Professional Documents
Culture Documents
Electric rotor machines were mechanical devices that allowed to use encryption algorithms that were
much more complex than ciphers, which were used manually.
They were developed in the middle of the second decade of the 20th century.
They became one of the most important cryptographic solutions in the world for the next tens of years.
Usage
The concept of using rotor machines in cryptography occurred to a number of inventors independently.
At present, two Dutch naval officers, Theo A. van Hengel (1875 – 1939) and R. P. C. Spengler (1875
– 1955) are considered to invent the first rotor cipher machine in 1915.
There were four more people who created (more or less independently) their own cryptographic rotor
machines not much time later: Edward Hebern, Arvid Damm, Hugo Koch and Arthur Scherbius.
Electro-mechanical machines fitted with movable rotors were able to produce long random keystreams,
thus allowing to encrypt messages by using complicated polyalphabetic substitution ciphers.
Description
The main idea that lies behind rotor machines is relatively simple.
One can imagine a simple device, similar to a typewriter, with a number of keys used to input text.
The number of keys may differ, however usually there are 26 to 32 characters.
In the simplest case, if only wires are used (without any rotors), each input key will be mapped to one
specific output character.
For example, if someone pressed K in the keyboard, the machine would always produce C.
As a result, the machine would encrypt the messages by using a simple substitution cipher.
Adding a rotor
Having a simple substitution machine, one can imagine adding an additional internal rotor with an internal
wiring.
The rotor will rotate with a gear, each time after a keystroke.
As a result, after pressing the same letter twice, it will be encoded differently due to different internal
wiring.
For example, if someone pressed KK in the keyboard, the machine would produce CB (because the wiring
changed after the first keystroke, due to the rotor movement).
The internal wiring of the rotor should be kept secret, however we may expect that over time the enemy
will discover its design.
It will make it easier for them to break the cipher but it won't compromise the security altogether.
To decode a ciphertext the receiver would need a machine with the same rotor.
Adding the rotor caused the encryption to become a stronger polyalphabetic substitution cipher.
Make it difficult
To improve the security, one could add more rotors.
The output of one rotor would be connected to the input of the second rotor.
Similarly, the second rotor output would be connected to the third one, and so on.
The substitution performed by each rotor should be unknown for the enemy.
To make cryptanalysis more difficult and to ensure that the wiring inside each rotor changes with different
frequency, the discs should rotate with different speeds.
Additionally, depending on the design of the machine, some additional features may be added to the
machine, to ensure that the produced substitution is as random as possible (for example, an additional
fixed substitution that does not depends on the rotors).
Some rotor machines were designed to be symmetrical. That means that encrypting the same message
twice (with the same settings), would produce the original message.
Steganography
Steganography is the technique of hiding secret data within an ordinary, non-
secret, file or message in order to avoid detection; the secret data is then
extracted at its destination.
If not encrypted, the hidden text is commonly processed in some way in order
to increase the difficulty of detecting the secret content.
As the image depicts, both cover file(X) and secret message(M) are fed into
steganographic encoder as input.
Steganographic Encoder function, f(X,M,K) embeds the secret message into a cover
file. Resulting Stego Object looks very similar to your cover file, with no visible
changes.
This completes encoding. To retrieve the secret message, Stego Object is fed into
Steganographic Decoder.
However, they differ in the respect that cryptography makes the data unreadable, or
hides the meaning of the data, while steganography hides the existence of the data.
cryptography is similar to writing a letter in a secret language: people can read it, but
won’t understand what it means.
If you were to use steganography in the same situation, you would hide the letter
inside a pair of socks that you would be gifting the intended recipient of the letter.
To those who don’t know about the message, it would look like there was nothing
more to your gift than the socks.
But the intended recipient knows what to look for, and finds the message hidden in
them.
Similarly, if two users exchanged media files over the internet, it would be more
difficult to determine whether these files contain hidden messages than if they were
communicating using cryptography.
Steganography Techniques:
Depending on the nature of the cover object(actual object in which secret data is
embedded), steganography can be divided into five types:
1. Text Steganography
2. Image Steganography
3. Video Steganography
4. Audio Steganography
5. Network Steganography
Text Steganography
It involves things like changing the format of existing text, changing words within a
text, generating random character sequences or using context-free grammars to
generate readable texts.
