PMIT-6204: Cryptography & Steganography

for
3rd Semester of PMIT Program

Lecture File: 01
Overview of Cryptography
Prepared by:
Professor K M Akkas Ali
[email protected], [email protected]

Institute of Information Technology (IIT)

Jahangirnagar University, Dhaka-1342
IIT, JU
 Books Recommended:

1. Cryptography and Network Security

Prepared by: K M Akkas Ali, Professor, IIT, JU

– Behrouz A Forouzan

2. Cryptography and Network Security

Principles and Practice
– William Stallings

Slide-2 IIT, JU
 Lecture File-01
Overview of Cryptography
Topics to be Discussed
❖ To know the general idea behind

Prepared by: K M Akkas Ali, Professor, IIT, JU

cryptography.
❖ To be familiar with basic terminology related
to cryptography.
❖ To define the terms and the concepts of
symmetric-key and asymmetric-key
cryptography.
❖ To distinguish between two cryptosystems:
symmetric-key and asymmetric-key.
❖ To emphasize the two categories of
traditional ciphers: substitution and
Slide 3 transposition ciphers. IIT, JU
What is Cryptography?
Cryptography is the study of secure communications techniques over
un-trusted communication channel that allow only the sender and
intended recipient of a message to view its contents.
❑ The term ‘cryptography’ is derived from the Greek word kryptos, which
means “secret writing”.

Prepared by: K M Akkas Ali, Professor, IIT, JU

We can define cryptography as:
❑ Cryptography is a physical process that scrambles information by
rearrangement and substitution of content, making it unreadable to
anyone except the person capable of unscrambling it.

Modern cryptography concerns itself with the following four

objectives:
1. Confidentiality: The information cannot be understood by anyone for
whom it was not intended.
2. Integrity: The information cannot be altered in storage or transit
between sender and intended receiver without the alteration being
detected.
3. Non-repudiation: The creator/sender of the information cannot deny at
a later stage their intentions in the creation or transmission of the
information.
4. Authentication: The sender and receiver can confirm each other's
Slide 4 identity and the origin/destination of the information. IIT, JU
General Idea Behind Cryptography:
In cryptography, the message “Happy Valentine’s Day” may be
concealed by-
❖ substituting or replacing or shifting each symbol with another. For
example, we can scramble the above message as “Gzoox Uzkdmshmd’r
Czx” through shifting to one character before the actual character. If the

Prepared by: K M Akkas Ali, Professor, IIT, JU

symbols are digits, we can replace 3 with 7, 2 with 6 and son on.
❖ changing or transposing the location of the symbols of each word of the
message, such as “Pyaph Tniv’saelne Yda”.

Figure below illustrate the process.

Encrypt Decrypt
Ciphertext Decrypted text/
Plaintext/Cleartext Plaintext
Happy Valentine’s Day Gzoox Uzkdmshmd’r Czx Happy Valentine’s Day

Sender: Alice Recipient: Bob

Figure: General idea behind cryptography

Slide 5 IIT, JU
Slide 6
White Board

Prepared by: K M Akkas Ali, Professor, IIT, JU

IIT, JU
Parts of a Cryptographic System:
Generally, all cryptographic processes have four
basic parts:
1. Plaintext
2. Ciphertext

Prepared by: K M Akkas Ali, Professor, IIT, JU

3. Cryptographic Algorithm
4. Key

Slide 7 IIT, JU
 Basic Terminology Related to Cryptography
❖ Plaintext/ Cleartext:
It is the original message that is being protected.

❖ Ciphertext/ Encoded text/ Encrypted text:

It is the encoded message which is the result of transforming a

Prepared by: K M Akkas Ali, Professor, IIT, JU

plaintext using encryption.

❖ Cipher/ Cryptographic Algorithm:

A cipher is an algorithm for performing encryption. It is a
mathematical formula used to scramble the plain text to yield
ciphertext. Converting plain text to ciphertext using the
cryptographic algorithm is called encryption, and converting
ciphertext back to plain text using the same cryptographic
algorithm is called decryption.

