Vidyavardhaka College of Engineering, Mysuru

Autonomous Institute, Affiliated to VTU

Accredited by NBA | NAAC with ‘A’ Grade

Blockchain Technology-
BCSBT603
Module 2: Decentralization
Lakshmi B S
7rd
SEM
Assistant
Professor
Dept. of CSE
Our Vision: “VVCE shall be a leading Institution in engineering and management education enabling individuals for significant contribution to
the society”
04-03-2025 1
Topics to be covered….
▪ Decentralization
❖ Decentralization using Blockchain.
❖ Blockchain and full ecosystem decentralization.
❖ Decentralization
❖ Smart contract
❖ Decentralization organizations.
❖ Decentralization autonomous organizations
❖ Decentralization autonomous Corporation
❖ Decentralization autonomous societies
❖ Decentralization platform
▪Cryptography and Technical Foundation:
❖ Mathematics
❖ Cryptography
❖ Cryptographic primitives
❖ Symmetric Cryptography
❖ DES
❖ AES
Decentralization
• The basic idea of decentralization is to distribute control and authority to peripheries instead
of one central authority being in full control of the organization.
• This results in several benefits for organizations, such as
⮚ Increased efficiency,
⮚ Quicker decision making,
⮚ A reduced burden on top management.
Decentralization using Blockchain
Decentralization using Blockchain

• Decentralization is a core benefit and service provided by the

blockchain technology.
• Blockchain by design is a perfect vehicle for providing a platform that
does not need any intermediaries and can function with many different
leaders chosen via consensus mechanisms.
• This model allows anyone to compete to become the decision-making
authority.
• This competition is governed by a consensus mechanism and the most
commonly used method is known as Proof of Work (PoW)
• Decentralization is applied in varying degrees from semi-
decentralized to fully decentralized depending on the
requirements and circumstances.

• Decentralization can be viewed from a blockchain

perspective as a mechanism that provides a way to
remodel existing applications and paradigms or build new
applications in order to give full control to users.
Different types of networks/systems
1. Centralized systems are conventional (client-server) IT systems in which there
is a single authority that controls the system, and who is solely in charge of all
operations on the system.

• All users of a centralized system are dependent on a single source of service.

• The majority of online service providers, including Google, Amazon, eBay, and
Apple's App Store, use this conventional model to deliver services.

• Facebook,

Facebook operates on a centralized model where all user data, posts,

and interactions are stored on Facebook’s servers.
2. Distributed systems are a computing paradigm whereby two or more nodes
work with each other in a coordinated fashion in order to achieve a common
outcome and it's modeled in such a way that end users see it as a single logical
platform.
• Even if some of the nodes become faulty or network links break, the distributed
system should tolerate this and should continue to work flawlessly in order to
achieve the desired result.
• General Examples :Telephone and Cellular system, Wireless sensor networks,
Routing algorithm, Peer to peer networks.
• Blockchain-Based Social Media (e.g., Steemit)
• Steemit is a blockchain-based social media platform where data is
stored across multiple nodes in a distributed ledger.
• No single entity owns or controls the content, and it remains available
as long as the blockchain network exists.
3. Decentralized means no node is instructing any other node as to what to do.
⮚ The code runs on a peer-to-peer network of nodes and no single node has
control over the dApp.
⮚ Depending on the functionality of the dApp, different data structures can be
used to store the application data.
⮚ Bitcoin uses a blockchain decentralized ledger of transactions.
⮚ This enables a user to agree on something via a consensus algorithm without the
need for a central trusted third party, intermediary, or service provider
⮚ Decentralized System: Mastodon
• Mastodon is a decentralized social media platform where different servers (called
instances) operate independently.
• Users can create accounts on different instances, but they can still interact with users
on other instances.
Methods of Decentralization
• Two methods that can be used to achieve decentralization
• 1. Disintermediation
⮚ With blockchain technology, it is possible to send this money directly to your friend without
the need for a bank.
⮚ All you need is the address of your friend on the blockchain.
⮚ This way, the intermediary is no longer required and decentralization is achieved by
disintermediation.

