CHAPTER-THREE

Cryptography and Encryption Techniques

1 By: Gemeda .G
 INTRODUCTION
 Encryption is required for confidentiality and authentication (to assure that a
message comes from the alleged source)
 Terminology
 Cryptography: Schemes for encryption and decryption; It comes from the Greek
words for secret writing

 Encryption: The process by which plaintext is converted into ciphertext

 Decryption: Recovering plaintext from the ciphertext
 Secret key: Used by the encryption algorithm. In a classical (symmetric key)
cryptography, the same secret key is used for encryption and decryption

 Cryptanalysis: The study of “breaking the code”. Cryptanalysts!

2
 Cryptology: Cryptography + cryptanalysis
 INTRODUCTION ---
 Cryptography has five ingredients
 Plaintext: the original message that is fed into the algorithm as input

 Encryption algorithm: performs various substitutions and transformations on the

plaintext

 Secret Key: is also input to the algorithm; the exact substitutions and transformations
performed by the algorithm depend on the key; larger key size means greater security but may
decrease encryption/decryption speed

 Ciphertext: the scrambled message produced as output. It depends on the plaintext and the
secret key; for a given message, two different keys will produce two different cipher texts

 Decryption algorithm: the encryption algorithm run in reverse.

 It takes the ciphertext and the same secret key (in symmetric key cryptography) and
produces the original plaintext
3
 INTRODUCTION ---
 The need for cryptography
 If you have the best firewall, very tight security policies, hardened operating
systems, virus scanners, intrusion- detection software, antispyware, and every
other computer security angle covered but send your data in raw, plain text, then
you simply are not secure
 Simplified Symmetric Encryption Model

4
 INTRODUCTION ---
 Description
• A sender S wants to transmit message M to a receiver R
• To protect the message M, the sender first encrypts it into an unintelligible message M’
• After receipt of M’, R decrypts the message to obtain M
• M is called the plaintext: what we want to encrypt
• M’ is called the ciphertext: the encrypted output
 Alternatively, the terms encode and decode or encipher and decipher are used instead of encrypt

and decrypt.

 A system for encryption and decryption is called a cryptosystem

o For convenience, we denote a plaintext message P as a sequence of individual characters P
= <p1, p2, …, pn>. Similarly, ciphertext is written as C = <c1, c2, …, cm>.
o For instance, the plaintext message "I want cookies" can be denoted as the message string
<I, ,w,a,n,t, , c,o,o,k,i,e,s>.
5
o It can be transformed into ciphertext <c1, c2, …, c14>, and the encryption algorithm tells us how
the transformation is done.
 INTRODUCTION ---
 Notation
 Given
• P = Plaintext
• C = Ciphertext
 C = EK(P) Encryption
 P = DK(C) Decryption

Þ P = DK(EK(P))
Þ C = EK(DK(C))
 Note: Steganography is a technique for hiding a secret message within a larger one so that
others cannot discern the presence or contents of the hidden message; it is used to claim
ownership; it is not encryption
 Note : The two basic building blocks of all encryption techniques are substitution
and transposition
6
 SUBSTITUTION CIPHERS
 To substitute a character or symbol for each character of the original message.
 This technique is called a monoalphabetic cipher or simple substitution.
 Caesar Cipher - Early Example of a Substitution Cipher by Julius Caesar
 The Caesar Cipher
 Each letter is translated to the letter a fixed number of places after it in the alphabet.
 Caesar used a shift of 3, so plaintext letter pi was enciphered as ciphertext letter ci by the rule
ci = E(pi) = pi + 3
 A full translation chart of the Caesar cipher is shown here.

