Cryptography (Classic) Course Notes PDF

Summary

This document is a course on cryptography, covering symmetric encryption algorithms. It discusses 2DES, 3DES, Blowfish, RC4, and DES. The content is from King Khalid University in Saudi Arabia.

Full Transcript

Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Course

Cryptography (Classic & Modern)

https://www.tutorialspoint.com/cryptography/
cryptography_need_for_encryption.htm

College of Computer Science,
King Khaled University 'KKU', KSA
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

CHAPTER 3-3 : Symmetric Cryptography, 2DES, 3DES, Blowfish, RC4,...

DES Needs for Replacement; 2DES, 3DES, Blowfish, RC4
 Essential DES Replacements:
o 2DES
o 3DES
o Blowfish
o RC4

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

 Clear replacement for DES was needed:

DES Needs
 have theoretical attacks that can break it;
for  have demonstrated exhaustive key search attacks.
Replacement  Alternative: Triple-DES – but slow.
 US NIST issued call for ciphers in 1997;
 (15) candidates accepted in Jun 98;
 (05) were shortlisted in Aug-99;
 Rijndael was selected as the AES in Oct-2000

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

 Clear replacement for DES was needed:
DES Needs  Alternative: Multiple Encryption with the Basis of DES
for
Replacement
 Alternative: Double-DES – but slow.
 Alternative: Triple-DES – but slow.
 Blowfish Block Cipher was also an altenative;
 RC4 as a Stream Cipher was also an altenative;
 Rijndael was selected as the AES in Oct-2000

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA
Symmetric encryption
algorithms

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA
Symmetric encryption
algorithms
Algorithm Type Key Size Features
DES Block Cipher 56 bits Most Common, Not strong enough

DoubleDES Block Cipher 168 bits Multiple of DES,
(112 effective) Adequate Security
TripleDES
Blowfish Block Cipher Variable Excellent Security
(Up to 448 bits)

RC4 Stream Cipher Variable Fast Stream Cipher, Used in most
(40 or 128 bits) SSL implementations

AES Block Cipher Variable Replacement for DES,
(128, 192, 256 bits) Excellent Security

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA
Symmetric encryption
algorithms
 DES (Data Encryption Standard) − An older encryption method which is less
secure than AES but still used in some legacy systems.
 (2DES ; 3DES) − More secure version of DES; applies DES algorithm two ; three
times.
 Blowfish − Symmetric-key block cipher, known for its fast encryption and flexibility.
 (RC4) Rivest Cipher 4 − Previously it was widely used, but now considered insecure
because of its vulnerabilities.
 AES (Advanced Encryption Standard) − Mainly used for securing sensitive data,
like government information.

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

CHAPTER 3-3 : Symmetric Cryptography, 2DES, 3DES, Blowfish, RC4,...

 Revision : DES Principle in Symmetric Cryptography

 DES Needs for Replacement; 2DES, 3DES, Blowfish, RC4

 Essential DES Replacements:
o 2DES
o 3DES
o Blowfish
o RC4

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Symmetric Encryption
algorithms
Transition to Multiple DES Encryption
algorithms :

 Double DES ‘2DES’
 Triple DES ‘3DES’
 Blowfish

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Transition to
Double-DES
Double DES uses two keys,
k1 and k2. For it to obtain
the encrypted text,

it can apply DES to the
original plaintext using k1.

With a different key, k2, it
can apply DES to the
encrypted text this time.

