CNS - Unit 2

CS6701 / Cryptography and Network Security
BE(CSE) VII Sem / IV Year
UNIT II BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY (10)
Data Encryption Standard-Block cipher principles-block cipher modes of operation- Advanced

Encryption Standard (AES)-Triple DES-Blowfish-RC5 algorithm. Public key cryptography: Principles
of public key cryptosystems-The RSA algorithm-Key management - Diffie Hellman Key exchangeElliptic curve arithmetic-Elliptic curve cryptography.
TEXT BOOKS:
1. William Stallings, Cryptography and Network Security, 6th Edition, Pearson Education,
March 2013
REFERENCES:
1. Behrouz A. Ferouzan, Cryptography & Network Security, Tata Mc Graw Hill, 2007.
2. http://nptel.ac.in/.
Learning Objectives
After studying this unit, students should be able to
Understand the distinction between stream ciphers and block ciphers.

Present an overview of the Feistel cipher and explain how decryption is the inverse of encryption.
Present an overview of Data Encryption Standard (DES), Triple DES, Blowfish.
Discuss the cryptographic strength of DES and AES.
Understand the concept of public key crypto systems.
Use the RSA and Diffie-Hellman Algorithm in real time application.
Solve the problems using Elliptic Curve crypto system.
2.1 INTRODUCTION-Traditional Block Cipher Structure:

Many symmetric block encryption algorithms in current use are based on a structure referred to as
a Feistel block cipher. For that reason, it is important to examine the design principles of the Feistel
cipher. We begin with a comparison of stream ciphers and block ciphers.
Stream Ciphers and Block Ciphers
Page 39
A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. Examples
of classical stream ciphers are the autokeyed Vigenre cipher and the Vernam cipher. In the ideal case, a
one-time pad version of the Vernam cipher would be used, in which the keystream (ki) is as long as the
plaintext bit stream (pi). If the cryptographic keystream is random, then this cipher is unbreakable by any
means other than acquiring the keystream. However, the keystream must be provided to both users in
advance via some independent and secure channel. This introduces insurmountable logistical problems if
the intended data traffic is very large.
Accordingly, for practical reasons, the bit-stream generator must be implemented as an
algorithmic procedure, so that the cryptographic bit stream can be produced by both users.
In this approach (Fig.a), the bit-stream generator is a key-controlled algorithm and must produce a bit
stream that is cryptographically strong. The two users need only share the generating key, and each can
produce the keystream.
A block cipher is one in which a block of plaintext is treated as a whole and used to produce a
ciphertext block of equal length. Typically, a block size of 64 or 128 bits is used. As with a stream cipher,
the two users share a symmetric encryption key (Fig.b). Using some of the modes of operation, a block
cipher can be used to achieve the same effect as a stream cipher.
Page 40
Motivation for the Feistel Cipher Structure

A block cipher operates on a plaintext block of n bits to produce a ciphertext block of n bits. There
are 2n possible different plaintext blocks and, for the encryption to be reversible (i.e., for decryption to be
possible), each must produce a unique ciphertext block. Such a transformation is called reversible, or nonsingular.
Figure : illustrates the logic of a general substitution cipher for n = 4.

A 4-bit input produces one of 16 possible input states, which is mapped by the substitution cipher into a
unique one of 16 possible output states, each of which is represented by 4 ciphertext bits. Feistel refers to
this as the ideal block cipher, because it allows for the maximum number of possible encryption mappings
from the plaintext block.
Page 41
But there is a practical problem with the ideal block cipher. If a small block size, such as n = 4, is used,
then the system is equivalent to a classical substitution cipher.
An arbitrary reversible substitution cipher (the ideal block cipher) for a large block size is not
practical, however, from an implementation and performance point of view.
In considering these difficulties, Feistel points out that what is needed is an approximation to the ideal
block cipher system for large n, built up out of components that are easily realizable.
The Feistel Cipher
Feistel proposed that we can approximate the ideal block cipher by utilizing the concept of a
product cipher, which is the execution of two or more simple ciphers in sequence in such a way that the
final result or product is cryptographically stronger than any of the component ciphers. The essence of the
approach is to develop a block cipher with a key length of k bits and a block length of n bits, allowing a
total of 2k possible transformations, rather than the 2n! transformations available with the ideal
block cipher.
In particular, Feistel proposed the use of a cipher that alternates substitutions and permutations,
where these terms are defined as follows:
Substitution: Each plaintext element or group of elements is uniquely replaced by a corresponding
ciphertext element or group of elements.
Permutation: A sequence of plaintext elements is replaced by a permutation of that sequence. That is,
no elements are added or deleted or replaced in the sequence, rather the order in which the elements
appear in the sequence is changed.
Feistels is a practical application of a proposal by Claude Shannon to develop a product cipher that
alternates confusion and diffusion functions.
Shannon suggests two methods for frustrating statistical cryptanalysis: diffusion and confusion. In
diffusion, the statistical structure of the plaintext is dissipated into long-range statistics of the ciphertext.
This is achieved by having each plaintext digit affect the value of many ciphertext digits; generally, this is
equivalent to having each ciphertext digit be affected by many plaintext digits.
Every block cipher involves a transformation of a block of plaintext into a block of ciphertext,
where the transformation depends on the key. The mechanism of diffusion seeks to make the statistical
relationship between the plaintext and ciphertext as complex as possible in order to thwart attempts to
deduce the key. On the other hand, confusion seeks to make the relationship between the statistics of the
Page 42
ciphertext and the value of the encryption key as complex as possible, again to thwart attempts to
discover the key. Thus, even if the attacker can get some handle on the statistics of the ciphertext, the way
in which the key was used to produce that ciphertext is so complex as to make it difficult to deduce the
key. This is achieved by the use of a complex substitution algorithm.
Feistel cipher structure

