**A Simple Cipher: The Round**

This number is So 16 plus a 4 of 20 plus the wall is 21, 21. So, is this a good cipher? Well, let's put aside the fact that it's trivially decrypted. All and say well, 103 is not a lot like 21, so intuitively maybe right? It's not absolute table now on its own. This is not very good. This is called a round. Right and the idea is of what you would do is you would repeat this over and well over again, and hopefully you wouldn't just be switching eight bits about. You'd have a whole hundred twenty-eight bit block, and over time bits from the very left get moved over to the right, having effects on everything.

**The Problem with One Round**

Alright, so this mapping becomes much more confusing. The other thing is that we've got to introduce a secret key because without a secret key, if you know the code for this, you can just reverse the process. This is not hard to reverse. The inverse box is just a reverse lookup of this table, and this permutation is just a reverse direction for all these wires.

**Introducing a Key: Key Mixing**

So how do we introduce a key? Obviously called something called key mixing. So what we have is we have our message, which is the size of our block. Thankfully, we're gonna put it through round one and we're gonna put it through another round, and then we're gonna get some ciphertext now that alone is not very good. So what we do is we have our key, a secret key, and we expand it into a nice block of this length. And we split it up to be let's say three chunks long right in this case.

**The Key Mixing Process**

The first chunk is ex-ored with this here, the second chunk is XORed with this other thing, and the third chunk is XORed with this one too, like this. So once you take the key away, you can no longer reverse the process because of the way we've mixed it in. But the key itself remains secret.

**The Importance of Key Mixing**

We all know how the S boxes work. We all know how the permutation box works. But as soon as you take a key away, we're a bit stuffed if you have the key, decryption is really easy. You expand the key right something called a key schedule and then you start with ciphertext you XOR it with this bit of a key. Then you go through the inverse of this, you XOR that one, you go through the inverse of that one, excellent! This bit, and you've got the message back.

**Decryption without the Key**

So what happens if we don't use our S box or permutation box secret? Because it will be easy to decompile the code and work out what happened. What we do is we develop really good S boxes and permutation boxes, and then we introduce a key schedule to mix our key in. And then when you take a key away, you can't break it.

**The Use of Multiple Rounds**

Typically, you'd use the same round as usual. The number of rounds used will depend on the algorithm, the strength of your round function. So a EES uses between ten and fourteen rounds. The way it's designed is that you increase the number of rounds until you can't break it any more.

**Compromise between Speed and Security**

There's a compromise between how many rounds you use for speed and how many rounds you use for security right? And this is used in anything we can put our finger on now. This SP network is the basis for the advanced encryption standard, and the advanced encryption standard encrypts almost every connection over the Internet right.

**A Cautionary Note: Hash Functions**

Video cycle can be applied to every frame of an image, it's gonna be little bit noisy, why you're gonna have to take steps or tries to move that out yet? 38 billion hashes per second, which is why md5 is not usable in any sense anymore ever. Don't use it.

