Unit 4-Traditional Block Cipher and Public Key Cryptosystem

Go, change the
RV College world
of
Engineering
Unit 4- Traditional Block Cipher and Public

key Cryptosystem
RV College
of
Engineering
Contents Go, change the
world
1. Stream Ciphers and Block Ciphers, Feistel Cipher Structure.
2. The Data Encryption Standard-Encryption and Decryption.
3. Principles of Public Cryptosystems- Public-Key Cryptosystems.
4. Applications for Public-Key Cryptosystems.
5. Requirements for Public-Key Cryptosystems.
6. Public-Key Cryptanalysis.
7. The RSA algorithm-Algorithm and Computational Aspects and the security
of RSA.
8. Other Public key Cryptosystems: Diffie-Hellman Key Exchange.

RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
RV College
of Go, change the
Engineering
world
Stream Ciphers and Block Ciphers, Feistel Cipher Structure.
• Encryption Definition: –The action of disguising information so that it can
be recovered easily by the persons who have the key, but is highly resistant
to recovery by persons who do not have the key.

RV College
of Go, change the
Engineering
world
• A message is cleartext (plaintext) is encrypted (disguised) through the use

of an encryption key to create a Ciphertext.
• The encryption key may be changed from time to time to make an
intruder’s task more difficult.
• Restoration of a ciphertext to cleartext is achieved by the action of
decryption using a decryption key.
• In symmetric (Single key) - The encryption and decryption keys are the
same.
• In asymmetric (two keys) - The encryption and decryption keys are
different.
RV College
Go, change the
of
Engineering
Encryption Methods world
• Encryption Methods - Encryption is accomplished by scrambling the bits,
characters, words, or phrases in the original message.
• Scrambling involves two activities:
• Transposition - In which the order of the bits patterns, characters, words or
phrases is rearranged.
• Substitution - In which new bit patterns, characters, words, or phrases are
substituted for the originals without changing their order.

RV College
Go, change the
of
Engineering STREAM CIPHERS world
• Stream ciphers process messages a bit or byte at a time when en/decrypting.
• Block ciphers process messages into blocks, each of which is then
en/decrypted – 64-bits or more
• Many current ciphers are block ciphers hence are focus of course
RV College
of
Engineering
Block Cipher Principles Go, change the
world
• block ciphers look like an extremely large substitution would need table of
264 entries for a 64-bit block, arbitrary reversible substitution cipher for a
large block size is not practical
• – 64-bit general substitution block cipher, key size 2 64!
• Most symmetric block ciphers are based on a Feistel Cipher Structure
needed since must be able to decrypt ciphertext to recover messages
efficiently
RV College
Go, change the
of
Engineering
Motivation for the Feistel Cipher Structure world
 A block cipher operates on a plaintext block of n bits to produce a

ciphertext block of n bits.
 There are 2n possible different plaintext blocks and, for the
 Encryption to be reversible (i.e., for decryption to be possible), each must
produce a unique ciphertext block.
 Such a transformation is called reversible, or nonsingular.
 The Following examples illustrate nonsingular and singular transformations
for n = 2.
RV College
Go, change the
of
Engineering
RV College
Go, change the
of
Engineering
RV College
of Go, change the
Engineering FEISTEL CIPHER STRUCTURE world
Feistel proposed [FEIS73] that we can approximate the ideal block cipher by
utilizing the concept of a product cipher, which is the execution of two or more
simple ciphers in sequence in such a way that the final result or product is
Cryptographically stronger than any of the component ciphers.
The essence of the approach is to develop a block cipher with a key length of k
bits and a block length of n bits, allowing a total of 2k possible transformations,
rather than the 2n! Transformations available with the ideal block cipher.
RV College
Go, change the
of
Engineering
FEISTEL CIPHER STRUCTURE world
In particular, Feistel proposed the use of a cipher that alternates substitutions

and permutations, where these terms are defined as follows:
■ Substitution: Each plaintext element or group of elements is uniquely
replaced by a corresponding ciphertext element or group of elements.
■ Permutation: A sequence of plaintext elements is replaced by a
permutation of that sequence. That is, no elements are added or deleted or
replaced in the sequence, rather the order in which the elements appear in
the sequence is changed.
In fact, Feistel’s is a practical application of a proposal by Claude Shannon

to develop a product cipher that alternates confusion and diffusion functions.
RV College
Go, change the
of
Engineering
FEISTEL CIPHER STRUCTURE world
In particular, the Feistel structure is used for Triple Data Encryption Algorithm
(TDEA), which is one of the two encryption algorithms (along with AES),
approved for general use by the National Institute of Standards and Technology
(NIST). The Feistel structure is also used for several schemes for format-
preserving encryption, which have recently come into prominence.
In addition, the Camellia block cipher is a Feistel structure; it is one of the

