Cryptography Technology

CRYPTOGRAPHY TECHNOLOGY

ABSTRACT
The requirement of information security within an organization has under
gone two major changes in the last several decades. Before the widespread
use of data processing equipment, the security of information felt to be
valuable to an organization was provided primarily by physical and
administrative means. An example of the former is the use of rugged filing
cabinets with a combination lock for storing sensitive documents. An
example of the latter is personnel screening procedures used during the
hiring process.

With the introduction of computer, the need for automated tools for
protecting files and other information stored on the computer became
evident. This is especially the case for a shared system, such as a time-
sharing system, and the need is even more acute for system that can be
accessed over public telephone network, data network, or the Internet.
The generic name for the collection of the tools designed to protect data
and to thwart hackers is computer security.

The second major change that affected security is the introduction of

distributed system and the use of network and communication facilities
for carrying data between terminal user and computer and between
computer and computer. Network security measure are needed to
protect data during their transmission. In fact, the term network
security is somewhat misleading, because virtually all business,
government, and academic organization interconnect their data
processing equipment with a collection of interconnected networks.
Such a collection is often referred to as an internet, and the term
internet security is used.

There are no clear boundaries between these two forms of security. For
example, one of the most publicized types of attack on information
system is the computer virus. A virus may be introduced into a system
physically when it arrives on a diskette and is subsequently loaded onto
a computer. Viruses may also arrive over an internet. In either case,
once the virus is resident on a computer security tools are needed to
detect and recover from the virus

Department Of Computer Science , SCET 1|Page

Cryptography Technology

Cryptography is the study of mathematical techniques related to

aspects of information security, such as confidentially or privacy ,data
integrity and entity authentication. Cryptography is not only means of
providing information security, but rather one set of techniques.
Confidentially means keeping information secret from all but those who
authorized to see it. Data integrity means ensuring information has not
been altered by unauthorized or unknown means. Entity authentication
means corroboration of the identify of an entity.

There are some characteristics of cryptographic algorithm. They are

level security, performance , and ease of implementation. Level security
defined by an upper bound on the among of work necessary to defeat
the objective. Performance refers to the efficiency of an algorithm in a
particular mode of an operation. Ease of implementation refers to the
difficulty of realizing the algorithm in practical implementation.

There are several aspects of security. They are security service,

security mechanism, and security attack. Security service means a
service that enhances the security of the data processing system and
information transfers of an organization. A security mechanism
mean that is designed to detect, prevent, or recover from a security
attacks. Security attack means any action that compromises the security
of information owned by an organization.

Encryption means the process of converting from plaintext to

ciphertext. A key is a piece of information, usually a number that allows
a receiver. Another key also allows a receiver to decode messages sent
to him or her. There are some types of encryption. They are classical
techniques, modern techniques, and public-key encryption. In Classical
techniques there are substitution techniques and transposition
techniques. In substitution techniques there are Caesar cipher,
monoalphabetic cipher and polyalphabetic cipher. In Modern techniques
there are block cipher , stream cipher and DES algorithm. In Public-key
encryption the RSA algorithm is there.

Cryptography has provided us with Digital Signatures that resemble in

functionality the hand-written signature and Digital Certificates that
related to an ID -card or some other official documents. There are some

Department Of Computer Science , SCET 2|Page

Cryptography Technology

applications of cryptography. They are secure communication.

INTRODUCTION
Due to the rapid growth of digital communication and electronic data
exchange information security has become a crucial issue in industry,
business and administration. Assume a sender referred to here and in
what follows as Alice (is commonly used) wants to send a message m to
a receiver referred to as Bob. She uses an insecure communication
channel. For example, the channel could be a computer network or a
telephone line. There is a problem if the message contains confidential
information. The message could be intercepted and read by
eavesdropper. Or even worse, some might be able to modify the
message during transmission, so Bob does not detect the manipulation.

Cryptography has provided us with digital signature that resemble in

functionality the hand-written signature and digital certificates that
related to an ID CARD or other official documents. Modern cryptography
provides essential techniques for securing information and protecting
data.

Definition of cryptography
Cryptography is the study of mathematical techniques related to aspects
of information security, such as confidentially or privacy, data integrity
and entity authentication. Cryptography is not the only means of
providing information security, but rather one set of techniques.

Categories of cryptographic algorithm

There are main two types of cryptographic algorithms.

1: - Symmetric key

2: - Asymmetric key

Department Of Computer Science , SCET 3|Page

Cryptography Technology

 Symmetric key
 Sender and receiver share a key.

 A secret piece of information used to encrypt or decrypt the

message.

 If a key is secret, then nobody other than the sender and receiver
can read the message.

 If Alice and Bob each have a secret key then they may send each
other a private message.

 The task of privately choosing a key before communication can be

however problematic.

 Asymmetric key

 Solves the key exchange problem by defining an algorithm that

uses two keys, each of which can be used for encryption.

 If one is used to encrypt a message, then other key must be used

to decrypt it.

 This makes it possible to receive secure message by simply

publishing one key (public key) and keeping the other key
(private) secret.

 Anyone can encrypt a message using public key but only the
owner of the public key is able to read it.

 In this way the Alice may send private message to owner of a key
pair (Bob) by encrypting it using his public key. Only Bob can
decrypt it.

Related Terms

Department Of Computer Science , SCET 4|Page

Cryptography Technology

Plaintext: - An original intelligible message or data that is

fed into the algorithm as input.

