UNIT-1

1)PUBLIC KEY CRYPTOGRAPHY:

It is also known as asymmetric cryptography. It is an encryption
technique or a framework that uses a pair of keys (public and private key) for
secure data communication. These keys are related, but not identical keys. Each
key performs a unique function, i.e., the public key is used to encrypt, and the
private key is used to decrypt. The sender uses the recipient's public key to
encrypt a message, and the recipient uses the private key to decrypt this message.
The use of two keys enables PKC to solve challenges faced in other cryptographic
techniques.

PKC is different from the symmetric key algorithm, which uses only one key to
both encrypt and decrypt. The two types of PKC algorithms are RSA (Rivest,
Shamir, and Adelman) and Digital Signature Algorithm (DSA). PKC encryption
evolved to meet the growing need for secure communication in multiple sectors
such as the military, government offices, etc. This type of cryptography has
become an important element of modern computer security and a critical
component of the cryptocurrency system.

How Does PKC Work?

The public key is used by the sender to encrypt information, whereas the private
key is used by a recipient to decrypt it. The public key can be shared without
compromising the security of the private one. All asymmetric key pairs are
unique, so a message encrypted with a public key can only be read by the person
who has the corresponding private key.

The keys of a pair are mathematically related, and their length is much longer
than those used in symmetric cryptography. So, it is not easy to decipher the
private key from its pubic counterpart. RSA is one of the most common
algorithms for asymmetric encryption in use today.

Benefits of PKC:
o One key cannot be derived from another key, and there is no need to
exchange the keys
 o It allows to establish authentication of the sender by using PKC (digital
signature)
o It can be used to create a digital signature in the Operating System software
such as Ubuntu, Red Hat Linux packages distribution, etc.

Applications of Public Key Cryptography:

o Emails can be encrypted using public-key cryptography to keep their
content confidential
o Secure socket layer (SSL) protocol also uses asymmetric cryptography to
make secure connections to websites
o It is also used in blockchain and cryptography technology. For example,
while setting up a new cryptocurrency wallet, a pair of keys is generated.

Example:
Public keys of every user are present in the Public key Register. If B wants to send a
confidential message to C, then B encrypt the message using C Public key. When C
receives the message from B then C can decrypt it using its own Private key. No
other recipient other than C can decrypt the message because only C know C’s
private key.

Components of Public Key Encryption:

• Plain Text:
This is the message which is readable or understandable. This message is
given to the Encryption algorithm as an input.
 • Cipher Text:
The cipher text is produced as an output of Encryption algorithm. We
cannot simply understand this message.
• Encryption Algorithm:
The encryption algorithm is used to convert plain text into cipher text.
• Decryption Algorithm:
It accepts the cipher text as input and the matching key (Private Key or
Public key) and produces the original plain text
• Public and Private Key:
One key either Private key (Secret key) or Public Key (known to
everyone) is used for encryption and other is used for decryption

2)HASH FUNCTIONS:
Hash functions are extremely useful and appear in almost all
information security applications.

A hash function is a mathematical function that converts a numerical input value

into another compressed numerical value. The input to the hash function is of
arbitrary length but output is always of fixed length.

Values returned by a hash function are called message digest or simply hash
values. The following picture illustrated hash function −
Features of Hash Functions

The typical features of hash functions are −

• Fixed Length Output (Hash Value)

o Hash function coverts data of arbitrary length to a fixed length.
This process is often referred to as hashing the data.
o In general, the hash is much smaller than the input data, hence hash
functions are sometimes called compression functions.
o Since a hash is a smaller representation of a larger data, it is also
referred to as a digest.
o Hash function with n bit output is referred to as an n-bit hash
function. Popular hash functions generate values between 160 and
512 bits.
• Efficiency of Operation
o Generally for any hash function h with input x, computation of h(x)
is a fast operation.
o Computationally hash functions are much faster than a symmetric
encryption.