possible symmetric ciphers in TLS and a number of other Internet security
protocols. Both TDEA and format-preserving encryption are covered later.
RV College
Go, change the
of
Engineering
DIFFUSION AND CONFUSION world
The terms diffusion and confusion were introduced by Claude Shannon to

capture the two basic building blocks for any cryptographic system [SHAN49].
In diffusion, the statistical structure of the plaintext is dissipated into long-

range statistics of the ciphertext. This is achieved by having each plaintext digit
affect the value of many ciphertext digits; generally, this is equivalent to having
each ciphertext digit be affected by many plaintext digits.
On the other hand, confusion seeks to make the relationship between the
statistics of the ciphertext and the value of the encryption key as complex as
possible, again to thwart attempts to discover the key. Thus, even if the
attacker can get some handle on the statistics of the ciphertext, the way in
which the key was used to produce that ciphertext is so complex as to make it
difficult to deduce the key. This is achieved by the use of a complex substitution
algorithm. In contrast, a simple linear substitution function would add little
confusion.
Shannon’s concern was to thwart cryptanalysis based on statistical analysis. The

reasoning is as follows.
RV College
of
Engineering
FEISTEL CIPHER STRUCTURE Go, change the
world
Assume the attacker has some knowledge of the statistical characteristics of

the plaintext.
For example, in a human-readable message in some language, the frequency
distribution of the various letters may be known. Or there may be words or
phrases likely to appear in the message (probable words). If these statistics are
in any way reflected in the ciphertext, the cryptanalyst may be able to deduce
the encryption key, part of the key, or at least a set of keys likely to contain the
exact key. In what Shannon refers to as a strongly ideal cipher, all statistics of
the ciphertext are independent of the particular key used. The arbitrary
substitution cipher that we discussed previously (Figure 4.2) is such a cipher,
but as we have seen, it is impractical.4
RV College
of
Engineering
world
Feistel Cipher is not a specific scheme of block cipher. It is a design model from
which many different block ciphers are derived. DES is just one example
of a Feistel Cipher. A cryptographic system based on Feistel cipher
structure uses the same algorithm for both encryption and decryption.
RV College
of
Engineering
world
Encryption Process: The encryption process uses the Feistel structure

consisting multiple rounds of processing of the plaintext, each round consisting
of a “substitution” step followed by a permutation step. Feistel Structure is
shown in the following illustration −
RV College
of
Engineering
world
Encryption Process:
 The input block to each round is divided into two halves that can be denoted as
L and R for the left half and the right half.
 In each round, the right half of the block, R, goes through unchanged. But the
left half, L, goes through an operation that depends on R and the encryption
key. First, we apply an encrypting function ‘f’ that takes two input − the key K
and R. The function produces the output f(R,K). Then, we XOR the output of
the mathematical function with L.
 In real implementation of the Feistel Cipher, such as DES, instead of using the
whole encryption key during each round, a round-dependent key (a subkey) is
derived from the encryption key. This means that each round uses a different
key, although all these subkeys are related to the original key.
RV College
of
Engineering
world
Encryption Process:
 The permutation step at the end of each round swaps the modified L and
unmodified R. Therefore, the L for the next round would be R of the current
round. And R for the next round be the output L of the current round.
 Above substitution and permutation steps form a ‘round’. The number of
rounds are specified by the algorithm design.
 Once the last round is completed then the two sub blocks, ‘R’ and ‘L’ are
concatenated in this order to form the ciphertext block.
RV College
of
Engineering
world
Number of Rounds
The number of rounds used in a Feistel Cipher depends on desired security from the
system. More number of rounds provide more secure system. But at the same
time, more rounds mean the inefficient slow encryption and decryption
processes. Number of rounds in the systems thus depend upon efficiency–
security tradeoff.
RV College
of Go, change the
Engineering
world
FEISTEL CIPHER
• n sequential rounds
• A substitution on the left half Li –1.
• Apply a round function F to the right half Ri and –2.
• Take XOR of the output of (1) and Li
• The round function is parameterized by the subkey Ki –Ki are derived from
the overall key K

RV College
Go, change the
of
Engineering FEISTEL CIPHER DESIGN PRINCIPLES world
• block size - increasing size improves security, but slows cipher

