Network security and cryptography

Unit - 2
Symmetric key algorithms -

In today’s cyber-world there is an ever-present risk of unauthorized access to all forms of data. Most at
risk is financial and payment system data that can expose the personally identifiable information (PII)
or payment card details of customers and clients. Encryption is crucial for protecting PII and mitigating
the risks that businesses, which conduct payment transactions, face every minute of every day.

This article talks about symmetric encryption in banking, its advantages and some challenges of
managing the keys.

What is Symmetric Encryption?

Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt
and decrypt electronic data. The entities communicating via symmetric encryption must exchange the
key so that it can be used in the decryption process. This encryption method differs from asymmetric
encryption where a pair of keys - one public and one private - is used to encrypt and decrypt messages.

By using symmetric encryption algorithms, data is "scrambled" so that it can't be understood by anyone
who does not possess the secret key to decrypt it. Once the intended recipient who possesses the key
has the message, the algorithm reverses its action so that the message is returned to its original readable
form. The secret key that the sender and recipient both use could be a specific password/code or it can
be random string of letters or numbers that have been generated by a secure random number generator
(RNG). For banking-grade encryption, the symmetric keys must be created using an RNG that is
certified according to industry standards, such as FIPS 140-2.

There are two types of symmetric encryption algorithms:

---Block algorithms. Set lengths of bits are encrypted in blocks of electronic data with the use of a
specific secret key. As the data is being encrypted, the system holds the data in its memory as it waits
for complete blocks.

---Stream algorithms. Data is encrypted as it streams instead of being retained in the system’s
memory.

Some examples of symmetric encryption algorithms include:

---AES (Advanced Encryption Standard)

 DES (Data Encryption Standard)

IDEA (International Data Encryption Algorithm)

Blowfish (Drop-in replacement for DES or IDEA)

RC4 (Rivest Cipher 4)

RC5 (Rivest Cipher 5)

RC6 (Rivest Cipher 6)

AES, DES, IDEA, Blowfish, RC5 and RC6 are block ciphers. RC4 is stream cipher.

DES

In “modern” computing, DES was the first standardized cipher for securing electronic communications,
and is used in variations (e.g. 2-key or 3-key 3DES). The original DES is not used anymore as it is
considered too “weak”, due to the processing power of modern computers. Even 3DES is not
recommended by NIST and PCI DSS 3.2, as well as all 64-bit ciphers. However, 3DES is still widely
used in EMV chip cards because of legacy applications that do not have a crypto-agile infrastructure.

AES

The most commonly used symmetric algorithm is the Advanced Encryption Standard (AES), which
was originally known as Rijndael. This is the standard set by the U.S. National Institute of Standards
and Technology in 2001 for the encryption of electronic data announced in U.S. FIPS PUB 197. This
standard supersedes DES, which had been in use since 1977. Under NIST, the AES cipher has a block
size of 128 bits, but can have three different key lengths as shown with AES-128, AES-192 and AES-
256.

What is Symmetric Encryption Used For?

While symmetric encryption is an older method of encryption, it is faster and more efficient than
asymmetric encryption, which takes a toll on networks due to performance issues with data size and
heavy CPU use. Due to the better performance and faster speed of symmetric encryption (compared to
asymmetric), symmetric cryptography is typically used for bulk encryption / encrypting large amounts
of data, e.g. for database encryption. In the case of a database, the secret key might only be available to
the database itself to encrypt or decrypt. Industry standard symmetric encryption is also less vulnerable
to advances in quantum computing compared to the the current standards for asymmetric algorithms (at
the time of writing).

Some examples of where symmetric cryptography is used are:

Payment applications, such as card transactions where PII needs to be protected to prevent identity
theft or fraudulent charges
 Validations to confirm that the sender of a message is who he claims to be

Random number generation or hashing

Key management for symmetric encryption - what we need to consider

Unfortunately, symmetric encryption does come with its own drawbacks. Its weakest point is its aspects
of key management, including:

Key Exhaustion

Symmetric Encryption suffers from behavior where every use of a key ‘leaks’ some information that
can potentially be used by an attacker to reconstruct the key. The defenses against this behavior include
using a key hierarchy to ensure that master or key-encryption keys are not over-used and the
appropriate rotation of keys that do encrypt volumes of data. To be tractable, both these solutions
require competent key-management strategies as if (for example) a retired encryption key cannot be
recovered the data is potentially lost.