❖ Encrypt:
To transform a plaintext into ciphertext.

❖ Decrypt:
To transform a ciphertext into plaintext.
Slide 8 IIT, JU
 Basic Terminology Related to Cryptography
❖ Cryptanalysis:
It is the science of studying attacks against cryptographic
schemes. Successful attacks may, for example, recover the
plaintext (or parts of the plaintext) from ciphertext, substitute the
parts of the original message, or forge digital signatures.

Prepared by: K M Akkas Ali, Professor, IIT, JU

❖ Cryptology:
Cryptography and cryptanalysis are often subsumed by the more
general term cryptology.

❖ Key:
A key is a set of mathematical value, formula or process that the
cipher, as an algorithm, operates on. It determines how a
plaintext message is encrypted or decrypted. The key is the only
way to decipher the scrambled information.
A key is used to encrypt the message. Another or the same key is
used to decrypt the message. As the size of key, used to encrypt
a message, increases, so does the difficulty in deciphering the
message.
Slide 9 IIT, JU
Kinds of Cryptography
There are two main types of encryption:
1. Single key or secret key or symmetric-key cryptography
2. Public key or asymmetric-key cryptography

Prepared by: K M Akkas Ali, Professor, IIT, JU

Symmetric-key cryptography is based on sharing secrecy.
Asymmetric-key cryptography is based on personal secrecy.
The choice of an encryption method depends on the
❑ sensitivity of the data to be protected and
❑ duration of the protection.

Slide 10 IIT, JU
Idea Behind Symmetric-key Cryptography:
This is an encryption system in which both sender and receiver
possess the same key for communication on the other direction.
Both parties can encrypt and decrypt messages with this same
key. The sender and receiver must have a shared key set up in

Prepared by: K M Akkas Ali, Professor, IIT, JU

advance and kept secret from all other parties.
The encryption and decryption algorithms are inverse of each
other.
The original message from Alice to Bob is called plaintext and
the message that is sent through the channel is called the
ciphertext.
Symmetric-key cryptography has been used throughout history
by: Julius Caesar, German U-Boat commanders etc.

Slide 11 IIT, JU
Idea Behind Symmetric-key Cryptography:
Postal Analogy of Symmetric-key Cryptography:
In the symmetric-key cryptography, the same key is used to both
encrypt and decrypt message.

Prepared by: K M Akkas Ali, Professor, IIT, JU

An analogy that can be used to understand the advantages of an
symmetric system is to imagine two people, Alice and Bob, who are
sending a secret message through the public mail. In this example,
Alice wants to send a secret message to Bob, and expects a secret
reply from Bob.
❖ With a symmetric key system, Alice first puts the secret message in a
box, and locks the box using a padlock to which she has a key. She
then sends the box to Bob through regular mail (encryption).
❖ When Bob receives the box, he uses an identical copy of Alice's key
(which he has somehow obtained previously, maybe by a face-to-face
meeting) to open the box, and reads the message (decryption). Bob can
then use the same padlock to send his secret reply.

The problem with this method is how to give Bob a copy of the key
that Alice used.

Slide 12 IIT, JU
Idea Behind Symmetric-key Cryptography:
To create the ciphertext from the plaintext, Alice uses an
encryption algorithm and a shared secret key.
To create the plaintext from ciphertext, Bob uses a decryption
algorithm and the same secret key.

Prepared by: K M Akkas Ali, Professor, IIT, JU

Figure below illustrates the single-key encryption.

Figure: General idea of symmetric-key cipher

Slide 13 IIT, JU
Merits and Demerits of Symmetric-key Cryptography:

Merits:
Symmetric key algorithms are computationally less intensive than
asymmetric key algorithms. In practice, this means that a quality
asymmetric key algorithm is much slower than a quality symmetric

Prepared by: K M Akkas Ali, Professor, IIT, JU

key algorithm.
Symmetric encryption satisfies the requirement of message content
security, because the content can not be read without the shared
secret key.

