3.

CRYPTOGRAPHY
Introduction:-

Cryptography--Cryptography is the art and science of achieving security by encoding messages to

make them non-readable. OR

Cryptography is a method of storing and transmitting data in a particular form so that only those for
whom it is intended can read and process it. OR

The art of protecting information by transforming it (encrypting it) into an unreadable format,
called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into
plain text.

Welcome to sspp Cryptography RHs %$ s89

(plain text) system (Cipher text)

Cryptography system

Cryptography played an important role in World War II. In the years preceding the war, both the
Allies as well as the Germans were investing heavily in building cryptosystems. Many of these
systems were based on a combination of mechanical and electronic systems.

Terms related to cryptography:-

1. Algorithm - a step-by-step problem-solving procedure, for solving a problem in a finite number of
steps.
In the context of encryption, an algorithm is the mathematical formula or set of mathematical rules
used to scramble and unscramble data.
2. Cryptography - It is a art & science of achieving security by encoding message to make them
unreadable.
3. Plain text - Message to be encrypted (secret text). Data in readable format called as clear text.
4. Key – a specific string of data used to encrypt the plaintext or decrypt the cipher text.
5. Encryption - Process of converting plain text into cipher text using key.
6. Cipher text - It is the encrypted text.
7. Decryption - Process of converting cipher text into plain text using key.
8. Cryptanalysis - It is the technique of decoding message from non-readable format back to readable
format by trial & error method
9. Cryptanalyst - People who perform cryptanalysis.
10. Cryptology - It is the combination of cryptography & cryptanalysis.

Application of cryptography:-
It is used

 to share secret message.

 Used for access control.
 Eleronic payment.
 Identification.
 Used for a Authentication of a person.
 Used is cellular phone as a means of authentocation.
 used for key recovery.

Classical encryption techniques

Basically there are two classical encryption techniques

 Symmetric cipher
 Asymmetric cipher

insecure
Message channel
Message

Symmetric cryptographic technique:-

In this same key is used for encryption & decryption.Hence also called as
single key/secret key/shered key technique.

This key is shared between sender & receiver & known to only sender & receiver & no one else.
 Fig. Symmetric cryptography

Types of symmetric cryptography

1. Block cipher:-
It is the encryption technique in which 64bit blocks of data is encrypted at a time with
encryption algorithm.
2. Stream cipher:-
It encrypt smaller block of plain text data at time i.e. bit or byte

Symmetric cryptography technique is much faster than asymmetric cryptography.

Asymmetric cryptography technique:-
1. In this different keys are used for encryption & decryption.
2. Asymmetric technique is also called as public key cryptography
3. Public key is the key which is known to all
4. Private Key is the key which is secret and known to self only.
5. In encryption sender encrypts message with receiver’s public key.
6. In decryption receiver decrypts cipher text using his own private key.
 Fig: - Asymmetric cryptography techniques

Difference between

Difference Symmetric Cryptography Asymmetric Cryptography

1. Same key is used for encryption Different key is used for encryption
decryption. and decryption
2. Faster than asymmetric Slower than symmetric
cryptography.
3. Key exchange is big key exchange problem is not present
problem
4. Key is less secure Key is more secure.
5.

6.

SUBSTITUTION CIPHER:-

A substitution technique is the one in which the one in which the letters of plain text are replaced
by other letters or by numbers or symbols.

1. Caesar cipher
2. Play fair cipher
3. Hill cipher
1. Caesar cipher:- it involves replacing each letter of alphabet with the letter standing 3 places
down the alphabet. i.e.
 Replacement table

plain a b c d e f g h i j k l m
cipher d e f g h i j k l m n o p

plain n o p q r s t u v w x y z
cipher q r s t u v w x y z a b c

e.g. Plain text= welcome to MIT

Cipher text= zhofrph wr plw

 Caser cipher is a very weak scheme of hiding plain text message.

 To break caser cipher we do the reverse process.