Properties of Hash Functions

In order to be an effective cryptographic tool, the hash function is desired to

possess following properties −

• Pre-Image Resistance
o This property means that it should be computationally hard to
reverse a hash function.
o In other words, if a hash function h produced a hash value z, then it
should be a difficult process to find any input value x that hashes to
z.
o This property protects against an attacker who only has a hash
value and is trying to find the input.
• Second Pre-Image Resistance
o This property means given an input and its hash, it should be hard
to find a different input with the same hash.
o In other words, if a hash function h for an input x produces hash
value h(x), then it should be difficult to find any other input value y
such that h(y) = h(x).
o This property of hash function protects against an attacker who has
an input value and its hash, and wants to substitute different value
as legitimate value in place of original input value.
• Collision Resistance
 o This property means it should be hard to find two different inputs
of any length that result in the same hash. This property is also
referred to as collision free hash function.
o In other words, for a hash function h, it is hard to find any two
different inputs x and y such that h(x) = h(y).
o Since, hash function is compressing function with fixed hash
length, it is impossible for a hash function not to have collisions.
This property of collision free only confirms that these collisions
should be hard to find.
o This property makes it very difficult for an attacker to find two
input values with the same hash.
o Also, if a hash function is collision-resistant then it is second pre-
image resistant.

Design of Hashing Algorithms

At the heart of a hashing is a mathematical function that operates on two fixed-

size blocks of data to create a hash code. This hash function forms the part of
the hashing algorithm.

The size of each data block varies depending on the algorithm. Typically the
block sizes are from 128 bits to 512 bits. The following illustration
demonstrates hash function −

Hashing algorithm involves rounds of above hash function like a

block cipher. Each round takes an input of a fixed size, typically a
combination of the most recent message block and the output of
the last round.

This process is repeated for as many rounds as are required to

hash the entire message. Schematic of hashing algorithm is
depicted in the following illustration −
Since, the hash value of first message block becomes an input to the second hash
operation, output of which alters the result of the third operation, and so on. This
effect, known as an avalanche effect of hashing.

Avalanche effect results in substantially different hash values for two messages
that differ by even a single bit of data.

Understand the difference between hash function and algorithm correctly. The hash
function generates a hash code by operating on two blocks of fixed-length binary
data.

Hashing algorithm is a process for using the hash function, specifying how the
message will be broken up and how the results from previous message blocks are
chained together.

Popular Hash Functions

Let us briefly see some popular hash functions −

Message Digest (MD)

MD5 was most popular and widely used hash function for quite some years.

• The MD family comprises of hash functions MD2, MD4, MD5 and MD6.
It was adopted as Internet Standard RFC 1321. It is a 128-bit hash
function.
• MD5 digests have been widely used in the software world to provide
assurance about integrity of transferred file. For example, file servers
often provide a pre-computed MD5 checksum for the files, so that a user
can compare the checksum of the downloaded file to it.
• In 2004, collisions were found in MD5. An analytical attack was reported
to be successful only in an hour by using computer cluster. This collision
attack resulted in compromised MD5 and hence it is no longer
recommended for use.
Secure Hash Function (SHA)

Family of SHA comprise of four SHA algorithms; SHA-0, SHA-1, SHA-2, and
SHA-3. Though from same family, there are structurally different.

•The original version is SHA-0, a 160-bit hash function, was published by

the National Institute of Standards and Technology (NIST) in 1993. It had
few weaknesses and did not become very popular. Later in 1995, SHA-1
was designed to correct alleged weaknesses of SHA-0.
• SHA-1 is the most widely used of the existing SHA hash functions. It is
employed in several widely used applications and protocols including
Secure Socket Layer (SSL) security.
• In 2005, a method was found for uncovering collisions for SHA-1 within
practical time frame making long-term employability of SHA-1 doubtful.
• SHA-2 family has four further SHA variants, SHA-224, SHA-256, SHA-
384, and SHA-512 depending up on number of bits in their hash value.
No successful attacks have yet been reported on SHA-2 hash function.
• Though SHA-2 is a strong hash function. Though significantly different,
its basic design is still follows design of SHA-1. Hence, NIST called for
new competitive hash function designs.
• In October 2012, the NIST chose the Keccak algorithm as the new SHA-
3 standard. Keccak offers many benefits, such as efficient performance
and good resistance for attacks.
RIPEMD

The RIPEMD is an acronym for RACE Integrity Primitives Evaluation Message

Digest. This set of hash functions was designed by open research community
and generally known as a family of European hash functions.

