Cryptography and Network Security Unit I Introduction

Cryptography and Network Security Unit I
UNIT I
Introduction
This book focuses on two broad areas: cryptographic algorithms and protocols, which have a
broad range of applications; and network and Internet security, which rely heavily on
cryptographic techniques. Cryptographic algorithms and protocols can be grouped into four
main areas:
•Symmetric encryption: Used to conceal the contents of blocks or streams of data of any
size, including messages, files, encryption keys, and passwords.
•Asymmetric encryption: Used to conceal small blocks of data, such as encryption keys
and hash function values, which are used in digital signatures.
•Data integrity algorithms: Used to protect blocks of data, such as messages, from
alteration.
•Authentication protocols: These are schemes based on the use of cryptographic
algorithms designed to authenticate the identity of entities.
1.1 OSI Security Architecture
The OSI security architecture is useful to managers as a way of organizing the task of providing
security. The OSI security architecture focuses on security attacks, mechanisms, and services.
These can be defined briefly as follows:
 Security attack: Any action that compromises the security of information owned by an
organization.
 Security mechanism: A process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a security attack.
 Security service: A processing or communication service that enhances the security of
the data processing systems and the information transfers of an organization. The
services are intended to counter security attacks, and they make use of one or more
security mechanisms to provide the service.
Prepared by P.Vasantha Kumari/IT 1

Threat
A potential for violation of security, which exists when there is a circumstance,
capability, action, or event that could breach security and cause harm. That is, a
threat is a possible danger that might exploit vulnerability.
Attack
An assault on system security that derives from an intelligent threat; that is, an
intelligent act that is a deliberate attempt (especially in the sense of a method or
technique) to evade security services and violate the security policy of a system.
1.1.1 Security Attacks

A useful means of classifying security attacks is in terms passive attacks and active attacks.
 A passive attack attempts to learn or make use of information from the system
but does not affect system resources.
 An active attack attempts to alter system resources or affect their operation.
Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal
of the opponent is to obtain information that is being transmitted. Two types of passive attacks
are
 release of message contents
 traffic analysis
(i) The release of message contents is easily understood. A telephone conversation, an

electronic mail message, and a transferred file may contain sensitive or confidential information.
We would like to prevent an opponent from learning the contents of these transmissions.
(ii) A second type of passive attack, traffic analysis, is subtler. Suppose that we had a way of
masking the contents of messages or other information traffic so that opponents, even if they
captured the message, could not extract the information from the message. The common

technique for masking contents is encryption Passive attacks are very difficult to detect because
they do not involve any alteration of the data.
Figure 1.1 – Passive attacks

Active Attacks
Active attacks involve some modification of the data stream or the creation of a false stream and
can be subdivided into four categories:
 Masquerade
 Replay
 modification of messages
 Denial of service.
(i) A masquerade takes place when one entity pretends to be a different entity. A masquerade
attack usually includes one of the other forms of active attack. For example, authentication
sequences can be captured and replayed after a valid authentication sequence has taken place,
thus enabling an authorized entity with few privileges to obtain extra privileges by
impersonating an entity that has those privileges.

Figure 1.2 – Active attacks
(ii) Replay involves the passive capture of a data unit and its subsequent retransmission to
produce an unauthorized effect.
(iii) Modification of messages simply means that some portion of a legitimate message is
altered, or that messages are delayed or reordered, to produce an unauthorized effect.
(iv) The Denial of service prevents or inhibits the normal use or management of
communications facilities. This attack may have a specific target; for example, an entity may
suppress all messages directed to a particular destination (e.g., the security audit service).
Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks
are difficult to detect, measures are available to prevent their success. On the other hand, it is
quite difficult to prevent active attacks absolutely.
1.1.2 Security Services

X.800 defines a security service as a service that is provided by a protocol layer of
communicating open systems and that ensures adequate security of the systems or of data
transfers. X.800 divides these services into five categories and fourteen specific services (Table
1.1).
AUTHENTICATION DATA INTEGRITY

The assurance that the communicating entity is The assurance that data received are exactly as
the one that it claims to be. sent by an authorized entity (i.e., contain no
modification, insertion, deletion, or replay).
Peer Entity Authentication
Used in association with a logical connection to Connection Integrity with Recovery
provide confidence in the identity of the Provides for the integrity of all user data on a
entities connected. connection and detects any modification,
insertion, deletion, or replay of any data within
Data-Origin Authentication an entire data sequence, with recovery
In a connectionless transfer, provides attempted.
assurance that the source of received data is as
claimed. Connection Integrity without Recovery
As above, but provides only detection without
ACCESS CONTROL recovery.
The prevention of unauthorized use of a
resource (i.e., this service controls who can Selective-Field Connection Integrity
have access to a resource, under what Provides for the integrity of selected fields
conditions access can occur, and what those within the user data of a data block transferred
accessing the resource are allowed to do). over a connection and takes the form of
determination of whether the selected fields
DATA CONFIDENTIALITY have been modified, inserted, deleted, or
The protection of data from unauthorized replayed.
disclosure.
Connectionless Integrity
Connection Confidentiality Provides for the integrity of a single
The protection of all user data on a connection. connectionless data block and may take the
form of detection of data modification.
Connectionless Confidentiality Additionally, a limited form of replay detection
The protection of all user data in a single data may be provided.
block

Selective-Field Confidentiality Selective-Field Connectionless Integrity

The confidentiality of selected fields within the Provides for the integrity of selected fields
user data on a connection or in a single data within a single connectionless data block; takes
block. the form of determination of whether the
selected fields have been modified.
Traffic-Flow Confidentiality
The protection of the information that might be
derived from observation of traffic flows. NONREPUDIATION
Provides protection against denial by one of
the entities involved in a communication of
having participated in all or part of the
communication.
Nonrepudiation, Origin
Proof that the message was sent by the
specified party.
Nonrepudiation, Destination
Proof that the message was received by the
specified party.
Table 1.1 – Security Services

Authentication
The authentication service is concerned with assuring that a communication is authentic. In the
case of a single message, such as a warning or alarm signal, the function of the authentication
service is to assure the recipient that the message is from the source that it claims to be from. In
the case of an ongoing interaction, such as the connection of a terminal to a host, two aspects are
involved. First, at the time of connection initiation, the service assures that the two entities are
authentic, that is, that each is the entity that it claims to be. Second, the service must assure that
the connection is not interfered with in such a way that a third party can masquerade as one of
the two legitimate parties for the purposes of unauthorized transmission or reception.
Two specific authentication services are defined in X.800:

• Peer entity authentication: Provides for the corroboration of the identity of a peer entity in
an association. Two entities are considered peers if they implement to same protocol in different
systems; e.g., two TCP modules in two communicating systems. Peer entity authentication is

provided for use at the establishment of, or at times during the data transfer phase of, a
connection. It attempts to provide confidence that an entity is not performing either a
masquerade or an unauthorized replay of a previous connection.
• Data origin authentication: Provides for the corroboration of the source of a data unit. It does
not provide protection against the duplication or modification of data units. This type of service
supports applications like electronic mail, where there are no prior interactions between the
communicating entities.
Access Control
In the context of network security, access control is the ability to limit and control the access to
host systems and applications via communications links. To achieve this, each entity trying to
gain access must first be identified, or authenticated, so that access rights can be tailored to the
individual.
Data Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. With respect to the
content of a data transmission, several levels of protection can be identified. The broadest
service protects all user data transmitted between two users over a period of time. For example,
when a TCP connection is set up between two systems, this broad protection prevents the
release of any user data transmitted over the TCP connection. Narrower forms of this service can
also be defined, including the protection of a single message or even specific fields within a
message. These refinements are less useful than the broad approach and may even be more
complex and expensive to implement. The other aspect of confidentiality is the protection of
traffic flow from analysis. This requires that an attacker not be able to observe the source and
destination, frequency, length, or other characteristics of the traffic on a communications facility.
Data Integrity
As with confidentiality, integrity can apply to a stream of messages, a single message, or selected
fields within a message. Again, the most useful and straightforward approach is total stream
protection. A connection-oriented integrity service, one that deals with a stream of messages,
assures that messages are received as sent with no duplication, insertion, modification,
reordering, or replays. The destruction of data is also covered under this service. Thus, the
connection-oriented integrity service addresses both message stream modification and denial of
service. On the other hand, a connectionless integrity service, one that deals with individual
messages without regard to any larger context, generally provides protection against message
modification only. We can make a distinction between service with and without recovery.
Because the integrity service relates to active attacks, we are concerned with detection rather
than prevention. If a violation of integrity is detected, then the service may simply report this
violation, and some other portion of software or human intervention is required to recover from
the violation. Alternatively, there are mechanisms available to recover from the loss of integrity
of data, as we will review subsequently. The incorporation of automated recovery mechanisms
is, in general, the more attractive alternative.
Nonrepudiation
Nonrepudiation prevents either sender or receiver from denying a transmitted message. Thus,
when a message is sent, the receiver can prove that the alleged sender in fact sent the message.
Similarly, when a message is received, the sender can prove that the alleged receiver in fact
received the message.
1.1.3 Security Mechanisms
Table 1.2 lists the security mechanisms defined in X.800. The mechanisms are divided into those
that are implemented in a specific protocol layer, such as TCP or an application-layer protocol,
and those that are not specific to any particular protocol layer or security service. So we do not
elaborate now, except to comment on the definition of encipherment. X.800 distinguishes
between reversible encipherment mechanisms and irreversible encipherment mechanisms. A
reversible encipherment mechanism is simply an encryption algorithm that allows data to be
encrypted and subsequently decrypted. Irreversible encipherment mechanisms include hash
algorithms and message authentication codes, which are used in digital signature and message
authentication applications. Table 1.3, based on one in X.800, indicates the relationship between
security services and security mechanisms.

