Chapter – 3

Cryptography

1
 Cryptography
 is the study of how to mathematically encode and decode messages

 The science and methods of transforming an intelligible message

into an unintelligible, then retransforming that message back to its
original form using an algorithms

 The algorithms are used to generation cryptographic key, digital

signing, verification to protect data privacy

 protecting confidential transactions such as credit card and debit

card transactions on the Internet using web browser

2
 Types Of Cryptography

1. Symmetric Key Cryptography: a single key is used for

encryption and decryption

 It is faster and simpler

 Problem : how exchange keys between sender and receiver in a

secure manner e.g. DES

3
 Types Of Cryptography
2. Asymmetric Cryptography: different keys are used for encryption and
decryption.

 Use public key for encryption and a private key for decryption.

 E.g. RSA algorithm

4
 Cont’d …

2. Hash functions: are irreversible, one-way functions that protect the data, at
the cost of not being able to recover the original message

 Basic terms of cryptography

 Plaintext: original intelligible message

 Cipher Text: encoded format of the original message that cannot be

understood by humans

 Encryption (or Enciphering): the conversion of plain text to cipher text

 Decryption (or Deciphering): the conversion of cipher text to plain

text, i.e., reverse of encryption
5
 Cont’d …
2. Hash functions: are irreversible, one-way functions that protect the data, at
the cost of not being able to recover the original message

 Applications Of Cryptography:
 Computer passwords

 Secure web browsing

 Electronic Signatures

 Authentication

 Cryptocurrencies

 End-to-end encryption

6
 Symmetric encryption model
 A symmetric cipher model is composed of five essential parts:

 Plain Text (x): the original data/message to be communicated to the

receiver by the sender.

 It is the inputs to the encryption algorithm.

 Secret Key (k): is a key used by the encryption and decryption

algorithm to encode and decode the plain text to cipher text and
7
vice-versa
 Symmetric encryption model
 A symmetric cipher model is composed of five essential parts:

 Encryption Algorithm (E): takes plain text and secret key as inputs
and produces Cipher Text as output using techniques such as
substitutions, E(x, k) = y

 Cipher Text (y): It is the formatted form of the plain text (x) which
is unreadable for humans

 Decryption Algorithm (D): It performs reversal of the encryption

algorithm at the recipient’s side.

 It takes secret key ciphertext as input and decodes to plain text

D(y, k) = x 8
 Cryptography
 Three Dimensions of Cryptographic Systems

1. The type of operations used for transforming plaintext to ciphertext

 Substitution and Transposition:

2. The number of keys used: Symmetric key and Asymmetric key

3. The way in which the plaintext is processed: block cipher and stream cipher

 Substitution techniques: is classical encryption technique where the characters

present in the original message are replaced by the other characters or numbers or
by symbols.

 If the plain text is considered as the string of bits, then the substitution technique
would replace bit pattern of plain text

 It is widely used in cryptography to protect information from being accessed by

9
unauthorized people
 Substitution technique
1.Caesar cipher: it know as shift cipher

 It is a type of substitution cipher in which each letter in the plaintext

is 'shifted' a certain number of places down the alphabet.

 E.g. shift of 3, A would be replaced by D, B would become E, and

so on.

 General Caesar algorithm for encryption is

C = E (p) = (p+k) mod 26
 The decryption algorithm is simply
P = D(C) = (C-k) mod 26
e.g. plain text: pay more money Cipher text: SDB PRUH PRQHB10
 Substitution technique ….

 Exercise: plain text: meet me after the lunch time

 Cipher text: ?????

 Monoalphabetic ciphers :- are a type of substitution cipher that use a fixed

key to replace each letter of the plain text with another letter of the alphabet.

 a form of symmetric encryption the same key can be used to both encrypt
and decrypt a message.

