APPLIED CRYPTOGRAPHY & INFORMATION SECURITY

Course code: MR23-1CS0402

II Year B. Tech I semester
Regulation: R-23

Prepared by
N. Shalini
Assistant Professor

CYBER SECURITY
MALLAREDDY UNIVERSITY
Maisammaguda, Dulapally, Hyderabad, Telangana 500043
 MODULE – III

Hashing and Message Digests, Message

Authentication
SYLLABUS

Hashing and Message Digests: Cryptographic Hash

Functions- Applications- Simple hash functions and features for
ensuring security – Hash functions based on Cipher Block
Chaining- Secure Hash Algorithm (SHA) - Message Digest -
MD5
Message Authentication: Authentication Systems – Password
and Address – Security Handshake Drawbacks - Authentication
Standards – Kerberos- PKI Trust Models -Message
Authentication Codes (MAC) – Security features- MAC based
on Hash Functions - MAC based on Block Ciphers.
3
 Hashing and Message Digests

A cryptographic hash function is a special type of hash

function that is widely used in computer security, especially in
cryptography.
It takes an arbitrary-sized input (or "message") and returns a
fixed-size string, often referred to as the hash value or digest.
The key property of cryptographic hash functions is that they
are designed to be secure and resistant to attacks.
Properties of Cryptographic Hash Functions:
Cryptographic hash functions must satisfy several essential
properties
4
Hashing and Message Digests

5
 Popular Cryptographic Hash Functions
Here are some widely used cryptographic hash functions:
1. MD5 (Message Digest Algorithm 5):
Produces a 128-bit hash.

2. SHA-1 (Secure Hash Algorithm 1):

Produces a 160-bit hash.

3.SHA-2 Family: Includes SHA-224, SHA-256, SHA-384, and

SHA-512.
SHA-256 produces a 256-bit hash and is widely used in
blockchain and cryptography.
4. SHA-3:Newest member of the Secure Hash Algorithm family,
uses a different construction than SHA-2.

6
Applications of Hash Functions

7
Applications of Hash Functions

8
Applications of Hash Functions

9
Applications of Hash Functions

10
Applications of Hash Functions

11
Applications of Hash Functions

12
Applications of Hash Functions

13
Applications of Hash Functions

14
Applications of Hash Functions

15
Properties of Cryptographic Hash Functions or Simple
hash functions and features for ensuring security
1. Deterministic: same input will always produce the same hash
value.
2. Fixed Output Size:Regardless of the input size, the output
hash has a fixed length (e.g., 256 bits in SHA-256).
3. Preimage Resistance:Given a hash value 𝐻(𝑥), it should be
computationally infeasible to find the original input 𝑥.
4. Second Preimage Resistance: It should be computationally
infeasible to find another input ′x ′ such that the hash of ′x ′ is
the same as the hash of x (i.e., 𝐻(𝑥)=𝐻(𝑥′).
5. Collision Resistance: It should be extremely difficult to find
two distinct inputs 𝑥 and 𝑥′ that produce the same hash value
(i.e., 𝐻(𝑥)=𝐻(𝑥′).
6. Avalanche Effect: A small change in the input (even a single
bit) should produce a significantly different hash output.
7.Fast to Compute: Hash functions should be efficient and fast
to compute, even for large inputs. 16
 Hash functions based on Cipher Block Chaining
modes of operations for a Block Ciphers :Cipher Block
Chaining : In CBC, the previous cipher block is given as input to
the next encryption algorithm after XOR with the original
plaintext block. here, a cipher block is produced by encrypting
an XOR output of the previous cipher block and present
plaintext block.

17
 Hash functions based on Cipher Block Chaining
There are two major categories of hash functions are : dedicated
hash functions and block cipher based hash functions.

hash functions based on Cipher Block Chaining (CBC) utilize

block cipher modes, specifically the CBC mode of operation, to
create a hash or authentication code.

This type of hash function, called CBC-MAC (Cipher Block

Chaining Message Authentication Code), uses a block cipher (like
AES or DES) to ensure data integrity and authenticity.

18
Hash functions based on Cipher Block Chaining

19
 Hash functions based on Cipher Block Chaining

1.Initialization Vector (IV):The first plaintext block

(M1) is XORed with this IV before encryption.
2.Block Encryption:
Each message block (M1, M2, M3) is encrypted using a
block cipher (such as AES).
In CBC mode, before encrypting each block, it is
XORed with the previous ciphertext block. This
introduces dependency between all blocks.
3.Chaining Process:
For the first block, it's IV XOR M1, and the result is
encrypted to get ciphertext C1.
The second block (M2) is XORed with C1, and the
result is encrypted to get ciphertext C2.
20
 Hash functions based on Cipher Block Chaining

This chaining continues until all blocks are processed,

with each block depending on the ciphertext of the
previous one.

