Chapter Two

Fundamentals of Cryptography
Molalign Tilahun (Msc in IT,Bsc in
Computer Science & MA in Project
Management)
Department of Computer Science
Faculty of Technology
Select College
 2.1.Cryptography
• The basic concepts of cryptography predate the Greeks, the
present word cryptography, used to describe the art of secret
communication, comes from the Greek meaning "secret writing.“
• Cryptography is being increasingly used to fight off this massive
invasion of individual privacy and security, to guarantee data
integrity and confidentiality, and to bring trust in global e-
commerce.
• Cryptography has become the main tool for providing the needed
digital security in the modern digital communication medium that
far exceeds the kind of security that was offered by any medium
before it.
• It guarantees authorization, authentication, integrity,
confidentiality, and non-repudiation in all communications and
data exchanges in the new information society.
2
 Cryptography (cont …)
• An original message is known as the plaintext, while the coded
message is called the ciphertext.
• The process of converting from plaintext to ciphertext is known as
enciphering or encryption.
• Restoring the plaintext from the ciphertext is deciphering or
decryption.
• Cryptography is the area of study which constitute the many schemes
used for encryption. Such a scheme is known as a cryptographic
system or a cipher.
• Cryptanalysis
– is a techniques used for deciphering a message without any
knowledge of the enciphering details.
– is what the layperson (​a person who does not have expert
knowledge of a particular subject.) calls "breaking the code."
• Cryptology is the study of both cryptography and cryptanalysis. 3
 Cryptography (cont …)
• Cryptographic systems are characterized along three independent
dimensions:
1. The type of operations used for transforming plaintext to cipher text.
All encryption algorithms are based on two general principles:
– substitution, in which each element in the plaintext (bit, letter, group of
bits or letters) is mapped into another element, and
– transposition, in which elements in the plaintext are rearranged.
2. The number of keys used.
– If both sender and receiver use the same key, the system is referred
to as symmetric, single-key, secret-key, or conventional encryption.
– If the sender and receiver use different keys, the system is referred to
as asymmetric, two-key, or public-key encryption.
3. The way in which the plaintext is processed.
– A block cipher processes the input one block of elements at a time,
producing an output block for each input block.
– A stream cipher processes the input elements continuously, producing
5
output one element at a time, as it goes along.
 Cryptanalysis
• Typically, the objective of attacking an encryption system is to recover the
key in use rather then simply to recover the plaintext of a single ciphertext.
• There are two general approaches to attacking a conventional encryption
scheme:
– Cryptanalysis: Cryptanalytic attacks rely on the nature of the
algorithm plus perhaps some knowledge of the general characteristics
of the plaintext or even some sample plaintext cipher text pairs. This
type of attack exploits the characteristics of the algorithm to attempt
to deduce a specific plaintext or to deduce the key being used.

– Brute-force attack: The attacker tries every possible key on a piece

of cipher text until an intelligible translation into plaintext is obtained.
On average, half of all possible keys must be tried to achieve success.
6
 Cryptanalysis
• A brute-force attack involves trying every possible key until an
intelligible translation of the cipher text into plaintext is obtained. On
average, half of all possible keys must be tried to achieve success. The
following table shows how much time is involved for various key spaces.
Results are shown for four binary key sizes.

6
 Cryptography (cont …)
• The power of cryptography lies in the degree of difficulty in cracking
the ciphertext back into plaintext after it has been transmitted through
either protected or unprotected channels.
• The beauty of a strong encryption algorithm is that the ciphertext can
be transmitted across naked channels without fear of interception and
recovery of the original plaintext.
• The decryption process also uses a key and a decryption algorithm to
recover the plaintext from the ciphertext.
• The hallmark of a good cryptographic system is that the security of the
whole system does not depend on either the encryption or decryption
algorithms but rather on the secrecy of the key.
• This means that the encryption algorithm may be known and used
several times and by many people as long as the key is kept a secret.
This further means that the best way to crack an encryption is to get
hold of the key. 7
 Cryptography (cont …)
• Key-based encryption algorithm can either be symmetric, also
commonly known as conventional encryption, or asymmetric, also
known as public key encryption.
• Symmetric algorithms are actually secret key based where both
the encryption and decryption algorithms use this same key for
encryption and decryption.
• Asymmetric or public key algorithms, unlike symmetric ones,
use a different key for encryption and decryption, and the
decryption key cannot be derived from the encryption key.

8
 2.2. Symmetric Encryption
• A symmetric encryption scheme has five ingredients :
1. Plaintext: This is the original intelligible message or data that is fed into
the algorithm as input.
2. Encryption algorithm: The encryption algorithm performs various
substitutions and transformations on the plaintext.
3. Secret key: The secret key is also input to the encryption algorithm. The
key is a value independent of the plaintext and of the algorithm. The
algorithm will produce a different output depending on the specific key
being used at the time. The exact substitutions and transformations
performed by the algorithm depend on the key.
4. Cipher text: This is the scrambled message produced as output. It
depends on the plaintext and the secret key. For a given message, two
different keys will produce two different cipher texts. The cipher text is
an apparently random stream of data and, as it stands, is unintelligible.
5. Decryption algorithm: This is essentially the encryption algorithm run
in reverse. It takes the cipher text and the secret key and produces the
original plaintext. 10
 Quiz (1%)

 Discuss the following questions?

