Professional Documents
Culture Documents
CNS Unit-3
CNS Unit-3
CNS Unit-3
(Autonomous)
Dakamarri, Visakhapatnam – 531162
Approved by AICTE
Accredited by NBA
Accredited by NAAC with 'A' Grade
Affiliated to JNTU-Kakinada
IV B.Tech - I Semester
CRYPTOGRAPHY AND NETWORK SECURITY
1
Q2. What are relative prime numbers and explain with suitable examples?
Relatively Prime Numbers: Two numbers are called relatively prime if the
greatest common divisor (GCD) of these numbers is 1. The numbers 8 and 15
are relatively prime number in respect to each other. The factors of 8 are
1,2,4,8 and the factors of 15 are 1, 3, 5, and 15.Examples of relative prime
numbers are (10, 21), (14, 15), (45, 91).
The greatest common divisor (GCD) of two numbers can be determined by
comparing their prime factors and selecting the least powers of the factor. For
example, two numbers are 81 and 99.
The factors of these numbers are
81= 1*9*9 = 1*3*3*3*3 = 1*34
99= 1*3*33 = 1*3*3*11 – 1* 32 *11
The GCD is the least power of a number in the factors,
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
2
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
3
Properties:
1. Addition of modular numbers
The addition of two numbers p and q with same modular base n is
(p mod n + q mod n) mod n = ( p + q ) mod n
For example,
(15 mod 9) + (17 mod 9) = (15 mod 9 + 17 mod 9) mod 9
= ( 6 + 8 ) mod 9
= 14 mod 9 = 5
OR
15 mod 9 + 17 mod 9 = ( 15 + 17 ) mod 9
= (32) mod 9 = 5
2. Subtraction of modular number
The subtraction of two numbers p and q with same modular base n is
( p mod n – q mod n) mod n = (p – q) mod n
For example
17 mod 9 – 15 mod 9 = ( 17 mod 9 – 15 mod 9) mod 9
= ( 8 – 6) mod 9
= 2 mod 9 = 2
OR
15 mod 9 – 15 mod 9 = (17 – 15) mod 9
= 2 mod 9 = 2
3. Multiplication of modular number
The multiplication of two numbers p and q with same modular base n is
( p mod n * q mod n ) mod n = ( p * q ) mod n
For example
17 mod 9 * 15 mod 9 = (17 mod 9 * 15 mod 9) mod 9
= (8 * 6) mod 9
= 48 mod 9 = 3
OR
17 mod 9 * 15 mod 9 = (7 * 15) mod 9
= 255 mod 9 = 3
a pq
4. m mod n = m mod n where a = p*q
= (mp mod n)q mod n
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
4
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
5
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
6
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
7
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
8
x ak (mod mk):
Then there exists exactly one x Zm satisfying this system.
Proof that a solution exists: To keep the notation simpler, we will assume k =
4. Note the proof is constructive, i.e., it shows us how to actually construct a
solution.
Our simultaneous congruences are
x ≡a1 (mod m1), x ≡a2 (mod m2), x≡a3 (mod m3), x≡a4 (mod m4). Our goal is
to find integers w1, w2, w3, w4 such that:
Once we have found w1, w2, w3, w4, it is easy to construct x: x = a1w1
+ a2w2 + a3w3 + a4w4.
Moreover, as long as the moduli (m1, m2, m3, m 4) remain the same, we can use
the same w1, w2, w3, w4 with any a1, a2, a3, a4.
First define: z1 = m / m1 = m2m3m4 z2 = m / m2 = m1m3m4, z3 = m / m3 =
m1m2m4 z4 = m / m4 = m1m2m3
Note that
i) z1≡0 (mod mj) for j = 2, 3, 4.
ii) gcd( z1, m1) = 1. (If a prime p dividing m1 also divides
and likewise for z2, z3, z4. z1= m2m3m4, then p divides m2, m3, or m4.)
