Objectives

• After completing this chapter, the students will be able to understand:

• Introduction
• What is Cryptography?
• Purpose of cryptography
• Types of Cryptography
• Types of cryptography Algorithms
• Attacks of cryptography
 Introduction
• The Internet or the global Internet is the internationally connected network of
computer networks with addresses that are administrated by IANA (Internet

address and Naming Authority).

• There are many aspects to security and many applications, ranging from secure

commerce and payments to private communications and protecting passwords.

• One essential aspect for secure communications is that of cryptography.

 What is Cryptography?
• In simple terms, “cryptography” refers to the art of securing sensitive information using mathematical
algorithms.

• These algorithms stop third parties, commonly known as enemies or hackers, to peep into your data.

• To avoid unauthorized access to information communicated between authorized parties, cryptography

uses encryption and decryption methods.

• According to American cryptographer and computer security expert Bruce, cryptography is “the art and
science of keeping messages secure.”.

• The cryptography method transforms plain text into encrypted text (aka ciphertext) using the encryption
key, and the target receiver can decrypt it using a unique decryption key.
 Cont…
• Cryptography is the process of converting simple plain text into secret text called
ciphertext, and converting ciphertext back to its original simple text,

• The process uses algorithms known as crypto-algorithms to perform the encryption and
decryption process.

• Encryption and decryption are done using a “key” or “code.”

• Sometimes, only one key is used to perform both encryption and decryption and
sometimes two separate keys are used, one for encryption and the other key for

decryption.
 Cont…

• Cryptography derived its name from a Greek word called “krypto’s” which means

“Hidden Secrets”.

• Cryptography is the practice and study of hiding information.

• It is the Art or Science of converting a plain intelligible data into an unintelligible

data and again retransforming that message into its original form.

• It provides Confidentiality, Integrity, and Accuracy.

 Cryptography (Encryption Techniques)
✓Terminology:
➢ Cryptography: Systems/schema for encryption and decryption

➢ Encryption: The process by which plaintext is converted into cipher-text.

➢ Decryption: Recovering plaintext from the cipher-text

➢ Secret key: Used to set some or all of the various parameters used by the encryption

algorithm.

➢ Cryptanalysis: The study of “breaking the code”.

➢ Cryptology: Cryptography and cryptanalysis together constitute the area of cryptology.

 Cont…
Cryptography has five ingredients/Components:

• Plaintext
• Encryption algorithm
• Secret Key
• Ciphertext
• Decryption algorithm
 Description

• A sender S wanting to transmit message M to a receiver R

• To protect the message M, the sender first encrypts it into an unintelligible

message M’

• After receipt of M’, R decrypts the message to obtain M

• M is called the plaintext(What we want to encrypt)
• M’ is called the ciphertext(The encrypted output)
 Notation
• Given

• P=Plaintext

• C=CipherText

• k=key shared by sender and receiver

• C = EK (P) Encryption

• P = DK (C) Decryption
 Why Study Cryptography?

• In today’s Internet world, cryptography applications are used to enable digital signatures,
money transfers, online shopping, online booking, and credit card payments, where

authentication and privacy are crucial.

• Cryptography makes transactions on the web more secure through digital certificates, 3-D

secure, and other encryption technology.

• With the rise in government surveillance of Internet data, which is making headlines every day,

people are even more concerned about their privacy and personal data.
 Cont…
• Human being from ages had two inherent needs:

• To communicate and share information and

• To communicate selectively (to communicate secretly with selective recipient).

• These two needs gave rise to the art of coding the messages in such a way that only the

intended people could have access to the information.

• Unauthorized people could not extract any information, even if the scrambled messages

fell in their hand.

 Cont…
• So, the art and science of covering the messages to introduce secrecy in
information security is recognized as cryptography.

• Is the study of how to alter a message so that someone intercepting it cannot read
it without the appropriate algorithm and key.

