Module 2 – Symmetric and asymmetric key cryptography and key management

Block Cipher Modes of Operation

A block cipher processes the data blocks of fixed size. Usually, the size of a message is
larger than the block size. Hence, the long message is divided into a series of sequential
message blocks, and the cipher operates on these blocks one at a time.

Electronic Code Book (ECB) Mode

This mode is a most straightforward way of processing a series of sequentially listed

message blocks.

Operation
 The user takes the first block of plaintext and encrypts it with the key to produce the
first block of ciphertext.
 He then takes the second block of plaintext and follows the same process with same
key and so on so forth.
The ECB mode is deterministic, that is, if plaintext block P1, P2,…, Pm are encrypted
twice under the same key, the output ciphertext blocks will be the same.
In fact, for a given key technically we can create a codebook of ciphertexts for all possible
plaintext blocks. Encryption would then entail only looking up for required plaintext and
select the corresponding ciphertext. Thus, the operation is analogous to the assignment of
code words in a codebook, and hence gets an official name − Electronic Codebook mode of
operation (ECB). It is illustrated as follows −

Analysis of ECB Mode

In reality, any application data usually have partial information which can be guessed. For
example, the range of salary can be guessed. A ciphertext from ECB can allow an attacker to
guess the plaintext by trial-and-error if the plaintext message is within predictable.
For example, if a ciphertext from the ECB mode is known to encrypt a salary figure, then a
small number of trials will allow an attacker to recover the figure. In general, we do not wish
to use a deterministic cipher, and hence the ECB mode should not be used in most
applications.

Cipher Block Chaining (CBC) Mode

CBC mode of operation provides message dependence for generating ciphertext and makes
the system non-deterministic.

Operation
The operation of CBC mode is depicted in the following illustration. The steps are as
follows −
 Load the n-bit Initialization Vector (IV) in the top register.
 XOR the n-bit plaintext block with data value in top register.
 Encrypt the result of XOR operation with underlying block cipher with key K.
 Feed ciphertext block into top register and continue the operation till all plaintext
blocks are processed.
 For decryption, IV data is XORed with first ciphertext block decrypted. The first
ciphertext block is also fed into to register replacing IV for decrypting next
ciphertext block.

Analysis of CBC Mode

In CBC mode, the current plaintext block is added to the previous ciphertext block, and then
the result is encrypted with the key. Decryption is thus the reverse process, which involves
decrypting the current ciphertext and then adding the previous ciphertext block to the result.
Advantage of CBC over ECB is that changing IV results in different ciphertext for identical
message. On the drawback side, the error in transmission gets propagated to few further
block during decryption due to chaining effect.
It is worth mentioning that CBC mode forms the basis for a well-known data origin
authentication mechanism. Thus, it has an advantage for those applications that require both
symmetric encryption and data origin authentication.

Cipher Feedback (CFB) Mode

In this mode, each ciphertext block gets ‘fed back’ into the encryption process in order to
encrypt the next plaintext block.
Operation
The operation of CFB mode is depicted in the following illustration. For example, in the
present system, a message block has a size ‘s’ bits where 1 < s < n. The CFB mode requires
an initialization vector (IV) as the initial random n-bit input block. The IV need not be
secret. Steps of operation are −
 Load the IV in the top register.
 Encrypt the data value in top register with underlying block cipher with key K.
 Take only ‘s’ number of most significant bits (left bits) of output of encryption
process and XOR them with ‘s’ bit plaintext message block to generate ciphertext
block.
 Feed ciphertext block into top register by shifting already present data to the left and
continue the operation till all plaintext blocks are processed.
 Essentially, the previous ciphertext block is encrypted with the key, and then the
result is XORed to the current plaintext block.
 Similar steps are followed for decryption. Pre-decided IV is initially loaded at the
start of decryption.

Analysis of CFB Mode

CFB mode differs significantly from ECB mode, the ciphertext corresponding to a given
plaintext block depends not just on that plaintext block and the key, but also on the previous
ciphertext block. In other words, the ciphertext block is dependent of message.
CFB has a very strange feature. In this mode, user decrypts the ciphertext using only the
encryption process of the block cipher. The decryption algorithm of the underlying block
cipher is never used.
Apparently, CFB mode is converting a block cipher into a type of stream cipher. The
encryption algorithm is used as a key-stream generator to produce key-stream that is placed
in the bottom register. This key stream is then XORed with the plaintext as in case of stream
cipher.
By converting a block cipher into a stream cipher, CFB mode provides some of the
advantageous properties of a stream cipher while retaining the advantageous properties of a
block cipher.
On the flip side, the error of transmission gets propagated due to changing of blocks.

Output Feedback (OFB) Mode

It involves feeding the successive output blocks from the underlying block cipher back to it.
These feedback blocks provide string of bits to feed the encryption algorithm which act as
the key-stream generator as in case of CFB mode.
The key stream generated is XOR-ed with the plaintext blocks. The OFB mode requires an
IV as the initial random n-bit input block. The IV need not be secret.
The operation is depicted in the following illustration −

Counter (CTR) Mode

It can be considered as a counter-based version of CFB mode without the feedback. In this
mode, both the sender and receiver need to access to a reliable counter, which computes a
new shared value each time a ciphertext block is exchanged. This shared counter is not
necessarily a secret value, but challenge is that both sides must keep the counter
synchronized.

Operation
Both encryption and decryption in CTR mode are depicted in the following illustration.
Steps in operation are −
 Load the initial counter value in the top register is the same for both the sender and
the receiver. It plays the same role as the IV in CFB (and CBC) mode.
 Encrypt the contents of the counter with the key and place the result in the bottom
register.
 Take the first plaintext block P1 and XOR this to the contents of the bottom register.
The result of this is C1. Send C1 to the receiver and update the counter. The counter
update replaces the ciphertext feedback in CFB mode.
 Continue in this manner until the last plaintext block has been encrypted.
 The decryption is the reverse process. The ciphertext block is XORed with the output
of encrypted contents of counter value. After decryption of each ciphertext block
counter is updated as in case of encryption.
Analysis of Counter Mode
It does not have message dependency and hence a ciphertext block does not depend on the
previous plaintext blocks.
Like CFB mode, CTR mode does not involve the decryption process of the block cipher.
This is because the CTR mode is really using the block cipher to generate a key-stream,
which is encrypted using the XOR function. In other words, CTR mode also converts a
block cipher to a stream cipher.
The serious disadvantage of CTR mode is that it requires a synchronous counter at sender
and receiver. Loss of synchronization leads to incorrect recovery of plaintext.
However, CTR mode has almost all advantages of CFB mode. In addition, it does not
propagate error of transmission at all.