• [Link] competition
⮚ A group of service providers compete with each other in order to be selected for the
provision of services by the system.
⮚ Smart Contracts can choose external data providers from a large numbers of providers
based on reputation or voting, previous score, review and quality of service.
Scale of decentralization
1. Central Intermediary (Fully Centralized)
• A single entity acts as the middleman, controlling all transactions,
communications, or processes.
• Users must trust this central authority for access and decision-making.
• Example:
• Banks controlling financial transactions.
• Facebook controlling social media interactions.
• Centralized cloud providers like Google Drive or Dropbox.
2. Competing Intermediaries (Partially Decentralized)
• Multiple intermediaries exist, allowing users to choose between different
providers.
• Each intermediary still has control over its own network, but users have
alternatives.
• Some level of competition and redundancy reduces risks but doesn’t
eliminate intermediaries.
• Example:
• Multiple banks offering financial services (Visa, Mastercard, PayPal).
• Different cloud service providers (AWS, Google Cloud, Microsoft
Azure).
• Federated systems like Mastodon, where different servers (instances)
operate independently.
3. No Intermediary (Fully Decentralized or Distributed)
• No middleman—users interact directly with each other.
• Trust is established through cryptographic mechanisms or consensus
algorithms.
• Example:
• Bitcoin and blockchain networks (users transact directly via peer-to-
peer mechanisms).
• IPFS (InterPlanetary File System) for decentralized file storage.
• DAOs (Decentralized Autonomous Organizations), where governance
is handled by smart contracts.
 Routes to decentralization
• Ethereum, which is currently the tool of choice of many developers for
building decentralized application.
How to decentralize
1. What is begin decentralized ?
2. What level of decentralization is required ?
3. What blockchain is used ?
4. what security mechanism is used ?
Use case : Money transfer
1. Answer 1 : Money transfer system
2. Answer 2: Disintermediation.
3. Answer 3: Bitcoin.
4. Answer 4: Atomicity.
Blockchain and full ecosystem decentralization

• In order to achieve complete decentralization, it

is necessary that the environment around the
blockchain is also decentralized.
• Blockchain itself is a distributed ledger that
runs on top of conventional systems. These
elements include storage, communication, and
computation.
• 1. Storage
⮚ Data can be stored directly in a blockchain,
⮚ It does achieve decentralization,
⮚ Major disadvantage: not suitable for storing large amounts of data by design.
• A better alternative is to use distributed hash tables (DHTs). DHTs were originally
used in peer-to-peer file sharing software, such as BitTorrent, Napster, Kazaa, and
Gnutella.
• Two main requirements: high availability and link stability, which means that data
should be available when required and network links should also always be accessible.
• Inter Planetary File System (IPFS) possesses both of these properties
• The vision is to provide a decentralized World Wide Web by replacing the HTTP
protocol.
• IPFS uses Kademlia DHT and merkle DAG (Directed Acyclic Graph) to provide the
storage and searching functionality.
2. Communication
• It is generally considered that the Internet (the communication layer in blockchain) is
decentralized.
• This is true to some extent as the original vision of the Internet was to develop a
decentralized system.
• ISP.
3. Computation :
• Decentralization of computing or processing is achieved by a blockchain technology such as
Ethereum, where smart contracts with embedded business logic can run on the network.
• Other blockchain technologies also provide similar processing layer platforms where
business logic can run over the network in a decentralized manner.
• storage layer uses technologies such as Interplanetary File Systems (IPFS) and
BigChainDB to enable decentralization
Smart contract
• A smart contract can be thought of as a small decentralized program.
• Smart contracts do not necessarily need a blockchain to run; however, due to
the security benefits that the blockchain technology provides, it is now
becoming almost a standard to use blockchain as a decentralized execution
platform for smart contracts.
• A smart contract usually contains some business logic and a limited amount of
data.
• Actors or participants in the blockchain use these smart contracts or they run
autonomously on behalf of the network participants
• Small programs reside on the blockchain and execute business logic if some
specific criteria are met.
Elements/ Components

