A Study Of Cryptography

A Study of Cryptography Submitted By— Vartika Bajpai (26057) Brijesh Kumar Gupta(26058) Ankit Srivastava (26402)

Cryptography Cryptography is the science of protecting data, which provides means and methods of converting data into unreadable form , so that • The data cannot be accessed for unauthorized use. • The content of the data frames is hidden. • The authenticity of the data can be established. • The undetected modification of the data is avoided. • The data cannot be disowned by the originator of the message. Cryptography is especially useful in the cases of financial and personal data, irrespective of the fact that the data is being transmitted over a medium or is stored on a storage device. It provides a powerful means of verifying the authenticity of data and identifying the culprit, if the confidentiality and integrity of the data is violated.

Terms Related to Cryptography •

Plain Text : The message that has to be transmitted to the recipient .

•

Encryption : The process of changing the content of a message in a manner such that it hides the actual message.

•

Cipher Text : The output that is generated after encrypting the plain text.

•

Decryption : The reverse of encryption and is the process of retrieving the original message from its encrypted form. This process converts ciphertext to plaintext.

•

Key : Is a word, number, or phrase that is used to encrypt the cleartext.

Cryptography Fundamentals •

Cryptography Privacy :

•

Cryptography Authentication :

Types of Ciphers 

Substitution Cipher : In this cipher , each letter or a group of letters is replaced by another letter or group of letters. These are of two types Monoalphabetic Cipher : In this cipher , character in the plain text is always changed to the same character in the cipher text regardless of the position in the text. -For Example: Plaintext : HELLO Ciphertext : K H O O R  Polyalphabetic Cipher : In this cipher , each occurrence of a character can have a different substitute. -For Example: Plaintext : HELLO Ciphertext : A B N Z F



Transposition Cipher : In this cipher, there is no substitution of the characters instead their locations change. In other words , it reorders the symbol in a block of symbols. - For Example : The MEGABUCK is the key. Plaintext : please transfer one million dollar to. MEGABUCK 7 4 5 1 2 8 3 6 p l e a s e t r a ns f e r o n e m i l l i o n d o l l a r t o Ciphertext : afllselatootlnmoesilrnnopaederir

Cryptographic Techniques Two types of Cryptographic Techniques :  Single

Key Cryptography

 Public

Key Cryptography

Comparison of Symmetric and Asymmetric Encryption Secret Key

Plaintext

Encryption

Ciphertext

Original Plaintext Decryption

Symmetric (Single Key) Cryptography Private Key

Public Key

Plaintext

Encryption

Ciphertext

Original Plaintext Decryption

Asymmetric (Two Key) Cryptography

Single Key Cryptography •

•

•

The process of encryption and decryption of information by using a single key is known as secret key cryptography or symmetric key cryptography. In symmetric key cryptography, the same key is used to encrypt as well as decrypt the data. The main problem with symmetric key algorithms is that the sender and the receiver have to agree on a common key. A secure channel is also required between the sender and the receiver have to exchange the secret key.  Symmetric key Algorithm : The algorithm takes an n-bit block of plaintext as input n transform it using the key into nbit block of cipher text . Two types of symmetric key algorithm: • Data Encryption Standard (DES) • Triple Data Encryption Standard (3-DES)

Data Encryption Standard

DES was developed as a standard for communications and data protection by an IBM research team, in response to a public request for proposals by the NBS - the National Bureau of Standards (which is now known as NIST).

The S-P Network A permutation box for bits parallels the traditional transposition cipher for characters. It performs a transposition at the bit level.



S-Box : A Substitution

box parallels the traditional substitution cipher for characters.

P-box

S-box

ot 8: r edoc n E

P-Box :

ot 3: r edoc e D



DES : Overview 





It takes 64 bits input at a time gives 64 bit output Initial permutation rearranges 64 bits (no cryptographic effect) Encoding is in 16 rounds

plaintext INITIAL PERMUTATION ROUND 1 ROUND 2 ... ROUND 16 INITIAL PERMUTATION-1 ciphertext

DES : Encryption Round 







64 bits divided into left, right halves. Right half goes through function f, mixed with key. Right half added to left half. Halves swapped (except in last round)

Li-1

⊕

Li

Ri-1

f

Ri

DES Function 







Expand right side from 32 to 48 bits (some get reused) Add 48 bits of key (chosen by schedule) S-boxes: each set of 6 bits reduced to 4 P-box permutes 32 bits

Ri-1 Expansion

⊕ Eight S-boxes P-box Output

Ki

DES :Decryption Round 



 

Equations for round i: L i =R i− 1

Ri = Li −1 ⊕ f (Ri −1 ) In other words: Ri −1 = Li

Li −1 = Ri ⊕ f (Li ) So decryption is the same as encryption Last round, no swap: really is the same

Li-1

⊕

Li

Ri-1

f

Ri

Insecurity In DES The key in DES is too short that it can be broken into 2^n time if it has n bit of key.  Why not 2-DES? Then to improve the security of the block cipher , two independent keys are used to encrypt the data thinking that this would square the security of the data but this will take only double the time to break the single encryption scheme and causing MEET In The MIDDLE attack

Triple Data Encryption Standard  



Critics of DES contend that the key is too short. To increase the length of key Triple DES has been proposed and implemented. This uses 3 DES blocks -The encrypting block uses an Encryption – Decryption – Encryption combination of DES’s. -- 3-DES encrypts 64 bit block “I” into 64 bit block “O”. O=Ek3 (Dk2 (Ek1 (I))) -The decrypting block uses an Decryption – Encryption – Decryption combination of DES’s. -- 3-DES encrypts 64 bit block “I” into 64 bit block “O”. O=Dk1 (Ek2 (Dk3 (I)))

Encryption/Decryption Triple DES Model

3 – DES : Keying Option 





The standards define three keying options: Keying option 1: All three keys are independent.  Keying option 1 is the strongest, with 3 x 56 = 168 independent key bits. Keying option 2: K1 and K2 are independent, and K3 = K1.  Keying option 2 provides less security, with 2 x 56 = 112 key bits. This option is stronger than simply DES encrypting twice, e.g. with K1 and K2, because it protects against MEET IN THE MIDDLE attack. Keying option 3: All three keys are identical, i.e. K1 = K2 = K3.  Keying option 3 is no better than DES, with only 56 key bits. This option provides backward compatibility with DES, because the first and second DES operations simply cancel out.