Attribution data

Unlike asymmetric (public-key) Certificates, symmetric keys do not have embedded metadata to record
information such as expiry date or an Access Control List to indicate the use the key may be put to - to
Encrypt but not Decrypt for example.

The latter issue is somewhat addressed by standards such as ANSI X9-31 where a key can be bound to
information prescribing its usage. But for full control over what a key can be used for and when it can
be used, a key-management system is required.

Key Management at large scale

Where only a few keys are involved in a scheme (tens to low hundreds), the management overhead is
modest and can be handled through manual, human activity. However, with a large estate, tracking the
expiration and arranging rotation of keys quickly becomes impractical.

Consider an EMV payment card deployment: millions of cards multiplied by several keys-per-card
requires a dedicated provision and key-management system.

Conclusion

Maintaining large-scale symmetric encryption systems is a very challenging task. This is especially true
when we want to achieve banking-grade security and auditability when the corporate and/or IT
architecture is decentralized / geographically distributed.

In order to do this properly, it is recommended to use special software to maintain the proper life-cycle
for each key created. In instances of massive key enrollment, it is truly impossible to conduct key
management manually. We need specialized key life-cycle management software for it.
Quantum computing is expected to materialize within the next 5-10 years. Already today, NIST advises
to replace the widely used 3DES algorithm with algorithms which we consider to be more save, based
on today's knowledge.

Not knowing what progress in technology and hence in the evolution malicious decryption-algorithms
may be, we strongly advise banks to migrate to a crypto-agile setup. Such a setup will allow to rapidly
replace algorithms, when weaknesses are detected, with algorithms which are considered to be more
secure. Investment and architecture decisions need to be taken now, to avoid major damage in the
forthcoming years.

Symmetric Algorithm
The symmetric algorithm is explained below in stepwise manner −

Step 1 − Symmetric algorithm is referred to as a secret key algorithm. For encrypting and
decrypting data, the same key is used on both sides which results in a faster and simpler one.

Step 2 − Both the sender and the receiver must use the same key for encryption and decryption.
That is, with the help of the public key the plain text is converted into cipher text and it has been
sent to the destination from the source, and with the help of the same key, which has been used by
the sender, must be used by the receiver for decrypting the cipher text into the plaintext.

Step 3 − So for decrypting and encrypting data, both the sender and the receiver must know about
the public key which is referred to as a secret key.

Step 4 − Stream Ciphers always work on one bit at a time. For encrypting data the same key is
used in stream cipher.

Step 5 − Block Ciphers always work on one block at a time. In stream cipher, for encrypting a
block of data a different key is used.

Public Key Algorithm

The public key algorithm is explained below in stepwise manner −

Step 1 − In the Public key algorithm, for data encryption and data decryption separate keys have
been used which results in complex.

Step 2 − It normally uses one key for data encryption from the plaintext and sent to the destination.
Step 3 − At the receiver side, the receiver uses another key separately for decrypting the encrypted
data to the plaintext. So, here two has been separated by both the source and destination which
cannot be identified by the parties.

The Data Encryption Standard (DES) is a symmetric-key block cipher published

by the National Institute of Standards and Technology (NIST).
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size is
64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64
bits of the key are not used by the encryption algorithm (function as check bits only). General
Structure of DES is depicted in the following illustration −

Since DES is based on the Feistel Cipher, all that is required to specify DES is −

Round function
Key schedule
Any additional processing − Initial and final permutation

Initial and Final Permutation

The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of each
other. They have no cryptography significance in DES. The initial and final permutations are shown
as follows −

Round Function
The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the
rightmost 32 bits to produce a 32-bit output.
Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we first
need to expand right input to 48 bits. Permutation logic is graphically depicted in the following
illustration −

The graphically depicted permutation logic is generally described as table in DES specification
illustrated as shown −

XOR (Whitener). − After the expansion permutation, DES does XOR operation on the
expanded right section and the round key. The round key is used only in this operation.
Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-boxes,
each with a 6-bit input and a 4-bit output. Refer the following illustration −

The S-box rule is illustrated below −

 There are a total of eight S-box tables. The output of all eight s-boxes is then combined in to 32
bit section.
Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight
permutation with rule shown in the following illustration:

Key Generation
The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The process of key
generation is depicted in the following illustration −
The logic for Parity drop, shifting, and Compression P-box is given in the DES description.

