 We're talking about block ciphers where we take a sequence of bits of block of bits b bits and We encrypt that block of bits at a time applying some encryption algorithm and we get b bits of ciphertext is out and the A key is used to determine What particular ciphertext will come out changing the key should produce a different ciphertext? We want our ciphertext to be random encryption should produce random output or sometimes to say random looking because sometimes we need to define what we mean by random So plain text is structured. There's some structure in the plain text. We'd like random ciphertext as output We said that our cipher our algorithm must have reversible mappings That is when we encrypt our plain text the ciphertext that we get as an output We should be able to decrypt that ciphertext to get back to the original plain text So the one on the right in irreversible mapping is not good because if I encrypt plain text 1 0 I get ciphertext 0 1 and If I encrypt plain text 1 1 I also get ciphertext 0 1 So if I want to decrypt ciphertext 0 1 I Don't know what the plain text was so that's we need a reversible mapping and We talk about an ideal block cipher, but What we can think of what we'd like a block cipher to do is to be able to allow any possible transformation of our plain text to ciphertext and in fact do random transformations And we went through an example Here's a we went through an example. I'll bring it up with a simple block Or a small block size and this example that you had said if our block is two bits then there are 24 possible transformations of those two bits of plain text and We listed them there all 24. So with two bits of plain text There are four possible plain text inputs to our cipher and there are 24 possible transformations of that To the power of two factorial In effect, we can think of each transformation as a key So what we would do if we were to use such a cipher is that we would choose one of those 24 transformations I may choose transformation number 17 Okay, 17 and what would happen is when I encrypt my plain text 00 With transformation number 17 the output ciphertext would be 1 1 Okay, so the transformation corresponds to a key So that's one way we can implement a block cipher And that's what we call an ideal block cipher. We allow every possible transformation Another example is on the lecture slide We can view it from a different perspective. This is a four-bit input four-bit plain text With four bits of plain text. There are 16 possible values So instead of the four values that we had let's say there are 16 possible values and from an implementation perspective one Transformation could look like this on the slide So we take our four bits of plain text input Think of that as a number between 0 and 15 What and each one of those so the Of the four bits if the four bits are 0 0 0 that's 0 in decimal and This specific instance or this specific transformation maps This zero value here, and it moves across so I can't see it. I think the 14 and The output would be the binary equivalent of 14 And that's we'd encrypt the four bits of plain text and get four bits of cipher text those lines that are criss-crossing That's just some random arrangement of mapping the 16 possible input plain text to 16 possible output cipher text This is for one particular key a Different key for this cipher would produce a different arrangement. We'd have the lines crossing in a different manner So that's just a way to think of it implementation. We take four bits in We think well that there's 16 possible values and the cipher maps Each of those values to one of the possible 16 outputs, which becomes a four-bit output That specific instance So this is a substitution We substitute for example zero with 14 So if the plain text coming in is in binary four zeros or in decimal zero This cipher substitutes zero with the decimal value 14 and we write that out in binary as the cipher text If the input was six we substitute that with 11 This is a way to implement a block cipher But it's only for one key if we change the key will have a different substitution Then how many possible? Substitutions are there? Or how many possible keys? Try and calculate the possible This is one of them. How many are in total possible transformations or substitutions? 16 factorial Okay, so here we have There are 16 possible inputs the number of arrangements of those 16 values is 16 factorial Anyone have a calculator 16 factorial 10 to the power of I have no idea It's not so big that we can't calculate it. That's with a four-bit block cipher. So there are 10 to the power of 13 possible Transformations fine if we have a 64-bit input for example, and we'll talk about why we'd want a 64 bit in a moment, but it's a good size It turns out for a block How many possible transformations? 