Random Key Encryption a New Cryptographic Scheme

Muhammad Shafeeq Mehr Yahya Durrani Ifraseab Afzal

Institute of Mgt. Sc. Peshawar

the shafig(&hotmnail. corn

CECOS University Peshawar

mehr7/8pk(&yahoo&com

ifraseabafzal(dyahoo. orn
comparisons
with

MA.J. UIslamabad

Abstract
major challenges in computing. Among them
Data Security has become one of the

details of new scheme and its other schemes.

Cryptography is one of the various methods in Data Security, although many algorithms of cryptography are in use since long but every algorithm has its own set of problems. Similarly all these algorithms have broken up by hackers. An algorithm which is safe with minimalproblems is yet to be developed For the development of such an algorithm one should understand the strengths and weaknesses of current algorithms. This paper discusses various problems of the existing cryptographic schemes and proposes a new scheme RKE.

1. Digital Encryption Standard (DES)

Digital Encryption Standard simply known as DES is a relatively old standard adopted in 1976 by National Security Agency of US Government. Since then it is in use in commercial applications and though DES has now become obsolete and it is proven to be vulnerable it is still in use in a lot of commercial applications. DES was actually a modified form of Lucifer Cipher algorithm. Another variation of DES is now in use which is called Triple DES but it is also being replaced by Advanced Encryption Standard (AES).

Introduction
The origin of cryptography is from Caesar's Cipher and from there on various methods of cryptography have been developed mainly for military use. With the advancement in computing, computer has become the major source of data transmission from one source to another. This brought the need of use of cryptography in computing. DES was the first major breakthrough in this area and DES was a standard for many years and is used in computers for cryptography. Later on many new algorithms were developed for cryptography i.e. RC-5, BlowFish etc. This paper is an effort to study modem Symmetric Key cryptographic schemes in network environment for data security. It also proposes a new scheme which can be used in cryptography. Section 1 to 6 describes different symmetric key cryptographic schemes, Section 7 discusses some potential weaknesses in it and Section 8 describes Plain text which has to be converted in to cipher text is passed through an initial permutation. After this permutation the plain text is split in to two 28,

1.1 How DES works?

DES is a Symmetric Key Encryption scheme i.e. same key is use for encryption as well as decryption. Key length of DES is 64 bits but out these 64 bits 8 bits are parity bits so the actual key length used by DES for encryption is 56 bits. First step in DES is to create 56 bit key using the 64 bit key. This is done by passing 64 bit in to a permutation which is known as PC-1. In this step parity bits are discarded and we get 56 bit key which will be used for encryption and decryption. Next step in this process is to create 16 different sub keys. Each sub key is used in one round of DES because DES take 16 different rounds to convert plain text in to cipher text. Creation of these 16 sub keys are known as Key Scheduling. In Key Scheduling these sub keys are obtained by splitting 56 bits key in to two 28, 28 bits pairs and then applying different rotations according to a pre defined table. 28 bits portion and after passing through 16 rounds in which in each round a different sub key is used and through substitution and permutation going

Authorized licensed use limited to: Gandhi Institute of Technology & Management. Downloaded on November 28, 2008 at 23:23 from IEEE Xplore. Restrictions apply.

through S Boxes and P Boxes we get the output which is 64 bit cipher text.
1.2 Strengths and Weaknesses of DES The main weakness in DES is that it is a Symmetric Key algorithm. For the decryption it is necessary that the Key has to be shared between sender and receiver. How this key will be shared and what will be the security of the key is a big question. DES was considered as a very difficult algorithm to break in the mid 70s when it was first used but with the advancement in computing it has been broken very easily. The main problem is that they

Since Triple DES in essence is same like DES it suffers with the same problems like DES, Key sharing is such a problem. Although it is said that key length is 192 bits but actually it is 168 bits because 24 bits are parity bits. Moreover, the major problem with triple DES is that it is miserably slow and it was intended for hardware only and is not workable in software. Yet another problem is that if two keys used for encryption are same then the strength of the algorithm will be weakened. To the credit of triple DES, it is yet to be broken. But Triple DES is replaced by Advance Encryption Standard.

key length of DES is only 56 bits and by applying

brute force attack one can get the original message. The complexity of such an attack is 256. Practically a brute force attack applied to DES brute forced the key in less than 3 days. It is now said that all the keys of DES can be searched with in 3 12hours with a dedicated machine. There are some theoretical attacks which can break DES in less time than brute force attacks. One attack is known is Differential Cryptanalysis and its complexity is 247. Another attack is Linear Cryptanalysis and its complexity is 24 . Another attack is called Improved Davies Attack and its complexity is 250. All these attacks prove that DES is no more a safe approach to use in commercial applications. But still a lot of applications are using DES.

