Cryptography

&
Authentication
Module 2
Introduction - Cryptography

“Cryptography is the art of achieving security by encoding messages to make them non
readable”
Cryptanalysis

It is the technique of decoding messages from a non readable format back to

readable format without knowing how they were initially converted from readable
format to non readable format.
 Cryptology

It is a combination of cryptography and cryptanalysis.

Example Key-1

Clear text or plain text ,signifies a message that can be understood by the sender,
the recipient, and also by anyone else who gets access to that message.

B E H A P P Y

E H A P P Y B
Elements of Cryptographic Operation
When a plain-text message is codified using any suitable scheme,the resulting message
is called ciphertext.

Receiver
Sender

Plain Text Plain Text

Encryption Decryption

Cipher Text Cipher Text

Example
Techniques
Substitution Techniques

Substitution Technique, the characters of plain text message are replaced by other
characters ,numbers or symbols.

1.Hill Cipher
2.Caesar Cipher
Transposition Techniques

Transposition Ciphers are an essential part of cryptography that uses systematic

shuffling of plain text characters or bits to secure data by altering their positions based
on some defined way or algorithm.

Types of Transposition Cipher Techniques

● Rail Fence Transposition Cipher

● Block (Single Columnar) Transposition Cipher
● Double Columnar Transposition Cipher
Hill Cipher - Substitution Method

Hill cipher is a polygraphic substitution cipher based on linear

algebra.Each letter is represented by a number modulo 26. Often the
simple scheme A = 0, B = 1, …, Z = 25 is used, but this is not an essential
feature of the cipher. To encrypt a message, each block of n letters
(considered as an n-component vector) is multiplied by an invertible n ×
n matrix, against modulus 26. To decrypt the message, each block is
multiplied by the inverse of the matrix used for encryption.
The matrix used for encryption is the cipher key, and it should be chosen
randomly from the set of invertible n × n matrices (modulo 26).
Caesar Cipher

The Caesar Cipher is one of the simplest and oldest methods of encrypting
messages, named after Julius Caesar, who reportedly used it to protect his
military communications.

This technique involves shifting the letters of the alphabet by a fixed number of
places. For example, with a shift of three, the letter ‘A’ becomes ‘D’, ‘B’ becomes
‘E’, and so on.

Despite its simplicity, the Caesar Cipher formed the groundwork for modern
cryptographic techniques.
Rail Fence Transposition Cipher

Rail Fence Transposition cipher technique is the simplest transposition cipher technique.

It is also termed as a zigzag cipher.

It gets its name from the way through which it performs encryption of plain text.
Hash Algorithm
A Hash Function (H) takes a variable-length block of data and returns a hash
value of a fixed size.
A good hash function has a property that when it is applied to a large
number of inputs, the outputs will be evenly distributed and appear random.
Working on Hashing Algorithm

First act of the hashing algorithm is to divide the large input data into blocks of
equal size

Though one block is hashed separately, all the blocks are related to each other.

The output hash value for the first data block is taken as an input value and is
summed up with the second data block.

Similarly, the hashed output of the second block is summed up with the third
block, and the summed-up input value is again hashed.

And this process goes on and on until you get the final hash output, which is the
summed-up value of all the blocks that were involved.
Therefore, tampering with the data of any block will change its hash
value.

As its hash value goes into the feeding of blocks following it, all the
hash values are changed.

This is how even the smallest change in the input data is detectable,
as it changes the entire hash value.
Diagram
 Secure Hash Algorithm

A Secure Hash Algorithm (SHA) is a cryptography technique and are developed by National
Security Agency(NSA).

National Institute of Standards and Technology standardized the SHA technique and ready for
various purposes(authentication, message integrity checks, digital signatures, and key derivation)

SHA uses hash function for plain text to message digest creation and are used for data
authentication and integration.

SHA creates a unique hash value by the one-way mathematical function and the hash value is
irreversible and used for to identify any tempered or changes of plain text.

This hash value is irreversible and is typically used for verifying data integrity and detecting
changes to digital data.
Diagram
 Processing of SHA
1. Input
Input is the original message and need to be hashed before sending to the recipient.

1. Preprocessing
Perform preprocessing (removal of unnecessary characters or punctuation wherever applicable) and
then input message to a binary format conversion.

1. Hashing
Applying the SHA hash function by using the mathematical operations on the processed input message
to a fixed size output or hash value.

1. Output
Hash value can act as a tool for authenticating the originality of the input message by making sure to
verify any unauthorised and modifications made due to the data tampering and henceforth discarding
the message. If the recipient gets different hash value upon using the same hashing algorithm and hash
function on the input then the message are tempered and modified and henceforth need to be discarded.
Applications of SHA

1. Message Authentication Codes (MACs)

SHA hash is attached with the input message and then send to the recipient.

1. Digital Signatures
SHA are also used with cryptography technique such as digital signatures to ensure and
verify the authenticity and identity of electronic documents( e- mail, confidential
reports, project data).

1. Password Hashing
Passwords are generally hashed using SHA and are stored in the database and relevant
record systems as to make it difficult to recognise and identify the original password
and henceforth reduces the possibility of cyber attack and security issues leading to a
database leak.
 AES(Advanced Encryption Standard)

Advanced Encryption Standard (AES) is a specification for the encryption of electronic data
established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

Its stronger than DES.