• Is the study of secure communications techniques that allow only the sender and
intended recipient of a message to view its contents

• It refers to the design of mechanisms based on mathematical algorithms that

provide fundamental information security services
 Security Services of Cryptography
• The primary objective of using cryptography is to provide the following four fundamental information
security services

• Confidentiality
• It is a security service that keeps the information from an unauthorized person.
• It is sometimes referred to as privacy or secrecy.
• Data Integrity
• Integrity service confirms that whether data is intact or not since it was last created, transmitted, or stored
by an authorized user.
• Authentication
• It confirms to the receiver that the data received has been sent only by an identified and verified sender.
• Non-repudiation
• It is an assurance that the original creator of the data cannot deny the creation or transmission of the said
data to a recipient or third party.
 Cryptography Algorithms

• In cryptography, encryption and decryption are performed using a mathematical

function, often known as cryptographic algorithm.

• The mathematical function consists of keys: a word, number, or phrase and

cryptographic algorithm makes use of one or more of these keys to encrypt the

data.

• The strength of the encryption depends on the keys and cryptographic algorithm
which makes use of these keys to encrypt.
 Cryptography Algorithms

• The three main types of algorithms:

1. Symmetric key(private key) Cryptography: Uses a single key for both encryption and
decryption, which is also called symmetric encryption. It is primarily used for privacy and
confidentiality.

2. Asymmetric Key(Public Key) Cryptography: Uses one key for encryption and another
different key for decryption and is also called asymmetric encryption. It is primarily used for
authentication, nonrepudiation, and key exchange.

3. Hash functions: Uses a mathematical transformation that transforms the message into a fixed
length data that is unique to the corresponding source.
Cont….
Cont…
 Symmetric Cryptography
• Symmetric cryptography, known also as secret key cryptography, is the use of a single
shared secret to share encrypted data between parties.

• In simple terms, the sender encrypts data using a password, and the recipient must know
that password to access the data.

• Symmetric Encryption is a two-way process. With a block of plaintext and a given

key, symmetric ciphers will always produce the same ciphertext.

• Symmetric Encryption is useful for protecting data between parties with an established
shared key and is also frequently used to store confidential data.
 Cont…
• Symmetric cryptography methods employ a single key for both encryption and
decryption.

• Symmetric keys are also known as secret keys. The sender uses the key to
encrypt the plaintext and sends the ciphertext to the receiver.

• The receiver then applies the same key to decrypt the message and recover the
plaintext.

• Because a single key is used for both functions, it is called symmetric encryption.
Cont…
Cont…
Cont…
Cont…..
 Common Symmetric Algorithms
• Some of the most popular crypto algorithms are:
• AES (Advanced Encryption Standard)
• DES (Data Encryption Standard)
• IDEA (International Data Encryption Algorithm)
• Blowfish (Drop-in replacement for DES or IDEA)
• RC4 (Rivest Cipher 4)
• RC5 (Rivest Cipher 5)
• RC6 (Rivest Cipher 6)
What are some advantages of symmetric encryption?

• Some advantages of symmetric encryption include:

• Security: symmetric encryption algorithms like AES take billions of years to

crack using brute-force attacks.

• Speed: Because of its shorter key lengths and relative simplicity compared to
asymmetric encryption, is much faster to execute.

• Industry adoption and acceptance: symmetric encryption algorithms like AES

have become the gold standard of data encryption because of their security.
 Asymmetric Cryptography
• Asymmetric cryptography is scalable for use in very large and ever expanding environments
where data are frequently exchanged between different communication partners.

• Each user has two keys: a public key and a private key and Both keys are mathematically
related (both keys together are called the key pair).

• The public key is made available to anyone and the private key is kept secret.
• Data encrypted with the public key is unencrypted with the private key.
• Encrypting data with the private key creates a digital signature and this ensures the message has
come from the stated sender (because only the sender had access to the private key to be able to
create the signature).
 Cont…
• Asymmetric cryptography is often used to exchange the secret key to prepare for
using symmetric cryptography to encrypt data.

• In the case of a key exchange, one party creates the secret key and encrypts it with the
public key of the recipient.
• The receiver would then decrypt it with their private key and the remaining
communication would be done with the secret key being the encryption key.

• Asymmetric encryption uses two separate keys: a public key and a private key and
often a public key is used to encrypt the data while a private key is required to decrypt
the data.

• The private key is only given to users with authorized access. As a result, asymmetric
encryption can be more effective, but it is also more costly.
Cont…
 Cont…

• Examples of asymmetric encryption include:

• Rivest Shamir Adleman (RSA)

• The Digital Signature Standard (DSS),

• Digital Signature Algorithm (DSA)

• Elliptical Curve Cryptography (ECC)

• The Diffie-Hellman exchange method

➢What is TLS/SSL protocol?

