0

• Cryptography is the theoretical foundation of security.

• Before the modern era, cryptography focused on message confidentiality and referred
almost exclusively to encryption. In recent decades, the field has expanded beyond
confidentiality and concerns to include techniques for message integrity, digital
signatures, secure computation, and so on. In this chapter, we talk about cryptography
briefly. Topics include symmetric encryption, asymmetric encryption, hash function,
message authentication code, digital signature, and key distribution techniques. The
emphasis is on the most important and most popular algorithms.
• The first section is symmetric encryption.

• Symmetric encryption was the only type of encryption in use prior to the development
of public-key encryption in the late 1970s. It remains by far the most widely used of
the two types of encryption.
• The figure shows the model of symmetric encryption.
• Plaintext Space: the set of all possible messages.

• Ciphertext Space: the set of all possible ciphertexts; a ciphertext is a transformed and
incomprehensible message.

• Key Space: the set of all possible keys.

• Decryption algorithm: takes keys and ciphertexts as input, and outputs original
plaintext messages. X=D(K, Y)
• 1. The encryption algorithm needs to be strong, such that an opponent who knows the
algorithm and has access to a number of ciphertexts together with the plaintext would
be unable to decipher other ciphertexts or figure out the key. So we should make sure
there is no security vulnerability in the algorithms.

• 2. Sender and receiver must share the secret key in a secure fashion and must keep the
key secure. If someone can discover the key and knows the algorithm, all
communication using this key is readable.

• In practice, the encryption and decryption algorithms usually are public known, in
order to enable widespread use. Thus, the security of symmetric encryption depends on
the secrecy of the key, not the secrecy of the algorithm. In other words, to protect data
encrypted using a symmetric cipher, we need to keep the key safe.
• Brute-force attack: The attacker tries every possible key on a piece of ciphertext until
the original plaintext is obtained. On average, half of all possible keys must be tried to
achieve success.

• Cryptanalysis: This type of attack relies on the nature of the algorithm and exploits the
characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce
the key being used. If a symmetric encryption algorithm has security vulnerabilities, it
is easy to break it.
• The most commonly used symmetric encryption algorithms are block ciphers. In a
block cipher, the plaintext input is first divided into multiple fixed-sized blocks, then
each plaintext block is treated as a whole and used to produce a ciphertext block of
equal length. Similarly, in decryption, each ciphertext block is recovered into a plaintext
block.
• Data Encryption Standard (DES) was the most widely used symmetric cipher until the
introduction of the AES in 2001.

• DES is a symmetric block cipher. The plaintext block is 64 bits in length and the key is
56 bits. The encryption algorithm transforms 64-bit input in a series of steps into a 64-
bit output. The same steps, with the same key, are used to reverse the encryption.
• The overall scheme for DES encryption is illustrated in the figure.

• There are two inputs to the encryption function: the plaintext to be encrypted and the
key. In DES, the plaintext must be 64 bits in length and the key is 56 bits in length.

• The left-hand side of the figure shows the encryption process, which proceeds in three
phases.

• First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges the
bits to produce the permuted input.

• This is followed by a phase consisting of sixteen rounds of the same function, which
involves both permutation and substitution functions. The output of the last (sixteenth)
round consists of 64 bits that are a function of the input plaintext and the key. The left
and right halves of the output are swapped to produce the preoutput.

• Finally, the preoutput is passed through a permutation that is the inverse of the initial
permutation function, to produce the 64-bit ciphertext.

• The right-hand portion of the figure shows the way in which the 56-bit key is used.
Initially, the key is passed through a permutation function. Then, for each of the
sixteen rounds, a subkey (Ki) is produced by the combination of a left circular shift and
a permutation. The permutation function is the same for each round, but a different
subkey is produced because of the repeated shifts of the key bits.

• Decryption uses the same algorithm as encryption, except that the application of the
subkeys is reversed. Additionally, the initial and final permutations are reversed.
• Concerns about the strength of DES fall into two categories: concerns about the
algorithm itself and concerns about the use of a 56-bit key.

• The first concern refers to the possibility of exploiting the characteristics of the DES
algorithm to break it. Over the years, there have been numerous attempts to find and
exploit weaknesses in the algorithm, making DES the most-studied encryption
algorithm in existence. However, no one has so far succeeded in discovering a fatal
weakness in DES.

• A more serious concern is key length. With a key length of 56 bits, there are 256
possible keys. With the advances in computer hardware and distributed computing, a
brute-force attack appears practical.
• The input to the encryption and decryption algorithms is a single 128-bit block, and
this block is depicted as a 4 * 4 square matrix of bytes.

• The cipher consists of N rounds, where the number of rounds depends on the key
length: 10 rounds for a 16-byte key, 12 rounds for a 24-byte key, and 14 rounds for a
32-byte key. In this figure, a 16-byte key is used, so N is 10. The first N - 1 rounds
consist of four distinct transformation functions: SubBytes, ShiftRows, MixColumns, and
AddRoundKey. The final round contains only three transformations, and there is a
initial single transformation (AddRoundKey) before the first round, which can be
considered Round 0. Each transformation takes one or more 4 * 4 matrices as input
and produces a 4 * 4 matrix as output. The output of the final round is the ciphertext.

• Also, the key expansion function generates N + 1 round keys, each of which is a
distinct 4 * 4 matrix. Each round key serves as one of the inputs to the AddRoundKey
transformation in each round.
• The figure is a representative diagram of stream cipher structure.

• A key is input to a pseudorandom number generator, which produces a stream of 8-bit

• In decryption, the same key is input to the PRNG, which produces the same
pseudorandom sequence to recover the plaintext byte stream.
• To begin, the entries of S are set equal to the values from 0 through 255 in ascending
order; that is, S[0]=0, S[1]=1, . . ., S[255]=255. A temporary vector, T, is also created. If
the length of the key K is 256 bytes, then K is transferred to T. Otherwise if the length
of the key K is less than 256 bytes, K is repeated as many times as necessary to fill out
T.

• Next we use T to produce the initial permutation of S. This involves starting with S[0]
and going through to S[255]. For each S[i], swapping S[i] with another byte in S
according to a scheme dictated by T[i]
• Once the S vector is initialized, the input key is no longer used. Stream generation
involves cycling through all the elements of S[i] and, for each S[i], swapping S[i] with
another byte in S according to a scheme dictated by the current configuration of S.
After S[255] is reached, the process continues, starting over again at S[0].

• To encrypt, XOR the value k with the next byte of plaintext. To decrypt ,XOR the value
k with the next byte of ciphertext.