CRYPTOGRAPHY

A REVIEW
LONG LE
Cryptography :
Introduction
Cryptography, from Greek krpto (hidden) and grapho (write), is the science and practice of
hiding information. Most Internet users come in contact with cryptography when they go to a
secure website of an Internet retailer. Other popular applications are secure e-mail, Internet
banking, mobile phones, etc. Cryptography has its roots in mathematics, computer science and
engineering. Cryptographic Engineering is concerned with all aspects of implementing
cryptographic algorithms in hardware and / or software. This ranges from high performance
implementations to ultra-low power implementations of public key and secret key algorithms,
fault tolerant implementations, attack resistant implementation and even implementations of
attacks.

Your opponent always uses her best strategy to defeat you, not the strategy
that you want her to use. Thus, the security of an encryption system depends
on the best-known method to break it. As new and improved methods are
developed, the level of security can only get worse, never better.
Cryptography is:

- An indispensable tool used to protect information in computer systems.

- Secure communications: web traffic, wireless traffic
- Encrypting files on disk: EFS, TrueCrypt
- Content protection (e.g DVD, Blu-ray): CSS, AACS
- User authentication
- Digital Signatures
- Anonymous digital cash
- Anonymous communication

- ..
- An integral part of standard protocols, most notably the Transport Layer Security (TLS)
protocol, making it relatively easy to incorporate strong encryption into a wide range of
applications.
- Secure Sockets Layer/TLS
 Handshake Protocol: Establish shared secret key using public-key
cryptography
  Record Layer: Transmit data using shared secret key (Ensure
confidentiality and integrity)
- Extremely useful, but highly brittle
- The most secure cryptographic system can be rendered completely insecure by a
single specification or programming error
- Relying on mathematical modeling and proofs to show that a particular system satisfies
the security properties attributed to it.
-

Cryptographic algorithms and protocols can be grouped into four main areas:

- Symmetric encryption:
- Used to conceal the contents of blocks or streams of data of any size, including
messages, files, encryption keys, and passwords.
- Asymmetric encryption:
- Used to conceal small blocks of data, such as encryption keys and has function
values, which are used in digital signatures.
- Data Integrity Algorithms:
- Used to protect blocks of data, such as messages, from alteration.
- Authentication Protocols:
- These are schemes based on the use of cryptographic algorithms designed to
authenticate the identify of entities

Three keys objectives that are at the heart of computer security (CIA triad):

- Confidentiality:
- Data Confidentiality: Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.
- Privacy: Assures that individuals control or influence what information related to
them may be collected and stored and by whom and to whom that information
may be disclosed.
- Integrity:
- Data Integrity: Assures that information and programs are changed only in a
specified and authorized manner
- System integrity: Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system
- Availability: Assures that systems work promptly and service is not denied to authorized
users
- Authenticity
- Accountability:
The OSI Security Architecture
Threat: A potential for violation of security, which exists when there is a circumstance,
capability, action, or event that could breach security and cause harm.

- A threat is a possible danger that might exploit a vulnerability

Attack: An assault on system security that derives from an intelligent threat

- An intelligent act that is a deliberate attempt (especially in the sense of a method or

technique) to evade security services and violate the security policy of a system.

Focuses on security attacks, mechanisms, and services

- Security Attacks: Any action that compromises the security of information owned by
an organization
- Passive Attacks: Release of message contents, traffic analysis…
- Active Attacks: Masquerade, Replay, Modification of messages, Denial of
Services…
- Security Mechanism: A process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a security attack
- Security Service: A processing or communication service that enhances the security of
the data processing systems and the information transfers of an organization. The
services are intended to counter security attacks, and they make use of one or more
security mechanisms to provide the service.
Fundamental Security Design Principles
Economy of Mechanism Design of security measures should be as simple and small as possible

Fail-safe defaults
Complete Mediation
Open Design The design of a security mechanism should be open rather than secret

Separation of Privilege
Least Privilege
Least Common Mechanism
Psychological Acceptability
Isolation
Encapsulation
Modularity
Layering
Least Astonishment

Attack Surfaces

Number Theory
Divisibility and The Division Algorithm
The study of the natural number: 1, 2, 3, 4, 5, 6, …

The study of the integers: …, -5, -4, -3, -2, -1, 0, 1, 2, 3, 4,…

Definition: Let a and b be integers with b # 0. We say that b divides a, or that a is divisible by
b, if there is an integer c such that: a = bc (b | a)
Division with remainder: if a and b are positive integers and if you attempt to divide a by b, you
will get a quotient q and a remainder r (a = b.q +r) , where the remainder r is smaller than b.

The Euclidean Algorithm

Greatest Common Divisor

Definition. A common divisor of two integers a and b is a positive integer d that divides both
of them. The greatest common divisor of a and b is, as its name suggests, the largest positive
integer d such that d | a and d | b, denoted gcd(a,b)

Theorem - The Euclidean algorithm: Let a and b be positive integers with a >= b.
The following algorithm computes gcd(a,b) in a finite number of steps. r(i-1) = r(i).q(i)
+ r(i+1)
(1) Let r(0) = a, and r(1) = b
(2) Set i = 1
(3) Divide r(i-1) by r(i) to get a quotient q(i) and remainder r(i+1)
(4) If the remainder r(i+1)=0, then r(i)=gcd(a,b) and the algorithm terminates.
(5) Otherwise, r(i+1) > 0, so set i=i+1 and go to Step 3. The division step (Step 3) is
executed at most.
Modular Arithmetic
The modulus
If a is an integer and n is a positive integer, we define a mod n to be the remainder when a is
divided by n. The integer n is called the modulus
a
a=qn+r 0 ≤ r <n ; q=⌊ ⌋
n
a=⌊ a/ n ⌋ x n+(a mod n)
Two integers a and b are said to be congruent modulo n, if ( a mod n) = (b mod n):
a ≡ b(mod n)

