Werabe University

Institute of Technology
Department of Computer Science

Computer Science(Regular Program)

By:
Mr. Muktar A.

Computer Security
Chapter 3: Cryptography and Encryption Techniques

4/18/2023 1
Contents
• Basic cryptographic terms - Digital Signature
• Historical background - Using Public Key
• Cipher Techniques - Using Message Digest
- Transposition Cipher - MD4family
- Substitution Cipher - SHA family
• Conventional encryption algorithms - RIPEMD
• Cryptanalysis - Public key Infrastructure (PKI)
• Cryptographic Systems
- Trusted Third Party
-Symmetric key cryptography
- Certification
- DES
- Key Distribution
- 3DES
- PKI Topology
- AES
- Enrollment and
- Block Cipher Modes
Revocation Procedure
- Public key cryptography
- Deffie-Hellman
- RSA

4/18/2023 2
Conventional Encryption Principles

• A Symmetric encryption scheme has five ingredients

1. Plain Text: This is the original message or data, which is fed into
the algorithm as input.
2. Encryption Algorithm: This encryption algorithm performs
various substitutions and transformations on the plain text.
3. Secret Key: The key is another input to the algorithm. The
substitutions and transformations performed by algorithm depend
on the key.

4/18/2023 3
Cont…

simplified model of conventional encryption

4/18/2023 4
Cont….
4. Cipher Text: This is the scrambled (unreadable)
message which is output of the encryption algorithm.
This cipher text is dependent on plaintext and secret
key. For a given plaintext, two different keys produce
two different cipher texts.
5. Decryption Algorithm: This is the reverse of
encryption algorithm. It takes the cipher text and secret
key as inputs and outputs the plain text.

4/18/2023 5
Cont….
Two main requirements are needed for secure use of conventional encryption:

 A strong encryption algorithm is needed. It is desirable that the algorithm should be in such a
way that, even the attacker who knows the algorithm and has access to one or more cipher texts
would be unable to decipher the cipher text or figure out the key.
 The secret key must be distributed among the sender and receiver in a much-secured way.
 If in any way, the key is discovered and with the knowledge of algorithm, all communication
using this key is readable.
 The important point is that the security of conventional encryption depends on the secrecy of the
key, not the secrecy of the algorithm i.e. it is not necessary to keep the algorithm secret, but only
the key is to be kept secret. This feature that algorithm need not be kept secret made it feasible
for wide spread use and enabled manufacturers develop low cost chip implementation of data
encryption algorithms. With the use of conventional algorithm, the principal security problem is
maintaining the secrecy of the key.

4/18/2023 6
Cryptography
• Cryptography, in a very broad sense, is the study of techniques related to aspects of information
security. Hence cryptography is concerned with the writing (ciphering or encoding) and
deciphering (decoding) of messages in secret code.

• Cryptographic systems are classified along three independent dimensions:

• The type of operations used for performing plaintext to cipher text: All the encryption
algorithms make use of two general principles;

 substitution, in which each element in the plain text is mapped into another element and

 transposition, in which elements in the plain text are rearranged. Important thing is that no
information should be lost.

 The systems which involve multiple stages of substitutions and transpositions are known as
product systems.

4/18/2023 7
Cont…..
• The number of keys used
If single key is used by both sender and receiver, it is called symmetric,
single-key, secret-key or conventional encryption. If sender and receiver
each use a different key, then it is called asymmetric, two-key or
public-key encryption.
• The way in which plaintext is processed
 A block cipher processes the input one block of elements at a time,
producing an output block for each input block.
 Stream cipher processes the input elements continuously, producing
output one element at a time as it goes along.

4/18/2023 8
 Cryptanalysis
• The process of attempting to discover the plaintext or key is known as cryptanalysis. It is very
difficult when only the cipher text is available to the attacker as in some cases even the
encryption algorithm is not known. The most common attack under these circumstances is
brute-force approach of trying all the possible keys. This attack is made impractical when the
key size is considerably large. The table below gives an idea on types of attacks on encrypted
messages.

• Cryptology covers both cryptography and cryptanalysis. Cryptology is a constantly evolving

science; ciphers are invented and, given time, are almost certainly breakable. Cryptanalysis is
the best way to understand the subject of cryptology. Cryptographers are constantly searching
for the perfect security system, a system that is both fast and hard and a system that encrypts
quickly but is hard or impossible to break.

• Cryptanalysts are always looking for ways to break the security provided by a cryptographic
system, mostly though mathematical understanding of the cipher structure.
4/18/2023 9
Cont….
• Cryptography can be defined as the conversion of data into a scrambled code that can be
deciphered and sent across a public or a private network.

• Cryptanalytic Attack: May be classified by how much information needed by the attacker:
o A Cipher text-only attack is an attack with an attempt to decrypt cipher text when only the
cipher text itself is available.
o A Known-plaintext attack is an attack in which an individual has the plaintext samples and its
encrypted version (cipher text) thereby allowing him to use both to reveal further secret
information like the key.
o A Chosen- plaintext attack involves the cryptanalyst be able to define his own plaintext, feed it
into the cipher and analyze the resulting cipher text.
o A Chosen-cipher text attack is one, where attacker has several pairs of plaintext-cipher text and
cipher text chosen by the attacker.

4/18/2023 10
Cont….
• An encryption scheme is unconditionally secure if the cipher text
generated by the scheme does not contain enough information to
determine uniquely the corresponding plain text, no matter how much
cipher text and time is available to the opponent. Example for this type is
One-time Pad
• An encryption scheme is computationally secure if the cipher text
generated by the scheme meets the following criteria:
o Cost of breaking cipher exceeds the value of the encrypted information.
o Time required to break the cipher exceeds the useful lifetime of the
information.