 What are some advantages of asymmetric encryption?

• Advantages of using asymmetric encryption include:

• Key distribution not necessary: securing key distribution channels has long been a headache
in cryptography. Asymmetric encryption eliminates key distribution entirely.

• Exchange of private keys not necessary: with asymmetric encryption, private keys should
remain stored in a secure location and thus private to the entities using them.

• Digital signature/message authentication: with asymmetric encryption, senders can use their
private keys to digitally sign and verify that a message or file originated from them and not an

untrusted third party.

 Hash Function
• Hash functions represent a third cryptography type alongside symmetric and asymmetric
cryptography, what we might call keyless cryptography.

• Hash functions, also referred to as message digests, do not use a key, but instead create a largely
unique and fixed-length hash value, commonly referred to as a hash, based on the original
message, something along the same lines as a fingerprint. Any slight change to the message will
change the hash.

• Hashes cannot be used to discover the contents of the original message, or any of its other
characteristics, but can be used to determine whether the message has changed.

• In this way, hashes provide confidentiality, but not integrity.

 Cont…

• A Hashing Algorithm is a mathematical formula that takes a Message of arbitrary length as

input and produces as output a representational sample of the original data.

• For instance, a rudimentary example of a hashing algorithm is simply adding up all the letter

values of a particular message. (A=1, B=2, C=3, etc…):

 Cont…

• The result of a hashing algorithm is called a message Digest (or sometimes Checksum, or

Fingerprint). The result of our example hashing on the original message of hello was 52.

• If someone were to change our original message and process it through the same hashing

algorithm, the result would be different:

 Cont…
• Hashes are very useful when distributing files or sending communications, as the hash can be
sent with the message so that the receiver can verify its integrity.

• The receiver simply hashes the message again using the same algorithm, then compares the two
hashes. If the hashes match, the message has not changed.

• If they do not match, the message has been altered.

• Although it is theoretically possible to engineer a matching hash for two different sets of data,
called a collision, this is a very difficult task indeed, and generally requires that the hashing

algorithm be broken in order to accomplish.

Cont…
 Hash Function Algorithms

• Some common hashing algorithms include

• MD5, SHA-1, SHA-2, NTLM, and LANMAN.

• MD5: This is the fifth version of the Message Digest algorithm.

• MD5 creates 128-bit outputs.

• MD5 was a very commonly used hashing algorithm.

Cont….
Cryptography Algorithms
 Individual Assignment (20%)
• List all the algorithms under Symmetric, Asymmetric and Hash
function and briefly explain each. [25-30 Slids]

➢ Submission Date: February 22/2024 G.C

➢ Presentation Date: February 24/2024 G.C
 Chapter 3

Lecture 2
 Classical Encryption Technique

• There are two basic building blocks of all encryption techniques:

 Substitution Technique
• Substitution technique is a classical encryption technique where the characters present in the original message are
replaced by other characters or numbers or symbols.

• If the plain text (original message) is considered as the string of bits, then the substitution technique would replace
bit pattern of plain text with the bit pattern of cipher text.

• The substitution techniques can be explained as follows:

➢ Caesar Cipher.
➢ Monoalphabetic Cipher.
➢ Polyalphabetic Cipher.
➢ Playfair Cipher.
➢ One-Time Pad.
➢ Hill Cipher
 Substitution Technique
• A substitution technique is one in which the letters of plaintext are replaced by other letters or
by numbers or symbols.

• If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit
patterns with cipher text bit patterns.
 Substitution technique: Caesar Cipher
• Is one of the earliest and simplest method of encryption technique.
• It’s simply a type of substitution cipher, i.e., each letter of a given text is replaced
by a letter some fixed number of positions down the alphabet.

• For example with a shift of 1 (Key=1), A would be replaced by B, B would

become C, and so on.

• Thus to cipher a given text we need an integer value, known as shift which
indicates the number of position each letter of the text has been moved down.