64 factorial Wrong if we have a 64-bit plaintext block how many transformations? Two to the power of 64 factorial. So here we have a four-bit input. There are 16 or two to the power of four Possible values and therefore 16 factorial possible transformations if we had a 64-bit input instead of four It will be two to the power of 64 that number factorial and I might a one calculator, okay My calculators just won't even attempt to solve it Very very large number. So that's that's good with respect to having many possible combinations but it's bad in that that's effectively the number of keys that we have and Having many keys is good, but it means that our key length will be very very large The key length will turn out to be the best case that we could do it is log base two of This number factorial, which is something like Billions and trillions of bits for one key so it comes to this practical thing that yes This is a block cipher is a good way to implement a cipher But it's impractical in that the key will be too large too large to distribute to other people to save and and therefore It's not useful to implement a site cipher like this So the concept of an ideal block cipher is to allow any possible transformation of our plaintext as cipher text If we have a large block size the key becomes too large and in fact implementing such a block cipher becomes very Hard to do with with good performance If we don't use 64 bit blocks, we use like our example two bits This one was a two bit block. The key is quite small. There are only 24 possible values Well brute force attack is possible in this case So we need larger and also with small blocks you start to get repetitions Or much more structure in the output One of the concepts we saw in Classical ciphers is that if you can operate on more Characters at a time you can start to hide some of the structure in the plaintext When we went to a play fair cipher remember play fair operates on two two letters at a time That was a feature of trying to Hide the characteristics of letters in the cipher text encrypt two at a time Similarly if you encrypt three at a time it can be better. So encrypt more data at a time It can be more secure. So the Problems is that we want a small block for a Reasonable key size, but a small block means it's much easier to do an attacks and analysis on the the output cybertext So it turns out ideal block ciphers. We don't implement them in this way We need some simpler way to do it these tables are just a Implementation of this if you check what do we say zero map to 14? So in binary plaintext zero maps to cipher text 14 in decimal That's just one view of that particular key And of course decryption takes us back so firestool came up with an idea of Structuring block ciphers so we can implement them so that are secure, but we have manageable key sizes and most of the block ciphers used today are based upon the concepts that the firestool What's called the firestool structure for block ciphers is and We will not go through the firestool structure because we'll go through it as an example in Desk the data encryption standard. So we'll see an example of it. I will not try and explain the structure outside of the example We'll go through the example to illustrate the concepts and The concepts will come back to after we go through the example important ones of diffusion and confusion But I'll try and explain Confusion through an example and cause a lot of confusion for you and then we'll try and make it clearer at the end So we'll come back to these after we go through an example So the firestool structure is think of a design principle a way to design ciphers a general structure AS des and others Follow that structure to some extent And the idea is about this bottom line making our cipher secure in That no one can take the cipher text and find the plain text or the key But also making the cipher perform well so that Performance includes that we can have a manageable key size a key that I can distribute to someone easily and is fast So when I encrypt a large file, it doesn't take 10 hours to encrypt it it can happen in seconds or or less And in fact that trade-off comes up all through the course and in computer security We want things to be secure, but we want them to perform well as well and they often conflict with each other So what we're going to do is go through the data encryption standard Not the firestool structure This was one of the most one of the first widely used block ciphers when in computing It's no longer widely used but many of the currently used ciphers are either based upon it or use very similar principles to it, so we will explain how desks works and We will not explain other ciphers in as much detail as desks, but they they follow some of the same principles the data encryption standard was a standard created by the US government for Use within the US government so between departments to encrypt data and Also as a result so companies dealing with the US government you needed to use this same standard And of course other companies outside of the US started to use it and it became very widely used in the world It was developed in the 1970s Designed a IBM with inputs from different people and it's were used in many other ciphers it operates on a 64-bit block of plaintext and Produces a 64-bit block of ciphertext and it actually has a 64-bit key The slide says 56 bit It turns out the key is 64 bits, but only 56 of those 64 are used in the encryption The other eight are a parody check So we'll see both numbers use so desks Takes as an input a 64 bit key But effectively from a security perspective we throw away eight of those bits So sometimes we talk about a 56 bit key for deaths deaths is deaths as with many