DES Analysis
The DES satisfies both the desired properties of block cipher. These two properties make cipher
very strong.
Avalanche effect − A small change in plaintext results in the very great change in the ciphertext.
Completeness − Each bit of ciphertext depends on many bits of plaintext.
During the last few years, cryptanalysis have found some weaknesses in DES when key selected are
weak keys. These keys shall be avoided.
DES has proved to be a very well designed block cipher. There have been no significant
cryptanalytic attacks on DES other than exhaustive key search.

The more popular and widely adopted symmetric encryption algorithm likely to be encountered

nowadays is the Advanced Encryption Standard (AES). It is found at least six time
faster than triple DES.
A replacement for DES was needed as its key size was too small. With increasing computing
power, it was considered vulnerable against exhaustive key search attack. Triple DES was designed
to overcome this drawback but it was found slow.
The features of AES are as follows −
 Symmetric key symmetric block cipher
128-bit data, 128/192/256-bit keys
Stronger and faster than Triple-DES
Provide full specification and design details
Software implementable in C and Java

Operation of AES
AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation network’. It
comprises of a series of linked operations, some of which involve replacing inputs by specific
outputs (substitutions) and others involve shuffling bits around (permutations).
Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats the
128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four rows
for processing as a matrix −
Unlike DES, the number of rounds in AES is variable and depends on the length of the key. AES
uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each of
these rounds uses a different 128-bit round key, which is calculated from the original AES key.
The schematic of AES structure is given in the following illustration −

Encryption Process
Here, we restrict to description of a typical round of AES encryption. Each round comprise of four
sub-processes. The first round process is depicted below −
Byte Substitution (SubBytes)
The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result is
in a matrix of four rows and four columns.

Shiftrows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-inserted on
the right side of row. Shift is carried out as follows −
First row is not shifted.
Second row is shifted one (byte) position to the left.
Third row is shifted two positions to the left.
Fourth row is shifted three positions to the left.
The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other.

MixColumns
Each column of four bytes is now transformed using a special mathematical function. This function
takes as input the four bytes of one column and outputs four completely new bytes, which replace
the original column. The result is another new matrix consisting of 16 new bytes. It should be noted
that this step is not performed in the last round.

Addroundkey
The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the
round key. If this is the last round then the output is the ciphertext. Otherwise, the resulting 128 bits
are interpreted as 16 bytes and we begin another similar round.
Decryption Process
The process of decryption of an AES ciphertext is similar to the encryption process in the reverse
order. Each round consists of the four processes conducted in the reverse order −

Add round key

Mix columns
Shift rows
Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the encryption
and decryption algorithms needs to be separately implemented, although they are very closely
related.

AES Analysis
In present day cryptography, AES is widely adopted and supported in both hardware and software.
Till date, no practical cryptanalytic attacks against AES has been discovered. Additionally, AES has
built-in flexibility of key length, which allows a degree of ‘future-proofing’ against progress in the
ability to perform exhaustive key searches.
However, just as for DES, the AES security is assured only if it is correctly implemented and good
key management is employed.

Asymmetric cryptography
What is asymmetric cryptography?
Asymmetric cryptography, also known as public-key cryptography, is a process that uses a
pair of related keys -- ONE PUBLIC KEY AND ONE PRIVATE KEY -- TO ENCRYPT AND
DECRYPT A MESSAGE AND PROTECT IT FROM UNAUTHORIZED ACCESS OR USE.
A public key IS A CRYPTOGRAPHIC KEY THAT CAN BE USED BY ANY PERSON TO
ENCRYPT A MESSAGE SO THAT IT CAN ONLY BE DECRYPTED BY THE INTENDED
RECIPIENT WITH THEIR PRIVATE KEY. A PRIVATE KEY -- ALSO KNOWN AS A
SECRET KEY -- IS SHARED ONLY WITH KEY'S INITIATOR.
When someone wants to send an encrypted message, they can pull the intended
recipient's public key from a public directory AND USE IT TO ENCRYPT THE MESSAGE
BEFORE SENDING IT. THE RECIPIENT OF THE MESSAGE CAN THEN DECRYPT THE
MESSAGE USING THEIR RELATED PRIVATE KEY.
If the sender encrypts the message using their private key, the message can be decrypted
only using that sender's public key, thus authenticating the sender. These encryption and
decryption processes happen automatically; users do not need to physically lock and
unlock the message.
Many protocols rely on asymmetric cryptography, including the transport layer security (TLS)
and secure sockets layer (SSL) protocols, which make HTTPS possible.