4/18/2023 11
Cont….
• The average time required for exhaustive key search is given
below:

The average time required for exhaustive

4/18/2023 12
Types of Cryptography
1. Symmetric Key Cryptography
2. Asymmetric Key Cryptography
3. Hash Functions

4/18/2023 13
Cont…..
Symmetric Key Cryptography
o Also known as Secret Key Cryptography or Conventional Cryptography.
o Symmetric Key Cryptography is an encryption system in which the sender
and receiver of a message share a single, common key that is used to encrypt
and decrypt the message.
o The Algorithm use is also known as a secret key algorithm or sometimes called
a symmetric algorithm
o A key is a piece of information (a parameter) that determines the functional
output of a cryptographic algorithm or cipher.
o The key for encrypting and decrypting the file had to be known to all the
recipients. Else, the message could not be decrypted by conventional means.
4/18/2023 14
Cont…..
o Symmetric Key Cryptography – Examples
1. Data Encryption Standard (DES): The Data Encryption Standard was published in 1977 by the
US National Bureau of Standards. DES uses a 56 bit key and maps a 64 bit input block of plaintext
onto a 64 bit output block of cipher text. 56 bits is a rather small key for today’s computing power.

2. Triple DES: Triple DES was the answer to many of the shortcomings of DES. Since it is based on
the DES algorithm, it is very easy to modify existing software to use Triple DES. It also has the
advantage of proven reliability and a longer key length that eliminates many of the shortcut attacks
that can be used to reduce the amount of time it takes to break DES.

3. Advanced Encryption Standard (AES) (RFC3602): Advanced Encryption Standard (AES) is an

encryption standard adopted by the U.S. government. The standard comprises three block ciphers,
AES-128, AES-192 and AES-256. Each AES cipher has a 128-bit block size, with key sizes of 128,
192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used
worldwide, as was the case with its predecessor, the Data Encryption Standard (DES).

4/18/2023 15
Problems with Conventional Cryptography

1. Key Management: Symmetric-key systems are simpler and faster; their main
drawback is that the two parties must somehow exchange the key in a secure
way and keep it secure after that. Key Management caused nightmare for the
parties using the symmetric key cryptography. They were worried about how to
get the keys safely and securely across to all users so that the decryption of the
message would be possible. This gave the chance for third parties to intercept
the keys in transit to decode the top-secret messages.

• Thus, if the key was compromised, the entire coding system was compromised
and a Secret would no longer remain a “Secret”. This is why the “Public Key
Cryptography” came into existence.

4/18/2023 16
Asymmetric Key Cryptography
 Asymmetric cryptography, also known as Public-key cryptography,
refers to a cryptographic algorithm that requires two separate keys, one
of which is private and one of which is public. The public key is used to
encrypt the message and the private one is used to decrypt the message.
 Public Key Cryptography is a very advanced form of cryptography.
Officially, it was invented by Whitfield Deffie and Martin Hellman in
1975. The basic technique of public key cryptography was first
discovered in 1973 by the British Clifford Cocks of Communications-
Electronics Security Group (CESG) of (Government Communications
Headquarters – GCHQ) but this was a secret until 1997.

4/18/2023 17
Asymmetric Key Cryptography – Examples

1. Digital Signature Standard (DSS): Digital Signature Standard (DSS) is the digital
signature algorithm (DSA) developed by the U.S. National Security Agency (NSA) to
generate a digital signature for the authentication of electronic documents. DSS was put
forth by the National Institute of Standards and Technology (NIST) in 1994, and has
become the United States government standard for authentication of electronic
documents. DSS is specified in Federal Information Processing Standard (FIPS) 186.
2. Algorithm – RSA: – RSA (Rivest, Shamir and Adelman who first publicly described it in
1977) is an algorithm for public-key cryptography. It is the first algorithm known to be
suitable for signing as well as encryption, and one of the first great advances in public
key cryptography. RSA is widely used in electronic commerce protocols, and is believed
to be secure given sufficiently long keys and the use of up-to-date implementations.

4/18/2023 18
Cont….
• RSA Cryptanalysis

o Rivest, Shamir, and Adelman placed a challenge in Martin Gardner’s column in Scientific
American (journal) in which the readers were invited to crack.
C=114,381,625,757,888,867,669,235,779,976,146,612,010,218,296,721,242,362,562,561
,842,935,706,935,245,733,897,830,597,123,563,958,705,058,989,075,147,599,290,026,8
79,543,541.
o This was solved in April 26, 1994, cracked by an international effort via the internet with
the use of 1600 workstations, mainframes, and supercomputers attacked the number for
eight months before finding its Public key and its private key. Encryption key = 9007 The
message “first solver wins one hundred dollars”.
o Of course, the RSA algorithm is safe, as it would be incredibly difficult to gather up such
international participation to commit malicious acts.

4/18/2023 19
Cont….
3. ElGamal
o ElGamal is a public key method that is used in both
encryption and digital signing.
o The encryption algorithm is similar in nature to the Diffie-
Hellman key agreement protocol.
o It is used in many applications and uses discrete logarithms.
o ElGamal encryption is used in the free GNU Privacy Guard
software

4/18/2023 20
Cont….
4. Diffie-Hellman algorithm

• The Diffie-Hellman algorithm, invented in 1976 by Whitfield Diffie and Martin Hellman,
is a key exchange algorithm that allows two parties to securely exchange a shared secret
key over a public communication channel.

• The Diffie-Hellman algorithm is being used to establish a shared secret that can be used for
secret communications while exchanging data over a public network using the elliptic
curve to generate points and get the secret key using the parameters.

• The Diffie-Hellman key exchange (also known as exponential key exchange) is a method
for securely exchanging cryptographic keys over an insecure channel. It is a fundamental
building block of many secure communication protocols, including SSL/TLS and SSH.

