A Block Cipher using an Iterative Method involving a Permutation

Transcription

1 Journal of Discrete Mathematical Sciences & Cryptography Vol. 18 (015), No. 3, pp DOI : / A Block Cipher using an Iterative Method involving a Permutation Lakshmi Bhavani Madhuri Susarla * SRM University Channai India S. Udaya Kumar MVSR Engineering, Nadergul Hyderabad India Abstract In this paper, we have developed a block cipher for a block of size 56 bits by using an iterative method involving a permutation. Here we have represented the plaintext as a matrix containing a pair of column vectors comprising binary bits. In the process of encryption, we have used a key matrix (K), which also consists of binary bits. For decryption, we have used the modular arithmetic inverse (K -1 ) of the key matrix K. In this, we have discussed the cryptanalysis, and have shown that the cipher cannot be broken by any cryptanalytic attack. Finally, the analysis of the cipher is extended to a block of size 11 bits. 1. Introduction In the development of cryptography, one of the earliest ciphers is Hill cipher [1]. In this, the key is taken in the form of a matrix, and the plaintext is taken in the form of a single column vector. The operation of the key matrix, on the column vector of the plaintext has resulted in the ciphertext when mod 6 is carried out. Following Hill, Feistel [-3] has made an attempt to develop a cipher, wherein both the key matrix and the plaintext vector contain binary bits, and mod operation is performed. However, he * susarla.lbmadhuri@gmail.com sudayakumar@mvsrec.edu.in

2 76 L. B. M. Susarla and S. U. Kumar has noticed that this cipher can be broken as it is quite similar to Hill cipher, which bears a linear relation between the plaintext and the ciphertext. In the present paper, our objective is to develop a block cipher, which cannot be broken by any cryptanalytic attack. In this, following Feistel, we have taken the key matrix and the plaintext matrix in terms of binary bits. Here, we have applied an iterative method, which involves repeatedly a permutation on the result obtained by the operation of the key matrix on the plaintext matrix. The iteration and the permutation relate the ciphertext C and the plaintext P through a set of nonlinear equations, which contain the elements of the key matrix K, the elements of the plaintext P, and mod. Thus in the present analysis, as the elements of the key matrix and the plaintext are thoroughly mixed several times, we have seen that the cipher cannot be broken by any cryptanalytic attack. In section of this paper, we have presented the development of the cipher. In section 3, we have designed algorithms for encryption, decryption and the modular arithmetic inverse of the key matrix, and have illustrated the cipher in section 4. Subsequently, we have discussed the cryptanalysis in section 5. In section 6, we have extended the cipher to a block of size 11 bits. Finally, we have shown the avalanche effect in section 7, and have drawn conclusions from the results obtained in this analysis in section 8..Development of the Cipher Let us consider a plaintext matrix P, given by P = [P ij ], i = 1 to n, j = 1 to, where the P ij are binary elements, i.e. either 0 or 1. Let K = [K ij ], i = 1 to n, and j = 1 to n, be an n x n matrix, in which all the K ij are binary elements. Let C = [C ij ], i = 1 to n, j = 1 to, be the corresponding ciphertext matrix. Let us denote the plaintext matrix P by P 0 (P P 0 ). On adopting an iterative method involving a permutation (which is explained below) on the product of the key matrix and the plaintext matrix, we can write the scheme of iteration for encryption as P r = [KP r-1 ] mod, for r =1 to m, (.1) where [ ] denotes the permutation, and m is the number of iterations. Thus we get P m. Then the ciphertext C is obtained as C = P m. (.) Let us now introduce the process of the permutation. Consider a matrix

3 A Block Cipher 77 x = [x ij ], i = 1 to n, j = 1 to. (.3) Let us assume that n is an even number. On permutation, [x ij ] assumes the form x x x n x x 11 1 x x ( 11 ) n1 x x n x 1 x 3 4 x ( 1 ) n (.4) Here it is to be noted that, on permutation, the first column of (x ij ) occupies the upper half of (.4), while the second column occupies the lower half of (.4). We have used this permutation in each of the iterations given by (.1). Let us now consider the process of decryption. The iterative procedure for the decryption is given by P r-1 = ]K -1 P r [ mod, i = m to 1, (.5) where ] [ denotes the reverse process of the permutation, and K -1 is the modular arithmetic inverse of K, satisfying the relations K -1 K mod = KK -1 mod = I. In the reverse process of the permutation, the matrix given by (.4) leads to the (x ij ) given by (.3). In this case any (y ij ) assumes the form y y y y y n y n y y y y yn y 11 (( n/ ) + 1) 1 1 (( n/ ) + 1) 1 (( n/ ) + ) (( n/ ) + ) ( / 1 ) 1 ( / ) n (.6)