SPECIFIC SECURITY MECHANISMS PERVASIVE SECURITY MECHANISMS

May be incorporated into the appropriate Mechanisms that are not specific to any
protocol layer in order to provide some of the particular OSI security service or protocol
OSI security services. layer.
Encipherment Trusted Functionality

The use of mathematical algorithms to That which is perceived to be correct with
transform data into a form that is not readily respect to some criteria (e.g., as established by
intelligible. The transformation and a security policy).
subsequent recovery of the data depend on an
algorithm and zero or more encryption keys.
Digital Signature Security Label

Data appended to, or a cryptographic The marking bound to a resource (which may
transformation of, a data unit that allows a be a data unit) that names or designates the
recipient of the data unit to prove the source security attributes of that resource.
and integrity of the data unit and protect
against forgery (e.g., by the recipient).
Event Detection
Access Control Detection of security-relevant events.
A variety of mechanisms that enforce access
rights to resources. Security Audit Trail
Data collected and potentially used to facilitate
Data Integrity a security audit, which is an independent
A variety of mechanisms used to assure the review and examination of system records and
integrity of a data unit or stream of data units. activities.
Authentication Exchange Security Recovery

A mechanism intended to ensure the identity of Deals with requests from mechanisms, such as
an entity by means of information exchange. event handling and management functions, and
takes recovery actions.
Traffic Padding
The insertion of bits into gaps in a data stream
to frustrate traffic analysis attempts.
Routing Control
Enables selection of particular physically
secure routes for certain data and allows
routing changes, especially when a breach of
security is suspected.
Notarization
The use of a trusted third party to assure
certain properties of a data exchange.
Table 1.2 – Security Mechanisms
Table 1.3 – Relationship between Secuirty Services and Mechanisms
A Model for Network Security
Figure 1.3 – A model for Network Security
1.2 Classical Encryption techniques
◆ Symmetric encryption is a form of cryptosystem in which encryption and decryption are

performed using the same key. It is also known as conventional encryption.

◆ Symmetric encryption transforms plaintext into ciphertext using a secret key and an
encryption algorithm. Using the same key and a decryption algorithm, the plaintext is recovered
from the ciphertext.
◆ The two types of attack on an encryption algorithm are cryptanalysis, based on properties of
the encryption algorithm, and brute-force, which involves trying all possible keys.
◆ Traditional (precomputer) symmetric ciphers use substitution and/or transposition
techniques. Substitution techniques map plaintext elements (characters, bits) into ciphertext
elements. Transposition techniques systematically transpose the positions of plaintext elements.
Encryption Techniques
 Substitution Techniques
o Caesar Cipher
o Mono alphabetic Ciphers
o Play fair Cipher
o Hill Cipher
o Polyalphabetic Ciphers
o One-Time Pad
 Transposition Techniques
 Rotor Machines
An original message is known as the plaintext, while the coded message is called the cipher text.
The process of converting from plaintext to cipher text is known as enciphering or encryption;
restoring the plaintext from the cipher text is deciphering or decryption. The many schemes used
for encryption constitute the area of study known as cryptography. Such a scheme is known as a
cryptographic system or a cipher.
Techniques used for deciphering a message without any knowledge of the enciphering details fall
into the area of cryptanalysis. Cryptanalysis is what the layperson calls “breaking the code.” The
areas of cryptography and cryptanalysis together are called cryptology.

A symmetric encryption scheme has five ingredients:

• Plaintext: This is the original intelligible message or data that is fed into the algorithm as input.
• Encryption algorithm: The encryption algorithm performs various substitutions and
transformations on the plaintext.
• Secret key: The secret key is also input to the encryption algorithm. The key is a value
independent of the plaintext and of the algorithm. The algorithm will produce a different output
depending on the specific key being used at the time. The exact substitutions and
transformations performed by the algorithm depend on the key.
• Cipher text: This is the scrambled message produced as output. It depends on the plaintext and
the secret key. For a given message, two different keys will produce two different cipher texts.
The cipher text is an apparently random stream of data and, as it stands, is unintelligible.
• Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the
cipher text and the secret key and produces the original plaintext.
Figure 1.4 – A simplified model for symmetric encryption
There are two requirements for secure use of conventional encryption:

1. We need a strong encryption algorithm.
2. Sender and receiver must have obtained copies of the secret key in a secure fashion and
must keep the key secure.

Figure 1.5 – Model of symmetric crypto system
Cryptography
Cryptographic systems are characterized along three independent dimensions:
1. The type of operations used for transforming plaintext to cipher text. All encryption
algorithms are based on two general principles: substitution, in which each element in the
plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition,
in which elements in the plaintext are rearranged. The fundamental requirement is that no
information be lost (that is, that all operations are reversible). Most systems, referred to as
product systems, involve multiple stages of substitutions and transpositions.
2. The number of keys used. If both sender and receiver use the same key, the system is
referred to as symmetric, single-key, secret-key, or conventional encryption. If the sender and
receiver use different keys, the system is referred to as asymmetric, two-key, or public-key
encryption.
3. The way in which the plaintext is processed. A block cipher processes the input one
block of elements at a time, producing an output block for each input block. A stream cipher

processes the input elements continuously, producing output one element at a time, as it goes
along.
Cryptanalysis and Brute-Force Attack

Typically, the objective of attacking an encryption system is to recover the key in use rather than
simply to recover the plaintext of a single cipher text. There are two general approaches to
attacking a conventional encryption scheme:
• Cryptanalysis: Cryptanalytic attacks rely on the nature of the algorithm plus perhaps
some knowledge of the general characteristics of the plaintext or even some sample plaintext–
cipher text pairs. This type of attack exploits the characteristics of the algorithm to attempt to
deduce a specific plaintext or to deduce the key being used.
• Brute-force attack: The attacker tries every possible key on a piece of ciphertext until
an intelligible translation into plaintext is obtained. On average, half of all possible keys must be
tried to achieve success.
1.2.1. Substitution Techniques

The two basic building blocks of all encryption techniques are substitution and transposition. A
substitution technique is one in which the letters of plaintext are replaced by other letters or by
numbers or symbols.1 If the plaintext is viewed as a sequence of bits, then substitution involves
replacing plaintext bit patterns with ciphertext bit patterns.
(i) Ceasar Cipher

The Caesar cipher involves replacing each letter of the alphabet with the letter standing K (key
value) places further down the alphabet. For example, consider K=3,
Note that the alphabet is wrapped around, so that the letter following Z is A. We can define the
transformation by listing all possibilities, as follows:

Let us assign a numerical equivalent to each letter:
Then the encryption algorithm for Caesar Cipher can be expressed as follows. For each plaintext
letter P, substitute the ciphertext letter C:
C = E (K, P) = (P + K) mod 26
where, P is the plaintext
C is the ciphertext
K is the key value which takes on a value in the range 1 to 25.
A shift may be of any amount. For example if K=3, then
C = E (3, P) = (P + 3) mod 26
The decryption algorithm is simply written as
P = D(K, C) = (C - K) mod 26
If it is known that a given ciphertext is a Caesar cipher, then a brute-force cryptanalysis is easily
performed: simply try all the 25 possible keys. Figure 1.6 shows the results of applying this
strategy to the example ciphertext. In this case, the plaintext leaps out as occupying the third
line. Three important characteristics of this problem enabled us to use a brute-force
cryptanalysis:
1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.
Example
Convert the plaintext “welcome” to the ciphertext with the key 3 using ceasar cipher.
Plaintext P: welcome
Key K=3
Ciphertext: C = E(K, P) = E(3, P) = zhofrph

Figure 1.6 - Brute-Force Cryptanalysis of Caesar Cipher
(ii)Mono alphabetic Ciphers