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

ansition to Double-DES
Advantages Disadvantages
Vulnerable to Meet-in-the-Middle Attack −
Enhanced Security − By doubling the length of Attacker intercepting the ciphertext and trying
the key, Double DES improves the security of every key for the first encryption and
DES and makes it more difficult for attackers to decryption phases... The effective key length
decrypt encrypted data via brute-force attacks. decreases to 112 bits, significantly weakening
the theoretical 168-bit key length.
Compatibility with Current Systems −
Double DES can be implemented with current Performance Overhead − Because double
DES hardware and software, making it a simple DES encryption takes more time and
option for businesses who currently use DES. computing power than single DES encryption, it
may have a performance overhead.
Widely Studied − Due to the in-depth study
and analysis that DES has received over the Limited Key Length − relatively limited key
years, double DES can be applied and length (112 effective bits after calculating for
understood with the help of a variety of the meet-in-the-middle attack). This may not
information and resources. be enough for handling sophisticated attacks.

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Symmetric Encryption
algorithms
Transition to Multiple DES Encryption
algorithms :

 Double DES ‘2DES’
 Triple DES ‘3DES’
 Blowfish

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

ansition to Triple-DES – 3DES
Advances in cryptanalysis and
electronics have made key
length 56 a problem for DES.
The key is found in a few hours
from a known plaintext by doing
brute force.
3-DES (Triple DES) was
launched as a new standard in
1999.
Uses 2 or 3 keys.
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

ansition to Triple-DES – 3DES
There are several types of triple DES
encryptions:
DES-EEE3
(03) three different keys for Encryption,
Data are Encrypted, Encrypted, Encrypted.
DES-EDE3
(03) three different keys for Encryption,
Data are Encrypted, Decrypted, and Encrypted.
DES-EEE2
The same as DES-EEE3 but uses only two keys,
1st and 3rd Encryption processes; the same key.
DES-EDE2
The same as DES-EDE3 but uses only two keys, 1st
and 3rd Encryption processes; the same key.

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

ansition to Triple-DES – 3DES
There are several types of triple DES
encryptions:
DES-EEE3 : (03) different keys for Encryption,
C = EK3(EK2(EK1(P)))
DES-EDE3 : (03) different keys for Encryption,
C = EK3(DK2(EK1(P)))
DES-EEE2 : uses only two keys,
C = EK1(DK2(EK1(P)))
DES-EDE2 : only two keys,
C = EK1(DK2(EK1(P)))
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

ransition to Triple-DES Disadvantages
Advantages  The slower speed of 3DES compared to
 As compared to the triple-layered recent encryption methods like AES
encryption to the original DES, security decreases processing efficiency.
is enhanced.
 Even while 3DES is more powerful than
 3DES allows for smooth migrations
DES, its efficient key length is limited,
through preserving connectivity with
especially if three 56-bit keys are used.
current DES implementations.
 By setting each of all three keys to the
 In scenarios with limited resources,
same value, 3DES can be used for a triple encryption reduces performance
single DES with respect to backward because it needs more computing
compatibility. power.

 3DES is widely used and integrated with  3DES has a lower security margin than
a wide range of hardware, protocols, and more recent encryption methods like
applications. AES, but being more secure than DES.

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Symmetric Encryption
algorithms
Transition to Multiple DES Encryption
algorithms :

 Double DES ‘2DES’
 Triple DES ‘3DES’
 Blowfish

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Blowfish Symmetric-key Block Cipher
Frequently used for password hashing, VPNs, and file encryption.
Since its introduction in 1993, this encryption method has gained popularity due
to its effective encryption and decryption operations.
However, more recent, more secure algorithms like AES are gradually taking the
place of Blowfish.
Blowfish is a 64-bit block cipher that uses symmetric encryption and a key that
can be up to 448 bits long.
It was created in 1993 by Bruce Schneier to replace the outdated Data
Encryption Standard (DES) and International Data Encryption Algorithm (IDEA)
encryption methods.
Though its popularity has decreased recently, blowfish is well known for its ease
of use and efficiency. It is being replaced by more recent, stronger encryption
methods like the Advanced Encryption Standard (AES).

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Features of Blowfish
Some of the main features of the Blowfish algorithm are as follows −

 Block Cipher − Data in Blowfish is encrypted using a block cipher technique
using symmetric keys, resulting in 64-bit blocks of encryption.