• key size - increasing size improves security, makes exhaustive key
searching harder, but may slow cipher
• number of rounds - increasing number improves security, but slows cipher
• subkey generation - greater complexity can make analysis harder, but slows
cipher
• round function - greater complexity can make analysis harder, but slows
cipher
• fast software en/decryption & ease of analysis - are more recent concerns
for practical use and testing
RV College
of
Engineering
world
Decryption Process:
The process of decryption in Feistel cipher is almost similar. Instead of starting with
a block of plaintext, the ciphertext block is fed into the start of the Feistel
structure and then the process thereafter is exactly the same as described in the
given illustration.
The process is said to be almost similar and not exactly same. In the case of
decryption, the only difference is that the subkeys used in encryption are used
in the reverse order.
The final swapping of ‘L’ and ‘R’ in last step of the Feistel Cipher is essential. If
these are not swapped then the resulting ciphertext could not be decrypted using
the same algorithm.
RV College
of
Engineering
FEISTEL CIPHER DECRYPTION Go, change the
world
RV College
of
Engineering
world
Suppose that the blocks at each stage are 32 bits (two 16-bit halves) and that the
key size is 24 bits. Suppose that at the end of encryption round fourteen, the
value of the intermediate block (in hexadecimal) is DE7F03A6.
Then
LE14 = DE7F and RE14 = 03A6. Also assume that the value of K15 is 12DE52.
After round 15, we have LE15 = 03A6 and RE15 = F(03A6, 12DE52) ⊕ DE7F.
RV College
of
Engineering
world
Now let’s look at the decryption.

We assume that LD1 = RE15 and RD1 = LE15, as shown in Figure 4.3, and we
want to demonstrate that LD2 = RE14 and RD2 = LE14.
So, we start with LD1 = F(03A6, 12DE52) ⊕DE7F and RD1 = 03A6.
Then, from Figure 4.3, LD2 = 03A6 = RE14 and
RD2 = F(03A6, 12DE52) ⊕[F(03A6, 12DE52) ⊕DE7F] = DE7F = LE14.
RV College
Go, change the
of
Engineering
DATA ENCRYPTION STANDARD (DES) world
• most widely used block cipher in the world.

• adopted in 1977 by NBS (now NIST) - as FIPS PUB 46
• encrypts 64-bit data using 56-bit key
• has widespread use- IBM developed Lucifer cipher - by team lead by
Feistel – used 64-bit data blocks with 128-bit key then redeveloped as a
commercial cipher with input from NSA and others
• In 1973 NBS issued request for proposals for a national cipher standard
• IBM submitted their revised Lucifer which was eventually accepted as the
DES
RV College
Go, change the
of
Engineering
Data encryption standard (DES) has been found vulnerable against very
powerful attacks and therefore, the popularity of DES has been found
slightly on decline.
DES is a block cipher, and encrypts data in blocks of size of 64 bit each, means
64 bits of plain text goes as the input to DES, which produces 64 bits of
cipher text. The same algorithm and key are used for encryption and
decryption, with minor differences. The key length is 56 bits.
RV College
Go, change the
of
Engineering
We have mention that DES uses a 56 bit key. Actually, the initial key consists of
64 bits. However, before the DES process even starts, every 8th bit of the
key is discarded to produce a 56 bit key. That is bit position 8, 16, 24, 32,
40, 48, 56 and 64 are discarded.
Thus, the discarding of every 8th bit of the key produces a 56-bit key from the
original 64-bit key.
RV College
Go, change the
of
Engineering
DES is based on the two fundamental attributes of cryptography: substitution

(also called as confusion) and transposition (also called as diffusion). DES
consists of 16 steps, each of which is called as a round. Each round
performs the steps of substitution and transposition. Let us now discuss
the broad-level steps in DES.
1. In the first step, the 64 bit plain text block is handed over to an initial
Permutation (IP) function.
2. The initial permutation performed on plain text.
3. Next the initial permutation (IP) produces two halves of the permuted
block; says Left Plain Text (LPT) and Right Plain Text (RPT).
4. Now each LPT and RPT to go through 16 rounds of encryption process.
5. In the end, LPT and RPT are rejoined and a Final Permutation (FP) is
performed on the combined block.
6. The result of this process produces 64 bit cipher text.
RV College
Go, change the
of
Engineering
Initial Permutation (IP) –