The Mono alphabetic Cipher (often referred to as a cryptogram) uses a KEY which is the
rearrangement of the letters of the alphabet. These different letters are then substituted for the
letters in the message to create a secret message. That KEY is needed to decipher the secret
message. Start by creating a key that maps each letter of the alphabet to a (possibly the same)
letter of the alphabet.
A sample key might be:
Plaintext letter a b c d e f g h i j k l m n o p q r s t u v w x y z
Ciphertext letter y n l k x b s h m i w d p j r o q v f e a u g t z c
For example,

Plaintext: meet me at nine

Ciphertext: pxxe px ye jmjx
To encrypt the message "meet me at nine", start by taking the first letter of the message, 'm', and
look up the corresponding cipher text letter 'p'. Repeat by looking up the next plaintext letter 'e',
and noting it becomes 'x'. Continue this process for the rest of the message. Typically spaces,
numbers, and punctuation are left alone. In this case "meet me at nine." would become "pxxe px
ye jmjx."
Decryption is similar. Start with the first cipher text letter 'p', and look at the table to find the
corresponding plaintext letter 'm'. Continue with the next letter 'x', and find it maps to 'e.
Mono alphabetic encryption is very easy to break, for two main reasons. First, commonly used
letters like 'e' show up very quickly as the 'x' in the example. Second, words with repeated letters
like "meet" in the example show that repetition in the cipher text. And indeed this is so weak that
the daily cryptogram run by some newspapers is typically an mono alphabetic substitution.
(iii) Playfair Cipher

The best-known multiple-letter encryption cipher is the Playfair, which treats diagrams in the
plaintext as single units and translates these units into cipher text diagrams. The Playfair
algorithm is based on the use of a 5 × 5 matrix of letters constructed using a keyword.
In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the
keyword (minus duplicates) from left to right and from top to bottom, and then filling in the
remainder of the matrix with the remaining letters in alphabetic order. The letters I and J count
as one letter. Plaintext is encrypted two letters at a time, according to the following rules:
1. Repeating plaintext letters that are in the same pair are separated with a filler letter, such as x,
so that balloon would be treated as ba lx lo on.

2. Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to
the right, with the first element of the row circularly following the last. For example, ar is
encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by the letter beneath, with
the top element of the column circularly following the last. For example, mu is encrypted as CM.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and
the column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM (or
JM, as the encipherer wishes).
Example
Plaintext: welcome
Key: Monarchy (Use the same matrix mentioned above)
No.of characters in the plaintext is 7, so we add x to the end of plaintext.
Now it would be,
welcomex
Define the pair of letters in the plaintext, it would be,
We lc om ex
Match the pair of letters in the given matrix, it would be replaced with
Gu ue no iu
Ciphetext: guuenoiu
(iv) Hill Cipher

Hill cipher is a polygraphic substitution cipher based on linear algebra. Hill used matrices and
matrix multiplication to mix up the plaintext. For both encryption and decryption, the Hill cipher
assigns numerical values to each letter of an alphabet. Throughout this, we will use the standard
26 character English alphabet and define the following associations between letters in our
alphabet and numbers. In general terms, the Hill system can be expressed as
Encryption: C = E (K, P) = KP mod 26
Decryption: P = D(K, C) = CK-1 mod 26 = PKK-1 = P

Example
Encipher
In order to encrypt a message using the Hill cipher, the sender and receiver must first agree upon
a key matrix A of size n x n. A must be invertible mod 26. The plaintext will then be enciphered in
blocks of size n. In the following example A is a 2 x 2 matrix and the message will be enciphered
in blocks of 2 characters.
Key Matrix K =
Original Plaintext P = MISSISSIPPI

The first block of plaintext MI corresponds to the matrix
The sender will then calculate the ciphertext C as:

C = E (K, P) = KP mod 26
The first two letters of the ciphertext correspond to 2, 8 and are therefore CI. This step is
repeated for the entire plaintext. If there are not enough letters to form blocks of 2, pad the
message with some letter, say Z.
The original plaintext P:
MI SS IS SI PP IK
will be enciphered as:
CI KK GE UW ER OY
Notice that the repeated digraphs IS, SS and repeated letters S and P in the plaintext are masked
using the Hill cipher.
Decipher
To decipher a message, first calculate the inverse of the key K.

Then multiply the inverse of the key by each pair of ciphertext letters (mod 26) to recover the
original text.
Find K-1
Find 23-1 mod 26

26 = 23(1) + 3
23 = 3(7) + 2
3 = 2(1) + 1
3 + 2(-1) = 1 ……….. (1)
23 + 3 (-7) = 2 ………. (2)
26 + 23 (-1) = 3 ………. (3)
Substitute (2) in (1)
3 + [23 + 3(-7)] (-1) = 1
3 + 23 (-1) + 3(7) = 1
3 (8) + 23 (-1) = 1 ………… (4)
[26 + 23 (-1)] (8) + 23 (-1) = 1
26 (8) + 23 (-8) + 23 (-1) = 1

26 (8) + 23 (-9) = 1
26(8) + 23 (17) = 1 mod 26 (subtract 26 -9)
Remove the first term,
23 (17) = 1 mod 26
17 = 23-1 mod 26
23-1 mod 26 = 17
K-1 = 289 -425 mod 26

-408 51
K-1 = 3 -9 mod 26
-18 25
Key Matrix: K-1 =

Encrypted Message: CIKKGEUWEROY
The receiver will calculate the plaintext P as P = K-1C
to decrypt the message. The first two letters are 12, 8 which correspond to M and I. The receiver
will repeat this step for every pair of letters in the ciphertext to recover the original message
MISSISSIPPIK. To use a Hill cipher with different block size the number of rows and columns in
matrix A should be equal to the block size. For example if the block size is 4 the A should be a
matrix of size 4 x 4.
(v)Polyalphabetic Ciphers
Another way to improve on the simple mono alphabetic technique is to use different mono
alphabetic substitutions as one proceeds through the plaintext message. The general name for

this approach is polyalphabetic substitution cipher. All these techniques have the following
features in common:
1. A set of related mono alphabetic substitution rules is used.
2. A key determines which particular rule is chosen for a given transformation.
VIGENERE CIPHER
The best known, and one of the simplest, polyalphabetic ciphers is the Vigenère cipher. In this
scheme, the set of related mono alphabetic substitution rules consists of the 26 Caesar ciphers
with shifts of 0 through 25. Each cipher is denoted by a key letter, which is the ciphertext letter
that substitutes for the plaintext letter a. A general equation of the encryption process is
In essence, each plaintext character is encrypted with a different Caesar cipher, depending on the
corresponding key character. Similarly, decryption is a generalization of Equation
To encrypt a message, a key is needed that is as long as the message. Usually, the key is a
repeating keyword. For example, if the keyword is deceptive, the message “we are discovered
save yourself” is encrypted as

VERNAM CIPHER
The ultimate defense against such a cryptanalysis is to choose a keyword that is as long as the
plaintext and has no statistical relationship to it. The system can be expressed succinctly as
follows:
Table 1.4 - The Modern Vigenère Tableau

Figure 1.7 – Vernam Cipher
(v)One-Time Pad
The term "one-time pad" refers to any method of encryption where each byte of the
plaintext is enciphered using one byte of the key stream, and each key byte is used one time then
never used again. The key stream for a one-time pad must be a true-random stream, meaning
that every key byte can take any of the values 0 to 255 with equal likelihood, and independently
of the values of all other key bytes. By contrast, in a pseudo-random key stream the value of each
byte after the first several is mathematically derived from the values of a few preceding bytes.
The practical difficulty of using a one-time pad is that the key bytes cannot be reused. This
means that even for a two-way exchange of messages, each party must have a sufficient supply of
key material on hand so that they cannot run out before more key stream can be furnished. For
N-way exchanges, the amount of key required increases quadratically. An example should
illustrate our point. Suppose that we are using a Vigenère scheme with 27 characters in which
the twenty-seventh character is the space character, but with a one-time key that is as long as the
message.
The one-time pad offers complete security but, in practice, has two fundamental difficulties:
1. There is the practical problem of making large quantities of random keys. Any heavily
used system might require millions of random characters on a regular basis. Supplying
truly random characters in this volume is a significant task.

2. Even more daunting is the problem of key distribution and protection. For every message
to be sent, a key of equal length is needed by both sender and receiver. Thus, a mammoth
key distribution problem exists.
Consider the ciphertext
1.2.2. Transposition techniques

A very different kind of mapping is achieved by performing some sort of permutation on the
plaintext letters. This technique is referred to as a transposition cipher. The simplest such cipher
is the rail fence technique, in which the plaintext is written down as a sequence of diagonals and
then read off as a sequence of rows. For example, to encipher the message “meet me after the
toga party” with a rail fence of depth 2, we write the following:
This sort of thing would be trivial to cryptanalyze. A more complex scheme is to write the
message in a rectangle, row by row, and read the message off, column by column, but permute
the order of the columns. The order of the columns then becomes the key to the algorithm. For
example, convert the plaintext “ATTACH POSTPONED UNTIL TWO AM XYZ” using the key
4312567.

