2
Name of Student
Institution
Instructor
Course
Submission date
What are the advantages and disadvantages of a stream versus block ciphers?
A flexible technique that executes a key-dependent rearrangement of values that are sequences of a set number of bits is termed a block cipher. It is suitable for usage in a wide variety of jobs across a wide variety of cryptographic protocols. One of these roles is the bulk encryption of long streams of data; in order to accomplish this, the block cipher needs to be utilized in conjunction with a suitable mode of operation, also known as “chaining mode.” The traditional mode is called Cipher Block Chaining, while the popular newer mode is called Counter (CTR) mode (Ramkumar, 2014). A stream cipher is a customized algorithm used to encrypt large amounts of data sent in a continuous stream. The concept behind this is that it could develop an algorithm that is more effective if one sacrifices part of the adaptability of the block cipher, that is, something that encrypts data faster.
If the same key is used twice, for two different streams, without having an appropriate, unique, or random enough Initialization Vector, block ciphers with a stream-oriented encryption mode and stream ciphers may operate into security problems. These issues may arise because both block ciphers and stream ciphers encrypt data in a stream-oriented mode. For the Cipher Block Chaining encryption method, the initialization vector (IV) for each new message has to be a brand-new, uniformly random sequence of bits that is the same length as a block. Stream ciphers that are any good will also take an IV (Valea et al., 2019). The fact that the classic stream cipher known as RC4 does not include an IV (its specification does not say where or how an IV may be introduced) resulted in a great deal of chaos and gave a poor reputation to the idea of stream ciphers.
It has been determined by a large number of cryptographers that these algorithms are “very secure” as a result of their having been subjected to a reasonably in-depth investigation. Encrypting a lengthy series of bytes with zero values causes a stream cipher to behave as a pseudorandom number generator. This may be accomplished by using the stream cipher. Actually, the internal mechanism of many stream ciphers (but not all of them) is a PRNG, which generates a long sequence of key-dependent pseudorandom bytes (Mahdi, 2016). These bytes are then combined (by bitwise XOR) with the data in order to encrypt (or decrypt) it, and since encrypting zero bytes is the same as not using the XOR at all, encrypting zero bytes is the same as not using the XOR at as a result, stream ciphers are often used as a personal PRNG.
Stream ciphers are based on producing an “infinite” cryptographic keystream and encrypting one bit or byte at a time (equivalent to the one-time pad). However, block ciphers operate on more significant pieces of information (that is, blocks) at a time, sometimes merging blocks for enhanced protection, for example, AES in CBC mode.
Stream ciphers are often quicker than block ciphers, but this speed comes at a cost. Stream ciphers have very low memory needs since they simultaneously operate on just a few bits. However, block ciphers use more memory because they operate on bigger chunks of data and often “carry over” data from prior blocks. However, they are cheaper to execute in restricted scenarios such as embedded devices, firmware, and esp. hardware.
Stream ciphers are more challenging to use effectively and are susceptible to usage-based vulnerabilities; as the underlying concepts are similar to those of the one-time pad, the keystream has stringent constraints (Mahdi, 2016). On the other hand, this is often the most challenging aspect and may be delegated to an external box, for instance.
Due to the fact that block ciphers encrypt a whole component at once and also include “feedback” modes, which are highly recommended, they are more vulnerable to noise in communication; if you corrupt one portion of the data, it is likely that the remainder cannot be recovered. In contrast, stream ciphers encrypt bytes independently, with no link to other data blocks in the majority of ciphers/modes, and often tolerate line disruptions (Valea et al., 2019). Moreover, stream ciphers do not offer fiber reinforcement or verification, but (depending on the mode) some block ciphers might give integrity protection in combination with secrecy.
Consequently, stream ciphers are optimal for situations in which the quantity of data is either unpredictable or ongoing, such as network streams. Block ciphers, on the other hand, are more effective when the quantity of data is known beforehand, such as in the case of a file, data fields, or proposal protocols such as HTTP, where the length of the whole message is known from the start.
Why do some block cipher modes of operation only use encryption while others use both encryption and decryption?
