QUESTION BANK

1) What is the difference between “Cryptanalysis,” “Cryptography,” and

“Cryptology

Cryptanalysis
§ The art and science of breaking cipher text is called cryptanalysis.
§ Cryptanalysis is seeing through the disguise and it is practiced by cryptanalysts.
§ Cryptanalysis deals with finding the encryption key for breaking cryptographic
algorithms without the knowledge of the encryption
§ Cryptanalyst: a person who breaks cryptographic codes . Also referred to as “the
attacker” or the “intruder”

Cryptography
The word cryptography comes from the two Greek words: Krypto (secret) and
graphein (write). So cryptography means secret writing.
§ The art and science of keeping messages secure is called cryptography and it is
practiced by cryptographers
§ It is the practice and study of techniques for secure communication in the
presence of third parties. Cryptography deals with creating documents that can be
shared secretly over public communication channels
§ Modern cryptography exists at the intersection of the disciplines of mathematics,
computer science, and electrical engineering. Applications of cryptography include
ATM cards, computer passwords, and electronic commerce

Cryptology
§ Cryptography and cryptanalysis is collectively known as Cryptology.
§ The branch of mathematics encompasses both cryptography and cryptanalysis is
called cryptology and its practitioners are called cryptologists.
§ Modern cryptologists are generally trained in theoretical mathematics—they
have to be

2) What do you understand about Affine Cipher (encryption and

decryption) explain the concept with suitable examples?

The Affine cipher is a type of monoalphabetic substitution cipher, wherein each

letter in an alphabet is mapped to its numeric equivalent, encrypted using a
simple mathematical function, and converted back to a letter. The formula used
means that each letter encrypts to one other letter, and back again, meaning the
cipher is essentially a standard substitution cipher with a rule governing which
letter goes to which.
The whole process relies on working modulo m (the length of the alphabet
used). In the affine cipher, the letters of an alphabet of size m are first mapped
to the integers in the range 0 … m-1.
The ‘key’ for the Affine cipher consists of 2 numbers, we’ll call them a and b.
The following discussion assumes the use of a 26 character alphabet (m = 26). a
should be chosen to be relatively prime to m (i.e. a should have no factors in
common with m).

Encryption
It uses modular arithmetic to transform the integer that each plaintext letter
corresponds to into another integer that corresponds to a cipher text letter. The
encryption function for a single letter is :
E ( x ) = ( a x + b ) mod m
Modulus m: size of the
alphabet a and b: key of the
cipher.
a must be chosen such that a and m are co prime.

Decryption
In deciphering the cipher text, we must perform the opposite (or inverse)
functions on the cipher text to retrieve the plaintext. Once again, the first step is
to convert each of the cipher text letters into their integer values. The
decryption function is
D ( x ) = a^-1 ( x - b ) mod m
a^-1 : modular multiplicative inverse of a modulo m. i.e., it satisfies
the equation 1 = a a^-1 mod m.

To find Multiplicative inverse

We need to find a number x such that:
If we find the number x such that the equation is true, then x is the inverse of a,
and we call it a^-1. The easiest way to solve this equation is to search each of the
numbers 1 to 25, and see which one satisfies the equation.
[g,x,d] = gcd(a,m); % we can ignore g and d, we don’t
need them x = mod(x,m);
Suppose we want to encrypt the message “beach” using an affine cipher with
encryption key (3, 1).
i. Using the table, we can represent the letters in our message “beach”
with their corresponding numbers: 1 4 0 2 7.
ii. Now we multiply each of the numbers from step i by the first
number in the encryption key, (3 in this case), to get: 3 12 0 6 21.
iii. Next, add the second number in the encryption key, (1 in this case), to
each of the numbers from step ii to get: 4 13 1 7 22.
iv. Now use the table to replace the numbers from step iii with their
corresponding letters to obtain the ciphertext: ENBHW.

3. Explain and differentiate Linear Shift Registers and nonlinear Shift

Registers with suitable examples.