Cryptography
 Plaintext
 Cipher text
 Symmetric encryption (cont …)

• There are two requirements for secure use of symmetric (conventional)

encryption:
1. The opponent should be unable to decrypt cipher text or discover the key even if he or she is in
possession of a number of cipher texts together with the plaintext that produced each cipher
text.
2. Sender and receiver must have obtained copies of the secret key in a secure fashion and must
keep the key secure. If someone can discover the key and knows the algorithm, all
communication using this key is readable.
• With the use of symmetric encryption, the principal security problem is
11
maintaining the secrecy of the key.
 Symmetric Encryption (cont …)

• A source produces a message in plaintext, X = [X1, X2, ..., XM].

• The M elements of X are letters in some finite alphabet.
• Traditionally, the alphabet usually consisted of the 26 capital letters. Nowadays, the
binary alphabet {0, 1} is typically used.
• For encryption, a key of the form K = [K1, K2, ..., KJ] is generated. If the key is
generated at the message source, then it must also be provided to the destination by
means of some secure channel.
• Alternatively, a third party could generate the key and securely deliver it to both source
12
and destination.
 Symmetric Encryption(cont …)
• With
– message X and
– encryption key K as input the encryption algorithm forms the ciphertext Y = [Y1, Y2, ..., YN]

• We can write this as Y = E(K, X)

• This notation indicates that Y is produced by using encryption algorithm E as
a function of the plaintext X, with the specific function determined by the
value of the key K.
• The intended receiver, in possession of the key, is able to invert the
transformation: X = D(K, Y)
• An opponent, observing Y but not having access to K or X, may attempt to
recover X or K or both X and K. It is assumed that the opponent knows the
encryption (E) and decryption (D) algorithms.
• If the opponent is interested in only this particular message, then the focus of
the effort is to recover X by generating a plaintext estimate X’.
• Often, however, the opponent is interested in being able to read future
messages as well, in which case an attempt is made to recover K by
13
generating an estimate K’.
Symmetric Encryption Algorithms

14
 Problems with Symmetric Encryption
1. Key distribution problem
– The biggest problem is that a single key must be shared in pairs of each
sender and receiver.
– In a distributed environment with large numbers of combination pairs
involved in many-to-one communication topology, it is difficult for the
one recipient to keep so many keys in order to support all communication.
2. The size of the communication space
– Because of the massive potential number of individuals who can carry on
communication in a many-to-one, one-to-many, and many-to-many
topologies supported by the Internet (the secret-key cryptography, if
strictly used), requires billions of secret keys pairs to be created, shared,
and stored.
– Large numbers of potential correspondents in the many-to-one, one-to-
many, and many-to-many communication topologies may cause
symmetric encryption to fail because of its requirement of prior
relationships with the parties to establish the communication protocols
like the setting up of and acquisition of the secret key. 15
 Problems with Symmetric Encryption (cont …)
3. The integrity of data can be compromised because the
receiver cannot verify that the message has not been altered
before receipt.
4. It is possible for the sender to repudiate the message because
there are no mechanisms for the receiver to make sure that
the message has been sent by the claimed sender.
5. The method does not give a way to ensure secrecy even if
the encryption process is compromised.
6. The secret key may not be changed frequently enough to
ensure confidentiality.

16
 2.3. Asymmetric (Public Key) Encryption
• Martin Hellman and Whitfield Diffie, developed a method that addressed
at least the first two problems and probably all four drawbacks of symmetric
encryption by guaranteeing secure communication without the need for a
secret key, which is called a public key encryption (PKE).
• Public key encryption, commonly known asymmetric encryption, uses
two different keys, a public key known by all and a private key known by only
the sender and the receiver.
• Both the sender and the receiver own a pair of keys, one public and the other
a closely guarded private one.
• To encrypt a message from sender A to receiver B,
– both A and B must create their own pairs of keys.
– Then A and B publicize their public keys - anybody can acquire them.
When A is to send a message M to B, A uses B's public key to encrypt
M.
– On receipt of M, B then uses his or her private key to decrypt the message
M. As long as only B, the recipient, has access to the private key, then A, the
sender, is assured that only B, the recipient, can decrypt the message. 17
 Asymmetric Encryption (cont …)
• Ensuring data confidentiality and integrity does not prevent a third party,
unknown to both communicating parties, from pretending to be A, the
sender.
• This is possible because anyone can get A's, the sender's public key. This
weakness must, therefore, be addressed, and the way to do so is through
guaranteeing of sender non-repudiation and user authentication.
• This is done as follows:
► After both A and B have created their own pairs of keys and exchanged
the public key pair, A, the sender, then encrypts the message to be sent
to B, the recipient, using the sender's private key.
► Upon receipt of the encrypted message, B, the recipient, then uses A's,
the sender's public key to dencrypt the message. The return route is also
similar.
► Authentication of users is ensured because only the sender and recipient
have access to their private keys.
► And unless their keys have been compromised, both cannot deny 18
or
repudiate sending the messages.
 Asymmetric Encryption (cont …)
• To ensure all four aspects of security, that is data confidentiality and
integrity and authentication and non-repudiation of users, a double
encryption is required as illustrated in Figure below.