In some modes, the plaintext is XORed with the result of the encryption function rather than going through the encryption function itself. This is done to ensure the confidentiality of the plaintext (Malozemoff et al., July 2014). In some circumstances, the decryption function can only be performed with simultaneously using the encryption function.
Some modes of operation, such as CTR, are designed to function in such a way that only known values are ever encrypted. This results in the generation of a stream of pseudorandom data, which is then merged with the plaintext using a reversible keyless operation (often xor) to produce the cipher text. Other modes, such as Cipher Block Chaining, directly encrypt plaintext values, meaning decryption is necessary to discover the secret value.
One of the most significant benefits associated with a method that does not call for decryption is that it may be performed in hardware with a lower footprint (in other words, it is more compact). In addition, for block ciphers such as AES, it is often simpler to design effective encryption than it is to perform efficient decryption (Malozemoff et al., July 2014). This is because the internal coefficients have been optimized for the encryption direction rather than the decryption direction.
With block ciphers such as AES, it is only possible to encrypt one block at a time. This encryption is a random permutation with a key. This implies that each conceivable plaintext block corresponds to precisely one cipher text block (and vice versa; it is possible to employ a block cipher in the “wrong” manner). We need ciphers capable of encrypting communications of any length (Rogaway, 2011). Therefore, we must choose a strategy that allows the block cipher to handle both small and big messages. Therefore, a mode of operation will give this capability, but they often have a maximum message size (although one that is quite huge).
Another situation is that the mapping will always map identical plaintext to identical cipher text. This is problematic if you want to encrypt several communications since identical messages might be readily distinguished. Therefore, the majority of operational modes include an IV or nonce to ensure that similar (or substantially similar) messages cannot be identified.
Generally, we also want to preserve the message’s integrity and originality. This can be accomplished by adding a MAC, but we typically use an authenticated mode of operation today. Neither message integrity nor authenticity is given by the block cipher (Rogaway, 2011). Another fascinating point is that a block cipher in counter mode only has to be utilized in one way. In addition, you may generate counter mode using a hash algorithm rather than a block cipher.
References
Ramkumar, M. (2014).
Symmetric Cryptographic Protocols. Springer.
Valea, E., Da Silva, M., Flottes, M. L., Di Natale, G., & Rouzeyre, B. (2019). Stream vs block ciphers for scan encryption.
Microelectronics Journal,
86, 65-76.
Mahdi, M. (2016). New Paradigm Design by Merging the Techniques of Stream Cipher with Block Cipher.
International Journal of Computer Science and Software Engineering,
5(1), 11.
Rogaway, P. (2011). Evaluation of some block cipher modes of operation.
Cryptography Research and Evaluation Committees (CRYPTREC) for the Government of Japan.
Malozemoff, A. J., Katz, J., & Green, M. D. (2014, July). Automated analysis and synthesis of block-cipher modes of operation. In
2014 IEEE 27th Computer Security Foundations Symposium (pp. 140-152). IEEE.
Running head: FEISTEL CIPHER 1
FEISTEL CIPHER 10
Feistel Cipher
Student
Professor
Course
Date
Introduction
Currently, the Feistel Cipher is among the best security features that are utilized by organizations to enhance the security of data and information. As Hare (2022) notes, this security block feature is “bulletproof” that is making it difficult for hackers to access organizations’ systems. This paper aims at evaluating the Feistel cipher to analyze how it works, the parameters used, and the motivation behind its working mechanism.
Why is it important to study the Feistel cipher?
The Feistel Cipher is a structure that is used to build various forms of symmetric block ciphers. This model can be self-invertible, non-invertible, and also invertible. Moreover, Corsini (2016) also states that Feistel block cipher uses similar encryption and decryption models or algorithms. The Feistel algorithm is based on the Shannon structure that was developed in 1945. It highlights the diffusion and confusion implementation process. The diffusion creates a complex relationship between the cipher text and the plain text. It uses the permutation algorithm. The Feistel cipher proposed a design that creates the substitution and permutation alternately. The substitution aspect replaces the plain text designs with the cipher text. Permutation changes the structure or the order of the plain text elements instead of being replaced by other elements that are also performed by substitution (Hare, 2022). Therefore, Feistel cipher uses the concept of a product cipher, which is the performing of two or more basic ciphers in sequence in a way that the final products are cryptographically stronger than any of the component ciphers.