• Decentralized organizations (DOs). – S/W

• Decentralized Autonomous organizations (DAOs) - Fully Automated
• Decentralized Autonomous Corporations(DACs) – subset of DAO
• Decentralized Autonomous Societies (DASs) – Societies
 Decentralized organizations
• Decentralized organization (DOs) are software programs that run on a blockchain and are
based on the idea of real human organizations with people and protocols.
• Once a DO, in the form of a smart contract or a set of smart contracts, is added to the
blockchain, it becomes decentralized and parties interact with each other based on the code
defined within the DO software.

Example: GitHub Open-Source Projects

• Many open-source projects on GitHub function as decentralized organizations. Developers
from around the world collaborate, contribute code, and make decisions collectively, often
without a formal hierarchy. Decisions are typically made through discussions, proposals, and
voting among contributors.
Decentralized autonomous organizations
• Decentralized autonomous organization (DAO) is also a computer program
than runs on top of a blockchain and embedded within it are governance and
business logic rules.
• DAO and DO are basically the same thing, but the main difference is that
DAOs are autonomous, which means that they are fully automated and contain
artificially intelligent logic, whereas DOs lack this feature and rely on human
input in order to execute business logic.
Decentralized autonomous corporations
• DAOs, Decentralized autonomous corporations (DACs) are a similar
concept but are considered a smaller subset of DAOs.
• The definitions of DACs and DAOs can sometimes overlap, but a general
difference is that DAOs are usually considered to be nonprofit, whereas DACs
can make money via shares offered to the participants and by paying
dividends.
• These corporations can run a business automatically without human
intervention based on the logic programmed within them.
Decentralized autonomous societies
• Decentralized Autonomous Society (DAS) is an advanced concept where
entire communities or societies operate on decentralized, blockchain-based
governance principles.
• Many services that a government offers can be delivered via blockchain,
such as Government Identity Card systems, passport issuance, and records
of deeds, marriages, and births.
Decentralized applications
• All DAOs, DACs, and DOs are basically decentralized applications
that run on top of a blockchain in a peer-to-peer network.
• Decentralized applications or DAPPs are software programs that can
run on their own blockchain, use another already existing established
blockchain, or use only protocols of an existing blockchain solution.
• These are called Type I, Type II, and Type III DAPPs.
• Requirements of a Decentralized applications (DAPPs)
1. The DAPP should be fully open source and autonomous and no single
entity should be in control of a majority of its tokens. All changes to the
application must be consensus-driven based on the feedback given by
the community.
2. Data and records of operations of the application must be
cryptographically secured and stored on a public, decentralized
blockchain in order to avoid any central points of failure.
3. A cryptographic token must be used by the application in order to
provide access and rewards to those who contribute value to the
applications, for example, miners in bitcoin.
4. The tokens must be generated by the decentralized application
according to a standard cryptographic algorithm. This generation of
tokens acts as a proof of the value to contributors (for example, miners).
Operations of a DAPP :
• Proof of Work and Proof of Stake can be used to establishment the DAPP
• DAPP can distribute tokens (coins) via mining, fundraising, and development.
• DAPP - Examples
• KYC-Chain - manage Know Your Customer (KYC) data in a secure and
convenient way based on smart contracts.
• OpenBazaar - commercial activities b/w buyer and seller using peer-peer, uses
DHTs, It makes use of bitcoin as a payment network
• Lazooz – smart transportation; It allows peer-to-peer ride sharing and users
can be incentivized by proof of movement
