Cryptography and Data Transmission

Cryptography is essential for securing data transmission. It ensures that data sent over networks
remains confidential and unaltered. This is achieved through various cryptographic algorithms
and protocols.

Thus, what starts out looking like this:

Error Detecting and Correcting Codes

Error detecting and correcting codes are crucial for maintaining data integrity. They help identify
and correct errors that occur during data transmission. Common techniques include:

● Parity Checks: Simple error detection method.

● Hamming Codes: Detect and correct single-bit errors.

Types of Cryptography
There are three main types of cryptography:

Symmetric key Cryptography: With the encryption technique, the sender and the recipient use
the same shared key to encrypt and decrypt messages.

Although symmetric key systems are quicker and easier to use, they have the drawback of
requiring a secure key exchange between the sender and the receiver. Data Encryption System
(DES) is the most widely used symmetric key encryption method.
Hash Functions: In this algorithm, no key is used. The plain text is used to produce a hash value
that has a fixed length, making it challenging to retrieve the plain text's information. Hash
functions are widely used by operating systems to encrypt passwords.

Asymmetric Key Cryptography: This approach uses a set of keys to encrypt and decrypt data.
Public keys are used for encryption, whereas private keys are used for decryption.

The Public Key and Private Key are different from one another. Even if everyone knows the
public key, only the intended recipient may decode the message since only he can access the
private key.

Techniques Used for Cryptography

In the age of computers, cryptography is frequently associated with converting plain text into
cipher text, which is text that the intended recipient can only decode. This process is known as
encryption. The process of converting encrypted text into plain text is called decryption.

Features of Cryptography
Cryptography has the following features:

○ Confidentiality: The only person who can access information is the one it is intended
for, which is the primary feature of cryptography.
○ Integrity: Information cannot be altered while it is being stored or sent from the sender
to the intended destination without the recipient spotting the addition of new information
in Cryptography.
○ Non-repudiation: The creator/sender of a message cannot deny his intent to send
information at a future point.
○ Authentication: The identities of the sender and the recipient have been confirmed.
Furthermore, the information's source and final destination are confirmed.
○ Availability: It also ensures that the required information is available to authorized users
at the appropriate time.
○ Key Management: The creation, distribution, storage, and alteration of cryptographic
keys take place in this process.
○ Algorithm: Mathematical formulae are used in cryptography to encrypt and decrypt
messages.
○ Digital Signatures: A signature that can be applied to messages to protect the message's
authenticity and sender identification.

Encryption and Decryption

Cryptography involves two phases at its most fundamental level: Encryption and Decryption.

Encryption uses a cipher to encrypt and transform the plaintext into ciphertext. On the other
hand, decryption transforms the ciphertext into plaintext by employing the same cipher.
The most popular application of cryptography when sending electronic data is encrypting and
decrypting emails and other plaintext messages. The simplest method is the "secret key" or
symmetric approach.

The secret key is used to encrypt data, and after decoding, the secret key and encoded message
are sent to the recipient. What is the problem, then? A third party is all they need to decode and
analyze the message if it is intercepted.

Cryptologists developed the asymmetric or "public key" approach to solve this issue. Each user,
in this case, has two keys: a private key and a public key. Senders request the recipient's public
key before encrypting and sending the message.

Cryptographic Algorithms
Cryptosystems encrypt and decrypt information using cryptographic algorithms, or ciphers, to
secure communications between computer systems, devices, and applications.

A cipher suite uses three different algorithms: one for encryption, message authentication, and
key exchange. This process, integrated into protocols and developed using software that runs on
operating systems (OS) and networked computer systems, involves:

○ Data encryption and decryption using the production of public and private keys
○ To authenticate messages, use digital signature and verification
○ Key exchange

Advantages
Access Management: Access control can use cryptography to guarantee that only individuals
with the appropriate authorizations are granted access to a resource. The resource is encrypted
and can only be accessed by those with the proper decryption key.

Secure Communication: Cryptography is essential for private communication over the Internet.
It provides safe methods for sending sensitive data like bank account numbers, passwords, and
other private information over the Internet.

Protection against attacks: Attacks like replay and man-in-the-middle attacks can be defended
against with the help of cryptography. It provides techniques for identifying and preventing these
assaults.

Compliance with legal requirements: Businesses can use cryptography to help them deal with
several legal obligations, such as data protection and privacy laws.

Applications of Cryptography
Computer passwords: Cryptography is frequently used in computer security, especially when
creating and managing passwords. When users log in, their password is hashed and contrasted
with the previously saved hash. To store them, passwords are first hashed and encrypted. This
method encrypts the passwords so that even if hackers can access the password database, they
can't comprehend the passwords.

Digital Currencies: Cryptography is also used by digital currencies like Bitcoin to secure
transactions and prevent fraud. Since advanced algorithms and cryptographic keys safeguard
transactions, tampering with or creating fake transactions is practically impossible.

Secure web browsing: Cryptography protects users from eavesdropping in on their

conversations and man-in-the-middle attacks and provides online browsing security. The Secure
Sockets Layer (SSL) and Transport Layer Security (TLS) protocols use public key cryptography
to encrypt data between the web server and the client, creating a secure communication channel.

Digital signatures: Digital signatures are used to sign papers and act as the handwritten
signature's digital copy. Cryptography is used to create digital signatures, and public key
cryptography is used to verify them. Digital signatures are becoming more widely used, and
many countries have laws that make them legally binding.

Authentication: When logging into a computer, cryptography is employed as the authentication

method, for example, a bank account or a secure network. The authentication protocols use
cryptographic techniques to validate the user's identity and possession of the necessary access
privileges to the resource.
Need for Cryptography

Cryptography is needed to:

● Protect Confidentiality: Ensures that only authorized parties can access the information.
● Ensure Integrity: Verifies that the data has not been altered.
● Authenticate Users: Confirms the identity of the parties involved in communication.
● Non-repudiation: Prevents denial of sending or receiving the message.

Cryptology Fundamentals

Cryptology encompasses both cryptography (creating secure communication) and cryptanalysis

(breaking secure communication). Key concepts include:

● Encryption: Converting plaintext into ciphertext.

● Decryption: Converting ciphertext back into plaintext.
● Keys: Secret values used in encryption and decryption processes.

Symmetric and Asymmetric Cryptography

● Symmetric Cryptography: Uses the same key for both encryption and decryption.
Examples include AES and DES.
● Asymmetric Cryptography: Uses a pair of keys (public and private). Examples include
RSA and ECC.

Cryptographic Algorithms

● Symmetric Algorithms: Fast and efficient for large data. Examples: AES, DES.
● Asymmetric Algorithms: More secure for key exchange and digital signatures.
Examples: RSA, ECC.
● Hash Functions: Provide data integrity by producing a fixed-size hash value from input
data. Examples: SHA-256, MD5.

Key Management in Cryptography

What is Key Management?

Key management refers to the processes and procedures involved in generating, storing,
distributing, and managing cryptographic keys used in cryptographic algorithms to protect
sensitive data. It ensures that keys used to protect sensitive data are kept safe from unauthorized
access or loss. Good key management helps maintain the security of encrypted information and
is important for protecting digital assets from cyber threats. Effective key management is crucial
for ensuring the confidentiality, integrity, and availability of encrypted information by securing
cryptographic keys from unauthorized access, loss, or compromise.

How Cryptographic Keys Works?

Cryptographic keys are special codes that protect information by locking (encrypting) and
unlocking (decrypting) it. In symmetric key cryptography, a single shared key does both jobs,
so the same key must be kept secret between users. In asymmetric key cryptography, there are
two keys: a public key that anyone can use to encrypt messages or verify signatures, and a
private key that only the owner uses to decrypt messages or create signatures. This makes it
easier to share the public key openly while keeping the private key secret. These keys are crucial
for secure communication, like when you visit a secure website (HTTPS), where they help
encrypt your data and keep it safe from eavesdroppers and criminals. So, to manage these keys
properly is vital to keep digital information secure and dependable.

Types of Key Management

There are two aspects of Key Management:

1. Distribution of public keys.

2. Use of public-key encryption to distribute secrets.

Distribution of Public Key

The public key can be distributed in four ways:

1. Public announcement
2. Publicly available directory
3. Public-key authority
4. Public-key certificates.

These are explained as following below:

1. Public Announcement: Here the public key is broadcast to everyone. The major weakness of
this method is a forgery. Anyone can create a key claiming to be someone else and broadcast it.
Until forgery is discovered can masquerade as claimed user.