4 78 L. B. M. Susarla and S. U. Kumar Here it is to be noted that on reverse permutation, the upper half of any (y ij ) occupies the first column of (.6), while the lower half occupies the second column of (.6). In what follows, we design algorithms for encryption, decryption and the modular arithmetic inverse of the key matrix K, denoted by K Algorithms 1.1 Algorithm for Encryption { 1. Read n, m, K and P 0. for r =1 to m { P r = [KP r-1 ] mod } 3. C = P m } 3. Algorithm for Decryption { 1. Read n, m, K and C. Find K -1 // K -1 is the modular arithmetic inverse of K with mod. 3. P m = C 4. for r = m to 1 { P r-1 = ]K -1 P r [ mod } 5. P = P 0 } 3.3 Algorithm for K -1 { 1. Let A = K. Find the determinant of A. Let it be denoted by.. Find the inverse of A. The inverse is given by A -1 = [ A ] ji i =1 to n, j = 1 to n, where A ij are the cofactors of a ij, which are elements of A, and is the determinant of A. 3. for i = 1 to n,

5 A Block Cipher 79 { if ((i ) mod N = 1) d = i; break; } 4. B = [da ji ] mod N. // B is the modular arithmetic inverse of A. } Here it is to be noted that the modular arithmetic inverse [4] of a matrix A exists only when A is non-singular, and is relatively prime to N. In the present analysis, we take N =, and obtain the modular arithmetic inverse of K such that KK -1 mod = K -1 K mod = I. 4. Illustration of the Cipher Let us take a key K 0 in the form K 0 = [65, 71, 95, 11, 48, 31, 99, 81, 1, 119, 3, 41, 37, 11, 114, 67, 87, 105, 117, 115, 17, 31, 118, 116, 14, 113, 98, 35]. (4.1) This consists of 8 numbers. We arrange these numbers in the form of a 14 matrix, wherein the first row contains the first two numbers (65 and 71), the second row contains the next two numbers (95 and 11), and so on. Then on converting each number into its binary form, consisting of seven bits, we get a matrix given by Q = (4.)

6 80 L. B. M. Susarla and S. U. Kumar Then the key matrix K can be written in the form Q R K = Y Z, (4.3) where R is obtained by interchanging the first and the last rows of Q, the second and last but one rows of Q, and so on. The matrix Y is obtained by making the last column of Q as the first row of Y, the last but one column of Q as the second row of Y, and so on. Here Z = Q T, where T denotes the transpose of the matrix. Thus we have K = (4.4) Consider the plaintext: Start the war as soon as the battalion arrives. (4.5) Let us focus our attention on the first eight characters, namely, Start /b th. Then on using the ASCII code, the plaintext - Start /b th, under consideration can be written as the matrix P 0 given by

7 A Block Cipher (4.6) On using the encryption algorithm (see section 3.1), and taking m = 8, i.e. carrying out twenty-eight iterations, together with the permutation, we get the corresponding ciphertext in the form (4.7) On using the algorithm for the modular arithmetic inverse, described in section 3.3, we obtain T T K -1 = (4.8) Here, the determinant of K denoted by = This is relatively prime to. From (4.4) and (4.8), it can be readily seen that KK -1 mod = K -1 K mod = I.

8 8 L. B. M. Susarla and S. U. Kumar On using the K -1 given in (4.8), and the ciphertext given in (4.7), we apply the decryption algorithm, described in section 3., and obtain the plaintext - Start /b th. 5. Cryptanalysis In developing the cipher, we have taken a key K 0, given by (4.1), containing 8 numbers. On using this key we have formed Q, with the help of which we have generated the key matrix K. Thus, the key space for the key under consideration is 196 (since Q is of size 14 14). As 196 ( 10 ) , the cipher cannot be broken by brute force attack. Now let us consider the known plaintext attack. Here we have as many plaintext-ciphertext pairs as we require. From the equation (.1), we get P 1 = [KP 0 ] mod. (5.1) P = [KP 1 ] mod = [K [KP 0 ] mod ] mod = [K [KP 0 ] ] mod. (5.) Similarly, we obtain P 3 = [KP ] mod = [K [K [KP 0 ] ] ] mod. (5.3) P m = [K [K [... [KP 0 ]... ] ] ] mod. (5.4) From (.) and (5.4), we obtain C = P m = [K [K [... [KP 0 ]... ] ] ] mod. (5.5) When m = 1, i.e. when there is only one iteration, equation (5.5) reduces to the form This equation can be rewritten as C = [KP 0 ] mod. (5.6) ]C[ = KP 0 mod, (5.7) As equation (5.7) is a linear equation, the cipher can be broken by the known plaintext attack by adopting the same procedure applied in the case of Hill cipher.

