 Cryptography is the science of

information security. The word is derived

from the Greek kryptos, meaning hidden.

 Cryptography is most often associated

with scrambling plaintext (ordinary text,
sometimes referred to as cleartext) into
ciphertext (a process called encryption),
then back again (known as decryption).
 Confidentiality; assuring that only
authorized parties are able to understand
the data.
 Integrity; ensuring that when a message

is sent over a network, the message that

arrives is the same as the message that
was originally sent.
 Authentication; ensuring that whoever
supplies or accesses sensitive data is an
authorized party.
 Non repudiation;ensuring that the

intended recipient actually received the

message & ensuring that the sender
actually sent the message.
 Encryption: scrambling a message or data using
a specialized cryptographic algorithm.
 Plaintext: the message or data before it gets
encrypted.
 Ciphertext: the encrypted (scrambled) version of
the message.
• Digital Signatures: allows electronically sign
(personalize)
the electronic documents, messages and
transactions.
•
 Decryption: the process of converting
ciphertext back to the original plaintext.
 Cryptanalysis: the science of breaking

cryptographic algorithms.
 Cryptanalyst: a person who breaks

cryptographic codes; also referred to as

“the attacker”.
 The plaintext:

0 1 0 0 0 0 1 1 0 1 0 0 0 0 0 1 0 1 0 0 0 0 1 0

The key:

1 1 0 1 0 0 0 1 0 1 0 0 0 0 0 1 0 1 0 0 0 0 1 0

The ciphertext

1 0 0 1 0 0 1 0 0 0 1 1 1 0 0 0 0 1 1 0 1 0 0 1
 Secure Communications

Encryption Key Decryption Key

plaintext ciphertext
Manab Encrypt Decrypt Arunoday

Unwanted Party
Eve

7
 Manab wants to send a message to Arun.
 Manab uses Arun’s public key to encrypt

the message.
 The encrypted message is sent over the

insecure medium.
 Arun uses his private key to decrypt the

encrypted message.
 No one but Arun knows the private key.
 Symmetric Cryptography use a single key
shared by two communicating parties.
 The shared key must remain secret to

ensure the confidentiality of the

encrypted data.
 The secret key must be shared securely.
Otherwise, the most sophisticated
cryptographic algorithm is useless.
 Protocols exist for exchanging keys over

an insecure medium, but care must be

taken to assure a good authentication
process.
Public Key Cryptography
Each user has a pair of keys which are generated together
under a scheme:

• Private Key - known only to the owner

• Public Key - known to anyone in the systems with assurance

Encryption with Public Key Cryptography:

Sender encrypts the message by the Public Key of the receiver

Only the receiver can decrypt the message by her/his

Private Key

11
 In asymmetric cryptography, each user
has two keys: a public key and a private
key.
 The public key is made public. For
example, it may be published on a Web
site.
 The private key must be kept secret. It is
never shared with anyone.
 The security of the private key in public
key crypto is as important as key security
in symmetric crypto.
 Public key encryption enabled the
development of the technology of digital
signatures.
 Digital signatures are somewhat analogous to
traditional handwritten signatures.
 Digital signatures are strongly bound to the
document, but weakly bound to the individual.
 A digital signature is computed, in part, using
the contents of the document being signed.
 A signature should be proof of authenticity.
Its existence on a document should be able to
convince people that the person whose
signature appears on the document signed
the document.
 A signature should be impossible to forge.

The person who signed the document should

not be able to claim that the signature is not
theirs (support for non-repudiation).
 After the document is signed, it should
be impossible to alter the document
without detection. The signature is
intrinsically linked to the document that
is being signed.
 It should be impossible to transplant the

signature to another document. Again,

the digital signature is intrinsically linked
to the document that is being signed.
What are Digital
Certificates?
A digital certificate (DC) is a digital file that
certifies the identity of an individual or
institution, or even a router seeking access
to computer- based information. It is issued
by a Certification Authority (CA), and serves
the same purpose as a driver’s license or a
passport.
 Digital Signature
 A digital signature (not to be confused with
a digital certificate) is an electronic
signature that can be used to authenticate
the identity of the sender of a message or
the signer of a document, and possibly to
ensure that the original content of the
message or document that has been sent is
unchanged.