SECURITY SERVICES

The classification of security services are as follows:

Confidentiality: Ensures that the information in a computer system a n d transmitted
information are accessible only for reading by authorized parties.

Authentication: Ensures that the origin of a message or electronic document is correctly

identified, with an assurance that the identity is not false.

Integrity: Ensures that only authorized parties are able to modify computer system assets
andtransmitted information. Modification includes writing, changing status,
deleting, creatingand delaying or replaying of transmitted messages.

Non repudiation: Requires that neither the sender nor the receiver of a message be able to
denythe transmission.

Access control: Requires that access to information resources may be controlled by or the
targetsystem.

Availability: Requires that computer system assets be available to authorized parties when
needed.

SECURITY ATTACKS
There are four general categories of attack which are listed below.

Interruption
An asset of the system is destroyed or becomes unavailable or unusable. This is an attack
onavailability e.g., destruction of piece of hardware, cutting of a communication line or
Disabling of file management system.

Interception
An unauthorized party gains access to an asset. This is an attack on confidentiality.
Unauthorized party could be a person, a program or acomputer.e.g, wire tapping to capture data in
the network, illicit copying of files.

Modification
An unauthorized party not only gains access to but tampers with an asset. This is an attack
onintegrity. e.g., changing values in data file, altering a program, modifying the contents
ofmessages being transmitted in a network.

Fabrication
An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity.
e.g., insertion of spurious message in a network or addition of records to a file.

Cryptographic Attacks
Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goalof
the opponent is to obtain information that is being transmitted. Passiveattacks are of two types:

Snooping: A telephone conversation, an e-mail message and a transferred filemay contain

sensitive or confidential information. We would like to prevent the opponent fromlearning the
contents of these transmissions.

Traffic analysis: If we had encryption protection in place, an opponent might still be able
toobserve the pattern of the message. The opponent could determine the location and identity
ofcommunication hosts and could observe the frequency and length of messages beingexchanged.
This information might be useful in guessing the nature of communication that wastaking place.
Passive attacks are very difficult to detect because they do not involve any alteration of
data.However, it is feasible to prevent the success of these attacks.

Active attacks
These attacks involve some modification of the data stream or the creation of a false stream.
Theseattacks can be classified in to four categories:

Masquerade– One entity pretends to be a different entity.

Replay– involves passive capture of a data unit and its subsequent transmission to produce
anunauthorized effect.
Modification of messages– Some portion of message is altered or the messages are delayed
orrecorded, to produce an unauthorized effect.
Denial of service– Prevents or inhibits the normal use or management of communication
facilities. Another form of service denial is the disruption of an entire network, either by
disablingthe network or overloading it with messages so as to degrade performance.
It is quite difficult to prevent active attacks absolutely, because to do so would require
physicalprotection of all communication facilities and paths at all times. Instead, the goal is to
detect themand to recover from any disruption or delays caused by them.

Basic Concepts

CryptographyThe art or science encompassing the principles and methods of transforming

anintelligible message into one that is unintelligible, and then retransforming that message back to
itsoriginal form.

PlaintextIn computing, plaintext is a readable textual material without much processing. It is an original
message not formatted text that a sender wishes to communicate with the receiver. The authentic message
that has to be sent to the receiver’s end in cryptography is given a unique name called plaintext.

Cipher textIn cryptography, cipher text is a text that comes as a result of encryption performed on
plaintext using an algorithm called cipher. This message is a meaningless text and cannot be understood
by anyone. Cipher text is also known as encrypted or encoded text as it is a non-readable form of the
original text. It cannot be read by human and computer without decryption of cipher text. In
cryptography the plaintext is converted to a non-readable text before sending the actual text .

CipherAn algorithm for transforming an intelligible message into one that is unintelligible
bytransposition and/or substitution methods.

KeyA key is a value that is used to encrypt or decrypt a message. It is a numeric or alpha numeric text or
may be special symbols also. In cryptography the selection of key is important as security depends on it. It
can use symmetric or asymmetric algorithms. Some critical information used by the cipher, known
only to the sender& receiver.

Encryption/EncipherEncryption is a process of coding information into a form that is unreadable

without a decoding key. Encryption requires two things key and encryption algorithm. It prevents our
data and allows only the receiver to read the data with the help of the key. Cryptography uses encryption
techniques to send confidential messages .This is a process in which a plaintext is converted to a cipher
text. It takes places at the sender’s site .

Decryption/DecipherDecryption is a reverse process of encryption. It is a process of converting a

cipher text back into a plaintext that the user can read and this happens at the receiver’s end so that he is
able to read the original message from the encrypted message. This also requires two things a key and
decryption algorithm.
CryptanalysisThe study of principles and methods of transforming an unintelligible messageback
into an intelligible message without knowledge of the key. Also called code breaking

CryptologyBoth cryptography and cryptanalysis.

CodeAn algorithm for transforming an intelligible message into an unintelligible one using acode-
book.

Cryptography
Cryptographic systems are generally classified along 3 independent dimensions:
Type of operations used for transforming plain text to cipher text
All the encryption algorithms are based on two general principles: substitution, in which
eachelement in the plaintext is mapped into another element, and transposition, in which
elements in the plaintext are rearranged.
Substitution
a b c d e f g h I j k …x,y,z
def gh abc
K=3
H e l l o h a I ok=1-26 k=5 H e l l o k=9 H e l l o
Khoor kdl r mj qqt q n u u

Transposition
Hello 12345 good morning sir
leoHl 42153
lHoel

The number of keys used

If the sender and receiver uses same key then it is said to be Symmetric key /Secret key
Encryption.If the sender and receiver use different keys then it is said to be Asymmetric
key /public key encryption.

The way in which the plain text is processed

Block Cipher & Stream Cipher

A block cipher processes the input and block of elements at a time, producing output block
foreach input block.

H e l l o sir how are you

Khoor

A stream cipher processes the input elements continuously, producing output element one at
atime, as it goes along.

He ll os ir ho wa re yo uz
Khoor
Cryptanalysis
The process of attempting to discover X or K or both is known as cryptanalysis. Thestrategy used
by the cryptanalysis depends on the nature of the encryption scheme and theinformation available
to the cryptanalyst.

There are various types of cryptanalytic attacks based on the amount of

information known to the cryptanalyst.

1.Cipher text only– A copy of cipher text alone is known to the cryptanalyst.

2.Known plaintext – The cryptanalyst has a copy of the cipher text and the corresponding
plaintext.

3.Chosen plaintext– The cryptanalysts gains temporary access to the encryption machine.
Theycannot open it to find the key, however; they can encrypt a large number of suitably
chosenplaintexts and try to use the resulting cipher texts to deduce the key.

4.Chosen cipher text– The cryptanalyst obtains temporary access to the decryption
machine, uses it to decrypt several string of symbols, and tries to
use the results to deduce thekey.

Symmetric key Encipherment

1. In symmetric key encipherment (sometimes called Secret-key encryption), an entity say
Alice wants to send a message to another entity say Bob over an insecure channel with the
assumption that an attacker cannot understand the content of the message.

2. Two requirements for secure use of symmetric encryption are as follows;

– A strong encryption algorithm
– A secret key known only to sender / receiver

3. To create the cipher text from the plain text, Alice uses an encryption algorithm and a key
(say k1). To obtain the plain text from cipher text, Bob uses the decryption algorithm and
the same key(say k1). From this it is concluded that, symmetric key encryption uses a single
key called secret key for both encryption and decryption.
Encryption: C=EK(P)
 Decryption: P=DK(C)
Where,
C---Cipher text
P---Plain text
E---Encryption
D---Decryption
K---secret key
4. Blowfish, AES, RC4, DES, RC5, and RC6 are examples of symmetric encryption. The most
widely used symmetric algorithm is AES-128, AES-192, and AES-256.
5. The main disadvantage of the symmetric key encryption is that all parties involved have to
exchange the key used to encrypt the data before they can decrypt it.

