Library

5.2 CIPHER SYSTEMS

A cipher system is a cryptographic system that encrypts data to protect its confidentiality. The encryption process transforms any arbitrary input data sequence into an encoded form that appears statistically random. The behavior of a cipher algorithm is modified by a small quantity of secret information known as the key, which determines the precise transformation applied to the plaintext. A well-designed cipher ensures that even if the algorithm is fully known, an adversary cannot reconstruct the plaintext without knowledge of the key—a principle first formalized as Kerckhoffs’s Principle, which states that system security should depend only on the secrecy of the key and not on the secrecy of the algorithm.

In practice, many early commercial systems—such as the GSM mobile-telephone network—attempted to preserve the secrecy of both the key and the algorithm, largely because the algorithms themselves (for example, A5/1 and A5/2) were later found to be vulnerable to determined cryptanalytic attacks. Modern cryptography, however, relies on publicly analyzed algorithms and derives its security exclusively from key secrecy.

In conventional (symmetric-key) systems, the same key is used for both encryption and decryption, as shown in Figure 5.2. These systems are called symmetric because the encryption and decryption processes are mirror images governed by the same secret key.

Figure 5.2. Basic structure of a symmetric-key (secret-key) cipher system.

A block cipher operates on groups (blocks) of bits, typically 64 or 128 bits in size. Each block of plaintext is transformed into a block of ciphertext using a deterministic but reversible function of the key. Common examples include the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES), which employ 64- and 128-bit block sizes respectively.

In contrast, a stream cipher encodes data one bit (or byte) at a time by combining each plaintext bit with a corresponding bit from a pseudo-random keystream, as illustrated in Figure 5.3. The transformation is usually performed by an exclusive-OR (XOR) operation, which outputs a one when its two inputs differ and zero when they are the same. Decryption uses the same operation because XOR is its own inverse: when the receiver’s keystream generator remains synchronized with the transmitter and the transmission is error-free, the recovered plaintext is identical to the original input.

Figure 5.3. Structure of a stream cipher.

The ideal keystream is completely random and unpredictable, as realized theoretically by the one-time pad, which offers perfect secrecy but is rarely practical because it requires both users to share a key at least as long as the message. In operational systems, pseudo-random keystreams are generated deterministically by identical algorithms at both ends of the link using a common key and initial state.

As shown in Figure 5.4, the transmitter encrypts the plaintext by combining it with a pseudo-random key using modulo-2 addition (XOR), thereby producing the ciphertext. Because XOR is its own inverse, applying the same shared key to the ciphertext at the receiver reconstructs the original plaintext.

Figure 5.4. Simple example of the application of a pseudo-random keystream to form cipher text at the transmitter and then to recover the plain text at the receiver.