SCHOOL OF INFORMATICS

Department of Information Technology

Course: Cryptography and N/w Security

By Desta Dana(Assistant Prof.)

Email: [email protected]
Cryptogrphy and Network security By Desta D(2022GC)-WSU 1
Chapters Contents
1 INTRODUCTION: Definition Attacks, Services and
Mechanisms, Security attacks, Security services, A
Model for Internet work Security.
2 CLASSICAL TECHNIQUES: Conventional Encryption
model, Steganography, Classical Encryption
Techniques.
3 MODERN TECHNIQUES: Simplified DES, Block Cipher
Principles, Data Encryption standard, Strength of DES,
Differential and Linear Cryptanalysis, Block Cipher
Design Principles and Modes of operations.
4 CONVENTIONAL ENCRYPTION: Placement of
Encryption function, Traffic confidentiality, Key
Distribution, Random Number Generation.
5 PUBLIC KEY CRYPTOGRAPHY: Principles, RSA
Algorithm, Key Management, Diffie-Hellman Key
exchange, Elliptic Curve Cryptography.
NUMBER THEORY: Prime and Relatively prime
numbers, Modular arithmetic, Fermat’s and Euler’s
theorems, Testing for primality, Euclid’s Algorithm, the
Chinese remainder theorem, Discrete logarithms.
6 Network security framework and current issues
Chapter- 1 Introduction
• Definition of terms
• Cryptography
• Security attacks
• Security Mechanisms
• Symmetric and Asymmetric security mechanisms
• Security models
 Cryptography
• Cryptography is the study of secure communications techniques that
allow only the sender and intended recipient of a message to view
its contents.
• The term is derived from the Greek word kryptos, which means
hidden.
• It is closely associated to encryption, which is the act of scrambling
ordinary text into what's known as ciphertext and then back again
upon arrival.
Definition Contd…
• Computer data often travels from one computer to another, leaving the safety of its protected physical
surroundings. Once the data is out of hand, people with bad intention could modify or forge your data, either
for amusement or for their own benefit.
• Cryptography can reformat and transform our data, making it safer on its trip between computers. The
technology is based on the essentials of secret codes, augmented by modern mathematics that protects our
data in powerful ways.

• Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers
• Network Security - measures to protect data during their transmission
• Internet Security - measures to protect data during their transmission over a collection of interconnected
networks
 Security Attacks, Services and Mechanisms
• To assess the security needs of an organization effectively, the manager responsible for
security needs some systematic way of defining the requirements for security and characterization
of approaches to satisfy those requirements.
• One approach is to consider three aspects of information security:
• Security attack – Any action that compromises the security of information owned by an
organization.
• Security mechanism – A mechanism that is designed to detect, prevent or recover from a security
attack.
• Security service – A service that enhances the security of the data processing systems and the
information transfers of an organization.
• The services are intended to counter security attacks and they make use of one or more security
mechanisms to provide the service.
 Basic Concepts
• Cryptography The art or science encompassing the principles and methods of transforming an intelligible
message into one that is unintelligible, and then retransforming that message back to its original form
• Plaintext The original intelligible message
• Cipher text The transformed message
• Cipher An algorithm for transforming an intelligible message into one that is unintelligible by transposition
and/or substitution methods
• Key Some critical information used by the cipher, known only to the sender& receiver
• Encipher (encode) The process of converting plaintext to cipher text using a cipher and a key
• Decipher (decode) the process of converting cipher text back into plaintext using a cipher and a key
• Cryptanalysis The study of principles and methods of transforming an unintelligible message back into an
intelligible message without knowledge of the key. Also called code breaking
• Cryptology Both cryptography and cryptanalysis
• Code An algorithm for transforming an intelligible message into an unintelligible one using a code-book
Cryptanalysis
• The process of attempting to discover X or K or both is known as cryptanalysis. The strategy used by the
cryptanalysis depends on the nature of the encryption scheme and the information available to the cryptanalyst.
• There are various types of cryptanalytic attacks based on the amount of information known to the
cryptanalyst.
• Cipher text only – A copy of cipher text alone is known to the cryptanalyst.
• Known plaintext – The cryptanalyst has a copy of the cipher text and the corresponding plaintext.
• Chosen plaintext – The cryptanalysts gains temporary access to the encryption machine. They cannot open it
to find the key, however; they can encrypt a large number of suitably chosen plaintexts and try to use the
resulting cipher texts to deduce the key.

