Modern Cryptography

Introduction to Modern Cryptography

 Cryptography has been used since time immemorial to hide messages from
adversaries and prevent message forgery.
 Modern cryptography is the cornerstone of computer and communications security,
based on various mathematical concepts such as number theory, computational
complexity theory, and probability theory.
 Three major characteristics separate modern cryptography from the classical
approach:
1. Modern cryptography operates on binary bit sequences, while classical
cryptography manipulates traditional characters directly.
2. Modern cryptography relies on publicly known mathematical algorithms and
secrecy of keys, while classical cryptography relies on security through
obscurity.
3. Modern cryptography requires parties to possess only the secret key for
secure communication, while classical cryptography requires the entire
cryptosystem.
Cryptology, Cryptography, and Cryptanalysis
 Cryptology is the study of cryptosystems and can be subdivided into two branches:
cryptography and cryptanalysis.
 Cryptography is the art and science of making cryptosystems that provide
information security, dealing with the actual securing of digital data.
 Cryptanalysis is the art and science of breaking ciphertext, studying cryptographic
mechanisms to break them, and testing the security strength of new cryptographic
techniques.
Security Services of Cryptography
1. Confidentiality: Keeping information from unauthorized persons, sometimes referred
to as privacy or secrecy.
2. Data Integrity: Identifying any alteration to the data and confirming whether data is
intact as it was last created, transmitted, or stored by an authorized user.
3. Authentication: Providing identification of the originator and confirming to the
receiver that the data received has been sent by an identified and verified sender.
4. Non-repudiation: Ensuring that an entity cannot refuse the ownership of a previous
commitment or action, providing assurance that the original creator of the data
cannot deny the creation or transmission of the data to a recipient or a third party.
Cryptography Primitives
1. Encryption
2. Hash functions
3. Message Authentication Codes (MAC)
4. Digital Signatures

Cryptosystems
Symmetric Key Encryption
 In symmetric key encryption, the same keys are used for encrypting and decrypting
the information.
 The sender and receiver must share a common key prior to exchanging information,
requiring a secure key establishment mechanism.
  Symmetric key encryption relies on the implicit requirement that the sender and
receiver trust each other.
 Limitations of symmetric key encryption include key establishment and trust issues,
which can be addressed by asymmetric key encryption schemes.
Asymmetric Key Encryption
 In asymmetric key encryption, different keys are used for encrypting and decrypting
the information.
 Every user in the system needs to have a pair of dissimilar keys: a private key and a
public key.
 The public key is placed in a public repository, while the private key is kept secret.
 Although public and private keys are related, it is computationally infeasible to find
one from the other.
 When a sender wants to send data to a receiver, the sender obtains the receiver's
public key from the repository, encrypts the data, and transmits it. The receiver then
uses their private key to decrypt the ciphertext and obtain the plaintext.

Traditional Ciphers
Caesar Cipher
 A mono-alphabetic substitution cipher where each letter of the plaintext is
substituted by another letter to form the ciphertext.
 The substitution is done by shifting the alphabet by a fixed number of positions.
Vigenère Cipher
 Uses a text string (e.g., a word) as a key, which is then used for doing a number of
shifts on the plaintext.
 Each letter in the key determines the number of shifts for the corresponding
plaintext letter.
Affine Cipher
 A mono-alphabetic substitution cipher where each letter in the alphabet is mapped
to its numeric equivalent, encrypted using a simple mathematical function, and
converted back to a letter.
 Encryption is done using the function (a * x + b) mod 26, where 'a' and 'b' are
constants agreed upon by the sender and receiver.
 Decryption is done using the function a^-1 (x - b) mod 26, where a^-1 is the modular
multiplicative inverse of 'a'.