Example of Feistel Cipher Encryption
This process involves various rounds of processing plain texts. For each round, there is a substitution step that is followed by the permutation step. The following example describes the encryption structure that is used for this design model.
Figure 1: Feistel Cipher Encryption
Source: Cryptography and Network Security (2012)
The first step involves the plain text being channeled into several blocks of a fixed shape and size with only a single block being processed at a time. According to Hare, V. (2022), the encryption model input only consists of a plain text block and a key K. In the second step, the plain text block is divided into two parts. The right part is represented as RE0 while the left part is represented as LE0. Both parts undergo various rounds of processing plain text that ultimately produces the cipher text block. For each round, the encryption algorithm is applied on the right part (REi) of the plain text block plus the key Ki. Consequently, the function results are then combined with a logical operator used in cryptography. It compares two input bits and then produces a single output bit (Cryptography and Network Security, 2012). The XOR function results become the new right half for the next round RE i+1. The previous right half REi becomes the new left half Lei for the next round.
It is worth noting that each round will execute the same function, in which a substitution function is created by using the round function to the right half of the plain text block. Consequently, the permutation function is used by alternating between the two halves. These permutation results are provided for the next rounds.
The following are the cipher design features that are crucial when using block ciphers. The first feature is the block size. As Corsini (2016) states, block ciphers are more secure when the block size is larger. However, larger block sizes slow down the execution speed for the encryption and decryption processes. Block ciphers have a block size of 64 bits, but modern and more advanced blocks can have 128 bits. The second feature is easy analysis. Block ciphers should be easy to analyze and this can help to identify and address any cryptanalytic weaknesses to implement more robust algorithms. The third feature is the number of rounds. The number of rounds can also affect the security of a block cipher. More rounds improve security but make the cipher more difficult and complex to decrypt. Therefore, the number of rounds is depended on an organization’s desired level of data protection.
To conclude, the Feistel cipher is a popular cryptography model that businesses use to secure their valuable data. Even if hackers can get the cipher algorithm, a strong encryption cipher should prevent the hackers from interfering with the cipher’s plain text without having the key or set of keys. Moreover, organizations should adopt an effective cybersecurity plan to help prevent hackers from stealing sensitive information.
Example of Feistel Cipher Decryption
Surprisingly, the Feistel cipher model uses a similar algorithm for encryption and decryption. However, the following rules need to be observed during the decryption process:
Figure 2: Feistel cipher decryption
Source: Cryptography and Network Security (2012)
From figure 2 above, the cipher text block has two parts, the left (LD0) and the right (RD0). This method is similar to the encryption process. Like the encryption algorithm, the round function is executed on the right side of the cipher block with the key K16. The function’s output is XORed with the left half of the cipher text block. The XOR function’s output becomes the new right half (RD1), while RD0 switches with the LD0 for the next round. Every round uses a similar function, and once the fixed number of rounds is over, the plain text block is achieved.
What is the motivation behind the Feistel cipher structure?
A block cipher can be used to achieve similar results as the stream cipher. The majority of network-based symmetric applications use block ciphers. Hence, the main motivation for the Feistel cipher structure is to make it reversible (Cryptography and Network Security, 2012). The figure below indicates the structure of a general substitution cipher for (n=4). N stands for the block size.
Figure 3: the structure of a general substitution cipher.
Source: Cryptography and Network Security (2012)
Generally, the logics of a general substitution cipher for n=4. 4 bit input produces one of 16 possible input states, which are mapped by substitution cipher into a unique one of 16 possible output states. Each of them is represented by 4 cipher text bits. The process of encryption and decryption mappings can be represented into the table below;
Table 1: Encryption and decryption mappings.