2. Publicly Available Directory: In this type, the public key is stored in a public directory.
Directories are trusted here, with properties like Participant Registration, access and allow to
modify values at any time, contains entries like {name, public-key}. Directories can be accessed
electronically still vulnerable to forgery or tampering.

3. Public Key Authority: It is similar to the directory but, improves security by tightening
control over the distribution of keys from the directory. It requires users to know the public key
for the directory. Whenever the keys are needed, real-time access to the directory is made by the
user to obtain any desired public key securely.

4. Public Certification: This time authority provides a certificate (which binds an identity to the
public key) to allow key exchange without real-time access to the public authority each time. The
certificate is accompanied by some other info such as period of validity, rights of use, etc. All of
this content is signed by the private key of the certificate authority and it can be verified by
anyone possessing the authority’s public key.
First sender and receiver both request CA for a certificate which contains a public key and other
information and then they can exchange these certificates and can start communication.

Key Management Lifecycle

The key management lifecycle outlines the stages through which cryptographic keys are
generated, used, and eventually retired or destroyed. Proper management of these keys is critical
to ensuring the security of cryptographic systems. Here’s an overview of each stage:

1. Key Generation:

● Creation: Keys are created using secure algorithms to ensure randomness and
strength.
● Initialization: Keys are initialized with specific parameters required for their
intended use (e.g., length, algorithm).

2. Key Distribution:

● Sharing: For symmetric keys, secure methods must be used to share the key between
parties.
● Publication: For asymmetric keys, the public key is shared openly, while the private
key remains confidential.

3. Key Storage:

● Protection: Keys must be stored securely, typically in hardware security modules

(HSMs) or encrypted key stores, to prevent unauthorized access.
● Access Control: Only authorized users or systems should be able to access keys.

4. Key Usage:

● Application: Keys are used for their intended cryptographic functions, such as
encrypting/decrypting data or signing/verifying messages.
● Monitoring: Usage is monitored to detect any unusual or unauthorized activities.
Key Management in Cryptography

5. Key Rotation:

● Updating: Keys are periodically updated to reduce the risk of exposure or

compromise.
● Re-Keying: New keys are generated and distributed, replacing old ones while
ensuring continuity of service.

6. Key Revocation:

● Invalidation: Keys that are no longer secure or needed are invalidated.

● Revocation Notices: For public keys, revocation certificates or notices are distributed
to inform others that the key should no longer be trusted.

7. Key Archival:

● Storage: Old keys are securely archived for future reference or compliance purposes.
● Access Restrictions: Archived keys are kept in a secure location with restricted
access.
8. Key Destruction:

● Erasure: When keys are no longer needed, they are securely destroyed to prevent any
possibility of recovery.
● Verification: The destruction process is verified to ensure that no copies remain.

What is Public Key Cryptography?

Public key cryptography is a method of secure communication that uses a pair of keys, a public
key, which anyone can use to encrypt messages or verify signatures, and a private key, which is
kept secret and used to decrypt messages or sign documents. This system ensures that only the
intended recipient can read an encrypted message and that a signed message truly comes from
the claimed sender. Public key cryptography is essential for secure internet communications,
allowing for confidential messaging, authentication of identities, and verification of data
integrity.

What is a Cryptographic Key?

A cryptographic key is a piece of information used by cryptographic algorithms to encrypt or

decrypt data, authenticate identities, or generate digital signatures. It serves as a parameter to
control cryptographic operations, ensuring the security and privacy of digital communications
and transactions.

Encryption

The process of changing the plaintext into the ciphertext is referred to as encryption.
The encryption process consists of an algorithm and a key. The key is a value independent of the
plaintext.

The security of conventional encryption depends on the major two factors

1. The Encryption algorithm

2. Secrecy of the key
Once the ciphertext is produced, it may be transmitted. The Encryption algorithm will produce a
different output depending on the specific key being used at the time. Changing the key changes
the output of the algorithm.
Once the ciphertext is produced, it may be transmitted. Upon reception, the ciphertext can be
transformed back to the original plaintext by using a decryption algorithm and the same key that
was used for encryption.

Decryption

The process of changing the ciphertext to the plaintext that process is known as decryption.

Public Key Encryption : Asymmetric is a form of Cryptosystem in which encryption and

decryption are performed using different keys-Public key (known to everyone) and Private key
(Secret key). This is known as Public Key Encryption.

Difference Between Encryption and Public-Key Encryption

Public-Key
Basis Encryption
Encryption

● Same algorithm
● One algorithm is used for
with the same key
encryption and a related
is used for
algorithm decryption with
encryption and
Required pair of keys, one for
for Work decryption.
encryption and other for
● The sender and
decryption.
receiver must share
● Receiver and Sender must
the algorithm and
each have one of the
key.
 matched pair of keys (not
identical) .

● One of the two keys must

● Key must be kept
be kept secret.
secret.
● If one of the key is kept
● If the key is secret,
secret, it is very
it is very
impossible to decipher
impossible to
Required message.
decipher message.
for Security ● Knowledge of the
● Knowledge of the
algorithm plus one of the
algorithm plus
keys plus samples of
samples of
ciphertext must be
ciphertext must be
impractical to determine
impractical to
the other key.
determine the key.

Characteristics of Public Encryption key

● Public key Encryption is important because it is infeasible to determine the

decryption key given only the knowledge of the cryptographic algorithm and
encryption key.
● Either of the two keys (Public and Private key) can be used for encryption with other
key used for decryption.
● Due to Public key cryptosystem, public keys can be freely shared, allowing users an
easy and convenient method for encrypting content and verifying digital signatures,
and private keys can be kept secret, ensuring only the owners of the private keys can
decrypt content and create digital signatures.
 ● The most widely used public-key cryptosystem is RSA (Rivest–Shamir–Adleman).
The difficulty of finding the prime factors of a composite number is the backbone of
RSA.

Example:
Public keys of every user are present in the Public key Register. If B wants to send a confidential
message to C, then B encrypt the message using C Public key. When C receives the message
from B then C can decrypt it using its own Private key. No other recipient other than C can
decrypt the message because only C know C’s private key.

Public Key Encryption

Components of Public Key Encryption

● Plain Text: This is the message which is readable or understandable. This message is
given to the Encryption algorithm as an input.
● Cipher Text: The cipher text is produced as an output of Encryption algorithm. We
cannot simply understand this message.
● Encryption Algorithm: The encryption algorithm is used to convert plain text into
cipher text.
 ● Decryption Algorithm: It accepts the cipher text as input and the matching key
(Private Key or Public key) and produces the original plain text
● Public and Private Key: One key either Private key (Secret key) or Public Key
(known to everyone) is used for encryption and other is used for decryption

Weakness of the Public Key Encryption

● Public key Encryption is vulnerable to Brute-force attack.

● This algorithm also fails when the user lost his private key, then the Public key
Encryption becomes the most vulnerable algorithm.
● Public Key Encryption also is weak towards man in the middle attack. In this attack a
third party can disrupt the public key communication and then modify the public
keys.
● If user private key used for certificate creation higher in the PKI (Public Key
Infrastructure) server hierarchy is compromised, or accidentally disclosed, then a
“man-in-the-middle attack” is also possible, making any subordinate certificate
wholly insecure. This is also the weakness of public key Encryption.

Applications of the Public Key Encryption

● Encryption/Decryption: Confidentiality can be achieved using Public Key

Encryption. In this the Plain text is encrypted using receiver public key. This will
ensure that no one other than receiver private key can decrypt the cipher text.
● Digital signature: Digital signature is for senders authentication purpose. In this
sender encrypt the plain text using his own private key. This step will make sure the
authentication of the sender because receiver can decrypt the cipher text using senders
public key only.
● Key exchange: This algorithm can use in both Key-management and securely
transmission of data.

Difference Between Private Key and Public Key

Private Key Public Key

The private key is faster than the public

It is slower than a private key.
key.

In this, the same key (secret key) and In public-key cryptography, two keys are
algorithm are used to encrypt and decrypt used, one key is used for encryption, and
the message. the other is used for decryption.

In private key cryptography, the key is In public-key cryptography, one of the

kept a secret. two keys is kept a secret.

The private key is Symmetrical because The public key is Asymmetrical because
there is only one key that is called a there are two types of keys: private and
secret key. public keys.

In this cryptography, the sender and

In this cryptography, the sender and
receiver do not need to share the same
receiver need to share the same key.
key.
 In this cryptography, the public key can
In this cryptography, the key is private.
be public and a private key is private.

It is an efficient technology. It is an inefficient technology.

It is used for large amounts of text. It is used for only short messages.

There is the possibility of losing the key There is less possibility of key loss, as the
that renders the systems void. key is held publicly.