Next define: y1 ≡z1–1 (mod m1)
y2 ≡z2–1 (mod m2) y3≡z3–1 (mod m3) y4≡z4–1 (modm4)
The inverses exist by (ii) above, and we can find them by Euclid’s extended
algorithm. Note that
iii) y1z1≡ 0 (mod mj) for j = 2, 3, 4. (Recall z1 ≡0 (mod mj) ) iv) y1z1≡1 (mod m1)
and likewise for y2z2, y3z3, y4z4.
Lastly define: w1 ≡y1z1 (mod m) w2≡y2z2 (mod m)
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
9
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
10
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
11
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
12
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
13
1. Plaintext: This is the readable message or data that is fed into the algorithm
as input.
2. Encryption algorithm: The encryption algorithm performs various
transformations on the plaintext. This encrypts plain text using public key of
receiver (as in figure 1) or using private key of the sender (as in figure 2)
3. Public and private keys: This is a pair of keys that have been selected so
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
14
that if one is used for encryption, the other is used for decryption. The
exact transformations performed by the algorithm depend on the public or
private key that is provided as input. In figure 1, encryption is done using
public key and decryption using private key, whereas in figure 2, encryption
is done using private key and decryption using public key.
4. Cipher text: This is the scrambled message produced as output. It depends
on the plaintext and the key. For a given message, two different keys will
produce two different cipher texts.
5. Decryption algorithm: This algorithm accepts the cipher text and the
matching key and produces the original plaintext. In figure 1, decryption
algorithm uses private key, whereas in figure 2, decryption is done using
public key.
The essential steps are the following:
1. Each user generates a pair of keys to be used for the encryption
and decryption of messages.
2. Each user places one of the two keys in a public register or other
accessible file. This is the public key. The companion key is kept
private. As figures 1 and 2 suggest, each user maintains a collection
of public keys obtained from others.
3. If Bob wishes to send a confidential message to Alice, Bob encrypts
the message using Alice’s public key (figure.1).Or Bob uses his
private key to encrypt the plain text (figure 2).
4. When Alice receives the message, she decrypts it using her private key (figure
1). No other recipient can decrypt the message because only Alice knows
Alice’s private key. Or Alice uses public key of Bob (figure 2). With this
approach, all participants have access to public keys, and private keys are
generated locally by each participant and therefore they never be distributed.
As long as a user’s private key remains protected and secret, incoming
communication is secure. At any time, a system can change its private key and
publish the companion public key to replace its old public key.
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
15
Class work:
1. Explain about public key encryption and decryption algorithms.
Home work:
1. Differentiate Conventional encryption and public key encryption
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
16
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
17
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
18
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
19
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
20
certificate too.
iii. Key exchange
We can use Asymmetric Key Cryptography for Key exchange. I.e. the session
key can be transmitted using Asymmetric Key Cryptography.
iv. Time Stamping
Time stamping is a technique that can certify that a certain electronic
document was delivered at a certain time. Time stamping uses the blind
signature scheme encryption model. Blind signature schemes allow the sender
to get a message receipted by another party without revealing any information
about the message to the other party.
Time stamping is working alike to sending a registered letter through the
ordinary mail, but with additional level of proof etc recipient received a specific
document. Following applications include patent applications, copyright
archives, and contracts.
v. Electronic Money
Electronic money is also called electronic cash or digital cash. It is still evolving.
The transaction carried out electronically with a net transfer of funds from one
party to another. It may be either debit or credit and can be either anonymous
or identified. Anonymous applications work on blind signature schemes.
Anonymous schemes are the electronic analog of cash, while identified
schemes are the electronic analog of a debit or credit card.
Encryption is used for conventional transaction data in electronic money
schemes like account numbers and transaction amounts. Digital signatures can
replace handwritten signatures and public-key encryption can provide
confidentiality. There are several systems of this range of applications, from
transactions mimicking conventional paper transactions with values of several
dollars and up. The various micropayment schemes that consignment
extremely low cost transactions into amounts that will bear the overhead of
encryption and clearing the bank.
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
21
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
22
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
23
Encryption algorithm:
Consider the device A that needs to send a message to B securely.
A can be use algorithm to encrypt the plaintext (m) message into ciphertext
(C) message
In encryption the size of the plaintext (m) message must be less than n, which
means that if the size of the plaintext is longer than n, it should be dived into
blocks.