 Frequency analysis is a common approach used to help decrypt a mono-

alphabetic substitution cipher

 It can be randomly mapped to any letter

11
 Substitution technique ….

 E.g. plaint text: a simple message cipher text: B TJNQMF

NFTTBHF

 Playfair Cipher : it is multiple-letter encryption cipher

 Use diagrams substitution plain letter as single units and translates

into ciphertext diagrams

 Playfair algorithm is based on the use of a 5 x 5 matrix of letters

12
constructed using a keyword
 Substitution technique ….
 Matrix is constructed by filling in the letters of the keyword (minus duplicates) from left to
right and from top to bottom, E.g. Keyword = MONARCHY

 Rules: Repeating plaintext letters that are in the same pair are separated with a filler letter

E.g. balloon = ba lx lo on

1. Two plaintext letters on same row of the matrix replace by letter to the right. E.g. ar RM

2. Two plaintext letters on same column replace by letter beneath, with the top element of the
column e.g. mu  CM

3. Each plaintext letter in a pair is replaced by the letter that lies in its own row and column13
 Substitution technique ….

 E.g. plain text = attack ciphertext:=RSSRDE

 Hill Cipher

 it is a multi-letter cipher developed by Lester hill in 1929

 Encrypts a group of letters: digraph, trigraph, and polygraph based on the

key-value

 matrix arithmetic module 26, Square matrix , multiplicative inverse matrix,

and determinant

 Hill algorithm can be expressed as

 C=E(K,P) =PxK mod26

 D= D(K,C)= Cx𝐾^(−1)mod26 = PxKx𝐾^(−1)mod26 14

 Substitution technique ….
Hill Cipher algorithm for encryption …
= mod 26
c1 = (k11p1 + k21p2 + k31p3) mod 26
c2 = (k12p1 + k22p2 + k32p3) mod 26
c3 = (k13p1 + k23p2 + k33p3) mod 26
e.g. Encrypt for the plaintext pay more money and use the encryption key
K=
encrypt for pay (c1 c2 c3)=(15 0 24
C1=15x17+0x21+2x24 mod 26 =303mod 26 =17
C2=15x17+0x21+2x24 mod 26 = 303mod26=17
C3=15x17+0x21+2x24 mod 26 =531mod26 =11
pay = RRL

15
 Substitution technique ….
encrypt for mor (c1 c2 c3)=(12 14 17)
C1=12x17+14x21+2x7 mod 26 =532mod 26 =12
C2=12x17+14x18+2x17 mod 26 = 490mod26=22
C3=5x12+14x21+17x19 mod 26 =677mod26 =1
mor = MWB
encrypt for emo (c1 c2 c3)=(4 12 14)
C1=4x17+12x21+2x14 mod 26 =348mod 26 =10
C2=4x17+12x18+2x14 mod 26 = 312mod26=0
C3=5x4+12x21+14x19 mod 26 =538mod26 =18
emo= KAS

16
 Substitution technique ….

encrypt for ney (c1 c2 c3)=(13 4 24)

C1=13x17+4x21+2x24 mod 26 =353mod 26 =15
C2=13x17+4x18+2x24 mod 26 = 341mod26=3
C3=5x13+4x21+24x19 mod 26 =605mod26 =7
ney = PDH
Encryption of :pay more money =RRLMWBKASPDH

17
 Substitution technique ….

 decryption using hill algorithm

 decryption requires the inverse of matrix K

Find the determinant K and cofactor to find inverse of K

DetK =(17(18x19 -2x21)-17(21x19-2x21)+5(21x2-2x18))mod26

= 17(300)-17(357)+5(6) mod26
=5100-6069+30 mod26
=-939mod 26
= -3mod 26 =-3 but => -3+26 =23
Therefore determinant of K =23

18
 Substitution technique ….
 decryption using hill algorithm
 decryption requires the inverse of matrix K

Find the determinant K and cofactor to find inverse of K

DetK =(17(18x19 -2x21)-17(21x19-2x21)+5(21x2-2x18))mod26

= 17(300)-17(357)+5(6) mod26
=5100-6069+30 mod26
=-936mod 26
= -3mod 26 =-3 but => -3+26 =23
Therefore determinant of K =23

19
 Substitution technique ….
 decryption using hill algorithm…
Find adjoint of K to find adjoint ,first find cofactor Aij
A11 = A12= A13=
18x19-2x21=300 21x19-2x21=-357 21x2-2x18 =6
A21 = A22= A23=
17x19-2x5 =-313 17x19-2x5=313 2x17-2x17 =0
A31 = A32= A33=
17x21-18x5=267 17x21-5x21=-252 17x18-21x17 =-51
Aij=mod26 = mod26