The private key is to be shared between

The public key can be used by anyone.
two parties.

The Performance testing checks the

The Load testing checks the sustainability
reliability, scalability, and speed of the
of the system.
system.
 The private key is used in algorithms
The public key is used in algorithms such
such as AES 128, AES 192 and AES
as RSA, DSA, etc.
256.

The private key is kept secret. The public key is widely distributed.

It is used to protect disk drives and other It is used to secure web sessions and
data storage devices. emails.

The recipient’s private key decrypts the The recipient’s public key encrypts the
message. message.

If the private key is the locking key, then

If the public key is the locking key, then it
the system can be used to verify
can be used to send private
documents sent by the holder of the
communication.
private key.

key storage,

In cryptography, key storage refers to the methods and practices used to securely store
cryptographic keys, which are essential for encrypting and decrypting data. Here are some key
points:
 1. Hardware Security Modules (HSMs): These are physical devices that manage and store
cryptographic keys. They provide a high level of security by protecting keys from
unauthorized access and physical tampering1.
2. Key Management Services (KMS): Cloud providers like AWS, Azure, and Google
Cloud offer KMS to manage cryptographic keys. These services handle key generation,
storage, and lifecycle management, ensuring keys are securely stored and easily
accessible when needed2.
3. Software-Based Key Storage: This involves storing keys in software applications, often
using secure storage mechanisms like encrypted databases or secure enclaves within
processors3.
4. Key Encryption Keys (KEKs): KEKs are used to encrypt other keys (Data Encryption
Keys or DEKs). The KEK is stored separately from the DEK, adding an extra layer of
security1.
5. Best Practices:
○ Minimize Key Storage: Only store keys when absolutely necessary.
○ Use Strong Encryption: Ensure keys are encrypted using strong algorithms like
AES-256.
○ Regularly Rotate Keys: Periodically change keys to limit the impact of a
potential compromise.
○ Access Controls: Implement strict access controls to ensure only authorized users
can access keys2.

What is DES?
Data Encryption Standard (DES) is a block cipher with a 56-bit key length that has played a
significant role in data security. Data encryption standard (DES) has been found vulnerable to
very powerful attacks therefore, the popularity of DES has been found slightly on the decline.
DES is a block cipher and encrypts data in blocks of size of 64 bits each, which means 64 bits of
plain text go as the input to DES, which produces 64 bits of ciphertext. The same algorithm and
key are used for encryption and decryption, with minor differences. The key length is 56 bits.
The basic idea is shown below:
We have mentioned that DES uses a 56-bit key. Actually, The initial key consists of 64 bits.
However, before the DES process even starts, every 8th bit of the key is discarded to produce a
56-bit key. That is bit positions 8, 16, 24, 32, 40, 48, 56, and 64 are discarded.
Thus, the discarding of every 8th bit of the key produces a 56-bit key from the original 64-bit
key.
DES is based on the two fundamental attributes of cryptography: substitution (also called
confusion) and transposition (also called diffusion). DES consists of 16 steps, each of which is
called a round. Each round performs the steps of substitution and transposition. Let us now
discuss the broad-level steps in DES.
● In the first step, the 64-bit plain text block is handed over to an initial Permutation
(IP) function.
● The initial permutation is performed on plain text.
● Next, the initial permutation (IP) produces two halves of the permuted block; saying
Left Plain Text (LPT) and Right Plain Text (RPT).
● Now each LPT and RPT go through 16 rounds of the encryption process.
● In the end, LPT and RPT are rejoined and a Final Permutation (FP) is performed on
the combined block
● The result of this process produces 64-bit ciphertext.

Initial Permutation (IP)

As we have noted, the initial permutation (IP) happens only once and it happens before the first
round. It suggests how the transposition in IP should proceed, as shown in the figure. For
example, it says that the IP replaces the first bit of the original plain text block with the 58th bit
of the original plain text, the second bit with the 50th bit of the original plain text block, and so
on.
This is nothing but jugglery of bit positions of the original plain text block. the same rule applies
to all the other bit positions shown in the figure.

As we have noted after IP is done, the resulting 64-bit permuted text block is divided into two
half blocks. Each half-block consists of 32 bits, and each of the 16 rounds, in turn, consists of the
broad-level steps outlined in the figure.
Step 1: Key transformation

We have noted initial 64-bit key is transformed into a 56-bit key by discarding every 8th bit of
the initial key. Thus, for each a 56-bit key is available. From this 56-bit key, a different 48-bit
Sub Key is generated during each round using a process called key transformation. For this, the
56-bit key is divided into two halves, each of 28 bits. These halves are circularly shifted left by
one or two positions, depending on the round.
For example: if the round numbers 1, 2, 9, or 16 the shift is done by only one position for other
rounds, the circular shift is done by two positions. The number of key bits shifted per round is
shown in the figure.
After an appropriate shift, 48 of the 56 bits are selected. From the 48 we might obtain 64 or 56
bits based on requirement which helps us to recognize that this model is very versatile and can
handle any range of requirements needed or provided. for selecting 48 of the 56 bits the table is
shown in the figure given below. For instance, after the shift, bit number 14 moves to the first
position, bit number 17 moves to the second position, and so on. If we observe the table , we will
realize that it contains only 48-bit positions. Bit number 18 is discarded (we will not find it in the
table), like 7 others, to reduce a 56-bit key to a 48-bit key. Since the key transformation process
involves permutation as well as a selection of a 48-bit subset of the original 56-bit key it is called
Compression Permutation.

Because of this compression permutation technique, a different subset of key bits is used in each
round. That makes DES not easy to crack.

Step 2: Expansion Permutation

Recall that after the initial permutation, we had two 32-bit plain text areas called Left Plain
Text(LPT) and Right Plain Text(RPT). During the expansion permutation, the RPT is expanded
from 32 bits to 48 bits. Bits are permuted as well hence called expansion permutation. This
happens as the 32-bit RPT is divided into 8 blocks, with each block consisting of 4 bits. Then,
each 4-bit block of the previous step is then expanded to a corresponding 6-bit block, i.e., per
4-bit block, 2 more bits are added.
Double DES and Triple DES

Double DES:

Double DES is a encryption technique which uses two instance of DES on same plain text. In
both instances it uses different keys to encrypt the plain text. Both keys are required at the time
of decryption. The 64 bit plain text goes into first DES instance which then converted into a 64
bit middle text using the first key and then it goes to second DES instance which gives 64 bit
cipher text by using second key.
However double DES uses 112 bit key but gives security level of 2^56 not 2^112 and this is
because of meet-in-the middle attack which can be used to break through double DES.

Triple DES:

Triple DES is a encryption technique which uses three instance of DES on same plain text. It
uses there different types of key choosing technique in first all used keys are different and in
second two keys are same and one is different and in third all keys are same.
Triple DES is also vulnerable to meet-in-the middle attack because of which it give total security
level of 2^112 instead of using 168 bit of key. The block collision attack can also be done
because of short block size and using same key to encrypt large size of text. It is also vulnerable
to sweet32 attack.

Simplified International Data Encryption Algorithm (IDEA)

Introduction :
The International Data Encryption Algorithm (IDEA) is a symmetric-key block cipher that was
first introduced in 1991. It was designed to provide secure encryption for digital data and is used
in a variety of applications, such as secure communications, financial transactions, and electronic
voting systems.

IDEA uses a block cipher with a block size of 64 bits and a key size of 128 bits. It uses a series
of mathematical operations, including modular arithmetic, bit shifting, and exclusive OR (XOR)
operations, to transform the plaintext into ciphertext. The cipher is designed to be highly secure
and resistant to various types of attacks, including differential and linear cryptanalysis.

One of the strengths of IDEA is its efficient implementation in software and hardware. The
algorithm is relatively fast and requires only a small amount of memory and processing power.
This makes it a popular choice for use in embedded systems and other applications where
resources are limited.

IDEA has been widely used in various encryption applications, although it has been largely
replaced by newer encryption algorithms such as AES (Advanced Encryption Standard) in recent
years. However, IDEA is still considered to be a highly secure and effective encryption
algorithm, and it continues to be used in some legacy systems and applications.

In cryptography, block ciphers are very important in the designing of many cryptographic
algorithms and are widely used to encrypt the bulk of data in chunks. By chunks, it means that
the cipher takes a fixed size of the plaintext in the encryption process and generates a fixed size
ciphertext using a fixed-length key. An algorithm’s strength is determined by its key length.

The Simplified International Data Encryption Algorithm (IDEA) is a symmetric key block
cipher that:

● uses a fixed-length plaintext of 16 bits and

● encrypts them in 4 chunks of 4 bits each
● to produce 16 bits ciphertext.
 ● The length of the key used is 32 bits.
● The key is also divided into 8 blocks of 4 bits each.

