Chapter 3 Cryptography - Pps

Chapter 3
Cryptography
14 Marks
Ganesh N. Jorvekar
1 Ganesh N.Jorvekar April 22, 2024

Cryptography
 Cryptography is the art and science of achieving
security by encoding messages to make them non-
readable.
Book Of Cryptographic R#5%^”;p0s89-

Security
Securit system $*-233409llgh
This process is
systematic & well-
structured

Cryptography
• Plaintext: This is the original message
(readable/understandable).
• Encryption algorithm: Performs various substitutions and
transformations on the plaintext.
• Secret key: key is a value independent of the plaintext and
of the algorithm, used to produce a different output
depending on the specific key
• Ciphertext: This is the scrambled message produced as
output. Depends on plaintext and key.
• Decryption algorithm: reverse of encryption, it takes
ciphertext and key to obtain original message

Symmetric Encryption

or conventional / private-key / single-key

sender and recipient share a common key

Requirements

two requirements for secure use of
symmetric encryption:
 a strong encryption algorithm
 a secret key known only to sender / receiver

mathematically have:
Y = E(K, X)
X = D(K, Y)
where X-plaintext, Y-ciphertext, K-key, E-
encryption algorithm & D-Decryption algorithm

Cryptanalysis

Codebreaking

Cryptanalysis is the technique of decoding ciphertext
back to plaintext without knowing how they were
initially converted & key used
R#5%^”;p0s89- Book Of
$*-233409llgh Cryptanalysis Security
This process is
trial & error based

Cryptology
 It is a combination of cryptography and cryptanalysis
CRYPTOGRAPHY CRYPTANALYSIS CRYPTOLOGY

Plain Text- Clear Readable Text
Cipher Text- Unreadable Text
Algorithms for encryption and decryption
Hi there !!
ENCRYPTION
ALGORITHM
m/okuG
m/okuG DECRYPTION
ALGORITHM
Hi there !!

Sender Receiver
Plaintext Plaintext
Encryption Decryption
Ciphertext Ciphertext
Internet

Symmetric Cryptography
 In symmetric cryptography same key is used for
encryption and decryption.
 Also called conventional / Classical / Single key/
Private key.
 Sender and receiver shares common key, which must
kept secret
 i.e the key is known to only sender and receiver.

 Sender and receiver must agree on key before they
start communicating.

• To communicate with different parties, need separate
key for each channel.
• Maintaining no of keys is tedious.
• Key Distribution problem in Symmetric key
cryptography
• Requires a secure channel to distribute key

 Two requirement of secure use of conventional
encryption
1. A strong encryption algorithm required
2. Sender and receiver must have obtained the copies of
secrete key in a secure fashion.

X
Cryptanalyst
K
X
Message X Encryption Decryption
Destination
Source Algorithm Y=E(K,X) Algorithm
Secure Channel
Key

 Cryptographic systems are characterized
along three independent dimensions
1. The type of operation used for transforming
plaintext to ciphertext
2. The number of keys used
3. The way in which the plaintext is processed.

Encryption algorithms divided as –
Block cipher
– A block cipher is an encryption/decryption
scheme in which a block of plaintext is treated as
a whole and
– Used to produce a ciphertext block of equal
length.
– Encrypts block of data typically 64 bit/ 128 bit,
using a complex encryption algorithm
– A block cipher encrypts blocks belonging to the
same data under a common key
– Security is dependent of design of encryption
algo.
Stream cipher
– Encrypts a digital data stream one bit or one byte

at a time.
– Uses simple encryption function (bitwise EXOR)
– A stream cipher encrypts under a constantly
changing key stream.
– Security of stream cipher relies on the design of the
key stream generator.

Asymmetric Cryptography
• Each party contain two keys.
– Public key & private key.
• One key used for encryption and another,
different key for decryption.
• Also known as public key cryptography.
• Sender send message encrypting with
receivers public key.
• Receiver decrypt using private key.
Asymmetric Cryptography

Substitution Techniques

CAESAR CIPHER :
• Was Developed By Julius Caesar.
• the characters of plain text message are replaced
by other characters, numbers or symbols.
• Example :If each alphabet in a message is
replaced by an alphabet 3 place down the line
then
PLAIN TEXT: ABC
KEY: 3
CIPHER TEXT: DEF