The encryption process is also used in software programs that need to establish a secure
connection over an insecure network, such as browsers over the internet, or that need to
validate a digital signature.

Increased data security is the primary benefit of asymmetric cryptography. It is the most
secure encryption process because users are never required to reveal or share their private
keys, thus decreasing the chances of a cybercriminal discovering a user's private key during
transmission.

How does asymmetric cryptography work?

Asymmetric encryption uses a mathematically related pair of keys for encryption and
decryption: a public key and a private key. If the public key is used for encryption, then the
related private key is used for decryption. If the private key is used for encryption, then the
related public key is used for decryption.

The two participants in the asymmetric encryption workflow are the sender and the receiver.
Each has its own pair of public and private keys. First, the sender obtains the receiver's
public key. Next, the plaintext message is encrypted by the sender using the receiver's public
key. This creates ciphertext. The ciphertext is sent to the receiver, who decrypts it with their
private key, returning it to legible plaintext.

Because of the one-way nature of the encryption function, one sender is unable to read the
messages of another sender, even though each has the public key of the receiver.

Uses of asymmetric cryptography

Asymmetric cryptography is typically used to authenticate data using digital signatures. A

digital signature is a mathematical technique used to validate the authenticity and integrity of
a message, software or digital document. It is the digital equivalent of a handwritten signature
or stamped seal.

Based on asymmetric cryptography, digital signatures can provide assurances of evidence to

the origin, identity and status of an electronic document, transaction or message, as well as
acknowledge informed consent by the signer.
Asymmetric cryptography can also be applied to systems in which many users may need to
encrypt and decrypt messages, including:

Encrypted email. A public key can be used to encrypt a message and a private key can
be used to decrypt it.

SSL/TLS. Establishing encrypted links between websites and browsers also makes use of
asymmetric encryption.

Cryptocurrencies. Bitcoin and other cryptocurrencies rely on asymmetric cryptography.

Users have public keys that everyone can see and private keys that are kept secret.
Bitcoin uses a cryptographic algorithm to ensure only legitimate owners can spend the
funds.

In the case of the Bitcoin ledger, each unspent transaction output (UTXO) is typically
associated with a public key. For example, if user X, who has an UTXO associated with his
public key, wants to send the money to user Y, user X uses his private key to sign a
transaction that spends the UTXO and creates a new UTXO that's associated with user Y's
public key.

What are the benefits and disadvantages of asymmetric cryptography?

The benefits of asymmetric cryptography include:

The key distribution problem is eliminated because there's no need for exchanging keys.

Security is increased since the private keys don't ever have to be transmitted or revealed
to anyone.

The use of digital signatures is enabled so that a recipient can verify that a message
comes from a particular sender.

It allows for nonrepudiation so the sender can't deny sending a message.

Disadvantages of asymmetric cryptography include:

It's a slow process compared to symmetric cryptography. Therefore, it's not appropriate for
decrypting bulk messages.
 If an individual loses his private key, he can't decrypt the messages he receives.

Because public keys aren't authenticated, no one can ensure a public key belongs to the
person specified. Consequently, users must verify that their public keys belong to them.

If a malicious actor identifies a person's private key, the attacker can read that individual's
messages.

What's the difference between asymmetric vs. symmetric cryptography?

The main difference between asymmetric versus symmetric cryptography is that asymmetric
encryption algorithms make use of two different but related keys. One key encrypts data and
another key decrypts it. Symmetric encryption uses the same key to perform both encryption
and decryption functions.