 Using this encryption, the message TREATY IMPOSSIBLE would be encoded

as
TR E A TY IM POSSIB LE
wu h d w b l p s r v vl e o h
7
 ADVANTAGES AND DISADVANTAGES OF THE CAESAR CIPHER

 Advantage:
 Simple
 Disadvantage:
 Algorithm has to be secret
 Once Algorithm is known all messages can be decrypted

8
 EXERCISES
1. Encrypt the message MATHEMATICS with the Caesar
cipher with 4 as the key.
2. Encrypt the message CRYPTOGRAPHY with the Caesar
cipher with 6 as the key.
3. Encrypt the message BULE HORA UNIVERSISTY with
the Caesar cipher with 6 as the key
4. The message QIIX PEXIV was encrypted using the
Caesar cipher with 4 as the key. Decrypt the message.
5. The message SKKZ NKXK was encrypted using a
Caesar cipher. Decrypt the message.

9
 THE VERNAM CIPHER
 The basic encryption involves an arbitrarily long nonrepeating sequence of numbers
that are combined with the plaintext.
 Vernam's invention used an arbitrarily long punched paper tape that fed into a teletype
machine.
 The tape contained random numbers that were combined with characters typed into
the teletype.
 The sequence of random numbers had no repeats, and each tape was used only once.
 As long as the key tape does not repeat or is not reused, this type of cipher is immune
to cryptanalytic attack because the available ciphertext does not display the pattern of
the key.

10
 EXERCISES
1. Encode the message TELLECOMMINICATION using vernam’s cipher algorithm
2. Encode the message MISS YOU using vernam’s cipher algorithm
3. Encode the message SOFTWARE ENGINEERING using vernam’s cipher algorithm

11
 TRANSPOSITIONS (PERMUTATIONS)
 A Transposition is an encryption in which the letters of the message are rearranged.
 With transposition, the cryptography aims for diffusion, widely spreading the information from the
message or the key across the ciphertext.
 Transposition is a rearrangement of the symbols of a message, it is also known as a permutation.
 Columnar Transpositions
 The columnar transposition is a rearrangement of the characters of the plaintext into columns.
 The following set of characters is a five-column transposition.
 The plaintext characters are written in rows of five and arranged one row after another, as shown
here.

THIS IS A MESSAGE TO SHOW HOW A COLUMNAR TRANSPOSITION WORKS

12
 EXERCISES

1. Encipher ALL IN THE FAMILY WAS A CLASSIC AND SOMETIMES CONTROVERSIAL

TV SHOW using a simple 5 column transposition cipher.

2. Encipher WE ARE DISCOVERED AND FLEE AT ONCE using a simple 4 column

transposition cipher.

3. Decipher TOTBA AUJAA KMHKO ANTAU FKEEE LTTYR SRLHJ RDMHO ETEII that
was enciphered using a simple 4 column transposition.

4. Use the keyword SOFTWARE to encipher the message WE NEED TO

STUDY SOFTWARE ENIGNEERING using a keyword columnar transposition.

5. Decrypt the message ITYBA WOFAM APOLE NLOL TATG that was encrypted using a simple
13
5 column transposition
 CRYPTOGRAPHY CATEGORIES

 With traditional approaches, we have categorized cryptography ciphers into

substitution and transposition ciphers.
 In Modern approaches ,There are two forms of encryption systems
1) Symmetric (also called Secret-key or Private key) cryptosystem
2) Asymmetric (also called Public key) cryptosystem
 Symmetric ciphers categorized into: Stream and Block Ciphers
 Stream cipher: encrypts plaintext one byte at a time, although a
stream cipher designed to operate on one bit at a time or on units larger
than a byte at a time.
 Block cipher: splits the plaintext into fixed sized blocks and generates
14 fixed sized blocks of ciphertext.
 Symmetric Cryptosystem
 The same key is used to encrypt and decrypt a message
• C = EK(P)
• P = DK(C)  P = DK[EK(P)]
• Has been used for centuries in a variety of forms
 The key has to be kept secret
 The key has to be communicated using a secure channel; major problem
 It is still in use in combination with public key cryptosystems due to some of its
advantages, mainly efficiency
 Properties of an Encryption Function
• It is computationally infeasible to find the key K when given the plaintext P
and the associated ciphertext C [EK(P)]

15
• It should also be computationally infeasible to find another key K’ such that
EK(P) = EK’(P); Uniqueness
 Stream Ciphers
 A stream cipher takes a key K of n bits in length and stretches it into a long keystream.
 This keystream is then XORed with the plaintext P to produce ciphertext C.
 The use of the keystream is identical to the use of the key in a one-time pad cipher.
 To decrypt with a stream cipher, the same keystream is generated and XORed with the
ciphertext.

