File 1

1. Define cryptography. List four main objectives of modern cryptography. Briefly discuss the parts
of a cryptographic system.

 Cryptography is the study of secure communications techniques over un-trusted communication

channel that allow only the sender and intended recipient of a message to view its contents.

 The term ‘cryptography’ is derived from the Greek word kryptos, which means “secret
writing”.

 We can define cryptography as:

 Cryptography is a physical process that scrambles information by rearrangement and

substitution of content, making it unreadable to anyone except the person capable of
unscrambling it.

 Modern cryptography concerns itself with the following four objectives:

 Confidentiality: The information cannot be understood by anyone for whom it was not
intended.

 Integrity: The information cannot be altered in storage or transit between sender and
intended receiver without the alteration being detected.

 Non-repudiation: The creator/sender of the information cannot deny at a later stage

their intentions in the creation or transmission of the information.

 Authentication: The sender and receiver can confirm each other's identity and the
origin/destination of the information.

 Generally, all cryptographic processes have four basic parts:

1. Plaintext

2. Ciphertext

3. Cryptographic Algorithm

4. Key

Encrypt Decrypt
Plaintext/ Cipherte Decrypted
Cleartext xt text/
Plaintext
Happy Valentine’s Gzoox Happy Valentine’s
Day Uzkdmshmd’r Czx Day

Sender: Recipient:
Alice Bob
2. Illustrate the general idea behind symmetric-key and asymmetric-key cryptography.

 To create the ciphertext from the plaintext, Alice uses an encryption algorithm and a shared
secret key.

 To create the plaintext from ciphertext, Bob uses a decryption algorithm and the same secret
key.

 Figure below illustrates the single-key encryption.

Asymmetric:

 Asymmetric-key cryptography uses two separate keys: a private key and a public key.

 Both sending and receiving entity have their own key pairs, where one key (usually public key) is
used to encrypt message and another key (usually private key) is used to decrypt message. In
other words, a message encrypted with a public key can be decrypted only with the
corresponding private key.

 Alice uses Bob’s public key to send encrypted message to Bob.

 Bob uses his private key to decrypt message sent by Alice.

 Bob needs only one private key to receive all correspondence from anyone in the community,
but Alice needs n public keys to communicate with n entities in the community, one public key
for each entity.

 In asymmetric-key cryptography, plaintext and ciphertext are treated as integers. Before

encryption, the message must be encoded as an integer (or a set of integers). The integer (or set
of integers) must be decoded into the message after decryption.

 Figure below illustrates the general idea behind asymmetric-key cryptography.

 3. Differentiate between symmetric-key and asymmetric-key cryptography.

Key-point Symmetric-key Asymmetric-key

Invention More than 2000 years (at least in primitive form) In the mid 1970’s
No. of key(s) used Symmetric-key cryptography uses a single shared Asymmetric-key cryptography uses two
secret key. separate keys: one private and one public.
s same key used for Symmetric-key cryptography is based on sharing but asymmetric-key cryptography is based
both encryption and secrecy, i.e., both the sender and receiver posses on personal secrecy, i.e., both the sender
decryption? the same single private key that must be shared and receiver posses two key: One is the
between them. private key of the sender and another is
the public key of the receiver. The same is
applicable for the receiver.
Key length This approach uses shorter keys This approach uses longer keys
Not so easy, since both the sender and receiver Easy, because only the public key is to be
posses the same key. distributed which is open to all.
Does it support Digital No Yes
Signature?
Does it support non- No, because both parties have the same key. Yes
repudiation
requirement?
Nature of plaintext and In symmetric-key cryptography, the plaintext and But in asymmetric-key cryptography, the
ciphertext ciphertext are thought of as a combination of plaintext and ciphertext are numbers.
symbols (characters or bits).

More secure? Symmetric-key cryptography is based on Asymmetric-key cryptography is based on

substitution and/or permutation of symbols applying mathematical functions to
(characters or bits). numbers.

Speed of operation No, because both parties have the same key for Yes, since only one party needs to know
encryption and decryption purposes. The key is the private key, and if a third party knows
not to be leaked to outsider and should be the public key, it does not compromise
changed often to ensure security. the security of the message.

Speed of operation Faster, since it can be implemented easily in most Relatively slower, since it takes time to
hardware compute.
4. How does asymmetric-key cryptography provide message confidentiality and prove the authenticity
of the message originator?