LFSR (LINEAR SHIFT REGISTERS)

In computing, a linear-feedback shift register (LFSR) is a shift register
whose input bit is a linear function of its previous state.
The most commonly used linear function of single bits is exclusive-or (XOR).
Thus, an LFSR is most often a shift register whose input bit is driven by the XOR
of some bits of the overall shift register value.
The initial value of the LFSR is called the seed, and because the operation of
the register is deterministic, the stream of values produced by the register is
completely determined by its current (or previous) state. Likewise, because the
register has a finite number of possible states, it must eventually enter a
repeating cycle. However, an LFSR with a well-chosen feedback function can
produce a sequence of bits that appears random and has a very long cycle.
Applications of LFSRs include generating pseudo-random numbers, pseudo-
noise sequences, fast digital counters, and whitening sequences. Both hardware
and software implementations of LFSRs are common.

NLFSR((NON LINEAR SHIFT REGISTERS)

NLFSRs are used as building blocks in many modern stream ciphers
• Increase complexity of the key stream in stream ciphers Challenges for NLFSRs
• How to determine the period of sequences from NLFSRs
• No general theory exists and many ad-hoc techniques have to be
invented for these problems
• Constructing efficiently large classes long sequences of period 2n
(de Bruijn sequences)/Classify de Bruijn sequences
• Find algebraic methods to analyze NLFSRs
• Find the distribu9on of the elements in sequences generated by an NLFSR
4) . Write in detail about
 GDPR (General Data Protection Regulation)
 PCI-DSS(Payment Card Industry Data Security Standard)
 Health Insurance Portability and Accountability Act
 ITA 2000

GDPR(General Data Protection Regulation)

● GDPR stands for General Data Protection Regulation. It's the core of Europe's
digital privacy legislation.
● One of the key components of the reforms is the introduction of the General
Data Protection Regulation (GDPR). This new EU framework applies to
organisations in all member-states and has implications for businesses and
individuals across Europe, and beyond.
● At its core, GDPR is a new set of rules designed to give EU citizens more
control over their personal data. It aims to simplify the regulatory environment for
business so both citizens and businesses in the European Union can fully benefit
from the digital economy.
● The reforms are designed to reflect the world we're living in now, and brings
laws and obligations - including those around personal data, privacy and consent
● Data breaches inevitably happen. Information gets lost, stolen or otherwise
released into the hands of people who were never intended to see it - and those
people often have malicious intent.
● Under the terms of GDPR, not only do organisations have to ensure that
personal data is gathered legally and under strict conditions, but those who collect
and manage it are obliged to protect it from misuse and exploitation, as well as to
respect the rights of data owners - or face penalties for not doing so.
● The types of data considered personal under the existing legislation include
name, address, and photos. GDPR extends the definition of personal data so that
something like an IP address can be personal data. It also includes sensitive
personal data such as genetic data, and biometric data which could be processed to
uniquely identify an individual.
● GDPR sets out a duty for all organisations to report certain types of data
breaches which involve unauthorised access to or loss of personal data to the
relevant supervisory authority. In some cases, organisations must also inform
individuals affected by the breach.
● Organisations are obliged to report any breaches which are likely to result in a
risk to the rights and freedoms of individuals and lead to discrimination, damage to
reputation, financial loss, loss of confidentiality, or any other economic or social
disadvantage.

PCI-DSS(Payment Card Industry Data Security Standard)

● The Payment Card Industry Data Security Standard (PCI DSS) is a set of
requirements intended to ensure that all companies that process, store, or transmit
credit card information maintain a secure environment.
● The PCI DSS is the cornerstone of the council, as it provides the necessary
framework for developing a complete payment card data security process that
encompasses prevention, detection, and appropriate reaction to security incidents.
● Tools and Resources Available from PCI SSC:
● Self-Assessment Questionnaires to assist organizations in validating their PCI
DSS compliance.
● PIN Transaction Security (PTS) requirements for device vendors and
manufacturers and a list of approved PIN transaction devices.
● Payment Application Data Security Standard (PA-DSS) and a list of
Validated Payment Applications to help software vendors and others develop
secure payment applications.
● Public resources:
● Lists of Qualified Security Assessors (QSAs)
● Payment Application Qualified Security Assessors (PA-QSAs)
● Approved Scanning Vendors (ASVs)
● Internal Security Assessor (ISA) education program
The requirements of PCI DSS are:
  Install and maintain a firewall configuration to protect cardholder data