16
 Stream Ciphers ---
 The encryption formula is:
 where P = p0p1p2 . . . is the plaintext, S = s0s1s2 . . . is the keystream
and C =c0c1c2 . . . is the ciphertext.
 To decrypt ciphertext C, the keystream S is again used

17
 Stream Ciphers ---
 For example, if keystream is 01101100 the plaintext byte is 11001100, then the resulting ciphertext byte
is :

 Decryption requires the use of the same pseudorandom sequence:

 Popular stream ciphers:

1. A5/1
2. Rc-4

18
 A5/1
 Used by GSM(global system for mobile communication) cell phones for confidentiality.
 A GSM transmission is organized as sequences of bursts.
o In a typical channel and in one direction, one burst is sent every 4.615 milliseconds and
contains 114 bits available for information.
o A5/1 is used to produce for each burst a 114 bit sequence of keystream which is
XORed with the 114 bits prior to modulation.
 A5/1 employs three linear feedback shift registers called LFSRs: Lets label as
X, Y, and Z.
• Register X holds 19 bits, which we label (x0, x1, . . . , x18).
• Register Y holds 22 bits (y0, y1, . . . , y21), and
• Z holds 23 bits (z0, z1, . . . , z22). It’s no chance that the three LFSRs hold a total of 64 bits.
 Not unpredictably, the key K is 64 bits.
 The key is used as the initial fill of the three registers.
 After these three registers are filled with the key, we are ready to generate
the keystream.
19
 RC4(Rivest Cipher 4)

 RC4 is a stream cipher, widely used in wireless networks (WEP and WPA), as well as in SSL and various
products.
 The RC4 algorithm is self modifiable lookup table.

 Table always contains a permutation of all 8-bit numbers from 0 through 255

 A variable-length key of from 1 to 256 bytes (8 to 2048 bits) is used to initialize a 256- byte state vector S,
with elements

 For encryption and decryption, a byte is generated from S by selecting one of the 255 entries in a
systematic fashion.
 As each value of is generated, the entries in S are once again permuted

 Each step of RC4 generates a byte

• Efficient in software
 Each step of A5/1 generates a bit
20
• Efficient in hardware
 ----

BLOCK CIPHERS

21
 BLOCK CIPHER
 Block cipher splits the plaintext into fixed sized blocks and generates fixed sized blocks
of ciphertext.
 The ciphertext is obtained from the plaintext by iterating a function F over some
number of rounds.
 The function F, which depends on the output of the previous round and the key
K, is known as a round function, not because of its shape, but because it is applied at each round.
 The design goals for block ciphers are security and efficiency.
 It’s not too difficult to develop either a secure block cipher or an efficient algorithm, but it’s
surprisingly tricky to design a secure block cipher that is highly efficient.
 A block cipher operates on a plaintext block of n bits to produce a
ciphertext block of n bits.
 There are possible different plaintext blocks and, for the encryption
to be reversible (i.e., for decryption to be possible), each must
produce a unique ciphertext block.