19
Advantage of Asymmetric Encryption
• The core of public key encryption is that no
secret key is passed between two
communicating parties.
• This approach can support all communication
topologies including one-to-one, one-to-many,
many-to-many, and many-to-one and along
with several to thousands of people can Fig. Authentication and Non-repudiation
communicate with one party without exchange
of keys.
– This makes it suitable for Internet
communication and electronic commerce
applications.
• Its other advantage is that it solves the chronic
repudiation problem experienced by symmetric
encryption. This problem is solved, especially in
large groups, by the use of digital signatures
and certificates. Fig. Ensuring Data Confidentiality and Integrity
and User Authentication and Non-repudiati2o0n
 Asymmetric Encryption (PKE) Algorithms
• Asymmetric Encryption algorithms rely on the degree of computational
difficulty encountered as an attempt is made to recover the keys.
• These algorithms should be labor intensive and the amount and difficulty
involved should, and actually always, increases with the key length.
• The longer the key the more difficult and the longer it should take to guess the
key; usually the private key.

Fig. Public Key Encryption Algorithms 21

 Problems with Public Key Encryption
1. The biggest problem for public key cryptographic scheme is speed.
– Public key algorithms are extremely slow compared to symmetric
algorithms. This is because public key calculations take longer than
symmetric key calculations since they involve the use of exponentiation
of very large numbers which in turn take longer to compute.
– For example, the fastest public key cryptographic algorithm such as
RSA is still far slower than any typical symmetric algorithm. This makes
these algorithms and the public key scheme less desirable for use in
cases of long messages.
2. Public key encryption algorithms have a potential to suffer from the man-
in-the-middle attack.
– The man-in-the-middle attack is a well known attack, especially in the
network community where an attacker sniffs packets off a
communication channel, modifies them, and inserts them back on to
the channel.
– In case of an encryption channel attack, the intruder convinces one of the
22
correspondents that the intruder is the legitimate communication partner..
 2.4. Block vs Stream Ciphers
• A block cipher is an encryption/decryption scheme in which a
block of plaintext is treated as a whole and used to produce a
ciphertext block of equal length.
• A block cipher is one in which a block of plaintext is treated as a
hole and used to produce a ciphertext block of equal length.
Typically, a block size of 64 or 128 bits is used.
• A stream cipher is one that encrypts a digital data stream one bit
or one byte at a time.
 Examples of classical stream ciphers are the auto keyed
Vigenère cipher and the Vernam cipher.

23
 2.5. Substitution and Permutation Ciphers
• The two basic building blocks of all encryption techniques are
1. Substitution replaces plaintext letters or strings of letters by letters
or numbers or symbols.
2. Transposition/Permutation uses the plaintext message letters but
rearranges their order.
• Caesar Cipher : is earliest and simplest substitution cipher and
involves replacing each letter of the alphabet with the letter
standing three places further down the alphabet.
For example,

24
 Substitution Cipher (cont …)
• Caesar Cipher algorithm can be expressed as follows.
 For each plaintext letter p, substitute the ciphertext letter C:
 C = E(3, p) = (p + 3) mod 26
 A shift may be of any amount, so that the general Caesar
algorithm is C = E(k, p) = (p + k) mod 26 where k takes on a
value in therange1 to 25.
 The decryption algorithm is simply p = D(k, C) = (C k) mod 26

25
 Substitution cipher (cont …)
• If it is known that a given ciphertext
is a Caesar cipher, then a brute-force
cryptanalysis is easily performed:
Simply try all the 25 possible keys.
This Figure shows the results of
applying this strategy to the example
ciphertext.
• In this case, the plaintext leaps out as
occupying the third line.

26
 Permutation cipher
• It is a very different kind of mapping achieved by performing
some sort of permutation on the plaintext letters. This technique is
referred to as a transposition cipher.
Rail fence technique
• Is the simplest such cipher is the rail fence technique, in which
the plaintext is written down as a sequence of diagonals and
then read off as a sequence of rows.
• For example,
a) to encipher the message "MEET ME AFTER THE TOGA
PARTY" with a rail fence of depth 2, we write the following:

• The encrypted message is MEMATRHTGPRYETEFETEOAA

27 T
 Permutation cipher (cont …)
• Consider the following plaintext message.
monoalphabeticunilateralsubstitutionsystem
• We will encipher it using a permutation that divides the message into 5-
letter blocks,
monoa lphab eticu nilat erals ubsti tutio nsyst em
• The last block is padded with x’s because the numbers of the letters in
the plaintext message is not a multiple of 5.
monoa lphab eticu nilat erals ubsti tutio nsyst emxxx
• Then we rearrange the letters of the blocks according to the following
permutation:

• When the permutation is applied to all the blocks, we obtain:

monoa lphab eticu nilat erals ubsti tutio nsyst emxxx
oamno ablhp cueit atnli lsear tiusb onttu stnys xxexm
28
 2.6 Cryptographic Algorithms
• Cryptographic algorithms can be classified as follows:
– Encryption algorithms that are used to encrypt data and
provide confidentiality.
– Signature algorithms that are used to digitally “sign” data to
provide authentication.
– Hashing algorithms that are used to provide data integrity.
• We will see the following encryption algorithms
– DES (Data Encryption Standard), Double DES, Triple DES
– Advanced Encryption Standard (AES)

