What is cryptography?

Cryptography is the science of using mathematics to encrypt and decrypt data.

Cryptography enables you to store sensitive information or transmit it across insecure
networks (like the Internet) so that it cannot be read by anyone except the intended
recipient.

While cryptography is the science of securing data, cryptanalysis is the science of analyzing
and breaking secure communication. Classical cryptanalysis involves an interesting
combination of analytical reasoning, application of mathematical tools, pattern finding,
patience, determination, and luck. Cryptanalysts are also called attackers.

Cryptology embraces both cryptography and cryptanalysis.

The Basics of Cryptography

When Julius Caesar sent messages to his generals, he didn't trust his messengers. So he
replaced every A in his messages with a D, every B with an E, and so on through the
alphabet. Only someone who knew the "shift by 3" rule could decipher his messages.

And so we begin.
Encryption and decryption
Data that can be read and understood without any special measures is called plaintext or
cleartext. The method of disguising plaintext in such a way as to hide its substance is called
encryption. Encrypting plaintext results in unreadable gibberish called ciphertext. You use
encryption to ensure that information is hidden from anyone for whom it is not intended,
even those who can see the encrypted data. The process of reverting ciphertext to its
original plaintext is called decryption. Figure 1-1 illustrates this process.

Plaintext - Unscrambled information to be transmitted. It could be a simple text

document, a credit card number, a password, a bank account number, or sensitive
information such as payroll data, personnel information, or a secret formula being
transmitted between organizations.
Ciphertext - Represents plain text rendered unintelligible by the application of a
mathematical algorithm. Ciphertext is the encrypted plain text that is transmitted
to the receiver.
Cryptographic Algorithm - A mathematical formula used to scramble the plain
text to yield ciphertext. Converting plain text to ciphertext using the
cryptographic algorithm is called encryption, and converting ciphertext back to
plain text using the same cryptographic algorithm is called decryption.
Key - A mathematical value, formula, or process that determines how a plaintext
message is encrypted or decrypted. The key is the only way to decipher the
scrambled information.

Types Of modern Cryptograpy:-

1.Symmetric-key algorithm
Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related,
often identical, cryptographic keys for both decryption and encryption etc.
The encryption key is trivially related to the decryption key, in that they may be identical or there
is a simple transformation to go between the two keys. The keys, in practice, represent a shared
secret between two or more parties that can be used to maintain a private information link.

Other terms for symmetric-key encryption are secret-key, single-key, shared-key, one-key, and
private-key encryption. Use of the last and first terms can create ambiguity with similar
terminology used in public-key cryptography.

Symmetric-key algorithms can be divided into stream ciphers and block ciphers. Stream ciphers
encrypt the bits of the message one at a time, and block ciphers take a number of bits and encrypt
them as a single unit. Blocks of 64 bits have been commonly used. The Advanced Encryption
Standard (AES) algorithm approved by NIST in December 2001 uses 128-bit blocks.

Some examples of popular and well-respected symmetric algorithms include Twofish, Serpent,
AES (Rijndael), Blowfish, CAST5, RC4, 3DES, and IDEA.

Cryptographic primitives based on symmetric ciphers

Symmetric ciphers are often used to achieve other cryptographic primitives than just encryption.

Encrypting a message does not guarantee that this message is not changed while encrypted.
Hence often a message authentication code is added to a ciphertext to ensure that changes to the
ciphertext will be noted by the receiver. Message authentication codes can be constructed from
symmetric ciphers (e.g. CBC-MAC).

However, symmetric ciphers also can be used for non-repudiation purposes by ISO 13888-2
standard.

Another application is to build hash functions from block ciphers. See one-way compression
function for descriptions of several such methods.

Construction of symmetric ciphers

Main article: Feistel cipher

Many modern block ciphers are based on a construction proposed by Horst Feistel. Feistel's
construction makes it possible to build invertible functions from other functions that are
themselves not invertible.

[edit] Security of symmetric ciphers

Symmetric ciphers have historically been susceptible to known-plaintext attacks, chosen
plaintext attacks, differential cryptanalysis and linear cryptanalysis. Careful construction of the
functions for each round can greatly reduce the chances of a successful attack.
Types of symmetric-key algorithms

1.Stream cipher
From Wikipedia, the free encyclopedia
  (Redirected from Stream ciphers)
Jump to: navigation, search

The operation of the keystream generator in A5/1, a LFSR-based stream cipher used to encrypt
mobile phone conversations.

In cryptography, a stream cipher is a symmetric key cipher where plaintext bits are combined
with a pseudorandom cipher bit stream (keystream), typically by an exclusive-or (xor) operation.
In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of
successive digits varies during the encryption. An alternative name is a state cipher, as the
encryption of each digit is dependent on the current state. In practice, the digits are typically
single bits or bytes.

Stream ciphers represent a different approach to symmetric encryption from block ciphers. Block
ciphers operate on large blocks of digits with a fixed, unvarying transformation. This distinction
is not always clear-cut: in some modes of operation, a block cipher primitive is used in such a
way that it acts effectively as a stream cipher. Stream ciphers typically execute at a higher speed
than block ciphers and have lower hardware complexity. However, stream ciphers can be
susceptible to serious security problems if used incorrectly: see stream cipher attacks — in
particular, the same starting state must never be used twice.