3. Advance Encryption Standard (AES)

AES is the successor of DES and Triple DES. It was adopted as standard in 2001 by US Govt. department NIST. NIST requested for proposals for new encryption scheme which can be used for US Govt.'s non confidential documents. Among many proposals six were chose for final. Among these six AES which was originally known as AES Rijndael was selected. AES which is used now is a slight modification of AES Rijndael. AES has a better key strength than DES and it is faster than Triple DES thus eliminating problems in DES and Triple DES. Moreover AES requires little memory.

3.1 How AES works?

2. Triple DES
The problems in DES gave birth to Triple DES. Triple DES is nothing but an improved version of DES. In Triple DES we encrypt the message with DES to get cipher text, this cipher text is again encrypted and then it is encrypted thrice to get the final output. The core of Triple DES is that since it use DES three times the key length becomes 192 bits. This 192 bits key is broken in to three 64 bits key and encryption is repeated thrice with each time a different key. Rest of the process is same like DES.

AES is a symmetric key network and it

supports key length of 128, 192 or 256 bits. However the input size of the text is restricted to 128 bits. In AES key generation is done through a process known as Rijndeal. This process expands a short key in to a number of separate round keys. AES uses 10 rounds for 128 bits, for 192 bits 12 rounds and for 256 bits 14 rounds. After the key generation the actual encryption process starts. AES does encryption on a 4x4 array of bytes. Four steps are repeated in each round except for the last round. These four stages are described as under Sub Bytes: In this step each byte is replaced with another byte according to a lookup table created separately. This is done using a 8 byte S-Box. Shift Rows: In this step each row in 4x4 array of bytes is shifted according to an offset value. First row is unchanged, second row is shifted by one byte to the left, third row by two bytes and fourth roby3ytsothle. MixColumns: In MixColumns four bytes are taken as input and it gives four bytes as output.

2.1 Strengths and Weaknesses of Triple DES

Since the Key Length of Triple DES is 192 bits its security is much stronger than DES, because brute forcing 192 bits key will be a very

difcl*poes

Authorized licensed use limited to: Gandhi Institute of Technology & Management. Downloaded on November 28, 2008 at 23:23 from IEEE Xplore. Restrictions apply.

Changing any 1 byte in input will affect all the 4 bytes of output. AddRoundKey: In this final key the key generated is XORed with each row of 4x4 matrix.

3.2 Strengths and Weaknesses of AES

Till date no successful attack against AES has been identified. Few theoretical attacks has been proposed but they are not yet proven to work

Since the Key Length of RC2 is limited to 64 bits, it is easily breakable. The additional string which is used to increase its length is 40 to 88 bits long and it is sent with the message in plain text thus it does not strengthen its security. Moreover, RC2 was not intended as a long time cryptographic scheme but it was introduced as a replacement for DES. After the use of AES RC2 is no more required.

against AES. These theoretical attacks come from the view that since AES has a specified mathematical structure some one may break it easily.

5. Rivest's Cipher (RC5 and RC6)

RC5 is yet another cryptographic scheme used before the introduction of AES. In fact when NIST invited the proposals for new cryptographic schemes in late 90s RC6, which was a little modification of RC5, was one of the six finalists. RC5 and RC6 are both parameterized algorithms i.e. both use variable block size, variable key length and variable No. of rounds.

4. Rivest's Cipher (RC2)

RC2 is another cryptographic scheme which is used in late 90s. RC2 was designed as a replacement for DES. RC2 is two to three times faster than DES when implemented in software. Key length of RC2 is of 64 bits, same as DES but it has an added characteristic which make it stronger than DES. It introduces another string (from 40 to 88 bits) which is appended with the key making it stronger to break. This string is then sent with original message for decryption.