• This algorithm is widely used in various applications for secure communication, such as
VPNs, online banking, and secure email.
4/18/2023 21
Cont….
• Limitations of Diffie-Hellman Algorithm
Man-in-the-middle attacks
Limited key size
Requires a secure communication channel
Not suitable for digital signature

4/18/2023 22
Hash Functions
• A cryptographic hash function is a hash function that
takes an arbitrary block of data and returns a fixed-size
bit string, the cryptographic hash value, such that any
(accidental or intentional) change to the data will (with
very high probability) change the hash value. The data
to be encoded are often called the message, and the
hash value is sometimes called the message digest or
simply digests.

4/18/2023 23
Cont….

4/18/2023 24
Cont….
 The ideal cryptographic hash function has four main
properties:
o It is easy to compute the hash value for any given message.
o It is infeasible to generate a message that has a given hash.
o It is infeasible to modify a message without changing the
hash.
o It is infeasible to find two different messages with the same
hash.

4/18/2023 25
Features of Hash Functions
• The typical features of hash functions are –
 Fixed Length Output Hash Value
o Hash function coverts data of arbitrary length to a fixed length. This
process is often referred to as hashing the data. In general, the hash is
much smaller than the input data; hence, hash functions are sometimes
called compression functions.
o Since a hash is a smaller representation of a larger data, it is also
referred to as a digest.
o Hash function with n bit output is referred to as an n-bit hash function.
Popular hash functions generate values between 160 and 512 bits.

4/18/2023 26
Cont….
 Efficiency of Operation
 Generally for any hash function h with input x, computation of hx is a fast
operation. Computationally hash functions are much faster than a symmetric
encryption.
 In order to be an effective cryptographic tool, the hash function is desired
to possess following properties –
 Pre-Image Resistance
o This property means that it should be computationally hard to reverse a hash
function. In other words, if a hash function h produced a hash value z, then it
should be a difficult process to find any input value x that hashes to z.
o This property protects against an attacker who only has a hash value and is
trying to find the input.

4/18/2023 27
Cont….
 Second Pre-Image Resistance
o This property means given an input and its hash, it should be
hard to find a different input with the same hash.
o In other words, if a hash function h for an input x produces hash
value hx, then it should be difficult to find any other input value
y such that hy = hx.
o This property of hash function protects against an attacker who
has an input value and its hash, and wants to substitute different
value as legitimate value in place of original input value.

4/18/2023 28
Cont….
 Collision Resistance
o This property means it should be hard to find two different inputs of any length
that result in the same hash. This property is also referred to as collision free hash
function.
o In other words, for a hash function h, it is hard to find any two different inputs x
and y such that hx = hy. Since, hash function is compressing function with fixed
hash length, it is impossible for a hash function not to have collisions. This
property of collision free only confirms that these collisions should be hard to
find.
o This property makes it very difficult for an attacker to find two input values with
the same hash. Also, if a hash function is collision-resistant then it is second pre-
image resistant.
4/18/2023 29
Design of Hashing Algorithms
 At the heart of a hashing is a mathematical function that operates on two
fixed-size blocks of data to create a hash code. This hash function forms
the part of the hashing algorithm.
 The size of each data block varies depending on the algorithm.
Typically, the block sizes are from 128 bits to 512 bits. The following
illustration demonstrates hash function.

4/18/2023 30
Cont….
 Hashing algorithm involves rounds of above hash function like a block cipher.
Each round takes an input of a fixed size, typically a combination of the most
recent message block and the output of the last round.
 This process is repeated for as many rounds as are required to hash the entire
message. Schematic of hashing algorithm is depicted in the following
illustration

4/18/2023 31
Cont….
 Since, the hash value of first message block becomes an input to the second hash
operation, output of which alters the result of the third operation, and so on. This effect,
known as an avalanche effect of hashing.(Small Change in the input results in a very large
change in the output)

 Avalanche effect results in substantially different hash values for two messages that
differ by even a single bit of data. Understand the difference between hash function and
algorithm correctly.

 The hash function generates a hash code by operating on two blocks of fixed-length
binary data.

 Hashing algorithm is a process for using the hash functions, specifying how the message
will be broken up and how the results from previous message blocks are chained together.

4/18/2023 32
Popular Hash Functions

 Let us briefly see some popular hash functions –

A. Message Digest MD
 MD5 was most popular and widely used hash function for quite some
years. The MD family comprises of hash functions MD2, MD4, MD5
and MD6. It was adopted as Internet Standard RFC 1321. It is a 128-bit
hash function. MD5 digests have been widely used in the software
world to provide assurance about integrity of transferred file.
 For example, file servers often provide a pre-computed MD5 checksum
for the files, so that a user can compare the checksum of the
downloaded file to it.

4/18/2023 33
Cont….

 In 2004, collisions were found in MD5. An analytical attack was

reported to be successful only in an hour by using computer
cluster. This collision attack resulted in compromised MD5 and
hence it is no longer recommended for use.

4/18/2023 34
Cont….
B. Secure Hash Function SHA
 Family of SHA comprise of four SHA algorithms; SHA-0, SHA-1, SHA-2, and SHA-3. Though from same
family, there are structurally different.
 The original version is SHA-0, a 160-bit hash function, was published by the National Institute of Standards
and Technology NIST in 1993. It had few weaknesses and did not become very popular.
 Later in 1995, SHA-1 was designed to correct alleged weaknesses of SHA-0. SHA-1 is the most widely used
of the existing SHA hash functions. It is employed in several widely used applications and protocols including
Secure Socket Layer SSL security.
 In 2005, a method was found for uncovering collisions for SHA-1 within practical time frame making long-
term employability of SHA-1 doubtful. SHA-2 family has four further SHA variants, SHA-224, SHA-256,
SHA-384, and SHA-512 depending up on number of bits in their hash value. No successful attacks have yet
been reported on SHA-2 hash function. Though SHA-2 is a strong hash function. Though significantly
different, its basic design is still follows design of SHA-1. Hence, NIST called for new competitive hash
function designs.
 In October 2012, the NIST chose the Keccak algorithm as the new SHA-3 standard. Keccak offers many
benefits, such as efficient performance and good resistance for attacks.