The inputs to the encryption algorithm are a plaintext block of length 2w bits and a key K. The
plaintext block is divided into two halves, L0 and R0.
The two halves of the data pass through n rounds of processing and then combine to produce the
ciphertext block. Each round i has as inputs Li-1 and Ri-1 derived from the previous round, as well as a
subkey Ki derived from the overall K. In general, the subkeys Ki are different from K and from each
other. In Figure, 16 rounds are used, although any number of rounds could be implemented.
All rounds have the same structure. A substitution is performed on the left half of the data. This is
done by applying a round function F to the right half of the data and then taking the exclusive-OR of the
output of that function and the left half of the data. The round function has the same general structure for
each round but is parameterized by the round subkey Ki.
F is a function of right-half block of w bits and a subkey of y bits, which produces an output value
of length w bits: F(REi, Ki+1). Following this substitution, a permutation is performed that consists of
the interchange of the two halves of the data.
The exact realization of a Feistel network depends on the choice of the following parameters and design
features:
Block size: Larger block sizes mean greater security (all other things being equal) but reduced
encryption/decryption speed for a given algorithm. Traditionally, a block size of 64 bits has been
considered a reasonable tradeoff and was nearly universal in block cipher design.
Key size: Larger key size means greater security but may decrease encryption/ decryption speed.. Key
sizes of 64 bits or less are now widely considered to be inadequate, and 128 bits has become a common
size.
Number of rounds: The essence of the Feistel cipher is that a single round offers inadequate security
but that multiple rounds offer increasing security. A typical size is 16 rounds.
Subkey generation algorithm: Greater complexity in this algorithm should lead to greater difficulty of
cryptanalysis.
Page 43
Round function F: Again, greater complexity generally means greater resistance to cryptanalysis.
There are two other considerations in the design of a Feistel cipher:
Fast software encryption/decryption: In many cases, encryption is embedded in applications or utility
functions in such a way as to preclude a hardware implementation.
Ease of analysis: Although we would like to make our algorithm as difficult as possible to
cryptanalyze, there is great benefit in making the algorithm easy to analyze.
Feistel Decryption Algorithm

The process of decryption is essentially the same as the encryption process. The rule is as follows:
use the cipher text as input to the algorithm, but use the subkey ki in reverse order. i.e., kn in the first
round, kn-1 in second round and so on. For clarity, we use the notation LEi and REi for data traveling
through the decryption algorithm. The diagram below indicates that, at each round, the intermediate value
Page 44
of the decryption process is same (equal) to the corresponding value of the encryption process with two
halves of the value swapped. i.e., REi || LEi (or) equivalently RD16-i || LD16-i.
After the last iteration of the encryption process, the two halves of the output are swapped, so that
the cipher text is RE16 || LE16. The output of that round is the cipher text. Now take the cipher text and
use it as input to the same algorithm. The input to the first round is RE16 || LE16, which is equal to the
32-bit swap of the output of the sixteenth round of the encryption process.
Now we will see how the output of the first round of the decryption process is equal to a 32-bit swap of
the input to the sixteenth round of the encryption process.
First consider the encryption process,
LE16 = RE15
RE16 = LE15
F (RE15, K16)
On the decryption side,

LD1 =RD0 = LE16 =RE15
RD1 = LD0
F (RD0, K16)
= RE16
F (RE15, K16)
= [LE15
F (RE15, K16)]
F (RE15, K16)
= LE15
Therefore, LD1 = RE15
RD1 = LE15
In general, for the ith iteration of the encryption algorithm,
LEi = REi-1
REi = LEi-1
F (REi-1, Ki)
Finally, the output of the last round of the decryption process is RE0 || LE0. A 32-bit swap recovers the
original plaintext.
2.2 The Data Encryption Standard

Data Encryption Standard (DES) was the most widely used encryption scheme. DES was issued in
1977 by the National Bureau of Standards, now the National Institute of Standards and Technology
(NIST), as Federal Information Processing Standard 46 .The algorithm itself is referred to as the Data
Encryption Algorithm (DEA).7 For DEA, data are encrypted in 64-bit blocks using a 56-bit key.
Page 45
The algorithm transforms 64-bit input in a series of steps into a 64-bit output. The same steps,
with the same key, are used to reverse the encryption.
DES Encryption
There are two inputs to the encryption function: the plaintext to be encrypted and the key. In this
case, the plaintext must be 64 bits in length and the key is 56 bits in length.
The processing of the plaintext proceeds in three phases. First, the 64-bit plaintext passes through
an initial permutation (IP) that rearranges the bits to produce the permuted input.
This is followed by a phase consisting of sixteen rounds of the same function, which involves both
permutation and substitution functions. The output of the last (sixteenth) round consists of 64 bits that are
a function of the input plaintext and the key. The left and right halves of the output are swapped to
produce the preoutput.
Finally, the preoutput is passed through a permutation [IP -1] that is the inverse of the initial
permutation function, to produce the 64-bit ciphertext.
Page 46
The right-hand portion of Figure 3.5 shows the way in which the 56-bit key is used. Initially, the
key is passed through a permutation function. Then, for each of the sixteen rounds, a subkey (Ki) is
produced by the combination of a left circular shift and a permutation.
DES Decryption
As with any Feistel cipher, decryption uses the same algorithm as encryption, except that the
application of the subkeys is reversed. Additionally, the initial and final permutations are reversed.
DES Example
For this example, the plaintext is a hexadecimal palindrome. The plaintext, key, and resulting ciphertext
are as follows:
The first row shows the 32-bit values of the left and right halves of data after the initial
permutation. The next 16 rows show the results after each round. Also shown is the value of the 48-bit
subkey generated for each round.
Page 47
The Avalanche Effect

A desirable property of any encryption algorithm is that a small change in either the plaintext or
the key should produce a significant change in the ciphertext. In particular, a change in one bit of the
plaintext or one bit of the key should produce a change in many bits of the ciphertext. This is referred to
as the avalanche effect.
The Strength of DES

