This permutation maps each input bit to an output position
• No bits are used twice and no bits are ignored.
• This is called a straight permutation or just a permutation.
•The following Table shows the position to which each bit moves.
Table : P-Box Permutation
16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25

• For example, bit 21 moves to bit 4, while bit 4 moves to bit 31.
• Finally, the result of the P-box permutation is XORed with the left half of the initial 64-
bit data block.
• Then the left and right halves are switched and another round begins.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. DES
The Final Permutation
• The final permutation is the inverse of the initial permutation and is described in the
following Table.
Table: FinalPermutation
40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25

• Note: The left and right halves are not exchanged after the last round of DES; instead
the concatenated block R16L16 is used as the input to the final permutation.
• There‟s nothing going on here; exchanging the halves and shifting around the
permutation would yield exactly the same result.
• This is so that the algorithm can be used to both encrypt and decrypt.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. DES
Decrypting DES
• After all the substitutions, permutations, XORs, and shifting around, you might think
that the decryption algorithm is completely different and just as confusing as the
encryption algorithm.
• On the contrary, the various operations were chosen to produce a very useful property:
The same algorithm works for both encryption and decryption.
• With DES it is possible to use the same function to encrypt or decrypt a block. The only
difference is that the keys must be used in the reverse order.
• That is, if the encryption keys for each round are K1 K2 K3,..., K16 then the
decryption keys are K16 K15 K14, ..., K1.
• The algorithm that generates the key used for each round is circular as well.
• The key shift is a right shift and the number of positions shifted is
0,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. Advanced Encryption Standards (AES)
• The Advanced Encryption Standard (AES) is a specification for the encryption of data
established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
• Originally called Rijndael, the cipher was developed by two Belgian cryptographers,
Joan Daemen and Vincent Rijmen.
• In AES, an algorithm known as Rijndael (pronounced something like “rain doll”)
algorithm was ultimately selected.
• AES has been adopted by the U.S. government and is now used worldwide.
• It is a symmetric-key algorithm that supersedes DES.
• Like DES, the AES is an iterated block cipher.
• Unlike DES, the AES algorithm is not a Feistel cipher.
• The major implication of this is that, in order to decrypt, the AES operations must be
invertible.
• Also unlike DES, the AES algorithm has a highly mathematical structure.
• AES encryption algorithm is referred to as the cipher and the decryption algorithm is
the inverse cipher.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. Advanced Encryption Standards (AES)
• AES is a non-Feistel symmetric block cipher that encrypt and decrypt a data block size
of 128 bits.
• Key lengths can be 128 bits, 192 bits, or 256 bits; called AES-128, AES-192, andAES-256,
respectively.
• AES-128 uses 10 rounds, AES-192 uses 12 rounds, and AES-256 uses 14 rounds.
• However, the round key, which are generated by the key expansion algorithm are
always 128 bits, the same size as plaintext or ciphertext blocks.
• In the figure, Nr defines the number of rounds.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
• The number of round keys generated by the key expansion algorithm is always one
more than the number of rounds. Thus,
Number of round keys=Nr + 1
• We refer to the round as N1, N2, …, Nr.
• AES uses 5 units of measurements to refer to data:
1. Bits: Bit is a binary digit having a value of 0 or 1.
2. Bytes:
• The basic unit for processing in the AES algorithm is a byte, a row matrix (1×8) of 8
bits or a column matrix (8×1) of 8 bits.
• The input, output and Cipher Key bit sequences are processed as arrays of bytes.
• For an input, output or Cipher Key denoted by a, the bytes in the resulting array
will be referenced using one of the two forms, an or a[n], where n will be in one of
the following ranges:
Key length = 128 bits, 0 ≤ n < 16; Block length = 128 bits, 0 ≤ n < 16;
Key length = 192 bits, 0 ≤ n < 24; n ≤ Key length † 8
Key length = 256 bits, 0 ≤ n <32. n=No.if bits in the array of bytes
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
• All byte values in the AES algorithm are presented as the concatenation of its
individualbit values (0 or 1) between braces in the order {b7, b6, b5, b4, b3, b2, b1, b0}.
• These bytes are interpreted as finite field elements using a polynomial representation:
b7 x7 + b6 x6 + b5 x5 + b4 x4 + b3 x3 + b2 x2 + b1 x1+ b 0
• For example, {01100011} identifies the specific finite field element x6 + x5 + x +1.
• Byte values can also be represented using hexadecimal notation with each of two
groups of four bits being denoted by a single character as in the following Figure:
Bit Pattern 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111

Character 0 1 2 3 4 5 6 7 8 9 a b c d e F

•Hence the element {01100011} can be represented as {63}.