Asymmetric key Encipherment

1. Asymmetrical encryption is also known as public key cryptography, which is a relatively
new method, compared to symmetric encryption. Asymmetric encryption uses two keys
to encrypt a plain text. Secret keys are exchanged over the Internet or a large network. It
is important to note that anyone with a secret key can decrypt the message and this is
why asymmetrical encryption uses two related keys to boosting security. A public key is
made freely available to anyone who might want to send you a message. The second
private key is kept a secret so that you can only know.

2. A message that is encrypted using a public key can only be decrypted using a private
key, while also, a message encrypted using a private key can be decrypted using a public
key. Security of the public key is not required because it is publicly available and can be
passed over the internet. Asymmetric key has a far better power in ensuring the security
of information transmitted during communication.

3. Asymmetric encryption is mostly used in day-to-day communication channels,

especially over the Internet. Popular asymmetric key encryption algorithm includes
EIGamal, RSA, DSA, Elliptic curve techniques etc.

4. To use asymmetric encryption, there must be a way of discovering public keys. One
typical technique is using digital certificates in a client-server model of communication.
 A certificate is a package of information that identifies a user and a server. It contains
information such as an organization’s name, the organization that issued the certificate,
the users’ email address and country, and users public key.

5. When a server and a client require a secure encrypted communication, they send
a query over the network to the other party, which sends back a copy of the
certificate. The other party’s public key can be extracted from the certificate.

Monoalphabetic Cipher

1. Monoalphabetic cipher is a substitution cipher in which for a given key, the cipher alphabet for
each plain alphabet is fixed throughout the encryption process. For example, if ‘A’ is
encrypted as ‘D’, for any number of occurrence in that plaintext, ‘A’ will always get encrypted
to ‘D’.

2. In monoalphabetic cipher relationship among the plain text and cipher text letter is one-to-one.
Example:
Plain text: HELLO
Cipher Text: PJAAR

3. To break a monoalphabetic substitution using a known plaintext attack, we can take advantage
of the fact that any pair of letters in the original plaintext message is replaced by a pair of
letters with the same pattern. In other words, if two letters of paintext are distinct, then their
corresponding letters of cyphertext must also be distinct. To illustrate this, if we know that the
word "AMMUNITION" appears in the plaintext, then we can look for strings of 10 consecutive
letters of cyphertext that have the following pattern:
a) The 2nd and 3rd letters are the same
b) The 5th and 10th letters are the same (and different from the 2nd letter)
c) The 6th and 8th letters are the same (and different from the 2nd and 5th letters)
d) All other letters are distinct.
Once we have found all possible matches, we can use a chi-squared statistic to determine
which one is the most likely match for the known plaintext.

4. Caesar cipher only has 25 possibilities of a key. A direct brute-force attack testing each key is
simplest and fastest for attacking the ciphertext. For example, suppose we intercepted a
ciphertext below and we suspected it had been encrypted with Caesar Cipher.
KIMAIZKQXPMZQA MIAG

We could then start our brute-force attack.

For shift of 1, we have obtain
Ciphe K I M A I Z K Q X P M Z Q A M I A G
r
Plain J H L Z H Y .. .. .. .. .. .. .. Z L H Z F

It is already apparent that 1 is not the key and we may continue with 2 and so on. With key
= 8, we finally get intelligible result.
 CAESARCIPHERISEASY

Attack was successful.

Frequency Analysis on Substitution Cipher

The methodology behind frequency analysis relies on the fact that in any language, each letter has
its own personality. The most obvious trait that letters have is the frequency with which they
appear in a language. Clearly in English the letter "Z" appears far less frequently than, say, "A".
In times gone by, if you wanted to find out the frequencies of letters within a language, you had to
find a large piece of text and count each frequency. Now, however, we have computers that can do
the hard work for us. But in fact, we don't even need to do this step, as for most languages there are
databases of the letter frequencies, which have been calculated by looking at millions of texts, and
are thus very highly accurate.
From these databases we find that "E" is the most common letter in English, appearing about 12%
of the time (that is just over one in ten letters is an "E"). The next most common letter is "T" at 9%.
Example::https://crypto.interactive-maths.com/frequency-analysis-breaking-the-code.html
Substitution Cipher

1. In cryptography, a substitution cipher is a method of encrypting by which units

of plaintext are replaced with cipher text, according to a fixed system. In a Substitution
cipher, any character of plain text from the given fixed set of characters is substituted by
some other character from the same set depending on a key. Special case of Substitution
cipher is known as Caesar cipher where the key is taken as 3.

Caesar Cipher

1. It is a mono-alphabetic cipher.The Caesar cipher is a classic example of ancient

cryptography and is said to have been used by Julius Caesar. This cryptosystem is generally
referred to as the Shift Cipher.The Caesar cipher involves replacing each letter of the
alphabets letter standing with the 3rd place further down the alphabets.
Mathematical expression to perform encryption and decryption are as follows;
Encryption:E(p)=(p+3)mod26
Decryption:D(c)=(c-3)mod26
 Example:
Plain text: Meet me after the yoga party
Cipher text:phhw ph dihwu wkh bjrd sduwd
2. The encryption can be represented using modular arithmetic by first transforming the letters
into numbers, according to the scheme, A = 0, B = 1,…, Z = 25. Encryption of a letter by a
shift k can be described mathematically as.
Encryption: E(p)=(p+k)mod26
Decryption: D(c)=(c-k)mod26

Example:
Find the cipher text using Caesar cipher if plain text is :: Meet me after the yoga and k=5
Solution:
Meet me after the yoga
Numerical weight of characters in the above plain text are as follows;
M E E T M E A F T E R Y O G A
1 4 4 19 12 4 0 5 19 4 1 24 14 6 0
2 7

The encryption can be performed in the following way;

E(M)=(M+k)mod26 = (12+5)mod26 = 17mod26 = 17 R
E(E)= (E+k)mod26 = (4+5)mod26= 9 mod26 = 9 J
E(E)= (E+k)mod26 = (4+5)mod26 = 9 mod26 = 9 J
E(T)= (T+k)mod26 = (19+5)mod26= 24 mod26 = 24Y
E(M)=(M+k)mod26 = (12+5)mod26 = 17mod26 = 17 R
E(E)= (E+k)mod26 = (4+5)mod26= 9 mod26 = 9 J
E(A)= (A+k)mod26 = (0+5)mod26= 5 mod26 = 5 F
E(F)= (F+k)mod26 = (5+5)mod26= 10mod26 = 10K
E(T)= (T+k)mod26 = (19+5)mod26= 24mod26 = 24Y
E(E)= (E+k)mod26 = (4+5)mod26= 9 mod26 = 9 J
E(R)= (R+k)mod26 = (17+5)mod26= 22 mod26 = 22W
E(Y)= (Y+k)mod26 = (24+5)mod26= 29 mod26 = 3D
E(O)= (O+k)mod26 = (14+5)mod26 = 19mod26 = 19T
E(G)= (G+k)mod26 = (6+5)mod26= 11 mod26 = 11 L
E(A)= (A+k)mod26 = (0+5)mod26= 5 mod26 = 5 F

So the cipher text is RJJY RJ FKYJW DTLF

PolyalphabeticCipher

1. It was evident that monoalphabetic substitution ciphers had a lot of weaknesses, so

cryptographers came up with a stronger solution, polyalphabetic cipher. Whereas
monoalphabetic substitution cipher has one-to-one relationship between plaintext and
ciphertext, polyalphabetic substitution cipher has one-to-many relationship.

2. Polyalphabetic Cipher is a substitution cipher in which the cipher alphabet for the plain
alphabet may be different at different places during the encryption process. This means the
letter ‘E’ in plaintext may be encrypted to ‘J’ or ‘X’. This is a useful encryption technique
against frequency analysis as the letters frequencies are more
obscured.

3. In polyalphabetic cipher a key is required which actually a keyword (an English word) to
encrypt a plain text, to obtain cipher text. Playfair and Vigenere Cipher are polyalphabetic
ciphers.

