Chapter 2

Cryptographic Tools
 Cryptographic algorithms and protocols
can be grouped into four main areas:

Symmetric encryption

• Used to conceal the contents of blocks or streams of data of any size,

including messages, files, encryption keys, and passwords

Asymmetric encryption

• Used to conceal small blocks of data, such as encryption keys and hash
function values, which are used in digital signatures

Data integrity algorithms

• Used to protect blocks of data, such as messages, from alteration

Authentication protocols

• Schemes based on the use of cryptographic algorithms designed to

authenticate the identity of entities

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

1.1 - Symmetric Encryption
• The universal technique for providing confidentiality for
transmitted or stored data
• Also referred to as conventional encryption or single-key
encryption

• Two requirements for secure use:

• Need a strong encryption algorithm
• Sender and receiver must have obtained copies
of the secret key in a secure fashion and must
keep the key secure
 Symmetric Cryptographic Systems
• Characterized along two independent dimensions:

The type of operations

The way in which the
used for transforming
plaintext is processed
plaintext to ciphertext

Substitution Block cipher

Stream
Transposition
cipher
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Attacking Symmetric
Encryption
Cryptanalytic Attacks Brute-Force Attack
 Rely on:  Try all possible keys on some
 Nature of the algorithm ciphertext until an intelligible
 Some knowledge of the general translation into plaintext is obtained
characteristics of the plaintext  On average half of all possible keys
must be tried to achieve success
 Some sample plaintext-ciphertext
pairs
 Exploits the characteristics of the
algorithm to attempt to deduce a
specific plaintext or the key being
used
 If successful all future and past
messages encrypted with that key are
compromised
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Table 2.1

Comparison of Three Popular Symmetric

Encryption Algorithms
 The Data
Encryption Standard (DES)
The most widely used encryption scheme
FIPS PUB 46
Referred to as the Data Encryption Algorithm
(DEA)
Uses 64 bit plaintext block and 56 bit key to produce a 64
bit ciphertext block

Strength concerns:
Concerns about algorithm
DES is the most studied encryption algorithm in existence
Use of 56-bit key
Electronic Frontier Foundation (EFF) announced in July
1998 that it had broken a DES encryption
General structure of DES

6.12
Figure DES cipher and reverse cipher for the first approach

6.13
 Table 4.3 Avalanche Effect in DES: Change in Plaintext
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Triple DES (3DES)
 Repeats basic DES algorithm three times using either two or
three unique keys
 First standardized for use in financial applications in ANSI
standard X9.17 in 1985
 Attractions:
 168-bit key length overcomes the vulnerability to brute-force attack of
DES
 Underlying encryption algorithm is the same as in DES
 Drawbacks:
 Algorithm is sluggish in software
 Uses a 64-bit block size
The Advanced Encryption
Standard (AES)
Needed a NIST called for Selected
replacement for proposals for a Rijndael in
3DES new AES in 1997 November 2001
Should have a security
strength equal to or better
than 3DES

Significantly improved
3DES was not efficiency
Published as
reasonable for long
term use FIPS 197
Symmetric block cipher

128 bit data and

128/192/256 bit keys
General Design of AES Encryption Cipher

7.18
 Modes of Operation
 Typically symmetric encryption is applied to a unit of data
larger than a single 64-bit or 128-bit block
 Electronic codebook (ECB) mode is the simplest approach to
multiple-block encryption
 Each block of plaintext is encrypted using the same key
 Cryptanalysts may be able to exploit regularities in the plaintext

 Modes of operation
 Alternative techniques developed to increase the security of symmetric
block encryption for large sequences
 Overcomes the weaknesses of ECB
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Table 2.2

Average Time Required for Exhaustive Key Search

 Block & Stream Ciphers
Block Cipher

• Processes the input one block of elements at a time

• Produces an output block for each input block
• Can reuse keys
• More common

Stream Cipher
• Processes the input elements continuously
• Produces output one element at a time
• Primary advantage is that they are almost always faster and use far less
code
• Encrypts plaintext one byte at a time
• Pseudorandom stream is one that is unpredictable without knowledge of
the input key
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 The RC4 Stream Cipher
• Designed in 1987 by Ron Rivest for RSA Security

