Chapter two part 2

1
 Categories of cryptography
We can divide all the cryptography algorithms (ciphers)
into two groups:
 symmetric key(also called secret-key) cryptography
algorithms. E.g. Caesar Cipher
 asymmetric (also called public-key) cryptography
algorithms.

2
 Symmetric-key cryptography
 In symmetric-key cryptography, the same key is used by
both parties.
 The sender uses this key and an encryption algorithm to
encrypt data; the receiver uses the same key and the
corresponding decryption algorithm to decrypt the data.

The key is shared

3
 Types of Symmetric Encryption
 Algorithms in which the key for encryption and decryption
are the same in Symmetric
Example: Caesar Cipher
Types:
1. Block Ciphers
– Encrypt data one block at a time (typically 64 bits,
or 128 bits)
– Used for a single message
2. Stream Ciphers
– Encrypt data one bit or one byte at a time
– Used if data is a constant stream of information

4
 STREAM CIPHER
● Stream cipher is a symmetric key cipher where plaintext
digits are combined with a pseudo-random cipher digit
stream (keystream).
● In a stream cipher each plaintext digit is encrypted one at
a time with the corresponding digit of the keystream, to
give a digit of the ciphertext stream.
● An alternative name is a state cipher, as the encryption of
each digit is dependent on the current state.
● In practice, a digit is typically a bit and the combining
operation an exclusive-or (xor).
● Good for real-time services.

5
 STREAM ENCRYPTION

Stream ciphers encrypt one bit or one byte at a time.

6
 BLOCK CIPHER
● A block cipher is a symmetric key cipher operating on
fixed-length groups of bits, called blocks, with an
unvarying transformation.
● A block cipher encryption algorithm might take (for
example) a 128-bit block of plaintext as input, and
output a corresponding 128-bit block of ciphertext.
● The exact transformation is controlled using a second
input — the secret key.
● Decryption is similar: the decryption algorithm takes, in
this example, a 128-bit block of ciphertext together with the
secret key, and yields the original 128-bit block of plaintext.

7
 BLOCK ENCRYPTION

Block ciphers encrypt a fixed number of bits as a single chunk.

8
STREAM VS. BLOCK ENCRYPTION

9
Shannon Substitution-Permutation Ciphers
• In 1949, Shannon introduced idea of
substitution-permutation (S-P) networks
– modern substitution-transposition product cipher
• These form the basis of modern block ciphers
• S-P networks are based on the two primitive
cryptographic operations:
– substitution (S-box)
– permutation (P-box) (transposition)
• He also introduced the ideas of confusion and
diffusion

10
 Diffusion and Confusion
Introduced by Claude Shannon to thwart
cryptanalysis based on statistical analysis
◦ Assume the attacker has some knowledge of the statistical
characteristics of the plaintext
Cipher needs to completely obscure statistical
properties of original message
More practically Shannon suggested combining
elements to obtain:
◦ diffusion – dissipates statistical structure of plaintext over
bulk of ciphertext
◦ confusion – makes relationship between ciphertext and key
as complex as possible
11
SHANNON’S CHARACTERISTICS OF “GOOD” CIPHERS

1. The amount of secrecy needed should determine the

amount of labor appropriate for the encryption and
decryption.
2. The set of keys and the enciphering algorithm should be
free from complexity.
3. The implementation of the process should be as
simple as possible.
4. Errors in ciphering should not propagate and cause
corruption of further information in the message.
5. The size of the enciphered text should be no larger
than the text of the original message.

12
 Asymmetric-key cryptography
 In asymmetric or public-key cryptography, there are two keys: a
private key and a public key.
 The private key is kept by the receiver & the public key is
announced to the public.
 In Figure, imagine Alice wants to send a message to Bob.
 Alice uses the public key to encrypt the message.
 When the message is received by Bob, the private key is used to
decrypt the message.

13
 Comparison between two categories of
cryptography
 Let us compare symmetric-key and asymmetric-key cryptography.
 Encryption can be thought of as electronic locking; decryption as
electronic unlocking.
 The sender puts the message in a box and locks the box by using a key;
the receiver unlocks the box with a key and takes out the message.
 The difference lies in the mechanism of the locking and unlocking and
the type of keys used.
 In symmetric-key cryptography, the same key locks and unlocks the
box.
 In asymmetric-key cryptography, one key locks the box, but another
key is needed to unlock it.

14
Comparison…

15
DES: THE DATA ENCRYPTION STANDARD

● The DES algorithm was developed in the 1970s by

IBM for the U.S. National Institute of Standards
and Technology (NIST)
● DES encrypts 64-bit blocks by using a 56-bit
key.
● Double DES: Take two keys, k1 and k2, and
perform two encryptions, one on top of the
other:C= E(k2, E(k1,m))
● Triple DES: C= E(k3, E(k2, E(k1,m))).