4.Final Block (MAC or Hash):

In CBC-MAC, after processing all the blocks, the final
block’s ciphertext (C3 in this case) is treated as the
MAC or the hash value.
This ensures that even a small change in the message
will result in a completely different output, providing
message integrity and authentication.(if it is necessary
the final block is padded to bits)
21
 Hash functions based on Cipher Block Chaining

n AES encryption, padding is required because the

block cipher AES operates on fixed-size blocks of data.
AES uses a block size of 128 bits (16 bytes), meaning
it encrypts data in chunks of 16 bytes. If the plaintext
message is not a multiple of 16 bytes, it needs to be
padded to fit the required block size.

22
 Secure Hash Algorithm(SHA)

• SHA (Secure Hash Algorithm) is a family of

cryptographic hash functions designed by the
National Security Agency (NSA) and published by the
National Institute of Standards and Technology
(NIST).
• The most common variants include SHA-1, SHA-256,
and SHA-512.
• The purpose of these hash functions is to securely
transform an input of arbitrary size into a fixed-size
output (called a digest or hash), commonly used in
digital signatures, message authentication, and
password storage.
23
 SHA 1 Algorithm:

SHA-1:
Message Size: Accepts input of any length.
Block Size: 512 bits (64 bytes).
Output Size: 160 bits (20 bytes).
Structure: It operates by breaking the message into
512-bit blocks and processing each block through 80
rounds of bitwise operations.
Status: Vulnerable to collision attacks (two different
inputs producing the same hash), making it unsuitable
for most cryptographic purposes.

24
 SHA-2 (SHA-256 and SHA-512):

SHA-256:
Message Size: Any length.
Block Size: 512 bits.
Output Size: 256 bits (32 bytes).
SHA-512:
Message Size: Any length.
Block Size: 1024 bits.
Output Size: 512 bits. (64 bytes).
Structure: Both algorithms are part of the SHA-2 family
and operate on blocks of data. They apply complex
mathematical transformations over multiple rounds (64
rounds for SHA-256 and 80 rounds for SHA-512) to
ensure the security of the hash.
25
 Steps of the SHA Algorithm:

SHA algorithms follow a common structure:

26
Secure Hash Algorithm(SHA)

27
Secure Hash Algorithm(SHA)

28
 Secure Hash Algorithm(SHA)
STEP 1:

29
Secure Hash Algorithm(SHA)

30
Secure Hash Algorithm(SHA)

31
Secure Hash Algorithm(SHA)

32
 Secure Hash Algorithm(SHA)
STEP 2:

33
 Secure Hash Algorithm(SHA)
STEP 3:

34
 Secure Hash Algorithm(SHA)
STEP 3:

35
Secure Hash Algorithm(SHA)

36
Secure Hash Algorithm(SHA)

37
Secure Hash Algorithm(SHA)

38
Secure Hash Algorithm(SHA)

39
 Message Authentication:

Message Authentication refers to the process of verifying that a

message, document, or piece of data has been sent by a
legitimate source and has not been altered during transmission.
This is a crucial aspect of securing communications and ensuring
data integrity in various digital systems.

Authentication Systems :
Authentication is a process in which a principal proves that
he/she/it is the entity it claims to be.

➢ Authentication may be based on the principal knows (e.g., a

password) or has (an identity card or passport, for example).
➢ In the case of a human principal, authentication may use
physical characteristics such as voice, a fingerprint, a retinal
scan, or even a DNA sample — this form of authentication is
referred to as biometric authentication. 40
 Message Authentication:

➢ with password-based authentication, an individual is often

expected to communicate his/her password to a verifying entity.
However, in many cases it may not be advisable for the individual
to reveal his/her password.
➢ many authentication systems today use a combination of
techniques. This is referred to as multi-factor authentication.

41
 Message Authentication:

Password and Address:

1. Password based authentication:
• Making use of login-name & password is an easy & cheap
method of authentication, and is the most widely used.
• The passwords and the corresponding usernames are stored
with the server database . Whenever the user enters into the
system, the password entered by the user will be forwarded to
the server and the verification with the database will be
performed and the authentication will be completed.
• The storage of password with the server and the transmission
password from the client to the server may create security
breach. The various types of attacks possible with the
password are discussed below.

42
 Message Authentication:

1.1 On-line vs. off-line guessing: Certain techniques are

cracking the password directly by creating some hackers
programme or by creating the fake login screen. This will attack
the password directly either by using certain permutation
combination or by the support of the dictionary. The passwords
can also be attacked offline by using social engineering
techniques or by casual discussions with the user. The following
are some methods which will attack the password either offline or
online.
i. Direct Approach:
Normally user will select the passwords which can be easily
remembered by them and which are directly related with them.
The intruders will use this loophole and directly attack the
password.