4/18/2023 35
Cont….
C. RIPEMD
 The RIPEND is an acronym for RACE Integrity Primitives Evaluation Message Digest.
 This set of hash functions was designed by open research community and generally known as a
family of European hash functions.
 The set includes RIPEND, RIPEMD-128, and RIPEMD-160. There also exist 256, and 320-bit
versions of this algorithm.
 Original RIPEMD 128bit is based upon the design principles used in MD4 and found to provide
questionable security. RIPEMD 128-bit version came as a quick fix replacement to overcome
vulnerabilities on the original RIPEMD.
 RIPEMD-160 is an improved version and the most widely used version in the family.

 The 256 and 320-bit versions reduce the chance of accidental collision, but do not have higher
levels of security as compared to RIPEMD-128 and RIPEMD-160 respectively.

4/18/2023 36
Cont….
• Whirlpool
 This is a 512-bit hash function.
 It is derived from the modified version of Advanced
Encryption Standard AES.
 One of the designers was Vincent Rijmen, a co-creator of
the AES.
 Three versions of Whirlpool have been released; namely
WHIRLPOOL-0, WHIRLPOOL-T, and WHIRLPOOL.

4/18/2023 37
Applications of Hash Functions
• There are two direct applications of hash function based on its cryptographic properties.
1. Password Storage

 Hash functions provide protection to password storage. Instead of storing

password in clear, mostly all logon processes store the hash values of
passwords in the file. The Password file consists of a table of pairs which
are in the form userid, h(P). The process of logon is depicted in the
following illustration.

 An intruder can only see the hashes of passwords, even if he accessed the
password. He can neither logon using hash nor can he derive the password
from hash value since hash function possesses the property of pre-image
resistance.

4/18/2023 38
Cont…..

4/18/2023 39
Cont…..
2. Data Integrity Check
 Data integrity check is a most common application of
the hash functions. It is used to generate the checksums
on data files. This application provides assurance to the
user about correctness of the data. The process is
depicted in the following illustration.

4/18/2023 40
Cont…..

• The integrity check helps the user to detect any changes made to original file. It however, does
not provide any assurance about originality. The attacker, instead of modifying file data, can
change the entire file and compute all together new hash and send to the receiver.

• This integrity check application is useful only if the user is sure about the originality of file.

4/18/2023 41
Classical Encryption Techniques

• There are two basic building blocks of all encryption techniques: substitution
and transposition.
• Substitution Encryption Techniques
 These techniques involve substituting or replacing the contents of the
plaintext by other letters, numbers or symbols. Different kinds of ciphers are
used in substitution technique.
• Caesar Ciphers or Shift Cipher:
 The earliest known use of a substitution cipher and the simplest was by
Julius Caesar. The Caesar cipher involves replacing each letter of the
alphabet with the letter standing 3 places further down the alphabet.

4/18/2023 42
Cont….
• Let us consider,
• A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Choose k, Shift all
letters by k
• For example, if k = 5
• A becomes F, B becomes G, C becomes H, and so on…
• Mathematically give each letter a number,
• abcdefghijklmnopqrstuvwxyz
• 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
• If shift = 3 then
• e.g., plain text: pay more money
• Cipher text: SDB PRUH PRQHB

4/18/2023 43
Cont…..
• Note that the alphabet is wrapped around, so that letter following “z‟ is “a‟.
• For each plaintext letter p, substitute the cipher text letter c such that
• C = E(p) = (p+3) mod 26
• A shift may be any amount, so that general Caesar algorithm is
• C = E (p) = (p+k) mod 26
• Where k takes on a value in the range 1 to 25.The decryption algorithm is simply
• P = D(C) = (C-k) mod 26
• If it is known that a given cipher text is a Caesar cipher, then a brute force
cryptanalysis is easily performed. With a Caesar cipher, there are only 26
possible keys, of which only 25 are of any use, since mapping A to A etc. does
not really obscure the message!

4/18/2023 44
Monoalphabetic Ciphers:
• Here, Plaintext characters are substituted by a different alphabet stream of characters shifted to the right
or left by n positions. When compared to the Caesar ciphers, these monoalphabetic ciphers are more
secure as each letter of the cipher text can be any permutation of the 26 alphabetic characters leading to
26! Or greater than 4 x 1026 possible keys. However, it is still vulnerable to cryptanalysis, when a
cryptanalyst is aware of the nature of the plaintext, he can find the regularities of the language. To
overcome these attacks, multiple substitutions for a single letter are used.
• For example, a letter can be substituted by different numerical cipher symbols such as 17, 54, 69…etc.
Even this method is not completely secure as each letter in the plain text effects on letter in the cipher
text. Or, using a common key which substitutes every letter of the plain text.
• The key A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
• Q W E R T Y U I O PA S D F G H J K L Z X C V B N M

• Would encrypt the message I think therefore I am

• into OZIIOFAZIITKTYGKTOQD

4/18/2023 45
Cont….
• But any attacker would simply break the cipher by using
frequency analysis by observing the number of times each letter
occurs in the cipher text and then looking upon the English letter
frequency table. So, substitution cipher is completely ruined by
these attacks.
• Monoalphabetic ciphers are easy to break as they reflect the
frequency of the original alphabet.
• A countermeasure is to provide substitutes, known as
homophones for a single letter.

