Cryptographic Algorithms

Chapter 2-continued

11/17/2024 1
 Cryptographic Algorithms

 Cryptographic algorithms are sequences of

processes, or rules, used to encipher and decipher

messages in a cryptographic system.

 In simple terms, they're processes that protect

data by making sure that unwanted people can't

access it.

 These algorithms have a wide variety of uses,

11/17/2024 2
 Cryptographic Algorithms…
 Most cryptography algorithms involve the use of
encryption, which allows two parties to
communicate while preventing unauthorized
third parties from understanding those
communications.

 Encryption transforms human readable plaintext

into something unreadable, also known as
ciphertext.

 The encrypted data is then decrypted to restore it,

11/17/2024 3
 Cryptographic Algorithms…
 Caesar Cipher Algorithm

 Data Encryption Standard (DES)

 Triple DES

 Advanced Encryption Standard (AES)

 Digital Signature

 Digital Certificate

 Diffie-Hellman Key Exchange Algorithm

 Secure hash Algorithm (SHA-1)

11/17/2024 4
Data Encryption Standard (DES)
• The Data Encryption Standard (DES) is a symmetric key algorithm for
the encryption of electronic data.
• It was highly influential in the advancement of modern cryptography.
• DES uses a 56-bit key and operates on 64-bit blocks of data.
• It was adopted as a federal standard in the United States in 1977.
 DES(Data encryption standard)
• DES works on bits, or binary numbers--the 0s and 1s common to digital computers.
• Each group of four bits makes up a hexadecimal, or base 16, number.
• Binary "0001" is equal to the hexadecimal number "1", binary "1000" is equal to the
hexadecimal number "8", "1001" is equal to the hexadecimal number "9", "1010" is
equal to the hexadecimal number "A", and "1111" is equal to the hexadecimal number
"F".
• DES works by encrypting groups of 64 message bits, which is the same as 16
hexadecimal numbers.
• To do the encryption, DES uses "keys" where are also apparently 16 hexadecimal
numbers long, or apparently 64 bits long.
• However, every 8th key bit is ignored in the DES algorithm, so that the effective key size
is 56 bits.
• But, in any case, 64 bits (16 hexadecimal digits) is the round number upon which DES is
organized.
 DES(Data encryption standard)
• DES works only on 64 bit length, But most messages will not fall into this
category.
• For example, if we take the plaintext message "8787878787878787", and
encrypt it with the DES key "0E329232EA6D0D73", we end up with the
ciphertext "0000000000000000“
• take the message "Meet me at toga party I will show you the rat".
• This plaintext message is 48 bytes (106 hexadecimal digits) long. So this
message must be padded with some extra bytes at the tail end for the
encryption.
 2. DES…..

 The basic process in enciphering a 64-bit data

block using the DES consists of:

1. An initial permutation (IP)

2. 16 rounds of a complex key dependent

calculation f

3. A final permutation, being the inverse of IP

11/17/2024 8
 2. DES…..

 General Structure of DES is depicted in the

following illustration

11/17/2024 9
 2. DES…..
1. Initial Permutation (IP)

 The plain text is divided into smaller chunks of 64-

bit size.

 The IP is performed before the first round.

 This phase describes the implementation of the

transposition process. For example, the 58th bit
replaces the first bit, the 50th bit replaces the
second bit, and so on.

 The resultant 64-bit text is split into two equal

11/17/2024 10
 2. DES…..
2. Final Permtuation

 The final permutation is the inverse of initial

permutation.

 They have no cryptography significance in DES.

 The initial and final permutations are shown as

follows.

11/17/2024 11
 2. DES…..
 Initial and Final Permutations

11/17/2024 12
 2. DES…..
3. Round Function
 The heart of this cipher is the DES function, f. The
DES function applies a 48-bit key to the rightmost
32 bits to produce a 32-bit output.