Example:
Plain text: HELLO
Cipher Text: RNGPQ

Viginere Cipher
1. The Vigenère cipher is a method of encrypting alphabetic text by using a series of different
Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic
substitution. The method was originally described by Giovan Battista Bellaso in his 1553 book
La cifra del. Sig. Giovan Battista Bellaso; however, the scheme was later misattributed to
Blaise de Vigenère in the 19th century, and is now widely known as the "Vigenère cipher".

2. To encrypt, a table of alphabets can be used, termed a tabula recta, Vigenère square, or
Vigenère table. It consists of the alphabet written out 26 times in different rows, each alphabet
shifted cyclically to the left compared to the previous alphabet, corresponding to the 26
possible Caesar ciphers. At different points in the encryption process, the cipher uses a
different alphabet from one of the rows. The alphabet used at each point depends on a
repeating keyword
3. For example, suppose that the plaintext to be encrypted is: ATTACKATDAWN The person
sending the message chooses a keyword and repeats it until it matches the length of the
plaintext, for example, the keyword "LEMON": LEMONLEMONLE
the first letter of the plaintext, A, is paired with L, the first letter of the key. So use row L and
column A of the Vigenère square, namely L. Similarly, for the second letter of the plaintext,
the second letter of the key is used; the letter at row E and column T is X. The rest of the
plaintext is enciphered in a similar fashion:

Plaintext A T T A C K A T D A W N

Key L E M O N L E M O N L E

Ciphertext L X F O P V E F R N H R

4. Decryption is equally simple. The key letter again identifies the row by searching the
occurrence of that cipher text character in the Vigenere table and its corresponding plain text
letter is used.
Attack on Vigenere cipher

The first operation is to guess the length of the key used to encrypt. This can be done by
performing Kasiski test. This method is developed by Friedrich Kasiski.Kasiski’s insight was
the following;
1. There are common bigrams and trigrams in the plaintext.
2. From time to time, two occurrences of a bigram/trigram will be separated by an exact
multiple of the keylength.
3. This means that the two occurrences will be encrypted in the same way.
This suggests;
1. Find the common bigrams and trigrams in the ciphertext.
2. Find the distance between them.
3. This distance may be a multiple of the keylength.

Example: Assignment#2

Playfair Cipher

1. The Playfair cipher was the first practical digraph substitution cipher. The scheme was
invented in 1854 by Charles Wheatstone but was named after Lord Playfair who promoted
the use of the cipher.Playfair cipher is a polyalphabetic cipher and , was used by the British
during World War I [794]. The playfair cipher is based on the use of 5x5 matrix of character
letter constructed using the keyword.

2. The matrix is constructed first by filling the letters of the keyword,dropping out the
duplicate from left to right and top to bottom and then filling the matrix with the left-order
alphabets in alphabetic order

3. Letter I and j are kept together.

4. Plaintext is encrypted two letters at a time. Before encryption if two letters in a pair text are
same in the plaintext then a “filler” letter is inserted to separate them and if the number of
letters are odd, one extra filler letter is inserted at the end to make it even.

5. Following rules are used to perform encryption;

(a) Letters that falls in the same row of the matrix is replaced by next letter to right in the
same row, elements of row follow the circular manner.
(b) Plaintext letters that fall in the same column are replaced by the letter beneath, with the
top element of the column following the last.
(c) Otherwise, each plain text letter is replaced by the letter that lies in its own row and
column occupied by the other letter.

6. Following rules are used to perform decryption;

(d) Letters that falls in the same row of the matrix is replaced by next letter to left in the
same row, elements of row follow the circular manner.
(e) Plaintext letters that fall in the same column are replaced by the letter top, with the
bottom element of the column following the last.
(f) Otherwise, each plain text letter is replaced by the letter that lies in its own column and
row occupied by the other letter.

Example:
Suppose we have a plain text as meet me at the school house and a key as MONARCHY
then the encryption process will perform in the following manner;

1. First create the matrix by using the given key MONARCHY

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z

2. Now, divide the plain text characters into blocks each block have 2 characters as;
Meetme at theschoolhouse
In the abobe blocks there is a block having same characters i.e, oo so we have to fill a filler
in between them, after inserting the filler the blocks will look like as;
Me et me at th es ch oX ol ho us e
Now in the last block we have only one character so to complete the block we have to add
one more filler (say Y) , now the blocks will become;
Me et me at th es ch oX ol ho us eY

3. ENCRYPTION: Now encrypt the plain text using the above matrix
(a) Encryption of first block Me. ‘M’ and ‘e’ are in the same column so take letter below thom
to replace i.e, MeCL

(b) Encryption of second block et. ‘e’ and ‘t’ nor on same column or same row, hence
 form rectangle as shown, and replace letter by pickingup opposite corner letter on same
rowetKL

(c) Encryption of third block me. ‘M’ and ‘e’ are in the same column so take letter below thom
to replace i.e, meCL

(d) Encryption of fourth block at. ‘a’ and ‘t’ nor on same column or same row, hence
form rectangle as shown, and replace letter by pickingup opposite corner letter on same
rowatRS

(e) Encryption of fifth block th. ‘t’ and ‘h’ nor on same column or same row, hence
form rectangle as shown, and replace letter by pickingup opposite corner letter on same
rowthPD
(f) Encryption of sixth block es. ‘e’ and ‘s’ nor on same column or same row, hence
form rectangle as shown, and replace letter by pickingup opposite corner letter on same
rowesIL/JL

(g) Encryption of seventh block ch. ‘c’ and ‘h’ are in same row, hence take letter to the right of
them to replace. chHY

(h) Encryption of eighth block oX. ‘o’ and ‘X’ nor on same column or same row, hence
form rectangle as shown, and replace letter by pickingup opposite corner letter on same
rowoXAV

(i) Encryption of ninth block ol. ‘o’ and ‘l’ nor on same column or same row, hence
form rectangle as shown, and replace letter by pickingup opposite corner letter on same
rowolMP

(j) Encryption of tenth block ho. ‘h’ and ‘o’ are in the same column but from bottom to top so
take letter above them to replace i.e, hoFH

Similarly usXL and eYGC

So the final cipher text is CL KL CL RS PD IL HY AV MP FH XL GC

Transposition Techniques

1. Transposition Cipher is a cryptographic algorithm where the order of alphabets in the

plaintext is rearranged to form a cipher text.

2. A symbol in the first position in the plain text may appear on the 6th position of the cipher
text. A symbol on the 8th position in the plain text may appear on the 2nd position in the
cipher, from above it is clear that transposition cipher reorder the symbols of the plain text.

3. A transposition cipher can be keyless or keyed.

4. The rail fence is the simplest example of a class of transposition ciphers.

Rail Fence Cipher

1. The rail fence cipher (sometimes called zigzag cipher) is a transposition cipher that

jumbles up the order of the letters of a message using a basic algorithm. The rail fence
cipher works by writing your message on alternate lines across the page, and then reading
off each line in turn.

For example, let’s consider the plaintext “This is a secret message”.

Plaintext THI S I S A SECRET MESSAGE

To encode this message we will first write over two lines (the “rails of the fence”) as
follows:

2. The ciphertext is then read off by writing the top row first, followed by the bottom row:

3. While writing the plain text in zigzag format, we have to start writing the plain text from the
top left and ends at bottom right. If the no of characters are less then we have to insert filler
(X, Y or Z) at the bottom right.

4. This algorithm can be keyed also. Firstly, you need to have a key, which for this cipher is
the number of rows you are going to have. You then start writing the letters of the plaintext
diagonally down to the right until you reach the number of rows specified by the key. You
then bounce back up diagonally until you hit the first row again. This continues until the end
of the plaintext.

