You are on page 1of 16

90

CHAPTER 6 A MODIFIED HILL CIPHER INVOLVING INTERWEAVING AND ITERATION

91

6.1. INTRODUCTION
In the literature of cryptography, it is well known that, confusion and diffusion play a vital role in the development of a cipher. The

transposition or permutation of characters in the plaintext is responsible for confusion, and the influence of each bit of the key on each plaintext bit causes diffusion. The study of the classical Hill cipher[105], in which, a matrix containing numbers is used as a key in the encryption process, and the modular arithmetic inverse of the key is employed in the decryption process, has attracted the attention of several researchers in the recent years. In the Hill cipher, the basic steps of encryption and decryption are given by C=KP mod 26, and P=K-1C mod 26, (6.1.2) (6.1.1)

where P is the plaintext, K the key matrix, C the ciphertext and K-1 is the modular arithmetic inverse of K. Here, he has taken mod 26, as he

focused his attention on the 26 characters of English alphabet. Subsequently, Fiestel analyzed the general principles of block ciphers and lead to the development of Data Encryption Standard (DES). In this, the length of the key is 56 bits, and the length of the plaintext block is 64 bits. In DES, as the length of the key is only 56 bits, it is found that this cipher is breakable with a good deal of effort by brute force attack. In

92
view of this fact, several variants, of DES, such as 2DES and 3DES came into existence. software. However, these are found to be relatively sluggish in

In the light of this, at the end of the last century, Joan

Daeman and Vincent Rijman developed an algorithm called Advanced Encryption Standard (AES). In this, the block length is 128 bits and the key length is 128, 192 or 256 bits. This cipher is found to be a strong one. In the present chapter, we modify the Hill cipher by introducing interweaving (transposition of the binary bits of the plaintext characters) and iteration. In this, the multiplication of the plaintext with the key

matrix, the interweaving and the iteration cause a lot of diffusion and confusion. Here, our objective is to develop a strong block cipher, whose key length is significantly large. In section 6.2, we present the development of the cipher. We design the algorithms for encryption, decryption, modular arithmetic inverse, interweaving, and inverse interweaving in section 6.3. In section 6.4, we illustrate the cipher with an example. We discuss the cryptanalysis in section 6.5, and mention the avalanche effect in section 6.6. Finally, in section 6.7, we draw conclusions from the computations carried out in this analysis.

6.2. DEVELOPMENT OF THE CIPHER


Consider a plaintext P of 2n characters. By using the ASCII code, let us represent P in the form of a matrix, given by

93
P = [Pij], i=1 to n, j=1 to 2. Let K = [Kij], i = 1 to n, j = 1 to n, be the key matrix, in which all the elements are less than 128. The process of encryption can be described by the following equations. P0 = P, Pi=interweave(KPi-1 mod 128), i = 1 to N, C=KPN mod 128. Here, C is the ciphertext. The process of decryption is governed by the relations PN=K-1C mod 128, Pi-1 = invinterweave(K-1Pi mod 128), i = N to 1, P=P0. (6.2.4) (6.2.5) (6.2.6) (6.2.1) (6.2.2) (6.2.3)

In this, K-1 is the modular arithmetic inverse of K and invinterweave denotes the reverse operation of interweave. The process of interweaving can be described as follows. Let [Qij], i = 1 to n, j = 1 to 2 be the transformed plaintext matrix obtained after performing the multiplication with the key matrix and taking mod 128. On converting each element of [Qij] into binary form, we get a new matrix [bil], i = 1 to n, l = 1 to 14. Thus we have (6.2.7)

94
b 11 b 21 [bil] = . . b n1 b 12 b 22 . . bn2 ... ... . . ... b 114 b 214 . . b n 14

(6.2.8)

