Unit 2: Private and Public Cryptosystem (8

Hrs.)
• Block Ciphers, • ElGamal Curve Cryptography,
• DES • Elliptic Curve Cryptography,
• AES, • Format Preserving Encryption,
• IDEA, • Overview of Homomorphic
• Stream Ciphers, Encryption,
• RC4, • Lightweight Cryptography and
• Stream Cipher using Feedback • Post Quantum Cryptography
Shift Registers,
Cryptography
• The word cryptography comes from two Greek words meaning ―secret writing‖
and is the art and science of information hiding.
• This field is very much associated with mathematics and computer science with
application in many fields like computer security, electronic commerce,
telecommunication, etc.
• In the ancient days, cryptography was mostly referred to as encryption – the
mechanism to convert the readable plaintext into unreadable (incomprehensible)
text i.e. ciphertext, and decryption – the opposite process of encryption i.e.
conversion of ciphertext back to the plaintext.
• Though the consideration of cryptography was on message confidentiality
(encryption) in the past, nowadays cryptography considers the study and practices
of authentication, digital signatures, integrity checking, and key management, etc.
Cryptanalysis

• Cryptanalysis is the breaking of codes. Cryptanalysis

encompasses all of the techniques to recover the plaintext
and/or key from the ciphertext.

• The combined study of cryptography and cryptanalysis is

known as cryptology. Though most of the time we use
cryptography and cryptology in the same way.
Encryption and Decryption
Encryption is the process of encoding a message so that its meaning is not obvious i.e. converting information
from one form to some other unreadable form using some algorithm called cipher with the help of secret
message called key.
The converting text is called is plaintext and the converted text is called ciphertext.
Decryption is the reverse process, transforming an encrypted message back into its normal, original form. In
decryption process also the use of key is important.

The terms encode and decode or encipher and decipher are used instead of encrypt and decrypt. That is, we say
that we encode, encrypt, or encipher the original message to hide its meaning. Then, we decode, decrypt, or
decipher it to reveal the original message.
Encryption and Decryption
Encryption is the process of encoding a message so that its meaning is not obvious i.e. converting information
from one form to some other unreadable form using some algorithm called cipher with the help of secret
message called key.
The converting text is called is plaintext and the converted text is called ciphertext.
Decryption is the reverse process, transforming an encrypted message back into its normal, original form. In
decryption process also the use of key is important.

The terms encode and decode or encipher and decipher are used instead of encrypt and decrypt. That is, we say
that we encode, encrypt, or encipher the original message to hide its meaning. Then, we decode, decrypt, or
decipher it to reveal the original message.
Key
• A key is a parameter or a piece of information used to determine the output of
cryptographic algorithm.
• While doing the encryption, key determines the transformation of plaintext to the
cipher text and vice versa.
• Keys are also used in other cryptographic processes like message authentication
codes and digital signatures.
• Most of the cryptographic systems depend upon the key and thus the secrecy of
the key is very important.
• Another important issue for the key is its length.
• Since key is the sole entity that defines the strength of the security (normally
algorithm used is public) we need to select the key in a way such that attacker
should take long enough to try all possibilities.
• To prevent the key from being guessed the choice of the key must be random.
Cipher

• A cipher is an algorithm for performing encryption and decryption.

• The operation of cipher depends upon the special information called key.
• Without knowledge of the key, it should be difficult, if not nearly
impossible, to decrypt the resulting cipher into readable plaintext.
• There are many types of encryption techniques that have advanced from
history, however the distinction of encryption technique can be broadly
categorized in terms of number of key used and way of converting
plaintext to the ciphertext.
Types of Ciphers

• Historical Ciphers: Also called classical ciphers used processes like substitution
and transposition or combination of both called product ciphers.
• These historic ciphers use the single key for both encryption and decryption
(symmetric cipher).
• To reduce the cipher attacks, in substitution instead of
• monoalphabetic - a letter for letter,
• polyalphabetic- one or more letters for single letter substitution can be used.
Modern Ciphers:
Modern encryption methods can be divided by two criteria: by type of
input data, and by type of key used.

- Based upon input data

• Stream Ciphers: In this kind of ciphers the plaintext is converted

into ciphertext stream by stream. So it encrypts continuous streams
of data. Like, character by character conversion. Eg. RC4.