• Chosen cipher text – The cryptanalyst obtains temporary access to the decryption machine, uses it to decrypt
several string of symbols, and tries to use the results to deduce the key.
 STEGANOGRAPHY
• A plaintext message may be hidden in any one of the two ways. The
methods of steganography conceal the existence of the message, whereas
the methods of cryptography render the message unintelligible to outsiders
by various transformations of the text.
• A simple form of steganography, but one that is time consuming to
construct is one in which an arrangement of words or letters within an
apparently innocuous text spells out the real message.
Eg: - the sequence of first letters of each word of the overall message
spells out the real (Hidden) message.
- Subset of the words of the overall message is used to convey
the hidden message.
SECURITY SERVICES(C-I-A)
• The classification of security services are as follows:
• Confidentiality: Ensures that the information in a computer system and transmitted information
are accessible only for reading by authorized parties.
• E.g. Printing, displaying and other forms of disclosure.
• Authentication: Ensures that the origin of a message or electronic document is correctly
identified, with an assurance that the identity is not false.
• Integrity: Ensures that only authorized parties are able to modify computer system assets and
transmitted information. Modification includes writing, changing status, deleting, creating and
delaying or replaying of transmitted messages.
• Non repudiation: Requires that neither the sender nor the receiver of a message be able to deny
the transmission.
• Access control: Requires that access to information resources may be controlled by or the target
system.
• Availability: Requires that computer system assets be available to authorized parties when needed.
SECURITY MECHANISMS
• One of the most specific security mechanisms in use is cryptographic
techniques.
• Encryption or encryption-like transformations of information are the most
common means of providing security.
• Some of the mechanisms are:-
1. Encipherment
2. Digital Signature
3. Access Control
SECURITY ATTACKS(Passive Vs Active)
• Interruption:- An asset of the system is destroyed or becomes
unavailable or unusable.
• Interception:- An unauthorized party gains access to an asset.
• Modification:- An unauthorized party not only gains access to but
tampers with an asset.
• Fabrication:- An unauthorized party inserts counterfeit objects into
the system.
Cryptographic Attacks

• Passive Attacks
• Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to obtain information that is being
transmitted. Passive attacks are of two types:
• Release of message contents: A telephone conversation, an e-mail message
and a transferred file may contain sensitive or confidential information. We
would like to prevent the opponent from learning the contents of these
transmissions.
• Traffic analysis: If we had encryption protection in place, an opponent
might still be able to observe the pattern of the message.
Active attacks
• These attacks involve some modification of the data stream or the creation of a
false stream.
• These attacks can be classified in to four categories:

• Masquerade – One entity pretends to be a different entity.

• Replay – involves passive capture of a data unit and its subsequent transmission to
produce an unauthorized effect.
• Modification of messages – Some portion of message is altered or the messages
are delayed or recorded, to produce an unauthorized effect.
• Denial of service – Prevents or inhibits the normal use or management of
communication facilities.
Symmetric and public key algorithms
• Encryption/Decryption methods fall into two categories.
• Symmetric key Public key
• In symmetric key algorithms, the encryption and decryption keys are known
both to sender and receiver.
• The encryption key is shared and the decryption key is easily calculated
from it. In many cases, the encryption and decryption keys are the same.
• In public key cryptography, encryption key is made public, but it is
computationally infeasible to find the decryption key without the information
known to the receiver.
Symmetric Key
In symmetric-key cryptography, the same key is used by the sender(for
encryption) and the receiver (for decryption).
The key is shared.
• Advantages:
• Simple
• Faster
• Disadvantages:
• Key must exchanges in secure way
• Easy for hacker to get a key as it is passed in unsecure way.
Symmetric Key Encryption
• Data Encryption Standard (DES)
• Triple Data Encryption Standard (Triple DES)
• Advanced Encryption Standard (AES)
• International Data Encryption Algorithm (IDEA)
• TLS/SSL protocol.
Asymmetric Key
• An asymmetric-key (or public-key) cipher uses two keys: one private
(To encrypt data) and one public(To decrypt data).

• Asymmetric Key Cryptography (Public Key Cryptography)

• 2 different keys are used(Public keys and private keys)
• Users get the Key from an Certificate Authority

Advantages
1. More Secured
2. Authentication
Disadvantages
1. Relatively Complex
Examples of Asymmetric Key

RSA:
Digital Signature Algorithm:
Diffie-Helman:.
Compare Both?
Model for Network Security
• ..
MODEL FOR NETWORK ACCESS
SECURITY
•-
End of Chapter-1
Q&A
Classical Encryption
Techniques
Chapter 2
Classical encryption techniques
• Encryption :-
• Encryption is something like making a secret letter by changing, swapping or
replacing characters in previously defend order. The format of the message is
not changed.
• Encoding :-
• In coding the format of data is changed. For example we record a voice
sample, the recorder will encode the analog voice signals into digital signals &
store.

25
Basic terminology
• Plaintext: original message to be encrypted

• Ciphertext: the encrypted message

• Enciphering or encryption: the process of converting plaintext into

ciphertext

• Encryption algorithm: performs encryption

• Two inputs: a plaintext and a secret key

26
Symmetric Cipher Model

27
• Deciphering or decryption: recovering plaintext from
ciphertext

• Decryption algorithm: performs decryption

• Two inputs: ciphertext and secret key

• Secret key: same key used for encryption and

decryption
• Also referred to as a symmetric key

28
• Cipher or cryptographic system : a scheme for
encryption and decryption

• Cryptography: science of studying ciphers

• Cryptanalysis: science of studying attacks against

cryptographic systems

• Cryptology: cryptography + cryptanalysis

29
Ciphers
• Symmetric cipher: same key used for encryption
and decryption
• Block cipher: encrypts a block of plaintext at a time
(typically 64 or 128 bits)
• Stream cipher: encrypts data one bit or one byte at a
time

• Asymmetric cipher: different keys used for

encryption and decryption
30
 Symmetric Encryption
• or conventional / secret-key / single-key
• sender and recipient share a common key
• all classical encryption algorithms are symmetric

31
Symmetric Encryption
• Mathematically:
Y = EK(X) or Y = E(K, X)
X = DK(Y) or X = D(K, Y)
• X = plaintext
• Y = ciphertext
• K = secret key
• E = encryption algorithm
• D = decryption algorithm
• Both E and D are known to public

32
Cryptanalysis
• Objective: to recover the plaintext of a ciphertext or, more
typically, to recover the secret key.

• Kerkhoff’s principle: the opponent knows all details about a

cryptosystem except the secret key.

