UNIT -I

ELEMENTARY CRYPTOGRAPHY

Course Content overview

1. Terminology and Background
Cryptography: The art and science of securing communication and data by transforming it into a secure format.

Encryption: The process of converting plaintext into ciphertext using a cryptographic algorithm and key.

Decryption: The reverse process of encryption, converting ciphertext back into plaintext.

Plaintext: The original, readable data or message that is to be encrypted.

Ciphertext: The encrypted, unreadable version of the plaintext.

Key: A piece of information used by an algorithm to transform plaintext into ciphertext and vice versa.

Algorithm: A mathematical procedure used for encryption and decryption.

Symmetric Encryption: Encryption where the same key is used for both encryption and decryption.

Asymmetric Encryption: Encryption where different keys are used for encryption and decryption (public and
private keys).

Hash Function: A function that converts input data into a fixed-size string of characters, which is typically a hash
value.

2. Substitution Ciphers
Definition: A type of encryption where elements of the plaintext are replaced with other elements.

Caesar Cipher: One of the simplest substitution ciphers where each letter in the plaintext is shifted a certain number
of places down the alphabet.

Example:

 Plaintext: "HELLO"
 Shift: 3
 Ciphertext: "KHOOR"

Monoalphabetic Cipher: Each letter of the plaintext is mapped to a unique letter of ciphertext alphabet.
1
Polyalphabetic Cipher: Uses multiple substitution alphabets to encrypt the plaintext.

Vigenère Cipher: A polyalphabetic cipher where a keyword is repeated and each letter of the plaintext is shifted
according to the corresponding letter of the keyword.

3. Transpositions
Definition: A method of encryption where the positions of the characters are shifted according to a certain system.

Columnar Transposition: The plaintext is written in rows and then read out column by column according to a
defined order.

Example:

 Plaintext: "WE ARE DISCOVERED FLEE AT ONCE"

 Columns (width 5):

mathematica
Copy code
W E A R E
D I S C O
V E R E D
F L E E A
T O N C E

 Ciphertext: "WDFET EIRLN ARVES EEOCA DEECD"

Rail Fence Cipher: The plaintext is written in a zigzag pattern and then read off line by line.

4. Making Good Encryption Algorithms

Criteria:

 Confusion: Ensures that the relationship between the plaintext and ciphertext is as complex as possible.
 Diffusion: Ensures that changes in the plaintext affect many parts of the ciphertext.
 Avalanche Effect: A slight change in the plaintext or key should produce a significantly different ciphertext.
 Key Space: Large enough to resist brute force attacks.

Practices:

 Use well-vetted algorithms.

 Ensure keys are securely generated and managed.
 Avoid outdated or broken algorithms.

5. Data Encryption Standard (DES)

2
Overview: A symmetric-key algorithm for the encryption of digital data.

Key Length: 56 bits

Algorithm:

 Divides the data into 64-bit blocks.

 Uses 16 rounds of Feistel structure.
 Each round consists of permutation and substitution steps.

Weaknesses:

 Small key size makes it vulnerable to brute force attacks.

Superseded by: Advanced Encryption Standard (AES)

6. AES Encryption Algorithm

Overview: A symmetric-key algorithm used for secure data encryption.

Key Lengths: 128, 192, or 256 bits

Algorithm:

 Divides the data into 128-bit blocks.

 Uses 10, 12, or 14 rounds depending on key size.
 Each round consists of substitution, permutation, mixing, and key addition steps.

Strengths:

 Strong security with larger key sizes.

 Efficient both in hardware and software.

7. Public Key Encryption

Overview: Uses a pair of keys, a public key for encryption, and a private key for decryption.

Key Features:

 Public key is distributed widely, while the private key is kept secret.
 Enables secure communication and digital signatures.

Algorithms:

 RSA: Relies on the difficulty of factoring large integers.

 Elliptic Curve Cryptography (ECC): Based on the algebraic structure of elliptic curves over finite fields.
3
Use Cases:

 Secure key exchange.

 Digital signatures.

8. Cryptographic Hash Functions

Definition: A function that takes an input and returns a fixed-size string of bytes.

Properties:

 Deterministic: Same input always produces the same output.

 Fast computation.
 Pre-image resistant: Hard to reverse the hash to find the original input.
 Collision resistant: Hard to find two different inputs that produce the same hash.

Algorithms:

 MD5: Produces a 128-bit hash, considered weak and broken.

 SHA-1: Produces a 160-bit hash, deprecated due to vulnerabilities.
 SHA-256: Part of the SHA-2 family, produces a 256-bit hash, widely used and secure.

9. Key Exchange
Purpose: Securely exchanging cryptographic keys over a public channel.

Methods:

 Diffie-Hellman Key Exchange: Allows two parties to establish a shared secret key over an insecure channel.
 Elliptic Curve Diffie-Hellman (ECDH): A variant of Diffie-Hellman using elliptic curve cryptography, offering
higher security with smaller key sizes.

10. Digital Signatures

Purpose: To verify the authenticity and integrity of a message, software, or digital document.

Process:

 Signing: The sender generates a digital signature using their private key.
 Verification: The receiver verifies the signature using the sender's public key.

Algorithms:

 RSA: Widely used for digital signatures.

4
  DSA (Digital Signature Algorithm): A Federal Information Processing Standard for digital signatures.
 ECDSA (Elliptic Curve Digital Signature Algorithm): Uses elliptic curve cryptography, providing high security with
smaller key sizes.

11. Certificates
Purpose: To bind a public key to an entity's identity.

Components:

 Certificate Authority (CA): A trusted entity that issues digital certificates.

 Public Key Infrastructure (PKI): A framework that manages digital certificates and public-key encryption.

Contents of a Certificate:

 Subject: The entity's identity.

 Public Key: The public key of the entity.
 Issuer: The CA issuing the certificate.
 Signature: The CA's digital signature to verify the certificate's authenticity.

Standard: X.509, used widely for secure web communication (SSL/TLS).

5
CRYPTOGRAPHY TECHNIQUES

From the beginning any era, human being has two natural needs:
To communicate and share information and
To communicate selectively.
These two needs gave rise to the art of coding the messages in such a way that only the intended
people could have access to the information. Unauthorized people could not extract any
information.
The word “cryptography‟ is the combination of two Greek words, “Krypto” meaning hidden or
secret and “graphene” meaning writing.

Cryptography: It is the art of achieving security by encoding messages to make them non-
readable format.
It is a method of protecting information and communications through the use of codes, so that
only those for whom the information is intended can read and process it.

Cryptanalysis:

It is the technique of decoding messages from a non-readable format back to a

readable format.
It is done without knowing how they were initially converted from readable format to
non-readable format. Also called code breaking.

6
Cryptology: Cryptology is a combination of Cryptography and Cryptanalysis.
Plain Text: Clear text, or plain text, signifies a message that can be understood by the sender,
the recipient, and also by anyone else who gets access to that message.
Cipher text:-When a plain text message is codifies using any suitable scheme, the resulting
message is called as cipher text.
There are two types of techniques used to covert plain text to cipher text.
Substitution Techniques
Transposition Techniques

Substitution-cipher technique:
In the substitution-cipher technique, the each characters of a plain-text message are
replaced byother characters, numbers or symbols.

There are several techniques. They are:

Caesar Cipher
Modified version of Caesar Cipher
Monoalphabetic Cipher
Polyalphabetic Cipher
Homophonic Substitution Cipher
Polygram Substitution Cipher
Playfair Cipher
Hill Cipher
Caesar Cipher
Proposed by Julius Caesar.
Mechanism to make a plaintext message into ciphertext message.
It replacing each letter of the alphabet with the letter standing 3 places
further downthe alphabet.
Example: Replace each A with D, B with E, etc.

ABCDEFGHIJKLMNOPQRSTUVYZ
DEFGHIJKLMNOPQRSTUVWXYZC
PT: KIIT
CT: NLLW

Modified version of Caesar Cipher

The Caesar cipher is very simple and very easy to break. To make it complicated the
modified version of Caesar cipher comes into play.
Let us assume that the cipher-text alphabets corresponding to the original plain-text alphabets
may not necessarily be three places down the order, but instead, can be any places down the
order.
As we know, the English language contains 26 alphabets. Thus, an alphabet A can be
replaced by any other alphabet in the English alphabet set, (i.e. B through Z). Of course, it
does not make sense to replace an alphabet by itself (i.e. replacing A with A).
Thus, for each alphabet, we have 25 possibilities of replacement. Hence, to break a messagein
the modified version of Caesar cipher, our earlier algorithm would not work.

7
 Mono-alphabetic Cipher
 A monoalphabetic cipher is a substitution cipher where a symbol in the
plaintext has a one-to-one relationship with a symbol in the ciphertext.
 It means that a symbol in the plaintext is always replaced with the
samesymbol in theciphertext, irrespective of its position in the
plaintext.
 It uses random substitution.
 This means that in a given plain-text message, each A can be replaced by any
other alphabet (B through Z), each B can also be replaced by any other random
alphabet (A or C through Z), and so on. The crucial difference being, there is
no relation between the replacement of B and replacement of A. That is, if we
have decided to replace each A with D, we need not necessarily replace each B
with E—we can replace each B withany other character!