 In the symmetric-key cryptography, the same key is used to both encrypt and decrypt message.
 An analogy that can be used to understand the advantages of an symmetric system is to imagine
two people, Alice and Bob, who are sending a secret message through the public mail. In this
example, Alice wants to send a secret message to Bob, and expects a secret reply from Bob.

 With a symmetric key system, Alice first puts the secret message in a box, and locks the box
using a padlock to which she has a key. She then sends the box to Bob through regular mail
(encryption).

 When Bob receives the box, he uses an identical copy of Alice's key (which he has somehow
obtained previously, maybe by a face-to-face meeting) to open the box, and reads the message
(decryption). Bob can then use the same padlock to send his secret reply.

 The problem with this method is how to give Bob a copy of the key that Alice used.
 To create the ciphertext from the plaintext, Alice uses an encryption algorithm and a shared
secret key.

 To create the plaintext from ciphertext, Bob uses a decryption algorithm and the same secret
key.

5. What services are provided by cryptography? What is Three Pass protocol? Give an illustration.

Cryptographic Services includes ICSF, PKI Services, OCSF, and System SSL, and provides cryptographic
functions for data secrecy, data integrity, personal identification, digital signatures, and the
management of cryptographic keys.

 Besides symmetric-key and asymmetric-key cryptography, there is

another protocol that one can use to send sensitive information across
an insecure network. This protocol is called three-pass protocol which
does not involve sending keys across the network.
 An analogy can help explain the three-pass protocol:
 If Alice wants to send a secret message to Bob, she can
send it in a box with his padlock.
 When Bob receives the box, he sends it back to Alice
with a padlock of his own.
 After receiving the box, Alice removes her padlock and
returns the box to Bob.
 Bob can now open the box because it has only his
padlock on it.
 File: 02
1. Define binary operation with example. Why division is not a binary
operation?
A binary operation takes two inputs (e.g. a and b) and creates one output (e.g.
c).
 In cryptography, we are interested in three binary operations
applied to the set of integers: addition, subtraction and
multiplication.

 The following examples shows the results of the three binary operations on
two integers.
 Because each input can be either positive or negative, we can have four
cases for each operation.

 Division is not a binary operation, because it produces two output instead of one (q and
r). We can call it division relation.
 File: 04
1. What is DES? Draw the function block diagram of DES algorithm.
 The Data Encryption Standard (DES) is a symmetric-key block cipher
published by the National Institute of Standards and Technology
(NIST).
 In 1973, NIST published a request for proposals for a
national symmetric-key cryptosystem.
 A proposal from IBM, a modification of a research project
called Lucifer, was accepted as DES.
 DES was published in the Federal Register in March 1975 as
a draft of the Federal Information Processing Standard
(FIPS).
 After the publication, IBM sought technical advice from the
National Security Agency (NSA) for the modification of
Lucifer.
 The modified version of LUCIFER was put forward as a proposal for the
new national encryption standard requested by the National Bureau of
Standards (NBS, now known as the National Institute of Standards and
Technology, NIST). It was finally adopted in 1977 as the Data
Encryption Standard -DES (FIPS PUB 46).
 Some of the changes made to LUCIFER have been the subject of much
controversy even to the present day for two reasons:
 First, the critics questioned the small key length (only 56
bits) which could make the cipher vulnerable to brute-force
attack. Even though DES actually accepts a 64 bit key as
input, the remaining eight bits are used for parity checking
and have no effect on DES’s security.
 Second, critics were concerned about some hidden design
behind the internal structure of DES. They were suspicious
that some part of the structure (e.g. the S-boxes) may have
some hidden trapdoor that would allow the NSA to decrypt
the message without the need for the key.
2. Describe four stages of round function f(x,k) used in DES.
 The heart of DES is DES round function.
 The round function mixes the bits of the right (R) portion using the
subkey for the current round.
 It applies a 48-bit key to the rightmost 32 bits (Ri-1) to produce a 32-
bit output.
 All noninvertible elements in DES are collected inside the round
function f(Ri-1,Ki)
 This function is the main part of every round and consists of four
sections:

1. An expansion P-box (E-box, for 32 bit to 48 bit conversion)

2. A whitener (Exclusive-or that adds key)
 3. A group of S-boxes (for 48 bit to 32 bit conversion)
4. A straight permutation P-box

3. What do you mean by Feistel and Non-Feistel ciphers? Give examples.

Feistel ciphers:

In 1973, Feistel designed a very intelligent and interesting cipher that has been
used for decades. Several block ciphers are based on the Feistel structure.