As we have noted, the Initial permutation (IP) happens only once and it happens
before the first round. It suggests how the transposition in IP should proceed, as
shown in figure.
For example, it says that the IP replaces the first bit of the original plain text
block with the 58th bit of the original plain text, the second bit with the 50th bit
of the original plain text block and so on.
This is nothing but jugglery of bit positions of the original plain text block. the
same rule applies for all the other bit positions which shows in the figure.
• Although DES standard is public was considerable controversy over design -in choice
of 56-bit key (vs Lucifer 128-bit)
• Subsequent events and public analysis show in fact design was appropriate
• DES has become widely used, especially in financial applications
RV College
of
Engineering
DES DESIGN CONTROVERSY Go, change the
world
RV College
of
Engineering
DES DESIGN CONTROVERSY Go, change the
world
RV College
of
Engineering
DES DESIGN Go, change the
world
RV College
of
Engineering
GENERAL STRUCTURE OF DES Go, change the
world
RV College
of
Engineering
DES EXAMPLE Go, change the
world
For this example, the plaintext is a hexadecimal palindrome. The plaintext,

key, and resulting ciphertext are as follows:
RV College
of
Engineering
DES EXAMPLE Go, change the
world
RV College
of
Engineering
INITIAL PERMUTATION IP Go, change the
world
RV College
of
Engineering
INITIAL PERMUTATION IP Go, change the
world
• first step of the data computation IP reorders the input data bits quite
regular in structure.
RV College
Go, change the
of
Engineering DES ROUND STRUCTURE world
DES uses 16 rounds. Each round of

DES is a Feistel cipher, as shown. The
Round takes LI−1 and RI−1 from
previous round (or the initial permutation
box) and creates LI and RI, which go to
the next round (or final permutation box).
We can assume that each round has
two cipher elements (mixer and swapper).
Each of these elements is invertible. The
swapper is obviously invertible. It swaps
the left half of the text with the right half.
The mixer is invertible because of
the XOR operation. All noninvertible
elements are collected inside the function
f (RI−1, KI).
RV College
Go, change the
of
Engineering DES FUNCTION world
The heart of DES is the DES function.
The DES function applies a 48-bit key to

the rightmost 32 bits (RI−1) to
produce a 32-bit output. This
function is made up of four sections:
• an expansion D-box,
• A whitener (that adds key),
• a group of S-boxes, and
• A straight D-box
RV College
Go, change the
of
Engineering Expansion Permutation and Expansion D Box. world
RV College
Go, change the
of
Engineering S Boxes and S-Box rule world
RV College
Go, change the
of
Engineering FINAL PERMUTATION world
The last operation in the DES function is a permutation with a 32-bit input and a
32-bit output.
The input/output relationship for this operation is shown in Table and follows the
same general rule as previous tables.
For example, the seventh bit of the input becomes the second bit of the output.
RV College
of Go, change the
Engineering DES Decryption (Reverse encryption) world
• decrypt must unwind steps of data computation
• with Feistel design, do encryption steps again
• using subkeys in reverse order (SK16 … SK1)
• note that IP undoes final FP step of encryption
• 1st round with SK16 undoes 16th encrypt round ….
• 16th round with SK1 undoes 1st encrypt round
• then final FP undoes initial encryption IP
• thus recovering original data value

RV College
of Go, change the
Engineering DES Decryption (Reverse encryption) world
RV College
Go, change the
of
Engineering
AVALANCHE EFFECT world
• key desirable property of encryption alg
• DES exhibits strong avalanche
• where a change of one input or key bit results in changing approx half
output bits
RV College
of
Terminology Related to Asymmetric EncryptionGo, changeworld
Engineering
the
Asymmetric Keys
Two related keys, a public key and a private key, that are used to perform
complementary operations, such as encryption and decryption or signature
generation and signature verification.
Public Key Certificate
A digital document issued and digitally signed by the private key of a
Certification Authority that binds the name of a subscriber to a public key. The
certificate indicates that the subscriber identified in the certificate has sole
control and access to the corresponding private key.
Public Key (Asymmetric) Cryptographic Algorithm
A cryptographic algorithm that uses two related keys, a public key and a private
key. The two keys have the property that deriving the private key from the
public key is computationally infeasible.
Public Key Infrastructure (PKI)
A set of policies, processes, server platforms, software and workstations used for
the purpose of administering certificates and public-private key pairs,
including the ability to issue, maintain, and revoke public key certificates.
RV College
Go, change the
of
Engineering
Private Key Cryptography world
traditional private/secret/single key cryptography uses one key
shared by both sender and receiver
if this key is disclosed communications are compromised
also is symmetric, parties are equal
hence does not protect sender from receiver forging a message & claiming is
sent by sender
RV College
Go, change the
of
Engineering
Public Key Cryptography world
probably most significant advance in the 3000 year history of cryptography
uses two keys – a public & a private key
asymmetric since parties are not equal
uses clever application of number theoretic concepts to function
complements rather than replaces private key crypto