Polyalphabetic Substitution Cipher

Leon Battista invented the polyalphabetic substitution cipher in 1568.
 This cipher uses multiple one-character keys. Each of the keys encrypts one
plain- text character. The first key encrypts the first plain-text character; the
second key encrypts the second plain-text character, and so on.
 After all the keys are used, they are recycled. Thus, if we have 30 one-letter
keys, every 30th character in the plain text would be replaced with the same
key.
Homophonic Substitution Cipher
This substitution cipher is very similar to mono-alphabetic cipher.
 However, the difference between the two techniques is in homophonic
substitution cipher, one plain-text alphabet can map to more than one
cipher-text alphabet.
 For instance, A can be replaced by <D, H, P, R>; B can be replaced by <E, I, Q,
S>etc.

Polygram Substitution Cipher

 Polygram substitution cipher technique replaces one block of plain text with
another block of cipher text—it does not work on a character-by-character
basis.
 For instance, HELLO could be replaced by YUQQW, but HELL could be
replaced by atotally different cipher text block TEUI,as shown in Fig.
 This is true in spite of the first four characters of the two blocks of text (HELL)
being the same. This shows that in the polygram substitution cipher, the
replacement of plain text happens block by block, rather than character by

character.
8
 Playfair Cipher:
 The Playfair cipher scheme was invented in 1854 by Charles Wheatstone but was
named after Lord Playfair who promoted the use of the cipher. In playfair cipher
unlike traditional cipher we encrypt a pair of alphabets(digraphs) instead of a
single alphabet.
 It was used for tactical purposes by British forces in the Second Boer War and in
World War I and for the same purpose by the Australians during World War II.
This was because Playfair is reasonably fast to use and requires no special
equipment.
The Playfair encryption scheme uses two main processes.
> Creation and population of matrix
> Encryption process
Step 1: Creation and Population of Matrix
• The Playfair cipher makes use of a 5
x 5 matrix (table), which is used to
store a keyword or phrase that
becomes the key for encryption and
decryption.
• The way this is entered into the 5 x 5
matrix is based on some simple rules:
1. Enter the keyword in the matrix row-wise: left-to-right, and then top-to-bottom.
2. Drop duplicate letters.
3. Fill the remaining spaces in the matrix with the rest of the English alphabets (A-Z)
that werenot a part of our keyword. While doing so, combine I and J in the same cell of
the table.
In other words, if I or J is a part of the keyword, disregard both I and J while filling the
remainingslots.

EXAMPLE OF ENCRYPTION AND DECRYPTION IN PLAYFAIR:

For example, suppose that our keyword=PLAYFAIR EXAMPLE

Then, the 5 x 5 matrix containing our keyword will look

as shownLet us say, our Plaintext= “MY NAME IS
ATUL”

Encryption process – it consists of following steps:

1. Before initiating the encryption, break the plain text in

pair of 2letters.
For ex. if our message is MY NAME IS ATUL, it becomes MY NA ME IS AT UL.
2. If both the alphabets are same or 1 letter is remaining, add X after the first alphabet.
3. After the initial process, take the pairs for encryption.
4. If the alphabets of the pair appear in same row of the matrix, then substitute them
with their immediate right letter. If the alphabets of the plain text is itself the

9
 rightmost, then wrap itup with the left letter of the row it happens.
5. If the alphabets of the pair appear in same column of the matrix, then substitute
them withtheir immediate below alphabets. If the letter of the plain text is itself
below, then wrap it up with the top letter of the column it happens.
6. If the alphabets of the pair are not in same row or column then define a rectangle
with theoriginal pair and substitute them with other corners of the rectangle.
Example

1) Message is: MY NAME IS ATUL It

becomes MY NA ME IS AT UL.

Hill Cipher
The Hill cipher works on multiple letters at the same time.

Lester Hill invented this in 1929. The Hill cipher uses the matrix theory of mathematics.

Working:
• Treat each letter with a number like A=0, B=1, C=2…… Z=25.
• Let us say, our original message is “TAJ”
• As per the rule, T=19 A=0 J=9
• Convert it into matrix form as:

10
 Now multiply the plain text matrix with any number as keys. The multiplying matrix
should beof n x n where n is the number of rows of original matrix

Now compute mod 26 on resultant matrix i.e. take the remainder after dividing by 26.

Now translating numbers into alphabets, we get:

19=T 25= Z 21=V
Therefore our cipher text is TZV
To decrypt hill cipher, follow the steps:
1.) Take cipher text matrix and multiply it by inverse of original
key matrix2.) Again perform mod by 26.
Thus we get our original text.
Transposition techniques:
Transposition technique is an encryption method which is achieved by
performing permutation over the plain text.
Rail-Fence Technique
This technique is a type of Transposition technique which involves writing the plain text as a
sequence of diagonals and then reading row-by-row to produce cipher text.

It uses a simple algorithm,

1. Writing down the plaintext message into a sequence of diagonals.

2. Read the plain text in step-1 as a sequence of rows.

Example:

Plain Text: meet me Tomorrow

Now, we will write this plain text sequence wise in a diagonal form as you can see below:

Cipher Text: m e m t m r o e t e o o r w

11
 Simple Columnar Transposition Technique:
A. Basic Technique
It is a slight variation to the Rail-fence technique, let’s see its algorithm:
1. In a rectangle of pre-defined size, write the plain-text message row by row.
2. Read the plain message in random order in a column-wise fashion. It can be any order
such as 2, 1, 3 etc.
3. Thus Cipher-text is obtained.

Let’s see an example:

Original message: "INCLUDEHELP IS AWESOME".
Now we apply the above algorithm and create the rectangle of 4 columns (we decide to make a
rectangle with four column it can be any number.)

Now let’s decide on an order for the column as 4, 1, 3 and 2 and now we will read the text in
column-wise.
Cipher-text: LHIEEIUESSCEPWMNDLAO
B. Columnar Technique with multiple rounds

In this method, we again change the chipper text we received from a Basic technique that is in
round 1 and again follows the same procedure for the cipher-text from round 1.
Algorithm:
1. In a rectangle of pre-defined size, write the plain-text message row by row.
2. Read the plain message in random order in a column-wise fashion. It can be any order
such as 2, 1, 3 etc.
3. Thus, Cipher-text of round 1 is obtained.
4. Repeat from step 1 to 3.
Example:
Original message: "INCLUDEHELP IS AWESOME".
Now we apply the above algorithm and create the rectangle of 4 column (we decide to make a
rectangle with four column it can be any number.)

12
Now let’s decide on an order for the column as 4, 1, 3 and 2 and now we will read the text in
column-wise.
Cipher-text of round 1: LHIEEIUESSCEPWMNDLAO
Round 2:

Now, we decide to go with a previous order that is 4,1,3,2.

Cipher-text: EEENLESPICUMHISW
These multi-round columnar techniques are harder to crack as compared to methods seen earlier.
Vernam Cipher (one time pad):
The Vernam Cipher has a specific subset one-time pad, which uses input ciphertext as a random
set of non-repeating character. The thing to notice here is that, once an input cipher text gets used
it will never be used again hence one-time pad and length of cipher-text is the size that of
message text.
Algorithm:
1. Plain text character will be represented by the numbers as A=0, B=1, C=2,... Z=25.
2. Add each corresponding number of a plain text message to the input cipher text alphabet
numbers.
3. If the sum is greater than or equal to 26, subtract 26 from it.
4. Translate each number back to corresponding letters and we got our cipher text.
Example: Our message is "INCLUDEHELP" and input cipher text is "ATQXRZWOBYV"

13
One time pad should be discarded after every single use and this technique is proved highly
secure and suitable for small messages but illogical if used for long messages.

Encryption and Decryption:-

Encryption:-The process of encoding plain text messages into cipher text messages is called as
encryption.

Decryption:-The reverse process of transforming cipher text messages back to plain text
messages is called as decryption.

Symmetric and Asymmetric Key Cryptography:

Symmetric key Cryptography:-

Symmetric key cryptography (or symmetric encryption) is a type of encryption scheme in which
the same key is used both to encrypt and decrypt messages.

Asymmetric key Cryptography:-

Asymmetric encryption uses the public key for the encryption, and a private key is used for
decryption.

Or

Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair
of related keys -- one public key and one private key .

14
 SYMMETRIC AND ASYMMETRIC KEY ALGORITHMS

Algorithm Types and modes:

Algorithm types:

It defines what size of plain text should be encrypted in each step of algorithm.
It is of two types:
o Stream Ciphers
o Block Ciphers
Stream Ciphers
Bit-by-bit encryption/decryption.
In this scheme, the plaintext is processed one
bit at a time i.e. one bit of plaintext is taken,
and a series of operations is performed on it to
generate one bit of cipher text.
Technically, stream ciphers are block ciphers
with a block size of one bit.
Example: Suppose the original message (plain
text) is Pay 100 in ASCII (i.e. text format).
When we convert these ASCII characters to their
binary values, let us assume that it translates to
01011100. Let us also Assume that we apply the
XOR logic as the encryption algorithm.
As a result of applying one bit of key for every respective bit of the original message,
suppose thecipher text is generated as 11001001 in binary (ZTU91 A% in text).
Block Cipher
Block-by-block encryption / decryption.
In this scheme, the plain binary text is processed in blocks (groups) of bits at a time; i.e. a block of
plaintext bits is selected, a series of operations is performed on this block to generate a block of
cipher text bits.
The number of bits in a block is fixed. For example, the schemes DES and AES have block sizes
of 64 and 128, respectively.
The basic scheme of a block cipher is given as follows:
Block Cipher Example:
Suppose we have a plain text “FOUR_AND
_FOUR” that needs to be encrypted. By
using this technique FOUR could be
encrypted first followed by _AND_ and
FOUR.