There have been lingering concerns about the level of security provided by DES. These concerns,
by and large, fall into two areas: key size and the nature of the algorithm.
The Use of 56-Bit Keys
With a key length of 56 bits, there are 256 possible keys, which is approximately 7.2 * 1016 keys.
Thus, on the face of it, a brute-force attack appears impractical.
Assuming that, on average, half the key space has to be searched, a single machine performing one DES
encryption per microsecond would take more than a thousand years to break the cipher.
The Nature of the DES Algorithm
Another concern is the possibility that cryptanalysis is possible by exploiting the characteristics of
the DES algorithm. The focus of concern has been on the eight substitution tables, or S-boxes, that are
used in each iteration.
2.3 BLOCK CIPHER PRINCIPLES
Page 48
Although much progress has been made in designing block ciphers that are cryptographically
Strong, we look at three critical aspects of block cipher design: the number of rounds, design of the
function F, and key scheduling.
Number of Rounds
The greater the number of rounds, the more difficult it is to perform cryptanalysis, even for a
relatively weak F. In general, the criterion should be that the number of rounds is chosen so that known
cryptanalytic efforts require greater effort than a simple brute-force key search attack. This criterion was
certainly used in the design of DES.
This criterion is attractive, because it makes it easy to judge the strength of an algorithm and to
compare different algorithms.
Design of Function F
The heart of a Feistel block cipher is the function F, which provides the element of confusion in a
Feistel cipher. Thus, it must be difficult to unscramble the substitution performed by F.
Several other criteria should be considered in designing F. We would like the algorithm to have
good avalanche properties.
A more stringent version of this is the strict avalanche criterion (SAC), which states that any output bit
j of an S-box should change with probability 1/2 when any single input bit i is inverted for all i, j.
Another criterion proposed in is the bit independence criterion (BIC), which states that output
bits j and k should change independently when any single input bit i is inverted for all i, j, and k.
Key Schedule Algorithm
With any Feistel block cipher, the key is used to generate one subkey for each round. In general, we
would like to select subkeys to maximize the difficulty of deducing individual subkeys and the difficulty
of working back to the main key.At minimum, the key schedule should guarantee key/ciphertext Strict
Avalanche Criterion and Bit Independence Criterion.
2.4 BLOCK CIPHER MODES OF OPERATION
Page 49
1. ELECTRONIC CODE BOOK (ECB)

A block cipher takes a fixed-length block of text of length b bits and a key as input and produces a
b-bit block of ciphertext. If the amount of plaintext to be encrypted is greater than b bits, then the block
cipher can still be used by breaking the plaintext up into b-bit blocks. When multiple blocks of plaintext
are encrypted using the same key, a number of security issues arise. To apply a block cipher in a variety of
applications, five modes of operation have been defined by NIST.
The simplest mode is the electronic codebook (ECB) mode, in which plaintext is handled one
block at a time and each block of plaintext is encrypted using the same key (Figure 6.3). The term
codebook is used because, for a given key, there is a unique ciphertext for every b-bit block of plaintext.
For a message longer than b bits, the procedure is simply to break the message into b-bit blocks,
padding the last block if necessary. Decryption is performed one block at a time, always using the same
key.
Page 50
The plaintext (padded as necessary) consists of a sequence of b-bit blocks, P1, P2,c, PN; the
corresponding sequence of ciphertext blocks is C1, C2, c, CN. We can define ECB mode as follows.
The most significant characteristic of ECB is that if the same b-bit block of plaintext appears more
than once in the message, it always produces the same ciphertext.
Lists the following criteria and properties for evaluating and constructing block cipher modes of
operation that are superior to ECB:
Overhead: The additional operations for the encryption and decryption operation when compared to
encrypting and decrypting in the ECB mode.
Error recovery: The property that an error in the ith ciphertext block is inherited by only a few
plaintext blocks after which the mode resynchronizes.
Page 51
Error propagation: The property that an error in the ith ciphertext block is inherited by the ith and all
subsequent plaintext blocks
Diffusion: How the plaintext statistics are reflected in the ciphertext. Low entropy plaintext blocks
should not be reflected in the ciphertext blocks.
Security: Whether or not the ciphertext blocks leak information about the plaintext blocks.
2. CIPHER BLOCK CHAINING MODE
To overcome the security deficiencies of ECB, we would like a technique in which the same
plaintext block, if repeated, produces different ciphertext blocks. A simple way to satisfy this requirement
is the cipher block chaining (CBC) mode.
In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and
the preceding ciphertext block; the same key is used for each block.
The input to the encryption function for each plaintext block bears no fixed relationship to the
plaintext block. Therefore, repeating patterns of b bits are not exposed. As with the ECB mode, the CBC
mode requires that the last block be padded to a full b bits if it is a partial block.
For decryption, each cipher block is passed through the decryption algorithm. The result is
XORed with the preceding ciphertext block to produce the plaintext block. To see that this works, we can
write
Then,
Page 52
To produce the first block of ciphertext, an initialization vector (IV) is XORed with the first block
of plaintext. On decryption, the IV is XORed with the output of the decryption algorithm to recover the
first block of plaintext.
The IV is a data block that is the same size as the cipher block. We can define CBC mode as
The IV must be known to both the sender and receiver but be unpredictable by a third party. In
particular, for any given plaintext, it must not be possible to predict the IV that will be associated to the
plaintext in advance of the generation of the IV.
Page 53
3. CIPHER FEEDBACK MODE

For AES, DES, or any block cipher, encryption is performed on a block of b bits. In the case of
DES, b = 64 and in the case of AES, b = 128. However, it is possible to convert a block cipher into a
stream cipher, using one of the three modes to be discussed in this and the next two sections: cipher
feedback (CFB) mode, output feedback (OFB) mode, and counter (CTR) mode.
A stream cipher eliminates the need to pad a message to be an integral number of blocks. It also
can operate in real time. Thus, if a character stream is being transmitted, each character can be encrypted
and transmitted immediately using a character-oriented stream cipher.
In the figure, it is assumed that the unit of transmission is s bits; a common value is s = 8. As with
CBC, the units of plaintext are chained together, so that the ciphertext of any plaintext unit is a function
of all the preceding plaintext. In this case, rather than blocks of b bits, the plaintext is divided into
segments of s bits.
First, consider encryption. The input to the encryption function is a b-bit shift register that is
initially set to some initialization vector (IV).
The leftmost (most significant) s bits of the output of the encryption function are XORed with the
first segment of plaintext P1 to produce the first unit of ciphertext C1, which is then transmitted. In
addition, the contents of the shift register are shifted left by s bits, and C1 is placed in the rightmost (least
significant) s bits of the shift register.
For decryption, the same scheme is used, except that the received ciphertext unit is XORed with
the output of the encryption function to produce the plaintext unit. Note that it is the encryption function
that is used, not the decryption function.
Let MSBs(X) be defined as the most significant s bits of X. Then
Therefore, by rearranging terms:
Page 54
We can define CFB mode as follows
Page 55
In CFB encryption, like CBC encryption, the input block to each forward cipher function (except
the first) depends on the result of the previous forward cipher function; therefore, multiple forward cipher
operations cannot be performed in parallel.
4. OUTPUT FEEDBACK MODE

