Two-Key Dependent Permutation for Use in Symmetric Cryptographic System

Kuppusamy, Arulmani; Pitchai Iyer, Swaminathan; Krithivasan, Kannan

doi:https://doi.org/10.1155/2014/795292

Mathematical Problems in Engineering

On this page

Abstract Introduction Materials and Methods Results and Discussion Conclusion References Copyright Related Articles

Research Article | Open Access

Volume 2014 | Article ID 795292 | https://doi.org/10.1155/2014/795292

Two-Key Dependent Permutation for Use in Symmetric Cryptographic System

Arulmani Kuppusamy,¹Swaminathan Pitchai Iyer,²and Kannan Krithivasan³

Academic Editor: Cheng Shao

Received23 Jun 2014

Revised30 Aug 2014

Accepted30 Aug 2014

Published02 Oct 2014

Abstract

This paper deals with a two-key based novel approach for generating a permutation table that can be used in a symmetric cryptographic system to cause diffusion. It also discusses how the permutation table generated using the approach can be applied to character based encryption and binary data block produced at intermediate stages by symmetric cipher algorithms. It also describes the effect of our approach on characters of intermediate text as well as on bits of binary data block along with the impact of a single bit change in key information on producing permutation sequences applied to plaintexts to produce ciphertexts. The results are satisfactory and the proposed approach can be employed in any symmetric block cipher algorithm that uses the predefined permutation tables.

1. Introduction

The substitution and permutation processes play a very important role in causing confusion and diffusion in the text blocks being generated in various rounds of Feistel or SPN based ciphers. Many of the symmetric block ciphers use identical rounds of substitution and permutation processes in each encryption round with a subkey generation function to generate a different round key for use in each round. The algorithms like DES [1] use predetermined substitution and permutation boxes and others like Blowfish block cipher [2], Khufu algorithm [3], and Twofish [4] utilize the dynamic substitution and permutation boxes. To develop better insight of the work, the terminology and concepts related to cryptography with respect to the work and the description of our algorithm for generating permutation table with a required size are presented in the following section.

2. Materials and Methods

2.1. Functions

A function from set to set is denoted by . If , then a preimage is an element for which . The set of all elements in which have at least one preimage is called the image of . The various types of functions are [5].

2.1.1. Permutation

A permutation on , finite set of elements, is a bijection from to itself. It is denoted by . We will have permutations on a set of elements.

2.1.2. Bijection Function

If a function is one-to-one and onto, then is called a bijection or one-to-one correspondence.

2.1.3. One-to-One Function

A function is one-to-one (injective) function if each element in is related to a different element in .

2.1.4. Onto Function

A function is said to be onto (surjective) if, for every element in , there is an element in such that . The definition can be restated as a function is onto when its image equals its range.

2.1.5. Inverse Function

If is a bijection from to then there exists a bijection from to such that, for each , holds where and . The function derived from is called the inverse function of and is denoted by .

2.2. Symmetric Cryptographic Schemes

Cryptography is the study of schemes used for encryption [6] and mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication [5]. The scheme defines a cryptographic system or a cipher that can be used to enable two people, usually referred to as Alice and Bob, to communicate over an insecure channel that could be a telephone line or computer network, without giving chances to understand the scrambled text of what is being sent or guess the key used for transformation of the original text.

The message Alice wants to send is called the plaintext and the scrambled message which Bob receives is called the ciphertext. The plaintext and ciphertext are written in some alphabet consisting of a certain number of letters including numerals, blanks, punctuation marks, or any other symbols that we use when writing the messages [7].

Alice uses a precomputed key to encrypt the plaintext and sends the ciphertext to Bob over the channel. Only Bob, who knows the encryption key, can decrypt the ciphertext and reconstruct the plaintext.

If Alice and Bob use the same key, the system is referred to as symmetric or conventional encryption. The system is called asymmetric when they use different keys.

Block ciphers and stream ciphers are the two kinds of symmetric-key encryption schemes. A Block cipher processes a block of plaintext at a time to produce a ciphertext block of equal length. On the other hand a stream cipher processes a digital data stream one bit/byte at a time. Many symmetric block encryption algorithms are based on Feistel structure. Such a structure consists of a number of identical rounds of processing involving substitution followed by a permutation [6]. Block ciphers are categorized into substitution ciphers and transposition ciphers. Since their results are in the set of all permutations on the alphabet set , we present the following known definitions to facilitate better understanding of the role of permutations in the substitution and transposition ciphers.