This algorithm involves a series of 4 identical complete rounds and 1 half-round. Each complete
round involves a series of 14 steps that includes operations like:

● Bitwise XOR

● Addition modulo

● Multiplication modulo +1
After 4 complete rounds, the final “half-round” consists of only the first 4 out of the
14 steps previously used in the full rounds. To perform these rounds, each binary
notation must be converted to its equivalent decimal notation, perform the operation
and the result obtained should be converted back to the binary representation for the
final result of that particular step.

Key Schedule: 6 subkeys of 4 bits out of the 8 subkeys are used in each complete
round, while 4 are used in the half-round. So, 4.5 rounds require 28 subkeys. The
given key, ‘K’, directly gives the first 8 subkeys. By rotating the main key left by 6
bits between each group of 8, further groups of 8 subkeys are created, implying less
than one rotation per round for the key (3 rotations).
 K1 K2 K3 K4 K5 K6

Round 1 1101 1100 0110 1111 0011 1111

Round 2 0101 1001* 0001 1011 1100 1111

 Round 3 1101 0110 0111 0111* 1111 0011

Round 4 1111 0101 1001 1101 1100 0110*

Round 4.5 1111 1101 0110 0111

* denotes a shift of bits

Notations used in the 14 steps:

Symbol Operation

Multiplication modulo
*
+1
 +
Addition modulo

^ Bitwise XOR

The 16-bit plaintext can be represented as X1 || X2 || X3 || X4, each of size 4 bits. The 32-bit key
is broken into 8 subkeys denoted as K1 || K2 || K3 || K4 || K5 || K6 || K7 || K8, again of size 4 bits
each. Each round of 14 steps uses the three algebraic operation-Addition modulo (2^4),
Multiplication modulo (2^4)+1 and Bitwise XOR. The steps involved are as follows:

1. X1 * K1
2. X2 + K2
3. X3 + K3
4. X4 * K4
5. Step 1 ^ Step 3
6. Step 2 ^ Step 4
7. Step 5 * K5
8. Step 6 + Step 7
9. Step 8 * K6
10. Step 7 + Step 9
11. Step 1 ^ Step 9
12. Step 3 ^ Step 9
13. Step 2 ^ Step 10
 14. Step 4 ^ Step 10
The input to the next round is Step 11 || Step 13 || Step 12 || Step 14, which becomes
X1 || X2 || X3 || X4. This swap between 12 and 13 takes place after each complete
round, except the last complete round (4th round), where the input to the final half
round is Step 11 || Step 12 || Step 13 || Step 14.
After last complete round, the half-round is as follows:
1. X1 * K1
2. X2 + K2
3. X3 + K3
4. X4 * K4

The final output is obtained by concatenating the blocks.

Example:

Key: 1101 1100 0110 1111 0011 1111 0101 1001

Plaintext: 1001 1100 1010 1100

Ciphertext: 1011 1011 0100 1011

Explanation:
The explanation is only for 1st complete round (the remaining can be implemented similarly) and
the last half-round.

● Round 1:
○ From the plaintext: X1 – 1001, X2 – 1100, X3 – 1010, X4 – 1100
 ○ From the table above: K1 – 1101, K2 – 1100, K3 – 0110, K4 –
1111, K5 – 0011, K6 – 1111

(1001(9) * 1101(13))(mod 17) = 1111(15)

(1100(12) + 1100(12))(mod 16) = 1000(8)

(1010(10) + 0110(6))(mod 16) = 0000(0)

(1100(12) * 1111(15))(mod 17) = 1010(10)

(1111(15) ^ 0000(0)) = 1111(15)

(1000(8) ^ 1010(10)) = 0010(2)

(1111(15) * 0011(3))(mod 17) = 1011(11)

(0010(2) + 1011(11))(mod 16) = 1101(13)

(1101(13) * 1111(15))(mod 17) = 1000(8)

(1011(11) + 1000(8))(mod 16) = 0011(3)

(1000(8) ^ 1111(15)) = 0111(7)

(1000(8) ^ 0000(0)) = 1000(8)

(0011(3) ^ 1000(8)) = 1011(11)

(0011(3) ^ 1010(10)) = 1001(9)

● Round 1 Output: 0111 1011 1000 1001 (Step 12 and Step 13 results are
interchanged)
● Round 2:
○ From Round 1 output: X1 – 0111, X2 – 1011, X3 – 1000, X4 –
1001
 ○ From the table above: K1 – 0101, K2 – 1001, K3 – 0001, K4 –
1011, K5 – 1100, K6 – 1111
○ Round 2 Output: 0110 0110 1110 1100 (Step 12 and Step 13
results are interchanged)
● Round 3:
○ From Round 2 Output: X1 – 0110, X2 – 0110, X3 – 1110, X4 –
1100
○ From the table above: K1 – 1101, K2 – 0110, K3 – 0111, K4 –
0111, K5 – 1111, K6 – 0011
○ Round 3 Output: 0100 1110 1011 0010 (Step 12 and Step 13
results are interchanged)
● Round 4:
○ From Round 3 Output: X1 – 0100, X2 – 1110, X3 – 1011, X4 –
0010
○ From the table above: K1 – 1111, K2 – 0101, K3 – 1001, K4 –
1101, K5 – 1100, K6 – 0110
○ Round 4 Output: 0011 1110 1110 0100 (Step 12 and Step 13
results are interchanged)
● Round 4.5:

○ From Round 4 Output: X1 – 0011, X2 – 1110, X3 – 1110, X4 –

0100
○ From the table above: K1 – 1111, K2 – 1101, K3 – 0110, K4 –
0111
○ Round 4.5 Output: 1011 1011 0100 1011 (Step 2 and Step 3
results are not interchanged)
○
(0011(3) * 1111(15))(mod 17) = 1011(11)

(1110(14) + 1101(13))(mod 16) = 1011(11)

(1110(14) + 0110(6))(mod 16) = 0100(4)

(0100(4) * 0111(7))(mod 17) = 1011(11)

● Final Ciphertext is 1011 1011 0100 1011

RC5 Encryption Algorithm

RC5 is a symmetric key block encryption algorithm designed by Ron Rivest in 1994. It is
notable for being simple, fast (on account of using only primitive computer operations like XOR,
shift, etc.) and consumes less memory. Example:

Key : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Plain Text : 00000000 00000000

Cipher Text : EEDBA521 6D8F4B15

RC5 is a block cipher and addresses two word blocks at a time. Depending on input plain text
block size, number of rounds and key size, various instances of RC5 can be defined and each
instance is denoted as RC5-w/r/b where w=word size in bits, r=number of rounds and b=key size
in bytes. Allowed values are:

Parameter Possible Value

block/word size (bits) 16, 32, 64

 Number of Rounds 0 – 255

Key Size (bytes) 0 – 255

Note – Since at a time, RC5 uses 2 word blocks, the plain text block size can be 32, 64 or 128
bits. Notation used in the algorithm:

Symbol Operation

x <<< y Cyclic left shift of x by y bits

Two’s complement addition of words where addition is modulo

2w
+
2

w
 ^ Bit wise Exclusive-OR

Step-1: Initialization of constants P and Q. RC5 makes use of 2 magic constants P and Q whose
value is defined by the word size w.

Word Size (bits) P (Hexadecimal) Q (Hexadecimal)

16 b7e1 9e37

32 b7e15163 9e3779b9

64 b7e151628aed2a6b 9e3779b97f4a7c15

For any other word size, P and Q can be determined as:

P = Odd((e-2)

2w

) Q = Odd((
ϕ

ϕ-2)

2w

Here, Odd(x) is the odd integer nearest to x, e is the base of natural logarithms and
[Tex]\phi&nbsp;&nbsp;[/Tex]is the golden ratio. Step-2: Converting secret key K from bytes to
words. Secret key K of size b bytes is used to initialize array L consisting of c words where c =
b/u, u = w/8 and w = word size used for that particular instance of RC5. For example, if we
choose w=32 bits and Key k is of size 96 bytes then, u=32/8=4, c=b/u=96/4=24. L is pre
initialized to 0 value before adding secret key K to it.

for i=b-1 to 0

L[i/u] = (L[u/i] <<< 8) + K[i]

Step-3: Initializing sub-key S. Sub-key S of size t=2(r+1) is initialized using magic constants P
and Q.