The output feedback (OFB) mode is similar in structure to that of CFB. For OFB, the output of
the encryption function is fed back to become the input for encrypting the next block of plaintext.
In CFB, the output of the XOR unit is fed back to become input for encrypting the next block.
The other difference is that the OFB mode operates on full blocks of plaintext and ciphertext, whereas
CFB operates on an s-bit subset. OFB encryption can be expressed as
Where
Oj-1 = E(K, Oj-2)
Some thought should convince you that we can rewrite the encryption expression as:
By rearranging terms, we can demonstrate that decryption works.
We can define OFB mode as follows.
Let the size of a block be b. If the last block of plaintext contains u bits, with u 6 b, the most
significant u bits of the last output block ON are used for the XOR operation; the remaining b - u bits of
the last output block are discarded.
The OFB mode requires an initialization vector. In the case of OFB, the IV must be a nonce; that
is, the IV must be unique to each execution of the encryption operation. The reason for this is that the
Page 56
sequence of encryption output blocks, Oi, depends only on the key and the IV and does not depend on the
plaintext. Therefore, for a given key and IV, the stream of output bits used to XOR with the stream of
plaintext bits is fixed.
One advantage of the OFB method is that bit errors in transmission do not propagate. For
example, if a bit error occurs in C1, only the recovered value of P1 is affected; subsequent plaintext units
are not corrupted.
Page 57
The disadvantage of OFB is that it is more vulnerable to a message stream modification attack than is
CFB.
5. COUNTER MODE
The counter (CTR) mode has increased recently with applications to ATM (asynchronous transfer
mode) network security and IP sec.
A counter equal to the plaintext block size is used. The only requirement stated in SP 800-38A is
that the counter value must be different for each plaintext block that is encrypted.
Typically, the counter is initialized to some value and then incremented by 1 for each subsequent
block (modulo 2b, where b is the block size).
For encryption, the counter is encrypted and then XORed with the plaintext block to produce the
ciphertext block; there is no chaining.
For decryption, the same sequence of counter values is used, with each encrypted counter XORed
with a ciphertext block to recover the corresponding plaintext block. Thus, the initial counter value must
be made available for decryption.
Given a sequence of counters T1, T2, c, TN, we can define CTR mode as follows.
For the last plaintext block, which may be a partial block of u bits, the most significant u bits of
the last output block are used for the XOR operation; the remaining b - u bits are discarded.
The initial counter value must be a nonce; that is, T1 must be different for all of the messages
encrypted using the same key. Further, all Ti values across all messages must be unique.
Page 58
One way to ensure the uniqueness of counter values is to continue to increment the counter value
by 1 across messages. That is, the first counter value of the each message is one more than the last counter
value of the preceding message.
Lists the following advantages of CTR mode.
Hardware efficiency: Unlike the three chaining modes, encryption (or decryption) in CTR mode can be
done in parallel on multiple blocks of plaintext or ciphertext.
Software efficiency: Similarly, because of the opportunities for parallel execution in CTR mode,
processors that support parallel features.
Page 59
Preprocessing: The execution of the underlying encryption algorithm does not depend on input of the
plaintext or ciphertext.
Random access: The ith block of plaintext or ciphertext can be processed in random-access fashion.
Provable security: It can be shown that CTR is at least as secure as the other Modes.
Simplicity: Unlike ECB and CBC modes, CTR mode requires only the implementation of the encryption
algorithm and not the decryption algorithm.
2.5 ADVANCED ENCRYPTION STANDARD (AES)

AES is a symmetric block cipher that is intended to replace DES as the approved standard
for a wide range of applications.
Compared to public-key ciphers such as RSA, the structure of AES and most symmetric
ciphers is quite complex and cannot be explained as easily as many other cryptographic
algorithms.
AES Structure
The cipher takes a plaintext block size of 128 bits, or 16 bytes. The key length can be 16,
24, or 32 bytes (128, 192, or 256 bits). The algorithm is referred to as AES-128, AES-192,
or AES-256, depending on the key length.
The input to the encryption and decryption algorithms is a single 128-bit block. In this
block is depicted as a 4 * 4 square matrix of bytes. This block is copied into the State
array, which is modified at each stage of encryption or decryption. After the final stage,
State is copied to an output matrix.
These operations are depicted in Figure 5.2a. Similarly, the key is depicted as a square
matrix of bytes.
This key is then expanded into an array of key schedule words. Each word is four bytes,
and the total key schedule is 44 words for the 128-bit key. Note that the ordering of bytes
within a matrix is by column. So, for example, the first four bytes of a 128-bit plaintext
input to the encryption cipher occupy the first column of the in matrix, the second four
bytes occupy the second column, and so on. Similarly, the first four bytes of the expanded
key, which form a word, occupy the first column of the w matrix.
Page 60
The cipher consists of N rounds, where the number of rounds depends on the key length: 10
rounds for a 16-byte key, 12 rounds for a 24-byte key, and 14 rounds for a 32-byte key.
The first N - 1 rounds consist of four distinct transformation functions: SubBytes, ShiftRows,
MixColumns, and AddRoundKey, which are described subsequently. The final round contains only three
transformations, and there is a initial single transformation (AddRoundKey) before the first round, which
can be considered Round 0.
Fig: AES Encryption Process
Page 61
Detailed Structure
1. One noteworthy feature of this structure is that it is not a Feistel structure. In the classic Feistel
structure, half of the data block is used to modify the other half of the data block and then the halves are
swapped. AES instead processes the entire data block as a single matrix during each round using
substitutions and permutation.
2. The key that is provided as input is expanded into an array of forty-four 32-bit words, w[i]. Four
distinct words (128 bits) serve as a round key for each round;
3. Four different stages are used, one of permutation and three of substitution:
Substitute bytes: Uses an S-box to perform a byte-by-byte substitution of the block
ShiftRows: A simple permutation
MixColumns: A substitution that makes use of arithmetic over GF(28)
AddRoundKey: A simple bitwise XOR of the current block with a portion of the expanded key
4. The structure is quite simple. For both encryption and decryption, the cipher begins with an
AddRoundKey stage, followed by nine rounds that each includes all four stages, followed by a tenth
round of three stages.
5. Only the AddRoundKey stage makes use of the key. For this reason, the cipher begins and ends with an
AddRoundKey stage. Any other stage, applied at the beginning or end, is reversible without knowledge of
the key and so would add no security.
6. The AddRoundKey stage is, in effect, a form of Vernam cipher and by itself would not be formidable.
Page 62
7. Each stage is easily reversible. For the Substitute Byte, ShiftRows, and MixColumns stages, an inverse
function is used in the decryption algorithm.
8. As with most block ciphers, the decryption algorithm makes use of the expanded key in reverse order.
9. Once it is established that all four stages are reversible, it is easy to verify that decryption does recover
the plaintext.
10. The final round of both encryption and decryption consists of only three stages. Again, this is a
consequence of the particular structure of AES and is required to make the cipher reversible.
Page 63
2.6 TRIPLE DES