22
 BLOCK CIPHER ---

Reading Assignment:
 Modes of Block cipher operation (ECB, CBC, …)

23
 BLOCK CIPHER ---
Feistel Structure for Block Ciphers
 In cryptography, a Feistel cipher is a symmetric structure used in the construction of block
ciphers, named after the German IBM cryptographer Horst Feistel ;
 It is also commonly known as a Feistel network.
 Feistel cipher alternates: substitutions, transpositions (permutations)
 Applies concepts of diffusion and confusion
 Applied in many ciphers today
 Approach:
 Plaintext split into halves
 Subkeys (or round keys) generated from key
 Round function, F , applied to right half
 Apply substitution on left half using XOR
 Apply permutation: interchange to halves

24
 Diffusion and Confusion
Diffusion
 Statistical nature of plaintext is reduced in ciphertext
 E.g. A plaintext letter affects the value of many ciphertext letters
 How: repeatedly apply permutation (transposition) to data, and then apply
function
Confusion
 Make relationship between ciphertext and key as complex as possible
 Even if attacker can find some statistical characteristics of ciphertext, still hard to
find key
 How: apply complex (non-linear) substitution algorithm
25
 Feistel Encryption and Decryption

26
 BLOCK CIPHER ---
 Popular and common types of Block ciphers:
1. DES
2. Triple DES
3. AES
4. IDEA
5. Blowfish

27
 Data Encryption Standards (DES)
 In 1973, the NBS (National Bureau of Standards, now called NIST- National Institute of Standards and
Technology) published a request for an encryption algorithm that would meet the following criteria:
• Have a high security level
• Be easily understood
• Not depend on the algorithm's confidentiality
• Be adaptable and economical
• Be efficient
 In late 1974, IBM proposed "Lucifer", which was then modified by NSA (National Security Agency) in
1976 to become the DES (Data Encryption Standard)

 DES - A Popular Example of Symmetric Cryptosystem

• DES was then approved by NBS in 1978 and was standardized by ANSI under the name of
28
ANSI X3.92, also known as DEA (Data Encryption Algorithm)
 DES ---
 DES utilizes block cipher, which means that during the encryption process, the
plaintext is broken into fixed length blocks of 64 bits
• A block cipher processes the input one block of elements at a time, producing an output block
for each input block; larger block sizes mean greater security but reduced encryption/
decryption speed; a block size of 128 bits is a reasonable tradeoff and is nearly universal
among recent block cipher designs

• A stream cipher processes the input elements continuously, producing output one element
at a time, as it goes along

 The key in DES is 56 bits; 8-bit out of the total 64-bit block key is used for parity
check (for example, if odd parity is used, each byte has an odd number of bits)

29
 56-bit key gives 256 ( 7.2*1016) possible key variations
 DES ---
DES Encryption
 Data is divided into 64-bit blocks; the key is 56 bits
 The processing has three phases
 Phase 1
• The 64-bit plaintext passes through an initial permutation (IP) that rearranges the bits to produce the permuted
input; no elements are added or deleted or replaced, rather the order in which the elements appear in the
sequence is changed
 Phase 2
• The 64 bits are then divided into two 32-bit halves called L and R.
• The encryption then proceeds through 16 rounds of the same function, each using the L and R parts, and a
subkey
• In each round, the new L part is simply a copy of the incoming R part
• The R and Subkeys are processed in the so called
 f-function, and exclusive-or of the output of the f-function with the existing L part to create the new R
part
 Phase 3
30 • The pre output is passed through a permutation that is the inverse of the initial permutation (IP-1), to produce the
64-bit ciphertext
 DES ---

31
Fig : Structure of DES Algorithm
 DES ---

32
Fig : Structure of DES Algorithm
 DES ---
 DES – Permutation: The initial permutation and its inverse are defined by tables; in all
tables, the numbers are the bit positions
Initial Permutation (IP) Inverse Permutation (IP-1)

33
 Advanced Encryption Standard (AES)
 The AES Encryption algorithm (also known as the Rijndael algorithm) is a symmetric block

cipher algorithm with a block/chunk size of 128 bits.

 It converts these individual blocks using keys of 128, 192, and 256 bits. Once it encrypts these

blocks, it joins them together to form the ciphertext.

 It is based on a substitution-permutation network, also known as an SP network.

 It consists of a series of linked operations, including replacing inputs with specific outputs
(substitutions) and others involving bit shuffling (permutations).