Cipher text: - The coded message is known as Cipher text.

That is depends on plaintext and secret key.

Encryption: - The process of converting from plaintext to

cipher text that is known as Encryption.

Decryption: - Restoring the plaintext from cipher text that

is known as Decryption.

Cryptography: - many schemes used for enciphering

The
constitute the area of study known as Cryptography. Such a
scheme is known as Cryptographic system or Cipher.

Cryptanalysis: - Techniques used for deciphering a message

without any knowledge of enciphering details fall into the area
of Cryptanalysis.

Cryptanalysis is what the layperson calls 'Breaking the Code ' .

Cryptology: - The areas of cryptography and cryptanalysis

together are called Cryptology.

Goals of cryptography
The main goals of cryptography are

1: - Confidentially or privacy

2: - Data integrity

3: - Authentication

4: - Non-repudiation

1) Confidentially or Privacy: -

Department Of Computer Science , SCET 5|Page

Cryptography Technology

Keeping information secret from all, but those who are authorized
to see it. Confidentially is the protection of transmitted data from
passive attacks. With respect to the content of data transmission,
several levels of protection can be identified. The broadest service
protects all user data transmitted between two users over a period
of time.
The aspect of confidentially is the protection of traffic flow from
analysis. This requires that an attacker not be able to observe to
source and destination, frequency, length or any other
characteristics of the traffic on a communication facility.
2) Data Integrity: -
Ensuring the information has not been altered by unauthorized or
unknown means. One must have the ability to detect data
manipulation by unauthorized parties. Data manipulation includes
such things as insertion, deletion, and substitution
3) Authentication: -
Corroboration of the identity of an entity. Authentication is a
service related to identification. This function applies to both
entities and information.
4) Non-repudiation: -
Non-repudiation prevents either sender or receiver from denying a
message. Thus, when a message is sent, the receiver can prove
that the message was in fact send by the alleged sender.
Similarly, when a message is received, the sender can prove the
alleged receiver in fact received that message.

Characteristics of a cryptographic algorithm

The main characteristics of cryptographic algorithm are

1: - Level of security

2: - Performance

3: - Ease of implementation

1) Level Of Security: -

Department Of Computer Science , SCET 6|Page

Cryptography Technology

Typically the level of security is defined by an upper bound on the

among of work necessary to defeat the objective. This is sometimes
called the 'Work Factor'.

Work Factor could be defined as the minimum amount of work required

to compete the private key when given the public key, or in the case of
the symmetric key scheme to determine the secret key.

A functionality algorithm will need to be combined to meet various

information security objectives. Which algorithm is most effective for the
given objective ,will be determined by the basic functionality of the
algorithm.

The methods of operations algorithm when applied in various ways and

with various inputs will typically exhibit different characteristics. Thus,
one algorithm could provide very different functionality depending on its
mode of operation or usage.

2) Performance:-
Performance refers to the efficiency of an algorithm in a particular mode
of operation. For example, the number of bits/sec at which it can encrypt
may rate an encryption algorithm.

3) Ease Of Implementation:-
This refers to the difficulty of realizing the algorithm in a practical
instantiation, and might include the complexity of implementing in an
either software or a hardware environment.

The relative importance of various criteria depends to a large extent on

the application and resources available. For example, in an environment
where computing power is limited, one may have to trade off very high
level of security for better system performance.

Aspects of Security

To assess the security needs, of an organization effectively and choose

various security products and policies, the manager responsible for
security needs some systematic way of defining the requirements for
security and characterizing the approaches to satisfied those

Department Of Computer Science , SCET 7|Page

Cryptography Technology

requirements. One approach is to consider three aspects of information

security.

1 Security attack
2 Security mechanism
3 Security service

1) Security Attack: -
Any action that compromises the security of information owned by an
organization.

2) Security Mechanism: -

A mechanism that is designed to detect, prevent or recover from a

security attack.

3) Security Services: -
A service that enhances the security of the data processing system and
the information transfers of an organization. The services are intended
to counter security attacks, and they make use of one or more security
mechanism to provide the service.

Security Attacks
A useful means of classifying security attacks, used in x.800, is in term
of passive attacks and active attacks. A passive attack attempts to
learn or make use of information from the system but does not affect
system resources. An active attack attempts to alter system resources
or affect their operation.

Passive Attacks: -
Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to obtain information that is
being transmitted. Two types of passive attacks are release of message
contents and traffic analysis.

Department Of Computer Science , SCET 8|Page

Cryptography Technology

The release of message contents is easily understood. A telephone

conversation, an electronic mail message, and transferred file may
contain sensitive or confidential information. We would like to prevent
the opponent from learning the contents of these transmissions.

A second type of passive attacks, traffic analysis, is subtler. Suppose

that we had a way of masking the contents of messages or other
information traffic so that opponents, even if they captured the
message, could not extract the information from the message. The
common technique of masking contents is encryption. If we had
encryption protection in place, an opponent might still be able to
obverse the pattern of these messages. The opponent could determine
the location and identity of communicating hosts and could observe the
frequency and length of messages being exchanged. This information
might be useful in guessing the nature of the communication that was
taking place.

Passive attacks are very difficult to detect because they do not involve
any alteration of the data. However, it is feasible to prevent the success
of these attacks, usually by means of encryption. Thus, the emphasis in
dealing with passive attacks is on prevention rather than detection.

