 In this lesson, we'll be looking at our very first fully operational block cipher. This block cipher would be a little bit simplistic, so we're going to call it baby block, but it does include all of the key characteristics. Baby block will be a four-bit block cipher, meaning that it will take in four bits from a key and it will also take four bits of a block and produce four bits of cipher text, and it will have all of the same characteristics of a Feistel block cipher, but just simplified. I think this will become obvious in a little bit, but I'm going to put it out there at the beginning. This is not a secure block cipher, so please do not try and use this to encrypt any sensitive information. This is a block cipher that, like all block ciphers, will work at the binary level, so any of your messages will need to be converted to binary, which we know how to do for text and images, so just make sure we're working with binary. As I mentioned, the encryption occurs on four-bit blocks, so that's the size of the blocks. Our key is also a four-bit number. We'll see in future block ciphers, the key does not have to be the same number of bits of the block, but in this case it is, and it will use multiple rounds of encryption on each block to create the cipher text block. That's again pretty common for a Feistel cipher. If you need a reminder on a Feistel cipher from a few lessons ago, here's our main idea is that we have one block of plain text, in this case it'll be four bits. We split it into two sides, the left half and the right half. We have a key that, in combination with the right half of the block, undergoes some sort of F function that does maybe some confusion or diffusion, and then the output of that F function gets mixed up with the left half of the block to encrypt it, and then we will flip those blocks to create a new block of data that we can act on again. So there's our reminder, this should look very familiar once we get to the actual baby block details. So let's take our baby block cipher here and figure out how it works, and the first thing we need to figure out is what that F function is for baby block, and we're going to see the F function is a specific type of operation we'll use here called the S box, S for substitution. We've got our plain text information here, so many binary digits, and then our key is our 4-bit number 1110, and we're going to focus on just encrypting that first block of the plain text 0011. So we're going to pull that information out, and we're going to put that down here into some boxes to organize our plain text in our key. We'll try and color code those green and purple that we do with the numbers up above. And we're going to take two bits, the left, or sort of the right-hand side of the plain text, so the bits one and one, just like we saw with the FISEL cipher, the two bits coming from the right-hand side, and all of the key information are going to go into our F function, which we're going to call the S box here. And then you can ignore the rest of this diagram for now. We're going to see the output of that S box does get mixed up with the left half of the plain text, but ignore that for now. Let's see how does this S box work? Now, the S box, again, it gets its name S for substitution. And we're going to see we can do some tabular substitution here. We can just do a little lookup by looking up the two bits of information that we get from the right half of our message block, so 11. And the row is determined by the four bits that come in from the key, 1110. And we look in the field of the table and we can see that that corresponds to the bits 01. Now that first bit, zero, is the first or left-hand side output from the S box in the diagram. And the right-hand bit, one, the second bit in the table, is the right-hand side of the output of the S box. So you can see that first output of zero, the arrow points over to the XOR operator, which is paired up with the first, sorry, the furthest left bit from the plain text box. So the zero XOR zero should result in zero. The second output from the S box, which is a one, goes over to the XOR operator, which is matched up with the second bit in the left-hand side of the plain text box. And so zero XOR one should be one. The third and the fourth bits are the two right-hand side bits from the plain text box. Come straight on down, unmodified, to create what we will call our muddled block here in this light orange. So again, if you need to pause the video, make sure you know where these four bits are coming from. The two on the left-hand side were encrypted with the output of the S box individually, by bit by bit. And the right-hand side of the muddle block is just an exact copy of the plain text box. One note about muddling is that it's pretty easy to undo. If we take our muddled box here and our key block here, you'll notice the right two sides of the muddled block are the exact same as they were in the plain text block. We haven't changed them, which means that when we feed them into the S box with the key, we're going to get the exact same output from the table, which means that if we XOR those with the left-hand side of the muddled block, we're just going to undo the XOR that we just did to create the muddled block, getting us back to our unmoddled plain text block. So this muddling and unmoddling, it's just the exact same operation. We can do them in either order, and they will undo the previous operation. That'll be helpful for us to remember a little bit later on. Now, the next part of our baby block algorithm, once we create our muddled block, is that we need to do that swapping of the sides. So the left-hand side of the muddled block becomes the right-hand side of our ciphertext block, and the right-hand side of our muddled block becomes the left-hand side of our ciphertext block. Now, we're calling it ciphertext because we could stop here if we wanted to, and we'll have created a new block that is now encrypted. But we mentioned earlier that we're going to do multiple rounds of encryption for a baby block cipher, just like any other feistel cipher. So we're going to show you that in just a moment. So let's look at what we do with the second round. Here's the exact same information. This is everything we've seen so far. It's the plain text and the key going into the S box to create those output bits of zero and one, XORed on the left-hand side of the plain text block to get