Unit 2

Cryptography and
Cryptographic Algorithms
Cryptography
Science and Art of transforming message to make them secure and
immune to attack
Cryptography is the technique of converting ordinary plain text into
unintelligible text and vice-versa.
It is the practice and study of techniques for secure communication in the
presence of third parties.
It is also referred by the terms Cryptology and Cryptanalysis.
It is a method of storing and transmitting data in a particular form so that
only those for whom it is intended can read and process it.
Cryptography is most often associated with scrambling plaintext into
cipher text (a process called encryption), then back again (known as
decryption).
Cryptography
Encryption

Encryption is the process of encoding a message or information in

such a way that only authorized parties can access it and those who are
not authorized cannot.
Encryption does not itself prevent interference, but denies the
intelligible content to a would-be interceptor.
Decryption

Decryption is the process of taking encoded or encrypted text or other

data and converting it back into text that you or the computer can read
and understand (original form).
It is generally a reverse process of encryption.
It decodes the encrypted information so that an authorized user can
only decrypt the data because decryption requires a secret key or
password.
Plaintext and Cipher Text

• Plain Text/Clear Text

Plaintext or cleartext is unencrypted information.
• Cipher Text
Ciphertext is encrypted text. Plaintext is what you have before
encryption, and ciphertext is the encrypted result.
• Original message before transformation => Plaintext
• An Encryption algorithm transforms => Plaintext to Ciphertext
• A Decryption algorithm transforms => Ciphertext
Transposition Cipher

A transposition cipher rearranges the characters in the plaintext to

form ciphertext.
The letters are not changed.
Example
HELLO WORLD
HLOOL
ELWRD
The rearrangement of the text is based on the permutation. It just
rearranges the given information without modifying it.
 Substitution Cypher
In a Substitution cipher, any character of plain text from the given fixed set of characters
is substituted by some other character from the same set depending on a key.
 For example with a shift of 1, A would be replaced by B, B would become C, and so on. 
Special case of Substitution cipher is known as Caesar cipher where the key is taken as 3
e.g. HELLO WORLD
KHOOR ZRUOG
(key 3)
 Mathematical representation
The encryption can be represented using modular arithmetic by first transforming the
letters into numbers, according to the scheme, A = 0, B = 1,…, Z = 25. Encryption of a
letter by a shift n can be described mathematically as:
En(x)= (x+n) mod 26 Encryption with shift n
Dn(x) = (x-n) mod 26  Decryption with shift n
Caesar Cypher
The Caesar Cipher technique is one of the earliest and simplest methods of
encryption technique.
It’s simply a type of substitution cipher, i.e., each letter of a given text is replaced
by a letter with a fixed number of positions down the alphabet.
It is a special case of Substitution cipher where the key is taken as 3
Simple XOR Cipher
Bitwise XOR operation between plaintext and key to get ciphertext.
i.e. plaintext ⊕key= ciphertext
Bitwise XOR operation between ciphertext and key to get plaintext.
i.e. ciphertext key= plaintext
e.g. plaintext=1101101 and key=1000000 then
ciphertext= plaintext ⊕ key
=0101101
Data Encryption Standard (DES)

The Data Encryption Standard(DES) works by using the same key to encrypt
and decrypt a message, so both the sender and the receiver must know and
use the same private key.
DES is an outdated symmetric-key method of data encryption.
Originally designed by researchers at IBM in the early 1970s, DES was
adopted by the U.S. government as an official Federal Information
Processing Standard (FIPS) in 1977 for the encryption of commercial and
sensitive yet unclassified government computer data.
It was the first encryption algorithm approved by the U.S. government for
public disclosure.
DES has been upgraded by the more secure Advanced Encryption
Standard (AES) algorithm.
 Data Encryption Standard (DES)

DES uses the same key to encrypt and

decrypt a message, so both the sender
and the receiver must know and use the
same private key.
The DES is a block cipher, meaning a
cryptographic key and algorithm are
applied to a block of data simultaneously
rather than one bit at a time.
DES is a block cipher and encrypts data
in blocks of size of 64 bits each, which
means 64 bits of plain text go as the
input to DES, which produces 64 bits of
ciphertext.
Data Encryption Standard (DES)-Key Discarding Process

64-bit Original Key

56-bit Resulting Key

 Data Encryption Standard (DES)-Steps
1. 64 bit plain text is given to Initial
Permutation (IP) Function.
2. Initial Permutation is performed on 64-bit
plain text.
3. IP produces two halves of the permuted
block known as Left Plain Text (LPT) and
Right Plain Text (RPT).
4. Each LPT and RPT performs 16-rounds of
encryption process.
5. After 16-rounds, LPT and RPT is
combined and Final Permutation (FP) is
performed on the combined block.
6. Finally 64-bit Cipher block is generated.
Data Encryption Standard (DES)-Steps
Initial Permutation (IP) and Generate LPT-RPT
Initial Permutation is performed only once.
During the permutation process, bit sequence gets changed.
It suggests how the transposition in IP should proceed, as shown in the figure.
For example, it says that the IP replaces the first bit of the original plain text
block with the 58th bit of the original plain text, the second bit with the 50th
bit of the original plain text block, first bit takes the 40th position and so on.

