UNIT 4

ENCRYPTION ALGORITHM

Data Encryption Standard

Describe DES algorithm with suitable example.
Data Encryption Standard is symmetric block cipher which takes input of 64-bit plain text along with 64-
bit key and process it, to generate the 64-bit cipher text.
The diagram below illustrates the working of DES.

DES Encryption:-
Step 1:
In the first step the 64-bit plain text undergoes initial permutation which rearranges the bits to produce
two 32-bit permuted block which is called left plain text (LPT 32-bit) and right plain text
(RPT 32-bit).

Step 2: Now, 16 rounds of DES encryption will be performed on this LPT and RPT with a 56-bit key.
Step 3: After the 16th round the 32-bit LPT and 32-bit RPT are integrated which forms a 64-bit block
again and then the final permutation is applied to this 64-bit block, to obtain the 64-bit cipher
text.

Rounds in Data Encryption Standard

Each round of DES performs the same function. So, below are the steps of the function performed in each
round of DES algorithm:

Unit 4 Prof. Somwanshi A.A. ( Arrow Computer Academy ) : - 8788335443

1. Key Transformation: -
In DES initial key size is 64-bit which is reduced to the 56-bit key.
This is done by discarding every 8th bit from the 64-bit key.
So, for each round of DES, this 56-bit key is used.
In the key transformation step, this 56-bit is transformed to the 48-bit key.

2. Expansion Permutation: -In the first step of encryption, during the initial permutation of DES, the
64-bit plain text is permuted and we have 32-bit LPT and 32-bit RPT. Now, the expansion permutation is
performed on the 32-bit RPT which transforms it from 32-bit to 48- bit.
This happens as the 32-bit RPT is divided into 8 blocks, with each block consisting of 4 bits.
Then, each 4-bit block of the previous step is then expanded to a corresponding 6-bit block, i.e., per 4-bit
block, 2 more bits are added.
Now the 48-bit key is XOR with 48-bit RPT and the resulting output is given to the next step.
The 32-bit LPT is untouched during the process.

3. S-box Substitution:- It accepts the 48-bits input from the XOR operation involving the compressed
key and expanded RPT and produces 32- bit output using the substitution techniques. Each of the 8 S-
boxes has a 6-bit input and a 4-bit output. The output of each S-box then combined to form a 32- bit
block, which is given to the last stage of a round.

4. P-box Permutation:- The 32-bit output obtained from s-box substitution is provided as an input to P-
box. Here, the 32-bit input is simply permuted and send to the next step.

Unit 4 Prof. Somwanshi A.A. ( Arrow Computer Academy ) : - 8788335443

5. XOR and Swap:- The output of S-box consists of 32-bits. These 32-bits are permuted using P-box. Step
5: XOR and Swap: The LPT of the initial 64-bits plain text block is XORed with the output produced by P
box permutation. It produces new RPT. The old RPT becomes new LPT, in a ssprocess of swapping.

Final Permutation: At the end of 16 rounds, the final permutation is performed.

This is simple transposition. For e.g., the 40th input bit takes the position of 1st output bit and so on.

DES Decryption:-
The same Data Encryption Standard algorithm used for encrypting the plain text is also used to
decrypting the cipher text.
But the algorithm is reversed, such as the initial and final permutation events are reversed. Even the
sequence of the sub keys applied in 16 rounds of DES is also reversed.

Unit 4 Prof. Somwanshi A.A. ( Arrow Computer Academy ) : - 8788335443

RSA (Rivest-Shamir-Adleman) Algorithm

RSA is an asymmetric or public-key cryptography algorithm which means it works on two different
keys: Public Key and Private Key.
The Public Key is used for encryption and is known to everyone, while the Private Key is used for
decryption and must be kept secret by the receiver.

RSA Algorithm
It consists of three main stages:
Key Generation: Creating Public and Private Keys
Encryption: Sender encrypts the data using Public Key to get cipher text.
Decryption: Decrypting the cipher text using Private Key to get the original data.

1. Key Generation
 Choose two large prime numbers, say p and q. These prime numbers should be kept secret.
Calculate the product of primes, n = p * q.
This product is part of the public as well as the private key.

 Calculate Euler Totient Function Φ(n) as Φ(n) = Φ(p * q)

= Φ(p) * Φ(q)
= (p – 1) * (q – 1)

 Choose prime number as encryption exponent e, such that

1 < e < Φ(n)

 Calculate decryption exponent d, such that

(d * e) ≡ 1 mod Φ(n), by Extended Euclidean Algorithm.

d = [ 1+ Φ(n) * i ] / e

Finally, the Public Key = (n, e) and the Private Key = (n, d).

Example :-

Unit 4 Prof. Somwanshi A.A. ( Arrow Computer Academy ) : - 8788335443

2. Encryption

To encrypt a message M, it is first converted to numerical representation using ASCII and other
encoding schemes.

Now, use the public key (n, e) to encrypt the message and get the cipher text using the formula:

C = M e mod n, where C is the Cipher text and e and n are parts of public key.

3. Decryption

To decrypt the cipher text C, use the private key (n, d) and get the original data using the formula:
M = C d mod n, where M is the message and d and n are parts of private key.