Triple DES with Two Keys
An obvious counter to the meet-in-the-middle attack is to use three stages of encryption with three
different keys. This raises the cost of the meet-in-the-middle attack to 2 112, which is beyond what is
practical now and far into the future. However, it has the drawback of requiring a key length of 56 * 3 =
168 bits
The function follows an encrypt-decrypt-encrypt (EDE) Sequence:
C = E(K1, D(K2, E(K1, P)))
P = D(K1, E(K2, D(K1, C)))
There is no cryptographic significance to the use of decryption for the second stage. Its only advantage is
that it allows users of 3DES to decrypt data encrypted by users of the older single DES:
C = E(K1, D(K1, E(K1, P))) = E(K1, P)
P = D(K1, E(K1, D(K1, C))) = D(K1, C)
3DES with two keys is a relatively popular alternative to DES and has been adopted for use in the key
management standards.
This method is an improvement over the chosen-plaintext approach but requires more effort. The
attack is based on the observation that if we know A and C , then the problem reduces to that of an attack
on double DES. Of course, the attacker does not know A, even if P and C are known, as long as the two
Page 64
keys are unknown. However, the attacker can choose a potential value of A and then try to find a known
(P, C) pair that produces A. The attack proceeds as follows.
1. Obtain n (P, C) pairs. This is the known plaintext. Place these in a table sorted on the values of P.
2. Pick an arbitrary value a for A, and create a second table with entries defined in the following fashion.
For each of the 256 possible keys K1 = i, calculate the plaintext value Pi that produces a:
Pi = D(i, a)
3. We now have a number of candidate values of K1 in Table 2 and are in a position to search for a value
of K2. For each of the 256 possible keys K2 = j, calculate the second intermediate value for our chosen
value of a:
Bj = D(j, a)
4. Test each candidate pair of keys (i, j) on a few other plaintextciphertext pairs. If a pair of keys
produces the desired ciphertext, the task is complete. If no pair succeeds, repeat from step 1 with a new
value of a.
Triple DES with Three Keys
Although the attacks just described appear impractical, anyone using two-key 3DES may feel
some concern. Thus, many researchers now feel that three-key 3DES is the preferred alternative. Threekey 3DES has an effective key length of 168 bits and is defined as
C = E(K3, D(K2, E(K1, P)))
Backward compatibility with DES is provided by putting K3 = K2 or K1 = K2.
2.7 BLOWFISH
a symmetric block cipher designed by Bruce Schneier in 1993/94
Characteristics
fast implementation on 32-bit CPUs

compact in use of memory
simple structure eases analysis/implemention
variable security by varying key size
has been implemented in various products
Blowfish Key Schedule
Page 65
Uses a 32 to 448 bit key

Used to generate
18 32-bit subkeys stored in K-array Kj
four 8x32 S-boxes stored in Si,j
key schedule consists of:
initialize P-array and then 4 S-boxes using pi
XOR P-array with key bits (reuse as needed)
loop repeatedly encrypting data using current P & S and replace successive pairs of P then S
values
requires 521 encryptions, hence slow in rekeying
Blowfish Encryption
uses two primitives: addition & XOR
data is divided into two 32-bit halves L0 & R0
for i = 1 to 16 do
Ri = Li-1 XOR Pi;
Li = F[Ri] XOR Ri-1;
L17 = R16 XOR P18;
R17 = L16 XOR i17;
where
F[a,b,c,d] = ((S1,a + S2,b) XOR S3,c) + S4,a
2.8 RC5 ALGORITHM

A Proprietary Cipher Owned By RSADSI
Designed By Ronald Rivest (Of RSA Fame)
Used In Various RSADSI Products
Can Vary Key Size / Data Size / No Rounds
Very Clean And Simple Design
Easy Implementation On Various Cpus
Yet Still Regarded As Secure.
RC5 Ciphers
Page 66
RC5 is a family of ciphers RC5-w/r/b

w = word size in bits (16/32/64) nb data=2w
r = number of rounds (0..255)
b = number of bytes in key (0..255)
nominal version is RC5-32/12/16
ie 32-bit words so encrypts 64-bit data blocks
using 12 rounds
with 16 bytes (128-bit) secret key.
RC5 Key Expansion
RC5 uses 2r+2 subkey words (w-bits)
subkeys are stored in array S[i], i=0..t-1
then the key schedule consists of
initializing S to a fixed pseudorandom value,based on constants e and phi
the byte key is copied (little-endian) into a cword array L
a mixing operation then combines L and S to form the final S array
RC5 Encryption
Split input into two halves A & B
L0 = A + S[0];
R0 = B + S[1];
for i = 1 to r do
Li = ((Li-1 XOR Ri-1) <<< Ri-1) + S[2 x i];
Ri = ((Ri-1 XOR Li) <<< Li) + S[2 x i + 1];
Each round is like 2 DES rounds
Note rotation is main source of non-linearity
Need reasonable number of rounds (eg 12-16).
RC5 Modes
RFC2040 defines 4 modes used by RC5
RC5 Block Cipher, is ECB mode
RC5-CBC, is CBC mode
RC5-CBC-PAD, is CBC with padding by bytes with value being the number of padding bytes
Page 67
RC5-CTS, a variant of CBC which is the same size as the original message, uses ciphertext stealing to
keep size same as original.
2.9 PRINCIPLES OF PUBLIC KEY CRYPTOSYSTEMS