Now the output of IP is divided into two equal halves i.e. Left 32 bits as
LPT and right 32 bits as RPT.
Data Encryption Standard (DES)-Steps
16 Rounds of Encryption (Steps)
1. Key transformation
Key Bit shifted per round
Compression Permutation
2. Expansion Permutation of Plain Text (P.T.) and X-OR
3. S-box Substitution
4. P-box Permutation
5. X-OR and Swap
Data Encryption Standard (DES)-Steps
16 Rounds of Encryption (Steps)
1. Key transformation (key bit shifting)
We have noted initial 64-bit key is transformed into a 56-bit key by
discarding every 8th bit of the initial key. Thus, for each a 56-bit key is
available. From this 56-bit key, a different 48-bit Sub Key is generated
during each round using a process called key transformation.
For this, the 56-bit key is divided into two halves, each of 28 bits.
These halves are circularly shifted left by one or two positions,
depending on the round.
For example: if the round numbers 1, 2, 9, or 16 the shift is done by only
one position for other rounds, the circular shift is done by two positions. 
Data Encryption Standard (DES)-Steps
16 Rounds of Encryption (Steps)
1. Key transformation (Compression Permutation)
After an appropriate shift, 48 of the 56 bits are selected.
For instance, after the shift, bit number 14 moves to the first position, bit
number 17 moves to the second position, and so on. If we observe the
table carefully, we will realize that it contains only 48-bit positions. Bit
number 18 is discarded (we will not find it in the table), like 7 others (9,
22, 25, 35,38, 43 and 54), to reduce a 56-bit key to a 48-bit key as shown
in table below:
Data Encryption Standard (DES)-Steps
16 Rounds of Encryption (Steps)
1. Key transformation (Compression Permutation)
 Since the key transformation process involves permutation as well as a
selection of a 48-bit subset of the original 56-bit key it is called
Compression Permutation.
Because of this compression permutation technique, a different subset
of key bits is used in each round. That makes DES not easy to crack.
Data Encryption Standard (DES)-Steps
16 Rounds of Encryption (Steps)
2. Expansion Permutation of Plain Text (P.T.) and X-OR
  Recall: we had two 32-bit plain text areas called Left Plain Text(LPT)
and Right Plain Text(RPT) and 48 bit key.
During the expansion permutation, the RPT is expanded from 32 bits to 48
bits (since key block is 48 bit). Bits are permuted as well hence called
expansion permutation. 
 This happens as the 32-bit RPT is divided into 8 blocks, with each block
consisting of 4 bits. 
Data Encryption Standard (DES)-Steps
16 Rounds of Encryption (Steps)
2. Expansion Permutation of Plain Text (P.T.) and X-OR
Each 4-bit block is expanded to 6-bit and produces 48-bit output as below:

Finally 48-bit RPT is XORed with 48-bit Key and finally output is given to
the next box(S-box).
Data Encryption Standard (DES)-Steps
16 Rounds of Encryption (Steps)
3. S-box Substitution
Converts 48-bit RPT XORed with 48-bit key to 32-bit output
There are 8 Substitution boxes or S-boxes, where each block has 6 bit
input and 4 bit output. The 48-bit are divided into eight 6-bit sub-block.
Data Encryption Standard (DES)-Steps
16 Rounds of Encryption (Steps)
3. S-box Substitution
Each S-box is a table of 4 rows and 16 columns. Each entry in the box is a
4-bit number. The 6 input bits of the S-box specify under which row and
column number to look for the output.
Example: Let us consider the input to a S-box is 011011
Here the first and last bit of the 6 input bit forms the row and the remaining
four bits constitute the row. 011011

01
Data Encryption Standard (DES)-Steps
16 Rounds of Encryption (Steps)
3. S-box Substitution
Data Encryption Standard (DES)-Steps
16 Rounds of Encryption (Steps)
4. P-Box Permutation
Output of the S-Box (32-bit) is given to P-Box.
32-bit is permuted with 16*2 permutation table.