Image Steganography
Hiding the data by taking the cover object as the image is known as image
steganography. In digital steganography, images are widely used cover source
There are a lot of ways to hide information inside an image.
Audio Steganography
Hiding secret messages in digital sound is a much more difficult process when
compared to others, such as Image Steganography.
Video Steganography
In Video Steganography you can hide kind of data into digital video format.
The advantage of this type is a large amount of data can be hidden inside and the
fact that it is a moving stream of images and sounds.
You can think of this as the combination of Image Steganography and Audio
Steganography.
Drawbacks:
ECB mode stands for Electronic Code Block Mode. It is one of the simplest
modes of operation. In this mode, the plain text is divided into a block where
each block is 64 bits. Then each block is encrypted separately. The same key is
used for the encryption of all blocks. Each block is encrypted using the key and
makes the block of ciphertext.
At the receiver side, the data is divided into a block, each of 64 bits. The same
key which is used for encryption is used for decryption. It takes the 64-bit
ciphertext and, by using the key convert the ciphertext into plain text.
As the same key is used for all blocks’ encryption, if the block of plain text is
repeated in the original message, then the ciphertext’s corresponding block will
also repeat. As the same key used for tor all block, to avoid the repetition of
block ECB mode is used for an only small message where the repetition of the
plain text block is less.
Analysis of ECB Mode
In reality, any application data usually have partial information which can be
guessed. For example, the range of salary can be guessed. A ciphertext from
ECB can allow an attacker to guess the plaintext by trial-and-error if the plaintext
message is within predictable.
For example, if a ciphertext from the ECB mode is known to encrypt a salary
figure, then a small number of trials will allow an attacker to recover the figure. In
general, we do not wish to use a deterministic cipher, and hence the ECB mode
should not be used in most applications.
Pros:
2.Ideal for short amount of data Ex: Secure Transfer of AES or DES key.
3.Independent-can encrypt any block.
Cons:
3. A typical example of weakness of encryption using ECB mode is encoding a bitmap image
(for example a .bmp file). Even a strong encryption algorithm used in ECB mode cannot blur efficiently
the plaintext.
CBC Mode stands for Cipher block Mode at the sender side; the plain text is
divided into blocks. In this mode, IV(Initialization Vector) is used, which can
be a random block of text. IV is used to make the ciphertext of each block
unique.
The first block of plain text and IV is combined using the XOR operation and
then encrypted the resultant message using the key and form the first block of
ciphertext. The first block of ciphertext is used as IV for the second block of
plain text. The same procedure will be followed for all blocks of plain text.
At the receiver side, the ciphertext is divided into blocks. The first block
ciphertext is decrypted using the same key, which is used for encryption. The
decrypted result will be XOR with the IV and form the first block of plain text.
The second block of ciphertext is also decrypted using the same key, and the
result of the decryption will be XOR with the first block of ciphertext and form
the second block of plain text. The same procedure is used for all the blocks.
CBC Mode ensures that if the block of plain text is repeated in the original
message, it will produce a different ciphertext for corresponding blocks.
Note that the key which is used in CBC mode is the same; only the IV is
different, which is initialized at a starting point.
Analysis of CBC Mode
In CBC mode, the current plaintext block is added to the previous ciphertext block, and
then the result is encrypted with the key.
Decryption is thus the reverse process, which involves decrypting the current ciphertext
and then adding the previous ciphertext block to the result.
Advantages of CBC –
CBC works well for input greater than b bits.
CBC is a good authentication +confidentiality mechanism.
Better resistive nature towards cryptanalysis than ECB.
Disadvantages of CBC –
Parallel encryption is not possible since every encryption requires a
previous cipher.
Cannot encrypt any block since we need the ciphertext of previous
block.
Initialization Vector which must be known to sender and receiver.
CFB mode stands for Cipher Feedback Mode. In this mode, the data is encrypted in
the form of units where each unit is of 8 bits.
Like cipher block chaining mode, IV is initialized. The IV is kept in the shift register.
It is encrypted using the key and form the ciphertext.