Arrays of Bytes:
• Arrays of bytes of a plaintext block will be represented in the following form:
a0 a1 a 2 ...a15
• The bytes and the bit ordering within bytes are derived from the 128-bit input
sequence: input0 input1 input2 … input126 input127
as follows:
a0 = {input0, input1, …, input7}; a1 = {input8, input9, …, input15}; … …
… … … … ; a15 = {input120, input121, …, input127}.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii.AES
iii.Words:
• A word is a group of 32 bits that can be treated as a single entity, a row matrix of 4
bytes, or a column matrix of 4 bytes.
iv. Blocks:
• AES encrypts and decrypts data blocks. A block in AES is a group of 128 bits.
v. States:
• AES algorithm‟s operations are performed on a two-dimensional array of bytes called
the State.
• The State consists of four rows of bytes, each containing Nb bytes,
where Nb = block length † 32.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii.AES
• In the State array denoted by the symbol s, each individual byte has two indices, with
its row number r in the range 0 ≤ r < 4 and its column number c in the range 0 ≤ c < Nb.
• This allows an individual byte of the State array to be referred to as either sr, c or s[r, c].
For this standard, Nb= 4, i.e., 0 ≤ c < 4 .
• At the start of the Cipher and Inverse Cipher, the input array, in – the array of bytes in0,
in1, … in15 – is copied into the State array according to the scheme:
s[r, c] = in[r + 4c] for 0 ≤ r < 4 and 0 ≤ c < Nb
• At the end of the Cipher and Inverse Cipher, the State is copied to the output array out
as follows:
out[r + 4c] = s[r, c] for 0 ≤ r < 4 and 0 ≤ c < Nb
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
The State as an Array of Columns
• The four bytes in each column of the State array form 32-bit words, where the row
number r provides an index for the four bytes within each word.
• The state can hence be interpreted as a one-dimensional array of 32 bit words
(columns), w0,...,w3, where the column number c provides an index into this array.
• For the example in Fig., the State can be considered as an array of four words, as
follows:
w0 = s0,0 s1,0 s2,0 s3,0 w2 = s0,2 s1,2 s2,2 s3,2
w1 = s0,1 s1,1 s2,1 s3,1 w3 = s0,3 s1,3 s2,3 s3,3
Algorithm Specification
• For the AES algorithm, the length of the input block, the output block and the State is
128 bits.
• This is represented by Nb = 4, which reflects the number of 32-bit words in the State.
• For the AES algorithm, the length of the Cipher Key, K, is 128, 192, or 256 bits.
• The key length is represented by Nk = 4, 6, or 8, which reflects the number of 32-bit
words (number ofcolumns) in the Cipher Key.
• Thus Nk is the number of columns in the key
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
• For the AES algorithm, the number of rounds to be performed during the execution of
the algorithm is dependent onthe key size.
• The number of rounds is represented by Nr, where Nr = 10 when Nk = 4, Nr = 12 whenNk
= 6, and Nr = 14 when Nk = 8.
• The Key-Block-Round combinations that conform to AES standard are as follows:
Key Length (Nk words) Block Size (Nb words) Number of Rounds (Nr)
AES-128 4 4 10
AES-192 6 4 12
AES-256 8 4 14
• For both its Cipher and Inverse Cipher, the AES algorithm uses a round function that is
composed of four different byte-oriented transformations:
1. byte substitution using a substitution table (S-box) : SubBytes()
2. shifting rows of the State array by different offsets : ShiftRows()
3. mixing the data within each column of the State array : MixColumns()
4. adding a Round Key to the State : AddRoundKey()
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
AES Encryption:
• At the start of the Cipher, the input is copied to the State array.
• After an initial Round Key addition, the State array is transformed by implementing a
round function 10, 12, or 14 times (depending on the key length), with the final round
differing slightly from the first Nr -1 rounds.
• The final State is then copied to the output.
• The round function is parameterized using a key schedule that consists of a one-
dimensional array of four-byte words derived using the Key Expansion routine.
• In each round, the individual transformations – SubBytes(), ShiftRows(), MixColumns(),
and AddRoundKey(), process the State.
• In Fig. the array w[] contains the key schedule, which is described in the following
section.
• As shown in Figure, all Nr rounds are identical with the exception of the final round,
which does not include the MixColumns()transformation.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
AES Encryption Process
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
AES Encryption and Decryption
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
AES TRANSFORMATION FUNCTIONS:
• For each 4 transformations of AES round,
• a forward algorithm is used for encryption and
• an inverse algorithm is used fordecryption.
i. SubBytes() Transformation
• The forward substitute byte transformation, called SubBytes, is a simple table lookup
• AES defines a matrix of byte values, called an S-box (look‐up table) that contains a
permutation of all possible 256 8-bit values.
• The S-box used in the SubBytes() transformation is presented in hexadecimal form in
Figure.
• Each individual byte of State is mapped into a new byte in the following way:
• The leftmost 4 bits of the byte are used as a row value and the rightmost 4 bits are
used as a column value.
• These row and column values serve as indexes into the S-box to select a unique 8-
bit output value.
• The inverse substitute byte transformation, called InvSubBytes, makes use
of the inverse S-box
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
i. SubBytes() Transformation

• Example:
• If s1,1 = {53}, then the substitution value is the intersection of the row with
index „5‟ and the column with index „3‟ in the following Figure.
• This results in s’1,1 having a value of {ed}.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
i. SubBytes() Transformation
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
ii. Shiftrow transformation
• The ShiftRow operation is a simple cyclic shift of the bytes in each row of the 4 × 4
byte array. This operation is given by