Demerits:
It can pose two problems:
1. The key must be delivered securely to the two parties involved.
2. If a business has 10 business vendors, it needs 10 different single
keys unique to each vendor. Key distribution for multiple keys can
be a hassle. Choosing, distributing, and storing keys without error
and without loss is difficult.

Slide 14 IIT, JU
Idea Behind Asymmetric-key Cryptography:
It is an encryption system in which two mathematically related keys are used for encoding
and decoding the message. Of the two keys, one is called public key that any one can
know. Another is called private key that only the owner knows.

Public key can encrypt information, whereas, the private key can decrypt it. The private
key is assigned to one designated owner, but the public key can be announced to the
world. It can be published in a newspaper, on a server, on a website, or via a service
provider so that anyone can encrypt with it.

Prepared by: K M Akkas Ali, Professor, IIT, JU

The most common public-key algorithm is the RSA cryptosystem, named for its inventors
(Rivest, Shamir, and Adleman). Besides RSA, other public-key cryptosystems are Rabin
cryptosystem, ElGamal cryptosystem, elliptic curve cryptosystem (ECC) etc.

Slide 15Figure: Locking and unlocking in asymmetric-key cryptosystem IIT, JU

Idea Behind Asymmetric-key Cryptography:
Postal Analogy of Asymmetric-key Cryptography:
In the asymmetric-key cryptography, there are two keys - a public key and a private key.
An analogy that can be used to understand the advantages of an asymmetric system is to imagine two
people, Alice and Bob, who are sending a secret message through the public mail. In this example,
Alice wants to send a secret message to Bob, and expects a secret reply from Bob.
In an asymmetric key system, Bob and Alice have separate padlocks- one is open and another is
secret.

Prepared by: K M Akkas Ali, Professor, IIT, JU

First, Alice asks Bob to send his open padlock to her through regular mail, keeping his key to himself.
In other words, Bob sends Alice his public key.
When Alice receives it she uses it to lock a box containing her message, and sends the locked box to
Bob.
Bob can then unlock the box with his key (which is only private to him) and read the message from
Alice.
To reply, Bob must similarly get Alice's open padlock to lock the box before sending it back to her.

Figure: Locking and unlocking in asymmetric-key cryptosystem

Slide 16 IIT, JU
Idea Behind Asymmetric-key Cryptography:
Asymmetric-key cryptography uses two separate keys: a private key and a public key.
Both sending and receiving entity have their own key pairs, where one key (usually public key) is
used to encrypt message and another key (usually private key) is used to decrypt message. In other
words, a message encrypted with a public key can be decrypted only with the corresponding private
key.
Alice uses Bob’s public key to send encrypted message to Bob.
Bob uses his private key to decrypt message sent by Alice.

Prepared by: K M Akkas Ali, Professor, IIT, JU

Bob needs only one private key to receive all correspondence from anyone in the community, but
Alice needs n public keys to communicate with n entities in the community, one public key for each
entity.
In asymmetric-key cryptography, plaintext and ciphertext are treated as integers. Before encryption,
the message must be encoded as an integer (or a set of integers). The integer (or set of integers)
must be decoded into the message after decryption.
Figure below illustrates the general idea behind asymmetric-key cryptography.

Slide 17 Figure: General idea of asymmetric-key cryptosystem IIT, JU

Idea Behind Asymmetric-key Cryptography:
Encryption/Decryption
The encryption and decryption in asymmetric-key cryptography are
mathematical functions applied over the numbers representing the plaintext
and ciphertext.
The ciphertext can be thought of as C = f (Kpublic , P)

Prepared by: K M Akkas Ali, Professor, IIT, JU

The plaintext can be thought of as: P = g(Kprivate , C)
The encryption function f is used only for encryption.
The decryption function f is used only for decryption.

