CRYPTOGRAPHY

THE ART OF SECRET WRITING

SRKR ENGINEERING COLLEGE

BHIMAVARAM.

PRESENTED BY:

B.SUDARSHAN CH.LAKSHMI SAROJA

Regd.no:660751015 Regd.no:660751036
rd
3 year CSE 3rd year CSE
[email protected]
[email protected]
 ABSTRACT

The present century has been one of many scientific

discoveries and technological advancements. With the advent of technology
came the issue of security. As computing systems became more complicated,
there was an increasing need for security.
This paper deals with cryptography, which is one of the
methods to provide security. It is needed to make sure that information is
hidden from anyone for whom it is not intended. It involves the use of a
cryptographic algorithm used in the encryption and decryption process. It
works in combination with the key to encrypt the plain text. Public key
cryptography provides a method to involve digital signatures, which provide
authentication and data integrity. To simplify this process an improvement is
the addition of hash functions.
The main focus of this paper is on quantum cryptography,
which has the advantage that the exchange of information can be shown to
be secure in a very strong sense, without making assumptions about the
intractability of certain mathematical problems. It is an approach of securing
communications based on certain phenomena of quantum physics. There are
two bases to represent data by this method depending on bit values. There
are ways of eavesdropping even on this protocol including the Man –in-the-
Middle attack. The quantum computers could do some really phenomenal
things for cryptography if the practical difficulties can be overcome.
Encryption and decryption:
Data that can be read and understood without any special measures is
called plaintext or clear text. The method of disguising plaintext in such a
way as to hide its substance is called encryption. Encrypting plaintext results
in unreadable gibberish called cipher text. You use encryption to make sure
that information is hidden from anyone for whom it is not intended, even
those who can see the encrypted data. The process of reverting ciphertext to
its original plaintext is called decryption.
 Figure 1-1. Encryption and decryption

Strong cryptography:
Cryptography can be strong or weak, as explained above.
Cryptographic strength is measured in the time and resources it would
require to recover the plaintext. The result of strong cryptography is
ciphertext that is very difficult to decipher without possession of the
appropriate decoding tool. How difficult? Given all of today’s computing
power and available time—even a billion computers doing a billion checks a
second—it is not possible to decipher the result of strong cryptography
before the end of the universe.
How does cryptography work?
A cryptographic algorithm, or cipher, is a mathematical function used
in the encryption and decryption process. A cryptographic algorithm works in
Combination with a key—a word, number, or phrase—to encrypt the
plaintext. The same plaintext encrypts to different ciphertext with different
keys. The security of encrypted data is entirely dependent on two things: the
strength of the cryptographic algorithm and the secrecy of the key.
A cryptographic algorithm, plus all possible keys and all the protocols
that make it work, comprise a cryptosystem. PGP is a cryptosystem.

Conventional cryptography:
In conventional cryptography, also called secret-key or symmetric-key
encryption, one key is used both for encryption and decryption. The Data
Encryption Standard (DES) is an example of a conventional cryptosystem
that is widely employed by the U.S. government.
Public key cryptography
The problems of key distribution are solved by public key
cryptography. Public key cryptography is an asymmetric scheme that uses a
pair of keys for encryption: a public key, which encrypts data, and a
corresponding private key (secret key) for decryption.
It is computationally infeasible to deduce the private key from the
public key. Anyone who has a public key can encrypt information but cannot
decrypt it.Only the person who has the corresponding private key can
decrypt the information.
 The primary benefit of public key cryptography is that it allows people
who have no preexisting security arrangement to exchange messages
securely. The need for sender and receiver to share secret keys via some
secure channel is eliminated; all communications involve only public keys,
and no private key is ever transmitted or shared. Some examples of public-
key cryptosystems are Elgamal, RSA, Diffie-Hellman and DSA, the Digital
Signature Algorithm.

Keys:
A key is a value that works with a cryptographic algorithm to produce
a specific ciphertext. Keys are basically really, really, really big numbers. Key
size is measured in bits; the number representing a 2048-bit key is huge. In
public-key cryptography, the bigger the key, the more secure the ciphertext.
However, public key size and conventional cryptography’s secret key size are
totally unrelated. A conventional 80-bit key has the equivalent strength of a
1024-bit public key. A conventional 128-bit key is equivalent to a 3000-bit
public key. Again, the bigger the key, the more secure, but the algorithms
used for each type of cryptography are very different.
 While the public and private keys are mathematically related, it’s very
difficult to derive the private key given only the public key; however, deriving
the private key is always possible given enough time and computing power.
This makes it very important to pick keys of the right size; large enough to
be secure, but small enough to be applied fairly quickly.

Larger keys will be cryptographically secure for a longer period of

time. Keys are stored in encrypted form. PGP stores the keys in two files on
your hard disk; one for public keys and one for private keys. These files are
called keyrings.
If you lose your private keyring you will be unable to decrypt any
information encrypted to keys on that ring.