block ciphers is quite complex and No need for you to look, but I'll jump through to some of the details If you want to look at deaths, it's all defined on these pictures here with some extra There's some algorithm and there's some matrices and so on to define arrangements and Some more sub algorithms and so on to do within each to iteratively apply and So many details there that we cannot go through that in the course to explain how it works in particular We cannot use an example of here's some plaintext and encrypt Because it takes me too long to write 64 bits of plaintext and Go through an example So it turns out people have implemented a cut-down version of deaths Just for education just for teaching simplified deaths and What I'll do is go through and explain how simplified desks works And it's it's think it's the small version of deaths You'll see instead of using 64 bits of plaintext. It uses 8 bits of plaintext So it's not used in the real world, but it's used just to illustrate how desks works And we'll use it to go through an example of how to encrypt with simplified desks Then we'll return and compare the two simplified and real deaths So I'll explain simplified desks first It takes 8 bits of plaintext and Produces 8 bits of ciphertext and the reason for this is that we can actually Take an example plaintext and encrypt it By hand we'll do that today and it takes a 10-bit key and We'll see that the Faisal structure deaths and most block ciphers Perform some operations and then repeat them to add more security and repeat and repeat and those Repetitions are referred to as rounds So we we do something and then we do another round and then another round and so on in Simplified desks. There's only two rounds. You'll see in real desks. There's 16 rounds So we repeat something 16 times in real desks here. We just have two and The things that we do Include operations like permutations Permutations is rear-range bits In classical ciphers we called that what operation a permutation is the same as a Transposition Okay, remember we talk about Transposition ciphers rear-range something transpose permutate rear-range means the same thing So it uses some permutations We operate on bits on binary. We'll see some left shifts What's a left shift? Just shift all your bits to the left but wrap around so the left most bit Becomes the right most bit. We'll see an example of that And we'll see in the details that it also includes some substitutions So we'll go through the details let's go and Explain the overall algorithm and then go through an example There's actually Well three parts. There's encryption decryption, but also there's a key generation algorithm and the key generation actually Takes our original key and splits it or creates two part or two sub keys Which are generated? upon our original key so on this picture the Blocks on the left here The encryption steps IP will explain what it means. It's a permutation P generally refers to a permutation Some function, which we'll look at in detail some swap or switch and Another function and then an initial permutation inverse. So we'll see them on The right are the blocks for decryption. No, the arrows are going up and In the middle is how to generate the two what we have sub keys or sometimes called round keys We start with one key. We're going to apply some operations and create Sub key k1 and sub key k2 and use them separately in the encryption and decryption Look at encryption and decryption blocks What do you notice about them? The algorithm for encryption and decryption. They are the same Okay, and without even understanding what they do. We see this is IP some function Using K as an input some this is a swap or switch the halves and not the same function again Then some inverse operation That's encryption take plain text it will produce 8 bits of ciphertext Decryption is identical to that So with the same steps are applied It just turns out that we use the sub keys in a different order with encryption We will generate sub key k1 use that in the first function And sub key k2 in the second function with the when we decrypt in the first function. We'll use K2 going up and the second time k1 Maybe the important point there is that encryption and decryption can be implemented the same If we implement in hardware or software, we just need one implementation so that We don't need a piece of a different piece of software to encrypt and and decrypt and that's a nice feature Before we encrypt or decrypt we must generate these sub keys So that's a think of it that is a separate process that we do at the start. So I'm going to go through an example I Think you have the example printed out. Can I just check through just scroll through and I think there should be a simplified desk example in your handouts Yes simplified des Yes There's one title block cipher as a desk simplified desk example I'm going to go through that exact one so you can follow it there and also I'll click between the slides to illustrate just to be clear which Where was it if you can't find it is this one simplified desk example you have it so what I'm going to do is take some plain text some key and encrypt that plain text and the purpose is Not for you to remember all the operations But just to see those concepts