RV College
Go, change the
of
Engineering
Why Public Key Cryptography? world
developed to address two key issues:
key distribution – how to have secure communications in general without

having to trust a KDC with your key
digital signatures – how to verify a message comes intact from the claimed
sender
public invention due to Whitfield Diffie & Martin Hellman at Stanford Uni in
1976
known earlier in classified community

RV College
Go, change the
of
Engineering
public-key/two-key/asymmetric cryptography involves the use of two keys:
a public-key, which may be known by anybody, and can be used to

encrypt messages, and verify signatures
a related private-key, known only to the recipient, used to decrypt

messages, and sign (create) signatures
infeasible to determine private key from public
is asymmetric because
those who encrypt messages or verify signatures cannot decrypt messages

or create signatures
RV College
Go, change the
of
Engineering
RV College
Go, change the
of
Engineering
Symmetric Vs Public Key world
RV College
Go, change the
of
Engineering
Public Key Cryptosystems world
RV College
Go, change the
of
Engineering
Public Key Applications world
can classify uses into 3 categories:
encryption/decryption (provide secrecy)
digital signatures (provide authentication)
key exchange (of session keys)
some algorithms are suitable for all uses, others are specific to one
RV College
Go, change the
of
Engineering
Public Key Requirements world
Public-Key algorithms rely on two keys where:
it is computationally infeasible to find decryption key knowing only

algorithm & encryption key
it is computationally easy to en/decrypt messages when the relevant

(en/decrypt) key is known
either of the two related keys can be used for encryption, with the other used
for decryption (for some algorithms)
these are formidable requirements which only a few algorithms have satisfied
RV College
Go, change the
of
Engineering
Public Key Requirements world
need a trapdoor one-way function

one-way function has
Y = f(X) easy
X = f–1(Y) infeasible
a trap-door one-way function has
Y = fk(X) easy, if k and X are known
X = fk–1(Y) easy, if k and Y are known
X = fk–1(Y) infeasible, if Y known but k not known
a practical public-key scheme depends on a suitable trap-door one-way
function
RV College
Go, change the
of
Engineering
Security of Public Key Schemes world
like private key schemes brute force exhaustive search attack is always
theoretically possible
but keys used are too large (>512bits)
security relies on a large enough difference in difficulty between easy
(en/decrypt) and hard (cryptanalyse) problems
more generally the hard problem is known, but is made hard enough to be
impractical to break
requires the use of very large numbers
hence is slow compared to private key schemes
RV College
Go, change the
of
Engineering
Introduction RSA world
by Rivest, Shamir & Adleman of MIT in 1977
best known & widely used public-key scheme
based on exponentiation in a finite (Galois) field over integers modulo a prime
nb. exponentiation takes O((log n)3) operations (easy)
uses large integers (eg. 1024 bits)
security due to cost of factoring large numbers
nb. factorization takes O(e log n log log n) operations (hard)

RV College
Go, change the
of
Engineering
RSA En/Decryption world
to encrypt a message M the sender:
obtains public key of recipient PU={e,n}
computes: C = Me mod n, where 0≤M<n
to decrypt the ciphertext C the owner:
uses their private key PR={d,n}
computes: M = Cd mod n
note that the message M must be smaller than the modulus n (block if needed)
RV College
Go, change the
of
Engineering
RSA Key Setup world
each user generates a public/private key pair by:

selecting two large primes at random: p, q
computing their system modulus n=p.q
calculate ø(n)=(p-1)(q-1)
selecting at random the encryption key e
where 1<e<ø(n), gcd(e,ø(n))=1
solve following equation to find decryption key d
e.d=1 mod ø(n) and 0≤d≤n
publish their public encryption key: PU={e,n}
keep secret private decryption key: PR={d,n}
RV College
Go, change the
of
Engineering
RSA Algorithm world
RV College
Go, change the
of
Engineering
RSA Example world
p = 7, q = 11, e = 17, m = 8
Step one is done since we are given p and q, such that they are two distinct prime numbers.
Step two, get n where n = pq
n = 7 * 11 =77
Step three, get "ϕ" where ϕ (n) = (p - 1)(q - 1)
phe(77) = (7 - 1)(11 - 1) =60
Step four, select e such that e is relatively prime to ϕ (n); gcd(ϕ(n), e) = 1 where 1 < e < ϕ (n)
gcd(60, e) = 1; 1 < e < 60
Given: e = 17
Step five, determine d such that d*e % ϕ (n) = 1; d < ϕ (n)
d * 17 % 60 = 1; d < 60
53 * 17 % 60 = 1; 53 < 60
d = 53
Public key PU = [e, n]
PU = [17, 77]
Private key PR = [d, n]
PR = [53, 77]
Encryption c = m^e % n; m < n
c = 8^17 % 77; 8 < 77
c = 57
Decryption m = c^d % n
m = 57^53 % 77
RSA Example – Key Setup Go, change the
RV College
of
Engineering world
1. Select primes: p=17 & q=11