The concept of public key cryptography evolved from an attempt to attack two of the most difficult
problems associated with symmetric encryption.
Key distribution under symmetric key encryption requires either (1) that two communicants
already share a key, which someone has been distributed to them or (2) the use of a key
distribution center.
Digital signatures.
Public key cryptosystems Public key algorithms rely on one key for encryption and a different but
related key for decryption. These algorithms have the following important characteristics:
It is computationally infeasible to determine the decryption key given only the knowledge of the
cryptographic algorithm and the encryption key.
In addition, some algorithms, such as RSA, also exhibit the following characteristic:
Either of the two related keys can be used for encryption, with the other used for decryption.
The essential steps are the following:
Each user generates a pair of keys to be used for encryption and decryption of messages.
Each user places one of the two keys in a public register or other accessible file. This is the public
key. The companion key is kept private.
If A wishes to send a confidential message to B, A encrypts the message using Bs public key.
When B receives the message, it decrypts using its private key. No other recipient can decrypt the
message because only B knows Bs private key.
With this approach, all participants have access to public keys and private keys are generated locally by
each participant and therefore, need not be distributed. As long as a system controls its private key, its
incoming communication is secure.
Page 68
Public-Key Cryptography
Encryption algorithm: The encryption algorithm performs various transformations on the plaintext.
Public and private keys: This is a pair of keys that have been selected so that if one is used for
encryption, the other is used for decryption. The exact transformations performed by the algorithm
depend on the public or private key that is provided as input.
Page 69
Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the key.
For a given message, two different keys will produce two different ciphertexts.
Decryption algorithm: This algorithm accepts the ciphertext and the matching key and produces the
original plaintext.
The essential steps are the following.
1. Each user generates a pair of keys to be used for the encryption and decryption of messages.
2. Each user places one of the two keys in a public register or other accessible file. This is the public key.
The companion key is kept private
3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message using Alices public
key.
4. When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt
the message because only Alice knows Alices private key.
Table: Conventional and Public-Key Encryption
Conventional Encryption
Needed to Work:
Public-Key Encryption
Needed to Work:
1. The same algorithm with the same key is used 1. One algorithm is used for encryption and a
for encryption and decryption.
related algorithm for decryption with a pair of keys,
2. The sender and receiver must share the
one for encryption and one for decryption.
algorithm and the key.
2. The sender and receiver must each have one of
Needed for Security:
the matched pair of keys (not the same one).
1. The key must be kept secret.
Needed for Security:
2. It must be impossible or at least impractical to
1. One of the two keys must be kept secret.
decipher a message if the key is kept secret.
2. It must be impossible or at least impractical to
3. Knowledge of the algorithm plus samples of
decipher a message if one of the keys is kept secret.
ciphertext must be insufficient to determine
3. Knowledge of the algorithm plus one of the keys
the key.
plus samples of ciphertext must be insufficient to

determine the other key
Page 70
Let the plaintext be X=[X1, X2, X3, ,Xm] where m is the number of letters in some finite alphabets.
Suppose A wishes to send a message to B. B generates a pair of keys: a public key PUb and a private key
PRb. PRb is known only to B, whereas PUb is publicly available and therefore accessible by A.
With the message X and encryption key PUb as input, A forms the cipher text Y=[Y1, Y2, Y3, Yn].
i.e., Y=E PUb(X)
The receiver can decrypt it using the private key PRb.
i.e., X=D PRb()
The other approach (using senders private key for encryption and senders public key for decryption)
will provide authentication which is illustrated in the following diagram.
Y = E(PRa,X)
X = D(PUa,Y)
Page 71
The encrypted message serves as a digital signature.

It is important to emphasize that the encryption process just described does not provide confidentiality.
There is no protection of confidentiality because any observer can decrypt the message by using the
senders public key. It is however, possible to provide both the authentication and confidentiality by a
double use of the public scheme.
Ciphertext Z = EKUb [EKRa (X)]

Plaintext X = EKUa[EKRb (Y)]
Initially, the message is encrypted using the senders private key. This provides the digital signature.
Next, we encrypt again, using the receivers public key. The final ciphertext can be decrypted only by the
intended receiver, who alone has the matching private key. Thus confidentiality is provided.
Applications for Public-Key Cryptosystems

we can classify the use of public-key cryptosystems into three categories
Encryption/decryption: The sender encrypts a message with the recipients public key.
Digital signature: The sender signs a message with its private key. Signing is achieved by a
cryptographic algorithm applied to the message or to a small block of data that is a function of the
message.
Page 72
Key exchange: Two sides cooperate to exchange a session key. Several different approaches are
possible, involving the private key(s) of one or both parties.
Requirements for Public-Key Cryptography
It is computationally easy for a party B to generate a pair [KUb , KRb].
It is computationally easy for a sender A, knowing the public key and the message to be encrypted
M, to generate the corresponding ciphertext: C=EKUb(M).
It is computationally easy for the receiver B to decrypt the resulting ciphertext using the private
key to recover the original message:
M = DKRb (C) = DKRb [EKUb (M)]
It is computationally infeasible for an opponent, knowing the public key KUb, to determine the
private key KRb.
It is computationally infeasible for an opponent, knowing the public key KUb, and a ciphertext C,
to recover the original message M.
The encryption and decryption functions can be applied in either order:

M = EKUb [DKRb (M) = DKUb [EKRb (M)]
Public key cryptanalysis

Public key encryption scheme is vulnerable to a brute force attack. The counter measure is to use
large keys.
2.10 RSA ALGORITHM