that we've learned in classical ciphers being applied Takes a bit of time. So let's get started First thing we need to do is the key generation the middle blocks in in the picture so We start with two inputs the plain text and the key and in simplified des The plain text is a 8-bit value and the key is a 10-bit value So I'll write down the key that I've chosen and then later we'll get to the plain text that we want to encrypt so The key in this case K I've just chosen a Random 10-bit value 10 bits. I just include a space there so we can realize that it is 10 bits. It's easy to see What we need to do is Take those 10 bits and generate two subkeys Or called round keys because we use them in different rounds of our encryption and decryption So get as an output K1 and K2 and the algorithm for doing that is Illustrated from these five blocks What we do is we take 10-bit key and apply a permutation. So in these pictures P refers to a permutation P10 is Defined and it defines a specific way to rearrange those 10 bits So we just take the 10 bits and and change the ordering of them Then we'll do a left shift this shift operation is a left shift on those bits So we shift them to the left and then P8 is a permutation that takes 10 bits in and produces a rearrangement of those 10 bits Omitting two of them so we get eight bits out So you can see the shape you can see 10 bits will come in eight bits will come out or throw away two of them That will produce the round key K1 Or the sub key K1 To get K2 we would take the output of the previous shift do another left shift and apply the same permutation and get K2 So let's do that to do it. We need to know what is P10 And it's defined here a permutation just specifies how to rearrange the bits So we think of the bits numbered from 1 to 10 the first bit through to the 10th bit When we apply P10 the way to read it is that the first bit Will move into the seventh position The second bit will move to the third position The third bit on input will move to the first position on output It's just a rearrangement of those 10 bits and it's fixed So for this simplified desk, it's always this It's known the attacker knows this everyone knows this we assume the attacker knows the algorithm and In fact in real des we'll see There's a permutation that's equivalent to this and again. It's fixed and known so it's a constant arrangement It's just longer instead of 10 bits operates on 64 or 56 bits similar P8 we'll use it in a moment is A rearrangement of 10 bits, but we throw away two of the bits the first two I think So bit one and two will be discarded when we apply P8 and we'll get bits three through to 10 arranged in that the sixth bit becomes the first bit and The third bit on the input becomes the second bit on output. So again, this is a fixed rearrangement of the bits Later in the encryption encryption will see there's also a P4 just another arrangement. So let's try it We need to apply our permutation P10 on this so I'm better try and get it right. What do we get? We'll do this in detail this one just to illustrate what's happening. So we can think this is the first second Just number those bits They are our 10 bits in and we apply P10 the operation which really rearranges those 10 bits and we look on the the picture and The third bit Sorry the picture the the definition of P10 the third bit of input becomes the first bit That is the first bit of output is the third bit of the key which is one and we follow through It's three to three five two seven four. It'll get confusing if we do it all the way, but I Think it makes sense the second bit is The fifth bit of the input which was a zero the second bit of input becomes the third bit also a zero The seventh bit of input becomes a fourth bit, which was a zero and bit four becomes the fifth bit and we keep going We see the next 10 1 9 8 6 10 1 the 10th bit The first bit The ninth bit the eighth and the sixth That's our output of applying P10 any questions of how to do permutations It's not the intent for you to have to remember how simplified desk or even real desk Works in detail, but just to illustrate some of the operations that they use here is a simple rearrangement of bits It has to be this it is always this so you choose a key if you're using simplified desks The first thing you do is rearrange it according to this And it's the same in real desks. It's fixed. It's known Why is it this? Well asked the designers Okay, but the people who designed it and we'll see same with the other operations that well Supposedly they had some ideas of what to do and the principles that they were using To come up with these rearrangements again, they'll use the principle of Permutations or transpositions Substitutions in the same way that we saw them in classical cypher's and how they can add to the security of things like Hiding the statistics of the plaintext. So that's one thing they want to do Making it hard later. We'll see making it hard to get the Key even from the ciphertext So we'll come back and explain Not so much why they did it but the ideas behind doing these things things like diffusion and confusion and a few other operations So at the end we'll come back not only why but also some tests that show that With this particular operation the end result