A Study of

Cryptography

Submitted By—
Vartika Bajpai (26057)
Brijesh Kumar Gupta(26058)

Ankit Srivastava (26402)

 Cryptography
Cryptography is the science of protecting data, which provides means and methods of
converting data into unreadable form , so that
• The data cannot be accessed for unauthorized use.

• The content of the data frames is hidden.

• The authenticity of the data can be established.

• The undetected modification of the data is avoided.

• The data cannot be disowned by the originator of the message.

Cryptography is especially useful in the cases of financial and personal

data, irrespective of the fact that the data is being transmitted over a medium
or is stored on a storage device. It provides a powerful means of verifying
the authenticity of data and identifying the culprit, if the confidentiality and
integrity of the data is violated.
 Terms Related to
Cryptography
• Plain Text : The message that has to be transmitted to the
recipient .
•
Encryption : The process of changing the content of a
message in a
manner such that it hides the actual message.
• Cipher Text : The output that is generated after encrypting
the plain text.
•
Decryption : The reverse of encryption and is the process of
retrieving the original message from its encrypted form. This
process converts ciphertext to plaintext.
•
Key : Is a word, number, or phrase that is used to encrypt the
cleartext.
 Cryptography Fundamentals
• Cryptography Privacy :

• Cryptography Authentication :
 Types of Ciphers
 Substitution Cipher : In this cipher , each letter or a group of
letters is replaced by another letter or group of letters.
These are of two types-
 Monoalphabetic Cipher : In this cipher , character in the
plain text is always changed to the same character in the
cipher text regardless of the position in the text.
-For Example:
Plaintext : HELLO
Ciphertext : K H O O R
 Polyalphabetic Cipher : In this cipher , each occurrence of
a character can have a different substitute.
-For Example:
Plaintext : HELLO
Ciphertext : A B N Z F
 Transposition Cipher : In this cipher, there is no
substitution of the characters instead their locations change.
In other words , it reorders the symbol in a block of symbols.
- For Example : The MEGABUCK is the key.
Plaintext : please transfer one million dollar to.
MEGABUCK
7 4 5 1 2 8 3 6
p l e a s e t r
a ns f e r o n
e m i l l i o n
d o l l a r t o
Ciphertext : afllselatootlnmoesilrnnopaederir
 Cryptographic Techniques
Two types of Cryptographic Techniques :

 Single Key Cryptography

 Public Key Cryptography

Comparison of Symmetric and
Asymmetric Encryption
Secret Key

Original
Plaintext Ciphertext Plaintext
Encryption Decryption

Symmetric (Single Key) Cryptography

Public Key Private Key

Original
Plaintext Ciphertext Plaintext
Encryption Decryption

Asymmetric (Two Key) Cryptography

 Single Key Cryptography
• The process of encryption and decryption of information by using a
single key is known as secret key cryptography or symmetric key
cryptography.
• In symmetric key cryptography, the same key is used to encrypt as
well as decrypt the data. The main problem with symmetric key
algorithms is that the sender and the receiver have to agree on a
common key.
• A secure channel is also required between the sender and the
receiver have to exchange the secret key.
 Symmetric key Algorithm : The algorithm takes an n-bit
block of plaintext as input n transform it using the key into n-
bit block of cipher text .
Two types of symmetric key algorithm:
• Data Encryption Standard (DES)

• Triple Data Encryption Standard (3-DES)

 Data Encryption Standard

DES was developed as a standard for communications and

data protection by an IBM research team, in response to a
public request for proposals by the NBS - the National Bureau
of Standards (which is now known as NIST).
 The S-P Network
 P-Box : A permutation
box for bits parallels the
traditional transposition
cipher for characters. It
performs a transposition at
the bit level.
P-box
 S-Box : A Substitution
box parallels the traditional
substitution cipher for
characters.
S-box
ot 3: r edoc e D
ot 8: r edoc n E
 DES : Overview
 It takes 64 bits input plaintext
at a time gives 64 bit
output INITIAL PERMUTATION
 Initial permutation ROUND 1
rearranges 64 bits (no
cryptographic effect) ROUND 2
 Encoding is in 16 ...
rounds
ROUND 16

