A Study of Cryptography Submitted By— Vartika Bajpai (26057) Brijesh Kumar Gupta(26058) Ankit Srivastava (26402)
Cryptography Cryptography is the science of protecting data, which provides means and methods of converting data into unreadable form , so that • The data cannot be accessed for unauthorized use. • The content of the data frames is hidden. • The authenticity of the data can be established. • The undetected modification of the data is avoided. • The data cannot be disowned by the originator of the message. Cryptography is especially useful in the cases of financial and personal data, irrespective of the fact that the data is being transmitted over a medium or is stored on a storage device. It provides a powerful means of verifying the authenticity of data and identifying the culprit, if the confidentiality and integrity of the data is violated.
Terms Related to Cryptography •
Plain Text : The message that has to be transmitted to the recipient .
•
Encryption : The process of changing the content of a message in a manner such that it hides the actual message.
•
Cipher Text : The output that is generated after encrypting the plain text.
•
Decryption : The reverse of encryption and is the process of retrieving the original message from its encrypted form. This process converts ciphertext to plaintext.
•
Key : Is a word, number, or phrase that is used to encrypt the cleartext.
Cryptography Fundamentals •
Cryptography Privacy :
•
Cryptography Authentication :
Types of Ciphers
Substitution Cipher : In this cipher , each letter or a group of letters is replaced by another letter or group of letters. These are of two types Monoalphabetic Cipher : In this cipher , character in the plain text is always changed to the same character in the cipher text regardless of the position in the text. -For Example: Plaintext : HELLO Ciphertext : K H O O R Polyalphabetic Cipher : In this cipher , each occurrence of a character can have a different substitute. -For Example: Plaintext : HELLO Ciphertext : A B N Z F
Transposition Cipher : In this cipher, there is no substitution of the characters instead their locations change. In other words , it reorders the symbol in a block of symbols. - For Example : The MEGABUCK is the key. Plaintext : please transfer one million dollar to. MEGABUCK 7 4 5 1 2 8 3 6 p l e a s e t r a ns f e r o n e m i l l i o n d o l l a r t o Ciphertext : afllselatootlnmoesilrnnopaederir
Cryptographic Techniques Two types of Cryptographic Techniques : Single
Key Cryptography
Public
Key Cryptography
Comparison of Symmetric and Asymmetric Encryption Secret Key
Plaintext
Encryption
Ciphertext
Original Plaintext Decryption
Symmetric (Single Key) Cryptography Private Key
Public Key
Plaintext
Encryption
Ciphertext
Original Plaintext Decryption
Asymmetric (Two Key) Cryptography
Single Key Cryptography •
•
•
The process of encryption and decryption of information by using a single key is known as secret key cryptography or symmetric key cryptography. In symmetric key cryptography, the same key is used to encrypt as well as decrypt the data. The main problem with symmetric key algorithms is that the sender and the receiver have to agree on a common key. A secure channel is also required between the sender and the receiver have to exchange the secret key. Symmetric key Algorithm : The algorithm takes an n-bit block of plaintext as input n transform it using the key into nbit block of cipher text . Two types of symmetric key algorithm: • Data Encryption Standard (DES) • Triple Data Encryption Standard (3-DES)
Data Encryption Standard
DES was developed as a standard for communications and data protection by an IBM research team, in response to a public request for proposals by the NBS - the National Bureau of Standards (which is now known as NIST).
The S-P Network A permutation box for bits parallels the traditional transposition cipher for characters. It performs a transposition at the bit level.
S-Box : A Substitution
box parallels the traditional substitution cipher for characters.
P-box
S-box
ot 8: r edoc n E
P-Box :
ot 3: r edoc e D
DES : Overview
It takes 64 bits input at a time gives 64 bit output Initial permutation rearranges 64 bits (no cryptographic effect) Encoding is in 16 rounds
plaintext INITIAL PERMUTATION ROUND 1 ROUND 2 ... ROUND 16 INITIAL PERMUTATION-1 ciphertext
DES : Encryption Round
64 bits divided into left, right halves. Right half goes through function f, mixed with key. Right half added to left half. Halves swapped (except in last round)
Li-1
⊕
Li
Ri-1
f
Ri
DES Function
Expand right side from 32 to 48 bits (some get reused) Add 48 bits of key (chosen by schedule) S-boxes: each set of 6 bits reduced to 4 P-box permutes 32 bits
Ri-1 Expansion
⊕ Eight S-boxes P-box Output
Ki
DES :Decryption Round
Equations for round i: L i =R i− 1
Ri = Li −1 ⊕ f (Ri −1 ) In other words: Ri −1 = Li
Li −1 = Ri ⊕ f (Li ) So decryption is the same as encryption Last round, no swap: really is the same
Li-1
⊕
Li
Ri-1
f
Ri
Insecurity In DES The key in DES is too short that it can be broken into 2^n time if it has n bit of key. Why not 2-DES? Then to improve the security of the block cipher , two independent keys are used to encrypt the data thinking that this would square the security of the data but this will take only double the time to break the single encryption scheme and causing MEET In The MIDDLE attack
Triple Data Encryption Standard
Critics of DES contend that the key is too short. To increase the length of key Triple DES has been proposed and implemented. This uses 3 DES blocks -The encrypting block uses an Encryption – Decryption – Encryption combination of DES’s. -- 3-DES encrypts 64 bit block “I” into 64 bit block “O”. O=Ek3 (Dk2 (Ek1 (I))) -The decrypting block uses an Decryption – Encryption – Decryption combination of DES’s. -- 3-DES encrypts 64 bit block “I” into 64 bit block “O”. O=Dk1 (Ek2 (Dk3 (I)))
Encryption/Decryption Triple DES Model
3 – DES : Keying Option
The standards define three keying options: Keying option 1: All three keys are independent. Keying option 1 is the strongest, with 3 x 56 = 168 independent key bits. Keying option 2: K1 and K2 are independent, and K3 = K1. Keying option 2 provides less security, with 2 x 56 = 112 key bits. This option is stronger than simply DES encrypting twice, e.g. with K1 and K2, because it protects against MEET IN THE MIDDLE attack. Keying option 3: All three keys are identical, i.e. K1 = K2 = K3. Keying option 3 is no better than DES, with only 56 key bits. This option provides backward compatibility with DES, because the first and second DES operations simply cancel out.