2. Calculate n = pq =17 x 11=187
3. Calculate ø(n)=(p–1)(q-1)=16x10=160
4. Select e: gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23x7=161=
10x160+1
6. Publish public key PU={7,187}
7. Keep secret private key PR={23,187}
RSA Example – En/Decryption Go, change the
RV College
of
Engineering world
sample RSA encryption/decryption is:

given message M = 88 (nb. 88<187)
encryption:
C = 887 mod 187 = 11

decryption:
M = 1123 mod 187 = 88

RV College
Go, change the
of
Engineering
Exponentiation world
can use the Square and Multiply Algorithm

a fast, efficient algorithm for exponentiation
concept is based on repeatedly squaring base
and multiplying in the ones that are needed to compute the result
look at binary representation of exponent
only takes O(log2 n) multiples for number n
eg. 75 = 74.71 = 3.7 = 10 mod 11
eg. 3129 = 3128.31 = 5.3 = 4 mod 11
c = 0; f = 1
for i = k downto 0
do c = 2 x c
f = (f x f) mod n
if bi == 1 then
c=c+1
f = (f x a) mod n
return f
RV College
Go, change the
of
Engineering
Efficient Encryption world
encryption uses exponentiation to power e

hence if e small, this will be faster
often choose e=65537 (216-1)
also see choices of e=3 or e=17
but if e too small (eg e=3) can attack
using Chinese remainder theorem & 3 messages with different modulii
if e fixed must ensure gcd(e,ø(n))=1
ie reject any p or q not relatively prime to e
RV College
Go, change the
of
Engineering
Efficient Decryption world
decryption uses exponentiation to power d

this is likely large, insecure if not
can use the Chinese Remainder Theorem (CRT) to compute mod p & q
separately. then combine to get desired answer
approx 4 times faster than doing directly
only owner of private key who knows values of p & q can use this technique
RV College
Go, change the
of
Engineering
RSA Key Generation world
RSA KEY GENERATION
users of RSA must:

– determine two primes at random - p, q
– select either e or d and compute the other
• primes p,q must not be easily derived from modulus N=p.q
– means must be sufficiently large
– typically guess and use probabilistic test
• exponents e, d are inverses, so use Inverse algorithm to compute the
other
RV College
Go, change the
of
Engineering
RSA Security world
SECURITY OF RSA:
• How to attack RSA?

– we have public key (n,e)
– compute ɸ (n) and get d
• Easier said than done!!
– If we have n and ɸ( n) then we can factor n
– If we have e and d then we can factor n
RV College
Go, change the
of
Engineering
Attacks on RSA world
Various attacks on RSA :
Five possible approaches to attacking the RSA algorithm are

• Brute force: This involves trying all possible private keys.
• Mathematical attacks: There are several approaches, all equivalent in
effort to factoring the product of two primes.
• Timing attacks: These depend on the running time of the decryption
algorithm. • Hardware fault-based attack: This involves inducing hardware
faults in the processor that is generating digital signatures.
• Chosen ciphertext attacks: This type of attack exploits properties of the
RSA algorithm.
RV College
Go, change the
of
Engineering
Various attacks on RSA :
The Factoring Problem

We can identify three approaches to attacking RSA mathematically.
1. Factor n into its two prime factors. This enables calculation of f(n) = (p
- 1) * (q - 1), which in turn enables determination of d K e-1 (mod
f(n)).
2. Determine f(n) directly, without first determining p and q. Again, this
enables determination of d K e-1 (mod f(n)).
3. Determine d directly, without first determining f(n).
RV College
Go, change the
of
Engineering
Various attacks on RSA :
A timing attack is somewhat analogous to a burglar guessing the

combination of a safe by observing how long it takes for someone to turn
the dial from number to number.
We can explain the attack using the modular exponentiation algorithm,
but the attack can be adapted to work with any implementation that does
not run in fixed time.
In this algorithm, modular exponentiation is accomplished bit by bit,
with one modular multiplication performed at each iteration and an
additional modular multiplication performed for each 1 bit.
RV College
Go, change the
of
Engineering
Although the timing attack is a serious threat, there are simple countermeasures
that can be used, including the following.
Constant exponentiation time: Ensure that all exponentiations take the same
amount of time before returning a result. This is a simple fix but does degrade
performance.
Random delay: Better performance could be achieved by adding a random
delay to the exponentiation algorithm to confuse the timing attack. Kocher points
out that if defenders don’t add enough noise, attackers could still succeed by
collecting additional measurements to compensate for the random delays.
Blinding: Multiply the ciphertext by a random number before performing
exponentiation.
This process prevents the attacker from knowing what ciphertext bits are being
processed inside the computer and therefore prevents the bit-by-bit analysis
essential to the timing attack.
RV College
of
Go, change the
Engineering world
RSA algorithm is vulnerable to a chosen ciphertext attack (CCA).