Properties of Congruences
1. a ≡ b ( mod n ) if n∨(a−b)
2. a ≡ b ( mod n ) implies b ≡a (mod n)
3. a ≡ b ( mod n )∧b≡ c ( mod n ) imply a≡ c (mod n)

Modular Arithmetic Operations

1. [ ( a mod n )+ ( b mod n ) ] mod n= ( a+b ) mod n
2. [ ( a mod n )−( b mod n ) ] mod n=( a−b ) mod n
3. [ ( a mod n ) × ( b mod n ) ] mod n= ( a ×b ) mod n
Properties of Modular Arithmetic
Set of residues, or residue classes (mod n): [ r ] ={a :a is aninteger , a ≡r (mod n)

If ( a+b ) ≡ ( a+c ) ( mod n ) thenb ≡ c (mod n)

If ( a ×b ) ≡ ( a ×c ) ( mod n ) thenb ≡ c ( mod n ) if ais relatively prime ¿ n

Euclidean Algorithm Revisited

For any integers a , b , with a ≥ b ≥ 0: gcd ( a ,b )=gcd ⁡(b , a mod b)

Euclid (a, b)
if ( b= 0) then return a;
else return Euclid(b, a mod b);
The Extended Euclidean Algorithm
ax +by=d=gcd ⁡(a , b)

Prime Numbers
Prime numbers play a critical role in number theory and in the techniques
Fermat’s and Euler’s Theorems
Fermat’s Theorem
If p is prime and a is a positive integer not divisible by p, then a p−1 ≡1( mod p)
If p is prime and a is a positive integer, then a p ≡ a(mod p)

Euler’s Totient Function

Defined as the number of positive integers less than n and relatively prime to n.

By convention, ϕ ( 1 )=1

For a prime number p : ϕ ( p )= p−1

With n= pq : ϕ ( n )=ϕ ( pq )=ϕ ( p ) × ϕ ( q ) =( p−1 ) ×( q−1)

Proof:

ϕ ( n )=( pq−1 ) −[ ( q−1 )+ ( p−1 ) ] = pq−( p+ q ) +1=( p−1 ) × ( q−1 )=ϕ ( p ) × ϕ ( q )

Euler’s Theorem
For every a and n that are relatively prime:

An alternative form of the theorem: a ϕ ( n)+1 ≡a(mod n) (a does not need to be relatively prime
to n)
Testing for Primality
Miller-Rabin Algorithm
Some background:

- First, any positive odd integer n ≥ 3 can be expressed as n−1=2k q with k > 0, q odd
If n is expressed as a binary number, then the result is achieved by shifting the number
to the right until rightmost digit is a 1, for a total k shifts.
- Two properties of prime number:
- If p is prime and a is a positive integer less than p, then a 2 mod p=1 if and only
if either a mod p=1 or a mod p=−1 mod p= p – 1.

Details of the algorithm:

A Deterministic Primality Algorithm

Distribution of Primes

The Chinese Remainder Theorem

Discrete Logarithms
Classical Encryption Techniques
"I am fairly familiar with all the forms of secret writings, and am myself the
author of a trifling monograph upon the subject, in which I analyze one
hundred and sixty separate ciphers," The Adventure of the Dancing Men, Sir
Arthur Conan Doyle
An original message is known as the plaintext, while the coded message is called
the ciphertext.

The process of converting from plaintext to ciphertext is known as enciphering or

encryption; restoring the plaintext from the ciphertext is deciphering or decryption.

The modern scientific study of cryptography is sometimes referred to as cryptology.

The process of decrypting a message without knowing the underlying key is called
cryptanalysis.

Symmetric Cipher Model

 or conventional / private-key / single-key

 sender and recipient share a common key

 all classical encryption algorithms are private-key

 was only type prior to invention of public-key in 1970’s

 and by far most widely used

Five ingredients

Two requirements
1. Need a strong encryption algorithm:
The opponent should be unable to decrypt ciphertext or discover the key even if he
or she is in possession of a number of ciphertexts together with the plaintext that
produced each ciphertext.
2. A secret key known only to sender/receiver: Sender and receiver must have
obtained copies of the secret key in a secure fashion and must keep the key secure.
 The encryption algorithm need not be kept secret means that manufacturers can and
have developed low-cost chip implementations of data encryption algorithms.

Cryptography
Cryptographic systems are characterized along three independent dimensions:

1. The type of operations used for transforming plaintext to ciphertext:

substitution, transportation or product
2. The number of keys used: symmetric (single-key or private) or asymmetric (two-key
or public)
3. The way in which the plaintext is processed: block cipher or stream cipher
Cryptanalysis and Brute-Force Attack
Cryptanalysis:

The most difficult problem is presented when all that is available is the ciphertext only.

 unconditional security

 no matter how much computer power or time is available, the cipher cannot be
broken since the ciphertext provides insufficient information to uniquely
determine the corresponding plaintext

 computational security

 given limited computing resources (eg time needed for calculations is greater
than age of universe), the cipher cannot be broken