S[0] = P

for i = 1 to 2(r+1)-1

S[i] = S[i-1] + Q)

Step-4: Sub-key mixing. The RC5 encryption algorithm uses Sub key S. L is merely, a
temporary array formed on the basis of user entered secret key. Mix in user’s secret key with S
and L.

i=j=0

A=B=0

do 3 * max(t, c) times:
 A = S[i] = (S[i] + A + B) <<< 3

B = L[j] = (L[j] + A + B) <<< (A + B)

i = (i + 1) % t

j = (j + 1) % c

Step-5: Encryption. We divide the input plain text block into two registers A and B each of size
w bits. After undergoing the encryption process the result of A and B together forms the cipher
text block. RC5 Encryption Algorithm:

1. One time initialization of plain text blocks A and B by adding S[0] and S[1] to A and
B respectively. These operations are mod[Tex]2^w&nbsp;&nbsp;[/Tex].
2. XOR A and B. A=A^B
3. Cyclic left shift new value of A by B bits.
4. Add S[2*i] to the output of previous step. This is the new value of A.
5. XOR B with new value of A and store in B.
6. Cyclic left shift new value of B by A bits.
7. Add S[2*i+1] to the output of previous step. This is the new value of B.
8. Repeat entire procedure (except one time initialization) r times.

A = A + S[0]

B = B + S[1]

for i = 1 to r do:

A = ((A ^ B) <<< B) + S[2 * i]

B = ((B ^ A) <<< A) + S[2 * i + 1]

return A, B

Alternatively, RC5 Decryption can be defined as:

for i = r down to 1 do:

 B = ((B - S[2 * i + 1]) >>> A) ^ A

A = ((A - S[2 * i]) >>> B) ^ B

B = B - S[1]

A = A - S[0]

return A, B

What is Advanced Encryption Standard (AES)?

Advanced Encryption Standard (AES) is a highly trusted encryption algorithm used to secure
data by converting it into an unreadable format without the proper key. Developed by the
National Institute of Standards and Technology (NIST), AES encryption uses various key
lengths (128, 192, or 256 bits) to provide strong protection against unauthorized access. This
data security measure is efficient and widely implemented in securing internet
communication, protecting sensitive data, and encrypting files. AES, a cornerstone of modern
cryptography, is recognized globally for its ability to keep information safe from cyber threats.

Points to Remember

● AES is a Block Cipher.

● The key size can be 128/192/256 bits.
● Encrypts data in blocks of 128 bits each.

That means it takes 128 bits as input and outputs 128 bits of encrypted cipher text. AES relies on
the substitution-permutation network principle, which is performed using a series of linked
operations that involve replacing and shuffling the input data.

Working of The Cipher

AES performs operations on bytes of data rather than in bits. Since the block size is 128 bits, the
cipher processes 128 bits (or 16 bytes) of the input data at a time.

The number of rounds depends on the key length as follows :

● 128-bit key – 10 rounds

 ● 192-bit key – 12 rounds
● 256-bit key – 14 rounds

Creation of Round Keys

A Key Schedule algorithm calculates all the round keys from the key. So the initial key is used to
create many different round keys which will be used in the corresponding round of the
encryption.

Creation of Round Keys (AES)

Encryption
AES considers each block as a 16-byte (4 byte x 4 byte = 128 ) grid in a column-major
arrangement.

[ b0 | b4 | b8 | b12 |
| b1 | b5 | b9 | b13 |

| b2 | b6 | b10| b14 |

| b3 | b7 | b11| b15 ]

Each round comprises of 4 steps :

● SubBytes
● ShiftRows
● MixColumns
● Add Round Key

The last round doesn’t have the MixColumns round.

The SubBytes does the substitution and ShiftRows and MixColumns perform the permutation in
the algorithm.

Sub Bytes

This step implements the substitution.

In this step, each byte is substituted by another byte. It is performed using a lookup table also
called the S-box. This substitution is done in a way that a byte is never substituted by itself and
also not substituted by another byte which is a compliment of the current byte. The result of this
step is a 16-byte (4 x 4 ) matrix like before.

The next two steps implement the permutation.

Shift Rows

This step is just as it sounds. Each row is shifted a particular number of times.

● The first row is not shifted

● The second row is shifted once to the left.
 ● The third row is shifted twice to the left.
● The fourth row is shifted thrice to the left.

(A left circular shift is performed.)

[ b0 | b1 | b2 | b3 ] [ b0 | b1 | b2 | b3 ]

| b4 | b5 | b6 | b7 | -> | b5 | b6 | b7 | b4 |

| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |

[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 | b14 ]

Mix Columns

This step is a matrix multiplication. Each column is multiplied with a specific matrix and thus
the position of each byte in the column is changed as a result.

This step is skipped in the last round.

[ c0 ] [ 2 3 1 1 ] [ b0 ]

| c1 | = |1 2 3 1| | b1 |

| c2 | |1 1 2 3| | b2 |

[ c3 ] [3 1 1 2] [ b3 ]

Add Round Keys

Now the resultant output of the previous stage is XOR-ed with the corresponding round key.
Here, the 16 bytes are not considered as a grid but just as 128 bits of data.
Added Round Keys (AES)

After all these rounds 128 bits of encrypted data are given back as output. This process is
repeated until all the data to be encrypted undergoes this process.

Decryption
The stages in the rounds can be easily undone as these stages have an opposite to it which when
performed reverts the changes. Each 128 blocks goes through the 10,12 or 14 rounds depending
on the key size.

The stages of each round of decryption are as follows :

● Add round key

● Inverse MixColumns
 ● ShiftRows
● Inverse SubByte

The decryption process is the encryption process done in reverse so I will explain the steps with
notable differences.

Inverse MixColumns

This step is similar to the Mix Columns step in encryption but differs in the matrix used to carry
out the operation.

Mix Columns Operation each column is mixed independent of the other.

Matrix multiplication is used. The output of this step is the matrix multiplication of the old
values and a

constant matrix

[b0] = [ 14 11 13 9] [ c0 ]

[b1]=[ 9 14 11 13 ] [ c1 ]

[b2] =[ 13 9 14 11] [ c2 ]

[ b3 ]=[ 11 13 9 14 ] [ c3 ]

Inverse SubBytes

Inverse S-box is used as a lookup table and using which the bytes are substituted during
decryption.

Function Substitute performs a byte substitution on each byte of the input word. For this purpose,

it uses an S-box.

Applications
AES is widely used in many applications which require secure data storage and transmission.
Some common use cases include:

● Wireless security: AES is used in securing wireless networks, such as Wi-Fi

networks, to ensure data confidentiality and prevent unauthorized access.
● Database Encryption: AES can be applied to encrypt sensitive data stored in
databases. This helps protect personal information, financial records, and other
confidential data from unauthorized access in case of a data breach.
● Secure communications: AES is widely used in protocols such as internet
communications, email, instant messaging, and voice/video calls. It ensures that the
data remains confidential.
● Data storage: AES is used to encrypt sensitive data stored on hard drives, USB
drives, and other storage media, protecting it from unauthorized access in case of loss
or theft.
● Virtual Private Networks (VPNs): AES is commonly used in VPN protocols to
secure the communication between a user’s device and a remote server. It ensures that
data sent and received through the VPN remains private and cannot be deciphered by
eavesdroppers.
● Secure Storage of Passwords: AES encryption is commonly employed to store
passwords securely. Instead of storing plaintext passwords, the encrypted version is
stored. This adds an extra layer of security and protects user credentials in case of
unauthorized access to the storage.
● File and Disk Encryption: AES is used to encrypt files and folders on computers,
external storage devices, and cloud storage. It protects sensitive data stored on
devices or during data transfer to prevent unauthorized access.

RSA Algorithm in Cryptography

RSA algorithm is an asymmetric cryptography algorithm. Asymmetric means that it
works on two different keys i.e. Public Key and Private Key. As the name describes
the Public Key is given to everyone and the Private key is kept private.
An example of asymmetric cryptography:

1. A client (for example browser) sends its public key to the server and
requests some data.
2. The server encrypts the data using the client’s public key and sends the
encrypted data.
3. The client receives this data and decrypts it.

Since this is asymmetric, nobody else except the browser can decrypt the data even if
a third party has the public key of the browser.

The idea! The idea of RSA is based on the fact that it is difficult to factorize a large
integer. The public key consists of two numbers where one number is a multiplication
of two large prime numbers. And private key is also derived from the same two prime
numbers. So if somebody can factorize the large number, the private key is
compromised. Therefore encryption strength lies in the key size and if we double or
triple the key size, the strength of encryption increases exponentially. RSA keys can
be typically 1024 or 2048 bits long, but experts believe that 1024-bit keys could be
broken shortly. But till now it seems to be an infeasible task.