 Do not use vendor-supplied defaults for system passwords and other security
parameters

 Protect stored cardholder data

 Encrypt transmission of cardholder data across open, public networks

 Use and regularly update anti-virus software or programs

 Develop and maintain secure systems and applications

 Restrict access to cardholder data by business need to know

 Assign a unique ID to each person with computer access

 Restrict physical access to cardholder data

 Track and monitor all access to network resources and cardholder data

 Regularly test security systems and processes

Health Insurance Portability and Accountability Act

● The Health Insurance Portability and Accountability Act (HIPAA) is an act
created by the U.S. Congress in 1996 that amends both the Employee Retirement
Income Security Act (ERISA)
● the Public Health Service Act (PHSA). HIPAA was enacted in an effort to
protect individuals covered by health insurance and to set standards for the storage
and privacy of personal medical data.
● HIPAA law impacts policies, technology, and record-keeping at medical
facilities, health insurance companies, HMOs, and healthcare billing services.
● Noncompliance with HIPAA standards and best practices is against the law.
● The HITECH Act was created in 2009 to expand HIPAA privacy and security
protections for patients.
● The Privacy Rule standards address the use and disclosure of individuals’
health information (known as “protected health information”) by entities subject to
the Privacy Rule. These individuals and organizations are called “covered entities.”
The Privacy Rule also contains standards for individuals’ rights to understand and
control how their health information is used
● A major goal of the Privacy Rule is to ensure that individuals’ health
information is properly protected while allowing the flow of health information
needed to provide and promote high quality health care and to protect the public’s
health and well-being.
● The Privacy Rule strikes a balance that permits important uses of information
while protecting the privacy of people who seek care and healing.

ITA 2000
● The Information Technology Act, 2000 or ITA, 2000 or IT Act, was notified
on October 17, 2000. It is the law that deals with cybercrime and electronic
commerce in India. In this article, we will look at the objectives and features of the
Information Technology Act, 2000.
● In 1996, the United Nations Commission on International Trade Law
(UNCITRAL) adopted the model law on electronic commerce (e-commerce) to
bring uniformity in the law in different countries.
● The Information Technology Act, 2000 provides legal recognition to the
transaction done via electronic exchange of data and other electronic means of
communication or electronic commerce transactions.
● This also involves the use of alternatives to a paper-based method of
communication and information storage to facilitate the electronic filing of
documents with the Government agencies.

● Grant legal recognition to all transactions done via electronic exchange of

data or other electronic means of communication or e-commerce, in place of the
earlier paper-based method of communication.
● Give legal recognition to digital signatures for the authentication of any
information or matters requiring legal authentication
● Facilitate the electronic filing of documents with Government agencies and
also departments
● Facilitate the electronic storage of data
● Give legal sanction and also facilitate the electronic transfer of funds between
banks and financial institutions
● Grant legal recognition to bankers under the Evidence Act, 1891 and the
Reserve Bank of India Act, 1934, for keeping the books of accounts in electronic
form.

Features of the Information Technology Act, 2000

a. All electronic contracts made through secure electronic channels are legally
valid.
b. Legal recognition for digital signatures.
c. Security measures for electronic records and also digital signatures are in place
d. A procedure for the appointment of adjudicating officers for holding inquiries
under the Act is finalized
e. Provision for establishing a Cyber Regulatory Appellant Tribunal under the
Act. Further, this tribunal will handle all appeals made against the order of the
Controller or Adjudicating Officer.
f. An appeal against the order of the Cyber Appellant Tribunal is possible only
in the High Court
g. Digital Signatures will use an asymmetric cryptosystem and also a hash
function
h. Provision for the appointment of the Controller of Certifying Authorities
(CCA) to license and regulate the working of Certifying Authorities. The
Controller to act as a repository of all digital signatures.
i. The Act applies to offences or contraventions committed outside India
j. Senior police officers and other officers can enter any public place and search
and arrest without warrant
k. Provisions for the constitution of a Cyber Regulations Advisory Committee to
advise the Central Government and Controller.