Block Cipher Design Principles

Block ciphers are built in the Feistel cipher structure. Block cipher has a specific number
of rounds and keys for generating ciphertext. For defining the complexity level of an
algorithm few design principles are to be considered.
These are explained as following below :
1. Number of Rounds –
The number of Rounds is regularly considered in design criteria, it just reflects the
number of rounds to be suitable for an algorithm to make it more complex, in DES we
have 16 rounds ensuring it to be more secure while in AES we have 10 rounds which
makes it more secure.
2. Design of function F –
The core part of the Feistel Block cipher structure is the Round Function. The
complexity of cryptanalysis can be derived from the Round function i.e. the increasing
level of complexity for the round function would be greatly contributing to an increase
in complexity.
To increase the complexity of the round function, the avalanche effect is also included
in the round function, as the change of a single bit in plain text would produce a
mischievous output due to the presence of avalanche effect.
3. Key schedule algorithm –
In Feistel Block cipher structure, each round would generate a sub-key for increasing
the complexity of cryptanalysis. The Avalanche effect makes it more complex in
deriving sub-key. Decryption must be done very carefully to get the actual output as the
avalanche effect is present in it.

Data Encryption Standard (DES)

The Data Encryption Standard (DES) is a symmetric-key block cipher published by the
National Institute of Standards and Technology (NIST).
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block
size is 64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since
8 of the 64 bits of the key are not used by the encryption algorithm (function as check bits
only). General Structure of DES is depicted in the following illustration −

Since DES is based on the Feistel Cipher, all that is required to specify DES is −

 Round function
 Key schedule
 Any additional processing − Initial and final permutation

Initial and Final Permutation

The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses
of each other. They have no cryptography significance in DES. The initial and final
permutations are shown as follows −
Round Function

The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the
rightmost 32 bits to produce a 32-bit output.

 Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit,
we first need to expand right input to 48 bits. Permutation logic is graphically
depicted in the following illustration −

 The graphically depicted permutation logic is generally described as table in DES

specification illustrated as shown −
 XOR (Whitener). − After the expansion permutation, DES does XOR operation on
the expanded right section and the round key. The round key is used only in this
operation.
 Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses
8 S-boxes, each with a 6-bit input and a 4-bit output. Refer the following illustration
−

 The S-box rule is illustrated below −

 There are a total of eight S-box tables. The output of all eight s-boxes is then
combined in to 32 bit section.
 Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight
permutation with rule shown in the following illustration:
Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The process
of key generation is depicted in the following illustration −

The logic for Parity drop, shifting, and Compression P-box is given in the DES description.

DES Analysis

The DES satisfies both the desired properties of block cipher. These two properties make
cipher very strong.
 Avalanche effect − A small change in plaintext results in the very great change in the
ciphertext.
 Completeness − Each bit of ciphertext depends on many bits of plaintext.
During the last few years, cryptanalysis have found some weaknesses in DES when key
selected are weak keys. These keys shall be avoided.
DES has proved to be a very well designed block cipher. There have been no significant
cryptanalytic attacks on DES other than exhaustive key search.

Double DES:
Double DES is a encryption technique which uses two instance of DES on same plain text.
In both instances it uses different keys to encrypt the plain text. Both keys are required at
the time of decryption. The 64 bit plain text goes into first DES instance which than
converted into a 64 bit middle text using the first key and then it goes to second DES
instance which gives 64 bit cipher text by using second key.

However double DES uses 112 bit key but gives security level of 2^56 not 2^112 and this is
because of meet-in-the middle attack which can be used to break through double DES.
Triple DES:
Triple DES is a encryption technique which uses three instance of DES on same plain text.
It uses there different types of key choosing technique in first all used keys are different
and in second two keys are same and one is different and in third all keys are same.
Triple DES is also vulnerable to meet-in-the middle attack because of which it give total
security level of 2^112 instead of using 168 bit of key. The block collision attack can also
be done because of short block size and using same key to encrypt large size of text. It is
also vulnerable to sweet32 attack.

The more popular and widely adopted symmetric encryption algorithm likely to be
encountered nowadays is the Advanced Encryption Standard (AES). It is found at least six
time faster than triple DES.
A replacement for DES was needed as its key size was too small. With increasing
computing power, it was considered vulnerable against exhaustive key search attack. Triple
DES was designed to overcome this drawback but it was found slow.
The features of AES are as follows −

 Symmetric key symmetric block cipher

 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES
 Provide full specification and design details
 Software implementable in C and Java

Operation of AES

AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation

network’. It comprises of a series of linked operations, some of which involve replacing
inputs by specific outputs (substitutions) and others involve shuffling bits around
(permutations).
Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats
the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns
and four rows for processing as a matrix −
Unlike DES, the number of rounds in AES is variable and depends on the length of the key.
AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit
keys. Each of these rounds uses a different 128-bit round key, which is calculated from the
original AES key.
The schematic of AES structure is given in the following illustration −

Encryption Process

Here, we restrict to description of a typical round of AES encryption. Each round comprise
of four sub-processes. The first round process is depicted below −
Byte Substitution (SubBytes)
The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The
result is in a matrix of four rows and four columns.

Shiftrows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-
inserted on the right side of row. Shift is carried out as follows −
 First row is not shifted.
 Second row is shifted one (byte) position to the left.
 Third row is shifted two positions to the left.
 Fourth row is shifted three positions to the left.
 The result is a new matrix consisting of the same 16 bytes but shifted with respect to
each other.

