Professional Documents
Culture Documents
Ch3 Crypto
Ch3 Crypto
Ch3 Crypto
M a r c h 17, 2020
Security Techniques
Symmetric
Also called private key or single-key or convectional key
Only one key is used to encrypt and decrypt data.
The key should be distributed before transmission between entities.
Keys play an important role.
If weak key is used in algorithm then everyone may decrypt the
data.
Strength of Symmetric key encryption depends on the size of key
used.
For the same algorithm, encryption using longer key is harder to
break than the one done using smaller key.
DES, AES, Ceaser cipher,
Security Techniques
CRYPTOGRAPHY
Asymmetric
Also called public key cryptography.
These algorithms use two keys in contrast to symmetric algorithms
which uses only one key.
Public key algorithm relies on one key for encryption and a different
but related key for decryption.
The two major reasons which made public key cryptography
algorithms:-
Key distribution and
Key generation
These algorithms are based on mathematical calculations rather
than substitution and permutations like the symmetric
cryptosystem.
Security Techniques
Encryption
Encryption: The process of transforming plain text or data into
cipher text that cannot be read by anyone other than the sender
and receiver
Purpose:
Secure stored information
Secure information transmission
Provides:
5 / 106
Security Techniques
Encryption
Encryption: The process of transforming plain text or data into
cipher text that cannot be read by anyone other than the sender
and receiver
Purpose:
Secure stored information
Secure information transmission
Provides:
Message integrity
5 / 106
Security Techniques
Encryption
Encryption: The process of transforming plain text or data into
cipher text that cannot be read by anyone other than the sender
and receiver
Purpose:
Secure stored information
Secure information transmission
Provides:
Message integrity
Confidentiality
5 / 106
Security Techniques
Requirements
two requirements for secure use of symmetric encryption:
a strong encryption algorithm
a secret key known only to sender/receiver
Security Techniques
Cryptanalysis
objective to recover key not just message
There are two general approaches:
Cryptanalytic attack
Rely on the nature of the algorithm plus perhaps some knowledge of the general
characteristics of the plaintext
Brute-force attack
Try every possible key on a piece of ciphertext until an intelligible translation
into plaintext is obtained.
On average,half of all possible keys must be tried to achieve success.
Security Techniques
Caesar Cipher
earliest known substitution cipher
by Julius Caesar
first attested use in military
affairs
The core idea is to replace one basic unit (letter/byte) with
another
replaces each letter by 3rd letter on
Then have Caesar cipher as:
C = E(p) = (p + k) mod (26)
P = D(c) = (c - k) mod (26)
Security Techniques
Encryption example
Exercise. 1: Information encrypted using key f
Plaintext: Information
Key: f
Ciphertext:???????
Decryption example
Exercise. 2: ”GCUA VQ DTGCM” decrypted using key C
Key: C
Ciphertext:GCUA VQ DTGCM
Plaintext:???????
Security Techniques
Vigenere cipher
Proposed by Blaise de Vigenere
works by using a key and replacing plain text letters for cipher
text letters according to the key
Vigeneres cipher assigned a number to each of the letters in the
alphabet
And then used the value of each letter in the key to add to the
value of each letter in the plain text, to obtaining the cipher text
This process was repeated for each letter in the plain text using
the next letter in the key, and repeating the key as many times as
needed to compensate for the length of the plain text.
Security techniques
Vigenere cipher
A key was constructed for each message, instead of the Caesar
cipher, which used the same key for each message, making it more
secure.
By creating a keyword with multiple letters instead of just a single
letter rotation for the entire message
Write the plaintext out and the keyword repeated above it.
Example: Plain text: Cryptography
Key: Luck
Cipher text: nlazeiibljji
Exercise: Encrypt the ff message using keyword deceptive
Plaintext: We are discovered to save yourself
Key: deceptive
Security techniques
Autokey cipher
Exercise 1: Encrypt the ff message
PT: Authokey cipher
Key: key
Ciphertext: ??????