• The set includes RIPEMD, RIPEMD-128, and RIPEMD-160. There also

exist 256, and 320-bit versions of this algorithm.
• Original RIPEMD (128 bit) is based upon the design principles used in
MD4 and found to provide questionable security. RIPEMD 128-bit
version came as a quick fix replacement to overcome vulnerabilities on
the original RIPEMD.
• RIPEMD-160 is an improved version and the most widely used version in
the family. The 256 and 320-bit versions reduce the chance of accidental
collision, but do not have higher levels of security as compared to
RIPEMD-128 and RIPEMD-160 respectively.
Whirlpool

This is a 512-bit hash function.

 • It is derived from the modified version of Advanced Encryption Standard
(AES). One of the designer was Vincent Rijmen, a co-creator of the AES.
• Three versions of Whirlpool have been released; namely WHIRLPOOL-
0, WHIRLPOOL-T, and WHIRLPOOL.

Applications of Hash Functions

There are two direct applications of hash function based on its cryptographic
properties.

Password Storage

Hash functions provide protection to password storage.

• Instead of storing password in clear, mostly all logon processes store the
hash values of passwords in the file.
• The Password file consists of a table of pairs which are in the form (user
id, h(P)).
• The process of logon is depicted in the following illustration −

• An intruder can only see the hashes of passwords, even if he accessed the
password. He can neither logon using hash nor can he derive the
password from hash value since hash function possesses the property of
pre-image resistance.
Data Integrity Check

Data integrity check is a most common application of the hash functions. It is

used to generate the checksums on data files. This application provides
assurance to the user about correctness of the data.

The process is depicted in the following illustration −

The integrity check helps the user to detect any changes made to original file. It
however, does not provide any assurance about originality. The attacker, instead
of modifying file data, can change the entire file and compute all together new
hash and send to the receiver. This integrity check application is useful only if
the user is sure about the originality of file.

3)DIGITAL SIGNATURE:
Encryption – Process of converting electronic data into another form,
called ciphertext, which cannot be easily understood by anyone except the
authorized parties. This assures data security.
Decryption– Process of translating code to data.
• The message is encrypted at the sender’s side using various
encryption algorithms and decrypted at the receiver’s end with the
help of the decryption algorithms.
• When some message is to be kept secure like username, password,
etc., encryption and decryption techniques are used to assure data
security.
Types of Encryption
1. Symmetric Encryption– Data is encrypted using a key and the
decryption is also done using the same key.
 2. Asymmetric Encryption-Asymmetric Cryptography is also known
as public-key cryptography. It uses public and private keys to encrypt
and decrypt data. One key in the pair which can be shared with
everyone is called the public key. The other key in the pair which is
kept secret and is only known by the owner is called the private key.
Either of the keys can be used to encrypt a message; the opposite key
from the one used to encrypt the message is used for decryption.
Public key– Key which is known to everyone. Ex-public key of A is 7, this
information is known to everyone.
Private key– Key which is only known to the person who’s private key it is.
Authentication-Authentication is any process by which a system verifies the
identity of a user who wishes to access it.
Non- repudiation– Non-repudiation means to ensure that a transferred
message has been sent and received by the parties claiming to have sent and
received the message. Non-repudiation is a way to guarantee that the sender of
a message cannot later deny having sent the message and that the recipient
cannot deny having received the message.
Integrity– to ensure that the message was not altered during the transmission.
Message digest -The representation of text in the form of a single string of
digits, created using a formula called a one way hash function. Encrypting a
message digest with a private key creates a digital signature which is an
electronic means of authentication..

Digital Signature
A digital signature is a mathematical technique used to validate the
authenticity and integrity of a message, software, or digital document.