Key:
4 3 1 2 5 6 7
Plaintext:
A T T A C K P
O S T P O N E
D U N T I L T
W O A M X Y Z
Cipher text: TTNAAPTMTSUOAODWCOIXKNLYPETZ
The transposition cipher can be made significantly more secure by performing more than one
stage of transposition. The result is a more complex permutation that is not easily reconstructed.
Thus, if the foregoing message is re-encrypted using the same algorithm,
Key:
4 3 1 2 5 6 7
Input:
T T N A A P T
M T S U O A O
D W C O I X K
N L Y P E T Z
Output: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ
1.2.3. Rotor Machines

In cryptography, a rotor machine is an electro-mechanical stream cipher device used for
encrypting and decrypting secret messages. Rotor machines were the cryptographic state-of-the-
art for a prominent period of history. The primary component is a set of rotors, also termed
wheels or drums, which are rotating disks with an array of electrical contacts on either side. The
wiring between the contacts implements a fixed substitution of letters, replacing them in some
complex fashion. On its own, this would offer little security; however, after encrypting each
letter, the rotors advance positions, changing the substitution. By this means, a rotor machine
produces a complex polyalphabetic substitution cipher, which changes with every key press. The
example just given suggests that multiple stages of encryption can produce an algorithm that is
significantly more difficult to cryptanalyze. This is as true of substitution ciphers as it is of

transposition ciphers. Before the introduction of DES, the most important application of the
principle of multiple stages of encryption was a class of systems known as rotor machines.
Figure 1.8 – Rotor Machine
The basic principle of the rotor machine is illustrated in Figure 1.8. The machine consists of a set
of independently rotating cylinders through which electrical pulses can flow. Each cylinder has
26 input pins and 26 output pins, with internal wiring that connects each input pin to a unique
output pin. For simplicity, only three of the internal connections in each cylinder are shown. If
we associate each input and output pin with a letter of the alphabet, then a single cylinder
defines a mono alphabetic substitution. For example, in Figure 1.8, if an operator depresses the
key for the letter A, an electric signal is applied to the first pin of the first cylinder and flows
through the internal connection to the twenty-fifth output pin. Consider a machine with a single

cylinder. After each input key is depressed, the cylinder rotates one position, so that the internal
connections are shifted accordingly. Thus, a different mono alphabetic substitution cipher is
defined. After 26 letters of plaintext, the cylinder would be back to the initial position. Thus, we
have a polyalphabetic substitution algorithm with a period of 26. A single-cylinder system is
trivial and does not present a formidable cryptanalytic task. The power of the rotor machine is in
the use of multiple cylinders, in which the output pins of one cylinder are connected to the input
pins of the next. Figure 1.8 shows a three-cylinder system. The left half of the figure shows a
position in which the input from the operator to the first pin (plaintext letter a) is routed through
the three cylinders to appear at the output of the second pin (ciphertext letter B).
Problems
1. Decipher the following cipher text using brute force attack: (University Question)
CMTMROOEOORW (Hint: Algorithm – Railfence)
Solution
Arrange the Cipher text using Railfence technique
CMTMRO
OEOORW
Plaintext: COME TOMORRROW
2. Convert the given text “anna university” into cipher text using rail fence technique.
(University Question)
Solution
Plaintext: anna university
Arrange the plaintext using railfence technique
anuiest
nanvriy
Cipher text: anuiestnanvriy
3. Given the key 'MONARCHY' apply play fair to plain text "FACTIONALISM" to ensure
confidentiality at the destination, decrypt the ciphertext and establish authenticity.
Solution
Step 1: Construct the matrix for the key “MONARCHY”
Step 2: Divide the plaintext into the pair of characters

FA CT IO NA LI SM
Step 3: Apply the rule to match the pair of characters in the matrix and replace the characters by
FA = OI (diagonal)
CT = LD (diagonal)
IO = FA (diagonal)
NA = AR (same row)
LI = ES (diagonal)
SM = LA (diagonal)
Step 4: Combine the pair of replaced characters to form the cipher text
Cipher text = OILDFAARESLA
4. Apply Hill cipher to perform encryption and decryption for the plaintext “TOP SECRET
MESSAGE “using the secret key
Solution
(i) Encryption
1. Choose a 2x2 encryption matrix. For this example, we will use the matrix
This matrix has the determinant (3*7) – (2*5) = 21 – 10 = 11. Since 11 is ≠ 0, this matrix is
invertible.
11 is also relatively prime to 26. These two qualities satisfy the requirements listed previously,
making this encryption matrix a valid choice for use in the Hill cipher.

2. Split the plaintext into blocks of size 2 (ignoring spaces), determine the letters’ numerical
values, and align these as column vectors. If the length of the plaintext is not evenly divisible by
2, add a previously decided character to the end of the string until the plaintext is evenly
divisible by 2.
3. Multiply each of these column vectors by the encryption matrix and take modulo 26 of the
result.
4. Convert each of the matrices obtained in step 3 to their alphabetical vectors and combine them
to produce the cipher text.

This completes the process of the Hill cipher’s encryption by matrix multiplication. We can see
that the plaintext “TOP SECRET MESSAGE” encodes to “HLDTQIHJDXWQCMAG.” It is important
to note that the Hill cipher overcomes the frequency distribution problem associated with simple
substitution ciphers, such as the Caesar cipher. Since the encryption is not simply based on
replacing certain characters with others but, instead, on linear transformations of blocks of
characters, the frequencies of each letters’ appearance in the language have been masked. In fact,
the cipher text in the above case makes this even easier to see because it has more characters in
it than the original plaintext.
(ii) Decryption
The process is the same as encryption, but with the inverse matrix instead of the original
encryption matrix. Decryption of the cipher text “HLDTQIHJDXWQCMAG” with the 2 x 2
encryption matrix previously defined would go as follows:
Calculate 11-1 mod 26

26 = 11(2) + 4
11 = 4(2) + 3
4 = 3(1) + 1
4 + 3(-1) =1 ……….. (1)
11 + 4(-2) =3 ………... (2)
26 + 11(-2) =4 ………… (3)
4 + [11 + 4(-2)] (-1) = 1
4 + 11(-1) + 4(2) =1
4(3) + 11(-1) =1 ………….. (4)

[26 + 11(-2)] 3 + 11(-1) =1
26(3) + 11(-6) + 11(-1) =1
26(3) + 11(-7) = 1 (mod 26)
26(3) + 11(19) = 1 (mod 26) (subtract 26 – 7 then we get 19)
The first term is divided by 26, so we consider only the second term,
So, 11(19) = 1 (mod 26)
19 = 11-1 (mod 26)
11-1 (mod 26) = 19

At this point, the cipher text has been decrypted into the original plaintext, minus the original
spaces. Spaces can either be added by the recipient or an alphabet. It could be devised that would
include a space character. For example, the character “_“ could be added to our alphabet as
having the numerical value 26 and all of our modulo functions would change to modulo 27 to
adjust for the fact there would now be 27 characters in the alphabet. This modified alphabet
would allow for encryption of the space character within messages.
5. Apply Hill cipher to perform encryption and decryption for the plaintext “PAY “using
the secret key
17 17 5
21 18 21
2 2 19
Solution
(i) Encryption
1. Choose a key matrix K. For this example, we will use the matrix

2. Determine the plaintext letters(PAY) numerical values, and align these as column vectors.
P= P = 15
A 0
Y 24
3. Perform Encryption using the formula, C = KP mod 26
= (17 × 15) + (17 × 0) + (5 × 24) mod 26

(21 × 15) + (18 × 0) + (21 × 24)
(2 × 15) + (2 × 0) + (19 × 24)
= 375 mod 26
819
486
= 11 = L
13 N
18 S
The plaintext “PAY” is converted into the ciphertext “LNS”
(ii) Decryption
The process is the same as encryption, but with the inverse matrix instead of the original
encryption matrix. Decryption of the cipher text “LNS” with the 3 x 3 encryption matrix
previously defined would go as follows:
Find the inverse of the matrix K

1
K-1 = adj K
¿¿
Det K = 17[(18 × 19) – (2 × 21)] – 17[(21 × 19) – (2 × 21)] + 5[(21 × 2)- (2 × 18)]
= 5100 – 6069 + 30 = -939
Adj.K = (18 × 19) – (2 × 21) -(21 × 19 – 2 × 21) (21 × 2) –(18 × 2)

- [(17 × 19)- (2 × 5)] (17 × 19) – (2 × 5) - [(17 × 2) – (17 × 2)]
(17 × 21) – (18 × 5) - [(17 × 21) – (21 × 5) (17 × 18) – (21 × 17)
= 300 -357 6
-313 313 0
267 -252 -51
= 300 -313 267
-357 313 -252
6 0 -51