•CCA is defined as an attack in which the adversary chooses a number of
ciphertexts and is then given the corresponding plaintexts, decrypted with the
target’s private key.
•Thus, the adversary could select a plaintext, encrypt it with the target’s public key,
and then be able to get the plaintext back by having it decrypted with the private
key.
•Clearly, this provides the adversary with no new information.
•Instead, the adversary exploits properties of RSA and selects blocks of data that,
when processed using the target’s private key, yield information needed for
cryptanalysis.
RV College
of
Go, change the
Engineering world
RSA algorithm is vulnerable to a chosen ciphertext attack (CCA).

A simple example of a CCA against RSA takes advantage of the following
property of RSA:
We can decrypt C = Me mod n using a CCA as follows.

1. Compute
2. Submit X as a chosen ciphertext and receive back
But now note that
Therefore, Y = (2M) mod n. From this, we can deduce M.

RV College
Go, change the
of
Engineering Diffie-Hellman Key Exchange Algorithm world
The Problem of Key Exchange
One of the main problems of symmetric key encryption is it

requires a secure & reliable channel for the shared key
exchange.
The Diffie-Hellman Key Exchange protocol offers a way in

which a public channel can be used to create a confidential
shared key.
RV College
Go, change the
of
A Difficult One-Way Problem
The first thing we require is a simple real-world operation that

is easy to Do but hard to Undo.
You can ring a bell but not unring one.
Toothpaste is easy to squeeze out of a tube but famously
hard to put back in.
In our example we will use Mixing Colors.

Easy to mix 2 colors, hard to unmix
RV College
Go, change the
of
Alice & Bob with Eve listening wish to make a secret shared
color
RV College
Go, change the
of
Step 1 - Both publicly agree to a shared color

RV College
Go, change the
of
Step 2 - Each picks a secret color

RV College
Go, change the
of
Step 3 - Each adds their secret color to the shared color

RV College
Go, change the
of
Step 4 - Each sends the other their new mixed color

RV College
Go, change the
of
Each combines the shared color from the other with their own
secret color
RV College
Go, change the
of
RV College
Go, change the
of
RV College
Go, change the
of
Alice & Bob have agreed to a shared color unknown to Eve
How is it that Alice & Bob’s final mixtures are identical?
Alice mixed
[(Yellow + Teal) from Bob] + Orange
Bob mixed
[(Yellow + Orange) from Alice] + Teal
RV College
Go, change the
of
Alice & Bob have agreed to a shared color unknown to Eve
How is it that Alice & Bob’s final mixture is secret?
Eve never has knowledge of the secret colors of either Alice

or Bob
Unmixing a color into its component colors is a hard

problem
RV College
Go, change the
of
Let’s get back to math : The Algorithm uses multiplicative

group of integers modulo p
where p is prime, and g is a primitive root modulo p.
We will rely on the formula below being an easy problem

one direction and hard in reverse.
s = gn mod p
Easy: given g, n, & p, solve for s \\n is a secret integer
Hard: given s, g, & p, solve for n
And the property of
ga*b mod p = gb*a mod p
RV College
Go, change the
of
Step 1 –Publicly shared information
Alice & Bob publicly agree to a large prime number called

the modulus, or p.
Alice & Bob publicly agree to a number called the
generator, or g, which has a primitive root relationship
with p.
In our example we’ll assume
p = 17
g=3
Eve is aware of the values of p or g.
RV College
Go, change the
of
Step 2 – Select a secret key

Alice selects a secret key, which we will call a.
Bob selects a secret key, which we will call b.
For our example assume:
a = 54
b = 24
Eve is unaware of the values of a or b.
Bob combines his secret key of b with the public

information to compute B.
B = gb mod p
B = 354 mod 17
B = 16
RV College
Go, change the
of
Step 4 – Share combined values
Alice shares her combined value, A, with Bob. Bob shares

his combined value, B, with Alice.
Sent to Bob
A = 15
Sent to Alice
B = 16
Eve is privy to this exchange and knows the values of A and
B
RV College
Go, change the
of
Step 5 – Compute Shared Key
Alice computes the shared key.

