You are on page 1of 24




Guided By Submitted By

Miss . Ankita Patel Saloni Bhargava

5th I.T.



This is to certify that the seminar entitled “CRYPTOGRAPHY” and submiitted
by SALONI BHARGAVA having roll no 02 for the partial fullfilment of
requirements of Bachelor of Engineering(Information Technology) degree of
AHMEDABAD, Gujarat, India embodies the bonafied work done by haer under
my supervision.

Miss Ankita Patel

Name of guide

Date :




I would like to take this opportunity to thank my teacher and guide

Miss Ankita patel for her advice and continued support
without which it would not have been possible to complete
this report.

I would also like to thank entire computer department and faculty for helping me
in every possible manner during this course.


Many organizations are working hard to secure themselves from

the growing threats of message hacking through various trends in
cryptography. Yet the headlines are dominated with the latest news of
message passing disaster more frequently than any time before.This
document intends to review this problem and propose several
possible solutions.The cryptographic industry has been responding to
these threats with ever-quicker responses to the rapid ons laught of
malicious techniques, while corporations establish strict
cryptographic techniques. Placing an organizations cryptographic
techniques at the desktop level is like closing all the doors in a
house¦..while leaving windows and other entry points open.The
present document discusses various cryptographic techniques of all
times such as the three basic algorithms namely private key
algorithm,,public key algorithm and the hash functions.The need for
having three encryption techniques has also been encrypted .A
detailed discussion has been done on the classical cryptography and
the drawbacks of the classical cryptography to ensure the need for
going to new trends in cryptography like quantum cryptography,elliptic
curve cryptography.These new techniques that has emerged out of
various exploitations in the field of cryptography rises a fair amount of
hope that we can over come the problems we are facing in a headhoc
way.These proven technologies can meet the needs of the
most demanding of environments while their respective focus on
manageability has automated many tasks and simplified
administrative functions through easy-to-use interfaces developed
through years of customer feedback..And at the end of the document
we can conclude that soon we can save secrecy involved in message
passing from the dangerous clutches of message hackers.

No TOPIC Page no

1. Introduction 6

2. Development of cryptography 6

3. Need of cryptography 7

4. What is cryptography? 8

5. Types of cryptography 8

6. Digital signature 15

7. Hash functions 16

8. Security Architecture 19

9. Applications 19

10. Examples 26

11. Future developments 22

12. Conclusion 23

13. Bibliography 23


Security is a broad topic and covers a multitude of sins.Most security problems

are intentionally caused by malicious people trying to gain some benefit or harm
someone.The requirement of information security has undergone two major changes
in last two decades. In earlier days cabinets with a combination lock for storing
sensitive documents were used.With introduction of computer, the need for
automated tools for protecting files and other information became evident. This is
very important in case of shared systems as well as for data network or internet.The
generic term for the collection of the tools designed to protect data and thwart hackers
is Computer Security


The history of cryptography begins thousands of years ago. Until

recent decades, it has been the story of what might be called classic
cryptography — that is, of methods of encryption that use pen and paper, or
perhaps simple mechanical aids. In the early 20th century, the invention of
complex mechanical and electromechanical machines, such as the Enigma rotor
machine, provided more sophisticated and efficient means of encryption; and the
subsequent introduction of electronics and computing has allowed elaborate
schemes of still greater complexity, most of which are entirely unsuited to pen
and paper.

The development of cryptography has been paralleled by the

development of cryptanalysis — the "breaking" of codes and ciphers. The
discovery and application, early on, of frequency analysis to the reading of
encrypted communications has on occasion altered the course of history. Thus
the Zimmermann Telegram triggered the United States' entry into World War I;
and Allied reading of Nazi Germany's ciphers shortened World War II, in some
evaluations by as much as two years.

Until the 1970s, secure cryptography was largely the preserve of governments.
Two events have since brought it squarely into the public domain: the creation of
a public encryption standard (DES), and the invention of public-key cryptography.