• The ShiftRows step operates on the rows of the state; it cyclically shifts the bytes
in each row by a certain offset.
• For AES, the first row is left unchanged.
• Each byte of the second row is shifted one to the left.
• Similarly, the third and fourth rows are shifted by offsets of two and three
respectively.
• The inverse shift row transformation, called InvShiftRows, performs the circular
shifts in the opposite direction for each of the last three rows, with a 1-byte
circular right shift for the second row, and so on.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
The MixColumns step
• In the MixColumns step, each column of the state is multiplied with a fixed polynomial
c(x).
• The MixColumns function takes four bytes of each column as input and outputs four
bytes, where each input byte affects all four output bytes.
• Together with ShiftRows, MixColumns provides diffusion in the cipher.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
The MixColumns step (contd..)
• During this operation, each column is multiplied by the known matrix that for the 128-
bit key is:
2 3 1 1
1 2 3 1
1 1 2 3
3 1 1 2

• The transformation can be defined by the following matrix multiplication on State:

• In this case, the individual additions and multiplications of the matrix multiplication
are performed in GF(28).
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
The MixColumns step (contd..)
• In GF(28), it follows that multiplication by x = 2, (i.e., 00000010) can be implemented as
a 1-bit left shift followed by a conditional bitwise XOR with (00011011), which
reresents

• To summarize,

• The MixColumns transformation on a single column of State can be expressed as

• The following is an example of MixColumn

 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
The AddRoundKey step

• In the AddRoundKey step, each byte of the state is combined with a byte of the round
subkey using the XOR operation (⊕).
• In the AddRoundKey step, the subkey is combined with the state.
• For each round, a subkey is derived from the main key using Rijndael's key schedule;
each subkey is the same size as the state.
• The subkey is added by combining each byte of the state with the corresponding byte
of the subkey using bitwise XOR.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
Key Expansion
• To create round key for each round, AES uses a key expansion process.
• If the number of round is Nr, the key expansion routine creates Nr + 1 128-bit round key
for one single 128-bit cipher key.
• The 1st round key is used for pre-round transformation (AddRoundKey); and the
remaining round keys are used for the last transformation (AddRoundKey) at the end of
each transformation.
• The key expansion routine creates the round keys word by word, where a word is an
array of four bytes.
• The routine creates 4× (Nr + 1) words that are called
w0, w1, …, w4× (Nr + 1)-1
• Thus, in AES-128 (10 rounds), there are 44 words, in AES-192 (12 rounds), there are 52
words and in AES-256 (14 rounds), there are 60words
• Each round is made of 4 words:
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
Key Expansion inAES-128
• The following figure shows how the 44 words are made from the original key:
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
Key Expansion inAES-128
• The process is as follows:
1. The first four words are (w0, w1, w2, w3) are made from the cipher key. The cipher
is thought of as an array of 16 bytes (k0 to k15). The first four bytes (k0 to k3)
becomes w0, the next four bytes (k4 to k7) becomes w1 and so on.
2. The rest of the words (wi for i = 4 to 43) are made as follows:
i. If (i mod 4) ≠ 0, wi = wi-1 wi-4. Referring to the figure, this means each word is
made from the one at the left and the one at the top
ii. If (i mod 4) = 0, wi = t wi-4. Here t, a temporary word, is the result of
applying two routines SubWord and RotWord on wi-1 and XORing the result
with a round constant RCon. In other words, we have
t = SubWord (RotWord (wi-1 ) Rconi/ 4
RotWord:
• The RotWord (rotate word) routine is similar to ShiftRow transformation, but it is
applied to only one row.
• The routine takes a word as an array of four bytes and shifts each byte to the left
with wrapping.
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
Key Expansion in AES-128(contd…)
SubWord:
• The SubWord (substitute word) routine is similar to the SubByte transformation, but it
is applied to only four bytes.
• The routine takes each byte in the word and substitutes another byte for it.
Round Constants:
• Each round constant, Rcon, is a four byte value in which the right most three bytes are
always zero.
• The following table shows the values for AES-128 version (with 10 rounds):
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
Key Expansion in AES-128(contd…)
Round Constants (contd…)
• The round constant Rcon[j] for round j is defined as
Rconj = (RC[j], 0, 0, 0) with RC[1] = 1 and RC[j] = 2.RC*j-1+
and with multiplication defined over GF (28).
• The values of RC[j ] in hexadecimalare:
 Symmetric-Key/Private Key Encryption

Symmetric‐Key Encryption : Block ciphers and Stream ciphers

Block ciphers : Widely used block ciphers
ii. AES
Key Expansion in AES-128(contd…)
• For example, suppose that the round key for round 8 is
EA D2 73 21 B5 8D BA D2 31 2B F5 60 7F 8D 292F

 Then the first 4 bytes (first column) of the round key for round 9 are calculated as
follows:

• In AES, we noted that AES four functions, ByteSub, ShiftRow, MixColumn, and
AddRoundKey, are invertible.
• As a result, the entire algorithm is invertible, and consequently AES can decrypt as
well as encrypt.
Thank y o u