Types of stream ciphers

A stream cipher generates successive elements of the keystream based on an internal state. This
state is updated in essentially two ways: if the state changes independently of the plaintext or
ciphertext messages, the cipher is classified as a synchronous stream cipher. By contrast, self-
synchronising stream ciphers update their state based on previous ciphertext digi

Synchronous stream ciphers

In a synchronous stream cipher a stream of pseudo-random digits is generated independently

of the plaintext and ciphertext messages, and then combined with the plaintext (to encrypt) or the
ciphertext (to decrypt). In the most common form, binary digits are used (bits), and the
keystream is combined with the plaintext using the exclusive or operation (XOR). This is termed
a binary additive stream cipher.

In a synchronous stream cipher, the sender and receiver must be exactly in step for decryption to
be successful. If digits are added or removed from the message during transmission,
synchronisation is lost. To restore synchronisation, various offsets can be tried systematically to
obtain the correct decryption. Another approach is to tag the ciphertext with markers at regular
points in the output.

If, however, a digit is corrupted in transmission, rather than added or lost, only a single digit in
the plaintext is affected and the error does not propagate to other parts of the message. This
property is useful when the transmission error rate is high; however, it makes it less likely the
error would be detected without further mechanisms. Moreover, because of this property,
synchronous stream ciphers are very susceptible to active attacks — if an attacker can change a
digit in the ciphertext, he might be able to make predictable changes to the corresponding
plaintext bit; for example, flipping a bit in the ciphertext causes the same bit to be flipped in the
plaintext.

Self-synchronizing stream ciphers

Another approach uses several of the previous N ciphertext digits to compute the keystream.
Such schemes are known as self-synchronizing stream ciphers, asynchronous stream ciphers
or ciphertext autokey (CTAK). The idea of self-synchronization was patented in 1946, and has
the advantage that the receiver will automatically synchronise with the keystream generator after
receiving N ciphertext digits, making it easier to recover if digits are dropped or added to the
message stream. Single-digit errors are limited in their effect, affecting only up to N plaintext
digits.

2.Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of
bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might
take (for example) a 128-bit block of plaintext as input, and output a corresponding 128-bit block
of ciphertext. The exact transformation is controlled using a second input — the secret key.
Decryption is similar: the decryption algorithm takes, in this example, a 128-bit block of
ciphertext together with the secret key, and yields the original 128-bit block of plaintext.

A message longer than the block size (128 bits in the above example) can still be encrypted with
a block cipher by breaking the message into blocks and encrypting each block individually.
However, in this method all blocks are encrypted with the same key, which degrades security
(because each repetition in the plaintext becomes a repetition in the ciphertext). To overcome
this issue, modes of operation are used to make encryption probabilistic. Some modes of
operation, despite the fact that their underlying implementation is a block cipher, allow to
encrypt individual bits. The resulting cipher is called a stream cipher.

An early and highly influential block cipher design was the Data Encryption Standard (DES),
developed at IBM and published as a standard in 1977. A successor to DES, the Advanced
Encryption Standard (AES), was adopted in 2001.

3.Polyalphabetic substitution machine

cyphers
A polyalphabetic cipher is any cipher based on substitution, using multiple substitution
alphabets. The Vigenère cipher is probably the best-known example of a polyalphabetic cipher,
though it is a simplified special case. The Enigma machine is more complex but still
fundamentally a polyalphabetic substitution cipher.

 Enigma – WWII German rotor cypher machine—many variants, any user networks for
most of the variants
 Purple – highest security WWII Japanese Foreign Office cypher machine; by Japanese
Navy Captain
 SIGABA – WWII US cypher machine by William Friedman, Frank Rowlett et al.
 TypeX – WWII UK cypher machine

4.Hybrid code/cypher combinations

 JN-25 – WWII Japanese Navy superencyphered code; many variants
 JN-25 is the name given by codebreakers to the chief, and most secure,
command and control communications scheme used by the Imperial Japanese
Navy (IJN) during and slightly before World War II (it was the 25th Japanese
 Navy system identified). It was an enciphered code, producing five numeral
groups in the traffic which was actually broadcast. It was frequently revised
during its lifetime, and each new version required a more or less
fresh cryptanalytic start. New code books were introduced from time to time and
new superenciphering books were also introduced, sometimes simultaneously. In
particular, JN-25 was significantly changed immediately before the Pearl Harbor
attack on 7 December 1941. It was that edition of the JN-25 system which was
sufficiently broken by late May 1942 to provide the forewarning which led to the
U.S. victory at the Battle of Midway.
 Naval Cypher 3 – superencrypted code used by the Royal Navy in the 30s and into WWII

Asymmetric key algorithms

The use of a cipher is by itself inadequate for the transmission of secure messages by
e-mail, because of the key distribution problem. If a secure message is to be
exchanged between people who have not previously met or communicated in person,
how can they agree upon a secret key? If they have a secure channel for exchanging
the key, they may as well exchange the message itself by the same method!