The main use of cryptography is mentioned below:

1) Private or confidentiality

2) Data integrity
3) Authentication
4) Non-repudation

1.Confidentiality is a service used to keep the content of information from all but
those authorized to posses it. Secrecy is a term synonymous with confidentiality and
privacy. There arenumerous approaches to providing confidentiality, ranging from
physical protection tomathematical algorithms which render data unintelligible.

2. Data integrity is a service which addresses the unauthorized alteration of data. To

assure data integrity, one must have the ability to detect data manipulation by unau-
thorized parties. Data manipulation includes such things as insertion, deletion, and

3. Authentication is a service related to identification. This function applies to both

entities and information itself. Two parties entering into a communication should
identify each other.Information delivered over a channel should be authenticated as to
origin, date of origin, data content, time sent, etc. For these reasons this aspect of
cryptog-raphy is usually subdivided into two major classes:
entityauthentication and dataorigin authentication. Data origin authentication
implicitly provides data integrity (for if a message is modified, the source has

4. Non-repudiation is a service which prevents an entity from denying previous

commitments or actions. When disputes arise due to an entity denying that certain
actions were taken, a means to resolve the situation is necessary. For example, one
entity may authorize the purchase of property by another entity and later deny such
autho-rization was granted. A procedure involving a trusted third party is needed to
resolve the dispute.

A fundamental goal of cryptography is to adequately address these four areas

in both theory and practice. Cryptography is about the prevention and detection of
cheating and other malicious activities and to secure what you have as sensitive



Procedure to convert plain text int o cipher text.


Procedure to convert cipher text into plain text.


Cryptography is the science of using mathematics to encrypt and decrypt

data. Cryptography enables you to store sensitive information or transmit it
across insecure networks (like the Internet) so that it cannot be read by any-
one except the intended recipient.While cryptography is the science of securing data,
cryptanalysis is the science of analyzing and breaking secure communication. Classical
cryptanalysis involves an interesting combination of analytical reasoning, application of
mathematical tools, pattern finding, patience, determination, and luck. Cryptanalysts are
also called attackers.Cryptology embraces both cryptography and cryptanalysis.
A related discipline is steganography, which is the science of hiding messages
rather than making them unreadable. Steganography is not cryptography; it is a form of
coding. It relies on the secrecy of the mechanism used to hide the message. If, for
example, you encode a secret message by putting each letter as the first letter of the first
word of every sentence, it’s secret until someone knows to look for it, and then it
provides no security at all.


A cryptographic algorithm, or cipher, is a mathematical function used in the

encryption and decryption process. A cryptographic algorithm works in combination with
a key—a word, number, or phrase—to encrypt the plaintext. The same plaintext encrypts
to different ciphertext with different keys. The security of encrypted data is entirely
dependent on two things: the strength of the cryptographic algorithm and the secrecy of
the key. A cryptographic algorithm, plus all possible keys and all the protocols that make
it work, comprise a cryptosystem. PGP is a cryptosystem.


There are two main types of cryptography:
• Secret key cryptography
• Public key cryptography
In cryptographic systems, the term key refers to a numerical value used by an
algorithm to alter information, making that information secure and visible only to
individuals who have the corresponding key to recover the information.
Secret key cryptography is also known as symmetric key cryptography.
With this type of cryptography, both the sender and the receiver know the same
secret code, called the key. Messages are encrypted by the sender using the key
and decrypted by the receiver using the same key.
This method works well if you are communicating with only a limited number of
people, but it becomes impractical to exchange secret keys with large numbers
of people. In addition, there is also the problem of how you communicate the
secret key securely.
The figure given below shows secret key cryptography.

Plaintext Encryption Ciphertext Decryption Plaintext


Stream ciphers operate on a single bit (byte or computer word) at a time,
and implement some form of feedback mechanism so that the key is constantly

• BLOCK CIPHERS : The scheme encrypts one block of data at a time using the
same key on each block.