Active Attacks: -
Active attacks involve some modification of the data stream or the
creation of a false stream and can be subdivided into four categories:
masquerade, replay modification of messages, and denial of service .

A masquerade takes place when one entity pretends to be a different

entity. A masquerade attack usually includes one of the other forms of
active attack.

Replay involves the passive capture of a data unit and it's subsequent
retransmission to produce an unauthorized effect.

Modification of messages simply means that some portion of a

legitimate message is altered, or that messages are delayed or
reordered to produce an unauthorized effect. For example, a message
meaning "Allow John Smith to read confidential file accounts" is modified
to mean "Allow Fred Brown to read confidential file accounts".

Department Of Computer Science , SCET 9|Page

Cryptography Technology

The denial of service prevents or inhibits the normal use or

management of communication facilities. This attack may have a special
target; for example an entity may suppress all messages directed to
particular destination. Another form service denial is the disruption of an
entire network, either by disabling the network or by overloading it with
messages so as to degrade performance.

Active attacks present the opposite characteristics of passive attack

where as passive attacks are difficult to detect, measures are available
to prevent their success. On other hand it is quite difficult to prevent
active attacks absolutely, because to do so would require physical
protection of all communications facilities and paths at all times.
Instead, the goal is to detect than to recover from any disruption or
delays caused by them. Because the detection as a deterrent effect, it
may also contribute to prevention.

A Model for Network Security

 A model for much of what we will be discussing is captured, in

very general terms, in figure. A message is to be transferred from
one party to another across some sort of Internet. The two parties,
who are the principals in this transaction, must cooperate for the
exchange to take place. A logical information channel is
established by defining a route through the Internet from source
to destination and by the cooperative use of communication
protocol (e.g., TCP/IP) by the two principles.
 Security aspects come in to play when it is necessary or desirable
to protect the information transmission from an opponent who
may present a threat to confidentiality, authenticity, and so on. All
the techniques for providing security have to components:
 A security-related transformation on the information to be sent.
Examples include the encryption of the message, which scrambles
the message so that it is unreadable by the opponent, and the
addition of a code based on the contents of the message, which
can be used to verify the identity of the sender.

Department Of Computer Science , SCET 10 | P a g e

Cryptography Technology

Modelfo
r Network Security

 Some secret information shared by the two principals and, it is

hoped, unknown to the opponent. An example is an encryption key
used in conjunction with the transformation to scramble the
message before transmission and unscramble it on reception.
 A trusted third party may be needed to achieve secure
transmission. For example, a third party may be responsible for
distributing the secret information to the two principals while
keeping it from any opponent. Or a third party may be needed to
arbitrate disputes between the two principals concerning the
authenticity of a message transmission.

This general model shows that there are four basic tasks in designing a
particular security service:

 Design an algorithm for performing the security-related

transformation. The algorithm should be such that an opponent
cannot defeat its purpose.

 Generate the secret information to be used with the algorithm

 Develop methods for the distribution and sharing of the secret

information.

 Specify of protocol to be used by the two principals that makes

use of the security algorithm and secret information to achieve a
particular security service.

Department Of Computer Science , SCET 11 | P a g e

Cryptography Technology

 However, there are other security related situations of interest

that do not neatly fit this model but that are considered here. A
general model of this other situation illustrated by figure, which
reflects concern for protecting an information system from
unwanted access. Most readers are familiar with the concerns
caused by the existence of hackers, who attempt to penetrate
systems that can be accessed over a network. The hacker can be
someone who, with no malign intent, simply get satisfaction from
breaking and entering a computer system. Or, the intruder can be
a disgruntled employee who wishes to do damage, or a criminal
who seeks to exploit computer assets for financial gain (e.g.,
obtaining credit card numbers or performing illegal money
transfers)

Another type of unwanted access is the placement in a computer system

of logic that exploits vulnerabilities in the system and that can affect
application program as well as utility programs such as editor and
compilers. Programs can present two kinds of threats:

 Information access threats intercept or modify data on behalf of

users who should not have access to that data.

 Service threats exploit services flaws in computers to inhibit use

by legitimate users

Network Access Security Model

Department Of Computer Science , SCET 12 | P a g e

Cryptography Technology

Viruses and worms are two examples of software attacks. Such attacks
can be introduced into a system by means of a disk that contain
unwanted logic concealed in otherwise useful software.

The security mechanism needed to coped with unwanted access fall into
two broad categories. The first categories might be termed a gatekeeper
function. It includes password-based login procedures that are designed
to deny access to all but authorized user and screening logic that is
designed to detect and reject worms, viruses, and other similar attacks.
Once is gained, by either an unwanted users or unwanted software, the
second line of defense consists of a variety of internal controls that
monitor activity and analyze stored information in an attempt to detect the
presence of unwanted intruders.
Classical Encryption Techniques

A study of these techniques unable us to illustrate the basic approaches

to symmetric encryption used today and the types of cryptanalytic that
must be anticipated.

The two basic building blocks of all encryption techniques are

substitution and transposition. We examine these in the next two
sections. Finally, we discuss a system that combines both substitution
and transposition.