MixColumns
Each column of four bytes is now transformed using a special mathematical function. This
function takes as input the four bytes of one column and outputs four completely new bytes,
which replace the original column. The result is another new matrix consisting of 16 new
bytes. It should be noted that this step is not performed in the last round.
Addroundkey
The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of
the round key. If this is the last round then the output is the ciphertext. Otherwise, the
resulting 128 bits are interpreted as 16 bytes and we begin another similar round.

Decryption Process

The process of decryption of an AES ciphertext is similar to the encryption process in the
reverse order. Each round consists of the four processes conducted in the reverse order −
  Add round key
 Mix columns
 Shift rows
 Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the
encryption and decryption algorithms needs to be separately implemented, although they are
very closely related.

AES Analysis

In present day cryptography, AES is widely adopted and supported in both hardware and
software. Till date, no practical cryptanalytic attacks against AES has been discovered.
Additionally, AES has built-in flexibility of key length, which allows a degree of ‘future-
proofing’ against progress in the ability to perform exhaustive key searches.
However, just as for DES, the AES security is assured only if it is correctly implemented
and good key management is employed.

Stream Ciphers
In stream cipher, one byte is encrypted at a time while in block cipher ~128 bits are
encrypted at a time.
Initially, a key(k) will be supplied as input to pseudorandom bit generator and then it
produces a random 8-bit output which is treated as keystream.
The resulted keystream will be of size 1 byte, i.e., 8 bits.
1. Stream Cipher follows the sequence of pseudorandom number stream.
2. One of the benefits of following stream cipher is to make cryptanalysis more difficult,
so the number of bits chosen in the Keystream must be long in order to make
cryptanalysis more difficult.
3. By making the key more longer it is also safe against brute force attacks.
4. The longer the key the stronger security is achieved, preventing any attack.
5. Keystream can be designed more efficiently by including more number of 1s and 0s, for
making cryptanalysis more difficult.
6. Considerable benefit of a stream cipher is, it requires few lines of code compared to
block cipher.
Encryption :
For Encryption,
 Plain Text and Keystream produces Cipher Text (Same keystream will be used for
decryption.).
 The Plaintext will undergo XOR operation with keystream bit-by-bit and produces the
Cipher Text.
Example –
Plain Text : 10011001
Keystream : 11000011
`````````````````````
Cipher Text : 01011010
Decryption :
For Decryption,
 Cipher Text and Keystream gives the original Plain Text (Same keystream will be used
for encryption.).
 The Ciphertext will undergo XOR operation with keystream bit-by-bit and produces the
actual Plain Text.
Example –
Cipher Text : 01011010
Keystream : 11000011
``````````````````````
Plain Text : 10011001
Decryption is just the reverse process of Encryption i.e. performing XOR with Cipher Text.

Diagram of Stream Cipher

RC4 Encryption Algorithm

RC4 is a stream cipher and variable-length key algorithm. This algorithm encrypts one byte
at a time (or larger units at a time).
A key input is pseudorandom bit generator that produces a stream 8-bit number that is
unpredictable without knowledge of input key, The output of the generator is called key-
stream, is combined one byte at a time with the plaintext stream cipher using X-OR
operation.
Example:
RC4 Encryption
10011000 ? 01010000 = 11001000

RC4 Decryption
11001000 ? 01010000 = 10011000
Key-Generation Algorithm –
A variable-length key from 1 to 256 bytes is used to initialize a 256-byte state vector S,
with elements S[0] to S[255]. For encryption and decryption, a byte k is generated from S
by selecting one of the 255 entries in a systematic fashion, then the entries in S are
permuted again.
1. Key-Scheduling Algorithm:
Initialization: The entries of S are set equal to the values from 0 to 255 in ascending
order, a temporary vector T, is created.
If the length of the key k is 256 bytes, then k is assigned to T. Otherwise, for a key with
length(k-len) bytes, the first k-len elements of T as copied from K, and then K is
repeated as many times as necessary to fill T. The idea is illustrated as follow:

for

i = 0 to 255 do S[i] = i;

T[i] = K[i mod k - len];

2. we use T to produce the initial permutation of S. Starting with S[0] to S[255], and for
each S[i] algorithm swap it with another byte in S according to a scheme dictated by
T[i], but S will still contain values from 0 to 255 :

j = 0;

for

i = 0 to 255 do

j = (j + S[i] + T[i])mod 256;

Swap(S[i], S[j]);

3. Pseudo random generation algorithm (Stream Generation):

Once the vector S is initialized, the input key will not be used. In this step, for each S[i]
algorithm swap it with another byte in S according to a scheme dictated by the current
configuration of S. After reaching S[255] the process continues, starting from S[0]
again
 i, j = 0;

while (true)

i = (i + 1)mod 256;

j = (j + S[i])mod 256;

Swap(S[i], S[j]);

t = (S[i] + S[j])mod 256;

k = S[t];

4. Encrypt using X-Or():

Public Key Cryptography

Unlike symmetric key cryptography, we do not find historical use of public-key

cryptography. It is a relatively new concept.
Symmetric cryptography was well suited for organizations such as governments, military,
and big financial corporations were involved in the classified communication.
With the spread of more unsecure computer networks in last few decades, a genuine need
was felt to use cryptography at larger scale. The symmetric key was found to be non-
practical due to challenges it faced for key management. This gave rise to the public key
cryptosystems.
The process of encryption and decryption is depicted in the following illustration −

The most important properties of public key encryption scheme are −

 Different keys are used for encryption and decryption. This is a property which set
this scheme different than symmetric encryption scheme.
 Each receiver possesses a unique decryption key, generally referred to as his private
key.
 Receiver needs to publish an encryption key, referred to as his public key.
 Some assurance of the authenticity of a public key is needed in this scheme to avoid
spoofing by adversary as the receiver. Generally, this type of cryptosystem involves
trusted third party which certifies that a particular public key belongs to a specific
person or entity only.
 Encryption algorithm is complex enough to prohibit attacker from deducing the
plaintext from the ciphertext and the encryption (public) key.
 Though private and public keys are related mathematically, it is not be feasible to
calculate the private key from the public key. In fact, intelligent part of any public-
key cryptosystem is in designing a relationship between two keys.
Principles of Public-Key Cryptosystems

Introduction: -The concept of public-key cryptography evolved from an attempt to attack

two of the most difficult problems associated with symmetric encryption. The first problem is
that of key distribution. Key distribution under symmetric encryption requires either (1) that
two communicants already share a key, which somehow has been distributed to them; or (2)
the use of a key distribution center.

