2.

Cryptographic Algorithms
Main Points:
 Stream ciphers: Feistal Cipher
 Block Cipher: AES, DES
 IDEA, Block Cipher Modes
 Asymmetric Key Cryptography: Deffie-Hellman
 Elgamal Cryptosystem
 Elliptical Curve Cryptography
Block Ciphers
Mechanism
 Fixed Block Size: Block ciphers operate on fixed-size blocks of
data, typically 64 or 128 bits. If the input data is not a multiple of the
block size, padding schemes (like PKCS#7) are used to extend the
data to fit the required size.
 Rounds: Block ciphers typically use multiple rounds of encryption,
where each round consists of several operations, including
substitution (replacing bits with others), permutation (rearranging
bits), and key mixing (combining the data with the round key).
 Modes of Operation: Block ciphers can operate in various modes,
allowing them to process data securely and efficiently. Some
common modes include:
o ECB (Electronic Codebook): The Electronic Code Book (ECB)
in Cryptography is the most basic and weakest version of DES.
At the sender site, plain text messages are split into 64-bit sub-
blocks. This technique encrypts each subblock individually. Two
plaintexts with partially similar sections (such as a letter
header) encrypted with the same key are partially identical
ciphertext portions. ECB is appropriate for encrypting small
messages, but CBC is better suited to encrypting larger ones.
How Does ECB Mode in Cryptography Work?
 The Electronic Code Book (ECB) mode is one of the easiest
and most effective algorithms to use as a simple
replacement technique.
 The input plaintext is divided into blocks and encrypted
separately with the key. This enables the decryption of
each encrypted block independently. Encrypting the same
block twice returns the same ciphertext twice.
 In general, if a message is greater than b bits, it can be
divided into blocks and the process repeated.

o CBC (Cipher Block Chaining): CBC (cipher-block chaining) in

cryptography is an AES block cipher mode that improves the
ECB mode for minimizing patterns in plaintext. CBC mode does
 this by XOR’ing the first plaintext block (B1) with an
initialization vector before encrypting it. CBC also uses block
chaining, in which each following plaintext block is XOR-ed with
the ciphertext of the preceding block.
How Does CBC Mode in Cryptography Work?
 In CBC mode, the current plaintext block is added to the
previous ciphertext block, and using the key. the output is
encrypted Decryption is thus the opposite procedure,
which entails decrypting the current ciphertext and then
adding the preceding ciphertext block to the production.
 The advantage of CBC in Cryptography over ECB is that
altering IV produces a different ciphertext for the same
message. On the downside, the chaining effect causes the
mistake in transmission to spread to a few more blocks
during decryption.
 It’s worth noting that CBC mode provides the foundation
for a well-known data origin authentication scheme. Thus,
it benefits applications that require both symmetric
encryption and data origin authentication.
o CFB (Cipher Feedback): mode transforms a block cipher into
a self-synchronizing stream cipher, allowing for partial block
processing. In this mode, each plaintext segment is XORed with
the previous ciphertext block, which introduces self-
synchronization, meaning if a block is lost, decryption can
continue from the last successful block. However, errors in the
ciphertext affect current and subsequent blocks, and its
performance can be slower than other modes.
o OFB (Output Feedback): mode generates a keystream
independently of the plaintext by repeatedly encrypting an
initial value. This keystream is then XORed with the plaintext to
produce ciphertext. OFB can be parallelized, offers no error
propagation, and allows for flexibility in data processing. Still, it
requires careful IV management to avoid keystream reuse,
which can compromise security.
o CTR (Counter): converts a block cipher into a stream cipher
by encrypting a counter value that is incremented for each
block. This mode allows for high performance and parallel
processing, making it efficient for large datasets and random
access. However, proper counter management is essential to
prevent vulnerabilities, as reusing the counter with the same
key can lead to serious security issues.
Applications
  Data Encryption: Widely used for encrypting files, database
entries, and entire disk volumes.
 Secure Communication: Often employed in protocols like SSL/TLS
for secure web communication.
 VPNs: Frequently used to encrypt traffic in Virtual Private Networks
(VPNs).
Examples
 AES (Advanced Encryption Standard): A widely used block
cipher with key sizes of 128, 192, or 256 bits, known for its security
and efficiency.
 DES (Data Encryption Standard): An older standard that uses a
56-bit key; now considered insecure due to vulnerabilities to brute-
force attacks.
 Blowfish: A fast block cipher that can use variable key lengths up to
448 bits, suitable for applications where speed is critical.