Caesar’s Cipher
plaintext: meet me after the toga party
ciphertext:PHHW PH DIWHU WKH WRJD SDUWB
A B C D E F G H I J K LM N O P Q R S T U V W X Y Z
D E F G H I J K LM N O P Q R S T U VW X Y Z A B C

Caesar’s Cipher
 Assign numbers to alphabets
A B C D E F G H I J K L M
0 1 2 3 4 5 6 7 8 9 10 11 12
N O P Q R S T U V W X Y Z
13 14 15 16 17 18 19 20 21 22 23 24 25
For encryption, C = E(k, p) = (p + k) mod 26
Ex. D=3, k=3, C=(3+3) mod 26, Cipher=6, Cipher=G
For Decryption, p = D(k, C) = (C - k) mod 26
Ex. Cipher(C)=G=6, k=3, P=(6-3) mod 26 = plain=3=D

Examples
1. Come Home Tomorrow
2. Meet me after toga party
3. We are discovered. Flee at once
4. Attack is postponed till tomorrow

• If cipher text is a
Caesar cipher, then a
brute-force
cryptanalysis is
easily performed:
simply try all the 25
possible keys.

Mono-alphabetic Cipher

Major Weakness of Caesar Cipher is its
predictability

Here, Random Substitution is used.

In the plaintext message each A is replaced with any
alphabet i.e. B….Z.& each B replaced with any
alphabet A or C...Z

Homophonic Substitution Cipher

One plain text alphabet can map to more than one
cipher text alphabet.

A can be replaced by [D,H,P,R] and B can be
replaced by [E,I,Q,S].

Polygram Substitution Cipher

PolyGram Substitution Cipher Technique replaces
one block of plain text with a block of cipher text.

It does not work on a Character-by-Character basis.

Example:
HELLO POLYGRAM SUBSTITUTION YUQQW
HELL POLYGRAM SUBSTITUTION TEUI

Polyalphabetic Substitution Cipher

It is made up of multiple simple substitution cipher.

This method uses multiple one character keys.

Each of key encrypts one plaintext character.

First key encrypts first plaintext character, second
key encrypts second plain text character and so on.

English Letter Frequencies

Playfair Cipher
 first described by Charles Wheatstone in 1854, it is
named after Lord Playfair, who heavily promoted
 Encrypts pair of letters (digraphs)
 Playfair is harder to break, frequency analysis can still
be undertaken but on the 25X25 = 625 digraphs rather
25 monographs.

1. Creation & Population matrix
 First draw up a Polybius square.
 5 X 5 matrixes used to store keyword & used as key
 Rules to store data in 5 X 5 matrix
 Enter the keyword in row wise fashion from left to right
 If any duplicate letter found then drop it
 Fill the remaining space with alphabets from a – z
M A T R I
X B C D E
Keyword : Matrix
F G H K L
N O P Q S
U V W Y Z
2. Encryption
 Plain text message is broken down in pairs
1. If both letters are the same (or only one letter is left),
add an "X" after the first letter.
2. If the letters appear on the same row of your table,
replace them with the letters to their immediate right
respectively
3. If the letters appear on the same column of your table,
replace them with the letters immediately below
respectively
4. If the letters are not on the same row or column, replace
them with the letters on the same row respectively but
at the other pair of corners of the rectangle defined by
the original pair.
Playfair Cipher Example 1
 Plaintext – “hide the gold in the tree P L A Y F
stump” I R E X M
 Keyword – playfair example B C D G H
1. Matrix K N O Q S
2. Encryption Rule 1 T U V W Z

P L A Y F
I R E X M
B C D G H
K N O Q S
T U V W Z

Playfair Cipher Example 2
 Plaintext – “THE SCHEME REALLY WORKS”
 Keyphrase – alpha beta gamma

Hill Cipher
 Invented by Lester S. Hill in 1929
 It is digraph cipher it acts on group of letters.
 It is extendable o work on different sized blocks of
letters.
 So it works on digraphs, trigraphs, or any sized
block
 first time linear algebra (matrices) used in
cryptography
 It also makes use of modulo.

