Computer Network

Lecture 17
Ms. Sukla Banerjee, Asst Prof, Dept. of CSE,
RCCIIT
Cryptography
What Is Cryptography?
 Cryptography -- from the Greek for “secret
writing” -- is the mathematical “scrambling”
of data so that only someone with the
necessary key can “unscramble” it.
 Cryptography allows secure transmission of
private information over insecure channels
(for example packet-switched networks).
 Cryptography also allows secure storage of
sensitive data on any computer.
 Plaintext and Ciphertext
The original message, before being transformed, is called plaintext.
After the message is transformed, it is called ciphertext. An
encryption algorithm transforms the plaintext into ciphertext; a
decryption algorithm transforms the ciphertext back into plaintext.
The sender uses an encryption algorithm, and the receiver uses a
decryption algorithm.
 Cipher
We refer to encryption and decryption algorithms as ciphers. The
term cipher is also used to refer to different categories of algorithms
in cryptography. One cipher can serve millions of communicating
pairs.
 Key
A key is a number (or a set of numbers) that the cipher, as an
algorithm, operates on. To encrypt a message, we need an
encryption algorithm, an encryption key, and the plaintext. These
create the ciphertext. To decrypt a message, we need a decryption
algorithm, a decryption key, and the ciphertext. These reveal the
original plaintext.
Figure 20.1 Cryptography components
Figure 20.2 Categories of cryptography
Classical Cryptography:
Secret-Key or Symmetric Cryptography
 Alice and Bob agree on an encryption
method and a shared key.
 Alice uses the key and the encryption
method to encrypt (or encipher) a
message and sends it to Bob.
 Bob uses the same key and the related
decryption method to decrypt (or
decipher) the message.
Figure 20.3 Symmetric-key cryptography
Note

In symmetric-key cryptography, the

same key is used by the sender
(for encryption)
and the receiver (for decryption).
The key is shared.
Advantages of Classical
Cryptography
 There are some very fast classical
encryption (and decryption) algorithms
 Since the speed of a method varies with
the length of the key, faster algorithms
allow one to use longer key values.
 Larger key values make it harder to guess
the key value -- and break the code -- by
brute force.
 Disadvantages of Classical
Cryptography
 Requires secure transmission of key
value
 Requires a separate key for each group of
people that wishes to exchange encrypted
messages (readable by any group
member)
 For example, to have a separate key for each
pair of people, 100 people would need 4950
different keys.
Figure 20.4 Traditional ciphers
Note

A substitution cipher replaces one

symbol with another.
 Example 20.1

The following shows a plaintext and its corresponding

ciphertext. Is the cipher monoalphabetic?

Solution
The cipher is probably monoalphabetic because both
occurrences of L’s are encrypted as O’s.
 Example 20.2

The following shows a plaintext and its corresponding

ciphertext. Is the cipher monoalphabetic?

Solution
The cipher is not monoalphabetic because each
occurrence of L is encrypted by a different character.
The first L is encrypted as N; the second as Z.
How this Cipher Works
1.Pick a keyword (for our example, the keyword will be "MEC").
2.Write your keyword across the top of the text you want to encipher,
repeating it as many times as necessary.
3.For each letter, look at the letter of the keyword above it (if it was 'M',
then you would go to the row that starts with an 'M'), and find that row
in the Vigenere table.
4.Then find the column of your plaintext letter (for example, 'w', so the
twenty-third column).
5.Finally, trace down that column until you reach the row you found
before and write down the letter in the cell where they intersect (in this
case, you find an 'I' there).

Keyword:
MECMECMECMECMECMECMECM
Plaintext:
weneedmoresuppliesfast
Ciphertext:
IIPQIFYSTQWWBTNUIUREUF
 Vigen�re Table

ROW

0 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

1 B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

2 C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

3 D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

4 E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

5 F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

6 G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

7 H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

8 I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

9 J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

10 K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

11 L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

12 M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

13 N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

14 O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

15 P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

16 Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

17 R S T U V W X Y Z A B C D E F G H I J K L M N O P Q

18 S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

19 T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

20 U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

21 V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

22 W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

23 X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

24 Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

25 Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
Note

The shift cipher is sometimes referred to

as the Caesar cipher.
 Example 20.3

Use the shift cipher with key = 15 to encrypt the message

“HELLO.”

Solution
We encrypt one character at a time. Each character is
shifted 15 characters down. Letter H is encrypted to W.
Letter E is encrypted to T. The first L is encrypted to A.
The second L is also encrypted to A. And O is encrypted to
D. The cipher text is WTAAD.
 Example 20.4

Use the shift cipher with key = 15 to decrypt the message

“WTAAD.”