5) Explain about followings with suitable examples.

 Lucifer Cipher
LUCIFER uses a combination of transposition and substitution crypting as a
starting point in decoding ciphers One variant, described by Feistel in 1971,] uses
a 48-bit key and operates on 48-bit blocks. The cipher is a substitution–
permutation network and uses two 4-bit S-boxes. The key selects which S-boxes
are used. The patent describes the execution of the cipher operating on 24 bits at
a time, and also a sequential version operating on 8 bits at a time.
Another variant by John L. Smith from the same year uses a 64-bit key
operating on a 32-bit block, using one addition mod 4 and a singular 4-bit S-
box. The construction is designed to operate on 4 bits per clock cycle. This may
be one of the smallest block-cipher implementations known. Feistel later
described a stronger variant that uses a 128-bit key and operates on 128-bit
blocks.

 IDEA
In cryptography, the International Data Encryption Algorithm (IDEA),
originally called Improved Proposed Encryption Standard (IPES), is a
symmetric-key block cipher designed by James Massey of ETH Zurich and
Xuejia Lai and was first described in
1991. The algorithm was intended as a replacement for the Data Encryption
Standard (DES). IDEA is a minor revision of an earlier cipher Proposed
Encryption Standard (PES).
IDEA operates on 64-bit blocks using a 128-bit key and consists of a series of 8
identical transformations (a round, see the illustration) and an output
transformation (the half-round). The processes for encryption and decryption are
similar. IDEA derives much of its security by interleaving operations from
different groups — modular addition and multiplication, and bitwise eXclusive
OR (XOR) — which are algebraically "incompatible" in some sense.

Blowfish
Blowfish is the first symmetric encryption algorithm created by Bruce Schneier
in 1993. Symmetric encryption uses a single encryption key to both encrypt and
decrypt data. The sensitive data and the symmetric encryption key are utilized
within the encryption algorithm to turn the sensitive data into ciphertext.
Blowfish, along with its successor Two fish, was in the running to replace the
Data Encryption Standard (DES) but failed due to the small size of its block.
Blowfish uses a block size of 64, which is considered wholly insecure. Twofish
fixed this issue, by implementing a block with a size of 128. Blowfish is much
faster than DES, but it trades in its speed for security.
Block Size: 64-bits
Key Size: 32-bits to 448-bits
variable size Number of sub keys:
18 [P-array] Number of rounds: 16
Number of substitution boxes: 4 [each having 512 entries of 32-bits each]

Rijndael.
The Advanced Encryption Standard (AES), also known by its original name
Rijndael is a specification for the encryption of electronic data established by the
U.S. National Institute of Standards and Technology (NIST) in 2001.
AES is a subset of the Rijndael block cipher developed By
two Belgian cryptographers, Vincent Rijmen and Joan Daemen, who submitted a
proposal to NIST during the AES selection process. Rijndael is a family of
ciphers with different key and block sizes. For AES, NIST selected three
members of the Rijndael family, each with a block size of 128 bits, but three
different key lengths: 128, 192 and 256 bits. AES is based on a design principle
known as a substitution–permutation network, and is efficient in both software
and hardware. Unlike its predecessor DES, AES does not use a Feistel network.
AES is a variant of Rijndael, with a fixed block size of 128 bits, and a key size
of 128, 192, or 256 bits. By contrast, Rijndael per se is specified with block and
key sizes that may be any multiple of 32 bits, with a minimum of 128 and a
maximum of 256 bits.
AES operates on a 4 × 4 column-major order array of bytes, termed the state

 Plafire
The Playfair cipher or Playfair square or Wheatstone–Playfair cipher is a
manual symmetric encryption technique and was the first literal digram
 substitution cipher. The scheme was invented in 1854 by Charles
Wheatstone, but bears the name of Lord Playfair for promoting its use.
The technique encrypts pairs of letters (bigrams or digrams), instead of single
letters as in the simple substitution cipher and rather more
complex Vigenère cipher systems then in use. The Playfair is thus
significantly harder to break since the frequency analysis used for simple
substitution ciphers does not work with it. The frequency analysis of
bigrams is possible, but considerably more difficult. With 600[1] possible
bigrams rather than the 26 possible monograms (single symbols, usually
letters in this context), a considerably larger cipher text is required in order
to be useful.