Stream ciphers come in several flavors but two are worth mentioning
here :
• Self-synchronizing stream ciphers calculate each bit in the keystream as a
function of the previous n bits in the keystream.
• Synchronous stream ciphers generate the keystream in a fashion
independent of the message stream but by using the same keystream
generation function at sender and receiver.

Block ciphers can operate in one of several modes; the following four
are the most important:
• Electronic Codebook (ECB) mode :
• Cipher Block Chaining (CBC) mode :
• Cipher Feedback (CFB) mode :
• Output Feedback (OFB) mode

• Symmetric Key Cryptographic Algorithms:

The symmetric key cryptographic algorithms are as follow:-

a) DES
e) RC4
f) RC5
g) TwoFish


Public key cryptography, also called asymmetric encryption, uses a
pair of keys for encryption and decryption. With public key cryptography, keys
work in pairs of matched public and private keys.

The public key can be freely distributed without compromising the private key,
which must be kept secret by its owner. Because these keys work only as a pair,
encryption initiated with the public key can be decrypted only with the
corresponding private key. The following example illustrates how public key
cryptography works:
• Ann wants to communicate secretly with Bill. Ann encrypts her message
using Bill’s public key (which Bill made available to everyone) and Ann
sends the scrambled message to Bill.
• When Bill receives the message, he uses his private key to unscramble
the message so that he can read it.
• When Bill sends a reply to Ann, he scrambles the message using Ann’s
public key.
• When Ann receives Bill’s reply, she uses her private key to unscramble his
The major advantage asymmetric encryption offers over symmetric key
cryptography is that senders and receivers do not have to communicate keys up
possible using the public keys.
The figure given below shows public-key cryptography.

Public-key private-key

Plaintext Encryption Ciphertext Decryption Plaintext


The Assymmetric(public key) key cryptographic algorithms are as

a) RSA

b) Diffie-Hellman

c) Elliptic curve


PGP then creates a session key, which is a one-time-only
secret key. This key is a random number generated from the random
movements of your mouse and the keystrokes you type. The session
key works with a very secure, fast conventional encryption algorithm
to encrypt the plaintext; the result is ciphertext. Once the data is
encrypted, the session key is then encrypted to
the recipient’s public key. This public key-encrypted session key is
along with the ciphertext to the recipient.

Plaintext is encrypted with
Session key

Ciphertext +
encrypted session

Decryption works in the reverse. The recipient’s

copy of PGP uses his or herprivate key to recover the session key,
which PGP then uses to decrypt the conventionally encrypted

Encrypted message encrypted session recipient’s private key
Key to decrypt session key

Ciphertext Session key used

original to decrypt
ciphertext plaintext

The combination of the two encryption methods combines the

convenience of public-key encryption with the speed of conventional
encryption. Conventional encryption is about 10,000 times faster than
public-key encryption.Public-key encryption in turn provides a solution
to key distribution and data transmission issues. Used together ,
performance and key distribution areimproved without any sacrifice in

 A key is a value that works with a cryptographic algorithm to
produce a specific ciphertext. Keys are basically really, really,
really big numbers.Key size is measured in bits; the number
representing a 2048-bit key is darn huge. In public-key
cryptography, the bigger the key, the more secure the

 However, public key size and conventional cryptography’s secret

key size are totally unrelated. A conventional 80-bit key has the
equivalent strength of a 1024-bit public key. A conventional 128-
bit key is equivalent to a 3000-bit public key. Again, the bigger

the key, the more secure, but the algorithms used for each type
of cryptography are very different and thus comparison is like
that of apples to oranges.

 While the public and private keys are mathematically related, it’s
very difficult to derive the private key given only the public key;
however, deriving the private key is always possible given
enough time and computing power. This makes it very important
to pick keys of the right size; large enough to be secure, but
small enough to be applied fairly quickly. Additionally, you need
to consider who might be trying to read your files, how
determined they are,how much time they have, and what their
resources might be.