Example:
For the plaintext we used above, "defend the east wall", with a key of 3, we get the
encryption process shown below;

Note that at the end of the message we have inserted two "X"s. These are called fillers, and
act as placeholders. We do this to make the message fit neatly in to the grid (so that there are
the same number of letters on the top row, as on the bottom row. Although not necessary, it
makes the decryption process a lot easier if the message has this layout.
The ciphertext is read off row by row to get "DNETLEEDHESWLXFTAAX".
Decryption
The decryption process for the Rail Fence Cipher involves reconstructing the diagonal grid
used to encrypt the message. We start writing the message, but leaving a dash in place of the
spaces yet to be occupied. Gradually, you can replace all the dashes with the corresponding
letters, and read off the plaintext from the table.
We start by making a grid with as many rows as the key is, and as many columns as the
length of the ciphertext. We then place the first letter in the top Left Square, and dashes
diagonally downwards where the letters will be. When we get back to the top row, we place
the next letter in the ciphertext. Continue like this across the row, and start the next row
when you reach the end.
For example, if you receive the ciphertext "TEKOOHRACIRMNREATANFTETYTGHH",
encrypted with a key of 4, you start by placing the "T" in the first square. You then dash the
diagonal down spaces until you get back to the top row, and place the "E" here. Continuing
to fill the top row you get the pattern below.

The first row of the decryption process for the Rail Fence Cipher. We have a table with 4
rows because the key is 4, and 28 columns as the ciphertext has length 28.
Continuing this row-by-row, we get the successive stages shown below.

The second stage in the decryption process.

The third stage in the decryption process.

 Rectangular Transposition
1. A more complex scheme is to write a message in a rectangle row by row and read col by
col but permutate the order of the column.
2. It is a keyed algorithm.
Example:
Consider a plain text as “attack postponed until two am” and a key 4312567
Encryption
1. Firstly count the number of digits in the key, here length of key is 7 so create 7
columns and fill the alphabets of plain text row by row as;
4 3 1 2 5 6 7
A T T A C K P
O S T P O N E
D U N T I L T
W O A M X Y Z
Now to find the cipher text read the column in a increasing order as per the digits of
key as;

CipherText: TTNAAPTMTSUOAODWCOIXKNLYPETZ
Decryption
1. Now to decrypt first count the length of the key and cipher text. Now divide the no of
char by length of key to find the block size.
Here,
Length of the key=7
Length of chars in cipher text= 28
Block size= 28/ 7= 4
Now customize the cipher text in blocks each block have 4 characters.
TTNAAPTMTSUOAODWCOIXKNLYPETZ

Now, create a table having 7 columns and 4 rows and fill the block in column wise in
increasing order of the key digits as,
4 3 1 2 5 6 7
A T T A C K P
O S T P O N E
 D U N T I L T
W O A M X Y Z
To obtain the plain text read the characters row by row.

One Time Padding

One-time pad (OTP), also called Vernam-cipher or the perfect cipher, is a crypto algorithm where
plaintext is combined with a random key. It is the only existing mathematically unbreakable
encryption.
The story of one-time pad starts in 1882, when the Californian banker Frank Miller compiles his
"Telegraphic Code to Insure Privacy and Secrecy in the Transmission of Telegrams". Such
codebooks were commonly used, mainly to reduce telegraph costs by compressing words and
phrases into short number-codes or letter-codes. These codebooks provided little or no security.

We can only talk about one-time pad if some important rules are followed. If these rules are
applied correctly, the one-time pad can be proven unbreakable.However, if only one of these rules
is disregarded, the cipher is no longer unbreakable.

 The key is at least as long as the message or data that must be encrypted.
 The key is truly random (not generated by a simple computer function or such)
 Key and plaintext are calculated modulo 10 (digits), modulo 26 (letters) or modulo 2
(binary)
 Each key is used only once, and both sender and receiver must destroy their key after use.
 There should only be two copies of the key: one for the sender and one for the receiver
(some exceptions exist for multiple receivers)

Example: suppose Alice wants to send the message “ATTACK POSTPONED” to Bob by using a
key “KCATTA DENOPTSOP”

Encryption:
1. First write the plain text and the numerical weights of each alphabet as;

A T T A C K P O S T P O N E D
1 1 19 0 2 10 1 14 18 1 15 1 13 4 3
9 5 9 4

2. Now write the key and the numerical weights of each alphabet as;
K C A T T A D E N O P T S O P
10 2 0 19 1 0 3 4 13 1 15 1 18 1 15
9 4 9 4

3. Now merge these two tables and add the numerical weights of plain text char and key char.
Plain text A T T A C K P O S T P O N E D
char
 weight 1 1 19 0 2 10 1 14 18 1 15 14 1 4 3
9 5 9 3
Key char K C A T T A D E N O P T S O P
weight 10 2 0 19 1 0 3 4 13 1 15 19 1 14 15
9 4 8
SUM 11 2 19 19 2 10 1 18 31 3 30 33 3 18 18
1 1 8 3 1
SUM mod 26 11 2 19 19 2 10 1 18 5 7 4 7 5 18 18
1 1 8
Cipher Text L V T T V K S S F H E H F S S

Decryption:
1. First write the Cipher text and the numerical weights of each alphabet as;

Cipher Text L V T T V K S S F H E H F S S
Weight 11 21 19 19 21 10 18 18 5 7 4 7 5 18 18
Key char K C A T T A D E N O P T S O P
weight 10 2 0 19 19 0 3 4 13 14 15 19 18 14 15
Difference 1 19 19 0 2 10 15 14 -8 -7 -11 -12 -13 4 3
Add 26 to negative 1 19 19 0 2 10 15 14 18 19 15 14 13 4 3
value
Plain text char A T T A C K P O S T P O N E D

Stream cipher & Block Cipher

1. Both Block Cipher and Stream Cipher are belongs to the symmetric key cipher. These two
block cipher and stream cipher are the methods used for converting the plain text into cipher
text.The basic difference between block and stream cipher are as follows;

S.No Block Cipher Stream Cipher

.
1. Block Cipher is the type of encryption where Stream Cipher is the type of
the conversion of plain text performed by encryption where the conversion of
taking its block at a time. plain text performed by taking one
byte of the plain text at a time.
2. As Block Cipher takes block at a time so On other hand in case of Stream
comparatively more bits get converted as Cipher at most 8 bits could get
compared to in Stream Cipher specifically converted at a time
64 bits or more could get converted at a
time.
3. Block Cipher uses both confusion and On other hand Stream Cipher uses
diffusion principle for the conversion only confusion principle for the
required for encryption. conversion.
 4. For encryption of plain text Block Cipher On other hand Stream Cipher uses
uses Electronic Code Book (ECB) and CFB (Cipher Feedback) and OFB
Cipher Block Chaining (CBC) algorithm (Output Feedback) algorithm.
5. As combination of more bits get encrypted in On other hand Stream Cipher uses
case of Block Cipher so the reverse XOR for the encryption which can
encryption or decryption is comparatively be easily reversed to the plain text.
complex as compared to that of Stream
Cipher.
6. The main implementation of Block Cipher is On other hand the main
Feistel Cipher implementation of Stream Cipher is
Vernam Cipher.
7. Block cipher is slow as compared to stream While stream cipher is fast in
cipher. comparison to block cipher.
8. It requires more code It requires less code.
9. Whereas in block cipher key can be reused. In a stream cipher, one key is used
for one time

Confusion & diffusion

1. In cryptography, confusion and diffusion are two properties of the operation of a secure
cipher identified by Claude Shannon in his 1945 classified report A Mathematical
Theory of Cryptography. These concepts are also important in the design of robust hash
functions and pseudorandom number generators where association of the generated
values is of paramount importance.

2. Confusion means that each binary digit (bit) of the ciphertext should depend on several
parts of the key, obscuring the connections between the two. The property of confusion
hides the relationship between the ciphertext and the key. This property makes it difficult
to find the key from the ciphertext and if a single bit in a key is changed, the calculation
of the values of most or all of the bits in the ciphertext will be affected. Confusion
increases the ambiguity of ciphertext and it is used by both block and stream ciphers.

3. Diffusion means that if we change a single bit of the plaintext, then (statistically) half of
the bits in the ciphertext should change, and similarly, if we change one bit of the
ciphertext, then approximately one half of the plaintext bits should change. The idea of
diffusion is to hide the relationship between the ciphertext and the plain text. This will
make it hard for an attacker who tries to find out the plain text and it increases the
redundancy of plain text by spreading it across the rows and columns; it is achieved
through transposition of algorithm and it is used by block ciphers only.