Figure: General idea of asymmetric-key cryptosystem

Slide 18 IIT, JU
Modes of Usages of Asymmetric-key Cryptography:
In asymmetric-key cryptography, the public-private
key-pairs can be used in two different ways:
1. To provide message confidentiality
2. To prove the authenticity of the message originator

Prepared by: K M Akkas Ali, Professor, IIT, JU

Slide 19 IIT, JU
Modes of Usages of Asymmetric-key Cryptography:
Providing Message Confidentiality or Message Privacy:
In this way of private-public key-pairs, data encrypted with the
public key can only be decrypted with the corresponding private
key.
❖ Here, data is encrypted by the sender using the

Prepared by: K M Akkas Ali, Professor, IIT, JU

recipient's public key.
o The public key is freely distributed.
❖ Data can only be decrypted by the recipient's private
key.
o The private key is kept secret.
❖ Therefore, the data or message remains confidential or
private until decoded by the recipient with his/her
private key.
Example:
Suppose that, Rassel wants to send a confidential message to Ellen. He would first
acquire Ellen’s public key. Then he would use that key to encrypt the message and
send it to her. If a third party intercepts the message and tries to decode it using
Allen’s public key, it would not work. Because only Ellen has the private key, only she
can decrypt it. If Allen wants to send a reply, she would use Rassel’s public key and
Rassel would use his private key to decrypt it.

Slide 20 IIT, JU
Modes of Usages of Asymmetric-key Cryptography:
Providing Authenticity of the Message Originator:
In this way of private-public key-pairs, data encrypted with the
private key can only be decrypted with the public key.
✔ Use asymmetric-key encryption for authentication.
❖ Here, data is encrypted by the sender using his/her

Prepared by: K M Akkas Ali, Professor, IIT, JU

private key.
o The private key is kept secret.
❖ Data can only be decrypted by anyone using sender's
public key.
o The public key is freely distributed.
❖ Because you are the only person who can encrypt an
electronic document with your private key, anyone using
your public key to decrypt the message is certain that
the message really came from you.
Example:
For example, Rassel is an e-customer. He wants to be sure that he is dealing with a
legitimate vendor. Similarly, the vendor wants to make sure that Rassel is really
Rassel.

Slide 21 IIT, JU
Symmetric-key Vs. Asymmetric-key Cryptography:
Key-point Symmetric-key Asymmetric-key

Invention More than 2000 years (at In the mid 1970’s

least in primitive form)

No. of key(s) Symmetric-key cryptography Asymmetric-key cryptography

used uses a single shared secret uses two separate keys: one
key. private and one public.

Is same key used Symmetric-key cryptography but asymmetric-key

for both is based on sharing secrecy,
encryption and i.e., both the sender and
decryption? receiver posses the same
single private key that must
be shared between them.
cryptography is based on
personal secrecy, i.e., both
the sender and receiver
posses two key: One is the
private key of the sender and
another is the public key of
the receiver. The same is
applicable for the receiver.

Key length This approach uses shorter This approach uses longer
keys keys

Slide 22 IIT, JU
Symmetric-key Vs. Asymmetric-key Cryptography:
Key-point Symmetric-key Asymmetric-key
Is distribution of key Not so easy, since both Easy, because only the public
easy? the sender and receiver key is to be distributed which
posses the same key. is open to all.

How many secret In a community of n But, in a community of n

keys are needed for people, n(n-1)/2 shared people, only n personal
a community having secrets are needed for secrets are needed for
n people? symmetric-key asymmetric-key cryptography.
cryptography.
When to use? Whenever an application Whenever an application is
is based on a secret based on a personal secret,
among multiple people, we need to use
we need to use asymmetric-key cryptography.
symmetric-key
cryptography.

Does it support No Yes

Digital Signature?