is more secure than if we used a different operation and That is another level of confidence that this operation is a good operation, but we'll return to that once we go through the entire encryption that Was this p10? That's all so we get you can think 10 bits in 10 bits out next is a left shift Left shift by one position I don't know if it's designed Here we go. This is the key generation these middle five blocks in more detail and it shows on The lines the number of bits we deal with so we started with ten bits in We applied p10 and we can think what comes out. We separate it into two halves the left half and the right half five bits each We apply a left shift by one position on each half So we take the first five bits shift them to the left by one position try it now That is take this output and apply a left shift. So think of it now as two Different sets of five bits and we apply a left shift on them Left shift is just another permutation It's a permutation where bit two becomes one Bit three becomes two four becomes three five becomes four and bit one becomes five That's all the left shift is the left bit wraps around to the end and Similar on these five bits note that we do the left shift separately on the two halves So we'll shift bit two to first position bit three Bit four bit five and the first bit becomes the last bit there So in fact a left shift is also a permutation What's next? Take those two five-bit inputs join them together in apply p10 Try sorry p8 p8 takes ten bits in and produces eight bits out This one so again we treat those two sets of five bits as a ten-bit value And we get eight bits out. Can anyone tell me the values? Always forget looking back. So this is at the sixth bit will come first So again six three seven four will be the first four bits six three Seven and the fourth bit and you'll keep going and you get 0100 Okay We've lost two bits the first two bits are not used in the output here. This is key one K1 in our algorithm The first sub key or the first round key will use it in the encryption and the decryption Next we jump through that was produced K1 as output next we go back to the output of the Two left shifts so before we applied p8 we take the Each pair of five bits and apply another left shift by two positions. So LS2 means left shift two positions and Then we'll take those ten bits as output and apply the same p8 again to get K2 The output of p8 in this step was K1. We do a left shift to and Just to be clear we take These two values as the input we don't take p8 the output of p8. We take the previous steps values and a left shift of two the one here of those five bits is going to move from the fifth position to the third position and A left shift of two these two ones are going to end up the end and then we apply p8 on those ten bits The same p8 so the exact same permutations we applied before and that is K2 Nothing too complex yet. We've just rearranged those bits to produce two sub keys if if you knew the two sub keys You can easily find the original key. There's no complex operations that make it hard to go backwards in this case Okay, the inverse is is quite simple, but the idea is that what we're going to do is Because our cypher is broken into rounds where rounds are really just the same operations But we each round we repeat those operations For each round we use a different sub key. So this is the key generation step It turns out that the decryptor does exactly the same thing So if I want to encrypt plain text, I first choose a key 101 0 0 0 0 1 0 and I generate K1 and K2 I will then use them to encrypt my plain text. I'll send you the cypher text What you would do is you'll take of course the same key. This is a shared key crypto system So you take the same 10 bits and you apply the exact same steps and therefore you'll get the exact same values of K1 and K2 So the decryptor does this as well They'll get the exact same values Now we can try and encrypt So to encrypt we need some plain text encryption I've chosen some plain text What have I chosen? Let's use the same one zero one one. This is my block But I want to encrypt it's eight bits Just a random eight bits. It has no meaning in this example, but suppose it has some meaning We want to encrypt that and get some cypher text. So that's the plain text and go back to the encryption and It's defined in detail here, but in that overview. It's the left side here What we do is we take eight bits in apply a permutation. It's called an initial permutation because we do it at the start We apply some function. So f is some function that function takes as an input a key Which key K1? This function is the first round of our cypher The output will then get Eight bits out and we'll swap the halves. So SW stands for swap or switch That is we'll swap the two four bit halves Very simple. Then we'll apply the exact same function again, but instead of using K1 we'll use K2 What we just generated Then we'll do the initial permutation, but the inverse and that will give us our cypher text Initial permutation also defined. It's here Again, just a permutation fixed always known always the same It's this The inverse of IP Maybe when we get to it we'll say something about that what the value is left shift we've seen We'll see later. There's also