• The encryption can be represented using modular arithmetic by first transforming

the letters into numbers, according to the scheme, A = 0, B = 1,…, Z = 25.
 Cont…
• The Caesar cipher involves replacing each letter of the alphabet with the letter standing 3 places
further down the alphabet or Other position

• The encryption can be represented using modular arithmetic by first transforming the letters into
numbers, according to the scheme, A = 0, B = 1,…, Z = 25. Encryption of a letter by a shift n
can be described mathematically as the figure bellow.
 Substitution technique: Caesar Cipher
• Examples 1:
Text (P): ATTACKATONCE
Shift (Key): 4
Cipher (C): EXXEGOEXSRGI

Workout
Plain Text: MEET ME TOMORROW
Key: 3
Cipher (C):??????
 Substitution Technique: Monoalphabetic Cipher
• Monoalphabetic cipher is a substitution cipher, where the cipher
alphabet for each plain text alphabet is fixed, for the entire encryption.

• In simple words, if the alphabet ‘p’ in the plain text is replaced by the
cipher alphabet ‘d’.

• Then in the entire plain text wherever alphabet ‘p’ is used, it will be
replaced by the alphabet ‘d’ to form the ciphertext.
Substitution Technique: Monoalphabetic Cipher
 Substitution Technique: Polyalphabetic Cipher
• In the monoalphabetic ciphers (shift, substitution) we have looked at so far, we
have always replaced a single plaintext letter with the same ciphertext letter.

• This makes this cipher highly vulnerable to frequency analysis.

• To increase security, we can change the cipher alphabet as we are enciphering the
message.

• A polyalphabetic cipher is a cipher where different substitution alphabets

are used for various parts of the plaintext message.

 Cont…
• A polyalphabetic cipher is any cipher based on substitution, using multiple
substitution alphabets.

• A poly-alphabetic cipher is any cipher based on substitution, using several

substitution alphabets.

• In polyalphabetic substitution ciphers, the plaintext letters are enciphered differently

based upon their installation in the text.

• Rather than being a one-to-one correspondence, there is a one-to-many relationship

between each letter and its substitutes.

• The Vigenere cipher is probably the best-known example of a polyalphabetic cipher,

though it is a simplified special case.
Substitution Technique: Vigenere Cipher
Substitution Technique: Vigenere Cipher
 Substitution Technique: Playfair Cipher

• Playfair cipher is a substitution cipher which involves a 5X5 matrix.

• Let us discuss the technique of this Playfair cipher with the help of an example:
• Plain Text: HELLO
• Key: MONARCHY
• Now, we have to convert this plain text to ciphertext using the given key. We will
discuss the further process in steps.

• Step 1: Create a 5X5 matrix and place the key in that matrix row-wise from left to
right. Then put the remaining alphabets in the blank space.
 Substitution Technique: Playfair Cipher
• A 5X5 matrix of letters based on a keyword

• Fill in letters of keyword

• Fill rest of matrix with other letters

• Key : MONARCHY
Example : P= HELLO Then
Pair p into two letter together
P=HE LL O (HE LX OX) why?
C=CFSUAV
Cont…
Workout

Given

• Key=PASSWORD

• P=ETHIOPIA

Then What is C?
Substitution Technique: One-Time Pad
• One Time Pad algorithm is also known as Vernam Cipher and it is a method
of encrypting alphabetic plain text.

• It is one of the Substitution techniques which converts plain text into

ciphertext.

• In this mechanism, we assign a number to each character of the Plain-Text.

• The relation between the key and plain text: In this algorithm, the length of
the key should be equal to that of plain text.
Substitution Technique: One-Time Pad
• One-time pad cipher is a type of Vignere cipher which includes the following
features:

• It is an unbreakable cipher.

• The key is exactly same as the length of message which is encrypted.

• The key is made up of random symbols.

• As the name suggests, key is used one time only and never used again for any
other message to be encrypted.
Substitution Technique: One-Time Pad

Why is it Unbreakable?

• The key is unbreakable owing to the following features:

• The key is as long as the given message.

• The key is truly random and specially auto-generated.

• Key and plain text calculated as modulo 26.

• Each key should be used once and destroyed by both sender and receiver.
• There should be two copies of key: one with the sender and other with the
receiver.
Example of One-Time Pad
Substitution Technique: Hill Cipher
• In classical cryptography, the Hill cipher is a polygraphy substitution
cipher based on linear algebra.

• It was the first polygraphy cipher in which it was practical (though barely) to
operate on more than three symbols at once.

• To encrypt a message, each block of n letters (considered as an n-

component vector) is multiplied by an invertible n × n matrix, against modulus 26.