9 A Block Cipher 83 In the absence of the permutation, i.e. only when iterations are present, equation (5.5) reduces to the form This equation can be written as C = K m P 0 mod. (5.8) C = L P 0 mod. (5.9) As (5.9) is similar to that of Hill cipher, in this case also, the cipher can be broken by the known plaintext attack. Now, let us consider the case m =. C = [K [KP 0 ]] mod. (5.10) The right hand side of this equation can be written as follows. Here K1j Pj1 K1j Pj K j Pj1 K j Pj Knj Pj1 Knj P j (5.11) where the repeated subscript j indicates the summation of all the n - terms arising due to different values of j. For example, K1jPj1 = K1j Pj1. Now in view of the permutation given by (.4), we get n j= 1 K P K P K P K P [KP 0 K( n 1) jpj1 KnjPj1 ] = K P K P 1j j1 j j1 3j j1 4 j j1 K3 jp K P K P K P 1j j j j j j j ( n 1) j j nj j (5.1)

10 84 L. B. M. Susarla and S. U. Kumar Let us rewrite the above equation as Thus we have [KP 0 ] = S S Sn S 11 1 S 1 S 1 n (5.13) K S K S K S K S [K[KP 0 K( ) S K S ]] = K S K S 1j j1 j j1 3j j1 4 j j1 n 1 j j1 nj j1 K3 js K S K S K S 1j j j j j j j ( n 1) j j nj j (5.14) Then from (5.10) and (5.14), we have K S K S K S K S K( ) S K S C = K S K S 1j j1 j j1 3j j1 4 j j1 n 1 j j1 nj j1 K3 js K S K S K S 1j j j j j j j ( n 1) j j nj j (5.15) From the equation (5.11), it is obvious that KP 0 can be decomposed into K and P 0. On the other hand, from the equation (5.1), we find that [KP 0 ] cannot be written explicitly in terms of K and P 0 as the elements of K and P 0 are thoroughly mixed by the permutation. From the equations (5.1) to (5.15), when m =, and n = 4, we get eight equations connecting the elements of C and P 0, and involving mod (see equation (7) of appendix). In these equations, each coefficient of the elements of P 0 is a quadratic expression containing the elements of K. From the analysis given at the end of the appendix, we have obtained sixty-four nonlinear equations containing the elements of K. In a similar manner,

11 A Block Cipher 85 finally, on considering the m-th iteration, we get n equations connecting the C and P 0. In these equations, each coefficient of the elements of P 0 is an m-th degree expression involving the elements of K. In the illustration of the cipher given in section 4, we have n = 8. Thus we get fifty six equations given by C = DP 0 mod, (5.16) wherein D is a matrix of size Thus by adopting the same procedure described in the appendix, we get 3136 nonlinear equations of degree 8 in terms of the elements of the key matrix K. As these equations do not lead to a solution, the cipher cannot be broken by the known plaintext attack. 6. Modification of the cipher for a larger block size In section 4, we have taken the block size as fifty-six binary bits. As this is a small one, let us now consider a block of size 11 bits. Let the plaintext under consideration be Start /b th. (6.1) The modifications in the process of the encryption and the process of the decryption are represented by the schematic diagrams shown in Fig.1 and Fig. respectively. In Fig.1, we have taken a block of 11 bits, corresponding to the plaintext under consideration, as input. This is represented as W and is divided into two halves. The left W is encrypted by using the procedure described in section 3.1. The same procedure is used for the right W also. Then the resulting ciphertexts of the left W and the right W are interlaced as follows. The first bit of the right W is placed next to the first bit of the left W, the second bit of the right W is placed next to the second bit of the left W, and this process is continued until all the bits in both the Ws are exhausted. Thus we get 11 bits. The above iterative process is performed sixteen times. We now get ultimately a ciphertext of 11 bits. On adopting the above procedure on the plaintext - Start /b the /b war /b as, after performing sixteen iterations, we get the ciphertext given by