• Two general approaches:

• brute-force attack
• non-brute-force attack (cryptanalytic attack)

33
 Language Redundancy and
Cryptanalysis
• Human languages are redundant
• e.g. "th lrd s m shphrd shll nt wnt"
• Letters are not equally commonly used
• In English
• E is by far the most common letter
• Followed by T, R, N, I, O, A, S
• Other letters like Z, J, K, Q, X are fairly rare
• Which set of characters are most commonly used in Chinese?
• Have tables of single, double & triple letter frequencies for various
languages

34
English Letter Frequencies

35
 Use in Cryptanalysis
• Key concept
• Monoalphabetic substitution ciphers do not change relative letter
frequencies
• Discovered by Arabian scientists in 9th century
• Calculate letter frequencies for ciphertext
• Compare counts/plots against known values
• Caesar cipher looks for common peaks/troughs
• Peaks at: A-E-I triple, NO pair, RST triple
• Troughs at: JK, X-Z
• Monoalphabetic must identify each letter
• Tables of common double/triple letters help

36
 Example Cryptanalysis
• Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
• Count relative letter frequencies (see text)
• Guess which two individual letters are for e & t (with the highest
frequencies)?
• P&Z
• Guess what “ZW” is for?
• “th” and hence “ZWP” is “the”
• Proceed with trial and error finally get:
it was disclosed yesterday that several informal but direct
contacts have been made with political
representatives of the viet cong in moscow

37
Cryptanalytic Attacks
• May be classified by how much information needed by the attacker:
• Ciphertext-only attack
• Known-plaintext attack
• Chosen-plaintext attack
• Chosen-ciphertext attack

38
Classical Ciphers
• Plaintext is viewed as a sequence of elements (e.g., bits
or characters)
• Substitution cipher: replacing each element of the
plaintext with another element.
• Transposition (or permutation) cipher: rearranging the
order of the elements of the plaintext.

39
Caesar Cipher
• Earliest known substitution cipher
• Invented by Julius Caesar
• Ciphertext is derived from the plaintext alphabet by
shifting each letter a certain number of spaces.
• Each letter is replaced by the letter three positions further
down the alphabet.(+3)
• Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
• Example: Meet me after the tea party  phhw ph diwhu
wkh sduwb
40
Caesar Cipher
• Mathematically, map letters to numbers:
a, b, c, ..., x, y, z
0, 1, 2, ..., 23, 24, 25
• Then the general Caesar cipher is:
c = EK(p) = (p + k) mod 26
p = DK(c) = (c – k) mod 26
• Can be generalized with any alphabet.

41
Monoalphabetic Substitution Cipher
• Shuffle the letters and map each plaintext letter to a
different random ciphertext letter:

Plain letters: abcdefghijklmnopqrstuvwxyz

Cipher letters: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

• What does a key look like?

42
Playfair Cipher
•

• One approach to improving security is to encrypt multiple letters at a time.

• The Playfair Cipher is the best known such cipher.

• Invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair.
• Simplest substitution cipher with two letters combination.
• Encryption algo takes 5x5 matrix of letters.
• Generate the key table. (drop any duplicate letter).
• Key alphabets are filled in matrix from left to right & top to bottom.
• Rest of the letters are filled in matrix in remaining spaces.
• Letters I & j takes the same place.

43
Playfair Cipher
• Rules:
• If pair letters are same, add an X (uncommon letter) after the first letter.
• Balloon will be (ba lx lo on).
• If the letter appear in same row / column of the table, replace them with the
letter to immediate right respectively.
• If the letters are not on same row or column , replace with letter in the
corners of rectangle.
Playfair Key Matrix
• Use a 5 x 5 matrix.
• Fill in letters of the key (w/o duplicates).
• Fill the rest of matrix with other letters.
• E.g., key = MONARCHY.

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
45
Encrypting and Decrypting
Plaintext is encrypted two letters at a time.
1. If a pair is a repeated letter, insert filler like 'X’.
2. If both letters fall in the same row, replace each with the
letter to its right (circularly).
3. If both letters fall in the same column, replace each with
the the letter below it (circularly).
4. Otherwise, each letter is replaced by the letter in the same
row but in the column of the other letter of the pair.

46
Vigenere cipher
• In this scheme, the set of related monoalphabetic substitution rules
consisting of 26 caesar ciphers with shifts of 0 through 25.
• Each cipher is denoted by a key letter. e.g., Caesar cipher with a shift of 3
is denoted by the key value 'd‟(since a=0, b=1, c=2 and so on).
• To aid in understanding the scheme, a matrix known as vigenere table is
Constructed
• Each of the 26 ciphers is laid out horizontally, with the key letter for each
cipher to its left. A normal alphabet for the plaintext runs across the top.
Vigenere …
…
• Given a key letter X and a plaintext letter y, the cipher text is at the intersection of the row labeled
x and the column labeled y; in this case, the ciphertext is V.
• To encrypt a message, a key is needed that is as long as the message. Usually, the key is a
repeating keyword. e.g., key = d e c e p t i v e d e c e p t i v e d e c e p t i v e PT = w e a r e
d i s c o v e r e d s a v e y o u r s e l f CT = ZICVTWQNGRZGVTWAVZHCQYGLMGJ
• Decryption is equally simple. The key letter again identifies the row. The position of the cipher
text letter in that row determines the column, and the plaintext letter is at the top of that column.