Let us learn the mechanism behind the RSA algorithm : >> Generating Public
Key:

Select two prime no's. Suppose P = 53 and Q = 59.

Now First part of the Public key : n = P*Q = 3127.

We also need a small exponent say e :

But e Must be

An integer.
Not be a factor of Φ(n).

1 < e < Φ(n) [Φ(n) is discussed below],

Let us now consider it to be equal to 3.

Our Public Key is made of n and e

>> Generating Private Key:

We need to calculate Φ(n) :

Such that Φ(n) = (P-1)(Q-1)

so, Φ(n) = 3016

Now calculate Private Key, d :

d = (k*Φ(n) + 1) / e for some integer k

For k = 2, the value of d is 2011.

Now we are ready with our – Public Key ( n = 3127 and e = 3) and Private Key(d =
2011) Now we will encrypt “HI”:

Convert letters to numbers : H = 8 and I = 9

Thus Encrypted Data c = (89e)mod n

Thus our Encrypted Data comes out to be 1394

Now we will decrypt 1394 :

Decrypted Data = (cd)mod n

Thus our Encrypted Data comes out to be 89

8 = H and I = 9 i.e. "HI".

RSA algorithm uses the following procedure to generate public and private keys:
 ○ Select two large prime numbers, p and q.
○ Multiply these numbers to find n = p x q, where n is called the modulus for
encryption and decryption.
○ Choose a number e less than n, such that n is relatively prime to (p - 1) x (q -1). It
means that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such
that 1<e < φ (n), e is prime to φ (n),
gcd (e,d(n)) =1
○ If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using
public key <e, n>. To find ciphertext from the plain text following formula is used to
get ciphertext C.
C = me mod n
Here, m must be less than n. A larger message (>n) is treated as a concatenation of
messages, each of which is encrypted separately.
○ To determine the private key, we use the following formula to calculate the d such
that:
De mod {(p - 1) x (q - 1)} = 1
Or
De mod φ (n) = 1
○ The private key is <d, n>. A ciphertext message c is decrypted using private key <d,
n>. To calculate plain text m from the ciphertext c following formula is used to get
plain text m.
m = cd mod n

Let's take some example of RSA encryption algorithm:

Example 1:
This example shows how we can encrypt plaintext 9 using the RSA public-key encryption
algorithm. This example uses prime numbers 7 and 11 to generate the public and private keys.

Explanation:
Step 1: Select two large prime numbers, p, and q.

p=7

q = 11

Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption
and decryption.

First, we calculate

n=pxq

n = 7 x 11

n = 77

Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e
is prime to φ (n), gcd (e, d (n)) =1.

Second, we calculate

φ (n) = (p - 1) x (q-1)

φ (n) = (7 - 1) x (11 - 1)

φ (n) = 6 x 10

Advertisement

φ (n) = 60

Let us now choose relative prime e of 60 as 7.

Thus the public key is <e, n> = (7, 77)

Step 4: A plaintext message m is encrypted using public key <e, n>. To find ciphertext from the
plain text following formula is used to get ciphertext C.

To find ciphertext from the plain text following formula is used to get ciphertext C.

C = me mod n

C = 97 mod 77

C = 37

Diffie-Hellman algorithm:

The Diffie-Hellman algorithm is being used to establish a shared secret that can be
used for secret communications while exchanging data over a public network using
the elliptic curve to generate points and get the secret key using the parameters.

● For the sake of simplicity and practical implementation of the algorithm, we

will consider only 4 variables, one prime P and G (a primitive root of P) and
two private values a and b.
● P and G are both publicly available numbers. Users (say Alice and Bob)
pick private values a and b and they generate a key and exchange it publicly.
The opposite person receives the key and that generates a secret key, after
which they have the same secret key to encrypt.
Example:

Step 1: Alice and Bob get public numbers P = 23, G = 9

Step 2: Alice selected a private key a = 4 and

Bob selected a private key b = 3

Step 3: Alice and Bob compute public values

Alice: x =(9^4 mod 23) = (6561 mod 23) = 6

Bob: y = (9^3 mod 23) = (729 mod 23) = 16

Step 4: Alice and Bob exchange public numbers

Step 5: Alice receives public key y =16 and

Bob receives public key x = 6

Step 6: Alice and Bob compute symmetric keys

Alice: ka = y^a mod p = 65536 mod 23 = 9

Bob: kb = x^b mod p = 216 mod 23 = 9

Step 7: 9 is the shared secret.

What is a Hash Function?

A hash function is a function that takes an input (or ‘message’) and returns a
fixed-size string of bytes. The output, typically a number, is called the hash code or
hash value. The main purpose of a hash function is to efficiently map data of arbitrary
size to fixed-size values, which are often used as indexes in hash tables.

Key Properties of Hash Functions

● Deterministic: A hash function must consistently produce the same output

for the same input.
● Fixed Output Size: The output of a hash function should have a fixed size,
regardless of the size of the input.
● Efficiency: The hash function should be able to process input quickly.
 ● Uniformity: The hash function should distribute the hash values uniformly
across the output space to avoid clustering.
● Pre-image Resistance: It should be computationally infeasible to reverse
the hash function, i.e., to find the original input given a hash value.
● Collision Resistance: It should be difficult to find two different inputs that
produce the same hash value.
● Avalanche Effect: A small change in the input should produce a
significantly different hash value.

Applications of Hash Functions

● Hash Tables: The most common use of hash functions in DSA is in hash
tables, which provide an efficient way to store and retrieve data.
● Data Integrity: Hash functions are used to ensure the integrity of data by
generating checksums.
● Cryptography: In cryptographic applications, hash functions are used to
create secure hash algorithms like SHA-256.
● Data Structures: Hash functions are utilized in various data structures such
as Bloom filters and hash sets.

Types of Hash Functions

There are many hash functions that use numeric or alphanumeric keys. This article
focuses on discussing different hash functions:

1. Division Method.
2. Multiplication Method
3. Mid-Square Method
4. Folding Method
 5. Cryptographic Hash Functions
6. Universal Hashing
7. Perfect Hashing

Let’s begin discussing these methods in detail.

1. Division Method
The division method involves dividing the key by a prime number and using the
remainder as the hash value.

h(k)=k mod m Where k is the key and 𝑚m is a prime number.

Advantages:

● Simple to implement.
● Works well when 𝑚m is a prime number.

Disadvantages:

● Poor distribution if 𝑚m is not chosen wisely.

2. Multiplication Method
In the multiplication method, a constant 𝐴A (0 < A < 1) is used to multiply the key.
The fractional part of the product is then multiplied by 𝑚m to get the hash value.

h(k)=⌊m(kAmod1)⌋ Where ⌊ ⌋ denotes the floor function.

Advantages:

● Less sensitive to the choice of 𝑚m.

 ● Disadvantages:
● More complex than the division method.

3. Mid-Square Method
In the mid-square method, the key is squared, and the middle digits of the result are
taken as the hash value.

Steps:

1. Square the key.

2. Extract the middle digits of the squared value.

Advantages:

● Produces a good distribution of hash values.

Disadvantages:

● May require more computational effort.

4. Folding Method
The folding method involves dividing the key into equal parts, summing the parts, and
then taking the modulo with respect to 𝑚m.

Steps:

1. Divide the key into parts.

2. Sum the parts.
3. Take the modulo 𝑚m of the sum.

Advantages:
 ● Simple and easy to implement.

Disadvantages:

● Depends on the choice of partitioning scheme.

5. Cryptographic Hash Functions

Cryptographic hash functions are designed to be secure and are used in cryptography.
Examples include MD5, SHA-1, and SHA-256.

Characteristics:

● Pre-image resistance.
● Second pre-image resistance.
● Collision resistance.

Advantages:

● High security.

Disadvantages:

● Computationally intensive.

6. Universal Hashing
Universal hashing uses a family of hash functions to minimize the chance of collision
for any given set of inputs.

h(k)=((a⋅k+b)modp)modm Where a and b are randomly chosen constants, p is

a prime number greater than m, and k is the key.
Advantages:

● Reduces the probability of collisions.

Disadvantages:

● Requires more computation and storage.

7. Perfect Hashing
Perfect hashing aims to create a collision-free hash function for a static set of keys. It
guarantees that no two keys will hash to the same value.

Types:

● Minimal Perfect Hashing: Ensures that the range of the hash function is
equal to the number of keys.
● Non-minimal Perfect Hashing: The range may be larger than the number of
keys.

Advantages:

● No collisions.

Disadvantages:

● Complex to construct.