• Block Ciphers: Here the plaintext is converted into ciphertext block

by block. So it encrypts of data of fixed size . E.g. DES, AES,
IDEA.
Modern Ciphers:
- Based upon type of key: By type of key used, ciphers are divided
into;

• Symmetric Key Algorithms (Private Key Cryptography):

These techniques use single key for encryption as well as
decryption.
• Asymmetric Key Algorithms (Public Key Cryptography):
These techniques use two keys, namely private and public keys.
One key is used for encryption and the other is used for
decryption.
Public Key Cryptosystem
 Fiestel Cipher Structure
- Fiestel cipher is a type of block cipher design, not a specific
cipher.
- In a fiestel cipher, the plaintext block 𝑃 is divided into left
and right halves: 𝑃 = (𝐿0, 𝑅0). Then the two halves pass
through 𝑛 rounds of processing then combine to produce
the cipher block.
For each round 𝑖 = 1, 2, … … . 𝑛 new left and right halves
are computed according to the rules:
𝐿𝑖 = 𝑅𝑖−1
𝑅𝑖 = 𝐿𝑖−1 ⊕ 𝐹(𝑅𝑖−1, 𝐾𝑖)
Where, 𝐹 is round function and 𝐾𝑖 is the subkey for round 𝑖.
The subkey is derived from the original key 𝐾𝑖
according to a specified key schedule algorithm.
Finally the ciphertext 𝐶 is the output of the final round.
𝐶 = (𝐿𝑛, 𝑅𝑛)
 Fiestel Cipher Structure
- All rounds have the same structure.
- A substitution is performed on the
left half of the data. This is done by
applying a round function 𝐹 to the
right half of data followed by the
XOR of the output of that function
and left half of data.
- The permutation steps at each round
swaps the modified 𝐿 and
unmodified 𝑅.
- The combination of substitution and
permutation is called a round.
Substitution Permutation Network(SPN)
Substitution Permutation network is a series of linked
mathematical operations used in block cipher
algorithms. It takes the block of the plaintext and key
as inputs and applies several alternating “rounds” or
“layers” of substitution boxes (S- boxes) and
permutation boxes (P-boxes) to produce the ciphertext
block.
⮚ An S-Box substitutes a small block of bits (the
input of the S-box) by another block of bits (the
output of the S-box). In particular, the length of the
output should be same as the length of the input.
⮚ A P-Box is a permutation of all the bits: it takes the
outputs of all the S-boxes of one round, permutes
the bits, and feeds them into the S-boxes of the next
round.
Data Encryption Standards(DES)
- DES is block cipher that operates on a
plaintext block of 64 bits and returns
ciphertext of same size.
- The key length is 56 bits. The key
originally consists of 64 bits; however, only
56 of these are actually used by the
algorithm. Eight bits are used for checking
parity and are thereafter discarded.
- It consists of 16 rounds, each round
performs the steps of substitution (confusion)
and transposition (diffusion).
DES Algorithm
- The algorithm accepts plaintext 𝑃, performs an initial
permutation,𝐼𝑃, on 𝑃 producing 𝑃𝑜. The block is then broken down into
left and right halves, the left (𝐿𝑜) being the first 32 bits of 𝑃𝑜 and the
right (𝑅𝑜) being the last 32 bits of 𝑃𝑜.
- With 𝐿𝑜 and 𝑅𝑜, 16 rounds are performed until 𝐿16 and 𝑅16 are
generated according the rule:
𝐿𝑖 = 𝑅𝑖−1
𝑅𝑖 = 𝐿𝑖−1 ⊕ 𝐹(𝑅𝑖−1, 𝐾𝑖)
- The inverse permutation, 𝐼𝑃−1, is applied to 𝐿16𝑅16 to produce
ciphertext 𝐶.
Key Generation