12 86 L. B. M. Susarla and S. U. Kumar Figure 1 Process of Encryption for 11 bits Plaintext (6.) In the process of decryption (see Fig.) the ciphertext of 11 bits is supplied as input, and is represented as W. Here the W bits are decomposed into two halves (left W and right W) as follows. We place the first bit of the W as the first bit in the left W, the second bit of the W as the first bit in the right W, the third bit of the W as the second bit in the left W, the fourth bit of the W as the second bit in the right W, and so on. This iteration process is carried out for sixteen times. Thus we get back the plaintext of 11 bits. T 7. Avalanche Effect Consider the plaintext - Start /b the /b war /b as. Let us now change the first character S by T. This changes the plaintext by one bit. We now use the key matrix given by (4.4), and apply the encryption procedure described in section 3. Thus we obtain the corresponding ciphertext given by

13 A Block Cipher 87 Figure Process of Decryption for 11 bits Ciphertext (6.1) On comparing the ciphertexts given by (4.7) and (6.1), we notice that they differ in fifty-nine (59) bits. This shows that the algorithm exhibits a strong avalanche effect. Now, let us change the key by one bit i.e. by replacing 48 by 50 in the key given by (4.1). The key now assumes the form [65, 71, 95, 11, 50, 31, 99, 81, 1, 119, 3, 41, 37, 11, 114, 67, 87, 105, 117, 115, 17, 31, 118, 116, 14, 113, 98, 35]. (6.) Here, the ciphertext corresponding to the plaintext - Start /b the /b war /b as, is given by T (6.3) T

14 88 L. B. M. Susarla and S. U. Kumar From (4.7) and (6.3) we find that they differ in sixty-one (61) bits. This once again shows that the algorithm has a pronounced avalanche effect. 8. Computational Experiments and Conclusions In this paper, we have developed a block cipher for a block of size 56 bits and extended the analysis to a block of size 11 bits. In this, we have taken a secret key K 0 containing twenty-eight numbers, wherein each number can be represented in the form of seven binary bits. On using this key we have formed a matrix of size 8 8, which is called as key matrix. Here, we have implemented the encryption and the decryption algorithms in C language. The results obtained in this analysis are presented in Fig. 3. Plaintext: Start the war as soon as the battalion arrives. Ciphertext: T Figure 3 Plaintext and Ciphertext pair As the process of the permutation has led to a thorough mixing of the key and the plaintext, we conclude that the cipher is a very strong one and it cannot be broken by any cryptanalytic attack.

15 A Block Cipher 89 Appendix For simplicity, let us take n = 4, and focus our attention on the second iteration (m = ). Let the key matrix under consideration be K = K ij, i = 1 to 4, j = 1 to 4. Then KP 0 = K K K K K K K K K K K K K K K K P11 P1 P1 P. (1) P P 31 3 P41 P4 Performing permutation on the resultant of KP 0, we get where [KP 0 ] = X X X X X 11 1 X 1 X 31 3 X 41 4, () X11 = K11 P11 + K1 P1 + K13 P31 + K14 P41 X1 = K1 P11 + K P1 + K3 P31 + K4 P41 X1 = K31 P11 + K3 P1 + K33 P31 + K34 P 41 X = K41 P11 + K4 P1 + K43 P31 + K44 P41 X31 = K11 P1 + K1 P + K13 P3 + K14 P4 X3 = K1 P1 + K P + K3 P3 + K4 P 4 X41 = K31 P1 + K3 P + K33 P3 + K34 P4 X4 = K41 P 1 + K4 P + K43 P3 + K44 P4 (3) Then we get where [K [KP 0 ]] = S S S S S S S S (4)

16 90 L. B. M. Susarla and S. U. Kumar S11 = K11 X11 + K1 X1 + K13 X31 + K14 X 41 S1 = K1 X11 + K X 1 + K3 X31 + K4 X41 S1 = K31 X11 + K3 X1 + K33 X31 + K34 X 41 S = K41 X11 + K4 X1 + K43 X31 + K44 X 41 S31 = K11 X1 + K1 X + K13 X3 + K14 X 4 S3 = K1 X1 + K X + K3 X3 + K4 X 4 S41 = K31 X1 + K3 X + K33 X3 + K34 X 4 S4 = K41 X 1 + K4 X + K43 X3 + K44 X4 In view of the equations (5.) and (5.5), as m =, we have (5) From the equations (3) to (6), we get C ij = S ij, i = 1 to 4, j = 1 to 4. (6) C C C C C C C C where D11 D1 D13 D14 D15 D16 D17 D18 D1 D D3 D4 D5 D6 D7 D8 D31 D3 D33 D34 D35 D 36 D 37 D = D D D D D D D D D51 D5 D53 D54 D55 D56 D57 D 58 D 61 D 6 D 63 D 64 D 65 D 66 D 67 D 68 D 71 D7 D73 D74 D75 D76 D77 D 78 D81 D8 D83 D 84 D 85 D 86 D 87 D 88 P11 P1 P 1 P P 31 P3 P 41 P 4 mod. (7)