KYCChain
• KYCChain is a blockchain-based platform designed to streamline Know Your
Customer (KYC) processes for businesses, financial institutions, and governments.
• It helps companies verify user identities in a secure, decentralized, and efficient
manner while ensuring compliance with global regulatory standards.
How KYCChain Works:
• User Submits Identity Data → Uploads documents like passport, driver’s license, or
biometrics.
• Data is Verified & Stored on Blockchain → Ensures tamper-proof security.
• User Grants Access to Businesses → Users control who can access their KYC data.
• Business Verifies KYC Data → Instantly validates customer identity without redoing
the KYC process.
OpenBazaar: A Decentralized Marketplace
• OpenBazaar was a decentralized, peer-to-peer (P2P) marketplace that allowed
users to buy and sell goods and services directly, without intermediaries like
Amazon or eBay.
• It leveraged Bitcoin and other cryptocurrencies for transactions, offering
censorship-resistant and fee-free e-commerce.
How OpenBazaar Worked:
• Download & Install OpenBazaar – Users run the software on their own devices.
• Set Up a Store or Browse Listings – Sellers listed products, and buyers searched for
items.
• Make a Purchase with Cryptocurrency – Transactions occurred directly between
buyer and seller.
• Use Escrow for Security (Optional) – A trusted third party could resolve disputes.
• Complete the Trade – Once confirmed, funds were released to the seller.
Lazooz: A Decentralized Ride-Sharing Platform
Lazooz was a blockchain-based, decentralized ride-sharing platform that
aimed to compete with traditional services like Uber and Lyft but without a
central authority.
It used a cryptocurrency-based reward system to incentivize drivers and
passengers, promoting a collaborative, peer-to-peer (P2P) economy.
How Lazooz Worked
[Link] Installed the Lazooz App – The app tracked movement and rewarded users
with Zooz tokens.
[Link] & Riders Connected P2P – No central authority managed ride requests.
[Link] in Zooz Tokens – Transactions were made securely on the blockchain.
[Link] Governance – Users had a say in the platform’s future developments.
Platforms for decentralization
• many platforms available for decentralization
• Many companies introduced platforms that promise to make
distributed application development easy, accessible, and secure
for users.
• Ethereum
• Ethereum tops the list as being the first blockchain that introduced
a Turing-complete language and the concept of a virtual machine.
• scripting language in bitcoin and many other cryptocurrencies.
• Currency tokens on Ethereum are called Ethers.
Maidsafe
• Maidsafe provides a SAFE (Secure Access for Everyone) network, made up of
unused computing resources, such as storage, processing power, and the data
connections of its users.
How the SAFE Network Works
• Users Provide Resources – People contribute unused storage, bandwidth, and
processing power.
• Data is Encrypted & Split – Files are broken into chunks, encrypted, and
distributed across the network.
• Users Access Data Privately – Only the rightful owner (with cryptographic
keys) can retrieve the files.
• SafeCoin Incentives – Users who contribute resources earn SafeCoin (now SN
Token).
Lisk (LSK): A Blockchain for JavaScript-Based dApps:
Lisk (LSK) is a blockchain platform designed to make it easier for developers to
build and deploy decentralized applications (dApps) using JavaScript and
TypeScript.
Unlike Ethereum, which requires Solidity, Lisk provides a Sidechain Development
Kit (SDK) to create independent blockchains connected to the Lisk mainchain.
How Lisk Works
1. Developers Use Lisk SDK – Create dApps using JavaScript/TypeScript.
2. Deploy on a Sidechain – Each app runs on its independent blockchain, ensuring
flexibility.
[Link] the Network with DPoS – Users stake LSK tokens to vote for trusted
delegates.
4. Seamless Interaction with Lisk Mainchain – dApps can interact with the main
Lisk blockchain if needed.
Cryptography and Technical Foundations
• Cryptography is the science of making information secure in the presence of
adversaries.