Shifting
Rounds Shift

1, 2, 9, 16 One bit

Others Two bit

Key Generation
⮚ In DES encryption, the round-key generator creates sixteen 48-bit keys
out of a 56-bit cipher key.
⮚ Initially, 56 bits of the key are selected from the initial 64-bit by
Permuted Choice 1 (PC-1), the remaining eight bits are either
discarded or used as parity check bits.
⮚ The 56 bits are then divided into two 28-bit halves (𝐶0 &𝐷0); each half
is thereafter treated separately.
⮚ In successive rounds, both halves(𝐶𝑖−1&𝐷𝑖−1) are rotated left by one or
two bits specified for each round, and then 48 subkey bits are selected
by Permuted Choice 2, PC-2 (24 bits from the left half, and 24 from
the right) that serves as input to the function 𝐹( 𝑅𝑖−1, 𝐾𝑖).
Single Round of DES Algorithm

• The following figure

shows a closer view of
algorithms for a single
iteration.
• The 64bit permuted
input passes through 16
iterations, producing an
intermediate 64-bit
value at the conclusion
of each iteration.
Single Round of DES Algorithm
• The left hand output of an
iteration (𝐿𝑖) is equal to the right
hand input to that iteration 𝑅𝑖−1.
• The right hand output 𝑅𝑖 is
exclusive OR of 𝐿𝑖−1 and a
complex function 𝐹 of 𝐾𝑖 and
𝑅𝑖−1.
• The function 𝐹 can be depicted
by the following figure. 𝑆1, 𝑆2,
… … … , 𝑆8 represent the ”S-
boxes”, which maps each
combination of 48 input bits into
a particular 32 bit pattern.
Decryption of DES
decryption mode, the key schedule algorithm has to generate the round keys as the sequence 𝐾16, 𝐾15, … …
The process is the same as encryption, only the difference is that keys are used in reverse order. Thus, when in

… , 𝐾1.

Double DES

- It does twice what DES normally does only once.

- It uses two keys 𝐾1 & 𝐾2 and encrypt the text
using the two keys.
𝐶 = 𝐸𝐾2 (𝐸𝐾1 (𝑃))

- To decrypt simply use DES decryption twice.

𝐶 = 𝐷𝐾1 (𝐷𝐾2 (𝐶))
Triple DES

▪ With Two Keys: It uses three stages of DES

for encryption and decryption. The 1st & 3rd
stages use 𝐾1 key and 2nd stage uses 𝐾2 key.
To make triple DES compatible with single
DES, the middle stage uses decryption in
the encryption side and encryption in the
decryption side.
Encryption: 𝐶 = 𝐸𝐾1 (𝐷𝐾2 (𝐸𝐾1 (𝑃)))
Decryption: 𝑃 = 𝐷𝐾1 (𝐸𝐾2 (𝐷𝐾1 (𝐶)))
International Data Encryption Algorithm(IDEA)
❖ The block cipher IDEA operates with 64-bit plaintext and ciphertext blocks
and is controlled by a 128- bit key from which we derive 52 subkeys that is
used in the algorithm, and consists of a series of eight identical
transformations (a round) in which 6 different subkeys are used and last four
keys are used for output transformation (the half-round).