Brute-Force attack:
 always possible to simply try every key

 most basic attack, proportional to key size

 assume either know / recognise plaintext

Key Size Number of Time required at 1 Time required at

(bits) Alternative Keys decryption/µs 106 decryptions/µs

32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds

56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours

128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years
 26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 6.4  106 years
(permutation) years

- David Kahn, “The code breakers” (1996)

Substitution cipher (all badly broken)

Caesar Cipher (no key):
Substitution ciphers form the first of the fundamental building blocks. The core idea is to
replace one basic unit (letter/byte) with another. Whilst the early Greeks described several
substitution ciphers, the first attested use in military affairs of one was by Julius Caesar,
described by him in Gallic Wars (cf. Kahn pp83-84). Still call any cipher using a simple letter
shift a caesar cipher, not just those with shift 3.

 earliest known substitution cipher

 by Julius Caesar

 first attested use in military affairs

 replaces each letter by 3rd letter on

c = E(k, p) = (p + k) mod (26)

p = D(k, c) = (c – k) mod (26)
Cryptanalysis of Caesar Cipher:
With a caesar cipher, there are only 26 possible keys, of which only 25 are of any use, since
mapping A to A etc doesn't really obscure the message! Note this basic rule of cryptanalysis
"check to ensure the cipher operator hasn't goofed and sent a plaintext message by mistake"!

Can try each of the keys (shifts) in turn, until can recognise the original message. See Stallings
Fig 2.3 for example of search.

Note: as mentioned before, do need to be able to recognise when have an original message
(ie is it English or whatever). Usually easy for humans, hard for computers. Though if using say
compressed data could be much harder.

Example "GCUA VQ DTGCM" when broken gives "easy to break", with a shift of 2 (key C).

 easy to break by brute-force attack

 only have 26 possible ciphers

 A maps to A,B,..Z

 could simply try each in turn

 a brute force search

 given ciphertext, just try all shifts of letters

 do need to recognize when have plaintext

 eg. break ciphertext "GCUA VQ DTGCM"

Monoalphabetic Ciphers:
With only 25 possible keys, the Caesar cipher is far from secure. A dramatic increase in the key
space can be achieved by allowing an arbitrary substitution, where the translation alphabet can
be any permutation of the 26 alphabetic characters. A permutation of a finite set of elements S
is an ordered sequence of all the elements of S, with each element appearing exactly once. In
general, there are n! permutations of a set of n elements.

See text example of a translation alphabet, and an encrypted message using it.

 rather than just shifting the alphabet

 could shuffle (jumble) the letters arbitrarily

 each plaintext letter maps to a different random ciphertext letter

 hence key is 26 letters long

Plain: abcdefghijklmnopqrstuvwxyz

Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters

Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

 now have a total of 26! = 4 x 1026 keys

 with so many keys, might think is secure

 but would be !!!WRONG!!!

 problem is language characteristics

A permutation of a finite set of elements S is an ordered sequence of all the elements of

S, with each element appearing exactly once. There are n! permutations of a set of n
elements.
- What is the size of key space in the substitution cipher assuming 26 letters? 26!
> 10^26
- How many different simple substitution ciphers exist ?
If your key is a set of digits, options^length is correct. Every digit may occur
several times. If your key is an alphabet, Factorial N is correct. Say, you want to
place the A first. You have 26 options. After that, you have only 25 options for
the B because A already occupies one. 24 For the C and so on.
- How to break a substitution cipher ?
The most common letter in English text: “X”, “L”, “E”, “H”
 human languages are redundant
 eg "th lrd s m shphrd shll nt wnt"
 letters are not equally commonly used
 in English E is by far the most common letter
 followed by T,R,N,I,O,A,S
 other letters like Z,J,K,Q,X are fairly rare
 have tables of single, double & triple letter frequencies for various languages
 Use frequency of English letters

Order Of Frequency Of Single Letters ETAOINSHRDLU

th er on an re he in ed nd ha at en es of or nt ea ti
Order Of Frequency Of Digraphs
to it st io le is ou ar as de rt ve
the and tha ent ion tio for nde has nce edt tis oft sth
Order Of Frequency Of Trigraphs
men
Order Of Frequency Of Most Common
ss ee tt ff ll mm oo
Doubles
Order Of Frequency Of Initial Letters TOAWBCDSFMRHIYEGLNPUJK

Order Of Frequency Of Final Letters ESTDNRYFLOGHAKMPUW

One-Letter Words a, I.
of, to, in, it, is, be, as, at, so, we, he, by, or, on, do,
Most Frequent Two-Letter Words
if, me, my, up, an, go, no, us, am
the, and, for, are, but, not, you, all, any, can, had,
her, was, one, our, out, day, get, has, him, his, how,
Most Frequent Three-Letter Words
man, new, now, old, see, two, way, who, boy, did,
its, let, put, say, she, too, use
that, with, have, this, will, your, from, they, know,
Most Frequent Four-Letter Words
want, been, good, much, some, time

easy to break because they reflect the frequency data of the original alphabet

A countermeasure is to provide multiple substitutes, known as homophones, for a single letter.

Playfair Cipher: the best-known multiple-letter encryption cipher

Consider ways to reduce the "spikyness" of natural language text, since if just map one letter
always to another, the frequency distribution is just shuffled. One approach is to encrypt more
than one letter at once. The Playfair cipher is an example of doing this, treats digrams in the
plaintext as single units and translates these units into ciphertext digrams.

 not even the large number of keys in a monoalphabetic cipher provides security

 one approach to improving security was to encrypt multiple letters

 the Playfair Cipher is an example

 invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair

The Playfair algorithm is based on the use of a 5 x 5 matrix of letters constructed using a
keyword.

