Chapter 3

Cryptography and Encryption

Techniques
 Cryptography and Encryption Techniques

• are used to secure sensitive data

• by transforming it into an unreadable
format.

Prepared by: S.A 2

 common cryptographic and encryption techniques:

• Symmetric Encryption:
known as secret-key encryption
involves using the same secret key for both the
encryption and decryption processes.
Examples
Advanced Encryption Standard (AES) and
Data Encryption Standard (DES).

Prepared by: S.A 3

Symmetric Cipher Model
 Requirements
• two requirements for secure use of
symmetric encryption:
– a strong encryption algorithm
– a secret key known only by sender /
receiver
• mathematically have:
Y = EK(X)
X = DK(Y)
 Cont..
• Asymmetric Encryption:
• known as public-key encryption.
• public key is freely distributed, while the private
key is kept secret.
• is used for key exchange, digital signatures, and
secure communication.
• Examples
• RSA (Rivest-Shamir-Adleman) and
• Elliptic Curve Cryptography (ECC).

Prepared by: S.A 6

 cont...
• Hash Functions:
are one-way functions that take an input
(message) and produce a fixed-size output
called a hash value or digest.
• are used to verify data integrity and create
digital signatures.

Prepared by: S.A 7

 cont..
• A small change in the input will result in a
completely different hash value.
• Example
• SHA-256 (Secure Hash Algorithm 256-bit) and
• MD5 (Message Digest Algorithm 5).
 Cont.…
• Message Authentication Codes (MAC):
• is a cryptographic checksum generated using a
secret key and a message.
• MAC is calculated using a specific algorithm
Example
• HMAC
 Cont.…
Digital Signatures:
are used to verify the authenticity and
integrity of digital documents or messages.
They are created using asymmetric
encryption techniques.
 Cont.…
• Key Exchange Protocols:
• are used to securely establish a shared secret key
between two parties over untrusted
communication channel.
• without actually transmitting the key over the
network.
Example:
• Diffie-Hellman algorithm
 Cont.…
• Secure Sockets Layer (SSL) and Transport
Layer Security (TLS)
• are cryptographic protocols used to secure
communications over a network.
• They provide encryption, server authentication,
and data integrity to ensure secure communication
between clients and servers, commonly used in
web applications.
 basic cryptographic terms:

plaintext - original message

cipher text - coded message
Cipher: algorithm used for transforming
plaintext into cipher text and vice versa.
Key: info used in cipher known only to
sender/receiver

Prepared by: S.A 13

 Cont..
Encipher (encrypt) : process of converting
plaintext (readable data) into cipher text
(encrypted data) using an encryption algorithm
and a key.
decipher (decrypt) : The process of converting
cipher text back into plaintext using a decryption
algorithm and the appropriate key.
 Cont.…
• cryptography - study of encryption
principles/methods
• cryptanalysis (codebreaking) - study of
principles/ methods of deciphering cipher text
without knowing key
• cryptology - field of both cryptography and
cryptanalysis
 Cryptography
• characterize cryptographic system by:
– type of encryption operations used
• substitution / transposition / product

– number of keys used

• single-key or private / two-key or public

– way in which plaintext is processed

• block / stream
 Cryptanalysis
• objective to recover key not just message
• general approaches:
– cryptanalytic attack
– brute-force attack
 Brute Force Search
• always possible to simply try every key
• most basic attack, proportional to key size
• assume either know / recognise plaintext
 Classical Substitution Ciphers
• where letters of plaintext are replaced by other
letters or by numbers or symbols
• or if plaintext is viewed as a sequence of bits,
then substitution involves replacing plaintext bit
patterns with cipher text bit patterns
 Caesar Cipher
• earliest known substitution cipher by Julius
Caesar.
• first attested use in military affairs
• replaces each letter by 3rd letter on
a b c d e f g h I j k l m n o p q r s t u v w x y z
DE FG H I J K L M N O P QR S T U V W X Y Z A BC

• example:
meet me after today class
PHHW PH DIWHU WRGDB FODVV
 Caesar Cipher
• mathematically give each letter a
number
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

• then have Caesar cipher as:

c = E(p) = (p + k) mod (26)

p = D(c) = (c – k) mod (26)