11/17/2024 13
 DES…..
• DES is a block cipher--meaning it operates on plaintext blocks of a given size
(64-bits) and returns cipher text blocks of the same size.
• The steps are:
• Step 1: Create 16 sub keys, each of which is 48-bits long.
• Step 2: Encode each 64-bit block of data.
Step 1: Create 16 sub keys, each of
which is 48-bits long.
• Let K be the hexadecimal key K = 133457799BBCDFF1. This gives us as the
binary key (setting 1 = 0001, 3 = 0011, etc., and grouping together every
eight bits, of which the last one in each group will be unused):
• K = 00010011 00110100 01010111 01111001 10011011 10111100 11011111
11110001
• Step1=>perform permutation on 64 bit k. (let say the permutation produced
is : 57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60
52 44 36 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13
5 28 20 12 4)
• what does it means?
 Cont …
• From the original 64-bit key
• K = 00010011 00110100 01010111 01111001 10011011 10111100 11011111
11110001
• we get the 56-bit permutation
• K+ = 1111000 0110011 0010101 0101111 0101010 1011001 1001111 0001111
• Next, split this key into left and right halves, C0 and D0, where each half has 28 bits.
• Example: From the permuted key K+, we get
• C0 = 1111000 0110011 0010101 0101111
D0 = 0101010 1011001 1001111 0001111
• With C0 and D0 defined, we now create sixteen blocks Cn and Dn, 1<=n<=16. Each pair
of blocks Cn and Dn is formed from the previous pair Cn-1 and Dn-1, respectively, for n =
1, 2, ..., 16
 Cont. …

• C0 = 1111000011001100101010101111 D9 = 0011110001111010101010110011
• Shift schedule,
D0 = 0101010101100110011110001111
• C1 = 1110000110011001010101011111
• C10 = 0101010111111110000110011001
D1 = 1010101011001100111100011110
D10 = 1111000111101010101011001100
• C2 = 1100001100110010101010111111
• C11 = 0101011111111000011001100101
D2 = 0101010110011001111000111101
D11 = 1100011110101010101100110011
• C3 = 0000110011001010101011111111
• C12 = 0101111111100001100110010101
D3 = 0101011001100111100011110101
D12 = 0001111010101010110011001111
• C4 = 0011001100101010101111111100
• C13 = 0111111110000110011001010101
D4 = 0101100110011110001111010101
D13 = 0111101010101011001100111100
• C5 = 1100110010101010111111110000
• C14 = 1111111000011001100101010101
D5 = 0110011001111000111101010101
D14 = 1110101010101100110011110001
• C6 = 0011001010101011111111000011
• C15 = 1111100001100110010101010111
D6 = 1001100111100011110101010101
D15 = 1010101010110011001111000111
• C7 = 1100101010101111111100001100
• C16 = 1111000011001100101010101111
D7 = 0110011110001111010101010110
D16 = 0101010101100110011110001111
• C8 = 0010101010111111110000110011
D8 = 1001111000111101010101011001
• C9 = 0101010101111111100001100110
• We now form the keys Kn, for 1<=n<=16, by applying permutation to each of the
concatenated pairs CnDn. Each pair has 56 bits, but PC-2 only uses 48 of these.
• If we have (14 17 11 24 1 5 3 28 15 6 21 10 23 19 12 4 26 8 16 7 27 20 13 2 41 52 31 37
47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32) permutation table
• For the first key we have C1D1 = 1110000 1100110 0101010 1011111 1010101 0110011
0011110 0011110
• which, after we apply the permutation PC-2, becomes
• K1 = 000110 110000 001011 101111 111111 000111 000001 110010
• K2 = 011110 011010 111011 011001 110110 111100 100111 100101
K3 = 010101 011111 110010 001010 010000 101100 111110 011001
K4 = 011100 101010 110111 010110 110110 110011 010100 011101
K5 = 011111 001110 110000 000111 111010 110101 001110 101000
K6 = 011000 111010 010100 111110 010100 000111 101100 101111 .....
•Now we have our 16 keys.
•What's next?
 Step 2: Encode each 64-bit block
of data.
• The first step should be to prepare your plain text into 64 bit length of block, than continue
with encoding
• Assume we have IP 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64
