INS Module 2 – CRYPTOGRAPHY (Theory)

CRYPTOGRAPHY

Cryptography is a technique of securing information and communications through the use of codes
so that only those persons for whom the information is intended can understand and process it. Thus
preventing unauthorized access to information. The prefix “crypt” means “hidden” and the suffix
“graphy” means “writing”. In Cryptography, the techniques that are used to protect information are
obtained from mathematical concepts and a set of rule-based calculations known as algorithms to
convert messages in ways that make it hard to decode them. These algorithms are used for
cryptographic key generation, digital signing, and verification to protect data privacy, web browsing
on the internet and to protect confidential transactions such as credit card and debit card
transactions.

Features Of Cryptography

• Confidentiality: Information can only be accessed by the person for whom it is intended and
no other person except him can access it.

• Integrity: Information cannot be modified in storage or transition between sender and

intended receiver without any addition to information being detected.

• Non-repudiation: The creator/sender of information cannot deny his intention to send

information at a later stage.

• Authentication: The identities of the sender and receiver are confirmed. As well
destination/origin of the information is confirmed.

• Interoperability: Cryptography allows for secure communication between different systems

and platforms.

• Adaptability: Cryptography continuously evolves to stay ahead of security threats and

technological advancements.

Types Of Cryptography
1. Symmetric Key Cryptography
It is an encryption system where the sender and receiver of a message use a single common key to
encrypt and decrypt messages. Symmetric Key cryptography is faster and simpler but the problem
is that the sender and receiver have to somehow exchange keys securely. The most popular
symmetric key cryptography systems are Data Encryption Systems (DES) and Advanced Encryption
Systems (AES).
 Symmetric Key Cryptography

3. Asymmetric Key Cryptography

In Asymmetric Key Cryptography, a pair of keys is used to encrypt and decrypt information. A
receiver’s public key is used for encryption and a receiver’s private key is used for decryption. Public
keys and Private keys are different. Even if the public key is known by everyone the intended
receiver can only decode it because he alone knows his private key. The most popular asymmetric
key cryptography algorithm is the RSA algorithm.

Shannon’s Characteristics of a good cipher

• Amount of secrecy required determines the amount of labor appropriate for the encryption
and decryption.

• The set of keys and enciphering algorithm should be free of complexity

• The implementation of the process should be as simple as possible.

• The size of the enciphered text should be no larger than the text of the original message.

CONFUSION AND DIFFUSION

Confusion Diffusion

Confusion is a cryptographic technique that is

Diffusion is used to create cryptic plain texts.
used to create faint cipher texts.
Confusion Diffusion

Confusion is possible through substitution Diffusion is possible through transposition

algorithms. algorithms.

In confusion, if one bit within the secret is In diffusion, if one image within the plain text is
modified, most or all bits within the cipher modified, many or all image within the cipher
text also will be modified. text also will be modified

In confusion, vagueness is increased in In diffusion, redundancy is increased in the

resultant. resultant.

Both stream cipher and block cipher use

Only block cipher use diffusion.
confusion.

The relation between the cipher text and the The relation between the cipher text and the
key is masked by confusion. plain text is masked by diffusion.

ENCRYPTION AND DECRYPTION

Encryption Decryption

While decryption is the process of converting

Encryption is the process of converting a normal
meaningless messages into their original
message into a meaningless message.
form,.

Encryption is the process that takes place at the While decryption is the process that takes
sender’s end. place at the receiver’s end.

Its major task is to convert the plain text into While its main task is to convert the cipher
cipher text. text into plain text.

Whereas the encrypted message can be

Any message can be encrypted with either a
decrypted with either a secret key or a private
secret key or a public key.
key.
Encryption Decryption

Whereas in the decryption process, the

In the encryption process, the sender sends the
receiver receives the information (cipher text)
data to the receiver after encrypting it.
and converts it into plain text.

The only single algorithm used for encryption

The same algorithm with the same key is used
and decryption is a pair of keys, each used for
for the encryption-decryption process.
encryption and decryption.

Encryption is used to protect the confidentiality Decryption is used to reverse the encryption
of data by converting it into an unreadable form process and convert the ciphertext back into
that can only be read by authorized parties. plaintext.

The output of encryption is a ciphertext that is

The output of decryption is the original
unintelligible to anyone who does not have the
plaintext message.
decryption key.