❖ IDEA derives much of its security by

interleaving operations from different
groups - modular addition and
multiplication, and bitwise eXclusive OR
(XOR) - which are algebraically
"incompatible" in some sense. In more
detail, these operators, which all deal with
16-bit quantities, are:
⊕ 𝑏𝑖𝑡𝑤𝑖𝑠𝑒 𝑋𝑂𝑅 𝑜𝑓 16 − 𝑏𝑖𝑡 𝑠𝑢𝑏 −
𝑏𝑙𝑜𝑐𝑘𝑠
⊞ 𝑎𝑑𝑑𝑖𝑡𝑖𝑜𝑛 𝑚𝑜𝑑𝑢𝑙𝑜 216 𝑜𝑓 16 − 𝑏𝑖𝑡
𝑖𝑛𝑡𝑒𝑔𝑒𝑟𝑠
⨀ 𝑚𝑢𝑙𝑡𝑖𝑝𝑙𝑖𝑐𝑎𝑡𝑖𝑜𝑛 𝑚𝑜𝑑𝑢𝑙𝑜 216 + 1
𝑜𝑓 16 − 𝑏𝑖𝑡 𝑖𝑛𝑡𝑒𝑔𝑒𝑟𝑠 𝑤𝑖𝑡ℎ 𝑡ℎ𝑒 𝑧𝑒𝑟𝑜
𝑠𝑢𝑏 −
𝑏𝑙𝑜𝑐𝑘 𝑐𝑜𝑟𝑟𝑒𝑠𝑝𝑜𝑛𝑑𝑖𝑛𝑔 𝑡𝑜 216
International
Data Encryption
Algorithm(IDEA)
Key Generation
▪ The 64-bit plaintext block is partitioned into four 16-bit sub-blocks, since all the algebraic operations
used in the encryption process operate on 16-bit numbers.
▪ For each of the encryption round, six 16-bit key sub-blocks are generated from the 128-bit key. Since
a further four 16-bit key-sub- blocks are required for the subsequent output transformation, a total of
52 (= 8 x 6 +4) different 16-bit sub-blocks have to be generated from the 128-bit key.
▪ The 52 16-bit key sub-blocks which are generated from the 128-bit key are produced as follows:
▪ First, the 128-bit key is partitioned into eight 16-bit sub-blocks which are then directly used as
the first eight key sub-blocks.
▪ The 128-bit key is then cyclically shifted to the left by 25 positions, after which the resulting
128-bit block is again partitioned into eight 16-bit sub-blocks to be directly used as the next
eight key sub-blocks.
▪ The cyclic shift procedure described above is repeated until all of the required 52 16-bit key
sub-blocks have been generated.
International Data Encryption Algorithm(IDEA)
Encryption
The process consists of eight identical encryption steps (known as
encryption rounds) followed by an output transformation.
❑ The first four 16-bit key sub-blocks are combined with two of the 16-bit
plaintext blocks using addition modulo 2 16 , and with the other two
plaintext blocks using multiplication modulo 2 16 + 1.
❑ At the end of the first encryption round four 16-bit values are produced
which are used as input to the second encryption round.
❑ The process is repeated in each of the subsequent 7 encryption rounds.
❑ The four 16-bit values produced at the end of the 8 th encryption round
are combined with the last four of the 52 key sub-blocks using addition
modulo 216and multiplication modulo 216 + 1 to form the resulting four
16- bit ciphertext blocks.
Decryption

❑ The computational process used for decryption of the cipher text is

essentially the same as that used for encryption of the plaintext.
❑ The only difference is that each of the 52 16-bit key sub- blocks
used for decryption is the inverse of the key sub-block used during
encryption in respect of the applied algebraic group operation.
❑ Additionally, the key sub-blocks must be used in the reverse order
during decryption in order to reverse the encryption process.
Advanced Encryption Standard(AES)
- AES is a block cipher which operates on block size of 128 bits for both
encrypting as well as decrypting.
- Three key lengths are available: 128, 192, or 256 bits (16, 24, or 32 bytes)
- The number of rounds performed by the algorithm strictly depends on the
size of key.
- Each of these rounds uses a different 128-bit round key, which is
calculated from the original AES key.
Key Size (in
- Each round consists of four functions: bits) Rounds
1. Sub Bytes 128 10
2. Shift Rows 192 12

3. Mix Columns, not applied in last round. 256 14

4. Add Round Key

 Advanced
Encryption
Standard (AES)
AES treats the 128-bits block (16
bytes) as a 4 × 4 byte array, called

𝑎00 𝑎01 𝑎02 𝑎03

state matrix.

𝑎10 𝑎11 𝑎12 𝑎12

𝑎20 𝑎21 𝑎22 𝑎23
𝑎30 𝑎31 𝑎32 𝑎33

All the four AES operations are

applied on the matrices further.
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES)
1. Sub Bytes

𝑆; 𝑏𝑖𝑗 = 𝑆(𝑎𝑖𝑗).
In the SubBytes step, each byte in the state is replaced with the corresponding S-box value,
Advanced Encryption Standard (AES)
2. Shift Rows
1st row: no shift.
In the ShiftRows step, bytes in each row of
2nd row: a 1-byte circular left shift.
the state are shifted cyclically to the left. The
3rd row: a 2-byte circular left shift.
number of places each byte is shifted differs
for each row. 4th row: a 3-byte circular left shift.
Advanced Encryption Standard (AES)
3. Mix Columns