Algorithm to break caser cipher:-

1. Read each alphabet in cipher text and search for it in second row of the replacement table.
2. Replace that alphabet in cipher text with the corresponding alphabet in same column but in first
row of table.(i.e. c replaced by z)
3. Repeat process for all alphabets in the cipher message.
e. g. cipher text= PLW VVSS
Plain text= MIT SSPP

MODIFIED VERSION OF CASEAR CIPHER:-

In this some complications are added in basic Caesar cipher. To make attackers life difficult. In
this each alphabet in plain text is replaced by any places down the line of alphabet. Not necessary to be
third place down the line. i.e. A can be replaced by any other alphabet in (B through Z). Thus for
each alphabet we have 25 possibilities of replacement.
e.g. plain text= welcome
Suppose we have decided that replace plain text message with 5 places down the line. So cipher text is
Plain text=welcome
Cipher text=aipgsgi

Algorithm to break modified version:-

1. Let k=l
2. Read each alphabet in cipher text message and replace each alphabet with alphabet with k position
down the order.
3. Increment k by l
4. If k < 26 go to step 2 else stop.
5. Original plain text message is one of the 25 possibilities produced by above steps.
 e.g. consider cipher text= aipgsgi

Cipher text a i p g s g i

Value of k
1 b j q h t r j
2 c k r i u s k
3 d l s j v t l
4 e m t k w u m
5 f n u l x v n
6 g o v m y w o
7 h p w n z x p
8 i q x o a y q
9 j r y p b z r
10 k s z q c a s
11 l t a r d b t
12 m u b s e c u
13 n v c t f d v
14 o w d u g e w
15 p x e v h f x
16 q y f w i g y
17 r z g x j h z
18 s a h y k i a
19 t b i z l j b
20 u c j a m k c
21 v d k b n l d
22 w e l c o m e
23 x f m d p n f
24 y g n e q o g
25 z h o f r p h

Fig: - Attempt to break modified Caesar cipher using all possibilities.

To break modified Caesar cipher above algorithm is used.

 We can see that cipher text shown in first row of fig. needs maximum 25 different attempts to
break according to algorithm.
 22nd attempt reveals to break plain text.

MONO ALPHABETIC CIPHER:-

 Major weakness of Caesar cipher is predictability.

 Instead of using uniform scheme for all alphabets in given plain text message it uses random
substitution. i.e. A can be replaced by any other alphabet between B to Z. B can be replaced by
any other alphabet A or C----Z etc.
 There is no relationship between replacement of B and A. i.e. if we replace A by E then it is not
necessary that B is replace with F it can be replaced with any alphabet.

HOMOPHONIC SUBSTITUTION CIPHER:-

 In this one plaintext alphabet can be mapped to more than one cipher text alphabet. E.g. A can be
replaced by [D, H, P, R ]. B can be replaced by [E, I, Q, S ]
 It involves substitution of one plain text character with a cipher text character can be any one of
chosen set.

POLYGRAM SUBSTITUTION CIPHER:-

 In this rather than replacing one plain text with one cipher text at a time, a block of alphabet is
replaced with another block.
 E.g. hello replaced with YVQQW. Hell replaced with TXUG with totally different scheme.

POLYALPHABETIC SUBSTITUTION CIPHER:-

 This uses multiple one character key.

 Each of the key encrypts one plain text character.
 First key encrypts the first plain text character; second key encrypts second plain text character and
so on.
 It uses set of related monoalphabetic substitution rules.
 It uses key that determines which rule is used for which transformation.

Play Fair Cipher

 It is based on the use of 5*5 matrix of letter constructed using the keyword.
 Matrix is constructed by filling the letters in keyword from left to right and top to bottom. And
then filling the remainder of matrix with the remaining letters in alphabetic order.
 The letter I and J count as one letter.
 Omits repeated letter in keyword

RULES:-
1. Split the plain text as a group of 2 letters.
2. All letters written in lowercase and without punctuation.
3. If group contain repeated plain text letter then they are separated with filler letter x.

e.g. balloon ba l l oo n
ba lx lo on
4. If a single letter remains at the end to attached with z
5. If 2 plaintext letters fall in same row of matrix then each letter is replaced by letter to the right.
6. If 2 plaintext letters fall in same column of matrix then each letter is replaced by letter below it
7. If 2 plaintext letter not in same row or same column then each plain text letter that is present in his
row but column occupied by the other letter in plain text letter.