NON REPUDIATION

Non-repudiation is the ability to prevent an electronic message or transaction that someone cannot
deny the validity of something. It is a legal concept that’s mostly used in information security and
refers to a service, which provides a reason for the origin and integrity of data. In other words, non-
repudiation makes it very challenging to strongly deny who/where a message comes from, as well as
the authenticity and integrity of that message.

It authenticates both the sender and the recipient of the information. It is irrefutable for both parties
that this was how the communication took place. This security feature is essential to preserving
dependability and confidence throughout a range of procedures.

STREAM CIPHER

In stream cipher, one byte is encrypted at a time while in block cipher ~128 bits are encrypted at a
time. Initially, a key(k) will be supplied as input to pseudorandom bit generator and then it produces
a random 8-bit output which is treated as keystream. The resulted keystream will be of size 1 byte,
i.e., 8 bits. Stream ciphers are fast because they encrypt data bit by bit or byte by byte, which makes
them efficient for encrypting large amounts of data quickly.Stream ciphers work well for real-time
communication, such as video streaming or online gaming, because they can encrypt and decrypt
data as it’s being transmitted.

Key Points of Stream Cipher

1. Stream Cipher follows the sequence of pseudorandom number stream.

 2. One of the benefits of following stream cipher is to make cryptanalysis more difficult, so the
number of bits chosen in the Keystream must be long in order to make cryptanalysis more
difficult.

3. By making the key more longer it is also safe against brute force attacks.

4. The longer the key the stronger security is achieved, preventing any attack.

5. Keystream can be designed more efficiently by including more number of 1s and 0s, for
making cryptanalysis more difficult.

6. Considerable benefit of a stream cipher is, it requires few lines of code compared to block
cipher.

Encryption

For Encryption,

• Plain Text and Keystream produces Cipher Text (Same keystream will be used for decryption.

• The Plaintext will undergo XOR operation with keystream bit-by-bit and produces the Cipher
Text.

Decryption

For Decryption,

• Cipher Text and Keystream gives the original Plain Text (Same keystream will be used for
encryption.).

• The Ciphertext will undergo XOR operation with keystream bit-by-bit and produces the actual
Plain Text.

• Decryption is just the reverse process of Encryption i.e. performing XOR with Cipher Text.

Diagram of Stream Cipher

RC4

RC4 means Rivest Cipher 4 invented by Ron Rivest in 1987 for RSA Security. It is a Stream Ciphers.
Stream Ciphers operate on a stream of data byte by byte. RC4 stream cipher is one of the most
widely used stream ciphers because of its simplicity and speed of operation. It is a variable key-size
stream cipher with byte-oriented operations. It uses either 64 bit or 128-bit key sizes.

Algorithm

The algorithm operates on a user-selected variable-length key(K) of 1 to 256 bytes (8 to 2048 bits),
typically between 5 and 16 bytes. To generate a 256-byte state vector S, the master key is used.
The first step is the array initialization. It is a character array of size 256 i.e. S[256]. After that, for
every element of the array, we initialize S[i] to i.

After this, we will run the KSA algorithm-

KSA is going to use the secret key to scramble this array. KSA is a simple loop, in which we are having
two variable i and j. We are using these variables to rearrange the array. Rearranging the array is
done by using a secret key.

KSA has been scrambled, S[256] array is used to generate the PRGA(Pseudo Random Generation
Algorithm). This is the actual Keystream.

RC4 Block Diagram

Working of RC4

Encryption Procedure

1. The user inputs a plain text file and a secret key.

2. The encryption engine then generates the keystream by using KSA and PRGA Algorithm.

3. This keystream is now XOR with the plain text, this XORing is done byte by byte to produce
the encrypted text.

4. The encrypted text is then sent to the intended receiver, the intended receiver will then
decrypted the text and after decryption, the receiver will get the original plain text.

Decryption Procedure

Decryption is achieved by doing the same byte-wise X-OR operation on the Ciphertext.
A5/1

The A5/1 cipher is a stream cipher used for encrypting voice and data in GSM mobile
communications. It was designed to provide confidentiality for conversations and data transmitted
over cellular networks. Here's a brief overview of how it works:

Key Features of A5/1 Cipher:

1. Stream Cipher: A5/1 is a synchronous stream cipher, meaning it generates a keystream

(sequence of bits) based on a secret key. This keystream is then XORed with the plaintext to
produce the ciphertext.

2. Key Length: It uses a 64-bit secret key for encryption, which is combined with the frame
number to initialize the cipher.