"WEBVTTKind: captionsLanguage: enLet's talk a little bit about encryption and specifically kind of modern encryption and how it worksNow before we jump straight into something like the advanced encryption standard. I wanted to talk about SP networksor Substitution-Permutation networks because they are the basis for a lot of modern cryptography — not all of it, but a lot of symmetric cryptography anyway.Dave has done a lot of videos on things like Enigma. Enigma is a kind of classic cipher and it's a substitution cipher.Just like the Caesar cipher. It's just that its substitution is a little bit better than the Caesar cipherso with something like Enigma or the Caesar cipheryou've got an input which is you know letter 1, letter 2, 3, 4, 5this is the message going this way and this is going to undergo some kind of substitution and turn it into another oneWhich let's say is kind of ciphertext 1 ciphertext 2 3 4 and so on each one nowThere's a lot of problems to the Caesar cipher - okayAnd there's a few problems with Enigma, but one of the problems is but there's only ever a one to one mappingThat is to say this character is encrypted and becomes this character and this one is encrypted. It becomes this character, which means thathowever complicated the substitution is to work out the mapping you really need to focus on these two characters alone if this cipher text wasBased on ten of these characters that'll be a little bit more difficult alreadySo we could say that the Enigma machine or Caesar cipher has a block size of onerightWhich is but it encrypts a block of one characterInto an output of one character right now modern encryption doesn't work. This way modern encryption has a block sizeIt's quite a lot larger, right? Certainly. This is a block cipherSo a block cipher is something that takes a block of a certain sizeLet's say 128 bits and it turns it into an output or ciphertext of 128 bitsSo what I want to talk about today was a very simple example of a networkThat you can make significantly more complicated and end up being the most usedAlgorithm on the planet might not the one I'm going to show youSo this is an SP Networkthe idea is that isThat what we want to do is combine some kind of substitution process changing characters for other charactersWith something called a permutation process swapping characters around XOR in things to other things moving things about and that wayNot only do is the mapping between the input and the output confusing but it moves all over the place. So it's even more confusingTechnically, that's what enigma does though, right? NoYeah, because every time you change it the map, you know, so so the yes a good question, right?So let's go back to thisso what enigma does is it changes this substitution if we tick but it doesn't mean that this goes to this and this goes toThis and this goes to this so it's still one-to-oneIt's just for the substitution is confusing and changes. So it's still gonna block size of oneAn Engel, I guess will be better if I had a bigger block size, but I don't know how they would wire that upWhat we want is some kind of slightly larger block, so I'm going to have a full blockSubstitution. Alright, so I'm gonna have something called an S box right an S boxI'm gonna do like this takes four bits of inputSo these are the bits might be the north or one or two one or two one or two one and it outputs four bitsAnd then in it, I'm going to come up with some rulesSo when a five goes in let's say a seven comes out and when a fourteen goes in a two comes downRight, and I can come up with some rules. So I'm going to make up some balls nowI'm not going to draw them all in here because I've already want to have spaceSo this is two to the four possible combinations so numbers between 0 and 15 right all zeros to all wantOkay, so let's come up with some rules. Right? So for example, let's let's do all the inputsSo in what North one two, three, four five six?Possible to this bit. I think those are all the different combinationsSo I'm gonna use a different pen because otherwise it's gonna get confusing. Okay?These are some rules I've come up with now. These are not particularly goodThere's a lot of reasons for this one is my xbox is too smallbut the other thing is that I haven't given I mean I'vePaid a little bit of attention to things not going back on themselvesbut so things likeIf a one went to a 10 and a 10 went to a 1 that's kind of invertible and that's some a statistically weakerBut if you didn't do that, right?So there's a little bit always you should be careful about when you're designing these kind of things, right?My best advice would be to use the ones that have already been designed and not develop your ownLet's put a number through here. So let's put the number twelve in through this S box. Okayso 12 is 8 plus 4 plus nor plus naught so 12 goes in and12 maps to 5. So that's going to be naught 1 or 1/4 plus 1, okaySo so this comes out as 5 right nowThis could be this could go into another mess box or just some other process, right?The idea is that you're just mapping numbers to another number now this on its ownIt's like a terrible version of enigma, right a number goes in and a really poorly masked number comes out, right?It's terrible because everyone can see this so, you know what this is you can just invert it. We need more than thisOk. So what we do is we also implement some permutation. So let's list this contra permutation box a permutation box in my exampleIt's just going to move things about so we're going to take let's say an 8 bit permutation boxSo that's going to be like this1 2 3 4 5 6 7 8 bits of input 8 bits of output and then we're just gonna mix it upSo we're gonna take that one over here and that one over hereThis is getting confusing I'm running out of linesOkay, right I made that up. So I mean, you know, is that good? I don't know but it's notIt's not important how good it is as a cipherSo you would have 2 X boxes here - 4 bit s boxes for example plugging into one 8-bit permutation boxSo the outputs of these get jumbled about or mixed up here the way an SP network works. Is it repeats?Substitution and permutation over and over again. So I'll just draw like an exampleWithout drawing all the lines up againAnd then we'll go through using our