Introduction to

Computers Security
Lecture 3

Dr. Hadeer Mostafa

1
Traditional Cipher
VS
Modern Cipher

2
 Traditional Cipher

 Definition: classical methods of encryption based on simple substitution or

transposition of characters or letters. Used before the computer era.
 Operates on: Alphabets or characters (A–Z)
 Data type: Text messages
 Key size: Very small (e.g., 1–26 shifts in Caesar cipher)
 Security Level: Weak — easily broken using frequency analysis or brute force
 Example: Caesar Cipher, Vigenère Cipher

3
 Modern Cipher

 Definition: Advanced algorithms designed for digital data encryption using

mathematical functions and binary operations. Used in computer and
network security.
 Operates on: Binary bits (0s and 1s)
 Data type: Digital data (text, images, audio, etc.)
 Key size: Very large (e.g. 64, 128, 192, or 256 bits)
 Security Level: Strong — resistant to brute-force and statistical attacks
 Example: AES, DES, RSA

4
Modern Block Cipher

5
 Modern Block Cipher

 Modern block cipher algorithms are symmetric-key

cryptographic systems that encrypt data in fixed-size blocks
(commonly 64 or 128 bits) using the same key for encryption
and decryption.
 They are fundamental to modern data security—used in
protocols like TLS, IPsec, and disk encryption systems.

6
Modern Block Cipher

7
Data Encryption Standard
(DES)

8
 Overview of DES

 Developed by: IBM (based on their

algorithm ―Lucifer‖), adopted by NIST in
1977
 Key Size: 64 bits (but only 56 bits used for
encryption; 8 bits used for parity checking)
 Block Size: 64 bits
 Type: Symmetric-key block cipher
 Structure: Feistel Network
 Rounds: 16
9
 DES Encryption Process
2- Message Encoding

DES operates on 64-bit blocks

of plaintext, transforming them
into 64-bit ciphertexts through 1- Key Schedule
a series of permutations and
substitutions controlled by a
secret key.

10
DES Encryption Process

11
 DES Encryption Process

 Key Generation Steps

o The 56-bit key is permuted according to the
Permutation Choice 1 (PC-1) table
o After permutation, it is divided into two halves (C
and D), each 28 bits.
o For each of the 16 rounds:
• Both halves are left-shifted by 1 or 2 bits.
• 48 bits are selected from the combined halves
using a Permutation Choice 2 (PC-2) table to
form the round subkey (K₁–K₁₆).
12
DES Encryption Process

13
 DES Encryption Process

 Message Encoding
 The process consists of five main stages:
1. Initial Permutation (IP)
• The plaintext block (64 bits) is permuted
(rearranged) according to a fixed table.
• This does not add security itself but prepares the
bits for the Feistel rounds.

14
 DES Encryption Process

 Message Encoding (cont.)

2. Sixteen Feistel Rounds
• Each round uses a 48-bit subkey generated from the main 56-bit key.
• Each round performs the following steps:

1. Split the block into two halves: 2. Compute:

 Left half 𝐿𝑖 (32 bits) 𝐿𝑖+1 = 𝑅𝑖
 Right half 𝑅𝑖 ​ (32 bits) 𝑅𝑖+1 = 𝐿𝑖 ⊕ 𝑓 𝑅𝑖 , 𝑘𝑖
Where 𝑓 𝑅𝑖 , 𝐾𝑖 is a round function

15
 DES Encryption Process
 Message Encoding (cont.)
3. Round Function f(R, K):
• The most critical part of DES. It performs the following steps:
I. Expansion (E-box): Expands the 32-bit 𝑅𝑖 to 48 bits by duplicating some bits.

16
 DES Encryption Process

II. Key Mixing: XOR the

expanded 48-bit value with the
48-bit subkey 𝐾𝑖
III. Substitution (S-boxes): Divide
into eight 6-bit blocks. Each
block is mapped to a 4-bit
output using eight S-boxes
(Substitution boxes).
– S-boxes introduce non-
linearity and are the main
source of DES’s strength.

17
 DES Encryption Process

IV. Permutation (P-box): Rearranges the 32 bits from the S-boxes to produce
the final output of the round.

18
 DES Encryption Process

 Message Encoding (cont.)

4. Final Permutation (FP or IP⁻¹)
• After 16 rounds, the 𝐿16 and 𝑅16 are
concatenated reversely (𝑅16 𝐿16 ) and a final
permutation (the inverse of the initial
permutation) is applied to produce the 64-bit
ciphertext.

19
 Weaknesses of DES

• Short key length (56 bits):

– Vulnerable to brute-force attacks; can be cracked in hours using
modern hardware.
• Block size (64 bits):
– Too small for large-scale data encryption.

20
 When and How
DES was broken?
 DES’s ―break‖ happened in stages (theoretical weaknesses discovered first; practical
break by brute-force later).
 1980s–early 1990s — Cryptanalytic research exposes theoretical weaknesses.
 Differential cryptanalysis (developed by Eli Biham and Adi Shamir) and linear
cryptanalysis (developed by Mitsuru Matsui) showed that DES’s structure could be
attacked more efficiently than an exhaustive search in theory.
 Mid → late 1990s — Brute-force becomes practical.
 Distributed computing projects (volunteer efforts like distributed.net’s DES
projects) started searching the 56-bit keyspace in parallel across many machines.
 Custom hardware (―Deep Crack‖ machine in 1998) were built specifically to try
keys extremely quickly. Working together with distributed.net, such efforts
demonstrated a full key recovery in a short time, proving DES was no longer
secure for real use.
21
Triple Data Encryption
Standard (3DES)

22
 Overview of 3DES

 Developed by: IBM standardized by

NIST
 Key Size: 112 or 168 bits (depending on
keying option)
 Block Size: 64 bits
 Type: Symmetric-key block cipher
 Structure: Feistel Network
 Rounds: 48 total (16 × 3)
23
 Why Triple DES Was Needed

 The original DES used a 56-bit key, which became vulnerable

to brute-force attacks by the late 1990s.
 Replacing DES entirely required time and compatibility, so
Triple DES was introduced as a temporary solution that
strengthened DES without redesigning it.
 It uses DES three times on each data block to expand the
effective key length.
24
 How Triple DES Works

 Triple DES performs three DES operations — encryption,

decryption, and encryption — in sequence
 There are two main versions of 3DES:

25
 Advantages of 3DES

 Improved Security:
• Extends DES key length (112 or 168 bits), making brute-force
attacks impractical.
 Backward Compatibility:
• Systems using DES could be easily upgraded to use 3DES without
changing hardware.

26
 Disadvantages of 3 DES

❌ Slow Performance:
• Since it applies DES three times, encryption/decryption is about 3× slower
than DES.
• Not suitable for high-speed or resource-limited applications.
❌ Small Block Size (64 bits):
• Still vulnerable to birthday attacks on large volumes of data (like DES).
❌ Deprecation:
• NIST deprecated 3DES in 2017 for new applications and plans full
retirement by 2030.
• Replaced by AES (Advanced Encryption Standard).
27
Lecture End

28