 Larger keys will be cryptographically secure for a longer period

of time. If what you want to encrypt needs to be hidden for many
years, you might
want to use a very large key. Of course, who knows how long it
will take to
determine your key using tomorrow’s faster, more efficient
computers?There was a time when a 56-bit symmetric key was
extremely safe.

 Current thinking is that 128-bit keys will be safe indefinitely, at

least until
someone invents a usable quantum computer. We also believe
that 256-
bit keys will be safe indefinitely, even if someone invents a
computer. This is why the AES includes options for 128 and 256-
bit keys.
But history tells is that it’s quite possible someone will think this
amusingly quaint in a few decades.

 Keys are stored in encrypted form. PGP stores the keys in two
files on
your hard disk; one for public keys and one for private keys.
These files are called keyrings. As you use PGP, you will typically
add the public keys of your recipients to your public keyring.
Your private keys are stored on your private keyring. If you lose
your private keyring you will be unable to decrypt any

information encrypted to keys on that ring. Consequently, it’s a
good idea to keep good backups.


 A major benefit of public key cryptography is that it provides a

method for
employing digital signatures. Digital signatures let the recipient
of information verify the authenticity of the information’s origin,
and also verify that the information was not altered while in
transit. Thus, public key digital signatures provide authentication
and data integrity. These features are every bit as fundamental
to cryptography as privacy, if not more.

 A digital signature serves the same purpose as a seal on a

document, or a
handwritten signature. However, because of the way it is
created, it is superior to a seal or signature in an important way.
A digital signature not only attests to the identity of the signer,
but it also shows that the contents of the information signed has
not been modified. A physical seal or handwritten signature
cannot do that. However, like a physical seal that can be created
by anyone with possession of the signet, a digital signature can
be created by anyone with the private key of that signing

 Some people tend to use signatures more than they use

encryption. For
example, you may not care if anyone knows that you just
$1,000 in your account, but you do want to be darn sure it was
the bank
teller you were dealing with.

 The basic manner in which digital signatures are created is

shown in the following figure. The signature algorithm uses your
private key to create the signature and the public key to verify it.
If the information can be decrypted with your public key, then it
must have originated with you.

private key public

original text signing signed text

verifying verified text


 The system described above has some problems. It is slow, and

it produces an enormous volume of data—at least double the
size of the original information. An improvement on the above
scheme is the addition of a one-way hash function in the process.
A one-way hash function takes variable-length input—in this
case, a message of any length, even thousands or millions of bits
—and produces a fixed-length output; say, 160 bits. The hash
function ensures that, if the information is changed in any way—
even by just one bit— an entirely different output value is

 PGP uses a cryptographically strong hash function on the

plaintext the user is signing. This generates a fixed-length data
item known as a message digest. (Again, any change to the
information results in a totally different digest.)

 Then PGP uses the digest and the private key to create the
“signature.” PGP transmits the signature and the plaintext
together. Upon receipt of the message, the recipient uses PGP to
recompute the digest, thus verifying the signature. PGP can
encrypt the plaintext or not; signing plaintext is useful if some of
the recipients are not interested in or capable of verifying the

 As long as a secure hash function is used, there is no way to take

someone’s signature from one document and attach it to
another, or to alter a signed message in any way. The slightest
change to a signed document will cause the digital signature
verification process to fail.

 Digital signatures play a major role in authenticating and

validating the keys of other PGP users.

The Advantages of Public-Key Cryptography Compared with Secret-Key
Cryptography is as follow:-

• The primary advantage of public-key cryptography is increased security

and convenience: private keys never need to transmitted or revealed to
anyone. In a secret-key system, by contrast, the secret keys must be
transmitted (either manually or through a communication channel), and
there may be a chance that an enemy can discover the secret keys during
their transmission.

