CNS

Que 1. Explain single round function of DES with suitable diagram.

Ans. The Data Encryption Standard (DES) is a symmetric key block cipher that encrypts data in 64-
bit blocks using a 56-bit key. The DES algorithm operates through 16 rounds of processing. Each
round uses a unique 48-bit subkey derived from the main key.

 Single Round Function of DES:

A single round of DES consists of the following steps:
1. Expansion (E-box)
2. Key Mixing (XOR with Round Key)
3. Substitution (S-boxes)
4. Permutation (P-box)
Here's a diagram to help visualize a single round of DES:
  Step-by-Step Breakdown:
Let’s assume Li and Ri are the left and right halves at round i.
1. Expansion (E-box)
 Ri (32 bits) → expanded to 48 bits.
 Uses a fixed Expansion Table to duplicate and rearrange some bits.
2. Key Mixing
 The 48-bit expanded Ri is XORed with the 48-bit round key Ki.
3. Substitution (S-boxes)
 The 48-bit result is split into eight 6-bit blocks.
 Each 6-bit block is passed through an S-box, producing a 4-bit output.
 Total output: 8 × 4 = 32 bits.
4. Permutation (P-box)
 The 32-bit output of S-boxes is rearranged using a fixed permutation table.
5. Final XOR
 This 32-bit output is XORed with Li.
 New right half becomes this result:
Ri+1 = Li XOR f(Ri, Ki)
 New left half is simply the previous right half:
Li+1 = Ri

Que 2. Draw & explain the structure of AES algorithm.

Ans. AES (Advanced Encryption Standard) is a symmetric key block cipher used for securing data. It
encrypts data in fixed blocks of 128 bits and supports key sizes of 128, 192, or 256 bits. The number
of rounds in AES depends on the key size:

 AES-128: 10 rounds

 AES-192: 12 rounds

 AES-256: 14 rounds
  Explanation of Each Step:

1. Initial Round

o AddRoundKey: XOR the plaintext with the first round key.

2. Main Rounds (Repeated for Nr - 1 rounds)

o SubBytes: Each byte is replaced with a corresponding value from an S-box (non-
linear substitution).

o ShiftRows: Each row of the matrix is shifted to the left by a certain number of
positions.

o MixColumns: Columns are mixed using matrix multiplication in a Galois field to

provide diffusion.

o AddRoundKey: XOR the result with the round key generated by the key schedule.

3. Final Round (without MixColumns)

o Only includes SubBytes, ShiftRows, and AddRoundKey

Que 3. List various block cipher modes of operation & explain any two/three modes of operation.

Ans. Block ciphers (like AES, DES) operate on fixed-size blocks (e.g., 64-bit, 128-bit). To encrypt
longer messages, modes of operation are used.

 List of Common Block Cipher Modes:

1. ECB (Electronic Codebook Mode)

2. CBC (Cipher Block Chaining Mode)

3. CFB (Cipher Feedback Mode)

4. OFB (Output Feedback Mode)

5. CTR (Counter Mode)

6. GCM (Galois/Counter Mode)

1. ECB (Electronic Codebook Mode)

Working:

 In ECB, each plaintext block is encrypted independently using the same key.

 No chaining or dependency between blocks.

 Identical plaintext blocks encrypt to identical ciphertext blocks.

 Pros:

 Simple and fast.

 Can be parallelized.

Cons:

 Patterns in the plaintext are visible in the ciphertext (same plaintext → same ciphertext).
This can reveal structure in the data, making it insecure for encrypting large amounts of data.

2. CBC (Cipher Block Chaining Mode)

Working:

 In CBC, each plaintext block is XORed with the previous ciphertext block before encryption.

 The first block uses an Initialization Vector (IV), which is random and unique for each
encryption.

Pros:
 Hides patterns in plaintext. Even if the same plaintext is encrypted multiple times,
the ciphertext will differ because of the chaining effect.

Cons:

 Sequential processing, so not parallelizable.

 Requires an IV (random value), which must be securely transmitted or stored.

Que 4. Explain encryption, decryption in RSA algorithm.