In this mode the cipher is given as feedback to the next block of encryption with
some new specifications: first, an initial vector IV is used for first encryption and
output bits are divided as a set of s and b-s bits.
The left-hand side s bits are selected along with plaintext bits to which an XOR
operation is applied.
The result is given as input to a shift register having b-s bits to lhs, s bits to rhs
and the process continues.
The encryption and decryption process for the same is shown below, both of
them use encryption algorithms.
Analysis of CFB Mode
CFB mode differs significantly from ECB mode, the ciphertext corresponding to a given
plaintext block depends not just on that plaintext block and the key, but also on the
previous ciphertext block.
In other words, the ciphertext block is dependent of message.
CFB has a very strange feature.
In this mode, user decrypts the ciphertext using only the encryption process of the
block cipher.
The decryption algorithm of the underlying block cipher is never used.
Apparently, CFB mode is converting a block cipher into a type of stream cipher.
The encryption algorithm is used as a key-stream generator to produce key-stream that
is placed in the bottom register.
This key stream is then XORed with the plaintext as in case of stream cipher.
Pros:
1. Can operate in real time.
2.Need of padding is eliminated.
3.Encryption fun does decryption as well.
4.Length of PT = Length of CT
Cons:
1.Chances of wastage of transmission capacity.
2.Not a typical stream cipher.
OFB Mode stands for output feedback Mode. OFB mode is similar to CDB
mode; the only difference is in CFB, the ciphertext is used for the next stage of the
encryption process, whereas in OFB, the output of the IV encryption is used for the
next stage of the encryption process.
The IV is encrypted using the key and form encrypted IV. Plain text and
leftmost 8 bits of encrypted IV are combined using XOR and produce the
ciphertext.
In this output feedback mode, all bits of the block are sent instead of
sending selected s bits.
Pros:
1.In the case of CFB, a single bit error in a block is propagated to all
subsequent blocks. This problem is solved by OFB as it is free from bit errors in
the plaintext block.
Cons:
3.No parallelizable.
Counter Mode –
CTR Mode stands for counter mode. As the name is counter, it uses the
sequence of numbers as an input for the algorithm. When the block is
encrypted, to fill the next register next counter value is used.
Note: the counter value will be incremented by 1.
For encryption, the first counter is encrypted using a key, and then the plain
text is XOR with the encrypted result to form the ciphertext.
The counter will be incremented by 1 for the next stage, and the same
procedure will be followed for all blocks. For decryption, the same sequence
will be used. Here to convert ciphertext into plain text, each ciphertext is XOR
with the encrypted counter. For the next stage, the counter will be incremented
by the same will be repeated for all Ciphertext blocks.
The CTR mode is independent of feedback use and thus can be
implemented in parallel.
Advantages of Counter –
Since there is a different counter value for each block, the direct
plaintext and ciphertext relationship is avoided. This means that the
same plain text can map to different ciphertext.
Parallel execution of encryption is possible as outputs from previous
stages are not chained as in the case of CBC.
Hardware efficiency.
Software efficiency.
Preprocessing.
Random Access.
Provable Security.
Simplicity.
Disadvantages:
The serious disadvantage of CTR mode is that it requires a synchronous counter at sender and
receiver. Loss of synchronization leads to incorrect recovery of plaintext.
Aes Structure
Aes Introduction:
The more popular and widely adopted symmetric encryption algorithm likely to be
encountered nowadays is the Advanced Encryption Standard (AES).
It is found at least six time faster than triple DES.
A replacement for DES was needed as its key size was too small.
With increasing computing power, it was considered vulnerable against exhaustive key
search attack.
Triple DES was designed to overcome this drawback but it was found slow.
AES Structure
The below fig shows the overall structure of the AES encryption process.
The cipher takes a plaintext block size of 128 bits, or 16 bytes.
The key length can be 16, 24, or 32 bytes (128, 192, or 256 bits).
The algorithm is referred to as AES-128, AES-192, or AES-256, depending on the
key length.
The cipher consists of N rounds, where the number of rounds depends on the key
length: 10 rounds for a 16-byte key, 12 rounds for a 24-byte key, and 14 rounds
for a 32-byte key.
The first N - 1 rounds consist of four distinct transformation functions: SubBytes,
ShiftRows, MixColumns, and AddRoundKey, which are described subsequently.