6.The concept of computational complexity has superseded the notion of

overtime as a measure of the security of a cryptosystem. Explain how
computational complexity theory provides the theoretical basis for the design
of modern scalable cryptosystems.

The complexity of an attack can be measured in three different ways:

1. Data complexity :
The amount of data needed(as input) to perform the attack.
2. Processing or time complexity: The time needed to perform the attack :
This is often called the work factor. These Complexities are expressed as
orders of magnitude. If an algorithm has a processing complexity of 2128
then 2128 operations are required to break the algorithm. If it is possible to
perform a million operations every second and a million parallel processors
are set against the task, it will still take over 1019 years to recover the key.
That’s a billion times the age of the universe.
3. Storage requirements: The amount of memory needed to perform the attack

1. An affine cipher with modulus 26 encrypts 4 as 2 and 7 as 17. Determine the

key.
8. Consider an encryption system in which the entropy of the plain text is 32
bits per 128- bit block and in which the AES algorithm is used with a single
128-bit key. Assuming that all keys are equally likely, calculate the unicity
distance of this cipher system.

9.Discuss the security of AES.

Encryption is one of the most common ways to protect sensitive data. Encryption
works by taking plain text and converting it into cipher text, which is made up of
seemingly random characters. Only those who have the special key can decrypt it.
AES uses symmetric key encryption, which involves the use of only one secret key to
cipher and decipher information.
The Advanced Encryption Standard (AES) is the first and only publicly accessible
cipher approved by the US National Security Agency (NSA) for protecting top secret
information. AES was first called Rijndael after its two developers, Belgian
cryptographers Vincent Rijmen and Joan Daemen

. Symmetric key encryption

They make use of a hardware-based set of security modules and an AES engine.
When the host writes data to the flash storage device, a Random Number Generator
(RNG) generates the 256-bit symmetric cipher key, which is passed to the AES
engine. The AES engine encrypts the plain text (source data) into cipher text
(encrypted data) and sends it to the NAND flash for storage.
Inversely, if the host wants to retrieve data from the storage device, the AES engine
decrypts the cipher text in the NAND flash, and then transmits data to the host as
plain text. The encryption/decryption process is done at the flash level and does not
require host intervention, so there is no performance degradation and data transfer
does not slow down.
AES-256 encryption mechanism in ATP SecurEncrypt

TP SecurStor: Protection Beyond Encryption

SecurEncrypt using AES-256 encryption is one component of ATP SecurStor, a
multi-level security suite that protects data with a variety of options beyond data-at-
rest encryption. Customers can choose from features that can be customized according
to their application-specific requirements to guard against unauthorized access, illegal
copying and other security threats to ensure data, OS and firmware integrity at all
times.

Or

Side-channel attacks do not attack the underlying cryptographic algorithm, and so

have nothing to do with its security, but attack implementations of the cipher on
systems which inadvertently leak data. There are several such known attacks on
certain implementations of AES:

• In October 2005 a paper was presented that demonstrated several cache-timing

attacks against AES. One attack was able to obtain an entire AES key after only
800 operations triggering encryption, in a total of 65 milliseconds. This attack
requires the attacker to be able to run programs on the same system or platform
that is performing AES.

• In December 2009 an attack on some hardware implementations of AES was

published that used Differential Fault Analysis and allows recovery of key with
complexity of 232 . Although there is no proof of the security of the AES
cryptographic algorithm it is the first publicly accessible and open cipher
approved by the United States National Security Agency (NSA) for top secret
information.