Stream Ciphers
Mechanism
 Bit-by-Bit Processing: Stream ciphers encrypt data one bit (or
byte) at a time. They typically generate a keystream that is XORed
with the plaintext to produce ciphertext.
 Key Stream Generation: The keystream is generated based on the
encryption key and can be derived from various algorithms (e.g.,
linear feedback shift registers (LFSRs), cryptographic functions).
 Simplicity: The operations in stream ciphers are usually simpler
than those in block ciphers, focusing on XOR operations and basic
arithmetic.
Applications
 Real-Time Communication: Ideal for scenarios requiring low
latency, such as voice over IP (VoIP) and video streaming.
 Secure Network Protocols: Used in protocols like WEP (Wired
Equivalent Privacy) and WPA (Wi-Fi Protected Access) for securing
wireless communications.
 Embedded Systems: Often found in resource-constrained
environments where processing power and memory are limited.
Examples
 RC4: A widely used stream cipher known for its simplicity and speed
but has known vulnerabilities.
 A5/1: A stream cipher used in GSM mobile communications, which
has also been found vulnerable to attacks.
 ChaCha20: A modern stream cipher known for its performance and
security, often used in secure communication protocols like TLS.
Key Differences Recap
 1. Data Size:
o Block Ciphers: Encrypt fixed-size blocks (e.g., 128 bits).
o Stream Ciphers: Encrypt continuous streams of data,
processing bit-by-bit or byte-by-byte.
2. Processing Mode:
o Block Ciphers: Requires padding and can work in different
modes to enhance security.
o Stream Ciphers: Processes data as it arrives without needing
padding.
3. Error Propagation:
o Block Ciphers: Errors typically affect only the block where the
error occurred.
o Stream Ciphers: Errors in the stream can affect subsequent
data, potentially altering the entire stream.
4. Performance:
o Block Ciphers: Slower for small messages due to the need to
wait for full block processing.
o Stream Ciphers: Generally faster and more efficient for large
amounts of data or real-time applications.
5. Security Considerations:
o Block Ciphers: Must be used in secure modes to avoid
vulnerabilities like chosen plaintext attacks.
o Stream Ciphers: Vulnerable to key reuse and must ensure
that the keystream is unique for each session.
Feature Block Cipher Stream Cipher
Definition Encrypts data in fixed-size Encrypts data one bit or byte
blocks (e.g., 64 bits, 128 at a time, typically using a
bits). key stream.
Data Processes entire blocks of Processes plaintext as a
Processing plaintext at once, producing continuous stream,
ciphertext blocks of the generating ciphertext in
same size. real-time.
Example AES, DES, IDEA, Blowfish RC4, A5/1, Salsa20,
Algorithms ChaCha20
Mode of Can be used in various Typically does not require
Operation modes (e.g., ECB, CBC, modes, but some variations
CFB, OFB, CTR) to enhance exist (e.g., CFB and OFB can
security and functionality. be seen as stream modes).
Performan Generally slower for small Generally faster for
ce amounts of data due to the processing large amounts of
need to wait for a full block data or real-time data
to process. streams.
Error Errors affect only the block Errors in one byte may affect
Propagati where the error occurred
all subsequent bytes in the
on (unless in certain modes).
stream due to the
continuous nature.
Security Security depends on block Vulnerable to attacks if the
Concerns size and mode of operation; same key stream is used
longer blocks tend to be with different plaintext (key
more secure against certain reuse); proper key
attacks. management is crucial.
Key Often requires fewer key Requires careful key stream
Manageme management operations for management to ensure
nt long messages, as a single security, especially in long
key can encrypt many sessions.
blocks.