❖ Each column of four bytes is now

transformed using a special mathematical
function.
❖ This function takes as input the four
bytes of one column and outputs four
completely new bytes, which replace the
original column.
❖ The result is another new matrix
consisting of 16 new bytes. It should be
noted that this step is not performed in
the last round.
Advanced Encryption Standard (AES)
4. Add Round Key

In the AddRoundKey step, each byte of

the state is combined with a
corresponding byte of the round subkey
using the XOR operation (⊕).
Stream Ciphers
• A stream cipher is a method of encrypting text (to produce cipher text)
in which a cryptographic key and algorithm are applied to each binary
digit in a data stream, one byte at a time, although a stream cipher may
be designed to operate on one bit at a time or on units larger than a
byte at a time.
• In this structure a key is input to a pseudorandom bit generator that
produces a stream of 8-bit numbers that are apparently random.
• A pseudorandom stream is one that is generated by an algorithm but is
unpredictable without knowledge of the input key.
 Stream Ciphers
Following figure is a representative diagram of stream cipher structure
 Stream Ciphers
The output of the generator, called a keystream, is combined one byte at a time
with the plaintext stream using the bitwise exclusive-OR (XOR) operation.

• For example, if the next byte generated by the generator is 01101100 and the next

plaintext byte is 11001100, then the resulting ciphertext byte is:

11001100 plaintext
XOR 01101100 key stream
10100000 ciphertext
• Decryption requires the use of the same pseudorandom sequence:
10100000 ciphertext
XOR 01101100 key stream
11001100 plaintext
Stream Ciphers
•A stream cipher is an encryption algorithm that uses a symmetric key to
encrypt and decrypt a given amount of data.
•What makes stream ciphers particularly unique is that they encrypt data one
bit, or byte, at a time.
•Stream Cipher follows the sequence of pseudorandom number stream.
•One of the benefits of following stream cipher is to make cryptanalysis
more difficult, so the number of bits chosen in the Keystream must be long
in order to make cryptanalysis more difficult.
•By making the key more longer it is also safe against brute force attacks.
•The longer the key the stronger security is achieved, preventing any attack.
Types of Stream Ciphers

• Synchronous Stream Cipher

• Self Synchronous Stream Cipher
Synchronous Stream Cipher
• To simulate a random, infinitely long key, synchronous stream
ciphers generate bits from a source other than the message itself.
• The simplest such cipher extracts bits from a register to use as the
key.
• The contents of the register change on the basis of the current
contents of the register.
Self-Synchronous Stream Cipher
• Self-synchronous ciphers obtain the key from the
message itself.
• The simplest self-synchronous cipher is called an
autokey cipher and uses the message itself for the key.
RC4
• A symmetric key encryption algorithm invented by Ron Rivest in 1987.
• RC4 is a stream cipher and variable-length key algorithm.
• This algorithm encrypts one byte at a time (or larger units at a time).
• A key input is a pseudorandom bit generator that produces a stream
8-bit number that is unpredictable without knowledge of input key.
• The output of the generator is called key-stream, is combined one
byte at a time with the plaintext stream cipher using X-OR operation.
RC4 Inside
• Consist of two parts
• Key Scheduling Algorithm (KSA)
• Pseuo-random Generation Algorithm (PRGA)
• KSA
• Generate the state array
• PRGA on KSA
• Generate key stream
• XOR keystream with the data to generated encrypted stream
Key-Generation Algorithm
• A variable-length key from 1 to 256 bytes is used to initialize a 256-
byte state vector S, with elements S[0] to S[255].
• For encryption and decryption, a byte k is generated from S by
selecting one of the 255 entries in a systematic fashion, then the
entries in S are permuted again.
Key-Scheduling Algorithm: Initialization
• The entries of S are set equal to the values from 0 to 255 in ascending order.
• Temporary vector T, is created.
• If the length of the key k is 256 bytes, then k is assigned to T.
• Otherwise, for a key with length(k-len) bytes, the first k-len elements of T as copied
from K, and then K is repeated as many times as necessary to fill T.
• We use T to produce the initial permutation of S.
• Starting with S[0] to S[255], and for each S[i] algorithm swap it with another byte
in S according to a scheme dictated by T[i], but S will still contain values from 0 to
255.
Initialize the State Vector S and
Temporary Vector T
S is initialized so the S[i] = i, and T is initialized so it is the key K (repeated as necessary).
for i = 0 to 255
do S[i]=i; Step 1
T[i]=K[i mod k-len];
Now perform the initial permutation on S.
j = 0;
for i = 0 to 255
do j = (j + S[i] + T[i]) mod 256 Step 2
Swap(S[i],S[j]);
end
Pseudo Random Generation Algorithm
(Stream Generation):
• Generate key stream k, one-by-one.
i, j = 0;
while (true)
{
i = (i + 1) mod 256;
j = (j + S[i]) mod 256;
Swap (S[i], S[j]);
t = (S[i] + S[j]) mod 256;
k = S[t];
}
Encryption
• For encryption, XOR k with the next input value of given plaintext to
get the ciphertext.
RC4 Decryption
• Use the same secret key as during the encryption phase.
• Generate keystream by using KSA and PRGA.
• XOR keystream with the encrypted text to generate the plain text.
Stream Cipher using Feedback Shift Registers
• An n-stage LFSR consists of an n-bit register r = r0 …rn–1 and an n-bit tap sequence
t = t0 …tn–1 .
• To obtain a key bit, r0 is used, the register is shifted one bit to the right, and the
new bit r0 t0 Ꚛ … Ꚛrn–1 tn–1 is inserted.
• The LFSR method is an attempt to simulate a one-time pad by generating a long
key sequence from a little information.
• As with any such attempt, if the key is shorter than the message, breaking part of
the ciphertext gives the cryptanalyst information about other parts of the
ciphertext.
• For an LFSR, a known plaintext attack can reveal parts of the key sequence.
• If the known plaintext is of length 2n, the tap sequence for an n-stage LFSR can be
determined completely.
n-stage Linear Feedback Shift Register (LFSR)
n-stage Linear Feedback Shift Register (LFSR)
Example: 4-stage LFSR; t = 1001