permutationsSo you might for example have 4 bits in and another S box here 4 bits in these 4 bitscome into our permutation box and go through that mapping which I won't draw out again, butthat one right and then out come 8 bits ofCiphertext in some sense. So let's put it on belén and see how it works. OkI've got control now pick a number between 1 to 5 5 way103 okay, I'm gonna give you come about now before I break it 103 like let me get a pen a different penSo one. Oh three. Ohone100 warms wand one, right?I checked because making a mistake will be two emerging now. So just do business box on its own first, right?These are my rules I've got here. I'm going to refer to them just sort of on the sideThis number here is four plus two, which is sixSo if I look in here six goes to eight so that's 1 0 0 0 so 1 0 0 0like that 0 1 1 1 is4 plus 2 plus 1 alright, which is 7 so I look 7 up goes to 3 eventually buy naught naught 11 okay, so I'm gonna start trying to I mean because I haven't drawn them in here. I don't know where they're goingBut this one goes all the way to the end. So this one comes down here. This one goes toThat one apparently that's not great. That's not very exciting. So that's a lot. This one goes to hereThis one goes 1 across to here. IThink I didn't I didn't separate them out not very excited. Okay, I mean, yeah, it was mostly not that noI'll pick a bad number date. Yeah it do you not know anything about my cipherI've got completely lost about which number I was turning on whichThat that one so one goes to there. Yeah. Okay. So there's one there one thereYeah, we can cut this out and it will all look great. That one goes to there that one KSo now you would program this upSo you work quite as slow as me right because because AES for example can encrypt at 700 megabits per second. I can'tI've done8 bitsAnd it's taking this way too long. Okay, right. So this number isSo 16 plus a 4 of 20 plus the wall is 21 21So is this a good cipher?wellLet's put aside the fact that it's trivially decrypted all and say well 103 is not a lot like 21 so intuitively maybe rightIt's not absolute table now on its own. This is not very goodThis is called a roundRight and the idea is of what you would do is you would repeat this over and well over againand hopefully you wouldn't just be switching eight bits about you'd have a whole hundred twenty eight bit block andOvertime bits from the very left it getting moves over to the vote right and having effects on everythingAlright, so this mapping becomes much much more confusingThe other thing is that we've got to introduce a secret key because about a secret key if you know the code for thisYou can just reverse the process. This is not hard to reverseThe inverse box is just a reverse lookup of this table and this permutation is just a reverse direction for all these wiresSo how do we introduce a key? Obviously called something called key mixing. So what we have is we have our messageAlright, which is the size of our block. Thankfully we're gonna put it through around like this round one and we're gonna put it throughAnd - and then we're gonna get some ciphertext now that alone is not very goodSo what we do is we have our key aisle secret key and we expand it into a nice block of this lengthand we split it up to be let's say three chunks long right in this case and the first chunk is ex-ored withthis here and the second chunk is XOR dear and the third chunk in the edge sword here like this and that means thatOnce you take the key away, you can no longer reverses process, but the key is the secret bitWe all know how the S boxes work. We all know how the permutation box worksBut as soon as you take a key away, we're a bit stuffed wayif you have the key decryption is really easy you expand the key right something called a key schedule andYou start with a ciphertext you XOR it with this bit of a key you go through the inverse of hereyou XOR of this bit you go through the inverse of this you excellent this bit and you've got the message back so you canGo forward you can go backwardsAll you need to do is change these light arrows to left if you take the key awayYou can't perform these XOR operations which are going to be flipping bits and ompletely muddling around with the inputso none of this is going to work right you'll be able toAchieve absolutely nothinglike I saidwhat we don't do is keep our s box or a permutation box secret right because it will be easy toDecompile the code and work out. What happenedwhat we do is we develop really really good s boxes and permutation boxes andThen we introduce a key schedule to mix our key in and then when you take a key away, you can't break itThat's how a modern sNetwork works, you've got two rounds there or they're usually more another different is usually more. They're not different, right?So typically you'd use the same round as usual rounds really goodThe number of rounds of use will depend on the algorithm the strength of your round functionSo a EES uses between ten and fourteen roundsThe way it's designed is that you increase the number of rounds until you can't break it any moreThat's the ideaIf you use too few moundsThey'll probably be some statistical mapping between the input and the output you might better work out how to break that cipherOnly one half if you just use a billion roundsThen no one's going to do anything because they're all busy encrypting and it's going to take too longSo you've put there's a compromise between how many rounds you use for speed and how many miles you use for security right and this?usedIn anything we can put our finger on nowThis is actually absolutely so so this SP network is the basis for the advanced encryption standard and the advanced encryption standardEncrypts almost every connection over the Internet right the one you're using nowWe'll talk another time about AES the advanced encryption standard, but it functions quite a lot like thisIt's just that they've given a little bit more consideration to their design than I haveVideo cycle can being applied to every frame of an imageIt's gonna be little bit noisy why you're gonna have to take steps or tries to move that out yet?38 billion hashes per second, which is why md5 is not usable in any sense anymore ever?Don't use it. Okay, is that clear yet?\n"