56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55
47 39 31 23 15 7
• Applying the initial permutation to the block of text M.
• M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010 1010 1111 0000 1010 1010
• Next divide the permuted block IP into a left half L0 of 32 bits, and a right half R0 of 32 bits.
• Example: From IP, we get L0 and R0
• L0 = 1100 1100 0000 0000 1100 1100 1111 1111
R0 = 1111 0000 1010 1010 1111 0000 1010 1010
 Cont. …
• We now proceed through 16 iterations, for 1<=n<=16, using a function f
which operates on two blocks--a data block of 32 bits and a key Kn of 48 bits--
to produce a block of 32 bits. Let + denote XOR addition, (bit-by-bit addition
modulo 2). Then for n going from 1 to 16 we calculate
• Ln = Rn-1
Rn = Ln-1 + f(Rn-1,Kn)
• Example: For n = 1, we have
• K1 = 000110 110000 001011 101111 111111 000111 000001 110010
L1 = R0 = 1111 0000 1010 1010 1111 0000 1010 1010
R1 = L0 + f(R0,K1)
• how the function f works?
 Cont. …
• To calculate f, we first expand each block Rn-1 from 32 bits to 48 bits. This is
done by using a selection table that repeats some of the bits in Rn-1 .
• We'll call the use of this selection table the function E.
• Thus E(Rn-1) has a 32 bit input block, and a 48 bit output block.
• Expansion Permutation Box − Since right input is 32-bit
and round key is a 48-bit, we first need to expand right input
to 48 bits. Permutation logic is graphically depicted in the
following illustration:
 Cont. …
• Example: We calculate E(R0) from R0 as follows:
• R0 = 1111 0000 1010 1010 1111 0000 1010 1010
E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101
• Next in the f calculation, we XOR the output E(Rn-1) with the key Kn:
• Example: For K1 , E(R0), we have
• K1 = 000110 110000 001011 101111 111111 000111 000001 110010
E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101
K1+E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111.
• We have not yet finished calculating the function f,
 Function f …
• To this point we have expanded Rn-1 from 32 bits to 48 bits, using the selection table, and XORed
the result with the key Kn .
• We now have 48 bits, or eight groups of six bits.
• We now do something strange with each group of six bits: we use them as addresses in tables
called "S boxes".
• Each group of six bits will give us an address in a different S box.
• Located at that address will be a 4 bit number. This 4 bit number will replace the original 6 bits.
• The net result is that the eight groups of 6 bits are transformed into eight groups of 4 bits (the
4-bit outputs from the S boxes) for 32 bits total.
• Write the previous result, which is 48 bits, in the form:
• Kn + E(Rn-1) =B1B2B3B4B5B6B7B8, where each Bi is a group of six bits. We now calculate
• S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8)
• where Si(Bi) referres to the output of the i-th S box.
 S-box value calculation
• If S1 is the function defined in this table and B is a block of 6 bits,
then S1(B) is determined as follows:
• The first and last bits of B represent in base 2 a number in the
decimal range 0 to 3 (or binary 00 to 11). let that number be i.
• The middle 4 bits of B represent in base 2 a number in the decimal
range 0 to 15 (binary 0000 to 1111). Let that number be j.
• Look up in the table the number in the i-th row and j-th column. It
is a number in the range 0 to 15 and is uniquely represented by a 4
bit block. That block is the output S1(B) of S1 for the input B.
• For example, for input block B = 011011 the first bit is "0" and the
last bit "1" giving 01 as the row. This is row 1.
• The middle four bits are "1101". This is the binary equivalent of
decimal 13, so the column is column number 13.
• In row 1, column 13 appears 5. This determines the output; 5 is
binary 0101, so that the output is 0101. Hence S1(011011) = 0101.
Permutation on S-box