1. Key Generation Algorithms: Digital signature is electronic

signatures, which assure that the message was sent by a particular
sender. While performing digital transactions authenticity and
integrity should be assured, otherwise, the data can be altered or
someone can also act as if he was the sender and expect a reply.
2. Signing Algorithms: To create a digital signature, signing
algorithms like email programs create a one-way hash of the
electronic data which is to be signed. The signing algorithm then
encrypts the hash value using the private key (signature key). This
encrypted hash along with other information like the hashing
algorithm is the digital signature. This digital signature is appended
with the data and sent to the verifier. The reason for encrypting the
hash instead of the entire message or document is that a hash
function converts any arbitrary input into a much shorter fixed-length
value. This saves time as now instead of signing a long message a
 shorter hash value has to be signed and moreover hashing is much
faster than signing.
3. Signature Verification Algorithms : Verifier receives Digital
Signature along with the data. It then uses Verification algorithm to
process on the digital signature and the public key (verification key)
and generates some value. It also applies the same hash function on
the received data and generates a hash value. Then the hash value
and the output of the verification algorithm are compared. If they
both are equal, then the digital signature is valid else it is invalid.
The steps followed in creating digital signature are :
1. Message digest is computed by applying hash function on the
message and then message digest is encrypted using private key of
sender to form the digital signature. (digital signature = encryption
(private key of sender, message digest) and message digest =
message digest algorithm(message)).
2. Digital signature is then transmitted with the message.(message +
digital signature is transmitted)
3. Receiver decrypts the digital signature using the public key of
sender.(This assures authenticity, as only sender has his private key
so only sender can encrypt using his private key which can thus be
decrypted by sender’s public key).
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message
(actual message is sent with the digital signature).
6. The message digest computed by receiver and the message digest
(got by decryption on digital signature) need to be same for ensuring
integrity.
Message digest is computed using one-way hash function, i.e. a hash function
in which computation of hash value of a message is easy but computation of
the message from hash value of the message is very difficult.
Benefits of Digital Signatures
• Legal documents and contracts: Digital signatures are legally
binding. This makes them ideal for any legal document that requires
a signature authenticated by one or more parties and guarantees that
the record has not been altered.
• Sales contracts: Digital signing of contracts and sales contracts
authenticates the identity of the seller and the buyer, and both parties
can be sure that the signatures are legally binding and that the terms
of the agreement have not been changed.
• Financial Documents: Finance departments digitally sign invoices
so customers can trust that the payment request is from the right
seller, not from a bad actor trying to trick the buyer into sending
payments to a fraudulent account.
• Health Data: In the healthcare industry, privacy is paramount for
both patient records and research data. Digital signatures ensure that
this confidential information was not modified when it was
transmitted between the consenting parties.
• Federal, state, and local government agencies have stricter policies
and regulations than many private sector companies. From approving
permits to stamping them on a timesheet, digital signatures can
optimize productivity by ensuring the right person is involved with
the proper approvals.
• Shipping Documents: Helps manufacturers avoid costly shipping
errors by ensuring cargo manifests or bills of lading are always
correct. However, physical papers are cumbersome, not always easily
accessible during transport, and can be lost. By digitally signing
shipping documents, the sender and recipient can quickly access a
file, check that the signature is up to date, and ensure that no
tampering has occurred.
Drawbacks of Digital Signatures
• Dependence on Key Management: Digital signatures rely on the
secure management of cryptographic keys. This means that the
sender must keep their private key safe and secure from unauthorized
access, while the recipient must verify the sender’s public key to
ensure its authenticity. Any failure in key management can
compromise the security of the digital signature.
• Complexity: Digital signatures require a complex process of key
generation, signing, and verification. This can make them difficult to
implement and use for non-technical users.
• Compatibility: Different digital signature algorithms and formats
may not be compatible with each other, making it difficult to
exchange signed messages across different systems and applications.
• Legal Recognition: Although digital signatures have legal
recognition in many countries, their legal status may not be clear in
all jurisdictions. This can limit their usefulness in legal or regulatory
contexts.
• Revocation: In case of key compromise or other security issues,
digital signatures must be revoked to prevent their misuse. However,
the revocation process can be complex and may not be effective in all
cases.
• Cost: Digital signatures may involve additional costs for key
management, certificate issuance, and other related services, which
can make them expensive for some users or organizations.
• Limited Scope: Digital signatures provide authentication and
integrity protection for a message, but they do not provide
confidentiality or protection against other types of attacks, such as
denial-of-service attacks or malware.