Chapter Two

Classical Encryption Techniques

Key Points
Symmetric encryption is a form of cryptosystem in which
encryption and decryption are performed using the same key. It
is also known as conventional encryption.
Symmetric encryption transforms plaintext into ciphertext
using a secret key and an encryption algorithm. Using the same
key and a decryption algorithm, the plaintext is recovered from
the ciphertext.
The two types of attack on an encryption algorithm are
cryptanalysis, based on properties of the encryption algorithm,
and brute-force, which involves trying all possible keys.
 Cryptography (Encryption Techniques)
Terminology
 Cryptography: Schemes for encryption and decryption
 Encryption: The process by which plaintext is
converted into cipher-text.
 Decryption: Recovering plaintext from the cipher-text
 Secret key: Used to set some or all of the various
parameters used by the encryption algorithm. In a
classical (symmetric key) cryptography, the same
secret key is used for encryption and decryption
 Cryptanalysis: The study of “breaking the code”.
 Cryptology: Cryptography and cryptanalysis together
constitute the area of cryptology.
 Cryptography

Cryptography has five ingredients:

• Plaintext
• Encryption algorithm
• Secret Key
• Ciphertext
• Decryption algorithm
Security depends on the secrecy of the key, not
the secrecy of the algorithm
 Cryptography
Simplified Encryption Model:
 Cont’d
There are two requirements for secure use of conventional
encryption:
We need a strong encryption algorithm. At a minimum, we
would like the algorithm to be such that an opponent who
knows the algorithm and has access to one or more ciphertexts
would be unable to decipher the ciphertext or figure out the
key.
 Sender and receiver must have obtained copies of the secret
key in a secure fashion and must keep the key secure.
 Cryptography

Cryptography systems are characterized along

three independent dimensions:
• The type of operations used for transforming
plaintext to ciphertext: All encryption
algorithms are based on two general principles:
substitution, in which each element in the
plaintext is mapped into another element, and
transposition in which elements in the plaintext
are rearranged.
 Cont’d

• The number of keys used: If both sender and

receiver use the same key, the system is referred to as
symmetric, single-key, secret-key, or conventional
encryption. If the sender and receiver use different keys, the
system is referred to as asymmetric, two-key, or public-key
encryption.
• The way in which the plaintext is processed: A
block cipher processes the input one block of elements at a
time, producing an output block for each input block. A
stream cipher processes the input elements continuously,
producing output one element at a time, as it goes along.
 Cryptography
Description:
A sender S wanting to transmit message M to a
receiver R
To protect the message M, the sender first
encrypts it into an unintelligible message M’
After receipt of M’, R decrypts the message to
obtain M
M is called the plaintext
 What we want to encrypt

M’ is called the ciphertext

 The encrypted output
 Cryptography
Notation:

Given
P=Plaintext
C=CipherText
 k=key shared by sender and receiver
C = EK (P) Encryption
P = DK (C) Decryption
 Cryptography
Notation:

Given
P=Plaintext
C=CipherText
 k=key shared by sender and receiver
C = EK (P) Encryption
P = DK (C) Decryption
 Substitution Techniques
•The two basic building blocks of all
encryption techniques are substitution and
transposition.
•A substitution technique is one in which
the letters of plaintext are replaced by other
letters or by numbers or symbols.
 Cont’d
Caesar Cipher - early example:

Caesar Cipher: The earliest known example

of a substitution cipher in which each
character of a message is replaced by a
character three position down in the
alphabet.
Plaintext: are you ready
Ciphertext: duh brx uhdgb
 Cryptography

If we represent each letter of the alphabet

by an integer that corresponds to its
position in the alphabet:
The formula for replacing each character ‘p’ of
the plaintext with a character ‘c’ of the
ciphertext can be expressed as:
c = E3(p ) = (p + 3) mod 26
 Cryptography

A more general version of this cipher that

allows for any degree of shift:
 c = Ek(p ) = (p + k) mod 26
The formula for decryption would be
 p = Dk(c ) = (c - k) mod 26
In these formulas
 ‘k’ is the secret key. The symbols ’E’ and ’D’ stand
for Encryption and Decryption respectively, and p
and c are characters in the plain and cipher text
respectively.
 Cryptography

