Professional Documents
Culture Documents
Chapter 2 Cryptography
Chapter 2 Cryptography
Cryptography
Er. Shankar Bhattarai, MScEng (IoE,TU)
Cryptography
• The word ‘cryptography’ was coined by combining two Greek words,
‘Krypto’ meaning hidden and ‘graphene’ meaning writing.
• Cryptography (crypto)– study of how to mathematically encode &
decode messages.
• The art and science of concealing the messages to introduce secrecy
in information security is recognized as cryptography.
• Cryptography is the science of writing in secret code and is an ancient
art; the first documented use of cryptography in writing dates back to
circa 1900 B.C.
Cryptography
• Some experts argue that cryptography appeared spontaneously
sometime after writing was invented, with applications ranging from
diplomatic missives to war-time battle plans.
• It provides more efficient way of security by encrypting our data.
• It allows the sender and receiver to communicate more securely.
Cryptanalysis
The art and science of breaking the cipher text is known as
cryptanalysis.
History of Cryptography
History of Cryptography
History of Cryptography
Types of Cryptography
Symmetric encryption
Symmetric key cryptography has following properties:
1) The encryption key is trivially related to the decryption key, in that they may
be identical or there is a simple transformation to go between the two keys.
2) The keys, in practice, represent a shared secret between two or more parties
that can be used to maintain a private information link
3) A secret key, which can be a number, a word, or just a string of random
letters, is applied to the text of a message to change the content in a particular
way
Other terms for symmetric-key encryption are secret-key, single-key,
sharedkey, one-key, and private-key encryption
Symmetric encryption
Symmetric key systems are cryptosystems where the same key is used for both
encryption and decryption. This class of cryptosystems is important in modern
cryptography because, in general, symmetric key cryptosystems are much faster
than public key cryptosystems.
Symmetric encryption scheme has five components:
i) Plaintext
ii) Encryption algorithm
iii) Secret Key
iv) Ciphertext
v) Decryption Algorithm
Symmetric Cryptography
Classification of symmetric key cryptography:
• Stream Cipher
A stream cipher is a symmetric key cipher where plaintext digits are
combined with a pseudorandom cipher digit stream (keystream). Example :
RC4, A5/1, BLOWFISH, etc.
The encryption code can be cracked if someone finds
Out the symmetric key. But this problem can be overcome with the
Diffie-Hellman algorithm. In the Diffie-Hellman key exchange or
Agreement algorithm, the sender and receiver must agree on a
Symmetric key using this technique. This key can then be used for
An encryption or decryption purpose.
Symmetric Cryptography
• Block Cipher
Block ciphers in general process the plaintext in relatively large
blocks at a time. The encryption function is the same for every
block.
Blocks of bits (e.g. 256) encrypted at a time
Examples of several algorithms:
• Data Encryption Standard (DES)
• Triple DES
• Advanced Encryption Standard (AES)
Stream Cipher
SOME IMPORTANT STREAM CIPHER:
RC4 (RIVEST CIPHER 4)
A5/1
RIVEST CIPHER(RC4)
• RC4 is a very popular cipher from RSA Data Security, Inc.
• It was designed by Ron Rivest of M.I.T. It is a trade secret of RSA, but was
leaked to a number of mailing lists and newsgroups in the early-mid 90’s.
• RC4 is used in a number of applications currently. One of its most
important uses is in SSL (also known as TLS), which is used to secure most
of the worlds electronic commerce over the world wide web.
• It is also used in WEP, the IEEE 802.11 wireless networking security
standard.
• It can also be found in a number of other applications including email
encryption products.
RC4
• RC4 is a binary additive stream cipher. It uses a variable sized key that can
range between 8 and 2048 bits in multiples of 8 bits (1 byte).
• This means that the core of the algorithm consists of a keystream
generator function. This function generates a sequence of bits that are
then combined with the plaintext with XOR.
• Decryption consists of re-generating this keystream and XOR'ing it to the
ciphertext, undoing it.
• The other major part of the algorithm is the initialization function,n which
accepts a key of variable size and uses it to create the initial state of the
keystream generator. This is also known as the key schedule algorithm.
RC4
Key Schedule Algorithm (KSA)
The Key Schedule Algorithm of RC4 is shown in Algorithm 1.
j=0
for i = 0 to 255 do
j = j + S[i] + K[i] mod 256
swap(S[i], S[j])
end for
RC4 Key Schedule Algorithm
RC4
Pseudo Random Generation Algorithm (PRGA)
Set i and j back to 0
for i = i +1 to length of plain text
j=j + s[i] mod 256
swap (s[i],s[j])
t= s[i] + s[j] mod 256
keystream = s[t]
end for
RC4
10110110 (text)
XOR 01010101 (key)
11100011
0011 0100
34
Advanced Encryption Standard (AES)
Shift Rows
• In this step rows of the block are cylindrically shifted in left direction.
• 1st row is unchanged
• 2nd row does 1 byte circular shift to left
• 3rd row does 2 byte circular shift to left
• 4th row does 3 byte circular shift to left
• Mix Column : substitution that uses Galois Fields, corps de Galois,
GF(28) arithmetic, by multiplying that column with a matrix in a
particular field (Galois Field).
Add Round Key
• XOR state with 128 XOR state with 128-bits of the round key bits of
the round key
AES Example Encryptions
• The main advantage of symmetric encryption over asymmetric
encryption is that it is fast and efficient for large amounts of data; the
disadvantage is the need to keep the key secret - this can be especially
challenging where encryption and decryption take place in different
locations, requiring the key to be moved safely between locations.