Preparing matrix
1. 5 * 5 matrix

2. Populate with keyword

e.g. keyword is play fair example
3. Fill in keyword in matrix by omitting repeated alphabets
p l a y f
i r e x m

4. Populate matrix with alphabets in order again omitting repeated alphabets

p l a y f
i r e x m
b c d g h
k n o q S
t u v w z

Encryption example
1. Plain text is MIT POLYTECHNIC

Example:- Keyboard = play fair example

Our matrix will be

p l a y f
i r e x m
b c d g h
k n o q S
t u v w z

2. Split plain text (Rule 3)

MI TP OL YT EC HN IC
3. By looking in the matrix MI is in the same row so will be replaced by right side letter.(Rule 5) MI
IR
4. TP is in the same column so will be replace by below letter (Rule 6) TP  PI
5. OL is in different row different column so will be replaced by the same row alphabet but from the
column of another alphabet (Rule 7) OL  NA
6. YT is replaced by the same (Rule 7) YT  PW
7. EC replaced with Rule 7 EC  RD
8. HN replaced with Rule 7 HN  CS
9. IC replaced with Rule 7 IC  RB

Plain text =MIT POLYTECHNIC

Cipher text = IR PI NA PW RD CS RB

Hill Cipher
Hill cipher works on multiple letters at same time.

Encryption process:-

1. First convert the key word into key matrix (2*2) or (3*3).It keyword not provide select any
random key matrix.
2. Convert plaintext into diagraph for 2*2 key matrix or trigraph for 3*3 key matrix.
3. Number the plain text alphabets in diagraph or trigraph (A=0……Z=25)
4. Multiply two matrices, plain text matrix and key matrix
5. Perform mod26 of above resultant matrix.
6. Again translate the numbers to alphabets to get cipher text.

Example:-

Keyword = HILL

Plaintext= java.

We use 2*2 matrixes

1. Convert keyword into matrix

𝐻 𝐼 7 8
[ ] =[ ]
𝐿 𝐿 11 11

2. Convert plaintext into diagraph because key matrix is 2*2

𝑉
(𝐴𝐽 ) (𝐴)
 3. Replace alphabet with alphabet number

(09) (21
0
)
4. Perform multiplication with following rules

𝑎 𝑏 𝑥 𝑎𝑥 + 𝑏𝑦
( )( ) = ( )
𝑐 𝑑 𝑦 𝑐𝑥 + 𝑑𝑦

5. Consider
9 7 8 7∗9 + 8∗0 63
( )( )=( )= ( )
0 11 11 11 ∗ 9 + 11 ∗ 0 99

6. Perform mod 26 of above 26 resultant matrix that is take the remainder after dividing above
matrix value by 26

63 11
( ) 𝑚𝑜𝑑 26 = ( )
99 21

7. Now the translate the number to the alphabet 11= L and 21 = V So JA = LV

8. Perform step 4, 5, 6, 7 for plain text VA and you will obtain RX
7 8
9. (21 ) ( ) = ( 21∗7 + 0∗8
) = ( 147
)
0 11 11 21∗11 + 0∗11 231

147
10. (
231
) 𝑚𝑜𝑑 26 = (17
23
)

11. 17  R 23  X

12. Thus plaintext =java cipher text=lvrx

Transposition Techniques

1) Rail fence techniques

2) One time pad (vernam cipher)
3) Row transposition.

Transposition technique performs some permutations over the plain text alphabet.
 1) Rail Fence technique:-

Algorithm=

1. Write down the plain text message as sequence of diagonals.

2. Read the plain text written in step 1 as sequence of rows.

Example=

Plain text = come home tomorrow

Arrange plain text as sequence of diagonal as

Now read as sequence of row.

Cipher text=cmhmtmrooeoeoorw

2) One time pad :-

 It is also called as vernam cipher.
 Implemented using random set of non-repeating characters as input cipher text.
 Once an input cipher text is used for transposition, it is never used again for any other
message hence it is called as one time pad.
 Size of input cipher text is equal to the size of plain text.

Algorithm :-

1. Number the alphabet in plaintext.

2. Take random input cipher text & number alphabet in it i.e. one time pad .
3. Add each number corresponding to plain text alphabet & one time pad alphabet.
4. If sum produced is greater than 25 then subtract 26 from it.
5. Translate each number of the sum back to the corresponding alphabet it gives output cipher
text.