29
 2.6.1. DES (Data Encryption Standard)
• The Data Encryption Standard (DES) is a symmetric-key block
cipher published by the National Institute of Standards and
Technology (NIST).
• (DES) adopted in 1977 by the National Bureau of Standards
• For DES, data are encrypted in 64-bit blocks using a 56-bit key.
• The algorithm transforms 64-bit input in a series of steps into a 64-
bit output. The same steps, with the same key, are used to reverse
the encryption.
• As with any encryption scheme, there are two inputs to the
encryption function: the plaintext to be encrypted and the key.
• In this case, the plaintext must be 64 bits in length and the key is
56 bits in length.

30
 6.1.2 Overview
DES Overview

DES is a block cipher, as shown in the Figure below.

31
 DES Structure
The encryption process is made of two permutations (P-boxes),
which we call initial and final permutations, and sixteen Feistel
rounds.

Plain txt size : 64 bit

No of Rounds : 16
Key size : 64 bits
No of subkeys : 16
Subkey size : 48 bits
Cipher text : 64 bits

32
Block diagram of DES Algorithm : One Round

33
Initial and Final Permutations (cont …)

Initial and final permutation tables

34
 Initial and Final Permutations (cont …)

Example (a)
Find the output of the final permutation box when the input is
given in hexadecimal as:

Solution
Only bit 25 and bit 63 are 1s; the other bits are 0s. In the final
permutation, bit 25 becomes bit 64 and bit 63 becomes bit 15. The
result is

35
 and Final Permutations (cont …)
6.2.1 Continued
Initial

Example (b)
Prove that the initial and final permutations are the inverse of each
other by finding the output of the initial permutation if the input is

Solution
The input has only two 1s; the output must also have only two 1s.
Using Table 6.1, we can find the output related to these two bits. Bit
15 in the input becomes bit 63 in the output. Bit 64 in the input
becomes bit 25 in the output. So the output has only two 1s, bit 25
and bit 63. The result in hexadecimal is

36
 Initial and Final Permutations (cont …)

Note

The initial and final permutations are

straight P-boxes that are inverses
of each other. They have no cryptography
significance in DES.

37
 6.2.2 Rounds
Rounds
DES uses 16 rounds. Each round of DES is a Feistel cipher.

Figure
A round in DES
(encryption site)

38
 6.2.2 Continued
Rounds : DES Function
The heart of DES is the DES function. The DES function
applies a 48-bit key to the rightmost 32 bits to produce a 32-bit
output.

Figure
DES function

39
 Rounds : DES Function (cont …)
6.2.2 Continue

Expansion P-box
Since RI−1 is a 32-bit input and KI is a 48-bit key, we first
need to expand RI−1 to 48 bits.

Figure : Expansion permutation

40
 Rounds : DES Function (cont …)
6.2.2 Continue

Although the relationship between the input and output can

be defined mathematically, DES uses the Table below to
define this P-box.
Table : Expansion P-box table

41
 Rounds : DES Function (cont …)
6.2.2 Continue

Whitener (XOR)
After the expansion permutation, DES uses the XOR
operation on the expanded right section and the round key.
Note that both the right section and the key are 48-bits in
length.

Also note that the round key is used only in this operation.

42
 Rounds : DES Function (cont …)
6.2.2 Continue

S-Boxes (Straight – Boxes)

The S-boxes do the real mixing (confusion).
DES uses 8 S-boxes, each with a 6-bit input and a 4-bit
output.

Figure : S-boxes 43
Rounds : DES Function (cont …)

Figure : S-box rule

44
 Rounds : DES Function (cont …)
S-Box
The following Table shows the permutation for S-box 1.

Table : S-box 1

45
 Rounds : DES Function (cont …)
6.2.2 Continued

Example
The input to S-box 1 is 100011. What is the output?

Solution
If we write the first and the sixth bits together, we get 11 in
binary, which is 3 in decimal. The remaining bits are 0001 in
binary, which is 1 in decimal. We look for the value in row 3,
column 1, in Table 6.3 (S-box 1). The result is 12 in decimal,
which in binary is 1100. So the input 100011 yields the output
1100.

46
 Rounds : DES Function (cont …)

Straight Permutation

Table : Straight permutation table

47
 Rounds : DES Function (cont …)

DES Cipher and Reverse Cipher

Using mixers and swappers, we can create the cipher and
reverse cipher, each having 16 rounds.

First Approach
To achieve this goal, one approach is to make the last round
(round 16) different from the others; it has only a mixer and
no swapper.

Note

In the first approach, there is no swapper in the last round.

48
 Rounds : DES Function (cont …)

49
Figure : DES cipher and reverse cipher for the first approach
 Rounds : DES Function (cont …)
6.2.3 Continued

Alternative Approach
We can make all 16 rounds the same by including one
swapper to the 16th round and add an extra swapper after
that (two swappers cancel the effect of each other).