The second problem that Diffie pondered and one that was of "digital signatures." If the use
of cryptography was to become widespread, not just in military situations but for commercial
 and private purposes, then electronic messages and documents would need the equivalent of
signatures used in paper documents.

Diffie and Hellman achieved an astounding breakthrough in 1976 by coming up with a

method that addressed both problems and that was radically different from all previous
approaches to cryptography.

Public-Key Cryptosystems:-Asymmetric algorithms rely on one key for encryption and a

different but related key for decryption. These algorithms have the following important
characteristic:

 It is computationally infeasible to determine the decryption key given only knowledge of

the cryptographic algorithm and the encryption key.

A public-key encryption scheme has six ingredients –

Plaintext: This is the readable message or data that is fed into the algorithm as input.

Public and private keys: This is a pair of keys that have been selected so that if one is used
for encryption, the other is used for decryption. The exact transformations performed by the
algorithm depend on the public or private key that is provided as input.

Ciphertext: This is the scrambled message produced as output. It depends on the plaintext
and the key. For a given message, two different keys will produce two different ciphertexts.

Decryption algorithm: This algorithm accepts the ciphertext and the matching key and
produces the original plaintext.

The essential steps are the following:

1. Each user generates a pair of keys to be used for the encryption and decryption of
messages.

2. Each user places one of the two keys in a public register or other accessible file. This is
the public key. The companion key is kept private. Each user maintains a collection of public
keys obtained from others.

3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message using
Alice's public key.

4. When Alice receives the message, she decrypts it using her private key. No other
recipient can decrypt the message because only Alice knows Alice's private key.

With this approach, all participants have access to public keys, and private keys are generated
locally by each participant and therefore need never be distributed. As long as a user's private
key remains protected and secret, incoming communication is secure. At any time, a system
can change its private key and publish the companion public key to replace its old public key.

The two keys used for asymmetric encryption are referred to as the public key and the private
key. The private key is kept secret, but it is referred to as a private key rather than a secret
key to avoid confusion with symmetric encryption. The important aspects of symmetric and
public-key encryption are as follows:-

Applications for Public-Key Cryptosystems

Public-key systems are characterized by the use of a cryptographic algorithm with two keys,
one held private and one available publicly. Depending on the application, the sender uses
either the sender's private key or the receiver's public key, or both, to perform some type of
cryptographic function. Public-key cryptosystems are classified as follows:-

· Encryption/decryption:The sender encrypts a message with the recipient's public key.

· Digital signature:The sender "signs" a message with its private key. Signing is achieved by
a cryptographic algorithm applied to the message or to a small block of data that is a function
of the message.

· Key exchange:Two sides cooperate to exchange a session key. Several different approaches
are possible, involving the private key(s) of one or both parties.

RSA Algorithm in Cryptography

RSA algorithm is asymmetric cryptography algorithm. Asymmetric actually means that it

works on two different keys i.e. Public Key and Private Key. As the name describes that
the Public Key is given to everyone and Private key is kept private.
An example of asymmetric cryptography :
1. A client (for example browser) sends its public key to the server and requests for some
data.
2. The server encrypts the data using client’s public key and sends the encrypted data.
3. Client receives this data and decrypts it.
Since this is asymmetric, nobody else except browser can decrypt the data even if a third
party has public key of browser.
The idea! The idea of RSA is based on the fact that it is difficult to factorize a large
integer. The public key consists of two numbers where one number is multiplication of two
large prime numbers. And private key is also derived from the same two prime numbers. So
if somebody can factorize the large number, the private key is compromised. Therefore
encryption strength totally lies on the key size and if we double or triple the key size, the
strength of encryption increases exponentially. RSA keys can be typically 1024 or 2048 bits
long, but experts believe that 1024 bit keys could be broken in the near future. But till now
it seems to be an infeasible task.
Let us learn the mechanism behind RSA algorithm :
>> Generating Public Key :
 Select two prime no's. Suppose P = 53 and Q = 59.
 Now First part of the Public key : n = P*Q = 3127.

 We also need a small exponent say e :
 But e Must be

 An integer.

 Not be a factor of n.

 1 < e < Φ(n) [Φ(n) is discussed below],
 Let us now consider it to be equal to 3.


 Our Public Key is made of n and e

>> Generating Private Key :
 We need to calculate Φ(n) :
 Such that Φ(n) = (P-1)(Q-1)
 so, Φ(n) = 3016

 Now calculate Private Key, d :
 d = (k*Φ(n) + 1) / e for some integer k
 For k = 2, value of d is 2011.
Now we are ready with our – Public Key ( n = 3127 and e = 3) and Private Key(d = 2011)
Now we will encrypt “HI” :
 Convert letters to numbers : H = 8 and I = 9

 Thus Encrypted Data c = 89e mod n.
 Thus our Encrypted Data comes out to be 1394

 Now we will decrypt 1394 :

 Decrypted Data = cd mod n.
 Thus our Encrypted Data comes out to be 89
 8 = H and I = 9 i.e. "HI".
Knapsack Encryption Algorithm in Cryptography

Knapsack Encryption Algorithm is the first general public key cryptography algorithm. It
is developed by Ralph Merkle and Mertin Hellman in 1978. As it is a Public key
cryptography, it needs two different keys. One is Public key which is used for Encryption
process and the other one is Private key which is used for Decryption process. In this
algorithm we will two different knapsack problems in which one is easy and other one is
hard. The easy knapsack is used as the private key and the hard knapsack is used as the
public key. The easy knapsack is used to derived the hard knapsack.
For the easy knapsack, we will choose a Super Increasing knapsack problem. Super
increasing knapsack is a sequence in which every next term is greater than the sum of all
preceding terms.
Example –
{1, 2, 4, 10, 20, 40} is a super increasing as
1<2, 1+2<4, 1+2+4<10, 1+2+4+10<20 and 1+2+4+10+20<40.
Derive the Public key
 Step-1:
Choose a super increasing knapsack {1, 2, 4, 10, 20, 40} as the private key.