r Ki New Bit Computation New r

0010 0 01Ꚛ00Ꚛ10Ꚛ01 = 0 0001
0001 1 01Ꚛ00Ꚛ00Ꚛ11 = 1 1000
1000 0 11Ꚛ00Ꚛ00Ꚛ01 = 1 1100
1100 0 11Ꚛ10Ꚛ00Ꚛ01 = 1 1110
1110 0 11Ꚛ10Ꚛ10Ꚛ01 = 1 1111
1111 1 11Ꚛ10Ꚛ10Ꚛ11 = 0 0111
0111 1 01Ꚛ10Ꚛ10Ꚛ11 = 1 1011

Key sequence has period of 15 (0100010….)

n-stage Non-Linear Feedback Shift Register
(NLFSR):
• An n-stage NLFSR consists of an n-bit register r = r 0 …r
n–1 .
• When a key bit is required, r 0 is used, the register is
shifted one bit to the right, and the new bit is set to f(r
0 …r n–1 ), where f is any function of n inputs.
• It has same operation as LFSR except for the bit
replacement function.
n-stage Non-Linear Feedback Shift Register
(NLFSR):
Example: 4-stage NLFSR; f(r0, r1, r2, r3) = (r0 & r2) | r3

Key sequence has period

of 4 (0011)
Asymmetric Key Cryptography

• Asymmetric encryption use two keys, one to encrypt the data, and
another key to decrypt the data.
• These keys are generated together.
• One is named as Public key and is distributed freely.
• The other is named as Private Key and it is kept hidden.
• Both Sender & Recipient has to share their Public Keys for
Encryption and has to use their Private Keys for Decryption.
Asymmetric Key Cryptography
How it WORK?
Difference between Symmetric and asymmetric Key Cryptography
ElGamal Cryptography
• Public Key encryption algorithm.
• Proposed by Taher Elgamal in 1985.
• Based on Diffie-Hellman key Exchange.
Steps
• Key Generation
• Encryption
• Decryption
Key Generation
• Agent X Chooses
1. A large Prime p
2. A primitive element(root) g modulo p
3. A (possibly random) integer d with 1 < d < p-1
4. Compute e= gd mod p
5. Posts public key (p, g, e).
6. Private key is d.
Encryption
1. Agent Y encrypts a short message M (M<p) and send it
to Agent X .
2. Agent Y chooses a random integer k such that 1<=k<=p-
1 (which he keeps secret).
3. Agent Y computes Y1= gk mod p and Y2= M*e k mod p.
4. Agent Y sends his encrypted message (Ciphertext) (Y1,
Y2) to agent X.
Decryption
1. When Agent X receives the encrypted message
(Ciphertext) (Y1, Y2), he decrypts (using the private key
d) by Computing
2. Plaintext(M)= Y2*(Y1 d )-1 mod p
Exercise
• Let p=11
• d=3
• E1=2
• Pt=7
• R=4
• Perform the encryption and decryption using Elgamal
algorithm.
Solution
Elliptic Curve Cryptography
• Elliptic Curve Cryptography (ECC) is an encryption technology
comparable to RSA that enables public-key encryption.
• While RSA’s security is dependent on huge prime numbers, ECC
leverages the mathematical theory of elliptic curves to achieve
the same level of security with considerably smaller keys.
• It was discovered by Victor Miller of IBM and Neil Koblitz of the
University of Washington in the year 1985.
Elliptic Curve Cryptography
• ECC, as the name implies, is an asymmetric encryption algorithm
that employs the algebraic architecture of elliptic curves with
finite fields.
• •Elliptic Curve Cryptography (ECC) is an encryption technology