5.1 RC5 and RC6 How they work?

RC5 and RC6 use variable key length and the length of the key may range from 0 to 2040 bits. Input may be of 64 bits or 128 bits. No. of rounds may range from 0 to 255. The beauty of both these algorithms is their flexibility. This flexibility give these two algorithm a good edge over other algorithms. Like DES and RC2 secret key is used to create different sub keys which will be used in different rounds. The input introduced is divided in to two halves. 64 bits input is divided in to 32, 32 bits A and B in such a way that the first byte of the input becomes the least significant byte of A and the fourth one becomes most significant byte of A. Similarly fifth byte becomes least significant byte of B and eight byte becomes most significant byte of B. In the next step the key is mixed with the input that one key is mixed with A and other with the B, round is repeated again and again up till the No. of rounds specified by the user. Later the result of A and B are XORed with each other and thus a final output is obtained. RC6 is similar to RC5 except it interweave two round of parallel RC5 and introducing an additional multiplication round.

4.1 How RC2 works?

Like DES RC2 is also developed using Feistel algorithm. Similarly like DES sub keys are generated, in RC2 64 sub keys are generated from original key, key can be of variable length (additional string used in RC2). RC2 uses 18 rounds and in each round a different key is used, so 18 keys are generated from original key. 18 rounds are divided in to 2 types. One is called Mixing and other is called Mashing. In Mixing round the bits of the inputs are rotated to the right. In Mashing rounds the input come from Mixing round is subtracted from the key. Input which is introduced goes from the mixing round 5 times and then it goes through 1 Mashing round. The resultant bits goes through 6 mixing round again, result is passed through a Mashing round again. The result of the mashing round is finally pass through 5 mixing rounds again hence providing final output. Each mixing round uses 4 keys so with 16 mixing rounds each key is used only once.

5.2 Strengths and Weaknesses of RC5 and RC6

RC6 was one of the six finalist which was selected as a replacement for DES. RC6's security

4.2 Strengths and Weaknesses of RC2

Authorized licensed use limited to: Gandhi Institute of Technology & Management. Downloaded on November 28, 2008 at 23:23 from IEEE Xplore. Restrictions apply.

was adequate and its simplicity was praised. One problem which was identified in RC6 was its Ram requirement. RC6 required a high Ram making it unsuitable for small devices. Similarly its hardware throughput was not as impressive as other schemes.

6. BlowFish
Blow Fish is another cryptographic scheme which is in use for some time now. BlowFish was also designed to use as a replacement of DES. BlowFish is yet another algorithm which uses a variable length key. Key length can vary from 32 bits to 448 bits. BlowFish is considered as one of the fastest algorithm and hence has an edge over DES in this regard.

6.1 BlowFish How it works?

Like all the other symmetric key cryptographic schemes. BlowFish also uses Feistel network and takes 64 bits as input. 18 sub keys have to be generated before actual encryption. It takes 16 rounds to encrypt the data. It uses same P-Boxes and S-Boxes, in each round a key dependent permutation as well as key and data dependent substitution is done. This is done by

6.2 Strengths and Weaknesses of BlowFish

advance scheme. Although no successful attack has not yet been identified but since the key length is very small, one can easily break the algorithm thus making BlowFish an insecure algorithm.

DES and it was not intended to be use as an

BlowFish was a drop in replacement for

messages. Large No. of Keys Another known problem with Symmetric key schemes that one has to keep track a large No. of keys. The total No. of keys for n No. of hosts required to be stored in every host is N * n-1/2 An algorithm should also try to solve this problem.