 Step-2:
Choose two numbers n and m. Multiply all the values of private key by the number n
and then find modulo m. The value of m must be greater than the sum of all values in
private key, for example 110. And the number n should have no common factor with m,
for example 31.

 Step-3:
Calculate the values of Public key using m and n.
1x31 mod(110) = 31
2x31 mod(110) = 62
4x31 mod(110) = 14
10x31 mod(110) = 90
20x31 mod(110) = 70
40x31 mod(110) = 30
 Thus, our public key is {31, 62, 14, 90, 70, 30}
And Private key is {1, 2, 4, 10, 20, 40}.

Now take an example for understanding the process of encryption and decryption.
Example –
Lets our plain text is 100100111100101110.
1. Encryption :
As our knapsacks contain six values, so we will split our plain text in a groups of six:
100100 111100 101110
Multiply each values of public key with the corresponding values of each group and take
their sum.
100100 {31, 62, 14, 90, 70, 30}
1x31+0x62+0x14+1x90+0x70+0x30 = 121

111100 {31, 62, 14, 90, 70, 30}

1x31+1x62+1x14+1x90+0x70+0x30 = 197

101110 {31, 62, 14, 90, 70, 30}

1x31+0x62+1x14+1x90+1x70+0x30 = 205
So, our cipher text is 121 197 205.
2. Decryption :
The receiver receive the cipher text which has to be decrypt. The receiver also knows the
values of m and n.
So, first we need to find the , which is multiplicative inverse of n mod m i.e.,
nx mod(m) = 1

31 x mod(110) = 1

= 71
Now, we have to multiply 71 with each block of cipher text take modulo m.
121 x 71 mod(110) = 11
Then, we will have to make the sum of 11 from the values of private key {1, 2, 4, 10, 20,
40} i.e.,
1+10=11 so make that corresponding bits 1 and others 0 which is 100100.
Similarly,
197 x 71 mod(110) = 17
1+2+4+10=17 = 111100

And, 205 x 71 mod(110) = 35

1+4+10+20=35 = 101110
After combining them we get the decoded text.
100100111100101110 which is our plain text.
Key Distribution Center (KDC) is a central authority dealing with keys for individual
computers (nodes) in a computer network. It is similar to the concept of the Authentication
Server (AS) and Ticket Granting Server (TGS) in Kerberos.
The basic idea is that every node shares a unique secret key with the KDC. Whenever user A
wants to communicate securely with user B, the following happens:
 1. The background is that A has shared secret key KA with KDC. Similarly, B is
assumed to share a secret key KB with the KDC.
2. A sends a request to KDC encrypted with KA, which includes
(a) Identities of A and B
(b) A random number R, called a nonce
3. KDC responds with a message encrypted with KA, containing
(a) One-time symmetric key KS
(b) Original request that was sent by A, for verification
(c) Plus, KS encrypted with KB and ID of A encrypted with KB
4. A and B can now communicate by using KS for encryption.
This is depicted in Fig. below
Needham–Schroeder protocol
The term Needham–Schroeder protocol can refer to one of the two key transport protocols
intended for use over an insecure network, both proposed by Roger Needham and Michael
Schroeder. These are:
i. The Needham–Schroeder Symmetric Key Protocol is based on a symmetric encryption
algorithm. It forms the basis for the Kerberos protocol. This protocol aims to establish a
session key between two parties on a network, typically to protect further communication.
ii. The Needham–Schroeder Public-Key Protocol, based on public-key cryptography. This
protocol is intended to provide mutual authentication between two parties communicating on
a network, but in its proposed form is insecure.
 The symmetric Protocol
Here, Alice (A) initiates the communication to Bob (B). S is a server trusted by both
parties. In the communication:
i. A and B are identities of Alice and Bob respectively
ii. KAS is a symmetric key known only to A and S
iii. KBS is a symmetric key known only to B and S
iv. NA and NB are nonces generated by A and B respectively
v. KAB is a symmetric, generated key, which will be the session key of the session
between A and B
The protocol can be specified as follows in security protocol notation:
A → S : A , B , NA
Alice sends a message to the server identifying herself and Bob, telling the server she
wants to communicate with Bob.
S → A : { NA,KAB,B,KAB,AKBS}KASNA,KAB,B,KAB,AKBS}KAS
The server generates KABKAB and sends back to Alice a copy encrypted
under KBSKBS for Alice to forward to Bob and also a copy for Alice. Since Alice
may be requesting keys for several different people, the nonce assures Alice that the
message is fresh and that the server is replying to that particular message and the
inclusion of Bob's name tells Alice who she is to share this key with.
A → B : {KAB,A}KBS{KAB,A}KBS
Alice forwards the key to Bob who can decrypt it with the key he shares with the
server, thus authenticating the data.
B−→A{NB}KABB→A{NB}KAB
Bob sends Alice a nonce encrypted under KAB to show that he has the key.
A → B : {NB–1}KABNB–1}KAB
Alice performs a simple operation on the nonce, re-encrypts it and sends it back
verifying that she is still alive and that she holds the key.
 Attacks on the protocol
 The protocol is vulnerable to a replay attack (as identified by Denning and Sacco). If
an attacker uses an older, compromised value for KAB, he can then replay the
message
{KAB,A}KBS{KAB,A}KBS to Bob, who will accept it, being unable to tell that the
key is not fresh.
 Fixing the attack
This flaw is fixed in the Kerberos protocol by the inclusion of a timestamp. It can also
be fixed with the use of nonces as described below.At the beginning of the protocol:
A→B:A
Alice sends to Bob a request.
B → A : {A, N′BNB′} KBSKBS
Bob responds with a nonce encrypted under his key with the Server.
A → S : A,B,NA,{A,N′B}KBSA,B,NA,{A,NB′}KBS
Alice sends a message to the server identifying herself and Bob, telling the server she wants
to communicate with Bob.
S → A : {NA,KAB,B,KAB,A,N′BKBS}KASNA,KAB,B,KAB,A,NB′KBS}KAS
Note the inclusion of the nonce.
The protocol then continues as described through the final three steps as described in the
original protocol above. Note that N’B is a different nonce from NB. The inclusion of this
new nonce prevents the replaying of a compromised version of {KAB,A}KBS since such a
message would need to be of the form {KAB,A,N′B}KBS{KAB,A,NB′}KBS which the
attacker can't forge since she does not have KBSKBS.
 The Public-Key protocol

This assumes the use of a public-key encryption algorithm.