 In AES the number of rounds to be carried out depends on the length of the key being used to

encrypt data. The 128-bit key size has ten rounds, the 192-bit key size has 12 rounds, and the
256-bit key size has 14 rounds.
 10 round of repetition for 128-bit keys.
 12 round of repetition for 192-bit keys.
34  14 round of repetition for 256-bit keys.
 How Does AES Work?
 To understand the way AES works, you first need to learn how it
transmits information between multiple steps.
 Since a single block is 16 bytes, a 4x4 matrix holds the data in a single
block, with each cell holding a single byte of information.

 The matrix shown in the image above is known as a state array.

 Similarly, the key being used initially is expanded into (n+1) keys, with
n being the number of rounds to be followed in the encryption process.
35
 Advanced Encryption Standard (AES)---
 The steps to be followed in AES are in the below image.

36
 The mentioned steps are to be followed for every block sequentially..
 Advanced Encryption Standard (AES)---
The steps are as follows:
1. Add Round Key: You pass the block data stored in the state array through an
XOR function with the first key generated (K0).
 It passes the resultant state array on as input to the next step.
2. Sub-Bytes: In this step, it converts each byte of the state array into
hexadecimal, divided into two equal parts.
 These parts are the rows and columns, mapped with a substitution box (S-
Box) to generate new values for the final state array.
3. Shift Rows: It swaps the row elements among each other.
 First row is not shifted, Second row is shifted one (byte) position to the
left.
 Third row is shifted two positions to the left, and Fourth row is shifted
three positions to the left.
 The result is a new matrix consisting of the same 16 bytes but shifted with
respect to each other.
4. Mix Columns: Each column of four bytes is now transformed using a special
37 mathematical function.
 This function takes as input the four bytes of one column and outputs four
 Advanced Encryption Standard (AES) ---
Steps:
 Key Expansions round keys are derived from the cipher key using Rijndael's key schedule.
 AES requires a separate 128-bit round key block for each round plus one more.
1) Initial round
 Add Round-Key each byte of the state is combined with a block of the round key
using bitwise XOR.
2) Next rounds
i. Sub-Bytes: a non-linear substitution step where each byte is replaced with
another according to a lookup table.
ii. Shift-Rows: a transposition step where the last three rows of the state are
shifted cyclically a certain number of steps.
iii. Mix-Columns: a mixing operation which operates on the columns of the state,
combining the four bytes in each column.
iv. Add Round-Key
3) Final round
v. Sub-Bytes
vi. Shift-Rows
38 vii. Add Round-Key
 Advanced Encryption Standard (AES) ---
 For 16 byte key AES encryption and decryption

39
 Comparison of DES and AES

40
Table: Comparison of DES and AES
 Asymmetric (Public-key) Cryptosystem

Public Key Cryptography

41
 Public Key Cryptography
 It is a form of cryptosystem in which encryption and decryption are performed
using different keys - one public key (KE) and one private key (KD) - that form a
unique pair
 C = EKE(P)
 P = DKD(C)  P = DKD[EKE(P)]
 The two keys have the property that deriving the private key from the public key is
computationally infeasible
 Proposed by Diffie and Hellman in 1976
 Uses Mathematical functions whose inverse is not known by Mathematicians
of the day
 It is a revolutionary concept since it avoids the need of using a secure channel
to communicate the key
 It has made cryptography available for the general public and made many of
42
today’s online applications feasible
 Public Key Cryptography ---
 It provides a radical departure from the past
• Public-key algorithms are based on mathematical functions rather than on
substitution and permutation
• Public-key cryptography is asymmetric, involving the use of two separate keys, in
contrast to symmetric encryption, which uses only one key.
• The use of two keys has profound consequences in the areas of confidentiality,
key distribution, and authentication
 Properties of Public Key Cryptosystem
• If you have the private key, you can easily decrypt what is encrypted by the
public key
• Otherwise, it is computationally infeasible to decrypt what has been encrypted by
the public key
43
 Public Key Cryptography ---
 Steps in Asymmetric Cryptosystems
1. Each user generates a pair of keys to be used for the encryption and
decryption of messages
2. Each user places one of the two keys in a public register or other accessible
file. This is the public key. The companion key is kept private
3. If Bob wishes to send a confidential message to Alice, Bob encrypts the
message using Alice’s public key
4. When Alice receives the message, she decrypts it using her private key. No
other recipient can decrypt the message because only Alice knows Alice’s
private key
 At any time, a user can change its private key and publish the companion
public key to replace its old public key

