Chapter 4: Modern Cryptography

Chapter 4: Modern Cryptography

4.1. Introduction
Modern cryptography is the cornerstone of computer and communications security. Its foundation is based
on various concepts of mathematics such as number and probability theory. The difference between classical
and modern cryptography can be summarized as in the following table.
Table 4.1. characteristics of modern and classical cryptography
Classical cryptography Modern cryptography
It manipulates traditional characters, It operates on binary bit sequences.
i.e., letters and digits directly.
It is mainly based on ‘security It relies on publicly known mathematical algorithms for
through obscurity’. The techniques coding the information. Secrecy is obtained through a
employed for coding were kept secrete key which is used as the seed for the algorithms.
secret and only the parties involved The computational difficulty of algorithms, absence of
in communication knew about them. secret key, etc., make it impossible for an attacker to
obtain the original information even if he knows the
algorithm used for coding.

Fundamentally, there are two types of cryptosystems based on the manner in which encryption-decryption is
carried out in the system:
 Symmetric Key Encryption
 Asymmetric Key Encryption
The main difference between these cryptosystems is the relationship between the encryption and the
decryption key. Logically, in any cryptosystem, both the keys are closely associated. It is practically impossible
to decrypt the ciphertext with the key that is unrelated to the encryption key. The encryption process where
same keys are used for encrypting and decrypting the information is known as Symmetric Key (Secret key)
Encryption. The encryption process where different keys are used for encrypting and decrypting the
information is known as Asymmetric Key Encryption. Though the keys are different, they are mathematically
related and hence, retrieving the plaintext by decrypting ciphertext is feasible.
4.2. Symmetric cryptography
Prior to 1970, all cryptosystems employed symmetric key encryption. Even today, its relevance is very high
and it is being used extensively in many cryptosystems. The classical ciphers we saw in the previous topics are
also symmetric ciphers. There are two restrictive challenges of employing symmetric key cryptography.
 Key establishment – Before any communication, both the sender and the receiver need to agree on a
secret symmetric key. It requires a secure key establishment mechanism in place.
 Trust Issue – Since the sender and the receiver use the same symmetric key, there is an implicit
requirement that the sender and the receiver ‘trust’ each other.
Symmetric cryptography can be represented diagrammatically as follows.

Page 1 of 24
 Chapter 4: Modern Cryptography

Figure 4.1: Simplified Model of Symmetric Encryption

Let us take a closer look at the essential elements of a symmetric encryption scheme. A source produces a
message in plaintext, X = [X1, X2, ..., XM] The M elements of X are letters in some finite alphabet. Traditionally,
the alphabet usually consisted of the 26 capital letters. Nowadays, the binary alphabet {0, 1} is typically used.
For encryption, a key of the form K = [K1, K2, .., KJ] is generated. If the key is generated at the message source,
then it must also be provided to the destination by means of some secure channel. Alternatively, a third party
could generate the key and securely deliver it to both source and destination.
With the message M and the encryption key K as input, the encryption algorithm forms the ciphertext Y = [Y1,
Y2, .. , YN]. We can write this as
Y = E(K, X).
This notation indicates that Y is produced by using encryption algorithm E as a function of the plaintext X and
the key K. The intended receiver, in possession of the key, is able to invert the
transformation:
X = D(K, Y)
It is assumed that the opponent knows the encryption (E) and decryption (D) algorithms. Examples of
symmetric encryptions include Data Encryption Standard (DES) and Advanced Encryption Standard (AES).
Cryptographic systems can be classified based on the way in which the plaintext is processed. These are Block
ciphers and Stream ciphers.

4.2.1. Stream Ciphers and Block Ciphers

A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. Example of these
stream ciphers is the one-time pad. A key (K) is used as an input to the bit steam generator algorithm (which
is actually random number generator) and the algorithm generates cryptographic bit streams (K i) used to
encrypt the plaintext pi.