Here, Alice (A) and Bob (B) use a trusted server (S) to distribute public keys on
request. These keys are:
i. KPA and KSAKPA and KSA, respectively public and private halves of an
encryption key- pair belonging to A (S stands for "secret key" here)
ii. KPB andKSBKPB andKSB, similar belonging to B
iii. KPSKPS and KSSKSS, similar belonging to S. (Note this has the property
that KSSKSS is used to encrypt and KPSKPS to decrypt).

Kerberos

Kerberos provides a centralized authentication server whose function is to authenticate

users to servers and servers to users. In Kerberos Authentication server and database is used
for client authentication. Kerberos runs as a third-party trusted server known as the Key
Distribution Center (KDC). Each user and service on the network is a principal.
The main components of Kerberos are:
 Authentication Server (AS):
The Authentication Server performs the initial authentication and ticket for Ticket
Granting Service.
 Database:
The Authentication Server verifies access rights of users in database.
 Ticket Granting Server (TGS):
The Ticket Granting Server issues the ticket for the Server
Kerberos Overview:

 Step-1:
User logon and request services on host. Thus user request for ticket-granting-service.
 Step-2:
Authentication Server verifies user’s access right using database and then gives ticket-
granting-ticket and session key. Results are encrypted using Password of user.
 Step-3:
Decryption of message is done using the password then send the ticket to Ticket
Granting Server. The Ticket contain authenticators like user name and network address.
 Step-4:
Ticket Granting Server decrypts the ticket send by User and authenticator verifies the
request then creates the ticket for requesting services from the Server.
 Step-5:
User send the Ticket and Authenticator to the Server.
 Step-6:
Server verifies the Ticket and authenticators then generate the access to the service.
After this User can access the services.

Implementation of Diffie-Hellman Algorithm

Background
Elliptic Curve Cryptography (ECC) is an approach to public-key cryptography, based on
the algebraic structure of elliptic curves over finite fields. ECC requires a smaller key as
compared to non-ECC cryptography to provide equivalent security (a 256-bit ECC security
has equivalent security attained by 3072-bit RSA cryptography).
For a better understanding of Elliptic Curve Cryptography, it is very important to
understand the basics of the Elliptic Curve. An elliptic curve is a planar algebraic curve
defined by an equation of the form

Where ‘a’ is the co-efficient of x and ‘b’ is the constant of the equation
The curve is non-singular; that is, its graph has no cusps or self-intersections (when the
characteristic of the Co-efficient field is equal to 2 or 3).
In general, an elliptic curve looks like as shown below. Elliptic curves can intersect almost
3 points when a straight line is drawn intersecting the curve. As we can see, the elliptic
curve is symmetric about the x-axis. This property plays a key role in the algorithm.

Diffie-Hellman algorithm
The Diffie-Hellman algorithm is being used to establish a shared secret that can be used for
secret communications while exchanging data over a public network using the elliptic curve
to generate points and get the secret key using the parameters.
 For the sake of simplicity and practical implementation of the algorithm, we will
consider only 4 variables, one prime P and G (a primitive root of P) and two private
values a and b.
 P and G are both publicly available numbers. Users (say Alice and Bob) pick private
values a and b and they generate a key and exchange it publicly. The opposite person
receives the key and that generates a secret key, after which they have the same secret
key to encrypt.
Step by Step Explanation
Alice Bob

Public Keys available = P, G Public Keys available = P, G

Private Key Selected = a Private Key Selected = b

Key generated =
Key generated =

Exchange of generated keys takes place

Key received = y key received = x

Alice Bob

Generated Secret Key = Generated Secret Key =

Algebraically, it can be shown that

Users now have a symmetric secret key to encrypt

Example:
Step 1: Alice and Bob get public numbers P = 23, G = 9

Step 2: Alice selected a private key a = 4 and

Bob selected a private key b = 3

Step 3: Alice and Bob compute public values

Alice: x =(9^4 mod 23) = (6561 mod 23) = 6
Bob: y = (9^3 mod 23) = (729 mod 23) = 16

Step 4: Alice and Bob exchange public numbers

Step 5: Alice receives public key y =16 and

Bob receives public key x = 6

Step 6: Alice and Bob compute symmetric keys

Alice: ka = y^a mod p = 65536 mod 23 = 9
Bob: kb = x^b mod p = 216 mod 23 = 9

Step 7: 9 is the shared secret.

Encryption – Process of converting electronic data into another form, called ciphertext,
which cannot be easily understood by anyone except the authorized parties. This assures
data security.
Decryption– Process of translating code to data.
 The message is encrypted at the sender’s side using various encryption algorithms and
decrypted at the receiver’s end with the help of the decryption algorithms.
 When some message is to be kept secure like username, password, etc., encryption and
decryption techniques are used to assure data security.
Types of Encryption
1. Symmetric Encryption– Data is encrypted using a key and the decryption is also done
using the same key.
2. Asymmetric Encryption-Asymmetric Cryptography is also known as public-key
cryptography. It uses public and private keys to encrypt and decrypt data. One key in
the pair which can be shared with everyone is called the public key. The other key in
the pair which is kept secret and is only known by the owner is called the private key.
Either of the keys can be used to encrypt a message; the opposite key from the one used
to encrypt the message is used for decryption.
Public key– Key which is known to everyone. Ex-public key of A is 7, this information is
known to everyone.
Private key– Key which is only known to the person who’s private key it is.
Authentication-Authentication is any process by which a system verifies the identity of a
user who wishes to access it.
Non- repudiation– Non-repudiation means to ensure that a transferred message has been
sent and received by the parties claiming to have sent and received the message. Non-
repudiation is a way to guarantee that the sender of a message cannot later deny having sent
the message and that the recipient cannot deny having received the message.
Integrity– to ensure that the message was not altered during the transmission.
Message digest -The representation of text in the form of a single string of digits, created
using a formula called a one way hash function. Encrypting a message digest with a private
key creates a digital signature which is an electronic means of authentication..

Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and
integrity of a message, software, or digital document.

1. Key Generation Algorithms: Digital signature is electronic signatures, which assure

that the message was sent by a particular sender. While performing digital transactions
authenticity and integrity should be assured, otherwise, the data can be altered or
someone can also act as if he was the sender and expect a reply.
2. Signing Algorithms: To create a digital signature, signing algorithms like email
programs create a one-way hash of the electronic data which is to be signed. The
signing algorithm then encrypts the hash value using the private key (signature key).
This encrypted hash along with other information like the hashing algorithm is the
digital signature. This digital signature is appended with the data and sent to the
verifier. The reason for encrypting the hash instead of the entire message or document is
that a hash function converts any arbitrary input into a much shorter fixed-length value.
This saves time as now instead of signing a long message a shorter hash value has to be
signed and moreover hashing is much faster than signing.
3. Signature Verification Algorithms : Verifier receives Digital Signature along with the
data. It then uses Verification algorithm to process on the digital signature and the
public key (verification key) and generates some value. It also applies the same hash
function on the received data and generates a hash value. Then the hash value and the
output of the verification algorithm are compared. If they both are equal, then the digital
signature is valid else it is invalid.
The steps followed in creating digital signature are :
1. Message digest is computed by applying hash function on the message and then
message digest is encrypted using private key of sender to form the digital signature.
(digital signature = encryption (private key of sender, message digest) and message
digest = message digest algorithm(message)).
2. Digital signature is then transmitted with the message.(message + digital signature is
transmitted)
3. Receiver decrypts the digital signature using the public key of sender.(This assures
authenticity, as only sender has his private key so only sender can encrypt using his
private key which can thus be decrypted by sender’s public key).
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message (actual message is sent
with the digital signature).
6. The message digest computed by receiver and the message digest (got by decryption on
digital signature) need to be same for ensuring integrity.
Message digest is computed using one-way hash function, i.e. a hash function in which
computation of hash value of a message is easy but computation of the message from hash
value of the message is very difficult.

Digital Certificate
Digital certificate is issued by a trusted third party which proves sender’s identity to the
receiver and receiver’s identity to the sender.
A digital certificate is a certificate issued by a Certificate Authority (CA) to verify the
identity of the certificate holder. The CA issues an encrypted digital certificate containing
the applicant’s public key and a variety of other identification information. Digital
certificate is used to attach public key with a particular individual or an entity.
Digital certificate contains:-

1. Name of certificate holder.

2. Serial number which is used to uniquely identify a certificate, the individual or the
entity identified by the certificate
3. Expiration dates.
4. Copy of certificate holder’s public key.(used for decrypting messages and digital
signatures)
5. Digital Signature of the certificate issuing authority.
Digital certificate is also sent with the digital signature and the message.
Digital certificate vs digital signature :
Digital signature is used to verify authenticity, integrity, non-repudiation ,i.e. it is assuring
that the message is sent by the known user and not modified, while digital certificate is
used to verify the identity of the user, maybe sender or receiver. Thus, digital signature and
certificate are different kind of things but both are used for security. Most websites use
digital certificate to enhance trust of their users

Feature Digital Signature Digital Certificate

Digital signature is like a fingerprint or
Basics /an attachment to a digital document that Digital certificate is a file that ensures
Definition ensures its authenticity and integrity. holder’s identity and provides security.
It is generated by CA (Certifying
Hashed value of original message is Authority) that involves four steps: Key
Process /encrypted with sender’s secret key to Generation, Registration, Verification,
Steps generate the digital signature. Creation.
Security Authenticity of Sender, integrity of the It provides security and authenticity of
Services document and non-repudiation. certificate holder.
It follows Digital Signature Standard
Standard (DSS). It follows X.509 Standard Format

An X.509 certificate is a digital certificate that uses the widely accepted international X.509
public key infrastructure (PKI) standard to verify that a public key belongs to the user,
computer or service identity contained within the certificate.

An X.509 certificate contains information about the identity to which a certificate is issued
and the identity that issued it. Standard information in an X.509 certificate includes:

 Version – which X.509 version applies to the certificate (which indicates what data the
certificate must include)
 Serial number – the identity creating the certificate must assign it a serial number that
distinguishes it from other certificates
 Algorithm information – the algorithm used by the issuer to sign the certificate
 Issuer distinguished name – the name of the entity issuing the certificate (usually
a certificate authority)
 Validity period of the certificate – start/end date and time
 Subject distinguished name – the name of the identity the certificate is issued to
 Subject public key information – the public key associated with the identity
 Extensions (optional)

Many of the certificates that people refer to as Secure Sockets Layer (SSL) certificates are in
fact X.509 certificates.

The first X.509 certificates were issued in 1988 as part of the International
Telecommunications Union's Telecommunication Standardization Sector (ITU-T) and the
X.500 Directory Services Standard. In 1993, version 2 added two fields to support directory
access control. Version 3 was released in 1996 and defines the formatting used for certificate
extensions.

Public Key Infrastructure

The most distinct feature of Public Key Infrastructure (PKI) is that it uses a pair of keys to
achieve the underlying security service. The key pair comprises of private key and public
key.
Since the public keys are in open domain, they are likely to be abused. It is, thus, necessary
to establish and maintain some kind of trusted infrastructure to manage these keys.

Key Management

It goes without saying that the security of any cryptosystem depends upon how securely its
keys are managed. Without secure procedures for the handling of cryptographic keys, the
benefits of the use of strong cryptographic schemes are potentially lost.
It is observed that cryptographic schemes are rarely compromised through weaknesses in
their design. However, they are often compromised through poor key management.
There are some important aspects of key management which are as follows −
 Cryptographic keys are nothing but special pieces of data. Key management refers to
the secure administration of cryptographic keys.
 Key management deals with entire key lifecycle as depicted in the following
illustration −

 There are two specific requirements of key management for public key cryptography.
o Secrecy of private keys. Throughout the key lifecycle, secret keys must
remain secret from all parties except those who are owner and are authorized
to use them.
o Assurance of public keys. In public key cryptography, the public keys are in
open domain and seen as public pieces of data. By default there are no
assurances of whether a public key is correct, with whom it can be associated,
or what it can be used for. Thus key management of public keys needs to
focus much more explicitly on assurance of purpose of public keys.
The most crucial requirement of ‘assurance of public key’ can be achieved through the
public-key infrastructure (PKI), a key management systems for supporting public-key
cryptography.
Public Key Infrastructure (PKI)

PKI provides assurance of public key. It provides the identification of public keys and their
distribution. An anatomy of PKI comprises of the following components.