 Symmetric key algorithm − The Blowfish approach encrypts and decrypts
data with the same symmetric encryption key.

 Different length keys − Blowfish offers key lengths ranging from 32 bits to 448
bits. The longer the key, more secure the data. However, processing longer keys
usually requires more resources and time.

 Feistel Code − The Feistel cipher development divides the plaintext in half and
jumbles each half independently using a sequence of mathematical operations.

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

An x (S firs h an
bo rted eac
Blowfish

sta tries

SP -bo t. T d e
en
Symmetric-key

ne x) a her ight
tw
Block Cipher

or nd p are P-ar
k
is erm fou rays
us
e

ed utat r 32 with
by ion -bit 32
Blo bo S-b -bit
wfi x ( ox su
sh P-b es bke
;t
he x )
su mu 256
o
bs s t
tit
wi

ut b e
t h ys.

ion
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Steps of Blowfish
 Step 1 − Dividing the 64-bit plaintext into two equal blocks, L and R, each containing 32
bits.

 Step 2 − The following actions are taken in each of the 16 encryption cycles that we begin in
the following step −
o Now, the L and the first member of the P-array (P1) are XORed.
o Then XOR R with F, where F is a function of L and uses the four blocks that make up the S-
box. Below is a summary of function F in entirety.
o The next iteration of the loop starts once L and R are switched.

 Step 3 − L and R are switched again after the loop is completed.

 Step 4 − XOR R with P17 and L with P18 to get the final two unused P-box entries (P17 &
P18).

 Step 5: The cipher text is obtained by combining L and R in the final step.

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Here, an in-depth Description of Blowfish Encryption technique −
 Key expansion − Initial component that Blowfish uses is a secret key, which can
be between 32 and 448 bits long. The encryption key is then generated and
extended using the P-array and S-boxes precomputation to generate several
subkeys.

 Subkeys Generation − The 64-bit blocks that define the stretched-out key are
divided into two 32-bit chunks. These components are joined with a few
predetermined values to create a new set of subkeys.

 Data Encryption − This is when the exciting part starts. These two 32-bit
segments are sixteen times encrypted. Every round involves a set of transpositions
and replacements (XOR operations, additions, and lookups in the S-boxes).

 After processing − The 32-bit scrambled bits are reconstructed to form 64-bit
ciphertext blocks after 16 rounds.
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Example: Suppose that the words "Hi world" will be encrypted using Blowfish. Steps are :

 Input "Hi world" is initially made up of 64 bits (8bytes), seven letters plus one space.
 The Left 32 bits, or "Hi w," are XORed with P1 to produce P1, the product of key expansion.
 Following that, P1 separates the 32 bits into 4 bytes and sends them to each of the four S-
boxes using a transformative F-function (F In).
 The third value from the third S-box is XORed with the first two values from the first two S-
boxes added to each other.
 32 bits are produced as the output when this result is added to the fourth S-box's output.
 To create output F1', the output of F In is XORed with the correct 32 bits of the input
message, "orld".
 The left half of the message is then replaced with F1', and the right half with P1'.
 For a total of 16 rounds, the same process will be carried out for each of the P-array
members that follow.
 The final two elements of the P-array, P17 and P18, are XORed with the outputs P16' and F16'
following 16 rounds. After that, they are once again combined to create the input message's
64-bit ciphertext.

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Advantages of Blowfish Disadvantages of Blowfish
One of the fastest block ciphers currently in There are a few disadvantages to using
use, still in high demand over thirty years Blowfish for encryption, including: −
 Considerably less time-consuming and  Changing the key will change the speed.
more effective than the DES and IDEA.
 Unpatented and open to be utilised by  It takes a long time to complete the
anybody, even without authorization. primary routine.
 Microprocessors handle data encryption
process efficiently, even with its intricate
 Due to its short 64-bit block size, the
initialization step prior to encryption. technique is vulnerable to birthday
attacks, a kind of brute-force attack.
 Offers a high level of security for Java-
developed programmes and apps. Preprocessing for each new key requires 4
 Allows for safe user authentication for KB of text, which slows it down and makes it
remote access and secure access for unusable for various purposes.
backup tools.

AlMokhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at Kin
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Symmetric Encryption
algorithms

Transition to RC4 Encryption algorithms :
Now, one Stream Cipher Encryption

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Rivest Cypher 4 (Stream Cipher)

Referred to as RC4, Stream cipher was created in 1987 by Ron Rivest.
 RC4 encrypts data bit by bit because it is a stream cipher.
 From all the stream ciphers, RC4 is the one that is used the most because of its
simplicity and speed.
 Although RC4 is renowned for its speed and ease of use in software, it has been
discovered to have a number of vulnerabilities that make it insecure.
 It is highly vulnerable if the output keystream's beginning is not removed or if
linked or non-random keys are used.
 Use of RC4 has resulted to the creation of somewhat insecure protocols like WEP.
 In 2015, there were rumours circulating that certain state cryptologic
organisations may break RC4, if it was used in the TLS protocol.
 The Internet Engineering Task Force's RFC 7465 forbids using RC4 in TLS, and
Mozilla and Microsoft have made recommendations along these lines.
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Rivest Cypher 4 (Stream Cipher STRUCTURE)
Process message bit by bit (as a
stream)
Have a pseudo random
keystream
Combined (XOR) with plaintext bit
by bit
Randomness of stream key
completely destroys statistically
properties in message
Ci = Mi XOR StreamKeyi

But must never reuse stream key
otherwise can recover
messages (cf book cipher)
okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

Advantages of RC4 Disadvantages of RC4
 RC4 is a very fast and efficient encryption  Not appropriate for new applications because
method, making it appropriate for use in of a number of tracked vulnerabilities. Key
scenarios where these qualities are can be recovered by taking advantage of a
important. bias present in first few bytes of keystream.
 As RC4 is a somewhat basic algorithm, it  Unlike to other encryption algorithms like AES
can be simply implemented in hardware or ChaCha20, RC4 is less secure because of
or software. some built-in vulnerabilities…

 RC4 is dynamic and adaptive to meet a  The 2048 bit maximum key length for RC4
range of security needs because it allows may not be enough for some applications
different key sizes. that demand a higher level of encryption.

 RC4 is widely used in many different  It is no longer suggested to use RC4 in new
applications, like file encryption, virtual apps because of its vulnerabilities and flaws.
private networks (VPN), secure sockets Instead, AES-CTR or ChaCha20, two more
layer (SSL), and wireless networks. secure stream cipher algorithms…

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

RC4 and WEP
To protect wireless networks, a security mechanism known as WEP
(Wired Equivalent Privacy) is used.
It was developed with privacy and security features similar to those
of a wired network.
WEP was fully used in the early days of Wi-Fi, but it has several
known vulnerabilities that make it incredibly easy to compromise.

These weaknesses include a weak key scheduling mechanism (based
on RC4), short initialization vectors (IVs), and a lack of key
management tools.

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh
 Cryptography (Classic) College of Computer Science ; King Khalid University ; KKU - KSA

RC4 and WEP, the continuation…

Data is first encrypted using the RC4 technique in WEP before being
sent over a wireless network.
Because of weaknesses in the WEP protocol, network security can be
compromised by many kinds of attacks, like the Fluhrer-Mantin-
Shamir (FMS) and KoreK attacks, which can retrieve the WEP key.
WEP was a robust stream cipher, but implementation of RC4
introduced issues.
For this reason, more secure encryption protocols like WPA (Wi-Fi
Protected Access) and WPA2 eventually took the place of WEP.

okhtar BEN HMIDA, Dr. & Full Professor, Head of ATMS Lab, Expert in Signal Processing , CS College at King Kh