Page 2 of 24
 Chapter 4: Modern Cryptography

(a) (b)
Figure 4.2: (a) Stream cipher using algorithmic bit-stream generator, (b) Block cipher

The stream cipher is relatively faster (uses XOR) and is mostly used in real-time applications. In practice the
bit-stream generator is not truly random and has limited applicability.
A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext
block of equal length. Typically, a block size of 64 or 128 bits is used. As with a stream cipher, the two users
share a symmetric encryption key. In general, they seem applicable to a broader range of applications than
stream ciphers. The vast majority of network-based symmetric cryptographic applications make use of block
ciphers. The block cipher encrypts all blocks independently and concatenates the ciphers of the blocks. It
doesn’t depend on random numbers and is widely used.
Accordingly, the concern in this chapter, and in our discussions of symmetric encryption, will primarily focus
on block ciphers.
4.2.2. Ideal block cipher
A block cipher operates on a plaintext block of n bits to produce a ciphertext block of n bits. There are 2n
possible different plaintext blocks and, for the encryption to be reversible (i.e., for decryption to be possible),
each must produce a unique ciphertext block. Such a transformation is called reversible. The following
examples illustrate reversible and non-reversible transformations for n = 2. In the latter case, a ciphertext of
01 could have been produced by one of two plaintext blocks, the 01 ciphertext is not unique. So if we limit
ourselves to reversible mappings, the number of different transformations is 2n!.

Example: Ideal 2-bit block cipher

With 2-bits, there are 4 possible plaintext inputs and 24 different possible permutations of ciphertext output
(i.e. 24 possible keys)

Page 3 of 24
 Chapter 4: Modern Cryptography

The arrangement of the above my differ (the values of k1,k1… are not fixed). The order of numbering might
differ. The sender the receiver must agree on which transformation or key to use. Therefore for the sender to
tell the receiver the mapping (key) that is being used, then the sender must send the exact mapping to the
receiver. For example, if the sender chooses to encrypt P using mapping to K8, then the sender must tell the
receiver that k8 is 01,00,11,10. In this case each possible transformation is treated as a key. So in this case
there are 22! = 24 keys.
Ex: for a 3-bit plaintext, determine the number of plaintext blocks and the number of keys. How many bits
are required to represent a given key?
In ideal block cipher, n-bit input maps to 2n possible input states and produces n-bit output cipher. But there
is a practical problem with the ideal block cipher.
 If a small block size is used, then the system is equivalent to a classical substitution cipher. Such
systems, as we have seen, are vulnerable to a statistical analysis of the plaintext. This weakness is not
inherent in the use of a substitution cipher but rather results from the use of a small block size.
 If large block size is used, an arbitrary reversible substitution between plaintext and ciphertext is
allowed and the statistical characteristics of the source plaintext are masked to such an extent that
this type of cryptanalysis is infeasible. The key becomes very large which incurs implementation and
performance problems. E.g. if n=64 bits, then there are 2 64! Possible keys. It is good we have many
different keys, but the length large to be represented in binary.
In general, for n -bit ideal block cipher, the length of the key defined in this fashion is n x 2n bits. For a 64-bit
block, which is a desirable length to thwart statistical attacks, the required key length is 64 * 264 = 270 or
around 1021 bits. This key length is large enough for implementation (key representation and distribution is
difficult is not practical). Hence ideal block cipher is not implemented.
In considering these difficulties, a structure called Feistel points out that what is needed is an approximation
to the ideal block cipher system for large n, built up out of components that are easily realizable.

4.2.3. The Feistel Cipher

Feistel proposed that we can approximate the ideal block cipher by utilizing the concept of a product cipher,
which is the execution of two or more simple ciphers in sequence in such a way that the final result is
cryptographically stronger than any of the component ciphers. The essence of the approach is to develop a
block cipher with a key length of k bits and a block length of n bits, allowing a total of 2 k possible
transformations, rather than the 2n! transformations available with the ideal block cipher. Feistel proposed
the use of a cipher that alternates substitutions and permutations, where these terms are defined as follows:

Page 4 of 24
 Chapter 4: Modern Cryptography

 Substitution: Each plaintext element or group of elements is uniquely replaced by a corresponding

ciphertext element or group of elements.
 Permutation: A sequence of plaintext elements is replaced by a permutation of that sequence. That
is, no elements are added or deleted or replaced in the sequence, rather the order in which the
elements appear in the sequence is changed.
The following diagram depicts the structure proposed by Feistel. The inputs to the encryption algorithm are a
plaintext block of 2w length bits and a key K. The plaintext block is divided into two halves, and L0 and R0. The
two halves of the data pass through rounds of processing and then combine to produce the ciphertext block.
All rounds have the same structure. A substitution is performed on the left half of the data. This is done by
applying a round function F to the right half of the data and then taking the exclusive-OR of the output of that
function and the left half of the data. The round function has the same general structure for each round but is
parameterized by the round subkey. Following this substitution, a permutation is performed that consists of
the interchange of the two halves of the data.