50
 Rounds : Key Generation
The round-key generator creates
sixteen 48-bit keys out of a 56-
bit cipher key.

Figure : Key generation 51

 Rounds : Key Generation (cont …)
Table : Parity-bit drop table (Permuted choice -1)

Table : Number of bits shifts

52
 Rounds : Key Generation (cont …)
6.2.3 Continued

Table : Permutation Choice -2 (Key-compression table)

53
 2.6.2. RSA Public Key Encryption Algorithm
• RSA is developed in 1977 by Ron Rivest, Adi Shamir, and Len
Adleman at MIT and first published in 1978 .
• The Rivest-Shamir-Adleman (RSA) scheme has since that time reigned
supreme as the most widely accepted and implemented general-
purpose approach to public-key encryption.
• This algorithm is based on the difficulty of factorizing large numbers
that have 2 and only 2 factors (Prime numbers).
• The system works on a public and private key system.
– The public key is made available to everyone. With this key a user
can encrypt data but cannot decrypt it, and
– The only person who can decrypt it is the one who possesses the
private key.
• It is theoretically possible but extremely difficult to generate the
private key from the public key, this makes the RSA algorithm a very
popular choice in data encryption.
 Description of the Algorithm
• The scheme developed by Rivest, Shamir, and Adleman makes use of
an expression with exponentials.
• Encryption and decryption are of the following form, for some
plaintext block M and cipher text block C:

• Both sender and receiver must know the value of n. The sender knows
the value of e, and only the receiver knows the value of d.
• Thus, this is a public-key encryption algorithm with a
– public key ={e, n} and
– private key = {d, n}.
 RSA algorithm (cont …)
• First of all, two large distinct prime numbers p and q must be
generated.
• The product of these p and q, we call n is a component of the public
key.
• We then generate the encryption key e which must be co-prime to the
number m = ϕ(n) = (p − 1)(q − 1), gcd(e, m)=1
• We then create the decryption key d such that d*e mod m = 1.
• We now have both the public and private keys.
Encryption
• We let y = E(x) be the encryption function where x is an integer and y
is the encrypted form of x, y = xe mod n
Decryption
• We let X = D(y) be the decryption function where y is an encrypted
integer and X is the decrypted form of y, X = yd mod n
 RSA algorithm : Example
• We start by selecting primes p = 3 and q = 11.
• n = pq = 33, m = (p − 1)(q − 1) = (2)(10) = 20.
Find public key (e) Find private key (d)
gcd(e,m) = 1 d*e mod m= 1
gcd(e,20) = 1 d*3 mod 20 = 1
We can choose any value for e We can choose any value for d
which satisfies the above which satisfies the above
condition, i.e e=3 condition, i.e d=7
Therefore, publci key = {3,33} Therefore, private key = {7,33}
• Now let‟s say that we want to encrypt the number x = 9:
We use the Encryption function To decrypt y we use the function
y = xe mod n X = yd mod n
y = 93 mod 33 X = 37 mod 33
y = 729 mod 33 ≡ 3 X = 2187 mod 33
y= 3 X = 9 , therefore the algorithm works!
 Hash function
• A hash function
– is a mathematical function that converts a
numerical input value into another
compressed numerical value.
– Has an input of arbitrary length but
output is always of fixed length.
• Values returned by a hash function are
called message digest or simply hash
values.
• The hash value represents concisely the longer
message
– may called the messagedigest
• A message digest is as a “digital fingerprint”
of the original document
condenses arbitrary message to fixed size
h = H(M)
 Chewing functions
⦁ Hashing function as “chewing” or “digest” function
 Hashing V.S. Encryption

Hello, world. k NhbXBsZSBzZW50ZW5jZS

A sample sentence to E B0byBzaG93IEVuY3J5cHR
show encryption. pb24KsZSBzZ

Hello, world. k
NhbXBsZSBzZW50ZW5jZS
A sample sentence to D
B0byBzaG93IEVuY3J5cHR
show encryption. pb24KsZSBzZ

⦁ Encryption is two way, and requires a key to encrypt/decrypt

This is a clear text that

can easily read without 52f21cf7c7034a20
using the key. The h 17a21e17e061a863
sentence is longer than
the text above.

– Hashing is one-way. There is no 'de-hashing‟

 Hash Function Applications
 Used Alone
– Fingerprint -- file integrity verification, public key
fingerprint
– Password storage (one-way encryption)

 Combined with encryption functions

– Hash based Message Authentication Code (HMAC)
• protects both a message's integrity and confidentiality
– Digital signature
• Ensuring Non-repudiation
• Encrypt hash with private (signing) key and verify with public
(verification) key
 Integrity

• to create a one-way password file

– store hash of password not actual password
• for intrusion detection and virus detection
– keep & check hash of files on system
 Password Verification
Store Hashing Password Verification an input password against the stored hash

Iam#4VKU Iam#4VKU
Password
store
h h

661dce0da2bcb2d8 661dce0da2bcb2d8 661dce0da2bcb2d8

2884e0162acf8194 2884e0162acf8194 2884e0162acf8194

Hash Matching
Exactly?
Password
store Yes No
Grant Deny
 Hash Function Usages
• Message authentication is a mechanism or service used to verify the integrity of a
message, by assuring that the data received are exactly as sent.
• The message plus concatenated hash code is encrypted using symmetric encryption.
• Since only A and B share the secret key, the message must have come from A and has
not been altered.
• The hash code provides the structure or redundancy required to achieve authentication.
• Only the hash code is encrypted, using symmetric encryption. This reduces the
processing burden for those applications not requiring confidentiality.