comparable to RSA that enables public-key encryption.
• •Elliptic curve cryptography algorithms entered wide use from
2004 to 2005.
Elliptic Curve Cryptography
• Elliptic Curve Cryptography (ECC)is an approach to public-key
cryptography, based on the algebraic structure of elliptic curves
over finite fields. ECC requires a smaller key as compared to
non-ECC cryptography to provide equivalent security.
Elliptic Curve Cryptography
• For a better understanding of Elliptic Curve Cryptography, it is very important to
understand the basics of the Elliptic Curve.
• An elliptic curve is a planar algebraic curve defined by an equation of the form
y2 = x3+ax+b
• Where ‘a’ is the co-efficient of x and ‘b’ is the constant of the equation.
• The curve is non-singular; that is, its graph has no cusps or self-intersections.
• In general, an elliptic curve looks like as shown below.
• Elliptic curves can intersect almost 3 points when a straight line is drawn
intersecting the curve.
• As we can see, the elliptic curve is symmetric about the x-axis.
• This property plays a key role in the algorithm.
Elliptic Curve Cryptography
Elliptic Curve Cryptography
For the sake of simplicity and practical implementation of the
algorithm, we will consider only 4 variables, one prime P and G (a
primitive root of P) and two private values a and b.
•P and G are both publicly available numbers.
•Users (say Alice and Bob) pick private values a and b and they
generate a key and exchange it publicly.
•The opposite person receives the key and that generates a secret
key, after which they have the same secret key to encrypt.
Components of Elliptic Curve Cryptography

1. ECC keys:
•Private key: ECC cryptography’s private key creation is as
simple as safely producing a random integer in a specific
range, making it highly quick.
•Any integer in the field represents a valid ECC private key.
•Public keys: Public keys within ECC are EC points, which
are pairs of integer coordinates x, and y that lie on a curve.
Generator Point
•ECC cryptosystems establish a special pre-defined EC point called
generator point G (base point) for elliptic curves over finite fields,
which can generate any other position in its subgroup over the
elliptic curve by multiplying G from some integer in the range [0…r].
•The number r is referred to as the “ordering” of the cyclic
subgroup.
•Elliptic curve subgroups typically contain numerous generator
points, but cryptologists carefully select one of them to generate the
entire group (or subgroup), and is excellent for performance
optimizations in calculations.
•This is the “G” generator.
Global Public Elements

•Eq(a,b) -elliptic curve with parameters a,b, and q, where q

is a prime or an integer of the form 2m .
•G -point on elliptic curve whose order is large value n
User A key generation
Select private nA, nA < n
Calculate public PA PA = nA*G
Global Public Elements