• Strength of Vigenere cipher

oThere are multiple cipher text letters for each plaintext letter.
oLetter frequency information is obscured.
Hill Cipher
• The algo takes n x n matrix.
• The cipher C of P derived by multiplying P by K.
• When decrypt the message the inverse of K is used.
• C=(KP) mod (26)
• P= K-1 C mod (26)
Hill Cipher
• Example :-
• Plaintext is “paymoremoney” and key is
• K= |17 17 5 |
|21 18 21|
|2 2 19|
• 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
• ABCDEFGHIJ K L M N O P Q R S T
• 20 21 22 23 24 25
• U VW X Y Z
• KEY PAY MOR EMO NEY
Hill Cipher
• PAY = |15 0 24|, P = 15
• C = (KP) mod 26 0
24
C = 17 17 5 15
21 18 21 X 0 mod 26
2 2 19 24
C= 255+0+120
315+0+504 mod 26
30+0+456
Hill Cipher
• C= 375
819 mod 26
486
C= 11 L
13 N
18 S
PAY = LNS
Polyalphabetic Substitution Ciphers
• A sequence of monoalphabetic ciphers (M1, M2, M3, ..., Mk) is used in
turn to encrypt letters.
• A key determines which sequence of ciphers to use.
• Each plaintext letter has multiple corresponding ciphertext letters.
• This makes cryptanalysis harder since the letter frequency
distribution will be flatter.

54
Vigenère Cipher
• Simplest polyalphabetic substitution cipher
• Consider the set of all Caesar ciphers:
{ Ca, Cb, Cc, ..., Cz }
• Key: e.g. security
• Encrypt each letter using Cs, Ce, Cc, Cu, Cr, Ci, Ct, Cy in turn.
• Repeat from start after Cy.
• Decryption simply works in reverse.

55
Example of Vigenère Cipher

• Keyword: deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

56
Security of Vigenère Ciphers
• There are multiple (how many?) ciphertext letters corresponding
to each plaintext letter.
• So, letter frequencies are obscured but not totally lost.
• To break Vigenere cipher:

1. Try to guess the key length. How?

2. If key length is N, the cipher consists of N Caesar ciphers. Plaintext
letters at positions k, N+k, 2N+k, 3N+k, etc., are encoded by the
same cipher.
3. Attack each individual cipher as before.

57
Transposition Ciphers
• Also called permutation ciphers.

• Shuffle the plaintext, without altering the actual letters used.

• Example: Row Transposition Ciphers
• Example 2: Rail fence(2,3..)

58
Row Transposition Ciphers
• Plaintext is written row by row in a rectangle.

• Ciphertext: write out the columns in an order specified by a key.

a t t a c k p
Key: 3 4 2 1 5 6 7
o s t p o n e
d u n t i l t
Plaintext:
wo a mx y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

59
Product Ciphers
• Uses a sequence of substitutions and transpositions
• Harder to break than just substitutions or transpositions
• This is a bridge from classical to modern ciphers.

60
Unconditional & Computational Security
• A cipher is unconditionally secure if it is secure no
matter how much resources (time, space) the
attacker has.
• A cipher is computationally secure if the best
algorithm for breaking it will require so much
resources (e.g., 1000 years) that practically the
cryptosystem is secure.
• All the ciphers we have examined are not
unconditionally secure.

61
An unconditionally Secure Cipher

Vernam’s one-time pad cipher

 Key = k1k2k3k4 (random, used one-time only)

 Plaintext = m1m2m3m4

 Ciphertext = c1c2c3c4
where ci  mi  ki

 Can be proved to be unconditionally secure.

62
Steganography
• Hide a message in another message.

• E.g., hide your plaintext in a graphic image

• Each pixel has 3 bytes specifying the RGB color
• The least significant bits of pixels can be changed w/o greatly
affecting the image quality
• So can hide messages in these LSBs

• Advantage: hiding existence of messages

• Drawback: high overhead

63
 Different Types of Steganography
1. Text Steganography − There is steganography in text files, which entails secretly storing
information. In this method, the hidden data is encoded into the letter of each word.
2. Image Steganography − The second type of steganography is image steganography, which
entails concealing data by using an image of a different object as a cover. Pixel intensities
are the key to data concealment in image steganography.
3. Audio Steganography − It is the science of hiding data in sound. Used digitally, it protects
against unauthorized reproduction. Watermarking is a technique that encrypts one piece of
data (the message) within another (the "carrier"). Its typical uses involve media playback,
primarily audio clips.
4. Video Steganography − Video steganography is a method of secretly embedding data or
other files within a video file on a computer. Video (a collection of still images) can function
as the "carrier" in this scheme. Discrete cosine transform (DCT) is commonly used to insert
values that can be used to hide the data in each image in the video, which is undetectable to
the naked eye. Video steganography typically employs the following file formats: H.264,
MP4, MPEG, and AVI.
5. Network or Protocol Steganography − It involves concealing data by using a network
protocol like TCP, UDP, ICMP, IP, etc., as a cover object. Steganography can be used in the
case of covert channels, which occur in the OSI layer network model.
Steganography Examples Include
• Writing with invisible ink
• Embedding text in a picture (like an artist hiding their initials in a
painting they’ve done)
• Backward masking a message in an audio file (remember those stories of
evil messages recorded backward on rock and roll records?)
• Concealing information in either metadata or within a file header
• Hiding an image in a video, viewable only if the video is played at a
particular frame rate
• Embedding a secret message in either the green, blue, or red channels of
an RRB image
• Watermarking
• Take a 640x480 (=30,7200) pixel image.
• Using only 1 LSB, can hide 115,200 characters
• Using 4 LSBs, can hide 460,800 characters.