Unit 4 Prof. Somwanshi A.A. ( Arrow Computer Academy ) : - 8788335443

Diffie-Hellman Key Exchange Algorithm

The Diffie-Hellman key exchange (also known as exponential key exchange) is a method for securely
exchanging cryptographic keys over an insecure channel.
It is a fundamental building block of many secure communication protocols, including SSL/TLS and SSH.
The Diffie-Hellman key exchange works by allowing two parties (Alice and Bob) to agree on a shared
secret key over an insecure channel, without any other party being able to intercept the key or learn
anything about it.
The key exchange involves the following steps :-

 Alice and Bob agree on two large prime numbers, p and g, and a public key exchange algorithm.
 Alice chooses a secret integer, a, and computes A = g^a mod p. She sends A to Bob.
 Bob chooses a secret integer, b, and computes B = g^b mod p. He sends B to Alice.
 Alice computes secret key s = B^a mod p. Bob computes secret key s = A^b mod p.
 Alice and Bob now both have shared secret keys, which they can use to establish a secure
communication channel.

Alice Bob
p,g p,g
Secret Integer : - a Secret Integer : - b
A = g^a mod p B = g^b mod p

Secret Key s :- B^a mod p Secret Key s :- A^b mod p

Unit 4 Prof. Somwanshi A.A. ( Arrow Computer Academy ) : - 8788335443

Hashing
1. Hashing functions are one of the most commonly used encryption methods.
2. A hash is a special function that performs one-way encryption, meaning that once the algorithm is
processed, there is no feasible way to take the cipher text and retrieve the plain text that was used to
generate it.
3. The hash code is a function of all bits of the message and provides as error detection capability. A
change in any bit or bits results in a change of hash value.
4. A hash value h is generated by a function H of the form
h = H(M)
where,
M is variable length message and
H(M) is the fixed length hash value.

5. The hash value is appended to the message at the source at a time when the message is assumed or
known to be correct.
6. The receiver authenticates that message by re-computing the hash value. Hash value is not considered
to be secret so something is required to protect the hash value.
7. The message plus concatenated Hash code is encrypted using symmetric encryption. Sender and
receiver share the same secret key. The message must have come from authorized sender and has not
been altered is checked by recomputing and comparing hash code by receiver.

Advantages: (any two)

1. It is more efficient to compute a digital signature using a document‘s message digest.
2. A digest can be made public without revealing the contents of the document from which it derives.
3. It is used for digital authentication must have certain properties that make it secure enough for
cryptographic use.
4. Combining the data message with the secret, and running it through a hash function, a signature is
generated in the form of the hash value. The data message is transmitted along with the signature. The
recipient combines the received message with the secret, generates a hash value, and checks to make
sure it's identical to the signature. The message's authenticity is thus verified.

Digital Signature
Explain digital signature in Cryptography.

1. Digital signature is a strong method of authentication in an electronic form.

2. It includes message authentication code (MAC), hash value of a message and digital pen pad
devices. It also includes cryptographically based signature protocols.

Unit 4 Prof. Somwanshi A.A. ( Arrow Computer Academy ) : - 8788335443

3. Digital Signature is used for authentication of the message and the sender to verify the integrity of
the message.
4. Digital Signature may be in the form of text, symbol, image or audio.
5. In today’s world of electronic transaction, digital signature plays a major role in authentication.
For example, one can fill his income tax return online using his digital signature, which avoids the use of
paper and makes the process faster.
6. Asymmetric key encryption techniques and public key infrastructure are used in digital signature.
7. Digital signature algorithms are divided into two parts
a. Signing part: It allows the sender to create his digital signature.
b. Verification part: It is used by the receiver for verifying the signature after receiving the
message.

Generation and Verification of digital signatures:

Working:
1. Message digest is used to generate the signature. The message digest (MD) is calculated from the
plaintext or message.
2. The message digest is encrypted using user’s private key.
3. Then, the sender sends this encrypted message digest with the plaintext or message to the
receiver.

4. The receiver calculates the message digest from the plain text or message he received.
5. Receiver decrypts the encrypted message digest using the sender’s public key. If both the MDs are
not same then the plaintext or message is modified after signing.

Advantages of Digital Signatures

Speed: Businesses no longer have to wait for paper documents to be sent by courier. Contracts are easily
written, completed, and signed by all concerned parties in a little amount of time no matter how far the
parties are geographically.
Costs: Using postal or courier services for paper documents is much more expensive compared to
using digital signatures on electronic documents.

Unit 4 Prof. Somwanshi A.A. ( Arrow Computer Academy ) : - 8788335443

Security: The use of digital signatures and electronic documents reduces risks of documents being
intercepted, read, destroyed, or altered while in transit.
Authenticity: An electronic document signed with a digital signature can stand up in court just as
well as any other signed paper document.
Non-Repudiation: Signing an electronic document digitally identifies you as the signatory and that
cannot be later denied.
Time-Stamp: By time-stamping your digital signatures, you will clearly know when the document was
signed.

Unit 4 Prof. Somwanshi A.A. ( Arrow Computer Academy ) : - 8788335443