The final round contains only three transformations, and there is a initial single
transformation (AddRoundKey) before the first round, which can be considered
Round 0.
Each transformation takes one or more 4 * 4 matrices as input and produces a 4 *
4 matrix as output.
The above figure shows that the output of each round is a 4 * 4 matrix, with the
output of the final round being the ciphertext.
Also, the key expansion function generates N + 1 round keys, each of which is a
distinct 4 * 4 matrix.
Each round key serves as one of the inputs to the AddRoundKey transformation in
each round.
AES Parameters:
Number of 10 12 14
rounds
In all the variations the input size and output size remains the same i.e plain text
size and cipher text size remains the same.
Detailed Structure
Step 2: At the very first of encryption process the 16-byte plain text block
or 4-word plain text block is XORed with the 4-word key i.e. W0, W1, W2, W3.
The resultant of this XOR is provided to the 1st round.
Step 3: In the first round, the result of XOR is processed by the Substitute
Bytes, Shift Rows, Mix Column and Add Round Key functions in the respective
sequence.
To the Add Round Key function, the next 4 words from the expanded key are
provided that are W4, W5, W6, W7. The corresponding result of first-round is
provided to the second round.
Step 4: All round till round nine, performs the same functions and in each
round, a distinct key is provided from the expanded key. In round ten only
three functions are performed on the input provided by round 9 that are
Substitute Bytes, Shift Rows and Add Round Key function.
The result of round 10 is the cipher text block of the corresponding pain text
block.
The key sequence in encryption is reversed during the decryption. And all the
other round functions are also inversed in the decryption process to retrieve
the original 16-byte plain text block.
Round Functions
Each round function has four stages or four functions those are as follows:
Substitute Bytes
The Substitute Bytes function maps each byte element of state matrix to the
new value using the following procedure.
Step 1: A byte element in the state matrix would have 8-bits. The leftmost 4-
bit is used to retrieve the row value of S-box and the rightmost 4-bit are used
to retrieve the column value of S-box.
Step 2: This row value and column value act as an index to get the new value
from the S Box.
The Substitute Byte function maps each element of 4X4 state matrix to the
new value and forwards this newly formed 4X4 State matrix to Shift Rows
function.
Shift Rows
The input to Shift Row function is a 4X4 state matrix forwarded from the
Substitute Bytes function. The Shift row performs the circular left shift on the
rows of the matrix. On the first row, the circular left shift is performed by 0
bytes.
On the second row, a circular left shift is performed by 1 byte. On the third
row, the circular left shift is performed by 2 bytes. On the fourth row of the
input state matrix, the circular let shift is performed by 3 bytes. The resultant
4X4 state matrix of Shift Rows function is forwarded to the Mix Column
function.
Mix Columns
Each byte element of the resultant matrix of Mix Column function is the sum
of the product of one row of the defined matrix and one column of state
matrix. The product matrix of the Mix Column function is forwarded to the last
function of a round i.e. Add Round Key.
Add Round Key
In the Add Round Key function, the input state matrix is XORed with the 4-
words unique key. In each round the key used to XOR with state matrix is
distinct.
Aes
Disadvantages
The key used in AES if not employed properly it can cause a cryptanalytic
attack. Therefore, key scheduling should be done carefully.
Pseudo Random Number Generator (PRNG)
Pseudo Random Number Generator(PRNG) refers to an algorithm that uses
mathematical formulas to produce sequences of random numbers.
PRNGs generate a sequence of numbers approximating the properties of
random numbers.
A PRNG starts from an arbitrary starting state using a seed state.
Many numbers are generated in a short time and can also be reproduced later,
if the starting point in the sequence is known.
Hence, the numbers are deterministic and efficient.
Why do we need PRNG?
With the advent of computers, programmers recognized the need for a means
of introducing randomness into a computer program.
However, surprising as it may seem, it is difficult to get a computer to do
something by chance as computer follows the given instructions blindly and is
therefore completely predictable.
It is not possible to generate truly random numbers from deterministic thing like
computers so PRNG is a technique developed to generate random numbers
using a computer.
How PRNG works?