Digital signatures:
A major benefit of public key cryptography is that it provides a method
for employing digital signatures. Digital signatures let the recipient of
information verify the authenticity of the information’s origin, and also verify
that the information was not altered while in transit. Thus, public key digital
signatures provide authentication and data integrity. A digital signature also
provides non-repudiation, which means that it prevents the sender from
claiming that he or she did not actually send the information. These features
are every bit as fundamental to cryptography as privacy, if not more.
A digital signature serves the same purpose as a handwritten
signature. However, a handwritten signature is easy to counterfeit. A digital
signature is superior to a handwritten signature in that it is nearly impossible
to counterfeit, plus it attests to the contents of the information as well as to
the identity of the signer.
Some people tend to use signatures more than they use encryption.
Instead of encrypting information using someone else’s public key, you
encrypt it with your private key. If the information can be decrypted with
your public key, then it must have originated with you.
Hash functions:
The system described above has some problems. It is slow, and it
produces an enormous volume of data—at least double the size of the
original information. An improvement on the above scheme is the addition of
a one-way hash function in the process. A one-way hash function takes
variable-length input in this case, a message of any length, even thousands
or millions of bits—and produces a fixed-length output; say, 160 bits. The
hash function ensures that, if the information is changed in any way—even
by just one bit—an entirely different output value is produced.
PGP uses a cryptographically strong hash function on the plaintext the
user is signing. This generates a fixed-length data item known as a message
digest. Then PGP uses the digest and the private key to create the
“signature.” PGP transmits the signature and the plaintext together. Upon
receipt of the message, the recipient uses PGP to recompute the digest, thus
verifying the signature. PGP can encrypt the plaintext or not; signing
plaintext is useful if some of the recipients are not interested in or capable of
verifying the signature.
As long as a secure hash function is used, there is no way to take
someone’s signature from one document and attach it to another, or to alter
a signed message in any way. The slightest change to a signed document will
cause the digital signature verification process to fail. Digital signatures play
a major role in authenticating and validating the keys of other PGP users.

QUANTUM CRYPTOGRAPHY - BASIC IDEAS

tum
• Ability to detect eavesdropping.
• Detection works only after the information was taken.

• Usually requires classical information channel for effective

communication.

USES OF QUANTUM CRYPTOGRAPHY

• Primarily used for key exchange for classical cryptography.
 • Key doesn’t have any information value.

• The receiver knows if any parts of the key are intercepted.

PROTOCOL: BB84
• The first protocol for Quantum Cryptography.

• Introduced by Charles H. Bennett from IBM NY and Gilles Brassard

from U.S of Montreal in 1984.
• The protocol uses both classical and quantum channels.

• There are many variations of this protocol.

DATA REPRESENTATION:
Two basis are used:
• Vertical

• Diagonal

Depending the bit value the direction on the basis is chosen.

THE EXCHANGE:
• The Sequence of events:
- A generates random key and encoding basis.
- A sends the polarized photons to B.
- A announces the polarization for each bit.
- B generates random encoding basis.
- B measures photons with random basis.
- B announces which basis are the same as A’s.
• Finally, the matching bits are used as the key for a classical channel.

• Privacy amplification is used to generate the final key.

SEQUENTIAL VIEW:

A B
EAVESDROPPING:

Eavesdropping on the quantum channel requires measuring the photons,

therefore perturbing the system.

Eavesdropper will be required to resend the photons at random polarization,

the receiver will end up with 25% of the key.

MAN - IN THE - MIDDLE ATTACK:

Requires the attacker to take over both classical and quantum channels.

Can be prevented by authenticating the messages on the classical channel.

ADVANTAGES AND DISADVANTAGES:

Conclusion
• Based on natural quantum laws
 • Computational Complexity Expires.

• There is no expiration date on the security of QC messages.

• Perfect for public communication

• Easy to detect an eavesdropper.

• Severally limited by technology

• Practical systems are limited by distance.

• Photon emitters and detectors are far from perfect, causing a lot of
errors.
• Most protocols require a classical channel.

QUANTUM CRYPTOGRAPHY – PRACTICALITIES:

Progress in quantum optics has resulted in new photon sources, new

photo-detectors, and better optical fibers; the components which have the
potential for exhibiting the relevant quantum phenomena over much larger
distances. This holds out a reasonable prospect for implementation of a
secure key distribution system on a large local area network, transmitting
at about 20k bits per second with present technology.

REFERENCES:

i. “Cryptography and Network Security, Principles and Practices”

(Third Edition)-William Stallings.
ii. Diffie.W and Hellman.M – “Multiuser Cryptography Techniques.”
iii. Rivesp.R , Shamir.A and Adleman.L- “A Method for obtaining
Digital Signatures and Public Key Cryptographic Systems.”