• Cryptography provides various security services, such as Confidentiality,

Integrity, Authentication, (Entity Authentication and Data origin
authentication), accountability and nonrepudiation.
Mathematics
• Cryptography relies on a variety of mathematical concepts to secure data and
communications.
• sets and groups are fundamental concepts in abstract algebra, and they play a
crucial role in modern cryptography, particularly in public-key cryptosystems.
1. Sets
• A set is a collection of distinct elements. Sets are foundational in
many areas of mathematics, including cryptography.
• Examples of Sets in Cryptography
• Set of Natural Numbers N={1,2,3,...}
• Set of Integers Z={...,−2,−1,0,1,2,...}
• Set of Prime Numbers P={2,3,5,7,11,...}P = \{2, 3, 5, 7,
11, ...\}P={2,3,5,7,11,...}
• Set of Elements in Modular Arithmetic (e.g., Zn={0,1,...,n−1
Application in Cryptography:
• The set of prime numbers is used in RSA encryption.
• The set of elements in modular arithmetic is used in Diffie-
Hellman key exchange
• 2. Groups
• A group is a mathematical structure consisting of a set with an
operation that satisfies certain properties.

Application in Cryptography
•RSA Encryption: Uses the multiplicative group (Zn∗, ⋅)
•Diffie-Hellman Key Exchange: Uses cyclic groups in modular
arithmetic.
•Elliptic Curve Cryptography (ECC): Uses the group of points on
an elliptic curve.
Field in Cryptography
• A field is an algebraic structure that extends the concept of a group by incorporating two
operations: addition and multiplication.
• Fields play a crucial role in cryptography, particularly in finite field arithmetic, which is used
in AES encryption, Elliptic Curve Cryptography (ECC), and error correction codes.
⮚ Order
• This is the number of elements in a field. It is also known as the cardinality of
the field.
⮚ Prime fields
• This is a finite field with a prime number of elements.
• It has specific rules for addition and multiplication, and each nonzero element
in the field has an inverse.
• Addition and multiplication operations are performed modulo p.
Rings
• A ring is an algebraic structure that generalizes the concept of numbers and provides a
foundation for many cryptographic algorithms. Rings are particularly important in lattice-
based cryptography, homomorphic encryption, and code-based cryptography.
⮚ A cyclic group:
• A cyclic group is a type of group that can be generated by a single element
called the group generator.

⮚
⮚ An abelian group:
• An abelian group is formed when the operation on the elements of a set is
commutative.
• Commutative law basically means that changing the order of the elements
does not affect the result of the operation, for example, A X B = B X A.