• Another major advantage of public-key systems is that they can provide a

method for digital signatures. Authentication via secret-key systems
requires the sharing of some secret and sometimes requires trust of a
third party as well. As a result, a sender can repudiate a previously
authenticated message by claiming that the shared secret was somehow
compromised by one of the parties sharing the secret. For example, the
Kerberos secret-key authentication system involves a central database
that keeps copies of the secret keys of all users; an attack on the
database would allow widespread forgery. Public-key authentication, on
the other hand, prevents this type of repudiation; each user has sole
responsibility for protecting his or her private key. This property of public-
key authentication is often called non-repudiation

The disadvantages of Public-Key Cryptography Compared with Secret-Key

Cryptography is as follow:-

• A disadvantage of using public-key cryptography for encryption is speed:

there are popular secret-key encryption methods that are significantly
faster than any currently available public-key encryption method.
Nevertheless, public-key cryptography can be used with secret-key
cryptography to get the best of both worlds. For encryption, the best
solution is to combine public- and secret-key systems in order to get both
the security advantages of public-key systems and the speed advantages
of secret-key systems. The public-key system can be used to encrypt a
secret key which is used to encrypt the bulk of a file or message. Such a
protocol is called a digital envelope.

• Public-key cryptography may be vulnerable to impersonation, however,

even if users' private keys are not available. A successful attack on a
certification authority will allow an adversary to impersonate whomever
the adversary chooses to by using a public-key certificate from the
compromised authority to bind a key of the adversary's choice to the name
of another user.

• In some situations, public-key cryptography is not necessary and secret-
key cryptography alone is sufficient. This includes environments where
secure secret-key agreement can take place, for example by users
meeting in private. It also includes environments where a single authority
knows and manages all the keys, e.g., a closed banking system. Since the
authority knows everyone's keys already, there is not much advantage for
some to be "public" and others "private." Also, public-key cryptography is
usually not necessary in a single-user environment. For example, if you
want to keep your personal files encrypted, you can do so with any secret-
key encryption algorithm using, say, your personal password as the secret
key. In general, public-key cryptography is best suited for an open multi-
user environment.

• Public-key cryptography is not meant to replace secret-key cryptography,

but rather to supplement it, to make it more secure. The first use of public-
key techniques was for secure key exchange in an otherwise secret-key
system ; this is still one of its primary functions. Secret-key cryptography
remains extremely important and is the subject of much ongoing study and
research. Some secret-key cryptosystems are discussed in the sections
on block ciphers and stream ciphers.

Why Three Encryption Techniques?

The three encryption techniques are used for following reasons:

• Hash functions : for data integrity

• Secret-key cryptography: ideally suited to encrypting message
• public-key cryptography : for Key exchange


 Security services
1. Authentication
2. Data Confidentiality
3. Data Integrity
4. Non repudiation
5. Availability Services

 Security mechanism
1. Specific security Mechanism
2. Pervasive Security Mechanism

 Security attacks
1. Passive Attacks
a. Release of message contents
b. Traffic analysis

2.Active Attacks

a. Masquerade
b. Replay
c. Modification of messages
d. Denial of services


 Computer password.
 ATM security.
 Military security
 Electronic commerce.
 Authentication of messages.
 Digital signatures.
 Interactive proofs
 Secure compututers


• The ABC company maintains payroll information for a variety of organizations.

This payroll information is frequently transmitted over the Internet from
participating companies. For security reasons, the ABC company conducts all of
its Internet transactions using public key cryptography. The company owns both a
public and a private encryption key. The public key is made available to all
participating organizations and in fact is openly available to anyone who wants to
download it from the ABC website. The private key is kept secure in a bank vault
at ABC headquarters. When the XYZ company wants to transmit its payroll data
to the ABC company, it first encrypts the data using the ABC company’s public
key. Once it’s encrypted, the scrambled payroll data is transmitted securely over
the Internet to the ABC company’s processing department. If the information is
intercepted along the way, all the interceptors will see is scrambled information.
Even if they have the public key, which is very possible, they will not be able to
unscramble the information. Only the private key can do that. Once the

information is received by ABC, the private key is used to unscramble the
information, allowing the processing department to process the payroll.