• Example: For the first round, we obtain as the output of the eight S boxes:
• K1 + E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111.
• S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) = 0101 1100 1000 0010 1011 0101 1001 0111
• The final stage in the calculation of f is to do a permutation P of the S-box output to obtain the
final value of f:
• f = P(S1(B1)S2(B2)...S8(B8))
• Let The permutation P is(16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3 9 19 13
30 6 22 11 4 25)
• from the output of the eight S boxes:
• S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) = 0101 1100 1000 0010 1011 0101 1001 0111 we
get
• f = 0010 0011 0100 1010 1010 1001 1011 1011
• Finally we have F function F

f = 0010 0011 0100 1010 1010 1001 1011 1011

Final stage ---do the same steps 16
time
• R1 = L0 + f(R0 , K1 )
= 1100 1100 0000 0000 1100 1100 1111 1111
+ 0010 0011 0100 1010 1010 1001 1011 1011
= 1110 1111 0100 1010 0110 0101 0100 0100
In the next round, we will have L2 = R1, which is the block we just
calculated, and then we must calculate R2 =L1 + f(R1, K2), and so on for 16
rounds.
At the end of the sixteenth round we have the blocks L16 and R16.
We then reverse the order of the two blocks into the 64-bit block
• R16L16
 Final Permutation
• apply a final permutation
• Lets the permutation is defined by (40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46 14 54 22
62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25)
• Example: If we process all 16 blocks using the method defined previously, we get, on the 16th
round,
• L16 = 0100 0011 0100 0010 0011 0010 0011 0100
R16 = 0000 1010 0100 1100 1101 1001 1001 0101
• We reverse the order of these two blocks and apply the final permutation to
• R16L16 = 00001010 01001100 11011001 10010101 01000011 01000010 00110010 00110100
• IP-1 = 10000101 11101000 00010011 01010100 00001111 00001010 10110100 00000101
• which in hexadecimal format is
• 85E813540F0AB405.
• This is the encrypted form of M = 0123456789ABCDEF, K = 133457799BBCDFF1 C =
85E813540F0AB405.
How DES Works… summary
•Is it possible to crack DES?
•If yes, how much did it costly?
 Toward triple DES
• Diffie and Hellman then outlined a "brute force" attack on DES. (By "brute
force" is meant that you try as many of the 2^56 possible keys as you have to
before decrypting the ciphertext into a sensible plaintext message.) They
proposed a special purpose "parallel computer using one million chips to try
one million keys each" per second, and estimated the cost of such a machine
at $20 million.
• Under the direction of John Gilmore of the EFF, a team spent $220,000 and
built a machine that can go through the entire 56-bit DES key space in an
average of 4.5 days. On July 17, 1998, they announced they had cracked a 56-
bit key in 56 hours. The computer, called Deep Crack, uses 27 boards each
containing 64 chips, and is capable of testing 90 billion keys a second.
 Toward triple DES …
• Despite this, as recently as June 8, 1998, Robert Litt, principal associate deputy
attorney general at the Department of Justice, denied it was possible for the FBI
to crack DES: "Let me put the technical problem in context: It took 14,000
Pentium computers working for four months to decrypt a single message . . . .
We are not just talking FBI and NSA [needing massive computing power], we
are talking about every police department."
• Responded cryptograpy expert Bruce Schneier: " . . . the FBI is either
incompetent or lying, or both." Schneier went on to say: "The only solution
here is to pick an algorithm with a longer key; there isn't enough silicon in the
galaxy or enough time before the sun burns out to brute- force triple-DES"
(Crypto-Gram, Counterpane Systems, August 15, 1998).
• And in 1999 distributed.net and electronic frontier foundation collaborated to
break DES key in 22 hours and 15 minutes(the machine costs around $250,000).
 3. Triple DES
 Triple Data Encryption Standard (TDES) is
upgraded or improved version of DES which is a
symmetric cryptographic approach in which DES is
used to each block three times which scrambles
the plain text to cipher text.

 Triple DES runs three times gradual than DES, but

is much safer if used properly.

 The procedure for decrypting object is the similar

as the procedure for encryption, other than it is
11/17/2024 Computer and Network Security
35 By: Mechal T.
3. Triple DES …
3. Triple DES …
Thank you.
 4. Digital Signature
 Digital Signature

 A digital signature is a mathematical technique

which validates the authenticity and integrity of a
message, software or digital documents.

 It allows us to verify the author name, date and

time of signatures, and authenticate the message
contents.

 The digital signature offers far more inherent

security and intended to solve the problem of
11/17/2024 39
 4. Digital Signature…
 Application of Digital Signature

 The important reason to implement digital

signature to communication is:
 Authentication
 Non-repudiation
 Integrity

11/17/2024 40
 4. Digital Signature…
 A digital signature consists of three algorithms:
 Key Generation Algorithm
 Signing Algorithm
 Signature Verifying Algorithm

11/17/2024 41
 4. Digital Signature…
1. Key generation algorithm

 The key generation algorithm selects private key

randomly from a set of possible private keys.

 This algorithm provides the private key and its

corresponding public key.

2. Signing algorithm

 A signing algorithm produces a signature for the

document.

3. Signature verifying algorithm

11/17/2024 42
 4. Digital Signature…
 How digital signatures work

 Digital signatures are created and verified by using

public key cryptography, also known as asymmetric
cryptography.

 By the use of a public key algorithm, such as RSA, one

can generate two keys that are mathematically linked-
one is a private key, and another is a public key.