This type of ciphers use both invertible and noninvertible components.

A Feistel cipher can have three types of components: self-invertible, invertible, and
noninvertible.

A Feistel cipher combines all noninvertible elements in a unit (called mixer) and
uses the same unit in the encryption and decryption algorithms.
The block cipher DES, IDEA, RC5 (Rivest’s Cipher) are good examples of a Feistel
cipher. But Feistel design is not used in AES.

Non-Feistel ciphers:

This type of ciphers use only invertible components.

A component in the encryption cipher has the corresponding component in

the decryption cipher.

For example, S-boxes need to have an equal number of inputs and outputs
to be compatible. No compression or expansion P-boxes are allowed,
because they are not invertible.

In a non-Feistel cipher, there is no need to divide the plaintext into two

halves as we saw in the Feistel ciphers.
The block cipher AES is a good example of a non-Feistel cipher.

4. What do you mean by Confusion and Diffusion?

Diffusion:

The idea of diffusion is to hide the relationship between the ciphertext and
the plaintext. That is, the statistical relationship between the plaintext and
ciphertext is made as complex as possible in order to thwart attempts to
deduce the key. This will frustrate the adversary who uses ciphertext
statistics to find the plaintext.

Diffusion implies that each symbol (bit) in the ciphertext is dependent on

some or all symbols in the plaintext. In other words, if a single symbol in the
plaintext is changed, several or all symbols in the ciphertext will also be
changed.

Confusion:

The idea of confusion is to hide the relationship between the ciphertext and
the key. That is, the relationship between the ciphertext and the key is made
as complex as possible in order to thwart attempts to discover the key. This
will frustrate the adversary who tries to use the ciphertext to find the key.

In other words, if a single bit in the key is changed, most or all bits in the
ciphertext will also be changed.

5. What is RSA? Briefly describe three steps involved in RSA algorithm with an illustration.

RSA is the most commonly used public-key cryptography algorithm, which

uses prime factorization as the trapdoor one-way function. That is, it is
based on the presumed difficulty of factoring large integers.
It is named so after the surnames of its inventors Ron Rivest, Adi Shamir,
and Leonard Adleman of the Massachusetts Institute of Technology (MIT).

It was first published in 1978.

The RSA algorithm involves three steps:

 Key generation (Generating public and private
key)
 Encryption (Encrypting the message)
 Decryption (Decrypting the message)

The keys for the RSA algorithm are generated by the following ways:
 1. Choose two large and distinct prime numbers p and q.
 For security purposes, the integers p and q should be
chosen at random, and should be of similar bit-length.
 In RSA, p and q must be at least 512 bits; n must be at
least 1024 bits.
 Prime integers can be efficiently found using a primality
test.
2. Compute n = p * q
 n is used as the modulus for both the public and private
keys. Its length, usually expressed in bits, is the key
length.
3. Compute the number of integers less than n that are coprime with n
(otherwise known as the totient or Euler’s Phi function):
φ(n) = φ(p*q) = φ(p)* φ(q)=(p - 1) * (q – 1)
4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1;
i.e. e and φ(n) are coprime.
 e is released as the public key exponent (encryption
exponent).
 e having a short bit-length results in more efficient
encryption– most commonly 216 + 1 = 65,537.
However, much smaller values of e (such as 3) have
been shown to be less secure in some settings.
1. Determine the multiplicative inverse d
of e; i.e., compute a value for d such
that it satisfies the relation: (d * e)
mod φ(n) = 1
2. d is kept as the private key exponent
(decryption exponent).
3. d is often computed using the Extended
Euclidean Algorithm.
4. d must be kept secret.
p, q, and φ(n) must also be kept secret because
5.
they can be used to calculate d.
6. The public key consists of the modulus n and the public key exponent
e; i.e., the public key is (e, n).
7. The private key consists of the modulus n and the private key
exponent d; i.e., the private key is (d, n).
8. To encrypt message m using the public key, use the relation:
e
c=m mod n
9. To decrypt c using the private key, use the relation:
d
m=c mod n
Encryption:
 Bob transmits his public key (e, n) to Alice and keeps the private key (d, n) secret.
 Alice then wishes to send message M to Bob.
  The message is encrypted by the following ways:
 Alice first turns message M into an integer m, such that 0 ≤ m < n.
 That is, the message is represented as an integer between 0 and (n-1).
 Large messages can be broken up into a number of blocks. Each block would then be represented
by an integer in the same range.
 After turning the message into integer, Alice then computes the ciphertext c using the following
relation:
c = me mod n
1. After computing ciphertext, Alice then transmits c to Bob.
Decryption:
 Bob can recover m from c by using his private key exponent d using the following relation:
d
m = c mod n
 After having m, Bob can recover the original message M by reversing the padding scheme.
 The encryption, decryption and key generation in RSA
is shown in the figure below.