Linear Congruential Generator is most common and oldest algorithm for
generating pseudo-randomized numbers.
We generate the next random integer using the previous random integer, the
integer constants, and the integer modulus.
To get started, the algorithm requires an initial Seed, which must be provided by
some means.
The appearance of randomness is provided by performing modulo arithmetic..
Characteristics of PRNG
Efficient: PRNG can produce many numbers in a short time and is
advantageous for applications that need many numbers
Deterministic: A given sequence of numbers can be reproduced at a
later date if the starting point in the sequence is known.Determinism is
handy if you need to replay the same sequence of numbers again at a
later stage.
Periodic: PRNGs are periodic, which means that the sequence will
eventually repeat itself. While periodicity is hardly ever a desirable
characteristic, modern PRNGs have a period that is so long that it can
be ignored for most practical purposes
Applications of PRNG
PRNGs are suitable for applications where many random numbers are required
and where it is useful that the same sequence can be replayed easily.
Popular examples of such applications are simulation and modeling
applications.
PRNGs are not suitable for applications where it is important that the numbers
are really unpredictable, such as data encryption and gambling.
Widely used PRNG algorithms : Lagged Fibonacci generators , linear
feedback shift registers , Blum Blum Shub.
It is not that symmetric key cryptosystem is less efficient than public key or the
public key cryptosystem is superior.
The security of any cryptosystem depends only on the length of key and
computation required in cracking the encrypted cipher text.
So, this key must be shared by both the communicating parties by any means
or they must rely on a third party for the distribution of the key i.e. key
distribution centre.
But relying on a third party again risk the secrecy of the secret key.
To become widespread there was a need for digital signatures that assure all
parties that a particular message has been sent from a particular person.
The public key cryptosystem is successful in achieving both these principles i.e.
confidentiality and authenticity.
We begin with first, encrypting the message using the senders private key.
Now, as the message is encrypted using the sender’s private key it is confirmed
that the message has been prepared by the sender.
E(PRS, M)
Nobody is able o modify the message without having the sender’s private key.
So, public key cryptosystem has achieved authentication in both the terms
data integrity and source.
Now, the message that was first encrypted with the sender’s private key is
again encrypted using the intended receiver’s public key.
M’ = E(PUR ,E(PRS, M)
The final cipher text can only be decrypted by the intended receiver’s private
key which is only known to him. In this way, the public key cryptography
achieves confidentiality.
There is a drawback with this approach. We all know that the public key
cryptosystem is based on mathematical function and has too much of
computation which makes it complex. To achieve both confidentiality and
authenticity the public key algorithm has to be applied four times.
Public key Cryptosystem
Any public key cryptographic algorithm has six elements as follow:
1. Plain Text
This is a readable message which is given as input to the algorithm. In a
public key algorithm, the plain text is encrypted in blocks.
2. Encryption Algorithm
The encryption algorithm is implemented on the plain text which
performs several transformations on plain text.
3. Public and Private keys
These are the set of keys among which if one is used for encryption the
other would be used for decryption. The transformation of plain text by
encryption algorithm depends on the key chosen from the set to encrypt
the plain text.
4. Cipher Text
This is the output of encryption algorithm. The generated cipher text
totally depends on the key selected from the set of the public and
private key. Both of these keys, one at a time with plain text would
produce different cipher texts.
5. Decryption Algorithm
This would accept the output of the encryption algorithm i.e. the cipher
text and will apply the related key to produce the original plain text.
Step 1. Each user has to generate two keys one of which will be used for
encryption and other for decryption of messages.
Step 2. Each user has a pair of keys, among which one has to be made public
by each user. And the other has to be kept secret.
Step 3. If a user has to send a message to a particular receiver then the sender
must encrypt the message using the intended receivers public key and then
send the encrypted message to the receiver.
Step 4. On receiving the message, the receiver has to decrypt the message
using his private key.
a. Encryption/Decryption
If the purpose of an application is to encrypt and decrypt the message then the
sender has to encrypt the message using the intended receivers public and the
receiver can decrypt the message using his own private key.
b. Digital Signature
If the purpose of the application is to authenticate the user then the message
is signed or encrypted using the senders private key. As only the sender can
have its private key, it assures all parties that the message is sent by the
particular person.
c. Key Exchange
The two communicating parties exchange a secret key (maybe a private key)
for symmetric encryption to secure a particular transaction. This secret key is
valid for a short period.
