A block cipher is a method of encrypting text (to produce cipher text) in which a cryptographic key and algorithm are

applied to a block of data (for example, 64 contiguous bits) at once as a group rather than to one bit at a time. The main alternative method, used much less frequently, is called the stream cipher such as Vigen`ere cipher, encrypts one letter at a time.

Block Ciphers The most important symmetric (meaning the same key is used for both encryption and decryption) algorithms are block ciphers. The general operation of all block ciphers is the same - a given number of bits of plaintext (a block) is encrypted into a block of cipher text of the same size. Thus, all block ciphers have a natural block size - the number of bits they encrypt in a single operation. This stands in contrast to stream ciphers, which encrypt one bit at a time.

Block Cipher Principles:

As block cipher have different modes of operation and applies to a broader range of applications than stream cipher. A block cipher transforms a plaintext block of n letters into an encrypted block. For the alphabet with 26 letters, there are 26n possible different plaintext blocks. The most general way of encrypting a n-letter block is to take each of the plaintext blocks and map it to a cipher block (arbitrary n-letter substitution cipher). For decryption to be possible, such mapping needs to be one-to-one (i.e., each plaintext block must be mapped to a unique cipher text block). The number of different one-to-one mappings among n- letter blocks is (26n)!. The length of block n cannot be too short in order to secure the cryptographic scheme. For example, n= 1 gives a monoalphabetic cipher. Such schemes, as we have seen, are vulnerable to frequency analysis and brute-force attacks. However, an arbitrary reversible substitution cipher for a large block size n is not practical. Lets consider the problem of specifying a mapping of all possible n-letter blocks. In a cipher, each key specifies such a mapping. Lets assume the key consists of a block of k letters. Then the number of all possible keys is 26k. Then for a n-letter arbitrary substitution block cipher, the key size needs to satisfy 26k _ (26n)!, i.e., k _ n 26n!.

Electronic Codebook (ECB) Mode

ECB is the simplest mode of operation for a block cipher. The input data is padded out to a multiple of the block size, broken into a integer number of blocks, each of which is encrypted independently using the key. In addition to simplicity, ECB has the advantage of allowing any block to be decrypted independently of the others. Thus, lost data blocks do not affect the decryption of other blocks. The disadvantage of ECB is that it aids known-plaintext attacks. If the same block of plaintext is encrypted twice with ECB, the two resulting blocks of cipher text will be the same.

Data Encryption Standard (DES)

The Data Encryption Standard, or DES, is one of the most important examples of a Feistel cryptosystem. DES was the result of a contest set by the U.S. National Bureau of Standards (now called the NIST) in 1973, and adopted as a standard for unclassified applications in 1977. The Data Encryption Standard (DES) is the quintessential block cipher. Even though it is now quite old, and on the way out, no discussion of block ciphers can really omit mention of this construction. DES is a remarkably well-engineered algorithm which has had a powerful influence on cryptography. It is in very widespread use, and probably will be for some years to come. Every time we use an ATM machine, we are using DES. S-DES encryption (decryption) algorithm takes 8-bit block of plaintext (ciphertext) and a 10-bit key, and produces 8-bit ciphertext (plaintext) block. Encryption algorithm involves 5 functions: an initial permutation (IP); a complex function fK, which involves both permutation and substitution and depends on a key input; a simple permutation function that switches (SW) the 2 halves of the data; the function fK again; and SIMPLIFIED DES (CONT 1)finally, a permutation function that is the inverse of the initial permutation (IP-1). Decryption process is similar.

The function fK takes 8-bit key which is obtained from the 10-bit initial one two times. The key is first subjected to a permutation P10. Then a shift operation is performed. The output of the shift operation then passes through a permutation function that produces an 8-bit output (P8) for the first subkey (K1). The output of the shift operation also feeds into another shift and another instance of P8 to produce the 2nd subkey K2. We can express encryption algorithm as superposition:

IP1 f K2 SW f K1 IP
or Cipher text= IP-1 ( f K 2 ( SW ( f K1 ( IP ( pla int ext ))))) Where

K1 P8( Shift ( P10 (key)))

K 2 P8( Shift ( Shift ( P10 (key))))
Decryption is the reverse of encryption: Plaintext= IP-1 ( f K1 ( SW ( f K 2 ( IP (ciphertext)))))