Figure 4.3: Feistel Encryption and Decryption (in the case of 16 rounds)
The left-hand diagram shows procedures for encryption and the right one is for decryption. The keys in
decryption are used in reverse order.
The exact realization of a Feistel network depends on the choice of the following parameters and design
features:
Page 5 of 24
 Chapter 4: Modern Cryptography

 Block size: Larger block sizes mean greater security (all other things being equal) but reduced
encryption/decryption speed for a given algorithm. Traditionally, a block size of 64 bits has been
considered a reasonable tradeoff and was nearly universal in block cipher design. However, the new
AES uses a 128-bit block size.
 Key size: Larger key size means greater security but may decrease encryption/decryption speed. The
greater security is achieved by greater resistance to brute-force attacks. Key sizes of 64 bits or less are
now widely considered to be inadequate, and 128 bits has become a common size.
 Number of rounds: The essence of the Feistel cipher is that a single round offers inadequate security
but that multiple rounds offer increasing security. A typical size is 16 rounds.
 Subkey generation algorithm: Greater complexity in this algorithm should lead to greater difficulty of
cryptanalysis.
 Round function F: Again, greater complexity generally means greater resistance to cryptanalysis.
The Feistel structure is used in many symmetric block ciphers and the exact implementation depends on
various design features.
4.2.4. Data Encryption Standard (DES)
The most widely used encryption scheme is based on the Data Encryption Standard (DES) adopted in 1977 by
the US government. For DES, data are encrypted in 64-bit blocks using a 56-bit key. The algorithm transforms
64-bit input in a series of steps into a 64-bit output. The same steps, with the same key, are used to reverse
the encryption.
i) DES encryption:
The overall scheme for DES encryption is illustrated in the following figure. As with any encryption scheme,
there are two inputs to the encryption function: the plaintext to be encrypted and the key. In this case, the
plaintext must be 64 bits in length and the key is 56 bits in length. Actually, the function expects a 64-bit key
as input. However, only 56 of these bits are ever used; the other 8 bits can be used as parity bits or simply set
arbitrarily.

Page 6 of 24
 Chapter 4: Modern Cryptography

Figure 4.4: General Depiction of DES Encryption Algorithm

Looking at the left-hand side of the figure, we can see that the processing of the plaintext proceeds in three
phases. First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges the bits to
produce the permuted input. This is followed by a phase consisting of sixteen rounds of the same function,
which involves both permutation and substitution functions. The output of the last (sixteenth) round consists
of 64 bits that are a function of the input plaintext and the key. The left and right halves of the output are
swapped to produce the preoutput. Finally, the preoutput is passed through a permutation, IP-1, that is the
inverse of the initial permutation function, to produce the 64-bit ciphertext. With the exception of the initial
and final permutations, DES has the exact structure of a Feistel cipher as shown in the next figure.

Page 7 of 24
 Chapter 4: Modern Cryptography

Figure 4.5: Phases of DES encryption

The right-hand portion of Figure 4.4 shows the way in which the 56-bit key is used. Initially, the key is passed
through a permutation function. Then, for each of the sixteen rounds, a subkey (Ki) is produced by the
combination of a left circular shift and a permutation. The permutation function is the same for each round,
but a different subkey is produced because of the repeated shifts of the key bits.
Initial Permutation:
The initial permutation and its inverse are defined by tables, as shown below. The input to a table consists of
64 bits numbered from 1 to 64.The 64 entries in the permutation table contain a permutation of the numbers
from 1 to 64. Each entry in the permutation table indicates the position of a numbered input bit in the
output, which also consists of 64 bits.
Table 4.2: Permutation Tables for DES, (a) IP, (b) IP-1

(a)

(b)

Or graphically, the permutation tables can be represented as follows.

(a)

(b)

Page 8 of 24
 Chapter 4: Modern Cryptography

Figure 4.6: (a) IP and (b) IP-1 of DES

Details of Single Round:
The following figure (figure 4.7) shows the details of an internal structure of a single round. The left and right
halves of each 64-bit intermediate value are treated as separate 32-bit quantities, labeled L (left) and R
(right).