We rotate the first column and see that it assumes the form [b21, b31,bn1, b11]T, where T denotes the transpose of the vector. Here, each element has gone one step up and the first element has come down to the last position. This process is carried out for columns 1,3,5 and so on. Similarly, we carry out a circular left shift of the rows numbered 2, 4, 6 etc. After carrying out the aforementioned steps, the matrix

assumes the form


b 21 b [bil]= 22 . . . bn2 b 12 b 33 . . . b 13 b 23 b 24 . . . bn4 ... ... . . . ... b 213 b 214 . . . b n 14 b 114 b 31 . . . b 11

Then we construct the modified plaintext matrix P wherein, the elements of the first column of P are obtained from the first seven columns of [bil], and the second column of P from the subsequent seven columns of [bil]. This completes the process of interweaving. We denote the reverse process of interweaving as inverse interweaving. The schematic diagram of the cipher is given in Fig. 6.1. This shows the processes of the encryption and the decryption in detail.

95

Read P,K,N,n

Read C,K,N,n

P0 = P

Find K-1

PN=K-1Cmod128

for i =1 to N

for i = N to 1

Pi=KPi-1mod128 interweave()

invinterweave() Pi-1=K-1Pimod128

C = KPNmod128

P=P0

write C

write P

a) Encryption

b) Decryption

Fig. 6.1. Schematic diagram of the cipher

In this analysis, N denotes the number of iterations and it is taken as 16.

96

6.3. ALGORITHMS
The algorithms describing encryption, decryption, modular arithmetic inverse, interweaving and inverse interweaving are given below. 6.3.1 ALGORITHM FOR ENCRYPTION 1. read n,N,K,P; 2. P0 = P; 3. for i=1 to N { Pi = KPi-1mod128; interweave(); } 4. C = KPNmod128; 5. write C; 6.3.2 ALGORITHM FOR DECRYPTION 1. read n,N,K,C; 2. find modinverse(K); 3. PN =K-1Cmod128; 4. for i=N to 1 { invinterweave(); Pi-1 = K-1Pimod128; } 5. P=P0; 6. write P; 6.3.3 ALGORITHM FOR MODINVERSE 1. read n,K; 2. find Kij,; /* Kij are the cofactors of the elements of K, and is the determinant of K */ 3. find d such that (d)mod128=1;/*d is the multiplicative inverse of */ 4. K-1=(Kjid)mod128; 6.3.4 ALGORITHM FOR INTERWEAVE 1. convert Pi into binary bits; 2. construct [bij], i=1 to n, j=1 to 14; 3. for j=1 to 14 in step 2 { k=b1j; for i=1 to n-1 { bij=b(i+1)j; } bnj=k; } 4. for i=2 to n in step 2 { k=bi1; for j=1 to 13 { bij=bi(j+1); }

97
bi14=k;

} 5. Construct Pi from bij;. 6.3.5 ALGORITHM FOR INVINTERWEAVE 1. convert Pi into binarybits; 2. construct [bij], i=1 to n, j=1 to 14; 3. for i= n to 2 in step 2 { k=bi14; for j= 14 to 2{ bij=bi(j-1); } bi1=k; } 4. for j = 13 to 1 in step 2{ k=bnj; for i= n to 2 { bij=b(i-1)j; } b1j=k; } 5. Construct Pi from bij;

6.4. ILLUSTRATION OF THE CIPHER


Consider a plaintext given below. The development of the nuclear technology of all the developed countries must be watched carefully by a super committee consisting of representatives of all the countries. This ensures the safety of all the (6.4.1)

nations if and only if a resolution is taken in this direction.

Let us focus our attention on the first sixteen characters given by The developmentb (6.4.2)

On substituting ASCII codes for these characters, and arranging them in the form of a matrix, we get

98
84 104 101 P = 32 100 101 118 101 108 111 112 109 101 110 116 32

(6.4.3)

Let us take the key matrix K as


53 45 88 K= 47 57 56 36 14 62 112 41 99 20 37 40 81 124 63 46 38 6 113 44 23 33 29 30 42 31 52 100 50 49 60 48 112 106 3 119 34 118 35 32 59 126 54 39 70 107 58 105 27 22 105 55 7 61 125 21 94 28 43 11 51

(6.4.4)

On multiplying the plaintext matrix with the key matrix, we get the modified P, denoted by P1, as