3. Three LFSRs: A5/1 relies on three Linear Feedback Shift Registers (LFSRs) of lengths 19, 22,
and 23 bits. The LFSRs shift based on a "majority rule" clocking mechanism.

o LFSR1: 19 bits long

o LFSR2: 22 bits long

o LFSR3: 23 bits long

4. Clocking Mechanism: Only two of the three LFSRs are clocked during each iteration, based
on the majority value of a certain bit in each LFSR. This irregular clocking introduces non-
linearity into the cipher.

5. Initialization:

o The secret key is loaded into the LFSRs.

o A frame number (22-bit) is also used as input to vary the keystream across different
frames.

o After initialization, the LFSRs are clocked multiple times to create a new keystream
for each frame.

6. Keystream Generation: Once the initialization process is complete, the LFSRs are used to
generate a stream of bits, which are then XORed with the plaintext bits (voice or data) to
encrypt them.

BLOCK CIPHERS

The basic scheme of a block cipher is depicted as follows −

A block cipher takes a block of plaintext bits and generates a block of ciphertext bits, generally of
same size. The size of block is fixed in the given scheme. The choice of block size does not directly
affect to the strength of encryption scheme. The strength of cipher depends up on the key length.

Block Size

Though any size of block is acceptable, following aspects are borne in mind while selecting a size of a
block.

• Avoid very small block size − Say a block size is m bits. Then the possible plaintext bits
combinations are then 2m. If the attacker discovers the plain text blocks corresponding to
some previously sent ciphertext blocks, then the attacker can launch a type of ‘dictionary
attack’ by building up a dictionary of plaintext/ciphertext pairs sent using that encryption
key. A larger block size makes attack harder as the dictionary needs to be larger.

• Do not have very large block size − With very large block size, the cipher becomes inefficient
to operate. Such plaintexts will need to be padded before being encrypted.

• Multiples of 8 bit − A preferred block size is a multiple of 8 as it is easy for implementation as

most computer processor handle data in multiple of 8 bits.

Padding in Block Cipher

Block ciphers process blocks of fixed sizes (say 64 bits). The length of plaintexts is mostly not a
multiple of the block size. For example, a 150-bit plaintext provides two blocks of 64 bits each with
third block of balance 22 bits. The last block of bits needs to be padded up with redundant
information so that the length of the final block equal to block size of the scheme. In our example,
the remaining 22 bits need to have additional 42 redundant bits added to provide a complete block.
The process of adding bits to the last block is referred to as padding.
FEISTAL STRUCTURE

Feistel Cipher model is a structure or a design used to develop many block ciphers such as DES.
Feistel cipher may have invertible, non-invertible and self invertible components in its design. Same
encryption as well as decryption algorithm is used. A separate key is used for each round. However
same round keys are used for encryption as well as decryption.

Feistel cipher algorithm

• Create a list of all the Plain Text characters.

• Convert the Plain Text to Ascii and then 8-bit binary format.

• Divide the binary Plain Text string into two halves: left half (L1)and right half (R1)

• Generate a random binary keys (K1 and K2) of length equal to the half the length of the Plain
Text for the two rounds.

First Round of Encryption

• a. Generate function f1 using R1 and K1 as follows:

f1= xor(R1, K1)

• b. Now the new left half(L2) and right half(R2) after round 1 are as follows:

R2= xor(f1, L1)

L2=R1

Second Round of Encryption

• a. Generate function f2 using R2 and K2 as follows:

f2= xor(R2, K2)

• b. Now the new left half(L3) and right half(R3) after round 2 are as follows:

R3= xor(f2, L2)

L3=R2

• Concatenation of R3 to L3 is the Cipher Text

• Same algorithm is used for decryption to retrieve the Plain Text from the Cipher Text.

DES

DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size is 64-
bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64 bits of
the key are not used by the encryption algorithm (function as check bits only). General Structure of
DES is depicted in the following illustration −
Since DES is based on the Feistel Cipher, all that is required to specify DES is −

• Round function

• Key schedule

• Any additional processing − Initial and final permutation

Initial and Final Permutation

The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of each
other. They have no cryptography significance in DES. The initial and final permutations are shown as
follows −

Round Function

The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the rightmost
32 bits to produce a 32-bit output.
• Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we first
need to expand right input to 48 bits. Permutation logic is graphically depicted in the
following illustration −

• The graphically depicted permutation logic is generally described as table in DES specification
illustrated as shown −

• XOR (Whitener). − After the expansion permutation, DES does XOR operation on the
expanded right section and the round key. The round key is used only in this operation.

• Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-boxes,
each with a 6-bit input and a 4-bit output. Refer the following illustration −
 • The S-box rule is illustrated below −

• There are a total of eight S-box tables. The output of all eight s-boxes is then combined in to
32 bit section.

• Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight
permutation with rule shown in the following illustration:

Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The process of key
generation is depicted in the following illustration −
AES

Advanced Encryption Standard (AES) is a highly trusted encryption algorithm used to secure data by
converting it into an unreadable format without the proper key. Developed by the National Institute
of Standards and Technology (NIST), AES encryption uses various key lengths (128, 192, or 256 bits)
to provide strong protection against unauthorized access. This data security measure is efficient and
widely implemented in securing internet communication, protecting sensitive data, and encrypting
files. AES, a cornerstone of modern cryptography, is recognized globally for its ability to keep
information safe from cyber threats.

Points to Remember

• AES is a Block Cipher.

• The key size can be 128/192/256 bits.

• Encrypts data in blocks of 128 bits each.

That means it takes 128 bits as input and outputs 128 bits of encrypted cipher text. AES relies on the
substitution-permutation network principle, which is performed using a series of linked operations
that involve replacing and shuffling the input data.

Working of The Cipher

AES performs operations on bytes of data rather than in bits. Since the block size is 128 bits, the
cipher processes 128 bits (or 16 bytes) of the input data at a time.

The number of rounds depends on the key length as follows :

• 128-bit key – 10 rounds

• 192-bit key – 12 rounds

• 256-bit key – 14 rounds

Creation of Round Keys

A Key Schedule algorithm calculates all the round keys from the key. So the initial key is used to
create many different round keys which will be used in the corresponding round of the encryption.

Creation of Round Keys (AES)

Encryption

AES considers each block as a 16-byte (4 byte x 4 byte = 128 ) grid in a column-major arrangement.

[ b0 | b4 | b8 | b12 |
| b1 | b5 | b9 | b13 |
| b2 | b6 | b10| b14 |
| b3 | b7 | b11| b15 ]

Each round comprises of 4 steps :

• SubBytes

• ShiftRows

• MixColumns

• Add Round Key

The last round doesn’t have the MixColumns round.

The SubBytes does the substitution and ShiftRows and MixColumns perform the permutation in the
algorithm.

Sub Bytes

This step implements the substitution.

In this step, each byte is substituted by another byte. It is performed using a lookup table also called
the S-box. This substitution is done in a way that a byte is never substituted by itself and also not
substituted by another byte which is a compliment of the current byte. The result of this step is a 16-
byte (4 x 4 ) matrix like before.

The next two steps implement the permutation.

Shift Rows

This step is just as it sounds. Each row is shifted a particular number of times.

• The first row is not shifted

• The second row is shifted once to the left.

• The third row is shifted twice to the left.

• The fourth row is shifted thrice to the left.

(A left circular shift is performed.)

[ b0 | b1 | b2 | b3 ] [ b0 | b1 | b2 | b3 ]
| b4 | b5 | b6 | b7 | -> | b5 | b6 | b7 | b4 |
| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |
[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 | b14 ]

Mix Columns

This step is a matrix multiplication. Each column is multiplied with a specific matrix and thus the
position of each byte in the column is changed as a result.

This step is skipped in the last round.

[ c0 ] [ 2 3 1 1 ] [ b0 ]
| c1 | = | 1 2 3 1 | | b1 |
| c2 | | 1 1 2 3 | | b2 |
[ c3 ] [ 3 1 1 2 ] [ b3 ]

Add Round Keys

Now the resultant output of the previous stage is XOR-ed with the corresponding round key. Here,
the 16 bytes are not considered as a grid but just as 128 bits of data.
Added Round Keys (AES)

After all these rounds 128 bits of encrypted data are given back as output. This process is repeated
until all the data to be encrypted undergoes this process.

Decryption

The stages in the rounds can be easily undone as these stages have an opposite to it which when
performed reverts the changes. Each 128 blocks goes through the 10,12 or 14 rounds depending on
the key size.

The stages of each round of decryption are as follows :

• Add round key

• Inverse MixColumns

• ShiftRows

• Inverse SubByte

The decryption process is the encryption process done in reverse so I will explain the steps with
notable differences.