Keyword: MONARCHY.

The matrix is constructed by filling in the letters of the keyword (minus duplicates) from left to
right and from top to bottom, and then filling in the remainder of the matrix with the remaining
letters in alphabetic order.

Rules:

1. Repeating plaintexts that are in the same pair are separated with a filler letter, such as
x, so that balloon would be treated as ba lx lo on
2. Two plaintext letters that fall in the same row of the matrix are each replaced by the
letter to the right, with the first element of the row circularly following the last. For
example, ar is encrypted as RM
3. Two plaintext letters that fall in the same column are each replaced by the letter
beneath, with the top element of the column circularly following the last. For example,
mu is encrypted as CM.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row
and the column occupied by the other plaintext letter. Thus, hs becomes BP and ea
becomes IM (or JM, as the encipherer wishes)

Security of Playfair Cipher

The Playfair cipher is a great advance over simple monoalphabetic ciphers, since there are
26*26=676 digrams (vs 26 letters), so that identification of individual digrams is more difficult.
Also,the relative frequencies of individual letters exhibit a much greater range than that of
digrams, making frequency analysis much more difficult. The Playfair cipher was for a long time
considered unbreakable. It was used as the standard field system by the British Army in World
War I and still enjoyed considerable use by the U.S.Army and other Allied forces during World
War II. Despite this level of confidence in its security, the Playfair cipher is relatively easy to
break because it still leaves much of the structure of the plaintext language intact. A few
hundred letters of ciphertext are generally sufficient.
  security much improved over monoalphabetic

 since have 26 x 26 = 676 digrams

 would need a 676 entry frequency table to analyse (verses 26 for a monoalphabetic)

 and correspondingly more ciphertext

 was widely used for many years

 eg. by US & British military in WW1

 it can be broken, given a few hundred letters

 since still has much of plaintext structure

Hill cipher

Polyalphabetic Ciphers
Vigener cipher (16’th centur, Rome)
Assume a sequence of plaintext letters P= p 0 , p1 , p2 , … , p n−1 and a key consisting of the
sequence letters K=k 0 , k 1 , k 2 , … , k m−1, where typically m < n.

The sequence of ciphertext letters C=C 0 , C 1 , C 2 , … , Cn−1 is calculated as follows:

A general equation of the encryption process is C i=( pi +k i mod m ) mod 26

Vernam Cipher

c i = pi ⨁ k i

Where,
pi = ith binary digit of plaintext

k i = ith binary digit of key

c i = ith binary digit of ciphertext

One-time pad
An improvement to the Vernam cipher that yields the ultimate in security.

Using a random key that is as long as the message, so that the key need not be repeated. In
addition, the key is used to encrypt and decrypt a single message, and then is discarded.

No way to break the code

The one-time pad offers complete security but, in practice, has two fundamental difficulties:

1. There is the practical problem of making large quantities of random keys. Any heavily
used system might require millions of random characters on a regular basis. Supplying
truly random characters in this volume is a significant task
2. Even more daunting is the problem of key distribution and protection. For every
message to be sent, a key equal length is needed by both sender and receiver. Thus, a
mammoth key distribution problem exists.

The one-time pad is the only cryptosystem that exhibits what is referred to as perfect
secrecy.
Perfect Security
The “gold standard” for security

Hope of keeping m secret if the key k is hard to guess -> the key should be chosen at random from a
large key space

To say that m is “well hidden” -> it is hard to completely determine m from c, without knowledge of k
(not really enough)

The adversary may not know k, but know the encryption algorithm and the distribution of k

The adversary may also have some knowledge of the message encrypted – because of
circumstances, he may know that the set of possible messages is quite small, and he may know
something about how likely each possible message is (Based on the adversary’s available intelligence)
Transportation Techniques
Rail fence technique
The plaintext is written down as a sequence of diagonals and then read off as a sequence of
rows.

Meet me after the toga party -> mematrhtgpryetefeteoaat

mematrhtgpry
e t efeteoaat

The transportation cipher can be made significantly more secure by performing more than one
stage of transposition. The result is a more complex permutation that is not easily
reconstructed. Thus, if the foregoing message is reencrypted using the same algorithm.

Rotor Machines (1870-1943)

A multiple stages of encryption.

The rotor machine consists of a set of independently rotating cylinders through which electrical
pulses can flow. Each cylinder has 26 input pins and 26 output pins, with internal wiring that
connects each input pin to a unique output pin.
 - The Hebern Machine
- The Enigma (3-5 rotors)

Steganography
Various other techniques have been used historically; some examples are the following:

Character Marking:
Selected letters of printed or typewritten text are over-written in pencil. The marks are
ordinarily not visible unless the paper is held at an angle to bright light

Invisible ink:
A number of substances can be used for writing by leave no visible trace until heat or some
chemical is applied to the paper

Pin punctures:
Small pin punctures on selected letters are ordinarily not visible unless the paper is held up in
front of a light

Typewriter correction ribbon:

Used between lines typed with a black ribbon, the results of typing with the correction tape are
visible only under a strong light

Steganography has a number of drawbacks when compared to encryption. It requires a lot of

overhead to hide a relatively few bits of information.

The advantage of steganography is that it can be employed by parties who have something to
lose should the fact of their secret communication (not necessarily the content) be discovered.
Block Ciphers And The Data Encryption
Standard
All the afternoon Mungo had been working on Stern's code, principally with
the aid of the latest messages which he had copied down at the Nevin Square
drop. Stern was very confident. He must be well aware London Central knew
about that drop. It was obvious that they didn't care how often Mungo read
their messages, so confident were they in the impenetrability of the code.