Well, some algorithms implement all the three application and some implement
one or two among these applications. Below is the image showing you the
details of algorithm possessing these applications.
Another type of attack in public key cryptography is that the adversary would
try to compute private key knowing the public key.
Then he would simply encrypt all possible 56-bit keys using the sender’s public
key as the public key is known to all.
And then match all the encrypted messages with the cipher text. This type of
attack can be prevented by appending some random bits to the original
message.
RSA Algorithm
RSA is a public key cryptographic algorithm in which two different keys are
used to encrypt and decrypt the message. That’s why it is also called
an asymmetric key algorithm.
But what was the need of this asymmetric key cryptography? Why it evolved?
Let us discuss the reason behind the evolution of asymmetric key
cryptography. The Asymmetric key cryptography evolves due to the two
problems of symmetric key cryptography.
In RSA public key cryptography each user has to generate two keys
a private key and a public key.
The public key is circulated or published to all and hence others are
aware of it whereas, the private key is secretly kept with the user only.
A sender has to encrypt the message using the intended receivers public
key.
Only the intended receiver can crack the message. In between the
communication no one can harm to the confidentiality of the message as
the message can only be decrypted by the intended receiver’s private
key which is only known to that receiver.
E(PRs, M)
2. In the next step, encrypt again with the receiver’s public key. This will allow
only the intended receiver to decrypt the message, this provides
the confidentiality to the message.
Key Generation
Till now we have seen that every sender or a receiver must have two
keys a public key and a private key. In this section, we will discuss the steps to
derive a public and a private key.
In RSA, the encryption and decryption expressions are in the exponential form:
1. Now we will determine the value of d. The value of d can be calculated
from the formula given below:
In the expression above we know that and e and Ø(n) are the coprime numbers
so in this case d is the multiplicative inverse of e. To calculate the value of d
use the formula below:
In this equation above we know the value of Ø(n), e, the value of i is unknown.
First, we have to put the value of i=1.
If the result is in decimals then we have to compute the equation again but this
time we have to increment the value of i by 1 so we will compute the equation
with i=2. Keep on incrementing the value of i till the above equation results in
a proper integer.
So, by trial and error method, for i=5 we get the result 43 i.e.
RSA Encryption
Now, after generating the private and public key we will now encrypt the
message. In RSA the plain text is always encrypted in blocks. The binary
value of each plain text block should be <n. Encryption is done with the
intended receiver’s public key. The expression to calculate cipher text is as
follow:
M’= Me mod n
In our example, the value of e=7 and n=77 i.e. public key (e, n) and we have to
take the value of M such that M<n. We will take the value of M=15. So, the
expression becomes
M’= 157 mod 77
RSA Decryption
Done with the encryption now its time to decrypt the message. For decryption
in RSA, we require a cipher text and the private key of the corresponding
public key used in encryption.
In our example the cipher text we have M’=71 and the private key we have
(43, 77). The expression to calculate plain text is as follow:
M= M’d mod n
M= 7143 mod 77
M= 15
So, this is the method to encrypt and decrypt the message in RSA. It is very
important to remember that in RSA we have to encrypt the message using the
intended receiver’s public key. So, the message can only be decrypted by the
intended receiver private key. This provides confidentiality to our message.
Disadvantage
Timing Attacks:
A timing attack is a security exploit that enables an attacker to spot
vulnerabilities in a local or a remote system to extract potentially sensitive
or secret information by observing the concerned system's response time to
various inputs.
The attack algorithm involves inducing single-bit errors and observing the results.
This attack, while worthy of consideration, does not appear to be a serious threat to
RSA.
The basic RSA algorithm is vulnerable to a chosen ciphertext attack (CCA). CCA
is defined as an attack in which the adversary chooses a number of ciphertexts and
is then given the corresponding plaintexts, decrypted with the target’s private key.
Thus, the adversary could select a plaintext, encrypt it with the target’s public key,
and then be able to get the plaintext back by having it decrypted with the private
key.
