A Large Block Cipher Using Modular Arithmetic Inverse of a Key Matrix and Mixing of the Key Matrix and the Plaintext

: In this paper, we have developed a block cipher by applying an iterative method. In the process of encryption, we have used a key matrix (K) in which all the elements are binary bits. In the process of decryption, we have utilized the modular arithmetic inverse (K -1 ). In the process of encryption, the elements of the plaintext and the elements of the key are thoroughly mixed so that the strength of the algorithm increases remarkably. In this we have obtained the ciphertext for large blocks of plaintext.


INTRODUCTION
In the literature of cryptography, we find a number of block ciphers [1] . In the development of all the ciphers, the basic ideas involved are substitution, diffusion, permutation and mixing. In all these ciphers though the encryption and decryption processes are fully known to all, the secrecy of the key(s), on which the cipher mainly depends upon, does not allow any cryptanalytic attack.
The Hill cipher [1] is described by the equations C = KP mod 26 and P = K -1 C mod 26, where K is the key matrix, P the plaintext vector, C the ciphertext vector and K -1 is the modular arithmetic inverse of K. By using the known plaintext attack, this cipher could be broken by writing an equation of the form Y = KX mod 26, (1.1) where X and Y are matrices containing plaintext vectors and the corresponding ciphertext vectors respectively. Here K (= YX -1 mod 26) could be obtained by determining X -1 , where X -1 is the modular arithmetic inverse of X. All this has happened as the plaintext matrix X is not thoroughly mixed with the key matrix K although diffusion is present.
In the present paper, our interest is to develop a cipher for a large block size. Following Feistel, we have developed a block cipher, wherein the key matrix and the plaintext vector are converted into binary bits and mod 2 operation is carried out to obtain the ciphertext. In this we have shown that a thorough mixing of the elements of the key matrix and the plaintext matrix will lead to a cipher, which cannot be broken by any cryptanalytic attack.

Development of the cipher:
Consider a plaintext containing n characters. Let us represent each character as a number given by its ASCII code. Then each number is represented in its binary form. We now form a matrix of size n x 7, wherein each element of the matrix is a binary bit. Thus the plaintext assumes the form of a matrix given by [P ij ], i = 1 to n, j = 1 to 7.
(2.1) Let us now consider a key matrix K consisting of binary bits, whose size is n x n. Let us denote the ciphertext by C, where C is an n x 7 matrix. Thus we get the ciphertext C by using the relation C = KP mod 2.
(2.2) Here we introduce an iterative scheme in order to achieve a thorough mixing of the plaintext and the key, so that it enhances the strength of the cipher. Before we proceed to the iterative scheme in the process of encryption, we denote P and C by P 0 and C 0 respectively. Hence, we rewrite (2.2) in the form C 0 = KP 0 mod 2. (2. 3) The iterative scheme under consideration is given by (2.5) where i takes the values 1 to n and E i is the transpose of the matrix formed by taking the i th row to the r th row of the matrix K. Here Further, we use the relations D 0 = C n , (2.6) Q j = D j-1 ⊕ F j , (2.7) D j = KQ j mod 2, (2.8) where j takes the values 1 to n and F j is the matrix formed by taking the j th column to the s th column of the matrix K. Here (j+6) if (j+6) n, (j+6-n) otherwise.
Thus we get D n , which may be denoted as C. Now we take C = D n .
(2.9) r = s = On the whole, we have performed 2n iterations, in which the first 'n' are concerned to the elements of the rows of K and the other 'n' are related to the elements of the columns of K. The process of decryption is carried out by adopting the same procedure in the reverse order and this leads to the original plaintext. Here also, the number of iterations is 2n. In what follows, we design algorithms for encryption and decryption and also describe a method for obtaining the modular arithmetic inverse [2] . Algorithms 3.1 Algorithm for encryption { 1. Read n, K and P 0 2. C 0 = KP 0 mod 2 3. for i =1 to n { P i = C i-1 ⊕ E i C i = KP i mod 2 } 4. D 0 = C n 5. for j = 1 to n { Q j = D j-1 ⊕ F j D j = KQ j mod 2 } 6. C = D n 7. Write C } 3.2 Algorithm for decryption { 1. Read n, K and C 2. Find the modular arithmetic inverse of K. Let it be denoted by K -1 . 3. D n = C 4. for j = n to 1 { Q j = K -1 D j mod 2 D j-1 = Q j ⊕ F j } 5. C n = D 0 6. for i = n to 1 { P i = K -1 C i mod 2 C i-1 = P i ⊕ E i } 7. P 0 = K -1 C 0 mod 2 } } Here it is to be noted that the modular arithmetic inverse of a matrix A exists only when A is nonsingular and ∆ is relatively prime to N. In the present analysis, we take N = 2 and obtain the modular arithmetic inverse of K such that KK -1 mod 2 = K -1 K mod 2 = I.