6. What is P-Box and S-Box? An S-Box used for encryption is given below. If an input to this S-
box is 1111,
then what is the output?
P-Boxes:
 A P-box (permutation box) is a component in a modern block
cipher that transposes bits.
Types of P-Boxes:
 Three types of P-boxes are used in modern block ciphers:
(1) Straight P-Boxes
(2) Expansion P-Boxes
 (3) Compression P-Boxes

S-Boxes:
 An S-box (substitution box) can be thought of as a miniature
substitution cipher.
 However, an S-box can have a different number of inputs and
outputs. In other words, the input to an S-box could be an n-bit
word, but the output can be an m-bit word, where m and n are
not necessarily the same.
 Although an S-box can be keyed or keyless, modem block
ciphers normally use keyless S-boxes, where the mapping from
the inputs to the outputs is predetermined.

File: 05

1. Define digital signature. State the general idea behind it. Why is it needed?
Illustrate the process of signing and verification used in digital signature.

 Digital signature is a digital code that can be attached to

an electronically transmitted message that uniquely
identifies the sender and provides the integrity of the
message.
 It was first proposed in 1976 by Whitfield Diffie
of Stanford University.
 Typically the signature is formed by taking the hash of the
message (called message digest) and encrypting the digest
with the creator’s private key.
 The encrypted message digest is known as a
digital signature.
 The signature is then added at the end of each
message that is to be sent to the recipient.
 The recipient decrypts the signature using
sender’s public key and verifies that the
message digest is correct and the message has
come from the genuine sender. If the
transmitted message is changed, the digital
signature is invalidated.
 Like a written signature on a document, the purpose of a
digital signature is to guarantee that the individual sending
the message really is who he or she claims to be.
Process:

1. Sender generates a message.

2. He/she then creates a “digest” of the message using cryptographic hash function.
3. Sender encrypts the message digest with his/her private key for authentication. This
encrypted message digest is called digital signature.

4. Sender attaches the digital signature to the end of the message that is to be sent. The
message attached with digital signature is known as digitally signed message.

5. The sender encrypts the digitally signed message with the recipient’s public key and
sends it to the recipient.

6. After receiving, the recipient decrypts the entire message with his/her private key.

7. The recipient detaches the message and digital signature.

8. He/she creates a “digest” of the received message using the same hash function the
sender used.

9. The recipient decrypts the digital signature and finds the “digest” that the sender
created.

10. The recipient then compares the two digests. If they are equal, the message is granted,
otherwise it will be rejected.
2. What three purposes are served by a digital signature? Differentiate between conventional signature

and digital signature.

A digital signature serves three important purposes:

1. Provides authentication of the sender
2. Verifies data integrity
3. Provides non-repudiation

Key-point Conventional Signature Digital Signature

a conventional signature is included in But, when we sign a document digitally,

the document; it is part of the we send the signature as a separate
Inclusion document. E.g., when we write a check, document.; a digital signature is a separate
the signature is on the check; it is not a document. The sender sends two
separate document. documents- the message and the signature.
The recipient receives both documents and
verifies that the signature belongs to the
supposed sender. If this is proven, the
message is kept; otherwise, it is rejected.