Substitution Techniques: -
A substitution technique is one in which the letters of plaintext are
replaced by other letters or by numbers or symbols. If the plaintext is
viewed as a sequence of bits, then substitution involves replacing
plaintext bit patterns with cipher text bit patterns

Caesar Cipher
The earliest known use of a substitution cipher, and the simplest, was by
Julius Caesar. The Caesar cipher involves replacing each letter of the
alphabet with the letter standing three places further down the
alphabet. For example

Plain: Meet me after the toga party

Cipher: PHHW PH DIWHU WKH WRJD SDUWB

Department Of Computer Science , SCET 13 | P a g e
Cryptography Technology

Note that the alphabet is wrapped around, so that the latter following Z
is
A. We can define the transformation by listing all possibilities, as follow:

Plain: a b c d e f g h I j k l m n o p q r s t u v w x y z

Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Transposition Techniques: -
All the techniques examined so far involve the substitution of a cipher
text symbol for a plaintext symbol. A very different kind of mapping is
achieved by performing some sort of permutation on the plaintext
letters. This technique is referred to as a transposition cipher.

The simplest such cipher is the rail fence technique, in which the
plaintext is written down as a sequence of diagonals and then read off
as a sequence of rows. For, example, to encipher the message " meet
me after the toga party " with a rail fence of depth 2, we write the
following.

Mematrhtgpry

Etefeteoaat

The encrypted message is MEMATRHTGPRYETEFETEOAAT

This sort of thing would be trivial to crypt analyze. A more complex

scheme is to write the messages in a rectangle, row by row, and read
the message off, column by column, but permute the order of the
columns. The order of the columns then becomes, the key to the
algorithm. For example,

Key: 4312567

Plaintext: at ta ckpos t p on edu n t I l twoa m x y

z

Cipher text: TTNAAPTMTSUOAODWCOIXKNLYPETZ

A pure transposition cipher is easily recognized because it has the same

letter frequencies as the original plaintext. For the type of columnar
transposition just shown, cryptanalysis is fairly straightforward and
involves laying out the cipher text in a matrix and playing around with
column positions. Dig ram and trigram frequency tables can be useful.

Department Of Computer Science , SCET 14 | P a g e

Cryptography Technology

Modern Techniques
Virtually all-symmetric block encryption algorithm in current use is
based on a structure referred to as a Feistel block cipher. We begin with
a comparison of stream ciphers and block ciphers.

Stream ciphers: -
A stream cipher is one that encrypts a digital data stream one bit or one
byte at a time. Example of classical stream ciphers is auto keyed
Vigenere cipher and the Vernam cipher.

Block ciphers: -
A block cipher is one in which a block of plaintext is treated as a whole
and used to produced a cipher text block of equal length. Typically, a
block size of 64 or 128 bits is used. Using some of the modes of
operation explained later in this chapter, a block cipher can be used to
achieve the same effect as a stream cipher. Far more effort has gone
into analyzing block ciphers. In general, they seem applicable to a
broader range of applications than stream ciphers. The vast majority of
network-based symmetric cryptographic applications make use of block
ciphers.

Diffusion and Confusion: -

The terms diffusion and confusion were introduced by Claude Shannon
to capture the two basic building blocks for any cryptographic system.
Shannon's concern was to thwart cryptanalysis based on statistical
analysis. The reasoning is as follows. Assume the attacker has some
knowledge of the statistical characteristics of the plaintext. For example,
in a human -readable message in some language, the frequency
distribution of the various letters may be known. Or there may be words
or phrases likely to appear in the message. If these statistics are in any
way reflected in the cipher text, the cryptanalyst may be able to deduce
the encryption key, or part of the key, or at least a set of keys likely to
contain the exact key.

Department Of Computer Science , SCET 15 | P a g e

Cryptography Technology

Other than recourse to ideal systems, Shannon suggests two methods

for frustrating statistical cryptanalysis: diffusion and confusion. In
diffusion, the statistical structure of the plaintext is dissipated into
long-range statistics of the cipher text. This is achieved by having each
plaintext digit affect the value of many cipher text digits, which is
equivalent to saying that ciphertext digit is affected by many plaintext
digits. An example of diffusion is to encrypt a message M = m1, m2, m3,
… of characters with an averaging operation : k Yn =  mn + i (mod 26)i=1

Adding k successive letters to get a ciphertext letter Yn. One can show
that the statistical structure of the plaintext has been dissipated. Thus
the letter frequencies in the ciphertext will be more nearly equal than in
the plaintext; the Diagram frequencies will also be more nearly equal,
and so on. In a binary block cipher, diffusion can be achieved by
repeatedly performing some permutation of the sata followed by
applying a function to that permutation; the effect is that bits from
different positions in the original plaintext contribute to a single bit of
ciphertext.

Every block cipher involves a transformation of a block of plaintext into

a block of ciphertext, where the transformation depends on the key. The
mechanism of diffusion seeks to make the statistical relationship
between the plaintext and ciphertext as complex as possible in order to
thwart attempts to deduce that key. On the other hand, confusion
seeks to make the relationship between the statistics of the ciphertext
and the value of the encryption key as complex as possible, again to
thwart attempts to discover the key. Thus, even if the attacker can get
some handle on the statistics of the ciphertext, where the
transformation depends on the key. The mechanism of diffusion seeks to
make the statistical relationship between the plaintext and ciphertext as
complex as possible in order to thwart attempts to deduce that key. On
the other hand, confusion seeks to make the relationship between the
statistics of the ciphertext and the value of the encryption key as
complex as possible, again to thwart attempts to discover the key. Thus,
even if the attacker can get some handle on the statistics of this, as
Federal Information Processing Standards 46 (FIPS pub 46). The
algorithm itself is referred to as the Data Encryption Algorithm (DEA).
For EDS, data are encrypted in 640bit blocks using a 56-bit key. The
algorithm transforms 64-bit input in a series of steps into a 64-bit
output. The same steps, with the same key, are used to reverse the
encryption.