Ans. The RSA algorithm is a widely-used asymmetric encryption algorithm, which means it uses
two different keys for encryption and decryption:

 Public Key (used for encryption)

 Private Key (used for decryption)

RSA is based on the mathematical properties of large prime numbers. The algorithm involves the
following key generation, encryption, and decryption steps.

 Key Generation in RSA Algorithm

1. Select two large prime numbers:

Let p and q be two large prime numbers.

2. Compute n:
n=p×q
This value n will be used in both the public and private keys. It is the modulus for both
encryption and decryption operations.

3. Compute ϕ(n):
ϕ(n)=(p−1)(q−1)
This is Euler's Totient function of n, used to calculate the private key.

4. Select an encryption exponent e:

Choose e such that 1<e<ϕ(n) and e is coprime to ϕ(n)(n)ϕ(n).A common choice for e is
65537, but any suitable value can be chosen.

5. Calculate the private exponent d:

Find d such that:
d×e≡1 (mod ϕ(n))
This means that d is the modular multiplicative inverse of e modulo ϕ(n).

6. Public Key:
The public key is (e,n).

7. Private Key:
The private key is (d, n).

 RSA Encryption Process

The encryption process uses the public key (e, n).

 Steps:

1. Convert the plaintext into an integer mmm, where m<nm < nm<n. This can be done
by converting each letter or block of text into numbers.

2. Encrypt the message using the RSA encryption formula:

C=me mod n

o c is the ciphertext.

o m is the plaintext message (as an integer).

o e is the public exponent.

o n is the modulus.

3. The resulting ccc is the ciphertext, which can be transmitted securely.

 RSA Decryption Process

The decryption process uses the private key (d, n).

Steps:

1. Decrypt the ciphertext using the RSA decryption formula:

m =cd mod n

o m is the plaintext message (as an integer).

o c is the ciphertext.

o d is the private exponent.

o n is the modulus.

2. Convert the decrypted integer mmm back into the plaintext message.

 Example:

Let’s walk through a simple example of RSA encryption and decryption.

Key Generation Example:

 Choose two primes p=61 and q=53.

 Compute n=p×q=61×53=3233.

 Compute ϕ(n)=(61−1)×(53−1)=60×52=3120

 Choose e=17(a common choice), which is coprime to 3120.

 Compute d such that 17×d≡1 (mod 3120)

The modular inverse of 17 modulo 3120 is d=2753.

So, the public key is (e=17,n=3233) and the private key is (d=2753,n=3233).

Encryption Example:

 Plaintext m=123m = 123m=123.

  Using the formula c = me \mod n:

c = 12317 mod 3233 = 855

 The ciphertext is c=855.

Decryption Example:

 Ciphertext c=855.

 Using the formula m = cd mod n:

m= 8552753 mod 3233 = 123

 The decrypted message is m=123, which matches the original plaintext.

Que 5. One example of RSA algorithm.

Ans.

Example:

Let’s walk through a simple example of RSA encryption and decryption.

Key Generation Example:

 Choose two primes p=61 and q=53.

 Compute n=p×q=61×53=3233.

 Compute ϕ(n)=(61−1)×(53−1)=60×52=3120

 Choose e=17(a common choice), which is coprime to 3120.

 Compute d such that 17×d≡1 (mod 3120)

The modular inverse of 17 modulo 3120 is d=2753.

So, the public key is (e=17,n=3233) and the private key is (d=2753,n=3233).

Encryption Example:

 Plaintext m=123m = 123m=123.

 Using the formula c = me \mod n:

c = 12317 mod 3233 = 855

 The ciphertext is c=855.

Decryption Example:

 Ciphertext c=855.

 Using the formula m = cd mod n:

m= 8552753 mod 3233 = 123

 The decrypted message is m=123, which matches the original plaintext.

Que 6. Explain diffi-Hellman key exchange scheme in details.

Ans. Diffie-Hellman is a way for two people to share a secret key over the internet without
sending the key itself. That secret key can later be used to encrypt and decrypt messages.

 How It Works (Step by Step)

Let’s say there are two people: Alice and Bob.