—Talking to Strange Men, Ruth Rendell

Traditional Block Cipher Structure

Stream Ciphers and Block Ciphers
Stream Cipher is one that encrypts a digital data stream one bit or one byte at a time.

Example: the autokeyed Vigenere Cipher and the Vernam cipher.

A Block Cipher is one in which a block of plaintext is treated as a whole and used to produce a
ciphertext block of equal length. Typically, a block size of 64 or 128 bits is used
Feistel Block Cipher
 most symmetric block ciphers are based on a Feistel Cipher Structure

 needed since must be able to decrypt ciphertext to recover messages efficiently

 block ciphers look like an extremely large substitution

 would need table of 264 entries for a 64-bit block

  instead create from smaller building blocks

 using idea of a product cipher

The essence of the approach is to develop a block cipher with a key length of k bits and a block
length of n bits, allowing a total of 2^k possible transformations, rather than the 2^n!
transformations available with the ideal block cipher.

The Feistel structure is used for Triple Data Encryption Algorithm (TDEA), which is one of the
two algorithms (along with AES), approved for the general use by NIST.

Diffusion and Confusion: were introduced by Claude Shannon to capture the two basic
building blocks for any cryptographic system.

 cipher needs to completely obscure statistical properties of original message

 a one-time pad does this

 more practically Shannon suggested combining S & P elements to obtain:

 diffusion – dissipates statistical structure of plaintext over bulk of ciphertext

 confusion – makes relationship between ciphertext and key as complex as possible

Assume the attacker has some knowledge of the statistical characteristics of the plaintext. For
example, in a human-readable message in some language, the frequency distribution of the
various letters may be known.

In diffusion, the statistical structure of the plaintext is dissipated into long-range statistics of the
ciphertext

An example of diffusion is to encrypt a message M =m 1 , m2 , m3 , … of characters with an

averaging operation:
y n=¿The exact realization of a Feistel network depends on the choice of the following
parameters and design features:

- Block size: Larger block sizes mean greater security (All other things being equal) but
reduced encryption/decryption speed for a given algorithm. The greater security is
achieved by greater diffusion. Traditionally, a block size of 64 bits has been considered a
reasonable tradeoff and was nearly universal in block cipher design. However, the new
AES uses a 128-bit block size.
- Key size: Larger key size means greater security but may decrease
encryption/decryption speed. The greater security is achieved by greater resistance to
brute-force attacks and greater confusion. Key sizes of 64 bits or less are now widely
considered to be inadequate, and 128 bits has become a common size.
- Number of rounds: The essence of the Feistel cipher is that a single round offers
inadequate security but that multiple rounds offer increasing security. A typical size is 16
rounds.
- Subkey generation algorithm: Greater complexity in this algorithm should lead to
greater difficulty of cryptanalysis.
- Round function F: Again, greater complexity generally means greater resistance to
cryptanalysis.

There are two other considerations in the design of a Feistel cipher:

 - Fast software encryption/decryption: In many cases, encryption is embedded in
applications or utility functions in such a way as to preclude a hardware implementation.
Accordingly, the speed of execution of the algorithm becomes a concern.
- Ease of analysis: Althougn we would like to make our algorithm as difficult as possible
to crypranalyze, there is greate benefit in making the algorithm easy to analyze. That is,
if the algorithm can be concisely and clearly explained, it is easier to analyze that
algorithm for cyptanalytic vulnerabilities and therefore develop a higher level of
assurance as to its strength. DES, for example, does not have an easily analyzed
functionality.

Modern Block Ciphers

 now look at modern block ciphers

 one of the most widely used types of cryptographic algorithms

 provide secrecy /authentication services

 focus on DES (Data Encryption Standard)

 to illustrate block cipher design principles

The Data Encryption Standard

DES Encryption
The plaintext must be 64 bits in length

The key is 56 bits in length (Actually, the function expects a 64-bit key as input. However, only
56 of these bits are ever used; the other 8 bits can be used as parity bits or simply set
arbitrarily)
Plaintext
First, the 64-bit plaintext passes through an Initial Permutation (IP): rearranges the bits to
produce the permuted input

This is followed by a phase consisting of sixteen rounds of the same function, which involves
both permutation and substitution functions.
The output of the last (sixteenth) round consists of 64 bits that are a function of the input
plaintext and the key.

The left and right halves of the output are swapped to produce the preoutput.

Finally, the preoutput is passed through a permutation [IP -1] that is the inverse of the initial
permutation function, to produce the 64-bit ciphertext.

With the exception of the initial and final permutations, DES has the exact strcture of a Feistel
cipher.

Key
Initially, the key is passed through a permutation function.

Then, for each of the sixteen rounds, a subkey (K i) is produced by the combination of a left
cicular shift and a permutation. The permutation function is the same for each round, but a
different subkey is produced because of the repeated shifts of the key bits.

DES Decryption
Uses the same algorithm as encryption, except that the application of the subkeys and the
initial and final permutation are reversed.

A DES Example

The Strength of DES

Block Cipher Design Principles

Finite Fields
Finite fields have become increasingly important in cryptography. A number of cryptographic algorithms
rely heavily on properties of finite fields, notably the Advanced Encryption Standard (AES) and Elliptic
Curve Cryptography. The message authentication code (CMAC), and The authenticated encryption
scheme (GCM)

Groups, Rings, and Fields are the fundamental elements of a branch of mathematics known as abstract
algebra, or modern algebra. In abstract algebra:

We are concerned with sets on whose elements we can operate algebraically

We can combine two elements of the set perhaps in several ways, to obtain a third element of
the set.