Slide 23 IIT, JU
Symmetric-key Vs. Asymmetric-key Cryptography:
Key-point Symmetric-key Asymmetric-key
Does it support No, because both parties have Yes
non-repudiation the same key.
requirement?
Nature of In symmetric-key cryptography, But in asymmetric-key
plaintext and the plaintext and ciphertext are cryptography, the plaintext
ciphertext thought of as a combination of and ciphertext are numbers.
symbols (characters or bits).
Algorithm Symmetric-key cryptography is Asymmetric-key
needed based on substitution and/or cryptography is based on
permutation of symbols applying mathematical
(characters or bits). functions to numbers.
More secure? No, because both parties have Yes, since only one party
the same key for encryption and needs to know the private
decryption purposes. The key is key, and if a third party
not to be leaked to outsider and knows the public key, it does
should be changed often to not compromise the security
ensure security. of the message.
Speed of Faster, since it can be Relatively slower, since it
operation implemented easily in most takes time to compute.
hardware
Slide 24 IIT, JU
Three-pass Protocol:
Besides symmetric-key and asymmetric-key cryptography, there is
another protocol that one can use to send sensitive information across
an insecure network. This protocol is called three-pass protocol which
does not involve sending keys across the network.
An analogy can help explain the three-pass protocol:

Prepared by: K M Akkas Ali, Professor, IIT, JU

❖ If Alice wants to send a secret message to Bob, she can send it in a box with his
padlock.

❖ When Bob receives the box, he sends it back to Alice with a padlock of his own.

❖ After receiving the box, Alice removes her padlock and returns the box to Bob.

❖ Bob can now open the box because it has only his padlock on it.

Slide 25 IIT, JU
Common Cryptosystems:
Some widely used cryptosystems are described here briefly.
RSA Algorithm:
❖ It is the most commonly used public-key algorithm, although it is vulnerable to
attack.

Prepared by: K M Akkas Ali, Professor, IIT, JU

It is named so after its inventors, Ron Rivest, Adi Shamir, and Len Adlemman of
the Massachusetts Institute of Technology (MIT).

❖ It was first published in 1978.

❖ This algorithm lets you choose the size of your public key.

❖ The 512-bit keys are considered insecure or weak, but the 768-bit keys are
secure from everything but the National Security Administration (NSA).

❖ The 1024-bit keys are secure from everything virtually.

❖ RSA is embedded in major products such as Windows, Netscape Navigator etc.

DES (data Encryption Standards):

❖ It was developed by IBM in 1974.

❖ DES is the first private-key encryption system which is widely used commercially

Slide 26 IIT, JU
Common Cryptosystems:
3DES:
❖ Stronger version of DES called Tripple DES, uses three 56-bit key to encrypt
each block.

❖ The first key encrypts the data block, the second key decrypts the data block
and the third key encrypts the same data block again.

Prepared by: K M Akkas Ali, Professor, IIT, JU

❖ The 3DES version requires a 168-bit key that makes the process quite secure
and much safer than the plain DES.

IDEA (International Data Encryption Algorithm):

❖ It was created in Switzerland in 1991.

❖ It offers strong encryption using a 128-bit key to encrypt 64-bit blocks. This
system is widely used in older version of PGP (Pretty Good Privacy) system.

Slide 27 IIT, JU
Need for Both Cryptography:
There is a very important fact that is sometimes misunderstood:
❖ The advent of asymmetric-key cryptography does not eliminate the need for
symmetric-key cryptography.

The reason for above fact is that asymmetric-key cryptography is

Prepared by: K M Akkas Ali, Professor, IIT, JU

much slower than symmetric-key cryptography. For encipherment of
large messages, symmetric-key cryptography is still needed. On the
other hand, the speed of symmetric-key cryptography does not
eliminate the need for asymmetric-key cryptography. Asymmetric-key
cryptography is still needed for authentication, digital signatures, and
secret-key exchanges.
Therefore, we actually believe that they will exist in parallel and
continue to serve the community. They are complements of each
other; the advantages of one can compensate for the disadvantages of
the other.

Slide 28 IIT, JU
Merits and Demerits of Encryption:
The advantages of Cryptography are:
It hides the message and your privacy is safe.
No one would be able to know what it says unless there's a key to the code.
You can write what ever you want and how ever you want (any theme any
symbol for the code) to keep your code a secret.