Example:-

Consider plaintext =how are you

Input cipher text = NCB TZQ ARX (ONE TIME PAD)

Plaintext H O W A R E Y O U
7 14 22 0 17 4 24 14 20

One N C B T Z Q A R X
time pad
13 2 1 19 25 16 0 17 23

After 20 16 23 19 42 20 24 31 43
addition
Subtract -26 -26 -26
26 if >25
total 20 16 23 19 16 20 24 5 17
Cipher V Q X T Q V Y F R
text

Plain text = How are you

Cipher text = VQX TQV YFR

It is suitable only for short message.

3) Row Transposition cipher:-

 In this rearrangement of character is carried out.
 By writing plaintext row wise & reading cipher text column wise in the order of
column specified by key.

Algorithm -

1. Take key.
2. Write the plain text row wise & divided into key length number of columns
3. Arrange the key in alphabetical order so accordingly order the columns
4. Read cipher text column wise
5. To complete the table plain text is padded with X.

Example:- Plain text= The simplest possible cipher is

Key= given (5 columns)

G I V E N
t h e s i
m p l e s
t p o s s
i b l e c
i p h e r
i s x x x
Arrange key in alphabetical order

Key = eginv

E G I N V
s t h i e
e m p s l
s t p s o
e i b c l
e i p r n
x i s x x

Read column wise

Cipher text=seseextmt iihppbpsisscrxelolnx.

Steganography
It is the technique of hiding one message inside other message.

- Steganography is Greek word & it means “concealed writing”

- Cryptography protect contents of message
- Steganography protects both message & communicating parties.
- Steganography embeds a secret message in cover message parameterized by stego-key &
reading of an embedded secret message is possible only having this key.
- In digital Steganography electronic communication may include steganographic coding inside
image. Media files are ideal for transmission because of their large size.

Steganography process

Cover media + secret message + stego key = stego medium

 Terminology used:-
1) Cover media - Is the media in which we hide the secret message.
2) Message (pay load) - also called as hidden data. It is message which will be hidden in
cover or stego media.
3) Stego medium (package, converted message) - medium in which secret message is hidden.
4) Redundant bit - bit in cover medium that can be modified without compromising that
mediums integrity.
5) Stego key – key used to encode and decode the data
6) Stego function – function for encoding and reverse function for decoding

Thus secret message is hidden in cover medium without compromising its integrity. By encrypting it
using stego key. Finally we get stego medium which contain hidden message.

Techniques of Stenography

1. Character marking – in this selected letters of text are overwritten using pencil.
2. Invisible ink – a number of substances can be used for writing but leave no visible trace until
heat or some chemical.
3. Pin punctures – small pin punctures of selected letters are not visible unless paper is held in
front of light.
4. Wax tablets in wooden frame
5. Message below postal stamp
6. Typewriter ribbon – double typed alphabets
7. Knitting yarn

Advantages of steganography

1) It can be employed by parties who have something to lose should the fact of their secret
communication be discovered.
2) Steganography can protect both the message & communication parties.
Disadvantages of steganography

1) Requires lots of overhead to hide few bits of information.

2) Once the system is discovered it becomes virtually worthless.
3) Hiding capacity is less
4) Quality of the resultant stego image is a major issue

Applications

1) Used in modern printers.

2) Digital watermarking. \
3) Copy write
4) Convert military operations
5) To transmit cryptography keys

Digital signature

- It is an electronic signature.
- It is authentication mechanism used to authenticate identity of the sender.
OR
Digital signature is a digital code (generated & authenticated by public key encryption) which
is attached to an electronically transmitted document to verify its contents & the senders
identity.
- Digital signature is based on both hashing function & asymmetric cryptography.
- Digital signature is easily transportable & cannot be imitated by someone else. & can be
automatically time stamped.

Why digital signatures are used?

Digital signature must be a bit pattern with such a information which is unique to the sender. This
information helped to prevent forgery and denial.