Operations are subject to specific rules, which define the nature of the set.

The notation for the two principal classes of operations on set elements is usually the same as
the notation for addition and multiplication on ordinary numbers.

Not limited to ordinary arithmetical operations.

GROUPS:

- A set of elements with binary operation (denoted by {G , ∘}) that associates to each ordered
pair (a , b) of elements in G an element a ∘ b in G, obeyed:
A1. Closure: If a and b belong to G, then a ∘ b is also in G
 A2. Associative: a ∘ ( b ∘c )=( a∘ b ) ∘ c for all a , b , c in G
A3. Identity element: There is an element e in G such that a ∘ e=e ∘ a=a for all a in G
A4. Inverse element: For each a in G, there is an element a ' in G such that a ∘ a' =a ' ∘ a=e
- When the group operation is addition,
 The identity element is 0;
 The inverse element of a is –a;
 Subtraction is defined with the following rule: a−b=a+(−b)

A PERMUTATION of n distinct symbols N n ({1,2,3 … , n }) is a one-to-one mapping from N n to N n.

- Define Sn to be the set of all permutations of n distinct symbols. Each element of Sn is

represented by a permutation of the integer π in 1,2 , … , n
- Sn is a group:
A1. If ( π , ρ∈ S n) , then the composite mapping π ∘ ρ is formed by permuting the elements of ρ
according to the permutation π . E.g., { 3 , 2 ,1 } ∘ {1,3,2 }={2,3,1}
A2. The composition of mappings is also easily seen to be associative.
A3. The identity mapping is the permutation that does not alter the order of the n elements.
A4. For any

FINITE GROUP: a group has finite number of elements.

- The order of the group is equal to the number of elements in the group.

ABELIAN GROUP: a group satisfies the following additional condition:

A5. Commutative: a ∘ b=b∘ a for all a , b in G

- The set of integers (positive, negative, and 0) under addition
- The set of nonzero real numbers under multiplication
- The set Sn from the preceding example is a group but not an abelian group for n > 2.

CYCLIC GROUP: A group is cyclic if every element of G is a power a k , k ∈ Z of a fixed element a ∈G

- Exponentiation with in a group: a repeated application of the group operator: a 2=a ∘ a

- The identity element: a 0=e
n
- The inverse element: a−n=( a' )
- The element a is said to generate the group G or to be a generator of G
- A cyclic group is always abelian and may be finite or infinite
- The additive group of integers is an infinite cyclic group generated by the element 1. In this case,
powers are interpreted additively, so that n is the nth power of 1

RINGS: a set of elements with two binary operations, called addition and multiplication {R ,+ ,× }

- For all a, b, c in R the following axioms are obeyed:

(A1 – A5) R is an abelian group with respect to addition (R satisfies axioms A1 through A5)

For the case of an additive group, the identity element as 0 and the inverse of a as -a

M1. Closure under multiplication: If a and b belong to R, then ab is also in R

M2. Associativity of multiplication: a (bc)=(ab)c for all a , b , c in R

M3. Distributive Laws: a (b+c )=(ab+ac ) for all a , b , c in R

(a+ b)c =ac+ bc for all a , b , c in R

 - A ring is a set in which we can do addition, subtraction [a−b=a+(−b)], and multiplication
without leaving the set
- The set of all n-square matrices over the real number is a ring (Respect to addition and
multiplication)
- A ring is said to be commutative if:

M4. Commutativity of multiplication: ab=ba for all a , b , c in R

- The set of all even integers (positive, negative, and 0) under addition and multiplication
- The set of Z n integers {0, 1, …, n-1}, together with the arithmetic operations module n, is
a commutative ring.

INTEGRAL DOMAIN: a commutative ring that obeys the following axioms

M5. Multiplicative identity: There is an element 1 in R such that a1 = 1a = a for all a in R

M6. No zero divisors: If a, b in R and ab = 0, then either a = 0 or b = 0

- The set of integers, positive, negative, and 0 under the usual operations of addition and
multiplication.

FIELDS: a set of elements with two binary operations, called addition and multiplication, such that for all
a, b, c in F the following axioms are obeyed.

(A1 - M6) F is an integral domain

M7. Multiplicative inverse: For each a in F, except 0, there is an element a−1 in F such that
a a−1=( a−1 ) a=1
- A field is a set in which we can do addition, subtraction, multiplication, and division without
leaving the set. Division is defined with the following rule: a /b=a ( b−1 )
- The rational numbers
- The real numbers
- The complex number
- The set of all integers is not a field
FINITE FIELDS OF THE FORM GF(p)

- Infinite fields are not of particular interest in the context of cryptography.