 The user who is creating the digital signature uses

their own private key to encrypt the signature-related
document.
11/17/2024 43
 4. Digital Signature…
 How digital signatures work

 This technology requires all the parties to trust

that the individual who creates the signature has
been able to keep their private key secret.

 If someone has access the signer's private key,

there is a possibility that they could create
fraudulent signatures in the name of the private
key holder.

11/17/2024 44
 4. Digital Signature…
 The steps which are followed in creating a
digital signature are:
Step 1. Select a file to be digitally signed.
Step 2. The hash value of the message or file
content is calculated. This message or file content
is encrypted by using a private key of a sender to
form the digital signature.
Step 3. Now, the original message or file content
along with the digital signature is transmitted.
11/17/2024 45
 4. Digital Signature…
 The steps which are followed in creating a
digital signature are:
Step 4. The receiver decrypts the digital signature
by using a public key of a sender.
Step 5. The receiver now has the message or file
content and can compute it.
Step 6. Comparing these computed message or
file content with the original computed message.
The comparison needs to be the same for ensuring
integrity.
11/17/2024 46
 4. Digital Signature…
At the sender site

11/17/2024 47
 4. Digital Signature…
At the Receiver site

11/17/2024 48
 5. AES
 The more popular and widely adopted symmetric
encryption algorithm likely to be encountered
nowadays is the Advanced Encryption Standard
(AES).

 It is found at least six time faster than triple DES.

 A replacement for DES was needed as its key size

was too small.

 With increasing computing power, it was

considered vulnerable against exhaustive key
11/17/2024 49
 5. AES…
 The features of AES are as follows:
 Symmetric key symmetric block cipher
 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES

11/17/2024 50
 5. AES…
 The features of AES are as follows:
 Symmetric key symmetric block cipher
 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES

Note: AES relies on substitution-permutation

network principle which means it is performed using
a series of linked operations which involves replacing
and shuffling of the input data.

11/17/2024 51
 5. AES…
 Working of the cipher

 AES performs operations on bytes of data rather

than in bits. Since the block size is 128 bits, the
cipher processes 128 bits (or 16 bytes) of the
input data at a time.

 The number of rounds depends on the key length

as follows :
 128 bit key – 10 rounds
 192 bit key – 12 rounds
11/17/2024 52
 5. AES…
 Creation of Round keys :

 A Key Schedule algorithm is used to calculate all

the round keys from the key.

 So the initial key is used to create many different

round keys which will be used in the corresponding
round of the encryption.

11/17/2024 53
 5. AES…
 The schematic of AES structure is given in the
following illustration:

11/17/2024 54
 5. AES…
 Encryption :

 AES considers each block as a 16 byte (4 byte x 4

byte = 128 ) grid in a column major arrangement.
[ b0 | b4 | b8 | b12 |

| b1 | b5 | b9 | b13 |

| b2 | b6 | b10| b14 |

| b3 | b7 | b11| b15 ]

11/17/2024 55
 5. AES…
 Each round comprises of 4 steps :
 SubBytes
 ShiftRows
 MixColumns
 Add Round Key

 The last round doesn’t have the MixColumns

round.

 The SubBytes does the substitution and ShiftRows

and MixColumns performs the permutation in the
11/17/2024 56
 5. AES…
 SubBytes :

 This step implements the substitution.

 In this step each byte is substituted by another

byte.

 Its performed using a lookup table also called the

S-box.

 This substitution is done in a way that a byte is

never substituted by itself and also not substituted
by another byte which
11/17/2024 57
is a compliment of the
 5. AES…
 ShiftRows :

 This step is just as it sounds. Each row is shifted a

particular number of times.
 The first row is not shifted
 The second row is shifted once to the left.
 The third row is shifted twice to the left.
 The fourth row is shifted thrice to the left.

11/17/2024 58
 5. AES…
 ShiftRows :

(A left circular shift is performed.)

[ b0 | b1 | b2 | b3 ] [ b0 | b1 | b2 | b3 ]
| b4 | b5 | b6 | b7 | -> | b5 | b6 | b7 | b4 |
| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |
[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 |
b14 ]

11/17/2024 59
 5. AES…
 MixColumns :

 This step is basically a matrix multiplication. Each

column is multiplied with a specific matrix and
thus the position of each byte in the column is
changed as a result.

 This step is skipped in the last round.