 Authenticity The digital signature helps ensure that the signer is who he or she claims to be.
This helps prevent others from pretending to be the originator of a particular document (the
equivalent of forgery on a printed document).
 Integrity The digital signature helps ensure that the content has not been changed or
tampered with since it was digitally signed. This helps prevent documents from being
intercepted and changed without knowledge of the originator of the document.
 Non-repudiation The digital signature helps prove to all parties the origin of the signed
content. "Repudiation" refers to the act of a signer's denying any association with the signed
content. This helps prove that the originator of the document is the true originator and not
someone else, regardless of the claims of the signer. A signer cannot repudiate the signature on
that document without repudiating his or her digital key, and therefore other documents signed
with that key.
Working of digital signature

It consist of 2 processes

1) Digital signature creation (performed by sender)

2) Digital signature verification (performed by receiver)

-Digital certificate is a data with digital signature from one trusted certification authority. (CA)

This data contain-

- Who owns the certificate

- Who signs this certificates
- The expiry data
- User name & email address

CA – Certification authority is trusted agent who certifies public keys for general use.

User has to decide which CAs can be trusted.

1) Digital signature creation:-

Signature is created by sender. Message digest (MD) is extracted from message
using hash function. MD is encrypted using private key of sender & we get the digital
signature.
 2) Digital signature verification:-

It is the process of checking the digital signature by reference to the original

message & a given public key. Hence determining whether the digital signature was created for the
same message using private key that corresponds to the referenced public key.

Fig. Digital signature

Digital signature scheme typically consist of 3 algorithms:-

1) Key generation Algorithm:-

That selects private key uniformly at random from set of possible private keys. The
algorithm outputs the private key & corresponding public key.
2) A signing algorithm
On input of message & private key it produces a signature.
3) A signature verifying:-

On input of message, public key & signature, either accepts or rejects the messages
claim to authenticity.
 Example:-

Assume you were going to send the draft of a contract to your lawyer in another town. You
want to give your lawyer the assurance that it was unchanged from what you sent & that it is really
from you.

1) You copy & paste the contract into an email note.

2) Using special software or hash function you obtain message digest of the contract.
3) You then use private key obtain from public-private key authority to encrypt message digest.
4) The encrypted message digest becomes digital signature of message.
(Digital signature is different each time you send message)

At the other end your lawyer receives the message.

1) To make sure it’s intact & from you, your lawyer makes hash of the received message.
2) Your lawyer then use public key to decrypt the message digest.
3) It the hashes match the received message is valid.

Advantages:-

1. Speed

In business no longer have to wait for paper document to be sent by couriers using DS contracts
are easily written completed & signed by all concerned parties in less time.

2. Cost

Postal or courier service for paper document is much more expensive as compared using DS.

3. Security:-

Use of DS & electronic document reduces risk of document being intercepted read, destroyed.

4. Authenticity:-

An electronic document signed with DS can stand up in court just as well as any other signed
paper document

5. Non-Republication:-

DS identifies you as the signatory & later that cannot be denied.

6. Tracking:-

Digitally signed document can be easily tracked & located in short amount of time.

Disadvantages:-

1. The private key must be kept in secure manner.

 2. The process of generation & verification of digital signature requires considerable amount of
time.
3. Although digital signature provides the authenticity, it does not ensure secrecy of the data.
4. For using the digital signature the user has to obtain private & public key, the receiver has to
obtain the digital signature certificate also.

Digital Signature Standards (DSS):-

 DSS was developed for performing digital signature.

 DSS uses digital signature Algorithm.
 DSS make use of SHA-1 algorithm for Calculating message digest
 Hash function is used to generate MD.
 MD is given input to DSA to generate digital signature
 Digital signature sent to the verifier along with the massage .
 Verifier then verifies signature by using sender’s public key.
 Same hash function is used in the verification process.

Wherer =
M message s signature
H Hash function r (gk mod p)mod q (key pair)
Sig signature PUa Public key of sender
PRa Private key of sender Ver Verification function
PUG set of global public key compare Compare function

 DSS is a standard & DSA is actual algorithm

 DSA provide capability to generate & verify signature
 Signature generation makes use of private key to generate digital signature
 Signature verification makes use of public key which corresponds to, but is not the same as
the private key.
 Each user possesses a private & public key pair.
 Anyone can verify the signature of user by employing that user’s public key.
Application of DSS=

 Electronic mail.
 Electronic fund transfer.
 Electronic data interchange.
 Software distribution.
 Data storage.