• Variable key size stream cipher with byte-oriented operations

• Based on the use of a random permutation

• Eight to sixteen machine operations are required per output

byte and the cipher can be expected to run very quickly in
software
• Used in the Secure Sockets Layer/Transport Layer Security
(SSL/TLS) standards that have been defined for
communication between Web browsers and servers
• Is also used in the Wired Equivalent Privacy (WEP) protocol
and the newer WiFi Protected Access (WPA) protocol that are
part Inc.,
© 2017 Pearson Education, of Hoboken,
the IEEE NJ. All802.11 wireless LAN standard
rights reserved.
2.2 - Message Authentication &
Hash Functions

Protects against
active attacks

• Contents have not been altered

Verifies received • From authentic source
message is authentic • Timely and in correct sequence

Can use
• Only sender & receiver share a
conventional key
encryption
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Hash Functions
• A hash function H accepts a variable-length
block of data M as input and produces a fixed-
size hash value : h = H(M)
• Principal object is data integrity

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

Hash Function Requirements
Can be applied to a block of data of any size

Produces a fixed-length output

H(x) is relatively easy to compute for any given x

One-way or pre-image resistant

• Computationally infeasible to find x such that H(x) = h

Computationally infeasible to find y ≠ x such that H(y) = H(x)

Collision resistant or strong collision resistance

• Computationally infeasible to find any pair (x,y) such that H(x) = H(y)
2.3 - Public-Key Encryption

Asymmetric
• Uses two
Publicly separate keys
• Public key Some form of
proposed by Based on
and private protocol is
Diffie and mathematical
key needed for
Hellman in functions • Public key is distribution
1976 made public
for others to
use
 Plaintext
 Readable message or data that is fed into the algorithm as input
 Encryption algorithm
 Performs transformations on the plaintext
 Public and private key
 Pair of keys, one for encryption, one for decryption
 Ciphertext
 Scrambled message produced as output
 Decryption key
 Produces the original plaintext
 User encrypts data using his or her own
private key

 Anyone who knows the corresponding

public key will be able to decrypt the
message
Requirements for Public-Key
Cryptosystems
Computationally easy to
create key pairs

Computationally easy
Useful if either key can for sender knowing
be used for each role public key to encrypt
messages

Computationally Computationally easy

infeasible for opponent for receiver knowing
to otherwise recover private key to decrypt
original message ciphertext

Computationally
infeasible for opponent to
determine private key
from public key
 Applications for Public-Key
Cryptosystems
• Public-key cryptosystems can be classified into
three categories:
• The sender encrypts a message
Encryption/decryption with the recipient’s public key

• The sender “signs” a message

Digital signature with its private key

• Two sides cooperate to

Key exchange exchange a session key

• Some algorithms are suitable for all three

applications, whereas others can be used only for
one or two
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Public-Key Cryptosystems
RSA Encryption & Decryption
• to encrypt a message M the sender:
• obtains public key of recipient PU={e,n}
• computes: C = Me mod n, where 0≤M<n

• to decrypt the ciphertext C the owner:

• uses their private key PR={d,n}
• computes: M = Cd mod n

• note that the message M must be smaller than

the modulus n (block if needed)
 Example of RSA Algorithm

© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 A more realistic example

n = 309 digits.

public key of recipient PU={e,n} private key PR={d,n}

10.47
 2.4 - Digital Signatures
 Used for authenticating both source and data integrity
 Created by encrypting hash code with private key
 Does not provide confidentiality
 Even in the case of complete encryption
 Message is safe from alteration but not eavesdropping
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Distribution of Public Keys
• Several
techniques have
been proposed Public Publicly available
for the announcement directory

distribution of
public keys.
Virtually all these
proposals can be Public-key Public-key
grouped into the authority certificates

following
general schemes:
© 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
 Summary
• Confidentiality with
symmetric encryption
 Symmetric encryption
 Symmetric block encryption
algorithms
 Stream ciphers
• Message authentication
and hash functions
 Authentication using symmetric
encryption
 Message authentication without
message encryption
 Secure hash functions
 
Other applications of hash
functions
• Random and
pseudorandom numbers
 The use of random numbers
• Public-key encryption
 Structure
 Applications for public-key
cryptosystems
 Requirements for public-key
cryptography
 Asymmetric encryption
algorithms
• Digital signatures and
key management
 Digital signature
 Public-key certificates
 Symmetric key exchange using
public-key encryption
Digital envelopes