an expand and permutate which will take four bits in and Rearrange them, but also duplicate them. So there'll be eight bits out. We'll see that in one of the steps So these are all permutations so far So think of the example classical cyphers of the rail fence cypher and the rose column cypher they were examples of permutations and One of the problems with permutations is that the frequency of the characters in the Plain text is also reflected in the cypher text Because we have the exact same number of character or the exact same number of each Character in the cypher text as the plain text if you went went back to our rail fence and rose columns for example if we have 12% a's in the plain text using a transposition or permutation There'll be 12% a's in the cypher text. They'll just be in different positions So that's not secure on its own. So later or soon we'll see that there's a Substitution somewhere so this is the details of the encryption And we'll go through it slowly at least we'll go through the first half and the second half is just a repetition impact We'll take eight bits in We'll apply the permutation IP We'll get eight bits out, but we'll treat them as two four-bit halves The left half and the right half On the right half will expand and permutate four bits in see the lines show how many bits it Rearranges and creates eight bits out We'll X all of that with K1 XOR operation here and then we'll take The eight bits out and as for the two four-bit halves apply some Substitutions so s0 and s1 are some Substitutions where we take some of the characters and replace them with other characters from the all possible characters So these are the operations like a Caesar cipher vision air and so on which are substitution ciphers Then we'll do a P4 and then we'll get to know it's hard to see on the screen We'll get to another XOR with the left half We'll swap those two halves and do it all again So when we talk about a round this gray box the darker gray box is one round this function f of K and This is exactly the same inside here same implementation the same operations Just have different inputs K1 in the first round K2 in the second round So let's go through just the first half Just to illustrate those blocks This is maybe the only cipher in this course that will go through in depth in this this amount of depth And in fact, it's only a simplified version of a real cipher We will not do this for others because in practice the computer does it all for us But we need to understand some of the operations So the first thing we do is we apply IP And I'm not going to write it here. It's a permutation We'll take those eight bits in and We'll arrange them such that the second bit becomes the first bit the sixth bit the second bit and so on Wrong way and someone tell me what we get out Have it somewhere The second bit will become the first bit the sixth bit Which was a zero alright, I can third three one four eight the third bit The first bit the fourth bit The eighth bit Did we get there zero one Okay Confirm let me know when I make a mistake on here because if we make a mistake here The entire ciphertext will be wrong at the end and you'll have to go back and fix it Same in the exam when you do the mid-term exam and encrypt Don't make a mistake at the start because you'll get the wrong answer and you'll waste all that effort No encrypting you just get the ciphertext if you don't get it then You fail Security is sometimes a binary thing that is if you do it right it works if you do it wrong then nothing works Okay, so sometimes we need to take care that if you Make a mistake somewhere when you apply security then the whole thing can fail So we apply our initial permutation. What's the next thing? I have to switch through We split it into halves the right half and the left half and we for now We only deal with the right half the right four bits and we take that into the extent expand and permutate so we're going to take these four bits for now and Apply the expand and permutate which takes four bits in Look on the slides and you'll see that it rearranges them, but also duplicates bits one two three four Become the fourth bit becomes the first and so on four one two three So the fourth bit was a one the first bit The second and the third bit of the input four one two three and then the next two three four one The second bit So the second bit we're only dealing with these four the third one one What's next? X all with the key So we take that K K one this value from before one zero one zero zero one This is K one and the operation we do is an X or exclusive or one and one Right, you know easy When they're the same we get zero when they're different we get one. I get that right X or operation on the key and the output of the expand and permutate Going back. We're here now We've just done the X or We're now going to split it into two halves again Four bits at a time the left four bits are fed into S zero S zero S zero S refers to substitution This is called an S box Not an X box S box where we a Substitution box sometimes the others are called P boxes permutation boxes We take it some input and we'll do a substitution producing some output. Remember a substitution is that We replace One of our characters with another character from