Authentication protocol

Authentication protocol is a type of cryptographic protocol with the purpose

of authenticating entities wishing to communicate securely.

Authentication protocols are capable of simply authenticating the connecting party or

authenticating the connecting party as well as authenticating itself to the connecting party.

Various authentication protocols are listed and described below.

1) CHAP(Challenge Handshake Authentication Protocol) :-

It is 3 ways handshake protocol which is considered surer than PAP.
In which the authentication agent (typically a network server) sends the client program a
random value that is used only once and an ID value. Both the sender and peer share a
predefined secret. The peer concatenates the random value (or nonce), the ID and the secret
and calculates a one-way hash usingMD5. The hash value is sent to the authenticator, which in
turn builds that same string on its side, calculates the MD5 sum itself and compares the result
with the value received from the peer. If the values match, the peer is authenticated.
2) EAP (Extensible Authentication Protocol):-

It is used between a dial-in client & server to determine what authentication protocol will be
used. He Extensible Authentication Protocol (EAP) is a protocol for wireless networks that
expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often
used when connecting a computer to the Internet.

3) PAP(Password Authentication Protocol):-

It is 2 ways handshake protocol designed for use with ppp (point-point
protocol). It is not secure. Password-based authentication is the protocol where two entities
share a password in advance and use the password as the basis of authentication. Existing
password authentication schemes can be categorized into two types: weak-password
authentication schemes and strong-password authentication schemes. When compared to
strong-password schemes, weak-password schemes tend to have lighter computational
overhead, the designs are simpler, and implementation is easier, making them especially
suitable for some constrained environments.
4) SPAP(Shiva PAP) - Shiva Password Authentication Protocol (SPAP) is a simple encrypted
password authentication protocol supported by Shiva remote access servers. With SPAP, the
remote access client sends an encrypted password to the remote access server. SPAP uses a
two-way encryption algorithm. The remote access server decrypts the password and uses the
plaintext form to authenticate the remote access client.
5) DES(Data Encryption Standard):-
Used for older clients & servers. The data encryption standard (DES) is a common
standard for data encryption and a form of secret key cryptography (SKC), which uses only
one key for encryption and decryption. Public key cryptography (PKC) uses two keys, i.e., one
for encryption and one for decryption.
6) RADIUS(Remote Authentication Dial-In user service):-
It is used to authentication users dialing in remotely to servers in organizations
network. is a networking protocol that provides centralized Authentication, Authorization, and
Accounting (AAA) management for users who connect and use a network service. RADIUS
was developed by Livingston Enterprises, Inc. in 1991 as an access server authentication and
accounting protocol and later brought into the Internet Engineering Task Force (IETF)
standards.
7) S/KEY:-
It is one time password system & secure against replays. S/KEY is a one-time
password system developed for authentication to Unix-like operating systems, especially
from dumb terminals or untrusted public computers on which one does not want to type a long-
term password. A user's real password is combined in an offline device with a short set of
characters and a decrementing counter to form a single-use password. Because each password
is only used once, they are useless to password sniffers.
7) TACACS:-
Terminal Access Controller Access-Control System (TACACS, usually pronounced like
tack-axe) refers to a family of related protocols handling remote authentication and related
services for networked access control through a centralized server. Offers Authentication,
accounting & authorization, Authentication protocol. The original TACACS protocol, which
dates back to 1984, was used for communicating with an authentication server, common in
older UNIX networks; it spawned related protocols

9) MS-CHAP)- Microsoft Challenge Handshake Authentication Protocol -

Uses a Microsoft version of RSA messages digest 4 challenges & reply protocol. It
only works on Microsoft system 7 enable data encryption. Microsoft created MS-CHAP to
authenticate remote Windows-based workstations, integrating the functionality to which LAN-
based users are accustomed with the hashing algorithms used on Windows networks. Like
CHAP, MS-CHAP uses a challenge-response mechanism to authenticate connections without
sending any passwords.

10) SKID-SKID2 & SKID3:-

It is vulnerable to man-in the middle attack.