Solution
We decrypt one character at a time. Each character is
shifted 15 characters up. Letter W is decrypted to H.
Letter T is decrypted to E. The first A is decrypted to L.
The second A is decrypted to L. And, finally, D is
decrypted to O. The plaintext is HELLO.
Note

A transposition cipher reorders

(permutes) symbols in a block of
symbols.
Figure 20.5 Transposition cipher
 Example 20.5

Encrypt the message “HELLO MY DEAR,” using the key

shown in Figure 20.5.

Solution
We first remove the spaces in the message. We then divide
the text into blocks of four characters. We add a bogus
character Z at the end of the third block. The result is
HELL OMYD EARZ. We create a three-block ciphertext
ELHLMDOYAZER.
 Example 20.6

Using Example 20.5, decrypt the message

“ELHLMDOYAZER”.

Solution
The result is HELL OMYD EARZ. After removing the
bogus character and combining the characters, we get the
original message “HELLO MY DEAR.”
Figure 20.6 XOR cipher

An XOR operation needs two data inputs plaintext, as the first

and a key as the second. In other words, one of the inputs is
the block to be the encrypted, the other input is a key; the
result is the encrypted block. Note that in an XOR cipher, the
size of the key, the plaintext, and the ciphertext are all the
same. XOR ciphers have a very interesting property: the
encryption and decryption are the same.
Figure 20.7 Rotation cipher

Another common cipher is the rotation cipher, in which the

input bits are rotated to the left or right. The rotation cipher
can be keyed or keyless. In keyed rotation, the value of the
key defines the number of rotations; in keyless rotation the
number of rotations is fixed.
Figure 20.8 Substitution Cipher: S-box

An S-box (substitution box) parallels the traditional substitution

cipher for characters. The input to an S-box is a stream of bits
with length N; the result is another stream of bits with length M.
And N and M are not necessarily the same. The S-box is
normally keyless and is used as an intermediate stage of
encryption or decryption. The function that matches the input
to the output may be defined mathematically or by a table.
Transposition Cipher: P-box
A P-box (permutation box) for bits parallels the traditional
transposition cipher for characters.

It performs a transposition at the bit level; it transposes

bits. It can be implemented in software or hardware, but
hardware is faster. P-boxes, like S-boxes, are normally
keyless.

We can have three types of permutations in P-boxes: the

straight permutation, expansion permutation, and
compression permutation.
Figure 20.9 P-boxes: straight, expansion, and compression
Data Encryption Standard (DES)
One example of a complex block cipher is the Data
Encryption Standard (DES). DES was designed by IBM
and adopted by the U.S. government as the standard
encryption method for nonmilitary and nonclassified use.
The algorithm encrypts a 64-bit plaintext block using a
64-bit key.

DES has two transposition blocks (P-boxes) and 16

complex round ciphers (they are repeated). Although the
16 iteration round ciphers are conceptually the same,
each uses a different key derived from the original key.
The initial and final permutations are keyless straight
permutations that are the inverse of each other. The
permutation takes a 64-bit input and permutes them
according to predefined values.
Figure 20.10 DES
Figure 20.11 One round in DES ciphers
DES function

DES Function The heart of DES is the DES

function. The DES function applies a 48-bit
key to the rightmost 32 bits Ri to produce a
32-bit output. This function is made up of
four operations: an XOR, an expansion
permutation, a group of S-boxes, and a
straight permutation.
Figure 20.12 DES function
 ASYMMETRIC-KEY CRYPTOGRAPHY

An asymmetric-key (or public-key) cipher uses two

keys: one private and one public. We discuss two
algorithms: RSA and Diffie-Hellman.

Topics discussed in this section:

RSA
Diffie-Hellman
Public-Key Cryptography:
Asymmetric Cryptography
 Alice generates a key value (usually a
number or pair of related numbers)
which she makes public.
 Alice uses her public key (and some
additional information) to determine a
second key (her private key).
 Alice keeps her private key (and the
additional information she used to
construct it) secret.
Public-Key Cryptography
(continued)
 Bob can use Alice’s public key to encrypt a
message for Alice.
 Alice can use her private key to decrypt
this message.
 No-one without access to Alice’s private
key (or the information used to construct
it) can easily decrypt the message.
Figure 20.13 Asymmetric-key cryptography
An Example: Internet Commerce
 Bob wants to use his credit card to buy
some brownies from Alice over the
Internet.
 Alice sends her public key to Bob.
 Bob uses this key to encrypt his credit-
card number and sends the encrypted
number to Alice.
 Alice uses her private key to decrypt
this message (and get Bob’s credit-card
number).
Hybrid Encryption Systems