27 17 83 108 1 P = 37 38 59 127

112 83 113 41 25 86 61 11

(6.4.5)

On converting the numbers in these two columns into binary form and constructing the matrix b, we get

99 0 0 1 1 b= 0 0 0 1 0 0 0 1 1 1 1 1 1 1 1 0 0 0 1 1 1 0 0 1 0 0 1 1 0 0 0 1 1 1 0 1 1 0 1 0 0 1 1 1 1 1 1 0 1 0 1 1 1 1 1 0 0 1 0 0 1 0 1 1 0 0 1 0 1 1 1 0 1 1 1 0 0 0 0 1 1 0 1 1 0 0 0 0 0 1 1 0 0 1 0 0 0 1 0 1 0 1 1 1 1 0 1 1

(6.4.6)

On performing interweaving (see section 6.2), we get the transformed b as

0 0 1 1 b= 1 0 1 1

1 0 1 1 0 1 1 0

0 1 1 0 0 0 1 1

0 0 0 0 1 1 0 1

0 0 0 1 1 1 1 1

1 1 1 0 1 1 1 1

1 1 0 0 1 0 0 1

1 1 1 0 0 0 1 1

1 0 0 1 1 0 0 0

0 1 0 1 1 1 1 1

0 0 0 1 1 0 0 1

0 0 0 0 0 1 0 0

1 1 1 0 0 1 1 1

0 1 1 1 0 1 0 0

(6.4.7)

We now convert these binary bits into decimal numbers and construct the modified P as
35 19 114 100 P1 = 79 46 118 95 98 83 67 57 56 23 82 90

(6.4.8)

After carrying out all the sixteen rounds, we get the ciphertext in the form

100
114 100 56 71 C= 8 37 0 117 8 65 81 24 81 4 73 99

(6.4.9)

The modular arithmetic inverse of K, denoted by K-1, is obtained as


35 1 7 76 -1 K = 33 25 48 71 46 15 49 89 0 51 38 98 49 88 35 16 50 69 117 44 36 73 27 72 39 92 63 94 123 85 77

126 107 112 15 49 24 28 96 111 44 91 27 114 56 101 23 55 69 75 6 78 6

(6.4.10)

102 99 112 39 18

106 30

It is to be noted that the modular arithmetic inverse of the key matrix K exists only when K is nonsingular and the determinant of K is relatively prime to 128. It can be readily verified that KK-1mod128=K-1Kmod128=I. On taking the C given in (6.4.9), and applying the decryption process, we get the PN as
5 2 96 PN = 24 125 16 41 47 107 93 58 56 115 104 32 40

(6.4.11)

101
On applying the inverse interweaving process described in section 6.2, we get the modified PN as

106 2 18 48 PN = 92 58 20 5

32 93 93 61 56 121 64 120

(6.4.12)

After carrying out all the sixteen iterations, we get the plaintext in the form

84 104 101 32 P= 100 101 118 101

108 111 112 109 101 110 116 32

(6.4.13)

This is the same as the plaintext given in (6.4.3). In what follows, we discuss the avalanche effect which gives an insight into the role played by the various operations in the cipher which are causing confusion and diffusion.

6.5. AVALANCHE EFFECT


We study the avalanche effect, in two cases: (1) one bit change in the plaintext, and (2) one bit change in the key.

102
On changing the 9th character from l to m, we get a change of one bit as the ASCII code of l is 108, and that of m is 109. The cipher text corresponding to the plaintext given in (6.4.2) is 1110010110010001110001000111000100001001010000000111010100 010001000001101000100110001010001000010010010011100011. (6.5.1) The ciphertext pertaining to the modified plaintext is obtained in the form 0000001010001000011100010000011111010000100110001111101011 111000010000100001100010111100011011111000000111100101. (6.5.2) It can be readily seen that the ciphertexts given by (6.5.1) and (6.5.2) differ by 57 bits (out of 112 bits), which is significant. We now change the key element K36 from 32 to 33. With this change, the original key and the modified key differ by exactly one bit. On

applying the modified key on the original plaintext, given in (6.4.2), we get the ciphertext as 0101100100100110000111000110101001010110011001110010110000 000100101100010000001000010110001001111010100110011000. (6.5.3) It can be noticed that the ciphertexts given in (6.5.1) and (6.5.3) differ by 62 bits (out of 112 bits), which quite substantial. From the above discussion, we conclude that this cipher produces strong avalanche effect, which is quite desirable. In what follows, let us offer formal proof for cryptanalytic attacks.