Hill Cipher
 Plaintext message is broken into blocks of size m.
 Key in hill cipher is an m x m matrix of integers
between 0 and 25.
 We use mapping, A=0, B=1,…Z=25.
 Let p1,p2,…,pm be the numeric representation of
characters in plaintext and
 c1, c2,…,cm represent the corresponding characters in
ciphertext
 For encryption C = P . K
 We then perform matrix multiplication modulo the
length of alphabet (26)
Hill Cipher
 At the receiver end decryption is performed using
 P = c . K-1
 Not e : not all matrices have inverses. Decryption will
fail if K is singular.
 Ex. Plaintext – “short example”

 Keywork – HILL
 Matrix – 2 X 2
Ciphertext -

Simple Columnar Transposition
 The message is written in rows of fixed length
and read out column by column
 Length is defined by key/keyword
 Plain text message : come home tomorrow
Column1 Column2 Column3 Column4 Column5 Column6
c o m e h o
m e t o m o
r r o w
cipher text CMROERMTOEOWHMOO

Simple Columnar Transposition
Plaintext- attack postponed until two am

Key: 4312567
Column Out 3 4 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

Exercise
1. Plain text - “WE ARE DISCOVERED. FLEE AT
ONCE”
Key- 142635
2. Plain text – “keep eye on line of control”
Key- alpha
3. Final attack is on five hundred hrs, prepare
for it.
Key - 3516472

Plain text - “WE ARE DISCOVERED. FLEE AT ONCE”
Key- 142635 Length=6
1 4 2 6 3 5
W E A R E D
I S C O V E
R E D F L E
E A T O N C
E
Ciphertext - WIREE ACDT EVLN ESEA DEEC ROFO

Double Columnar Transposition
Plaintext- attack postponed until two am
Key: 4312567
Column Out 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
Column Out 4 3 1 2 5 6 7
Plaintext: t t n a a p t
m t s u o a o
d w c o i x k
n l y p e t z
Ciphertext: NSCYAUOPTMDNTTWLAOIEPAXTTOKZ
One Time Pad
 Symmetric technique
 In one time pad a random key that is as long as the
message, so that the key need not be repeated.
 the key is to be used to encrypt and decrypt a single
message
 Each new message requires a new key of the same
length as the new message
 one-time pad, is unbreakable technique
 It produces random output that bears no statistical
relationship to the plaintext.
 Main problem of sharing a secret key
One Time Pad
 One time pad is created by generating a character or
number string using any random number generator.
 At the time of encryption one character from msg is
encrypted at a time.
 In computer every bit in this string XOR with the bits
in secret key.

Steganography
 An alternative to encryption
 Hides secret message within ordinary message
 Using only a subset of letters/words in a longer
message marked in some way
 Using invisible ink
 Hiding in graphic image or sound file
 A simple form arrangement of words or letters within
an apparently text spells out the real message
 Ex the sequence of first letters of each word of the
overall message spells out the hidden message.

Steganography

In modern digital steganography, data is first
encrypted & then inserted into part of particular file
(jpg image)
Cove- Hidden Stego-

media Data key Stego-medium
• Cover media - a file/data in which msg is hidden

• Redundant bits- can be modified without loosing
mediums integrity.
• Stego-key – used to hide data in cover media
Steganography

Drawback – lot of overhead to hide a relatively few
bits

Once the system discovered, it becomes worthless.

Digital Signature
 Used to authenticate the identity of the sender or
signer of a document.
 It has ability to ensure that content of message are
unchanged.
 It provides no repudiation .
 It can be used with encrypted msg or plaintext
 It is based on hashing and asymmetric cryptography.
 Digital certificate contains digital signature of the
certificate issuing authority.

Digital Signature
 have looked at message authentication
 digital signatures provide the ability to:
 verify author, date & time of signature
 authenticate message contents
 Is an electronic signature
 Sender can not easily repudiate (reject)
 Digital signature is based upon hashing and
 asymmetric cryptography.

Digital Signature
 A key generation algorithm G that randomly
produces a “key pair” (PS, SK) for the signer.
 A signing algorithm S that on input of msg m and
signing key SK, produces a signature
 A signature verifying algorithm key PK, and a
signature, either accepts or rejects.
PK
Digital
M H h E Signature
M – Message H – Hash function h – hash code/message digest
E – Encryption algorithm SK – Signing key/private key
Digital
Signature
Model

Digital Signature - Advantages
 Authentication
 Used to authenticate the source of message
 When ownership of a digital signature secret key is bound
to specific user.
 A valid signature shows that the msg sent by that user.
 Integrity
 If a msg is digitally signed, any change in the msg will
invalidate the signature.
 Furthermore there is no efficient way to modify a msg and
its signature to produce new msg with valid signature.

Digital Signature – Disadvantages
 Algorithms & protocols of digital signature will not
provide certainty about the date and time
 The sender might / might not have included a time
stamp with signature.