It highly trusted encryption algorithm used to secure data by converting it into an unreadable format
without the proper key.

AES encryption uses various key lengths (128, 192, or 256 bits) to provide strong protection against
unauthorized access.

This data security measure is efficient and widely implemented in securing internet communication,
protecting sensitive data, and encrypting files. AES, a cornerstone of modern cryptography, is
recognized globally for its ability to keep information safe from cyber threats.
AES is a Block Cipher.

The key size can be

128/192/256 bits.

Encrypts data in blocks

of 128 bits each.
How Works?

AES performs operations on bytes of data rather than in bits. Since the block
size is 128 bits, the cipher processes 128 bits (or 16 bytes) of the input data at a
time.

The number of rounds depends on the key length as follows :

128-bit key – 10 rounds

192-bit key – 12 rounds
256-bit key – 14 rounds
Creation of Round Keys
A Key Schedule algorithm calculates all the round keys from the key. So the initial key is used to create
many different round keys which will be used in the corresponding round of the encryption.
Encryption

AES considers each block as a 16-byte (4 byte x 4 byte = 128 ) grid in a column-major
arrangement.

Each round comprises of 4 steps :

SubBytes
ShiftRows
MixColumns
Add Round Key
The last round doesn’t have the MixColumns round.

The SubBytes does the substitution and ShiftRows and MixColumns perform the
permutation in the algorithm.
Decryption

The stages in the rounds can be easily undone as these stages have an
opposite to it which when performed reverts the changes. Each 128 blocks
goes through the 10,12 or 14 rounds depending on the key size.

The stages of each round of decryption are as follows :

Add round key

Inverse MixColumns
ShiftRows
Inverse SubByte
Applications

Wireless security

Database Encryption

Secure communications

Data Storage

Virtual Private Networks (VPNs)

Secure Storage of Passwords

File and Disk Encryption

Data Encryption Standard(DES)

It is a symmetric-key block cipher published by the National Institute of Standards and

Technology (NIST).

DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block
size is 64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8
of the 64 bits of the key are not used by the encryption algorithm (function as check bits
only).
DES Encryption Is a Six-Step Process

1. The message is divided into 64-bit blocks.

2. An initial permutation is carried out on the plain text blocks.
3. Permuted blocks are divided into two halves, each of which is 32 bits – left
plain text (LPT) and right plain text (RPT).
4. Both LPT and RPT go through 16 rounds of encryption. Each round of
encryption has five steps:

Key transformation — Key transformation is a process wherein 16 different

subkeys measuring 48-bits each are derived from the main key to encrypt
plaintext. The key schedule is used to derive these keys.
Expansion permutation — A half-block of 32-bits is expanded to 48 bits using expansion
permutation. It adds adjacent bits from each side of the block to the 32-bits of the block to
create a 48-bit block.

S-Box permutation — A substitution box permutation, or S-box, is the only non-linear

component in the DES algorithm. It provides additional security to the cipher. After the block is
mixed with the subkey, it is divided into eight 6-bit parts. The S-box process uses a lookup table
to convert the eight 6-bit parts into 4-bit output each, resulting in 32-bit output in total.
Process

P-Box permutation — The 32-bit output from the S-box permutation is rearranged
according to the P-box permutation. The design of the P-box permutation ensures that
the output of each S-box is spread across four different S-boxes for the next round of
encryption.

ExclusiveOR (XOR) and swap — XOR is a mathematical function that compares two sets
of bits that can be either 1s or 0s. If the bits from both sets match, the XOR output is 0.
On the other hand, if they don’t match, the output is 1. This bit-wise comparison results
in stronger encryption, and XORing is something we’ll speak more about in our next
article on how DES encryption works.
Process

5. LPT and RPT are combined.

6. The final permutation is performed on the combined LPT and RPT,
resulting in the final ciphertext.
IDEA(Simplified International Data
Encryption Algorithm (IDEA))
(IDEA) is a symmetric-key block cipher that was first introduced in 1991.

Designed to provide secure encryption for digital data and is used in a variety of
applications, such as secure communications, financial transactions, and electronic voting
systems.

IDEA uses a block cipher with a block size of 64 bits and a key size of 128 bits.

It uses a series of mathematical operations, including modular arithmetic, bit shifting, and
exclusive OR (XOR) operations, to transform the plaintext into ciphertext.

The algorithm is relatively fast and requires only a small amount of memory and processing
power. This makes it a popular choice for use in embedded systems and other applications
where resources are limited.
Diagram
Block Cipher Structure(IDEA)

The Simplified International Data Encryption Algorithm (IDEA) is a symmetric key block cipher that:

● Plaintext block size: 16 bits (divided into 4-bit chunks)

● Key length: 32 bits
● Output: 16-bit ciphertext
● Processing: Four complete rounds plus one half-round

Subkey Generation Process

● Initial key division into eight 4-bit subkeys.
● Key schedule generation through left rotation.
● Production of 28 subkeys (24 for complete rounds, 4 for half-round).
● Systematic distribution across rounds.
Rounds and Operations

Each complete round consists of:

● 14 distinct steps using three core operations

● Systematic transformation of data blocks
● Inter-round data swapping
● Final half-round with 4 operations
Example Implementation

1. Initial key expansion

2. Plaintext division into blocks

3. Round function application:

Multiplication and addition operations

XOR combinations
Inter-round transformations
4. Final half-round processing

5. Ciphertext generation