⮚ Modular arithmetic:
• Modular arithmetic is a fundamental mathematical concept used in
cryptography, particularly in RSA encryption, Diffie-Hellman key exchange,
Elliptic Curve Cryptography (ECC), and hash functions.
Cryptography
⮚ Confidentiality
• Confidentiality is the assurance that information is only available to authorized entities.
⮚ Integrity
• Integrity is the assurance that information is modifiable only by authorized entities.
⮚ Authentication
• Authentication provides assurance about the identity of an entity or the validity of a message.
There are two types of authentications,
1. Entity authentication
2. Data origin authentication
Entity authentication
• Entity authentication is the assurance that an entity is currently involved and active in a
communication session.
• Traditionally, users are issued a username and password, which are used to gain access to the
platforms they are using. This is called single factor authentication as there is only one
factor, namely something you know, that is, the password and username.
• This type of authentication is not very secure due to various reasons, such as password
leakage;
• The use of additional techniques for user identification is known as multifactor
authentication or two-factor authentication.
• Various factors are described here:
1. The first factor is something you have, such as a hardware token or smart card.
2. The second factor is something you are, which uses biometric features in order to identify
the user.
Data origin authentication
• The source of information is verified.
• Data origin authentication implies data integrity because if a source is corroborated, then
data must not have been altered. Various methods, such as Message Authentication Codes
(MACs) and Digital signatures are most commonly used.
Digital Signatures in Cryptography
• A digital signature is a cryptographic technique used to verify the authenticity, integrity, and
non-repudiation of a message or document. It ensures that a message has not been tampered
with and that it comes from the rightful sender.
How Digital Signatures Work
• A digital signature involves three main steps:
[Link] Generation:
1. The sender generates a public key (PK) and a private key (SK).
2. The private key is used for signing.
3. The public key is used for verification.
[Link] Process:
1. The sender hashes the message to create a message digest.
2. The hash is encrypted using the sender’s private key to create the digital signature.
[Link] Process:
1. The receiver decrypts the signature using the sender’s public key to obtain the original hash.
2. The receiver hashes the received message and compares it with the decrypted hash.
3. If both hashes match, the signature is valid.
Digital Signature
Message Authentication Codes (MACs) in
Cryptography
• A Message Authentication Code (MAC) is a cryptographic technique used to ensure the
integrity and authenticity of a message.
• Unlike digital signatures, which use public-key cryptography, MACs use symmetric-key
cryptography, meaning the sender and receiver share a secret key.
How it Works
• A MAC takes three inputs:
• Message (M) – The data that needs authentication.
• Secret Key (K) – Shared between the sender and receiver.
• MAC Function (MAC_K) – Computes a fixed-length authentication tag.
• The sender computes:
MAC=MAC_K(M)
sends (M, MAC) to the receiver.
• The receiver also computes:
MAC′=MAC_K(M)
• If MAC' = MAC, the message is authentic and unchanged.
Message Authentication Codes
Non-repudiation
• The non-repudiation protocol usually runs in a communication network and is used to
provide evidence that an action has been taken by an entity (originator or recipient) on the
network.
• There are two communication models that can be used to transfer messages from originator
A to recipient B:
1. Message is sent directly from originator A to recipient B.
2. Message is sent to a delivery agent from originator A, which then delivers the message to
recipient B.
• The main requirements of a non-repudiation protocol are fairness, effectiveness, and
timeliness.
Accountability
• Accountability is the assurance that actions affecting security can be traced to the
responsible party.
• This is usually provided by logging and audit mechanisms in systems where a detailed
audit is required due to the nature of the business, for example, in electronic trading
systems.
• Detailed logs are vital to trace an entity's actions,
• For example, when a trade is placed in an audit record with the date and time stamp and
the entity’s identity is generated and saved in the log file.
• This log file can optionally be encrypted and can be part of the database or a standalone
ASCII text log file on a system.
Cryptographic primitives
• Cryptographic primitives are the basic building blocks of a security protocol or system.
• cryptographic algorithms that are essential for the building of secure protocols and systems.
• A security protocol is a set of steps taken in order to achieve required security goals by
utilizing appropriate security mechanisms.
• Various types of security protocols are in use, such as authentication protocols,
nonrepudiation protocols, and key management protocols.
A generic cryptography model is shown in the following
diagram:
• Entity: It is either a person or a system that sends, receives, or performs
operations on data
• Sender: Sender is an entity that transmits the data
• Receiver: Receiver is an entity that takes delivery of the data
• Adversary: This is an entity that tries to circumvent the security service
• Key: A key is some data that is used to encrypt or decrypt data
• Channel: Channel provides a medium of communication between entities
Cryptography is mainly divided into two categories, namely symmetric and