s = (B mod p)a mod p
s = gb*a mod p
s = 354*24 mod 17
s=1
Bob computes the shared key.
s = (A mod p)a mod p
s = ga*b mod p
s = 324*54 mod 17
s=1
RV College
Go, change the
of
Alice & Bob have a shared encryption key, unknown to Eve
Alice & Bob have created a shared secret key, s, unknown

to Eve
In our example s=1
The shared secret key can now be used to encrypt &
decrypt messages by both parties.
See the Youtube video on this example at:

https://www.youtube.com/watch?v=3QnD2c4Xovk
RV College
Go, change the
of
RV College
Go, change the
of
Engineering Key Exchange Algorithm world
Diffie-Hellman Algorithm
Example: Let p=11, g=2, then
a 1 2 3 4 5 6 7 8 9 10 11
ga 2 4 8 16 32 64 128 256 512 1024 2048
ga mod p 2 4 8 5 10 9 7 3 6 1 2
A chooses 4, B chooses 3, then shared secret is (23)4 = (24)3 =

212 = 4 (mod 11)
Adversaries sees 23=8 and 24=5, needs to solve one of 2x=8 and
2y=5 to figure out the shared secret.
RV College
Go, change the
of
Engineering Man in the Middle Attack world
RV College
Go, change the
of
RV College
Go, change the
of
RV College
Go, change the
of

Unit 4-Traditional Block Cipher and Public Key Cryptosystem

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unit 4-Traditional Block Cipher and Public Key Cryptosystem

Uploaded by

Copyright:

Available Formats

Go, change the

Unit 4- Traditional Block Cipher and Public

1. Stream Ciphers and Block Ciphers, Feistel Cipher Structure.

2. The Data Encryption Standard-Encryption and Decryption.

3. Principles of Public Cryptosystems- Public-Key Cryptosystems.

4. Applications for Public-Key Cryptosystems.

5. Requirements for Public-Key Cryptosystems.

7. The RSA algorithm-Algorithm and Computational Aspects and the security

8. Other Public key Cryptosystems: Diffie-Hellman Key Exchange.

Stream Ciphers and Block Ciphers, Feistel Cipher Structure.

• Encryption Definition: –The action of disguising information so that it can

to recovery by persons who do not have the key.

• A message is cleartext (plaintext) is encrypted (disguised) through the use

• Encryption Methods - Encryption is accomplished by scrambling the bits,

characters, words, or phrases in the original message.

• Scrambling involves two activities:

• Transposition - In which the order of the bits patterns, characters, words or

• Substitution - In which new bit patterns, characters, words, or phrases are

substituted for the originals without changing their order.

• Stream ciphers process messages a bit or byte at a time when en/decrypting.

• Block ciphers process messages into blocks, each of which is then

en/decrypted – 64-bits or more

 A block cipher operates on a plaintext block of n bits to produce a

In particular, Feistel proposed the use of a cipher that alternates substitutions

In fact, Feistel’s is a practical application of a proposal by Claude Shannon

In addition, the Camellia block cipher is a Feistel structure; it is one of the

The terms diffusion and confusion were introduced by Claude Shannon to

In diffusion, the statistical structure of the plaintext is dissipated into long-

Shannon’s concern was to thwart cryptanalysis based on statistical analysis. The

Assume the attacker has some knowledge of the statistical characteristics of

Encryption Process: The encryption process uses the Feistel structure

• A substitution on the left half Li –1.

• Apply a round function F to the right half Ri and –2.

• Take XOR of the output of (1) and Li

the overall key K

• block size - increasing size improves security, but slows cipher

Now let’s look at the decryption.

• most widely used block cipher in the world.

DES is based on the two fundamental attributes of cryptography: substitution

Initial Permutation (IP) –

For this example, the plaintext is a hexadecimal palindrome. The plaintext,

DES uses 16 rounds. Each round of

The heart of DES is the DES function.

The DES function applies a 48-bit key to

• decrypt must unwind steps of data computation

• with Feistel design, do encryption steps again

• using subkeys in reverse order (SK16 … SK1)

• note that IP undoes final FP step of encryption

• 1st round with SK16 undoes 16th encrypt round ….

• 16th round with SK1 undoes 1st encrypt round

• then final FP undoes initial encryption IP

• thus recovering original data value

• key desirable property of encryption alg

• DES exhibits strong avalanche

traditional private/secret/single key cryptography uses one key

shared by both sender and receiver

if this key is disclosed communications are compromised

also is symmetric, parties are equal

probably most significant advance in the 3000 year history of cryptography

uses two keys – a public & a private key

asymmetric since parties are not equal

uses clever application of number theoretic concepts to function