Non-repudiation
 Repudiation refers to act of disclaiming responsibility
for a message.
 Recipient may insist the sender attach signature to
make repudiation more difficult.
 Loss of users private key will mean that all digital
signatures using key & form user are suspect.
 CA maintain a public repository of public key so the
association user key is certified and signature cannot
be repudiated.

Authentication Protocols
 CHAP (Challenge Handshake Authentication Protocol)
 EAP (Extensible Authentication Protocol)
 PAP (Password Authentication Protocol)
 SPAP (Shiva Password Authentication Protocol)
 DES (Data Encryption Standard)
 RADIUS (Remote Authentication Dial-in User Service)
 S/KEY
 TACACS (Terminal Access Controller Access Control
System)
 MS-CHAP (MD4)
 SKID

CHAP : Challenge Handshake Authentication
Protocol
 Used by servers to validate identity of remote clients
 Verification is done by 3 way handshake
 After establishment of link, server sends a challenge
message to client. Client respond with a value obtained
using one way hash function.
 Server compares the response
 If the value matches, then authentication acknowledged,
else connection is terminated.

EAP Extensible Authentication Protocol
 Used for wireless network & point to point connection
 Supports various authentication mechanisms like
tokens, certificate, one time password
 In EAP protocol
 A user requests connection to WLAN through an access
point.
 Then the access point requests identification (ID) data from
the user and transmits that data to an authentication
server.
 The authentication server then request the access point for
proof of the validity of the ID.
 After the verification from the user, access point sends it
back to the authentication server and the user is connected
to the network.
PAP: Password Authentication Protocol.
 It is used by Point to Point Protocol to validate users
before allowing them access to server resources.
 In this protocol, a user’s name and password are
transmitted over a network and compared to a table of
name-password pairs.
 It is a two way handshaking protocol.
 Client sends username and password.
 Server sends “authentication-ack”, if credentials are OK or
“authentication-nak”.

SPAP Shiva Password Authentication
Protocol
 it is an encrypting authentication protocol used by
Shiva remote access servers.
 SPAP offers a higher level of security than other
authentication protocols such as PAP, but it is not as
secure as CHAP

DES: It is a Data Encryption Standard
 DES is the classic among the symmetric block cipher
algorithms.
 DES was developed in the 1970s as a US-government
standard for protecting non-classified information.
 DES encrypts 64-bit clear-text blocks under the control
of 56-bit keys.
 Each key is extended by a parity byte to give a 64-bit
working key.
 It uses both substitutions as well as transposition
techniques of cryptography.

RADIUS: Remote Authentication Dial-In
User Service protocol
 It is a client/server protocol and used for
authentication and authorization of users who are
dialing in remotely to servers on the network.
 RADIUS client sends username and encrypted password
to the RADIUS server.
 RADIUS server responds with Accept, Reject, or
Challenge.
 The RADIUS client acts upon services and services
parameters bundled with Accept or Reject.

S/KEY:
 It is a one-time password system developed for
operating systems like UNIS.
 One-time password allows you to log on only once
with a password, after which that password is no
longer valid.
 Instead of memorizing passwords, list of
passwords are given and that may be maintained
by hardware device.
 Each time you login, you ask the hardware device
for the next password.

TACACS: It is a Terminal Access Controller
Access Control System
 It is an older authentication protocol used mainly in
UNIX networks.
 It allows a remote access server to pass a user’s login
password to an authentication server to check
whether access can be allowed to a given system or
not.
 TACACS is an encryption protocol and therefore less
secure.

MS-CHAP(MD4)
 It is a Microsoft Challenge Handshake Authentication
Protocol (MS-CHAP).
 It is based on CHAP and was developed to authenticate
remote Windows-based workstations.
 It uses the Message Digest 4 (MD4) hashing algorithm
and the Data Encryption Standard (DES) encryption
algorithm to generate the challenge and response.
 It also provides mechanisms for reporting connection
errors and for changing the user’s password.
 It only works on Microsoft Systems.

SKID (SKID2 and SKID3):
 SKID2 and SKID3 are secrete key identification
protocols.
 SKID2 provides unilateral entity authentication
whereas SKID3 provides mutual entity authentication.

