Professional Documents
Culture Documents
ICS Lab Manual
ICS Lab Manual
ICS Lab Manual
Theory:
1) Symmetric key cryptography –
Symmetric Key Cryptography also known as Symmetric Encryption is when a secret key is
leveraged for both encryption and decryption functions. This method is the opposite of
Asymmetric Encryption where one key is used to encrypt and another is used to decrypt. During
this process, data is converted to a format that cannot be read or inspected by anyone who does
not have the secret key that was used to encrypt it.
The success of this approach depends on the strength of the random number generator that is used
to create the secret key. Symmetric Key Cryptography is widely used in today’s Internet and
primarily consists of two types of algorithms, Block and Stream. Some common encryption
algorithms include the Advanced Encryption Standard (AES) and the Data Encryption Standard
(DES). This form of encryption is traditionally much faster than Asymmetric however it requires
both the sender and the recipient of the data to have the secret key.
2) S-DES –
Simplified Data Encryption Standard (S-DES) is a simple version of the DES Algorithm. It is
similar to the DES algorithm but is a smaller algorithm and has fewer parameters than DES. It
was made for educational purposes so that understanding DES would become simpler. It is a
block cipher that takes a block of plain text and converts it into ciphertext. It takes a block of 8
bit.
It is a symmetric key cipher i.e., they use the same key for both encryption and decryption. In
this article, we are going to demonstrate key generation for s-des encryption and decryption
algorithm. We take a random 10-bit key and produce two 8-bit keys which will be used for
encryption and decryption.
Key Generation Concept: In the key generation algorithm, we accept the 10-bit key and convert
it into two 8 bit keys. This key is shared between both sender and receiver.
3) Algorithm –
The S-DES encryption algorithm takes an 8-bit block of plaintext (example: 10111101) and a 10-
bit key as input and produces an 8-bit block of ciphertext as output. The S-DES decryption
algorithm takes an 8-bit block of ciphertext and the same 10-bit key used to produce that
ciphertext as input and produces the original 8-bit block of plaintext.
The encryption algorithm involves five functions:
a complex function labeled fk, which involves both permutation and substitution operations and
depends on a key input
a simple permutation function that switches (SW) the two halves of the data
Where
S-DES depends on the use of a 10-bit key shared between sender and receiver. From this key, two
8-bit subkeys are produced for use in particular stages of the encryption and decryption algorithm.
First, permute the key in the following fashion. Let the 10-bit key be designated as (k1, K2, k3,
k4, k5, k6, k7, k8, k9, k10). Then the permutation P10 is defined as:
P10 (k1, K2, k3, k4, k5, k6, k7, k8, k9, k10) = (k3, k5, K2, k7, k4, k10 10, k1, k9, k8, k6) P10 can
be concisely defined by the display:
This table is read from left to right; each position in the table gives the identity of the input bit that
produces the output bit in that position. So the first output bit is bit 3 of the input; the second output
bit is bit 5 of the input, and so on. For example, the key (1010000010) is permuted to (10000
01100). Next, perform a circular left shift (LS-1), or rotation, separately on the first five bits and
the second five bits. In our example, the result is (00001 11000). Next we apply P8, which picks
out and permutes 8 of the 10 bits according to the following rule:
The result is subkey 1 (K1). In our example, this yields (10100100). We then go back to the pair
of 5-bit strings produced by the two LS-1 functions and performs a circular left shift of 2 bit
positions on each string. In our example, the value (00001 11000) becomes (00100 00011). Finally,
P8 is applied again to produce K2. In our example, the result is (01000011).
2. S-DES encryption
The input to the algorithm is an 8-bit block of plaintext, which we first permute using the IP
function:
This retains all 8 bits of the plaintext but mixes them up.
Consider the plaintext to be 11110011.
The Function fk
The most complex component of S-DES is the function fk, which consists of a combination of
permutation and substitution functions. The functions can be expressed as follows. Let L and R be
the leftmost 4 bits and rightmost 4 bits of the 8-bit input to f K, and let F be a mapping (not
necessarily one to one) from 4-bit strings to 4-bit strings. Then we let
We now describe the mapping F. The input is a 4-bit number (n1 n2 n3 n4). The first operation is
an expansion/permutation operation:
e.g., R= 1101
The 8-bit subkey K1 = (k11, k12 12, k13 13, k14 14, k15 15, k16 16, k17 17, k18) is added to this
value using exclusive-OR:
The first 4 bits (first row of the preceding matrix) are fed into the S-box S0 to produce a 2- bit
output, and the remaining 4 bits (second row) are fed into S1 to produce another 2-bit output.