- Finite fields play a crucial role in many cryptographic algorithms.
- The finite field of order pn is generally written GF( pn) (Galois Field)
- Finite Fields of Order p

For a give prime number p, GF(p) is {0,1,…,p-1} together with the arithmetic operations modulo
p.

if ( a × b ) ≡ ( a × c )( mod p ) thenb ≡ c (mod p)

FINDING THE MULTIPLICATIVE INVERSE IN GF(p)

- It is easy to find the multiplicative inverse of an element in GF(p) for small values of p. We simply
construct a multiplication table, but for large values of p, this approach is not practical.
-

1. Set
2. group
a. Một phép toán có nhiều nhất một phần tử trung hòa
b. Phần tử x ' ∈ X thỏa x∗x ' =x '∗x=e được gọi là phần tử đối xứng của x
c. Nếu phép toán * kết hợp thì một phần tử có nhiều nhất một phần tử đối xứng.
d. Trường hợp phép toán cộng:
i. Phần tử trung hòa (Identity Element) được gọi là phần tử 0
ii. Tính chất khả đối xứng được gọi là khả đối
iii. Phần tử đối xứng của x được gọi là phần tử đối của x (-x)
e. Trường hợp phép toán nhân:
i. Phần tử trung hòa được gọi là phần tử đơn vị, ký hiệu là e hay 1.
ii. Tính chất đối xứng được gọi là khả nghịch
iii. Phần tử đối xứng của x được gọi là phần tử nghịch đảo của x và ký hiệu là x−1
3. abelian group

Cho tập hợp X với phép toán nhân. Ta nói (X,.) là:

a. Một nửa nhóm nếu phép toán nhân kết hợp trên X
b. Một vị nhóm nếu phép toán nhân kết hợp trên X và có phần tử trung hòa trên X
c. Một nửa nhóm được gọi là giao hoán hay Abel nếu phép toán tương ứng giao hoán
d. N,Z,Q,R,C là các vị nhóm giao hoán với phép cộng thông thường
e. N* là một nửa nhóm giao hoán nhưng không là vị nhóm

Định lý: Cho x 1 , x 2 , … , x n là n phần tử tùy ý của nửa nhóm (X,.) với n ≥ 3
 4. ring
5. commutative ring
6. integral domain
7. field
- Closure with respect to the operation. Closure means that if a and b are in the set, then element
a o b = c is also in the set. The symbol o denotes the operator for the desired operation.
- Associativity with respect to the operation. Associativity means that (a o b) o c = a o (b o c)
- Guaranteed existence of a unique identity element with regard to the operation. An element i
would be called an identity element if for every a in the set, we have a o i = a.
- The existence of an inverse element for each element with regard to the operation. That is, for
every a in the set, the set must also contain an element b such that a o b = i assuming that i is
the identity element.
- In general, a group is denoted by {G,o} where G is the set of objects and o the operator.

Group: A set of objects, along with binary operation (meaning an operation that is applied to two
objects at a time) on the elements of the set, must satisfy the following four properties for the set of
objects to be called a group.

- Nhóm là một vị nhóm mà mọi phần tử đều khả đối xứng. Nói cách khác, tập hợp G khác rỗng
với phép toán nhân được gọi là một nhóm nếu các tính chất sau được thỏa:
- (G¿¿ 1)∀ x , y , z ∈G , ( xy ) z=x ( yz ) ; ¿
- ( G2 ) ∃e ∈ G , ∀ x ∈ G , ex=xe=x ;
- ( G3 ) ∀ x ∈G , ∃ x−1 ∈ G , x x−1=x−1 x=e ;
- Nếu phép toán trên G là phép cộng thì các tính chất trên trở thành
- (G¿¿ 1)∀ x , y , z ∈G , ( x+ y )+ z= x+ ( y + z ) ; ¿
- ( G2 ) ∃0 ∈G , ∀ x ∈G , 0+ x=x +0=x ;
- ( G3 ) ∀ x ∈G , ∃ (−x ) ∈ G , x + (−x )=(−x ) + x=0 ;
- Trường hợp phép toán trên nhóm G giao hoán thì ta nói G là nhóm giao hoán hay nhóm Abel
- Nhóm G được gọi là nhóm hữu hạn khi tập hợp G hữu hạn.
- Khi đó số phần tử của G được gọi là cấp của nhóm G.
- Nếu nhóm G không hữu hạn thì ta nói G là nhóm vô hạn
- Ví dụ:
- Tập hợp các số nguyên Z cùng với phép cộng thông thường là một nhóm giao hoán
(Nhóm cộng các số nguyên). Tương tự với Q,R,C
- Tập hợp các số hữu tỷ khác 0 (Q*) cùng với phép nhân thông thường là một nhóm giao
hoán. Tương tự R*, C*
- Với X={1,2,…,n}, đặt: Sn={σ ∨σ : X → X là một song ánh }
Khi đó S_n với phép hợp nối ánh xạ là một nhóm (có phần từ đơn vị là ánh xạ đồng nhất
I D X và phần tử nghịch đảo của của σ ∈ S n chính là ánh xạ ngược σ −1. Ta gọi ( Sn , o ) là
nhóm hoán vị hay nhóm đối xứng bậc n. Đây là một nhóm hữu hạn có cấp n!
- Tập hợp GL(n,R) gồm các ma trận vuông cấp n, khả nghịch với hệ số thực cùng với phép
nhân ma trận là một nhóm không giao hoán với mọi n>1 (với phần tử đơn vị là ma trận
đơn vị và phần tử nghịch đảo là ma trận nghịch đảo). Ta gọi GL(n,R) là nhóm tuyến tính
đầy đủ bậc n (hay nhóm tuyến tính tổng quát bậc n) trên R

Infinite Groups vs. Finite Groups (Permutation Groups)

Infinite Groups:
 - The set of all integers – positive, negative, and zero – along with the operation of arithmetic
addition constitutes a group
- For a given value of N, the set of all N x N matrices over real numbers under the operation of
matrix addition constitutes a group.
- The set of all even integers – positive, negative, and zero – under the operation of arithmetic
addition is a group
- The set of all 3 x 4 nonsingular matrices, along with the matrix multiplication as the operator,
forms a group [This group, denoted GL(3), plays a very important role in computer graphics and
computer vision. GL stands for “General Linear”]