Illustration of the cipher:
Let us consider the plaintext "Pay more money", which is consisting of 14 characters including the blank spaces. By using the ASCII code, we represent each character of the plaintext in terms of seven binary bits. Thus placing the binary bits of each character in a row, the plaintext matrix P is given by P = Let us now consider a key K 0 comprising 28 numbers. This is given by (4.2) Here, we have selected these numbers such that each of them can be represented by a seven bit binary number, i.e. each number is at the most 127 and repetitions are allowed. We place the 28 numbers of the key in the form of a 14 x 2 matrix such that the first two numbers are in the first row, the next two numbers are in the second row and so on.
On converting these numbers into their binary form, we get a 14 x 14 matrix given by Then by adopting the algorithm given in section 3.3, we obtain the modular arithmetic inverse K -1 , satisfying the relations KK -1 mod 2 = K -1 K mod 2 = I, is given by Here, it is to be noted that the modular arithmetic inverse (K -1 ) exists only when the determinant of K is non-zero and it is relatively prime to 2. In this case, the value of the determinant is -85 and hence the above conditions are satisfied. On using the algorithm 3.1 for encryption, the ciphertext corresponding to the plaintext "Pay more money" can be obtained as 110101110011011001101110111011010010100000110 100001100101001100101111010000101011110111100 00110111.
(4.5) The receiver who has obtained the key from the sender uses the decryption algorithm and finds the original plaintext.
As the process of the encryption involving the iterative scheme contains equations, which mix the plaintext and the key very thoroughly, it can be anticipated that the cipher cannot be broken by any cryptanalytic attack. Now we discuss the cryptanalysis.

Cryptanalysis:
The key matrix given by (4.2) contains 196 elements. Thus the size of the key space is 2 196 ≈ (2 10 ) 20 ≈10 60 . This indicates very clearly that the brute force attack is not possible.
Let us now consider the known plaintext attack. In this case, we can have as many plaintext and ciphertext pairs as we require. However, we do not have a simple relation between the ciphertext and the plaintext as we have in the case of Hill cipher [2] . Now let us see the relation between P and C. From (2.3) to (2.5), we get C 0 = KP 0 mod 2. P 1 = C 0 ⊕ E 1 . C 1 = KP 1 mod 2 = K (KP 0 mod 2 ⊕ E 1 ) mod 2 = K 2 P 0 mod 2 ⊕ KE 1 mod 2. P 2 = C 1 ⊕ E 2 . C 2 = K P 2 mod 2 = K (K 2 P 0 mod 2 ⊕ KE 1 mod 2 ⊕ E 2 ) mod 2 = K 3 P 0 mod 2 ⊕ K 2 E 1 mod 2 ⊕ KE 2 mod 2.
(5.4) Here we readily notice that the rest of the terms in (5.2) and (5.3) cancel each other as they are the same in both the equations. Equation (5.4) can be written as S = K 29 mod 2, (5.5) where S = C ⊕ G and = P 0 ⊕ H 0 . Let U 0 and V 0 be two more plaintexts, represented in the form of matrices of size 14x7 and L and M be the two corresponding ciphertexts. Then on applying the above procedure, adopted on C and G, we get R = K 29 mod 2, (5.6) where R = L ⊕ M and = U 0 ⊕ V 0 . Now on combining equations (5.5) and (5.6) so that is the first seven columns of a 14x14 matrix (say X) and is the next seven columns of the same matrix, we get an equation of the form Y = K 29 X mod 2, (5.7) where X and Y are the related plaintext and the ciphertext matrices respectively. From (5.7) we obtain, X -1 Y mod 2 = (K 29 (X -1 X mod 2)) mod 2. Thus we get X -1 Y mod 2 = K 29 mod 2. i.e. (K 29 -X -1 Y) mod 2 = 0.
(5.8) As this is a non-linear equation of degree 29 in K, it is not possible to obtain the key matrix K. Thus, the cipher cannot be broken in the case of known plaintext attack.

Cipher for larger block size:
Let us consider the plaintext: Almighty saves the Universe.
(6.6) As the determinant of K, denoted by ∆ = 71576.967967 71577, it is relatively prime to 2. Thus the modular arithmetic inverse of K can be obtained by applying the procedure given in section 3.3. Hence, we have It can be readily seen that K K -1 mod 2 = K -1 K mod 2 = I.
On using the K -1 given in (6.7) and the ciphertext given in (6.6), we apply the decryption algorithm  We know very well that the strength of a cipher increases significantly as the length of the block increases. Thus let us consider a block of size 392 bits, which is double that of the previous block. The processes of encryption and decryption for the 392 bits block are shown in Fig. 1 and 2 respectively.
In Fig. 1, the plaintext of length 2W is divided into two halves, wherein each half (W) contains 196 bits. These bits are arranged in the form of a 28x7 matrix. Then PE, the procedure for encryption of 196 bits mentioned earlier is applied on both the Ws. After that the left side W and the right side W are interlaced as follows. Each W containing 196 bits is arranged again in the form of a matrix of size 28x7. Let us now represent the left side and the right side matrices as A and B respectively. Let A = [a ij ], B = [b ij ], i = 1 to 28, j = 1 to 7.
For a thorough mixing of the matrices A and B, we mix the elements of the first column of A, as they are, with the elements of the last column of B taken in the reverse order. Similarly, elements of the second column of A are mixed with the elements of the last but one column of B. This process is continued till all the columns of A and B are exhausted. It is to be noted that the elements of the first column of A and the elements of the last but one column of B are mixed in the following manner. The last element of the last column of B is placed next to the first element of the first column of A; the last but one element of the last column of B is placed next to the second element of the first column of A and so on. Then we get the elements in the form a 1 1 b 28 7 a 2 1 b 27 7 a 3 1 b 26 7 a 4 1 b 25 7 . . .
The same mixing procedure is adopted for the other pairs of columns. In Fig. 2, PD is the procedure for the decryption of a block of size 196 bits and Decompose is a function which acts in an opposite way to interlacing.