Hill Cipher

1. The Hill Cipher was invented by Lester S. Hill in 1929, and like the other Digraphic
Ciphers(Digraph Substitution Ciphers are similar to Monoalphabetic Substitution Ciphers,
except that instead of replacing individual letters in the plaintext, they replace pairs of letters
 with another pair of letters (or digraph).) it acts on groups of letters. Unlike the others
though it is extendable to work on different sized blocks of letters. So, technically it is a
polygraphic substitution cipher, as it can work on digraphs, trigraphs (3 letter blocks) or
theoretically any sized blocks.

Example:
In order to encrypt a message using the Hill cipher, the sender and receiver must first agree
upon a key matrix A of size n x n. A must be invertible mod 26. The plaintext will then be
enciphered in blocks of size n. In the following example A is a 2 x 2 matrix and the message
will be enciphered in blocks of 2 characters.  

Plain text--- Herbert Yardley wrote the American Black chamber

Key - 3 7
5 12

Encryption:

He rb er ty ar dl ………………er
Write the numerical weights
74 17 1 …………………….

Write the weight of chars of first block in col order

7 3 7
4 5 12

Multiply these two matrices

21+28 49 23
35 + 48 mod 26 xf
83 5
This step is repeated for the entire plaintext. If there are not enough letters to form blocks of 2, pad
the message with some letter, say Z.
Decryption
Decryption

First we have to find out the inverse of matrix

For finding the inverse of matrix we have to use Euclidian Algorithm
He(7,4)  xf (23,5)
Euclidian Algorithm

Step1: (A1,A2,A3)  (1,0,m); (B1,B2,B3)(0,1,b)

Step2. If B3=0 ; No Inverse
Step3. If B3=1 return B3=GCD(m,b);B2
Step4. Q=
A3/B3
 Step5. (T1,T2,T3)(A1-QB1,A2-QB2,A3-QB3)
Step6. (A1,A2,A3)(B1,B2,B3)
Step7. (B1,B2,B3)(T1,T2,T3)
Step8. Goto step2

D = cipher value of each block * Inverse of M

E = NWP * M
NWP = E/M = E M-1

Write the weight of chars of first block in col order

23 3 7
5 * 5 12

a b
K= K-1 = d/ad-bc -b/ad-bc = 1/ ad-bc d -b = 12 -7
c d -c/ad-bc a/ad-bc -c a -5 3
adj of K = ad - bc
=36 -35 =1

2312 -7 276-35 241 241 7

= = = = He
5-5 3 -115+15 -100 4 4
The receiver will repeat this step for every pair of letters in the ciphertext to recover the
original message
Example2. Consider the same plain text as -
Plain text--- Herbert Yardley wrote the American Black chamber
Key - 3 2
5 7

Q A1 A2 A3 B1 B2 B3
- 1 0 26 0 1 3
8 0 1 3 1 -8 2
1 1 -8 2 -1 9 1

One good example of a fixed table is the S-box from DES (S5), mapping 6-bit input into a 4-bit output:

Middle 4 bits of input

S5 000 000 001 001 010 010 011 011 100 100 101 101 110 110 111 111
0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1
 0 001 110 010 000 011 101 101 011 100 010 001 111 110 000 111 100
0 0 0 0 1 1 0 1 0 0 1 1 1 1 0 0 1
0 111 101 001 110 010 011 110 000 010 000 111 101 001 100 100 011
Oute 1 0 1 0 0 0 1 1 1 1 0 1 0 1 1 0 0
r
bits 1 010 001 000 101 101 110 011 100 111 100 110 010 011 001 000 111
0 0 0 1 1 0 1 1 0 1 1 0 1 0 1 0 0
1 101 100 110 011 000 111 001 110 011 111 000 100 101 010 010 001
1 1 0 0 1 1 0 0 1 0 1 0 1 0 0 1 1

Given a 6-bit input, the 4-bit output is found by selecting the row using the outer two bits (the first
and last bits), and the column using the inner four bits. For example, an input "011011" has outer
bits "01" and inner bits "1101"; the corresponding output would be "1001"

MODERN BLOCK CIPHER

Modern Block Cipher

1. The traditional symmetric key ciphers are character-oriented ciphers. With the advent of
computer, we need bit-oriented ciphers because the information to be encrypted is not just
text; it can be numbers, graphics, audio or video data. It is convenient to convert these types
of data into a stream of bits, to encrypt the stream, and then to send the encrypted stream.

2. A symmetric key modern block cipher encrypts an N-bits block of plain text & decrypts N-
bits block of cipher text. The encryption or decryption algorithm uses a K-bit key. The
decryption algorithm must be inverse of the encryption algorithm and both operation must
use the same secret key.

3. If message has fewer than N-bits, padding must be added to make it an N-bit block. If the
message has more than N-bits, it should be divided into N-bits blocks and the appropriate
padding must be added to the last block if necessary. The common values of N are
64,128,256 or 512 bits.

Components of Modern block Cipher

1. P- Boxes
2. S-Boxes
3. Circular Shift

P-Box

A P-Box is a Permutation box having same characteristics as traditional transposition

ciphers. P-Boxes transpose bits.

The following are the types of P-boxes;

(a) Straight P-Box
(b) Compression P-Box
(c) Expansion P-Box

Straight P-Box

A straight P-Box takes small n-bit inputs, permutates them and provide n-bit output.
n=2
12--- 11, 22 or 12,21
00 = 00 ,00
01 = 01, 10
10 = 10, 01
11 = 11, 11

Compression P–Box

N-Bits input generates M-bits output

N>M
If N=5 M=3 that means two inputs are blocked

Expansion P–Box

N-Bits input generates M-bits output

N<M
If N=3 M=5 that means some inputs have one to many association

S-Box
It stands for substitution box.

Circular shift
B7 B6 B5 B4 B3 B2 B1 B0

Left shift 3
B4 B3 B2 B1 B0 B7 B6 B5

Right shift 4
B3 B2 B1 B0 B7 B6 B5 B4
 Swap

B7 B6 B5 B4 B3 B2 B1 B0
To perform swapping dive the block into two equal halves LHS and RHS
And interchange them
B7 B6 B5 B4 B3 B2 B1 B0

B3 B2 B1 B0 B7 B6 B5 B4

Split & Combine

B7 B6 B5 B4

B3 B2 B1 B0

S-DES- Simplified Data Encryption standard

1. It is a block cipher.
2. It is developed by Prof. Edward Schaefer.
3. It is an educational tool to understand the working of DES.
4. In S-DES the size of plain text is 8-bit and the size of key is 10 bit.
5. This 10-bit key generates 2 keys k1 and k2 of size 10 bits

Encryption:

Step-1: An Initial permutation (IP)

Step-2: A complex function (FK) which involves both permutation and substitution.
Step-3: A simple permutation function which switches /swaps (sw) the two halves of the data.
Step-4: The function FK again.
Step-5: Inverse Initial Permutation.