Find 23-1 mod 26

26 = 23(1) + 3
23 = 3(7) + 2
3 = 2(1) + 1
3 + 2(-1) = 1 ……….. (1)
23 + 3 (-7) = 2 ………. (2)
26 + 23 (-1) = 3 ………. (3)
3 + [23 + 3(-7)] (-1) = 1
3 + 23 (-1) + 3(7) = 1
3 (8) + 23 (-1) = 1 ………… (4)
[26 + 23 (-1)] (8) + 23 (-1) = 1
26 (8) + 23 (-8) + 23 (-1) = 1
26 (8) + 23 (-9) = 1
26(8) + 23 (17) = 1 mod 26 (subtract 26 -9)
Remove the first term,
23 (17) = 1 mod 26
17 = 23-1 mod 26
23-1 mod 26 = 17

= 5100 -5321 4539 mod 26

-6069 5321 -4284
102 0 -867
= 4 -17 15
-11 17 -20
24 0 -9
K-1 = 4 9 15
15 17 6
24 0 17
Calculate the plaintext using the formula P = K-1C mod 26
= 4 × 11 9 × 13 15 × 18 mod 26
15 × 11 17 × 13 6 × 18
24 × 11 0 × 13 17 × 18
= 431 mod 26
494
570
= 15 = P
0 A
24 Y
The ciphertext “LNS” is decrypted into the original plaintext “PAY”.

1.3 LFSR Sequences
A linear feedback shift register (LFSR) is a shift register whose input bit is a linear function of its
previous state. The only linear function of single bits is xor, thus it is a shift register whose input
bit is driven by the exclusive-or (xor) of some bits of the overall shift register value. The initial
value of the LFSR is called the seed, and because the operation of the register is deterministic, the
stream of values produced by the register is completely determined by its current (or previous)
state. Likewise, because the register has a finite number of possible states, it must eventually
enter a repeating cycle. However, an LFSR with a well-chosen feedback function can produce a
sequence of bits which appears random and which has a very long cycle.
Applications of LFSRs include generating pseudo-random numbers, pseudo-noise sequences, fast

digital counters, and whitening sequences. Both hardware and software implementations of
LFSRs are common. A register of L delay (storage) elements each capable of storing one element
from Fq , and a clock signal. Clocking, the register of delay elements is shifted one step and the
new value of the last delay element is calculated as a linear function of the content of the register.
Figure 1.9 – Linear Feedback Shift Register

Fibonacci LFSRs
The bit positions that affect the next state are called the taps. In the diagram the taps are
[16,14,13,11]. The rightmost bit of the LFSR is called the output bit. The taps are XOR'd

sequentially with the output bit and then fed back into the leftmost bit. The sequence of bits in
the rightmost position is called the output stream.
 The bits in the LFSR state which influence the input are called taps (white in the diagram).
 A maximum-length LFSR produces an m-sequence (i.e. it cycles through all possible 2 n − 1
states within the shift register except the state where all bits are zero), unless it contains
all zeros, in which case it will never change.
 As an alternative to the XOR based feedback in an LFSR, one can also use XNOR.[1] This
function is not linear, but it results in an equivalent polynomial counter whose state of
this counter is the complement of the state of an LFSR. A state with all ones is illegal when
using an XNOR feedback, in the same way as a state with all zeroes is illegal when using
XOR. This state is considered illegal because the counter would remain "locked-up" in this
state.
 The sequence of numbers generated by an LFSR or its XNOR counterpart can be
considered a binary numeral system just as valid as Gray code or the natural binary code.
Properties of LFSR sequences

A sequence s=. . . , s0, s1, . . .is called periodic if there is a positive integer T such that si = si+T, for
all i≥0. The period is the least such positive integer T for which si =si+T, for all i≥0.
The LFSR state runs through different values. The initial state will appear again after visiting a
number of states. If deg C(D) =L, the period of a sequence is the same as the number of different
states visited, before returning to the initial state. C(D) irreducible: the state corresponds to an
element in FqL, say β.The sequence of different states that we are entering is then β, αβ, α2β, . . . ,
αT−1β, αTβ=β,where T is the order or α. If α is a primitive element (its order is qL −1), then
obviously we will go through all qL−1 different states and the sequence will have period qL−1.
Such sequences are called m-sequences and they appear if and only if the polynomial π(x) is a
primitive polynomial.
Applications
LFSRs can be implemented in hardware, and this makes them useful in applications that require
very fast generation of a pseudo-random sequence, such as direct-sequence spread spectrum

radio. LFSRs have also been used for generating an approximation of white noise in various
programmable sound generators.
(i) Uses as counters

The repeating sequence of states of an LFSR allows it to be used as a clock divider, or as a
counter when a non-binary sequence is acceptable as is often the case where computer index or
framing locations need to be machine-readable. [4] LFSR counters have simpler feedback logic
than natural binary counters or Gray code counters, and therefore can operate at higher clock
rates. However it is necessary to ensure that the LFSR never enters an all-zeros state, for
example by presetting it at start-up to any other state in the sequence. The table of primitive
polynomials shows how LFSRs can be arranged in Fibonacci or Galois form to give maximal
periods. One can obtain any other period by adding to an LFSR that has a longer period some
logic that shortens the sequence by skipping some states.
(ii) Uses in cryptography

LFSRs have long been used as pseudo-random number generators for use in stream ciphers
(especially in military cryptography), due to the ease of construction from simple
electromechanical or electronic circuits, long periods, and very uniformly distributed output
streams. However, an LFSR is a linear system, leading to fairly easy cryptanalysis. For example,
given a stretch of known plaintext and corresponding ciphertext, an attacker can intercept and
recover a stretch of LFSR output stream used in the system described, and from that stretch of
the output stream can construct an LFSR of minimal size that simulates the intended receiver by
using the Berlekamp-Massey algorithm. This LFSR can then be fed the intercepted stretch of
output stream to recover the remaining plaintext.
Three general methods are employed to reduce this problem in LFSR-based stream ciphers:
 Non-linear combination of several bits from the LFSR state;
 Non-linear combination of the output bits of two or more LFSRs (see also: shrinking
generator);
 Irregular clocking of the LFSR, as in the alternating step generator.
Important LFSR-based stream ciphers include A5/1 and A5/2, used in GSM cell phones, E0, used
in Bluetooth, and the shrinking generator. The A5/2 cipher has been broken and both A5/1 and
E0 have serious weaknesses. The linear feedback shift register has a strong relationship to linear
congruential generators.
(iii) Uses in circuit testing

LFSRs are used in circuit testing, for test pattern generation(for exhaustive testing, pseudo
random testing or pseudo exhaustive testing) and signature analysis.
(iv) Text Pattern Generation

Complete LFSRs are commonly used as a pattern generator for exhaustive testing, since they
cover all possible inputs for an n input circuit. Maximum length LFSRs and weighted LFSRs are
widely used as a pseudo-random test pattern generators for pseudo-random test applications.
1.4 Basic Number Theory
1.4.1 Divisibility
Number theory is concerned with the properties of the integers. One of the most important is
divisibility.
Definition: Let a and b be integers then we say that a divides b, if there is an integer k such that b
= ak. This is denoted by a|b. Another way to express this is that b is a multiple of a.
The following properties of divisibility are useful.

1.4.2 Greatest Common Divisor (GCD)

The greatest common divisor of and is the largest integer that divides both a and b .We also
define gcd(0, 0) = 0. More formally, the positive integer c is said to be the greatest common
divisor of a and b if
1. c is a divisor of a and of b.
2. Any divisor of a and b is a divisor of c.
For example
Methods to find GCD

 Factorization
 Euclidean Algorithm
(i) Factorization
Find GCD(56, 124)
Solution
Find the factors of 56, 124.
Factors of 56 is 2 × 2 × 2 × 7
Factors of 124 is 2 × 2 × 31
Common factors are 2 × 2.
So, GCD( 56, 124) = 4.
(ii) The Euclidean Algorithm

One of the basic techniques of number theory is the Euclidean algorithm, which is a simple
procedure for determining the greatest common divisor of two positive integers. It uses the
following formula to find GCD:
GCD (m, n) = GCD(m – n, n) where m > n
GCD (m, m) = m
GCD (m, 0) = m

Example
Find GCD(56, 124)
Solution:
GCD(56, 124) = GCD(124, 56)
= GCD(68, 56)
= GCD(56,12)
= GCD(44, 12)
= GCD(32, 12)
= GCD(20, 12)
= GCD(12, 8)
= GCD(8, 4)
= GCD(4, 4)
GCD(56, 124) = 4.
Advantages of Euclidean Algorithm

 It does not need to find factors
 It is very fast
1.5 Congruences
One of the most basic and useful notions in number theory is modular arithmetic, or
congruences.
Definition . Let a ,b ,n be integers with n ≠O . We say that a ≡ b (mod n) (read: a is congruent to b

mod n) if a -b is a multiple (positive or negative) of n .
Another formulation is that a ≡ b (mod n) if a and b differ by a multiple of n. This can be

rewritten as
a = b + n.k for some integer k (positive or negative).