1. Both agree on two numbers (these can be public):

o A prime number p

o A base g (also called generator)

2. Alice picks a secret number a (keeps it private)

3. Bob picks a secret number b (keeps it private)

4. Alice computes:

A=ga mod p
→ Sends A to Bob
5. Bob computes:

B= gb mod p

→ Sends B to Alice
6. Both now calculate the same secret key:

Alice computes:
Secret = Ba mod p

Bob computes:
Secret= Ab mod p

 Example:
Let’s pick small numbers so it's easy to follow:
 Public values:
p=23, g=5
 Alice picks secret number:
a=6
 Bob picks secret number:
b=15
Step 1: Calculate public values
 Alice:
A= 56 mod 23 = 15625 mod 23=8
 Bob:
B=515mod 23=2
Step 2: Exchange A and B
 Alice sends 8 to Bob
 Bob sends 2 to Alice
 Step 3: Compute shared secret
 Alice:
26 mod 23 = 64 mod 23 = 18
 Bob:
815 mod 23=18
✅ Shared Secret = 18

Que 7. Explain X.509 certificate with its structure.

Ans. X.509 is a standard used for digital certificates. These certificates are used in public key
infrastructure (PKI) to verify the identity of a person, organization, or website and to secure
communication over the internet (like HTTPS websites).

It helps in ensuring:

 Authentication (verifying identity)

 Confidentiality (secure encryption)

 Integrity (data hasn't been changed)

 Where is X.509 Used?

 SSL/TLS certificates for secure websites (https://)

 Email encryption (S/MIME)

 Digital signatures

 VPN and secure communication systems

 Structure of an X.509 Certificate

Here’s the typical structure of an X.509 certificate:

Field Description

Version Identifies the X.509 version (v1, v2, v3)

Serial Number Unique number assigned by the issuing Certificate Authority (CA)

Signature Algorithm Algorithm used to sign the certificate (e.g., SHA256 with RSA)

Issuer The Certificate Authority (CA) that issued the certificate

Validity Period - Not Before: Start date of validity

- Not After: Expiry date

Subject The identity the certificate is issued to (e.g., domain name, person’s
name)

Subject Public Key The public key and algorithm used by the subject
Info

Extensions (in v3) Additional info like:

- Key usage
- Subject alternative names
 - CA constraints

Signature The digital signature from the issuer (CA) to verify the certificate’s
authenticity

 Example Use Case

When you visit https://example.com, your browser checks its X.509 certificate to:

 Make sure it's issued by a trusted CA

 Verify the certificate hasn’t expired

 Check the domain name matches

 Use the public key inside the certificate to securely exchange data

Que 8. Explain NIST digital signature algorithm.

Ans. The Digital Signature Algorithm (DSA) is a standard developed by NIST (National Institute
of Standards and Technology) to create digital signatures.
It is part of the Digital Signature Standard (DSS) and is used to verify the authenticity and
integrity of digital data.

 Purpose:
DSA is not used for encryption—it is only used to sign and verify messages.
 How DSA Works?

DSA has two main processes:

1. Signature Generation (by sender)

2. Signature Verification (by receiver)

 DSA Key Components

 Prime Numbers:
p: a large prime number
q: a 160-bit prime such that q divides p−1

 Generator:
g: a number generated from p and q

 Private Key (x):

Chosen randomly by the user, where 0 < x < q

 Public Key (y):

Calculated as y = gx mod p

Que 9. Explain SSL Handshake protocol.

Ans. The SSL (Secure Sockets Layer) Handshake Protocol is the process that happens when a
client (like a browser) and a server (like a website) first connect securely.

It establishes:

 Encryption method

 Server identity (and client, optionally)

 A shared secret key for encrypting further communication

SSL has been succeeded by TLS (Transport Layer Security), but the handshake process is very
similar.

 Steps of SSL Handshake

Let’s walk through the handshake step-by-step:

 Step-by-Step SSL Handshake Process

Step Description

1. Client Hello Client sends:

- SSL version
- Supported cipher suites
- Random number
- Session ID

2. Server Hello Server responds with:

- Chosen cipher suite
- Random number
- Session ID
- Server certificate (contains public key)

3. Certificate Client verifies the server’s certificate using trusted Certificate

Verification Authorities (CAs)

4. Pre-Master Key Client generates a pre-master key, encrypts it with the server’s
public key, and sends it to the server

5. Session Key Both client and server use the pre-master key + random numbers
Generation to create the same session key

6. Finished Both client and server exchange "Finished" messages encrypted

with the session key to confirm secure connection

Once this is done, all communication is encrypted using the session key.
  Diagram:

 Key Concepts Used in SSL Handshake

 Public-Key Cryptography: Used to securely exchange the session key
 Symmetric-Key Cryptography: Used for fast and secure data transfer after the handshake
 Digital Certificates: To prove the server is trusted and genuine

Que 10.List & explain 4 general categories of scheme for the distribution of public keys.