17
Algorithm Modes:
 It is a combination of series of basic algorithm steps on block cipher and
some sort of feedbackfrom the previous steps.
 It is divided into four modes:

Electronic Code book (ECB) Mode:

 ECB is a simplest and

straightforward method of
converting a block of plaintext
into cipher text.
 Here, plain-text message is
divided into blocks of 64 bits
each.
 Each such block is then
encrypted independently of the
other blocks.
 For all blocks in a message, the
same key is used for encryption.
 This encryption process is shown figure.
 At the receiver’s end, the
incoming data is divided into
64-bit blocks.
 By using the same key as was
used for encryption, each block
is decrypted to produce the
corresponding plain-text block.
 This decryption process is shown figure.

18
 Cipher Block Chaining (CBC) Mode:

In CBC mode, a feedback mechanism is used. Chaining adds a feedback mechanism to a

block cipher.
In Cipher Block Chaining (CBC), the results of the encryption of the previous block are
fed back into the encryption of the current block.

That is, each block is used to modify the encryption of the next block.
Thus, each block of cipher text is dependent on the corresponding current input plain-text
block, as well as all the previous plain-text blocks.

Operation:
The steps are as follows:
 Load the n-bit Initialization Vector (IV). IV is a random generated block of text in a
register.
 XOR the n-bit plain text block with data value in IV register.
 Encrypt the result of XOR operation with the key K. Result is it produce the cipher
text block.
 Feed cipher text block into the IVregister and continue the operation till all plaintext
blocks are processed.
Cipher Feedback (CFB) Mode:
 Not all applications can work with blocks of data. Security is also required in
applications that are character-oriented.
 For instance, an operator can be typing keystrokes at a terminal, which needs to be
immediately transmitted across the communications link in a secure manner, i.e., by
using encryption.
 In such situations, stream cipher must be used. The Cipher Feedback (CFB) mode is
useful in such cases.
 In this mode, data is encrypted in units that are smaller (e.g., they could be of size 8 bits,
i.e. the size of a character typed by an operator) than a defined block size (which is
usually 64 bits).

19
 Steps of operation are:
 Assuming that we are dealing with j bits at a time (as we have seen usually, but not
always, j = 8).
 we shall study CFB in a step-by-step fashion.
 Step 1 Like CBC, a 64-bit Initialization Vector (IV) is used in the case of CFB mode.
The IV is kept in a shift register. It is encrypted in the first step to produce a
corresponding 64 bit cipher text.
 Step 2 Now, the leftmost (i.e. the most significant) j bits of the encrypted IV are
XORed with the first j bits of the plain text.
 Step 3 Now, the bits of IV (i.e. the contents of the shift register containing IV) are
shifted left by j positions. Thus, the rightmost j positions of the shift register now
contain unpredictable data. These rightmost j positions are now filled with C.
 Step 4 Now, steps 1 through
3 continue until all the plain-
text units are encrypted.
That is, the following steps are repeated:
o IV is encrypted.
o The leftmost j bits
resulting from this
encryption process are
XORed with the next j
bits of the plain text.
o The resulting cipher-text
portion (i.e., the next j
bits of cipher text) is
sent to the receiver.
o The shift register
containing the IV is left-
shifted by j bits.
o The j bits of the cipher
text are inserted from
right into the shift
register containing the
IV.

Output Feedback (OFB) Mode:

 The OFB mode is similar to CFB, but the only difference is that in CFB, the cipher text is
fed into the next stage of encryption process.
 But in case of OFB the output of IV encryption process is fed into the next stage of
encryption process.
 In this mode, if there are errors in individual bits, they remain errors in individual bits and
do not corrupt the whole message.
 That is, bit errors do not get propagated.

20
Encryption & Decryption:
Encryption or Encoding or Encode:
 The process of converting or transforming plain text or original text into cipher
text is called asencoding.
 This new form of the message is totally different from the initial message.
 It occurs at the sender’s side.
 The sender uses an encryption algorithm and a key to transform the original
message into an encryptedmessage i.e., cipher text.
 Encryption is also called enciphering or encipherment.

Decryption or Decoding or Decode:

 The process of converting cipher text into plain text is called as decoding.
 It occurs at the receiver’s end.
 The receiver uses decryption algorithms and a key to transform the cipher text back
to original plaintext message.
 The decryption is also called deciphering or decipherment.
 Decryption is the reverse process of encryption.

21
An Overview of Symmetric Key Cryptography
Symmetric key cryptography (or symmetric encryption) is a type of encryption scheme in which
the same key is used both to encrypt and decrypt messages. Such a method of encoding
information has been largely used in the past decades to facilitate secret communication between
governments and militaries.
Data Encryption Standard:
The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST). DES is an implementation of a Feistel Cipher. It
uses 16 round Feistel structure. The block size is 64-bit.
The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST).
How DES Works?
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size
is 64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the
64 bits of the key are not used by the encryption algorithm (function as check bits only). General
Structure of DES is depicted in the following illustration −

22
Since DES is based on the Feistel Cipher, all that is required to specify DES is −
Round function
Key schedule
Any additional processing − Initial and final permutation
Initial and Final Permutation
The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of
each other. They have no cryptography significance in DES. The initial and final permutations
are shown as follows −

Round Function
The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the
rightmost 32 bits to produce a 32-bit output.

Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we first
need to expand right input to 48 bits. Permutation logic is graphically depicted in the following
illustration −

23
The graphically depicted permutation logic is generally described as table in DES specification
illustrated as shown −

XOR (Whitener). − After the expansion permutation, DES does XOR operation on the
expanded right section and the round key. The round key is used only in this operation.

Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-boxes,
each with a 6-bit input and a 4-bit output. Refer the following illustration −

The S-box rule is illustrated below −

There are a total of eight S-box tables. The output of all eight s-boxes is then combined in to 32
bit section.
24
Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight
permutation with rule shown in the following illustration:

Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The process of
key generation is depicted in the following illustration −

The logic for Parity drops, shifting, and Compression P-box is given in the DES description.

25
DES Analysis
The DES satisfies both the desired properties of block cipher. These two properties make cipher
very strong.
Avalanche effect − A small change in plaintext results in the very great change in the ciphertext.
Completeness − Each bit of cipher text depends on many bits of plaintext.
During the last few years, cryptanalysis has found some weaknesses in DES when key selected
are weak keys. These keys shall be avoided.
DES has proved to be a very well designed block cipher. There have been no significant
cryptanalytic attacks on DES other than exhaustive key search.
Asymmetric-key Enclpherment:
The asymmetric-key encipherment also called public-key encipherment or public-key
cryptography, was introduced by Diffie and Hellman in 1976 to overcome the problem
found in symmetric key cryptography.
It uses two different keys for encryption and decryption.
These two keys are referred to as the public key (used for encryption) and the private key
(used for decryption).
Each authorized user has a pair of public and private keys. The public key of each user is
known to everyone, whereas the private key is known to its owner only.

A public-key encryption scheme has six ingredients as shown in figure.

Plaintext: This is the readable message or data that is fed into the algorithm as input.
Encryption algorithm: The encryption algorithm performs various
transformations on the plaintext.This encrypts plain text using public key of
receiver.
Public and Private keys: This is a pair of keys used for encryption; the other is
used for decryption.In figure, encryption is done using public key and decryption
using private key.
Cipher-text: This is the coded message produced as output. It depends on the plaintext
and the key.
Decryption algorithm: This algorithm accepts the cipher text and the matching
key and produces the original plaintext. In figure, decryption algorithm uses
private key.
Now, suppose that a user ·A wants to transfer some information to· user B
securely. The user A encrypts the data by using the public key of B and sends the

26
 encrypted message to B.
On receiving the encrypted message, B decrypts it by using his/ her private key.
Since decryption process requires a private key of user B, which is only known to
B, the information is transferred securely. The above figure states the whole
process.
RSA is a well-known example of asymmetric-key algorithm.
The main advantage of public-key cryptography is that the sender and the receiver
need not have to share the secret key. All communication involves only public
keys.
Thus, the private key is never transmitted or shared. Anyone can send a
confidential message using a public key, but the message can only be decrypted
with a private key, which is kept by the intended recipient.
Differentiate between symmetric-key and asymmetric-key cryptography:
Symmetric-key Asymmetric-
key
1. It uses a single key for both encryption and 1. It uses .two different keys-public key for encryption
decryption of data. and
private key for decryption.
2. Both the communicating parties share the 2. Both the communicating parties should have at least
same algorithm and the key. one
of the matched pair of keys.
3.The processes of encryption and decryption 3. The· encryption and decryption processes are
are very fast. slower as
compared to symmetric-key cryptography.
4. Key distribution is a big problem. 4. Key distribution is not a problem.
5.The size of encrypted text is usually same or 5. The size of encrypted text is usually more than the
less than the original text. size
of the original text.
6. It can be used for confidentiality of data as well
6.It can only be used for confidentiality, as for integrity and non-repudiation
that is, only for encryption and decryption of checks (i.e.for digital
data. signatures).
THE RSA ALGORITHM:
This algorithm proposed by Ron Rivest, Adi Shamir, Len Adleman (RSA) in 1978 at
MIT. It is based onasymmetric key cryptography.

