Block Ciphers

Wikipedia · Block cipher · CC BY-SA 4.0

A block cipher encrypts fixed-size blocks (e.g. 128 bits) using a key. The same key encrypts and decrypts. Security comes from multiple rounds of substitution and permutation, creating confusion (each ciphertext bit depends on many key bits) and diffusion (each plaintext bit affects many ciphertext bits).

Feistel network

Split the block into left and right halves. In each round: apply a round function F (keyed by a subkey) to the right half, XOR the result into the left half, then swap. After all rounds, concatenate. Decryption runs the same structure in reverse. The round function F does not need to be invertible, because XOR is its own inverse.

Scheme

; Feistel network: 4 rounds with simple round functions
; Block = two numbers (left, right)

(define (feistel-round left right round-key)
  ;; F(R, K) = (R * round-key + 7) mod 256
  (let ((f-out (modulo (+ (* right round-key) 7) 256)))
    ;; New left = old right, new right = old left XOR F
    (list right (bitwise-xor left f-out))))

(define round-keys (list 3 7 13 21))

(define (feistel-encrypt left right keys)
  (if (null? keys)
    (list left right)
    (let ((result (feistel-round left right (car keys))))
      (feistel-encrypt (car result) (cadr result) (cdr keys)))))

(define (feistel-decrypt left right keys)
  ;; Same structure, reversed keys, undo final swap
  (feistel-encrypt left right (reverse keys)))

(define plain-l 72)   ; 'H'
(define plain-r 105)  ; 'i'

(display "Plaintext:  ") (display plain-l) (display " ")
(display plain-r) (newline)

(define enc (feistel-encrypt plain-l plain-r round-keys))
(display "Encrypted:  ") (display (car enc)) (display " ")
(display (cadr enc)) (newline)

(define dec (feistel-decrypt (car enc) (cadr enc) round-keys))
(display "Decrypted:  ") (display (car dec)) (display " ")
(display (cadr dec)) (newline)

(display "Round-trip? ")
(display (and (= plain-l (car dec)) (= plain-r (cadr dec))))

; Feistel network: 4 rounds with simple round functions
; Block = two numbers (left, right)

(define (feistel-round left right round-key)
  ;; F(R, K) = (R * round-key + 7) mod 256
  (let ((f-out (modulo (+ (* right round-key) 7) 256)))
    ;; New left = old right, new right = old left XOR F
    (list right (bitwise-xor left f-out))))

(define round-keys (list 3 7 13 21))

(define (feistel-encrypt left right keys)
  (if (null? keys)
    (list left right)
    (let ((result (feistel-round left right (car keys))))
      (feistel-encrypt (car result) (cadr result) (cdr keys)))))

(define (feistel-decrypt left right keys)
  ;; Same structure, reversed keys, undo final swap
  (feistel-encrypt left right (reverse keys)))

(define plain-l 72)   ; 'H'
(define plain-r 105)  ; 'i'

(display "Plaintext:  ") (display plain-l) (display " ")
(display plain-r) (newline)

(define enc (feistel-encrypt plain-l plain-r round-keys))
(display "Encrypted:  ") (display (car enc)) (display " ")
(display (cadr enc)) (newline)

(define dec (feistel-decrypt (car enc) (cadr enc) round-keys))
(display "Decrypted:  ") (display (car dec)) (display " ")
(display (cadr dec)) (newline)

(display "Round-trip? ")
(display (and (= plain-l (car dec)) (= plain-r (cadr dec))))

AES — the modern standard

AES (Rijndael) is not a Feistel network. It operates on a 4x4 byte grid (128-bit block) with four operations per round: SubBytes (nonlinear substitution via an S-box), ShiftRows (cyclic shift of each row), MixColumns (linear mixing within columns), and AddRoundKey (XOR with the round subkey). AES-128 uses 10 rounds. Each operation targets either confusion or diffusion.

Scheme

; AES round operations (simplified, showing the idea)
; Real AES uses GF(2^8) arithmetic. This shows the structure.

;; SubBytes: substitute each byte through an S-box
;; (simplified: XOR with constant + bit rotation)
(define (sub-byte b) (bitwise-xor b #xA5))

;; ShiftRows: rotate row i by i positions
;; State is a flat list of 16 bytes (row-major 4x4)
(define (shift-rows state)
  ;; Row 0: no shift, Row 1: shift 1, Row 2: shift 2, Row 3: shift 3
  (let ((s state))
    (list
      ;; Row 0 (no shift)
      (list-ref s 0) (list-ref s 1) (list-ref s 2) (list-ref s 3)
      ;; Row 1 (shift left by 1)
      (list-ref s 5) (list-ref s 6) (list-ref s 7) (list-ref s 4)
      ;; Row 2 (shift left by 2)
      (list-ref s 10) (list-ref s 11) (list-ref s 8) (list-ref s 9)
      ;; Row 3 (shift left by 3)
      (list-ref s 15) (list-ref s 12) (list-ref s 13) (list-ref s 14))))