Digital Signature Standard (DSS)
 For performing digital signature of any message or
documents, some standard is required.
 It is published by NIST in 1991. (national security agency)
 DSS used for generation of digital signature, for this DSS
specifies an appropriate Digital Signature Algorithm (DSA).
 In DSS the message digest of a document is calculated using
secure hash algorithm-1(SHA-1).
 Using this algorithm a signature is generated, which
includes a pair of large number which is represented in the
form of strings of binary digits.
 The DSA algorithm has three parts-key generation,
signature generation and signature verification.
Digital Signature Standard (DSS)
 Using user‘s private key, a signature is generated.
 Sender‘s public key is used for the verification of
signature. Anyone can verify the signature of a sender.
 After that, the sender sends the signature with the
message to the receiver.
 The receiver is first intended to verify the signature
using sender‘s public key.
 The recipient should use the same hash function to
calculate the message digest of the received message.
 The Hash function is specified in a separate standard,
the secure Hash Standard (SHS).

Chapter 3 Cryptography - Pps

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Chapter 3 Cryptography - Pps

Uploaded by

Copyright:

Available Formats

Chapter 3

1 Ganesh N.Jorvekar April 22, 2024

Book Of Cryptographic R#5%^”;p0s89-

2 Ganesh N.Jorvekar April 22, 2024

3 Ganesh N.Jorvekar April 22, 2024

4 Ganesh N.Jorvekar April 22, 2024

5 Ganesh N.Jorvekar April 22, 2024

6 Ganesh N.Jorvekar April 22, 2024

CRYPTOGRAPHY CRYPTANALYSIS CRYPTOLOGY

7 Ganesh N.Jorvekar April 22, 2024

Algorithms for encryption and decryption

8 Ganesh N.Jorvekar April 22, 2024

9 Ganesh N.Jorvekar April 22, 2024

10 Ganesh N.Jorvekar April 22, 2024

11 Ganesh N.Jorvekar April 22, 2024

12 Ganesh N.Jorvekar April 22, 2024

13 Ganesh N.Jorvekar April 22, 2024

14 Ganesh N.Jorvekar April 22, 2024

15 Ganesh N.Jorvekar April 22, 2024

– Encrypts a digital data stream one bit or one byte

17 Ganesh N.Jorvekar April 22, 2024

19 Ganesh N.Jorvekar April 22, 2024

20 Ganesh N.Jorvekar April 22, 2024

21 Ganesh N.Jorvekar April 22, 2024

22 Ganesh N.Jorvekar April 22, 2024

23 Ganesh N.Jorvekar April 22, 2024

24 Ganesh N.Jorvekar April 22, 2024

25 Ganesh N.Jorvekar April 22, 2024

26 Ganesh N.Jorvekar April 22, 2024

HELLO POLYGRAM SUBSTITUTION YUQQW

HELL POLYGRAM SUBSTITUTION TEUI

27 Ganesh N.Jorvekar April 22, 2024

28 Ganesh N.Jorvekar April 22, 2024

29 Ganesh N.Jorvekar April 22, 2024

30 Ganesh N.Jorvekar April 22, 2024

33 Ganesh N.Jorvekar April 22, 2024

34 Ganesh N.Jorvekar April 22, 2024

35 Ganesh N.Jorvekar April 22, 2024

36 Ganesh N.Jorvekar April 22, 2024

 Ex. Plaintext – “short example”

38 Ganesh N.Jorvekar April 22, 2024

cipher text CMROERMTOEOWHMOO

Plaintext- attack postponed until two am

40 Ganesh N.Jorvekar April 22, 2024

41 Ganesh N.Jorvekar April 22, 2024

Ciphertext - WIREE ACDT EVLN ESEA DEEC ROFO

42 Ganesh N.Jorvekar April 22, 2024

45 Ganesh N.Jorvekar April 22, 2024

46 Ganesh N.Jorvekar April 22, 2024

Cove- Hidden Stego-

• Cover media - a file/data in which msg is hidden

48 Ganesh N.Jorvekar April 22, 2024

49 Ganesh N.Jorvekar April 22, 2024

50 Ganesh N.Jorvekar April 22, 2024

53 Ganesh N.Jorvekar April 22, 2024

54 Ganesh N.Jorvekar April 22, 2024

55 Ganesh N.Jorvekar April 22, 2024

56 Ganesh N.Jorvekar April 22, 2024

57 Ganesh N.Jorvekar April 22, 2024

58 Ganesh N.Jorvekar April 22, 2024

60 Ganesh N.Jorvekar April 22, 2024

61 Ganesh N.Jorvekar April 22, 2024

62 Ganesh N.Jorvekar April 22, 2024