asymmetric cryptography.
⮚ Symmetric cryptography :
• Symmetric cryptography refers to a type of cryptography whereby the key that is used to
encrypt the data is the same for decrypting the data, and thus it is also known as a shared
key cryptography.
• The key must be established or agreed on before the data exchange between the
communicating parties. This is the reason it is also called secret key cryptography.
• There are two types of symmetric ciphers, stream ciphers and block ciphers.
• Data Encryption Standard (DES) and Advanced Encryption Standard (AES) are
common examples of block ciphers, whereas RC4 and A5 are commonly used stream
ciphers.
Stream ciphers
• These ciphers are encryption algorithms that apply encryption algorithms on a
bit-by-bit basis to plain text using a key stream.
• There are two types of stream ciphers: synchronous and asynchronous.
• Synchronous stream ciphers are ones where key stream is dependent only on
the key.
Example: RC4 (Rivest Cipher 4)
• Asynchronous stream ciphers have a key stream that is also dependent on the
encrypted data.
Example: CFB (Cipher Feedback Mode) using AES
• In stream ciphers, encryption and decryption are basically the same function
because they are simple modulo 2 additions or XOR operation.
• The key requirement in stream ciphers is the security and randomness of key
streams.
Operation of stream cipher
Example for Stream Cipher
• Let’s encrypt "HELLO" using a simple stream cipher concept (assuming
a simplified keystream).
• Plaintext (ASCII):
H (72) E (69) L (76) L (76) O (79)
Keystream (Example values):
12 34 56 78 90
Ciphertext (XOR operation):
72 ⊕ 12 = 68 69 ⊕ 34 = 103 76 ⊕ 56 = 116 76 ⊕ 78 = 2 79 ⊕
90 = 21
Ciphertext Output (Decimal):
68 103 116 2 21
Block ciphers
• These are encryption algorithms that break up a text to be encrypted (plain text) into blocks
of fixed length and apply encryption block by block.
• Common block sizes are 64 bits (DES) and 128 bits (AES).
• Block ciphers are usually built using a design strategy known as Fiestel cipher.
• Recent block ciphers, such as AES (Rijndael) have been built using a combination of
substitution and permutation called substitution permutation network (SPN).
• The Fiestel Ciphers structure is based on the idea of combining multiple rounds of repeated
operations to achieve desirable cryptographic properties knows as confusion and diffusion.
⮚ Confusion: DES uses S-boxes (Substitution Boxes) in the round function to replace bits
unpredictably.
⮚ Diffusion: DES uses bit permutations and swaps across 16 rounds to spread bit changes.
• Fiestel networks operate by dividing data into two blocks (left and right) and process these
blocks via keyed round functions.
Block cipher
Confusion Operation
• Confusion makes the relationship between the encrypted text and plaintext
complex. This is achieved by substitution.
• For example, 'A' in plain text is replaced by 'X’ in encrypted text.
• Confusion is required to make finding the encryption key very difficult even
if many encrypted and decrypted data pairs are created using the same key.
• A key advantage of using Fiestel cipher is that encryption and decryption
operations are almost identical and only require a reversal of the encryption
process in order to achieve decryption.
Diffusion Operation
• The diffusion property spreads the plain text statistically over the encrypted
data, which ensures that even if a single bit is changed in the input text, it
results in changing at least half (on average) of the bits in the cipher text.
• Example: Transposition or permutation.
Operation of block cipher
• Various modes of operation for block ciphers are
⮚ Electronic Code Book (ECB),
⮚ Cipher block chaining (CBC),
⮚ Output Feedback Mode (OFB), or Counter mode (CTR).
• These modes are used to specify the way in which an encryption function
would be applied to the plain text.
• First four categories of block cipher encryption modes.
• Block encryption mode
• Keystream generation modes
• Message authentication modes
• Cryptographic hashes
Block encryption mode
• In this mode, plaintext is divided into blocks of fixed length depending on the type of
cipher used and then the encryption function is applied on each block.
Keystream generation modes
• In this mode, the encryption function generates a keystream that is then XORed with the
plaintext stream in order to achieve encryption.
Message authentication modes
• In this mode, a message authentication code is computed as a result of an encryption
function. MAC is basically a cryptographic checksum that provides an integrity service.
The most common method to generate MAC using block ciphers is CBC-MAC, where
some part of the last block of the chain is used as a MAC.
Cryptographic hashes
• Hash functions are basically used to compress a message to a fixed length digest. In this
mode, block ciphers are used as a compression function to produce a hash of plain text.
Electronic code book
• This is a basic mode of operation in which the encrypted data is produced as a result of
applying the encryption algorithm one by one separately to each block of plain text. This is
the simplest mode but should not be used in practice as it is insecure and can reveal
information.
• It is used only for short messages
Cipher block chaining
• In this mode, each block of plain text is XORed with the previous encrypted block. The CBC
mode uses initialization vector IV to encrypt the first block. It is recommended that IV be
randomly chosen:
Counter mode
• The CTR mode effectively uses a block cipher as a stream cipher.
• In this case, a unique nonce is supplied that is concatenated with the counter value in
order to produce a key stream:
Open SSL Commands
• Electronic code book :