Message encrypted : Confidentiality and authentication

Message unencrypted: Authentication

 Hash Function Usages (II)

Message encrypted : Authentication (no encryption needed!)

Fig (c) shows the use of a hash function but no encryption for message authentication.
The technique assumes that the two communicating parties share a common secret value S.
A computes the hash value over the concatenation of M and S and appends the resulting hash
value to M.
Because B possesses S, it can recompute the hash value to verify. Because the secret value itself is
not sent, an opponent cannot modify an intercepted message and cannot generate a false
message.

Message unencrypted: Authentication, confidentiality

In (d), Confidentiality can be added to the approach of (c) by encrypting the entire message plus
the hash code.
When confidentiality is not required, method (b) has an advantage over methods (a) and (d),
which encrypts the entire message, in that less computation is required.
Hash Function Usages (III)

Authentication, digital signature

Authentication, digital signature, confidentiality

 Properties of Hash Functions

1. Preimage resistant (One-way property)

• Cannot recover message m given its digest H(m)
2. Second preimage resistant (Weak collision resistant)
• Given message m, cannot generate another message m‟ such that
H(m‟)=H(m)  ensure integrity
3. Collision resistant (Strong collision resistance)
(a stronger requirement than above one)
• Sender cannot generate two messages m and m‟ such that H(m)=H(m’)
 ensure nonrepudation
 Properties : Fixed length

Hello, world 661dce0da2bcb2d8

h 2884e0162acf8194

Fixed length L
This is a clear text that
can easily read without
52f21cf7c7034a20
using the key. The h
17a21e17e061a863
sentence is longer than
the text above.

• Arbitrary-length message to fixed-length digest

 Preimage resistant
• This measures how difficult to devise a message which hashes to
the known digest
• Roughly speaking, the hash function must be one-way.

Given only a message digest, can’t find any message

(or preimage) that generates that digest.
 Second preimage resistant
 This measures how difficult to devise a message which hashes to
the known digest and its message

• Given one message, can‟t find another message that has the same
message digest. An attack that finds a second message with the same
message digest is a secondpre-image attack.
• It would be easy to forge new digital signatures from old
signatures if the hash function used weren‟t second preimage
resistant
 Collision Resistant

– Can‟t find any two different messages with the same message
digest
• Collision resistance implies second preimage resistance
• Collisions, if we could find them, would give signatories a way
to repudiate their signatures
 Hash Functions Family
• MD (Message Digest)
– Designed by Ron Rivest
– Family: MD2, MD4, MD5
• SHA (Secure Hash Algorithm)
– Designed by NIST
– Family: SHA-0, SHA-1, and SHA-2
• SHA-2: SHA-224, SHA-256, SHA-384, SHA-512
• SHA-3: the latest member of the Secure Hash Algorithm
family of standards, released by NIST on August 5, 2015.
• RIPEMD (Race Integrity Primitive Evaluation Message
Digest)
– Developed by Katholieke University Leuven Team
– Family : RIPEMD-128, RIPEMD-160, RIPEMD-256,
RIPEMD-320
MD5, SHA-1, and RIPEMD-160
MD5 Overview
 MD5 Overview (cont …)

2. Append
length
(64bits)

1. Append padding
bits
(to 448 mod 512)

3. Initialize MD buffer (4x32 bits Word)

Word A = 01 23 45 67
Word B = 89 AB CD EF
Word C = FE DC BA 98
Word D = 76 54 32 10
 Secure Hash Algorithm (SHA)
 SHA originally designed by NIST & NSA in 1993

 revised in 1995 as SHA-1

 produces 160-bit hash values

 In 2005 results on security of SHA-1 have raised concerns
on its use in future applications
 Revised SHA
 NIST issued revision SHA-1 in 2002

 adds 3 additional versions of SHA

 SHA-256, SHA-384, SHA-512

 designed for compatibility with increased security provided by
the AES cipher

 structure & detail is similar to SHA-1

 hence analysis should be similar

 but security levels are rather higher

SHA-512 Overview
 Padding and length field in SHA-512

• What is the number of padding bits if the length of the original

message is 2590 bits?
• We can calculate the number of padding bits as follows:

• The padding consists of one 1 followed by 353 0‟s.

 Attacks on Hash Functions
1. brute-force attacks and cryptanalysis
 cryptanalytic attacks exploit some property of algorithm so faster
than brute-force
2. a preimage or second preimage attack
 find y such that H(y)equals a given hash value
3. collision resistance
 find two messages x & y with same hash so H(x) = H(y)

"MD5 and SHA1 are both clearly broken (in terms of collision-resistance”
Ron Rivest

http://mail.python.org/pipermail/python-dev/2005-December/058850.html
 2.8 Message Authentication Code (MAC)
• MAC algorithm is a symmetric key cryptographic technique to provide
message authentication.
• For establishing MAC process, the sender and receiver share a
symmetric key K.
• Essentially, a MAC is an encrypted checksum generated on the
underlying message that is sent along with a message to ensure message
authentication.
• The process of using MAC for authentication is depicted in the
following illustration −
 MAC (message authentication code)
• A hash function cannot provide authentication.
• The digest created by a hash function can detect any modification in the
message, but not authentication.
• MAC (message authentication code): can be used to ensure both
integrity and authentication.