Department Of Computer Science , SCET 16 | P a g e

Cryptography Technology

DES enjoys widespread use. It has also been the subject of much
controversy concerning how secure the DES is,. To appreciate the nature
of the controversy, let us quickly review the history of the DES.

In the late 1960s, IBM set up a research project in computer

cryptography led by Horst Feistel. The project concluded in 1971 with
the development of an algorithm with the designation LUCIFER (FEIS73),
which was sold to Lloyd's of London for use in a cash-dispensing system,
also developed by IBM LUCIFER is a Feistel block cipher that operates on
blocks of 64 bits, using a key also of 128 bits. Because of the promising
results produced by the LUCIFER project, IBM embarked on an effort to
develop a marketable commercial encryption product that ideally could
be implemented on a single chip. The effort was headed by Walter
Tuchman and Cart Meyer, and if involved not only IBM researchers but
also out-side consultants and technical advice from NSA. The outcome of
this effort was a refined version of LUCIFER that was more resistant to
cryptanalysis but that had a reduced key size of 56 bits, to fit on a single
chip.

In 1973, the National Bureau of Standards (NBS) issued a request for

proposals for a national cipher standard. IBM submitted the results of
its Tuchman-Meyer project. This was by far the best algorithm proposed
and was adopted in 1977 as the Data Encryption Standard.

Before its adoption as a standard, the proposed DES was subjected to

intense criticism, which has not subsided to this day. Two areas drew
the critics’ fire. First, the key length in IBM's original LUCIFER algorithm
was 128 bits, but that of the proposed system was only 56 bits, an
enormous reduction in key size of 72 bits. Critics feared that this key
length was too short to withstand brute-force attacks. The second area
of concern was that the design criteria for the internal structure of DES,
the S-boxes, were classified. Thus, users could not be sure that the
internal structure of DES was free of any hidden weak points that would
enable NSA to decipher messages without benefit of the key.
Subsequent events, particularly the recent work on differential
cryptanalysis, seem to indicate that DES has a very strong internal
structure. Furthermore, according to IBM participants, the only changes
that were made to the proposal were changed to the S-boxes, suggested
by NSA, that removed vulnerabilities identified in the course of the
evaluation process.

Department Of Computer Science , SCET 17 | P a g e

Cryptography Technology

Whatever the merits of the case, DES has flourished and is widely used,
especially in financial applications. In 1994, NIST reaffirmed DES for
federal use for another five years; NIST recommended the use of DES for
applications other than the protection of classified information. In 1999,
NIST issued a new version of its standard that indicated that DES should
only be used for legacy systems and that triple DES (which in essence
involves repeating the DES algorithm three times on the on plaintext
using two or three different keys to produce the ciphertext) be used.

DES Encryption: -
The overall scheme for DES encryption is illustrated in figure. As with
any encryption scheme, there are two inputs to the encryption function:
the plaintext to be encrypted and the key. In this case, the plaintext
must be 64 bits in length and the key is 56 bits in length.

Department Of Computer Science , SCET 18 | P a g e

Cryptography Technology

General Depiction of DES Encryption Algorithm

Looking at the left-hand side of the figure, we can see that the
processing of the plaintext proceeds in three phases. First, the 64-bit
plaintext passes through an initial permutation (IP) that rearranges the
bits to produce the permuted input. This is followed by a phase
consisting of 16 rounds of the same function, which involves both
permutation and substitution functions. The output of the last (16) round
consists of 64 bits that are a function of the input plaintext and the key.
Department Of Computer Science , SCET 19 | P a g e
Cryptography Technology

The left and right halves of the output are swapped to produce the
preoutput. Finally, the preoutput is passed through a permutation that
is the inverse of the initial permutation function, to produce the 64-bit
ciphertext. With the exception of the initial and final permutation, DES
has the exact structure of a Feistel cipher.

The right-hand portion of figure shown the way in which the 56-bit key is
used. Initially, the key is passed through a permutation function. Then,
for each of the 16 rounds, a subkey (Ki) is produced by the combination
of a left circular shift and a permutation. The permutation function is the
same for each round, but a different subkey is produced because of the
repeated iteration of the key bits.

Public-key cryptography

The development of public-key cryptography is the greatest and perhaps

the only true revolution in the entire history of cryptography. From its
earliest beginning to modern times, virtually all cryptographic system
have been based on the elementary tools of substitution and
permutation.

Principle of Public-key cryptosystem

The concept of public-key cryptography evolved from an attempt to

attack two of the most difficult problems associated with symmetric
encryption. The first problem is that of key distribution.

As we have seen, key distribution under symmetric encryption

requires either

 That to communicants already share a key, which somehow has

been distributed to them; or

 The use of a key distribution center Whitfield Diffie. One of the

discoverers of public-key encryption (along with Martin Hellman,
both at Stanford University at the time), reasoned that this second

Department Of Computer Science , SCET 20 | P a g e

Cryptography Technology

requirement negated the very essence of cryptography, the ability

to maintain total secrecy over your own communication. As Diffie
put to (DIFF88), " what good would it do after all to develop
impenetrable cryptosystems, if their users were forced to share
their keys with a KDC that could be compromised by either
burglary or subpoena? "

 The second problem that Diffie pondered, and one that was
apparently unrelated to the first was that of " digital signatures ".
If the use of cryptography was to become widespread, not just in
military situations but for commercial and private purposes, then
electronic message and documents would need the equivalent of
signatures used in paper documents. That is, could a method be
devised that would stipulate, to the satisfaction of all parties that a
digital message had been sent by a particular person? This is a
somewhat broader requirement than that of authentication, and
its characteristics and ramifications are explored.