CT= IP-1 (FK2 (Sw (FK1( IP(PT)))))

Block Diagram of SDES
Key Generation in S-DES
 1234 56 78910

Example: Find two sub keys from 1010000010 if P10 = (3, 5, 2,7,4,10,1,9,8,6) and
P8 = (6,3,7,4,8,5,10,9)

Step-1. P10 (1010000010) = 1000001100

Step-2 divide 1000001100 into two equal halves i.e

LHS=10000 and RHS=01100

Step-3. Perform left shift-1 on both the halves

LS-1(10000)= 00001 and LS-1(01100)=11000

Step-4. Concatenate both the halves and pass through P8

P8(0000111000)= 10100100
Therefore K1=10100100

Step-5. Again perform left shift-2 on 00001 and 11000

LS-2(00001)=00100 and LS-2(11000)=00011

Step-6. Concatenate both the halves and pass through P8

P8(0010000011)= 01000011
Therefore K2=01000011
 Example: Let us consider a plain text :11110011
Suppose kl= 10100100 and k2= 01000011

Given:
1. IP(8)={2,6,3,1,2,8,5,7)
2. E/P= (4,1,2,3,2,3,4,1)
3. S0= 0 1 2 3 S1= 0 1 2 3
0 1 0 3 2 0 0 1 2 3
1 3 2 1 0 1 2 0 1 3
2 0 2 1 3 2 3 0 1 0
3 3 1 3 2 3 2 1 0 3

Solution:

Step1: IP(11110011) = 10111101

Step2: Let divide the resultant permutated bits into two equal halves each of 4-bits
LHS=1011
RHS=1101
Now pass the RHS into E/P
E/P(1101)= 11101011

Step3: Now perform XOR operation between 11101011 and first sub key (k1=10100100)
11101011
10100100
--------------------
01001111
Ste4. Now divide the resultant bits into two equal halves each of 4-bits
LHS=0100
RHS=1111
Now pass the LHS to S0 S-Box and RHS to S1 S-Box
LHS=0100
Take 1st and 4th bit as a row for S-box(S0)
Take 2nd and 3rd bit as col for S-box(S0)
Row=00 now convert it into decimal i.e, 0 now, row=0
Col=10 now convert it into decimal i.e, 2 and col=2
The intersecting value in So S-box at 0th row and 2nd col is 3 i.e 11

Similarly,
RHS=1111
Take 1st and 4th bit as a row for S-box(S0)
Take 2nd and 3rd bit as col for S-box(S0)
Row=11 now convert it into decimal i.e, 3 now, row=3
Col=11 now convert it into decimal i.e, 3 and col=3
The intersecting value in S1 S-box at 3rd row and 3rd col is 3 i.e 11

Step5: Now concatenate the resultant bits as 1111 and pass it to Straight P-Box P4 as,
P(1111)= 1111
Step6: Now perform XOR operation between the left half of IP and 1111 as,
1011
1111
--------
0100
Step7. Now perform the swapping between 0100 and RHS of IP i.e 1101
LHS= 1101
RHS= 0100

S.n S-DES DES

o
1 Input (Plain Text) 8 bits
2 Key size- 10 bits
3 Finally 10bits key will generate two sub
keys of size 8 bits
4 2 sub keys are used
5 F-function acts on 4bits
6 Only two S-Boxes are used
7 It is an educational purpose kit
Input(plain text) 64 bits
Key size- 56 bits
Finally 56 bits key will generate 16 sub
keys of size 48 bits
16 sub keys are used
F function acts on 32 bits
8 S-Boxes are required of size 6x4
It is practically used for Enc. and Dec.

Product Cipher
Claude Shannon introduced the concept of product cipher. A product cipher is a complex
cipher, combining of substitution, permutation and other components.

Fiestel Cipher
Base cipher for DES is Fiestel Cipher.
First approach of FiestelCipher

Double DES

1. Double DES comes under multiple encryption. This is the simplest form of multiple
encryption and has two encryption stages with 2 different keys.
2. Given plain text P and 2 encryption keys K1 and K2. Cipher text C will be generated as;
C=E (K2, E(P,K1))

3. Decryption requires that the key will be applied in reverse order.

P=D (K1, D (C,K2))

4. The pictorial representation od Double DES is as follws;

 5. The Double DES (2-DES) uses 2 instances of DES cipher for encryption and 2 units of
reverse DES cipher for decryption. Each unit of DES cipher uses different keys
encryption and decryption which increases the size of the key (56x2=112bits) making it
more secure.

Attack: Meet In the Middle Attack

C1 P1 k1 ,k2 E(P1)k1=X D(C1)k2=X

C2P2

Triple DES

1. To improve the security of DES, Triple DES (3-DES) was proposed. This uses 3 stages
of DES for encryption and decryption.
2. Two versions of Triple DES are used ;
(a) Triple DES with 2 keys
(b) Triple DES with 3 different keys

Triple DES with 2 keys

1. In triple DES with 2 keys there are only 2 keys k1 & k2. The first and third stage used k1
key; the second stage uses k2 key.

2. To make Triple DES compatible with single DES, the middle stage uses decryption at the
encryption site and encryption at the decryption site.

3. The pictorial representation of Triple DES with 2 keys are as follows;

Triple DES with 3 keys
Block Cipher Modes of Operation

1. Symmetric key encipherment can be done by using modern block cipher. The two
modern block cipher namely DES and AES are designed to encipher and decipher.

2. DES encrypts and decrypts a block of 64bits, AES encrypts and decrypts block of 128
bits.

3. In real life applications the text to be enciphered is of variable length and normally much
larger than 64 and 128 bits.

4. Modes of operations have been devised to encipher text of any size employing either
DES or AES. the following pictorial representation shows 5possible modes of
operations.

ECB(Electronic code Book)

1. The simplest mode of operation is called ECB. The plain text is divided into N blocks.
The block size is of n-bits. If the plain text size is not a multiple block size, the text is
padded to make the last block of same size as that of other blocks.

2. The same key is used to encrypt and decrypt each block.

3. The following pictorial representation shows the encryption and decryption is this mode;
Example: consider a plain text M=101100010100101an key K=2341

Step-1: Decompose the plain text into blocks of size=4

m1=1011 m2=0001 m3=0100 m4=1010

Step-2: Now perform encryption on each block in the following way; 12 3 4

Ci=Ek(mi)  C1=E(2341)(m1)  C1=E(2341)(1011)  C1=0111 K=2 3 4 1

Ci=Ek(mi)  C1=E(2341)(m2)  C1=E(2341)(0001)  C1=0010

Ci=Ek(mi)  C1=E(2341)(m3) C1=E(2341)(0100)  C1=1000

Ci=Ek(mi)  C1=E(2341)(m4) C1=E(2341)(1010)  C1=0101

Now concatenate all the cipher blocks to obtain the final cipher text as;
C=0111001010000101
 CBC (Cipher Block Chaining)

1. CBC uses a fixed initialization vector (IV) which can be made public.
2. As in ECB mode, the plain text is decomposed into blocks of length n. If the sender
encrypts the sequence, m1,m2,m3……..mt of plain text block of length N using the key
e then we have,
C0=IV
Cj = Ee(Cj-1XORmj)
3. Finally we get the cipher text as C =C1, C2, C3,…………Ct.
4. To decrypt the cipher text, the receiver uses the decryption algorithm , key, which
satisfies the following;
mj = Cj-1XORDd (Cj)

Example:Consider a plain text 101100010100101 and key e=2341and IV=1010

Step-1: Decompose the plain text into blocks of size=4

m1=1011 m2=0001 m3=0100 m4=1010

FOR m1 BLOCK
Step-1: Apply the formula Cj = Ee(Cj-1XORmj)
For 1st block i.e i=1

C1 = E(2341)(C0XORm1)  E(2341)(1010 XOR1011)  E(2341)(0001)

Step-2: Now perform encryption on the block in the following way; 12 3 4

Ci=Ee(0001)  C1=E(2341)(0001)  C1= 0010 K=2 3 4 1

FOR m2 BLOCK
Step-1: Apply the formula Cj = Ee(Cj-1XORmj)
For 2nd block i.e i=2

C2 = E(2341)(C1XORm2)  E(2341)(0010 XOR0001)  E(2341)(0011)

Step-2: Now perform encryption on the block in the following way; 12 3 4

Ci=Ee(0011)  C2=E(2341)(0011)  C2= 0110 K=2 3 4 1

CFB (Cipher FeedBack Mode)

 1234
Step-1: Initialize IJ=IV (initial vector) 2341

Step-2: Calculate OJ= EK (IJ) 1011

Step-3: Initialize TJ to the string; it consists of the first r-bits of OJ

Step-4: For Encryption: CJ= mJ + TJ For Decryption: mJ= CJ + TJ

Step-5: Initialize IJ+1 by deleting the first r-bits of IJ and appending CJ

Step-6: The final cipher text is obtained by concatenating the sequence C1,C2,C3,…..Cn

Example:Consider a plain Text as 101100010100101 and key=2341 and IV=1010 and r=3.