All the symmetric cryptographic schemes depend up on key length as the main security. DES had 56 bits key length and has been broken, so in Triple DES key length has been increased and all schemes follow this pattern that lengthening the key will solve the problem. In today's world when the speed of computers is said to be doubling within weeks soon key length of 128, 256 bits may not be safe enough. Furthermore, increasing key length will slow down the encryption and decryption process. So there must be some other way to protect data as well. Fixed Process One of the weakness in cryptographic scheme is the fix process, only security is Key and rest is well known to all including the hackers. That is why brute force attacks can easily take place. Some schemes which use variable key length and variable rounds tried to solve this problem. But there should be an algorithm which change itself after one encryption is one and for the next one it should change its cryptographic scheme. An ideal algorithm should have variable process so if someone wantlt breakith e process hm no break entire process and get access to all the

8. Proposed Solution
Keeping in view the already available as well as the weaknesses appeared in symmetric key algorithms a solution may be

Key Scheme

7. Requirements of an Ideal Symmetric

algorithms

Random Key Encryption.

From the above discussion we can derive the following weaknesses in symmetric key schemes.

8.1 How RKE works?

RKE is designed in such a way that it will

Shared Key Symmetric Key schemes rely on one key which

will be the security of the channel when this key is shared is not discussed in any scheme. An ideal aloih shudhv nwrfrti usin Key Lengtheahrw

. decryption. How this key will be shared? and.

hSymtoic How renrypon ase well ahin beyushedmi wa t aswelas

ue

solve many problems find in Symmetric Key encryption schemes. In RKE we have a 26 x 26 matrix. Every row in this matrix will be filled with alphabets from A to Z randomly. Evey row will have different scheme andomly. Eveme not in dific order, and this scheme willwill be haveany specific order, n other words alphabets will be fill in randomly in

Authorized licensed use limited to: Gandhi Institute of Technology & Management. Downloaded on November 28, 2008 at 23:23 from IEEE Xplore. Restrictions apply.

After that we will use random No. function to give us some random No. for example it will give us 15. We will put our 1St character of plain text message in 1st row and 5th column, next No. is 38 so we will put next character in row 8th 3rd column. Next is 119 so we will put character in row 9th and 11th column and so on. For Nos. greater than 2626 we will bring it in the range by adding digits with each other for example 9999can be made 9+9 =18 and 9+9 =18 thus putting the character in 18th row and 18th column. When the complete message will be placed in the matrix we will send this whole matrix to the recipient of the message, which can decrypt it using same random No. algorithm.

8.2 Strengths and Weaknesses of RKE

This algorithm is based up on Random No. function which is in use for many years. The characteristics of this algorithm is that different random No. algorithm will give different random Nos. So the key in RKE will be an algorithm which will be required in both ends. Now when we have same algorithm on both ends it will generate same random Nos. and we can easily get the message. If some body in the middle intercept this message and try to decrypt with a random No. function it will get different random Nos. so it will not be able to decrypt it. Secondly if even someone able to get decrypt one message he will not be able to decrypt other portions of the message because the next time random Nos. will be changed again and in next matrix we will have message at completely different place. This algorithm will have the characteristic of variable process and its security is not dependent on key length but on the random No. algorithm which will be used in it. Furthermore, it will be a fast algorithm because only random Nos. have to be generated and character placement according to it has to be done. RKE can be strengthened in various ways, one can use matrix of 52 x 52 or more, the other way is to give some permutation to the message and some sort of character substitution can be used in the message etc. Finally the sharing of algorithm between parties is still a problem. For sharing of algorithm we can use Triple DES, AES or any other encryption scheme. One another problem with this scheme that it will introduce a lot of overhead but it can be easily solved by using any compression algorithm.

Authorized licensed use limited to: Gandhi Institute of Technology & Management. Downloaded on November 28, 2008 at 23:23 from IEEE Xplore. Restrictions apply.

Example of RKE
Initial Matrix o-d,y,J,D,F,S,z,z,g,p,e,h,V,y,h,N,A,X,N, a, S,I, a, f,v,g, 1-a,C,b,E,e,H,B,y,n,T,p,E,c,L,N,o,t,s,d,c,H,x,F,S,u,K, 2-q,E,j,J,B,k,H,Z,R,e,M,e,E,a,I,s,R,w,N,c,G,0,o,1,A,c, 3-C,d,B,y,J,a,k,R,w,o,I,Z,Q,h,O,q,C,z,r,N,O,e,b,i,d,I, 4-s,K,t,I,I,K,g,h,P,g,q,m,x,H,W,F,x,a,n,Z,B,a,V,Y,q,V, 5-y,z,Q,T,Z,i,s,q,Q,I,i,s,K,z,m,P,J,B,Q,L,W,s,w,q,Y,X,