It was developed by Rivest, Shamir and Adleman. This algorithm makes use of an expression with
exponentials. Plaintext is encrypted in blocks, with each block having a binary value less than some
number n. That is, the block size must be less than or equal to log2 (n); in practice, the block size is k-bits,
where 2k < n < 2k+1. Encryption and decryption are of the following form, for some plaintext block M
and ciphertext block C:
C = Me mod n
M = Cd mod n = (Me mod n)d mod n
= (Me) d mod n
= Med mod n
Page 73
Both the sender and receiver know the value of n. the sender knows the value of e and only the receiver
knows the value of d. thus, this is a public key encryption algorithm with a public key of KU = {e, n} and
a private key of KR = {d, n}. For this algorithm to be satisfactory for public key encryption, the following
requirements must be met:
It is possible to find values of e, d, n such that Med = M mod n for all M<n.
It is relatively easy to calculate Me and Cd for all values of M<n.
It is infeasible to determine d given e and n.
Let us focus on the first requirement. We need to find the relationship of the form:
Med = M mod n
A corollary to Eulers theorem fits the bill: Given two prime numbers p and q and two integers, n and m,
such that n=pq and 0<m<n, and arbitrary integer k, the following relationship holds
mk(n) +1 = mk(p-1)(q-1) +1 = m mod n
where (n) Euler totient function, which is the number of positive integers less than n and relatively
prime to n. we can achieve the desired relationship,
if ed = k(n)+1
This is equivalent to saying:
ed 1 mod (n)
d = e-1 mod (n)
That is, e and d are multiplicative inverses mod (n). According to the rule of modular arithmetic, this is
true only if d (and therefore e) is relatively prime to (n). Equivalently, gcd((n), d) = 1.
The steps involved in RSA algorithm for generating the key are
Select two prime numbers, p = 17 and q = 11.
Calculate n = p*q = 17*11 = 187
Calculate (n) = (p-1)(q-1) = 16*10 = 160.
Select e such that e is relatively prime to (n) = 160 and less than (n); we choose e = 7.
Determine d such that ed 1 mod (n) and d<160. the correct value is d = 23, because 23*7 =
161 = 1 mod 160.
Page 74
The RSA algorithm is summarized below
Security of RSA
There are three approaches to attack the RSA:
brute force key search (infeasible given size of numbers)
mathematical attacks (based on difficulty of computing (N), by factoring modulus N)
timing attacks (on running time of decryption)
Page 75
Factoring Problem
Mathematical approach takes 3 forms:
Factor n = p*q, hence find (n) and then d.

Determine (n)directly without determining p and q and find d.
Find d directly, without first determination (n).
Timing attacks
It has been proved that the opponent can determine a private key by keeping track of how long a
computer takes to decipher messages. Although the timing attack is a serious threat, there are simple
countermeasures that can be used:
Constant exponentiation time ensures that all exponentiations take the same amount of time
before returning a result.

Random delay better performance could be achieved by adding a random delay to the
exponentiation algorithm to confuse the timing attack.

Blinding multiply the ciphertext by a random number before performing exponentiation.
2.11 KEY MANAGEMENT
Public-key encryption helps address key distribution problems

Have two aspects:
o Distribution of public keys
o Use of public-key encryption to distribute secret keys
Distribution of Public Keys

Distribution of Public Keys can be done in one of the four ways:
Public announcement
Publicly available directory
Public-key authority
Public-key certificates
Public Announcement
Users distribute public keys to recipients or broadcast to community at large

o eg. Append PGP keys to email messages or post to news groups or email list
Major weakness is forgery
Page 76
o Anyone can create a key claiming to be someone else and broadcast it

o Until forgery is discovered can masquerade as claimed user
Publicly Available Directory
Can obtain greater security by registering keys with a public directory

Directory must be trusted with properties:
o Contains {name, public-key} entries
o Participants register securely with directory
o Participants can replace key at any time
o Directory is periodically published
o Directory can be accessed electronically
Still vulnerable to tampering or forgery
Public-Key Authority
Improve security by tightening control over distribution of keys from directory
Has properties of directory
Requires users to know public key for the directory
Users interact with directory to obtain any desired public key securely
o Does require real-time access to directory when keys are needed
Public-Key Certificates
Page 77
Certificates allow key exchange without real-time access to public-key authority

A certificate binds identity to public key
Usually with other info such as period of validity, rights of use etc
With all contents signed by a trusted Public-Key or Certificate Authority (CA)
Can be verified by anyone who knows the public-key authorities public-key
2.12 DIFFIE-HELLMAN KEY EXCHANGE