Ans. In public key cryptography, each user has:

 A public key (shared with everyone)

 A private key (kept secret)

But how do users safely obtain each other's public keys? That’s where key distribution schemes
come in.

 4 General Categories of Public Key Distribution Schemes

1. Public Announcement

 How it works:
Users publicly post their public keys (e.g., on websites, forums, or emails).

 Example:
"Here is my public key: ABC123..."

 Issue:
No way to verify if the key is really from the correct person (can be intercepted or
replaced — called a man-in-the-middle attack).

 Use Case:
Informal environments, basic key sharing.

2. Publicly Available Directory

 How it works:
A trusted directory service stores all public keys and is available to anyone.
  Key Feature:
The directory is maintained by a trusted authority and may be digitally signed to prevent
tampering.

 Example:
An organization’s secure directory of employees' public keys.

 Use Case:
Corporate networks, government institutions.

3. Public Key Authority

 How it works:
A central authority is responsible for distributing and verifying public keys on request.

 Steps:

1. A user requests a public key from the authority.

2. The authority responds with the verified key.

 Benefit:
Reduces risk of impersonation since keys are verified.

 Limitation:
The authority becomes a central point of trust and failure.

4. Public Key Certificates (Certificate Authority - CA)

 How it works:
A trusted Certificate Authority (CA) issues a digital certificate, which binds a public key to
the owner's identity.

 Digital Certificate Contains:

o Owner’s name

o Public key

o CA’s digital signature

o Expiry date

 Verification:
Anyone can verify the certificate using the CA’s public key.

 Example:
Websites with HTTPS use certificates issued by trusted CAs (like DigiCert, Let's Encrypt,
etc.)

 Use Case:
Web security, online banking, secure email, e-commerce.

Que 11.Explain message authentication code.

 Ans. A Message Authentication Code (MAC) is a short piece of information (a code) used to verify:

1. The integrity of a message (it hasn't been changed).

2. The authenticity of the sender (it’s from the expected source).

It’s used in symmetric key cryptography, where both sender and receiver share the same secret
key.

 Why MAC is Used?

 To detect any changes in the message during transmission.

 To make sure the message is from a trusted sender.

 How MAC Works?

1. Sender:

o Takes the message and the shared secret key

o Applies a MAC algorithm to generate a MAC value (tag)

o Sends both: message + MAC

2. Receiver:

o Takes the received message and the same secret key

o Recomputes the MAC value

o Compares it with the received MAC

o If both match → message is authentic and unaltered

 Common MAC Algorithms

 HMAC (Hash-based MAC):

Uses hash functions like SHA-256

 CMAC (Cipher-based MAC):

Uses block ciphers like AES

 Key Properties of a Good MAC:

 Depends on both message and key

 Cannot be forged without the secret key

 Any change in the message results in a different MAC

 Example

Let’s say:

 Message = "Hello"

 Secret Key = "1234"

 MAC Algorithm = HMAC-SHA256

 → The MAC generated might look like:
A3F5...BCD2

Que 12.What is Kerberos? how it works? Explain in details.

Ans. Kerberos is a network authentication protocol used to securely identify users and services
in a computer network.

It uses secret-key cryptography and a trusted third party to verify identities and ensure secure
communication — especially in client-server environments.

 It prevents:

 Passwords from being sent in plaintext

 Unauthorized access

Developed by MIT, Kerberos is widely used in systems like Windows Active Directory and
UNIX/Linux networks.

 Key Components of Kerberos

Component Description

Client User or device trying to access a service

Server The service the client wants to access

KDC (Key Distribution A trusted third-party server consisting of:

Center)

 Authentication Server (AS)

 Ticket Granting Server (TGS) | | TGT (Ticket Granting Ticket) | A ticket that allows the
user to request access to services without re-entering credentials | | Session Key | A
secret key for secure communication between the client and server |

 How Kerberos Works – Step-by-Step

📌 Step 1: User Login & Request Ticket Granting Ticket (TGT)

 The client logs in and sends a request to the Authentication Server (AS) with the
username.