Symmetric encryption uses a shared private

key while asymmetric encryption uses a public/private key pair.
Another difference between asymmetric and symmetric encryption is the length of the keys.
In symmetric cryptography, the length of the keys -- which is randomly selected -- are
typically set at 128 bits or 256 bits, depending on the level of security needed.

In asymmetric encryption, there must be a mathematical relationship between the public and
private keys. Since malicious actors can potentially exploit this pattern to crack the
encryption, asymmetric keys need to be longer to offer the same level of security. The
difference in the length of the keys is so pronounced that a 2048-bit asymmetric key and a
128-bit symmetric key provide about an equivalent level of security.
Asymmetric encryption is notably slower than symmetric encryption, which has a faster
execution speed.

What are examples of asymmetric cryptography?

The RSA algorithm -- the most widely used asymmetric algorithm -- is embedded in the
SSL/TLS, which is used to provide secure communications over a computer network. RSA
derives its security from the computational difficulty of factoring large integers that are the
product of two large prime numbers.

Multiplying two large primes is easy, but the difficulty of determining the original numbers
from the product -- factoring -- forms the basis of public-key cryptography security. The time it
takes to factor the product of two sufficiently large primes is beyond the capabilities of most
attackers.

RSA keys are typically 1024 or 2048 bits long, but experts believe 1024-bit keys will be
broken soon, which is why government and industry are moving to a minimum key length of
2048-bits.

Elliptic Curve Cryptography (ECC) is gaining favor with many security experts as an
alternative to RSA. ECC is a public-key encryption technique based on elliptic curve theory. It
can create faster, smaller and more efficient cryptographic keys through the properties of the
elliptic curve equation.

To break ECC, an attacker must compute an elliptic curve discrete logarithm, which is
significantly more difficult problem than factoring. As a result, ECC key sizes can be
significantly smaller than those required by RSA while still delivering equivalent security with
lower computing power and battery resource usage.

What's the history of asymmetric cryptography?

Whitfield Diffie and Martin Hellman, researchers at Stanford University, first publicly proposed
asymmetric encryption in their 1977 paper, "New Directions in Cryptography."

The concept was independently and covertly proposed by James Ellis several years earlier,
while he was working for the Government Communications Headquarters (GCHQ), the
British intelligence and security organization. The asymmetric algorithm as outlined in the
Diffie-Hellman paper uses numbers raised to specific powers to produce decryption keys.
Diffie and Hellman initially teamed up in 1974 to solve the problem of key distribution.
The RSA algorithm, which was based on the work of Diffie, was named after its three
inventors -- Ronald Rivest, Adi Shamir and Leonard Adleman. They invented the RSA
algorithm in 1977 and published it in Communications of the ACM in 1978.

RSA Encryption Algorithm

RSA encryption algorithm is a type of public-key encryption algorithm. To better understand RSA, lets
first understand what is public-key encryption algorithm.

Public key encryption algorithm:

Public Key encryption algorithm is also called the Asymmetric algorithm. Asymmetric algorithms are
those algorithms in which sender and receiver use different keys for encryption and decryption. Each
sender is assigned a pair of keys:

Public key

Private key
The Public key is used for encryption, and the Private Key is used for decryption. Decryption cannot be
done using a public key. The two keys are linked, but the private key cannot be derived from the public
key. The public key is well known, but the private key is secret and it is known only to the user who owns
the key. It means that everybody can send a message to the user using user's public key. But only the
user can decrypt the message using his private key.

The Public key algorithm operates in the following manner:

The data to be sent is encrypted by sender A using the public key of the intended receiver

B decrypts the received ciphertext using its private key, which is known only to B. B replies to A

encrypting its message using A's public key.

A decrypts the received ciphertext using its private key, which is known only to him.

RSA encryption algorithm:

RSA is the most common public-key algorithm, named after its inventors Rivest, Shamir, and Adelman
(RSA).

RSA algorithm uses the following procedure to generate public and private keys:

---Select two large prime numbers, p and q.

---Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.
---Choose a number e less than n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is prime
to φ (n),
gcd (e,d(n)) =1
---If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public key <e,
n>. To find ciphertext from the plain text following formula is used to get ciphertext C.
C = me mod n
Here, m must be less than n. A larger message (>n) is treated as a concatenation of messages, each of
which is encrypted separately.
---To determine the private key, we use the following formula to calculate the d such that:
De mod {(p - 1) x (q - 1)} = 1
Or
D mod φ (n) = 1
e
---The private key is <d, n>. A ciphertext message c is decrypted using private key <d, n>. To calculate
plain text m from the ciphertext c following formula is used to get plain text m.
d
m = c mod n

Let's take some example of RSA encryption algorithm:

Example 1:
This example shows how we can encrypt plaintext 9 using the RSA public-key encryption algorithm. This
example uses prime numbers 7 and 11 to generate the public and private keys.

Explanation:

Step 1: Select two large prime numbers, p, and q.

p=7
q = 11
Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.
First, we calculate

n=pxq
n = 7 x 11
n = 77
Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is prime
to φ (n), gcd (e, d (n)) =1.
Second, we calculate

φ (n) = (p - 1) x (q-1)
φ (n) = (7 - 1) x (11 - 1)
φ (n) = 6 x 10

φ (n) = 60
Let us now choose relative prime e of 60 as 7.
Thus the public key is <e, n> = (7, 77)
Step 4: A plaintext message m is encrypted using public key <e, n>. To find ciphertext from the plain
text following formula is used to get ciphertext C.
To find ciphertext from the plain text following formula is used to get ciphertext C.
C = me mod n
C = 97 mod 77
C = 37
Step 5: The private key is <d, n>. To determine the private key, we use the following formula d such that:

De mod {(p - 1) x (q - 1)} = 1

7d mod 60 = 1, which gives d = 43
The private key is <d, n> = (43, 77)
Step 6: A ciphertext message c is decrypted using private key <d, n>. To calculate plain text m from the
ciphertext c following formula is used to get plain text m.
m = cd mod n
m = 3743 mod 77
m=9
In this example, Plain text = 9 and the ciphertext = 37

Example 2:
In an RSA cryptosystem, a particular A uses two prime numbers, 13 and 17, to generate the public and
private keys. If the public of A is 35. Then the private key of A is ……………?.
Explanation:
Step 1: in the first step, select two large prime numbers, p and q.
p = 13
q = 17
Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.
First, we calculate
n=pxq
n = 13 x 17
n = 221
Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is prime
to φ (n), gcd (e, d (n)) =1.
Second, we calculate
φ (n) = (p - 1) x (q-1)
φ (n) = (13 - 1) x (17 - 1)
φ (n) = 12 x 16
φ (n) = 192
g.c.d (35, 192) = 1
Step 3: To determine the private key, we use the following formula to calculate the d such that:

Calculate d = de mod φ (n) = 1

d = d x 35 mod 192 = 1
d = (1 + k.φ (n))/e [let k =0, 1, 2, 3………………]
Put k = 0
d = (1 + 0 x 192)/35
d = 1/35
Put k = 1
d = (1 + 1 x 192)/35
d = 193/35
Put k = 2
d = (1 + 2 x 192)/35
d = 385/35
d = 11
The private key is <d, n> = (11, 221)
Hence, private key i.e. d = 11

Example 3:
A RSA cryptosystem uses two prime numbers 3 and 13 to generate the public key= 3 and the private key
= 7. What is the value of cipher text for a plain text?
Explanation:
Step 1: In the first step, select two large prime numbers, p and q.
p=3
q = 13
Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.
First, we calculate
n=pxq
n = 3 x 13
n = 39
Step 3: If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public key
<e, n>. Thus the public key is <e, n> = (3, 39).
To find ciphertext from the plain text following formula is used to get ciphertext C.
e
C = m mod n
C = 53 mod 39
C = 125 mod 39
C=8
Hence, the ciphertext generated from plain text, C = 8.