20
 Substitution technique ….
 decryption using hill algorithm…
AdjK =(
mod26 =, =
mod 26

= 17 mod 26

mod 26=

21
 Substitution technique ….
 decryption using hill algorithm …
 decryption: RRLMWBKASPDH
p=C mod 26
(p1p2p3)=(17 17 11) mod 26
P1= (17x4+15x17+24x11)mod26 =587mod26 =15 P
P2= (17x9+17x17+0x11)mod26 =442mod26 =0 A
P3= (17x15+6x17+17x11)mod26 =544mod26 =24 Y
The palintext of RRL = PAY and use the same procedure for the other
Exercise
a. Encrypt the message “meet me at the usual place at ten rather than eight
oclock” using the Hill cipher with the key a Show your calculations and the
result.
b. decryption of the ciphertext to recover the original plaintext.

22
 TRANSPOSITION TECHNIQUES

 Transposition cipher: is a cryptographic algorithm the order

of alphabets in the plaintext is rearranged to form a

ciphertext.

 The simplest such cipher is the rail fence technique, in

which the plaintext is written down as a sequence of

diagonals and then read off as a sequence of rows.

 E.g. encipher the message “meet me after the toga party “

with a rail fence of depth 2

23
The encrypted message: MEMATRHTGPRYETEFETEOAAT
 TRANSPOSITION TECHNIQUES

 Transposition cipher …

 A more complex scheme, write the message in a rectangle, row by

row, and read the message off, column by column but permute the
order of the columns.

 The order of the columns then becomes the key to the algorithm

 Key: 4 3 1 2 5 6 7

 Encrypt plaintext: attack postponed until two am. using

transposing

24
 TRANSPOSITION TECHNIQUES

 Transposition cipher …

 x y z  dummy character
 Cipher text: TTNAAPTMTSUOAODWCOIXKNLYPETZ

 exercise

 Plain text: I HAVE A COMPLETE EXAM WITH SOLUTION

 Key: CIPHER
25
 Stream Ciphers
 the plaintext is processed one bit at a time

 one bit of plaintext is taken, and a series of operations is

performed on it to generate one bit of ciphertext .

plain Text : 10011001 Cipher Text : 01011010

xor xor
Keystream : 11000011
Keystream : 11000011
Cipher Text : : 01011010 Plain Text : 10011001 26
 Block cipher
 the plain binary text is processed in blocks of bits at a time

 a block of plaintext bits is selected, a series of operations is

performed on the block to generate a block of ciphertext bits.

 The number of bits in a block is fixed.

 use the same key to encrypt and decrypt the message

 DES 64 bit length and AES used 128 bit length

27
 THE FEISTEL STRUCTURE FOR BLOCK CIPHERS

 Encryption and decryption using DES algorithm is based on the Feistel

Structure

 Named after cryptographer Horst Feistel and implemented in the

Lucifer cipher by Horst Feistel and Don Coppersmith.

 A cryptographic system based on Feistel structure uses the same basic

algorithm for both encryption and decryption.

 Feistel structure consists of multiple rounds of processing of the

plaintext, with each round consisting of a substitution followed by a
permutation steps.

 The input block to each round is divided into two halves denote as left
28
THE FEISTEL STRUCTURE FOR BLOCK CIPHERS

DES and AES assignment

how it works

29
 Asymmetric (public-key )cryptography
 It is a process of using a pair of related keys i.e. public key and
private key to encrypt and decrypt a message protect it from
unauthorized access or use.

30
 Asymmetric (public-key )cryptography
 Rivest–Shamir–Adlemam (RSA) is an asymmetric cryptography
algorithm.

 It is currently the most widely used asymmetric cryptographic scheme

 It works on two different keys i.e. Public Key and Private Key.

 The RSA scheme is a block cipher in which the plaintext and

ciphertext are integers between 0 and n - 1 for some n.

 Plaintext is encrypted in blocks, each block having a binary value less

than some number n.