In 2003 it stated: “The design and strength of all key lengths of the AES algorithm
(i.e., 128, 192 and 256) are sufficient to protect classified information up to the
SECRET level. TOP SECRET information will require use of either the 192 or 256
key lengths. The implementation of AES in products intended to protect national
security systems and/or information must be reviewed and certified by NSA prior
to their acquisition and use.”

On July 1, 2009, Bruce Schneier blogged about related-key attacks published in

December 2009 on the 192-bit and 256-bit versions of AES, which exploit AES's
somewhat simple key schedule. A related-key attack can break 256-bit AES with a
complexity of 299.5 which while faster than brute force is still infeasible. In a
similar manner, 192-bit AES can be broken by an attack with a complexity of 2176.
128-bit AES is not affected by these attacks.

10. Describe how a man-in-the-middle attack can be performed on a Wi-Fi

network and the consequences of such an attack

Man-in-the-middle attacks come in two forms, one that involves physical proximity to the
intended target, and another that involves malicious software, or malware. This second
form, like our fake bank example above, is also called a man-in-the-browser attack.
Cybercriminals typically execute a man-in-the-middle attack in two phases —
interception and decryption.
With a traditional MITM attack, the cybercriminal needs to gain access to an unsecured
or poorly secured Wi-Fi router. These types of connections are generally found in public
areas with free Wi-Fi hotspots, and even in some people’s homes, if they haven’t
protected their network. Attackers can scan the router looking for specific vulnerabilities
such as a weak password.
Once attackers find a vulnerable router, they can deploy tools to intercept and read the
victim’s transmitted data. The attacker can then also insert their tools between the
victim’s computer and the websites the user visits to capture log in credentials, banking
information, and other personal information.
A successful man-in-the-middle attack does not stop at interception. The victim’s
encrypted data must then be unencrypted, so that the attacker can read and act upon it.

10.Describe the following

 (a) authentication
 (b) access control
 (c) data confidentiality
 (d) data integrity
 (e) non repudiation

(a) authentication
Authentication is the process of recognizing a user’s identity. It is the
mechanism of associating an incoming request with a set of identifying
credentials. The credentials provided are compared to those on a file in a
database of the authorized user’s information on a local operating system
or within an authentication server.
(b) Access control
Access control is a security technique that regulates who or what can view or
use resources in a computing environment. It is a fundamental concept in
security that minimizes risk to the business or organization. The goal of
access control is to minimize the security risk of unauthorized access to
physical and logical systems
 (c) data confidentiality
 Data Confidentiality deals with protecting against the disclosure of
information by ensuring that the data is limited to those authorized or by
representing the data in such a way that its semantics remain accessible
only to those who possess some critical information
(d) data integrity
Data integrity is the overall accuracy, completeness, and consistency of
data. Data integrity also refers to the safety of data in regard to regulatory
compliance .When the integrity of data is secure, the information stored in
a database will remain complete, accurate, and reliable no matter how
long it’s stored or how often it’s accessed. Data integrity also ensures that
your data is safe from any outside forces.

(e) non repudiation

Prevents the sender or receiver from denying a transmitted message. Thus,
when a message is sent the receiver can prove that the alleged sender in
fact sent the message. Similarly when a message is received the sender
can prove that the alleged receiver in fact received the message.

13.What is digital signature? How public key cryptography is used for digital
signature.

Digital signatures are the public-key primitives of message authentication. In

the physical world, it is common to use handwritten signatures on
handwritten or typed messages. They are used to bind signatory to the
message.Similarly, a digital signature is a technique that binds a
person/entity to the digital data. This binding can be independently
 verified by receiver as well as any third party.Digital signature is a
cryptographic value that is calculated from the data and a secret key
known only by the signer.In real world, the receiver of message needs
assurance that the message belongs to the sender and he should not be
able to repudiate the origination of that message. This requirement is very
crucial in business applications, since likelihood of a dispute over
exchanged data is very high.

Working

Digital signatures, like handwritten signatures, are unique to each signer.

