Chapter 3  Symmetric key crypto

Problems solved for chapter 3: 3,4,5,7,9,10,11,12,16,30,33

Stream Ciphers:  A5/1 GSM cell phones,  RC4  SSL.   LIKE A ONE-TIME PAD, used in wireless communication due to a single bit error will only cause a single plaintext bit to be garbled.

Takes a key of n bits in length and stretches it into a long keystream.  The keystream is then XORed with the plaintext P to produce ciphertext C.


bulletFor GSM, hardware
bulletProduces only one single key stream bit

RC 4:

bulletFor SSL, software and WEP in wireless
bulletProduces a key stream byte at each step

  An IV chosen at random is less secure than an IV selected in sequence.

  To decrypt with a stream cipher, the same keystream is generated and XORed with the ciphertext.


The use of the keystream is IDENTICAL to the use of the key in a one-time pad cipher.

Not probable secure in the sense of the one-time pad.


Block Ciphers:  Concern:  cut-and-paste attack and single bit errors causing two blocks to be garbled.
bulletFeistel Cipher
bullet DES Is a Feistel Cipher with 16 rounds, 56 bit key length
bulletTriple DES
bullet AES 3 block sizes 128, 192 and 256. Each round has 4 functions. ByteSub, ShiftRow, MixColumn, AddRoundKey
bullet TEA
bullet BASED ON THE PRINCIPLE OF A CODE BOOK  confusion and diffusion
bulletMAC is made by encrypting the data in CBC mode, discard all the blocks except the last one, which is the MAC.  A change will affect all the blocks using MAC.






Non linear                   1. ByteSub, 3. MixColumn    Confusion


Linear mixing              2. ShiftRow                         Diffusion


Key addition                4. AddRoundKey                 Confusion


  All are invertible, the whole algorithm is invertible, consequently AES can decrypt as well as encrypt.


  Confusion:  Obscure the relationship between plaintext and ciphertext.

  Diffusion:    Spread the plaintext statisticts through the ciphertext.




 Is a general cipher design principle, not a specific cipher.  The plaintext is split into two halves. 


 Li = Ri-1

 Ri = Li-1 XOR F(Ri-1, Ki)


 F is the round function


 A Feistel cipher you can decrypt regardless of the round function.




Tiny Encryption Algorithm


Uses a 64 bit block length and a 128-bit key.  All matematical operations use 232, arcitecture with 32-bit words.


Very simple round function


Needs seperate encryption and decryption


Almost a Feistel since it subtracts when decrypting


Is not a Feistel since it  uses addiction instead of XOR when encrypting




A block cipher splits the plaintext into fixed blocks and generates fixed sized blocks of ciphertext.

The ciphertext is obtained from the plaintext by iterating a function F over some number of rounds.

F is known as the round function because it depends on the output of the previous round and the key K.

For a fixed key K a block cipher is a codebook, since it creates a fixed mapping between plaintext and ciphertext.


Block cipher modes:

How should multiple blocks be encrypted?  Or a partial block?

ECB (electronic code book)  The blocks are changed, but the blocks are at the same place.  For a fixed key K, a block cipher is a codebook.

Security problems:  There are cases where an attacker would know part of the text and then it would be easy to find the key since you see the cipher text with the plaintext.

CBC (cipher block chaining) 


The cipher text from one block is used to obscure the plaintext of the next block before encryption.


Identical plaintext will not yield identical ciphertext. 


Initialization Vector (IV) need not be secret, but is usually randomly generated by the sender.  Is only used with the first block.


Problem using CBC where you get a lot of transmission errors like in wireless.  The whole block is useless. 


Cut and paste attacks are also a problem with block cipher.

CTR (counter)  Block cipher into a stream cipher .


Stream cipher is better for wireless due to only a single bit gets affected by transmission errors.


Also use Initialization Vector (IV)


Used when Random Access is required



MAC (message authentication code) uses block cipher to ensure data integrity.  It encrypts data in CBC mode, discards all ciphertext blocks except the final block, which is the MAC. Plaintext and MAC is sent together.

The encryption and the decryption key must be different, but they can be related in a known way.