INITIAL PERMUTATION-1
ciphertext
 DES : Encryption Round
 64 bits divided into
left, right halves. Li-1 Ri-1
 Right half goes
through function f,
mixed with key.
⊕ f
 Right half added to
left half.
 Halves swapped
(except in last round)
Li Ri
 DES Function
 Expand right side from Ri-1
32 to 48 bits (some
get reused)
Expansion
 Add 48 bits of key
(chosen by schedule)
⊕ Ki
 S-boxes: each set of 6
bits reduced to 4 Eight S-boxes
 P-box permutes 32
bits P-box

Output
 DES :Decryption Round
 Equations for round i:
Li-1 Ri-1
Li =R i−1

Ri = Li −1 ⊕ f (Ri −1 )
 In other words:
⊕ f
Ri −1 = Li
Li −1 = Ri ⊕ f (Li )
 So decryption is the
same as encryption
 Last round, no swap: Li Ri
really is the same
 Insecurity In DES
The key in DES is too short that it can be broken into
2^n time if it has n bit of key.
 Why not 2-DES?

Then to improve the security of the block cipher

, two independent keys are used to encrypt the data
thinking that this would square the security of the data but
this will take only double the time to break the single
encryption scheme and causing MEET In The MIDDLE attack
 Triple Data Encryption
Standard
 Critics of DES contend that the key is too short.
 To increase the length of key Triple DES has been proposed and
implemented.
 This uses 3 DES blocks
-The encrypting block uses an Encryption – Decryption –
Encryption combination of DES’s.
-- 3-DES encrypts 64 bit block “I” into 64 bit block “O”.
O=Ek3 (Dk2 (Ek1 (I)))
-The decrypting block uses an Decryption – Encryption –
Decryption combination of DES’s.
-- 3-DES encrypts 64 bit block “I” into 64 bit block “O”.
O=Dk1 (Ek2 (Dk3 (I)))
Encryption/Decryption
Triple DES Model
 3 – DES : Keying Option
The standards define three keying options:
 Keying option 1: All three keys are independent.
 Keying option 1 is the strongest, with 3 x 56 = 168
independent key bits.
 Keying option 2: K1 and K2 are independent, and K3 = K1.
 Keying option 2 provides less security, with 2 x 56 =
112 key bits. This option is stronger than simply DES
encrypting twice, e.g. with K1 and K2, because it
protects against MEET IN THE MIDDLE attack.
 Keying option 3: All three keys are identical, i.e. K1 = K2 =
K3.
 Keying option 3 is no better than DES, with only 56
key bits. This option provides backward compatibility
with DES, because the first and second DES
operations simply cancel out.
 Public Key Cryptography
 Public key cryptography is that the key used to encrypt a message is
not the same as the key used to decrypt it. Each user has a pair of
cryptographic keys — a public key and a private key. The private key
is kept secret, whilst the public key may be widely distributed.

 In public key cryptography, the data that is encrypted with the public
key can only be decrypted with the corresponding private key and vice
versa. Due to this asymmetry public key cryptography is known as
asymmetric cryptography.

 The public key cryptography solves one of the most vexing problems of
all prior cryptography the necessity of establishing a secure
channel for the exchange of the key.
For example:-
An analogy to Public Key Encryption is that of a locked mailbox and
mail slot. Mailslot is accessible to public but mailbox can be opened by
one who has the Key to it.
 Public Key Algorithm
The Encryption algorithm, E and the decryption
algorithm, D has to meet three requirements which are as
follows :
 D(E(P))=P;

 It is exceedingly difficult to deduce D from E;

 E cannot be broken by a chosen plaintext attack..

One of the most widely used Public key algorithm is

RSA.
 RSA
In cryptography , RSA( which stands for Rivest, Shamir and Adleman who
first publicly described it ) is an algorithm for public key cryptography.
RSA can be summarized in the following steps:
1. Choose 2 distinct prime numbers p and q.
- For security purposes, the integers p and q should be chosen
uniformly at random and should be of similar bit-length.
2. Compute n= p*q and z= (p-1)*(q-1)
3. Choose a number relative prime to z and name it as d.
4. Find e such that e*d=1 mod z.
Thus inorder to encrypt a message P, compute C=P e mod n.
and to decrypt C,compute P=C d mod n.
The Public Key consists of pair (e,n) and the Private Key consists of
(d,n).
 RSA Example
Let we have to encrypt Plain text “SUZANNE” , as per
algorithm there will be following steps :
1. Let p=3 and q=11
2. n=3*11=33 and z=2*10=20
3. a suitable number which is relative prime to 20 is
7,which is d
4. e can be found by solving equation 7e=1(mod
20),which yields 3.
Thus cipher text C=P3mod 33 and after decryption P=C
7
mod33.
Symboli Numeri P3 P3(mod C7 C7(mod 33 Symboli
c c 33) ) c