 Cryptanalysis of Caesar Cipher
• only have 26 possible ciphers
– A maps to A,B,..Z
• a brute force search; could simply try each in
turn
• given cipher text, just try all shifts of letters
• e.g. break cipher text
• “FRPSXWHU VHFXULWB FODVV"
 Monoalphabetic Cipher
• rather than just shifting the alphabet
– could shuffle the letters arbitrarily
• each plaintext letter maps to a different random
cipher text letter
• hence key is 26 letters long
Plain: a b c d e f g h I j k l m n o p q r s t u v w x y z
Cipher: DKVQ F I B J W PES C X H T M Y AU O L RGZ N

Plaintext: I f we wish to replace letters

Cipher text: WI RF RWAJ UH YFTSDVF SFUUFYA
 Monoalphabetic Cipher Security
• now have a total of 26! = 4 x 1026 keys
• with so many keys, might think is secure
• but would be !!!WRONG!!!
• problem is language characteristics
 Playfair Cipher
• not even the large number of keys in a
monoalphabetic cipher provides security
• one approach to improving security was to
encrypt multiple letters @ the same time
• invented by Charles Wheatstone in 1854, but
named after his friend Baron Playfair
 Playfair Key Matrix
• a 5X5 matrix of letters based on a keyword
• fill in letters of keyword (sans duplicates)
• fill rest of matrix with other letters
• e.g. using the keyword MONARCHY
• NB use I and J @ the same place
 Security of Playfair Cipher
• security much improved over monoalphabetic
– since have 26 x 26 = 676 digrams
• would need a 676 entry frequency table to analyse
(verses 26 for a monoalphabetic)
• was widely used for many years
– eg. by US & British military in WW1
• it can be broken, given a few hundred letters
– since still has much of plaintext structure
 Polyalphabetic Ciphers
• polyalphabetic substitution ciphers
• improve security using multiple cipher alphabets
• make cryptanalysis harder with more alphabets to
guess and frequency distribution
• use a key to select which alphabet is used for each
letter of the message
• use each alphabet in turn
• repeat from start after end of key is reached
 Vigenère Cipher
• simplest polyalphabetic substitution cipher
• effectively multiple caesar ciphers
• key is multiple letters long K = k1 k2 ... kd
• repeat from start after d letters in message
• decryption simply works in reverse
 Example of Vigenère Cipher
• write the plaintext out
• write the keyword repeated above it
• use each key letter as a Caesar cipher key
• encrypt the corresponding plaintext letter
• eg using keyword deceptive
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

key: deceptIvedeceptI vedeceptIve

plaintext: w e a r e d I s c o v e r e d s a v e y o u r s e l f
ciphertext: Z I C VT WQNGRZGVT WAV ZHCQ YGLMGJ
 Autokey Cipher
• ideally want a key as long as the message
• Vigenère proposed the Autokey cipher
• with keyword is prefixed to message as key
• knowing keyword can recover the first few letters
• but still have frequency characteristics to attack
• eg. given key deceptive
key: d e c e p t I v e w e a r e d I s c o
v e r e d s a v
plaintext: w e a r e d I s c o v e r e d s a v e y
o u r s e l f
ciphertext: z I c v t wq n g k z e I I g a s x s
t s l v v w l a
 Transposition Ciphers
• sometimes we call permutation ciphers.
• these hide the message by rearranging the letter
order
• without altering the actual letters used
• Example : Rail Fence and Row Transposition
 Rail Fence cipher
• write message letters out diagonally over a number of
rows
• then read off cipher row by row
• e.g. meet me after the toga party
– write message out as:
mematrhtgpry
etefeteoaat
Decryption
MEMATRHTGPRY
ETEFETEOAAT
• giving ciphertext
MEMATRHTGPRYETEFETEOAAT
 Row Transposition Ciphers
• a more complex transposition
• write letters of message out in rows over a specified
number of columns
• then reorder the columns according to some key
before reading off the rows
Example: attack postponed until two am xyz

Key: 3 4 2 1 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z

ciphertext: aptmttnaaodwtsuocoixknlypetz
 Product Ciphers
• ciphers using substitutions or transpositions are not secure because
of language characteristics
• hence consider using several ciphers in succession to make harder,
but:
– two substitutions make a more complex substitution