In the next subsection, we look at the overall framework for public-

key cryptography. Then we examine the requirements for the
encryption/decryption algorithm that is at the heart of the scheme.

Public-key cryptosystems: -
 The public-key algorithms rely on one key for encryption and a
different but related key for decryption. These algorithms have the
following important characteristics:

 It is computationally infeasible to determine the decryption key

given only knowledge of the cryptographic algorithm and the
encryption key.

In addition, some algorithms, such as RSA, also exhibit the following

characteristics:

 Either of the two related keys can be used for encryption , with
other used for decryption.

 A public-key encryption scheme has six ingredients.

Department Of Computer Science , SCET 21 | P a g e

Cryptography Technology

 Plaintext: - This is the readable message or data that is fed into

the algorithm as input.

 Encryption algorithm: - The encryption algorithm performs

various transformations on the plaintext.

 Public and private key: - This is a pair of keys that have been
selected so that if one is used for encryption, the other is used for
decryption. The exact transformations performed by the
encryption algorithm depend on the public or private key that is
provided as input.

 Ciphertext: - This is the scrambled message produced as input. It

depends on the plaintext and the key. For a given message, two
different keys will produce two different ciphertexts.

 Decryption algorithm: - This algorithm accepts the ciphertext

and the matching key and produces the original plaintext.

The essential steps are the following:

 Each user generates a pair of keys to be used for the encryption

and decryption of messages.

 Each user places one of the two keys in a public register or other
accessible file. This is the public key. The companion key is kept
private. As figure suggests, each user maintains a collection of
public keys obtained from others.

 If Bob wishes to send a confidential message to Alice, Bob

encrypts the message using Alice's public key.

 When Alice receives the message, she decrypts it using her

private key. No other recipient can decrypt the message because
only Alice knows Alice's private key.

With this approach, all participants have access to public keys, and
private keys, are generated locally by each participant and therefore
need never be distributed. As long as a system controls its private key,
its incoming communication is secure. At any time, a system can change
its private key and publish the companion public key to replace its old
public key.

Department Of Computer Science , SCET 22 | P a g e

Cryptography Technology

The RSA Algorithm

The pioneering paper by Diffie and Hellman [DIFF 76 b] introduce a new

Department Of Computer Science , SCET 23 | P a g e

Cryptography Technology

Approach to cryptography and, in effect challenged cryptologists to

come up with a cryptographic algorithm that met the requirements for
public - key systems. One of the first of the responses to the challenge
was developed in 1977 by Ron Rivest, Adi Shamir, and Len Adleman at
MIT and first published in 1978 [RIVE 78] the Rivest - Shamir- Adleman
(RSA) scheme has since that time reigned supreme as the most widely
accepted and implemented general - purpose approach to public - key
encryption.

The RSA scheme is a block cipher in which the plaintext and ciphertext
are integers between 0 and n -1 for some n. A typical size for n is 1024
bits, or 309 decimal digits. We examine RSA in this section in some
detail, beginning with an explanation of the algorithm. Then we examine
some of the computational and cryptanalytical implications of RSA.

Description of the Algorithm

The scheme developed by Rivest, Shamir, and Adleman makes use of an

expression with exponential. Plaintext is encrypted in blocks, with each
block having a binary value less than some number n. That is the block
size must be less than or equal to log2(n); in practice, the block size is
k bits, where 2k < n < 2k+1. Encryption and decryption are of the
following forms, for some plaintext block M and ciphertext block C.

C = Me mod n

M = Cd mod n = (Me) d mod n = Med mod n

Both sender and receiver must know the value of n. The sender knows
the value of e, and only the receiver knows the value of d. Thus, this is a
public-key encryption algorithm with a public key of KU = {e,n} and a
private key of KR ={d,n}. For the algorithm to be satisfactory for public-
key encryption, the following requirements must be meet:

1 -> it is possible to find value of e, d, n such that Med = M mod n for all
M<n.

2 -> it relatively easy to calculate Me and Cd for all values of M < n.

3 -> it is infeasible to determine d given e and n.

Department Of Computer Science , SCET 24 | P a g e

Cryptography Technology

For now, we focus on the first requirement and consider the other
questions later. We need to find a relationship of the form

Med = M mod n

A corollary to Euler's theorem, fits the bill: Given two prime numbers, p
and q and two integers n and m, such that n = pq and 0 < m< n, and
arbitrary integer k, the following relationship holds:

Mk(n) + 1 = mk (p-1)(q-1)+1 = m mod n

Where (n) is the Euler totient function which is the number of positive
integers less then n and relatively prime to n. for p, q prime, (pq) = (p-
1)(q-

1). Thus we can achieve the desired relationship if

Ed = k(n) + 1

This is equivalent to saying:

Ed = 1 mod (n)

D = e-1 mod (n)

That is e and d are multiplicative inverses mod (n). Note that according
to the rules of modular arithmetic, this is true only if d (and therefore e)
is relatively prime to (n), Equivalently, gcd ((n), d) = 1