For Example:
• 16th bit of S-box takes first position as per above permutation table.
Produces 32 bit result
Data Encryption Standard (DES)-Steps
16 Rounds of Encryption (Steps)
5. X-OR and SWAP
Now the 32-bit LPT is XORed with 32 bit output of the P-Box.
The original 32-bit RPT is taken as it is and finally added/concatenated it
as 32-bit LPT as shown in figure below:
Data Encryption Standard (DES)-Steps

16 Rounds of Encryption (Steps)

Till now first round of encryption is
completed. Now remaining 15 rounds
will be performed same as the first
round.
Data Encryption Standard (DES)-Steps
Final Permutation
At the end of the 16 rounds, the final permutations is performed (only
once).
The output of the final permutation is the 64-bit encrypted block (64-bit
cipher text block.
Example:
• 40th bit of the input take 1st position as per below permutation table.
Data Encryption Standard (DES)-Steps
Decryption is simply the inverse of encryption, following the same steps
but reversing the order in which the keys are applied.
It would take a maximum of 2^56, or 72,057,594,037,927,936 attempts
to find the correct key.
For any cipher, the most basic method of attack is brute force, which
involves trying each key until you find the right one.
Even though few messages encrypted using DES encryption are likely to
be subjected to this kind of code-breaking effort, many security experts
felt the 56-bit key length was inadequate even before DES was adopted as
a standard.
Thus, DES is upgraded to more secure Advanced Encryption Standard
(AES).
Applications of DES Algorithm
It is used in random number generation
It is deployed when not-so-strong encryption is needed 
It is used to develop a new form of DES, called Triple DES (using a
168-bit key formed using three keys)
Advantages and Disadvantages of DES Algorithm
The advantages of the DES algorithm:
1. It is set as a standard by the US government.
2. When compared to the software, it works faster on hardware.
3. Triple DES, used a 168-bit key which is very hard to crack.
The disadvantages of the DES algorithm:
1. Weakly secured algorithm.
2. There is a threat from Brute force attacks.
3. A DES cracker machine known as Deep Crack is available in the
market.
Symmetric Key Cryptography

Symmetric-key algorithms are the algorithms for cryptography that

use the same cryptographic keys for both encryption of plaintext and
decryption of ciphertext.
Symmetric-key systems are simpler and faster, but their main
drawback is that the two parties must somehow exchange the key in a
secure way.
Symmetric-key cryptography is sometimes called secret-key
cryptography.
The most popular symmetric-key system is the Data Encryption
Standard (DES).
Stream Cipher

A stream cipher is a symmetric key cipher where plaintext digits are

combined with a keystream.
A keystream is a stream of random characters that are combined with
a plaintext message to produce an encrypted message.
In a stream cipher, each plaintext digit is encrypted one at a time with
the corresponding digit of the keystream, to give a digit of the
ciphertext stream.
Block Cipher
A block cipher is a method of encrypting data in blocks to
produce ciphertext using a cryptographic key and algorithm.
Block cipher is widely used to implement encryption of bulk data.
A block cipher consists of two paired algorithms, one for encryption,
E, and the other for decryption, D.
Both algorithms accept two inputs: an input block of size n bits and a
key of size k bits; and both yield an n-bit output block.
The decryption algorithm D is defined to be the inverse function of
encryption.
Stream Cipher, Block Cipher and Symmetric Key Encryption
Symmetric-key encryption can use either stream ciphers or block
ciphers.
Stream ciphers encrypt the digits or letters of a message one at a time.
Block ciphers take a number of bits and encrypt them as a single unit,
padding the plaintext so that it is a multiple of the block size.
Blocks of 64 bits are commonly used.
The Advanced Encryption Standard(AES) uses block cipher mode of
operation use 128-bit blocks.
The problem is providing the key to the receiver-key distribution
problem.
Stream Cipher, Block Cipher and Symmetric Key Encryption
Symmetric-key encryption can use either stream ciphers or block
ciphers.
Stream ciphers encrypt the digits or letters of a message one at a time.
Block ciphers take a number of bits and encrypt them as a single unit,
padding the plaintext so that it is a multiple of the block size.
Blocks of 64 bits are commonly used.
The Advanced Encryption Standard(AES) uses block cipher mode of
operation use 128-bit blocks.
The problem is providing the key to the receiver-key distribution
problem.
Stream Cipher, Block Cipher and Symmetric Key Encryption
Copy of the key can’t be sent along with the message.
Thus, people at the source and destination must physically meet prior
to communicating or any alternative delivery method to provide the
key is required.
This will be a problem if the communication is taking place between
entities at long distance or multiple entities are participated in the
communication
Asymmetric Key Cryptography