Step-1: Decompose the plain text into blocks of size=3

m1=101 m2=100 m3=010 m4=100 m5=101
0111
j IJ OJ Tj mJ CJ=TJ+mJ
1 1010 0101 010 101 111
Final Cipher Text: 2 0111 1110 111 100 011 111011001101000
3 1011 0111 011 010 001
4 1001 0011 001 100 101
CTR (COUNTER 5 1101 1011 101 101 000 MODE)

Example:Consider a plain Text as 101100010100101 and key=2341 and IV=1010.

Step-1: Decompose the plain text into blocks of size=3

m1=1011 m2=0001 m3=0100 m4=1010

j Counter CK=IVK mJ CJ=CK+mJ

1 1010 0101 1011 1110
Final Cipher Text: 1110011011010001
2 1011 0111 0001 0110
3 1100 1001 0100 1101
4 1101 1011 1010 0001
 UNIT-3

Euclidian Algorithm for GCD

1. Euclidian algorithm was developed by a Mathematician Euclidto find the greatest common
divisor of two positive integers. GCD (a,b) of a and b is the largest number that divides
evenly both a and b.
Example: GCD (60,24)=12

2. If there is no common factor except 1, then numbers i.e, a and b are relatively prime.
Example: GCD (8,15)=1

3. The steps of the algorithm is as follows;

 Step-1: GCD (a,b)
A=a; B=b

Step-2: if B=0 return GCD(a,b)=A

Step-3: R= A mod B

Step-4: A=B

Ste-5: B=R

Step-6: goto Step-2

Example: Find GCD(1970,1066)

Here a=1970 and b=1066  A=1970 and B=1066

1970 = 1 * 1066 + 904 GCD(1066,904)

1066 = 1 * 904 +162 GCD(904,162)
904 = 5 * 162 +94 GCD(162,94)
162 = 1 * 94 + 68 GCD(94,68)
94 = 1 * 68 + 26 GCD(68,26)
68 = 2 * 26 + 16 GCD(26,16)
26 = 1 * 16 + 10 GCD(16,10)
16 = 1 * 10 + 6 GCD(10,6)
10 = 1* 6 + 4 GCD(6,4)
6 = 1 * 4 + 2 GCD(4,2)
4 = 2 * 2 +0 GCD(2,0)

Therefore GCD(1970,1066)=2

GCD(4655,12075)=?

4655 = 0 * 12075 +4655 GCD(12075.4655)

RSA algorithm

1. The most common public key algorithm is the RSA cryptosystem, named for its inventors
(Rivest, Shamir and Adleman).

2. The RSA scheme is a block cipher and make use of the expression with exponential.
 3. RSA uses two exponents, “e” and “d”, where “e” is public while “d” is private.The sender
knows the value of “e” and only the receiver knows the value of “d”.

4. Encryption and decryption uses modular exponentiation.

Suppose P is a plain text and C is a cipher text, then the encryption and decryption are of the
following form;

C = Me mod N
M = Cd mod N
5. Both sender as well as receivermust know the value of N.

Algorithm (RSA)

Step-1: Select p and q. p and q both are prime and p≠q.

Step-2: Calculate N = p*q;

Step-3: Calculate ɸ(N) = (p-1)*(q-1)

Step-4: Select an integer e, where GCD (ɸ(N),e) =1

Choose ‘e’ such that 1< e < ɸ(N)
‘e’ is coprime to ɸ(N), GCD (ɸ(N),e) =1

Step-5: Calculate ‘d’ as d= (1+ (k* ɸ(N)) / e

Step-6: Public key (e), PU={e,N}

Step-7: Private key (d), PR ={d,N}

For Encryption: C = Me mod N

For Decryption: M = Cd mod N

Example1: Perform encryption and decryption if p=3, q=11,e=7 and M=5.

Sol: we have p=3 and q=11

N= p*q = 3*11 = 33

ɸ(N) = (p-1)*(q-1) = (3-1)*(11-1) = 2*10 = 20

d= (1+ (k* ɸ(N)) / e put k=1,2,3,4,5,6……

d= (1+(1 * 20)) / 7 = (1+20) / 7 = 21 / 7 = 3
d=3
 But we have e=7

For Encryption: C = Me mod N

= 57 mod 33
= 78125 mod 33
=14

For Decryption: M = Cd mod N

= 143 mod 33
= 2744 mod 33
=5

Example2: If p=17 and q=11 and M=10. Perform encryption and decryption using RSA.

We have p=17 and q=11

N=p*q = 17 *11 = 187

ɸ(N) = (p-1)*(q-1) =(17-1)*(11-1)= 16*10= 160

To calculate “e” divide ɸ(N) by 1,2,3,4,….and take a small prime no. as “e”.
ɸ(N) / 1= 160/1=Divisible
ɸ(N) / 2= 160/2=Divisible
ɸ(N) / 3= 160/3= Not Divisible
so the value of e is 3

For Encryption: C = Me mod N

= 103 mod 187
= 1000 mod 187
= 65
For “d” we have,
d= (1+ (k* ɸ(N)) / e put k=1,2,3,4,5,6……
put k=1
d = (1+(1 * 160)) / 3 = (1+160) / 3 = 161 / 3 = 53.66

now, put k=2

d = (1+(2 * 160)) / 3 = (1+320) / 3 = 321 / 3 =107

So d=107

For Decryption: M = Cd mod N

= 65107 mod 187
= ############mod 187
= 10

Example3: In a public key system using RSA, we intercept a cipher text C=10 and send to
user
using public key as “e=5” and N=35. Find the plain text.

Example4: In RSA crypto system it is given N=187,e=17. Obtain the value of “d” here, N,e,d
have their usual meanings. Show all the steps.

Key Management

1. Key management is the management of cryptographic keys in a cryptosystem. This includes

dealing with the following;
(a) key generation
(b) Transfer/Exchange of keys
(c) Storage of keys
(d) Use of keys
(e) Deletion of keys

2. Key management concerns keys at the user level either between users or systems. This is in
contrast to key scheduling; key scheduling typically refers to the internal handling of key
with in the operation of cipher.

3. Challenges for key Management

The following are the several challenges that an IT organization face when trying to control
and managed their encryption keys.

(a) Complex Management: Managing a plethora (huge collection) of encryption keys in

millions.

(b) Security Issue: Susceptibility of keys from outside hackers/malicious insiders.

(c) Data Availability: Ensuring data accessibility for authorized users.

(d) Scalability:Supporting multiple databases applications and standards.

(e) Governance: Defining policies, access controls and protection of data.

4. Types of Key Management

1. There are two types of key management system;

(a) Integrated key management system
(b) Third Party key management system
 2. One of the major role of public key encryption has been to address the problem of key
distribution. There are actually two distinct aspects to use public key cryptography in
this regard;
(a) Distribution of public keys
(b) Use of public keys to distribute secret key.

KDC( Key Distribution Center)

1. A practical solution for efficient and secure way to distribute secret key is the use of the
trusted third party referred to as a “Key Distribution Center”.

2. To reduce the number of keys each user establishes a shared secret key with KDC as
shown in the following figure;

FLAT MULTIPLE KDC’s

1. When the number of users using a KDC increases, the system becomes
unmanageable. To solve this problem, we need to have multiple KDC’s.

2. We divide the world into domains. Each domain can have one or more KDC’s.

3. Suppose, ALICE wants to send a confidential message to BOB, who belongs to

another domain, ALICE contact his KDC, which in turn contact the KDC of BOB’s
domain and finally the 2 KDC’s can create a secret key for ALICE and BOB.
Hierarchical Multiple KDC’s

1. The concept of flat multiple KDC’s can be extended to a hierarchical KDC’s with
one or more KDC’s at the top of the hierarchy.