Figure 4.7: Single round of DES algorithm

As in any classic Feistel cipher, the overall processing at each round can be summarized in the following
formulas:

The round key Ki is 48 bits. The R input is 32 bits. This R input is first expanded to 48 bits by using a table that
defines a permutation plus expansion that involves duplication of 16 of the R bits (as shown in Table 4.4 (a)).
The resulting 48 bits are XORed with Ki. This 48-bit result passes through a substitution function that
produces a 32-bit output, which is permuted as defined by Table 4.4 (b).
The role of the S-boxes in the function F is illustrated in Figure 4.8.The substitution consists of a set of eight S-
boxes, each of which accepts 6 bits as input and produces 4 bits as output. These transformations are defined
in Table 4.5, which is interpreted as: The first and last bits of the input to box S i form a 2-bit binary number to
select one of four substitutions defined by the four rows in the table for S i. The middle four bits select one of
the sixteen columns. The decimal value in the cell selected by the row and column is then converted to its 4-

Page 9 of 24
 Chapter 4: Modern Cryptography

bit representation to produce the output. For example, in S1, for input 011001, the row is 01 (row 1) and the
column is 1100 (column 12).The value in row 1, column 12 is 9, so the output is 1001. The outer two bits of
each group select one of four possible substitutions (one row of an S-box). Then a 4-bit output value is
substituted for the particular 4-bit input (the middle four input bits). The 32-bit output from the eight S-boxes
is then permuted (using table 4.4 (b)), so that on the next round, the output from each S-box immediately
affects as many others as possible.
Table 4.4: (a) Expansion Permutation (E), (b) Permutation function (P)

(a)

(b)

Page 10 of 24
 Chapter 4: Modern Cryptography

Figure 4.8: Calculation of F(R,K)

Table 4.5: Definition of DES S-Boxes

Key Generation: Returning to Figures 4.4 and 4.7, we see that a 64-bit key is used as input to the algorithm.
The bits of the key are numbered from 1 through 64; every eighth bit is ignored, as indicated in Table 4.6
(a).The key is first subjected to a permutation governed by a table labeled Permuted Choice One (Table 4.6
(b)). The resulting 56-bit key is then treated as two 28-bit quantities, labeled C0 and D0. At each round, C i-1
and D i-1 are separately subjected to a circular left shift or (rotation) of 1 or 2 bits, as governed by Table 4.6
(d). These shifted values serve as input to the next round. They also serve as input to the part labeled as

Page 11 of 24
 Chapter 4: Modern Cryptography

Permuted Choice Two (Table 4.6 (c)), which produces a 48-bit output which serves as input to the function
F(R i-1, Ki).

Table 4.6: (a) Input key, (b) Permuted Choice One (PC-1), (c) Permuted Choice Two (PC-2), (d) Schedule of Left
Shifts
Ignored

(a)

(b) (c)

(d)
ii) DES Decryption:
As with any Feistel cipher, decryption uses the same algorithm as encryption, except that the application of
the subkeys is reversed.

Page 12 of 24
 Chapter 4: Modern Cryptography

Figure 4.9: DES decryption

Example:
Given plaintext= 02468aceeca86420 and key= 0f1571c947d9e859, go through the first round of DES
and determine L1 and R1.
Ans: L1= 3cf03c0f, R1= bad22845, K0=7833a320da70

iii) The strength of DES:

The Use of 56-Bit Keys
With a key length of 56 bits, there are 256possible keys, which is approximately 7.2x1016 keys. Thus, a brute-
force attack appears impractical. Assuming that, on average, half the key space has to be searched, a single
machine performing one DES encryption per microsecond would take more than a thousand years to break
the cipher. But as the speed of computers dramatically increased, the key space of DES is small enough these
days. DES finally and definitively proved insecure in July 1998 when it was broken with in less than three days.
There is there is more to a key-search attack than simply running through all possible keys. DES is not secure
algorithm anymore but it has been the most used in the financial industry. Other algorithms that are more
secured than DES include Advanced Encryption Standard (AES) and Triple DES (3DES) which are both
symmetric encryption algorithms which have longer keys where the brute force attack is almost impractical.

4.2.5. Triple DES

Page 13 of 24
 Chapter 4: Modern Cryptography

Before using Triple DES, user first generate and distribute a TDES key K, which consists of three different DES
keys K1, K2 and K3. This means that the actual Triple DES key has length 3×56 = 168 bits and a block size of 64
bits. The encryption scheme is illustrated as follows:

Figure 4.10: Triple DES

The encryption-decryption process is as follows:
 Encrypt the plaintext blocks using single DES with key K1.
 Now decrypt the output of step 1 using single DES with key K2.
 Finally, encrypt the output of step 2 using single DES with key K3 to produce the ciphertext.
 Decryption of a ciphertext is a reverse process. User first decrypt using K3, then encrypt with K2, and
finally decrypt with K1.
Triple DES systems are significantly more secure than single DES, but these are clearly much slower process
than encryption using single DES. Hence, a faster and secure encryption is required.
4.2.6. Advanced Encryption Standard (AES):
The Advanced Encryption Standard (AES) was published by the National Institute of Standards and
Technology (NIST) in 2001. The more popular and widely adopted symmetric encryption algorithm likely to be
encountered nowadays is the Advanced Encryption Standard (AES). A replacement for DES was needed as its
key size was too small. With increasing computing power, DES was considered vulnerable against exhaustive
key search attack. Triple DES was designed to overcome this drawback but it was found slow. AES is a
symmetric block cipher that encrypts a block size of 128-bit data using 128-bit, 192-bit or 256-bit key. It is
stronger and faster than Triple-DES. AES performs all its computations on bytes rather than bits. Unlike DES,
AES uses a different block cipher called Rijndael. Hence, AES treats the 128 bits of a plaintext block as 16
bytes. These 16 bytes are arranged in four columns and four rows for processing as a matrix: Unlike DES, the
number of rounds in AES is variable and depends on the length of the key. AES uses 10 rounds for 128-bit
keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each of these rounds uses a different 128-bit
round key, which is calculated from the original AES key. The schematic of AES structure is given in the
following illustration:
Page 14 of 24
 Chapter 4: Modern Cryptography

Figure 4.11: Schematic structure of AES Encryption

Each transformation takes one or more 4x4 matrices as input and produces a matrix as output. The output of
each round is a matrix, with the output of the final round being the ciphertext. Also, the key expansion
function generates R+1 round keys, each of which is a distinct 4x4 matrix.

Figure 4.12: Stages for one round of AES

Each round key serves as one of the inputs to the AddRoundKey transformation in each round. Each round
comprise of four sub-processes. The first round process is depicted in figure 4.12:
The four different stages of a typical round include the following.
i) Substitute bytes (SubBytes): Uses an S-box to perform a byte-by-byte substitution of the block.
The result is in a matrix of four rows and four columns. AES defines S-box of a matrix of 16x16 byte
values. Each individual byte of matrix is mapped into a new byte in the following way: The
leftmost 4 bits of the byte are used as a row value and the rightmost 4 bits are used as a column
value. These row and column values serve as indexes into the S-box to select a unique 8-bit output
value.

Page 15 of 24
 Chapter 4: Modern Cryptography

ii) ShiftRows: A simple permutation. Each of the four rows of the matrix is shifted to the left. Any
entries that ‘fall off’ are re-inserted on the right side of row. Shift is carried out as follows:
 First row is not shifted.
 Second row is shifted one (byte) position to the left.
 Third row is shifted two positions to the left.
 Fourth row is shifted three positions to the left.
 The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other.
iii) MixColumns: Each column of four bytes is now transformed using a special mathematical
function. This function takes as input the four bytes of one column and outputs four completely
new bytes, which replace the original column. The result is another new matrix consisting of 16
new bytes. It should be noted that this step is not performed in the last round.
iv) AddRoundKey: A simple bitwise XOR of the current block with a portion of the expanded key. The
16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the round
key. If this is the last round then the output is the ciphertext. Otherwise, the resulting 128 bits are
interpreted as 16 bytes and we begin another similar round.
Decryption Process
The process of decryption of an AES ciphertext is similar to the encryption process in the reverse order. Each
round consists of the four processes conducted in the reverse order:
 Add round key
 Mix columns
 Shift rows
 Byte substitution
In present day cryptography, AES is widely adopted and supported in both hardware and software. Till date,
no practical cryptanalytic attacks against AES has been discovered. Additionally, AES has built-in flexibility of
key length, which allows a degree of ‘future-proofing’ against progress in the ability to perform exhaustive
key searches. However, just as for DES, the AES security is assured only if it is correctly implemented and
good key management is employed.
4.3. Asymmetric Cryptography
From its earliest beginnings to modern times, virtually all cryptographic systems have been based on the
elementary tools of substitution and permutation. Asymmetric or Public-key cryptography provides a radical
departure from all that has gone before. For one thing, public-key algorithms are based on mathematical
functions rather than on substitution and permutation. More important, public-key cryptography is
asymmetric, involving the use of two separate keys, in contrast to symmetric encryption, which uses only one
key. One misconception is that public-key encryption is more secure from cryptanalysis than is symmetric
encryption. In fact, the security of any encryption scheme depends on the length of the key and the
computational work involved in breaking a cipher. There is nothing in principle about either symmetric or
public-key encryption that makes one superior to another from the point of view of resisting cryptanalysis.
Because of the computational overhead of current public-key encryption schemes, there seems no
foreseeable likelihood that symmetric encryption will be abandoned. Key distribution is trivial when using