6-u,a,N,f,b,x,G,v,T,w,V,h,B,O,X,n,a,h,r,z,K,l,D,s,L,B, 7-C,u,t,T,W,h,s,D,n,f,d,d,v,a,j ,M,B,z,n,C,u,k,B,A,i,N, 8-y,s,b,d,Y,o,c, c, c,A,V,V,t,f,F, d,l,t,k, C,i,g,t,K,z,q,

9-1,C,F,B,wj,X,e,z,h,B,S,e,s,e,q,L,p,U,s,L,n,w,u,M,B,

I I-i,X,H,X,r,v,g,R,A,c,W,z,W,u,V,E,B,V,b,H,v,Q,b,Y,G,A, 12-p,b,y,U,T,D,n,N,s,v,E, S,f,h, e, o Au,M,m,t,z,P ,X,n,w,

10-b,V,p,U,q,p,H,a,D,k,b,w,t,v,K,N,,h,Q,q,t,o,A,m,j,h,

13-a,d,J,J,B,g,H,p,T,S,T,s,a,d,u,l,T,C,d,v,F,k,x,K,w,b,

14-n,h,s,G,j ,V,F,Z,m,i,Q,I,o,q,p,g,H,U,j ,z,Z,J,k,b,w,v,

18-U,m,q,o,x,O,n,s,H,W,p,Y,z,b,f,V,S,k,W,K,h,b,N,V,K,B, 1 9-O,Y,D,s,C,m,R,R,U,j,V,V,q,v,z,O,j,v,E,s,o,p,g,Q,O,d, 20-L,H,N,p,t,i,p,T,n,n,r,Y,h,u,e,Y,B,B,Z,j, v,J,z,x,n,E,

15-r,a,I,y,M,P,U,v,r,k,M,z,C,D,1,o,v,S,h,l,E,V,y,K,O,W, 16-g,E,Z,d,d,N,J,H,d,L,c,X,U,A,g,s,c,z,z,S,S,L,T,L,s,U, 17-a,g,0,l,c,q,x,x,K,v,H,g,C,C,j,j,q,X,x,S,t,z,C,a,y,t,

21-1,R,nli,c,U,Q,a,r,v,D,y,f,Q,H,z,V,j,v,n,x,R,Z,e,L,pI 22-t,I,V,I,a,W, d,l,q,L,t, T,B I,z,,f,W, q,P, e, a,T,P,k,J, l,

23-t,N,J,p,G,e,Z,K,p,u,m,m,b,g,y,U,Y,f,Y,N,k,z,E,C,z,B, 24-G,x,U,T,T,I,w,D,x,i,j,J,N,h,s,M,g,K,f,D,C,h,a,V,b,G, 25-w,J,B,b,R,e,R,B,C,V,R,W,A,p,a,n,n,q,j,Z,v,z,j,t,j,U,

5,21 . 215)( 2,4 . 42)(

Enter Any Message: (iusttesting)

6,16 . 7,17 . 7,19 . 3,7 . 8,19 . 2,13 . 7,19 . 4,18 .

9,9 . 99)(

166)( 177)( 197)( 73)( 198)( 132)( 197)( 184)

New Matrix with Embedded Message

o-d,y,J,D,F,S,z,z,g,p,e,h,V,y,h,N,A,X,N, a, S ,I, a, f,v,g, 1-a,C,b,E,e,H,B,y,n,T,p,E,c,L,N,o,t,s,d,c,H,x,F,S,u,K, 2-q,E,j,J,u,k,H,Z,R,e,M,e,E,i,I, s,R,w,N,c,G,o,o,u,A,c, 3-C,d,B,y,J,a,k,s,w,o,I,Z,Q,h,O,q,C,z,r,N,0,e,b,i,d,I, 4-s,K,t,I,I,K,g,h,P,g,q,m,x,H,W,F,x,a,g,Z,B,a,V,Y,q,V, 5-y,z,Q,T,Z,i,s,q,Q,I,i,s,K,z,m,P,J,B,Q,L,W,j,w,q,Y,X,