Asymmetric cryptography is a second form of cryptography. It is

called a Public-key cryptography. 
There are two different keys including one key is used for encryption
and only the other corresponding key should be used for decryption.
The keys are simply large numbers that have been paired together but
are not identical (asymmetric).
One key in the pair can be shared with everyone; it is called the public
key.
The other key in the pair is kept secret; it is called the private key.
“Public key" cryptography has the following property: “There is no
single key but rather a key-pair.
Asymmetric Key Cryptography

There is still a need for key distribution. But in this case, we intend to
distribute the public key to anyone.
One part (the public key) is available to be given away and the other
part (the private key) is intended to be kept secret.
To encrypt something for another person, we need to get a hold of
their public key and use it as the encryption key.
Then, despite the fact that the public key can be seen by anyone, the
only person that can decrypt our message is the person with the private
key.
Asymmetric Key Cryptography
RSA Algorithm

RSA is one of the first public-key cryptosystems and is widely used

for secure data transmission.
RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who
first publicly described it in 1978.
In such a cryptosystem, the encryption key is public and it is different
from the decryption key which is kept secret.
RSA involves a public key and a private key. The public key can be
known by everyone, and it is used for encrypting messages.
The intention is that messages encrypted with the public key can only
be decrypted by using the private key.
RSA Algorithm

The public key is represented by the integers n and e; and, the private
key, by the integer d(although n is also used during the decryption). m
represents the message.
A user of RSA creates and then publishes a public key based on two
large prime numbers, along with an auxiliary value. The prime
numbers must be kept secret.
The RSA algorithm involves four steps:
a. key generation
b. key distribution
c. Encryption
d. decryption.
RSA Algorithm-Key Generation

The keys for RSA algorithm are generated in the following way:
1. Choose two different large random prime numbers p and q
2. Calculate n=p*q, n is called modulus
3. Calculate the totient function: Φ(n)=(p-1)(q-1)
4. Now choose an integer ‘e’ such 1<e<Φ(n) where e and Φ(n) do not
share factors other than 1
i.e. gcd(Φ(n), e) =1 , 1<e<Φ(n)
(e,n) is released as the public key
5. Now for generating private key, we calculate d as,
d*e mod Φ(n) = 1
(d,n) is used as the private key
RSA Algorithm-Key Distribution

Suppose that Bob wants to send information to Alice. If they decide to

use RSA, Bob must know Alice's public key to encrypt the message
and Alice must use her private key to decrypt the message.
To enable Bob to send his encrypted messages, Alice transmits her
public key (e,n) to Bob via a reliable, but not necessarily secret, route.
Alice's private key (d,n) is never distributed.
RSA Algorithm-Encryption

After Bob obtains Alice’s public key(e,n), he can send a message m to

Alice by computing the cipher text c, using Alice’s public key (e,n).
c=me (mod n)
Bob then transmits c to Alice.
Alice can recover the original message m form c using her private
key (d,n) by computing
m= cd (mod n)
RSA Algorithm-Example
Pick two prime numbers: p=3, q=5
n=p*q=3*5=15
Φ(n)=(p-1)(q-1)=(3-1)(5-1)=2*4=8
Choose e satisfying 1<e<Φ(n). Let us choose e=3, which do not share
any common factors with 8 rather than 1.
Compute d satisfying: de{mod Φ(n)}=1 So, d*3{mod 8}=1
• Let us choose d=11 which satisfies the relation.
So public key (e,n) is (3,15) which is released publicly and the
persons that want to send the message use this key to encrypt the
message and send it to the receiver .
Private key (d,n) is (11,15) which is kept secret by the receiver.
RSA Algorithm-Example
So, at encryption process, the sender uses the public key to encrypt
the message. Resulting cipher text will be:
c=m^e(mod n)
=2^3(mod 15)= 8 mod 15=8
At decryption process, the private key is used to decrypt the cipher
text.
Plain text is obtained as:
m=c^d(mod n)
=8^11(mod 15) =2
Hence, the original message 2 is obtained at receiver end after
decryption.
RSA Algorithm-Example
1. In a public-key system using RSA, you intercept the ciphertext C =10
sent to a user whose public key is e=5, n=35. What is the plaintext M?
RSA Algorithm-Example