1. Choose two large prime numbers P and Q.

2. Calculate N = P x Q.
3. Select the public key (i.e. the encryption key) E such that it is not a factor of ( P - 1) and
( Q - 1 ).
4. Select the private key (i.e., the decryption key) D such that the
following equation is true:(D x E) mod (P - 1) x (Q - 1) = 1
5. For encryption, calculate the cipher text CT from the plain text PT as follows:
CT = PTE mod N.

6. Send CT as the cipher text to the receiver.

7. For decryption, calculate the plain text PT from the cipher text CT as follows:
27
 PT = CTD mod N

Examples of RSA

Let us take an example of this process to understand the concepts.

1. Choose two large prime numbers P and Q. Let P = 7, Q = 17.

2. Calculate N = P x Q.
We have N = 7 x 17= 119.
3. Select the public key (i.e., the encryption key) E such that it is not a factor
of (P - 1) X (Q - 1).Let us find (7 - 1) x (17 - 1) = 6 x 16 = 96.
The factors of 96 are 2, 2, 2, 2, 2 and 3 (because 96 = 2 x 2
x 2 x 2 x 2 X 3).Thus, we have to choose E such that it is
not the factors of E is 2 and 3.
Let us choose E as 5 (it could have been any other number that does not its factors as 2
and 3).
4. Select the private key (i.e., the decryption key) D such that the
following equation is true:(D x E) mod (P - 1) x (Q -1) = 1.
Let us substitute the values of E, P and Q
in the equation.We have: (D x 5) mod (7 -
1) x (17 - 1) = 1
That is: (D x 5) mod (6) x (16) = 1
That is: (D x 5) mod (96) = 1
After some calculations, let us take D = 77. Then the following is true: (77 x 5)
mod (96) = 385 mod96 = 1.
5. For encryption, calculate the cipher text CT from the plain
text PT as follows:CT= PTE mod N.

Let us assume that we want to encrypt plaintext=10. Then we have:

CT = 105 mod 119 = 100000 mod 119 = 40.

28
 6. Send CT as the cipher-text to the receiver. Send 40 as the cipher text to the receiver.
7. For decryption, calculate the plaintext PT from the cipher-
text CT as follows: PT = CTD mod N.
That is: PT = 4077 mod 119 = 10.
This was the original plaintext of step 5

Cryptographic Hash Function

A hash function in cryptography is like a mathematical function that takes various inputs, like messages or
data, and transforms them into fixed-length strings of characters. Means the input to the hash function is of
any length but output is always of fixed length. This is like compressing a large balloon into a compact ball.

The importance of this process lies in its generation of a unique "fingerprint" for each input. Any minor
alteration in the input results in a substantially different fingerprint, a quality known as "collision resistance."

Hash functions play a crucial role in various security applications, including password storage (hash values
instead of passwords), digital signatures, and data integrity checks. Hash values, or message digests, are
values that a hash function returns. The hash function is shown in the image below −

Key Points of Hash Functions

 Hash functions are mathematical operations that "map" or change a given collection of data into a
fixed-length bit string that is referred to as the "hash value."
 Hash functions have a variety of complexity and difficulty levels and are used in cryptography.
 Cryptocurrency, password security, and communication security all use hash functions.
Operation of Cryptographic Hash Functions

29
In computing systems, hash functions are frequently used data structures for tasks like information
authentication and message integrity checks. They are not easily decipherable, but because they can be solved
in polynomial time, they are regarded as cryptographically "weak".

Typical hash functions have been improved with security characteristics by cryptographic hash functions, which
make it more challenging to decipher message contents or recipient and sender information.

Specifically, cryptographic hash functions display the following three characteristics −

 The hash function are called as "collision-free." As a result, no two input hashes should be equal to the
same output hash.
 They are hidden. A hash function's output should make it difficult to figure out the input value from it.
 They should to be friendly to puzzles. The selection of an input that generates a predetermined result
needs to be difficult. As such, the input needs to be taken from as wide as possible.

Explore our latest online courses and learn new skills at your own pace. Enroll and become a certified expert to
boost your career.

Properties of hash functions

To be a reliable cryptographic tool, the hash function should have the following properties −

Pre-Image Resistance
 According to this feature, reversing a hash function should be computationally difficult.
 In other words, if a hash function h generates a hash value z, it should be difficult to identify an input
value x that hashes to z.
 This feature defends against an attacker attempting to locate the input with just the hash value.
Second Pre-Image Resistance
 This property says that given an input and its hash, it should be difficult to find another input with the
same hash.
 In other words, it should be challenging to find another input value y such that h(y) equals h(x) if a
hash function h for an input x returns the hash value h(x).
 This feature of the hash function protects against an attacker who wants to replace a new value for the
original input value and hash, but only holds the input value and its hash.
Collision Resistance
 This feature says that it should be difficult to identify two different inputs of any length that produce
the same hash. This characteristic is also known as a collision-free hash function.
 In other words, for a hash function h, it is difficult to identify two distinct inputs x and y such that
h(x)=h(y).
 A hash function cannot be free of collisions because it is a compression function with a set hash length.
The collision-free condition simply indicates that these collisions should be difficult to locate.
 This characteristic makes it very hard for an attacker to identify two input values that have the same
hash.
 Furthermore, a hash function is second pre-image resistant if it is collision-resistant.
Efficiency of Operation
 Computation of h(x) for any hash function h given input x can be an easy process.
 Hash functions are computationally considerably faster than symmetric encryption.
Fixed Output Size

Hashing generates an output of a specific length, regardless of the input size, and helps to make an output of
the same size from different input sizes.

30
 Deterministic

For a given input, the hash function consistently produces the same output, like a recipe that always yields the
same dish when followed precisely.

Fast Computation

Hashing operations occur rapidly, even for large amounts of data sets.

Design of Hashing Algorithms

Hashing essentially involves a mathematical function that takes two data blocks of fixed size and converts
them into a hash code. The function is a key part of the hashing algorithm. The length of these data blocks
differ according to the algorithm used. Usually, they range from 128 bits to 512 bits. Below is an example of a
hash function −

Hashing algorithms use a sequence of rounds, similar to a block cipher, to process a message. In each round,
a fixed-size input is used, which usually combines the current message block and the result from the previous
round.

This process continues for multiple rounds until the entire message is hashed. A visual representation of this
process is provided in the illustration below.

31
Due to the interconnected nature of hashing, where the output of one operation affects the input of the next,
even a minor change (a single bit difference) in the original message can drastically alter the final hash value.

This phenomenon is known as the avalanche effect. Additionally, it's crucial to distinguish between a hash
function and a hashing algorithm. The hash function itself takes two fixed-length binary blocks of data and
generates a hash code.

A hashing algorithm, on the other hand, establishes how the message is divided into blocks and how the
outcomes of multiple hash operations are combined.

Popular Hash Functions

Hash functions play an important role in computing, providing versatile capabilities like: Quick retrieval of
data, Secure protection of information (cryptography), Ensuring data remains unaltered (integrity verification).
Some commonly used hash functions are −

Message Digest (MD)

For a number of years, MD5 was the most popular and often used hash function.

 The hash functions MD2, MD4, MD5, and MD6 are members of the MD family. It was adopted as the
RFC 1321, Internet Standard. It is a 128-bit hash function.
 In the software industry, MD5 digests are frequently used to ensure the integrity of transferred files. To
enable users to compare the checksum of the downloaded file with the pre-computed MD5 checksum,
file servers frequently provide this feature.
 In 2004, collisions were found in MD5. It was claimed that an analytical attack using a computer cluster
was successful in under one hour. Since MD5 was compromised by this collision attack, using it is no
longer recommended.

MD5 (Message-Digest Algorithm 5)

Overview:

 Developed by Ronald Rivest in 1991.

 Produces a 128-bit (16-byte) hash value, typically rendered as a 32-digit hexadecimal number.
 Widely used in the past for verifying data integrity, but now considered cryptographically broken and unsuitable
for further use.

32
Algorithm Steps:

1. Padding the Message:

o The original message is padded so that its length (in bits) is congruent to 448 modulo 512. Padding is
done by appending a single '1' bit followed by '0' bits until the length is 448 modulo 512.
o The final 64 bits are reserved for the length of the original message (before padding), represented as a
64-bit little-endian integer.
2. Initialize MD Buffer:
o MD5 uses four 32-bit variables to store the intermediate and final hash values:

plaintext
Copy code
A = 0x67452301
B = 0xEFCDAB89
C = 0x98BADCFE
D = 0x10325476

3. Process the Message in 512-bit Blocks:

o The message is divided into 512-bit blocks. Each block is processed in four rounds, with 16 operations
per round.
4. Processing Each Block:
o Message Schedule: Each 512-bit block is divided into sixteen 32-bit words (M[0], M[1], ..., M[15]).
o Initialize Working Variables: The working variables (A, B, C, D) are initialized to the current values
of the MD buffer.
o Main Loop: For each of the 64 operations, the working variables are updated using the following steps:

plaintext
Copy code
F(B,C,D) = (B AND C) OR ((NOT B) AND D) (for round 1)
F(B,C,D) = (D AND B) OR ((NOT D) AND C) (for round 2)
F(B,C,D) = B XOR C XOR D (for round 3)
F(B,C,D) = C XOR (B OR (NOT D)) (for round 4)

Each operation modifies one of the working variables (A, B, C, or D) and involves an addition, bitwise
operation, and left rotation. The updated value is calculated as:

plaintext
Copy code
A = B + ((A + F(B,C,D) + M[k] + T[i]) << s)

 M[k]: One of the sixteen 32-bit words from the message block.
 T[i]: A constant derived from the sine function, specific to each operation.
 s: The number of bits to rotate left, specific to each operation.
5. Add This Block's Hash to Result So Far:
o After processing all 64 operations for the block, the intermediate hash value is added to the current value
of the MD buffer:

plaintext
Copy code
A = A + AA
B = B + BB
C = C + CC
D = D + DD

33
 6. Output:
o The final hash value is obtained by concatenating the variables A, B, C, and D (in little-endian format).

Pseudo-Code:

plaintext
Copy code
MD5 (message)
1. Initialize variables:
A = 0x67452301
B = 0xEFCDAB89
C = 0x98BADCFE
D = 0x10325476

2. Pre-processing:
- Add padding bits
- Add length

3. Process the message in successive 512-bit chunks:

for each 512-bit chunk:
- Copy chunk into sixteen 32-bit M[0..15]
- Initialize hash value for this chunk:
AA = A
BB = B
CC = C
DD = D

- Main loop:
for i from 0 to 63:
if 0 ≤ i ≤ 15:
F = (B AND C) OR ((NOT B) AND D)
g = i
else if 16 ≤ i ≤ 31:
F = (D AND B) OR ((NOT D) AND C)
g = (5×i + 1) mod 16
else if 32 ≤ i ≤ 47:
F = B XOR C XOR D
g = (3×i + 5) mod 16
else if 48 ≤ i ≤ 63:
F = C XOR (B OR (NOT D))
g = (7×i) mod 16

F = F + AA + K[i] + M[g]
AA = DD
DD = CC
CC = BB
BB = BB + leftrotate(F, s[i])

- Add this chunk's hash to result so far:

A = A + AA
B = B + BB
C = C + CC
D = D + DD

4. Output:
The final hash is the concatenation of A, B, C, and D.

Security:
34
  MD5 is no longer considered secure due to vulnerabilities that allow for collision attacks (finding two different
messages that produce the same hash). It should not be used for cryptographic purposes such as SSL/TLS
certificates or digital signatures.

Secure Hash Function (SHA)

The four SHA algorithms which make up the SHA family are SHA-0, SHA-1, SHA-2, and SHA-3. Despite coming
from the same family, the structure of it differs.

 The National Institute of Standards and Technology (NIST) released the first iteration of the 160-bit
hash algorithm, known as SHA-0, in 1993. It did not gain much popularity and had few drawbacks.
SHA-1 was created later in 1995 to address perceived flaws in SHA-0.
 SHA-1 is the most widely used of the existing SHA hash functions. It is used in most of the applications
and protocols including Secure Socket Layer (SSL) security.
 In 2005, a technique was discovered for SHA-1 collision detection that can be used in a realistic time
frame. So it is doubtful on SHA-1's long-term usability.
 SHA-224, SHA-256, SHA-384, and SHA-512 are the other four SHA variants in the SHA-2 family, which
vary based on the number of bits in their hash value. The SHA-2 hash function has not yet been the
target of any effective attacks
 Though SHA-2 is a strong hash function. Though significantly different, its basic design still follows the
design of SHA-1. NIST thus demanded the creation of new competitive hash function designs.
 The Keccak algorithm was selected by the NIST in October 2012 to replace the SHA-3 standard. Keccak
has several advantages, including effective operation and strong attack resistance.

SHA-1 (Secure Hash Algorithm 1)

Overview:

 Developed by the National Security Agency (NSA) and published by the National Institute of Standards and
Technology (NIST) in 1993.
 Produces a 160-bit (20-byte) hash value, typically rendered as a 40-digit hexadecimal number.

Algorithm Steps:

1. Padding the Message:

o The original message is padded so that its length (in bits) is congruent to 448 modulo 512. Padding is
done by appending a single '1' bit followed by '0' bits, and finally the length of the original message
(before padding) as a 64-bit integer.
2. Initialize Hash Values:
o SHA-1 uses five constant initial hash values:

plaintext
Copy code
H0 = 0x67452301
H1 = 0xEFCDAB89
H2 = 0x98BADCFE
H3 = 0x10325476
H4 = 0xC3D2E1F0

3. Processing the Message in 512-bit Blocks:

o The message is divided into 512-bit blocks. Each block is processed in a series of steps.
4. Processing Each Block:
35
 o Message Schedule: Each 512-bit block is divided into sixteen 32-bit words (W0, W1, ..., W15). These
are then expanded into 80 32-bit words using bitwise operations.
o Initialize Working Variables: Set the initial values of the working variables to the current hash values
(A, B, C, D, E).
o Compression Function: For each of the 80 rounds, the working variables are updated as follows:

plaintext
Copy code
TEMP = (A leftrotate 5) + f(B,C,D) + E + W[t] + K[t]
E = D
D = C
C = B leftrotate 30
B = A
A = TEMP

Here, f(B,C,D) is a nonlinear function that changes every 20 rounds, and K[t] is a constant value that
also changes every 20 rounds.

5. Add This Block's Hash to Result So Far:

o After processing all blocks, the final hash value is computed by adding the working variables back to the
initial hash values.

Weaknesses:

 SHA-1 is considered weak due to vulnerabilities that allow for practical collision attacks, where two different
inputs produce the same hash value. As a result, it is no longer recommended for cryptographic use.

SHA-256 (Secure Hash Algorithm 256-bit)

Overview:

 Part of the SHA-2 family, developed by the NSA and published in 2001.
 Produces a 256-bit (32-byte) hash value, typically rendered as a 64-digit hexadecimal number.

Algorithm Steps:

1. Padding the Message:

o The original message is padded so that its length (in bits) is congruent to 448 modulo 512. Padding is
done by appending a single '1' bit followed by '0' bits, and finally the length of the original message
(before padding) as a 64-bit integer.
2. Initialize Hash Values:
o SHA-256 uses eight constant initial hash values:

plaintext
Copy code
H0 = 0x6A09E667
H1 = 0xBB67AE85
H2 = 0x3C6EF372
H3 = 0xA54FF53A
H4 = 0x510E527F
H5 = 0x9B05688C

36
 H6 = 0x1F83D9AB
H7 = 0x5BE0CD19

3. Processing the Message in 512-bit Blocks:

o The message is divided into 512-bit blocks. Each block is processed in a series of steps.
4. Processing Each Block:
o Message Schedule: Each 512-bit block is divided into sixteen 32-bit words (W0, W1, ..., W15).
These are then expanded into 64 32-bit words using the following formula:

plaintext
Copy code
W[t] = W[t-16] + σ0(W[t-15]) + W[t-7] + σ1(W[t-2])

Where:

plaintext
Copy code
σ0(x) = (x rightrotate 7) XOR (x rightrotate 18) XOR (x rightshift 3)
σ1(x) = (x rightrotate 17) XOR (x rightrotate 19) XOR (x rightshift 10)

o Initialize Working Variables: Set the initial values of the working variables to the current
hash values (A, B, C, D, E, F, G, H).
o Compression Function: For each of the 64 rounds, the working variables are updated as
follows:

plaintext
Copy code
T1 = H + Σ1(E) + Ch(E,F,G) + K[t] + W[t]
T2 = Σ0(A) + Maj(A,B,C)
H = G
G = F
F = E
E = D + T1
D = C
C = B
B = A
A = T1 + T2

Where:

plaintext
Copy code
Σ0(x) = (x rightrotate 2) XOR (x rightrotate 13) XOR (x rightrotate 22)
Σ1(x) = (x rightrotate 6) XOR (x rightrotate 11) XOR (x rightrotate 25)
Ch(x,y,z) = (x AND y) XOR ((NOT x) AND z)
Maj(x,y,z) = (x AND y) XOR (x AND z) XOR (y AND z)

5. Add This Block's Hash to Result So Far:

o After processing all blocks, the final hash value is computed by adding the working variables back to the
initial hash values.

Strengths:

37
  SHA-256 is widely used and considered secure against currently known attack methods. It provides a good
balance of security and performance.

CityHash

CityHash is another non-cryptographic hash function that is designed for fast hashing of large amounts of
data. It is optimized for modern processors and offers good performance on both 32-bit and 64-bit
architectures.

BLAKE2

BLAKE2 is a fast and secure hash function that improves upon SHA-3. It is widely used in applications like
cryptocurrency mining that need fast hashing. There are two types of BLAKE2 −

 BLAKE2b − Best for 64-bit computers, it produces hash values up to 512 bits long.
 BLAKE2s − Best for smaller computers (8-32 bits), it produces hash values up to 256 bits long.

CRC (Cyclic Redundancy Check)

CRC (Cyclic Redundancy Check) is a technique used to detect errors in data transfer. It involves adding a
special value called a checksum to the end of a message. This checksum is calculated based on the message's
content and is included during transmission.

When the data is received, the recipient recalculates the checksum using the same method. If the new
checksum matches the original one, it's likely that the message was transmitted without errors. While CRC is
effective for error detection, it's not a security measure. It is primarily used to ensure the integrity of data
during transmission, not to protect it from unauthorized access or modification.

MurmurHash

MurmurHash is a speedy and effective hash function that is not meant for security. It is great for things like
hash tables but not for tasks that need protection against collisions (situations where different inputs produce
the same hash).

Standard Length
Hashing involves converting a data set of any size into a shorter, fixed-length output using a mathematical
formula.

Table I: Different Hash Functions

In table I, the message "CFI" is converted into hash values using three algorithms: MD5, SHA-1, and SHA-
256. Each algorithm produces a unique output hash with a fixed length. MD5 generates a hash with 32
hexadecimal characters, SHA-1 with 40 characters, and SHA-256 with 64 characters.

Input
Hash Function Output (Hash Value)
Message

CFI MD5 (128-bit, 16-byte) 3A10 0B15 B943 0B17 11F2 E38F 0593 9A9A

38
 32 characters

SHA-1 (160-bit, 20-byte) 569D C9F0 7B48 7F58 9241 AD4C 5C28 7DA0
CFI
40 characters A448 8D08

SHA-256 (256-bit, 32- F3ED 0867 48FF 3641 3091 0BB6 6293 7080
CFI
byte) 64 characters 2958 B5A2 52AF F364 1FC5 07FD E80D 9929

Table II: Using the Same Hash Function (SHA-1) with different Inputs

Besides the data (input) used, a hash function consistently generates a hash value with a fixed number of
characters. As shown in Table II, different messages inputted into the same hash function (SHA-1 in this case)
consistently produce output values of 40 hexadecimal characters in length.

Input Hash
Output (Hash Value)
Message Function

569D C9F0 7B48 7F58 9241 AD4C 5C28 7DA0 A448

CFI SHA-1
8D08

82C0 5EDC 608F AA08 8EE0 BDD8 8E22 3B38 CA38

Corporate FI SHA-1
82CC

2013 85FC EEE4 F73D 07F0 4F2A A4CB BOE9 12BF

CF Input SHA-1
BBB8

C501 23CE 8BB2 A42D 5BB4 4DA7 3FC2 3B3D 62F5

CFI 1 SHA-1
14A5

Applications of Hash Functions

Based on its cryptographic characteristics, the hash function has two direct uses.

Password Storage

Hash functions provide protection to password storage. Instead of storing passwords in clear, mostly all login
processes store the hash values of passwords in the file.

The Password file is a table of pairs in the format (user id, h(P)).

Even if an attacker has access to the password, all they can see is the hashes of the passwords. Because the
hash function contains the pre-image resistance feature, he cannot use it to log in or get the password from it.

Data Integrity Check

Data integrity checks, commonly using hash functions, provide assurances about the accuracy of data files by
creating checksums. This method allows users to detect any alterations made to the original file.

However, it does not guarantee the authenticity of the file. An attacker could potentially modify the entire file
and generate a new hash, sending it to the receiver. This integrity check is only effective if the user trusts the
file's original source.

39
 Hashing vs Encryption
Encryption transforms data into a disguised form, requiring a cipher (key) to decipher and read it. Encryption
and decryption are reversible processes enabled by the cipher. Encryption is used with the goal of later
deciphering the data.

Hashing transforms data of any size into a fixed-length output. Unlike encryption, hashing is typically a one-
way function. The high computational effort needed to reverse a hash makes it difficult to retrieve the original
data from the hashed output.

Data is protected during transmission by encryption, which stops unwanted access. By comparing the data to a
distinct fingerprint (hash) created from the original data, hashing ensures the integrity of the data. Encryption
keeps data confidential, while hashing ensures authenticity by detecting any modifications.

Digital signature:
It is an authentication mechanism that allows the sender to attach an electronic
code with the message. This electronic code acts as the signature of the sender and
hence, is named digital signature.
It is done to ensure its authenticity and integrity.
Digital signature uses the public-key cryptography technique. The sender uses his
or her private keyand a signing algorithm to create a digital signature and the
signed document can be made public. The receiver, uses the public key of the
sender and a verifying algorithm to verify the digitalsignature.
A normal message authentication scheme protects the two communicating parties
against attacks from a third party (intruder). However, a secure digital signature
scheme protects the two parties against each other also.
Suppose A wants to send a signed message (message with A's digital signature) to
B through a network. For this, A encrypts the message using his or her private
key, which results in a signed message. The signed message is then sent through
the network to B.
Now, B attempts to decrypt the received message using A's public key in order to
verify that the received message has really come from A.
If the message gets decrypted, B can believe that the message is from A. However,
if the message or the digital signature has been modified during transmission, it
40
 cannot be decrypted using A's public key. From this, B can conclude that either
the message transmission has tampered with, or that the message has not been
generated by A.
Message integrity:
 Digital signatures also provide message integrity.
 If a message has a digital signature, then any change in the message after the
signature is attached will invalidate the signature.
 That is, it is not possible to get the same signature if the message is changed.
Moreover, there is no efficient way to modify a message and its signature such that
a new message with a valid signature is produced.
Non-repudiation:
 Digital signatures also ensure non-repudiation.
 For example, if A has sent a signed message to B, then in future A cannot deny
about the sending ofthe message. B can keep a copy of the message along with A's
signature.
 In case A denies, B can use A’s public key to generate the original message. If
the newly createdmessage is the same as that initially sent by A, it is proved that
the message has been sent by A only

 In the same way, B can never create a forged message bearing A's digital
signature, because only Acan create his or her digital signatures with the help of
that private key.
Message confidentiality:
 Digital signatures do not provide message confidentiality, because anyone knowing
the sender's public key can decrypt the message.

Digital signature process:

The digital signature process is shown in Figure. Suppose user A wants to send a signed
message to B through a network. To achieve this communication, these steps are
followed:
 A uses his private key (EA), applied to a signing algorithm, to sign the message (M).
 The message (M) along with A's digital signature (S) is sent to B.
 On receiving the message (M) and the signature (S), B uses A's public key (DA),
applied to the verifying algorithm, to verify the authenticity of the message. If the
message is authentic, B accepts the message, otherwise it is rejected.

41
DIGITAL CERTIFICATE & PUBLIC KEY INFRASTRUCTURE

Digital Certificate:
 A digital certificate is simply a small computer file. For example, my digital
certificate would actually be a computer file with a file name such as name .cer.
 The digital certificate is actually quite similar to a passport. As we know every
passport has a unique passport number, similarly every digital certificate has a
unique serial number. Also gives information of the issuer’s name, serial number,
public key, validity period, etc.
 Digital Certificate is issued by a trusted agency called as CA (Certification
Authority).
 Another third party called as RA (Registration Authority) acts as a intermediate
entity between CA and end user.
 Satisfies the principle of Authentication, non-repudiation.
Certification Authority (CA)
 CA has to be someone, who everybody trusts. Consequently, the governments in
variouscountries decide who can and who cannot be a CA.
 Usually, a CA is a reputed organization, such as a post office, financial
institution, software company, etc. Two of the world’s most famous CAs are
VeriSign and Entrust. Safescrypt Limited is the first Indian CA.
 Thus, a CA has the authority to issue digital certificates to individuals and
organizations,who want to use those certificates in asymmetric-key cryptographic
applications.
Technical Details of a Digital Certificate:
A standard called X.509 defines the structure of a digital certificate. The International
Telecommunication Union (ITU) designs this standard. At that time, it was a part of
another standard called X.500. The current version of the standard is Version 3, called
X.509V3.

42
Contents of Digital Certificate:

Version: Version of X.509 protocol. Version can be 1,2 or 3

Certificate Serial No.: Contains unique integer which is generated by CA
Signature Algorithm Identifier: Identifies the algorithm used by CA to sign the certificate.
Issuer Name: Identifies the Distinguished Name that created & signed the certificate Validity:
(not before/not after) Contains two date-timevalues. This value generally specifies the date &
time up to seconds or milliseconds.
Subject name: Distinguished Name of the end user (user or organization)
Subject Public key info.: This field can never be blank. Contains public key & algorithm
related.
Issuer Unique Identifier: Helps identify a CA uniquely if two or more CAs have used the same
Issuer Name over time.
Subject Unique Identifier: Helps identify a subject uniquely if two or more subjects have used
the same Subject Name over time.
Digital-Certificate Creation:
1. Parties Involved
 end user (may be a single user or organization),
 issuer (CA),
 third party is also (optionally) called a Registration Authority (RA), involved in the
certificate creation and management.
The RA commonly provides the following services
 Accepting and verifying
registrationinformation about new users.
 Generating keys on behalf of the end users.
 Accepting and authorizing requests for
keybackups and recovery.
 Accepting and authorizing the requests
forcertificate revocation.
 RA is mainly set up for facilitating the
interaction between the end users and the
CA
 The RA cannot issue digital certificates.
 The CA must handle this. Additionally,
after a certificate is issued, the CA is
responsible for all the certificate
management aspects, such as tracking its
status, issuing revocation notices if
the certificate needs to be invalidated for some reason, etc.

43
2. Certificate Creation Steps

Step 1: Key Generation:

 The action begins with the subject (i.e. the

user/organization) who wants to obtain a
certificate.
 There are two different approaches for this
purpose:
 Firstly, the subject can create a private key
and public key pair using some software.
 The subject must keep the private
key which is generated, keep it
secret. The subject then sends the
public key along with other
information to the RA.

 Secondly, the RA can generate a key pair on-behalf the subject.

 This can happen in cases where either the user is not aware of the
technicalitiesinvolved in the generation of a key pair.
 The RA sends the private key which is generated, to the subject. The
RA keepsthe public key.
Step 2: Registration:
 This step is required only if the user generates the key pair in the first step. If the
RA generates the key pair on the user’s behalf, this step will also be a part of the
first step itself.
 Assuming that the user has generated the key pair, the user now sends the public
key and the associated registration information (e.g. subject name, as it is desired
to appear in the digital certificate) and all the required evidence about
himself/herself to the RA.
 For this, the software provides a wizard in which the user enters all the data then
submits it. This data then travels over the network/Internet to the RA. This format
for the certificate requests has been is called Certificate Signing Request (CSR).
This is one of the Public Key Cryptography Standards (PKCS),

 Note that the user must not send the private key to the RA—the user must keep it
securely.

44
 Step 3: Verification:
After the registration process is complete, the RA has to verify the user’s
credentials. This verification is in two respects, as follows.
1. Firstly, the RA needs to verify the user’s credentials which are provided by the user.
 If the user were actually an organization then the RA would perhaps like
to check the business records, historical documents and credibility proofs.
 If it is an individual user then simpler checks are in call, such as verifying
the postal address, email id, phone number, passport or driving-license
details can be sufficient.
2. Secondly, check is to ensure that the user who is requesting for the certificate,
whether he/she possesses the private key or not corresponding to the public key
that is sent to the RA.
This is very important, because there must be a record that the user possesses the private
key corresponding to the given public key. Otherwise, this can create legal problems. This
check is called the Proof Of Possession (POP) of the private key.

How can the RA perform this check? There are many approaches to this, the chief
ones being as follows.
 The RA can demand that the user must digitally sign his/her Certificate Signing
Request (CSR) using his/her private key. If the RA can verify the signature (i.e.
de-sign the CSR) correctly using the public key of the user, the RA can believe
that the user indeed possesses the private key.
 Alternatively, the RA can create a random number challenge; encrypt it with the
user’s public key and send the encrypted challenge to the user. If the user can
successfully decrypt the challenge using his/her private key, the RA can assume
that the user possesses the right private key.
 Thirdly, the RA can actually generate a dummy certificate for the user, encrypt it
using the user’s public key and send it to the user. The user can decrypt it only if
he/she can decrypt the encrypted certificate, and obtain the plain-text certificate.
Step 4: Certificate Creation:
 Assuming that all the steps so far have been successfully done, and then RA
passes on allthe details of the user to the CA.
 The CA does its own verification (if required) and creates a digital certificate for the
user.
 The creation of certificate as per the X.509 standard.
 The CA sends the certificate to the user, and also retains a copy of the certificate
for itsown record.
 The CA’s copy of the certificate is maintained in a certificate directory. This is a
centralstorage location maintained by the CA.

Certificate Hierarchies and Self-signed Digital Certificates:

45
 Certificate hierarchy relieves the root CA from having to manage all the possible digital
certificates.

As a substitute, the root CA can hand over this job to the second-level CAs. This hand
over can happen region-wise. E.g. one second level CA could be responsible for the
Western region, another for the Eastern region, a third one for the Northern region, and a
fourth one for the Southern region, etc.). Each of these second-level CAs could appoint
third-level CAs state-wise within that region. Each third-level CA could hand over its
responsibilities to a fourth-level CA city-wise, and so on.
The root CA signs its own certificate. This certificate of the root CA is called self-signed
certificate.
Cross-Certification
 It is quite possible that user A and user B live in different countries.
 This would mean that their root CAs may be different. Because generally each
countryappoints its own root CA. In fact, one country can have multiple root CAs
as well.
 For instance, the root CAs
in the US are VeriSign,
Thawte, and the US Postal
Service. In such cases, there
is no single root CA, which
can be trusted by all the
concerned parties.
 In our example, why should
user A—a Japanese
national, trust user B’s root
CA—a US-based
organization?
 Cross-certification allows
CAs and end users from
different PKI domains to
interact called cross
certification.
Certificate Revocation:
Reasons for revocation:
 If the private key corresponding to the public key is stolen.
 The CA realizes that it had made mistake while issuing the certificate.
 The certificate holder leaves a job and the certificate was issued specifically
while thePerson was employed in that job.
 It checks: Online revocation status, Off-line revocation status

46
Key Exchange
Overview: Key exchange allows two parties to share a secret key, which can be used for encrypting and
decrypting messages. This is crucial for establishing secure communication, especially in scenarios where the
parties have not previously shared a secret key.

Types of Key Exchange Methods

1. Symmetric Key Exchange:
o Involves sharing the same key for both encryption and decryption.
o Typically requires a secure method to transmit the key itself.
o Example: Using a courier to deliver the key physically, which is impractical for large-scale or real-time
communication.
2. Asymmetric Key Exchange:
o Uses public-key cryptography, where each party has a public and a private key.
o Public keys are shared openly, while private keys are kept secret.
o This method is more secure and scalable for establishing shared keys over insecure channels.

Diffie-Hellman Key Exchange

Overview: The Diffie-Hellman Key Exchange is one of the earliest and most widely used methods for
exchanging cryptographic keys over a public channel.

Algorithm Steps:

1. Choose Parameters:
o Both parties agree on a large prime number ppp and a base ggg (also known as the generator). These
values are not secret and can be shared openly.
2. Generate Private and Public Keys:
o Party A:
 Chooses a private key aaa (a random number).
 Computes the public key A=gamod pA = g^a \mod pA=gamodp.
o Party B:
 Chooses a private key bbb (a random number).
 Computes the public key B=gbmod pB = g^b \mod pB=gbmodp.
3. Exchange Public Keys:
o Party A sends its public key AAA to Party B.
o Party B sends its public key BBB to Party A.
4. Compute Shared Secret:
o Party A:
 Computes the shared secret s=Bamod ps = B^a \mod ps=Bamodp.
o Party B:
 Computes the shared secret s=Abmod ps = A^b \mod ps=Abmodp.

Since s=Bamod p=(gbmod p)amod p=gabmod ps = B^a \mod p = (g^b \mod p)^a \mod p = g^{ab} \mod
ps=Bamodp=(gbmodp)amodp=gabmodp and s=Abmod p=(gamod p)bmod p=gabmod ps = A^b \mod p =

47
 (g^a \mod p)^b \mod p = g^{ab} \mod ps=Abmodp=(gamodp)bmodp=gabmodp, both parties end up with the
same shared secret sss.

Security:

 The security of the Diffie-Hellman Key Exchange relies on the difficulty of the discrete logarithm problem,
which makes it computationally infeasible for an attacker to derive the shared secret from the public values ppp,
ggg, AAA, and BBB.

Diffie-Hellman Key Exchange

The first published public-key algorithm appeared in the seminal paper by Diffie and Hellman that defined
public-key cryptography and is generally referred to as Diffie-Hellman key exchange. A number of commercial
products employ this key exchange technique. The purpose of the algorithm is to enable two users to securely
exchange a key that can then be used for subsequent encryption of messages. The algorithm itself is limited to the
exchange of secret values.

The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms.
Briefly, we can define the discrete logarithm in the following way. First, we define a primitive root of a prime
number p as one whose powers modulo p generate all the integers from 1 to p 1. That is, if a is a primitive root of
the prime number p, then the numbers a mod p, a2 mod p,…, ap1 mod p
are distinct and consist of the integers from 1 through p 1 in some permutation.

For any integer b and a primitive root a of prime number p, we can find a unique exponent i such thatb ≡ai (mod p)
where 0≤ i ≤(p 1). The exponent i is referred to as the discrete logarithm of b for the base a, mod p. We express this
value as dloga,p (b). See Chapter 8 for an extended discussion of discrete logarithms.

2. Principle behind Diffie-Hellman

Figure 1 summarizes the Diffie-Hellman key exchange algorithm. For this scheme, there are two publicly known
numbers: a prime number q and an integer that is a primitive root of q. Suppose the users A and B wish to exchange
a key. User A selects a random integer XA < q and computes YA = αXA mod q. Similarly, user B independently
selects a random integer XA < q and computes YB = αXB mod q. Each side keeps the X value private and makes
the Y value available publicly to the other side. User A computes the key as K = (YB)XA mod q and user B computes
the key as

48
49
 The result is that the two sides have exchanged a secret value. Furthermore, because XA and XB are private, an
adversary only has the following ingredients to work with: q, α, YA, and YB. Thus, the adversary is forced to take a
discrete logarithm to determine the key. For example, to determine the private key of user B, an adversary must
compute XB = dlogα,q (YB) The adversary can then calculate the key K in the same manner as user B calculates it.
The security of the Diffie-Hellman key exchange lies in the fact that, while it is relatively easy to calculate
exponentials modulo a prime, it is very difficult to calculate discrete logarithms. For large primes, the latter task is
considered infeasible.

Example 1

Let us give a trivial example to make the procedure clear. Our example uses small numbers, but note that in a
real situation, the numbers are very large. Assume that g=7 and p=23.The steps are as follows:

1. Alice chooses x=3 and calculate R1 =73mod 23=21

2. Bob chooses y=6 and calculate R2=76mod 23=4
3. Alice sends the number 21 to Bob
4. Bob sends the number 4 to Alice
5. Alice calculates the symmetric key K=43 mod 23=18
6. Bob calculates the symmetric key K=216 mod 23=18

The value of K is the same for both Alice and Bob; gxy mod p=718 mod=18

Example 2
Let us give a more realistic example. We used a program to create a random integer of 512bits (the ideal is 1024
bits). The integer p is a 159-digit number.
We also choose g,x, and y as shown below:

50
3. Key Exchange Protocols

Figure 2 shows a simple protocol that makes use of the Diffie-Hellman calculation. Suppose that user A, wishes to
set up a connection with user B and use a secret key to encrypt messages on that connection. User A can generate a
one-time private key XA, calculate YA, and send that to user B. User B responds by generating a private
value XB calculating YB, and sending YB to user A. Both users can now calculate the key. The necessary public
values q and α would need to be known ahead of time. Alternatively, user A could pick values for q and α and
include those in the first message.

As an example of another use of the Diffie-Hellman algorithm, suppose that a group of users (e.g., all users on a
LAN) each generate a long-lasting private value Xi (for user i) and calculate a public value Yi. These public values,
51
together with global public values for q and α, are stored in some central directory. At any time, user j can access
user i‘s public value, calculate a secret key, and use that to send an encrypted message to user A. If the central
directory is trusted, then this form of communication provides both confidentiality and a degree of authentication.
Because only i and j can determine the key,no other user can read the message (confidentiality). Recipient i knows
that only user j could have created a message using this key (authentication). However, the technique does not
protect against replay attacks.
4. Man-in-the-Middle Attack

It is insecure against a man-in-the-middle attack. Suppose Alice and Bob wish to exchange keys, and Darth is the
adversary. The attack proceeds as follows:

1. Darth prepares for the attack by generating two random private keys XD1 and XD2

and then computing the corresponding public keys YD1 and YD2.

2. Alice transmits YA to Bob.

3. Darth intercepts YA and transmits YD1 to Bob.Darth also calculates K2 = (YA)XD2

mod q.

4. Bob receives YD1 and calculates K1 = (YD1)XE mod q.

5. Bob transmits XA to Alice.

6. Darth intercepts XA and transmits YD2 to Alice. Darth calculates K1 = (YB)XD1

mod q.

7. Alice receives YD2 and calculates K2 = (YD2)XA mod q.

At this point, Bob and Alice think that they share a secret key, but instead Bob and Darth share secret key K1 and
Alice and Darth share secret key K2. All future communication between Bob and Alice is compromised in the
following way:

1. Alice sends an encrypted message M: E(K2, M).

2. Darth intercepts the encrypted message and decrypts it, to recover M.

3. Darth sends Bob E(K1, M) or E(K1, M‘), where M‘ is any message.

In the first case, Darth simply wants to eavesdrop on the communication without altering it. In the second case,
Darth wants to modify the message going to Bob. The key exchange protocol is vulnerable to such an attack
because it does not authenticate the participants. This vulnerability can be overcome with the use of digital
signatures and public-key certificates.

Elliptic Curve Diffie-Hellman (ECDH)

52
Overview: Elliptic Curve Diffie-Hellman is a variant of the Diffie-Hellman Key Exchange that uses elliptic
curve cryptography to provide the same level of security with smaller key sizes, making it more efficient.

Algorithm Steps:

1. Choose Parameters:
o Both parties agree on an elliptic curve EEE defined over a finite field and a base point GGG on the
curve. These values are not secret.
2. Generate Private and Public Keys:
o Party A:
 Chooses a private key aaa (a random number).
 Computes the public key A=aGA = aGA=aG (point multiplication on the elliptic curve).
o Party B:
 Chooses a private key bbb (a random number).
 Computes the public key B=bGB = bGB=bG.
3. Exchange Public Keys:
o Party A sends its public key AAA to Party B.
o Party B sends its public key BBB to Party A.
4. Compute Shared Secret:
o Party A:
 Computes the shared secret S=aBS = aBS=aB.
o Party B:
 Computes the shared secret S=bAS = bAS=bA.

Since S=aB=a(bG)=abGS = aB = a(bG) = abGS=aB=a(bG)=abG and S=bA=b(aG)=abGS = bA = b(aG) =

abGS=bA=b(aG)=abG, both parties end up with the same shared secret SSS.

Security:

 The security of ECDH relies on the difficulty of the elliptic curve discrete logarithm problem, making it highly
secure with shorter keys compared to traditional Diffie-Hellman.

Other Key Exchange Methods

1. RSA Key Exchange:
o Uses the RSA algorithm, where one party encrypts a random secret with the recipient's public key, and
the recipient decrypts it with their private key to obtain the shared secret.
2. Post-Quantum Key Exchange:
o Emerging methods designed to be secure against quantum computer attacks, such as lattice-based, code-
based, and multivariate polynomial key exchange schemes.

Considerations for Secure Key Exchange

 Authentication: Ensuring the identities of the parties involved to prevent man-in-the-middle attacks.
 Key Management: Securely generating, distributing, storing, and disposing of keys.
 Forward Secrecy: Ensuring that a compromise of long-term keys does not compromise past session keys.

Practical Applications
53
  SSL/TLS: Secure web communication protocols use key exchange methods (like ECDH) to establish secure
connections between browsers and servers.
 VPNs: Virtual Private Networks use key exchange protocols to create secure communication channels over the
internet.
 Encrypted Messaging: Applications like Signal and WhatsApp use key exchange protocols to secure end-to-
end communication between users.

Key exchange is a foundational aspect of modern cryptography, enabling secure communication in various
digital applications and services.

Private Key Management:

To protect the private key by means:-
 Password protection
 Tokens
 Biometrics
 Smart Cards
 Apart from these, the private key used for digital signing must be destroyed. In
contrast,the Private key used for encryption/decryption must be archived.
 In case of certificate expiration, the user needs to update its key.
 The CA should maintain history of certificates & keys to prevent any
legalproblems.

The PKIX (Public Key Infrastructure X.509) model:

(a) Registration:
In this process the end-entity (subject/user) registers to a CA. Usually this is via an RA.
(b) Initialization:
Process to verify that the end-entity is talking to the right CA.
(c) Certification:
In this step, the CA creates a digital certificate for the end-entity and returns it to
the end-entity and keeps a copy for its own records.
(d) Key-Pair Recovery:
Keys used for encryption of some old documents may be required to be
recovering datafor decrypting. Key archival and recovery services can be provided
by a CA.
(e) Key Generation:
PKIX specifies that the end-entity should be able to generate private-and
public-keypairs, or the CA/RA should be able to do this for the end-entity.
(f) Key Update:
This allows issuing new key pair from old one by the automatic renewal of
digitalcertificates. But there is a provision for issuing digital certificate manually.
(g) Cross-certification:
In this, each end-entity that are certified by different CAs can cross-verify each other.
(h) Revocation:
PKIX provides support for the checking of the certificate status in two modes:
online oroffline.
54
PKIX Architectural Model:

 X.509 v3 Certificate & v2 Certificate Revocation List profiles:

Lists the use of various options while describing extensions of a digital certificate.
 Operational Protocol:
Defines the underlying protocols that provide the transport mechanism.
 Management Protocol:
Enables exchange of information between the various PKI entities and
specifies thestructure & details of PKI messages.

55
  Policy outlines:
Defines policies for the creation of Certificate Policies & Certificate Practice
Statements.
 Timestamp & Data Certification Services:
Both are the trusted third parties that provide services to guarantee the
existence ofcertificate & DCS verifies the correctness of data that it receives.

PKCS (Public Key Cryptography Standards)

Standard Description
PKCS#1: RSA Encryption Standard. Defines rules for calculating digital certificate.
PKCS#2: RSA Encryption Standard for Message Digest.
PKCS#3: Diffie-Hellman Key Agreement Standard.
PKCS#4: NA. Merged with PKCS#1
PKCS#5: Password Based Encryption(PBE). Defines method to encrypt symmetric key.
PKCS#6: Extended Certificate Syntax Standard. Defines syntax for extending
the basicattribute of an X.509 digital certificate.
PKCS#7: Cryptographic Message Syntax Standard.
PKCS#8: Private Key Information Standard.
PKCS#9: Selected Attribute Types. Defines selected attribute for use in PKCS#6
extendedcertificates.
PKCS#10: Certificate Request Syntax Standard
PKCS#11: Cryptographic Token Interface Standard.
PKCS#12: Personal Information Exchange Syntax Standard.
PKCS#13 Elliptic Curve Cryptography Standard.
PKCS#14 Pseudo –Random Number Generation Standard.
PKCS#15 Cryptographic Token Information Syntax standard.

Digital Envelop:

 A digital envelope is a secure electronic data

container that is used to protect a message
through encryption and data authentication.
 A Digital Envelope is created by symmetric
key algorithm (e.g. AES) and the symmetric
key.
 The symmetric key is then encrypted with
an asymmetric key algorithm (e.g. RSA) and
the recipient’s public key.

56
 References:

1. Cryptography & Network security by A. Kahate

2. Cryptography & Network Security Principals and Practices by W.Stallings

3. Cryptography & Information security by Pachghare

4. https://en.wikipedia.org

5. https://nptel.ac.in

6. https://www.geeksforgeeks.org/

57