1.

What is cryptography and its types

Cryptography is the practice and study of techniques for securing communication and data
from unauthorized access. It ensures confidentiality, integrity, authenticity, and
non-repudiation of information. By using cryptographic techniques, sensitive information can
be encoded so that only authorized parties can understand it.

Types of cryptography:

Cryptography is generally classified into three main categories based on the type of
keys and algorithms used:

1. Symmetric Key Cryptography (Secret-Key Cryptography)

2. Asymmetric Key Cryptography (Public-Key Cryptography)
3. Hash Functions
2.Differentiate between symmetric key and asymmetric key Encryption

3. Types of attacks in Cryptography:

1. Known-Plaintext Analysis (KPA)
2. Chosen-Plaintext Analysis (CPA)
3. Ciphertext-Only Analysis (COA)
4. Man-In-The-Middle (MITM) Attack
5. Adaptive Chosen-Plaintext Analysis (ACPA)
6. Birthday Attack
7. Side-Channel Attack
8. Brute-Force Attack
9. Differential Cryptanalysis
4. Define Stream Cipher:
A stream cipher is a type of encryption algorithm that encrypts and decrypts data bit by bit
using a symmetric key. Stream ciphers are often used in wireless sensor networks and cell
phones because they are faster and simpler than block ciphers

5. Applications of Cryptography:
1. Secure Communication (e.g., HTTPS, VPNs)
2. Data Integrity (e.g., hashes like SHA-256)
3. Authentication (e.g., digital certificates)
4. Digital Signatures (e.g., verifying document authenticity)
5. Secure Storage (e.g., encrypted files)
6. E-Commerce Security (e.g., online payment encryption)
7. Blockchain and Cryptocurrencies
8. Wireless Network Security (e.g., WPA3)
9. Email Security (e.g., PGP)
10. Banking and Financial Services (e.g., ATM transactions)

6. Plain & Cipher Text:

Plaintext

● Definition: Plaintext is the original, unencrypted information or message that is

intended to be encrypted and protected.

The original, readable data or message before encryption.

● Example: "Hello, World!"

● Usage: Input for encryption algorithms.
Ciphertext

● Definition: Ciphertext is the encoded or encrypted version of plaintext, which is

unreadable without the proper decryption key.

The encrypted, unreadable form of the plaintext, generated using an encryption

algorithm and a key.

● Example: "7gf8$@#1ab!"
● Usage: Secures the message during transmission to prevent unauthorized access.

Relation:

● Plaintext → Encryption Algorithm + Key → Ciphertext

● Ciphertext → Decryption Algorithm + Key → Plaintext

7. Hash Functions

Definition:

A hash function is a cryptographic algorithm that takes an input (or message) and generates
a fixed-size string of characters, typically a hexadecimal value, called a hash or digest. The
process is one-way, meaning the original input cannot be derived from the hash.

Applications:

1. Data Integrity:
2. Digital Signatures:.
3. Password Storage:
4. Blockchain:
5. Message Authentication Codes (MACs):

Key Characteristics of Hash Functions:

1. Deterministic
2. Fast Computation
3. Fixed Output Size
4. Pre-image Resistance
5. Collision Resistance
6. Avalanche Effect

Common Hash Functions:

1. MD5
2. SHA (SHA-1, SHA-256, SHA-512)
3. BLAKE2
4. Argon2
 5. RIPEMD

8. Algorithms Used in Symmetric Encryption:

1. AES (Advanced Encryption Standard)

○ Widely used, secure, and efficient. Supports key sizes of 128, 192, and 256
bits.
2. DES (Data Encryption Standard)
○ Older and now considered insecure due to its small key size (56 bits), but
historically important.
3. 3DES (Triple DES)
○ Enhances DES by applying the algorithm three times with different keys. More
secure than DES but slower than AES.
4. Blowfish
○ A fast block cipher with variable key sizes (32 to 448 bits), designed to
replace DES.
5. Twofish
○ Successor to Blowfish, more secure, and supports key sizes up to 256 bits.
6. RC4 (Rivest Cipher 4)
○ A stream cipher that is fast but considered insecure due to vulnerabilities.
7. IDEA (International Data Encryption Algorithm)
○ A block cipher with a 128-bit key, known for its security but not as widely used
as AES.
8. Camellia
○ A block cipher with similar security to AES, used in Japan and other regions.
9. CAST-128 and CAST-256
○ Block ciphers with variable key sizes, used in some commercial applications.

These algorithms work by using a single key for both encryption and decryption, making key
management and security crucial. Let me know if you'd like further details on any!