66
Steganography vs Cryptography
 SCHOOL OF INFORMATICS
Department of Information Technology
Course: Cryptography and N/w Security
Chapter 3 and 4

By Desta Dana(Assistant Prof.)

Email: [email protected]
Cryptogrphy and Network security By Desta D(2022GC)-WSU 68
Contents

• What Makes Good Ecryption?

• DES
• AES
• Diffie Hellman
• RSA
 Making “Good” Ciphers

 Outline
 Criteria for „Good” Ciphers
 Stream and Block Ciphers
 Criteria for „Good” Ciphers (1)

 „Good” depends on intended application

 Substitution
 C hides chars of P
 If > 1 key, C dissipates high frequency chars

 Transposition
 C scrambles text => hides n-grams for n > 1

 Product ciphers
 Can do all of the above

 What is more important for your app?

What facilities available to sender/receiver?
 E.g., no supercomputer support on the battlefield
 Criteria for „Good” Ciphers (2)
 Claude Shannon’s criteria (1949):
1. Needed degree of secrecy should determine amount of labor
 How long does the data need to stay secret?

2. Set of keys and enciphering algorithm should be free from complexity

 Can choose any keys or any plaintext for given E

 E not too complex

3. Implementation should be as simple as possible

 Complexity => errors
 Criteria for „Good” Ciphers (3)
 Shannon’s criteria (1949) – cont.
4. Propagation of errors should be limited
 Errors happen => their effects should be limited

 One error should not invlidate the whole C

5. Size / storage of C should be restricted

 Size (C) should not be > size (P)

 More text is more data for cryptanalysts to work with

 Need more space for storage, more time to send

 Proposed at the dawn of computer era –

still valid!
 Criteria for ‘Good” Ciphers (4)

 Characteristics of good encryption schemes

 Confusion:
interceptor cannot predict what will happen to C when she changes one char in P
 E with good confusion:

hides well relationship between P”+”K, and C

 Diffusion:
changes in P spread out over many parts of C
 Good diffusion => attacker needs access to much of C to infer E
 Criteria for „Good” Ciphers (5)
 Commercial Principles of Sound Encryption Systems
1. Sound mathematics
 Proven vs. not broken so far
2. Verified by expert analysis
 Including outside experts
3. Stood the test of time
 Long-term success is not a guarantee
 Still. Flows in many E’s discovered soon after their release

 Examples of popular commercial E’s:

 DES / RSA / AES DES = Data Encryption Standard
RSA = Rivest-Shamir-Adelman
AES = Advanced Encryption Standard (rel. new)
Stream and Block Ciphers (1)
a. Stream ciphers

b. Problems with stream ciphers

c. Block ciphers

d. Pros / cons for stream and block ciphers

 a. Stream Ciphers (1)
 Stream cipher: 1 char from P  1 char for C
 Example: polyalphabetic cipher
 P and K (repeated ‘EXODUS’):
YELLOWSUBMARINEFROMYELLOWRIVER
EXODUSEXODUSEXODUSEXODUSEXODUS

 Encryption (char after char, using Vigenère Tableaux):

(1) E(Y, E)  c (2) E(E, X)  b (3) E(L, O)  z ...

 C: cbzoiowlppujmksilgqvsofhbowyyj
 C as sent (in the right-to-left order):

Sender jyywobhfosvqgliskmjupplwoiozbc Receiver

S R
 Stream Ciphers (2)
 Example: polyalphabetic cipher - cont.
 C as received (in the right-to-left order):

Sender jyywobhfosvqgliskmjupplwoiozbc Receiver

S R
 C and K for decryption:
cbzoiowlppujmksilgqvsofhbowyyj
EXODUSEXODUSEXODUSEXODUSEXODUS
 Decryption:
(1) D(c, E)  Y (2) D(b, X)  E (3)D(z, O)  L ...
 Decrypted P:
YEL...

Q: Do you know how D uses Vigenère Table?

 Problems with Stream Ciphers (1)
 Problems with stream ciphers
 Dropping a char from key K results in wrong decryption

 Example:

 P and K (repeated ‘EXODUS’) with a char in K missing:

YELLOWSUBMARINEFROMYELLOWRIVER
EODUSEXODUSEXODUSEXODUSEXODUSE
missing X in K ! (no errors in repeated K later)
 Encryption
 Ciphertext: cso...
(using VT): C in the order as sent (right-to-left):
1) E(Y,E)  c ...osc
2) E(E,O)  s
3) E(L,D)  o
...
 Problems with Stream Ciphers (2)
 C as received (in the right-to-left order):
...osc
 C and correct K (‘EXODUS’) for decryption:
cso...
EXO...
 Decryption (using VT, applying correct key):
1) D(c, E)  Y
2) D(s, X)  V
3) D(o, O)  A
 Decrypted P:
YVA... - Wrong!
 We know it’s wrong, Receiver might not know it yet!
 Problems with Stream Ciphers (3)