MAC, created by Alice and checked by Bob (Message itself is unencrypted)

 Limitations of MAC
• There are two major limitations of MAC, both due to its symmetric
nature of operation.
• Establishment of Shared Secret
– It can provide message authentication among pre-decided legitimate
users who have shared key.
– This requires establishment of shared secret prior to use of MAC.
• Inability to Provide Non-Repudiation
– MAC technique does not provide a non-repudiation service. If the
sender and receiver get involved in a dispute over message
origination, MACs cannot provide a proof that a message was
indeed sent by the sender.
– Though no third party can compute the MAC, still sender could
deny having sent the message and claim that the receiver forged it, as
it is impossible to determine which of the two parties computed the
MAC.
 2.9. Digital Signature
• In the physical world,
– it is common to use handwritten signatures on handwritten
or typed messages to bind signatory to the message.

• Digital signature
– is a technique that binds a person/entity to the digital data
so it can be independently verified by receiver as well as any
third party.
– is a cryptographic value that is calculated from the data
and a secret key known only by the signer.
 Digital Signature (cont …)
• A digital signature needs a public-key system.
• Notations
– m: message
– H(m): message digest of m by using hash function H()
– KA- :Private key of user A
– KA+ :Public key of user A
– KAB: Symmetric key between A and B
– K(m): ciphertext of message m by using encryption key K
 Digital Signature (cont …)
Figure Signing the message itself in digital signature

Public KA+

Private KA-

Provide no confidentiality (message is not secret)

Problem: Too expensive to sign message itself using public key system
 Digital Signature (cont …)
• For message confidentiality,
– we use the private and public keys of the receiver;

• In digital signature (integrity, authentication, non

repudation),
– we use the private and public keys of the sender.
Digital Signature (cont …)
Figure Signing the digest in a digital signature

KA-
KA+
 Model of Digital Signature
• The digital signature scheme is based on public key cryptography.

• The model of digital signature scheme is shown below.

 Importance of Digital Signature
1. Message authentication
– When the verifier validates the digital signature using public key of a
sender, he is assured that signature has been created only by sender
who possess the corresponding secret private key and no one else.
2. Data Integrity
– In case an attacker has access to the data and modifies it, the digital
signature verification at receiver end fails.
– The hash of modified data and the output provided by the
verification algorithm will not match.
– Hence, receiver can safely deny the message assuming that data
integrity has been breached.
3. Non-repudiation
– Since it is assumed that only the signer has the knowledge of the
signature key, he can only create unique signature on a given data.
– Thus the receiver can present data and the digital signature to a third
party as evidence if any dispute arises in the future.
 Encryption with Digital Signature
• This can archived by combining digital signatures with encryption
scheme.
• There are two possibilities
– sign-then-encrypt and
– encrypt-then-sign
 2.10 Public Key Infrastructure (PKI)
• The most distinct feature of Public Key Infrastructure (PKI)
is that it uses a pair of keys to achieve the underlying security
service.
• The key pair comprises of private key and public key.
• Since the public keys are in open domain, they are likely to be
abused.
• It is, thus, necessary to establish and maintain some kind of
trusted infrastructure to manage these keys.
 Key Management
• The security of any cryptosystem depends upon how securely its keys
are managed.
• Without secure procedures for the handling of cryptographic keys, the
benefits of the use of strong cryptographic schemes are potentially lost.
There are some important aspects of
key management
• Cryptographic keys are nothing
but special pieces of data.
• Key management refers to the
secure administration of
cryptographic keys.
Key management deals with entire key
lifecycle as depicted in the figure
 Public Key Infrastructure (PKI)
• There are two specific requirements of key management for public key
cryptography.
– Secrecy of private keys.
• Throughout the key lifecycle, secret keys must remain secret from
all parties except those who are owner and are authorized to use
them.
– Assurance of public keys
• In public key cryptography, the public keys are in open domain
and seen as public pieces of data.
• By default there are no assurances of whether a public key is
correct, with whom it can be associated, or what it can be used
for.
• Thus key management of public keys needs to focus much more
explicitly on assurance of purpose of public keys.
• The most crucial requirement of „assurance of public key‟ can be
achieved through the public-key infrastructure (PKI), a key
management systems for supporting public-key cryptography.
 Public Key Infrastructure (PKI)
• PKI provides assurance of public key.
• It provides the identification of public keys and their distribution.
• An anatomy of PKI comprises of the following components.
a) Public Key Certificate, commonly referred to as „digital certificate‟.

b) Private Key tokens.

c) Certification Authority.

d) Registration Authority.

e) Certificate Management System.

 a) Digital Certificate
• Digital certificates are based on the ITU standard X.509 which defines a
standard certificate format for public key certificates and certification
validation.
• Hence, digital certificates are sometimes also referred to as X.509
certificates.
• Public key
– is stored in digital certificates by
the Certification Authority (CA) along
with other relevant information such as
• client information,
• expiration date,
• usage,
• Issuer
• etc.
 Digital Certificate (cont …)
• CA digitally signs this entire information and includes digital signature in
the certificate.
• Anyone who needs the assurance about the public key and associated
information of client, he carries out the signature validation process
using CA‟s public key.
• Successful validation assures that the public key given in the certificate
belongs to the person whose details are given in the certificate.
 Digital Certificate
• The process of obtaining Digital Certificate by a person/entity is shown.