Page 16
DES: THE DATA ENCRYPTION STANDARD
● DES is a block Cipher Algorithm
-Encodes plaintext in 64 bit chunks. One parity bit for each of the 8 bytes thus it
reduces to 56 bit

Page 17
Data Encryption Standard (DES) Basics
64-bit input 56-bit key

48-bit k1
L1 R1 DES run in reverse to decrypt
Cracking DES
F(L1, R1, K1)
1997: 140 days
48-bit k2 1999: 14 hours
L2 R2
TripleDES uses DES 3 times in
F(L2, R2, K2) tandem
Output from 1 DES is input to
48-bit k3
L3 R3 next DES

F(L16, R16, K16)

48-bit k16
L17 R17

Page 18
FORMS OF DES

Page 19
Modes of Operation
Experts using DES have five different modes of operation to choose
from.
 Electronic Codebook (ECB). Each 64-bit block is encrypted and
decrypted independently
 Cipher Block Chaining (CBC). Each 64-bit block depends on the
previous one and uses an Initialization Vector (IV)
 Cipher Feedback (CFB). The preceding ciphertext becomes the
input for the encryption algorithm, producing pseudorandom
output, which in turn is XORed with plaintext, building the next
ciphertext unit
 Output Feedback (OFB). Much like CFB, except that the
encryption algorithm input is the output from the preceding DES
 Counter (CTR). Each plaintext block is XORed with an
encrypted counter. The counter is then incremented for each
subsequent block

Page 20
AES: The Advanced Encryption Standard

• AES is a specification for the encryption of

electronic data established by the U.S. National
Institute of Standards and Technology (NIST) in
2001.
 AES was introduced to replace DES, as DES
uses very small cipher key and the algorithm
was quite slower.

Page 21
AES: The Advanced Encryption Standard

• The more popular and widely adopted

symmetric encryption algorithm likely to be
encountered nowadays is the Advanced
Encryption Standard (AES).
• It is found at least six time faster than triple
DES.
• A replacement for DES was needed as its key
size was too small.
• With increasing computing power, it was
considered vulnerable against exhaustive key
search attack.
Page 22
AES: The Advanced Encryption Standard

• Triple DES was designed to overcome this

drawback but it was found slow.

The features of AES are as follows −

• Symmetric key symmetric block cipher
• 128-bit data, 128/192/256-bit keys
• Stronger and faster than Triple-DES
• Provide full specification and design details
• Software implementable in C and Java

Page 23
 Operation of AES
• AES is an iterative rather than Feistel cipher.
• It is based on ‘substitution–permutation network’.
• It comprises of a series of linked operations, some of which involve
replacing inputs by specific outputs (substitutions) and others involve
shuffling bits around (permutations).
• Interestingly, AES performs all its computations on bytes rather than
bits.
• Hence, AES treats the 128 bits of a plaintext block as 16 bytes.
• These 16 bytes are arranged in four columns and four rows for
processing as a matrix
• Unlike DES, the number of rounds in AES is variable and depends on
the length of the key.
• AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14
rounds for 256-bit keys. Each of these rounds uses a different 128-bit
round key, which is calculated from the original AES key.

Page 24
STRUCTURE OF AES

Page 25
STRUCTURE OF AES

Page 26
 DES VS. AES

DES AES
Developed 1977 2000
Key Length 56 bits 128, 192, or 256 bits
Cipher Type Symmetric block cipher Symmetric block cipher
Block Size 64 bits 128 bits
Security Proven inadequate Considered secure

Page 27
SYMMETRIC CRYPTOGRAPHY ALGORITHMS

• RC2,3,4,5,6
• CAST
• SAFER
• Twofish

Page 28
PROBLEM WITH SYMMETRIC KEY CRYPTOGRAPHY
● Large number of keys: If there are n people communicating with
each other, we would need to distribute n(n−1)/2 symmetric keys
between them. Is there some way to reduce the number of keys
that need to be shared?
● For a digital signature: for instance, how can Alice prove that a
message indeed came from Bob? This is important if both sides do
not really trust one another, and Alice later disclaims that she
didn’t send any message to Bob.
● Security of exchange keys.
● Solution: public key encryption

Page 29
SYMMETRIC AND ASYMMETRIC ENCRYPTION

Page 30
 ASYMMETRIC CRYPTOGRAPHY /
PUBLIC-KEY CRYPTOGRAPHY (1)
● Public-key cryptography, also known as asymmetric cryptography,
refers to a cryptographic algorithm which requires two separate keys,
one of which is secret (or private) and one of which is public.
● Although different, the two parts of this key pair are mathematically
linked.
● The public key is used to encrypt plaintext or to verify a digital
signature; whereas the private key is used to decrypt ciphertext or to
create a digital signature.
● Used to conceal small blocks of data, such as encryption keys and
hash function values, which are used in digital signatures.
● Authors (Whitfield Diffie and Martin Hellman) of public-key
cryptography received Turing Award in 2015:
http://amturing.acm.org/index.cfm