Feistal Cipher
Feistel Cipher model is a structure or a design used to develop many
block ciphers such as DES. Feistel cipher may have invertible, non-
invertible and self invertible components in its design. Same encryption
as well as decryption algorithm is used. A separate key is used for each
round. However same round keys are used for encryption as well as
decryption.
Feistel cipher algorithm
 Create a list of all the Plain Text characters.
 Convert the Plain Text to Ascii and then 8-bit binary format.
 Divide the binary Plain Text string into two halves: left half (L1)and
right half (R1)
 Generate a random binary keys (K1 and K2) of length equal to the
half the length of the Plain Text for the two rounds.
First Round of Encryption
 a. Generate function f1 using R1 and K1 as follows:
f1= xor(R1, K1)
 b. Now the new left half(L2) and right half(R2) after round 1 are as
follows:
R2= xor(f1, L1)
L2=R1
Second Round of Encryption
 a. Generate function f2 using R2 and K2 as follows:

f2= xor(R2, K2)

 b. Now the new left half(L3) and right half(R3) after round 2 are as
follows:
R3= xor(f2, L2)
L3=R2
  Concatenation of R3 to L3 is the Cipher Text
 Same algorithm is used for decryption to retrieve the Plain Text from
the Cipher Text.
Examples:
Plain Text is: Hello
Cipher Text: E1!w(
Retrieved Plain Text is: b'Hello'

Plain Text is: Geeks

Cipher Text: O;Q
Retrieved Plain Text is: b'Geeks'

A5/1 Steam cipher

A5/1 is a stream cipher that was primarily used for encrypting voice
communication in the GSM (Global System for Mobile Communications)
mobile standard. Here’s a comprehensive overview of A5/1, including its
design, functionality, security, and vulnerabilities.
1. Overview
 Purpose: A5/1 is designed to provide confidentiality for mobile
communications in GSM networks, ensuring that voice calls and data
transmissions remain secure.
 Standardization: It is one of the four A5 encryption algorithms
specified for GSM, the others being A5/2, A5/3, and A5/4.
2. Structure
 Stream Cipher: A5/1 generates a keystream that is XORed with the
plaintext (the original voice data) to produce ciphertext.
 LFSRs: The core of the A5/1 algorithm is based on Linear Feedback
Shift Registers (LFSRs), which are simple shift registers with
feedback that are commonly used in cryptographic algorithms.
Key Components
1. Registers: A5/1 uses three LFSRs of different lengths:
o R1: 19 bits
o R2: 22 bits
o R3: 23 bits
2. Initial Key: The algorithm accepts a 64-bit key and a 22-bit
initialization vector (IV), which ensures that the same key can
produce different ciphertexts.
3. Feedback Function: Each LFSR has a polynomial defining its
feedback mechanism, and they are combined to produce the
keystream.
3. Encryption Process
1. Initialization: The key and IV are loaded into the LFSRs.
 2. Keystream Generation: The LFSRs are clocked to produce bits of
the keystream:
o The output bit is generated based on the state of the three
LFSRs.
o The LFSRs are clocked based on certain conditions, which
depend on the states of the other LFSRs.