Examples.
32 = 7 (mod 5)
32 = 7 + 5 . k where k is a constant
Substitute k=5, then it was proved.
Proposition. Let a, b, c, n be integers with n £ 0.

1. a ≡ 0 (mod n) if and only if n|a.
2 . a ≡ a (mod n).
3. a ≡ b (mod n) if and only i f b ≡ a (mod n).
4. If a ≡ b and b ≡ c (mod n), then a ≡ c (mod n).
Proposition . Let a ,b ,c ,d ,n be integers with n ≠ 0, and suppose a ≡ b (mod n) and c ≡ d (mod

n). Then
a + c ≡ b + d (mod n)
a - c ≡ b – d (mod n)
ac ≡ bd (mod n)
Proof
Let us that, a ≡ b (mod n)
a=b+k.n ……………….. (1)
Let us that, c ≡ d (mod n)
c=d+l.n ……………….. (2)
Add (1) & (2)
a+c=b+k.n+d+l.n
a + c = b + d + n(k + l)
a + c ≡ b + d (mod n) is proved.
Subtract (1) & (2)

a-c=b+k.n-d-l.n
a - c = b + d - n(k + l)
a - c ≡ b - d (mod n) is proved.
Multiply (1) & (2)

a c = (b + k . n) ( d + l . n)
= bd +bln + dkn + kn. ln
= bd + n(bl + kd + kln)
ac ≡ bd (mod n) is proved.
Proposition
Let a ,b ,c ,n be integers with, n ≠ 0 and with gcd(a,n) = 1. If ab ≡ ac (mod n), then b ≡c (mod n).
In other words, i f a and n are relatively prime, we can divide both sides of the congruence by a.
Proof
Given ab ≡ ac (mod n)
ab = ac + k . n
Divide both sides by a
ab ac k .n
a
= a
+ a
b = c + n.k
Now, b ≡c (mod n) is proved.
Example
Solve 2x + 7 ≡ 3 (mod 17)
Solution
2x + 7 ≡ 3 (mod 17)
2x + 7 = 3 + k. 17
2x = - 4 + k. 17
Substitute k = 1,
2x = 13. It does not provide the solution
Substitute k = 2,
2x = - 4 + 2. 17
2x = 30
Therefore x = 15
Now, we write

x ≡ 15 (mod 17)
Proposition
Suppose GCD (a,n) =1. Let s and t be the integers such that as + nt = 1 then as ≡ 1 (mod n).
Proof
GCD(a, n) = 1
as + nt = 1
1 – as = nt
as – 1 = n . t
Thus, as ≡ 1 (mod n) is proved.
1.6 Modular Exponentiation
Modular exponentiation is a type of exponentiation performed over a modulus. It is particularly

useful in computer science, especially in the field of public-key cryptography. A "modular
exponentiation" calculates the remainder when a positive integer b (the base) raised to the e-th
power (the exponent), , is divided by a positive integer m, called the modulus. In symbols,
given base b, exponent e, and modulus m, the modular exponentiation c is:
For example, given b = 5, e = 3, and m = 13, the solution, c = 8, is the remainder of dividing by
13. If b, e, and m are non-negative, and b < m, then a unique solution c exists with the property 0
≤ c < m. Modular exponentiation can be performed with a negative exponent e by finding the
modular multiplicative inverse d of b modulo m using the extended Euclidean algorithm. That is:
where e < 0 and
Modular exponentiation problems similar to the one described above are considered easy to
solve, even when the numbers involved are enormous. On the other hand, computing the discrete
logarithm - that is, the task of finding the exponent e if given b, c, and m - is believed to be

difficult. This one way function behavior makes modular exponentiation a candidate for use in
cryptographic algorithms.
Example
Calculate 7256 mod 13 using Modular exponentiation
Solution
71 mod 13 = 7
72 mod 13 = (71 *71) mod 13 = (71 mod 13 * 71 mod 13) mod 13
We can substitute our previous result for 71 mod 13 into this equation.
72 mod 13 = (7 *7) mod 13 = 49 mod 13 = 10
72 mod 13 = 10
74 mod 13 = (72 *72) mod 13 = (72 mod 13 * 72 mod 13) mod 13
74 mod 13 = (10 * 10) mod 13 = 100 mod 13 = 9
74 mod 13 = 9
78 mod 13 = (74 * 74) mod 13 = (74 mod 13 * 74 mod 13) mod 13
78 mod 13 = (9 * 9) mod 13 = 81 mod 13 = 3
78 mod 13 = 3
716 mod 13 = (3 * 3) mod 13 = 9 mod 13 = 9
716 mod 13 = 9
732 mod 13 = (9 * 9) mod 13 = 81 mod 13 = 3
732 mod 13 = 3

764 mod 13 = (3 * 3) mod 13 = 9 mod 13 = 9
764 mod 13 = 9
7128 mod 13 = (9 * 9) mod 13 = 81 mod 13 = 3
7128 mod 13 = 3
7256 mod 13 = (7128 * 7128) mod 13
= (7128 mod 13 * 7128 mod 13) mod 13
= (3 * 3) mod 13
= 9 mod 13
=9
The result is: 7256 mod 13 = 9
1.7 Fermat’s Little Theorem and Euler’s Theorem
Two of the most basic results in number theory are Fermat's and Euler’s theorems. Originally
admired for their theoretical value, they have more recently proved to have important
cryptographic applications and will be used repeatedly throughout this book.
(i) Fermat ’s Little Theorem

If p is a prime and p does not divide a, then
ap-1 ≡ 1 (mod p ).
It can also be written as ap ≡ p (mod p ).
Example
Assume a=2, p=7. Substitute in the theorem:
26 ≡ 1 (mod 7)
26 = 1 + c . 7, where c is a constant
64 = 1 + c . 7
Substitute c=9, then the theorem would be proved as
26 ≡ 1 (mod 7)
(ii) Euler’s Theorem

Euler’s Totient Function
Before presenting Euler’s theorem, we need to introduce an important quantity in number
theory, referred to as Euler’s totient function, written φ(n), and defined as the number of
positive integers less than n and relatively prime to n. By convention,
φ (1) = 1.
DETERMINE φ (37) AND φ(35).

Because 37 is prime, all of the positive integers from 1 through 36 are relatively prime to 37.
Thus φ(37) = 36. To determine φ(35), we list all of the positive integers less than 35 that are
relatively
prime to it:
1, 2, 3, 4, 6, 8, 9, 11, 12, 13, 16, 17, 18, 19, 22, 23, 24, 26, 27, 29, 31, 32, 33, 34
There are 24 numbers on the list, so φ (35) = 24.
The value φ(1) is without meaning but is defined to have the value 1. It should be clear that, for a
prime number p,
Φ(p) = p – 1
Now suppose that we have two prime numbers p and q with p ≠ q. Then we can show that, for n
= pq.
Φ(n) = Φ(pq) = Φ(p) × Φ(q) = (p-1) (q-1)
To see that Φ(n) = Φ(p) × Φ(q), consider that the set of positive integers less than n is the set {1,
… (pq -1)}. The integers in this set that are not relatively prime to n are the set {p, 2p, … (q-1)p}
and the set {q, 2q, ….. (p-1)q}. Accordingly,
Φ(n) = (pq – 1) – [(q -1) + (p + 1)]
= pq – 1 – (q – 2 + p)
= pq – 1 – q + 2 – p
= pq – q – p +1
= q(p -1) – 1 (p -1)

= (p – 1) (q -1)
= Φ(p) × Φ(q)
Therefore, Φ(n) = Φ(pq) = Φ(p) . Φ(q)
Example
Find Φ(21)
Euler’s Theorem
Euler’s theorem states that for every a and n that are relatively prime:
aΦ(n) ≡ 1 (mod n ).
Example:
Consider a=3, n=10.
Then Φ(n) = Φ(10) = {1, 3, 7, 9} = 4
Now, check
34 ≡ 1 (mod 10)
81 = 1+ c. 10, where c is a constant
Apply c=8 then, the theorem would be proves as
aΦ(n) ≡ 1 (mod n ).
1.8 The Chinese Remainder Theorem
The Chinese Reminder Theorem is an ancient but important calculation algorithm in modular
arithmetic. The Chinese Remainder Theorem enables one to solve simultaneous equations with
respect to different moduli in considerable generality.
Theorem