Page 31
A PUBLIC KEY ENCRYPTION SCHEME HAS 5
MAJOR PARTS

1. Plaintext - message to be encrypted.

2. Encryption Algorithm - it performs substitutions and
transformations to the plaintext.
3. Public and Private Keys - a pair of keys, one for encryption and
the other for decryption.
4. Ciphertext - this is the encrypted or scrambled message
5. Decryption Algorithm - it generates the ciphertext and the
matching key to produce the plaintext.

● P=D(kPRIV, E(kPUB,P)), P=D(kPUB, E(kPRIV,P))

● P=E(D(P))=D(E(P))

Page 32
Key Diffie-Hellman Mathematical Analysis

Bob & Alice

Bob agree on non-secret Alice
prime p and value a

Generate Secret Generate Secret

Random Number x Random Number y

Bob & Alice

Compute Public Key exchange Compute Public Key
ax mod p public keys ay mod p

Compute Session Key Compute Session Key

(ay)x mod p (ax)y mod p

Identical Secret Key

Key Agreement cont..
• Diffie-Hellman is the first key agreement algorithm
Invented by Whitfield Diffie & Martin Hellman
• Provided ability for messages to be exchanged securely
without having to have shared some secret information
previously
• Inception of public key cryptography which allowed keys
to be exchanged in the open
• No exchange of secret keys
• Man-in-the middle attack avoided
 COMPARISON BETWEEN SYMMETRIC AND
ASYMMETRIC CRYPTOGRAPHY

Symmetric Cryptography Asymmetric (Public key) Cryptography

Same key used to encrypt and decrypt Different keys (public key and private
key) used to encrypt and decrypt
Faster Slower, typically by a factor of up to
10,000 times slower than symmetric
algorithms
Need a secure channel to transfer the key Needn’t a security channel to transfer
the key
Used when performance is required Used to exchange key, encrypt
communication, protect symmetric
keys, authentication, signing
Page 35
 THE RSA ALGORITHM
● RSA (Designers: Ron Rivest, Adi Shamir, and Leonard Adleman, 1977)
is one of the first practicable public-key cryptosystems and is widely
used for secure data transmission.
● The RSA operates with arithmetic mod n, which makes
factorization extremely difficult.
● The RSA cryptosystem is based on the assumption that factorization
of large integers is computationally hard.
● This assumption is not known to be true, but is widely believed.
● It is not even known if factorization is an NP-complete problem.
● RSA keys are often of length a power of two, like 512, 1024, or 2048
bits.
● RSA authors received Turing Award in 2002.
http://amturing.acm.org/award_winners/shamir_2327856.cfm

Page 36
 THE RSA ALGORITHM
● Two keys, e and d, are used for decryption and encryption.
They are actually interchangeable.
● n, e, d are produced from 2 prime numbers.
● The plaintext block m is encrypted as me mod n =c. Because
the exponentiation is performed mod n, inferring from c to m is
extremely difficult.
● However, the decrypting key d is carefully chosen so that cd mod
n= m. Thus, the legitimate receiver who knows d simply
computes cd mod n= m and recovers m without having to factor
n.

Page 37
 THE RSA ALGORITHM

Setup: Example:
1. To setup a public-private key pair, Setup:
principal choose two primes p and q and 1. p=61, q=53, n=p*q=61*53=3233
keeps them secret, then computes n = 2. φ(n)=(p-1)*(q-1)=(61-1)(53-1)=3120,
p*q. 3. Choose e=17, prime with 3120, gcd (e,
2. φ(n) = φ(p*q) = φ(p)φ(q) = (p-1)*(q-1) 3120)=1, and e<3120,
3. Choose e, gcd(e, φ(n)) =1, and e<φ(n). 4. Select d=2753, because (2753*17) mod
(e can be small; often 3, 17, or 65537 3120=1
are chosen) 5. public key is (17, 3233), private key
4. Select d, where (d*e) mod φ(n) =1 . is (2753, 3233)
5. public key is (e, n) and the private key
is Operations:
1. encryption:
(d, n).
m =65, c=me mod n = 6517 mod 3233
Operations: =2790
1. encryption of plaintext m: compute c=me 2. decryption:
mod n m= cd mod n = 27902753 mod 3233 = 65
2. decryption of ciphertext c: compute m
= cd mod n
Page 38
THE RSA ALGORITHM
• Choose two large prime numbers p & q
• Compute n=pq and z=(p-1)(q-1)
• Choose number e, less than n, which has no common factor (other
than 1) with z
• Find number d, such that ed – 1 is exactly divisible by z
• Keys are generated using n, d, e
o Public key is (n,e)
o Private key is (n, d)
• Encryption: c = me mod n
o m is plain text
o c is cipher text
• Decryption: m = cd mod n
• Public key is shared and the private key is hidden
RSA
P=5 & q=7
n=5*7=35 and z=(4)*(6) = 24
e=5
d = 29 , (29x5 –1) is exactly divisible by 24
Keys generated are
Public key: (35,5)
Private key is (35, 29)
Encrypt the word love using (c = me mod n)
Assume that the alphabets are between 1 & 26