– two transpositions make more complex transposition

– but a substitution followed by a transposition makes a new much harder

cipher

• this is bridge from classical to modern ciphers

 Steganography
• an alternative to encryption
• hides existence of message
– using only a subset of letters/words in a longer
message marked in some way
– using invisible ink
– hiding a graphic image or sound file
• has drawbacks
– high overhead to hide relatively few info bits
• Modern Block Ciphers
 Modern Block Ciphers
• one of the most widely used types of
cryptographic algorithms
• provide secrecy /authentication services
• to illustrate block cipher design principles
– focus on DES (Data Encryption Standard)
 Data Encryption Standard (DES)
• most widely used block cipher in world
• encrypts 64-bit data using 56-bit key
• has been considerable controversy over its
security
 DES Design Controversy
• although DES standard is public
• was considerable controversy over design
– in choice of 56-bit key (vs Lucifer 128-bit)

• use of DES has flourished

– especially in financial applications
– still standardised for legacy application use
 Initial Permutation(IP)
• first step of the data computation for security.
• IP reorders the input data bits
 Initial Permutation (IP)
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
 Inverse Initial Permutation

40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25
 3DES

• known as TDEA (Triple Data Encryption

Algorithm).

• is an encryption algorithm that provides increased

security compared to the original Data

Encryption Standard (DES).

Prepared by: S.A 44

 Especial point about 3DES:

• Key Length: vary depending on the

implementation.
• It typically uses either a 112-bit key or a 168-bit
key.
• The 112-bit key consists of three 56-bit sub keys,
while the 168-bit key uses three 64-bit sub keys.
• However, due to the meet-in-the-middle attack
vulnerability of 3DES, it is recommended to use
a 168-bit key for stronger security.
 Cont.…

Strengths

Compatibility

Security Considerations
 AES

• Advanced Encryption Standard is a symmetric key

encryption algorithm widely recognized as the
replacement to DES.
• It is a highly secure and efficient encryption
algorithm that provides strong cryptographic
protection for a wide range of applications.

Prepared by: S.A 47

 Especial point of AES

• Algorithm: It supports three key lengths: 128

bits, 192 bits, and 256 bits.
• AES uses a substitution-permutation network
(SPN) structure, similar to DES, but with more
rounds and more advanced techniques.
 Cont.…
Number of Rounds:
depends on the key length.
AES-128 uses 10 rounds
AES-192 uses 12 rounds
 and AES-256 uses 14 rounds.
Each round consists of multiple
transformation stages.
 Cont.…
Modes of Operation: Common modes include
Electronic Codebook (ECB),
 Cipher Block Chaining (CBC),

Galois/Counter Mode (GCM).

Each mode has its own characteristics and

provides different security and performance.
.
 Diffie-Hellman

• is the foundation for key exchange in public key

cryptography.

Prepared by: S.A 51

 how the Diffie-Hellman protocol works?

Key Generation: Each party generates a private key and a

corresponding public key.

Parameter Selection: The two parties agree on certain parameters for

the key exchange, including a large prime number (p) and a generator

(g) that is a primitive root modulo p.

These parameters are publicly known and can be shared openly.

 RSA
• RSA (Rivest-Shamir-Adleman)

• is a widely used public key encryption algorithm.

key aspects of RSA:

• Key Generation: The key generation process involves the following

steps:

a. Select two distinct prime numbers, p and q.

b. Compute the modulus, N, as the product of p and q.

c. Compute the Euler's totient function, φ(N), as (p-1) multiplied by (q-1).

Prepared by: S.A 53
 Cont..
d. Choose an encryption exponent,
e. which is a relatively prime number to φ(N)
and less than φ(N).
f. Calculate the decryption exponent as the
modular multiplicative inverse of e modulo
φ(N).
g. The public key consists of the pair (N, e), and
the private key consists of the pair (N, d).
 Digital Signature

• is a cryptographic mechanism used to provide

integrity, authenticity, and non-repudiation of
digital documents or messages.
• Digital signatures are based on public key
cryptography

Prepared by: S.A 55

 Message Digest
• Using a message digest, also known as a hash
function, is a common practice in cryptography
to ensure data integrity and verify the integrity of
transmitted or stored messages.

Prepared by: S.A 56

 Message Digest use the following

• MD4family
• SHA family
• RIPEMD(RACE Integrity Primitives Evaluation
Message Digest)
 Trusted Third Party

• A trusted third party (TTP), also known as a

trusted intermediary.
• The role of a trusted third party is to provide a
level of assurance and trustworthiness in
situations where direct trust between the
involved parties.

Prepared by: S.A 58

 examples

• Certificate Authorities (CAs)

• Trusted Timestamp Authorities (TTAs)
• Payment Processors:
• Trusted Cloud Service Providers
 END

Prepared by: S.A 60