6-u a,N,f,b, x,G ,v,T,w,V,h,B,,X,n,t,h,r, z,K,,D,s,L,B, 8-y,s,b,d,Y,o,c,c,c,A,V,V,t,f,F, d,1,t,k,t,i,g,t,K,z,q, 9-l,C,F,B,w,j,X,e,z,s,B,S ,e,s,e,q,L,p,U,s,L,n,w,u,M,B,

Authorized licensed use limited to: Gandhi Institute of Technology & Management. Downloaded on November 28, 2008 at 23:23 from IEEE Xplore. Restrictions apply.

10-b,V,p,U,q,p,H,a,D,k,b,w,t,v,K,N,J,h,Q,q,t,o,A,mj,h, 13-a,d,J,J,B,g,H,p,T,S,T,s,a,d,u,1,T,C,d,v,F,k,x,K,w,b,
14-n,h,s,G,j ,V,F,Z,m,i,Q,I,o,q,p,g,H,U,j ,z,Z,J,k,b,w,v,

11-i,X,H,X,r,v,g,R,A,c,W,z,W,u,V,E,B,V,b,H,v,Q,b,Y,G,A, 12-p,b,y,U,T,D,n,N,s,v,E, S,f,h, e, o,A,u,M,m,t,z,P ,X,n,w,

15-r,a,I,y,M,P,U,v,r,k,M,z,C,D,1,o,v,S,h,1,E,V,y,K,O,W, 16-g,E,Z,d,d,N,J,H,d,L,c,X,U,Agsc,z,z, S,S,L,LT,L,s,U,

17-a,g,O,l,c,q,x,x,K,v,H,g,C,C,j,j,q,X,x,S,t,z,C,a,y,t,

18-U,m,q,o,x,O,n,s,H,W,p,Y,z,b,f,V,S,k,W,K,h,b,N,V,K,B, 20-L,H,N,p,t,i,p,T,n,n,r,Y,h,u,e,Y,B,B,Z,j, v,J,z,x,n,E,

19-O,Y,D,s,C,m,R,R,U,j,V,V,q,v,z,O,j,v,E,s,o,p,g,Q,O,d,

23-t,N,J,p,G,e,Z,K,p,u,m,m,b,g,y,U,Y,f,Y,N,k,z,E,C,z,B, 24-G,x,U,T,T,I,w,D,x,i,j,J,N,h,s,M,g,K,f,D,C,h,a,V,b,G, 25-w,J,B,b,R,e,R,B,C,V,R,W,A,p,a,n,n,q,j,Z,v,z,j,t,j,U, Comparison of RKE Cryptographic Schemes

with Other

21-1,R,nli,c,U,Q,a,r,v,D,y,f,Q,H,z,V,j,v,n,x,R,Z,e,L,pI 22-t,I,V,I, a,W, d,l,q,L,t, T,B I,z,,f,W, q,P, e, a,T,P,k,J, l,

RKE is a new scheme and we have implemented RKE using C Language. A tabular

comparison of RKE with the other schemes is as follows. This comparison is based upon the software performance on 64 bit Intel processors using C Language.

Encryption Scheme
AES RC6

RAM Req Low

ROM Req

Software Implementation
No Yes Yes Yes

Software Performance
Very Good Language Dependent Good

Triple DES

High

High
Low

Low Low Low

High

Encryption Time (Clock/Sec)

168 580 .23 Sec

Decryption Time (Clock/Sec)

168 493 .23 Sec

RKE

9.
1.

References
James Nechvatal, Elaine Barker, Lawrance Basham, William Burr "Report on the Development of the AES" Computer Security Division, IT Lab, NIST, October 2000 William Stallings "Cryptography and Network Security" RFC for BlowFish RFC for DES RFC for RC6 RFC for AES

2. 3. 4. 5. 6.

Authorized licensed use limited to: Gandhi Institute of Technology & Management. Downloaded on November 28, 2008 at 23:23 from IEEE Xplore. Restrictions apply.