2. They can be local KDC’s, National KDC’s or International KDC’s.

3. Suppose, ALICE wants to communicate with BOB who lives in another country. He
sends his request to a local KDC;the local KDC relays the request to the national
KDC; the national KDC forwards the received request to an international KDC. The
request is then relayed to all the way down to a local KDC where BOB belongs.
 Creation of Key By KDC

1. The following pictorial representation shows the creation of session key to be used
between ALICE and BOB.

1. ALICE sends a message to KDC to obtain a symmetric session key for the communication
with BOB. The message contains his registered identity and name of the receiver (BOB).

2. The KDC receives the message and creates a “ticket”. The ticket contains session key along
with another ticket having copy of session key and identity of ALICE and BOB which is
encrypted with the BOB’s key(KB), the entire ticket is encrypted with the ALICE’s key
(KA).
 3. ALICE receives the ticket, decrypts it and extracts the session key along with the ticket for
BOB. ALICE forwards the ticket to BOB, BOB decrypts it by using his key (K B) and
extracts the session key along with the identity of ALICE and himself. On the basis of this
he came to know that ALICE communicates with me by using this session key.

Message Authentication
1. It allows the sender to send a message to a receiver in such a way that if the message is
modified during the transmission or the route, then the receiver will all most certainly detect
this.
2. Message authentication is also called “Data Origin Authentication”. Message authentication
is said to protect the integrity of the message that it is received and deemed acceptable
arriving in the same condition that it was sent out with no bits inserted, missing or modified.

Message Digest
1. A message digest guarantees the integrity of a message. It guarantees that the message has
not being changed.
2. A message digest however does not authenticate the sender of the message.

MDC (Message Detection Code)

1. The digest created by cryptographic hash function is normally called MDC. This code can
easily detect any modification in the message.
2. The following pictorial representation shows the working of MDC;
Explanation:
1. If ALICE needs to send a message to BOB and be sure that the message will not change during
the transmission, Alice can create a message digestcalled as MDCby using a hash function and
send both the message and the digest to BOB.
2. BOB can create a new digest from the received message using the same hash function and
compare the received MDC with the newly created MDC. If both the MDC’s are same,the
message is acceptable otherwise rejected.

MAC (Message Authentication Code)

1. To ensure the integrity of the message and data origin authentication, MAC is used. The
difference between MDC and MAC is that, MAC includes a secret key between two users.

2. The following pictorial representation shows the working of MAC;

 1. ALICE uses a hash function to create a MAC from the concatenation of the message and the
secret key. ALICE sends the message and the MAC to BOB over the insecure channel.

2. BOB separates the message from the MAC and then passes the received message to the
same hash function along with the sharable secret key to generate a new MAC. Now he
compares the newly created MAC with the received one, if both the MAC’s are same, then
it is confirmed that the message has not been modified during the transmission.

3. In this approach, there is no need to use two different channels. EVE(user) can view the
message, but cannot forged it because eve does not have the secret key.

Authentication Protocol
1. Authentication is a fundamental aspect of system security. It confirms the identity of any
user trying to use the resource.

2. Authentication is a technique by which a process verifies that a user who wants to

communicate or wants to use a network resources is supposed to be an authentic user and
not an intruder.
3. An authentication protocol is a type of cryptographic protocol with the purpose of
authenticating entities wishing to communicate securely. There are many different
authentication protocols, some of the common one are as follows;
(a) CHAP- Challenge Handshake Authentication protocol
(b) EAP- Extensible Authentication Protocol
(c) HIP- Host identity Protocol
(d) Kerberos
(e) PAP- password Authentication protocol
(f) PEAP- Password Extensible Authentication protocol
(g) SRP- Secure Remote Password protocol

Hash Function
1. A cryptographic hash function takes a message of arbitrary length and creates a message
digest of fixed length.

2. The purpose of a hash function is to produce a fingerprint (just for authentication of a file or
a message).

3. To be useful for message authentication a hash function (say H) must have the following
properties;

(a) H can be applied to a block of data of any size.

(b) H produces a fixed-length output.
(c) H(M) is relatively easy to compute for any given message(M), making both the hardware
and software implementation practical

4. A hash value “h” is generated by a function “H” of the form

h=H(M)
where,
M –is a message of variable length
h- fixed length hash value
H- hash function

5. The hash value is appended to the message at the time when the message is assumed to be
final. On the other hand, the receiver authenticates that message by recomputing the hash
value.
Hashing:
1. A hash function is an algorithm that maps large data set of variable length, into a smaller
data set of fixed length. The value returned by a hash function is called hash code, hash sum,
checksum or simply hashes.
2. There are several well-known hash functions used in cryptography. These includes the
message digest hash function MD2, MD4, MD5 and SHA.

Iterated hash Function

 1. All cryptographic hash functionneed to create a fixed size digest out of variable size
message. Creating such a function is best accomplished using iteration instead of using a
hash function with variable size input, a function with fixed size is created and used
necessarily no of times.

2. The fixed size input function is referred to as a compression function. It compress anN -bit
string to create M -bit, where N is normally greater than M. The scheme is referred to as an
iterated cryptographic hash function.

Markley- Damgard Scheme

1. In cryptography, the Markley-Damgard construction or Markley-Damgard hash function an
iterated hash function used to build a “Collision Resistant” ( Collision resistant is a property
of cryptographic hash function; a hash function is collision resistant if it is hard to find two
inputs that hashes the same output” ) cryptographic hash function from collision resistant
one way compression function (“In cryptography, a one –way compression function is a
function that transforms a fixed length input into a fixed length output. The transformation
is one-way meaning that it is difficult to given a particular output to compute input which
compresses to that output.

2. This construction was used in the designing of many popular hash algorithms such as ,MD5,
SHA1, SHA2 etc.

3. The pictorial representation of Markley Damgard scheme is shown below;

Working:
1. The message and the padded bits(if required) are appended to the message to create an
augmented message that can be evenly divided into blocks of “n” bits, where n is the size of
the block to be processed by the compression function.

2. The message is then considered as “t” blocks, each of n-bits we call each block as
M1,M2,M3…….Mt. we call the digest created at each iteration as H1,H2,H3,……Ht.

3. Before starting the iteration, the digest H0 is set to a fixed value, normally called “Initial
vector (IV)”.

4. The compression function at each iteration operates on Hi-1and Mi to create a new Hi

Hi = f(Hi-1, Mi)
Creation of word

Plain text ------------------1000 bits 512bits

Blocks ------ 512 488+24bits(step-1) =512 512 448
512 512 448 +64=512 512 448+64=512

SHA (Secure Hash Algorithm)

1. The SHA was developed by National Institute of Standard Technology (NIST). A revised
version was issued in 1995 and is generally referred to as SHA-512.

2. SHA-1 produces a hash value of 160 bits.

3. In 2002, NIST produced a revised version of the standard SHA that defined three new versions
of SHA with hash value length of 256,384 and 512 bits known as SHA-256,SHA-384 and
SHA-512.

4. These new versions have the same underlying structure and use the same type of modular
arithmetic logical binary operations and SHA-1.
SHA-512
1. SHA-512 is the version of SHA with 512 bits as message digest. SHA-512 is based on the
Markley Damgard scheme.

2. SHA-512 is the latest version, it has more complex structure than the previous versions of
SHA and its message digest is the longest.

3. SHA-512 creates a message digest of 512 bits from multiple blocks each of size 1024 bits of
length.

4. The Initial vector(IV) is initialized to a predetermined value of 512 bits. The algorithm
mixes this initial value with the first block of message to create the first intermediate
message digest of 512 bits.

5. The above digest is then mixes with the second block to create the second intermediate
message digest of 512 bits. Finally, (n-1)th intermediate message digest is mixed with the n th
block to create the final message digest.

6. The pictorial representation of SHA-512is as follows;

Plain text =900 bits (1010101………………01010100)
Block-1 512 bits
Block-2 388 bits +60 = 448 bits (64 bits are still remaining)
Plaintext 900 64 bits binary pattern
(10101010101010101010…10101) ---------48 bits + 16 bits
0000000000000000(10101010101010101010…10101)

5 bits
5 101
00000101 step-1 padding(1 to 512)
1000 512 488 +24 padding 512-64=448 padding + 64 bits