🔐

Art of Cryptography
Symmetric Key Cryptography:

Art of Cryptography 1
 The biggest challenge in symmetric cryptography lies in the secure distribution of
the secret key.

Block Cipher Schemes

A large number of block cipher schemes have been developed over the years and
are used widely in various domains.

Some of the most prominent ones are:

Data Encryption Standard (DES)

Triple DES

Advanced Encryption Standard (AES)

IDEA

Art of Cryptography 2
 Twofish

Serpent

Data Encryption Standard (DES)

DES was one of the most popular block cipher used in the 1990s.

Encrypts 64-bit data with 56-bit keys

From the 56-bit key, 16 subkeys are generated

The process is repeated through 16 rounds of processing

The security depends on the algorithm used and the length of the key.

Triple DES
Triple DES is implemented by applying three iterations of DES to each data block.

The key length is of 168 bits

Block size is increased to 64 bits

Since three iterations of DES is applied, Triple DES is a comparatively slow

algorithm.

#Security of DES
In 1998, a DES-encrypted message was cracked in three days.

In 1999, a network of 10,000 desktop computers managed to crack a DES-

encrypted message in just 1 day.

Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by
the U.S. government to protect classified information. AES is implemented in
software and hardware throughout the world to encrypt sensitive data. It is

Art of Cryptography 3
 essential for government computer security, cybersecurity and electronic data
protection.
AES includes three block ciphers: AES-128, AES-192 and AES-256.

AES-128 uses a 128-bit key length to encrypt and decrypt a block of messages,
while AES-192 uses a 192-bit key length and AES-256 a 256-bit key length to
encrypt and decrypt messages. Each cipher encrypts and decrypts data in blocks
of 128 bits using cryptographic keys of 128, 192 and 256 bits, respectively.
Symmetric, also known as secret key, ciphers use the same key for encrypting
and decrypting, so the sender and the receiver must both know -- and use -- the
same secret key. The government classifies information in three categories:
Confidential, Secret or Top Secret. All key lengths can be used to protect the
Confidential and Secret level. Top Secret information requires either 192- or 256-
bit key lengths.

There are 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for
256-bit keys. A round consists of several processing steps that include
substitution, transposition and mixing of the input plaintext to transform it into the
final output of ciphertext.

Art of Cryptography 4
 A visual chart describing the relationships between secret key, plaintext, cipher
and ciphertext

The AES encryption algorithm defines numerous transformations that are to be

performed on data stored in an array. The first step of the cipher is to put the data
into an array -- after which, the cipher transformations are repeated over multiple
encryption rounds.

The first transformation in the AES encryption cipher is substitution of data using a
substitution table; the second transformation shifts data rows, and the third mixes
columns. The last transformation is performed on each column using a different
part of the encryption key. Longer keys need more rounds to complete.

IDEA, Two fish, Serpent

IDEA

International Data Encryption Algorithm

Block size - 64 bits and Key size - 128 bits

Due to patent issues the use of IDEA has restricted adoption

Twofish

Block size - 128 bits and Key sizes up to 256 bits

Distinctive features: Use of precomputed key-dependent S-boxes, A relatively
complex key schedule

Serpent

Block size - 128 bits and Key size - 128, 192, or 256 bits
It is comparatively slower but has a more secure design than other block
ciphers.

Asymmetric Algorithms

Art of Cryptography 5
 Asymmetric cryptography, also known as Public Key Cryptography, makes
use of two keys: a public key and a private key to encrypt and decrypt data.
The public key is the key that is shared with everyone. The private key is kept
a secret.

Either of the keys can be used for encryption, and the other is used for
decryption.

#Some of the prominent asymmetric algorithms are:

Diffie-Hellman

RSA (Rivest–Shamir–Adleman)

ECC (Elliptic-Curve Cryptography)

Let's look in detail each one of these algorithms.

Art of Cryptography 6
 Diffie-Hellman Algorithm

The Diffie-Hellman algorithm is a key exchange algorithm.