 AS checks the database and, if valid:

o Creates a TGT

o Encrypts it using the user's secret key (derived from the password)

📌 Step 2: Client Decrypts and Stores TGT

 The client decrypts the response using its password (key).

 It now has the TGT, which can be used to request services.

📌 Step 3: Request Service Ticket from TGS

 When the client wants to access a service (e.g., file server), it sends:
 o The TGT

o The service name

o An authenticator (proves it's really the client)

 The Ticket Granting Server (TGS) verifies the TGT and client identity.

📌 Step 4: TGS Issues Service Ticket

 TGS sends back a Service Ticket, encrypted using the server’s secret key.

📌 Step 5: Access the Service

 Client sends the Service Ticket to the target server.

 Server decrypts it, authenticates the client, and allows access

 Key Features of Kerberos

 Mutual Authentication (both client and server verify each other)

 No plain-text passwords sent over the network

 Tickets are used instead of passwords after login

 Time-stamps and limited lifetime to prevent replay attacks

 Used In

 Microsoft Active Directory

 UNIX/Linux with krb5

 Email servers, file servers, and databases needing secure access

Que 13.Explain secure hash algorithm.

Ans. The Secure Hash Algorithm (SHA) is a family of cryptographic hash functions designed to take
an input (like a message or file) and produce a fixed-length output, called a hash or message digest.

 The purpose of SHA is to ensure:

 Data integrity (detects any changes in data)

 Security in digital signatures, passwords, certificates, etc.

 Key Properties of SHA

1. Fixed Output Size:

No matter the size of input, the hash is always fixed-length.
(e.g., SHA-256 gives a 256-bit hash)

2. Deterministic:
Same input = same hash every time.

3. One-Way Function:
It’s easy to compute the hash from input, but impossible to reverse it.

4. Avalanche Effect:
A small change in input drastically changes the output.

5. Collision-Resistant:
It’s hard to find two different inputs that produce the same hash.

 SHA Family Versions

Version Output Length Description

SHA-1 160 bits Outdated and insecure (broken)

SHA-2 224, 256, 384, 512 bits Strong and widely used

SHA-3 224, 256, 384, 512 bits Latest standard (Keccak)

 How SHA Works (Basic Steps)

1. Preprocessing:

o Padding the message to make its length a multiple of a fixed size.

o Appending the original message length.

2. Divide the message into blocks.

3. Initialize hash values.

4. Compression Function:

o Each block is processed through a series of logical operations, rotations, and bit-
shifting.

5. Output Final Hash:

 o After processing all blocks, the final fixed-size hash is produced.

 Example:

 Input: "hello"

 SHA-256 Hash:
2cf24dba5fb0a...3e9d525b

Even changing "hello" to "Hello" gives a completely different hash!

 Where SHA is Used?

 Digital Signatures

 SSL/TLS Certificates

 Blockchain (e.g., Bitcoin uses SHA-256)

 Password storage (in hashed form)

 File integrity checking

Que 14.Explain cipher block chaining mode.

Ans. Cipher Block Chaining (CBC) is a mode of operation for block ciphers used in encryption.

It improves the security of Electronic Codebook (ECB) mode by adding a chaining mechanism —
meaning the encryption of each block depends on the previous block.

 CBC is used in systems that need secure encryption of data blocks (like files, messages, etc.)

How CBC Mode Works (Encryption)

Let’s say:

 The message is divided into blocks: M₁, M₂, M₃...

