Chapter 3

Cryptography
16 Marks

Dheeraj S. Sadawarte
 CRYPTOGRAPHY
 Cryptography is the art and science of
achieving security by encoding messages to
make them non-readable.

Book Of Cryptograph R#5%^”;p0s89

Security ic system -$*-233409llgh

This process is
systematic &
well-structured

August 4, 2015 Dheeraj S. Sadawarte 2

 CRYPTOGRAPHY
• Plaintext: This is the original message
(readable/understandable).
• Encryption algorithm: Performs various substitutions and
transformations on the plaintext.
• Secret key: key is a value independent of the plaintext and
of the algorithm, used to produce a different output
depending on the specific key
• Ciphertext: This is the scrambled message produced as
output. Depends on plaintext and key.
• Decryption algorithm: reverse of encryption, it takes
ciphertext and key to obtain original message
August 4, 2015 Dheeraj S. Sadawarte 3
 Symmetric Encryption
 or conventional / private-key / single-key
 sender and recipient share a common key

August 4, 2015 Dheeraj S. Sadawarte 4

 Requirements
 two requirements for secure use of symmetric
encryption:
 a strong encryption algorithm
 a secret key known only to sender / receiver
 mathematically have:
Y = E(K, X)
X = D(K, Y)
where X-plaintext, Y-ciphertext, K-key, E-
encryption algorithm & D-Decryption algorithm
August 4, 2015 Dheeraj S. Sadawarte 5
 CRYPTANALYSIS:
 Codebreaking
 Cryptanalysis is the technique of decoding
ciphertext back to plaintext without knowing
how they were initially converted & key used
R#5%^”;p0s89 Book Of
-$*-233409llgh Cryptanalysis Security

This process is
trial & error
August 4, 2015
based
Dheeraj S. Sadawarte 6
 CRYPTOLOGY
 It is a combination of cryptography and
cryptanalysis

CRYPTOGRAPH CRYPTANALYSI CRYPTOLOG

Y S Y

August 4, 2015 Dheeraj S. Sadawarte 7

 Plain Text- Clear Readable Text
Cipher Text- Unreadable
Text
Algorithms for encryption and decryption

ENCRYPTION
Hi there !! ALGORITHM
m/okuG

DECRYPTION
m/okuG ALGORITHM
Hi there !!

August 4, 2015 Dheeraj S. Sadawarte 8

 Sender Receiver

Plaintext Plaintext

Encryption Decryption

Ciphertext Ciphertext

Internet
August 4, 2015 Dheeraj S. Sadawarte 9
 SUBSTITUTION TECHNIQUES:
 CAESAR CIPHER :
• Was Developed By Julius Caesar.
• the characters of plain text message are replaced
by other characters, numbers or symbols.
• Example :If each alphabet in a message is
replaced by an alphabet 3 place down the line
then
PLAIN TEXT: ABC
KEY: 3
CIPHER TEXT: DEF
August 4, 2015 Dheeraj S. Sadawarte 10
 Caesar’s Cipher
plaintext: meet me after the toga party
ciphertext:PHHW PH DIWHU WKH WRJD SDUWB

A B C D E F G H I J K L MN O P Q R S T U VW X Y Z
D E F G H I J K L MN O P Q R S T U VWX Y Z A B C

August 4, 2015 Dheeraj S. Sadawarte 11

 Caesar’s Cipher
Assign numbers to alphabets
A B C D E F G H I J K L M
0 1 2 3 4 5 6 7 8 9 10 11 12

N O P Q R S T U V W X Y Z
13 14 15 16 17 18 19 20 21 22 23 24 25

For encryption, C = E(k, p) = (p + k) mod 26

Ex. D=3, k=3, C=(3+3) mod 26, Cipher=6, Cipher=G
For Decryption, p = D(k, C) = (C - k) mod 26
Ex. Cipher(C)=G=6, k=3, P=(6-3) mod 26 = plain=3=D
August 4, 2015 Dheeraj S. Sadawarte 12
• If ciphertext is a
Caesar cipher, then
a brute-force
cryptanalysis is
easily performed:
simply try all the 25
possible keys.