 The problem might be recoverable

 Example:
If R had more characters decoded, R might be able to
detect that S dropped a key char, and R could recover
 E.g., suppose that R decoded:

YELLOW SUBMAZGTR
 R could guess, that the 2nd word should really be:
SUBMARINE
 => R would know that S dropped a char from K after
sending „SUBMA”
 => R could go back 4 chars, drop a char from K
(„recalibrate K with C”), and get „resynchronized” with S
 Block Ciphers (1)

 We can do better than using recovery for stream ciphers

 Solution: use block ciphers

 Block cipher:
1 block of chars from P  1 block of chars for C
 Example of block cipher: columnar transposition
 Block size = „o(message length)” (informally)
 Block Ciphers (2)

 Why block size = „o(message length)” ?

 Because must wait for ”almost” the entire C before can
decode some characters near beginning of P
 E.g., for P = ‘HELLO WORLD’, block size is „o(10)”
 Suppose that Key = 3 (3 columns): HEL
LOW
ORL
DXX
 C as sent (in the right-to-left order):

xlwlxroedolh
Sender Receiver
S R
 Block Ciphers (3)
 C as received (in the right-to-left order): xlwlxroedolh
 R knows: K = 3, block size = 12 (=> 4 rows) 123
456
a=10
789 b=11
abc c=12

=> R knows that characters wil be sent in the order:

1st-4th-7th-10th--2nd-5th-8th-11th--3rd-6th-9th-12th
 R must wait for at least:
 1 char of C to decode 1st char of P (‘h’)

 5 chars of C to decode 2nd char of P (‘he’)

 9 chars of C to decode 3rd, 4th, and 5th chars of P

(‘hello’)
 10 chars of C to decode 6th, 7th, and 8th chars of P

(‘hello wor’)
 etc.
 Block Ciphers (4)
 Informally, we might call ciphers like the above example
columnar transposition cipher „weak-block” ciphers
 R can get some (even most) but not all chars of P before
entire C is received
 R can get one char of P immediately
 the 1st-after 1 of C (delay of 1 - 1 = 0)

 R can get some chars of P with „small” delay

 e.g., 2nd-after 5 of C (delay of 5 - 2 = 3)

 R can get some chars of P with „large” delay

 e.g., 3rd-after 9 of C (delay of 9 – 3 = 6)

 There are block ciphers when R cannot even start decoding

C before receiving the entire C
 Informally, we might call them „strong-block” ciphers
 d. Pros / Cons for
Stream and Block Ciphers (1)
 Pros / cons for stream ciphers
 + Low delay for decoding individual symbols
 Can decode ASA received

 + Low error propagation

 Error in E(c1) does not affect E(c2)

 - Low diffusion
 Each char separately encoded => carries over its

frequency info
 - Susceptibility to malicious insertion / modification
 Adversary can fabricate a new msg from pieces of

broken msgs, even if he doesn’t know E (just broke

a few msgs)
 Pros / Cons for
Stream and Block Ciphers (2)
 Pros / cons for block ciphers
 + High diffusion
 Frequency of a char from P diffused over (a few chars

of) a block of C
 + Immune to insertion
 Impossible to insert a char into a block without easy

detection (block size would change)

 Impossible to modify a char in a block without easy

detection (if checksums are used)

 Pros / Cons for
Stream and Block Ciphers (3)
 Pros / cons for block ciphers — Part 2
 - High delay for decoding individual chars
 See example for ‘hello worldxx’ above

 For some E can’t decode even the 1st char before whole k
chars of a block are received

 - High error propagation

 It affects the block, not just a single char
DES (Data Encryption Standard)

 Background and History of DES

 Overview of DES
 Double and Triple DES
 Security of DES
Background and History of DES

 Early 1970’s - NBS (Nat’l Bureau of Standards) recognized

general public’s need for a secure crypto system

 Encryption for the masses”

 Existing US gov’t crypto systems were not meant to be
made public
 E.g. DoD, State Dept.

 Problems with proliferation of commercial encryption

devices
 Incompatible

 Not extensively tested by independent body

 Overview of DES (1)
 DES - a block cipher
 a product cipher
 16 rounds (iterations) on the input bits (of P)
 substitutions (for confusion) and
permutations (for diffusion)
 Each round with a round key
 Generated from the user-supplied key
 Easy to implement in S/W or H/W
 Overview of DES (2)
Basic Structure
Input
 Input: 64 bits (a block)
 Li/Ri– left/right half of the input block Input Permutation
for iteration i (32 bits) – subject to L0 R0
substitution S and permutation P
supplied key S K
 Ki - round key:
P
 56 bits used +8 unused
(unused for E but often used for error
checking)
L1 R1
 Output: 64 bits (a block) K1

 Note: Ri becomes L(i+1) L16 R16

K16
 All basic op’s are simple logical ops Final Permutation
 Left shift / XOR
Output
 Overview of DES (3) -
Generation of Round Keys
 key – user-supplied key (input)
key
 PC-1, PC-2 – permutation tables
PC-2 also extracts 48 of 56 bits
PC-1
 K1 – K16 – round keys (outputs)
C0 D0  Length(Ki) = 48
 Ci / Di – confusion / diffusion (?)
LSH LSH  LSH –left shift (rotation) tables
PC-2 K1

C1 D1

LSH LSH
PC-2 K16
 Overview of DES (4) -
Problems with DES
 Diffie, Hellman 1977 prediction: “In a few years, technology
would allow DES to be broken in days.”