Block Ciphers vs. Stream Ciphers

Block Ciphers
 Process plaintext in fixed-size blocks (e.g., 64 or 128 bits) at a time.
 The strength of the cipher depends on the key length, not the block size directly.
 Common block cipher schemes include DES, Triple DES, AES, IDEA, Twofish, and
Serpent.
Stream Ciphers
 Process plaintext one bit at a time, generating one bit of ciphertext for each bit of
plaintext.
 Can be considered as block ciphers with a block size of one bit.
 Commonly used for applications involving voice or real-time data transmission.
Feistel Block Cipher and Data Encryption Standard (DES)
Feistel Block Cipher
 A Feistel cipher is a symmetric structure used in the construction of block ciphers.
 The encryption process involves applying the round function F, taking the key K and
the right half of the data R as inputs, and XORing the output with the left half of the
data L.
 Each round uses a different key derived from the original encryption key, and the
permutation step swaps the modified L and unmodified R.
 The number of rounds is specified by the algorithm's design, and more rounds
provide a more secure system but slower encryption/decryption.
Data Encryption Standard (DES)
 DES is a symmetric key block cipher and an implementation of a Feistel cipher that
uses 16 rounds.
 It has a block size of 64 bits, but the effective key length is 56 bits, as 8 bits are not
used by the encryption algorithm.
 Weaknesses in DES have been discovered when weak keys are selected, so these keys
should be avoided.
Triple DES
 Triple DES applies the DES cipher algorithm three times to each data block to
increase security.
 Encryption: Encrypt with DES and K1, decrypt with DES and K2, then encrypt with
DES and K3.
 Decryption: Decrypt with DES and K3, encrypt with DES and K2, then decrypt with
DES and K1.
 Triple DES is significantly more secure than single DES but slower.
Advanced Encryption Standard (AES)
 AES is a symmetric block cipher with 128-bit data and supports 128, 192, or 256-bit
keys.
 It is stronger and faster than Triple DES and can be implemented in C, C++, and Java.
 AES performs computations on bytes rather than bits and arranges 16 bytes in a 4x4
matrix for processing.
 The number of rounds in AES is variable and depends on the key length (10, 12, or 14
rounds).
 Each round uses a different 128-bit round key calculated from the original AES key.

Asymmetric Key Cryptography

Introduction to Asymmetric Key Cryptography
 Asymmetric key cryptosystems, also known as public-key cryptosystems, use a pair of
mathematically linked keys: a public key for encryption and a private key for
decryption.
 The public key is typically shared with everyone, while the private key is kept secret.
 Calculating the private key from its corresponding public key is computationally
infeasible by design (one-way functions).
Capabilities of Asymmetric Key Cryptosystems
1. Key-pair generation: Generate random pairs of private and corresponding public
keys.
 2. Encryption/decryption: Encrypt data with the public key and decrypt with the private
key.
3. Digital signatures: Sign messages with the private key, and verify signatures with the
public key.
4. Key-exchange algorithms: Securely exchange cryptographic keys between two parties
over an insecure channel.
RSA (Rivest-Shamir-Adleman)
 RSA is an asymmetric cryptosystem that provides key-pair generation, encryption,
digital signatures, and key exchange.
 It relies on the difficulty of factoring large composite numbers.
ElGamal Cryptosystem
 ElGamal is an asymmetric cryptosystem based on the Discrete Logarithm Problem.
 It is more efficient for decryption compared to RSA, and requires shorter keys for the
same level of security.
 ElGamal is newer and less popular than RSA in the market.

Elliptic Curve Cryptography (ECC)

Introduction to ECC
 ECC is a modern family of public-key cryptosystems based on the algebraic structures
of elliptic curves over finite fields.
 It relies on the difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP).
 ECC uses equations in the form of y² = x³ + ax + b to generate elliptic curves.
Key Generation and Properties
 ECC uses a base point G on the elliptic curve and a private key k to generate a public
key P, such that P = k * G.
 It is fast to calculate P given k and G, but extremely slow (infeasible for large k) to
calculate k given P and G.
 The secp256k1 curve, used in Bitcoin, has the equation y² = x³ + 7 and uses a prime
modulus p.
Cofactor
 The cofactor h is the number of non-overlapping subgroups of points on the elliptic
curve, each of order r.
 Curves with different cofactors have different properties and use cases (e.g.,
secp256k1 has a cofactor of 1, while Curve25519 has a cofactor of 8).

Hash Functions
Introduction to Hash Functions
 A hash function is a mathematical function that converts a numerical input value into
another compressed numerical value.
 The input can be of arbitrary length, but the output (hash value or message digest) is
always of fixed length.
 Hash functions are extremely useful and appear in almost all information security
applications.
Properties of Hash Functions
1. Pre-image resistance: Given a hash value, it should be computationally hard to find
any input that hashes to that value.
 2. Second pre-image resistance: Given an input and its hash, it should be difficult to find
a different input with the same hash.
3. Collision resistance: It should be difficult to find two different inputs that result in the
same hash value.
Popular Hash Functions
1. Message Digest (MD) family: MD2, MD4, MD5, MD6
2. Secure Hash Algorithm (SHA) family: SHA-0, SHA-1, SHA-2 (SHA-224, SHA-256, SHA-
384, SHA-512)
3. RIPEMD (RACE Integrity Primitives Evaluation Message Digest): RIPEMD, RIPEMD-
128, RIPEMD-160, RIPEMD-256, RIPEMD-320
4. BLAKE family: BLAKE, BLAKE2s, BLAKE2b
Applications of Hash Functions
1. Password storage: Store password hashes instead of plaintext passwords in
databases.
2. Data integrity checks: Generate checksums on data files to ensure data correctness.
3. Pseudorandom generation and key derivation: Use hash values as random numbers
or derive keys from a random seed.
4. Proof of work algorithms: Create hash values that meet specific criteria (e.g., mining
difficulty in cryptocurrencies).