Initially, the secure communication of encrypted data between two entities

demanded the secure exchange of the keys using a secure physical
channel.

The Diffie-Hellman key exchange facilitates two entities that have no prior
knowledge of each other to exchange secret keys over insecure channels.

The keys exchanged can then be used to encrypt messages using an

encryption algorithm.

RSA Algorithm

The RSA algorithm was developed in the year 1977 and named after its
inventors Ron Rivest, Adi Shamir, and Len Adleman.

RSA is rooted in the fact that factorizing large integers is a complex task.
The public key comprises two numbers in which one is the product of two
large prime numbers.

The private key is generated from the two large prime numbers. Hence the
secrecy is highly dependent on the inability to factorize the large numbers.
Thus, the strength of the algorithm can be improved significantly by
increasing the key size.
As of now, key sizes of 1024, 2048 or 4096 bits are used, breaking which
seems to be an impossible task.

Encrypt: m^e mod n=c

Decrypt: c^d mod n=m
where e and n are public keys and d is private key

IT IS ALSO KNOWN AS ONE WAY TRAP DOOR WHERE TRAP DOOR IS 'n'
due to prime factorization.

Elliptic Curve Cryptography (ECC)

Elliptic-curve cryptography (ECC) is a public key cryptographic strategy
that exploits the algebraic structure of elliptic curves over finite fields.

Art of Cryptography 7
 One of the significant advantages of ECC is that the size of the keys used
can be much smaller than the keys used in other algorithms.
Elliptic curves find application in various areas of digital security such as

Key agreement

Digital Signatures

Pseudo-random generators

Integer factorization algorithms

Data Integrity
Symmetric and asymmetric encryption schemes are used to ensure the
confidentiality of sensitive data, that is, to ensure that the data is accessible
only to the intended recipients.
However, when data is exchanged between two or more entities another
important aspect to consider is data integrity, that is, to ensure that the data
has not been tampered with during the communication process.
Two types of data integrity threats have been identified in the field of digital
security.

Passive Threats : Noise in the communication channel and data corruption

during file storage

Active Threats : An attacker manipulating data with malicious intent

Integrity using Hash Functions

Hash functions are generally used in cryptosystems to convert the data into a
unique and non-reversible code.

Uniqueness is achieved when two different sets of data generate different

hash values even if they differ only by a bit.

Non-reversible implies that the hash code generated cannot be

manipulated to retrieve the original data.

Art of Cryptography 8
 Hash functions are designed in such a way that the smallest change in the
original data causes a significant change in the hash generated.
Represents data as a short string of text.

Message Digest 5 (MD5) and Secure Hash Algorithm (SHA) are the most
popular hash functions.

The above picture depicts an example of hash values generated using MD5
algorithm.

Message Authentication Code

Art of Cryptography 9
 Lack of message authentication is another threat for data in the
communication model in which the originator of the message remains
uncertain.

Message authentication is ensured with the help of cryptographic techniques

that use secret keys.
Message Authentication Code (MAC) is a commonly used cryptographic
technique used to enforce message authentication.
MAC is an encrypted checksum coined from the underlying message and
attached to the message sent to enable the end user to verify the authenticity
of the message.
Also known as 'Keyed Hash Function' .
The hash function value used in message authentication is also known as
Message Digest
Common key between sender and receiver. Does not provide confidentiality.

Art of Cryptography 10
 The above picture illustrates the process behind message authentication
using MAC.

Digital Signatures
Digital signatures are another way to ensure message authenticity and are
based on the concepts of public key cryptography.
Digital signatures are used to bind a person or an entity to a digital message
and can be verified by the end user or any third party.

Digital signatures are analogous to handwritten signatures in

many aspects but properly implemented digital signatures
are much harder to forge than handwritten signatures.

Art of Cryptography 11
 Digital signatures can also be used to enforce non-repudiation in the sense
that the signer cannot deny signing a message while claiming the secrecy of
their private key.

A simple illustration explaining the generation and verification of digital

signatures

Art of Cryptography 12