• The matrix used for encryption is the cipher key, and it should be chosen
randomly from the set of invertible n × n matrices (modulo 26).
Substitution Technique: Hill Cipher
Substitution Technique: Hill Cipher
Substitution Technique: Hill Cipher
Substitution Technique: Hill Cipher
Substitution Technique: Hill Cipher
Substitution Technique: Hill Cipher
Example 2
• Consider the Plaintext(message) is 'ACT', and the key below (GYB/NQK/URP in letters):

ciphertext = ‘POH'.

ciphertext = 'FIN'.
 Transposition Cipher
• Transposition cipher, simple data encryption scheme in which plaintext characters are shifted in
some regular pattern to form ciphertext.

• In manual systems transpositions are generally carried out with the aid of an easily remembered
mnemonic.

• For example, a popular schoolboy cipher is the “rail fence,” in which letters of the plaintext are
written alternating between rows and the rows are then read sequentially to give the cipher.

• In a depth-two rail fence (two rows) the message WE ARE DISCOVERED SAVE YOURSELF
would be written

• Example of a transposition cipher.

 Transposition Cipher
• In cryptography, a transposition cipher is a method of encryption by which the positions
held by units of plaintext (which are commonly characters or groups of characters) are
shifted according to a regular system, so that the ciphertext constitutes a permutation of
the plaintext.

• It is an encryption method which is achieved by performing permutation over the

plain text and mapping plain text into cipher text using transposition technique is
called transposition cipher.

• Common Transposition Techniques are:

1. Rail Fence Transposition
2. Columnar Transposition
 A. Rail fence
• In the rail fence cipher, the plaintext is written downwards diagonally on successive "rails" of
an imaginary fence, then moving up when the bottom rail is reached, down again when the top

rail is reached, and so on until the whole plaintext is written out.

• The ciphertext is then read off in rows.

• The Rail Fence Cipher is a type of transposition cipher and a transposition cipher involves the
rearranging of the letters in the plaintext to encrypt the message.

• This is in contrast to a substitution cipher, in which the plaintext letters are replaced by letters
from another alphabet (or by different letters from the same alphabet).
 Cont…
• The rail fence cipher is the simplest transposition cipher.
• The steps to obtain cipher text using this technique are as follow:
• Step 1: The plain text is written as a sequence of diagonals.
• Step 2: Then, to obtain the cipher text the text is read as a sequence of rows.
Example

• Plain Text: meet me Tomorrow

• Now, we will write this plain text sequence wise in a diagonal form as you can see below:
 Cont…
• Once you have written the message as a sequence of diagonals, to obtain the cipher text out of it
you have to read it as a sequence of rows.

• So, reading the first row the first half of cipher text will be:

memtmro
• reading the second row of the rail fence, we will get the second half of the cipher text:

eteoorw
• Now, to obtain the complete cipher text combine both the halves of cipher text and the complete
cipher text will be:

• Cipher Text: M E M T M R O E T E O O R W
Cont…
• Is simplest of such cipher, in which the plaintext is written down as a sequence of diagonals and then
read off as a sequence of rows
• Plaintext = meet at the school house
To encipher this message with a rail fence of depth 2
m . e. a . t . e . c . o . l . o . S .
. e . t . t . h . s . h. o . h . u . E
C: meat ec olo setths hohue
Example 2: using three "rails" and a message of 'WE ARE DISCOVERED FLEE AT ONCE', the
ciphered writes out:
W. . . E . . . C . . . R . . . L . . . T . . . E
. E . R . D . S . O . E . E . F . E . A. O . C .
. . A. . . I . . . V. . . D. . . E. . . N . .

• Then reads off:

C: WECRL TEERD SOEEF EAOCA IVDEN
 Decryption
• How to decrypt the rain fence cipher text??
Class Work:
Given Information
✓ Cipher Text: STOOWEYLVYUEIE

✓ Key(Depth): 3

✓ Then what is the Plaintext????

 Columnar Transposition
• Columnar Transposition involves writing the plaintext out in rows, and then reading the ciphertext
off in columns. In its simplest form, it is the Route Cipher where the route is to read down each column
in order.

• In a columnar transposition, the message is written out in rows of a fixed length, and then read out again
column by column, and the columns are chosen in some scrambled order.

• Both the width of the rows and the permutation of the columns are usually defined by a keyword.