Public Key Cryptography 

Public key cryptography is that the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys — a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed.



In public key cryptography, the data that is encrypted with the public key can only be decrypted with the corresponding private key and vice versa. Due to this asymmetry public key cryptography is known as asymmetric cryptography.

The public key cryptography solves one of the most vexing problems of all prior cryptography the necessity of establishing a secure channel for the exchange of the key. For example:An analogy to Public Key Encryption is that of a locked mailbox and mail slot. Mailslot is accessible to public but mailbox can be opened by one who has the Key to it. 

Public Key Algorithm The Encryption algorithm, E and the decryption algorithm, D has to meet three requirements which are as follows :  D(E(P))=P;  It is exceedingly difficult to deduce D from E;  E cannot be broken by a chosen plaintext attack.. One of the most widely used Public key algorithm is RSA.

RSA In cryptography , RSA( which stands for Rivest, Shamir and Adleman who first publicly described it ) is an algorithm for public key cryptography. RSA can be summarized in the following steps: 1. Choose 2 distinct prime numbers p and q. - For security purposes, the integers p and q should be chosen uniformly at random and should be of similar bit-length. 2. Compute n= p*q and z= (p-1)*(q-1) 3. Choose a number relative prime to z and name it as d. 4. Find e such that e*d=1 mod z.

Thus inorder to encrypt a message P, compute C=P e mod n. and to decrypt C,compute P=C d mod n. The Public Key consists of pair (e,n) and the Private Key consists of (d,n).

RSA Example Let we have to encrypt Plain text “SUZANNE” , as per algorithm there will be following steps : 1. Let p=3 and q=11 2. n=3*11=33 and z=2*10=20 3. a suitable number which is relative prime to 20 is 7,which is d 4. e can be found by solving equation 7e=1(mod 20),which yields 3. Thus cipher text C=P3mod 33 and after decryption P=C 7 mod33.

Symboli Numeri c c

P3

P3(mod 33)

C7

C7(mod 33 Symboli ) c

S

19

6859

28

134929285 12

19

S

U

21

9261

21

180108854 1

21

U

Z

26

17576

20

128000000 0

26

Z

A

01

1

1

1

01

A

N

14

5

5

78125

14

N

N

14

5

5

78125

14

N

E

05

26

26

803180176

05

E

RSA ISSUES      

RSA is computationally intense. Commonly used key lengths are 512 bits. The plain text should be smaller than the key length. The encrypted text is same size as the key length. Generally used to encrypt secret keys. Basis: Factoring a big number is hard.

Digital Signature A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit.





Why Digital Signature is Used? To provide authenticity ,integrity and non repudiation to electronic documents. To use Internet as the safe and secure medium for ecommerce.

Continued…. 

One possible method for creating a digital signature is for the originator of data to create the signature by encrypting all of the data with the originator's private key and enclosing the signature with the original data.



Anyone with the originator's public key can decrypt the signature and compare the decrypted message to the original message. Because only someone with the private key can create the signature, the integrity of the message is verified when the decrypted message matches the original.



If an intruder alters the original message during transit, the intruder cannot also create a new valid signature. If an intruder alters the signature during transit, the signature does not verify properly and is invalid.

However, encrypting all data to provide a digital signature is impractical for three reasons: 

The ciphertext signature is the same size as the corresponding plaintext, so message sizes are doubled, consuming large amounts of bandwidth and storage space.



Public key encryption is slow and places heavy computational loads on computer processors, so network and computer performance can be significantly degraded.



Encrypting the entire contents of information produces large amounts of ciphertext, which can be used for cryptanalysis attacks, especially known plaintext attacks (where certain parts of the encrypted data, such as e-mail headers, are known beforehand to the attacker).

Digital Signature Algorithms Digital signature algorithms use more efficient methods to create digital signatures. The most common types of digital signatures today are created by signing message digests with the originator's private key to create a digital thumbprint of the data. Because only the message digest is signed, the signature is usually much shorter than the data that was signed. Therefore, digital signatures place a relatively low load on computer processors during the signing process, consume insignificant amounts of bandwidth, and produce small amounts of ciphertext for cryptanalysis. Two of the most widely used digital signature algorithms today are the RSA digital signature process and the Digital Signature Standard (DSS).

RSA Digital Signature Process In the RSA digital signature process, the private key is used to encrypt only the message digest. The encrypted message digest becomes the digital signature and is attached to the original data. Digital signing : Sender A does the following: Creates a message digest of the information to be sent.  Uses her private key (n, d) to compute the signature s=m^d mod n.  Sends this signature s to the recipient, B.

Signature verification: Recipient B does the following:

 



Uses sender A's public key (n, e) to compute integer v = s^e mod n. Extracts the message digest from this integer. Independently computes the message digest of the information that has been signed. If both message digests are identical, the signature is valid.

RSA Digital Signature Process

Digital signature : Application 

 



The Private key is generated in the crypto module residing in the smart card. The key is kept in the memory of the smart card. The key is highly secured as it doesn’t leave the card, the message digest is sent inside the card for signing, and the signatures leave the card. The card gives mobility to the key and signing can be done on any system. (Having smart card reader)