Properties of encryption function

It is computationally infeasible to find the key
K when given the plaintext P and associated
ciphertext C= EK (p)
It should also be computationally infeasible to
find another key K’ such that EK(p) = EK’(p).
Uniqueness.
 Playfair Cipher
It is a multiple-letter encryption cipher
which treats digrams in the plaintext
as single units and translates these
units into ciphertext digrams.
The Playfair algorithm is based on the use
of a 5 x 5 matrix of letters constructed
using a keyword.
Cont’d
 Cont’d
• In this case, the keyword is monarchy. The matrix is
constructed by filling in the letters of the keyword
(minus duplicates) from left to right and from top to
bottom, and then filling in the remainder of the matrix
with the remaining letters in alphabetic order. The
letters I and J count as one letter. Plaintext is encrypted
two letters at a time, according to the following rules:

1. Repeating plaintext letters that are in the same pair

are separated with a filler letter, such as x, so that
balloon would be treated as ba lx lo on.
 Cont’d
2.Two plaintext letters that fall in the same row of the matrix are each
replaced by the letter to the right, with the first element of the row circularly
following the last. For example, ar is encrypted as RM.

3. Two plaintext letters that fall in the same column are each replaced
by the letter beneath, with the top element of the column circularly
following the last. For example, mu is encrypted as CM.

4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in
its own row and the column occupied by the other plaintext letter. Thus, hs
becomes BP and ea becomes IM (or JM, as the encipherer wishes).
 Hill Cipher
• Another interesting multiletter cipher is the Hill
cipher, developed by the mathematician Lester Hill in
1929. The encryption algorithm takes m successive
plaintext letters and substitutes for them m ciphertext
letters. The substitution is determined by m linear
equations in which each character is assigned a
numerical value (a = 0, b = 1 ... z = 25). For m = 3, the
system can be described as follows:
Cont’d
Cont’d
 Decryption of Hill Cipher
Decryption requires using the inverse of the matrix K. The
inverse K1 of a matrix K is defined by the equation KK1 = K1K
= I, where I is the matrix that is all zeros except for ones along
the main diagonal from upper left to lower right. The inverse of
a matrix does not always exist, but when it does, it satisfies the
preceding equation. In this case, the inverse is:
 Polyalphabetic Ciphers

Another way to improve on the simple monoalphabetic

technique is to use different monoalphabetic substitutions as one
proceeds through the plaintext message. The general name for
this approach is polyalphabetic substitution cipher. All these
techniques have the following features in common:

1. A set of related monoalphabetic substitution rules is used.

2. A key determines which particular rule is chosen for a given
transformation.
 Cont’d

•The best known, and one of the simplest, such algorithm is

referred to as the Vigenère cipher. In this scheme, the set of
related monoalphabetic substitution rules consists of the 26
Caesar ciphers, with shifts of 0 through 25. Each cipher is
denoted by a key letter, which is the ciphertext letter that
substitutes for the plaintext letter a. Thus, a Caesar cipher with a
shift of 3 is denoted by the key value d.

•To aid in understanding the scheme and to aid in its use, a matrix
known as the Vigenère tableau is constructed (Table 2.32). Each of the
26 ciphers is laid out horizontally, with the key letter for each cipher
to its left. A normal alphabet for the plaintext runs across the top. The
process of encryption is simple: Given a key letter x and a plaintext
letter y, the ciphertext letter is at the intersection of the row labeled x
and the column labeled y; in this case the ciphertext is V.
Cont’d
 Cont’d

• To encrypt a message, a key is needed that is as long as

the message. Usually, the key is a repeating keyword. For
example, if the keyword is deceptive, the message "we
are discovered save yourself" is encrypted as follows:

• Decryption is equally simple. The key letter again

identifies the row. The position of the ciphertext letter in
that row determines the column, and the plaintext letter is
at the top of that column.
 Transposition Techniques
• All the techniques examined so far involve the substitution of a
ciphertext symbol for a plaintext symbol. A very different kind
of mapping is achieved by performing some sort of permutation
on the plaintext letters. This technique is referred to as a
transposition cipher.
• The simplest such cipher is the rail fence technique, in which
the plaintext is written down as a sequence of diagonals and
then read off as a sequence of rows. For example, to encipher
the message "meet me after the toga party" with a rail fence of
depth 2, we write the following:
 Cont’d

This sort of thing would be trivial to cryptanalyze. A more complex

scheme is to write the message in a rectangle, row by row, and read
the message off, column by column, but permute the order of the
columns. The order of the columns then becomes the key to the
algorithm. For example,
 Cont’d

The transposition cipher can be made significantly more

secure by performing more than one stage of
transposition. The result is a more complex permutation
that is not easily reconstructed. Thus, if the foregoing
message is reencrypted using the same algorithm,
 Steganography

• We conclude with a discussion of a technique that is, strictly

speaking, not encryption, namely, steganography.