43
 Message Authentication:

ii. Dictionary based attacks:

Hackers may use ready-made dictionaries for checking the
passwords of systems, using special software. This method is
somewhat difficult and time consuming, but not very sure. The
main problem with this method is that the dictionary will be
containing only the meaningful combination of characters,
whereas the password can be of any combination of characters.
The average of success will be very less with this method.
iii. Brute force attacks:
This involves using several combinations of keys such as
alphabets, numbers, special characters etc. for a specific no. Of
digits & comparing or applying them to guess passwords.This
refers to the process of trial and error method with lots of
permutations and combinations. Of course this is most tedious
and time consuming, but surer method of getting passwords.
44
 Message Authentication:

iv. Using fake / login: Sometimes, if the attacker is an insider, or

is someone who can get a direct access, then the attacker may
keep a fake login program running on a terminal, which feels
legitimate to unknown users.

v. Packet sniffing:
As another attempt, attackers may intercept the packets flowing
through the network. Some protocols let out the passwords in
clear text while transmitting, which may be grabbed by attackers
sniffing the packets.

45
 Message Authentication:

1.2 Storing password:

User’s authentication information is individually configured into
every server the user will use. Another location called
authentication storage node, stores user information and
servers retrieve that information when they want to authenticate
the user.
Encrypted password: Normally with any networking system the
password from the node to the server will always travel in a plain
text format. In the same way within the server database also the
password will be stored in a plain text format.
It will be easy for any hacker to crack the password. To avoid this
kind of attack one should keep the password in an encrypted
format. Any encryption method can be used to encrypt the
password.

46
 Message Authentication:

Various methods to prevent from password stealing:

1. One time password:
This is the basic method, which will use different password with
every access. As the passwords are easily cracked by the
systems, this method will help the user to protect the password
from the hackers. Every time the password will change. Before
the hackers use any method to crack the password, the user will
change the password.
2. Encrypted password:
Normally with any networking system the password from the
node to the server will always travel in a plain text format. In the
same way within the server database also the password will be
stored in a plain text format. It will be easy for any hacker to crack
the password. To avoid this kind of attack one should keep the
password in an encrypted format. Any encryption method can be
used to encrypt the password. 47
 Message Authentication:

2. Address based authentication:

Address-based authentication refers to a security technique in
which authentication or access control is based on the IP address
or MAC address of the device trying to access a system or
network. This form of authentication ensures that only requests
from specific, trusted addresses are granted access.
Types of Address-Based Authentication:
i. IP Address-Based Authentication: The system verifies the
identity of users or devices based on their IP address. This is
commonly used to restrict access to specific devices within
trusted networks or locations.
ii. MAC Address-Based Authentication: The MAC address
(unique hardware identifier for network interfaces) of a device
is used to authenticate it. Access is granted only to devices
with approved MAC addresses.
48
 Message Authentication:

i. KDCs (Key Distribution Center):

The KDC plays the role of an intermediary that securely
distributes cryptographic keys between users or systems that
want to communicate. Its primary function is to ensure that secret
keys are exchanged securely over a potentially insecure network,
preventing unauthorized access.
One way to make things manageable is to use a trusted node
known as Key Distribution Center (KDC).The KDC knows keys
for all nodes. If a new node is installed in the network, only that,
new node and the KDC need to be configured with a key for that
node.

49
 Message Authentication:

ii. Certificate Revocation :

Certificate Revocation is the process of invalidating a digital
certificate before its scheduled expiration date. A certificate is
issued to prove the identity of entities in a public key
infrastructure (PKI) system, but situations may arise where a
certificate can no longer be trusted.
iii. BIOMETRICS
Biometrics are the another way to ensure the security
mechanism. This authenticates the user by verifying either
fingerprints or the facial expressions. There are variety of
Biometrics devices available.

50
 Message Authentication:

Retinal Scanner.
Fingerprint readers.
Face recognition
IRIS scanner
Handprint readers.
Voiceprints.

51
 Authentication Standards :

Message authentication ensures that a message has not been

altered and verifies its sender. Several authentication standards
are widely used to ensure secure communication:

1. HMAC (Hash-based Message Authentication Code):

• HMAC combines a cryptographic hash function (like SHA-256
or MD5) with a secret key. It provides both data integrity and
message authenticity.

• How It Works: The sender generates an HMAC of the

message using a secret key and includes it with the message.
The receiver recalculates the HMAC with the same secret key
and compares it. If they match, the message is authenticated.

52
 Authentication Standerds :

2. MAC (Message Authentication Code):

• MAC is similar to HMAC but uses symmetric key algorithms
like AES or DES. It provides message authenticity and
integrity, ensuring that only parties with the shared secret key
can verify the message.
• Commonly used in protocols like ISO/IEC 9797.
• The sender uses a secret key to generate a fixed-size MAC
tag from the message. The recipient, using the same key,
checks the MAC to ensure authenticity.
3. Digital Signatures:
Digital signatures use asymmetric cryptography (e.g., RSA,
ECDSA) to ensure both the integrity and authenticity of a
message. They are widely used in secure email, web
transactions (TLS/SSL), and software distribution.

53
 Authentication Standerds :

The sender signs a hashed message with their private key. The
recipient uses the sender's public key to verify the signature. If
the signature matches the message, authenticity is confirmed.

4.Kerberos Authentication:
• Kerberos is a network authentication protocol that uses tickets
to authenticate users and services in a secure manner,
protecting against replay attacks.