44
 Public Key Cryptography ---
 Common misconceptions concerning public-key encryption
1. Public-key encryption is not more secure from cryptanalysis than is symmetric
encryption. The security of any encryption scheme depends on the length of the
key and the computational work involved in breaking a cipher.

2. Public-key encryption has not made symmetric encryption obsolete.

3. Finally, there is a feeling that key distribution is trivial when using public-key
encryption, compared to the rather cumbersome handshaking involved with
key distribution centers for symmetric encryption.
 In fact, some form of protocol is needed, generally involving a central agent, and the
procedures involved are not simpler nor any more efficient than those required for
45 symmetric encryption
 Public Key Cryptography ---
Why public-key cryptography?
 In an attempt to attack two of the most difficult problems associated with
symmetric encryption
 The first problem is that of key distribution since key distribution under
symmetric encryption requires either (1) that two communicants already share a
key, which somehow has been distributed to them; or (2) the use of a key
distribution center
 The second problem is that of digital signatures.
• If the use of cryptography was to become widespread, then electronic messages and
documents would need the equivalent of signatures used in paper documents
46
 Public Key Cryptography ---
 Some algorithms are suitable for all three applications, whereas others can be used
only for one or two of these applications

Applications of Public-Key Cryptosystems

 RSA - Rivest-Shamir-Adleman
 DSS - Digital Signature Standard
 You can read about Diffie-Hellman and Elliptic Curve Cryptography (ECC) algorithms

47
 RSA (Rivest-Shamir-Adelman)
 The most widely used public-key cryptosystem is RSA
 RSA is from Rivest, Shamir and Alderman
 Principle: No mathematical method is yet known to efficiently find the prime factors of
large numbers

 In RSA, the private and public keys are constructed from very large prime numbers
(consisting of hundred of decimal digits)

 Breaking RSA is equivalent to finding the prime factors: this is known to be

computationally infeasible, i.e., security is based on the difficulty of factoring large
integers

 It is only the person who has produced the keys from the prime number who can
48
decrypt messages
 RSA ---
 RSA - Key Generating Algorithm
1. Choose two large prime numbers, p and q
2. Compute n = pq and (phi) φ = (p-1)(q-1)
3. Choose an integer e, 1 < e < φ, such that GCD(e, φ) = 1
 (Note: The Greatest Common Divisor of two integers is the largest positive integer that exactly
divides both integers) or e and φ are relatively prime (two integers are relatively prime if their
only common positive integer factor is 1)
4. Determine the secret exponent d, 1 < d < φ, such that φ divides (ed-1)
5. The public key is the pair of integers (e, n) and the private key is (d, n), i.e., both sender and
receiver must know the value of n.
o The sender knows the value of e, and only the receiver knows the value of d
 Keep all the values d, p, q and φ secret
 n is known as the modulus
 e is known as the public exponent or encryption exponent
 d is known as the secret exponent or decryption exponent
49
 RSA ---
 RSA- Encryption
 Sender A does the following
 Obtains the recipient B's public key (e, n)
 Represents the plaintext message as a positive integer M
 Computes the ciphertext C = Me mod n
 Sends the ciphertext C to B
 RSA- Decryption
 Recipient B does the following
 Uses his/her private key (d, n) to compute M = Cd mod n
 Extracts the plaintext from the message representative M
 Compared to DES, RSA is computationally more complex; encryption is 100-
1000 times slower than DES
50  Hence encryption systems use RSA to exchange only shared keys in a secure way
 RSA ---
 RSA Simple Example - Key Generation
1.Choose two prime numbers: p=11, q=3
2. n = pq = 11*3 = 33
φ = (p-1)(q-1) = 10*2 = 20