The S-boxes operate as follows. The first and fourth input bits are treated as a 2-bit number that
specify a row of the S-box, and the second and third input bits specify a column of the S-box. The
entry in that row and column, in base 2, is the 2-bit output. For example, if (p0,0 p0,3) = ) (00) and
( p0,1 p0,2) = (10), then the output is from row 0, column 2 of S0, which is 3, or (11) in ) binary.
Similarly, (p1,0 p1,3) and ( p1,1 p1,2) are used to index into a row and column of S1 to produce
an additional 2 bits. Next, the 4 bits produced by S0 and S1 undergo a further permutation as
follows:
The function f K only alters the leftmost 4 bits of the input. The switch function (SW) interchanges
the left and right 4 bits so that the second instance of f K operates on a different 4 bits. In this
second instance, the E/P, S0, S1, and P4 functions are the same. The key input is K2. Finally apply
inverse permutation to get the ciphertext.
4) Advantages –
1. DES has a 56-bit key which raises the possibility of 256 possible keys which make brute
force impossible.
2. The 8 S-boxes used in each round were not made public and even it impossible for any to
discover the design of the s-boxes which makes the attack more impossible.
5) Limitations -
1. The number of rounds in DES increases the complexity of the algorithm.
2. However, the cryptanalysis attack is easier than the brute force attack on DES.
Conclusion :
Thus we have successfully learnt how to apply data encryption standard algorithm to encryption
and decryption of given data using S-DES algorithm.
Code :
SDES.java
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
return builder.toString();
}
public static String decrypt(String msg, int key) {
int[] keys = getKeys(key);
StringBuilder builder = new StringBuilder(msg.length());
for (int i = 0; i < msg.length(); i++)
builder.append((char)decrypt(msg.charAt(i), keys));
return builder.toString();
}
int substituted = 0;
int i = ((permutation & (1 << 7)) >>> 6) | (permutation & (1 <<
4)) >>> 4;
int j = ((permutation & (1 << 6)) >>> 5) | (permutation & (1 <<
5)) >>> 5;
substituted |= S0[i][j] << 2;
i = ((permutation & (1 << 3)) >>> 2) | (permutation & 1);
j = ((permutation & (1 << 2)) >>> 1) | (permutation & (1 << 1))
>>> 1;
substituted |= S1[i][j];
cript = encrypt(input,keyy);
output = decrypt(cript,keyy);
import org.junit.Test;
import static org.junit.Assert.*;
import static org.mockito.Mockito.*;
import java.io.*;
import java.util.*;
assertArrayEquals(result, cryptography.SDES.getKeys(key));
}
assertEquals(text,
cryptography.SDES.decrypt(cryptography.SDES.encrypt(text, keys), keys));
assertArrayEquals(oldKeys, keys);
}
assertEquals(Arrays.asList(147,218,88), result);
}
Output:
Theory:
1) Symmetric key Cryptography –
Symmetric Key Cryptography also known as Symmetric Encryption is when a secret key is
leveraged for both encryption and decryption functions. This method is the opposite of
Asymmetric Encryption where one key is used to encrypt and another is used to decrypt. During
this process, data is converted to a format that cannot be read or inspected by anyone who does not
have the secret key that was used to encrypt it.
The success of this approach depends on the strength of the random number generator that is used
to create the secret key. Symmetric Key Cryptography is widely used in today’s Internet and
primarily consists of two types of algorithms, Block and Stream. Some common encryption
algorithms include the Advanced Encryption Standard (AES) and the Data Encryption Standard
(DES). This form of encryption is traditionally much faster than Asymmetric however it requires
both the sender and the recipient of the data to have the secret key.
2) Description of S-AES –
S-AES uses the four types of transformations for encryption and decryption. The encryption
algorithm is referred to as the cipher and the decryption algorithm as the inverse cipher. S-AES is
a non-Feistel cipher, which means that each transformation or group of transformations must be
invertible. In addition, the cipher and the inverse cipher must use these operations in such a way
that they cancel each other. The round keys must also be used in the reverse order. To comply with
this requirement, the transformations occur in a different order in the cipher and the reverse cipher.
3) Algorithm –
First, the order of Sub Nibbles and Shift Rows is changed in the reverse cipher. Second, the order
of Mix Columns and Add Round Key is changed in the reverse cipher. This difference in ordering
is needed to make each transformation in the cipher aligned with its inverse in the reverse cipher.
Consequently, the decryption algorithm as a whole is the inverse of the encryption algorithm. Note
that the round keys are used in the reverse order.