• A plaintext message may be hidden in one of two ways. The

methods of steganography conceal the existence of the message,
whereas the methods of cryptography render the message
unintelligible to outsiders by various transformations of the text.

•
 Cont’d

Various other techniques have been used historically; some

examples are the following:
• Character marking: Selected letters of printed or typewritten
text are overwritten in pencil. The marks are ordinarily not
visible unless the paper is held at an angle to bright light.
• Invisible ink: A number of substances can be used for writing
but leave no visible trace until heat or some chemical is applied
to the paper.
• Pin punctures: Small pin punctures on selected letters are
ordinarily not visible unless the paper is held up in front of a
light.
• Typewriter correction ribbon: Used between lines typed with a
black ribbon, the results of typing with the correction tape are
visible only under a strong light.
 Cryptography

Types of attacks
The attacker has only the ciphertext and his
goal is to find the corresponding plaintext
The attacker has a ciphertext and the
corresponding plaintext and his goal is to
find the key

A good cryptosystem protects against all types

of attacks
Attackers use both Mathematics and Statistics
 Cryptography
Cryptography and Intruders
Eavesdropping (listening/spying the message)
 An intruder may try to read the message
 If it is well encrypted the intruder will not know the
content
However, just the fact the intruder knows that there
is communication may be a threat (Traffic analysis)
Modification
 Modifying a plaintext is easy, but modifying
encrypted messages is more difficult
Insertion of messages
 Inserting new message into a cipher-text is difficult
 Cryptography

Cryptography and Intruders

 Cryptography

There are two fundamentally different

cryptographic systems
Symmetric cryptosystem/ Private key
Asymmetric cryptosystem/ Public key
 Cryptography
Symmetric Cryptosystem

Also called secret-key/private-key cryptosystem

The same key is used to encrypt and decrypt a
message
 P = DK [EK (P) ]
Have been used for centuries in a variety of forms
The key has to be kept secret
The key has to be communicated using a secure
channel
They are still in use in combination with public key
cryptosystems due to some of their advantages
 Cryptography
DES - Popular Example of Symmetric Cryptosystem
In 1973, the NBS (National Bureau of Standards, now called NIST -
National Institute of Standards and Technology) published a request for
an encryption algorithm that would meet the following criteria:
have a high security level
be easily understood
not depend on the algorithm's confidentiality
be adaptable and economical
be efficient and exportable

In late 1974, IBM proposed "Lucifer", which was then modified by NSA
(National Security Agency) in 1976 to become the DES (Data Encryption
Standard). DES was approved by the NBS in 1978. The DES was
standardized by the ANSI under the name of ANSI X3.92, also known as
DEA (Data Encryption Algorithm).
 Cryptography
DES- Example of Symmetric Cryptosystem …
DES Utilizes block cipher, which means that during the
encryption process, the plaintext is broken into fixed length blocks
of 64 bits.
The key is 56 bits wide. 8-bit out of the total 64-bit block key is
used for parity check (for example, each byte has an odd number
of bits set to 1).
56-bit key gives 256 ( 7.2*1016) possible key variations

DES algorithm involves carrying out combinations, substitutions

and permutations between the text to be encrypted and the key,
while making sure the operations can be performed in both
directions (for decryption).
The combination of substitutions and permutations is called a
product cipher.
 Cryptography
DES- Example of Symmetric Cryptosystem …

DES was best suited for implementation in hardware,

probably to discourage implementations in software, which
tend to be slow by comparison during that time.
Modern computers are so fast that satisfactory software
implementations for DES are possible.
DES is the most widely used symmetric algorithm despite
claims whether 56 bits is long enough to guarantee security.
Using current technology, 56-bit key size is vulnerable to a
brute force attack.
 Cryptography
DES- Example of Symmetric Cryptosystem …
DES Encryption starts with an initial permutation (IP) of the 64
input bits. These bits are then divided into two 32-bit halves
called L and R. The encryption then proceeds through 16 rounds,
each using the L and R parts, and a subkey.
The R and subkeys are processed in the so called f-function, and
exclusive-or of the output of the f-function with the existing L
part to create the new R part. The new L part is simply a copy of
the incoming R part.
In the final round, the L and R parts are swapped once more
before the final permutation (FP) producing the output block.
Decryption is identical to encryption, except that the subkeys are
used in the opposite order. That is, subkey 16 is used in round 1,
subkey 15 is used in round 2, etc., ending with subkey 1 being
used in round 16.
 Cryptography