Digital signature solution providers, such as DocuSign, follow a specific
protocol, called PKI. PKI requires the provider to use a mathematical
algorithm to generate two long numbers, called keys. One key is public,
and one key is private.When a signer electronically signs a document, the
signature is created using the signer’s private key, which is always securely
kept by the signer. The mathematical algorithm acts like a cipher, creating
data matching the signed document, called a hash, and encrypting that
data. The resulting encrypted data is the digital signature. The signature is
also marked with the time that the document was signed. If the document
changes after signing, the digital signature is invalidated.
As an example, Jane signs an agreement to sell a timeshare using her
private key. The buyer receives the document. The buyer who receives the
document also receives a copy of Jane’s public key. If the public key can’t
decrypt the signature (via the cipher from which the keys were created), it
means the signature isn’t Jane’s, or has been changed since it was signed.
The signature is then considered invalid.
To protect the integrity of the signature, PKI requires that the keys be
created, conducted, and saved in a secure manner, and often requires the
services of a reliable Certificate Authority (CA). Digital signature providers,
like DocuSign, meet PKI requirements for safe digital signing .
14.Describe Diffie-Hellman key exchange algorithm, discuss the basis of the
strength of this algorithm

The Diffie–Hellman (DH) Algorithm is a key-exchange protocol that enables two

parties communicating over public channel to establish a mutual secret without it
being transmitted over the Internet. DH enables the two to use a public key to
encrypt and decrypt their conversation or data using symmetric cryptography.

To do that they agree on a public piece of benign information that will be mixed
with their privileged information as it travels over an insecure channel. Their
secrets are mixed with the public information, or public key, and as the secrets are
exchanged the information they want to share is commingled with the common
secret. As they decipher the other’s message, they can extract the public
information and with knowledge of their own secret, deduce the new information
that was carried along. While seemingly uncomplicated in this method’s
description, when long number strings are used for private and public keys,
decryption by an outside party trying to eavesdrop is mathematically infeasible
even with considerable resources.

Encryption: The Diffie Hellman key exchange algorithm can be used to encrypt;

one of the first schemes to do is ElGamal encryption. One modern example of it is

called Integrated Encryption Scheme, which provides security against chosen plain

text and chosen clipboard attacks.

Password Authenticated Agreement: When two parties share a password, a

password-authenticated key agreement can be used to prevent the Man in the

middle attack. This key Agreement can be in the form of Diffie-Hellman. Secure

Remote Password Protocol is a good example that is based on this technique.

Forward Secrecy: Forward secrecy-based protocols can generate new key pairs for

each new session, and they can automatically discard them when the session is

finished. In these forward Secrecy protocols, more often than not, the Diffie

Hellman key exchange is used.\

Advantages of the Diffie Hellman Algorithm

The sender and receiver don’t need any prior knowledge of each other.

Once the keys are exchanged, the communication of data can be done through an

insecure channel.

The sharing of the secret key is safe

15.Describe ElGamal cryptosystem with an example; discuss the basis of the

strength of this algorithm.
ElGamal encryption is a public-key cryptosystem. It uses asymmetric key
encryption for communicating between two parties and encrypting the
message.This cryptosystem is based on the difficulty of finding discrete logarithm
in a cyclic group that is even if we know ga and gk, it is extremely difficult to
compute gak

Idea of El Gamal cryptosystem

Suppose Alice wants to communicate to Bob.

Bob generates public and private key :

Bob chooses a very large number q and a cyclic group Fq.

From the cyclic group Fq, he choose any element g and

an element a such that gcd(a, q) = 1.

Then he computes h = ga.

Bob publishes F, h = ga, q and g as his public key and retains a

as private key.

Alice encrypts data using Bob’s public key :

Alice selects an element k from cyclic group F

such that gcd(k, q) = 1.

Then she computes p = gk and s = hk = gak.

She multiples s with M.

Then she sends (p, M*s) = (gk, M*s).

Bob decrypts the message :

Bob calculates s′ = pa = gak.

He divides M*s by s′ to obtain M as s = s′.