Whitefield Diffie and Martin Hellman develop Diffie Hellman key exchange
Algorithms in 1976 to overcome the problem of key agreement and exchange.
The purpose of the algorithm is to enable two users to securely exchange a key that
can then be used for subsequent symmetric encryption of messages.
For this scheme, there are two publicly known numbers: a prime number q and an
integer a that is a primitive root of q.
Thus, XA is A’s private key and YA is A’s corresponding public key, and
similarly for B.
The security of the Diffie-Hellman key exchange lies in the fact that,
while it is relatively easy to calculate exponentials modulo a prime, it is
very difficult to calculate discrete logarithms.
2. Alice selected private key a = 4, and Bob selected b = 3 as the private key
3. Both Alice and bob now calculate the value of x and y as follows:
The sender and receiver don’t need any prior knowledge of each other.
Once the keys are exchanged, the communication of data can be done
through an insecure channel.
The sharing of the secret key is safe.
The algorithm can not be used for any asymmetric key exchange.
Similarly, it can not be used for signing digital signatures.
Since it doesn’t authenticate any party in the transmission, the Diffie
Hellman key exchange is susceptible to a man-in-the-middle attack.
At this point, Bob and Alice think that they share a secret key, but instead
Bob and Darth share secret key K1 and Alice and Darth share secret key K2.
All future communication between Bob and Alice is compromised in the
following way.
This vulnerability can be overcome with the use of digital signatures and
public-key certificates
A “good” hash function has the property that the results of applying the
function to a large set of inputs will produce outputs that are evenly distributed
and apparently random.
In general terms, the principal object of a hash function is data integrity. A change
to any bit or bits in M results, with high probability, in a change to the hash value.
Message Authentication:
Message authentication is a mechanism or service used to verify the integrity of
a message.
Message authentication assures that data received are exactly as sent (i.e.,
there is no modification, insertion, deletion, or replay).
The essence of the use of a hash function for message integrity is as follows. o
The sender computes a hash value as a function of the bits in the message and
transmits both the hash value and the message.
o The receiver performs the same hash calculation on the message bits and
compares this value with the incoming hash value.
o If there is a mismatch, the receiver knows that the message (or possibly the
hash value) has been altered (Figure a).
o The hash value must be transmitted in a secure fashion. That is, the hash value
must be protected so that if an adversary alters or replaces the message, it is not
feasible for adversary to also alter the hash value to fool the receiver. This type of
attack is shown in Figure b.
Contd (cw)
Typically, MACs are used between two parties that share a secret key to
authenticate information exchanged between those parties.
A MAC function takes as input a secret key and a data block and produces a
hash value, referred to as the MAC, which is associated with the protected
message.
If the integrity of the message needs to be checked, the MAC function can be
applied to the message and the result compared with the associated MAC value.
An attacker who alters the message will be unable to alter the associated MAC
value without knowledge of the secret key.
Digital Signatures:
In the case of the digital signature, the hash value of a message is encrypted
with a user’s private key.
Anyone who knows the user’s public key can verify the integrity of the message
that is associated with the digital signature.
In this case, an attacker who wishes to alter the message would need to know
the user’s private key.
a. The hash code is encrypted, using public-key encryption with the sender’s
private key. As with Figure b, this provides authentication. It also provides a digital
signature, because only the sender could have produced the encrypted hash
code. In fact, this is the essence of the digital signature technique.
Other Applications:
Hash functions can be used for intrusion detection and virus detection.
Public-Key Encryption:
The straightforward use of public-key encryption (Figure b) provides
confidentiality but not authentication.
The source (A) uses the public key PUb of the destination (B) to encrypt M.
Because only B has the corresponding private key PRb, only B can decrypt the
message.
This scheme provides no authentication, because any opponent could also use
B’s public key to encrypt a message and claim to be A.
To provide authentication, A uses its private key to encrypt the message, and B
uses A’s public key to decrypt (Figure c).
This provides authentication using the same type of reasoning as in the symmetric
encryption case: The message must have come from A because A is the only party
that possesses PRa and therefore the only party with the information necessary
to construct ciphertext that can be decrypted with PUa.
There must be some internal structure to the plaintext so that the receiver can
distinguish between well-formed plaintext and random bits.