1. In a public-key system using RSA, you intercept the ciphertext C =8

sent to a user whose public key is e=3, n=33. What is the plaintext M?
Hashing
Hashing is the transformation of a string of characters into a usually
shorter fixed-length value or key that represents the original string.
Hashing is one way to enable security during the process of message
transmission when the message is intended for a particular recipient only.
A formula generates the hash, which helps to protect the security of the
transmission against tampering.
Hashing is generating a value or values from a string of text using a
mathematical function.
It is an algorithm that maps data of arbitrary size to a bit string of a
fixed size (a hash) and is designed to be a one-way function, that is, a
function which is infeasible to invert.
Hashing
The only way to recreate the input data from an cryptographic hash
function's output is to attempt a brute-force search of possible inputs to
produce a match.
The input data is often called the message, and the output (the hash
value or hash) is often called the message digest or simply the digest.
Hashing is also a method of sorting key values in a database table in an
efficient manner.
Hashing is used to index and retrieve items in a database because it is
faster to find the item using the shorter hashed key than to find it using
the original value.
When a user sends a secure message, a hash of the intended message is
generated and encrypted, and is sent along with the message.
Hashing
When the message is received, the receiver decrypts the hash as well as the
message. Then, the receiver creates another hash from the message.
If the two hashes are identical when compared, then a secure transmission
has occurred. This hashing process ensures that the message is not altered
by an unauthorized end user.
The ideal cryptographic hash function has five main properties:
1. It is deterministic so the same message always results in the same hash.
2. It is quick to compute the hash value for any given message.
3. It is infeasible to generate a message from its hash value except by trying
all possible messages.
4. A small change to a message should change the hash value so extensively
that the new hash value appears uncorrelated with the old hash value.
Hashing
5. It is infeasible to find two different messages with the same hash
value.
Cryptographic hash functions have many information-security
applications, notably in digital signatures, message authentication codes
(MACs), and other forms of authentication.
They can also be used as ordinary hash functions, to index data in hash
tables, for fingerprinting, to detect duplicate data or uniquely identify
files, and as checksums to detect accidental data corruption.
Message Digest 5 (MD5)
The MD5 hashing algorithm is a one-way cryptographic function that
accepts a message of any length as input and returns as output a
fixed-length digest value to be used for authenticating the original
message.
The MD5 algorithm is a widely used hash function producing a 128-
bit hash value.
The MD5 hash function was originally designed for use as a secure
cryptographic hash algorithm for authenticating digital signatures.
MD5 has been deprecated for uses other than as a non-cryptographic
checksum to verify data integrity and detect unintentional data
corruption.
Message Digest 5 (MD5)
Secure Hash Algorithm (SHA)
SHA is specified as the hash algorithm in the Digital Signature
Standard (DSS), NIST (National Institute of Standards and
Technology).
SHA design is similar to MD5, but a lot stronge
Take a message of length at most 264 bits and produces a 160-bit
output.
Message Authentication Code (MAC)

Message authentication code (MAC), sometimes known as a tag, is a

short piece of information used to authenticate a message.
In other words, to confirm that the message came from the intended
sender (its authenticity) and has not been changed.
A message authentication code (MAC) is a cryptographic checksum
on data that uses a session key to detect both accidental and intentional
modifications of the data.
The MAC value protects both a message's data integrity as well as its
authenticity, by allowing receivers (who also possess the secret key) to
detect any changes to the message content.
Message Authentication Code (MAC)

MAC algorithm is a symmetric key cryptographic technique to provide

message authentication. For establishing MAC process, the sender and
receiver share a symmetric key K.
If a sender doesn’t know the secret key, the hash value would then be
different, different, which would tell the recipient that the message was
not from the original sender.
Message Authentication Code (MAC)
The sender uses some publicly known MAC algorithm, inputs the message and
secret key and produce a MAC value.
The sender forwards the message along with MAC. Here, we assume that the
message is sent in the clear, as we are concerned of providing message origin
authentication, not confidentiality.
If confidentiality is required the message needs encryption.
On receipt of the message and the MAC, the receiver feeds the received message and
shared secret key into the MAC algorithm and re-computes the MAC value.
The receiver now checks equality of freshly computed MAC with the MAC received
from the sender. If they match, then the receiver accepts the message and assures
himself/ herself that the message has been sent by the intended sender.
If computed MAC does not match MAC sent by sender, the receiver cannot
determine whether it is the message that has been altered or it is the origin that has
been falsified. As a bottom-line a receiver safely assumes that the message is not
genuine
Why Use MACs?

Clear text stays clear

MAC might be cheaper
Broadcast
Authentication of executable codes
Architectural flexibility
Separation of authentication check from message use
Limitation of MAC

Use of MAC needs a shared secret key between the communicating

parties
Inability to provide non repudiation