5 Stream ciphers and block ciphers, Feistel cipher

Hiteishi Diwanji

epgp books

Stream Ciphers:

  • Stream cipher takes one bit or one byte at a time from digital data and encrypts.
  • Vernam cipher is an example of stream cipher.
  • pi = ith digit from binary form of plaintext, Ki = ith digit from binary form of key, ci = ith digit from binary form of ciphertext
  • Å = exclusive – or (XOR) operation
  • pi=ci Å ki

Block Cipher:

  • Block of plaintext is taken at a time and ciphertext block is produced.
  • The block is of 64 bits or 128 bits.
  • The block cipher processes n bits from the plaintext block to produce n bits of a ciphertext block.

Problem with Feistel – Ideal block cipher:

 

  • Ideal block cipher is like substitution cipher.
  • As the block size is small, Vulnerable to statistical analysis.
  • For large block size , ideal block building implementation and ideal block storing is infeasible.
  • For 4 bits, 16 rows are needed. Required length of key is 64 bits (4 bits of16 rows). For n bits, nx2n bits.
  • To prevent statistical attacks, block length must be 64 bits. So requires 64×264 bits.
    • Block cipher having k bits in key and n bits in a block. So 2k possible transformations not 2n!.Feistel Cipher:
    • Feistel suggested to use substitution and permutation alternatively to produce ciphertext.
  • Substitution- Each plaintext element is replaced by a corresponding element. Replacement is unique.
  • Permutation -The order of plaintext element is changed.

Feistel cipher suggests confusion and diffusion. – to suppress statistical cryptanalysis:

 

  • Diffusion

One plaintext digit affects in deriving the value of several ciphertext digit. Message M=m1m2m3…. k consecutive letters are added to derive the letter of ciphertext yn

 

k

yn  = (åmn+i ) mod 26

i=1

 

Statistical relation between plaintext and ciphertext is intricate and it is tricky to derive key.

 

·  Confusion

 

The statistical relationship between ciphertext and encryption key is so complex that it is difficult to derive key.

 

Confusion is created by applying substitution algorithm in complex way.

Input : plaintext block (2w bits length), Key K

 

Procedure

 

  1. 1. Divide Plaintext block to create two blocks of equal length, LE0 and RE0.
  2. Perform n rounds, to get the ciphertext block.

Each round is denoted by I having inputs LEi-1 and REi-1 generated

by the preceding round.

Subkey Ki is derived from overall K.

 

Round function F is applied to the right half REi-I , take output and exclusive – OR with left half and substitute for the right half of REi. LEi will be substituted with REi-1.

 

LEi = REi-I

 

REi= LEi-1  Å F(REi-I , Ki)

  1. Output of the nth round LEn || REn
  2. Permutation is performed by interchanging two halves of the data and combined. REn ||

LEn

 

Strength of Feistel network:

 

Strength depends on following parameters.

  • Block size – Larger block more security
  • Key size – Larger key size more security
  • Number of rounds – More rounds more security
  • Subkey generation algorithm – complex algorithm- difficult for cryptanalysis to generate key
  • Round function F – complex function , greater resistance to cryptanalysis.

 

Feistel Cipher Structure – Decryption:

 

Input : ciphertext block of length 2w bits

Key : subkey Ki in reverse order.

Assuming 16 rounds are performed.

LDi = RDi-1

 

RDi = LDi-1 Å F(RDi-1, Ki)

 

Design of Block Cipher:

  1. Number of Rounds –

More number of rounds, difficult for cryptanalytic attack.

 

Even if function F is easy to break, more number of rounds make cipher strength high. 2. Function F design

F adds confusion. F must be difficult to evaluate through linear equations.

F must produce avalanche effect. One bit change produces change in several bits.

 

F must follow bit independence criteria. Bit i is flipped for any i,j,k then output bit j and k should be changed independently.

  1. Key generation

Generate one subkey for each round.

Subkeys should be derived in such way that individual subkeys cannnot be

determined.

From the subkey, one should not be able to derive main key.

you can view video on Stream ciphers and block ciphers, Feistel cipher

Suggested Reading:

 

  1. Cryptography and Network Security Principles and Practice by William Stallings, sixth Edition, PEARSON.
  2. Security in Computing by Charles Pfleeger & Shari Lawrence Pfleeger, fourth Edition, PEARSON.
  3. Network Security by Charlie Kaufman, Radia Perlman, Mike Speciner, second Edition, PHI.
  4. The Complete Reference – Network Security by Roberta Bragg, Mark Rhodes-Ousley & Keith Strassberg, Tata McGraw Hill
  5. Network Security Bible by Eric Cole, Ronald Krutz, James Conley, Wiley
  6. Hacking 6 Exposed by Stuart McClure, Joel Scambray & George Kurtz , Tata McGraw Hill .
  7. www.snort.org

https://nmap.org