Exercise 2:
Decrypt the ff
message
CT: EOA
Key:Lhw
Security Techniques
Hill Cipher
Developed by the mathematician Lester Hill.
Concepts from linear algebra and requires elementary
understanding of matrix.
It also make use of Modulo arithmetic.
Because of this the cipher has a significantly more mathematical
nature.
The Hill cipher is an example of a block cipher.
The substitution is determined by M linear equations in which
each character is assigned a numerical value (a = 0, b = 1 z=25).
For, M = 2 the algorithm can be described as:
C1 = (K11P1 + K12P2)mod (26)
C2 = (K21P1 + K22P2)mod (26)
Security Techniques
P = C*K-1 mod(26)
Security techniques
Transposition Ciphers
Is the second basic building block of ciphers.
The core idea is to rearrange the order of basic units
(letters/bytes/bits) without altering their actual values.
These hide the message by rearranging the letter order.
Without altering the actual letters used.
Security techniques
Encryption
First you need to have a key which is for this cipher the number of
depth you are going to have and the size of plaintext.
Then start writing the letters of the plaintext diagonally down to
the right until you reach the number of rows specified by the key.
Then go back to diagonally until you hit the first row again.
Continue until the end of the plaintext.
Example: ”Defend the east wall” with a depth of 3.
Security techniques
Decryption
Decryption process involves reconstructing the diagonal grid used
to encrypt the message.
We start by making the grid with as many rows as the keys is and
as many columns as the length of the ciphertext.
We then place the first letter in the top left square and dashes
diagonally downwards where the letters will be.
When we get back to the top row, place the next letter in the
ciphertext.
Continue like this across the row and start the next row when you
reach the end.
Then read the plaintext by following the diagonals.
Example: ”TEKHRACIEATANYTG” with a depth of 4.
Security techniques
Exercise
Exercise: ”They are attacking from the north” with a depth of 4.
Exercise: ”TEKOOHRACIRMNREATANFTETYTGHH” with a
depth of 4
Security techniques
Initial Permutation IP
First step of the data computation
Defined by tables
The input to a table consists of 64 bits numbered left to right from
1 to 64.
The 64 entries in the permutation table contain a permutation of
the numbers from 1 to 64.
Each entry in the permutation table indicates the position of a
numbered input bit in the output, which also consists of 64 bits.
Example:0123456789ABCDEF
M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010
1011 1100 1101 1110 1111
IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010
1010 1111 0000 1010 1010 (CC00CCFFF0AAF0AA)
Security techniques
Initial Permutation IP
Security techniques
S-BOX
Security techniques
Ln = Rn-1
Rn = Ln-1 + f(Rn-1,Kn)
F takes 32-bit R half and 48-bit subkey:
Expands R to 48-bits using perm E
The resulting 48 bits are XORed with
Ki
This 48-bit result passes through 8 S-boxes to get 32-bit
result(each map 6 input bits to 4 output bits)
Finally permutes using 32-bit perm P
Security techniques
Function f Structure
Security techniques
Substitution Boxes S
have eight S-boxes which map 6 to 4 bits
each S-box is actually 4 little 4 bit boxes
outer bits 1 & 6 (row bits) select one row of 4
inner bits 2-5 (col bits) are substituted
result is 8 lots of 4 bits, or 32 bits
row selection depends on both data & key
Security techniques
DES Example
Example: Let M be the plain text message M =
0123456789ABCDEF
Rewriting M in binary format, we get the 64-bit block of text:
M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010
1011 1100 1101 1110 1111
And K be the hexadecimal key K = 133457799BBCDFF1
K = 00010011 00110100 01010111 01111001 10011011 10111100
11011111 11110001
The DES algorithm uses the following steps:
Security techniques
DES Example
Step 1: Create 16 subkeys, each of which is 48-bits long.
The 64-bit key is permuted according to the following table, PC-1.
Since the first entry in the table is ”57”, this means t hat the 57th
bit of the original key K becomes the first bit of the permuted key
K+.