 Public Key Certificate, commonly referred to as ‘digital certificate’.

 Private Key tokens.
 Certification Authority.
 Registration Authority.
 Certificate Management System.

Digital Certificate

For analogy, a certificate can be considered as the ID card issued to the person. People use
ID cards such as a driver's license, passport to prove their identity. A digital certificate does
the same basic thing in the electronic world, but with one difference.
Digital Certificates are not only issued to people but they can be issued to computers,
software packages or anything else that need to prove the identity in the electronic world.
 Digital certificates are based on the ITU standard X.509 which defines a standard
certificate format for public key certificates and certification validation. Hence
digital certificates are sometimes also referred to as X.509 certificates.
Public key pertaining to the user client is stored in digital certificates by The
Certification Authority (CA) along with other relevant information such as client
information, expiration date, usage, issuer etc.
 CA digitally signs this entire information and includes digital signature in the
certificate.
 Anyone who needs the assurance about the public key and associated information of
client, he carries out the signature validation process using CA’s public key.
Successful validation assures that the public key given in the certificate belongs to
the person whose details are given in the certificate.
The process of obtaining Digital Certificate by a person/entity is depicted in the following
illustration.
As shown in the illustration, the CA accepts the application from a client to certify his public
key. The CA, after duly verifying identity of client, issues a digital certificate to that client.

Certifying Authority (CA)

As discussed above, the CA issues certificate to a client and assist other users to verify the
certificate. The CA takes responsibility for identifying correctly the identity of the client
asking for a certificate to be issued, and ensures that the information contained within the
certificate is correct and digitally signs it.
Key Functions of CA
The key functions of a CA are as follows −
 Generating key pairs − The CA may generate a key pair independently or jointly
with the client.
 Issuing digital certificates − The CA could be thought of as the PKI equivalent of a
passport agency − the CA issues a certificate after client provides the credentials to
confirm his identity. The CA then signs the certificate to prevent modification of the
details contained in the certificate.
 Publishing Certificates − The CA need to publish certificates so that users can find
them. There are two ways of achieving this. One is to publish certificates in the
equivalent of an electronic telephone directory. The other is to send your certificate
out to those people you think might need it by one means or another.
 Verifying Certificates − The CA makes its public key available in environment to
assist verification of his signature on clients’ digital certificate.
 Revocation of Certificates − At times, CA revokes the certificate issued due to some
reason such as compromise of private key by user or loss of trust in the client. After
revocation, CA maintains the list of all revoked certificate that is available to the
environment.
Classes of Certificates
There are four typical classes of certificate −
 Class 1 − These certificates can be easily acquired by supplying an email address.
 Class 2 − These certificates require additional personal information to be supplied.
 Class 3 − These certificates can only be purchased after checks have been made
about the requestor’s identity.
 Class 4 − They may be used by governments and financial organizations needing
very high levels of trust.

Registration Authority (RA)

CA may use a third-party Registration Authority (RA) to perform the necessary checks on
the person or company requesting the certificate to confirm their identity. The RA may
appear to the client as a CA, but they do not actually sign the certificate that is issued.

Certificate Management System (CMS)

It is the management system through which certificates are published, temporarily or
permanently suspended, renewed, or revoked. Certificate management systems do not
normally delete certificates because it may be necessary to prove their status at a point in
time, perhaps for legal reasons. A CA along with associated RA runs certificate management
systems to be able to track their responsibilities and liabilities.
Private Key Tokens
While the public key of a client is stored on the certificate, the associated secret private key
can be stored on the key owner’s computer. This method is generally not adopted. If an
attacker gains access to the computer, he can easily gain access to private key. For this
reason, a private key is stored on secure removable storage token access to which is
protected through a password.
Different vendors often use different and sometimes proprietary storage formats for storing
keys. For example, Entrust uses the proprietary .epf format, while Verisign, GlobalSign, and
Baltimore use the standard .p12 format.

Hierarchy of CA

With vast networks and requirements of global communications, it is practically not feasible
to have only one trusted CA from whom all users obtain their certificates. Secondly,
availability of only one CA may lead to difficulties if CA is compromised.
In such case, the hierarchical certification model is of interest since it allows public key
certificates to be used in environments where two communicating parties do not have trust
relationships with the same CA.
 The root CA is at the top of the CA hierarchy and the root CA's certificate is a self-
signed certificate.
 The CAs, which are directly subordinate to the root CA (For example, CA1 and CA2)
have CA certificates that are signed by the root CA.
  The CAs under the subordinate CAs in the hierarchy (For example, CA5 and CA6)
have their CA certificates signed by the higher-level subordinate CAs.
Certificate authority (CA) hierarchies are reflected in certificate chains. A certificate chain
traces a path of certificates from a branch in the hierarchy to the root of the hierarchy.
The following illustration shows a CA hierarchy with a certificate chain leading from an
entity certificate through two subordinate CA certificates (CA6 and CA3) to the CA
certificate for the root CA.

Verifying a certificate chain is the process of ensuring that a specific certificate chain is
valid, correctly signed, and trustworthy. The following procedure verifies a certificate chain,
beginning with the certificate that is presented for authentication −
 A client whose authenticity is being verified supplies his certificate, generally along
with the chain of certificates up to Root CA.
 Verifier takes the certificate and validates by using public key of issuer. The issuer’s
public key is found in the issuer’s certificate which is in the chain next to client’s
certificate.
 Now if the higher CA who has signed the issuer’s certificate, is trusted by the
verifier, verification is successful and stops here.
 Else, the issuer's certificate is verified in a similar manner as done for client in above
steps. This process continues till either trusted CA is found in between or else it
continues till Root CA.