2.2.1. Substitution Ciphers

In substitution, the letters of plaintext are replaced by other letters or by numbers or symbols. If the plain text is a binary block, substitution involves replacing plaintext bit patterns with cipher bit patterns one bit or a binary block as whole at a time.

Let be an alphabet of symbols and be the set of all strings of length over . Let be the set of all permutations on the set . for each an encryption transformation is defined as [5] The inverse permutation and are computed to decrypt . is called a simple substitution cipher.

Some examples of substitution ciphers are Caesar cipher, monoalphabetic substitution cipher, play fair cipher, hill cipher, and polyalphabetic substitution ciphers.

When a random substitution is performed over the 26-letter English alphabet, dramatic increase in key space is obtained by permuting the elements of the alphabet randomly. The encrypted text will be any permutation of the 26 alphabetic characters from the set of permutations making it difficult for cryptanalysis [6].

The ciphers are easy to break since they are monoalphabet based and they reflect the frequency details of the original alphabet. Multiple substitutes for a single letter can be a counter measure in this case. Some multiletter substitution ciphers are Playfair and Hill ciphers, Vigenère cipher, autokey system, and so forth.

Even Vigenère cipher is vulnerable to cryptanalysis. Because the key and the plaintext share the same frequency distribution of letters, a statistical technique can be applied.

The Playfair cipher is relatively easy to break, because it still leaves much of the structure of the plaintext language intact. A few hundred letters of ciphertext are generally sufficient. Although the Hill cipher is strong against a ciphertext-only attack, it is easily broken with a known plaintext attack [6].

2.2.2. Transposition Ciphers

In this, a very different kind of mapping is achieved by performing some sort of permutation on the plaintext letters. Let be the block length and be the set of all permutations on the set . For each an encryption transformation is defined as [5] The set of all such transformations is called a simple transposition cipher. The decryption key corresponding to is the inverse permutation . is computed to decrypt .

2.3. Substitution and Permutation Related Works

The modern design of block ciphers is based on the concept of an iterated product cipher. They improve security effectively by combining substitutions and permutations [8]. Both substitution and permutation are added to the encryption in a round [5] to cause confusion and diffusion, respectively, and represent the two basic building blocks for any cryptographic system [8] to thwart statistical cryptanalysis.

In diffusion, the statistical structure of the plaintext is so distributed across the ciphertext that each plaintext element affects the value of many ciphertext elements or vice versa. Diffusion is achieved by repeatedly performing some permutation on the elements of the plain text so as to prevent the cryptanalyst to infer the key. But in confusion relationship between the ciphertext and the key value is hidden to determine the key [6].

Substitution operation is constructed as a box with input bits and output bits. One noticeable characteristic of the -box is its size. Larger -boxes are generally more immune to differential and linear cryptanalysis [6] but require more lookup overhead and careful design.

-boxes can be a precomputed one or built with a predetermined key. The static -boxes are vulnerable to differential cryptanalysis [9] and linear cryptanalysis [10] and cryptographically insignificant but key dependent -boxes are insusceptible to these attacks.

Block ciphers like DES [1] and CAST-128 [11] use the precomputed -Boxes. Blowfish block cipher [2], Khufu algorithm [3], and Twofish [4] employ key dependent -Boxes. While some others, like GOST [12], utilize variable -boxes. Permuting bits of plaintext using key will make the cryptanalysis difficult.

A substitution and diffusion based new image 128-bit key encryption scheme proposed in [13] divides an image into several key based dynamic blocks and each block passes through the eight rounds of diffusion for rearranging sequences of block pixels and substitution process to replace block pixels with that of another using row-column difference computation.

A fast permutation algorithm to generate key-dependent -box and key-dependent -Box has been discussed in [14] to protect its internal structure so as to resist the linear and differential cryptanalysis in a few round encryptions. In [15], the modified Rijndael algorithm that constructs the -boxes defined over GF () has been discussed. Each one of the small -boxes has different equation and each equation is extracted by using one of the three irreducible polynomials existing in GF ().