The first sub-key, Key0, is in fact just the input key: Key0 = w0w1 = K
(Note: RotNib() is “rotate the nibbles”, which is equivalent to swapping the nibbles)
w3 = w2 XORw1
= 1101 1101 XOR 1111 0101
= 0010 1000
w4 = w2 XOR 0011 0000 XORSubNib(RotNib(w3))
= 1101 1101 XOR 0011 0000 XOR SubNib(1000 0010)
= 1110 1101 XOR 0110 1010
= 1000 0111
w5 = w4 XOR w3
= 1000 0111 XOR 0010 1000
= 1010 1111
Key0 = w0w1
= 0100 1010 1111 0101
Key1 = w2w3
= 1101 1101 0010 1000
Key2 = w4w5
= 1000 0111 1010 1111
Encryption
Now let’s do the encryption. There is an initial operation (Add Round Key), followed by the main
Round, followed by the final Round. (Note, the main difference in the real DES is that the main
Round is repeated many times).
Remember, the output of each operation is used as the input to the next operation, always operating
on 16-bits. The 16-bits can be viewed as a state matrix of nibbles.
Round1
Nibble Substitution (S-boxes). Each nibble in the input is used in the Encryption S-Box to generate
an output nibble.
Shift Row. Swap 2nd nibble and 4th nibble (note, in this example, it’s not so easy to see since 2nd
and 4th nibbles are the same!)
S’ = Me xS
Final Round
Decryption
Now let’s decrypt. Note that we use the same keys generated during the encryption (that is, the
decryptor would generate the round sub-keys using the input key K, using the encryption S-Box).
4) Advantages –
1. As it is implemented in both hardware and software, it is most robust security protocol.
2. It uses higher length key sizes such as 128, 192 and 256 bits for encryption. Hence it makes
AES algorithm more robust against hacking.
3. It is most common security protocol used for wide various of applications such as wireless
communication, financial transactions, e-business, encrypted data storage etc.
4. It is one of the most spread commercial and open-source solutions used all over the world.
5. No one can hack your personal information.
6. For 128 bit, about 2128 attempts are needed to break. This makes it very difficult to hack it
as a result it is very safe protocol.
5) Limitations –
1. It uses too simple algebraic structure.
Every block is always encrypted in the same way.
Hard to implement with software.
AES in counter mode is complex to implement in software taking both performance and
security into considerations.
Conclusion :
Thus, we have successfully implemented S-AES algorithm.
Code :
S_AES.py
# S boxe
sbox = [9, 4, 10, 11, 13, 1, 8, 5, 6, 2, 0, 3, 12, 14, 15, 7]
if __name__ == "__main__":
print("Enter the plaintext : ") # any length char input
x = input()
print("Enter the key : ") # char input of length 2
key = input()
if len(key) != 2:
print("BAD KEY : Should be 16 bits")
exit(0)
key = convertNumToAsciiBit(key)
keylist = keyExpansion(key)
if len(x) % 2 != 0:
x += '#' # filler - #
x = convertNumToAsciiBit(x)
x = list(map(int, x))
i=0
cipher = ""
while i < len(x) - 1:
y = getByteFromBit(x[i:i + 16])
cipher += aesEncrypt(y, keylist)
i += 16
print("Cipher text after encryption is : ")
print(cipher)
print(convertAsciiToChar(cipher))
x = list(map(int, cipher))
i=0
plaintext = ""
while i < len(x) - 1:
y = getByteFromBit(x[i:i + 16])
plaintext += aesDecrypt(y, keylist)
i += 16
print("Plain text after decryption is : ")
print(plaintext)
print(convertAsciiToChar(plaintext))
Output:
Python 3.7.2 (tags/v3.7.2:9a3ffc0492, Dec 23 2018, 22:20:52) [MSC v.1916 32 bit (Intel)] on
win32
Type "help", "copyright", "credits" or "license()" for more information.
>>>
= RESTART: C:\Users\Mihir\AppData\Local\Programs\Python\Python37-32\S_AES.py =
Theory:
1) Description of Diffie-Hellman Algorithm –
The Diffie–Hellman (DH) Algorithm is a key-exchange protocol that enables two parties
communicating over public channel to establish a mutual secret without it being transmitted over
the Internet. DH enables the two to use a public key to encrypt and decrypt their conversation or
data using symmetric cryptography.