Page 16 of 24
 Chapter 4: Modern Cryptography

public-key encryption, compared to the rather cumbersome handshaking involved with key distribution
centers for symmetric encryption. Hence, the primary limitation of symmetric encryption is key distribution.
Table 4.7: Conventional and Public-Key Encryption

Public-Key Cryptosystems
Asymmetric algorithms rely on one key for encryption and a different but related key for decryption. These
algorithms have the following important characteristic.
 It is computationally infeasible to determine the decryption key given only knowledge of the
cryptographic algorithm and the encryption key.
 Either of the two related keys can be used for encryption, with the other used for decryption.
A public-key encryption scheme has six tuples (plaintext, chphertext, encryption algorithm, decryption
algorithm, encryption and decryption keys).
Based on the following diagram, the essential steps are the following.
 Each user generates a pair of keys (private and public) to be used for the encryption and decryption of
messages.
 Each user places one of the two keys in a public register or other accessible file. This is the public key.
The companion key is kept private and each user maintains a collection of public keys obtained from
others.
 If Bob wishes to send a confidential message to Alice, Bob encrypts the message using Alice’s public
key.
 When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt
the message because only Alice knows Alice’s private key.

Page 17 of 24
 Chapter 4: Modern Cryptography

Figure 4.13: Public-key encryption example

With this approach, all participants have access to public keys, and private keys are generated locally by each
participant and therefore need never be distributed. As long as a user’s private key remains protected and
secret, incoming communication is secure. At any time, a system can change its private key and publish the
companion public key to replace its old public key.
4.3.1. Modulo Arithmetic
Before we discuss how one of the public key encryption works, let us first discuss some notations and how
the modulo arithmetic works. The number X (mod Y) is the remainder when X is divided by Y.
The "modulo Y" terminology can also be used in the following way: Z ≡ X (mod Y), meaning that Z and X have
the same remainder when divided by Y.
Definition
a ≡ b (mod c) ⇐⇒ a = b + kc for some integer k.
Example
21 ≡ 1 (mod 4) because 21 = 1 + (5)4
52 ≡ 3 (mod 11) because 25 = 3 + (2)11

Modular Multiplication
The beauty of modular arithmetic is that you never need to manipulate any huge numbers. For instance,
when you take products of many numbers and you want to find their remainder modulo n, you never need to
worry about numbers bigger than the square of n. If we want to multiply many numbers modulo A, we can
first reduce all numbers to their remainders. Then, we can take any pair of them, multiply and reduce again.
Let us now exploit this. For example, suppose we want to find
X = 36 * 53 * 91 * 17 * 22 (mod 29)

Start by reducing every factor to its remainder after division by 29:

X=7*24*4*17*22 (mod 29)
= 168*68*22 (mod 29)

Page 18 of 24
 Chapter 4: Modern Cryptography

= 23*10*22 (mod 29)

= 230*22 (mod 29)
= 27*22 (mod 29)
= 14

We have just seen how to compute products in modular arithmetic (mod n) without ever looking at numbers
larger than the square of n.
For powers ax (mod n) there is an even neater trick, which saves a lot of work, especially when x is large (and
we'll need that in the RSA encryption algorithm later).
This trick is based on the method of calculating powers independently of modular arithmetic. Suppose we
would like to calculate 1143.
First write 43 as a sum of powers of 2: in binary 43= 101011. Then add the decimal values of each 1.
43 = 32 + 8 + 2 + 1
That means that
Now 1143 = 1132 * 118 * 112 * 11 .
The calculation of the sequence 11, 112, 114, 118, 1116, 1132 requires 5 multiplications as each following term
is the square of the previous.
In case of modular arithmetic each multiplication is done with small numbers as we always reduce them. Let
us compute 1143 (mod 13). As we saw before we start with squaring this number:
112 (mod 13) = 121 (mod 13) = 4 (mod 13) = 4
114 (mod 13) = (112)2 (mod 13) = 42 (mod 13) = 16 (mod 13) = 3 (mod 13) = 3
118 (mod 13) = (114)2 (mod 13) = 32 (mod 13) = 9 (mod 13) = 9
1116 (mod 13) = (118)2 (mod 13) = 92 (mod 13) = 81 (mod 13) = 3 (mod 13) =3
1132 (mod 13) = (1116)2 (mod 13) = 32 (mod 13) = 9 (mod 13) = 9