Inverse MixColumns

This step is similar to the Mix Columns step in encryption but differs in the matrix used to carry out
the operation.

Mix Columns Operation each column is mixed independent of the other.

Matrix multiplication is used. The output of this step is the matrix multiplication of the old values and
a constant matrix.

[b0] = [ 14 11 13 9] [ c0 ]
[b1]=[ 9 14 11 13 ] [ c1 ]
[b2] =[ 13 9 14 11] [ c2 ]
[ b3 ]=[ 11 13 9 14 ] [ c3 ]

Inverse SubBytes

Inverse S-box is used as a lookup table and using which the bytes are substituted during decryption.

Function Substitute performs a byte substitution on each byte of the input word. For this purpose,

it uses an S-box.

SYMMETRIC AND ASYMMETRIC KEY CRYPTOGRAPHY

Symmetric Key Encryption Asymmetric Key Encryption

It only requires a single key for both encryption It requires two keys, a public key and a private
and decryption. key, one to encrypt and the other to decrypt.

The size of ciphertext is the same or smaller The size of ciphertext is the same or larger
than the original plaintext. than the original plaintext.

The encryption process is very fast. The encryption process is slow.

It is used when a large amount of data needs to

It is used to transfer small amount of data.
be transferred.

It provides confidentiality, authenticity, and

It only provides confidentiality.
non-repudiation.

The length of key used is 128 or 256 bits The length of key used is 2048 or higher

In symmetric key encryption, resource

In asymmetric key encryption, resource
utilization is low compared to asymmetric key
utilization is high.
encryption.

It is efficient as it is used for handling large It is comparatively less efficient as it can

amount of data. handle a small amount of data.

Security is lower as only one key is used for Security is higher as two keys are used, one
both encryption and decryption purposes. for encryption and the other for decryption.
Symmetric Key Encryption Asymmetric Key Encryption

The Mathematical Representation is as

The Mathematical Representation is as follows- follows-
P = D (K, E(K, P)) P = D(Kd, E (Ke,P))
where Ke –> encryption key
where K –> encryption and decryption key
P –> plain text Kd –> decryption key
D –> Decryption D –> Decryption
E(K, P) –> Encryption of plain text using K E(Ke, P) –> Encryption of plain text using
encryption key Ke. P –> plain text

Examples: Diffie-Hellman, ECC, El Gamal, DSA

Examples: 3DES, AES, DES and RC4
and RSA

DIFFIE-HELLMAN KEY EXCHANGE PROTOCOL

The Diffie-Hellman algorithm is being used to establish a shared secret that can be used for
secret communications while exchanging data over a public network using the elliptic curve to
generate points and get the secret key using the parameters.

• For the sake of simplicity and practical implementation of the algorithm, we will consider
only 4 variables, one prime P and G (a primitive root of P) and two private values a and b.

• P and G are both publicly available numbers. Users (say Alice and Bob) pick private values a
and b and they generate a key and exchange it publicly. The opposite person receives the key
and that generates a secret key, after which they have the same secret key to encrypt.

Step-by-Step explanation is as follows:

RSA

The RSA (Rivest–Shamir–Adleman) algorithm is a widely used public-key cryptographic system that
allows secure data transmission. It is based on the mathematical difficulty of factoring large prime
numbers. Here's an overview of how the RSA algorithm works:

Key Components:

1. Public Key (e, n): Used for encryption.

2. Private Key (d, n): Used for decryption.

Steps in RSA Algorithm:

1. Key Generation:
DIGITAL SIGNATURE

A digital signature is a mathematical technique used to validate the authenticity and integrity of a
message, software, or digital document.

1. Key Generation Algorithms: Digital signature is electronic signatures, which assure that the
message was sent by a particular sender. While performing digital transactions authenticity
and integrity should be assured, otherwise, the data can be altered or someone can also act
as if he was the sender and expect a reply.

2. Signing Algorithms: To create a digital signature, signing algorithms like email programs
create a one-way hash of the electronic data which is to be signed. The signing algorithm
then encrypts the hash value using the private key (signature key). This encrypted hash along
with other information like the hashing algorithm is the digital signature. This digital
signature is appended with the data and sent to the verifier. The reason for encrypting the
hash instead of the entire message or document is that a hash function converts any
arbitrary input into a much shorter fixed-length value. This saves time as now instead of
signing a long message a shorter hash value has to be signed and moreover hashing is much
faster than signing.