4/18/2023 46
Playfair Ciphers:
• The Playfair Cipher is a manual symmetric encryption cipher invented in 1854 by Charles
Wheatstone; however its name and popularity came from the endorsement of Lord Playfair.
It is the best known multiple letter encryption cipher which treats diagrams in the plaintext as
single units and translates these units into cipher text diagrams.
• The Playfair Cipher is a diagram substitution cipher offering a relatively weak method of
encryption. It was used for tactical purposes by British forces in the Second Boer War and in
World War I and for the same purpose by the Australians and Germans during World War II. This
was because Playfair is reasonably fast to use and requires no special equipment. A typical
scenario for Playfair use would be to protect important but non-critical secrets during actual
combat. By the time the enemy cryptanalysts could break the message, the information was
useless to them.
• It is based around a 5×5 matrix, a copy of which is held by both communicating parties, into
which 25 of the 26 letters of the alphabet (normally either j and i are represented by the same
letter or x is ignored) are placed in a random fashion.

4/18/2023 47
Cont….
• For example, the plain text is Shi Sherry loves Heath Ledger and the agreed key
is sherry. The matrix will be built according to the following rules.
• in pairs,
• without punctuation,
• All Js are replaced with Is.
• SH IS HE RR YL OV ES HE AT HL ED GE R
• Double letters which occur in a pair must be divided by an X or a Z.
• Example: LI TE RA LL TE RA LX LY
• SH IS HE RX RY LO VE SH EA TH LE DG ER
• The alphabet square is prepared using, a 5*5 matrix, no repetition letters, no Js
and key is written first followed by the remaining alphabets with no i and j.

4/18/2023 48
Cont….

4/18/2023 49
Cont….
• For the generation of cipher text, there are three rules to be followed by each pair
of letters.
 letters appear on the same row: replace them with the letters to their
immediate right respectively.
 letters appear on the same column: replace them with the letters immediately
below respectively
 not on the same row or column： replace them with the letters on the same
row respectively but at the other pair of corners of the rectangle defined by the
original pair.
• Based on the above three rules, the cipher text obtained for the given plain text is

4/18/2023 50
Cont…..
 HE GH ER DR YS IQ WH HE SC OY KR AL RY
• Another example which is simpler than the above one
can be given as:
Here, key word is playfair.
Plaintext is Hellothere
hello there becomes -> he_lx_lo_th_er_ex.
Applying the rules again, for each pair,

4/18/2023 51
Cont….

• If they are in the same row, replace each with the letter to its right
(mod 5)
he -> KG
If they are in the same column, replace each with the letter below
it (mod 5)
lo -> RV
Otherwise, replace each with letter we‘d get if we swapped their
column indices
lx -> YV
4/18/2023 52
Public Key Cryptography:
• The development of public-key cryptography is the greatest and perhaps the only true revolution
in the entire history of cryptography. It is asymmetric, involving the use of two separate keys, in
contrast to symmetric encryption, which uses only one key.

• Public key schemes are neither more nor less secure than private key (security depends on the
key size for both).

• Public-key cryptography complements rather than replaces symmetric cryptography.

• Both also have issues with key distribution, requiring the use of some suitable protocol.

• The concept of public-key cryptography evolved from an attempt to attack two of the most
difficult problems associated with symmetric encryption:

1. Key distribution – how to have secure communications in general without having to

trust a Key Distribution Center (KDC) with your key.
2. Digital signatures – how to verify a message comes intact from the claimed sender

4/18/2023 53
Cont…..
• Public-key/two-key/asymmetric cryptography involves the use
of two keys:
 a public-key, which may be known by anybody, and can be used
to encrypt messages, and verify signatures
 a private-key, known only to the recipient, used to decrypt
messages, and sign (create) signatures.
 is asymmetric because those who encrypt messages or verify
signatures cannot decrypt messages or create signatures

4/18/2023 54
Cont….
• Public-Key algorithms rely on one key for encryption and a different but related
key for decryption. These algorithms have the following important
characteristics:
• It is computationally infeasible to find decryption key knowing only algorithm &
encryption key
• It is computationally easy to en/decrypt messages when the relevant (en/decrypt)
key is known.
• Either of the two related keys can be used for encryption, with the other used for
decryption (for some algorithms like RSA).
• The following figure illustrates public-key encryption process and shows that a
public-key encryption scheme has six ingredients: plaintext, encryption
algorithm, public & private keys, cipher text & decryption algorithm.

4/18/2023 55
Cont….

public-key encryption process

4/18/2023 56
Cont……
• The essential steps involved in a public-key encryption scheme are given below:
1. Each user generates a pair of keys to be used for encryption and decryption.
2. Each user places one of the two keys in a public register and the other key is
kept private.
3. If B wants to send a confidential message to A, B encrypts the message using
A‘s public key.
4. When A receives the message, she decrypts it using her private key. Nobody
else can decrypt the message because that can only be done using A‘s private
key (Deducing a private key should be infeasible).
5. If a user wishes to change his keys –generate another pair of keys and publish
the public one: no interaction with other users is needed.

4/18/2023 57
Cont…..
• Notations used in Public-key cryptography:
 The public key of user A will be denoted KUA.
 The private key of user A will be denoted KRA.
 Encryption method will be a function E.
 Decryption method will be a function D.
 If B wishes to send a plain message X to A, then he sends the
crypto text Y=E(KUA,X)
 The intended receiver A will decrypt the message: D(KRA,Y)=X

4/18/2023 58
Cont…..
• The first attack on Public-key Cryptography is the attack on
Authenticity. An attacker may impersonate user B: he sends a
message E (KUA,X) and claims in the message to be B –A has no
guarantee this is so. To overcome this, B will encrypt the message
using his private key: Y=E(KRB,X). Receiver decrypts using B‘s
public key KRB. This shows the authenticity of the sender
because (supposedly) he is the only one who knows the private
key. The entire encrypted message serves as a digital signature.
This scheme is depicted in the following figure:

4/18/2023 59
Cont…..

encrypt massage with public key

• But, a drawback still exists. Anybody can decrypt the message using
B‘s public key. So, secrecy or confidentiality is being compromised.