Putting this together (remember that 43 = 32 + 8 + 2 +1), we get

1143 (mod 13) = 11 * 4 * 9 * 9 (mod 13)
Now we do our usual modular multiplication:
11 * 4 * 9 * 9 (mod 13) = 44 * 81 (mod 13) = 5 * 3 (mod 13) = 2 (mod 13) =2
Next we will discuss one of the common public key encryption algorithm, RSA.

4.3.2. RSA

The Rivest-Shamir-Adleman (RSA) algorithm has been the most widely accepted and implemented general-
purpose approach to public-key encryption. The RSA scheme is a block cipher in which the plaintext and
ciphertext are integers between 0 and n-1, for some n. A typical size for n is 1024 bits. Plaintext is encrypted
in blocks, with each block having a binary value less than some number n.
i) Generation of RSA Key Pair
Each party who desires to participate in communication using this encryption needs to generate a pair of
keys, namely public key and private key. The process followed in the generation of keys is described below:
 Generate the RSA modulus (n)
o Select two large primes, p and q.
Page 19 of 24
 Chapter 4: Modern Cryptography

o Calculate n=p*q. For strong unbreakable encryption, let n be a large number, typically a
minimum of 512 bits.
 Find Derived Number (e)
o Number e must be greater than 1 and less than (p − 1)(q − 1).
o There must be no common factor for e and (p − 1)(q − 1) except for 1. In other words the two
numbers e and (p – 1)(q – 1) are coprime.

 Form the public key

o The pair of numbers (n, e) form the RSA public key and is made public.
o Interestingly, though n is part of the public key, difficulty in factorizing a large prime number
ensures that attacker cannot find in finite time the two primes (p & q) used to obtain n. This is
strength of RSA.
 Generate the private key
o Private Key d is calculated from p, q, and e. For given n and e, there is unique number d.
o Number d is the inverse of e modulo (p − 1)(q – 1). This means that d is the number less than
(p − 1)(q − 1) such that when multiplied by e, it is equal to 1 modulo (p−1)(q−1) which is
mathematically written as
ed = 1 mod (p − 1)(q − 1)
o The pair (n,d) is the private key and is kept secret by the receiver
Once the key pair has been generated, the process of encryption and decryption are relatively
straightforward. Interestingly, RSA does not directly operate on strings of bits as in case of symmetric key
encryption. It operates on numbers modulo n. Hence, it is necessary to represent the plaintext as a series of
numbers less than n.
ii) RSA Encryption
Suppose the sender wish to send some text message to someone whose public key is (n, e). The sender then
represents the plaintext as a series of numbers less than n. To encrypt the first plaintext P, which is a number
modulo n, the process is simple mathematical step as:
C = Pe mod n
Where C is the ciphertext, P is the plaintext, n and e are part of the public key. This means that C is also a
number less than n.
iii) RSA Decryption
The decryption process for RSA is also very straightforward. Suppose that the receiver of public-key pair (n, e)
has received a ciphertext C. To get the plaintext, use the following mathematical relation.
P = Cd mod n
Both sender and receiver must know the value of n. The sender knows the value of e, and only the receiver
knows the value of d. Thus, this is a public-key encryption algorithm with a public key of PU = {e, n} and a
private key of PR = {d, n}. It is infeasible to determine d given e and n.
Example:
Let two primes be p = 7 and q = 13. Generate the public and private keys and encrypt the plaintext P=10. For
ease of understanding, the primes p & q taken here are small values. Practically, these values are very large.
Solution:
Page 20 of 24
 Chapter 4: Modern Cryptography