the entire set of characters when we did on letters It was easy to understand say we replaced the letter a with one of the other one of the 26 characters It doesn't have to be one of the characters in the input that we replace it with So we take the left half and lead it use it in S box S zero So we'll have to explain how that S box works That will go into S zero and we'll do that separately in this half will go into S one Now let's look at those S boxes and these are important parts That is this is the main thing that Well the the main substitution operation the X or is used as well, but this is an operation that People consider is a very important part of the security of deaths and in this case simplified deaths so they define Which character we're going to replace our input characters with so the same way that what Similar to the play fair cipher the play fair cipher we looked at two characters at a time And we had some matrix that told us to Replace these two characters with these other two characters, and we had some rules. We look at the same row and column We have some similar concepts here of the the matrix tells us When we have an input what to replace it with and produce the output so S box S zero is this matrix on the left and The input we can think currently we have four bits as input think of them as bits one two three and four and the way to obtain the output is to bits bit one and four of the input the first and last bit of the input tell us the row of the matrix and The middle two bits two and three tell us the column of the matrix and we just do a look up and the element at that row and column tells us the output to bits So in fact takes four bits in produces two bits out and Again like the permutation boxes the S boxes are constant It's always this matrix and it's known and the same in real deaths There's an S box in that there are I think eight S boxes. They're bigger than this But they're matrices we can think of them and they are known and constant now when we talk about specify the row and column count in from zero to three that is the first row is Row zero row one row two row three column zero one two and three and Therefore use the input to determine which row and column to look up our input is zero one one zero We'll do it just for that case We've got zero one one zero. That's the left half here so Bit one two three and four and The rule the rule is that the row is Taken from bits one and four that is in binary zero zero or in decimal row zero and The column is From bits two and three In our case one one Column three which is in fact the last column The first row in our matrix and the last column in the matrix Look it up and you'll get the output. What's the output rows zero zero column one one so in this matrix Row zero zero is the top row Column one one is the last column The element is this one here one zero So the output is one zero Just be careful. We think a row zero one two three Column zero zero one two three One zero is the output and I'll just note here that the output here will be one zero of the first S box Try it for S box S one same rules, but a different matrix Just check that you do follow that This is just a way to implement a substitution replace Some of the some input characters with others What's the answer for s1? What do you get? S1 produces something as output four bits in two bits out which row the second row or Row one row number one Which column The last column the fourth row a column three it gets confusing we start our numbering at zero and produces one one as output because bit one and bit four Zero one That actually the second row one one is the last column we looked that up in our matrix Second row last column one one is the element that comes out here so this is an important part that this is the a substitution and Again, it's fixed But it turns out it's an important part of the security of real deaths Just have a quick look at those matrices. Do you see any structure in them? Who come up with them or how do they come up with them is another question? Okay? Well, we cannot think we do not really know what the designers did a long time ago But it turns out with real deaths. It's similar. There's a defined matrix It turns out that most people think that the matrices used in deaths and we'll show them later We'll see them are designed to make it very hard to go back to Obtain the key from the ciphertext Okay, so there are some non-linear substitution It's very hard to write an equation especially for real deaths where the matrices are much larger to write an equation that a linear equation that allows you to find the the input Given the output that is to go in the reverse direction and in real deaths It turned out people have done analysis that says that if you modify the S boxes just a little bit Maybe you have a slightly different one instead of one one one zero you swap them People have done analysis of real deaths such that when they make small changes It makes the cipher much less secure much worse Which suggests that it was designed to make it more secure that is it is a good design So as far as people know The design of deaths and the S boxes in particular are quite secure So the people who design them apparently design them to give them what they knew about