• Using symmetric cryptography the ABC company would have to deliver, through
some secure means (such as a courier), a copy of its one and only private key.
Since the same key is used to both encrypt and decrypt the information, both
sender and receiver must have a copy. So if XYZ is a new client for ABC, ABC
must send XYZ a copy of the secret key so that XYZ can then encrypt its payroll
information and transmit it to ABC. ABC, using the same key, decrypts XYZ’s
information and processes the payroll data. Since a system is only as strong as its
weakest link, key security during transmission becomes as important for XYZ as
encrypting the data.

• As mentioned earlier, public key cryptography lends itself to a new technology

called digital signatures. Digital signatures involve a reversing of the normal
public/private encryption/decryption process. Here is an example that
demonstrates its use. Suppose Mary wants to send the ABC company a request for
a special document. Before the ABC company can send that document, they must
be assured that the requestor is actually Mary. A digital signature can verify
Mary’s validity to ABC in the following way. Mary first encrypts her name using
her private key. She then encrypts the request along with the encrypted name
using the ABC company’s well-known public key. When the ABC company
receives the message, it decrypts the request using its private key and then
decrypts the signature using Mary’s well-publicized public key. If the name
decrypts successfully, then it must be Mary’s signature since she is the only one
who could have encrypted it with her secret private key. The request can be safely

• Digital signatures are gaining popularity in many Internet transactions involving

signature verification such as contracts and other legal negotiations as well as
court documents. Recent enhancements to digital signatures include digital time
stamps. Digital timestamps apply a “when” criteria to a digital signature by
attaching a widely publicized summary number to the signature. That summary
number is only produced at some given point in time, essentially linking that
signature to a certain date/time. It’s an especially effective technology since it
doesn’t rely on the security of keys.

• As mentioned earlier that for large documents, use of public key cryptography is
prohibitive because transmission speeds are so slow. By using something called a
digital envelope, the best of both symmetric (transmission speed) and public key
(security) cryptography can be used. Here is an example of how a digital envelope
works. Mary wants to send a very large document to her main office overseas.
Because of its sensitivity, Mary believes it should be sent using public key

cryptography but knows she can’t because it’s too large. She decides to use a
digital envelope.

• Mary first creates a special session key and uses this key to symmetrically encrypt
her document. That is, she uses a symmetric cryptographic algorithm. She then
encrypts the session key with her organization’s public key. So now the document
is encrypted using symmetric cryptography and the key that encrypted it is
encrypted using public key cryptography. The encrypted key is called the digital
envelope. She then transmits both the key and the document to the main office.

• At the main office, the company’s private key is used to decrypt the session key.
Then the session key is used to decrypt the document. Transmission was fast and
just as secure as using public key cryptography exclusively [1:24]. Digital
envelops offer the benefits of both approaches without sacrificing security..


 Crypto Smart Cards

 Crypto Ring Processors
 Java Rings
 Distributed crypto crackers
 S/MIME Cracking Screen Savers
 "Chinese Television" crypto crackers



DNA Cryptography:

• DNA cryptography is a new born cryptographic field emerged with the research
of DNA computing, in which DNA is used as information carrier and the modern
biological technology is used as implementation tool.

• The vast parallelism and extraordinary information density inherent in DNA
molecules are explored for cryptographic purposes such as encryption,
authentication, signature, and so on.

QUANTUM Cryptography:

• Quantum cryptography attempts to achieve the same security of information as

other forms of cryptography but through the use of photons, or packets of light.
The process, though still in experimental stages, makes use of the polarization
nature of light and is proving to be a very promising defense against


With the introduction of computer, the need for automated tools for protecting files &
other information stored on the computer, to protect these type of files & our network we
use cryptography.