DES Algorithm - Overall and Detail Structure

 Cryptography
DES- Example of Symmetric Cryptosystem …

The f-function mixes the bits of the R portion using the

Subkey for the current round. First the 32-bit R value is
expanded to 48 bits using a permutation E. That value is
then exclusive-or'ed with the subkey.
The 48 bits are then divided into eight 6-bit chunks, each of
which is fed into an S-Box that mixes the bits and produces
a 4-bit output. A little bit funny operation!!
Those 4-bit outputs are combined into a 32-bit value, and
permuted once again to produce the f-function output.
 The S-Box Cryptography

If S1 is the function defined in this table and B is a block of 6 bits, then S1(B) is determined as
follows: The first and last bits of B represent in base 2 a number in the decimal range 0 to 3 (or
binary 00 to 11). Let that number be i. The middle 4 bits of B represent in base 2 a number in the
decimal range 0 to 15 (binary 0000 to 1111). Let that number be j. Look up in the table the number in
the i-th row and j-th column. It is a number in the range 0 to 15 and is uniquely represented by a 4
bit block. That block is the output S1(B) of S1 for the input B. For example, for input block B =
011011 the first bit is "0" and the last bit "1" giving 01 as the row. This is row 1. The middle four bits
are "1101". This is the binary equivalent of decimal 13, so the column is column number 13. In row
1, column 13 appears 5. This determines the output; 5 is binary 0101, so that the output is 0101.
Hence S1(011011) = 0101.
 Cryptography
DES- Algorithm, the f-function
 Cryptography
DES- Generating Subkey

To generate the subkeys, start with the 56-bit key (64 bits if
you include the parity bits). These are permuted and
divided into two halves called C and D.
For each round, C and D are each shifted left circularly one
or two bits (the number of bits depending on the round).
The 48-bit subkey is then selected from the current C and D
bits.
 Cryptography

DES- Algorithm - Key Schedule and Subkey Generation

 Cryptography
DES- Permutation principles
Initial Permutation (IP) Final Permutation(FP)

-1
IP IP
58 50 42 34 26 18 10 2 40 8 48 16 56 24 64 32
60 52 44 36 28 20 12 4 39 7 47 15 55 23 63 31
62 54 46 38 30 22 14 6 38 6 46 14 54 22 62 30
64 56 48 40 32 24 16 8 37 5 45 13 53 21 61 29
57 49 41 33 25 17 9 1 36 4 44 12 52 20 60 28
59 51 43 35 27 19 11 3 35 3 43 11 51 19 59 27
61 53 45 37 29 21 13 5 34 2 42 10 50 18 58 26
63 55 47 39 31 23 15 7 33 1 41 9 49 17 57 25
“First Bit of the output is taken from the 58th bit of the input, etc...”
 Cryptography
DES- Permutation principles
Expansion/Permutation Contraction/Permuted Choice (PC-2)

The 32-bit half-block of data is expanded Selects/Extracts the 48-bit subkey for each
to 48 bits. round from the 56-bit key-schedule state.
E PC-2

32 1 2 3 4 5 14 17 11 24 1 5

4 5 6 7 8 9 3 28 15 6 21 10

8 9 10 11 12 13 23 19 12 4 26 8

12 13 14 15 16 17 16 7 27 20 13 2

16 17 18 19 20 21 41 52 31 37 47 55

20 21 22 23 24 25 30 40 51 45 33 48

24 25 26 27 28 29 44 49 39 56 34 53

28 29 30 31 32 1 46 42 50 36 29 32
DES- Algorithm, General depiction (W. Stallings)
Cryptography
 Cryptography
DES- Single round of DES Algorithm (W. Stallings)
 Cryptography
DES- Example of Symmetric Cryptosystem …
Cracking: The most basic method of attack for any cypher is
brute force - trying every possible key in turn.
The length of the key determines the number of possible
keys, and hence the feasibility of the approach.
DES is not adequate with this regard due to its key size
In academia, various proposals for a DES-cracking machine
were advanced.
In 1977, Diffie and Hellman proposed a machine costing an
estimated US$20 million which could find a DES key in a single day.
By 1993, Wiener had proposed a key-search machine costing US$1
million which would find a key within 7 hours.
However, none of these early proposals were ever
implemented.
 Cryptography
DES- Example of Symmetric Cryptosystem …