The 49th bit of the original key becomes the second bit of the
permuted key. The 4th bit of the original key is the last bit of the
permuted key.
Note only 56 bits of the original key appear in the permuted key.
Security techniques
DES Example
From the original 64-bit key
K = 00010011 00110100 01010111 01111001 10011011 10111100
11011111 11110001
we get the 56-bit permutation
K + = 1111000 0110011 0010101 0101111 0101010 1011001
1001111 0001111
Next, split this key into left and right halves, C0 and D0, where
each half has 28 bits.
From the permuted key K + , we get
C0 = 1111000 0110011 0010101 0101111
D0 = 0101010 1011001 1001111 0001111
With C0 and D0 defined, we now create sixteen blocks Cn and
Dn
Security techniques
DES Example
Each pair of blocks Cn and Dn is formed from the previous pair
Cn-1 and Dn-1, respectively, for n = 1, 2, ..., 16,
using the following schedule of ”left shifts” of the previous block.
To do a left shift, move each bit one place to the left, except for
the first bit, which is cycled to the end of the block.
Security techniques
DES Example
To do a left shift, move each bit one place to the left, except for
the first bit, which is cycled to the end of the block.
This means, for example, C3 and D3 are obtained from C2 and
D2, respectively, by two left shifts, and C16 and D16 are obtained
from C15 and D15, respectively, by one left shift.
From original pair pair C0 and D0 we obtain:
C0 = 1111000011001100101010101111
D0 = 0101010101100110011110001111
C1 = 1110000110011001010101011111
D1 = 1010101011001100111100011110
Security techniques
DES Example
We now form the keys Kn, by applying the following permutation
table to each of the concatenated pairs CnDn.
Each pair has 56 bits, but PC-2 only uses 48 of these.
Therefore, the first bit of Kn is the 14th bit of CnDn, the second
bit the 17th, and so on
C1D1 = 1110000 1100110 0101010 1011111 1010101 0110011
0011110 0011110
K1 = 000110 110000 001011 101111 111111 000111 000001
110010
Security techniques
DES Example
Step 2: Encode each 64-bit block of data
So much for the subkeys. Now we look a t the message itself.
There is an initial permutation IP of the 64 bits of the message
data M.
This rearranges the bits according to the following table, where
the entries in the table show the new arrangement of the bits from
their initial order.
The 58th bit of M becomes the first bit of IP.
The 50th bit of M becomes the second bit of IP.
The 7th bit of M is the last bit of IP.
Security techniques
DES Example
Applying the initial permutation to the block of text M, given
previously, we get
M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010
1011 1100 1101 1110 1111
IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000
1010
1010 1111 0000 1010 1010
Here the 58th bit of M is ”1”,which becomes the first bit of IP.
The 50th bit of M is ”1”,which becomes the second bit of IP.
Next divide the permuted block IP into a left half L0 of 32 bits,
and a right half R0 of 32 bits.
From IP, we get L0 and R0
L0 = 1100 1100 0000 0000 1100 1100 1111 1111
R0 = 1111 0000 1010 1010 1111 0000 1010 1010
Security techniques
DES Example
We now proceed through 16 iterations, using a function f which
operates on two blocks: a data block of 32 bits and a key Kn of 48
bits–to produce a block of 32 bits.
Then for n going from 1 to 16 we calculate
Ln = Rn-1
Rn = Ln-1 + f(Rn-1,Kn)
This results in a final block, for n = 16, of L16R16.
T ha t is, in each iteration, we take the right 32 bits of the previous
result and make them the left 32 bits of the current step.
For the right 32 bits in the current step, we XOR the left 32 bits
of the previous step with the calculation f .
Security techniques
DES Example
For n = 1, we have
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
L1 = R0 = 1111 0000 1010 1010 1111 0000 1010 1010
R1 = L0 + f(R0,K1)
To calculate f, we first expand each block Rn-1 from 32 bits to 48
bits.
This is done by using a expansion table that repeats some of the
bits in Rn-1.
Thus E(Rn-1) has a 32 bit input block, and a 48 bit output
block.