 A block cipher algorithm like AES is used

 A random Initialization Vector (IV) is used for the first block only

 Steps:

1. First, IV is XORed with the first message block (M₁)

2. The result is encrypted with the key to produce ciphertext C₁

3. Then, C₁ is XORed with M₂ → encrypted → gives C₂

4. This continues for all blocks...

 CBC Decryption

On the receiver side:

1. Decrypt C₁ → Get result R₁

2. XOR R₁ with IV → get M₁

3. Decrypt C₂ → R₂ → XOR with C₁ → get M₂

4. And so on...

Decryption:

C₁ ----> [Decrypt] --> R₁ --⊕-- IV ---> M₁

C₂ ----> [Decrypt] --> R₂ --⊕-- C₁ ---> M₂

C₃ ----> [Decrypt] --> R₃ --⊕-- C₂ ---> M₃

 Example

Let’s say:

 M₁ = 1100

 IV = 1010

 Encryption: XOR 1100 ⊕ 1010 = 0110

 Encrypt 0110 with AES → Cipher block C₁

 Advantages of CBC Mode

 More secure than ECB (blocks produce different ciphertexts even if plaintext is same)

 Each block depends on the previous block, so patterns are hidden

 Disadvantages

 Slower: Cannot encrypt blocks in parallel

  One corrupted block can affect the next one during decryption

Que 15.Explain Euclid’s algorithm with example.

Ans. Euclid’s Algorithm is an efficient method to find the Greatest Common Divisor (GCD) of two
numbers.

 GCD (also called HCF) is the largest number that divides both numbers without leaving a
remainder.
 How Euclid’s Algorithm Works

For two numbers A and B (assume A > B):

1. Divide A by B, and find the remainder R.

2. Replace A with B, and B with R.

3. Repeat until the remainder becomes 0.

4. When R = 0, the current value of B is the GCD.

 Steps in Formula Form:

GCD(A, B) = GCD(B, A mod B)
Repeat until B = 0
 Example: Find GCD of 48 and 18
Step 1: A = 48, B = 18
48 ÷ 18 = 2 remainder 12 → GCD(48, 18) = GCD(18, 12)

Step 2: A = 18, B = 12
18 ÷ 12 = 1 remainder 6 → GCD(18, 12) = GCD(12, 6)

Step 3: A = 12, B = 6
12 ÷ 6 = 2 remainder 0 → GCD(12, 6) = GCD(6, 0)

Final Step: Since remainder is 0 → GCD is 6

Que 16.Draw & explain feistel encryption &decryption.

Ans. The Feistel structure is a design used in many block ciphers like DES (Data Encryption
Standard).

 It splits the data block into two halves and processes them through multiple rounds using a
round function and subkeys, enabling both encryption and decryption using the same structure.
 Feistel Encryption Process (Step-by-Step)

1. Input Block: Split into two halves

o Left half = L₀

o Right half = R₀

2. Each round (i):

 o Lᵢ = Rᵢ₋₁

o Rᵢ = Lᵢ₋₁ ⊕ F(Rᵢ₋₁, Kᵢ)

(F = round function, Kᵢ = subkey for round i)

3. After N rounds, combine the final halves (Rₙ, Lₙ) as ciphertext.

 Feistel Decryption Process

Decryption uses the same process, but subkeys Kᵢ are applied in reverse order (Kₙ to K₁).

 Feistel Structure Diagram:

 Key Features of Feistel Network

 Same structure for encryption & decryption
 Uses subkeys in each round
 Works with symmetric key ciphers
 Widely used in DES, Blowfish, etc.

Que 17.Differentiate symmetric and asymmetric key algorithm.

Ans.

Symmetric Key Algorithm Asymmetric Key Algorithm

Same key for encryption and decryption Uses a pair of keys: Public Key & Private Key

Faster Slower

Less secure for key exchange More secure for communication

Difficult – key must be shared secretly Easier – public key can be openly shared
 Examples: AES, DES, Blowfish Examples: RSA, ECC, DSA

Efficient for large data Better for small data (or key exchange)

Used for bulk data encryption Used for secure key exchange, digital
signatures

Same algorithm and same key Public key encrypts, Private key decrypts

Harder in large systems Easier for large networks

Depends on safe key sharing Ensured via private key secrecy

Que 18.How can we find out GCD of two numbers using Euclid’s algorithm.

Ans. It’s an efficient way to find the GCD by repeatedly dividing the larger number by the smaller one
and replacing the larger number with the smaller number and the smaller number with the
remainder. Repeat this process until the remainder becomes zero. The last non-zero remainder is
the GCD.