 All known public key encryption algorithms

are much slower than the fastest secret-
key algorithms.
 In a hybrid system, Alice uses Bob’s
public key to send him a secret shared
session key.
 Alice and Bob use the session key to
exchange information.
The RSA Encryption Algorithm
 Use a random process to select two
large prime numbers P and Q.
Compute the product N = P*Q. This
number is called the modulus, and is
made publicly available.
 RSA currently recommends a modulus
that’s at least 768 bits long.
 Also compute the Euler totient
T ( or ɸ(n)) = (P-1)*(Q-1). Keep
this number (as well as P and Q)
secret.
RSA (continued)

 Randomly choose a public key E such that

1< E< φ(n) and E and N are coprime.
 Compute a private key D so that E*D leaves
a remainder of 1 when divided by T or ɸ(n).
 We say E*D is congruent to 1 modulo T

 Note that D is easy to compute only if one

knows the value of T. This is essentially the
same as knowing the values of P and Q.
RSA (continued)
 If M is any number that is not divisible by N,
then dividing ME*D by N and taking the
remainder yields the original value M.
 This is a relatively deep mathematical theorem, which
we can write as ME*D mod N = M.)
 If M is a numeric encoding of a block of
plaintext, the cyphertext is C = ME mod N.
 Then CD mod N
= (ME mod N )D mod N
= ME*D mod N= M.
 Thus, we can recover the plaintext M with the
private key D.
Figure 20.14 RSA
Note

In RSA, e and n are announced to the

public; d and F are kept secret.
 Example 20.8
Choose p = 3 and q = 11
Compute n = p * q = 3 * 11 = 33
Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20
Choose e such that 1 < e < φ(n) and e and n
are coprime. Let e = 7
Compute a value for d such that (d * e) %
φ(n) = 1. One solution is d = 3 [(3 * 7) % 20 = 1]
Public key is (e, n) => (7, 33)
Private key is (d, n) => (3, 33)
The encryption of m = 2 is c = 27 % 33 = 29
The decryption of c = 29 is m = 293 % 33 = 2
 Diffie-Hellman
Diffie-Hellman, was originally designed for key
exchange. In the Diffie-Hellman cryptosystem,
two parties create a symmetric session key to
exchange data without having to remember or
store the key for future use.

•Alice and Bob need a symmetric key to

communicate.

•Before establishing a symmetric key, the two

parties need to choose two numbers p and g.
•The first number, p, is a large prime number
on the order of 300 decimal digits (1024
bits).
•The second number is a random number (g
being a primitive root mod p). These two
numbers can be public.
•Step 1: Alice chooses a large random
number x and calculates R1=gx mod p.
•Step 2: Bob chooses another large random
number y and calculates R2 = gy mod p.
•Step 3: Alice sends R1 to Bob. Note that
Alice does not send the value of x; she sends
only R1-
•Step 4: Bob sends R2 to Alice. Again, note
that Bob does not send the value of y, he
sends only R2.
•Step 5: Alice calculates K = (R2)x mod p.
•Step 6: Bob also calculates K = (R1)y mod p.
•The symmetric key for the session is K.
Note

The symmetric (shared) key in the

Diffie-Hellman protocol is
K = gxy mod p.
 Example 30.10

Let us give a trivial example to make the procedure clear.

Our example uses small numbers, but note that in a real
situation, the numbers are very large. Assume g = 7 and
p = 23. The steps are as follows:
1. Alice chooses x = 3 and calculates R1 = 73 mod 23 = 21.
2. Bob chooses y = 6 and calculates R2 = 76 mod 23 = 4.
3. Alice sends the number 21 to Bob.
4. Bob sends the number 4 to Alice.
5. Alice calculates the symmetric key K = 43 mod 23 = 18.
6. Bob calculates the symmetric key K = 216 mod 23 = 18.
The value of K is the same for both Alice and Bob;
gxy mod p = 718 mod 23 = 18.
Figure 30.27 Diffie-Hellman idea
Figure 30.28 Man-in-the-middle attack
Digital Signatures: Signing a Document
 Alice applies a (publicly known) hash
function to a document that she
wishes to “sign.” This function produces
a digest of the document (usually a
number).
 Alice then uses her private key to
“encrypt” the digest.
 She can then send, or even broadcast,
the document with the encrypted
digest.
Digital Signature Verification
 Bob uses Alice’s public key to “decrypt”
the digest that Alice “encrypted” with
her private key.
 Bob applies the hash function to the
document to obtain the digest directly.
 Bob compares these two values for the
digest. If they match, it proves that
Alice signed the document and that no
one else has altered it.
Secure Transmission of Digitally
Signed Documents
 Alice uses her private key to digitally
sign a document. She then uses Bob’s
public key to encrypt this digitally
signed document.
 Bob uses his private key to decrypt the
document. The result is Alice’s digitally
signed document.
 Bob uses Alice’s public key to verify
Alice’s digital signature.