August 4, 2015 Dheeraj S. Sadawarte 13

 MONO-ALPHABETIC CIPHER
 Major Weakness of Caesar Cipher is its
predictability
 Here, Random Substitution is used.
 In the plaintext message each A is replaced with
any alphabet i.e. B….Z.& each B replaced with
any alphabet A or C...Z

August 4, 2015 Dheeraj S. Sadawarte 14

 POLYGRAM SUBSTITUTION CIPHER
 PolyGram Substitution Cipher Technique
replaces one block of plain text with a
block of cipher text.
 It does not work on a Character-by-
Character basis.
 Example:

HELLO POLYGRAM SUBSTITUTION YUQQW

HELL POLYGRAM SUBSTITUTION TEUI

August 4, 2015 Dheeraj S. Sadawarte 15
 One-Time Pad
 If a truly random key as long as the message is used,
the cipher will be secure
 Called a One-Time pad
 Is unbreakable since ciphertext bears no statistical
relationship to the plaintext
 Since for any plaintext & any ciphertext there
exists a key mapping one to other
 Can only use the key once though
 Problems in generation & safe distribution of key
August 4, 2015 Dheeraj S. Sadawarte 16
 TRANSPOSITION
TECHNIQUES
 RAIL FENCE TECHNIQUE:
- It gets its name from the way in which it is
encoded.
- In the Rail Fence Cipher, the plain text is
written downwards on successive rails of an
imaginary fence then moving up when we get
to the bottom then message is then read off in
rows.
August 4, 2015 Dheeraj S. Sadawarte 17
 RAIL FENCE TECHNIQUE:

Plaintext – Welcome Students

W l o e t d n s
e c m s u e t

ciphertext- WLOETDNSECMSUET

Exercise –1. meet me after the toga party

August 4, 2015
2. attack postponed
Dheeraj S. Sadawarte
until two am 18
 RAIL FENCE TECHNIQUE:

Plaintext – 'WE ARE DISCOVERED. FLEE AT ONCE„

W. . . E. . .C. . .R. . . L. . . T. . . E
. E. R .D.S.O.E. E. F. E. A. O. C.
. . A. . . I. . . V . . .D. . . E. . . N . .
ciphertext- WECRLTEERDSOEEFEAOCAIVDEN

Exercise –1. attack postponed until two am

August 4, 2015 Dheeraj S. Sadawarte 19

 SIMPLE COLUMNAR TRANSPOSITION
 The message is written in rows of fixed length
and read out column by column
 Length is defined by key/keyword
 Plain text message : come home tomorrow
Column1 Column2 Column3 Column4 Column5 Column6
c o m e h o
m e t o m o
r r o w

cipher text CMROERMTOEOWHMOO

August 4, 2015 Dheeraj S. Sadawarte 20
 SIMPLE COLUMNAR TRANSPOSITION

Plaintext- attack postponed until two am

Key: 4312567
Column Out 3 4 1 2 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

August 4, 2015 Dheeraj S. Sadawarte 21

 Exercise
1. Plain text - “WE ARE DISCOVERED. FLEE AT
ONCE”
Key- 142635
2. Plain text – “keep eye on line of control”
Key- alpha
3. Final attack is on five hundred hrs, prepare
for it.
Key - 3516472

August 4, 2015 Dheeraj S. Sadawarte 22

 Plain text - “WE ARE DISCOVERED. FLEE AT ONCE”

Key- 142635 Length=6

1 4 2 6 3 5
W E A R E D
I S C O V E
R E D F L E
E A T O N C
E

Ciphertext - WIREE ACDT EVLN ESEA DEEC ROFO

August 4, 2015 Dheeraj S. Sadawarte 23

 DOUBLE COLUMNAR TRANSPOSITION
Plaintext- attack postponed until two am
Key: 4312567
Column Out 3 4 2 1 5 6 7
Plaintext: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ

Column Out 3 4 2 1 5 6 7
Plaintext: t t n a a p t
m t s u o a o
d w c o i x k
n l y p e t z
August 4, 2015 Dheeraj S. Sadawarte 24
Ciphertext: AUOPNSCYTMDNTTWLAOIEPAXTTOKZ
 ENCRYPTION AND
DECRPTION IN REAL WORLD
Sender Receiver
HELLO HELLO

Plaintext Plaintext

Encrypt Decrypt

INTERNET
Lfmmp Kplo Lfmmp Kplo
August 4, 2015 Dheeraj S. Sadawarte 25
ciphertext ciphertext
 SYMMETRIC AND ASYMMETRIC
KEY CRYPTOGRAPHY
• Symmetric key cryptography: Involves the use
of same key for encryption and decryption.
• Asymmetric key cryptography : Involves the
use of one key for encryption and another,
different key for decryption.
 Key Distribution problem in Symmetric key

cryptography.

August 4, 2015 Dheeraj S. Sadawarte 26

 Steganography
 An alternative to encryption
 Hides secret message within ordinary message
 Using only a subset of letters/words in a
longer message marked in some way
 Using invisible ink
 Hiding in graphic image or sound file
 A simple form arrangement of words or letters
within an apparently text spells out the real message
 Ex the sequence of first letters of each word of the
overall message spells out the hidden message.
August 4, 2015 Dheeraj S. Sadawarte 27
 Steganography
 In modern digital steganography, data is first
encrypted & then inserted into part of
particular file (jpg image)

Cove- Hidden Stego-

media Data key Stego-medium

• Cover media - a file/data in which msg is hidden

• Redundant bits- can be modified without loosing
mediums integrity.
•August
Stego-key
4, 2015
– used Dheeraj
to hide data in cover media
S. Sadawarte 28
 Steganography
 Drawback – lot of overhead to hide a
relatively few bits
 Once the system discovered, it becomes
worthless.

August 4, 2015 Dheeraj S. Sadawarte 29

 Hash Functions
 Condenses arbitrary message to fixed size
h = H(M)
 Usually assume hash function is public
 Hash used to detect changes to message

 Want a cryptographic hash function

 Computationally infeasible to find data mapping to
specific hash (one-way property)
 Computationally infeasible to find two data to same
hash (collision-free property)
August 4, 2015 Dheeraj S. Sadawarte 30
 Hashing
The principal object of a hashing is data
integrity.
Hash functions are often used to determine

whether or not data has changed.

Hash used to detect changes to message.

Provides error detection capability.

Provides Message authentication - assures

that data received are exactly as sent

August 4, 2015 Dheeraj S. Sadawarte 31
 Hash Function
 A hash function H accepts a variable-length
block of data M as input
 produces a fixed-size hash value h = H(M).
 A change to any bit or bits in M results, in a

change to the hash code.

 The purpose of hash function is to produce a

fingerprint of a file or message.

 Hash code is generated at sender side.

August 4, 2015 Dheeraj S. Sadawarte 32

 Cryptographic Hash Function

August 4, 2015 Dheeraj S. Sadawarte 33

 Hash Functions & Message
Authentication

August 4, 2015 Dheeraj S. Sadawarte 34

 Hash Function
 Hash code for message M is generated at sender,
 It then append with the msg M when M is
assumed correct.
 Message along with concatenated hash code is
encrypted using symmetric encryption.
 Receiver authenticates message by re-computing

hash code from message.

 Hash code is not considered to be secret, so

encryption used to protect hash value

August 4, 2015 Dheeraj S. Sadawarte 35

 Hash Function
 Receiver decrypts incoming msg (ciphertext) using
symmetric key
 Then receiver separates received msg M and hash code.
 The msg M is applied to H and hash code computed for
received msg
 The newly computed and received hash code are
compared.
 If match msg authenticated
 Else msg has modification, insertion, deletion of bit(s)
August 4, 2015 Dheeraj S. Sadawarte 36
 Other Hash Function Uses
 To create a one-way password file
 Store hash of password not actual password
 Pseudorandom function (PRF) or
pseudorandom number generator (PRNG)
 Another important application, which is
similar to the message authentication
application, is the digital signature.

