Nguyễn Tuấn Anh

Case Project 3.1

The detection of a collision within the SHA-1 cryptographic hash function, as exemplified by the
findings of the shattered.io website and other researchers, highlights the paramount importance of
upholding the security of cryptographic algorithms. A collision arises when disparate input data sets
yield identical hash values, thereby undermining the integrity and security guarantees offered by the
hash function.

The significance of a collision within SHA-1 lies in its potential ramifications for cybersecurity.
Given the widespread utilization of cryptographic hash functions in various security protocols and
applications, such as digital signatures, certificate authorities, and integrity verifications, the capacity
to produce collisions can engender significant security vulnerabilities. Malevolent actors could
leverage collisions to fabricate counterfeit digital signatures, manipulate data integrity, or
outmaneuver security systems, jeopardizing the confidentiality, integrity, and authenticity of sensitive
information. Consequently, the repercussions of a collision in SHA-1 necessitate the phasing out and
substitution of SHA-1 with more robust cryptographic algorithms to mitigate these threats and
safeguard the security of digital communications and systems.
Case Project 3.2
When considering the ease of use among ROT13, XOR cipher, and Base64, it's important to recognize
that each tool serves a different purpose and has its own level of complexity:
1. Ease of Use:
 ROT13 is the simplest to use among the three. It involves a straightforward
substitution of letters by shifting them 13 positions in the alphabet, making it easy for
anyone to apply without much effort.
 Base64 encoding is also relatively easy to use. It doesn't involve complex
mathematical operations like XOR cipher and can be applied using readily available
encoding libraries or online tools with just a few clicks.
 XOR cipher, while conceptually simple, requires understanding bitwise XOR
operations and key management, which can be more challenging for users without a
background in computer science or cryptography.
2. Difficulty:
 XOR cipher is generally considered more difficult to use compared to ROT13 and
Base64. It requires users to understand binary operations and key management, which
can be intimidating for beginners.
 ROT13 and Base64, on the other hand, are straightforward and do not involve
complex mathematical concepts, making them easier for users of all skill levels.
3. Security:
 In terms of security, Base64 is not a form of encryption; it is merely an encoding
scheme. Therefore, it does not provide any security beyond obfuscating data for
transmission over text-based protocols. It is not suitable for protecting sensitive
information.
  ROT13 provides minimal security and is often used for simple obfuscation rather
than encryption. It can be easily decrypted by applying the same algorithm again,
making it unsuitable for secure communication.
 XOR cipher, when used with a strong and randomly generated key, can provide a
higher level of security compared to ROT13 and Base64. However, it is vulnerable to
known-plaintext attacks and key reuse if not implemented correctly. With proper key
management and careful implementation, XOR cipher can offer a reasonable level of
security for certain applications.
Case Project 3.3
Lightweight cryptography constitutes a specialized branch within the realm of cryptography, focusing
on crafting cryptographic algorithms and protocols tailored explicitly for devices operating under
constrained environments, such as Internet of Things (IoT) gadgets, embedded systems, and RFID
tags. The primary aims of lightweight cryptography revolve around ensuring robust security while
minimizing the computational and memory demands associated with cryptographic tasks.

The core objectives of lightweight cryptography encompass:

Efficiency: Prioritizing algorithms optimized for performance on low-power devices, necessitating

minimal computational resources and power consumption.
Compactness: Emphasizing cryptographic implementations characterized by compact code size and
memory usage, facilitating seamless integration into resource-limited devices.
Resilience to Side-Channel Attacks: Endeavoring to counter vulnerabilities to side-channel assaults
like timing attacks and power analysis attacks, prevalent in low-power settings.
Flexibility: Designing cryptographic solutions adaptable to a broad spectrum of applications and
deployment contexts, ensuring security across diverse use cases.
To realize these objectives, researchers in lightweight cryptography often delve into exploring
innovative cryptographic primitives, algorithmic refinements, and protocol architectures that strike a
delicate balance between security and efficiency. Techniques such as key size reduction,
computational complexity minimization, and optimization of cryptographic operations for low-power
hardware are commonly employed strategies.

Numerous entities, including academic institutions, industry consortia, and standardization bodies, are
actively engaged in advancing lightweight cryptography. Significant contributors to this field include
the National Institute of Standards and Technology (NIST), the European Telecommunications
Standards Institute (ETSI), as well as various academic research teams globally.

Despite being a relatively young field, efforts are underway to standardize lightweight cryptographic
algorithms and protocols to foster interoperability and broad adoption. Standardization endeavors
typically involve rigorous evaluation, testing, and validation of proposed algorithms to ensure their
security and suitability for real-world deployment.
It is anticipated that over the forthcoming years, lightweight cryptography standards will gradually
materialize as research progresses and consensus is achieved within the cryptographic community.
With the escalating demand for secure communication and data protection in low-power devices,
lightweight cryptography is poised to assume an increasingly pivotal role in