ciphers at the time to defeat any of the known attacks and Apart from the key size even today there are no practical attacks on real deaths No known attacks Because the key is so small in deaths So the cipher the algorithm is strong But because in real deaths that uses a say a 64 bit key you can just try all possible keys and I'll show you an example that It may cost a few thousand dollars today to break real deaths brute force correct brute force because two to the power of 56 really is not so much now for today's computers But the algorithm is strong if they have used a different key length a longer key It could still be considered secure. Of course. We're just doing it for simplified deaths But the same concepts apply. Let's try and finish our Encryption at least the first part where we get to we got to hear we got sorry here To S boxes produce two bits out each Combine them and apply p4 Take those four bits apply p4. I'll let you look it up. It's defined on one of the slides the permutation and you get Zero one one one. It's just a rearrangement of those four bits X or those four bits With the original left half that came out of the initial permutation So coming back to the start we had four bits on the left on the right Take the four bits on the left and X all of them with the four that we just got that's somewhere Up here, I don't know if I can draw it these four bits We haven't used them yet Okay, so we use them now it comes down here and we X or Was it one zero one zero? We get one one Zero one almost there We're at this point. We have four bits Take the original four bits on the right from the output We've already used them, but we'll use them again and combine them and we get really eight bits So the four bits we currently have plus four bits from the right and then this switch or swap Swaps those two halves So what we do is we take the right half of IP this half and it comes down and We use that What was it one zero zero one? So we have eight bits. In fact, this is the end of the the round in our pictures denoted as fk Some function has just finished there Then we do a swap of those two halves and the swap is easy we just take the the left four bits they become the right four bits and We swap over here Then what do we do? We apply fk again. Where did fk start? I should have drawn drawn that on here If I can fit it in Our function fk started here We just look back at our picture this outer gray box Fk takes the input eight bits from the initial permutation and the output is eight bits. We feed that into the swap Those eight bits are then applied into the exact same function except we'll use k2 as an input Everything in here is identical And we get eight bits out. That's your homework to do that fk started here and Finished here the first iteration. In fact, we made denote that with k1 Key one and key two Sorry k1 finished here and Then we started again Fk same function, but use k2. This is the end and you'll go through that same operations permutations substitutions x or use k2 as an input Remember, we've got k2 from the key generation up here these eight bits I'll stop there and then fk2 will end and At the end the eight bits out. I'll tell you because I've done it before the law the eight bits at the end will be 1110 1101 last step So you can check those intermediate steps here If you want to Last thing we do is the inverse initial permutation we rearrange those eight bits and What's the inverse initial permutation? You'll find that and I'll give you the answer Zero one one one Zero one one one that is our ciphertext That's what you should end up with So this inside the purple blocks the function is around It's in fact the same as in each round we do the same code, but we just have different inputs in between the rounds we swap the halves and At the start of the encryption we apply an initial permutation and at the end We apply the inverse of that your challenge is if you want to check if you don't understand I suggest you do this, but if you understand that's okay, then try and find what is the inverse initial permutation You get ciphertext and when then we're done so I Gave you the output here. We apply IP inverse and we get eight bits ciphertext If you want to really check then you decrypt and Note that decryption is Exactly the same The same steps that is we take our ciphertext Inverse sorry initial permutation exactly the same rearrangement of bits the function fk Which involves expand and permutate xors s boxes and so on Using K2 in the first round So this is the first round of the Decryption we use K2 swap the halves apply the second round using K1 where K1 and K2 Are identical to what the encryptor used Do the inverse initial permutation and you must get the original plaintext if you don't you've done something wrong We'll stop there What we'll do in the next lecture is now then we'll return to real deaths and just compare Simplified versus real deaths and really really just see that real deaths. We just scale up Things are bigger But the same concepts are applied and then we'll talk about the security of real deaths and some of the known attacks And some of the design issues with real deaths Try and find in inverse initial permutation try and understand what the inverse means in that case enough for today