4/18/2023 60
Cont…..
• One can provide both authentication and confidentiality using the public-key
scheme twice:

public key Cryptosystem: secrecy and authentication

4/18/2023 61
Cont……
 A encrypts X with his private key: Y=E(KRA,X)
 A encrypts Y with B‘s public key: Z=E(KUB,Y)
 B will decrypt Z (and she is the only one capable of doing it):
Y=D(KRB, Z)
 B can now get the plaintext and ensure that it comes from A (he knows
public key of A): decrypt Y using A‘s public key: X=D(KUA, Y).
• Applications for public-key cryptosystems:
1. Encryption/decryption: sender encrypts the message with the receiver‘s public key.
2. Digital signature: sender ―signs the message (or a representative part of the message)
using his private key
3. Key exchange: two sides cooperate to exchange a secret key for later use in a secret-key
cryptosystem

4/18/2023 62
Cont…..
• The main requirements of Public-key cryptography are:
1. Computationally easy for a party B to generate a pair (public key KUb, private key KRb).
2. Easy for sender A to generate ciphertext:
C EKUb (M)
3. Easy for the receiver B to decrypt ciphertext using private key: M=DKRb
• (C) DKRb[EKUb (M)].
1. Computationally infeasible to determine private key (KRb) knowing public key (KUb).
2. Computationally infeasible to recover message M, knowing KUb and cipher text C
3. Either of the two keys can be used for encryption, with the other used for decryption:

4/18/2023 63
Cont……
• Easy is defined to mean a problem that can be solved in polynomial time as a function of
input length.

• A problem is infeasible if the effort to solve it grows faster than polynomial time as a
function of input size.

• Public-key cryptosystems usually rely on difficult math functions rather than S-P
networks as classical cryptosystems. One-way function is one, easy to calculate in one
direction, infeasible to calculate in the other direction (i.e., the inverse is infeasible to
compute).

• Trap-door function is a difficult function that becomes easy if some extra information is
known. Our aim to find a trap-door one-way function, which is easy to calculate in one
direction and infeasible to calculate in the other direction unless certain additional
information is known.
4/18/2023 64
Cont…..
• Security of Public-key schemes:
 Like private key schemes, brute force exhaustive search attack is always
theoretically possible. But keys used are too large (>512bits).
 Security relies on a large enough difference in difficulty between easy
(en/decrypt) and hard (cryptanalyse) problems. More generally the hard
problem is known, its just made too hard to do in practice.
 Requires the use of very large numbers, hence is slow compared to
private key schemes.

4/18/2023 65
Cont…..
• RSA algorithm:
• RSA is the best known, and by far the most widely used general public key
encryption algorithm, and was first published by Rivest, Shamir & Adleman of
MIT in 1978 [RIVE78]. Since that time RSA has reigned supreme as the most
widely accepted and implemented general-purpose approach to public-key
encryption. The RSA scheme is a block cipher in which the plaintext and the
ciphertext are integers between 0 and n-1 for some fixed n and typical size for n
is 1024 bits (or 309 decimal digits). It is based on exponentiation in a finite
(Galois) field over integers modulo a prime, using large integers (eg. 1024 bits).

• Its security is due to the cost of factoring large numbers.

4/18/2023 66
Cont…..
• RSA involves a public-key and a private-key where the public key is known to all and is used to encrypt
data or message. The data or message which has been encrypted using a public key can only be decryted by
using its corresponding private-key. Each user generates a key pair i.e. public and private key using the
following steps:

 Each user selects two large primes at random – p, q

 Compute their system modulus n=p.q

 Calculate ø(n), where ø(n)=(p-1)(q-1)

 Selecting at random the encryption key e, where 1<e<ø(n),and gcd(e,ø(n))=1

 Solve following equation to find decryption key d: e.d=1 mod ø(n) and 0≤d≤n

 Publish their public encryption key: KU={e,n}

 Keep secret private decryption key: KR={d,n}

• Both the sender and receiver must know the values of n and e, and only the receiver knows the value of d.
Encryption and Decryption are done using the following equations.
4/18/2023 67
Cont……
• To encrypt a message M the sender:
 Obtains public key of recipient KU={e,n}
 Computes: C=Me mod n, where 0≤M<n
• To decrypt the ciphertext C the owner:
 Uses their private key KR={d,n}
 Computes: M=Cd mod n = (Me) d mod n = M ed mod n
• For this algorithm to be satisfactory, the following requirements are to be met.

1. It‘s possible to find values of e, d, n such that Med = M mod n for all M<n
2. It is relatively easy to calculate Me and C for all values of M < n.
3. It is impossible to determine d given e and n

4/18/2023 68
Cont…..
• The way RSA works is based on Number theory:
• Fermat’s little theorem: if p is prime and a is positive integer not divisible by p,
then ap-1≡ 1 mod p.
Corollary: For any positive integer a and prime p, ap≡ a mod p.
• Fermat‘s theorem, as useful as will turn out to be does not provide us with
integers d,e we are looking for –Euler‘s theorem (a refinement of Fermat‘s) does.
Euler‘s function associates to any positive integer n, a number φ(n): the number
of positive integers smaller than n and relatively prime to n.
• For example, φ(37) = 36 i.e. φ(p) = p-1 for any prime p. For any two primes p,q,
φ(pq)=(p-1)(q-1).