• It involves a trusted third-party Key Distribution Center (KDC)

that issues time-stamped tickets for both the client and server,
ensuring mutual authentication.

54
 Authentication Standerds :

5. CMAC (Cipher-based Message Authentication Code):

• CMAC is based on block cipher algorithms (like AES) and
provides a secure method for ensuring message authenticity.
• It generates a fixed-size tag by processing the message with
the block cipher and secret key. The receiver verifies the
authenticity of the message by recalculating the tag.

These authentication standards provide robust methods to

protect the integrity and authenticity of messages in various
communication systems. They are widely used in secure
communications, banking systems, software integrity checks, and
many other fields.

55
 Kerberos

Kerberos is a network authentication protocol designed to

provide secure authentication over an insecure network. It was
originally developed at MIT and is widely used in environments
requiring secure communication, such as corporate networks and
operating systems like Windows, Linux, and macOS.

• It follows the concept of client server architecture.(It verifies

every user who wants access to any server. Kerberos only
allows those users that are authorized or that have permission
to connect with a server.)

• It follows the symmetric key algorithm.

• It uses a trusted third party for key(KDC)

56
 Main Components of Kerberos

There are some essential components of Kerberos, that all

are needed to complete a smooth flow of the Kerberos cycle.
• Client: The client is one who initiates communication for a
service request.
• Server: It contains the service that the user wants to access.
• Key Distribution Center: The KDC divide into basic three
parts i.e., the Database (DB), the Authentication Server (AS), and
the Ticket Granting Server (TGS).
• Authentication Server: It verifies the user’s details, if the
authentication happens successfully then it generates TGT
(Ticket Granting Ticket) that provides a time span for a limited
time or fixed time.
• Ticket Granting Server: TGS issues a service ticket as a
service that verifies a user to the server and grants access to the
user.
57
Structure of Kerberos

58
 Public Key Infrastructure (PKI)

In cryptography, Public Key Infrastructure (PKI) is a framework

that uses a pair of cryptographic keys—public and private—for
secure data transmission. The trust model in PKI defines how the trust
is established between entities communicating over a network. These
models outline how digital certificates and Certificate Authorities
(CAs) are used to authenticate identities.
PKI is a standard for managing and generating, revoking the digital
certificates.
It follows the asymmetric key cryptography.
It is the combination of all the things
1.message digest(integrity) ie no modification in the content
2.digital signature (authentication ie the msg is coming from valid
user)
3.encryption services(confidentiality)
59
 Architecture of PKI

1.certigicate repository.
It stores all the certificate information like information related to
certificate when to revoke, when to give access all kind of
information stores it (it will stores the users /owners id, name )
2.Entity:
It is a user of PKI. It can be a router, single person , group or
organization is using PKI.(who Is trying to access
3.regstration authority:
It is for registration and verification purpose.ie if any device raising
request for accessing certificate then it register the request and verify
the user.
4.certificate authority:
It is decided to whenever give give certificate to user and it is
responsible to issuing ,revoking, distributing certificates.It will decide
time limit of the user.
60
 Architecture of PKI

Purpose of PKI:
The purpose of PKI is to facilitate the secure electronic transfer of
information over the internet.
There are many policies , standards, procedures in PKI and all these
for building a trust.
What is trust:
Trust is confidence in or reliance on another person or entity.

61
 Architecture of PKI

If two individuals trust each other because each trust a third party it is
a third party trust.

We are communicating strangers over the internet. How to trust each

other?
In PKI, trust comes from the third party certificate authority.
62
 Architecture of PKI

certificate authority or CA:

Responsible for issuing digital certificates. And it is external for
organization and they charge for services.
It is also internal for organization.
Why do we trust them:
We need to trust someone to begin with otherwise we could not
do business on internet.

63
 PKI Trust Models

implement a trust model that can cover all or some of these

principles, one of the best ways is Public Key Infrastructure
(PKI) and there are four types that are used to implement the
trust model with PKI.
A. Hierarchical Trust Model: The hierarchical model or tree
model is the most common model to implement the PKI. A
root CA at the top provides all the information and the
intermediate CAs are next in the hierarchy, and they only trust
the information provided by the root. The root CA also trusts
intermediate CAs that are in their level in the hierarchy.
This arrangement allows a high level of control at all levels of
the hierarchical tree this might be the most common
implementation in a large organization that wants to extend its
certificate-processing capabilities. Hierarchical models allow
tight control over certificate based activities.
64
PKI Trust Models

65
 PKI Trust Models

B. Bridge Trust Model: In Bridge Trust Model we have many P2P

relations between Root CAs that the Root CAs can communicate with
each other and allow cross-certificates. This implementation model
allows a certification process to be established between Organizations
(or departments).In this model, each intermediate CA trusts only the
CAs above and below it but the CA structure can be expanded
without creating additional layers of CAs. Additional flexibility and
interoperability between organizations are the primary advantages of
a bridge model.