3. Choose e, 1 < e < φ; we choose e=3

Check GCD(e, φ) = GCD(3, 20) = 1 (i.e., 3 and 10 are relatively prime)

4. Determine d, 1<d<φ, such that φ divides ed-1 (or 20 divides 3d-1)

Simple testing (d = 2, 3 ...) gives d = 7
Check: ed-1 = 3*7 - 1 = 20, which is divisible by φ (20)

5. Public key = (e, n) = (3, 33)

51
Private key = (d, n) = (7,33)
 RSA ---
 Given

Public key = (e, n) = (3, 33)

Private key = (d, n) = (7, 33)

 RSA- Encryption Example

 Now say we want to encrypt the message M = 7

 C = Me mod n = 73 mod 33 = 343 mod 33 = 13

 Hence the ciphertext C = 13

 RSA- Decryption Example

 To check decryption we compute

52
 M = Cd mod n = 137 mod 33 = 7
 Digital Signature
 Digital signatures are the public-key primitives of message authentication.

 In the physical world, it is common to use handwritten signatures on handwritten or typed

messages.
 They are used to bind signatory to the message.

 Similarly, a digital signature is a technique that binds a person/entity to the digital data.
 This binding can be independently verified by receiver as well as any third party.

 Digital signature is a cryptographic value that is calculated from the data and a secret key
known only by the signer.
 In real world, the receiver of message needs assurance that the message belongs to the sender
and he should not be able to repudiate the origination of that message.
 This requirement is very crucial in business applications, since likelihood of a dispute over
53
exchanged data is very high.
 Digital Signature ---

Fig: DSA(digital signature Algorithm)

 Where, M – Plaintext, H - Hash function, h - Hash digest , ‘+’ - Bundle both

54
plaintext and digest, E – Encryption – Decryption
 Digital Signature ---

 The image in the pervious slide shows the entire process, from the signing of the key to its

verification. So, go through each step to understand the procedure thoroughly.

o Step 1: M, the original message is first passed to a hash function denoted by H# to create a digest.

o Step 2: Next, it bundles the message together with the hash digest h and encrypts it using the

sender’s private key.

o Step 3: It sends the encrypted bundle to the receiver, who can decrypt it using the sender’s public

key.
o Step 4: Once it decrypts the message, it is passed through the same hash function (H#), to

generate a similar digest.

o Step 5: It compares the newly generated hash with the bundled hash value received along with

the message. If they match, it verifies data integrity.

55
 Digital Signature ---
 So the Steps in Digital signature algorithm in general
1) Key Generation
2) Signature Generation
3) Signature Verification
 For digital signatures, however, is the reverse of asymmetric encryption is true.
o The signature is encrypted using the private key and decrypted with the public key.

o Because the keys are linked, decoding it with the public key verifies that the proper
private key was used to sign the document, thereby verifying the signature's provenance.

 Having understood the functionality of the DSA Algorithm, you must know the
advantages this algorithm offers over alternative standards like the RSA
algorithm.
56
 Digital Signature ---
 Out of all cryptographic primitives, the digital signature using public key cryptography is considered as very
important and useful tool to achieve information security.
 Let us briefly see how this is achieved by the digital signature −