3. Signature Verification Algorithms : Verifier receives Digital Signature along with the data. It
then uses Verification algorithm to process on the digital signature and the public key
(verification key) and generates some value. It also applies the same hash function on the
received data and generates a hash value. If they both are equal, then the digital signature is
valid else it is invalid.

The steps followed in creating digital signature are :

1. Message digest is computed by applying hash function on the message and then message
digest is encrypted using private key of sender to form the digital signature. (digital signature
= encryption (private key of sender, message digest) and message digest = message digest
algorithm(message)).

2. Digital signature is then transmitted with the message.(message + digital signature is

transmitted)

3. Receiver decrypts the digital signature using the public key of sender.(This assures
authenticity, as only sender has his private key so only sender can encrypt using his private
key which can thus be decrypted by sender’s public key).

4. The receiver now has the message digest.

5. The receiver can compute the message digest from the message (actual message is sent with
the digital signature).

6. The message digest computed by receiver and the message digest (got by decryption on
digital signature) need to be same for ensuring integrity.

Message digest is computed using one-way hash function, i.e. a hash function in which computation
of hash value of a message is easy but computation of the message from hash value of the message
is very difficult.
CRYPTOGRAPHIC HASH FUNCTION

A cryptographic hash function (CHF) is an equation that is widely used to verify the validity of data. It
has many applications, particularly in information security (e.g. user authentication). A CHF translates
data of various lengths of the message into a fixed-size numerical string the hash. A cryptographic
hash function is a single-directional work, making it extremely difficult to reverse to recreate the
information used to make it.

How Does a Cryptography Hash Function Work?

• The hash function accepts data of a fixed length. The data block size varies between
algorithms.

• If the blocks are too small, padding may be used to fill the space. However, regardless of the
kind of hashing used, the output, or hash value, always has the same set length.

• The hash function is then applied as many times as the number of data blocks.

What Does a Cryptography Hash Function Do?

A hash function in cryptography takes a plaintext input and produces a hashed value output of a
particular size that cannot be reversed. However, from a high-level viewpoint, they do more.

• Secure against unauthorized alterations: It assists you in even minor changes to a message
that will result in the generation of a whole new hash value.

• Protect passwords and operate at various speeds: Many websites allow you to save your
passwords so that you don’t have to remember them each time you log in. However, keeping
plaintext passwords on a public-facing server is risky since it exposes the information to
thieves. Websites commonly use hash passwords to create hash values, which they then
store.

AVALANCHE EFFECT

The avalanche effect means that a small change in the input of a cryptographic system causes a big
and unpredictable change in the output. For example, changing one bit in a message makes the
whole encrypted message look very different. This helps keep the data secure because it makes it
hard for anyone to figure out the original message or key.
MD5

MD5 is a cryptographic hash function algorithm that takes the message as input of any length and
changes it into a fixed-length message of 16 bytes. MD5 algorithm stands for the message-digest
algorithm. The output of MD5 (Digest size) is always 128 bits.

Overview Of MD5 Algorithm

Working of the MD5 Algorithm

MD5 algorithm follows the following steps

1. Append Padding Bits: In the first step, we add padding bits in the original message in such a way
that the total length of the message is 64 bits less than the exact multiple of 512.

Suppose we are given a message of 1000 bits. Now we have to add padding bits to the original
message. Here we will add 472 padding bits to the original message. After adding the padding bits
the size of the original message/output of the first step will be 1472 i.e. 64 bits less than an exact
multiple of 512 (i.e. 512*3 = 1536).

Length(original message + padding bits) = 512 * i – 64 where i = 1,2,3 . . .

One Round of MD5 Operation

2. Append Length Bits: In this step, we add the length bit in the output of the first step in such a way
that the total number of the bits is the perfect multiple of 512. Simply, here we add the 64-bit as a
length bit in the output of the first step.
i.e. output of first step = 512 * n – 64
length bits = 64.

After adding both we will get 512 * n i.e. the exact multiple of 512.