[ c0 ] [ 2 3 1 1 ] [ b0 ]
| c1 | = | 1 2 3 1 | | b1 |
| c2 | | 1 1 2 3 | | b2 |
[ c3 ] [ 3 1 1 2 ] [ b3 ]
11/17/2024 60
 5. AES…
 Add Round Keys :

 Now the resultant output of the previous stage is

XOR-ed with the corresponding round key.

 Here, the 16 bytes is not considered as a grid but

just as 128 bits of data.

 After all these rounds 128 bits of encrypted data is

given back as output.

 This process is repeated until all the data to be

encrypted undergoes this
11/17/2024 61
process.
 5. AES…
 Decryption :

 The stages in the rounds can be easily undone as

these stages have an opposite to it which when
performed reverts the changes.

 Each 128 blocks goes through the 10,12 or 14

rounds depending on the key size.

11/17/2024 62
 5. AES…
 Decryption :

 The stages of each round in decryption is as

follows :
 Add round key
 Inverse MixColumns
 ShiftRows
 Inverse SubByte

11/17/2024 63
 5. AES…
 Inverse MixColumns :

 This step is similar to the MixColumns step in

encryption, but differs in the matrix used to carry
out the operation.
[ b0 ] [ 14 11 13 9 ] [ c0 ]
| b1 | = | 9 14 11 13 || c1 |
| b2 | | 13 9 14 11 | | c2 |
[ b3 ] [ 11 13 9 14 ] [ c3 ]

11/17/2024 64
 5. AES…
 Inverse SubBytes :

 Inverse S-box is used as a lookup table and using

which the bytes are substituted during decryption.

11/17/2024 65
 6. Diffie-Hellman Key Exchange
 Diffie-Hellman algorithm is one of the most
important algorithms used for establishing a
shared secret.

 At the time of exchanging data over a public

network, we can use the shared secret for secret
communication.

 We use an elliptic curve for generating points and

getting a secret key using the parameters.

11/17/2024 66
 6. Diffie-Hellman Key Exchange…
 Workign Principle

1. We will take four variables, i.e., P (prime), G (the

primitive root of P), and a and b (private
values).

2. The variables P and G both are publicly available.

The sender selects a private value, either a or b, for
generating a key to exchange publicly.

The receiver receives the key, and that generates a

secret key, after which the sender and receiver both
11/17/2024 67
 6. Diffie-Hellman Key Exchange…
 Steps..Step User1 User2
s
1. P, G => available P, G => available
public keys. public keys.
2. a is selected as a b is selected as a
private key. private key.
3. Eq. to generate key: Eq. to generate key:
x=Ga modP y=Gb modP
4. After exchanging keys, After exchanging
user1 receives key y. keys, user2 receives
key x.
5. User1 generates a User2 generates a
secret key by using secret key by using
the received key y: the received key x:
11/17/2024 ka=ya modP 68 kb=xb modP
 6. Diffie-Hellman Key Exchange…
 Algebraically, 5th step can be shown as follows:

 ka=kb

 It means that both the users have the symmetric

secret key to encrypt.

 Example:

1. User1 and User2 get public keys P = 33 and G =

8.
2. User1 selects a as a private key, i.e., 3, and
User2 selects b as a private
11/17/2024 69
key, i.e., 2.
 6. Diffie-Hellman Key Exchange…
4. User2 calculate the public value:

y=(82 mod33)=64mod33= 31

5. User1 and User2 exchange public keys, i.e., 17

and 31.

6. User1 receives public key y = 31 and User2

receives public key x = 17.

7. User1 and User2 calculate symmetric keys:

User1: ka=ya modP=313 mod33=29791mod33=25

User2:kb=xb modP=172 mod33=289mod33=25

8.
11/17/2024 25 is the shared secret.
70
 7. Secure Hash Algorithm(SHA-1)
 SHA-1 or Secure Hash Algorithm 1 is a
cryptographic hash function which takes an input
and produces a 160-bit (20-byte) hash value.

 This hash value is known as a message digest.

 This message digest is usually then rendered as a

hexadecimal number which is 40 digits long.

 SHA-1 is now considered insecure since 2005.

 Major tech giants browsers like Microsoft, Google,

Apple and Mozilla have
11/17/2024 71
stopped accepting SHA-1
 7. Secure Hash Algorithm(SHA-1) …

11/17/2024 72
 7. Secure Hash Algorithm(SHA-1) …

11/17/2024 73
 Thank You

11/17/2024 74