Dynamic -box generation using RC4 algorithm, well known stream cipher, for Advanced Encryption Standard and for AES-128 has been described in [16] and [17], respectively. An -box generation method through compositions of permutations from some fixed set using random bijective methods has been discussed in [18]. Pseudorandom -boxes generated using a secret key for AES Block cipher has been described in [19]. Cryptographically key-dependent -box design using a four-dimensional hyperchaotic Chen system and its suitability for designing block cipher with dynamic -boxes satisfying the -box design criteria is suggested in [20].

In all the works above, permutations have been used to prevent cryptanalysis.

2.4. Two-Key Dependent Permutation Algorithm

The algorithm consists of the following major steps.

Step 1 (Initialization). This step initializes the variables and with 1 and which is the product of and . We initialize set where size denotes the number of letters/bits in the given text block. Initially, is empty.

Step 2 (Generation). It generates and adds them to . During each iteration new values for , and are computed.

Step 3 (Replacement). It locates for duplicate elements in the set generated in the previous step and replaces them with −1.

Step 4 (Unique Set Construction). It constructs a unique set of positive integers.

Step 5 (Set Difference Operation). This step produces a set consisting of elements that are in but not in .

Step 6 (Sorting). It sorts the elements of the set in descending order.

Step 7 (Placement). As the elements of are scanned from left to right, −1 s and 0 s are replaced by successive elements of . This process is repeated until the last occurrence of −1 or 0 is replaced with the last element of the set . The set is, now consisting of elements from 1 through size but permuted in some order which depends on and values.

Algorithm 1. 2KDP (size, , )(1)Initialize: (2)Generate a set of elements for to size: (3)Replace duplicate elements in by .(4)Let denote the number of elements in where .(5)Create a unique set with elements that satisfy : (6)Construct a missing element set with elements using set minus operation: (7)Sort the elements of set in descending order.(8)Replace all with successive elements of .

Example 2. The algorithm is illustrated with an example.
Inputs(1)Initialization as follows: (2)Generating the set using the second step as follows: (3)Replacing duplicates by in as follows: (4)Building a unique set with elements as follows: (5)Sorting the elements of missing element set as follows: (6)Final permuted set as follows:

3. Results and Discussion

This section discusses how the results of the algorithm can be applied to text composed of characters (Character Based Permutation) and bits of binary data block (Binary Based Permutation).

3.1. Character Based Permutation

Let be the text of length (in characters), size. Let be set of values representing positions of letters in . There are size! ways in which letters of can be permuted. Given that text = abcdefgh, the positional set consists of values in the range from 1 through size. Table 1 shows the positions of letters in the text .

The 2KDP algorithm with input size = 8 generates the permutations for various values of and , as shown in Table 2 and Figure 1 shows their deviations from the original one.

How the permutations through applied to message permute elements in can be understood from Table 3.

By choosing the appropriate values for and the algorithm generates permutations that affect positions of all the characters making up the message .

For example, for a set of 4 different values of and , Table 4 shows permutations generated by the algorithm and it can be seen from Table 5 that the permutations have affected all the characters’ positions in the message with size = 8.

3.2. Binary Based Permutation

In the binary based permutation, characters in the message are represented as their 8-bit binary equivalents as shown in Figure 2.

Since the message consists of 8 characters, the size of the entire message is 64 bits. The binary representation of the message is 0110000101100010011000110110010001100101011001100110011101101000 and denoted by the letter .

A permutation table can be generated by using the 2KDP algorithm with a size equivalent to number of bits of the message . The permutation table thus generated will consist of 64 entries that indicate how the bits of the binary block related to the message should be permutated.

Table 6 shows the initial position of bits of binary data block for the message . Four 64-bit permutation tables constructed using different values of and are shown in Tables 7 through 10. The permutations graphs shown in Figures 3, 4, 5, and 6 help understanding the amount of deviations they have with respect to one another.

By using the permutations tables (see Tables 7, 8, 9, and 10) produced for four different values of and , the bits of the text are rearranged and the results are shown in hexadecimal representation in Tables 11, 12, 13, and 14.

The effectiveness of the algorithm on binary bits of the text and how it affects the various binary bits of the text can be understood from Table 15. The bits of the given text are XORed with permuted output to count the number of bits affected due to the permutation algorithm. If the bit in the text matches with the bit in the permuted output, the bit in the text is not affected. Otherwise the bit in the text is affected. Table 16 shows the number of bits affected after XORing the permuted output obtained by applying the permutation table tables (see Tables 7, 8, 9, and 10) on bits in the given text with original bit stream of the given text.