User B key generation

Select private nB nB < n
Calculate public PB PB = nB *G
Calculation of Secret Key by User A
K= nA * PB
Calculation of Secret Key by User B
K= nB*PA
ECC Encryption
•Let the message be M
•First encode this message M into a point on elliptic
curve.
•Let this point be Pm.
•For encryption, A choose a random positive integer
k and produces the ciphertext Cm as:
Cm = {kG, Pm + kPB }
• This point will be sent to receiver B.
ECC Decryption
•For decryption, multiply x-coordinate with receivers
secrete key.
• i.e. kG*nB .
•Subtract kG*nB from y- coordinate of cipher point.
Pm + kPB – nB (kG)
=Pm + kPB – kPB [PB = nB* G]
=Pm
So, Receiver gets the same point.
Overview of Homomorphic Encryption
• Homomorphic encryption is a cryptographic method that allows mathematical operations
on data to be carried out on a cipher text, instead of on the actual data itself.
• The cipher text is an encrypted version of the input data (also called plain text), that is
operated on and then decrypted to obtain the desired output.
• The critical property of homomorphic encryption is that the same output should be obtained
from decrypting the operated cipher text as from simply operating on the initial plain text.
• There are many interesting applications that arise from a system that is capable of doing
homomorphic operations, such as the processing of medical data, preserving the
• privacy of the patient, outsourcing of financial operations, anonymous database queries and
a more privacy preserving advertising system .
Format Preserving Encryption
• Format Preserving Encryption, or FPE,
is an encryption algorithm which
preserves the format of the information
while it is being encrypted.
• FPE is weaker than standard Advanced
Encryption Standard (AES), but FPE
can preserve the length of the data as
well as its format.
• FPE works with existing databases to
encrypt data while keeping it in the
same format, encrypting data while not
harming the function of existing
applications.
Format Preserving Encryption
• FPE encrypts takes plain text and converts it to ciphertext, of the same
format.
• By keeping the format the same, an application can do operations on data
as if it were the plaintext, while not revealing the sensitive information
encrypted.
• Personally Identifiable Information (PII), credit card information, social
security numbers, and other sensitive data are normally encrypted with
Format Preserving Encryption.
• FPE has three different modes of operation: FF1, FF2, and FF3, which are
referred to as FFX as a whole.
Format Preserving Encryption
• All three of the operation methods utilize the AES block cipher within
their encryption.
• The second mode, FF2, was created but never approved by the National
Institute of Standards and Technology (NIST).
• Instead, FF1 and FF3 were approved.
• FF1 is the most commonly used version, because of a cryptanalytic attack
performed on the FF3 method which showed it held flaws.
• This attack found that the proposed 128-bit level of security was not
reached.
• In response, a method called FF3-1 was created in early 2019 which
addressed these issues.
Lightweight Cryptography
• Lightweight cryptography has been a very important for the last few
years, driven by the lack of primitives capable to run on devices with
very low computing power.
• For instance of RFID tags, sensors in wireless sensor network or, more
generally, small internet-enabled appliances expected to flood the
markets as the IoT arises.
• Tradeoff between light weightness and security.
• Stream ciphers, block ciphers, hash functions and recently one-pass
authenticated encryption
Lightweight Cryptography
• Lightweight cryptography has been a very important for the last few
years, driven by the lack of primitives capable to run on devices with
very low computing power.
• For instance of RFID tags, sensors in wireless sensor network or, more
generally, small internet-enabled appliances expected to flood the
markets as the IoT arises.
• Tradeoff between light weightness and security.
• Stream ciphers, block ciphers, hash functions and recently one-pass
authenticated encryption
Post Quantum Cryptography
• Post-quantum cryptography(occasionally called quantum-proof,
quantum-safe, or quantum-resistant) directs to cryptographic
algorithms (usually public-key algorithms) that are protected against
an invasion by a quantum computer.
• Post-quantum cryptography equips us for the era of quantum
computing by revising existing mathematical-based algorithms and
standards.
• The evolution of cryptographic approaches can be implemented using
today’s classical computers but will be impervious to attacks from
tomorrow’s quantum ones.
Why do we need post-quantum
cryptography?
• Public and private keys are mathematically connected.
• Today’s techniques for public-key cryptography depend on
mathematical issues that traditional computers find quite difficult,
such as calculating the prime factors of a very large number.
• Quantum computers process information in a way that allows them to
do some types of calculations that classical computers can’t.