17 A Block Cipher 91 D = ( K + K K D = ( K K + K K D = ( K K + K K D = ( K K + K K D = ( K K + K K31 D16 = ( K13 K1 + K14 K D17 = ( K13 + K14 K33 D18 = ( K1 3 K14 + K14 K34 D = ( K K + K K D = ( K K + K K D3 = ( K1 K13 + K K33 D4 = ( K1 K14 + K K3 4 D = ( K K + K K D = ( K K + K K D7 = ( K13 K3 + K4 K33 D8 = ( K3 K14 + K4 K34 D31 = ( K11 K31 + K3 K31 D3 = ( K31 K1 + K3 D = ( K K + K K D = ( K K + K K D = ( K K + K K D = ( K K + K K D = ( K K + K K D = ( K K K34 D41 = ( K41 + K4 K31 D4 = ( K41 K4 + K3 K4 D = ( K K + K K D = ( K K + K K D = ( K K + K K D = ( K K + K K D = ( K K K K D = ( K K + K K = ( D5 = K11 K + K1 K4 D K K K K ( D53 = ( K11 K3 + K1 K43 D5 4 = ( K11 K4 + K1 K44 D55 = ( K13 K1 + K14 K41 D56 = ( K 13 K + K 14 K 4 D = ( K K + K K D = ( K K + K K D = ( K + K K D = ( K K + K K D = ( K K + K K D = ( K K + K K D = ( K 3 K 1 + K 4 K 41 D 66 = ( K 3 K + K 4 K 4 65 D K K 67 = ( K43 D68 = K3 K4 + K4 K44 ( D71 = ( K1 K31 + K3 K41 D7 = ( K31 K + K3 K1 D73 = ( K31 K3 + K3 K43 D74 = ( K 31 K 4 + K 3 K 44 D = ( K K + K K D = ( K K + K K D = ( K K + K K D = ( K K + K K D = ( K K + K K D = ( K K + K D = ( K K + K K D = ( K K + K K D = ( K K + K K D = ( K K + K K ) D = ( K K + K K D = ( K K + K ) (8)

18 9 L. B. M. Susarla and S. U. Kumar On using seven more pairs of plaintext and ciphertext, we can form an equation of the form Y = DX mod, (9) where X contains all the eight columns of the plaintext and Y contains all the eight columns of the ciphertext. On obtaining the modular arithmetic inverse of X and operating on both sides of the equation (9), we get D = X -1 Y mod. (10) It is to be noted that each one of the elements of D is either 0 or 1. Thus we get, sixty-four equations of the form D ij = e, i = 1 to 8, j = 1 to 8, (11) where e = 1 in some of the equations and 0 in the remaining (as obtained from the equation (9)). In these equations, the unknowns are K ij, i = 1 to 4, j = 1 to 4, which are sixteen in number. Here, we have sixty-four nonlinear equations containing sixteen unknowns. It is possible to solve these equations by trial and error, substituting 1 or 0 for each variable; but it is impossible to find a unique solution for K ij as we have a nonlinear system of equations. References [1] William Stallings, Cryptography and Network Security: Principles and Practices, Third edition, Chapter, pp.37. [] Feistel, H. Cryptography and Computer Privacy, Scientific American, vol. 8, No. 5, pp.15-3, [3] Feistel, H., Notz. W., and Smith, J. Some Cryptographic Techniques for Machine-to-Machine Data Communications, Proceedings of the IEEE, vol. 63, No. 11, pp , Nov [4] V. U. K. Sastry, V. Janaki, On the Modular Arithmetic Inverse in the Cryptology of Hill Cipher, Proceedings of North American Technology and Business Conference, September 005, Montreal, Canada. Received August, 01

19 Copyright of Journal of Discrete Mathematical Sciences & Cryptography is the property of Taylor & Francis Ltd and its content may not be copied or ed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or articles for individual use.