August 4, 2015 Dheeraj S. Sadawarte 37

 Requirements / Properties

August 4, 2015 Dheeraj S. Sadawarte 38

 Attacks on Hash Functions
 Have brute-force attacks and cryptanalysis
 A preimage or second preimage attack
 Find y s.t. H(y) equals a given hash value
 Collision resistance
 Find two messages x & y with same hash so
H(x) = H(y)
 Birthday Attack

August 4, 2015 Dheeraj S. Sadawarte 39

  Two popular Hash Functions
 Secure Hash Algorithm.

 Message Digest.

MD2, MD4, MD5

August 4, 2015 Dheeraj S. Sadawarte 40

 Symmetric Cryptography
 In symmetric cryptography same key is used for
encryption and decryption.
 Also called conventional / Classical / Single
key/ Private key.
 Sender and receiver shares common key, which
must kept secret
 i.e the key is known to only sender and receiver.

August 4, 2015 Dheeraj S. Sadawarte 41

 Symmetric Cryptography
Sender and receiver must agree on key before
they start communicating.

August 4, 2015 Dheeraj S. Sadawarte 42

 Symmetric Cryptography
• To communicate with different parties, need
separate key for each channel.
• Maintaining no of keys is tedious.
• Key Distribution problem in Symmetric key
cryptography
• Requires a secure channel to distribute key

August 4, 2015 Dheeraj S. Sadawarte 43

• Encryption algorithms divided as –
• Block cipher
– A block cipher is an encryption/decryption scheme
in which a block of plaintext is treated as a whole
and
– Used to produce a ciphertext block of equal length.
– Encrypts block of data typically 64 bit/ 128 bit,
using a complex encryption algorithm
– A block cipher encrypts blocks belonging to the
same data under a common key
– Security is dependent of design of encryption algo.

August 4, 2015 Dheeraj S. Sadawarte 44

• Stream cipher
– Encrypts a digital data stream one bit or one
byte at a time.
– Uses simple encryption function (bitwise
EXOR)
– A stream cipher encrypts under a constantly
changing key stream.
– Security of stream cipher relies on the design
of the key stream generator.

August 4, 2015 Dheeraj S. Sadawarte 45

Data Encryption Standard
 Block vs Stream Ciphers

August 4, 2015 Dheeraj S. Sadawarte 47

 Data Encryption Standard
 Symmetric Encryption, Block Cipher
 Plaintext (64 bit block)
 Key 56 bit –
 actually 64 bit key accepted, only 56 bits are used, 8
bits are parity or simply set arbitrarily
 The algorithm transforms 64-bit input in a
series of steps into a 64-bit output
 Same steps, with the same key, are used to
reverse the encryption.
August 4, 2015 Dheeraj S. Sadawarte 48
 Data Encryption Standard
Plaintext 64 bit
Plaintext
64 bit Initial Permutation

Key LPT RPT

DES
16 16
Key Rounds Rounds
Ciphertext
64 bit Inverse
Initial Permutation

Ciphertext 64 bit
August 4, 2015 Dheeraj S. Sadawarte 49
 DES Encryption Overview

August 4, 2015 Dheeraj S. Sadawarte 50

 Data Encryption Standards
• The plaintext proceeds in three phases
1. Initial permutation (IP) that rearranges the bits
to produce the permuted input.
2. sixteen rounds involves both permutation and
substitution functions and outputs of last round
are swapped to produce the preoutput
3. inverse of the initial permutation function, to
produce the 64-bit ciphertext

August 4, 2015 Dheeraj S. Sadawarte 51

 Initial Permutation

August 4, 2015 Dheeraj S. Sadawarte 52

 Data Encryption Standards
• The plaintext proceeds in three phases
1. Initial permutation (IP) that rearranges the bits
to produce the permuted input.
2. sixteen rounds involves both permutation and
substitution functions and outputs of last round
are swapped to produce the preoutput
3. inverse of the initial permutation function, to
produce the 64-bit ciphertext