The vulnerability of DES was practically demonstrated in

1997, where RSA Security sponsored a series of contests,
offering a $10,000 prize to the first team that broke a
message encrypted with DES for the contest. That contest
was won by the DESCHALL Project, led by Rocke Verser,
Matt Curtin, and Justin Dolske, using idle cycles of
thousands of computers across the Internet.
The feasibility of cracking DES quickly was demonstrated
in 1998 when a custom DES-cracker was built by the
Electronic Frontier Foundation (EFF), a cyberspace civil
rights group, at the cost of approximately US$250,000. Their
motivation was to show that DES was breakable in practice
as well as in theory.
 Cryptography
DES- Example of Symmetric Cryptosystem …

The EFF's US$250,000 DES

cracking machine
contained 1,856 custom
chips and could brute force
a DES key in a matter of
days - the photo shows a
DES Cracker circuit board
fitted with several Deep
Crack chips.
 Cryptography
DES- Example of Symmetric Cryptosystem …

A variant of DES, Triple DES (3-DES), provides enhanced security by executing

the core algorithm three times in a row.
With triple length key of three 56-bit keys K1, K2 & K3, encryption is:
 Encrypt with K1
 Decrypt with K2
 Encrypt with K3
Decryption is the reverse process:
 Decrypt with K3
 Encrypt with K2
 Decrypt with K1

Setting K3 equal to K1 in these processes gives us a double length key K1, K2.
Setting K1, K2 and K3 all equal to K has the same effect as using a single-length
(56-bit key).
Thus it is possible for a system using triple-DES to be compatible with a system
using single-DES.
 Cryptography

Click for
DES Preliminary
Examples
 Cryptography
Asymmetric/Public key/ Cryptosystem
Also called public-key cryptosystem
 keys for encryption and decryption are different but form a unique pair
 P = DKD [EKE (P) ]
 Only one of the keys need to be private while the other can be public
Invented by Diffie and Hellman in 1976

Uses Mathematical functions whose inverse is not known by

Mathematicians of the day
It is a revolutionary concept since it avoids the need of using a
secure channel to communicate the key
It has made cryptography available for the general public and made
many of today’s on-line application feasible
 Cryptography
Public-key Cryptosystem
Which one of the encryption or decryption key is
made public depends on the use of the key
 If Hana wants to send a confidential message to
Ahmed
 She encrypts the message using Ahmed’s public key
 Send the message
 Ahmed will then decode it using his own private key
 On the other hand, if Ahmed needs to make sure that
a message sent by Hana really comes from her, how
can he make that?
 Cryptography
Public-key Cryptosystem

Using digital signature

 Hana has to first encrypt a digital signature using her
private key
 Then encrypt the message (signature included) with
Ahmed’s public key
 Sends the encrypted message to Ahmed
 Ahmed decrypts the message using his private key
 Ahmed then decrypts the signature using Hana’s
public key
 If successful, he insures that it comes from Hana
 Cryptography
Public-key Cryptosystem: Example RSA
RSA is from R. Rivesh, A. Shamir and L. Aldermen
Principle: No mathematical method is yet known to efficiently
find the prime factors of large numbers
In RSA, the private and public keys are constructed from very
large prime numbers (consisting of hundred of decimal digits)
One of the keys can be made public

Breaking RSA is equivalent to finding the prime factors: this is

know to be computationally infeasible
It is only the person who has produced the keys from the prime
number who can easily decrypt the messages
 Cryptography
Public-key Cryptosystem: Average time required
for exhaustive key search

Key Size Number of Time required at

(bits) Alternative Keys 106 Decryption/µs
32 232 = 4.3 x 109 2.15 milliseconds
56 256 = 7.2 x 1016 10 hours
128 2128 = 3.4 x 1038 5.4 x 1018 years
168 2168 = 3.7 x 1050 5.9 x 1030 years
 Cryptography
Public-key Cryptosystem

Summary
 A pair of keys (private, public)
 If you have the private key, you can easily
decrypt what is encrypted by the public key
 Otherwise, it is computationally infeasible to
decrypt what has been encrypted by the
public key
 Cryptography
Hash functions