We are now ready to state the RSA scheme. The ingredients are the
following:

P, q, two prime numbers (private, chosen)

n = pq (public, calculated)

e, with gcd((n),e) = 1; 1<e<(n) (public, chosen)

d = e-1 mod (n) (private, calculated)

The private key consists of {d, n} and the public key consists of {e, n}.
Suppose that user A has published its public key and that user B wishes
to send the message M to A. then B calculates C = Me (mod m) and

Department Of Computer Science , SCET 25 | P a g e

Cryptography Technology

transmits C. on receipt of this ciphertext, user A decrypts by calculating

M = Cd (mod m).It is worthwhile to summarize the justification for this
algorithm. We have chosen e and d such that d = e-1 mod (n)

Therefore,

ed = 1 mod (n)

Therefore, ed is of the form k(n)+1. But by the corollary to Euler’s

theorem, provided here, given two prime numbers p and q, and integers
n = pq and M with

0 < M < m:

Mk(n) + 1 = Mk (p-1)(q-1)+1 = M mod n

So, Med = M mod n.

Now C = Me mod n

M = Cd mod n = (Me) d mod n = Med mod n = m mod n

Advantages & Benefits

ClassicSys as a standard...
Besides ClassicSys ciphering at high speed, two more advantages make

Classic prime candidate for THE standard application in cryptography :

Classic Sys uses only 1 secret key to meet ALL the cryptographic needs
of an end

user such as :

 To authenticate himself

 To authenticate messages with a time reference

 To generate all the Session Keys he needs for Email (as one
possible application)

 To generate several keys for other applications: banking,

electronic commerce, electronic voting, casino games at home, ...

Department Of Computer Science , SCET 26 | P a g e

Cryptography Technology

2. Classics is designed in such a way that there is no valid reason to

forbid it's use in any country in the world. Classic Sys gives all the
required guarantees to its users and their government : secret keys
must not be divulged and Security Services can always decipher suspect
messages.

Advantages & benefits for the End-User ...

 ClassicSys offers more than the known advantages of encryption
solutions:
 Very high speed of encryption (see below).

 The chip contains the SED algorithm and all the other features of
ClassicSys. One system covers all cryptographic needs, for all
applications.

 New applications can be added without updating the chip.

 ClassicSys works is fully automated, requests to the TA are

returned directly, without human intervention.

 Private Keys are completely unknown to everybody, even the

Trust Authority's manager! All keys are written into chips and are
not accessible to humans or other machines. This guarantees the
privacy of all the end-users.

 Once an end-user has received the information to generate his

Application Keys, he does not need the intervention of the TA
anymore. Email for example, users do not need the TA to
exchange messages between themselves.

 ClassicSys acts like a public key cryptosystem : every end-user

has one public ID number, which is used in a similar way to public
keys. Email for example, when somebody wants to communicate
with another end-user, he sends to the TA his ID number and the
one from his correspondent. In return he receives information from
the TA to generate their Session Key.

Technical advantages & benefits

Department Of Computer Science , SCET 27 | P a g e

Cryptography Technology

 ClassicSys is easy to implement in integrated circuits because:

 It uses only XOR and branching functions

 No reporting arithmetic bits are needed

 Programming can be done with a polynomial structure.

 The length of the blocks of key and data are identical and equal to
128 bits (16 bytes).

The security of ClassicSys is enhanced compared to other systems

because:

 Deciphering is not the reverse of ciphering

 The ciphering and deciphering keys are different

 All the PrivateKeys (end-users, TAs, NSS’s) are included in an IC

and therefore not accessible.

There is no known way to reconstruct, by cryptanalysis, the secret key,

knowing a clear and it's corresponding encrypted message. Differential
cryptanalysis is not suitable to the SED algorithm. On average, there is
only one key corresponding to a clear and its associated encrypted text
and therefore, each bit of the key has equal weight in the algorithm.
Only 1 secret key of 128 bits is enough to meet all the cryptographic
needs of an
end-user such as :

 To generate all the Session Keys he needs

 To authenticate himself

 To authenticate messages with a time reference

 To generate several keys for other applications (banking,

electronic
commerce, electronic voting, casino games at home,...)
Unlike the RSA algorithm, where every key requires a determined space,
the SED Algorithm can use every block contained in the space 2128.

The SED algorithm is very fast for the following reasons:

Department Of Computer Science , SCET 28 | P a g e

 Cryptography Technology

The length of the blocks (key and data) is small (128 bits against more
than 512 bits) but long enough to disable every exhaustive
cryptanalysis. On average. It is possible to compute at 1/3 of the clock
frequency (8 to 10 Mbytes/sec).

The SED algorithm is completely transparent. Due to the theory of

Multiplicative Groups we can confirm that there is no Trojan Horse in the
SED algorithm.

The SED algorithm permits chained mode ciphering, allowing reduction

of the authentication information to one block of 128 bits, whatever the
length of the data to authenticate.

Comparison between the DES, the RSA and the

SED
The table below compares the important features of the DES, the RSA
and the SED algorithms, used within global cryptographic systems.