• For example,
• Keyword ZEBRAS is of length 6 (so the rows are of length 6), and

• The permutation is defined by the alphabetical order of the letters in the keyword. In this case, the
order would be "6 3 2 4 1 5".
 Cont…
For example,

• Keyword ZEBRAS is of length 6 (so the rows are of length 6), and

• The permutation is defined by the alphabetical order of the letters in the keyword. In this
case, the order would be "6 3 2 4 1 5".

• Encryption
• Example
• Keyword: ZEBRAS
• Text: WE ARE DISCOVERED. FLEE AT ONCE
Providing five nulls (QKJEU), these letters can be randomly selected as they just fill out the incomplete
columns and are not part of the message.
 Cont…
• Decryption
• Keyword: ZEBRAS
• Text: EVLNE ACDTK ESEAQ ROFOJ DEECU WIREE= 30 Letter
• 30/6= 5 row

• THEN read row by row to get the plaintext

 Cont…

• To decrypt the ciphertext "EVLN ACDT ESEA ROFO DEEC WIREE",

• We start similarly to above, by heading the columns with the keyword ZEBRAS.

• This time, to find how many rows we need, we do 25 ÷ 6 = 4.16 We round this up to the next

number, which is 5, so we need 5 rows.

• The we multiply 6 x 5 we get 30, and 30 - 25 = 5. Hence we need 5 placeholders in the last row.

• After plugin the ciphertext letters in, in the same way as above, we get the above table.
 Common Symmetric Algorithms
• Some of the most popular crypto algorithms are:
• AES (Advanced Encryption Standard)
• DES (Data Encryption Standard)
• IDEA (International Data Encryption Algorithm)
• Blowfish (Drop-in replacement for DES or IDEA)
• RC4 (Rivest Cipher 4)
• RC5 (Rivest Cipher 5)
• RC6 (Rivest Cipher 6)
 Advanced Encryption Standard(AES)
• The Advanced Encryption Standard (AES) is a symmetric block cipher chosen
by the U.S. government to protect classified information.

• AES is implemented in software and hardware throughout the world to encrypt

sensitive data.

• It is essential for government computer security, cybersecurity and electronic data

protection.

• The AES Encryption algorithm (also known as the Rijndael algorithm) is a

symmetric block cipher algorithm with a block/chunk size of 128, 192, 256 (AES-
128, AES-192, AES-256).
 Advanced Encryption Standard(AES)
• The AES algorithm is a symmetric block cipher that operates on fixed block of
data size 128 bits and key sizes is 128, 192 and 256 bits depending on 10, 12 and

14 rounds respectively.

• The AES encryption process operates on four different operations such as

Substitution Byte, Shift Row, Mix-Column and Add Round Key.

• The decryption process also has four operations are Inverse substitution byte,
Inverse shift row, Inverse Mix-column and Inverse add round key.

• The 128bits plaintext contains 16 bytes i.e., (b0,b1,b2,….,b15).

 AES Encryption Process
• In this operation the plaintext is converted into the ciphertext format using the secret
key.

A. Sub-Bytes Transformation: Every byte in the state is replaced by another one using
the S-BOX.

B. Shift Rows: Every row in the 4x4 array is shifted a certain amount to the left.
C. Mix-Column: A linear transformation on the columns of the state. The Mix-column
operation is omitted in the final round

D. Add Round Key: Each byte of the state is XOR with a round key, which is a different
key for each round.
 AES Decryption Process
A. Inverse Sub-Byte: Each byte in the state matrix is replaced with inverse S-box table

B. Inverse Shift Row: Every row in the 4x4 array is shifted a certain amount to right.
C. Inverse Mix-Column: This is inverse operation of mix column operation. This

operates on the state matrix column by column and each column is treated as a four

term polynomial.

D. Inverse Add Round Key: Inverse XOR operation is performed with each byte.
Cont….
 Cont…
• AES performs operations on bytes of data rather than in bits. Since the
block size is 128 bits, the cipher processes 128 bits (or 16 bytes) of the
input data at a time.