Assuming there is such structure, then the scheme of Figure c does provide
authentication. It also provides what is known as digital signature.
To provide both confidentiality and authentication, A can encrypt M first using its
private key, which provides the digital signature, and then using B’s public key,
which provides confidentiality (Figure d).
The disadvantage of this approach is that the public-key algorithm, which is
complex.
Message Authentication Code :
An alternative authentication technique involves the use of a secret key to
generate a small fixed-size block of data, known as a cryptographic checksum or
MAC, that is appended to the message.
This technique assumes that two communicating parties, say A and B, share a
common secret key K.
When A has a message to send to B, it calculates the MAC as a function of the
message and the key:
MAC = C(K, M)
where M = input message
C = MAC function
K = shared secret key
MAC = message authentication code
The message plus MAC are transmitted to the intended recipient.
The recipient performs the same calculation on the received message, using the
same secret key, to generate a new MAC.
The received MAC is compared to the calculated MAC (Figure a).
A MAC function is similar to encryption. One difference is that the MAC
algorithm need not be reversible, as it must be for decryption.
In general, the MAC function is a many-to-one function.
(refer cw for diagrams)
Padding Bits
When you receive the input string, you have to make sure the size is 64 bits short of a
multiple of 512. When it comes to padding the bits, you must add one(1) first, followed
by zeroes to round out the extra characters.
Padding Length
You need to add a few more characters to make your final string a multiple of 512. To
do so, take the length of the initial input and express it in the form of 64 bits. On
combining the two, the final string is ready to be hashed.
Initialize MD Buffer
The entire string is converted into multiple blocks of 512 bits each. You also need to
initialize four different buffers, namely A, B, C, and D. These buffers are 32 bits each and
are initialized as follows:
Process Each Block
MD5 uses the auxiliary functions, which take the input as three 32-bit numbers and
produce 32-bit output. These functions use logical operators like OR, XOR, NOR.
The content of four buffers are mixed with the input using this auxiliary buffer, and 16
Example:
Input: This is an article about the cryptography algorithm
Output: e4d909c290dfb1ca068ffaddd22cbb0
MD5 Algorithms are useful because it is easier to compare and store these
smaller hashes than store a large variable length text.
It is a widely used algorithm for one-way hashes used to verify without
necessarily giving the original value.
MD5 algorithms are widely used to check the integrity of the files.
Moreover, it is very easy to generate a message digest of the original message
using this algorithm.
Disadvantages:
But for many years, MD5 has prone to hash collision weakness, i.e. it is
possible to create the same hash function for two different inputs.
MD5 provides no security over these collision attacks.
Moreover, it is quite slow then the optimized SHA algorithm.
SHA is much secure than the MD5 algorithm.
Digital Signature
A digital signature is a mathematical technique used to validate the
authenticity and integrity of a message, software, or digital document.
The below fig shows a generic model of the process of making and using digital
signatures.
The inputs to the algorithm are the message and Bob’s private key.
Any other user, say Alice, can verify the signature using a verification algorithm,
whose inputs are the message, the signature, and Bob’s public key.
Properties:
Message authentication protects two parties who exchange messages from any
third party.
However, it does not protect the two parties against each other.
1. Mary may forge a different message and claim that it came from John. Mary
would simply have to create a message and append an authentication code using
the key that John and Mary share.
2. John can deny sending the message.
In situations where there is not complete trust between sender and receiver,
something more than authentication is needed.
• It must verify the author and the date and time of the signature.
The attack is generic, because it does not depend on A’s public key; the
same attack is used against everyone.
The term direct digital signature refers to a digital signature scheme that involves
only the communicating parties (source, destination).
If the signature is calculated on an encrypted message, then the third party also
needs access to the decryption key to read the original message.
However, if the signature is the inner operation, then the recipient can store the
plaintext message and its signature for later use in dispute resolution.
If a sender later wishes to deny sending a particular message, the sender can
claim that the private key was lost or stolen and that someone else forged his or
her signature.
Another threat is that some private key might actually be stolen from X at time T.
The opponent can then send a message signed with X’s signature and stamped
with a time before or equal to T.
The universally accepted technique for dealing with these threats is the use of a
digital certificate and certificate authorities.