 The block size must be less than or equal to in practice, the block size
is i bits, where < n ≤ . 31
 Asymmetric (public-key )cryptography
 Encryption and decryption are of the following form for plaintext
block M and ciphertext block C.

C = mod n

M = mod n = mod n = mod n

 Both sender and receiver must know the value of n.

 The sender knows the value of e, and only the receiver knows the
value of d.

 a public-key encryption algorithm with a public key of PU = {e, n}

and a private key of PR = {d, n}.
32
 Asymmetric (public-key )cryptography
 To be satisfactory algorithm for public-key encryption, the following
requirements must be met.

1. It is possible to find values of e, d, n such that mod n = M for all M

< n.

2. It is relatively easy to calculate mod n and mod n for all values of

M < n.

3. It is infeasible to determine d given e and n.

33
 Asymmetric (public-key )cryptography
 the keys were generated as follows.
 Select p, q p and q both prime, p ≠ q
 Calculate n = p * q
 Calculate ∅(n) = (p - 1)(q - 1)
 Select integer e gcd (∅(n), e) = 1; 1< ∅ < ∅(n)
 Calculate d, d = 𝑒^(−1)(mod ∅(n))
 Public key PU = {e, n} and Private key PR = {d, n}

34
 Asymmetric (public-key )cryptography
 the keys were generated as follows.
 Select p, q p and q both prime, p ≠ q
 Calculate n = p * q
 Calculate ∅(n) = (p - 1)(q - 1)
 Select integer e gcd (∅(n), e) = 1; 1< ∅ < ∅(n)
 Calculate d, d = 𝑒^(−1)(mod ∅(n))
 Public key PU = {e, n} and Private key PR = {d, n}

35
 Asymmetric (public-key )cryptography
 Select two prime numbers, p = 17 and q = 11.

 Calculate n = pq = 17 * 11 = 187.

 Calculate ∅(n) = (p - 1)(q - 1) = 16 * 10 = 160.

 Select e such that e is relatively prime to ∅(n) = 160 and less than ∅(n) ; we
choose e = 7.

 Determine d such that de =1 (mod 160) and d <160.

 The correct value is d = 23, because 23 * 7 = 161 = (1 * 160) + 1; d can be

calculated using the extended Euclid’s algorithm

 The resulting keys are public key PU = {7, 187} and private key PR = {23, 187}.

 The example shows the use of these keys for a plaintext input of M = 88. For
encryption, we need to calculate C = mod 187
36
 Asymmetric (public-key )cryptography

 mod 187 = [( mod 187) * ( mod 187) * (mod 187)] mod 187

 mod 187 = 88

 mod 187 = 7744 mod 187 = 77

 mod 187 = 59,969,536 mod 187 = 132

 mod 187 = (88 * 77 * 132) mod 187 = 894,432 mod 187 = 11

 For decryption, we calculate M = mod 187:

 mod 187 = [( mod 187) * ( mod 187) * (mod 187)* ( mod 187) * (mod 187)]
mod 187

 mod 187 = (11 * 121 * 55 * 33 * 33) mod 187 = 79,720,245 mod 187 = 88

 Exercise: two prime number p =13 , q=11 find ,n, ∅(n) , e,d, c and m. 37
 Key management and exchange
 Cryptographic keys are important in security system

 Compromise of any cryptographic key leads to collapse

organization’s entire security infrastructure, allowing the attacker to
decrypt sensitive data, authenticate themselves as privileged users

 Proper management of keys and their related components ensures

the safety of confidential information.

 Key Management is the process of putting certain standards in place

to ensure the security of cryptographic keys in an organization.

 It deal with creation, exchange, storage, deletion, and refreshing of

keys. 38
 Key management and exchange
Why key management ???

 To ensure safe transmission of data across an Internet connection.

Keys provide compliance with certain standards and regulations to

ensure companies are using best practices when protecting
cryptographic keys.

 Well protected keys are only accessible by users who need

Key Management Compliance:-is the oversight, assurance and
capability of being able to demonstrate that keys are securely managed
 Hard coding(open source)
 Least privilege compliance and best practices
 Separate duties 39
 Key management and exchange

 How Key Management Works ???

 Key management follows a lifecycle of operations which are needed

to ensure the key is created, stored, used, and rotated securely.