 Steps to Find GCD using Euclid's Algorithm:

1. Step 1: Given two numbers, say A and B (where A ≥ B).

2. Step 2: Divide A by B and get the remainder (R).

3. A = B * Q + R

(Where Q is the quotient and R is the remainder)

4. Step 3: Replace A with B and B with R (the remainder).

5. Step 4: Repeat the process until R = 0.

6. Step 5: When the remainder becomes 0, the GCD is the last non-zero remainder.

 Example: Find GCD of 48 and 18

1. Step 1: Divide 48 by 18.

2. 48 ÷ 18 = 2 remainder 12

Now, A = 18, B = 12.

3. Step 2: Divide 18 by 12.

4. 18 ÷ 12 = 1 remainder 6

Now, A = 12, B = 6.

5. Step 3: Divide 12 by 6.

6. 12 ÷ 6 = 2 remainder 0

Now, the remainder is 0, so we stop here.

7. Step 4: The GCD is the last non-zero remainder, which is 6.

 Thus, GCD(48, 18) = 6.

Que 19.Explain SSL architecture.

Ans. SSL (Secure Sockets Layer) is a cryptographic protocol designed to provide secure
communication over a computer network. It has been replaced by TLS (Transport Layer Security),
but SSL is still often used to refer to the general secure communication protocol.

SSL Architecture is built upon several components that work together to ensure confidentiality,
integrity, and authentication.

 Components of SSL Architecture:

1. SSL Handshake Protocol

o Responsible for setting up a secure connection between the client and the server.

o Establishes cryptographic keys and verifies the identity of the parties involved.

2. SSL Record Protocol

o Defines how data is securely transmitted between the client and server.

o Responsible for ensuring the confidentiality and integrity of the data during
transmission.

3. SSL Alert Protocol

o Handles alert messages that notify the parties about the status of the connection
(e.g., warning or error).

4. SSL Change Cipher Spec Protocol

o Tells the client and server that the keys have been changed, and data encryption will
begin.

 Security Features Provided by SSL:

 1. Encryption:

o Ensures the confidentiality of data transmitted between client and server using
symmetric encryption algorithms.

2. Authentication:

o Verifies the identity of the server (and optionally the client) using digital certificates
signed by trusted Certificate Authorities (CAs).

3. Data Integrity:

o Uses Message Authentication Codes (MAC) to verify that the data has not been
altered during transmission.

4. Session Resumption:

o SSL supports session resumption, allowing clients and servers to reuse a previously
established session for subsequent connections.

Que 20.Explain operation of AES.

Ans. AES is a symmetric key block cipher that encrypts data in fixed blocks of 128 bits using key sizes
of 128, 192, or 256 bits. It is widely used for secure data encryption in applications like secure file
storage, VPNs, HTTPS, etc.

 Key Features of AES:

 Block size: 128 bits

 Key sizes: 128, 192, or 256 bits

 Number of rounds:

o 10 rounds for 128-bit key

o 12 rounds for 192-bit key

o 14 rounds for 256-bit key

 Main Steps in AES Encryption:

AES works on a 4x4 matrix of bytes called the State. Each round involves several operations:

1. Key Expansion

 The original key is expanded into multiple round keys using a process called Key Schedule.

 Each round uses a different round key.

2. Initial Round

 AddRoundKey: XOR each byte of the state with the corresponding byte of the round key.

3. Main Rounds (Repeated 9/11/13 times)

Each main round consists of four steps:

  SubBytes:

o A non-linear substitution step where each byte is replaced using an S-box

(substitution box).

 ShiftRows:

o The rows of the state are shifted cyclically to the left.

 MixColumns:

o The columns of the state are mixed to provide diffusion using mathematical
operations (matrix multiplication).

 AddRoundKey:

o XOR the current state with a round key.

4. Final Round (No MixColumns)

 SubBytes

 ShiftRows

 AddRoundKey

 AES Decryption

AES decryption follows the reverse process using:

 InvSubBytes

 InvShiftRows

 InvMixColumns

 AddRoundKey

 Example (128-bit key):

Let’s say you have:

 Plaintext = 128 bits

 Key = 128 bits

Process:

1. AddRoundKey (Initial)

2. 9 Rounds of: SubBytes → ShiftRows → MixColumns → AddRoundKey

3. Final Round (10th): SubBytes → ShiftRows → AddRoundKey

The final output is the ciphertext.