Prepared by: K M Akkas Ali, Professor, IIT, JU

You are able to use Cryptography during lessons without the teacher knowing.
(But will take long to make the code, to figure it out and to make the key).

The disadvantages of Cryptography are:

Encryption takes longer computer processor time to create the code. The more
complex the encryption, the more processing it will take.
Takes a long time to figure out the code.
Encryption keys can become lost rendering the associated data unrecoverable.
If you were to send a code to another person in the past, it will take long to get
to that person.
Overall cryptography is a long process.
The terrorists, child pornographers, or drug dealers may promote their
businesses using cryptography. Though increasingly using, millions of medical
records, credit card databases, and other repositories continue to be
vulnerable.
Slide 29 IIT, JU
Why is cryptography important?
Communicating over the Internet without encryption is like broadcasting over the
radio.

Cryptography allows people to carry over the confidence found in the physical
world to the electronic world, thus allowing people to do business electronically
without worries of deceit and deception. Every day hundreds of thousands of

Prepared by: K M Akkas Ali, Professor, IIT, JU

people interact electronically, whether it is through e-mail, e-commerce
(business conducted over the Internet), ATM machines, or cellular phones. The
perpetual increase of information transmitted electronically has lead to an
increased reliance on cryptography.
Cryptography makes secure web sites and electronic safe transmissions
possible. For a web site to be secure all of the data transmitted between the
computers where the data is kept and where it is received must be encrypted.
This allows people to do online banking, online trading, and make online
purchases with their credit cards, without worrying that any of their account
information is being compromised. Cryptography is very important to the
continued growth of the Internet and electronic commerce.
Doing E-commerce is not possible without cryptographic security. It has been
said that one is safer using a credit card over the Internet than within a store
or restaurant. It requires much more work to seize credit card numbers over
computer networks than it does to simply walk by a table in a restaurant and
lay hold of a credit card receipt. These levels of security, though not yet widely
used, give the means to strengthen the foundation with which e-commerce can
grow.
Slide 30 IIT, JU
Why is cryptography important?
People use e-mail to conduct personal and business matters on a daily basis. E-mail
has no physical form and may exist electronically in more than one place at a time.
This poses a potential problem as it increases the opportunity for an eavesdropper to
get a hold of the transmission. Encryption protects e-mail by rendering it very
difficult to read by any unintended party. Digital signatures can also be used to
authenticate the origin and the content of an e-mail message.

Prepared by: K M Akkas Ali, Professor, IIT, JU

In some cases cryptography allows you to have more confidence in your electronic
transactions than you do in real life transactions. For example, signing documents in
real life still leaves one vulnerable to the following scenario. After signing your will,
agreeing to what is put forth in the document, someone can change that document
and your signature is still attached. In the electronic world this type of falsification is
much more difficult because digital signatures are built using the contents of the
document being signed.
Cryptography is also used to regulate access to satellite TV. The satellite TV
companies do not have a direct connection to each individual subscriber's home. This
means that anyone with a satellite dish can pick up the signals. To alleviate the
problem of people getting free TV, they use cryptography. The trick is to allow only
those who have paid for their service to unscramble the transmission; this is done
with receivers (``unscramblers''). Each subscriber is given a receiver; the satellite
transmits signals that can only be unscrambled by such a receiver (ideally).
As seen, cryptography is widely used. Not only is it used over the Internet, but also
it is used in phones, televisions, and a variety of other common household items.
Without cryptography, hackers could get into our e-mail, listen in on our phone
conversations, tap into our cable companies and acquire free cable service, or break
into our bank/brokerage accounts.
Slide 31 IIT, JU
Four security needs provided by Encryptions:
The primary goal of cryptography is to keep the plaintext secret from eavesdroppers
trying to get some information about the plaintext. But adversaries may also be
active and try to modify the message as they are assumed to have complete access
to the communication channel. So, providing confidentiality is not the only objective
of cryptography. It is also used to provide solutions for other problems. Encryption is
needed to insure authentication, privacy, integrity, accountability.