One application of cryptography in distributed

systems is the use of hash functions
A hash function H takes a message m of arbitrary
length and produces a bit string h, h= H (m)
When the hash value h is sent with the message m,
it enables to determine whether m has been
modified or not
It is similar to cyclic-redundancy check (CRC) and
Check sum
 Cryptography
Hash functions

Properties of hash functions

 One-way function: It is computationally
infeasible to find m that corresponds to a known
output of h
 Collision resistance
 Weak-collision resistance: It is computationally
infeasible, given m and H, to find m’ ≠ m such that
H(m) = H(m’)
 Strong-collision resistance: Given H, it is
computationally infeasible to find any two different
input values m and m’, such that H(m) = H(m’)
 Cryptography
RSA- Example of Public-Key Cryptosystem
The RSA algorithm
 Used both for public key encryption and digital
signatures.
 Security is based on the difficulty of factoring large
integers.

Major Activities
 Key Generation (Algorithm)
 Encryption
 Digital signing
 Decryption
 Signature verification
 Cryptography
RSA- Key Generating Algorithm
1. Choose/generate two distinct prime numbers p and q.
2. Compute n = pq.
3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function.
4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1,
(coprimes).
5. Determine d = e–1 mod φ(n); i.e. d is the multiplicative inverse of e
mod φ(n). This is often computed using the extended Euclidean
algorithm.

Result:
 Keep all the values d, p, q and φ secret
 n is known as the modulus for both the public and private keys
 e is known as the public key exponent or encryption exponent
 d is known as the private key exponent or decryption exponent.
 Cryptography
RSA- Encryption
Sender A does the following
 Obtains the recipient B's public key (n, e)
 Represents the plaintext message as a positive integer m
 Computes the cipher-text c = me mod n
 Sends the cipher-text c to B

RSA- Decryption
Recipient B does the following
 Uses his private key (n, d) to compute m = cd mod n
 Extracts the plaintext from the message representative m
 Cryptography
RSA- Key Generation Simple Example
1. Select primes p=11, q=3.
2. n = pq = 11*3 = 33
phi = (p-1)(q-1) = 10*2 = 20
3. Choose e=3
Check gcd(e, p-1) = gcd(3, 10) = 1 (i.e. 3 and 10 are relatively prime -
have no common factors except 1) and check gcd(e, q-1) = gcd(3, 2) = 1,
therefore gcd(e, phi) = gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1
4. Compute d (1<d<phi) such that d = e-1 mod phi = 3-1 mod 20
i.e. find a value for d such that phi divides ed-1 (20 divides 3d-1.)
Simple testing (d = 2, 3 ...) gives d = 7
Check: ed-1 = 3*7 - 1 = 20, which is divisible by phi (20).
5. Public key = (n, e) = (33, 3)
Private key = (n, d) = (33, 7).
 Cryptography
Given: Public key = (n, e) = (33, 3)
Private key = (n, d) = (33, 7)
How do we encrypt and decrypt?

RSA- Encryption Example

Now say we want to encrypt the message m = 7
 c = me mod n = 73 mod 33 = 343 mod 33 = 13
 Hence the ciphertext c = 13

RSA- Decryption Example

To check decryption we compute
 m = cd mod n = 137 mod 33 = 7
 Cryptography
RSA- More Meaningful Example
Message: ATTACKxATxSEVEN
Grouping the characters into blocks of three and
computing a message representative integer for each block:
 ATT ACK XAT XSE VEN
 In the same way that a decimal number can be represented as the
sum of powers of ten, e.g. 135 = 1 x 102 + 3 x 101 + 5, we could
represent our blocks of three characters in base 26 using A=0, B=1,
C=2, ..., Z=25
ATT = 0 x 262 + 19 x 261 + 19 = 513
ACK = 0 x 262 + 2 x 261 + 10 = 62
XAT = 23 x 262 + 0 x 261 + 19 = 15567
XSE = 23 x 262 + 18 x 261 + 4 = 16020
VEN = 21 x 262 + 4 x 261 + 13 = 14313
 Cryptography
RSA- More Meaningful Example – Key Generation
1. We "generate" primes p=137 and q=131 (we cheat by
looking for suitable primes around √n)
2. n = pq = 137*131 = 17,947
phi = (p-1)(q-1) = 136*130 = 17680
3. Select e = 3
check gcd(e, p-1) = gcd(3, 136) = 1, OK and
check gcd(e, q-1) = gcd(3, 130) = 1, OK.
4. Compute d = e-1 mod phi = 3-1 mod 17680 = 11787.
 d = e-1 mod phi , i.e. phi divides (ed-1)
5. Hence
 public key, (n, e) = (17947, 3) and
 private key (n, d) = (17947, 11787).
 Cryptography
Using:
Public key = (n, e) = (17947, 3)
Private key = (n, d) = (17947, 11787)