our muddled block, and then we've swapped it. Now, for the next round, we're going to alter our key a little bit. We don't want to keep encrypting with the exact same key in every round. So we're going to do what's called a key rotation. That left-most bit in the key becomes the right-most bit in the key, and the three other bits all shift one position to the left. So now we have a rotated key of one, one, zero, one. And if we take those two boxes now there, our swapped box in red on the left and our rotated key on the right, they now become the inputs for another round of the exact same set of operations. So we'll take the right half of our new message block, zero and one, feed that into the S box with our rotated key to get two new outputs, zero and one from the S box, which we can XOR with the left half of our message block to create our new muddled block, one, zero, zero, one, which we swap halves, and then we rotate the key once more to get our second rotated key of one, zero, one, one. We'll do this one more time, but on the last round we don't do the swap. So we just leave the output straight out of the S box after it's XORed of zero, zero, one, zero, that's our ciphertext block. So to summarize, we had our plain text message. We took zero, zero, one, one, the first four bit block of information with our key, which is also four bits of one, one, one, zero, to create the ciphertext block of zero, zero, one, zero. To finish creating the full ciphertext, we take the same key and we do the same process on the next four bits of the plain text to create a next four bits of the ciphertext and so on and so on and so on. The algorithm that we used was our baby block algorithm, which consisted of first using the S box to generate two bits of new information using tabular substitution. Remember the inputs just came from the right half of the message block and the four bits of the key block. We took those two bits of output from the S box and we XORed them individually with the two bits that were on the left hand side of our message block and when we did that and just retaining the right hand side of the message block, we now had our muddled block. If this happened to be the last round of our encryption then we're done. This muddled block is the ciphertext block, but if we have more rounds to go then we perform that swapping operation, swapping the first two and the last two bits, the left half and the right half and that'll set up our next round of encryption. We keep doing this for three total rounds of step one and two and that will produce our ciphertext block. Now for decryption, we're gonna see is absolutely no different. The algorithm works the exact same way, we just need to use our keys in the reverse order. So we would have to kind of pre-compute what our last round key would have been and then we would have just undone the rotation in the other way. So we kind of spin the keys in the other direction, kind of just like with a physical lock you turn it the other way. We can do that because as we've already seen, to un-muddle blocks, you can just muddle them again so that operation doesn't have to change. We do the exact same thing and it will undo it. To undo our swap, we could just swap again so the swapping step will just undo the swap that we would have had on our block. And since the last two bits of our muddled block are the same pre and post muddling, the S-box will actually generate the exact same output bits whether we're doing it pre or post muddle, meaning that it's going to be set up just perfectly to undo the, it'll be perfectly set up to create the same bits to muddle and un-muddle the blocks. It turns out that really all block ciphers that are Feistel networks have this nice property that the decryption algorithm is the exact same as the encryption algorithm. Now, let's talk about a real block cipher. That's something that's not for babies, something that's actually used in real life. This first block cipher that came about for US use was in 1972, the US National Bureau of Standards or the NBS, which is now known as the National Institute of Standards and Time, I believe, NIST, put out a request for proposals for a standard cipher for the US and the United States. The company IBM put forward the winning idea based off of a cipher they had created called the Lucifer Cipher. The NSA, which at the time was not even publicly acknowledged to exist, vet the cipher and worked with them to make a few changes. Now, you might be pausing and say, hmm, what kind of changes would the NSA want to make to the cipher if it was already pretty good? They wanted to help make a few changes so that it would be resistant to a particular type of cryptanalysis attack called differential cryptanalysis that nobody really publicly even acknowledged existed until 1990. So they had some advanced knowledge of this kind of mathematical attack and they wanted to make sure that this cipher was resistant to it. And then they also changed the length of the key. The Lucifer standard called for a 128-bit key and the NSA had them change it down to 56 bits. So you might be thinking, wait a minute, we know that longer keys are harder to guess. They're just harder to brute force. Why would they want to do this? People were really suspicious at the time that they were doing it so the NSA could crack it. Maybe the NSA had access to some computers that could brute force a 56-bit key, no problem, but a 128-bit key they couldn't do yet. Now, it turns out when you actually analyze the security of all of this algorithm, people have kind of debunked that myth that that's why they did it. We don't really know why they had them do it, but it is a little suspicious. So all in all, after those changes were made, the Lucifer cipher now became what's called the DES or the Data Encryption Standard Cipher, starting in 1977. And it was used as the block cipher for US encryption standards for like secret data until it was replaced by the Advanced Encryption Standard known as AES in 1999. So at a good 22-year run, which if you think about it for computing technology, that's really impressive. So this DES has some similar ideas as our baby block cipher. It uses 64-bit blocks instead of our four-bit, so much bigger blocks. It has a 56-bit key instead of our four-bit key, and you'll see here that the length of this key doesn't have to match up with the block size. Those 64-bit blocks, by the way, have