Case Project 3.4

Twofish and Blowfish are both symmetric-key block ciphers designed for encryption and decryption
of data. They have been widely studied and used in various cryptographic applications, but they differ
in their design, features, and levels of security.
Twofish:
 Twofish is a symmetric-key block cipher developed by Bruce Schneier, John Kelsey, Doug
Whiting, David Wagner, Chris Hall, and Niels Ferguson. It was one of the finalists in the
Advanced Encryption Standard (AES) competition but ultimately was not selected as the
standard.
 Twofish operates on 128-bit blocks and supports key sizes of 128, 192, or 256 bits.
 Features of Twofish include a Feistel network structure with a large number of rounds (16
rounds for 128-bit keys, 20 rounds for 192-bit and 256-bit keys), a key-dependent S-box
design, and a key schedule that uses a mix of key-dependent and key-independent operations.
 Strengths of Twofish include its flexibility in supporting different key sizes, its resistance to
known cryptographic attacks, and its speed in software implementations.
 Weaknesses of Twofish include its relatively high computational complexity and memory
requirements compared to some other block ciphers.
Blowfish:
 Blowfish is a symmetric-key block cipher designed by Bruce Schneier in 1993 as a fast, free
alternative to existing encryption algorithms.
 Blowfish operates on 64-bit blocks and supports key sizes ranging from 32 bits to 448 bits,
although it is recommended to use key sizes of at least 128 bits for security.
 Features of Blowfish include a Feistel network structure with a variable number of rounds
(typically 16 rounds), a key-dependent S-box design, and a simple key schedule based on
iterating a keyed function.
 Strengths of Blowfish include its simplicity, efficiency, and suitability for use in applications
where speed and ease of implementation are important factors.
 Weaknesses of Blowfish include its susceptibility to certain cryptanalytic attacks, such as
related-key attacks, and its limited key size compared to more modern encryption algorithms.
Comparison:
 Twofish and Blowfish both offer strong security when used with sufficiently long keys, but
Twofish generally provides higher security levels due to its larger block size, larger key sizes,
and more rounds of encryption.
  Twofish is more computationally complex and memory-intensive than Blowfish, which may
make it less suitable for resource-constrained environments but offers higher security
guarantees.
 Blowfish, on the other hand, is simpler and faster, making it more suitable for applications
where speed and efficiency are paramount and security requirements are less stringent.

Case Project 3.5

Algorith Diges Round Block Creator Derived Strengths Weaknesses

m t Size s Size From
MD5 128 64 512bits Ronald MD4 Fast Vulnerable to
bits Rivest computation collision attacks,
speed, considered
widely cryptographicall
supported, y broken, should
good for not be used for
checksums new applications
and integrity
verification
SHA-1 160 80 512bits National MD4 Widely used, Vulnerable to
bits Security and well-studied, collision attacks,
Agency MD5 still considered weak
(NSA) relatively for
secure for cryptographic
some purposes
applications
SHA-256 256 64 512bits National SHA-1 Offers More
bits Security stronger computationally
Agency security than intensive
(NSA) SHA-1, compared to
resistant to SHA-1
collision
attacks,
widely used
in blockchain
and
cryptographi
c
applications
SHA-512 512 80 1024bit National SHA- Provides Requires more
bits s Security 256 higher computational
Agency security due resources and
(NSA) to longer may be slower
hash length, than SHA-256
resistant to
collision
attacks,
suitable for
critical
security
applications
RIPEMD- 160 80 512bits Hans RIPEM Good Less widely used
 160 bits Dobbertin, D balance compared to
Antoon between SHA algorithms,
Bosselaers security and may have lower
, Bart performance, security margin
Preneel resistant to compared to
collision SHA-256 and
attacks SHA-512

Case Project 3.6

The concept of the One-Time Pad (OTP) was initially developed by Gilbert Vernam and Joseph
Mauborgne in 1917, during World War I. They proposed the idea of using a stream cipher with a key
that is as long as the plaintext and is used only once, providing perfect secrecy if the key is truly
random and kept secret. The first practical implementation of OTP was later developed by Vernam
and his colleague, Captain Joseph O. Mauborgne, in the form of the Vernam Cipher, which was used
by the United States military for secure communication during World War II.

During World War II, OTPs were primarily used by military and intelligence agencies for securing
highly sensitive communications, including strategic military planning, diplomatic correspondence,
and espionage operations. The security of OTPs made them ideal for protecting classified information
and ensuring secrecy in critical wartime communications.

Today, OTPs are rarely used in practice for general-purpose communication due to several practical
limitations. One major challenge is key distribution, as securely distributing the one-time pads to both
parties can be logistically complex, especially over insecure communication channels. Additionally,
storing a large number of one-time pads for long-term communication can be impractical and
resource-intensive.

However, OTPs still find applications in specialized scenarios where utmost security is paramount.
For example, OTPs are used in some military and diplomatic communications, as well as in certain
high-security environments such as nuclear launch codes and secure communication between
intelligence agencies. In these contexts, where the highest level of security is required and key
management challenges can be adequately addressed, OTPs remain a practical and effective
encryption method.

In conclusion, while OTPs offer unparalleled security and have been historically used for securing
highly sensitive communications, their practicality for general-purpose communication is limited by
challenges such as key distribution and storage. However, in specialized scenarios where security is of
utmost importance and key management challenges can be overcome, OTPs continue to be a viable
encryption solution.