9. Permutation in Cryptography

Definition:
Permutation in cryptography refers to the rearrangement of data (bits or bytes) to increase
security by making the encryption process harder to reverse without the key.

Key Points:

● Rearranges data to enhance complexity.

● Confusion & Diffusion: Makes the relationship between plaintext and ciphertext
harder to detect.
● Used in Algorithms: Examples include DES, AES, and Feistel networks.

Purpose:
 ● Confusion: Obscures the relationship between plaintext and ciphertext.
● Diffusion: Spreads plaintext information across the ciphertext.

In cryptographic systems, permutations are often combined with substitution steps to create
confusion and diffusion, essential principles for secure encryption. Let me know if you'd
like more details!

10. Cryptanalysis
Definition:
Cryptanalysis is the study and practice of attempting to break or weaken cryptographic
systems and algorithms. The goal is to find vulnerabilities or methods to decrypt ciphertext
without the original key.

Types of Cryptanalysis:

1. Brute Force Attack: Trying all possible keys.

2. Frequency Analysis: Studying character patterns in ciphertext.
3. Known-Plaintext Attack: Using known pairs to deduce the key.
4. Chosen-Plaintext Attack: Analyzing chosen plaintext-ciphertext pairs.
5. Differential Cryptanalysis: Analyzing differences in plaintext and ciphertext.
6. Linear Cryptanalysis: Finding linear relations in the data.

Purpose:

● To assess the strength of cryptographic systems.

● To find vulnerabilities in encryption schemes.

Cryptanalysis plays a critical role in improving cryptographic algorithms by identifying

weaknesses and helping develop more secure systems.
11. Differentiate between AES and DES:

12. What is the purpose of mix column in AES algorithm?

Purpose of MixColumns in AES

The MixColumns step ensures diffusion, spreading the influence of each byte across the
column, making encryption more secure. It:

1. Enhances diffusion to obscure patterns.

2. Increases resistance to cryptanalysis.
3. Makes it harder to trace plaintext-key relationships.

It uses matrix multiplication over a Galois Field to mix bytes within each column of the AES
state

13. Principles of Asymmetric Key Encryption System:

Principles of Asymmetric Key Encryption

1. Key Pair: Public key (encryption) and private key (decryption).

2. Public and Private Keys: Public key is shared, private key is confidential.
3. One-Way Function: Easy to encrypt, hard to decrypt without the private key.
4. Confidentiality: Only the private key holder can decrypt messages.
5. Digital Signatures: Verifies authenticity using private and public keys.
 6. Key Distribution: No need to share private keys.
7. Non-Repudiation: Ensures sender cannot deny signing a message.

Common algorithms include RSA, ECC, and DSA.

14. Expand:
1. RSA: Rivest-Shamir-Adleman
2. ECC: Elliptic Curve Cryptography
3. CRT: Chinese Remainder Theorem
4. MAC: Message Authentication Code
5. SSA: Schnorr Signature Algorithm
6. HTTP: HyperText Transfer Protocol
7. SET: Secure Electronic Transaction
8. PRIS: Public Resource Information System

15. HMAC neat diagram

Definition:
HMAC combines a hash function (e.g., SHA-256) and a secret key to ensure message
integrity and authentication.

Key Points:

1. Verifies message integrity and authenticity.

2. Uses a secret key for added security.
3. Supports hash functions like SHA-1, SHA-256.

Usage: Common in TLS, IPSec, and JWT for secure communication.

16. CA and RA

CA (Certificate Authority)

Definition:
A Certificate Authority (CA) is a trusted entity responsible for issuing, verifying, and
managing digital certificates. The CA validates the identity of entities (individuals, websites,
organizations) and binds them to public keys, ensuring secure communication through
encryption.

RA (Registration Authority)

Definition:
A Registration Authority (RA) acts as an intermediary between the user and the CA. It
receives requests for digital certificates and authenticates the user's identity before the CA
issues the certificate. The RA does not directly issue certificates but verifies user information
on behalf of the CA.
Key Difference:

● CA: Issues and manages digital certificates.

● RA: Verifies user identities before the CA issues the certificates.

17. Third Party

Definition:
A third party is an external entity involved in securing or facilitating communication between
two parties in cryptographic systems.

Roles:

1. Certificate Authority (CA): Issues and manages digital certificates.

2. Registration Authority (RA): Verifies user identities before certificate issuance.
3. Trusted Third Party (TTP): Facilitates secure encryption and key management.
4. Key Distribution Center (KDC): Distributes cryptographic keys.
5. Escrow Services: Stores and releases encryption keys under specific conditions.

Purpose: Enhances security, trust, and verification in cryptographic systems.