Ciphertext=Plaintext ⊕
o XOR Operation: The keystream is XORed with the plaintext to
produce ciphertext:
Keystream
4. Security Properties
 Confidentiality: A5/1 is designed to provide a secure method for
protecting the contents of GSM calls.
 Key Length: The 64-bit key length was considered secure at the
time of its design. However, it is now deemed weak against modern
computational power.
5. Vulnerabilities
 Brute Force Attacks: The 64-bit key length makes A5/1 vulnerable
to brute-force attacks. In 2009, researchers demonstrated that it was
possible to break A5/1 in real-time using dedicated hardware.
 Weaknesses in LFSR: The design of A5/1, relying solely on LFSRs,
is susceptible to various cryptanalytic attacks, including:
o Known-Plaintext Attacks: If an attacker knows a portion of
the plaintext, they can recover the keystream and thus the
encryption key.
o Statistical Attacks: Patterns in the keystream can be
exploited to break the cipher.
 Legacy Concerns: As technology has advanced, A5/1 has been
considered insecure, leading to the adoption of stronger algorithms
in newer mobile communications standards.
6. Current Status and Alternatives
 Replacement: Due to its vulnerabilities, A5/1 has been largely
replaced by more secure algorithms like A5/3 (which uses the
Kasumi block cipher) in modern mobile networks.
 GSM Security: While A5/1 was a step forward in mobile
communication security during its inception, the industry has moved
towards stronger encryption methods to ensure confidentiality in
voice and data transmissions.
Advanced Encrypted Standard (AES)
Advanced Encryption Standard (AES) is a highly trusted encryption
algorithm used to secure data by converting it into an unreadable
format without the proper key. Developed by the National Institute of
Standards and Technology (NIST), AES encryption uses various key
lengths (128, 192, or 256 bits) to provide strong protection against
unauthorized access. This data security measure is efficient and widely
implemented in securing internet communication,
protecting sensitive data, and encrypting files. AES, a cornerstone of
modern cryptography, is recognized globally for its ability to keep
information safe from cyber threats.
Points to Remember
 AES is a Block Cipher.
 The key size can be 128/192/256 bits.
 Encrypts data in blocks of 128 bits each.
That means it takes 128 bits as input and outputs 128 bits of encrypted
cipher text. AES relies on the substitution-permutation network principle,
which is performed using a series of linked operations that involve
replacing and shuffling the input data.
Working of The Cipher
AES performs operations on bytes of data rather than in bits. Since the
block size is 128 bits, the cipher processes 128 bits (or 16 bytes) of the
input data at a time.
The number of rounds depends on the key length as follows :
 128-bit key – 10 rounds
 192-bit key – 12 rounds
 256-bit key – 14 rounds
Creation of Round Keys
A Key Schedule algorithm calculates all the round keys from the key. So
the initial key is used to create many different round keys which will be
used in the corresponding round of the encryption.

AES considers each block as a 16-byte (4 byte x 4 byte = 128 ) grid in a

column-major arrangement.

Each round comprises of 4 steps :

 SubBytes
 ShiftRows
 MixColumns
 Add Round Key
The last round doesn’t have the MixColumns round.
The SubBytes does the substitution and ShiftRows and MixColumns
perform the permutation in the algorithm.
Sub Bytes
This step implements the substitution.
In this step, each byte is substituted by another byte. It is performed
using a lookup table also called the S-box. This substitution is done in a
way that a byte is never substituted by itself and also not substituted by
another byte which is a compliment of the current byte. The result of this
step is a 16-byte (4 x 4 ) matrix like before.
The next two steps implement the permutation.
Shift Rows
This step is just as it sounds. Each row is shifted a particular number of
times.
 The first row is not shifted
 The second row is shifted once to the left.
 The third row is shifted twice to the left.
 The fourth row is shifted thrice to the left.
(A left circular shift is performed.)

Mix Columns
This step is a matrix multiplication. Each column is multiplied with a
specific matrix and thus the position of each byte in the column is
changed as a result.
This step is skipped in the last round.

Add Round Keys

Now the resultant output of the previous stage is XOR-ed with the
corresponding round key. Here, the 16 bytes are not considered as a grid
but just as 128 bits of data.
After all these rounds 128 bits of encrypted data are given back as
output. This process is repeated until all the data to be encrypted
undergoes this process.
Decryption
The stages in the rounds can be easily undone as these stages have an
opposite to it which when performed reverts the changes. Each 128
blocks goes through the 10,12 or 14 rounds depending on the key size.
The stages of each round of decryption are as follows :
 Add round key
 Inverse MixColumns
 ShiftRows
 Inverse SubByte
The decryption process is the encryption process done in reverse so I will
explain the steps with notable differences.
Inverse MixColumns
This step is similar to the Mix Columns step in encryption but differs in
the matrix used to carry out the operation.
Mix Columns Operation each column is mixed independent of the other.
Matrix multiplication is used. The output of this step is the matrix
multiplication of the old values and a constant matrix

Inverse SubBytes
Inverse S-box is used as a lookup table and using which the bytes are
substituted during decryption.
Function Substitute performs a byte substitution on each byte of the input
word. For this purpose, it uses an S-box.