Let m1, …. mk be integers with gcd(mi, mj) = 1 whenever i ≠ j. Let m be the product m = m 1m2 …
mk. Let a1, …. ak be integers. Consider the system of congruences:
x ≡ a1 (mod m1)
x ≡ a2 (mod m2)
…..
x ≡ ak (mod mk)
Then there exists exactly one x € Zm satisfying this system.
Example
Find the system of congruence for x ≡ 25 (mod 42)
Solution
A congruence x ≡ 25 (mod 42) can be written as:
x ≡ 25 + 42. k
x ≡ 25 + (6. 7) k
It can be written in two ways:
(i) x = 25 + 6 (7k)
x = 25 ≡ ? (mod 6)
25 = y + 6. k
Substitute k=4,
25 = y + 6. 4
25 = y + 24
Therefore, y=1
Now we write the congruence as x = 25 ≡ 1(mod 6)
(ii) x = 25 + 7 (6k)
x = 25 ≡ ? (mod 7)
25 = y + 7. k
Substitute k = 3,
25 = y + 7. 3
25 = y + 21
Therefore, y=4
Now we write the congruence as x = 25 ≡ 4(mod 7)
A single congruence x ≡ 25 (mod 42) can be written as

x ≡ 1(mod 6)
x ≡ 4(mod 7)
Algorithm
We may solve the system as follows.
1. For each i = 1,… k, let zi = m/mi = m1 m2… mi-1 mi+1… mk.
2. For each i = 1, … k, let y i = zi-1 (mod mi). (Note that this is always possible because gcd(zi,
mi) = 1).
3. The solution to the system is x = a1y1z1 + … + akykzk.
Example
Use Chinese Remainder Theorem to find all solutions such that
x ≡ 3 (mod 4)
x ≡ 2 (mod 3)
x ≡ 4 (mod 5)
Given
Total number of congruences k = 3
All the congruences is in the form of
xi = ai (mod mi)
So, a1 = 3, a2 = 2, a3 = 4
m1 = 4, m2 = 3, m3 = 5
Solution
Step 1: Calculate m = m1. m2. m3 = 4 × 3 × 5 = 60
Step 2: zi = m/mi for all I = 1, 2, 3…
z1 = m / m1 = 60 / 4 = 15
z2 = m / m2 = 60 / 3 = 20
z3 = m / m3 = 60 / 5 = 12
Step 3: Calculate y such that zi yi ≡ 1 (mod mi)
15. y1 ≡ 1 (mod 4) …………….(1)
20. y2 ≡ 1 (mod 3) …………….(2)

12. y3 ≡ 1(mod 5) …………….(3)
Take (1)
15. y1 ≡ 1(mod 4)
15. y1 = 1 + 4. k
Substitute k = 11,
15. y1 = 1 + 4. 11
15. y1 = 45
Therefore y1 = 3
Take (2)
20. y2 ≡ 1(mod 3)
20. y2 = 1 + 3. k
Substitute k = 13,
20. y2 = 1 + 3. 13
20. y2 = 40
Therefore y2 = 2
Take (3)
12. y3 ≡ 1(mod 5)
12. y3 = 1 + 5. k
Substitute k = 7,
12. y3 = 1 + 5. 7
12. y3 = 36
Therefore y3 = 3
Step 4: x = a1y1z1 + a2y2z2 + a3y3z3
x = 3. 3. 15 + 2. 2. 20 + 4. 3. 12
x = 135 + 80 + 144
x = 359
x = 359 ≡ ? (mod m)
359 ≡ ? (mod 60)

359 = ? + 60. k
Substitute k = 5
359 = ? + 60. 5
359 = ? + 300
? = 59
The solution is
x ≡ 59 (mod 60)
1.9 Legendre and Jacobi Symbols
Suppose we want to determine whether or not x2 ≡ a (mod p) has a solution, where p is prime. If
p is small, we could square all of the numbers mod p and see if a is on the list. When p is large,
this is impractical. If p ≡ 3 (mod 4), we can use the technique of the previous section and com
pute s ≡ a(p+1)/4 (mod p). If a has a square root, then s is one of them, so we simply have to square
a and see if we get a. If not, then a has no square root mod p. The following proposition gives a
method for deciding whether a is a square mod p that works for arbitrary odd p.
Proposition
Let p be an odd prime and let a be an integer with a ≠0 (mod p ). Then a(p-1)/2 ≡ ±1 (mod p). The
congruence x2 ≡ a (mod p) has a solution if and only = 1 (mod p).
Proof
Let y = a(p-1)/2 (mod p). Then y2 = ap-l ≡ 1 (mod p), by Fermat’s theorem. Therefore y ≡ ± 1 (mod
p).
If a ≡ x 2, then a(p-1/2) = xp-1 ≡ 1 (mod p). The hard part is showing the converse. Let g be a
primitive root mod p. Then a = gi for some j , If a(p-1/2) ≡ 1 (mod p), then
gj(p-1)/2 = a(p-1)/2 = 1 (mod p).
Proposition. Let p be an odd prime.

Proposition
Let n be odd,

1.10 Finite Fields
A finite field is a field with a finite field order (i.e., number of elements), also called a Galois field.
The order of a finite field is always a prime or a power of a prime. For each prime power, there
exists exactly one (with the usual caveat that "exactly one" means "exactly one up to an
isomorphism") finite field GF( ), often written as in current usage.
GF( ) is called the prime field of order , and is the field of residue classes modulo , where the
elements are denoted 0, 1, ..., . in GF( ) means the same as . Note, however,
that in the ring of residues modulo 4, so 2 has no reciprocal, and the ring of
residues modulo 4 is distinct from the finite field with four elements. Finite fields are therefore
denoted GF( ), instead of GF( ), where , for clarity.
The finite field GF(2) consists of elements 0 and 1 which satisfy the following addition and
multiplication tables.
0 1
0 0 1
1 1 0
0 1
0 0 0
1 0 1
If a subset S of the elements of a finite field F satisfies the axioms above with the same operators
of F, then S is called a subfield. Finite fields are used extensively in the study of error-correcting
codes. When n > 1 , GF( ) can be represented as the field of equivalence classes of polynomials
whose coefficients belong to GF( ). Any irreducible polynomial of degree n yields the same field
up to an isomorphism. For example, for GF( ), the modulus can be taken as x 3 + x2 + 1 or x3 + x +

1. Using the modulus x 3 + x + 1, the elements of GF( ) written 0, x0, x1, ... can be represented as
polynomials with degree less than 3. For instance,
Now consider the following table which contains several different representations of the
elements of a finite field. The columns are the power, polynomial representation, triples of
polynomial representation coefficients (the vector representation), and the binary integer
corresponding to the vector representation (the regular representation).
power polynomial vector regular

0 0 (000) 0
1 (001) 1
(010) 2
(100) 4
(011) 3
(110) 6
(111) 7
(101) 5
The set of polynomials in the second column is closed under addition and multiplication modulo
, and these operations on the set satisfy the axioms of finite field. This particular finite
field is said to be an extension field of degree 3 of GF(2), written GF( ), and the field GF(2) is
called the base field of GF( ). If an irreducible polynomial generates all elements in this way, it is
called a primitive polynomial. For any prime or prime power q and any positive integer n, there
exists a primitive irreducible polynomial of degree n over GF( ).
For any element c of GF( ), cq = c, and for any nonzero element d of GF( ), dq-1 = 1. There is a
smallest positive integer n satisfying the sum condition

for some element e in GF( ). This number is called the field characteristic of the finite field GF( ).
The field characteristic is a prime number for every finite field, and it is true that
over a finite field with characteristic p.
1.11 Continued fraction
A continued fraction is an expression obtained through an iterative process of representing a

number as the sum of its integer part and the reciprocal of another number, then writing this
other number as the sum of its integer part and another reciprocal, and so on.
In a finite continued fraction (or terminated continued fraction), the iteration/recursion is

terminated after finitely many steps by using an integer in lieu of another continued fraction. In
contrast, an infinite continued fraction is an infinite expression. In either case, all integers in the
sequence, other than the first, must be positive. The integers ai are called the coefficients or
terms of the continued fraction.
Continued fractions have a number of remarkable properties related to the Euclidean algorithm
for integers or real numbers. Every rational number p/q has two closely related expressions as a
finite continued fraction, whose coefficients ai can be determined by applying the Euclidean
algorithm to (p, q). The numerical value of an infinite continued fraction will be irrational; it is
defined from its infinite sequence of integers as the limit of a sequence of values for finite
continued fractions. Each finite continued fraction of the sequence is obtained by using a finite
prefix of the infinite continued fraction's defining sequence of integers. Moreover, every
irrational number α is the value of a unique infinite continued fraction, whose coefficients can be
found using the non-terminating version of the Euclidean algorithm applied to the
incommensurable values α and 1. This way of expressing real numbers (rational and irrational)
is called their continued fraction representation.
It is generally assumed that the numerator of all of the fractions is 1. If arbitrary values and/or
functions are used in place of one or more of the numerators or the integers in the denominators,
the resulting expression is a generalized continued fraction. When it is necessary to distinguish
the first form from generalized continued fractions, the former may be called a simple or regular
continued fraction, or said to be in canonical form.
Figure 1.10 – Continued Fraction