3.3. Cryptanalysis of the Algorithm

In this section, we discuss the worthiness of our algorithm after having applied different and values and tested its results on texts. When the algorithm is applied on two different plaintexts that differ in a single bit with same keys and , the cipher texts will also differ in a single bit. For example, for the two plain texts : abcdefgh and : ibcdefgh, the algorithm with and results in two different ciphertexts C1: 52d2ced2e8925c82 and C2: 52d2cfd2e8925c82, respectively, as shown in Table 17. Table 18 shows all the texts varying in single bit and its corresponding permuted texts that also differ in a single bit.

Given two cipher texts of two different plaintexts varying in single bit or more make the cryptanalyst hard to deduce the keys. Since the key space is huge for an adversary to choose keys from, it makes the cryptanalysis somewhat difficult. We have found that it is possible to have the same permutation sequence for different values of keys if the number of bits to be permuted is less. For example, the key pairs (251, 53) and (59, 53) applied to the algorithm with size = 8 will generate the same permutation sequence which is not desirable. So, the algorithm with less size value can be used to generate one time key, which is shorter, for authentication purpose. If the size is larger than at least 64 bits, the chances for generating the same permutation sequence are remote and therefore it requires tremendous efforts.

The algorithm can be iterated with different key pairs. Each iteration results in a permutation sequence. A permuted text obtained in the first iteration can be made secure by applying it to a permutation sequence generated in the successive rounds with different key pairs. Thus, the resultant permuted text is so secure that it increases the time required to decipher it. For example, the ciphertext C1: 52d2ced2e8925c82 formulated with permutation produced with keys and by the algorithm for the plaintext : abcedefgh can be made secure by subjecting it to any number of rounds with different values of and . Suppose the algorithm generates the following permutation sequence with and : When is applied to the above permutation sequence, it results in a secure ciphertext : ac692c218b43d3a5. The number of bits that differ in as compared to and is 40 and 34, respectively. This leads to a good impact. One of the known weaknesses of the algorithm is that if the same letter or bit (0/1) makes up a plaintext, the permutation sequence generated by the algorithm will not be useful because even after its application on the plaintext the permuted plaintext is the same as the original plaintext.

Suppose when the algorithm is used on plaintext of characters/bits, the brute force attack requires attempts to break the cipher text (if the algorithm is used for encryption). The more the size of bits, the greater the time required for a brute force attack by an opponent.

We have also applied and values varying in single bit to our algorithm. By applying a set of values (251, 59, 91, 107, 115, 127, 121, 122), all varying in single bit with no change in to the algorithm, it creates different permutation sequences that can be used for producing different permuted texts (see Tables 19 and 20). All the permuted texts are shown in hexadecimal representation.

It can be noted that it produces a good avalanche effect. Similarly, we also tried different values (185, 121, 25, 41, 49, 61, 59, 56) that differ in single bit but with (refer to Table 22) to generate the permuted texts as shown in Table 21.

Table 23 shows permuted texts after having applied permutation sequences on constructed by the algorithm for various values of (251, 59, 91, 107, 115, 127, 121, 122) which we obtained by changing one bit of . Similarly for (see Table 24).

The algorithm has also produced a good effect even after having swapped and values applied to it (see Table 25).

The power of the algorithm lies in constructing permutation/substitution tables of any size using key information derived from plain text/key blocks. Instead of predefined -Boxes and -Boxes used with some symmetric block ciphers to achieve an avalanche effect that makes the relationship between plaintext and ciphertext complex at each round during encryption process, the same effect can be realized if we generate these tables dynamically based on the information available during rounds of encryption at runtime. Making a single bit change in any of the key values , , or both has resulted in a permutation sequence that can be applied to intermediate ciphertexts to achieve good confusion and diffusion. The results of the algorithm are satisfactory that it can be used with symmetric crypto systems like DES for generating substitution/permutation tables dynamically.

4. Conclusion

The two-key dependent permutation algorithm generates a permutation table based on two keys. The good choice of key values enables algorithm to construct a permutation table that will disturb positions of all characters/bits making up a given message. The results show that the 2KDP algorithm can also be used with Feistel based symmetric block ciphers. We have also shown how a single bit change in any of the two keys or both will produce a permutation table that brings in drastic impact on complicating the relationship between plaintext and ciphertext after its application on plain text.