• The number of rounds depends on the key length as follows :

• 128 bit key – 10 Rounds
• 192 bit key – 12 Rounds
• 256 bit key – 14 Rounds
The Basic AES-128 Cryptographic Architecture
The basic AES-128 cryptographic architecture
Example
How to Apply Operations
Initial Round
Process 1: Subs Byte
Process 2: Shift Rows
 Process 3: Mix Columns
b1 b5 b9 b13 02 03 01 01
b2 b6 b10 b14 01 02 03 01
b3 b7 b11 b15 X Y ? ?
01 01 02 03
b4 b8 b12 b16
N ? ? ?
03 01 01 02
? ? ? ?
M ? ? ?

• X=b1.02 XOR b2.03 XOR b3.01 XOR b4.01

• Y= b5.02 XOR b6.03 XOR b7.01 XOR b8.01
• N=b1.01 XOR b2.02 XOR b3.03 XOR b4.01
• M= b1.03 XOR b2.01 XOR b3.01 XOR b4.02
Example
Process 4: Add Round Key

End of
R1
And
start R1
 DES(Data Encryption Standard)
• In 1973, the NBS (National Bureau of Standards, now called NIST-National
Institute of Standards and Technology) published a request for an encryption

algorithm that would meet the following criteria:

• Have a high security level

• Be easily understood

• Not depend on the algorithm's confidentiality

• Be adaptable and economical

• Be efficient and exportable

 Cont…
• In late 1974, IBM proposed "Lucifer", which was then modified by NSA (National
Security Agency) in 1976 to become the DES (Data Encryption Standard).

• DES was approved by the NBS in 1978 and it was standardized by the ANSI under the
name of ANSI X3.92, also known as DEA (Data Encryption Algorithm).

• DES Utilizes block cipher, which means that during the encryption process, the plaintext
is broken into fixed length blocks of 64 bits.

• The key is 56 bits wide and 8-bit out of the total 64-bit block key is used for parity
check.

• 56-bit key gives 256 ( 7.2*1016) possible key variations

 Cont…
• DES algorithm involves carrying out combinations, substitutions and
permutations between the text to be encrypted and the key.
• The combination of substitutions and permutations is called a product cipher.
• Modern computers are so fast that satisfactory software implementations for DES
are possible.

• DES is the most widely used symmetric algorithm despite claims whether 56 bits
is long enough to guarantee security.

• Using current technology, 56-bit key size is vulnerable to a brute force attack.
 Cont…
• DES Encryption starts with an initial permutation (IP) of the 64 input bits and
these bits are then divided into two 32-bit halves called L and R.

• The encryption then proceeds through 16 rounds, each using the L and R parts,
and a subkey.

• The R and subkeys are processed in the so called f-function, and exclusive-or of
the output of the f-function with the existing L part to create the new R part.

• The new L part is simply a copy of the incoming R part.

• In the final round, the L and R parts are swapped once more before the final
permutation (FP) producing the output block.
 Cont…
• DES Decryption is identical to encryption, except that the subkeys are used in the
opposite order.

• That is, subkey 16 is used in round 1, subkey 15 is used in round 2, etc., ending
with subkey 1 being used in round 16.
DES Algorithm Structure
 Cont…
• The f-function mixes the bits of the R portion using the Subkey for the current
round.

• First the 32-bit R value is expanded to 48 bits using a permutation E and that
value is then exclusive-or with the subkey.

• The 48 bits are then divided into eight 6-bit chunks, each of which is fed into an
S-Box that mixes the bits and produces a 4-bit output.

• Those 4-bit outputs are combined into a 32-bit value, and permuted once again to
produce the f-function output.
 Basic Step of DES
• DES consists of 16 steps, each of which is called a round. Each round performs the steps of
substitution and transposition.

1. In the first step, the 64-bit plain text block is handed over to an initial Permutation (IP) function.
2. The initial permutation is performed on plain text.
3. Next, the initial permutation (IP) produces two halves of the permuted block; says Left Plain
Text (LPT) and Right Plain Text (RPT).

4. Now each LPT and RPT go through 16 rounds of the encryption process.
5. In the end, LPT and RPT are rejoined and a Final Permutation (FP) is performed on the
combined block

6. The result of this process produces 64-bit ciphertext.

 Cont…
• Initial Permutation (IP): As we have noted, the initial permutation (IP) happens only once and
it happens before the first round.

