# CMP 5006 - Information Security 


## Symmetric Encryption


### Alejandro Proano, PhD. 

## Symmetric Cryptography

- Shared Secret Key
- Encryption and Decryption Process
- Single Key for Both Operations
- Confidentiality Mechanism


##  Security Challenges
- Key Distribution
- Key Management
- Brute Force Attacks
- Side-Channel Attacks
- Computational Complexity


## Performance Considerations
- Speed of Encryption/Decryption
- Hardware Acceleration
- Computational Overhead
- Memory Requirements


## Practical Applications
- Disk Encryption
- Network Security
- Communication Protocols
- Database Protection
- Secure Communication Channels


## Types of Symmetric Encryption
- Block Ciphers
- Stream Ciphers
- Modes of Operation
- Key Length Variations


## Examples of Symmetric Cryptographic Algorithms

1. **Data Encryption Standard (DES)**: DES is a symmetric encryption algorithm that uses a 56-bit key. It was widely used in the past but is now considered insecure due to its small key size.

2. **Advanced Encryption Standard (AES)**: AES is a symmetric encryption algorithm that replaced DES. It supports key sizes of 128, 192, and 256 bits, making it more secure than DES.

3. **Triple Data Encryption Standard (3DES)**: 3DES is a symmetric encryption algorithm that applies DES three times with different keys. It provides a higher level of security than DES but is slower due to the multiple encryption rounds.


## Block Cipher Architecture
- Data Transformation
- Round Functions
- Substitution and Permutation

## Substitution-Permutation Networks

- Block ciphers are symmetric encryption algorithms that operate on fixed-size blocks of data. 
- They divide the input data into blocks of a fixed length and apply a series of transformations to each block. 
- One common approach to designing block ciphers is using Substitution-Permutation Networks (SPN).

## Substitution
- The substitution step in an SPN involves replacing each element of the input block with another element from a predefined substitution table. 
- This table, known as an S-box, maps each possible input value to a corresponding output value. 
- The S-box is typically designed to be highly nonlinear, providing confusion and making it difficult for an attacker to deduce the original input.

## Permutation
- After the substitution step, the permutation step rearranges the elements of the block according to a predefined permutation table. 
- This step provides diffusion, spreading the influence of each input bit across the entire block. 
- The permutation table ensures that each bit in the output block depends on multiple bits from the input block, increasing the complexity of the encryption process.

## Key Expansion
- To enhance the security of block ciphers, a key expansion algorithm is used to generate a set of round keys from the original encryption key. 
- Each round key is used in the encryption process to modify the input block. 
- The key expansion algorithm ensures that each round key is unique and independent of the original key, making it harder for an attacker to recover the key.

## Rounds
- The encryption process in block ciphers is typically performed in multiple rounds. 
- Each round consists of a combination of substitution, permutation, and key mixing operations. 
- The number of rounds depends on the specific block cipher algorithm and the desired level of security. 
- More rounds generally provide stronger encryption but also increase the computational overhead.

## Data Encryption Standard (DES)

## History
- DES is an outdated symmetric key method of data encryption.
- It was adopted in 1977 for government agencies to protect sensitive data and was officially retired in 2005.
- IBM researchers originally designed the standard in the early 1970s.
- DES was the first encryption algorithm the U.S. government approved for public disclosure.
- Quickly adopted by industries, such as financial services, that needed strong encryption.

## Features

- **Block cipher:** The DES is a block cipher,in which the cryptographic key and algorithm are applied to a block of data simultaneously rather than one bit at a time. Block size for DES is 64-bit. Each block is encrypted using the secret key into a 64-bit ciphertext by means of permutation and substitution.
- **Several rounds of encryption:** The DES process involves encrypting 16 times. It can run in four different modes, encrypting blocks individually or making each cipher block dependent on all the previous blocks. Decryption is simply the inverse of encryption, following the same steps but reversing the order in which the keys are applied.
- **64-bit key:** The DES uses a 64-bit key, but 8 of those bits are used for parity checks. The effective key length is only 56 bits. The encryption algorithm generates 16 different 48-bit subkeys, one for each of the 16 encryption rounds. Subkeys are generated by selecting and permuting parts of the key.
- **Substitution and permutation:** The algorithm defines sequences of substitution and permutation that the ciphertext undergoes during the encryption process.

## Steps 

![](./images/des.png)

## DES round

![](./images/des-round.png)

## DES function

![](./images/des-function.png)


## Problems with DES

- The effective DES key length of 56 bits 
- It would require a maximum of $2^{56}$
- This is not enough to protect data with DES against brute-force attempts with modern computers
- There have always been suspicions that interference from the NSA weakened the original algorithm

In [14]:
2**48 * 10**(-9) / (64*3600)

1.2216795864177779

In [11]:
2**128 * 10**(-9) / (2048*3600*24*365)

5.268692905666999e+18

In [None]:
~10**8

## Linear Cryptanalysis


- Linear cryptanalysis is a type of cryptanalytic attack
- Developed by Mitsuru Matsui in 1993
- Primarily used against block ciphers


## Basic Concept

- Analyzes linear approximations of cipher behavior
- Exploits statistical correlations between plaintext, ciphertext, and key bits


## How it Works

1. Find effective linear approximations
2. Gather plaintext-ciphertext pairs
3. Analyze statistical bias
4. Recover key bits


## Linear Approximation

- Represents cipher's behavior as a linear equation
- Example:

$P[i_1, i_2, ..., i_m] \text{ XOR } C[j_1, j_2, ..., j_m] = K[k_1, k_2, ..., k_m]$

  - P: plaintext bits
  - C: ciphertext bits
  - K: key bits



## Bias in Linear Approximations

- Measure of how often the linear approximation holds
- $\text{Bias} = |Pr[\text{equation holds}] - \frac{1}{2}|$
- Higher bias means more effective approximation


## Example: Simple Cipher

Consider a simple 4-bit cipher:

1. XOR with key
2. S-box substitution
3. XOR with key again

S-box: {0->5, 1->7, 2->4, 3->1, 4->3, 5->2, 6->0, 7->6}


## Finding Linear Approximations

For our simple cipher:

- $P[1] \text{ XOR } C[3] = K[1] \text{ XOR } K[3]$ 
- (holds with probability 3/4)
- $\text{Bias} = |3/4 - 1/2| = 1/4$


 ## Gathering Data

- Collect many plaintext-ciphertext pairs
- More data increases accuracy of the attack


## Statistical Analysis

- Count occurrences where linear approximation holds
- Compare to expected probability
- Deduce key bits based on significant deviations


## Advantages of Linear Cryptanalysis

- Can break ciphers resistant to differential cryptanalysis
- Often requires only known-plaintext (vs. chosen-plaintext)
- Applicable to a wide range of ciphers