S 19 6859 28 134929285 19 S
12
U 21 9261 21 180108854 21 U
1
Z 26 17576 20 128000000 26 Z
0
A 01 1 1 1 01 A
N 14 5 5 78125 14 N
N 14 5 5 78125 14 N
E 05 26 26 803180176 05 E
 RSA ISSUES
 RSA is computationally intense.
 Commonly used key lengths are 512 bits.
 The plain text should be smaller than the key length.
 The encrypted text is same size as the key length.
 Generally used to encrypt secret keys.
 Basis: Factoring a big number is hard.
 Digital Signature
A digital signature or digital signature scheme is a
mathematical scheme for demonstrating the authenticity of
a digital message or document. A valid digital signature
gives a recipient reason to believe that the message was
created by a known sender, and that it was not altered in
transit.

Why Digital Signature is Used?

 To provide authenticity ,integrity and non repudiation
to electronic documents.
 To use Internet as the safe and secure medium for e-
commerce.
 Continued….
 One possible method for creating a digital signature is for
the originator of data to create the signature by encrypting
all of the data with the originator's private key and enclosing
the signature with the original data.

 Anyone with the originator's public key can decrypt the

signature and compare the decrypted message to the
original message. Because only someone with the private
key can create the signature, the integrity of the message is
verified when the decrypted message matches the original.

 If an intruder alters the original message during transit, the

intruder cannot also create a new valid signature. If an
intruder alters the signature during transit, the signature
does not verify properly and is invalid.
 However, encrypting all data to provide a digital signature is
impractical for three reasons:

 The ciphertext signature is the same size as the corresponding

plaintext, so message sizes are doubled, consuming large
amounts of bandwidth and storage space.

 Public key encryption is slow and places heavy computational

loads on computer processors, so network and computer
performance can be significantly degraded.

 Encrypting the entire contents of information produces large

amounts of ciphertext, which can be used for cryptanalysis
attacks, especially known plaintext attacks (where certain
parts of the encrypted data, such as e-mail headers, are
known beforehand to the attacker).
Digital Signature Algorithms
Digital signature algorithms use more efficient methods to
create digital signatures. The most common types of digital
signatures today are created by signing message digests
with the originator's private key to create a digital
thumbprint of the data.

Because only the message digest is signed, the signature is

usually much shorter than the data that was signed.
Therefore, digital signatures place a relatively low load on
computer processors during the signing process, consume
insignificant amounts of bandwidth, and produce small
amounts of ciphertext for cryptanalysis.

Two of the most widely used digital signature algorithms

today are the RSA digital signature process and the Digital
Signature Standard (DSS).
 RSA Digital Signature Process
In the RSA digital signature process, the private key is
used to encrypt only the message digest. The encrypted
message digest becomes the digital signature and is
attached to the original data.

Digital signing : Sender A does the following:-

 Creates a message digest of the information to be
sent.
 Uses her private key (n, d) to compute the signature

s=m^d mod n.
 Sends this signature s to the recipient, B.
 Signature verification:
Recipient B does the following:-

 Uses sender A's public key (n, e) to compute integer v =

s^e mod n.
 Extracts the message digest from this integer.
 Independently computes the message digest of the
information that has been signed.
 If both message digests are identical, the signature is valid.
RSA Digital Signature Process
 Digital signature : Application
 The Private key is
generated in the crypto
module residing in the
smart card.
 The key is kept in the
memory of the smart card.
 The key is highly secured
as it doesn’t leave the
card, the message digest is
sent inside the card for
signing, and the signatures
leave the card.
 The card gives mobility to
the key and signing can be
done on any system.
(Having smart card reader)