August 4, 2015 Dheeraj S. Sadawarte 53

August 4, 2015 Dheeraj S. Sadawarte 54
 Details of Single Round

 64-bit treated as separate 32-bit quantities, (L & R)

 The round key Ki is 48 bits.
 The input R is 32 bits. which is expanded to 48 bits
 The resulting 48 bits are XORed with Ki
 This 48-bit result passes through a substitution
function that produces a 32-bit output

August 4, 2015 Dheeraj S. Sadawarte 55

 DES Round Structure

August 4, 2015 Dheeraj S. Sadawarte 56

 Asymmetric Cryptography
• Each party contain two keys.
– Public key & private key.
• One key used for encryption and another, different
key for decryption.
• Also known as public key cryptography.
• Asymmetric encryption can be used for
confidentiality, authentication, or both
• Asymmetric algorithms rely on one key for
encryption and a different but related key for
decryption.
August 4, 2015 Dheeraj S. Sadawarte 57
 Public Key Cryptography
• Each person gets or generates a pair of keys,
called the public key & private key.
• Each persons public key is published while the
private key is kept secrete.
• The need for sender & receiver to share secret
information eliminated.
• Public key cryptography can be used for
authentication (digital signature) as well as for
privacy (encryption).
August 4, 2015 Dheeraj S. Sadawarte 58
 Asymmetric Cryptography

August 4, 2015 Dheeraj S. Sadawarte 59

 Asymmetric Cryptography
1. It is computationally infeasible to determine
the decryption key given only knowledge of
the cryptographic algorithm and the
encryption key.
2. Either of the two related keys can be used for
encryption, with the other used for decryption
• Sender send message encrypting with
receivers public key.
• Receiver decrypt using own private key.
August 4, 2015 Dheeraj S. Sadawarte 60
 Public Key Cryptosystem

August 4, 2015 Dheeraj S. Sadawarte 61

Steps
1. Each user generates a pair of keys to be used for
the encryption and decryption of messages.
2. Each user places one of the two keys in a public
register or other accessible file. This is the public
key. The companion key is kept private.
3. If Bob wishes to send a confidential message to
Alice, Bob encrypts the message using Alice‟s
public key.
4. When Alice receives the message, she decrypts it
using her private key. No other recipient can
decrypt the message because only Alice knows
Alice‟s private key.
August 4, 2015 Dheeraj S. Sadawarte 62
Use of Public Key Cryptography for Encryption
• When A wishes to send a message to B he looks
up B public key in a directory, uses it to encrypt
the message & sends it off.
• B then uses his private key to decrypt the
message and read it.
• No one listening in can decrypt the message.
• Anyone can send encrypted message to B, but
only B can read it.
• One requirement is that no one can figure out the
private key from the corresponding public key
August 4, 2015 Dheeraj S. Sadawarte 63
Use of Public Key Cryptography for Authentication
• When A wants to sign a message, does a
computation involving both his private key and
message itself; output called digital signature.
• Digital signature is attached to the message which is
then sent.
• B, to verify the signature, does some computation
involving the message, the supposed signature, and
A public key.

August 4, 2015 Dheeraj S. Sadawarte 64

August 4, 2015 Dheeraj S. Sadawarte 65
 Comparison

August 4, 2015 Dheeraj S. Sadawarte 66

 Digital Signatures
• have looked at message authentication
• digital signatures provide the ability to:
– verify author, date & time of signature
– authenticate message contents
• Is an electronic signature
• Sender can not easily repudiate (reject)
• Digital signature is based upon hashing and
asymmetric cryptography.
August 4, 2015 Dheeraj S. Sadawarte 67
 Digital Signature Model

August 4, 2015 Dheeraj S. Sadawarte 68

 Digital
Signature
Model

August 4, 2015 Dheeraj S. Sadawarte 69

 Digital Signatures

Advantages
Authentication
Authenticate the source of message
Integrity
Any change in msg invalidate the signature

August 4, 2015 Dheeraj S. Sadawarte 70