Notation
Consider a typical rational number 415/93, which is around 4.4624.
As a first approximation, start with 4, which is the integer part; 415/93 = 4 + 43/93.
Note that the fractional part is the reciprocal of 93/43 which is about 2.1628.
Use the integer part, 2, as an approximation for the reciprocal, to get a second approximation of
4 + 1/2 = 4.5; 93/43 = 2 + 7/43.
The fractional part of 93/43 is the reciprocal of 43/7, and 43/7 is around 6.1429.
Use 6 as an approximation for this to get 2 + 1/6 as an approximation for 93/43 and 4 + 1/2 +
1/6 , about 4.4615, as the third approximation; 43/7 = 6 + 1/7 .
Finally, the fractional part of 43/7 is the reciprocal of 7, so its approximation in this scheme, 7, is
exact (7/1 = 7 + 0/1) and produces the exact expression 4 + 1/2 + 1/6 + (1 / 7) for 415/93.
This expression is called the continued fraction representation of the number.
Dropping some of the less essential parts of the expression 4 + 1/2 + 1/6 + (1 / 7) gives the
abbreviated notation 415/93=[4;2,6,7].

If the starting number is rational then this process exactly parallels the Euclidean algorithm. In
particular, it must terminate and produce a finite continued fraction representation of the
number. If the starting number is irrational then the process continues indefinitely. This
produces a sequence of approximations, all of which are rational numbers, and these converge to
the starting number as a limit. This is the (infinite) continued fraction representation of the
number. Examples of continued fraction representations of irrational numbers are:
 √19 = [4;2,1,3,1,2,8,2,1,3,1,2,8,…] (sequence A010124 in OEIS). The pattern repeats
indefinitely with a period of 6.
 e = [2;1,2,1,1,4,1,1,6,1,1,8,…] (sequence A003417 in OEIS). The pattern repeats
indefinitely with a period of 3 except that 2 is added to one of the terms in each cycle.
 π = [3;7,15,1,292,1,1,1,2,1,3,1,…] (sequence A001203 in OEIS). The terms in this
representation are apparently random.
 ϕ = [1;1,1,1,1,1,1,1,1,1,1,1,…] (sequence A000012 in OEIS). The golden ratio, the most
difficult irrational number to approximate rationally. See: A property of the golden ratio
φ.
Continued fractions are, in some ways, more "mathematically natural" representations of a real
number than other representations such as decimal representations, and they have several
desirable properties:
 The continued fraction representation for a rational number is finite and only rational
numbers have finite representations. In contrast, the decimal representation of a rational
number may be finite, for example 137/1600 = 0.085625, or infinite with a repeating
cycle, for example 4/27 = 0.148148148148….
 Every rational number has an essentially unique continued fraction representation. Each
rational can be represented in exactly two ways, since [a0;a1,… an−1,an] = [a0;a1,… an−1,
(an−1),1]. Usually the first, shorter one is chosen as the canonical representation.
 The continued fraction representation of an irrational number is unique.
 The real numbers whose continued fraction eventually repeats are precisely the quadratic
irrationals.[5] For example, the repeating continued fraction [1;1,1,1,…] is the golden ratio,
and the repeating continued fraction [1;2,2,2,…] is the square root of 2. In contrast, the

decimal representations of quadratic irrationals are apparently random. The square roots
of all (positive) integers, that are not perfect squares, are quadratic irrationals, hence are
unique periodic continued fractions.
 The successive approximations generated in finding the continued fraction
representation of a number, i.e. by truncating the continued fraction representation, are
in a certain sense (described below) the "best possible".
Basic formula
A continued fraction is an expression of the form
where ai, and bi are either rational numbers, real numbers, or complex numbers. If b i = 1 for all i
the expression is called a simple continued fraction. If the expression contains a finite number of
terms it is called a finite continued fraction. If the expression contains an infinite number of
terms it is called an infinite continued fraction. Thus, all of the following illustrate valid finite
simple continued fractions:
Examples of finite simple continued fractions

Notations for continued fractions

The integers a0, a1 etc., are called the coefficients or terms of the continued fraction.[2] One can
abbreviate the continued fraction
in the notation of Carl Friedrich Gauss
or as
,
or in the notation of Pringsheim as
or in another related notation as

Sometimes angle brackets are used, like this:
The semicolon in the square and angle bracket notations is sometimes replaced by a comma. [3][4]
One may also define infinite simple continued fractions as limits:
This limit exists for any choice of a0 and positive integers a1, a2, ... .
Finite continued fractions

Every finite continued fraction represents a rational number, and every rational number can be
represented in precisely two different ways as a finite continued fraction, with the conditions
that the first coefficient is an integer and other coefficients being positive integers. These two
representations agree except in their final terms. In the longer representation the final term in
the continued fraction is 1; the shorter representation drops the final 1, but increases the new
final term by 1. The final element in the short representation is therefore always greater than 1,
if present. In symbols:
[a0; a1, a2, …, an − 1, an, 1] = [a0; a1, a2, …, an − 1, an + 1].
[a0; 1] = [a0 + 1].
For example,
2.25 = 2 + 1/4 = [2; 4] = 2 + 1/3 + 1/1 = [2; 3, 1]
−4.2 = −5 + 4/5 = −5 + 1/1 + 1/4 = [−5; 1, 4] = −5 + 1/1 + 1/3 + 1/1 = [−5; 1, 3, 1].

Cryptography and Network Security Unit I Introduction

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cryptography and Network Security Unit I Introduction

Uploaded by

Copyright:

Available Formats

Cryptography and Network Security Unit I

1.1 OSI Security Architecture

Prepared by P.Vasantha Kumari/IT 1

1.1.1 Security Attacks

(i) The release of message contents is easily understood. A telephone conversation, an

Prepared by P.Vasantha Kumari/IT 2

Figure 1.1 – Passive attacks

Prepared by P.Vasantha Kumari/IT 3

Figure 1.2 – Active attacks

1.1.2 Security Services

AUTHENTICATION DATA INTEGRITY

Prepared by P.Vasantha Kumari/IT 5

Selective-Field Confidentiality Selective-Field Connectionless Integrity

Table 1.1 – Security Services

Two specific authentication services are defined in X.800:

Prepared by P.Vasantha Kumari/IT 6

1.1.3 Security Mechanisms

Prepared by P.Vasantha Kumari/IT 8

SPECIFIC SECURITY MECHANISMS PERVASIVE SECURITY MECHANISMS

Encipherment Trusted Functionality

Digital Signature Security Label

Authentication Exchange Security Recovery

Table 1.3 – Relationship between Secuirty Services and Mechanisms

A Model for Network Security

Figure 1.3 – A model for Network Security

1.2 Classical Encryption techniques

◆ Symmetric encryption is a form of cryptosystem in which encryption and decryption are

Prepared by P.Vasantha Kumari/IT 10

Prepared by P.Vasantha Kumari/IT 11

A symmetric encryption scheme has five ingredients:

Figure 1.4 – A simplified model for symmetric encryption

There are two requirements for secure use of conventional encryption:

Prepared by P.Vasantha Kumari/IT 12

Figure 1.5 – Model of symmetric crypto system

Prepared by P.Vasantha Kumari/IT 13

Cryptanalysis and Brute-Force Attack

1.2.1. Substitution Techniques

(i) Ceasar Cipher

Prepared by P.Vasantha Kumari/IT 14

Let us assign a numerical equivalent to each letter:

Prepared by P.Vasantha Kumari/IT 15

Figure 1.6 - Brute-Force Cryptanalysis of Caesar Cipher

(ii)Mono alphabetic Ciphers

Prepared by P.Vasantha Kumari/IT 16

Plaintext: meet me at nine

(iii) Playfair Cipher

Prepared by P.Vasantha Kumari/IT 17

(iv) Hill Cipher

Prepared by P.Vasantha Kumari/IT 18

Original Plaintext P = MISSISSIPPI

The sender will then calculate the ciphertext C as:

Prepared by P.Vasantha Kumari/IT 19

Find 23-1 mod 26

26 (8) + 23 (-8) + 23 (-1) = 1

K-1 = 289 -425 mod 26

Key Matrix: K-1 =

Prepared by P.Vasantha Kumari/IT 21

Prepared by P.Vasantha Kumari/IT 22

Table 1.4 - The Modern Vigenère Tableau

Prepared by P.Vasantha Kumari/IT 23

Figure 1.7 – Vernam Cipher

Prepared by P.Vasantha Kumari/IT 24