• The CA accepts the application from a client to certify his public key.
• The CA, after duly verifying identity of client, issues a digital certificate to that client.
 b) Certifying Authority (CA)
• The CA
– issues certificate to a client and assist other users to verify the
certificate.
– takes responsibility for identifying correctly the identity of the client
asking for a certificate to be issued, and
– ensures that the information contained within the certificate is
correct and digitally signs it.
Key Functions of CA
1. Generating key pairs
– The CA may generate a key pair independently or jointly with the client.
2. Issuing digital certificates
– The CA could be thought of as the PKI equivalent of a passport agency − the
CA issues a certificate after client provides the credentials to confirm his identity.
– The CA then signs the certificate to prevent modification of the details contained
in the certificate.
 Certifying Authority (CA)
3. Publishing Certificates
– The CA need to publish certificates so that users can find them. There are two
ways of achieving this. One is to publish certificates in the equivalent of an
electronic telephone directory. The other is to send your certificate out to those
people you think might need it by one means or another.

4. Verifying Certificates
– The CA makes its public key available in environment to assist verification of his
signature on clients‟ digital certificate.

5. Revocation of Certificates
– At times, CA revokes the certificate issued due to some reason such as compromise
of private key by user or loss of trust in the client. After revocation, CA maintains
the list of all revoked certificate that is available to the environment.
 c) Classes of Certificates
• There are four typical classes of certificate −
• Class 1
– These certificates can be easily acquired by supplying an email
address.
• Class 2
– These certificates require additional personal information to be supplied.
• Class 3
– These certificates can only be purchased after checks have been made about
the requestor‟s identity.
• Class 4
– They may be used by governments and financial organizations needing very
high levels of trust.
 Classes of Certificates
• Registration Authority (RA)
– CA may use a third-party Registration Authority (RA) to perform the
necessary checks on the person or company requesting the certificate
to confirm their identity.
– The RA may appear to the client as a CA, but they do not actually
sign the certificate that is issued.
• Certificate Management System (CMS)
– It is the management system through which certificates are
published, temporarily or permanently suspended, renewed, or
revoked.
– Certificate management systems do not normally delete certificates
because it may be necessary to prove their status at a point in time,
perhaps for legal reasons.
– A CA along with associated RA runs certificate management systems
to be able to track their responsibilities and liabilities.
 d) Private Key Tokens
• While the public key of a client is stored on the certificate, the associated
secret private key can be stored on the key owner‟s computer.
• This method is generally not adopted.
• If an attacker gains access to the computer, he can easily gain access to
private key.
• For this reason, a private key is stored on secure removable storage
token access to which is protected through a password.
• Different vendors often use different and sometimes proprietary storage
formats for storing keys.
 e) Hierarchy of CA
• With vast networks and requirements of global communications, it is
practically not feasible to have only one trusted CA from whom all users
obtain their certificates. Secondly, availability of only one CA may lead
to difficulties if CA is compromised.
• In such case, the hierarchical certification model is of interest since it
allows public key certificates to be used in environments where two
communicating parties do not have trust relationships with the same CA.
– The root CA is at the top of the CA hierarchy and the root CA's
certificate is a self-signed certificate.
– The CAs, which are directly subordinate to the root CA (For
example, CA1 and CA2) have CA certificates that are signed by the
root CA.
– The CAs under the subordinate CAs in the hierarchy (For example,
CA5 and CA6) have their CA certificates signed by the higher-level
subordinate CAs.
 Hierarchy of CA (cont …)
• Certificate authority (CA) hierarchies are reflected in certificate chains. A
certificate chain traces a path of certificates from a branch in the
hierarchy to the root of the hierarchy.
•
 Procedure to verify a certificate chain
• Verifying a certificate chain is the process of ensuring that a specific certificate
chain is valid, correctly signed, and trustworthy.
1. A client whose authenticity is being verified supplies its certificate,
generally along with the chain of certificates up to Root CA.

2. Now if the higher CA who has signed the issuer‟s certificate, is trusted by
the verifier, verification is successful and stops here.

3. Verifier takes the certificate and validates by using public key of issuer.
The issuer‟s public key is found in the issuer‟s certificate which is in the
chain next to client‟s certificate.

4. Now if the higher CA who has signed the issuer‟s certificate, is trusted by
the verifier, verification is successful and stops here.

5. Else, the issuer's certificate is verified in a similar manner as done for

client in above steps. This process continues till either trusted CA is found
in between or else it continues till Root CA.
 The Top SSL Certificate Providers
• Symantec ()
• GeoTrust NB: Visit the websites of the certificate
providers mentioned and explore more
• Comodo on the topic
• DigiCert
• Thawte
• GoDaddy
• Network Solutions
• RapidSSLonline
• SSL.com
• Entrust Datacard