What is MD5?
MD5 is a cryptographic hash function algorithm that takes the message as input of
any length and changes it into a fixed-length message of 16 bytes. MD5 algorithm
stands for the message-digest algorithm. MD5 was developed in 1991 by Ronald
Rivest as an improvement of MD4, with advanced security purposes. The output of
MD5 (Digest size) is always 128 bits.

Overview Of MD5 Algorithm

Working of the MD5 Algorithm

MD5 algorithm follows the following steps

1. Append Padding Bits: In the first step, we add padding bits in the original
message in such a way that the total length of the message is 64 bits less than the
exact multiple of 512.

Suppose we are given a message of 1000 bits. Now we have to add padding bits to the
original message. Here we will add 472 padding bits to the original message. After
adding the padding bits the size of the original message/output of the first step will be
1472 i.e. 64 bits less than an exact multiple of 512 (i.e. 512*3 = 1536).

Length(original message + padding bits) = 512 * i – 64 where i = 1,2,3 . . .

One Round of MD5 Operation

2. Append Length Bits: In this step, we add the length bit in the output of the first
step in such a way that the total number of the bits is the perfect multiple of 512.
Simply, here we add the 64-bit as a length bit in the output of the first step.
i.e. output of first step = 512 * n – 64
length bits = 64.

After adding both we will get 512 * n i.e. the exact multiple of 512.

3. Initialize MD buffer: Here, we use the 4 buffers i.e. A B, C, and D. The size of
each buffer is 32 bits.

- A = 0x67425301

- B = 0xEDFCBA45

- C= 0x98CBADFE

- D = 0x13DCE476

F,G,H and I functions

4. Process Each 512-bit Block: This is the most important step of the MD5
algorithm. Here, a total of 64 operations are performed in 4 rounds. In the 1st round,
16 operations will be performed, 2nd round 16 operations will be performed, 3rd
round 16 operations will be performed, and in the 4th round, 16 operations will be
performed. We apply a different function on each round i.e. for the 1st round we apply
the F function, for the 2nd G function, 3rd for the H function, and 4th for the I
function.
We perform OR, AND, XOR, and NOT (basically these are logic gates) for
calculating functions. We use 3 buffers for each function i.e. B, C, D.

Process P Operation

After applying the function now we perform an operation on each block. For
performing operations we need

● add modulo 232

● M[i] – 32 bit message.
● K[i] – 32-bit constant.
● <<<n – Left shift by n bits.
Now take input as initialize MD buffer i.e. A, B, C, D. Output of B will be fed in C,
C will be fed into D, and D will be fed into J. After doing this now we perform some
operations to find the output for A.

● In the first step, Outputs of B, C, and D are taken and then the function F is
applied to them. We will add modulo 232 bits for the output of this with A.
● In the second step, we add the M[i] bit message with the output of the first
step.
● Then add 32 bits constant i.e. K[i] to the output of the second step.
● At last, we do left shift operation by n (can be any value of n) and addition
modulo by 232.

After all steps, the result of A will be fed into B. Now same steps will be used for all
functions G, H, and I. After performing all 64 operations we will get our message
digest.

What is MD5 Algorithm Used For?

● MD5 is used as a checksum to verify the integrity of files and data by
comparing the hash of the original file with the file received to check if the
files or data has been altered.
● MD5 is used for data security and encryption e.g. Secure password of users
in database and non-sensitive data.
● It is used in version control systems to manage different versions of files.
● It was earlier used in digital signatures and certificate but due it’s
vulnerabilities, it has been replaced by more secure algorithms like
SHA-256.

Advantages of MD5 Algorithm

 ● MD5 is faster and simple to understand.
● MD5 algorithm generates a strong password in 16 bytes format. All
developers like web developers, etc. use the MD5 algorithm to secure the
password of users.
● To integrate the MD5 algorithm, relatively low memory is necessary.
● It is very easy and faster to generate a digest message of the original
message.

Disadvantages of MD5 Algorithm

● MD5 generates the same hash function for different inputs (hash collision).
● MD5 provides poor security over SHA1, SHA256 and other modern
cryptographic algorithms.
● MD5 has been considered an insecure algorithm. So now we are using
SHA256 instead of MD5.
● MD5 is neither a symmetric nor asymmetric algorithm.

SHA-1 Hash
SHA-1 or Secure Hash Algorithm 1 is a cryptographic algorithm that takes an input
and produces a 160-bit (20-byte) hash value. This hash value is known as a message
digest. This message digest is usually then rendered as a hexadecimal number which
is 40 digits long. It is a U.S. Federal Information Processing Standard and was
designed by the United States National Security Agency. SHA-1 is been considered
insecure since 2005. Major tech giants browsers like Microsoft, Google, Apple, and
Mozilla have stopped accepting SHA-1 SSL certificates by 2017.
SHA-1 Hash

How SHA-1 Works

The block diagram of the SHA-1 (Secure Hash Algorithm 1) algorithm. Here’s a
detailed description of each component and process in the diagram:

Components and Process Flow:

1. Message (M):

● The original input message that needs to be hashed.

2. Message Padding:
 ● The initial step where the message is padded to ensure its length is
congruent to 448 modulo 512. This step prepares the message for
processing in 512-bit blocks.
3. Round Word Computation (WtW_tWt​):

● After padding, the message is divided into blocks of 512 bits, and
each block is further divided into 16 words of 32 bits. These
words are then expanded into 80 32-bit words, which are used in
the subsequent rounds.
4. Round Initialize (A, B, C, D, and E):

● Initialization of five working variables (A, B, C, D, and E) with

specific constant values. These variables are used to compute the
hash value iteratively.
5. Round Constants (KtK_tKt​):

● SHA-1 uses four constant values (K1K_1K1​, K2K_2K2​,

K3K_3K3​, K4K_4K4​), each applied in a specific range of rounds:
○ K1K_1K1​for rounds 0-19
○ K2K_2K2​for rounds 20-39
○ K3K_3K3​for rounds 40-59
○ K4K_4K4​for rounds 60-79
6. Rounds (0-79):

● The main computation loop of SHA-1, divided into four stages

(each corresponding to one of the constants K1K_1K1​ to
K4K_4K4​). In each round, a combination of logical functions and
operations is performed on the working variables (A, B, C, D, and
E) using the words generated in the previous step.
 7. Final Round Addition:

● After all 80 rounds, the resulting values of A, B, C, D, and E are

added to the original hash values to produce the final hash.
8. MPX (Multiplexing):

● Combines the results from the final round addition to form the
final message digest.

Public key infrastructure

Public key infrastructure (PKI) is a system that uses hardware, software, policies, and
procedures to create, manage, and distribute digital certificates and public-key
encryption. PKI is used to secure data transfers, authenticate users and devices, and
ensure that data is encrypted and can be decrypted by both parties
 ● Securing web traffic: PKI is built into web browsers and helps secure public internet
traffic.
● Securing internal communications: Organizations can use PKI to secure internal
communications and ensure that connected devices can connect securely.
● Authenticating users and devices: PKI helps users confirm the validity of devices and
websites, ensuring that users are connecting to the right website.
● Encrypting and decrypting files: PKI can be used to encrypt and decrypt files.
● Email encryption: PKI can be used to encrypt and authenticate email senders.
● Signing documents and software: PKI can be used to sign documents and software.

Digital Signatures and Certificates

Digital Signature

A digital signature is a mathematical technique used to validate the authenticity and

integrity of a message, software, or digital document.

1. Key Generation Algorithms: Digital signature is electronic signatures,

which assure that the message was sent by a particular sender. While
performing digital transactions authenticity and integrity should be assured,
otherwise, the data can be altered or someone can also act as if he was the
sender and expect a reply.
2. Signing Algorithms: To create a digital signature, signing algorithms like

email programs create a one-way hash of the electronic data which is to be

signed. The signing algorithm then encrypts the hash value using the private
key (signature key). This encrypted hash along with other information like
the hashing algorithm is the digital signature. This digital signature is
 appended with the data and sent to the verifier. The reason for encrypting
the hash instead of the entire message or document is that a hash function
converts any arbitrary input into a much shorter fixed-length value. This
saves time as now instead of signing a long message a shorter hash value
has to be signed and moreover hashing is much faster than signing.
3. Signature Verification Algorithms : Verifier receives Digital Signature

along with the data. It then uses Verification algorithm to process on the
digital signature and the public key (verification key) and generates some
value. It also applies the same hash function on the received data and
generates a hash value. If they both are equal, then the digital signature is
valid else it is invalid.