Public Key Cryptography
Public key cryptography is that the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys — a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed.
In public key cryptography, the data that is encrypted with the public key can only be decrypted with the corresponding private key and vice versa. Due to this asymmetry public key cryptography is known as asymmetric cryptography.
The public key cryptography solves one of the most vexing problems of all prior cryptography the necessity of establishing a secure channel for the exchange of the key. For example:An analogy to Public Key Encryption is that of a locked mailbox and mail slot. Mailslot is accessible to public but mailbox can be opened by one who has the Key to it.
Public Key Algorithm The Encryption algorithm, E and the decryption algorithm, D has to meet three requirements which are as follows : D(E(P))=P; It is exceedingly difficult to deduce D from E; E cannot be broken by a chosen plaintext attack.. One of the most widely used Public key algorithm is RSA.
RSA In cryptography , RSA( which stands for Rivest, Shamir and Adleman who first publicly described it ) is an algorithm for public key cryptography. RSA can be summarized in the following steps: 1. Choose 2 distinct prime numbers p and q. - For security purposes, the integers p and q should be chosen uniformly at random and should be of similar bit-length. 2. Compute n= p*q and z= (p-1)*(q-1) 3. Choose a number relative prime to z and name it as d. 4. Find e such that e*d=1 mod z.
Thus inorder to encrypt a message P, compute C=P e mod n. and to decrypt C,compute P=C d mod n. The Public Key consists of pair (e,n) and the Private Key consists of (d,n).
RSA Example Let we have to encrypt Plain text “SUZANNE” , as per algorithm there will be following steps : 1. Let p=3 and q=11 2. n=3*11=33 and z=2*10=20 3. a suitable number which is relative prime to 20 is 7,which is d 4. e can be found by solving equation 7e=1(mod 20),which yields 3. Thus cipher text C=P3mod 33 and after decryption P=C 7 mod33.
Symboli Numeri c c
P3
P3(mod 33)
C7
C7(mod 33 Symboli ) c
S
19
6859
28
134929285 12
19
S
U
21
9261
21
180108854 1
21
U
Z
26
17576
20
128000000 0
26
Z
A
01
1
1
1
01
A
N
14
5
5
78125
14
N
N
14
5
5
78125
14
N
E
05
26
26
803180176
05
E
RSA ISSUES
RSA is computationally intense. Commonly used key lengths are 512 bits. The plain text should be smaller than the key length. The encrypted text is same size as the key length. Generally used to encrypt secret keys. Basis: Factoring a big number is hard.
Digital Signature A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit.
Why Digital Signature is Used? To provide authenticity ,integrity and non repudiation to electronic documents. To use Internet as the safe and secure medium for ecommerce.
Continued….
One possible method for creating a digital signature is for the originator of data to create the signature by encrypting all of the data with the originator's private key and enclosing the signature with the original data.
Anyone with the originator's public key can decrypt the signature and compare the decrypted message to the original message. Because only someone with the private key can create the signature, the integrity of the message is verified when the decrypted message matches the original.
If an intruder alters the original message during transit, the intruder cannot also create a new valid signature. If an intruder alters the signature during transit, the signature does not verify properly and is invalid.
However, encrypting all data to provide a digital signature is impractical for three reasons:
The ciphertext signature is the same size as the corresponding plaintext, so message sizes are doubled, consuming large amounts of bandwidth and storage space.
Public key encryption is slow and places heavy computational loads on computer processors, so network and computer performance can be significantly degraded.
Encrypting the entire contents of information produces large amounts of ciphertext, which can be used for cryptanalysis attacks, especially known plaintext attacks (where certain parts of the encrypted data, such as e-mail headers, are known beforehand to the attacker).
Digital Signature Algorithms Digital signature algorithms use more efficient methods to create digital signatures. The most common types of digital signatures today are created by signing message digests with the originator's private key to create a digital thumbprint of the data. Because only the message digest is signed, the signature is usually much shorter than the data that was signed. Therefore, digital signatures place a relatively low load on computer processors during the signing process, consume insignificant amounts of bandwidth, and produce small amounts of ciphertext for cryptanalysis. Two of the most widely used digital signature algorithms today are the RSA digital signature process and the Digital Signature Standard (DSS).
RSA Digital Signature Process In the RSA digital signature process, the private key is used to encrypt only the message digest. The encrypted message digest becomes the digital signature and is attached to the original data. Digital signing : Sender A does the following: Creates a message digest of the information to be sent. Uses her private key (n, d) to compute the signature s=m^d mod n. Sends this signature s to the recipient, B.
Signature verification: Recipient B does the following:
Uses sender A's public key (n, e) to compute integer v = s^e mod n. Extracts the message digest from this integer. Independently computes the message digest of the information that has been signed. If both message digests are identical, the signature is valid.
RSA Digital Signature Process
Digital signature : Application
The Private key is generated in the crypto module residing in the smart card. The key is kept in the memory of the smart card. The key is highly secured as it doesn’t leave the card, the message digest is sent inside the card for signing, and the signatures leave the card. The card gives mobility to the key and signing can be done on any system. (Having smart card reader)