FEATURE DES RSA SED

speed High Low High
Deposit of keys Needed Needed Not needed
Country No No Yes
independence
Trojan horses Not proved No No
Data block 64 bits minimum 512 bits 128 bits
length
56 bits 512 bits 128 bits
Cipher ciphering & Same Different Different
decyphering key

Application: -
Cryptography is extremely useful; there is a multitude of applications,
many of which are currently in use. A typical application of cryptography
is a system built out of the basic techniques. Such systems can be of
various levels of complexity. Some of the more simple applications are
secure communication, identification, authentication, and secret
sharing. More complicated applications include systems for electronic

Department Of Computer Science , SCET 29 | P a g e

Cryptography Technology

commerce, certification, secure electronic mail, key recovery, and

secure computer access.

Generally, the less complex the application, the more quickly it becomes
a reality. Identification and authentication schemes exist widely, while
electronic commerce systems are just beginning to be established.
However, there are exceptions to this rule; namely, the adoption rate
may depend on the level of demand. For example, SSL-encapsulated
HTTP (see Question 5.1.2) gained a lot more usage much more quickly
than simpler link-layer encryption has ever achieved. The adoption rate
may depend on the level of demand.

Secure Communication
Secure communication is the most straightforward use of cryptography.
Two people may communicate securely by encrypting the messages
sent between them. This can be done in such a way that a third party
eavesdropping may never be able to decipher the messages. While
secure communication has existed for centuries, the key management
problem has prevented it from becoming commonplace. Thanks to the
development of public-key cryptography, the tools exist to create a
large-scale network of people who can communicate securely with one
another even if they had never communicated before.

Identification and Authentication

Identification and authentication are two widely used applications of
cryptography. Identification is the process of verifying someone's or
something's identity. For example, when withdrawing money from a
bank, a teller asks to see identification (for example, a driver's license)
to verify the identity of the owner of the account. This same process can
be done electronically using cryptography. Every automatic teller
machine (ATM) card is associated with a ``secret'' personal identification
number (PIN), which binds the owner to the card and thus to the
account. When the card is inserted into the ATM, the machine prompts
the cardholder for the PIN. If the correct PIN is entered, the machine
identifies that person as the rightful owner and grants access. Another
important application of cryptography is authentication. Authentication
is similar to identification, in that both allow an entity access to
resources (such as an Internet account), but authentication is broader
Department Of Computer Science , SCET 30 | P a g e
Cryptography Technology

because it does not necessarily involve identifying a person or entity.

Authentication merely determines whether that person or entity is
authorized for whatever is in question. For more information on
authentication and identification, see Question 2.2.5.

Secret Sharing
Another application of cryptography, called secret sharing, allows the
trust of a secret to be distributed among a group of people. For
example, in a (k, n)-threshold scheme, information about a secret is
distributed in such a way that any k out of the n people (k £ n) have
enough information to determine the secret, but any set of k-1 people
do not. In any secret sharing scheme, there are designated sets of
people whose cumulative information suffices to determine the secret.
In some implementations of secret sharing schemes, each participant
receives the secret after it has been generate

Bibliography:-
This document's some topics are just picked up by some of reference
book and some excellent web site which give me good explore such
references are following.

 www.google.co.in.
 Cryptography And Network Security (William Stallings).

 Computer Network ( Andrew S. Tanenbaum).

Conclusion:-
By Analysis of this report and their subtopics which are mentioned
above, which are inherently guides us about various cryptographic
techniques used in data security. By using of encryption techniques a
fair unit of confidentiality, authentication, integrity, access control and
availability of data is maintained. Using cryptography Electronic Mail
Security, Mail Security, IP Security, Web security can be achieved.

Department Of Computer Science , SCET 31 | P a g e

Cryptography Technology

REFERENCES ON INFOSEC AND CRYPTO :

BRUNNER, JOHN (1975). The Shockwave Rider. New York, NY: Ballantine Books.
PR6052.R855 74-23861; ISBN 0-345-24853-8-150. CASTANO, SILVANA; FUGINI,
MARIAGRAZIA; MARTELLA, GIANCARLO; & SAMARATI, PIERANGELA (1995).

Database Security. Reading, MA: Addison-Wesley Publishing Company.

QA76.9.D314S55 1994; 005.8―dc20; 94-26279; ISBN 0-201-59375-0. CHAPMAN, D.
BRENT; & ZWICKY, ELIZABETH D. (1995). Building Internet Firewalls. Sebastopol, CA:
O"Reilly & Associates. CHESWICK, WILLIAM R.; & BELLOVIN, STEVEN M. (1994).

Firewalls and Internet Security: Repelling the Wily Hacker. Reading, MA: Addison-
Wesley Publishing Company. TK5105.875.I57C44 1994; 005.8--dc20; 94-10747;
ISBN 0-201-63357-4. $23.16 COHEN, FREDERICK B. (1995). Protection and Security
on the Information Superhighway. New York: John Wiley & Sons, Inc.
QA76.9.A25C59 1995; 005.8--dc20; 94-40488; ISBN 0 471-11389-1. CURRY, DAVID
A. (1992).

UNIX System Security: A Guide for Users and System Administrators. Reading, MA:
Addison-Wesley Publishing Company, Inc. QA76.9.A25C87 1992; 005.4'3--dc20; 91-
43652; ISBN 0-201-56327-4 (hardcover). DAVIES, D.W., & PRICE, W.L. (1984).

Security for Computer Networks: An Introduction to Data Security in Teleprocessing

and Electronic Funds Transfer. New York: John Wiley & Sons. TK5105.D43 1989;

Department Of Computer Science , SCET 32 | P a g e