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

References

National Bureau of Standards, “Data encryption standard,” Tech. Rep. 46, U.S. Department of Commerce, FIPS Publication, 1977.
View at: Google Scholar
B. Schneier, “Description of a new variable-length key, 64-bit block cipher (Blowfish),” in Proceedings of the Fast Software Encryption, Cambridge Security Workshop, pp. 191–204, Springer, 1993.
View at: Google Scholar
R. C. Merkle, “Fast software encryption functions,” in Advances in Cryptology—CRYPTO '90 Proceedings, vol. 537, pp. 476–501, Springer, 1991.
View at: Publisher Site | Google Scholar
B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson, The Twofish Encryption Algorithm: A 128-Bit Block Cipher, John Wiley & Sons, New York, NY, USA, 1999.
A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996.
W. Stallings, Cryptography and Network Security, Prentice Hall, New York, NY, USA, 2011.
N. Koblitz, A Course in Number Theory and Cryptography, Springer, New York, NY, USA, 1994.
View at: MathSciNet
C. E. Shannon, “Communication theory of secrecy systems,” The Bell System Technical Journal, vol. 28, no. 4, pp. 656–715, 1949.
View at: Publisher Site | Google Scholar | MathSciNet
E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer, 1993.
View at: Publisher Site | MathSciNet
M. Matsui, “Linear cryptanalysis method for DES cipher,” in Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques (EUROCRYPT ’93), pp. 386–397, Springer, 1993.
View at: Google Scholar
C. M. Adams and S. E. Tavares, “Designing S-boxes for ciphers resistant to differential cryptanalysis,” in Proceedings of the 3rd Symposium on State and Progress of Research in Cryptography, pp. 181–190, Rome, Italy, February 1993.
View at: Google Scholar
GOST 28147-89,Cryptographic Protection for Data Processing Systems, Cryptographic Transformation Algorithm, Government Standard of the U.S.S.R., Inv. No. 3583, UDC 681.325.6:006.354. (Russian).
N. K. Pareek, V. Patidar, and K. K. Sud, “Substitution-diffusion based image cipher,” International Journal of Network Security & Its Applications, vol. 3, no. 2, 2011.
View at: Google Scholar
R. Zhang and L. Chen, “A block cipher using key-dependent S-box and P-boxes,” in Proceedings of the IEEE International Symposium on Industrial Electronics (ISIE '08), pp. 1463–1468, Cambridge, UK, July 2008.
View at: Publisher Site | Google Scholar
H. M. El-Sheikh, O. A. El-Mohsen, T. Elgarf, and A. Zekry, “A new approach for designing key-dependent S-box defined over GF (2⁴) in AES,” International Journal of Computer Theory and Engineering, vol. 4, no. 2, pp. 158–164, 2012.
View at: Google Scholar
Abd-ElGhafar, A. Rohiem, A. Diaa, and F. Mohammed, “Generation of AES key dependent S-boxes using RC4 algorithm,” in Proceedings of the 13th International Conference on Aerospace Sciences & Aviation Technology (ASAT '13), May 2009.
View at: Google Scholar
E. M. Mahmoud, A. Abd El Hafez, T. A. Elgarf, and A. Zekry, “Dynamic AES-128 with key-dependent S-box,” International Journal of Engineering Research and Applications, vol. 3, no. 1, pp. 1662–1670, 2013.
View at: Google Scholar
D. Lambić and M. Živković, “Comparison of random S-box generation methods,” Publications de l'Institut Mathematique, vol. 93, no. 107, pp. 109–115, 2013.
View at: Publisher Site | Google Scholar | MathSciNet
K. Kazlauskas and J. Kazlauskas, “Key-dependent S-box generation in AES block cipher system,” Informatica, vol. 20, no. 1, pp. 23–34, 2009.
View at: Google Scholar
J. Peng and S. Jin, “Designing key-dependent S-boxes using hyperchaotic chen system,” in Proceedings of the International Conference on Information Engineering and Applications (IEA '13), vol. 216 of Lecture Notes in Electrical Engineering, pp. 733–740, 2013.
View at: Google Scholar

Copyright

Copyright © 2014 Arulmani Kuppusamy et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

4674

Downloads

914

Citations