The steps followed in creating digital signature are :

1. Message digest is computed by applying hash function on the message and

then message digest is encrypted using the private key of the sender to form
the digital signature. (digital signature = encryption (private key of sender,
message digest) and message digest = message digest algorithm(message)).
2. Digital signature is then transmitted with the message.(message + digital
signature is transmitted)
3. Receiver decrypts the digital signature using the public key of sender.(This
assures authenticity, as only sender has his private key so only sender can
encrypt using his private key which can thus be decrypted by sender’s
public key).
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message (actual
message is sent with the digital signature).
 6. The message digest computed by the receiver and the message digest (got
by decryption on digital signature) need to be the same for ensuring
integrity.

Assurances about digital signatures

The definitions and words that follow illustrate the kind of assurances that digital
signatures offer.

1. Authenticity: The identity of the signer is verified.

2. Integration: Since the content was digitally signed, it hasn’t been altered or

interfered with.
3. Non-repudiation: demonstrates the source of the signed content to all

parties. The act of a signer denying any affiliation with the signed material
is known as repudiation.
 4. Notarization: Under some conditions, a signature in a Microsoft Word,

Microsoft Excel, or Microsoft PowerPoint document that has been

time-stamped by a secure time-stamp server is equivalent to a notarization.

Benefits of Digital Signatures

● Legal documents and contracts: Digital signatures are legally binding.

This makes them ideal for any legal document that requires a signature
authenticated by one or more parties and guarantees that the record has not
been altered.
● Sales contracts: Digital signing of contracts and sales contracts
authenticates the identity of the seller and the buyer, and both parties can be
sure that the signatures are legally binding and that the terms of the
agreement have not been changed.
● Financial Documents: Finance departments digitally sign invoices so
customers can trust that the payment request is from the right seller, not
from a bad actor trying to trick the buyer into sending payments to a
fraudulent account.
● Health Data: In the healthcare industry, privacy is paramount for both
patient records and research data. Digital signatures ensure that this
confidential information was not modified when it was transmitted between
the consenting parties.

Drawbacks of Digital Signature

 ● Dependency on technology: Because digital signatures rely on technology,
they are susceptible to crimes, including hacking. As a result, businesses
that use digital signatures must make sure their systems are safe and have
the most recent security patches and upgrades installed.
● Complexity: Setting up and using digital signatures can be challenging,
especially for those who are unfamiliar with the technology. This may result
in blunders and errors that reduce the system’s efficacy. The process of
issuing digital signatures to senior citizens can occasionally be challenging.
● Limited acceptance: Digital signatures take time to replace manual ones
since technology is not widely available in India, a developing nation.

Digital Certificate

Digital certificate is issued by a trusted third party which proves sender’s identity to
the receiver and receiver’s identity to the sender.
A digital certificate is a certificate issued by a Certificate Authority (CA) to verify the
identity of the certificate holder. Digital certificate is used to attach public key with a
particular individual or an entity.

Digital certificate contains

● Name of certificate holder.

● Serial number which is used to uniquely identify a certificate, the individual
or the entity identified by the certificate
● Expiration dates.
 ● Copy of certificate holder’s public key.(used for decrypting messages and
digital signatures)
● Digital Signature of the certificate issuing authority.

Digital certificate is also sent with the digital signature and the message.

Advantages of Digital Certificate

● NETWORK SECURITY : A complete, layered strategy is required by

modern cybersecurity methods, wherein many solutions cooperate to offer
the highest level of protection against malevolent actors. An essential
component of this puzzle is digital certificates, which offer strong defence
against manipulation and man-in-the-middle assaults.
● VERIFICATION : Digital certificates facilitate cybersecurity by restricting
access to sensitive data, which makes authentication a crucial component of
cybersecurity. Thus, there is a decreased chance that hostile actors will
cause chaos. At many different endpoints, certificate-based authentication
provides a dependable method of identity verification. Compared to other
popular authentication methods like biometrics or one-time passwords,
certificates are more flexible.
● BUYER SUCCESS : Astute consumers demand complete assurance that
the websites they visit are reliable. Because digital certificates are supported
by certificate authority that users’ browsers trust, they offer a readily
identifiable indicator of reliability.

Disadvantages of Digital Certificate

 ● Phishing attacks: To make their websites look authentic, attackers can
fabricate bogus websites and obtain certificates. Users may be fooled into
providing sensitive information, such as their login credentials, which the
attacker may then take advantage of.
● Weak encryption: Older digital certificate systems may employ less secure
encryption methods that are open to intrusions.
● Misconfiguration: In order for digital certificates to work, they need to be
set up correctly. Websites and online interactions can be attacked due to
incorrectly configured certificates.

Digital certificate vs digital signature

Digital signature is used to verify authenticity, integrity, non-repudiation ,i.e. it is

assuring that the message is sent by the known user and not modified, while digital
certificate is used to verify the identity of the user, maybe sender or receiver. Thus,
digital signature and certificate are different kind of things but both are used for
security. Most websites use digital certificate to enhance trust of their users

Feature Digital Signature Digital Certificate

Basics / Definition A digital signature secures Digital certificate is a file

the integrity of a digital that ensures holder’s
 document in a similar way identity and provides
as a fingerprint or security.
attachment.

Hashed value of original It is generated by CA

data is encrypted using (Certifying Authority) that
Process / Steps sender’s private key to involves four steps: Key
generate the digital Generation, Registration,
signature. Verification, Creation.

Authenticity of Sender, It provides security and

Security Services integrity of the document authenticity of certificate
and non-repudiation. holder.

It follows Digital It follows X.509 Standard

Standard
Signature Standard (DSS). Format

X.500
X.500 is a series of standards developed by the International Telecommunication
Union (ITU) for directory services. It provides a framework for managing and
accessing directory information in a hierarchical manner, similar to an electronic
phone book. The idea is to have a centralized, organized directory that allows for
easy retrieval and management of information across large networks or
organizations.

Benefits of X.500

1. Centralized Management: X.500 allows for a single, unified directory that

can be accessed and managed centrally, simplifying administrative tasks.
2. Hierarchical Structure: The tree-like structure makes it easier to organize
and navigate large amounts of directory information.
3. Scalability: X.500 is designed to handle large volumes of data and users,
making it suitable for large organizations and networks.
4. Security: Built-in security features, such as access controls and
authentication mechanisms, help protect the integrity and confidentiality of
directory information.
5. Interoperability: Since it's a standard, X.500 ensures compatibility and
interoperability between different systems and applications that adhere to
the same standard.

X.509 Authentication Service

X.509 is a digital certificate that is built on top of a widely trusted standard known as
ITU or International Telecommunication Union X.509 standard, in which the format
of PKI certificates is defined. X.509 digital certificate is a certificate-based
authentication security framework that can be used for providing secure transaction
processing and private information. These are primarily used for handling the security
and identity in computer networking and internet-based communications.

Working of X.509 Authentication Service Certificate:

The core of the X.509 authentication service is the public key certificate connected to
each user. These user certificates are assumed to be produced by some trusted
certification authority and positioned in the directory by the user or the certified
authority. These directory servers are only used for providing an effortless reachable
location for all users so that they can acquire certificates. X.509 standard is built on an
IDL known as ASN.1. With the help of Abstract Syntax Notation, the X.509
certificate format uses an associated public and private key pair for encrypting and
decrypting a message.

Once an X.509 certificate is provided to a user by the certified authority, that

certificate is attached to it like an identity card. The chances of someone stealing it or
losing it are less, unlike other unsecured passwords. With the help of this analogy, it is
easier to imagine how this authentication works: the certificate is basically presented
like an identity at the resource that requires authentication.

Public Key certificate use

Format of X.509 Authentication Service Certificate:

Generally, the certificate includes the elements given below:

● Version number: It defines the X.509 version that concerns the certificate.
● Serial number: It is the unique number that the certified authority issues.
● Signature Algorithm Identifier: This is the algorithm that is used for
signing the certificate.
● Issuer name: Tells about the X.500 name of the certified authority which
signed and created the certificate.
● Period of Validity: It defines the period for which the certificate is valid.
● Subject Name: Tells about the name of the user to whom this certificate has
been issued.
● Subject’s public key information: It defines the subject’s public key along
with an identifier of the algorithm for which this key is supposed to be used.
● Extension block: This field contains additional standard information.
● Signature: This field contains the hash code of all other fields which is
encrypted by the certified authority private key.
Applications of X.509 Authentication Service Certificate:

Many protocols depend on X.509 and it has many applications, some of them are
given below:

● Document signing and Digital signature

● Web server security with the help of Transport Layer Security (TLS)/Secure
Sockets Layer (SSL) certificates
● Email certificates
● Code signing
● Secure Shell Protocol (SSH) keys
● Digital Identities