 Most cryptographic keys follow a lifecycle which involves key

 Generation

 Distribution

 Use

 Storage

40
 Cryptographic hash functions

 It is an algorithm that takes an arbitrary amount of data input a

credential and produces a fixed-size output of enciphered text called
a hash value

 It is a mathematical function that converts a numerical input value

into another compressed numerical value.

 The same input data always generate the same hash value

 It is computationally infeasible to drive the message from the hash

value

 A small change in the input data will generate a new hash value that
is extensively different from the previous hash value 41
 Cryptographic hash functions

 There are many well-known cryptographic hash function like

MD5,SH-1,SHA-2, SHA-3
 These cryptographic hash functions are extensively used in digital
signature , message authentication code etc.

42
 Cryptographic hash functions
 Properties of Hash Functions

 The following are properties of hash functions

1. Pre-Image Resistance

 It should be computationally hard to reverse a hash function.

 for a given hash value h, it is computationally infeasible to find a

message m such that h =hash(m)

 This property makes a cryptography hash function a one way

function

43
 Cryptographic hash functions…

 PROPERTIES…

2. Second Pre-Image Resistance: the property of a hash function that is

computationally infeasible to find any second input that has the same
output as a given input.

 E.g. given an input m1 it should be difficult to find another input m2

such that m1 ≠ m2 and hash(m1)=hash(m2).

3. collision resistance: it should be infeasible to find any pair of distinct

inputs m1, m2 such that H(m1) = H(m2). (Note: there is free choice of
both m1 and m2.

 When two distinct inputs hash to the same output value, we call it a
44
 Cryptographic hash functions…
 purpose of hashing :
 To verify data integrity.

 Authentication.

 To store sensitive data.

 Types of Hash Algorithms

1. Message digest 5 (MD5)

 It is a one-way cryptographic hash algorithm.

 It generates a 128-bit string value as the hash value or the digest.

 MD5 is often used to verify data integrity.

 MD family comprises hash functions MD2, MD4, MD5, and MD6.

45
 Cryptographic hash functions…

 Types of Hash Algorithms …

2. Secure hashing algorithm 1 (SHA1):-is a cryptographic hash

algorithm, that generates a 160-bit string value as the hash value.

 It was developed by the National Security Agency (NSA).

 SHA1 is commonly used in security and data integrity applications.

3. Secure hashing algorithm 256 (SHA256):-is a cryptographic hash

algorithm that creates a 256-bit (32 bytes) string value as the hash value.

 SHA256 often checks the data integrity for hash authentication and
digital signatures.
46
 Widely used in Bitcoin blockchain
 Certificates and Certificate Authorities (CAs)

 Digital Certificates are verifiable small data files that contain

identity credentials to help websites, people, and devices represent
their authentic online identity (authentic because the CA has verified
the identity).

 CAs play a critical role in how the Internet operates and how
transparent, trusted transactions can take place online.

 These certificates are used to protect information, encrypt billions of

transactions, and enable secure communication.

47
 Certificates and Certificate Authorities (CAs)

 A Secured Socket Layer( SSL):- is a digital certificate that

authenticates a website's identity and enables an encrypted connection.

 SSL a security protocol that creates an encrypted link between a web

server and a web browser.

 It ensures that data submitted online can not fall into the hands of
someone who will misuse it.

 It keeps Internet connections secure and prevents criminals from

reading or modifying information transferred between two systems.

 A website with a security certificate provides users with protection as it

masks required data from all but the site owner 48
 Certificates and Certificate Authorities (CAs)
 A Secured Socket Layer( SSL):-

 SSL becomes TLS, a standard, by IETF. It contains two layers :

1. Agreement or Handshake Protocol

2. Communication or Record Protocol:- responsible for securing application data and

verifying integrity and origin.

 Provide the following services :

 connection confidentiality by AES, DES, 3DES

 connection integrity by a MAC , SHA-1 or SHA256

 A message authentication code (MAC) is a cryptographic checksum on data that

uses a session key to detect both accidental and intentional modifications of the data.

 A MAC requires two inputs: a message and a secret key known only to the
49
originator of the message and its intended recipient(s).
End of chapter 3

50