Verification A conventional signature on a document For a digital signature, the recipient

method is verified by comparing the signature receives the message and the signature.
on it with the signature on file. The recipient needs to apply a verification
technique to the combination of the
message and the signature to verify the
authenticity.
Relationship For a conventional signature, there is For a digital signature, there is a one-to-
normally a one-to-many relationship one relationship between a signature and a
between a signature and documents. A message. Each message has its own
person uses the same signature to sign signature. The signature on one message
many documents. can not be used in another message. For
example, if Bob receives two messages,
one after another, from Alice, he can not
use the signature of the first message to
verify the second. Each message needs a
new signature
Duplicity In conventional signature, a copy of the In digital signature, there is no such
signed document can be distinguished distinction unless there is a factor of time
from the original one on file. (such as a timestamp) on the document.
For example, suppose Alice sends a
document instructing Bob to pay Eve. If
the intercepts the documents and the
signature, she can replay it later to get
money again from Bob.

3. Differentiate between (i) conventional signature and digital signature (ii) MAC Algorithm and Hash
Algorithm (iii) Digital Signature and Cryptosystem

Digital vs cryptosystem:

 A digital signature needs a asymmetric-key cryptosystem. The signer signs the message
with her private key; the verifier verifies it with the signer’s public key.

 A cryptosystem uses the private and public keys of the receiver. On the other hand, a
digital signature uses the private and public keys of the sender.

 A digital signature does not provide confidential communication. But a cryptosystem can
provide the confidentiality of a message.

 A cryptosystem can not provide the authenticity of the message originator, but a digital
signature can.

Mac vs Hash:

 MAC is a technique for message authentication which involves the use of a

secret key to generate from a small block of data, known as a message
authentication code, that is appended to the message.

 This technique assumes that two communicating parties, say Alice and Bob,
share a common secret key KAB. When Alice has a message to send to Bob,
she calculates the message authentication code as a complex function of the
message and the key: MACM = F(KAB, M).
 The message plus code are transmitted to the intended recipient.
 The recipient performs the same calculation on the received message, using
the same secret key, to generate a new message authentication code.
 The received code is compared to the calculated code.

 If we assume that only the receiver and the sender know the identity of
the secret key, and if the received code matches the calculated code, then
1. The receiver is assured that the message has not been altered.
 If an attacker alters the message but does not alter the
code, then the receiver’s calculation of the code will differ
from the received code.
 Because the attacker is assumed not to know the secret key,
the attacker cannot alter the code to correspond to the
alterations in the message.
2. The receiver is assured that the message is from the alleged sender.
 Because no one else knows the secret key, no one else could
prepare a message with a proper code.
3. If the message includes a sequence number (such as is used with X.25,
HDLC, and TCP), then the receiver can be assured of the proper
sequence, because an attacker cannot successfully alter the sequence
number.
3. An alternative to the message authentication code is the one-way hash
function.
 4. A hash function accepts a variable-size message M as input and
produces a fixed-size message digest H(M) as output. The purpose of a
hash function is to produce a “fingerprint” of a file, message, or other
block of data.
5. Typically, the message is padded out to an integer multiple of some
fixed length (e.g., 1024 bits) and the padding includes the value of the
length of the original message in bits.
6. Unlike the MAC, a hash function does not take a secret key as input. To
authenticate a message, the message digest is sent with the message in
such a way that the message digest is authentic.
7.
 Figure below illustrates three ways in which the message can be
authenticated using a hash code.
 The message digest can be encrypted using symmetric key encryption
(part a); if it is assumed that only the sender and receiver share the
encryption key, then authenticity is assured.
 The message digest can also be encrypted using public-key encryption
(part b);
 Part c illustrate a technique, known as a keyed hash MAC where
authentication is done without using encryption. It assumes that two
communicating parties, say A and B, share a common secret key K
which is incorporated into the process of generating a hash code.

4. What is hashing and hash function? What are the importance of hash function? List two widely used
hash functions used in cryptography.