 Message authentication − When the verifier validates the digital signature using public key of a
sender, he is assured that signature has been created only by sender who possess the corresponding
secret private key and no one else.
 Data Integrity − In case an attacker has access to the data and modifies it, the digital signature
verification at receiver end fails.
o The hash of modified data and the output provided by the verification algorithm will not match.
Hence, receiver can safely deny the message assuming that data integrity has been breached.
 Non-repudiation − Since it is assumed that only the signer has the knowledge of the signature key, he
can only create unique signature on a given data.
o Thus the receiver can present data and the digital signature to a third party as evidence if any
57 dispute arises in the
 Hash Functions
 A hash function is a mathematical function that converts a
numerical input value into another compressed numerical value
 A hash function H takes a message m of arbitrary length and
produces a bit string h, h= H(m)
 When the hash value h is sent with the message m, it enables to
determine whether m has been modified or not; the principal
objective of a hash function is data integrity
 When a hash function is used to provide message
authentication (integrity), the hash function value is often
referred to as a message digest
 The two most common hashing algorithms are
1) MD5 (Message Digest version 5) and
2) Secure Hash Algorithm or SHA (SHA-1 and later versions like SHA-256) by NIST
58
 h = H(m) is sent along m (not encrypted), where H is a
cryptographic hash function
 MD5 Algorithm
 MD5 message-digest algorithm is the 5th version of the Message-Digest Algorithm developed by Ron
Rivest to produce a 128-bit message digest.
 MD5 is quite fast than other versions of the message digest, which takes the plain text of 512-bit blocks,
which is further divided into 16 blocks, each of 32 bit and produces the 128-bit message digest, which is
a set of four blocks, each of 32 bits.
 MD5 produces the message digest through five steps, i.e. padding, append length, dividing the input into
512-bit blocks, initializing chaining variables a process blocks and 4 rounds, and using different constant
it in each iteration.
 It was developed with the main motive of security as it takes an input of any size and produces an output

if a 128-bit hash value.

 To be considered cryptographically secure, MD5 should meet two requirements:

1. It is impossible to generate two inputs that cannot produce the same hash function.
59
2. It is impossible to generate a message having the same hash value.
 MD5 Algorithm ---
How do the MD5 Algorithm works?
 As we all know that MD5 produces an output of 128-bit hash value.
 This encryption of input of any size into hash values undergoes 5 steps, and each step has
its predefined task.
 Step1: Append Padding Bits
• Padding means adding extra bits to the original message.
• So in MD5 original message is padded such that its length in bits is congruent to 448 modulo 512.
• Padding is done such that the total bits are 64 less, being a multiple of 512 bits length.
 Step 2: Append Length
• After padding, 64 bits are inserted at the end, which is used to record the original input length.
• Modulo 2^64. At this point, the resulting message has a length multiple of 512 bits.
 Step 3: Initialize MD buffer.
• A four-word buffer (A, B, C, D) is used to compute the values for the message digest
 Step 4: Processing message in 16-word block
• MD5 uses the auxiliary functions, which take the input as three 32-bit numbers and produce 32-
bit output.
• These functions use logical operators like OR, XOR, NOR.
60  Step 5 : Output- After all, rounds have performed, the buffer A, B, C, D contains the MD5 output starting
with lower bit A and ending with higher bit D.
 SHA Algorithm
 SHA algorithm is Secure Hash algorithm developed by the National Institute of Standards and
Technology along with NSA, previously released as a Federal Information Processing Standard,
later in 1995,
 It was named as SHA algorithm, design to modify the MD4
 In the field of cryptography and crypt analytics, the SHA-1 algorithm is a crypt-formatted hash
function that is used to take a smaller input and produces a string that is 160 bits, also known
as 20-byte hash value long.
 The hash value therefore generated, is known as a message digest which is typically rendered
and produced as a hexadecimal number which is specifically 40 digits long.
 The Different Types of SHA algorithm include the ones:

61
 Concluding Remarks about Encryption
 Advantages and disadvantages
 Advantage of private-key (symmetric/secret-key) cryptography is that it provides better
secrecy but needs prearranged key exchange

 Symmetric key cryptography is impractical for exchanging messages with a large group of
previously unknown correspondents over a public network, e.g., in e-commerce, for a
merchant to conduct transactions securely with millions of customers, each customer would
need a distinct key assigned by that merchant and transmitted over a separate secure
channel

 Advantage of public-key (asymmetric) cryptography is that it allows for secrecy between two
parties who have not arranged in advance to have a shared key (or trusted some third party
to give it to them) and the disadvantage is overhead and speed

 Therefore, in practice, hybrid systems use public-key to establish session key for private key
62