Source: Cryptography and Network Security (2012)
This is the most complete form of block cipher but can be used to define a reversible mapping between the cipher text and the plain text. According to Feistel, this is the ideal block cipher because it allows for the highest number of possible encryption mapping from the plaintext book. The essence of the Feistel Cipher is to develop a block cipher with ideal lengths that allows for possible transformations. As Hare (2022) states, the Feistel cipher proposed the use of a cipher that alternates permutations and substitutions. They include the following.
The first element is substitution. Each plaintext group or element is uniquely substituted by the corresponding cipher text element. The second element is the permutation. A sequence of plaintext elements is replaced by a permutation of the same sequence. This means that no elements are deleted or added in the channel or sequence, rather than the order in which the elements appear in the sequence being changed (Cryptography and Network Security, 2012). Another element is diffusion and confusion. These are strategies or processes that are used to thwart cryptanalysis based on statistical analysis. In diffusion, the statistical structure of the plaintext is channeled into long-range statistics of the cipher text. This is achieved by making sure that every plaintext affects the value of many cipher text digits.
For example, an example of diffusion is to encrypt a message x=x1, x2, x3…hence, of characters with an average operation: ∑= = + k i n m in y. Adding v successive letters to get a cipher text letter yn. The letter frequencies in the cipher text will be more equal than in the plaintext. On the other hand, the confusion element aims at making the relationship between the statistics of cipher text and the encryption key more complex or difficult. This is achieved by using a more complex substitution algorithm. These operations form the foundations of modern block cipher design.
The encryption’s input algorithm is a plaintext block of length 2w bits and a key K. The plaintext block is subdivided into two parts, L0 and R0. The two halves of the data pass through v rounds of processing and then merge to produce the cipher text block. Each round a has as inputs L i-1 and Ri-1, derived from the previous round, as well as a subkey K I derived from the overall K. Generally, the subkeys K I are different from K and each other. All rounds are similar in structure. A substitution is performed on the left side of the data. This is undertaken by applying a round function F to the right half of the data and then taking exclusive –OR of the output of that function and the left half of the data. The round function has a similar structure for each round but is parameterized by the round sub key K i. Following this substitution, a permutation is performed and it consists of the interchange of the two halves of the data.
Which parameters and design choices determine the actual algorithm of the Feistel cipher?
Feistel’s network realization depends on the choice of the following parameters and design features. The first parameter is the block size. As Corsini (2016) states, large size leads to greater security. Hence, the block size should be between 64 and 128 bits. The second parameter is the number of rounds. Having multiple rounds increases the security of the Feistel cipher. Furthermore, another key parameter is the fast software that can promote easy encryption and decryption. As Hare (2022) states, the software should be very easy to cryptanalysis but easy to analyze cryptanalytic vulnerabilities. Furthermore, if the algorithm can be clearly and concisely analyzed, it is easier to analyze that algorithm for cryptanalytic problems and hence, implement a higher level of assurance as to its strength. The timing of attacks is another important parameter to consider. The user needs to select an algorithm in which information about the plaintext or the key is obtained by observing how long it takes a given implementation to perform decryptions on various cipher texts. Moreover, Corsini (2016) states that the user’ needs to exploit the idea that an encryption or decryption algorithm may take different amounts of time on different inputs. However, it is unlikely that this strategy will ever be successful against DES or more advanced and powerful symmetric ciphers like the triple DES and AES.
Conclusion
To conclude, the Feistel Cipher has helped to enhance the security of computer systems through diffusion and confusion mechanisms. It helps businesses to encrypt and decrypt information which makes it almost impossible for hackers to steal or interfere with data or information. Moreover, it also provides easy mechanisms for organizations to decrypt data for organizational use. The main parameters involved with the Feistel Cipher include the block size, ease of analysis, and the number of rounds.
References
Corsini, M. (2016).
Computer security and Reliability. Online at:
https://quizlet.com/196754838/crypto-chapter-3-flash-cards/
Cryptography and Network Security (2012).
Online at:
https://www.sathyabama.ac.in/sites/default/files/course-material/2020-10/unit-2
Hare, V. (2022).
What is a Feistel Cipher? Online at: