UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

UNIT-2(BASIC OF CRYPTOGRAPHY)
LECTURE NO: -1
SYMMETRIC CRYPTOGRAPHY

Symmetric cryptography, also known as secret-key cryptography, is a type of encryption

where the same key is used for both encryption and decryption. This makes it fast and
efficient but requires secure key distribution between parties. Symmetrical Key Cryptography
also known as conventional or single-key encryption was the primary method of encryption
before the introduction of public key cryptography in the 1970s. In symmetric-key
algorithms, the same keys are used for data encryption and decryption. This type of
cryptography plays a crucial role in securing data because the same key is used for both
encryption and decryption.

In this article, we will cover the techniques used in symmetric key cryptography, its
applications, principles on which it works, its types and limitations as well as what type of
attacks in the digital world it gets to face.

Techniques Used in Symmetric Key Cryptography

Substitution and Transposition are two principal techniques used in symmetric-key

cryptography.

Substitution Techniques

The symmetric key cryptographic method employs one secret key for the operations of
encryption and decryption. Substitution techniques provide two significant approaches,
wherein elements (letters, characters) from the plaintext message are replaced with new
elements according to the rules based on the secret key.

 Caesar Cipher: Caesar cipher has since their predictability is so complete and no
complexity is invested.

 Monoalphabetic Ciphers: This is where the ciphers use one rule of substitution
throughout the message. This may involve replacing letters with numbers, symbols,
or another set of letters in another order.

 Playfair Cipher: Implementation of repeated letters or letter pairs can expose

patterns, and cryptanalysis techniques exist to exploit them.

1
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

 Hill Cipher: This cipher operates on blocks of letters (typically bigrams or trigrams)
using a matrix multiplication approach. The Hill ciphers have a limitation on key size
and susceptibility towards cryptanalysis for larger key sizes.

 Polyalphabetic Ciphers: This is the type of cipher where any one of the letters in the
plaintext is substituted by a different letter to keep frequency analysis challenging.
For example, the Vigenère cipher operates with a keyword that would determine the
shift value for each letter in the plaintext.

 One-Time Pad (OTP): It is a theoretically impossible cipher where the key is a random
string of characters that is exactly as long as the message itself. The key is used for a
single encryption and then discarded.

Diagram of Symmetric Encryption

Transposition Techniques

Transposition techniques rearrange the order of elements in the plaintext message without
changing the elements themselves.

 Rail Fence Cipher: This is a simple cipher that rearranges the elements by writing the
plaintext message in a zigzag pattern, with the different components written in rows

2
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

(rails) of an imaginary fence and then reading through the columns in a standard
order. The key to this is the number of rails used.

 Columnar Transposition: In the case of a plaintext message written in columns and

then the columns rearranged according to a permutation determined by the key, this
cipher is known as columnar transposition. Although it is still vulnerable to
cryptanalysis techniques that exploit the statistical properties of the language.

Key Features of Symmetric Cryptography

1. Single Key – The same key is used for encryption and decryption.
2. Fast and Efficient – Compared to asymmetric cryptography, symmetric encryption is
much faster.
3. Key Distribution Challenge – Securely sharing the secret key between sender and
receiver is a major challenge.
4. Used for Bulk Data Encryption – It is commonly used for encrypting large amounts of
data, such as files or entire communication channels.

Common Symmetric Encryption Algorithms

 AES (Advanced Encryption Standard) – A widely used standard for secure encryption.
 DES (Data Encryption Standard) – An older algorithm, now considered insecure due
to its small key size.
 3DES (Triple DES) – An improvement over DES that applies encryption three times for
better security.
 Blowfish & Twofish – Flexible key-length algorithms, commonly used in software
applications.
 ChaCha20 – A modern stream cipher known for efficiency and security.

Applications of Symmetric Cryptography

 Secure Communication (SSL/TLS, VPNs, Wi-Fi Encryption)

 File and Disk Encryption (BitLocker, VeraCrypt)
 Database Encryption
 Mobile and Cloud Storage Security

Challenges and Limitations of Symmetric Key Cryptography

3
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

 Key management and distribution: Both the sender and the receiver in the SKC of a
message need to have the same key, and the key should not be seen by a third party.
In case the key is somehow captured or compromised by a third party, the security of
the encrypted data is also lost.

 Non-repudiation: Non-repudiation refers to the ability to prove that a specific party

has sent a message. In SKC, since the same key is used for encryption and decryption,
it is impossible to find out which party created a particular cipher text.

References
1.Cryptography and Network Security - Principles and Practice: William Stallings, Pearson
Education,6th Edition
2.Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 3rd Edition
3.Network Security and Cryptography: Bernard Menezes, CENGAGE Learning

4
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

ASYMMETRIC CRYPTOGRAPHY
LECTURE No.-2
Asymmetric encryption, also known as public-key cryptography, is a type of encryption that
uses a pair of keys to encrypt and decrypt data. The pair of keys includes a public key, which
can be shared with anyone, and a private key, which is kept secret by the owner.

What is an Asymmetric Encryption?

In asymmetric encryption, the sender uses the recipient’s public key to encrypt the data. The
recipient then uses their private key to decrypt the data. This approach allows for secure
communication between two parties without the need for both parties to have the same
secret key. Asymmetric encryption has several advantages over symmetric encryption, which
uses the same key for both encryption and decryption. One of the main advantages is that it
eliminates the need to exchange secret keys, which can be a challenging process, especially
when communicating with multiple parties.

Additionally, asymmetric encryption allows for the creation of digital signatures, which can
be used to verify the authenticity of data. Asymmetric encryption is commonly used in
various applications, including secure online communication, digital signatures, and secure
data transfer. Examples of asymmetric encryption algorithms include RSA, Diffie-Hellman,
and Elliptic Curve Cryptography (ECC).

Asymmetric encryption, commonly known as public-key cryptography, employs two distinct

keys for encryption and decoding. The private key is a separate key from the public key that
is kept private by the owner of the public key while the public key is made available to
everyone. Anyone can encrypt a message using the public key, but only the holder of the
private key can unlock it. With no chance of the communication being intercepted and read
by a third party, anyone can send a secure message to the public key’s owner.

Asymmetric encryption is frequently used for secure Internet communication, including

email encryption, e-commerce, and online banking. Digital signatures, which are used to
confirm the legitimacy of digital documents and messages, are another application for it.

Advantages of Asymmetric Encryption

Asymmetric encryption also known as public key cryptography is a method of cryptography
that uses two different keys to encrypt and decrypt data, here are some advantages of
asymmetric encryption: –

 Enhanced Security: Asymmetric encryption provides a higher level of security

compared to symmetric encryption where only one key is used for both encryption
and decryption with asymmetric encryption a different key is used for each process

5
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

and the private key used for decryption is kept secret by the receiver making, it harder
for an attacker to intercept and decrypt the data.

 Authentication: Asymmetric encryption can be used for authentication purposes

which means that the receiver can verify the sender s identity. This is achieved by the
sender encrypting a message with their private key which can only be decrypted with
their public key if the receiver can successfully decrypt the message, it proves that it
was sent by the sender who has the corresponding private key.

 Non-repudiation: Asymmetric encryption also provides non-repudiation which

means that the sender cannot deny sending a message or altering its contents this is
because the message is encrypted with the sender s private key and only their public
key can decrypt it . Therefore, the receiver can be sure that the message was sent by
the sender and has not been tampered with.

 Key distribution: Asymmetric encryption eliminates the need for a secure key
distribution system that is required in symmetric encryption with symmetric
encryption, the same key is used for both encryption and decryption and the key
needs to be securely shared between the sender and the receiver asymmetric
encryption, on the other hand, allows the public key to be shared openly and the
private key is kept secret by the receiver.

 Versatility: Asymmetric encryption can be used for a wide range of applications

including secure email communication online banking transactions and e-commerce
it is also used to secure SSL/TSL connections which are commonly used to secure
internet traffic.

Example of Asymmetric Encryption

Email communication is one way to show asymmetric encryption in action. Let’s say Alice
and Bob have a public-private key pair and Alice wishes to send Bob an encrypted message.
Using Bob’s public key, Alice encrypts her message before sending it to him. Bob uses his
private key to decrypt the message after receiving it encrypted.

For instance, Alice composes and encrypts an email for Bob using Bob’s public key. She
follows up by sending Bob the encrypted email. After receiving the email, Bob uses his private
key to decrypt it so that it may be read. As a result, Alice can communicate Bob securely
without being concerned that the message’s content will be viewed by someone else.

With the use of the matching private key, only the intended recipient may decode and read
the email, guaranteeing the confidentiality of its contents. To provide secure and private
communication over the internet, asymmetric encryption is commonly employed in a variety
of communication methods, including messaging apps, digital signatures, and file encryption.

6
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

Features of Asymmetric Encryption

The Main Features of Asymmetric Encryption (also known as public-key cryptography) are:

 Dual keys: Asymmetric encryption uses a pair of keys, including a public key and a
private key. The public key can be freely shared with anyone, while the private key is
kept secret and known only to the key owner.

 Encryption and decryption: Asymmetric encryption uses the public key to encrypt
data and the private key to decrypt data. This allows secure communication between
two parties without the need to exchange secret keys.

 Digital signatures: Asymmetric encryption enables the creation of digital signatures,

which can be used to verify the authenticity of data. A digital signature is created by
encrypting a hash of the data with the sender’s private key.

 Secure key exchange: Asymmetric encryption allows for secure key exchange, which
is a critical feature in secure communication. For example, the Diffie-Hellman key
exchange algorithm uses asymmetric encryption to establish a shared secret key
between two parties without exchanging the key itself.

 Security: Asymmetric encryption is considered more secure than symmetric

encryption because it eliminates the need to exchange secret keys, which can be a
security risk. Additionally, the private key is kept secret, which makes it harder for
attackers to intercept or tamper with the data.

 Slow processing: Asymmetric encryption is slower than symmetric encryption

because it involves more complex mathematical operations. This can make it less
suitable for applications that require fast data processing.

References
1.Cryptography and Network Security - Principles and Practice: William Stallings,
Pearson Education,6th Edition
2.Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 3rd Edition
3.Network Security and Cryptography: Bernard Menezes, CENGAGE Learning

7
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

DATA ENCRYPTION WITH EXAMPLE

LECTURE NO.-3

What is DES?

Data Encryption Standard (DES) is a block cipher with a 56-bit key length that has played a
significant role in data security. Data encryption standard (DES) has been found vulnerable
to very powerful attacks therefore, the popularity of DES has been found slightly on the
decline. DES is a block cipher and encrypts data in blocks of size of 64 bits each, which means
64 bits of plain text go as the input to DES, which produces 64 bits of ciphertext. The same
algorithm and key are used for encryption and decryption, with minor differences. The key
length is 56 bits.

The basic idea is shown below:

We have mentioned that DES uses a 56-bit key. Actually, The initial key consists of 64 bits.
However, before the DES process even starts, every 8th bit of the key is discarded to produce
a 56-bit key. That is bit positions 8, 16, 24, 32, 40, 48, 56, and 64 are discarded.

Thus, the discarding of every 8th bit of the key produces a 56-bit key from the original 64-bit
key.
DES is based on the two fundamental attributes of cryptography: substitution (also called
confusion) and transposition (also called diffusion). DES consists of 16 steps, each of which is
called a round. Each round performs the steps of substitution and transposition. Let us now
discuss the broad-level steps in DES.

 In the first step, the 64-bit plain text block is handed over to an initial Permutation
(IP) function.

 The initial permutation is performed on plain text.

 Next, the initial permutation (IP) produces two halves of the permuted block; saying
Left Plain Text (LPT) and Right Plain Text (RPT).

8
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

 Now each LPT and RPT go through 16 rounds of the encryption process.

 In the end, LPT and RPT are rejoined and a Final Permutation (FP) is performed on the
combined block

 The result of this process produces 64-bit ciphertext.

9
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

10
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

Initial Permutation (IP)

As we have noted, the initial permutation (IP) happens only once and it happens before the
first round. It suggests how the transposition in IP should proceed, as shown in the figure.
For example, it says that the IP replaces the first bit of the original plain text block with the
58th bit of the original plain text, the second bit with the 50th bit of the original plain text
block, and so on.

This is nothing but jugglery of bit positions of the original plain text block. the same rule
applies to all the other bit positions shown in the figure.

As we have noted after IP is done, the resulting 64-bit permuted text block is divided into
two half blocks. Each half-block consists of 32 bits, and each of the 16 rounds, in turn, consists
of the broad-level steps outlined in the figure.

11
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

Step 1: Key transformation

We have noted initial 64-bit key is transformed into a 56-bit key by discarding every 8th bit
of the initial key. Thus, for each a 56-bit key is available. From this 56-bit key, a different 48-
bit Sub Key is generated during each round using a process called key transformation. For
this, the 56-bit key is divided into two halves, each of 28 bits. These halves are circularly
shifted left by one or two positions, depending on the round.

For example: if the round numbers 1, 2, 9, or 16 the shift is done by only one position for
other rounds, the circular shift is done by two positions. The number of key bits shifted per
round is shown in the figure.

12
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

After an appropriate shift, 48 of the 56 bits are selected. From the 48 we might obtain 64 or
56 bits based on requirement which helps us to recognize that this model is very versatile
and can handle any range of requirements needed or provided. for selecting 48 of the 56 bits
the table is shown in the figure given below. For instance, after the shift, bit number 14
moves to the first position, bit number 17 moves to the second position, and so on. If we
observe the table , we will realize that it contains only 48-bit positions. Bit number 18 is
discarded (we will not find it in the table), like 7 others, to reduce a 56-bit key to a 48-bit key.
Since the key transformation process involves permutation as well as a selection of a 48-bit
subset of the original 56-bit key it is called Compression Permutation.

Because of this compression permutation technique, a different subset of key bits is used in
each round. That makes DES not easy to crack.

Step 2: Expansion Permutation

Recall that after the initial permutation, we had two 32-bit plain text areas called Left Plain
Text(LPT) and Right Plain Text(RPT). During the expansion permutation, the RPT is expanded
from 32 bits to 48 bits. Bits are permuted as well hence called expansion permutation. This
happens as the 32-bit RPT is divided into 8 blocks, with each block consisting of 4 bits. Then,
each 4-bit block of the previous step is then expanded to a corresponding 6-bit block, i.e.,
per 4-bit block, 2 more bits are added.

13
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

This process results in expansion as well as a permutation of the input bit while creating
output. The key transformation process compresses the 56-bit key to 48 bits. Then the
expansion permutation process expands the 32-bit RPT to 48-bits. Now the 48-bit key is XOR
with 48-bit RPT and the resulting output is given to the next step, which is the S-Box
substitution.

References
1.Cryptography and Network Security - Principles and Practice: William Stallings,
Pearson Education,6th Edition
2.Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 3rd Edition
3.Network Security and Cryptography: Bernard Menezes, CENGAGE Learning

14
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

STRENGTH OF DES
LECTURE NO.-4
Data encryption standard (DES) is a symmetric key block cipher algorithm. The algorithm is
based on Feistel network. The algorithm uses a 56-bit key to encrypt data in 64-bit blocks.
There are mainly two categories of concerns about the strength of Data encryption standard.
They are:

1. Concerns about the particular algorithm used.

2. Concerns about the usage of key of size 56-bit.

The first concern regarding the algorithm used addresses the possibility of cryptanalysis by
making use of the DES algorithm characteristics. A more severe concern is about the length
of secret key used. There can be (approximately 7.2 × keys) possible keys with a
key length of 56 bits. Thus, a brute force attack appears to be impractical. Assuming that on
an average one has to search half the key space, to break the cipher text, a system performing
one DES encryption per microsecond might require more than thousand years. But, the
assumption of one DES encryption per microsecond is too conservative. In July 1998, DES
was finally proved to be insecure when the Electronic Frontier Foundation (EFF) had broken
a DES encryption. The encryption was broken with the help of a special-purpose “DES
cracker” machine. It was reported that the attack took less than 3 days. Simply running
through all possible keys won’t result in cracking the DES encryption. Unless known plain text
is given, the attacker must be able to differentiate the plain text from other data. Some
degree of knowledge about the target plain text and some techniques for automatically
distinguishing plain text from garble are required to supplement the brute-force approach.
If brute force attack is the only means to crack the DES encryption algorithm, then using
longer keys will obviously help us to counter such attacks. An algorithm is guaranteed
unbreakable by brute force if a 128- bit key is used. The differential cryptanalysis, linear
cryptanalysis, are examples for statistical attacks on DES algorithm. Few of the important
alternatives for DES are AES (Advanced Encryption Standard) and triple DES.

The strength of DES is as follows −

 Use of 56 bit keys

o 56 bit key can be frequently used in encryption. There are 256 possible keys. A
brute force attack on such number of keys is impossible.
o A machine implementing one DES encryption per microsecond would take
more than thousands of years to divide the cipher.

15
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

o The assumption of one encryption per microsecond is excessively moderate.

Diffie and Hellman postulated that the technology existed to develop a parallel
machine with one million encryption equipment, each of which can implement
one encryption per microsecond.
o It is necessary that there is more to key-search attack than easily running
through all possible keys. If the message is only plaintext in English, thus the
result pops out simply, although the task of identifying English would have to
be automated.
o If the text message has been compressed before encryption, then
identification is more complex.
 The nature of algorithm
o Cryptanalyst can implement cryptanalysis by exploiting the features of DES
(Data Encryption Standard) algorithm.
o It can be exploring the weakness of eight substitution tables or S-boxes that
are utilized in each iteration.
o Much of the work has been completed and the number of regularities and
unexpected behaviours of the S-boxes have been found but no one has
succeeded in discovering out the weaknesses in the S-box.
o This contention is tantalizing, and over the years a multiple regularities and
unexpected behaviour of the S-boxes have been found.
 Timing Attacks
o A timing attack is a security exploit that allows an attacker to spot
vulnerabilities in a local or a remote system to extract potentially responsive
or secret data by acquiring the concerned system's response time to several
inputs. A timing attack is a type of a broader class of attacks known as
Sidechannel attacks.
o Timing attacks allows an attacker to extract secrets maintained in a security
system by acquiring the time it takes the system to respond to several queries.
o Kocher designed a timing attack to reveal secret keys utilized for RSA
decryption. These attacks were only used in the context of hardware security
tokens including smartcards.
o They are associated to the public key algorithms. In this it can maintain
information about the key or the plaintext is acquired by observing how long
it takes to implement decryptions on several ciphertexts.
o A timing attack accomplish the fact that on encryption or decryption, algorithm
takes different amount of time on multiple inputs.
o Timing attacks and related attacks can be secured against to some degree by
“blinding” the devices implementing encryption and decryption computations

16
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

so that all computations have the same performance, regardless of the specific
key and message being utilized.

References
1.Cryptography and Network Security - Principles and Practice: William Stallings, Pearson
Education,6th Edition
2.Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 3rd Edition
3.Network Security and Cryptography: Bernard Menezes, CENGAGE Learning

17
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

DESIGN PRINCIPLES OF BLOCK CIPHER

LECTURE NO.-5

Block ciphers are built in the Feistel cipher structure. Block cipher has a specific number of
rounds and keys for generating ciphertext.Block cipher is a type of encryption algorithm that
processes fixed-size blocks of data, usually 64 or 128 bits, to produce ciphertext. The design
of a block cipher involves several important principles to ensure the security and efficiency
of the algorithm. Some of these principles are:

1. Number of Rounds – The number of Rounds is regularly considered in design criteria,

it just reflects the number of rounds to be suitable for an algorithm to make it more
complex, in DES we have 16 rounds ensuring it to be more secure while in AES we
have 10 rounds which makes it more secure.
2. Design of function F – The core part of the Feistel Block cipher structure is the Round
Function. The complexity of cryptanalysis can be derived from the Round function i.e.
the increasing level of complexity for the round function would be greatly contributing
to an increase in complexity. To increase the complexity of the round function, the
avalanche effect is also included in the round function, as the change of a single bit in
plain text would produce a mischievous output due to the presence of avalanche
effect.
3. Confusion and Diffusion: The cipher should provide confusion and diffusion to make
it difficult for an attacker to determine the relationship between the plaintext and
ciphertext. Confusion means that the ciphertext should be a complex function of the
key and plaintext, making it difficult to guess the key. Diffusion means that a small
change in the plaintext should cause a significant change in the ciphertext, which
makes it difficult to analyze the encryption pattern.
4. Key Size: The key size should be large enough to prevent brute-force attacks. A larger
key size means that there are more possible keys, making it harder for an attacker to
guess the correct one. A key size of 128 bits is considered to be secure for most
applications.
5. Key Schedule: The key schedule should be designed carefully to ensure that the keys
used for encryption are independent and unpredictable. The key schedule should also
resist attacks that exploit weak keys or key-dependent properties of the cipher.
6. Block Size: The block size should be large enough to prevent attacks that exploit
statistical patterns in the plaintext. A block size of 128 bits is generally considered to
be secure for most applications.
7. Non-linearity: The S-box used in the cipher should be non-linear to provide confusion.
A linear S-box is vulnerable to attacks that exploit the linear properties of the cipher.

18
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

8. Avalanche Effect: The cipher should exhibit the avalanche effect, which means that a
small change in the plaintext or key should cause a significant change in the
ciphertext. This ensures that any change in the input results in a complete change in
the output.
9. Security Analysis: The cipher should be analyzed for its security against various
attacks such as differential cryptanalysis, linear cryptanalysis, and brute-force attacks.
The cipher should also be tested for its resistance to implementation attacks, such as
side-channel attacks.

Block Cipher is an encryption algorithm that works with a symmetric key in a deterministic
way. The plain text is divided into several blocks of equal size. If the length of the plain text
does not allow block division of equal size, padding is done over the plain text. His type of
encryption method can encrypt on blocks of 128 bits, the key can be 128, 192, or 256 bits. In
block ciphers, the length of the plain text is equal to the length of the cipher text.

This type of encryption process considered each block at a time and gives an output of n bits
for an input of n bits. But if there are two identical blocks, the process will produce two
different cipher texts for them. It is a reversible function having a public and a private key,
which makes its computation easy and also a deterministic process.

Operation
There are 5 modes of operation of block cipher so that algorithm can be improved and a
wider range of applications can be achieved. The modes are as follows −

 Electronic Code Book Mode − in this type of operation, the plain text is divided into
multiple blocks of 64 bits each. Each of the blocks separately goes through encryption
with the help of the same key. After encryption, the blocks of cipher text are sent to
the receiver which goes through a decryption process to decode the plain text. These
blocks are decrypted separately with the help of the same key for all the blocks. In the
encryption process, since the same key was used, it always produces the same result
for a single character. That is, if there are two identical blocks, the process will not
produce two different cipher texts for them. Hence, ECB is preferred for small plain
texts with fewer or no repetitive characters.
 Cipher Block Chaining Mode − to overcome the problem of repetitive texts in ECB,
CBC was developed which produces new cipher texts every time for identical blocks.
To establish this, a method of chaining is done here. While encryption of a block, along
with the key the encryption result of the previous block is also fed to the current
encryption. Hence, the current encryption box is not only dependent on the current
plain text but also on the result of the former block. In the case of the first block

19
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

operation, there is no previous block result to be added to a random text block that
is generated called Initialization Vector and it is given as input to the first block
encryption.
 Cipher Feedback Mode − in the case of encryption where there are no blocks of data,
that is, the plain text is composed of characters or bits, and cipher feedback mode is
applied. In this type of encryption, the encrypted results of one bit are fed to the next
bit encryption due to which there are chances of error propagation as errors from the
bit are again passed to the next bit.
 Output Feedback Mode − this type of encryption also concerns bits and characters
but unlike CFB it does not consider each bit at a time, rather a block of bits is
considered at each encryption step. Also, the bit rate propagation is removed over
here as the results of previous blocks are not added to the next block, instead, a
feedback mechanism is used.
 Counter Mode − it works similarly to OFB but the use of feedback from previous
blocks is removed over here instead a number series called counter, is added to each
encryption step. After each step, the counter is increased by 1 so that the same
counter is not fed to all the blocks and the same cipher for identical blocks is not
created.

Principles

In block cipher, several points are to be managed to define the level of complexity of the
algorithm. The factors are as follows −

 The number of encryption rounds − the number of encryption rounds that the plain
text will go through explains the decoding difficulty and hence establishes security.
For example, the DES block cipher mechanism goes through 16 rounds while AES goes
through 10 rounds. Hence, comparatively, DES is more secure than AES. But the
excessive increase in the rounds can also affect slowing the algorithm, hence a perfect
trade-off between the speed and the security must be maintained while determining
the number of rounds.
 Function’s designing − in the designing of the Feistal block cipher, the construction of
the round function greatly affects the complexity of the algorithm. The function
designed should be non-linear to increase the strength of the function. It should also
be created in a way that no other function can substitute it and can make the same
output. With the increase in complexity, the security level also increases, for this the
avalanche effect is also integrated such that for a minimal change in the input block
there occurs a noticeable change in the cipher text.

20
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

 Key scheduling algorithm − the generation of the keys for each of the rounds is
defined by this algorithm. For example, in DES the key of the original length of 56bit
is divided into two halves of 28 bit each.

References
1.Cryptography and Network Security - Principles and Practice: William Stallings,
Pearson
Education,6th Edition
2.Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 3rd Edition
3.Network Security and Cryptography: Bernard Menezes, CENGAGE Learning

21
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

AES WITH STRUCTURE,ITS TRANSFORMATION

FUNCTIONS,KEY EXPANSION,EXAMPLE
LECTURE NO.-6

Advanced Encryption Standard (AES) is a highly trusted encryption algorithm used to secure
data by converting it into an unreadable format without the proper key. It is developed by
the National Institute of Standards and Technology (NIST) in 2001. It is is widely used today
as it is much stronger than DES and triple DES despite being harder to implement. AES
encryption uses various key lengths (128, 192, or 256 bits) to provide strong protection
against unauthorized access. This data security measure is efficient and widely implemented
in securing internet communication, protecting sensitive data, and encrypting files. AES, a
cornerstone of modern cryptography, is recognized globally for its ability to keep information
safe from cyber threats.

 AES is a Block Cipher.

 The key size can be 128/192/256 bits.

 Encrypts data in blocks of 128 bits each.

That means it takes 128 bits as input and outputs 128 bits of encrypted cipher text. AES relies
on the substitution-permutation network principle, which is performed using a series of
linked operations that involve replacing and shuffling the input data.

Applications of AES

AES is widely used in many applications which require secure data storage and transmission.
Some common use cases include:

 Wireless security: AES is used in securing wireless networks, such as Wi-Fi networks,
to ensure data confidentiality and prevent unauthorized access.

 Database Encryption: AES can be applied to encrypt sensitive data stored in

databases. This helps protect personal information, financial records, and other
confidential data from unauthorized access in case of a data breach.

 Secure communications: AES is widely used in protocols such as internet

communications, email, instant messaging, and voice/video calls. It ensures that the
data remains confidential.

22
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

 Data storage: AES is used to encrypt sensitive data stored on hard drives, USB drives,
and other storage media, protecting it from unauthorized access in case of loss or
theft.

 Virtual Private Networks (VPNs): AES is commonly used in VPN protocols to secure
the communication between a user’s device and a remote server. It ensures that data
sent and received through the VPN remains private and cannot be deciphered by
eavesdroppers.

 Secure Storage of Passwords: AES encryption is commonly employed to store

passwords securely. Instead of storing plaintext passwords, the encrypted version is
stored. This adds an extra layer of security and protects user credentials in case of
unauthorized access to the storage.

 File and Disk Encryption: AES is used to encrypt files and folders on computers,
external storage devices, and cloud storage. It protects sensitive data stored on
devices or during data transfer to prevent unauthorized access.

Operation of AES

AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation

network’. It comprises of a series of linked operations, some of which involve replacing inputs
by specific outputs (substitutions) and others involve shuffling bits around (permutations).

Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats
the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and
four rows for processing as a matrix −

Unlike DES, the number of rounds in AES is variable and depends on the length of the key.
AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit
keys. Each of these rounds uses a different 128-bit round key, which is calculated from the
original AES key.

The schematic of AES structure is given in the following illustration −

23
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

Encryption Process

Here, we restrict to description of a typical round of AES encryption. Each round comprise of
four sub-processes. The first round process is depicted below −

24
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

Byte Substitution (SubBytes)

The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The
result is in a matrix of four rows and four columns.

Shiftrows

Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-
inserted on the right side of row. Shift is carried out as follows −

 First row is not shifted.

 Second row is shifted one (byte) position to the left.
 Third row is shifted two positions to the left.
 Fourth row is shifted three positions to the left.
 The result is a new matrix consisting of the same 16 bytes but shifted with respect to
each other.

MixColumns

Each column of four bytes is now transformed using a special mathematical function. This
function takes as input the four bytes of one column and outputs four completely new bytes,
which replace the original column. The result is another new matrix consisting of 16 new
bytes. It should be noted that this step is not performed in the last round.

Addroundkey

The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of
the round key. If this is the last round then the output is the ciphertext. Otherwise, the
resulting 128 bits are interpreted as 16 bytes and we begin another similar round.

Decryption Process

The process of decryption of an AES ciphertext is similar to the encryption process in the
reverse order. Each round consists of the four processes conducted in the reverse order −

 Add round key

 Mix columns
 Shift rows
 Byte substitution

25
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the
encryption and decryption algorithms needs to be separately implemented, although they
are very closely related.

We will now go through each of the four AES transformations one by one. We describe the
forward (encryption) algorithm, the inverse (decryption) algorithm, and the stage's rationale
for each step.

Substitute Bytes Transformation

The primary phase in the AES encryption process is the Substitute Bytes transformation, or
SubBytes. Now we are going to study it −

Purpose

 Making the encryption process non-linear is the goal of the SubBytes transformation.
 Using a pre-made substitution table called the S-box, each byte in the state matrix is
changed to a new byte.
 This modification increases the encryption process' resilience to cryptanalysis
techniques by introducing confusion.

26
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

S−box

 An S-box is a fixed 16x16 matrix with 256 predefined byte values.

 Each byte in the S-box has a value that is determined by a specific mathematical
process.
 The S-box's one-to-one mapping of input and output bytes allows for reversibility.

How it Works?

 During the SubBytes transformation, each byte in the state matrix is changed to match
a byte from the S-box.
 Every byte in the state matrix is replaced individually, resulting in the creation of a
new state matrix.
 This substitution phase improves the encryption process's defence against various
kinds of attacks, including differential cryptanalysis, by introducing non-linearity.

Advantages

 SubBytes breaks any symmetries in the plaintext, which adds difficulty to the
encryption.
 It increases the diffusion and confusion characteristics required for strong encryption.
 When a preset S-box is used, the inverse S-box ensures a constant and reversible
replacement method, which makes it useful for decryption.

As a result, the SubBytes transformation is important to the AES encryption process because
it improves the non-linearity and confusion of the encrypted data, hence enhancing its
security. It is a crucial component of the well-known AES encryption method that secures
private information.

ShiftRows Transformation

The ShiftRows transformation is an important phase in the Advanced Encryption Standard

(AES) encryption process. Let us see the working of this transformation −

27
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

Purpose
The purpose of the ShiftRows transformation is to produce diffusion in the state matrix,
distributing each byte's influence across the matrix. It contributes to creating uncertainty and
raising the encryption's complexity, which improves the ciphertext's security.
How it works?

 During the ShiftRows transformation, the bytes in each row of the state matrix are
shifted continually to the left.
 The third row is moved by two positions, the fourth row by three positions, and the
second row is shifted to the left by one position. The initial row remains unchanged.
 The shifting, which is carried out independently for each row in the state matrix,
results in a new state matrix.

Example

Assume that our state matrix is 4x4 −

[a0, a1, a2, a3]

[b0, b1, b2, b3]
[c0, c1, c2, c3]
[d0, d1, d2, d3]

Following the ShiftRows transformation −

[a0, a1, a2, a3]

[b1, b2, b3, b0]
[c2, c3, c0, c1]
[d3, d0, d1, d2]
Advantages

 ShiftRows adds diffusion to the encryption process by rearranging the bytes within
each row of the state matrix.
 It increases the overall security of the encryption by making sure that each byte in the
state matrix influences several bytes in subsequent encryption rounds.

A key component of the AES encryption process, the ShiftRows transformation adds to the
difussion and confusion properties needed for robust encryption. It is essential to
maintaining the security of encrypted data since it distributes each byte's impact across the
state matrix.

28
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

References

1.Cryptography and Network Security - Principles and Practice: William Stallings, Pearson

Education,6th Edition
2.Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 3rd Edition
3.Network Security and Cryptography: Bernard Menezes, CENGAGE Learning

29
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

RSA CRYPTOSYSTEM
LECTURE NO.-7

RSA Encryption Algorithm

RSA encryption algorithm is a type of public-key encryption algorithm. To better understand

RSA, lets first understand what is public-key encryption algorithm.

Public key encryption algorithm:

Public Key encryption algorithm is also called the Asymmetric algorithm. Asymmetric
algorithms are those algorithms in which sender and receiver use different keys for
encryption and decryption. Each sender is assigned a pair of keys:

 Public key
 Private key

The Public key is used for encryption, and the Private Key is used for decryption. Decryption
cannot be done using a public key. The two keys are linked, but the private key cannot be
derived from the public key. The public key is well known, but the private key is secret and it
is known only to the user who owns the key. It means that everybody can send a message to
the user using user's public key. But only the user can decrypt the message using his private
key.

The Public key algorithm operates in the following manner:

30
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

 The data to be sent is encrypted by sender A using the public key of the intended
receiver
 B decrypts the received ciphertext using its private key, which is known only to B. B
replies to A encrypting its message using A's public key.
 A decrypts the received ciphertext using its private key, which is known only to him.

RSA encryption algorithm:

RSA is the most common public-key algorithm, named after its inventors Rivest, Shamir, and
Adelman (RSA).

Current Time 0:13

Duration 7:01

RSA algorithm uses the following procedure to generate public and private keys:

 Select two large prime numbers, p and q.

 Multiply these numbers to find n = p x q, where n is called the modulus for encryption
and decryption.
 Choose a number e less than n, such that n is relatively prime to (p - 1) x (q -1). It
means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such

31
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

that 1<e < φ (n), e is prime to φ (n),

gcd (e,d(n)) =1
 If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using
public key <e, n>. To find ciphertext from the plain text following formula is used to
get ciphertext C.
e
C = m mod n
Here, m must be less than n. A larger message (>n) is treated as a concatenation of
messages, each of which is encrypted separately.
 To determine the private key, we use the following formula to calculate the d such
that:
De mod {(p - 1) x (q - 1)} = 1
Or
De mod φ (n) = 1
 The private key is <d, n>. A ciphertext message c is decrypted using private key <d, n>.
To calculate plain text m from the ciphertext c following formula is used to get plain
text m.
m = cd mod n

Let's take some example of RSA encryption algorithm:

Example 1:

This example shows how we can encrypt plaintext 9 using the RSA public-key encryption
algorithm. This example uses prime numbers 7 and 11 to generate the public and private
keys.

Explanation:

Step 1: Select two large prime numbers, p, and q.

p=7

q = 11

Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption
and decryption.

First, we calculate

n=pxq

n = 7 x 11

32
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

n = 77

Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It
means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e
< φ (n), e is prime to φ (n), gcd (e, d (n)) =1.

Second, we calculate

φ (n) = (p - 1) x (q-1)

φ (n) = (7 - 1) x (11 - 1)

φ (n) = 6 x 10

φ (n) = 60

Let us now choose relative prime e of 60 as 7.

Thus the public key is <e, n> = (7, 77)

Step 4: A plaintext message m is encrypted using public key <e, n>. To find ciphertext from
the plain text following formula is used to get ciphertext C.

To find ciphertext from the plain text following formula is used to get ciphertext C.

C = me mod n

C = 97 mod 77

C = 37

Step 5: The private key is <d, n>. To determine the private key, we use the following formula
d such that:

De mod {(p - 1) x (q - 1)} = 1

7d mod 60 = 1, which gives d = 43

The private key is <d, n> = (43, 77)

Step 6: A ciphertext message c is decrypted using private key <d, n>. To calculate plain text
m from the ciphertext c following formula is used to get plain text m.

33
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

m = cd mod n

m = 3743 mod 77

m=9

In this example, Plain text = 9 and the ciphertext = 37

Example 2:

In an RSA cryptosystem, a particular A uses two prime numbers, 13 and 17, to generate the
public and private keys. If the public of A is 35. Then the private key of A is ……………?.

Explanation:

Step 1: in the first step, select two large prime numbers, p and q.

p = 13

q = 17

Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption
and decryption.

First, we calculate

n=pxq

n = 13 x 17

n = 221

Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It
means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e
< φ (n), e is prime to φ (n), gcd (e, d (n)) =1.

Second, we calculate

φ (n) = (p - 1) x (q-1)

φ (n) = (13 - 1) x (17 - 1)

φ (n) = 12 x 16

34
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

φ (n) = 192

g.c.d (35, 192) = 1

Step 3: To determine the private key, we use the following formula to calculate the d such
that:

Calculate d = de mod φ (n) = 1

d = d x 35 mod 192 = 1

d = (1 + k.φ (n))/e [let k =0, 1, 2, 3………………]

Put k = 0

d = (1 + 0 x 192)/35

d = 1/35

Put k = 1

d = (1 + 1 x 192)/35

d = 193/35

Put k = 2

d = (1 + 2 x 192)/35

d = 385/35

d = 11

The private key is <d, n> = (11, 221)

Hence, private key i.e. d = 11

Example 3:

A RSA cryptosystem uses two prime numbers 3 and 13 to generate the public key= 3 and the
private key = 7. What is the value of cipher text for a plain text?

Explanation:

35
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

Step 1: In the first step, select two large prime numbers, p and q.

p=3

q = 13

Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption
and decryption.

First, we calculate

n=pxq

n = 3 x 13

n = 39

Step 3: If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using
public key <e, n>. Thus the public key is <e, n> = (3, 39).

To find ciphertext from the plain text following formula is used to get ciphertext C.

C = me mod n

C = 53 mod 39

C = 125 mod 39

C=8

Hence, the ciphertext generated from plain text, C = 8.

Example 4:

A RSA cryptosystem uses two prime numbers, 3 and 11, to generate private key = 7. What is
the value of ciphertext for a plain text 5 using the RSA public-key encryption algorithm?

Explanation:

Step 1: in the first step, select two large prime numbers, p and q.

p=3

36
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

q = 11

Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption
and decryption.

First, we calculate

n=pxq

n = 3 x 11

n = 33

Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It
means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<
e < φ (n), e is prime to φ (n), gcd (e, d (n)) =1.

Second, we calculate

φ (n) = (p - 1) x (q-1)

φ (n) = (3 - 1) x (11 - 1)

φ (n) = 2 x 10

φ (n) = 20

Step 4: To determine the public key, we use the following formula to calculate the d such
that:

Calculate e x d = 1 mod φ (n)

e x 7 = 1 mod 20

e x 7 = 1 mod 20

e = (1 + k. φ (n))/ d [let k =0, 1, 2, 3………………]

Put k = 0

e = (1 + 0 x 20) / 7

e = 1/7

37
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)
UNIT-2 BASIC OF CRYPTOGRAPHY CSE-6 SEM

Put k = 1

e = (1 + 1 x 20) / 7

e = 21/7

e=3

The public key is <e, n> = (3, 33)

Hence, public key i.e. e = 3

References
1.Cryptography and Network Security - Principles and Practice: William Stallings, Pearson
Education,6th Edition
2.Cryptography and Network Security: Atul Kahate, Mc Graw Hill, 3rd Edition
3.Network Security and Cryptography: Bernard Menezes, CENGAGE Learning

38
NOTES BY: - MR.ABHIMANYU SARASWAT (ASSISTANT PROFESSOR, MITRC, ALWAR)