The purpose of the algorithm is to enable two users to exchange a key securely that can then be used
for subsequent encryption of messages.
The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete
logarithms. First, we define a primitive root of a prime number p as one whose power generate all the
integers from 1 to (p-1) i.e., if a is a primitive root of a prime number p, then the numbers
a mod p, a2 mod p, ap-1 mod p
are distinct and consists of integers from 1 to (p-1) in some permutation. For any integer b and a
primitive root a of a prime number p, we can find a unique exponent i such that
b ai mod p where 0 i (p-1)
The exponent i is referred to as discrete logarithm. With this background, we can define Diffie
Hellman key exchange as follows:
There are publicly known numbers: a prime number q and an integer that is primitive root of q.
suppose users A and B wish to exchange a key.
User A selects a random integer XA < q and computes YA = XA mod q.
Page 78
Similarly,
User B independently selects a random integer XB < q and computes YB = XB mod q.
Each side keeps the X value private and makes the Y value available publicly to the other side.
User A computes the key as
K = (YB)XA mod q and
User B computes the key as
K = (YA)XB mod q
These two calculations produce identical results.
K = (YB)XA mod q
= ( XB mod q)XA mod q
= ( XB)XA mod q
= ( XA)XB mod q
= ( XA mod q)XB mod q
= (YA)XB mod q
The result is that two sides have exchanged a secret key. The security of the algorithm lies in the fact that,
while it is relatively easy to calculate exponentials modulo a prime, it is very difficult to calculate discrete
logarithms. For large primes, the latter task is considered infeasible.
Page 79
The protocol depicted in figure is insecure against a man-in-the-middle attack. Suppose Alice and Bob
wish to exchange keys, and Darth is the adversary. The attack proceeds as follows:
1. Darth prepares for the attack by generating two random private keys XD1 and XD2 and then
computing the corresponding public keys YD1 and YD2.
2. Alice transmits YA to Bob.
3. Darth intercepts YA and transmits YD1 to Bob. Darth also calculates K2 = (YA)XD2 mod q.
4. Bob receives YD1 and calculates K1 = (YD1)XE mod q.
5. Bob transmits XA to Alice.
6. Darth intercepts XA and transmits YD2 to Alice. Darth calculates K1 = (YB)XD1 mod q.
7. Alice receives YD2 and calculates K2 = (YD2)XA mod q.
At this point, Bob and Alice think that they share a secret key, but instead Bob and Darth share
secret key K1 and Alice and Darth share secret key K2. All future communication between Bob and Alice
is compromised in the following way:
1. Alice sends an encrypted message M: E(K2, M).
2. Darth intercepts the encrypted message and decrypts it, to recover M.
Page 80
3. Darth sends Bob E(K1, M) or E(K1, M'), where M' is any message. In the first case, Darth simply
wants to eavesdrop on the communication without altering it. In the second case, Darth wants to modify
the message going to Bob.
The key exchange protocol is vulnerable to such an attack because it does not authenticate the
participants. This vulnerability can be overcome with the use of digital signatures and public-key
certificates.
2.13 ELLIPTIC CURVE ARITHMETIC

The principal attraction of ECC, compared to RSA, is that it appears to offer equal security for a
far smaller key size, thereby reducing processing overhead. On the other hand, although the theory of
ECC has been around for some time, it is only recently that products have begun to appear and that there
has been sustained cryptanalytic interest in probing for weaknesses. Accordingly, the confidence level
in ECC is not yet as high as that in RSA.
Abelian Groups
Aabelian group G, sometimes denoted by {G, . }, is a set of elements with a binary operation,
denoted by . , that associates to each ordered pair (a, b) of elements in G an element (a. b) in G, such that
the following axioms are obeyed
(A1) Closure: If a and b belong to G, then a . b is also in G.
(A2) Associative: a. (b . c) = (a . b) . c for all a, b, c in G.
(A3) Identity element: There is an element e in G such that a . e = e . a = a
for all a in G.
(A4) Inverse element: For each a in G there is an element a in G such that
a . a = a . a = e.
(A5) Commutative: a . b = b . a for all a, b in G.
An elliptic curve is defined by an equation in two variables with coefficients. For cryptography,
the variables and coefficients are restricted to elements in a finite field, which results in the definition of a
finite abelian group.
Page 81
Elliptic Curves over Real Numbers

Elliptic curves are not ellipses. They are so named because they are described by cubic equations, similar
to those used for calculating the circumference of an ellipse.
In general, cubic equations for elliptic curves take the following form, known as a Weierstrass equation:
where a, b, c, d, e are real numbers and x and y take on values in the real numbers.
For our purpose, it is sufficient to limit ourselves to equations of the form
Such equations are said to be cubic, or of degree 3, because the highest exponent they contain is a 3. Also
included in the definition of an elliptic curve is a single element denoted O and called the point at infinity
or the zero point, which we discuss subsequently. To plot such a curve, we need to compute
For given values of a and b, the plot consists of positive and negative values of y for each value of x.
Thus, each curve is symmetric about y = 0
Page 82
2.14 ELLIPTIC CURVE CRYPTOGRAPHY

The addition operation in ECC is the counterpart of modular multiplication in RSA, and multiple addition
is the counterpart of modular exponentiation. To form a cryptographic system using elliptic curves, we
need to find a "hard problem" corresponding to factoring the product of two primes or taking the discrete
logarithm.
Consider the equation Q = kP where Q, P in Ep(a, b) and k < p. It is relatively easy to calculate Q given k
and P, but it is relatively hard to determine k given Q and P. This is called the discrete logarithm problem
for elliptic curves.
Because 9P = (4, 5) = Q, the discrete logarithm Q = (4, 5) to the base P = (16, 5) is k = 9. In a real
application, k would be so large as to make the brute-force approach infeasible.
Analog of Diffie-Hellman Key Exchange
Key exchange using elliptic curves can be done in the following manner. First pick a large integer q,
which is either a prime number p or an integer of the form 2m and elliptic curve parameters a and b. This
defines the elliptic group of points Eq(a, b). Next, pick a base point G = (x1, y1) in Ep(a, b) whose order
is a very large value n. The order n of a point G on an elliptic curve is the smallest positive integer n such
that nG = O. Eq(a, b) and G are parameters of the cryptosystem known to all participants.
Page 83
Page 84

CNS - Unit 2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CNS - Unit 2

Uploaded by

Copyright:

Available Formats

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

UNIT II BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY (10)

Data Encryption Standard-Block cipher principles-block cipher modes of operation- Advanced

Understand the distinction between stream ciphers and block ciphers.

2.1 INTRODUCTION-Traditional Block Cipher Structure:

Stream Ciphers and Block Ciphers

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

Motivation for the Feistel Cipher Structure

Figure : illustrates the logic of a general substitution cipher for n = 4.

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

Feistel cipher structure

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

Feistel Decryption Algorithm

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

On the decryption side,

2.2 The Data Encryption Standard

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

The Avalanche Effect

The Strength of DES

2.3 BLOCK CIPHER PRINCIPLES

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

2.4 BLOCK CIPHER MODES OF OPERATION

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

1. ELECTRONIC CODE BOOK (ECB)

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

3. CIPHER FEEDBACK MODE

Therefore, by rearranging terms:

CS6701 / Cryptography and Network Security

We can define CFB mode as follows

BE(CSE) VII Sem / IV Year

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

4. OUTPUT FEEDBACK MODE

By rearranging terms, we can demonstrate that decryption works.

We can define OFB mode as follows.

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

CS6701 / Cryptography and Network Security

BE(CSE) VII Sem / IV Year

CS6701 / Cryptography and Network Security