66
 PKI Trust Models

C. Hybrid Trust Model: Sometimes you need to link two or more

organizations or departments in some part and separate other
segments. When you need to make trust in some parts of two
organization but you don`t want to be this trust in other segments of
your organization. In these times the Hybrid Trust Model can be the
best model for you. You can be extremely flexible when you build a
hybrid trust structure and the flexibility of this model also allows you
to create hybrid environments.

67
 PKI Trust Models

D. Mesh Trust Model: When you want to implement a Hierarchical

Trust Model with cross certification checking or a web of Root CAs,
the mesh trust model is your best choice. In the other sights, the mesh
model migrates the concepts of bridge structure with multi-paths and
multi Root CAs. Certifications in each one of Root CAs are
authorized in all of Root, Intermediate, and leaf CAs and all end-
users that connected to each one of CA chains.

68
 Message Authentication Codes (MAC)

Authentication means verifying the identity of the user.

Types of authentication:
We have 3 types of authentications.
1. Message encryption.
2. Message authentication code.
3. Hash function.
These three types are used to verify the user identity.
Message Authentication Codes are the codes which plays their role in
two important functions: Authentication Detection and Falsification
Detection.
Where do we need these codes?

69
 Message Authentication Codes (MAC)

Message authentication code:

In this Message authentication code we are generating MAC code . this
MAC code is acts as a authentication.
Here in MAC, sender and receiver share same key where sender
generates a fixed size output called Cryptographic checksum or
Message Authentication code and appends it to the original message.
On receiver’s side, receiver also generates the code and compares it
with what he/she received thus ensuring the originality of the message.

70
 Message Authentication Codes (MAC)

1. MAC without encryption – This model can provide

authentication but not confidentiality as anyone can see the
message.

71
 Message Authentication Codes (MAC)

2.Internal Error Code - In this model of MAC, sender encrypts the

content before sending it through network for confidentiality. Thus this
model provides confidentiality as well as authentication
M' = MAC(M, k)

72
 Message Authentication Codes (MAC)

3. External Error Code – For cases when there is an alteration in

message, we decrypt it for waste, to overcome that problem, we opt for
external error code.
Here we first apply MAC on the encrypted message ‘c’ and compare it
with received MAC value on the receiver’s side and then decrypt ‘c’ if
they both are same, else we simply discard the content received. Thus it
saves time.
c = E(M, k’) M' = MAC(c, k)

73
 Message Authentication Codes (MAC)

Problems in MAC – If we do reverse engineering we can reach plain

text or even the key. Here we have mapped input to output, to overcome
this we move on to hash functions which are “One way”.
Note – symbol “E” denotes symmetric key encryption.

MAC-based on Hash Function (HMAC):

HMAC consists of twin benefits of Hashing and MAC and thus is more
secure than any other authentication code in cryptography. Thus, RFC
2104 has issued HMAC, and HMAC has been made compulsory to
implement in IP security in MAC. Then, the FIPS 198 NIST standard
has also issued HMAC in cryptography.

74
 HMAC Algorithm

PROCEDURE HMAC:
Step 1:we have to compute s bits.
Step 2:after computing S-bits append S-bits to plain text or msg S||M.
Step 3: then perform the Hashing function.

75
 HMAC Algorithm

HMAC Algorithm:
Step 1:Append 0’s to left end of K to get K+.
Step 2: perform XOR operation K+ with ipad to obtain Si.
Step 3: Si||M(Si is appended with Plaint text).
Step 4: apply any hash algorithm to the steam generated in step 3.
Step 5: XOR K+ with Opad to generate SO.
Step 6: append SO||result of step 4.
Step 7: apply hashing algorithm to step 6.
Here, H stands for hashing function,
M is the original message
Si and So are input and output signatures respectively,
Yi is the I th block in original message M, where I ranges from [1, L)
L = the count of blocks in M
K is the secret key used for hashing IV is an initial vector (some
constant) The generation of input signature and output
76
Message authentication code based on block cipher
There are two methods used in MAC based on block cipher.
1.DAA(data authentication algorithm)
2.CMAC(cipher based message authentication code)
1.DAA(data authentication code):
• One of the most widely used MACs is referred to as the Data
Authentication Algorithm.
• The algorithm is designed using the Cipher Block Chaining
mode of operation of DES, as shown in figure. The data (e.g.,
message, record, file, or program) to be authenticated are
grouped into fixed size 64-bit blocks: D1, D2,….., DN.
• If necessary, the final block is padded on the right with zeroes
to make a 64-bit blocks. Using the DES encryption algorithm
and a secret key, a data authentication code (DAC) is
calculated as follows:
• The DAC consists of either the entire block ON
77
Message authentication based on block cipher