Security techniques
DES Example
Thus the first three bits of E(Rn-1) are the bits in positions 32, 1
and 2 of Rn-1 while the last 2 bits of E(Rn-1) are the bits in
positions 32 and 1.
We calculate E(R0) from R0 as follows:
R0 = 1111 0000 1010 1010 1111 0000 1010 1010
E(R0) = 011110 100001 010101 010101 011110 100001 010101
010101
Security techniques
DES Example
(Note that each block of 4 original bits has been expanded to a
block of 6 output bits.)
Next in the f calculation, we XOR the output E(Rn-1) with the
key Kn:
Kn + E(Rn-1)
For K1 , E(R0), we have
K1 = 000110 110000 001011 101111 111111 000111 000001
110010
E = 011110 100001 010101 010101 011110 100001 010101
010101
= 011000 010001 011110 111010 100001 100110 010100 100111
Security techniques
DES Example
To this point we have expanded Rn-1 from 32 bits to 48 bits, using
the selection table, and XORed the result with the key Kn.
We now have 48 bits, or eight groups of six bits.
We now do something strange with each group of six bits:
we use them as addresses in tables called ”Sboxes”.
Each group of six bits will give us an address in a different S box.
Located at t hat address will be a 4 bit number.
This 4 bit number will replace the original 6 bits. Write
the previous result, which is 48 bits, in the form:
Kn + E(Rn-1) =B1B2B3B4B5B6B7B8,
where each Bi is a group of six bits. We now calculate
Security techniques
DES Example
S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8)
DES Example
The first and last bits of B represent 2 a number in the decimal
range 0 to 3 (or binary 00 to 11)
Let that number be i.
The middle 4 bits of B represent a number in the decimal range 0
to 15 (binary 0000 to 1111).
Let that number be j.
Look up in the table the number in the i-th row and j-th column.
It is a number in the range 0 to 15 and is uniquely represented by
a 4 bit block.
For example, for input block B = 011011 the first bit is ”0” and
the last bit ”1” giving 01 as the row.
This is row 1.
The middle four bits are ”1101”.
Security techniques
DES Example
This is the binary equivalent of decimal 13, so the column is
column number 13.
In row 1, column 13 appears 5.
This determines the output; 5 is binary 0101, so t hat the output is
0101.
Hence S1(011011) = 0101.
The tables defining the functions S1,...,S8 are the following:
Security techniques
DES Example
For the first round, we obtain as the output of the eight S boxes:
K1 + E(R0) = 011000 010001 011110 111010 100001 100110
010100 100111.
S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) = 0101
1100 1000 0010 1011 0101 1001 0111
The final stage in the calculation of f is to do a permutation P of
the S-box output to obtain the final value of f:
f = P(S1(B1)S2(B2)...S8(B8))
The permutation P is defined in the following table.
P yields a 32-bit output from a 32-bit input by permuting the bits
of the input block.
Security techniques
DES Example
DES Example
In the next round, we will have L2 = R1, which is the block we
just calculated, and then we must calculate R2 =L1 + f(R1, K2),
and so on for 16 rounds.
At the end of the sixteenth round we have the blocks L16 and R16.
We then reverse the order of the two blocks into the 64-bit block
R16L16
and apply a final permutation IP-1.
Decryption is simply the inverse of encryption, follwing the same
steps as above, but reversing the order in which the subkeys are
applied.
Security techniques
Asymmetric cryptosystem
Private Key Cryptography
Traditional private/secret/single key cryptography uses one key
Shared by both sender and receiver.
if this key is disclosed communications are compromised
also is symmetric, parties are equal
Asymmetric encryption is a form of cryptosystem in which
encryption and decryption are performed using the different keys
one a public key and one a private key.
It is also known as public key encryption.
Security techniques
Asymmetric cryptosystem
Asymmetric encryption transforms plaintext into ciphertext using
a one of two keys and an encryption algorithm.
Using the paired key and a decryption algorithm, the plaintext is
recovered from the ciphertext.