Finite Groups:

- Let s_n = <1,2,…,n> denote a sequence of integers 1 through n (The order in which the items
appear in a sequence is important. A sequence is typically shown delimited by angle brackets, as
in the definition of s_n)
- Let’s now consider the set of all permutations of the sequence s_n. Denote this set by P_n. Each
element of the set P_n stands for a permutation <p_1,p_2,p_3,…,p_n> of the sequence s_n
(Size: n!)
- The cardinality of P_3 is 6
- Binary Operation of Composition of Two Permutations:
- π=¿ 3,2,1>¿
- p=¿1,3,2>¿
- π ∘ p=¿ 3,2,1>∘<1,3,2>¿<2,3,1>¿ -> That means is to permute p according to the
elements of π
- Clearly, π ∘ p ∈ P3
- The other Three Conditions that P_3 must satisfy If it is a Group
- Obeys the associativity

Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) was published by the National Institute of Standards and
Technology (NIST) in 2001.

AES is a symmetric block cipher that is intended to replace DES as the approved standard for a wide
range of applications.

AES is a block cipher with a block length of 128 bits. In AES, all operations are performed on 8-bit
bytes.

AES allows for three different key lengths: 128, 192, or 256 bits.
AES Parameters

AES Encryption:

- Consists of 10 rounds of processing for 128-bit keys, 12 round for 192-bit keys, and 14 round for
256-bit keys.
- Except for the last round in each case, all other rounds are identical.
- Each round of processing includes:
- one single-byte based substitution step,
- a row-wise permutation step,
- a column-wise mixing step,
- and the addition of the round key
- AES Data Structure
- The input to the encryption and decryption algorithms is a single 128-bit block.
- In FIPS PUB 197, this block is depicted as a 4 * 4 square matrix of bytes. This block is copied into
the State array, which is modified at each stage of encryption or decryption.
- After the final stage, State is copied to an output matrix. These operations are depicted in Figure
5.2a.
- Similarly, the key is depicted as a square matrix of bytes. This key is then expanded into an array
of key schedule words. Figure 5.2b shows the expansion for the 128-bit key. Each word is four
bytes, and the total key schedule is 44 words for the 128-bit key.
- Note that the ordering of bytes within a matrix is by column. So, for example, the first four bytes
of a 128-bit plaintext input to the encryption cipher occupy the first column of the in matrix, the
second four bytes occupy the second column, and so on.
- Similarly, the first four bytes of the expanded key, which form a word, occupy the first column of
the w matrix.
- 128-bit block consisting of a 4x4 array of bytes (Each column of the state array is a word,
as is each row)
- Each round of processing works on the input state array and produces an output state
array.
- The output state array produced by the last round is rearranged into a 128-bit output
block.
 In particular, the arithmetic operations of addition, multiplication, and division are performed
over the finite field GF(28). Section 4.7 discusses such operations in some detail. For the reader who has
not studied Chapter 4, and as a quick review for those who have, this section summarizes the important
concepts.

In essence, a field is a set in which we can do addition, subtraction, multiplication, and division without
leaving the set. Division is defined with the following rule: a /b = a (b -1 ). An example of a finite field (one
with a finite number of elements) is the set Z p consisting of all the integers {0, 1, . . . . , p - 1}, where p is
a prime number and in which arithmetic is carried out modulo p .
Symmetric and Asymmetric Ciphers
Symmetric Ciphers
Mathematically, a symmetric cipher uses a key k chosen from a space (i.e., a set) of possible
keys K to encrypt a plaintext message m chosen from a space of possible messages M, and the
result of the encryption process is a ciphertext c belonging to a space of possible ciphertexts C.

The security of a cryptosystem should depend only on the secrecy of the key, and not on the
secrecy of the encryption algorithm itself.

If (K,M,C,e,d) is to be a successful cipher, it must have the following properties:

1. For any key k ∈ K and plaintext m∈ M , it must be easy to compute the ciphertext e k (m)
2. For any key k ∈ K and ciphertext c ∈C , it must be easy to compute the ciphertext d k ( c)
3. Given one or more ciphertexts c 1 , c2 , … , c n ∈ C encrypted using the key k ∈ K , it must
be very difficult to compute any of the corresponding plaintexts d k ( c 1 ) , d k ( c2 ) , … .
4. Given one or more pair of plaintexts and their corresponding ciphertexts, it must be
difficult to decrypt any ciphertext c that is not in the given list without knowing k. This is
known as security against a chosen plaintext attack.

An encoding scheme is assumed to be entirely public knowledge and used by everyone for the
same purposes. An encryption scheme is designed to hide information from anyone who does
not possess the secret key. Thus an encoding scheme, like an encryption scheme, consists of
an encoding function and its inverse decoding function, but for an encoding scheme, both
functions are public knowledge and should be fast and easy to compute.
Discrete Probability
Secret Key Cryptography
Encryption
The problem of how to parties can communicate in secret in the presence of an eavesdropper.

The basic mechanism for encrypting a message using a shared secret key is called a cipher (or
encryption scheme)

Shannon ciphers

A one-time pad is a Shannon cipher, where the keys, messages, and ciphertexts are bit
strings of the same length.

A variable length one-time pad is a Shannon cipher, where the keys are bit strings of some
fixed length L, while the messages and ciphertexts are variable length bit strings, of length at
most L

Public-key Encryption

Digital Signatures

Cryptographic Protocols
Stream Ciphers
Pseudo-random generators (PRG)