Encryption:
openssl enc -aes-128-ecb -e -in [Link] -out [Link] -K
00112233445566778899AABBCCDDEEFF
Decryption:

openssl enc -aes-128-ecb -d -in [Link] -out [Link] -K

00112233445566778899AABBCCDDEEFF
• Cipher Block chaining :

Encryption:
openssl enc -aes-128-cbc -e -in [Link] -out [Link] -K
00112233445566778899AABBCCDDEEFF -iv
0102030405060708090A0B0C0D0E0F10

Decryption:
openssl enc -aes-128-cbc -d -in [Link] -out [Link] -K
00112233445566778899AABBCCDDEEFF -iv
0102030405060708090A0B0C0D0E0F10
• Counter Mode :

Encryption:
openssl enc -aes-128-ctr -e -in [Link] -out [Link] -K
00112233445566778899AABBCCDDEEFF -iv
0102030405060708090A0B0C0D0E0F10

Decryption:

openssl enc -aes-128-ctr -d -in [Link] -out [Link] -K

00112233445566778899AABBCCDDEEFF -iv
0102030405060708090A0B0C0D0E0F10
DES
• DES was introduced by the US National Institute of Standards and Technology (NIST)
as a standard algorithm for encryption and was in main use during 1980s and 1990s.
• In July 1998, Electronic Frontier Foundation (EFF) broke DES using a special purpose
machine.
• This problem was addressed with the Introduction of Triple DES (3DES), which proposed
the usage of a 168-bit key using three 56-bit keys and the same number of executions of the
DES algorithm, thus making brute force attacks almost impossible.
• But other limitations, such as slow performance and 64-bit block size.
• DES is a block cipher and encrypts data in blocks of size of 64 bits each, which means 64
bits of plain text go as the Input to DES, which produces 64 bits of ciphertext.
• The key length is 56 bits.
▪ The initial key consists of 64 bits.
▪ However, before the DES process even starts, every 8th bit of the key is discarded to
produce a 56-bit key. That is bit positions 8, 16, 24, 32, 40, 48, 56, and 64 are discarded.

▪ 56 bits are given to Left Circular shift.

▪ Left circular shift is one bit shift for rounds, 1,2,9, and 16.
▪ Other rounds Left circular shift is two bit shift.
▪ 8 bits are dropped and 48 bits are permuted.
 DES
Dcryption
 Advanced Encryption Standard (AES)

• 2001, Rijndael

• Block Cipher

• Allows different key of size 128-bit, 192-bit, and 256-bits, but in the AES standard,
only a 128-bit block size is allowed.

• However, key sizes of 128-bit, 192-bit, and 256-bit are allowed

Advanced Encryption Standard (AES)
 Advanced Encryption Standard (AES)

• Four operations are performed in four stages in order to encrypt the input.
• These stages are AddRoundKey, SubBytes, ShiftRows, and MixColumns:
1. In the AddRoundKey step, the state array is XORed with a subkey, which is
derived from the master key.
2. This is the substitution step where a lookup table (S-box) is used to replace all
bytes of the state array.
3. This step is used to shift each row except the first one in the state array to the
left in a cyclic and incremental manner.
4. Finally, all bytes are mixed in this step in a linear fashion column-wise.
Advanced Encryption Standard (AES)