Public key cryptography solves symmetric key encryption problem
of having to exchange secret key
Uses two mathematically related digital keys public key (widely
disseminated) and private key (kept secret by owner)
Both keys are used to encrypt and decrypt message
Once key is used to encrypt message, same key cannot be used to
decrypt message
For example, sender uses recipients public key to encrypt message;
recipient uses his/her private key to decrypt it
Security techniques
Asymmetric cryptosystem
Public-key/two-key/asymmetric cryptography involves the use of
two keys:
a public-key, which may be known by anybody, and can be used to
encrypt messages, and verify signatures
a private-key, known only to the recipient, used to decrypt
messages, and sign (create) signatures
is asymmetric because
those who encrypt messages or verify signatures cannot decrypt
messages or create signatures
Security techniques
RSA
The algorithm is named after its inventors Ron Rivest, Adi Shamir
and Leonardo Adleman
Uses two keys a public and a private key
Asymmetric since parties are not equal
Uses clever application of number theoretic concepts to function
The plaintext and ciphertext are integers between 0 and n - 1
RSA makes use of an expression with exponentials
Security techniques
RSA
For some plaintext block M and ciphertext block C
RSA
The keys were generated as follows
1 Choose two distinct prime numbers p and q.
For security purposes, the integers p and q should be chosen a t
random, and should be similar in magnitude but differ in length by
a few digits to make factoring harder.
prime numbers only have divisors of 1 and self
they cannot be written as a product of other numbers
eg. 2,3,5,7 are prime, 4,6,8,9,10 are not
Prime integers can be efficiently found using a
2 primality test
Compute n = pq.
n is used as the modulus for both the public and
private keys.
Security techniques
RSA
1 Totient(n) = (p - 1)(q - 1)
2 Choose an integer e such that 1 < e < Totient(n) and gcd(e,
Totient(n)) = 1.
Select e such th a t e is relatively prime to Totient(n)
Two numbers a, b are relatively prime if have no common divisors
apart from 1
And less than Totient(n)
3 Determine d as d = e - 1 (mod Totient(n)); i.e., d is the modular
multiplicative inverse of e modulo Totient(n).
This means: solve for d the equation d*e = 1 (mod Totient(n)).
e is released as the public key exponent.
d is kept as the private key exponent.
Security techniques
RSA Example
Example: Encrypt the following plaintext message M =88 using
RSA algorithm. Assume the value of p = 17 and q = 11.
Exercise: p = 7 and q = 11, e = ?, d = ?
Encrypt M = 8
Security techniques
Hash function
Cryptographic hash function is a mathematical algorithm t hat
maps an arbitrary size of data to a fixed length of data.
Used to ensure the data integrity.
Well-known examples: MD2, MD4, MD5, SHA
The values returned by hash function are called as hash values A
hash value is generated by a function H of the form h = H(M)
Where M is a variable-length message and H(M) is the fixed-length
hash value.
The hash value is appended to the message a t the source.
The receiver authenticates tha t message by re-computing the hash
value.
Security techniques
Hash function
The hash function itself is not considered to be secret, some means
is required to protect the hash value.
Cryptographic hashing algorithms can receive any kind of input.
However, a hash function will always produce a fixed-length
output.
Regardless of what the input is, the output will be an
alphanumeric code of fixed length.
Security techniques
Hash function
Security techniques
Hash function
All hash functions operate using the following general principles.
The input (message, file, etc.) is viewed as a sequence of n-bit
blocks.
The input is processed one block at a time in an iterative fashion
to produce an n-bit hash function.
One of the simplest hash functions is the bit-by-bit exclusive-OR
(XOR) of every block.
This can be expressed as follows:
Ci = bi1 bi2 bim
Security techniques
Digital Signatures
Message authentication protects two parties who exchange
messages from any third party.
However, it does not protect the two parties against each
other.
A digital signature is analogous to the handwritten signature, and
provides a set of security capabilities t hat would be difficult to
implement in any other way.
Security techniques