4/18/2023 69
Cont…..
• Euler’s theorem: for any relatively prime integers a,n we have a
φ(n)≡1 mod n.
Corollary: For any integers a,n we have a φ(n)+1≡a mod n
Corollary: Let p,q be two odd primes and n=pq.
Then: φ(n)=(p-1)(q-1)
For any integer m with 0<m<n, m (p-1)(q-1)+1 ≡ m mod n
For any integers k,m with 0<m<n, m k(p-1)(q-1)+1 ≡ m mod n
Euler‘s theorem provides us the numbers d, e such that Med=M mod n. We
have to choose d,e such that ed=kφ(n)+1, or equivalently, d≡e-1 mod φ(n)

4/18/2023 70
Cont…..
• An example of RSA can be given as,  Select primes: p=17 & q=11
  Compute n = pq =17×11=187
  Compute ø(n)=(p–1)(q-1)=16×10=160
  Select e : gcd(e,160)=1; choose e=7
  Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161=
10x160x1
  Publish public key KU={7,187}
  Keep secret private key KR={23,187}
  Now, given message M = 88 (nb. 88<187)
  encryption: C = 887 mod 187 = 11
  decryption: M = 1123 mod 187 = 88

4/18/2023 71
Cont…..
• Another example of RSA is given as,
Let p = 11, q = 13, e = 11, m = 7
n = pq i.e. n= 11.13 = 143
• ø(n)= (p-1)(q-1) i.e. (11-1)(13-1) = 120
• e.d=1 mod ø(n) i.e. 11d mod 120 = 1 i.e. (1111) mod 120=1; so d = 11
public key :{11,143} and private key: {11,143}
C=Me mod n, so ciphertext = 7 11 mod143 = 727833 mod 143; i.e. C =
106 M=Cd mod n, plaintext = 10611 mod 143 = 1008 mod 143; i.e. M = 7

4/18/2023 72
Cont…..

• Another Example is:

encryption and decryption using RSA

4/18/2023 73
Cont…..
• For RSA key generation,
 Users of RSA must:
o determine two primes at random – p, q
o select either e or d and compute the other
 Primes p,q must not be easily derived from modulus N=p.q
o means must be sufficiently large
o typically guess and use probabilistic test
 Exponents e, d are inverses, so use Inverse algorithm to
compute the other

4/18/2023 74
Cont…..
• Key Management
• One of the major roles of public-key encryption has been to address the problem of key
distribution. Two distinct aspects to use of public key encryption are present.
• The distribution of public keys.
• Use of public-key encryption to distribute secret keys.
• Distribution of Public Keys
• The most general schemes for distribution of public keys are given below
- Public Announcement of Public keys
Here any participant can send his or her public key to any other participant or broadcast the
key to the community at large. For example, many PGP users have adopted the practice of
appending their public key to messages that they send to public forums.

4/18/2023 75
Cont…..

uncontrolled public key distribution

• It has a major weakness. Anyone can forge such a
public announcement. That is, some user could pretend to
be user A and send a public key to another participant.
4/18/2023 76
Cont…..
• Publicly Available Directory
• A greater degree of security can be achieved by maintaining a publicly
available dynamic directory of public keys. Maintenance and distribution
of the public directory would have to be the responsibility of some
trusted entity or organization. It includes the following elements:
1. The authority maintains a directory with a {name, public key} entry for
each participant.
2. Each participant registers a public key with the directory authority.
Registration would have to be in person or by some form of secure
authenticated communication

4/18/2023 77
Cont……

public key publication

4/18/2023 78
Cont…..
3. A participant may replace the existing key with a new one at any time, either because of
the desire to replace a public key that has already been used for a large amount of data, or
because the corresponding private key has been compromised in some way.
4. Periodically, the authority publishes the entire directory or updates to the directory.
5. Participants could also access the directory electronically. For this purpose, secure,
authenticated communication from the authority to the participant is mandatory.

• This scheme has still got some vulnerability. If an adversary succeeds in obtaining or
computing the private key of the directory authority, the adversary could authoritatively
pass out counterfeit public keys and subsequently impersonate any participant and
eavesdrop on messages sent to any participant. Or else, the adversary may tamper with the
records kept by the authority.

4/18/2023 79
Cont…..
• Public Key Authority
• Stronger security for public-key distribution can be achieved by providing tighter
control over the distribution of public keys from the directory. This scenario
assumes the existence of a public authority (whoever that may be) that maintains
a dynamic directory of public keys of all users.
• The public authority has its own (private key, public key) that it is using to
communicate to users. Each participant reliably knows a public key for the
authority, with only the authority knowing the corresponding private key.
• For example, consider that Alice and Bob wish to communicate with each other
and the following steps take place and are also shown in the figure below:

4/18/2023 80
Cont….

public key authority

4/18/2023 81
 Cont…..
1. Alice sends a time stamped message to the central authority with a request for Bob‘s public
key (the time stamp is to mark the moment of the request)
2. The authority sends back a message encrypted with its private key(for authentication)
message contains Bob‘s public key and the original message of Alice –this way Alice knows
this is not a reply to an old request;
3. Alice starts the communication to Bob by sending him an encrypted message containing her
identity IDA and a nonce N1 (to identify uniquely this transaction)
4. Bob requests Alice‘s public key in the same way (step 1)
5. Bob acquires Alice‘s public key in the same way as Alice did. (Step-2)
6. Bob replies to Alice by sending an encrypted message with N1 plus a new generated nonce
N2 (to identify uniquely the transaction)
7. Alice replies once more encrypting Bob‘s nonce N2 to assure bob that its correspondent is
Alice
4/18/2023 82
Cont…..

• Thus, a total of seven messages are required. However,

the initial four messages need be used only infrequently
because both A and B can save the other’s public key
for future use, a technique known as caching.
• Periodically, a user should request fresh copies of the
public keys of its correspondents to ensure currency.