;; AddRoundKey: XOR each byte with key byte
(define (add-round-key state key)
  (map bitwise-xor state key))

;; Demo: one simplified round
(define plaintext (list 72 101 108 108 111 32 87 111 114 108 100 33 0 0 0 0))
(define round-key (list 42 17 93 7 55 88 12 64 31 99 200 150 8 3 77 210))

(display "Plaintext bytes: ")
(for-each (lambda (b) (display b) (display " ")) (list 72 101 108 108))
(display "...") (newline)

(define step1 (map sub-byte plaintext))
(define step2 (shift-rows step1))
;; skip MixColumns for simplicity
(define step3 (add-round-key step2 round-key))

(display "After 1 round:   ")
(for-each (lambda (b) (display b) (display " ")) (list (list-ref step3 0) (list-ref step3 1) (list-ref step3 2) (list-ref step3 3)))
(display "...")

; AES round operations (simplified, showing the idea)
; Real AES uses GF(2^8) arithmetic. This shows the structure.

;; SubBytes: substitute each byte through an S-box
;; (simplified: XOR with constant + bit rotation)
(define (sub-byte b) (bitwise-xor b #xA5))

;; ShiftRows: rotate row i by i positions
;; State is a flat list of 16 bytes (row-major 4x4)
(define (shift-rows state)
  ;; Row 0: no shift, Row 1: shift 1, Row 2: shift 2, Row 3: shift 3
  (let ((s state))
    (list
      ;; Row 0 (no shift)
      (list-ref s 0) (list-ref s 1) (list-ref s 2) (list-ref s 3)
      ;; Row 1 (shift left by 1)
      (list-ref s 5) (list-ref s 6) (list-ref s 7) (list-ref s 4)
      ;; Row 2 (shift left by 2)
      (list-ref s 10) (list-ref s 11) (list-ref s 8) (list-ref s 9)
      ;; Row 3 (shift left by 3)
      (list-ref s 15) (list-ref s 12) (list-ref s 13) (list-ref s 14))))

;; AddRoundKey: XOR each byte with key byte
(define (add-round-key state key)
  (map bitwise-xor state key))

;; Demo: one simplified round
(define plaintext (list 72 101 108 108 111 32 87 111 114 108 100 33 0 0 0 0))
(define round-key (list 42 17 93 7 55 88 12 64 31 99 200 150 8 3 77 210))

(display "Plaintext bytes: ")
(for-each (lambda (b) (display b) (display " ")) (list 72 101 108 108))
(display "...") (newline)

(define step1 (map sub-byte plaintext))
(define step2 (shift-rows step1))
;; skip MixColumns for simplicity
(define step3 (add-round-key step2 round-key))

(display "After 1 round:   ")
(for-each (lambda (b) (display b) (display " ")) (list (list-ref step3 0) (list-ref step3 1) (list-ref step3 2) (list-ref step3 3)))
(display "...")

Confusion and diffusion

Claude Shannon identified two properties every good cipher needs. Confusion: each ciphertext bit should depend on many key bits (SubBytes provides this). Diffusion: changing one plaintext bit should change about half the ciphertext bits (ShiftRows and MixColumns provide this). Multiple rounds amplify both.

Scheme

; Avalanche effect: flipping one bit in plaintext
; should change ~50% of ciphertext bits

(define (count-different a b)
  ;; Count differing bytes (simplified)
  (let loop ((i 0) (al a) (bl b) (diff 0))
    (if (or (null? al) (null? bl))
      diff
      (loop (+ i 1) (cdr al) (cdr bl)
            (if (= (car al) (car bl)) diff (+ diff 1))))))

(define msg1 (list 72 101 108 108 111 32 87 111 114 108 100 33 0 0 0 0))
(define msg2 (list 73 101 108 108 111 32 87 111 114 108 100 33 0 0 0 0))
;; msg2 differs by 1 bit (72 -> 73)

(define key (list 42 17 93 7 55 88 12 64 31 99 200 150 8 3 77 210))
(define (sub-byte b) (bitwise-xor b #xA5))
(define (add-round-key state key) (map bitwise-xor state key))

(define enc1 (add-round-key (map sub-byte msg1) key))
(define enc2 (add-round-key (map sub-byte msg2) key))

(display "Bytes changed: ")
(display (count-different enc1 enc2))
(display " / 16") (newline)
(display "After more rounds, this grows toward 8/16 (50%)")

Neighbors

Foundations (Wikipedia)

← Symmetric Ciphers by june.kim Hash Functions →