RSA- More Meaningful Example – Encryption/Decryption

To encrypt the first integer that represents "ATT“ (513),
we have
 c = me mod n = 5133 mod 17947 = 8363
We can verify that our private key is valid by decrypting
 m = cd mod n = 836311787 mod 17947 = 513

Overall, our plaintext is represented by the set of integers m

 (513, 62, 15567, 16020, 14313)
 We compute corresponding cipher text integers c = me mod n
 (8363, 5017, 11884, 9546, 13366)
 Cryptography
Another worked example
• The parameters used here are artificially small, but one can also use OpenSSL
to generate and examine a real keypair.
• Choose two distinct prime numbers, such as p = 61 and q = 53.
• Compute n = pq giving n = 61 · 53 = 3233.
• Compute the totient of the product as φ(n) = (p − 1)(q − 1) giving φ(3233) = (61
− 1)(53 − 1) = 3120.
• Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime
number for e leaves us only to check that e is not a divisor of 3120. Let e = 17.
• Compute d, the modular multiplicative inverse of yielding d = 2753.
------
• The public key is (n = 3233, e = 17). For a padded plaintext message m, the
encryption function is m17 (mod 3233).
• The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the
decryption function is c2753 (mod 3233).
• For instance, in order to encrypt m = 65, we calculate c = 6517 (mod 3233) =
2790. To decrypt c = 2790, we calculate m = 27902753 (mod 3233) = 65. Both of
these calculations can be computed efficiently using the square-and-multiply
algorithm for modular exponentiation.
• In real life situations the primes selected would be much larger;
 Cryptography
Digital Signature
 Cryptography
Digital Signature for Message Integrity and Confidentiality

Confidentiality insures that messages cannot be

intercepted and read by eavesdroppers
Message integrity insures that messages are protected
against modification

Principles of Digital Signature

 User A signs digitally a message m using “backward”
cryptographic hash of the message m with the private
key of A and attach it to the message m.
 Anybody can then decrypt A’s digital signature using
A’s public key and compare it with the cryptographic
hash of the message m to verify that m was signed by
A and m was not altered.
 Cryptography
Digital Signature for Assurance
Consider the situation where Bob has just sold Alice something for
500 Birr through a deal that is made by E-mail
Alice sends an E-mail accepting to pay 500 Birr

Two issues need to be taken care of in addition to

authentication
 Alice needs to be assured that Bob will not modify the amount and
show that Alice promised to pay more than 500 Birr
 Bob needs to be assured that Alice will not deny that she sends the
message
If Alice signs the message digitally, the two issues will be solved
There are several ways to place digital signatures
One popular way is to use public-key cryptosystem such as RSA
 Cryptography
Digital Signature Using Public Key Cryptosystem
Notation: KX- : Private key of X
KX+ : Public key of X

When Alice sends her message m to Bob, she

encrypts it with her private key KA-(m)

If she wants to keep the message content a

secret, she can use Bob’s public key and send
KB+(m, KA-(m))

Alice is protected against modification by Bob

since if Bob produces m’, he has to find KA-(m’)
 Cryptography
Digital Signature Using Public Key Cryptosystem …
 Cryptography
Digital Signature Using Message Digest

Hash/Message Digest: Short “signature” of the

message, 128–512 bits, that depend on entire message
It is extremely improbable that unequal messages have
same hash
Example: MD5 (Message Digest version 5)
H = H (m) is sent along m, where H is a cryptographic
hash function
KA-(H(m)) (or KB+(m, KA-(H(m)))) is sent so that Bob
knows that it comes from Alice by decrypting it
Bob hashes the message m and compares it with H that
he has received from Alice
 Cryptography
Digital Signature Using Message Digest …
 Cryptography
Digital Signature and RSA
Sender A does the following
 Creates a message digest of the information to be sent
 Represents this digest as an integer m
 Uses her private key (n, d) to compute the signature
s = md mod n.
 Sends this signature s to the recipient B.