Public-key cryptography, as used in the worldwide standard programs PGP and

GnuPG for secure e-mail, provides an elegant and practical solution to this problem.
In a public-key cryptosystem, each user has a pair of keys: a secret key and a public
key. Public keys can be widely publicised openly. Anyone can send an encrypted
message to a particular user by encrypting it with the recipient's public key. The
recipient can decrypt it with his secret key, but nobody else can do this because
nobody else has access to that secret key.

Although the secret and public keys reverse the action of each other, it is
computationally infeasible for anyone to calculate the secret key from a knowledge of
the corresponding public key. With the sort of key lengths that are commonly used in
practice, public-key cryptography has a degree of security that can match that of the
popular symmetric ciphers.

In actual practice, a dual system is used. The message itself is encrypted with a
symmetric cipher, using a randomly generated one-time key, and a public-key
cryptosystem is used to encrypt the key for the cipher. The reason for this dual system
is that symmetric ciphers work much faster than public-key cryptosystems of
comparable strength. Therefore it is advantageous to apply the public-key
cryptosystem to only the fixed-length key, but not to the message itself, which will
usually be much longer.
Public-key cryptography is a cryptographic approach which involves the use of
asymmetric key algorithms instead of or in addition to symmetric key algorithms. Unlike
symmetric key algorithms, it does not require a secure initial exchange of one or
more secret keys to both sender and receiver. The asymmetric key algorithms are used
to create a mathematically related key pair: a secret private key and a published public
key. Use of these keys allows protection of the authenticity of a message by creating
a digital signature of a message using the private key, which can be verified using the
public key. It also allows protection of theconfidentiality and integrity of a message, by
public key encryption, encrypting the message using the public key, which can only be
decrypted using the private key.

Public key cryptography is a fundamental and widely used technology around the world.
It is the approach which is employed by many cryptographic algorithms
and cryptosystems. It underpins such Internet standards as Transport Layer Security
(TLS) (successor to SSL), PGP, and GPG.

ADVANTAGES AND DISADVANTAGES

Even though public key cryptography is the accepted standard, it’s not foolproof. For
this

reason, it has not completely replaced symmetric cryptography. Here are some of the

main advantages and disadvantages [4].

Advantages:

1. The biggest advantage of public key cryptography is the secure nature

of the private key. In fact, it never needs to be transmitted or revealed

to anyone.2. It enables the use of digital certificates and digital timestamps, which

is a very secure technique of signature authorization. We will look at

digital timestamps and digital signatures in a moment.

Disadvantages:

1. Transmission time for documents encrypted using public key

cryptography are significantly slower then symmetric cryptography. In

fact, transmission of very large documents is prohibitive.

2. The key sizes must be significantly larger than symmetric

cryptography to achieve the same level of protection.

3. Public key cryptography is susceptible to impersonation attacks.

Use of cryptography
One of the primary reasons that intruders can be successful is that most of the
information they acquire from a system is in a form that they can read and
comprehend. When you consider the millions of electronic messages that traverse the
Internet each day, it is easy to see how a well-placed network sniffer might capture a
wealth of information that users would not like to have disclosed to unintended
readers. Intruders may reveal the information to others, modify it to misrepresent an
individual or organization, or use it to launch an attack. One solution to this problem
is, through the use of cryptography, to prevent intruders from being able to use the
information that they capture. Encryption is the process of translating information
from its original form (called plaintext) into an encoded, incomprehensible form
(called ciphertext). Decryption refers to the process of taking ciphertext and
translating it back into plaintext. Any type of data may be encrypted, including
digitized images and sounds. Cryptography secures information by protecting its
confidentiality. Cryptography can also be used to protect information about the
integrity and authenticity of data. For example, checksums are often used to verify the
integrity of a block of information. A checksum, which is a number calculated from
the contents of a file, can be used to determine if the contents are correct. An intruder,
however, may be able to forge the checksum after modifying the block of information.
Unless the checksum is protected, such modification might not be detected.
Cryptographic checksums (also called message digests) help prevent undetected
modification of information by encrypting the checksum in a way that makes the
checksum unique. The authenticity of data can be protected in a similar way. For
example, to transmit information to a colleague by E-mail, the sender the information
to protect its confidentiality and then attaches an encrypted digital signature to the
message. When the colleague receives the message, he or she checks the origin of the
message by using a key to verify the sender's digital signature and decrypts the
information using the corresponding decryption key. To protect against the chance of
intruders modifying or forging the information in transit, digital signatures are formed
by encrypting a combination of a checksum of the information and the author's unique
private key. A side effect of such authentication is the concept of nonrepudiation. A
person who places their cryptographic digital signature on an electronic document
cannot later claim that they did not sign it, since in theory they are the only one who
could have created the correct signature. Current laws in several countries, including
the United States, restrict cryptographic technology from export or import across
national borders. In the era of the Internet, it is particularly important to be aware of
all applicable local and foreign regulations governing the use of cryptography.