Let e be B’s public key. Since e is public, A has access to e for encrypt the
message.
Calculate the ciphertext C
Cipher text C = me mod n, where n is the moduls. Where m is a
plaintext and e is public key .Return the ciphertext C.
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
24
Decryption algorithm:
B can be use algorithm to decrypt the ciphertext (C ) message into plainyext
(m).
The size of the ciphertext is always less than then n
Let C be the cipher text received from A.
Calculate plaintext Message m = Cd mod n, where d is B’s private key and n
is the modulus.
Return the plaintext m.
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
25
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
26
encrypted messages and forge signatures even without knowing the private
key. This attack is not known to be equivalent to factoring. No methods are
currently known that attempt to break RSA in this way.
Public Key Cryptography solves the problem of Key Distribution and verification
of Messages from the sender which exists in Symmetric Key Ciphers. But the
most of the algorithms (e.g. RSA) are slow as compared to DES and other
Symmetric Ciphers. Thus Public Key Cryptography is most suitable for
transmission of smaller messages (e.g. exchange of Session Keys).
Class work:
1. Explain the RSA algorithm. Compute cipher text for M=88, p=17 and q=11.
Home work:
1. Explain RSA algorithm with an example.
Important and previous JNTUK examination questions:
1. Explain RSA algorithm [8M][Set-1, NOV - 2014]
2. In public key system using RSA, you intercept the cipher text C=10 sent to user
whose public key is e=5, n=35. What is the plaintext M? [8M][Set-3, Dec-2014]
3. In detail explain different possible approaches for attacking RSA algorithm [8M]
[Set-3, Mar-2015]
Q1. Explain about Diffie Hellman Key Exchange with suitable example?
Diffie-Hellman Key Exchange is the first Public Key Algorithm published by
Whitefield diffie and martin Hellman in 1976.
It is a first published public key agreement algorithm, it is used in many
commercial products
Diffie-Hellman is a key agreement algorithm that helps two devices to agree
on a shared secret between them with out the need to exchange any
secret/private information.
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
27
It is a Public Key Algorithm Only for Key Exchange, it Does NOT Encrypt or
Decrypt
The DH standard is specified RFC 2631.
In this Diffie-Hellman is a key agreement algorithm the two parties create a
symmetric session key with out need of KDC. Thus allows two parties that
have prior knowledge of each other to jointly establish a shared secret key
over an insecure communication channel.
Diffie-Hellman key agreement is widely used in Security Protocols (used in
the IKE component of theIPSec protocol suite), for securing internet
protocol communications.
Key agreement:
For establishing shared secret between two devices A and B, both devices
(parties) agree on large public constants p and g. Where p is a prime
number and g is the generator less than p. these two do not need to be
confidential they can be sent through the internet, they can be public.
1) A chooses a large random X, such that 0<= X <= p-1 and calculates R1 = gx
mod p
2) Next the A sends R1 to B. note that A does not send the value of X, it sends
only the R1.
3) B choose another large random number Y, such that 0<= Y <= p-1 and
calculates
R2 = gy mod p.
4) Now the B sends R2 to A. note that B does not send the value of Y, it sends
only the R2.
5) next The end A computes the K value.
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
28
where K= (R2 )x mod P = (gy mod p)x mod P that is equal to gyx mod p.
6) next The end B computes the K value.where K= (R1 )y mod P = (gx mod p)y mod
p that is equal to gxy mod p. Now the A and B have shared same key values
( K ),because
gxy mod p= gyx mod p.( note that the x and y are kept secret). Means
now the key k is created and distributed in to both ends.
Example
A and B agree to use a prime number p=23 and base g=5.
1) A chooses a secret integer x=6 and calculated R1 = gx mod p = 56 mod 23
= 15625 mod 23=8.
2) next A sends R1 = 8 to B. note that A does not send the value of X, it sends
only the R1.
3) B chooses a secret integer y=15, then calculated R2 = gy mod p = 515 mod 23
= 30517578125mod 23 = 19.
4) next B sends R2 = 19 to A. note that B does not send the value of Y, it sends
only the R2.