Example 4:
A RSA cryptosystem uses two prime numbers, 3 and 11, to generate private key = 7. What is the value of
ciphertext for a plain text 5 using the RSA public-key encryption algorithm?
Explanation:
Step 1: in the first step, select two large prime numbers, p and q.

p=3
q = 11
Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.
First, we calculate
n=pxq
n = 3 x 11
n = 33
Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1< e < φ (n), e is
prime to φ (n), gcd (e, d (n)) =1.
Second, we calculate
φ (n) = (p - 1) x (q-1)
φ (n) = (3 - 1) x (11 - 1)
φ (n) = 2 x 10
φ (n) = 20
Step 4: To determine the public key, we use the following formula to calculate the d such that:
Calculate e x d = 1 mod φ (n)
e x 7 = 1 mod 20
e x 7 = 1 mod 20
e = (1 + k. φ (n))/ d [let k =0, 1, 2, 3………………]
Put k = 0
e = (1 + 0 x 20) / 7
e = 1/7
Put k = 1
e = (1 + 1 x 20) / 7
e = 21/7
e=3
The public key is <e, n> = (3, 33)
Hence, public key i.e. e = 3

Digital Signature
A digital signature is a mathematical technique which validates the authenticity and integrity of a
message, software or digital documents. It allows us to verify the author name, date and time of
signatures, and authenticate the message contents. The digital signature offers far more inherent security
and intended to solve the problem of tampering and impersonation (Intentionally copy another person's
characteristics) in digital communications.
The computer-based business information authentication interrelates both technology and the law. It
also calls for cooperation between the people of different professional backgrounds and areas of
expertise. The digital signatures are different from other electronic signatures not only in terms of
process and result, but also it makes digital signatures more serviceable for legal purposes. Some
electronic signatures that legally recognizable as signatures may not be secure as digital signatures and
may lead to uncertainty and disputes.

Application of Digital Signature

The important reason to implement digital signature to communication is:

Authentication

Non-repudiation

Integrity

Authentication
Authentication is a process which verifies the identity of a user who wants to access the system. In the
digital signature, authentication helps to authenticate the sources of messages.

Non-repudiation
Non-repudiation means assurance of something that cannot be denied. It ensures that someone to a
contract or communication cannot later deny the authenticity of their signature on a document or in a
file or the sending of a message that they originated.

Integrity
Integrity ensures that the message is real, accurate and safeguards from unauthorized user modification
during the transmission.

Algorithms in Digital Signature

A digital signature consists of three algorithms:
1. Key generation algorithm
The key generation algorithm selects private key randomly from a set of possible private keys. This
algorithm provides the private key and its corresponding public key.
2. Signing algorithm
A signing algorithm produces a signature for the document.
3. Signature verifying algorithm

A signature verifying algorithm either accepts or rejects the document's authenticity.

How digital signatures work

Digital signatures are created and verified by using public key cryptography, also known as asymmetric
cryptography. By the use of a public key algorithm, such as RSA, one can generate two keys that are
mathematically linked- one is a private key, and another is a public key.
The user who is creating the digital signature uses their own private key to encrypt the signature-related
document. There is only one way to decrypt that document is with the use of signer's public key.
This technology requires all the parties to trust that the individual who creates the signature has been
able to keep their private key secret. If someone has access the signer's private key, there is a possibility
that they could create fraudulent signatures in the name of the private key holder.
The steps which are followed in creating a digital signature are:

1stSelect a file to be digitally signed.

2ndThe hash value of the message or file content is calculated. This message or file content is encrypted

by using a private key of a sender to form the digital signature.

3rdNow, the original message or file content along with the digital signature is transmitted.

4thThe receiver decrypts the digital signature by using a public key of a sender.

5thThe receiver now has the message or file content and can compute it.

6thComparing these computed message or file content with the original computed message. The

comparison needs to be the same for ensuring integrity.

Types of Digital Signature

Different document processing platform supports different types of digital signature. They are described
below:

Certified Signatures
The certified digital signature documents display a unique blue ribbon across the top of the document.
The certified signature contains the name of the document signer and the certificate issuer which
indicate the authorship and authenticity of the document.

Approval Signatures
The approval digital signatures on a document can be used in the organization's business workflow. They
help to optimize the organization's approval procedure. The procedure involves capturing approvals
made by us and other individuals and embedding them within the PDF document. The approval
signatures to include details such as an image of our physical signature, location, date, and official seal.
Visible Digital Signature
The visible digital signature allows a user to sign a single document digitally. This signature appears on a
document in the same way as signatures are signed on a physical document.

Invisible Digital Signature

The invisible digital signatures carry a visual indication of a blue ribbon within a document in the taskbar.
We can use invisible digital signatures when we do not have or do not want to display our signature but
need to provide the authenticity of the document, its integrity, and its origin.

END