4/18/2023 83
Public-Key Certificates
• The above technique looks attractive, but still has some drawbacks. For any communication
between any two users, the central authority must be consulted by both users to get the newest
public keys i.e. the central authority must be online 24 hours/day. If the central authority goes
offline, all secure communications get to a halt. This clearly leads to an undesirable bottleneck.
• A further improvement is to use certificates, which can be used to exchange keys without
contacting a public-key authority, in a way that is as reliable as if the keys were obtained directly
from a public-key authority. A certificate binds an identity to public key, with all contents signed
by a trusted Public-Key or Certificate Authority (CA). A user can present his or her public key
to the authority in a secure manner, and obtain a certificate. The user can then publish the
certificate. Anyone needed this user’s public key can obtain the certificate and verify that it is
valid by way of the attached trusted signature. A participant can also convey its key information
to another by transmitting its certificate. Other participants can verify that the certificate was
created by the authority.

4/18/2023 84
Cont…..
• This certificate issuing scheme does have the following
requirements:
1. Any participant can read a certificate to determine the name and
public key of the certificate’s owner.
2. Any participant can verify that the certificate originated from the
certificate authority and is not counterfeit.
3. Only the certificate authority can create and update certificates.
4. Any participant can verify the currency of the certificate.

4/18/2023 85
Cont…..

certificate authority

4/18/2023 86
Cont…..
• Application must be in person or by some form of secure authenticated communication.
For participant A, the authority provides a certificate of the form CA = E(PRauth,
[T||IDA||PUa]) where PRauth is the private key used by the authority and T is a timestamp.
A may then pass this certificate on to any other participant, who reads and verifies the
certificate as follows:
• D(PUauth, CA) = D(PUauth, E(PRauth, [T||IDA||PUa])) = (T||IDA||PUa).

• The recipient uses the authority’s public key, PUauth to decrypt the certificate. Because the

certificate is readable only using the authority’s public key, this verifies that the certificate

came from the certificate authority. The elements IDA and PUa provide the recipient with

the name and public key of the certificate’s holder. The timestamp T validates the currency

of the certificate. The timestamp counters the following scenario. A’s private key is learned

by an adversary.
4/18/2023 87
Cont…..
• A generates a new private/public key pair and applies to the certificate authority for a new
certificate.
• Meanwhile, the adversary replays the old certificate to B. If B then encrypts messages
using the compromised old public key, the adversary can read those messages. In this
context, the compromise of a private key is comparable to the loss of a credit card. The
owner cancels the credit card number but is at risk until all possible communicants are
aware that the old credit card is obsolete. Thus, the timestamp serves as something like an
expiration date. If a certificate is sufficiently old, it is assumed to be expired.
• One scheme has become universally accepted for formatting public-key certificates: the
X.509 standard. X.509 certificates are used in most network security applications,
including IP security, secure sockets layer (SSL), secure electronic transactions (SET), and
S/MIME.

4/18/2023 88
Cont…..

• Public Key Distribution of Secret Keys

• Public-key encryption is usually viewed as a vehicle for the
distribution of secret keys to be used for conventional
encryption and the main reason for this is the relatively slow
data rates associated with public-key encryption.

4/18/2023 89
Cont…..
• Simple Secret Key Distribution:
• If A wishes to communicate with B, the following procedure is
employed:
1. A generates a public/private key pair {PUa, PRa} and transmits a
message to B consisting of PUa and an identifier of A, IDA.
2. B generates a secret key, Ks, and transmits it to A, encrypted with A’s
public key.
3. A computes D(PRa, E(PUa, Ks)) to recover the secret key. Because only
A can decrypt the message, only A and B will know the identity of Ks.
4. A discards PUa and PRa and B discards PUa.

4/18/2023 90
Cont…..

Simple Secret Key Distribution

4/18/2023 91
Cont…..
• In this case, if an adversary, E, has control of the intervening communication channel, then E can
compromise the communication in the following fashion without being detected:

1. A generates a public/private key pair {PUa, PRa} and transmits a message intended
for B consisting of PUa and an identifier of A, IDA.
2. E intercepts the message, creates its own public/private key pair {PUe, PRe} and transmits PUe||IDA
to B.
3. B generates a secret key, Ks, and transmits E(PUe, Ks).
4. E intercepts the message, and learns Ks by computing D(PRe, E(PUe, Ks)).
5. E transmits E(PUa, Ks) to A.

• The result is that both A and B know Ks and are unaware that Ks has also been revealed to E. A and B
can now exchange messages using Ks E no longer actively interferes with the communications channel
but simply eavesdrops. Knowing Ks E can decrypt all messages, and both A and B are unaware of the
problem. Thus, this simple protocol is only useful in an environment where the only threat is
eavesdropping.

4/18/2023 92
Cont…..
• Secret Key Distribution with Confidentiality and Authentication
• It is assumed that A and B have exchanged public keys by one of the
schemes described earlier. Then the following steps occur:

Secret Key Distribution with Confidentiality and Authentication

4/18/2023 93
Cont…..
1. A uses B’s public key to encrypt a message to B containing an identifier of A (IDA) and a
nonce (N1), which is used to identify this transaction uniquely.
2. B sends a message to A encrypted with PUa and containing A’s nonce (N1) as well as a
new nonce generated by B (N2) Because only B could have decrypted message (1), the
presence of N1 in message (2) assures A that the correspondent is B.
3. A returns N2 encrypted using B’s public key, to assure B that its correspondent is A.
4. A selects a secret key Ks and sends M = E(PUb, E(PRa, Ks)) to B. Encryption of this
message with B’s public key ensures that only B can read it; encryption with
A’s private key ensures that only A could have sent it.
5. B computes D(PUa, D(PRb, M)) to recover the secret key.
• The result is that this scheme ensures both confidentiality and authentication in the
exchange of a secret key.

4/18/2023 94
 The End of Chapter Three

Thank You!!!
4/18/2023 95