78
Message authentication code based on block cipher
Cipher based message authentication code (CMAC):
• Data Authentication Algorithm (DAA), which is now obsolete.
DACs are prone to collision attacks, where two different
messages produce the same authentication code. This can
compromise the integrity of the message.
• Then CMAC, which is designed to overcome the deficiencies
of DAA. Cipher-based Message Authentication Code (CMAC)
mode of operation for use with AES and triple DES.
• First, let us define the operation of CMAC when the message
is an integer multiple n of the cipher block length b.
• For AES, b=128, and for triple DES, b=64. The message is
divided into n blocks (M1, M2,…, Mn ).
• For AES, the key size is 128, 192, or 256 bits; for triple DES,
the key size is 112 or 168 bits. CMAC is calculated as follows:
C1 = E(K, M1) C2 = E(K, [M2 ⊕C1]) C3 = E(K, [M3 ⊕C2]) . . .
Cn = E(K, [Mn ⊕Cn-1 ⊕K1]) 79
Message authentication code based on block cipher

80
 UNIT–IV: SYLLABUS

Information Theory - Data Encryption Standard

(DES) – Lucifer –Madryga – New DES - GOST – 3
Way – Crab – RC5 - Double Encryption - Triple
Encryption - CDMF Key Shortening – Whitening.

81
 UNIT–IV: SYLLABUS
Lucifer: Lucifer is an important cipher in the history
of cryptography and information theory. It was
developed in the 1970s by IBM cryptographers,
including Horst Feistel, and serves as the direct
precursor to the Data Encryption Standard (DES), a
widely used encryption algorithm in the late 20th
century.
Key Features of Lucifer in Information Theory:
Lucifer is based on the Feistel structure, where the
plaintext is divided into two halves. One half is encrypted
using a key and then combined with the other half using
an XOR operation. The halves are swapped in each
round of encryption. 82
Key Features of Lucifer in Information Theory:

83
 Key Features of Lucifer in Information Theory:

• This structure forms the basis for DES and many

block ciphers. The Feistel structure ensures that
encryption and decryption use the same algorithm,
which is efficient in both software and hardware
implementation.
• Lucifer was one of the earliest block ciphers, which
divides data into fixed-size blocks (e.g., 64-bit
blocks) for encryption. Each block is processed
independently with multiple rounds of encryption.
• Lucifer allowed for variable-length keys, with early
versions supporting up to 128-bit keys. The U.S.
National Security Agency (NSA), when reviewing
Lucifer for standardization, reduced the key size to
84
 Key Features of Lucifer in Information Theory:
Lucifer introduced S-boxes (substitution boxes)
and P-boxes (permutation boxes) for increasing
the confusion and diffusion of the ciphertext. S-
boxes are used for substitution, replacing input
bits with output bits, while P-boxes spread the
bits across the block to increase randomness.
Example of Lucifer Encryption Process:
Suppose you want to encrypt the plaintext "HELLO" using Lucifer:
The plaintext would be divided into 64-bit blocks.Each block would be
passed through multiple rounds (typically 16 rounds) of Feistel
encryption, where substitution and permutation operations are applied.
The final encrypted output (ciphertext) is produced after all rounds are
complete, and the process can be reversed to decrypt the ciphertext back
into plaintext. 85
 Key Features of Lucifer in Information Theory:
Security Concerns: While Lucifer and DES were
strong for their time, advances in computing made
brute-forcing a 56-bit key feasible by the late 1990s.
DES was gradually replaced by more secure
encryption algorithms like Triple DES (3DES) and
later, the Advanced Encryption Standard (AES).
Conclusion: Lucifer played a key role in the
development of modern cryptography, providing the
foundation for DES and influencing the design of
many other block ciphers. Its innovative use of S-
boxes, P-boxes, and the Feistel structure has made it a
cornerstone in the field of information theory and 86
 Madryga cipher
The Madryga cipher is a lesser-known symmetric
encryption algorithm that was designed as an
alternative to more widely used block ciphers like the
Data Encryption Standard (DES).
It was developed by Michael Wood, and its main
focus is to provide a simple yet effective encryption
mechanism for small-scale applications. Although
Madryga does not achieve the same level of adoption
or security rigor as AES or DES, it offers an
interesting example of a lightweight cipher for
educational purposes or low-security applications.
87
Madryga cipher

88
 Madryga cipher
• The input message (plaintext) is broken into blocks,
shown at the top. The blocks are labeled numerically (1, 2,
3, etc.), and the last few blocks are denoted as TL-1, TL,
etc.
• The input is divided into 8-bit block, and the diagram
shows that multiple working frames (WF1, WF2, etc.)
operate on the text at each step.
• This involves the rotation of target bits in the 16-bit block.
The process might change the positions of bits or groups
of bits to provide confusion, a key principle in
cryptography.
• The next phase involves rotating bits based on a 3-bit
"rotate count," which determines how much the block will
be shifted 89
 Madryga cipher
• After rotation, the Translate Target operation applies XOR
(exclusive OR) operations between the bits and parts of
the key to increase security.
• this section represents the key material used in the XOR
operation with the data in the Translation stage. The key
bits are also rotated and XORed in steps.
• this step involves hashing or applying another
cryptographic process to the key itself, helping ensure the
key remains secure and difficult to reverse.