Prepared by: K M Akkas Ali, Professor, IIT, JU

1. Data Integrity:
❖ The receiver of a message should be able to check whether the message was
modified during transmission, either accidentally or deliberately. No one
should be able to substitute a false message for the original message, or for
parts of it.
❖ It verifies that neither the purchase amount nor the goods bought are
changed or lost during transmission. Integrity also means the message has
not reached the recipient twice.
2. Authentication:
❖ The receiver of a message should be able to verify its origin. No one should
be able to send a message Bob and pretend to be Alice (data origin
authentication). When initiating a communication, Alice and Bob should be
able to identify each other (entity authentication). Therefore, authentication
means to identify or verify that the senders of messages are genuine (who
they claim to be).

Slide 32 IIT, JU
Four security needs provided by Encryptions:
❖ Properly implemented encryption proves identity.
❑ When logging a username and password are provided.
o Both are unique keys.
❖ If this personal information is kept private and is encrypted, then in a perfect
world:

Prepared by: K M Akkas Ali, Professor, IIT, JU

❑ It cannot be stolen.
❑ It cannot be duplicated.
❑ And it proves your identity.
❖ For example, Rassel is an e-customer. He wants to be sure that he is dealing
with a legitimate vendor. Similarly, the vendor wants to make sure that
Rassel is really Rassel.

3. Non-repudiation:
❖ The sender should not be able to later deny that he/she sent a message. It is
a procedure that prevents sender and vendor in a transaction or
communication activity from later falsely denying that the transaction
occurred. Non-repudiation is like sending a certified letter with a return
receipt via postal system. Like a receipt accompanying the registered letter, a
digital signature accompanies the transfer of data, so, the originator cannot
deny having sent the message.

Slide 33 IIT, JU
Four security needs provided by Encryptions:
4. Privacy:
❖ Privacy is when the data transmission is kept private. It shields
communications from unauthorized viewing or access. For example, Rassel
might not want his wife or any other person to know what he is transacting,
nor does the vendor want to reveal the special deal he/she has made for that
particular customer.

Prepared by: K M Akkas Ali, Professor, IIT, JU

❖ Privacy protection implies confidentiality and anonymity.
❖ Confidentiality means that during the transmission from sender to receiver,
no third party can access the contents of the message or identify the sender
or receiver.
❖ Anonymity means outsider cannot trace, link, or observe the contents of the
message.

Slide 34 IIT, JU
Key Distribution/ Exchange of Symmetric Key:
In symmetric-key cryptography, Alice and Bob use the same key for
communication on the other direction. This key must be protected from
access by others.
However, Alice may need to communicate with another person, say
David. Then she needs another secret key. The more keys Alice uses, the
more complexity may arise to handle those keys.
Furthermore, frequently key exchanges are usually desirable to limit the

Prepared by: K M Akkas Ali, Professor, IIT, JU

amount of data compromised if an attacker learns the key.
Therefore, the strength of any cryptographic system rests with the key
distribution technique which refers to the delivering of a key to two
parties who wish to exchange data, without allowing others to see the
key.
The shared key can be exchanged between involved parties by the
following ways:
❖ Face to face (Alice can select a key and physically deliver it to Bob).
❖ Trusted third party (A trusted third party can select the key and physically
deliver it to Alice and Bob. For example, if Alice and Bob each has an
encrypted connection to a third party, say David, then David can deliver a key
on the encrypted links to Alice and Bob).
❖ Envelope it using asymmetric ciphers (If Alice and Bob have previously
and recently used a key, one party can transmit the new key to the other by
encrypted using the old key.

How many keys do you need for communicating with a group of m persons?
❑ Number of keys = (m(m-1))/2
Slide 35 IIT, JU
Cryptography Vs. Cryptanalysis:

❑ Cryptography is the science and art of creating secret codes.

❑ Cryptanalysis is the science and art of breaking those codes.

Prepared by: K M Akkas Ali, Professor, IIT, JU

Why we need to study Cryptanalysis techniques?
❑ This is needed, not to break other people’s code, but to learn how
vulnerable our cryptosystem is. It helps us create better secret codes.