DH is generally explained by two sample parties, Alice and Bob, initiating a dialogue. Each has a
piece of information they want to share, while preserving its secrecy. To do that they agree on a
public piece of benign information that will be mixed with their privileged information as it
travels over an insecure channel. Their secrets are mixed with the public information, or public
key, and as the secrets are exchanged the information they want to share is commingled with the
common secret. As they decipher the other’s message, they can extract the public information
and with knowledge of their own secret, deduce the new information that was carried along.
While seemingly uncomplicated in this method’s description, when long number strings are used
for private and public keys, decryption by an outside party trying to eavesdrop is mathematically
infeasible even with considerable resources.
2) Algorithm –
The algorithm in itself is very simple. Let's assume that Alice wants to establish a shared secret
with Bob.
i. Alice and Bob agree on a prime number, p, and a base, g, in advance. For our example,
let's assume that p=23 and g=5.
ii. Alice chooses a secret integer a value is 6 and computes A = g^a mod p. In this example,
A has the value of 8.
iii. Bob chooses a secret integer b whose value is 15 and computes B = g^b mod p. In this
example, B has the value of 19.
v. To obtain the shared secret, Alice computes s = B^a mod p. In this example, Alice
obtains the value of s=2
vi. To obtain the shared secret, Bob computes s = A^b mod p. In this example, Bob obtains
the value of s=2.
vii. The algorithm is secure because the values of a and b, which are required to derive s are
not transmitted across the wire at all.
3) Example –
Step 2: Alice selected a private key a = 4 and Bob selected a private key b = 3
Step 5: Alice receives public key y =16 and Bob receives public key x = 6
4) Advantages –
1. The sender and receiver have no prior knowledge of each other.
2. Communication can take place through an insecure channel.
3. Sharing of secret key is safe.
5) Limitations –
1. Lack of authentication procedure.
2. Algorithm can be used only for symmetric key exchange.
3. As there is no authentication involved, it is vulnerable to man-in-the-middle attack.
4. As it is computationally intensive, it is expensive in terms of resources and CPU
performance time.
5. Encryption of information cannot be performed with the help of this algorithm.
6. Digital signature cannot be signed using Diffie-Hellman algorithm.
Conclusion :
Thus, we have successfully implemented Diffie-Hellman Key Exchange Algorithm.
Code :
Diffie.java
import java.lang.*;
import java.lang.Math.*;
import java.util.*;
import java.io.*;
//Driver program
public static void main(String[] args)
{
double G, x, a, y, b, ka, kb, P;
Output :
Learning Objective: To Learn How to Apply RSA Algorithm to encryption and decryption of
given data.
Theory:
1) Public key Cryptography –
Public key cryptography is a class of cryptographic protocols based on algorithms. This method
of cryptography requires two separate keys, one that is private or secret, and one that is public.
Public key cryptography uses a pair of keys to encrypt and decrypt data to protect it against
unauthorized access or use. Network users receive a public and private key pair from certification
authorities. If other users want to encrypt data, they get the intended recipient’s public key from a
public directory. This key is used to encrypt the message, and to send it to the recipient. When the
message arrives, the recipient decrypts it using a private key, to which no one else has access.
Challenges - Several private key cryptography methods are a great deal faster than the public key
encryption method that currently is available. One way of overcoming this challenge with public
key cryptography is to combine it with secret key systems to offer the security advantages of the
public key system and the speed of the secret (private) key system. Another challenge associated
with public key cryptography is that it has been susceptible to attacks through spoofed or
compromised certification authorities. When these attacks take place, cyber criminals impersonate
nearly anyone by choosing a public key certificate from the compromised authority. This allows
cyber criminals to connect a public key to the name of another user.
Benefits - The increased data security provided by public key cryptography is its main benefit.
Public key cryptography remains the most secure protocol (over private key cryptography) because
users never need to transmit or reveal their private keys to anyone, which lessens the chances of
cyber criminals discovering an individual’s secret key during the transmission. Public key
cryptography also provides digital signatures that cannot be repudiated. Public key cryptography
requires each user to be responsible for protecting his private key, whereas private key systems
require users to share secret keys and perhaps even trust third parties for transmission. With the
secret key system, it is possible for senders to claim the shared secret key was compromised by
one of the parties involved in the process.
The idea of RSA is based on the fact that it is difficult to factorize a large integer. The public key
consists of two numbers where one number is multiplication of two large prime numbers. And
private key is also derived from the same two prime numbers. So if somebody can factorize the
large number, the private key is compromised. Therefore encryption strength totally lies on the
key size and if we double or triple the key size, the strength of encryption increases
exponentially. RSA keys can be typically 1024 or 2048 bits long, but experts believe that 1024
bit keys could be broken in the near future. But till now it seems to be an infeasible task.