 Key length is fixed (= 56)

 256 keys ~ 1015 keys
 „Becoming” too short for faster computers
 1997: 3,500 machines – 4 months
 1998: special „DES cracker” h/w – 4 days

 Design decisions not public

 Suspected of having backdoors
 Speculation: To facilitate government access?
 Double and Triple DES (1)
 Double DES:( 2 Keys)
 Use double DES encryption
C = E(k2, E(k1, P) )
 Expected to multiply difficulty of breaking the encryption
 Not true!
 In general, 2 encryptions are not better than one
 Only doubles the attacker’s work
 Double and Triple DES (2)

 Triple DES:
 Is it C = E(k3, E(k2, E(k1, P) ) ?
 Not so simple!
 Double and Triple DES (3)
 Triple DES:
 Tricks used:
D not E in the 2nd step, k1 used twice (in steps 1 & 3)
 It is:
C = E(k1, D(k2, E(k1, P) )
and
P = D(k1, E(k2, D(k1, C) )

 Doubles the effective key length

 112-bit key is quite strong
 Even for today’s computers
 For all feasible known attacks
 AES (Advanced Encryption Standard)

 Outline
 What is AES?
 Overview of Rijndael
 Strength of AES
 Comparison of DES and AES
What is AES?
• The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the
U.S. government to protect classified information.
• AES is implemented in software and hardware throughout the world
to encrypt sensitive data. It is essential for government computer security,
cybersecurity and electronic data protection.
• The National Institute of Standards and Technology (NIST) started development of
AES in 1997 when it announced the need for an alternative to the Data Encryption
Standard (DES), which was starting to become vulnerable to brute-force attacks.
• AES was created for the U.S. government with additional voluntary, free use in public
or private, commercial or noncommercial programs that provide encryption services.
• AES works self-encrypting disk drives, database encryption and storage encryption
How AES encryption works?
AES includes three block ciphers:
• AES-128 uses a 128-bit key length to encrypt and decrypt a block of
messages.
• AES-192 uses a 192-bit key length to encrypt and decrypt a block of
messages.
• AES-256 uses a 256-bit key length to encrypt and decrypt a block of
messages.
•
AES Design
Feature of AES?
• Security. Competing algorithms were to be judged on their ability to
resist attack as compared to other submitted ciphers. Security
strength was to be considered the most important factor in the
competition.
• Cost. Intended to be released on a global, nonexclusive and royalty-
free basis, the candidate algorithms were to be evaluated on
computational and memory efficiency.
• Implementation. Factors to be considered included the algorithm's
flexibility, suitability for hardware or software implementation, and
overall simplicity.
 Overview of Rijndael/AES
 Similar to DES – cyclic type of approach
 128-bit blocks of P
 # of iterations based on key length
 128-bit key => 9 “rounds” (called rounds, not cycles)

 192-bit key => 11 rounds

 256-bit key => 13 rounds

 Basic ops for a round:

 Substitution – byte level (confusion)
 Shift row (transposition) – depends on key length (diff.)
 Mix columns – LSH and XOR (confusion +diffusion)
 Add subkey – XOR used (confusion)
 Strengths of AES

 Not much experience so far (since 2001)

 But:
 Extensive cryptanalysis by US gov’t and independent
experts
 Dutch inventors have no ties to NSA or other US gov’t
bodies (less suspicion of trapdoor)
 Solid math basis
 Despite seemingly simple steps within rounds
 Comparison of DES & AES (1)
DES AES
Date 1976 1999
Block size [bits] 64 128
Key length [bits] 56 (effect.) 128, 192, 256, or more
Encryption substitution, substitution, shift, bit
Primitives permutation mixing
Cryptographic confusion, confusion,
Primitives diffusion diffusion
Design open open
Design closed open
Rationale
Selection secret secret, but accepted
process public comments
Source IBM, enhan- independent Dutch
ced by NSA cryptographers
 Comparison of DES & AES (2)

 Weaknesses in AES?

 20+ yrs of experience with DES eliminated fears of its

weakness (intentional or not)
 Might be naïve…

 Experts pored over AES for 2-year review period

Public Key Cryptography
Diffie Hellman and RSA?
Public Key Cryptography
• New paradigm introduced by Diffie and Hellman
• The mailbox analogy:
• Bob has a locked mailbox
• Alice can insert a letter into the box, but can’t unlock it to take mail out
• Bob has the key and can take mail out

• Encrypt messages to Bob with Bob’s public key

• Can freely distribute
• Bob decrypts his messages with his private key
• Only Bob knows this
Diffie-Hellman algorithm
• The Diffie-Hellman algorithm is being used to establish a shared secret that
can be used for secret communications while exchanging data over a public
network using the elliptic curve to generate points and get the secret key
using the parameters.
• For the sake of simplicity and practical implementation of the algorithm,
we will consider only 4 variables, one prime P and G (a primitive root of P)
and two private values a and b.
• P and G are both publicly available numbers. Users (say Alice and Bob) pick
private values a and b and they generate a key and exchange it publicly. The
opposite person receives the key and that generates a secret key, after
which they have the same secret key to encrypt.
•
DH step by Step??
DH Steps Contd..
Example
Requirements
• How should a public key scheme work?
• Three main conditions
• It must be computationally easy to encrypt or decrypt a message given the
appropriate key
• It must be computationally infeasible to derive the private key from the public
key
• It must be computationally infeasible to determine the private key from
chosen plaintext attack
• Attacker can pick any message, have it encrypted, and obtain the ciphertext
Exchanging keys
• Alice and Bob want to communicate using a block cipher to encrypt
their messages, but don’t have shared key
• How do Alice and Bob get a shared key?
Solution 1
• Alice sends the key along with her encrypted message