5) A calculate key K value where K= (R2 )x mod P.
K= 196 mod 23 = 47045881 mod23 =2
6) B calculate key K value where K= (R1 )y mod P.
K= 815 mod 23 =35184372088832 mod 23=2
Now the A and B have shared same key values ( K ),
because gxy mod p= gyx mod p.( note that the x and y are kept secret). Means
now the key k is created and distributed in to both ends
Man-in-middle-attack:
The above method has another weakness. The unauthorized entity does
not have to find the vale of X and Y to attack the protocol. Unauthorized
entity can fool A and B be creating two keys:
One between herself and A, and another between herself and B
1) A choose X, calculate R1 = gx mod p and sends R1 to B.
2) An unauthorized entity, intercepts R1, she choose z, calculates R3 = g z mod p,
and sends R3 to A .
R1 is intercepted by unauthorized entity and never reach to B.
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
29
Class work:
1. Give any one example for Diffie-Hellman Key exchange?
Home work:
1. Discuss Diffie –Hellman Key exchange protocols in detail
Important and previous JNTUK examination questions:
1. Explain Diffie- Hellman key exchange algorithm. [8M][Set-3, NOV - 2014]
Q1. Explain about Elgamal encryption & decryption with suitable examples?
In 1984, T. Elgamal announced a public-key scheme based on discrete logarithms,
closely related to the Diffie-Hellman technique. The ElGamal cryptosystem is
used in some form in a number of standards including the digital signature
standard (DSS).
El_Gamal is a public-key cryptosystem technique was designed by Dr.
Taher Elgamal.
El_Gamal depends on the one way function, means that the encryption
and decryption are done in separate functions.
The encryption process requires two modular exponentiations (extra time).
A disadvantage of El_Gamal encryption is that there is message expansion
by a factor of 2. That is, the ciphertext is twice as long as the corresponding
plaintext.
Receiver A must do the following:
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
30
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
31
sol:
Ø= p-1 = 40 , factors of 40 = {2 , 2 , 2, 5}
q1 = 21 = 2 ,q2 = 22 = 4,q3 = 23 = 8
q4 = 5
w1 = 240/2 mod 41 = 0.98 <> 1
w2 = 240/4 mod 41 = 40 <> 1
w2 = 240/8 mod 41 = 32 <> 1
w2 = 240/5 mod 41 = 10 <> 1
i.e a generator number
Encryption:
Sender B must do the following :
1- Obtain the public key (p , a , d ) from
the receiver A.
2- Choose an integer k such that :
1 < k < p-2
3- Represent the plaintext as an integer m where 0 < m < p-1
4- compute (y) as follows :
y = ak mod p
5- compute (z) as follows :
z = (dk * m ) mod p
6- Find the ciphertext (C) as follows :
C= ( y , z )
7- The sender B send C to The receiver A .
Decryption:
Receiver A must do the following :
1- Obtain the ciphertext (C) from B .
2- compute (r) as follows :
r = yp-1-x mod p
3- Recover the plaintext as follows:
m = ( r * z ) mod p
Example:
Let p = 11 and a generator number = 2
and select integer number x = 5
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
32
calculate d = 25 mod 11 = 10
Then
public key = ( 11 , 2 , 10)
private key = (5)
Plaintext = Age
Represent the plaintext as integer value as follows:
The new plaintext = ( 1 7 5 )
Encryption (sender):
y = ak mod p , z = (dk * m ) mod p
Choose an random integer value k = 6
yA = 26 mod 11 = 9
zA = (106*1) mod 11 = 1
Choose an random integer value k = 4
yg = 24 mod 11 = 5
zg = (104*7) mod 11 = 7
Choose an random integer value k = 7
ye = 27 mod 11 = 7
ze = (107*5) mod 11 = 6
Ciphertext = (9,1) (5,7) (7,6)
The sender B send the ciphertext to the receiver A.
The receiver decrypt the ciphertext as follows :
Compute (r) and (m) where
r = yp-1-x mod p , m = ( r * z ) mod p
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
33
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III
34
Raghu Engineering College Dept. of CSE Cryptography and Network Security Unit III