 A hash function is a formula or an algorithm that-

 takes large data sets of variable length as input, and
 returns smaller data sets of fixed length as output.
 Since, the output is smaller than the input data, a hash function compresses an n-bit
message string to create an m-bit string where n is normally greater than m.
 The values returned by a hash function are called hash values, hash codes, hash sums,
checksums or simply hashes.
 Hash function creates hash value in such a way that it is extremely unlikely that some
other text will produce the same hash value.
Importance:
 Cryptographic hash functions have many information security applications, such as in-
 digital signatures
 message authentication codes (MACs)
 other forms of authentication
 Hash functions are primarily used to generate fixed-length output data that acts as a
shortened reference to the original data. This is useful when the output data is too
cumbersome to use in its entirety.
 For example, consider a list of person’s names. Here, name of each person is of variable
length. Searching for a person's name in the list is slow; time required to retrieve each
name may also vary. But if each name could be hashed to a fixed length integer, then
searching and retrieving each name will be performed in faster with constant time.
 Hash functions are also used to accelerate table lookup or data comparison tasks such as
finding items in a database, detecting duplicated or similar records in a large file, finding
similar stretches in DNA sequences, and so on.
 
The two commonly used hash functions are MD5 and SHA-1

5. Briefly describe some desirable properties a cryptographic hash function should have.

 A cryptographic hash function must be able to withstand all known types of cryptanalytic attack.
 A desirable cryptographic hash function should have the following properties:
 A hash function produces a fixed length value from a variable length source.
 It is easy to compute the hash value for any given message.
 Pre-image resistance: Given a hash h, it should be difficult to find any message m such that h =
hash(m). That is, it is infeasible to generate a message that has a given hash.
 A function with this property is called a one-way function.
 Functions that lack this property are vulnerable to preimage attacks.
 Second pre-image resistance: Given a message m1, it should be difficult to find another message
m2 such that m1 ≠ m2 and hash(m1) = hash(m2).
 Functions that lack this property are vulnerable to second-preimage attacks.
 It is infeasible to modify a message without changing the hash.

File 06
1. Define transposition cipher. What are the various types of transposition ciphers?

 A transposition cipher does not substitute one symbol for another, instead it changes the location
of the symbols.
 A symbol in the first position of the plaintext may appear in the ninth position of the ciphertext. A
symbol in the eighth position of the plaintext may appear in the first position of the ciphertext.

Types of Transposition Ciphers:

There are three types of transposition cipher:
- Keyless Transposition Ciphers
- Keyed Transposition Ciphers
- Keyed Columnar Transposition Ciphers or Columnar Transposition Ciphers

File: 07

1. Define two classes of traditional symmetric-key ciphers?

1. Substitution Ciphers

 A substitution cipher replaces one symbol with another. For example, we can replace
letter A with letter D, and letter T with letter Z. If the symbols are digits, we can replace 3
with 7, 2 with 6.
 Substitution ciphers can be categorized as either monoalphabetic ciphers or
polyalphabetic ciphers.

2. Transposition Ciphers:

 A transposition cipher does not substitute one symbol for another, instead it changes the location
of the symbols.
A symbol in the first position of the plaintext may appear in the ninth position of the ciphertext. A symbol
in the eighth position of the plaintext may appear in the first position of the ciphertext. For example, the
plaintext characters “hello” may be encrypted as “elhol”.
2. Define monoalphabetic and polyalphabetic ciphers with example. Suppose you want to encrypt a
message using 47 modulus. What will be the possible key domain if Affine cipher is used?

Monoalphabetic:

 In monoalphabetic substitution, the relationship between a symbol in the plaintext to a

symbol in the ciphertext is always one-to-one.
 That is, a character or symbol in the plaintext is always changed to the same character or
symbol in the ciphertext regardless of its position in the text.
 For example, if letter A in the plaintext is changed to letter D, every letter A is changed to
letter D.
 Additive cipher, Caesar cipher, multiplicative cipher, affine cipher etc. are some
examples of monoalphabetic ciphers.

Plaintext: hello Ciphertext: KHOOR

Polyalphabetic:
 In polyalphabetic substitution, each occurrence of a character may have a different
substitute.
 The relationship between a character in the plaintext to a character in the ciphertext is
one-to-many.
 For example, if letter “a” could be enciphered as “D” in the beginning of the text, but as
“N” at the middle.
 Polyalphabetic ciphers have the advantage of hiding the letter frequency of the undelying
language. Eve cannot use the single-letter frequency statistics to break the ciphertext.
 Autokey cipher, playfair cipher, vigenere cipher, Hill cipher etc. are some examples of
polyalphabetic ciphers.

Plaintext: hello Ciphertext: ABNZF

3. Differentiate between- i) Additive Cipher and Autokey Cipher ii) Additive Cipher and Vigenere
Cipher