• For example, it says that the IP replaces the first bit of the original plain text block with the 58th
bit of the original plain text, the second bit with the 50th bit of the original plain text block, and
so on.
 Asymmetric Key

• Examples of asymmetric encryption include:

• Rivest Shamir Adleman (RSA)

• The Digital Signature Standard (DSS),

• Digital Signature Algorithm (DSA)

• Elliptical Curve Cryptography (ECC)

• The Diffie-Hellman exchange method

 RSA(Rivesh Shamir and Aldermen)
• RSA is from R. Rivesh, A. Shamir and L. Aldermen
• Principle: No mathematical method is yet known to efficiently find the
prime factors of large numbers
• In RSA, the private and public keys are constructed from very large prime
numbers (consisting of hundred of decimal digits)
• Breaking RSA is equivalent to finding the prime factors but, this is know to
be computationally infeasible
• It is only the person who has produced the keys from the prime number who
can easily decrypt the messages.
 RSA- Key Generating Algorithm
1. Choose/generate two distinct prime numbers p and q.
2. Compute n = pq.
3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function.
4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1, (co-primes).
5. Determine d = e–1 mod φ(n); i.e. d is the multiplicative inverse of e mod φ(n).

Result:

● Keep all the values d, p, q and φ secret

● n is known as the modulus for both the public and private keys

● e is known as the public key exponent or encryption exponent

● d is known as the private key exponent or decryption exponent.

 RSA- Example
1. Select primes p=11, q=3.

2. n = pq = 11*3 = 33
phi = (p-1)(q-1) = 10*2 = 20

3. Choose e=3
Check gcd(e, p-1) = gcd(3, 10) = 1 (i.e. 3 and 10 are relatively prime - have no common factors except
1) and check gcd(e, q-1) = gcd(3, 2) = 1,
therefore gcd(e, phi) = gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1

4. Compute d (1<d<phi) such that d = e-1 mod phi = 3-1 mod 20

i.e. find a value for d such that phi divides ed-1 (20 divides 3d-1.)
Simple testing (d = 2, 3 ...) gives d = 7
Check: ed-1 = 3*7 - 1 = 20, which is divisible by phi (20).
5. Public key = (e, n) = (3, 33)
Private key = (d, n) = (7, 33).
 Cont..
Given: Public key = (e, n) = (3, 33)

Private key = (d, n) = (7, 33)

How do we encrypt and decrypt?

• Now say we want to encrypt the message m = 7

● c = me mod n = 73 mod 33 = 343 mod 33 = 13

● Hence the ciphertext c = 13

To check decryption we compute

● m = cd mod n = 137 mod 33 = 7
 Class Work
Given
• Select primes: p=17, q=11 & M=9
Find
• n?
• ø(n)?
• e?
• d?
• Public and Private key
• C?
 Answer
• Select primes: p=17 & q=11
• Compute n = pq =17×11=187
• Compute ø(n)=(p–1)(q-1)=16×10=160
• Select e : gcd(e,160)=1; choose e=7
• Determine d: de=1 mod 160 and d < 160
• Value is d=23 since 23×7=161= 10×160+1
• Publish public key PU={7,187}
• Keep secret private key PR={23,187}
 Cryptanalytics attacks?
• To determine the weak points of a cryptographic system, it is important to attack the system.
• This attacks are called Cryptanalytic attacks
• The attacks rely on nature of the algorithm and also knowledge of the general characteristics of
the plaintext

 Types of Cryptanalytic attacks

Cont….
Cont….
 Cryptanalytics attacks?
• Known-Plaintext Analysis (KPA): Attacker decrypt ciphertexts with known partial plaintext.
 Cont…
• Ciphertext-Only Analysis (COA): Attacker uses known ciphertext collections.
 Cont…
• Chosen-ciphertext attack, a cryptanalyst can analyze any chosen ciphertexts together with
their corresponding plaintexts
 Security Services of Cryptography
• The primary objective of using cryptography is to provide the following four
fundamental information security services
• Confidentiality
• It is a security service that keeps the information from an unauthorized person.
• It is sometimes referred to as privacy or secrecy.
• Data Integrity
• Integrity service confirms that whether data is intact or not since it was last created, transmitted,
or stored by an authorized user.
• Authentication
• It confirms to the receiver that the data received has been sent only by an identified and verified
sender.
• Non-repudiation
• It is an assurance that the original creator of the data cannot deny the creation or transmission of
the said data to a recipient or third party.
THE END