very many, many possibility of plain text blocks. So this is a large alphabet. If you think about it, block ciphers are really just a fancy way to take a unique 64-bits of information and encrypt it to a 64-bit cipher text. So it's kind of like taking one of 26 letters and encrypting them to some other one of those 26 letters. We're just doing one of these like 18 trillion, some billions, whatever, possible plain text blocks and converting them over to some other one of those number of possible cipher text blocks. It's just a really fancy way of doing it. The f-function in the DES cipher takes in 32-bits, so half of that 64-bit, and it returns 32-bits, so same size. Now the difference there is this f-function is much more complicated. It actually uses eight s-boxes inside, so it takes in those 32-bits, it does some expansion and compression of those bits, and then puts them into eight different parallel s-boxes to get some outputs. It's very complicated, and then the output does get XORed with the left half of the message, and it does that for 16 rounds, so not three rounds like our baby block, but 16 rounds. And then it does change the keys, it rotates the keys around for each one of those rounds on some predictable schedule so that you can follow that through forwards and backwards. Now, the DES does introduce some new, more complex ideas that we didn't put in the baby block cipher. The f-function does more than just s-box, it has what's also called a p-box for permutation, so it really is doing a better job at both the confusion and the diffusion. And the output of that f-box is just completely XORed with the left side of the message, not like our kind of bitwise XORs that we saw in our baby block. So some similarities, some more complexity, and then some new ideas completely. Now we'll see that there's different ways that we can use these block ciphers. What we've been doing so far is what's called an electronic code book. As I mentioned, we're essentially just finding a really fancy computer driven way to take each one of those unique plain text blocks of which there are very many, two to the 64 power, and find a way to map it to some cipher text block of which there are also two to the 64 possible cipher text blocks. And we're just finding a way to do that. But in this method, each plain text block will always go to the exact same cipher text blocks, kind of like how in the Caesar cipher, if the letter J went to the letter Q in the cipher text, the letter J will always go to the letter Q. Now here, it's just a little bit more complex. We've got more plain text possibilities to map to more cipher text, but the idea is the same. If the block 01010101 shows up in the plain text and that gets mapped to 11111110, that'll always be the mapping between those blocks. And you might not want to do that. First of all, you're not gonna get a lot of diffusion between the blocks when you use this because it's only gonna occur within that one block. If the same block always becomes the same block of cipher text, it doesn't impact any other parts of the message. So you're really restricting the amount of diffusion that you can get. And the worst part really is that you can find some patterns if you have this type of encryption going on where each block is encrypted in isolation from all of the other blocks. You might be asking, why is this penguin down here? We're gonna use this penguin as an image to show what happens if you encrypt with this electronic code book method. If we went through that pixel by pixel, converted that to binary and then encrypted it using our DES type algorithm or some block type algorithm with the electronic code book mode, it's gonna get turned into this encrypted message on the right, which you can tell is certainly not the same message, but there's kind of a residual pattern that's left behind that gives you a lot of ideas about what that original message might have contained. Images help kind of show those patterns much easier than just kind of looking at text or numbers. So that's why we're gonna use that example here. I could still tell that this is tux, the penguin, just looks a little bit different. I might not get the same detail out of this encrypted version on the right, but I got a lot of ideas about what the original plain text was all about. So we're gonna wanna figure out, is there another way that we can use our block ciphers to do a little bit better job? And the way that we can do that is by using what's called cipher block chaining. The only difference between this mode of encryption and the one that we've seen with baby block and we've kind of outlined a little bit with DES, is that before you encrypt the second block in your message, you're going to XOR it with the output, the cipher text version, of the previous block, say the first block. What that does is it kind of chains those two blocks together. The encryption of the second block will now depend on what you got when you encrypted the first block. The encryption of the third block will depend on what you got from the second block and then therefore also the first block. So every block that you encrypt using this method, just that simple addition of an XOR of the block from with their plain text of your second block with the cipher text of the first block, links all of these together so every block depends on all of the blocks before in the chain. It is the most popular way to use a block cipher to encrypt messages because it gives you a much more pseudo-random looking encrypted output. Here's the same image, the exact same algorithm, the only difference is we change the blocks together so that we can maximize the diffusion here. So all of these blocks are now linked together and we get this kind of static looking output. It's pretty pseudo-random here on the right hand side. So that's our baby block cipher. In this course, we're not going to dig in deep and try and program any of these cutting edge standard ciphers like DES. It's just important to understand the main ideas of a block cipher. That we're gonna split the halves, we're gonna use some sort of substitution and maybe sometimes permutation operation on the left hand side of that block to create a muddled block. We swap the two halves and we can repeat that over and over again. If you know the basics of the baby block, you'll be all set up to continue your work in this course and we'll see you in the next lesson.