With 128 bit: 2128 = 3.4x 1038 possible keys (A PC that tries 255 keys per
second needs 149 billion years to break AES)
192 bit: 2192 = 6.2x 1057 possible keys
256 bit: 2256 = 1.1x 1077 possible keys
Probably AES will stay secure for at least 20 years
Public-key algorithms are based
on mathematical functions and
are asymmetric in nature,
involving the use of two keys, as
opposed to conventional single
key encryption.
Knapsack Algorithm
• Developed by Ralph Markle and Martin Hellman in 1978
• First general public key algorithm
• As it is a Public key cryptography, it needs two different keys. One is
Public key which is used for Encryption process and the other one is
Private key which is used for Decryption process.
• Two different knapsack problems in which one is easy and other one is
hard.
• The easy knapsack is used as the private key and the hard knapsack is
used as the public key. The easy knapsack is used to derived the hard
knapsack.
Knapsack Algorithm
• For the easy knapsack, we will choose a Super Increasing knapsack problem.
• Super increasing knapsack is a sequence in which every next term is greater than the sum of all preceding
terms.
Eg. {1, 2, 4, 10, 20, 40} is a super increasing as
Now, we have to multiply 71 with each block of cipher text take modulo m.
121 x 71 mod(110) => 8591 mod (110)=> 11
Ci*X-1*mod(m)
Knapsack Algorithm
• Then, we will have to make the sum of 11 from the values of private key
{1, 2, 4, 10, 20, 40} i.e.,
1+10=11 so make that corresponding bits 1 and others 0 which is 100100 among 6 bits
(because we have 6 value in our key).
Similarly,
197 x 71 mod(110) = 17
1+2+4+10=17 = 111100
Hashing
• Hash function coverts data of arbitrary length to a fixed length. This process is
often referred to as hashing the data.
• In general, the hash is much smaller than the input data, hence hash functions
are sometimes called compression functions.
• Since a hash is a smaller representation of a larger data, it is also referred to as a
digest.
• Hash function with n bit output is referred to as an n-bit hash function. Popular
hash functions generate values between 160 and 512 bits
• Message Digest 5 (MD5)was most popular and widely used hash function , Next
is Secure Hash Function (SHA)
• Nonrepudiation
• Nonrepudiation is the assurance that someone cannot deny
something. Non-repudiation is a legal concept that is widely used in
information security and refers to a service, which provides proof of
the origin of data and the integrity of the data.
Public Key Infrastructure
• Public Key Infrastructure (PKI) is a technology for
authenticating users and devices in the digital world. The
basic idea is to have one or more trusted parties digitally
sign documents certifying that a particular cryptographic key
belongs to a particular user or device. The key can then be
used as an identity for the user in digital networks.
• Data tampering is the act of deliberately modifying (destroying,
manipulating, or editing) data through unauthorized channels.
Certificate Authority
• The trusted party signing the document associating the key with the
device is called a certificate authority (CA). The certificate authority
also has a cryptographic key that it uses for signing these documents.
These documents are called certificates.
Public Key Infrastructure
• A public key infrastructure relies on digital signature technology,
which uses public key cryptography. The basic idea is that the secret
key of each entity is only known by that entity and is used for signing.
This key is called the private key. There is another key derived from it,
called the public key, which is used for verifying signatures but cannot
be used to sign. This public key is made available to anyone, and is
typically included in the certificate document.
Public Key Infrastructure
Secure Web Sites - HTTPS
• The most familiar use of PKI is in SSL certificates. SSL (Secure Sockets
Layer) is the security protocol used on the web when you fetch a page
whose address begins with https:. TLS (Transport Layer Security) is a
newer version of the protocol. In practice, most websites now use the
new version.
• With HTTPS, certificates serve to identify the web site you are connecting
to, to ensure that no-one can eavesdrop on your connection or, for
example, inject fraudulent wire transfers or steal credit card numbers.
• prevent man-in-the-middle attacks.
HTTPS
• HTTPS stands for Hypertext Transfer Protocol over Secure Socket
Layer, Or HTTP over SSL is a web protocol developed by Netscape.
• HTTPS is a combination of HTTP and SSL/TLS protocols.
• HTTPS uses one-time encryption key to encrypt data send to and
receive from the server.
• The 'S' at the end of HTTPS stands for 'Secure'. It means all
communications between your browser and the website are
encrypted.
HTTPS
• HTTPS pages typically use one of two secure protocols to encrypt
communications.
– SSL (Secure Sockets Layer)
– TLS (Transport Layer Security)
HTTPS
• When you request a HTTPS connection to a webpage , the website
will initially send its SSL certificate to your browser.
• This certificate contains the public key needed to begin the secure
session.
• Based on this initial exchange, your browser and the website then
initiate the 'SSL handshake'. The SSL handshake involves the
generation of shared secrets to establish a uniquely secure
connection between yourself and the website.
• An SSL certificate is by far the best and easiest solution to secure
websites and the data transmitted through them from getting stolen
or hacked. The acronym “SSL” stands for Secure Socket Layer and is
referring to the layer that the security protocol takes place on. In
laymen’s terms, it secures your websites with encryption.
• When a browser attempts to access a website that is secured by an SSL
certificate, the browser recognizes the SSL and then the web server
and browser establishes a secure connection or session. This process is
sometimes called an “SSL Handshake”. Note that the SSL handshake
happens instantaneously and remains invisible to the users.