• Eve sees encrypted message and key

• Uses key to decrypt message
Solution 2
• Alice sends the key at some time prior to sending Bob the encrypted
message

• Eve has to wait longer

• If she saw the key transmission, she has the key
• Uses key to decrypt message
Solution 3 – Use public key crypto
• Diffie Hellman Key Exchange
• All users share common modulus, p, and element g
• g ≠ 0, g ≠ 1, and g ≠ p-1
• Alice chooses her private key, kA
• Computes KA = gkA mod p and sends it to Bob in the clear
• Bob chooses his private key, kB
• Computes KB = gkB mod p and sends it to Alice in the clear
• When Alice and Bob want to agree on a shared key, they compute a shared
secret S
• SA,B = KBkA mod p
• SB,A = KAkB mod p
Why does DH work?
• SA,B = SB,A
• (gkA) kB mod p = (gkB) kA mod p

• Eve knows
SA,B = KBkA mod p
• g and p SB,A = KAkB mod p
• KA and KB
• Why can’t Eve compute the secret?

• This was the first public key cryptography scheme

Hard problems

• Public key cryptosystems are based on hard problems

• DH is based on the Discrete Logarithm Problem (DLP)

• Given:
• Multiplicative group G
• Element a in G
• Output b
• Find:
• Unique solution to ax = b in G
• x is loga b

• No polynomial time algorithm exists to solve this*

RSA
• Rivest-Shamir-Adleman
• Probably the most well-known public key scheme
• First, some background
RSA
RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually
means that it works on two different keys i.e. Public Key and Private Key. As
the name describes that the Public Key is given to everyone and the Private
key is kept private.
• An example of asymmetric cryptography :
• A client (for example browser) sends its public key to the server and
requests some data.
• The server encrypts the data using the client’s public key and sends the
encrypted data.
• The client receives this data and decrypts it.
•
 RSA
• Since this is asymmetric, nobody else except the browser can decrypt the
data even if a third party has the public key of the browser.
• The idea! The idea of RSA is based on the fact that it is difficult to factorize
a large integer.
• The public key consists of two numbers where one number is a
multiplication of two large prime numbers.
• And private key is also derived from the same two prime numbers.
• So if somebody can factorize the large number, the private key is
compromised.
• Therefore encryption strength totally lies on the key size and if we double
or triple the key size, the strength of encryption increases exponentially.
• RSA keys can be typically 1024 or 2048 bits long, but experts believe that
1024-bit keys could be broken in the near future.
Example??
Example Contd…
Example Contd…
Euler’s Totient
• Totient function (n)
• Number of positive numbers less than n that are relatively prime to n
• Two numbers are relatively prime when their greatest common divisor is 1

• Example: (10) = 4
• 1, 3, 7, 9

• Example: (7) = 6
• 1, 2, 3, 4, 5, 6
• If n is prime, (n) = n-1
RSA keys
• Choose 2 large primes, p and q
• N = pq
• (N) = (p-1)(q-1)
• Choose e < N such that gcd(e, (N))=1
• d such that ed = 1 mod (N)

• Public key: {N, e}

• Private key: {d}
• p and q must also be kept secret
RSA encryption/decryption

c = me mod N m = cd mod N

Bob
Alice
Toy example
• p=7, q=11
• N=77
• (N) = (6)(10) = 60
• Bob chooses e=17
• Uses extended Euclidean algorithm to find inverse of e mod 60
• Finds d=53

• Bob makes {N, e} public

Toy example (continued)
• Alice wants to send Bob “HELLO WORLD”
• Represent each letter as a number 00(A) to 25(Z)
• 26 is a space
• Calculates:
• 0717 mod 77 = 28, 0417 mod 77 = 16, …, 0317 mod 77 = 75
• Sends Bob 28 16 44 44 42 38 22 42 19 44 75
• He decrypts each number with his private key and gets “HELLO
WORLD”
What could go wrong?
• What was wrong with the toy example?
• Eve can easily find the encryption of each letter and use that as a key to
Alice’s message
• Even without knowing the public key, can use statistics to find likely messages
• Like cryptogram puzzles
How it should really happen
• p and q should be at least 512 bits each
• N at least 1024 bits
• The message “HELLO WORLD” would be converted into one very large
integer
• That integer would be raised to the public/private exponent
• For short message, pad them with a random string
Is this key yours?
• How to bind a key to an identity?
PK Paradigm
• Genkey(some info)
• Creates Kpub and Kpriv

• Encrypt with Kpub

• Decrypt with Kpriv

• Certificate binds key to individual

IBE
• Identity-Based Encryption
• Kpub is well-known
• Known to be bound to owner
• Name, email, SSN, etc.

• Owner requests a private key from CA

• No certificates required