Plain Text Numeric Representation me Cipher Text (c = me mod n)

l 12 248832 17
o 15 759375 15
v 22 5153632 22
e 5 3125 10
CLASSROOM EXAMPLE FOR RSA
Example:
1. p=3, q=5, n=p*q=15
2. φ(n)=φ(15)=φ(3)φ(5)=(3-1)*(5-1)=8
3. e=7, because gcd (7,8)=1
4. d=7, because (d*e) mod 8=1
5. if m=2
6. c=me mod n=27 mod 15=8
7. m=cd mod n=87 mod 15=2

Exercise:
p=3, q=11, m=2

Page 41
HOMEWORK

p=11, q=13, m= 3

1. create private key and public key

2. use the keys to demonstrate the encryption and
decryption to m

Page 42
ASYMMETRIC ALGORITHMS

● Diffie-Hellman
● RSA
● El Gamal
● Elliptic Curve Cryptography (ECC)

Page 43
 ASYMMETRIC ENCRYPTION
TYPES
Two most popular algorithms are RSA & El Gamal
• RSA
o Developed by Ron Rivest, Adi Shamir, Len Adelman
o Both public and private key are interchangeable
o Variable Key Size (512, 1024, or 2048 buts)
o Most popular public key algorithm

• El Gamal
o Developed by Taher El-Gamal
o Variable key size (512 or 1024 bits)
o Less common than RSA, used in protocols like PGP
ENCRYPTION PROTOCOLS
 Pretty Good Privacy (PGP)
-Used to encrypt e-mail using session key
encryption
-Combines RSA, Triple DES, and other algorithms

 Secure/Multipurpose Internet Mail Extension

(S/MIME)
-Newer algorithm for securing e-mail
-Backed by Microsoft, RSA, AOL

 Secure Socket Layer(SSL) and Transport Layer

Socket(TLS)
-Used for securing TCP/IP Traffic
-Mainly designed for web use
-Can be used for any kind of internet traffic
 DIGITAL SIGNATURE

● A digital signature is a mathematical scheme for demonstrating

the authenticity of a digital message or document.

● A valid digital signature gives a recipient reason to believe that

the message was created by a trustable sender, such that the
sender cannot deny having sent the message and that the
message was not altered in integrity.

● Digital signatures are commonly used for software

distribution, financial transactions, and in other cases where it
is important to detect forgery or tampering.

Page 46
DIGITAL SIGNATURE

A diagram showing how a digital signature is applied and then verified.

Page 47
DIGITAL SIGNATURE

A digital signature consists of

1. a file
2. demonstration that the file has not been altered
3. indication of who applied the signature
4. validation that the signature is authentic, that it belongs
to the signer
5. connection of the signature to the file

Page 48
 HASH FUNCTIONS
● Hash functions, also called message digests and one-way
encryption, are algorithms that, in some sense, use no key.
● A hash function, an output value deterministic will be created
from an input value.
● For any input value, you will always receive the same output
value whenever the hash function is run.
● It is impossible to recover the the contents or length of the
plaintext from hash.
● Typically used to provide a digital fingerprint of a file's contents,
often used to ensure that the file has not been altered by an
intruder or virus.
● Are commonly employed by many operating systems to
encrypt passwords.
● Provide a measure of the integrity of a file.

Page 49
EXAMPLE OF HASH FUNCTION

Page 50
HASHING ALGORITHMS
● MD5
○ Computes 128-bit hash value
○ Widely used for file integrity checking
● SHA-1
○ Computes 160-bit hash value
○ NIST approved message digest algorithm
● HAVAL
○ Computes between 128 and 256 bit hash
○ Between 3 and 5 rounds
● RIPEMD-160
○ Developed in Europe published in 1996
○ Patent-free

Page 51
 REFERENCES

● Alfred J. Menezes, Paul C. van Oorschot and Scott A., Handbook

of Applied Cryptography, ISBN-13: 978-0849385230 ， CRC
Press, 1996.
● Chapter 2, chapter 12, Charles P. Pfleeger, Security in Computing,
Fifth Edition, Prentice Hall, ISBN-13: 978-0-13-408504-3, 2015.

Page 52