90
 New DES (N-DES)
• New DES was designed in 1985 by Robert Scott as a
possible DES replacement.
• New DES (N-DES) is a theoretical extension of the Data
Encryption Standard (DES), often used in research or to
address the weaknesses of the original DES algorithm.
DES, a widely used encryption algorithm from the 1970s,
had vulnerabilities primarily due to its relatively short key
size of 56 bits. As computing power grew, brute force
attacks became feasible, leading to the development of
new cryptographic techniques and alternatives to DES,
such as Triple DES (3DES) and AES (Advanced
Encryption Standard).

91
 Key Characteristics of N-DES:
• Instead of the standard 16 rounds of encryption in DES,
N-DES could theoretically increase the number of rounds
to improve security. For example, performing DES
multiple times with different keys (like in Triple DES)
increases the effective key size and security.
• N-DES could extend the key length beyond 56 bits,
addressing the vulnerability of the original DES to brute-
force attacks. The idea is to use keys of sizes similar to
modern standards, like 128 or 256 bits.
• While the core Feistel structure and S-boxes of DES
might remain unchanged in N-DES, alterations could be
made to the permutation functions or S-boxes to increase
security.
92
Key Characteristics of N-DES:

93
Key Characteristics of N-DES:

94
 GOST block cipher
The GOST block cipher is a symmetric encryption algorithm
developed by Soviet Union in the 1980s. Officially known as
GOST 28147-89, it became the standard for encryption in Russia
and former Soviet states. GOST stands for "Gosudarstvennyi
Standard" OR “GOvernment Standard” which means "state
standard" in Russian.
 GOST is a block cipher means GOST operates on 64-bit blocks of
data, which means that the plaintext is divided into chunks of 64 bits
each for encryption.
 it uses a 256-bit key, which provides strong encryption against brute-
force attacks. 95
 GOST block cipher
• Similar to DES (Data Encryption Standard), GOST uses a Feistel
network, where the plaintext is split into two halves and processed
iteratively in rounds.
• GOST applies 32 rounds of encryption for each block of plaintext.
In each round, one half of the data is modified by a subkey and a
non-linear function, while the other half remains unchanged.
• The 256-bit key is divided into eight 32-bit subkeys. These subkeys
are cyclically reused throughout the encryption process, contributing
to the overall complexity.
• In GOST S-boxes can be kept secret to increase the size of the key.
96
GOST block cipher

97
 GOST block cipher
• In GOST round function consist of three steps.
1. Integer addition of input and round key with mod 2^32
2. Apply the eight 4-bit S-boxes to the result.
3. Perform circular left shift 11 on the result .
In each round the result of the round function is XOR-ed with the left
input , which then becomes the new right output while the right input
becomes the new left output.

98
GOST block cipher

99
GOST block cipher

100
GOST block cipher

101
 GOST block cipher
• if you encrypt a 64-bit plaintext using a 256-bit key, the data will
pass through 32 rounds of transformation, where each round will
involve splitting, modular addition, and substitution. The final output
will be a 64-bit ciphertext.
• Strength: GOST's 256-bit key and 32 rounds make it highly
resistant to brute-force attacks. Its structure, similar to the Feistel
network, adds an extra layer of security through complex
transformations.
• Applications: GOST was used extensively in Russian governmental
and military applications. In addition to encryption, it was also
adapted for use in hashing algorithms and digital signatures. 102
 3-Way block cipher

The 3-Way block cipher is a cryptographic algorithm

designed by Joan Daemen, who is also known for co-
creating the AES (Advanced Encryption Standard)
algorithm.
It was proposed as an alternative to DES (Data
Encryption Standard) and is characterized by its unique
structure and security features.
• 3-Way operates on 96-bit blocks of plaintext.
• Key Length:It supports key sizes of 96, 144, or 192 bits,
providing flexibility in key length.
• Sub-round Key Length: For each round, a 96-bit sub-round
key is derived from the main encryption key using the key
schedule algorithm. This sub-round key is applied to each of
the 16 encryption rounds.
103
 3-Way block cipher

• In the 3-Way block cipher, the sub-round key length is

directly dependent on the overall key size. Since the cipher
operates on 96-bit blocks, the key length and sub-round key
structure are aligned with the block size.
• Algorithm Structure: 3-Way uses a substitution-
permutation network (SPN) structure.
• Rounds: It typically uses 11 rounds for encryption, with
each round involving key mixing, substitution (using S-
boxes), and permutation operations.
• Key Schedule: The key schedule generates round keys
from the original key using a key expansion algorithm. This
ensures that each round uses a unique subkey derived from
the main encryption key.
104
 CRAB

• This algorithm was developed by Burt Kaliski and Matt

Robshaw of RSA Laboratories in 1993.
• The idea behind Crab is to use techniques from one-way
hash functions to make a fast encryption algorithm.
• CRAB (Cipher Rotation and Block) incorporates
techniques from cryptographic hash functions to achieve
both efficiency and security in encryption.
• Large Block Size: CRAB operates on large blocks of 1024
bytes (8,192 bits). This is significantly larger than the
standard block sizes used by many traditional block ciphers
(like 64 or 128 bits).
• The larger block size allows for more data to be processed
at once, which can improve performance, particularly in
105
 CRAB

CRAB can implement similar mechanisms for confusion and diffusion,

ensuring that even small changes in the plaintext produce significantly
different ciphertexts.
Encryption Process:
Input Preparation: The plaintext is divided into 1024-byte blocks. If
the last block is smaller, it may be padded to meet the required size.
Key Schedule: CRAB generates multiple round keys from the initial
secret key, which will be used throughout the encryption process.
Round Structure:
In each of the 16 rounds, the following operations generally take place:
Substitution: The data is processed through substitution boxes (S-
boxes) to obscure the input.
Permutation: A permutation step rearranges the bits to spread the
influence of each bit throughout the output.