Signature Verification
Recipient B does the following
 Uses sender A's public key (n, e) to compute integer v = se mod n
 Extracts the message digest from this integer
 Independently computes the message digest of the information that has
been signed
 If both message digests are identical, the signature is valid
 Cryptography
Key Distribution: Verifying Someone’s Public Key
Even with public-key cryptosystems and digital
signatures, we still have the problem of authentication:
binding users to keys.
Early days articles envisioned phonebook-like database
with Name and Public Key entries.

Problem: How secure is that database itself ?

Attacker can put in his own key for someone else, and
start signing fake contracts (and even checks!).
Maybe we can secure the phonebook, but then it kills the
idea of keys widely and easily available (publicly) .
 Cryptography
Key Distribution: Problems

Distribution of a key is a difficult matter!

For a symmetric cryptosystem, the initial key must

be communicated along a secured channel(?)

For public key, we need a body that certifies the

public key is that of the party we need to
communicate with

Solution: Certification/Certificate Authority (CA)

that signs (certifies) the public key
 Cryptography
Certification
The critical thing is that the name in the certificate must match the
alleged name.
Common solution to public key distribution today is to have trusted
third party to sign the user’s public encryption key.

A certificate is a public key and some naming “stuff ”, digitally signed

by someone you trust (third party) - Certification Authority (CA).
Remark: Just because they are CAs doesn’t mean you should trust them.

Resulting certificate will contain information like user’s name/ID,

user’s public key, name of CA, start date of certificate, and length of
time it is valid.
User publishes certificate with the X.509 standard (for formatting
certificates).
 Cryptography
Certification - Associated Overheads

An important issue is the longevity of certificates

Lifelong certificates are not feasible

Therefore, we need a way to revoke certificates

 Certificate Revocation List (CRL) published regularly
 Problems
 Vulnerability between the publishing and the request for
revocation
 Restricting the lifetime of a certificate
 A client contacts the certification authority for each public key,
checks whether it is valid or not
 Cryptography
Applications – Electronic Payment

Payment systems - based on direct payment

a) Paying in cash.
b) Using a check.
c) Using a credit card.
 Cryptography
Applications – Electronic Payment …

Payment systems based on money transfer between banks.

a) Payment by money order.
b) Payment through debit order.
 Cryptography
Applications – Security in Electronic Payment
General requirements
 In cash based systems (using ATM), the main issue is
authentication
 Use of magnetic card
 PIN

 Digital money
 Protection against fraud
 It should not be possible to use the money more than once
 It should not be possible to use forged money

 Credit card or check based system

 No tampering/alteration
 Protection against repudiation (the buyer denies having made
the order)
 Cryptography
Applications – Electronic Cash (E-Cash)

There are a number of electronic payment systems

based on the concept of digital coins
E-cash is one of the most famous
 Achieves anonymity in the payment system
 When Alice wants to buy some goods from Bob she
contacts her bank and requests for withdrawal
 The Bank hands out the digital money in the form of
signed notes representing some value with each having a
uniquely associated signature
 Cryptography
Applications – Electronic Cash (E-Cash) …

To prevent the notes to be copied each note has a

serial number
Bob can check that it is not a forged money by
looking at the bank’s signature
Bob can check that the money has not already
been spent by contacting the bank
The drawback of this system is that the bank has
to remember the serial numbers that have been
spent or not
 Cryptography
Applications – Secure Electronic Transaction (SET)

SET is the result of efforts by VISA, Mastercard, etc.

to develop a standard way of purchasing goods over a
network using a credit card
SET is an open standard: entire protocol is published

Dual signature is used in order to avoid

 The merchant from knowing the detail of the payment
information
 The Bank from knowing about the order information
 Cryptography
The concept of session keys after authentication

During the establishment of a secure channel, after the

authentication phase, the communicating parties use
session/temporary keys
Benefits
 The session key is safely discarded when the channel is no longer
used
 When a key is used very often it becomes vulnerable. Thus by
using the main key less often, we make them vulnerable
 Replay attacks can be avoided
Authentication keys are often expensive to replace
Such a combination of long-lasting and cheaper/more
temporary session keys is a good choice
 Cryptography
Summary

Advantage of private/secret key cryptography is that

it provides better secrecy but needs prearranged key
exchange.

Advantage of public-key cryptography is that it

allows for secrecy between two parties who have not
arranged in advance to have a shared key (or trusted
some third party to give it to them) and the
disadvantage is overhead and speed.
Therefore, in practice, hybrid systems use public-key
to establish session key for private key !!