3. Initialize MD buffer: Here, we use the 4 buffers i.e. A B, C, and D. The size of each buffer is 32
bits.

- A = 0x67425301
- B = 0xEDFCBA45
- C= 0x98CBADFE
- D = 0x13DCE476
F,G,H and I functions

4. Process Each 512-bit Block: This is the most important step of the MD5 algorithm. Here, a total of
64 operations are performed in 4 rounds. In the 1st round, 16 operations will be performed, 2nd
round 16 operations will be performed, 3rd round 16 operations will be performed, and in the 4th
round, 16 operations will be performed. We apply a different function on each round i.e. for the 1st
round we apply the F function, for the 2nd G function, 3rd for the H function, and 4th for the I
function.
We perform OR, AND, XOR, and NOT (basically these are logic gates) for calculating functions. We use
3 buffers for each function i.e. B, C, D.

Process P Operation

After applying the function now we perform an operation on each block. For performing operations
we need

• add modulo 232

• M[i] – 32 bit message.

• K[i] – 32-bit constant.

• <<<n – Left shift by n bits.

Now take input as initialize MD buffer i.e. A, B, C, D. Output of B will be fed in C, C will be fed into D,
and D will be fed into J. After doing this now we perform some operations to find the output for A.

• In the first step, Outputs of B, C, and D are taken and then the function F is applied to them.
We will add modulo 232 bits for the output of this with A.

• In the second step, we add the M[i] bit message with the output of the first step.
 • Then add 32 bits constant i.e. K[i] to the output of the second step.

• At last, we do left shift operation by n (can be any value of n) and addition modulo by 232.

After all steps, the result of A will be fed into B. Now same steps will be used for all functions G, H,
and I. After performing all 64 operations we will get our message digest.

Output:

After all, rounds have been performed, the buffer A, B, C, and D contains the MD5 output starting
with the lower bit A and ending with Higher bits D.

SHA-1

SHA-1 or Secure Hash Algorithm 1 is a cryptographic algorithm that takes an input and produces a
160-bit (20-byte) hash value. This hash value is known as a message digest. This message digest is
usually then rendered as a hexadecimal number which is 40 digits long.

Components and Process Flow:

1. Message (M):

• The original input message that needs to be hashed.

2. Message Padding:

• The initial step where the message is padded to ensure its length is congruent to 448
modulo 512. This step prepares the message for processing in 512-bit blocks.

3. Round Word Computation (WtW_tWt):

• After padding, the message is divided into blocks of 512 bits, and each block is
further divided into 16 words of 32 bits. These words are then expanded into 80 32-
bit words, which are used in the subsequent rounds.

4. Round Initialize (A, B, C, D, and E):

• Initialization of five working variables (A, B, C, D, and E) with specific constant values.
These variables are used to compute the hash value iteratively.

5. Round Constants (KtK_tKt):

• SHA-1 uses four constant values (K1K_1K1, K2K_2K2, K3K_3K3, K4K_4K4), each
applied in a specific range of rounds:

o K1K_1K1 for rounds 0-19

o K2K_2K2 for rounds 20-39

o K3K_3K3 for rounds 40-59

o K4K_4K4 for rounds 60-79

6. Rounds (0-79):

• The main computation loop of SHA-1, divided into four stages (each corresponding
to one of the constants K1K_1K1 to K4K_4K4). In each round, a combination of
 logical functions and operations is performed on the working variables (A, B, C, D,
and E) using the words generated in the previous step.

7. Final Round Addition:

• After all 80 rounds, the resulting values of A, B, C, D, and E are added to the original
hash values to produce the final hash.

8. MPX (Multiplexing):

• Combines the results from the final round addition to form the final message digest.

MAC

MAC stands for Message Authentication Code. Here in MAC, sender and receiver share same key
where sender generates a fixed size output called Cryptographic checksum or Message
Authentication code and appends it to the original message. On receiver’s side, receiver also
generates the code and compares it with what he/she received thus ensuring the originality of the
message. These are components:

• Message

• Key

• MAC algorithm

• MAC value

There are different types of models Of Message Authentication Code (MAC) as following below:

1. MAC without encryption –

This model can provide authentication but not confidentiality as anyone can see the
message.

2. Internal Error Code –

In this model of MAC, sender encrypts the content before sending it through network for
confidentiality. Thus this model provides confidentiality as well as authentication.

M' = MAC(M, k)

3. External Error Code –

For cases when there is an alteration in message, we decrypt it for waste, to overcome that
problem, we opt for external error code. Here we first apply MAC on the encrypted message
 ‘c’ and compare it with received MAC value on the receiver’s side and then decrypt ‘c’ if they
both are same, else we simply discard the content received. Thus it saves time.

4. c = E(M, k')

M' = MAC(c, k)