106
 CRAB

• Rotation: Bits may be rotated to further mix the data.

• Key Mixing: The round key (derived from the original
key) is combined with the data, often using operations like
XOR.
• Final Output: The resulting output after all rounds is the
ciphertext.
• Decryption Process The decryption process is similar to
encryption but executed in reverse order:
• The ciphertext is divided into 1024-byte blocks.
• The inverse of the mixing and substitution operations is
applied, along with the round keys used in reverse order.
• The final result is the original plaintext.
107
 Rivest Cipher5 (RC5)
• RC Stands for Rivest Cipher, it is designed by Ronald
Rivest in 1994.
• RC5 is a symmetric block cipher technique. It means the
same secret key is used for encryption and decryption.
• It addresses 2 word blocks at a timeRC5 having three
parameters.
• W-it represents Word size(16,32,64)
• R-it represents no of rounds[0,1,2….255]
• B-it represents no of bytes[0,1,2….255]
Based on the size of the words we will perform no of rounds.
It is similar to DES . based on choosing W the remaining things will be
based.
If we perform more no of rounds it will increase the level of the security
like other block cipher.
108
 Rivest Cipher5 (RC5)
• RC5 algorithm having three components
1.Key expansion algorithm
2.Encryption algorithm
3.Decryption algorithm

109
Rivest Cipher5 (RC5)

110
Rivest Cipher5 (RC5)

111
Rivest Cipher5 (RC5)

112
 Double Encryption:
Double encryption refers to the process of applying an
encryption algorithm twice with two different keys.
While it seems that encrypting a message twice would
provide added security, in practice, double encryption
does not necessarily double the strength of the
encryption.
Consider the DES (Data Encryption Standard)
algorithm:
Given plaintext M, two keys K1 and K2, and encryption
functions EK1 and EK2 , the double encryption process
can be represented as
Encryption=C=E K2 (EK1 (M)) decryption =M=D K1 (D K2 (C))

113
 Double Encryption:
Double encryption doesn't provide the expected level of
security due to a meet-in-the-middle attack, which
reduces the effectiveness of double encryption by
finding a match between the intermediate ciphertext
from both encryption and decryption processes, leading
to a reduced security.

114
 Triple Encryption:
Triple encryption is an approach to strengthen
encryption by applying an encryption algorithm three
times with potentially different keys.
The most well-known example is Triple DES (3DES),
which applies the DES encryption algorithm three times
in succession.
Encrypt-Decrypt-Encrypt (EDE) Mode: In this mode,
three keys K1, K2, and K3 are used.
The plaintext is encrypted with the first key (K1), then
decrypted with the second key (K2), and finally
encrypted again with the third key (K3):
For encryption: C=E K3 (D K2 (E K1 (M)))
For decryption: M=D K1 (E K2 (D K3 (C)))
115
 CDMF Key Shortening – Whitening
CDMF (Commercial Data Masking Facility) is a
technique used to reduce the strength of encryption
keys, developed as part of IBM's approach to meet
U.S. This method is specifically used with the Data
Encryption Standard (DES) algorithm.
Purpose: The key shortening mechanism was designed
to reduce the effective key size of DES from 56 bits to
40 bits.
The CDMF key shortening process involves taking the
original 56-bit DES key, applying an algorithm to reduce
it to a 40-bit key by masking or weakening parts of the
key, making the encryption significantly less secure.

116
 CDMF Key Shortening – Whitening
Security Issues: With only 40 bits of key length,
encryption using CDMF could be easily broken with
modern computational power. A brute force attack on a
40-bit key would require trying at most 2402 40
possible keys.
Whitening:
Whitening is a technique used to improve the security of
encryption algorithms by adding additional steps before
and after encryption.
Process: In whitening, key-dependent values, referred
to as "whitening keys," are XORed with the plaintext
before encryption and with the ciphertext after
encryption.
117
 CDMF Key Shortening – Whitening
Mathematical Representation:
Let P be the plaintext, W1 and W2 be the whitening
keys, and EK​ the encryption function with key K.
The whitening encryption process can be represented
as:
C=W2⊕EK​ (W1⊕P)
Whitening is a technique used to enhance the security
of encryption by XORing additional keys with plaintext
and ciphertext, thus making certain types of
cryptanalytic attacks more difficult.

118
119