Slide 36 IIT, JU
Traditional Symmetric- Key Ciphers
Traditional symmetric-key ciphers can be classified into two broad categories:
1. Substitution Ciphers
A substitution cipher replaces one symbol with another. For example, we
can replace letter A with letter D, and letter T with letter Z. If the
symbols are digits, we can replace 3 with 7, 2 with 6.

Prepared by: K M Akkas Ali, Professor, IIT, JU

Substitution ciphers can be categorized as either monoalphabetic ciphers
or polyalphabetic ciphers.

2. Transposition Ciphers
A transposition cipher does not substitute one symbol for another,
instead it changes the location of the symbols.
A symbol in the first position of the plaintext may appear in the ninth
position of the ciphertext. A symbol in the eighth position of the
plaintext may appear in the first position of the ciphertext. For example,
the plaintext characters “hello” may be encrypted as “elhol”.

There are three types of transposition cipher:

❑ Keyless Transposition Ciphers
❑ Keyed Transposition Ciphers
❑ Keyed Columnar Transposition Ciphers or Columnar Transposition
Ciphers
Slide 37 IIT, JU
Modern Symmetric-key Ciphers:
Introduction:
The traditional symmetric-key ciphers are character-oriented ciphers.
Now-a-days, the information to be encrypted is not just text; it can
also consist of numbers, graphics, audio, and video data. It is
convenient to convert these types of data into a stream of bits, to

Prepared by: K M Akkas Ali, Professor, IIT, JU

encrypt the stream, and then to send the encrypted stream.
So, we need bit-oriented ciphers.
When data is treated as the collection of bits, it becomes larger.
Mixing a larger number of symbols increases security.

Kinds of Modern Symmetric-key Ciphers:

Modern symmetric-key ciphers can be divided into two broad categories:

- Stream ciphers
- Block ciphers

Slide 38 IIT, JU
Stream Ciphers
Stream cipher encrypts a single character or bit of plaintext at a time. It
also decrypts a single character or bit of ciphertext at a time.
Both the encryption and decryption are performed using the same key.

Example:

Prepared by: K M Akkas Ali, Professor, IIT, JU

Given plaintext: 10011011110100001
Let the keystream be a stream of 1s and 0s.
If we use an exclusive or (XOR) with the keystream and plaintext, we get ciphertext.
This keystream is called periodic, since the sequence '10' repeats over and over.

Plaintext : 10011011110100001
Keystream : 10101010101010101
Ciphertext : 00110001011110100 (by XORing each plaintext bit with corresponding keystream bit)

To decrypt this ciphertext, all we need to do is again XOR the ciphertext with the
keystream:
Ciphertext : 00110001011110100
Keystream : 10101010101010101
Plaintext (XOR) : 10011011110100001

Slide 39 IIT, JU
Block Ciphers
A symmetric-key modern block cipher encrypts an
n-bit block of plaintext or decrypts an n-bit block of ciphertext together
using the same secret key.
The common values of n are 64, 128, 256, or 512 bits.
❖ If the message has the fewer than n bits, padding must be added to

Prepared by: K M Akkas Ali, Professor, IIT, JU

make it an n-bit block.

❖ If the message has more than n bits, it should be divided into n-bit
blocks and the appropriate padding must be added to the last block if
necessary.

Example:
Plaintext : The only thing we have to fear is fear itself

Modified plaintext : Theonlythingwehavetofearisfearitself

Plaintext blocks : Theonlyt hingweha vetofear isfearit selfXend (break the plaintext into 8-character block)

Ciphertext blocks : tylnoehT ahewgnih raefotev tiraefsi dneXfles (just reverse each plaintext block)

Ciphertext : tylnoehTahewgnihraefotevtiraefsidneXfles

Slide 40 IIT, JU
Slide-41
Thank you…
Have a question?

Prepared by: K M Akkas Ali, Professor, IIT, JU

IIT, JU