6.6. CRYPTANALYSIS
The general cryptanalytic attacks which are used in cryptology are

103
1 Ciphertext only attack (Brute force attack) 2 Known plaintext attack 3 Chosen plaintext attack and 4 Chosen ciphertext attack. In all these attacks, the algorithm and the ciphertext are clearly known to the cryptanalyst. Following William Stallings [21], we discuss the first two cases in detail. Let us now consider the brute force attack. In this cipher, the size of the key matrix is n. As each element of the matrix is lying between 0 and 127, it can be represented in terms of seven binary bits. Thus, the size of the key space is 27n. If we assume that the time required for executing the encryption algorithm with one value of the key in the key space is 10
-7

seconds,

then the time required for the computation of the cipher with all possible keys in the key space is
2 2 2 2 7 n X10 7 2 7 n X3.12X10 15 10 2.1n X3.12X10 15 = 3.12X10 2.1n 15 years. 365X 24X60X60 2

Here, we notice that the time required for breaking the cipher by the brute force attack is extremely large, when n4. When n = 4, the time required is 3.12X1018.6 years. Let us now consider the known plaintext attack. In this case, we

know as many plaintext and ciphertext pairs as we require.

104
In this analysis, the basic relations governing the cipher are P = P, P = (KP ) mod 128, and P = interweave(P ), i = 1 to 16.
i i i i-1 0

(6.6.1) (6.6.2)

(6.6.3)

For simplicity of presentation, we use in the place of the function interweave, and write (6.6.3) in the form P = (P ). Now, the relation connecting the ciphertext C and the plaintext P, at the end of the 16th iteration, can be written in the form C=(K((K....(K((KP) mod 128) mod 128)) ...mod 128))))mod 128. (6.6.4) In (6.6.4), as the plaintext P is totally the control of the function interweaving, it cannot be transferred to the left side, by obtaining the inverse of P, as it could be done in the case of the classical Hill cipher. In the light of this fact, this cipher cannot be broken by the known plaintext attack. From the above discussion, we conclude that it is difficult to break this cipher by the conventional cryptanalytic attacks.
i i

6.7. COMPUTATIONS AND CONCLUSIONS


In this chapter, we have developed a block cipher by introducing interweaving and iteration. As the interweaving is done in each step of the iteration process, the plaintext has undergone several

105
transformations before it has become the ciphertext. The cryptanalysis indicates that the cipher is a strong one and it is difficult to break. The algorithms presented in this chapter for encryption and decryption are implemented in C language. The modular arithmetic inverse of the 8x8 matrix is calculated by using the systematic procedure developed in [133]. The ciphertext corresponding to the entire plaintext given in (6.4.1) is presented below in hexadecimal notation. E591C4710940751106898A2124E3748854D546D204894FFC5EDA5055 E873789485440D23B6A7989668A72A6BDCF7BCFB82315BAEC7D842 9E0EBADC4B04D242F5264C45BD452EE5512F774EEE9BCDC0B1C3E 4B76EC4173BC14AFCD853E3922818165D3037C198D1743381A79A1A 24C058B843A13D67C13CBFD585E2450EE495EA8081A4D4F37FBD1C F7C898B7. The time required for encryption and decryption of the plaintext given in (6.4.1) is 6.1*10-3 and 12*10-3 seconds respectively. developed in this analysis is an efficient one. The analysis presented in this chapter can be extended to the case, wherein the plaintext block is enormously large. considered in the ensuing chapter. This problem is The cipher

You might also like