Introduced at the time when the era of electronic email was expected to soon arise, RSA
implemented two important ideas: 1. Public-key encryption. This idea omits the need for a
“courier” to deliver keys to recipients over another secure channel before transmitting the
originally-intended message. In RSA, encryption keys are public, while the decryption keys are
not, so only the person with the correct decryption key can decipher an encrypted message.
Everyone has their own encryption and decryption keys. The keys must be made in such a way
that the decryption key may not be easily deduced from the public encryption key. 2. Digital
signatures. The receiver may need to verify that a transmitted message actually originated from
the sender (signature), and didn’t just come from there (authentication). This is done using the
sender’s decryption key, and the signature can later be verified by anyone, using the
corresponding public encryption key. Signatures therefore cannot be forged. Also, no signer can
later deny having signed the message.
This is not only useful for electronic mail, but for other electronic transactions and transmissions,
such as fund transfers. The security of the RSA algorithm has so far been validated, since no
known attempts to break it have yet been successful, mostly due to the difficulty of factoring
large numbers n = pq, where p and q are large prime numbers.
3) Algorithm –
Generating Public Key :
Select two prime no's. Suppose P = 53 and Q = 59.
Now First part of the Public key: n = P*Q = 3127.
We also need a small exponent say e:
But e must be An integer. Not be a factor of n.
1 < e <Φ(n) [Φ(n) is discussed below],
Let us now consider it to be equal to 3.
Our Public Key is made of n and e
4) Example –
Step-1: Choose two prime number p and q. Let take p = 3 and q = 11
Step-2: Compute the value of n and \phi
It is given as, n = p \times q and \phi = (p-1) \times (q-1)
Here in the example,
n = 3 \times 11 = 33
\phi = (3-1) \times (11-1) = 2 \times 10 = 20
Step-3: Find the value of e (public key)
Choose e, such that e should be co-prime. Co-prime means it should not multiply by
factors of \phi and also not divide by \phi
Factors of \phi are, 20 = 5 \times 4 = 5 \times 2 \times 2 so e should not multiply by 5 and
2 and should not divide by 20.
So, primes are 3, 7, 11, 17, 19…, as 3 and 11 are taken choose e as 7
Therefore, e = 7
Step-4: Compute the value of d (private key)
The condition is given as,
gcd(\phi, e) = \phi x +ey = 1 where y is the value of d.
To compute the value of d,
Form a table with four columns i.e., a, b, d, and k.
Initialize a = 1, b = 0, d = \phi, k = – in first row.
Initialize a = 0, b = 1, d = e, k = \frac{\phi}{e} in second row.
From the next row, apply following formulas to find the value of next a, b, d, and k,
which is given as
a_{i} = a_{i-2} - (a_{i-1} \times k_{i-1})
b_{i} = b_{i-2} - (b_{i-1} \times k_{i-1})
d_{i} = d_{i-2} - (d_{i-1} \times k_{i-1})
k_{i} = \frac{d_{i-2}}{d_{i-1}}
As soon as, d = 1, stop the process and check for the below condition
if b > \phi
b = b \mod \phi
if b < 0
b = b + \phi
A B D K
1 0 20 –
0 1 7 2
1 -2 6 1
-1 3 1 –
As in the above table d = 1, stop the process and check for the condition given for the b
\therefore b = 3
To verify that b is correct, the above condition should satisfy, i.e.
gcd(\phi, e) = \phi x + ey = (20 \times -1) + (7 \times 3) = 1. Hence d is correct.
Step-5: Do the encryption and decryption
Encryption is given as,
c = t^{e}\mod n
Decryption is given as,
t = c^{d}\mod n
For the given example, suppose t = 2, so
Encryption is c = 2^{7}\mod 33 = 29
Decryption is t = 29^{3}\mod 33 = 2
Therefore, in the final, p = 3, q = 11, \phi = 20, n = 33, e = 7 and d = 3
5) Advantages –
1. RSA is stronger than any other symmetric key algorithm.
2. RSA has overcome the weakness of symmetric algorithm i.e. authenticity and
confidentiality.
6) Limitations -
1. RSA has too much computation.
Code :
RSA1.java
import java.util.*;
import java.lang.*;
class RSA1
{
//to find gcd
public static double gcd(double a, double h)
{
double temp;
while(true)
{
temp = a%h;
if(temp==0)
return h;
a = h;
h = temp;
}
}
//public key
//e stands for encrypt
double e = 2;
//private key
//d stands for decrypt
double d;
}
}
Output :