 Determine modulus n:
p = 7 and q = 13 => modulus n = pq = 7 x 13 = 91.
 Find the public key:
Find e such that 1<e < (p-1)(q-1) and e and (p-1)(q-1) have no common factor other than 1
=> 1< e <72. That means e and 72 must be coprimes. Take e= 5
Then the set (n,e) is made public which is the encryption key.
 Find the private key:
ed= 1 (mod (p-1)(q-1))
5d= 1 (mod 72) => d=29
The private key is (91,29) which is kept secret at the receiver.
 Encryption
C = Pe mod n = 105 mod 91 = 82. Hence, using RSA, the ciphertext of plaintext of 10 is 82.
 Decryption
Let us decrypt the ciphertext back to the original message. The receiver upon receiving 82 from the
sender can decrypt it as follows.
P= Cd mod n = 8229 mod 91. Use modular arithmetic to compute this.
First 29= 11101=> 29=16+8+4+1.
Hence to compute 8229 mod 91, we need to compute 82*824*828*8216 (mod 91)
(82)1 ≡ 82 (mod 91) = 82
(82)2 ≡ 822 = 81 (mod 91) = 81
(82)4 ≡ (822)2=(81)2 ≡ 9 (mod 91) = 9
(82)8 ≡ (824)2=(9)2 ≡ 81 (mod 91) = 81
(82)16 ≡ (828)2=(81)2 ≡ 9 (mod 91)= 9
Then P= 82*824*828*82*16 (mod 91) = 82*9*81*9 (mod 91)
= 738*729 (mod 91)
= 10*1 (mod 91)
= 10 , which is equal to the original plaintext
RSA Analysis
The security of RSA depends on the strengths of two separate functions. The RSA cryptosystem is most
popular public-key cryptosystem strength of which is based on the practical difficulty of factoring the very
large numbers.
 Encryption Function: It is considered as a one-way function of converting plaintext into ciphertext and
it can be reversed only with the knowledge of private key d.
 Key Generation: The difficulty of determining a private key from an RSA public key is equivalent to
factoring the modulus n. An attacker thus cannot use knowledge of an RSA public key to determine an
RSA private key unless he can factor n.
If a technique for factoring efficiently is developed then RSA will no longer be safe. The strength of RSA
encryption drastically goes down against attacks if the number p and q are not large primes.
4.4. Other cryptographic techniques
So far we have seen symmetric and asymmetric encryption techniques. These encryption techniques can only
maintain the confidentiality of a given data. Hence, the part of cryptography we have seen so far, encryption,
Page 21 of 24
 Chapter 4: Modern Cryptography

mainly deals with the confidentiality security service. But cryptography is more than that. Cryptography can
ensure message integrity, authentication and other security services.
4.4.1. Cryptographic Hash Functions
A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h =
H(M ). A “good” hash function has the property that the results of applying the function to a large set of
inputs will produce outputs that are evenly distributed and apparently random. In general terms, the
principal object of a hash function is data integrity. A change to any bit or bits in M results, with high
probability, in a change to the hash code.
The kind of hash function needed for security applications is referred to as a cryptographic hash function. A
cryptographic hash function is an algorithm for which it is computationally infeasible (because no attack is
significantly more efficient than brute force) to find either
(a) a data object that maps to a pre-specified hash result (the one-way property) or
(b) two data objects that map to the same hash result (the collision-free property).
Because of these characteristics, hash functions are often used to determine whether or not data has
changed.
Message authentication is a mechanism or service used to verify the integrity of a message. Message
authentication assures that data received are exactly as sent (i.e., contain no modification, insertion,
deletion, or replay). When a hash function is used to provide message authentication, the hash function value
is often referred to as a message digest. The essence of the use of a hash function for message authentication
is as follows. The sender computes a hash value as a function of the bits in the message and transmits both
the hash value and the message. The receiver performs the same hash calculation on the message bits and
compares this value with the incoming hash value. If there is a mismatch, the receiver knows that the
message (or possibly the hash value) has been altered

Figure 4.14: Use of hash function to check data integrity

It is possible to use a hash function but no encryption for message authentication. The technique assumes,
figure 4,15, that the two communicating parties share a common secret value S. A computes the hash value
over the concatenation of M and S and appends the resulting hash value to M. Because B possesses S, it can
re-compute the hash value to verify. Because the secret value itself is not sent, an opponent cannot modify
an intercepted message and cannot generate a false message.

Page 22 of 24
 Chapter 4: Modern Cryptography

Figure 4.15: Use of hash function to check data integrity

As with encryption algorithms, there are two categories of attacks on hash functions: brute-force attacks and
cryptanalysis. A brute-force attack does not depend on the specific algorithm but depends only on bit length.
In the case of a hash function, a brute-force attack depends only on the bit length of the hash value. A
cryptanalysis, in contrast, is an attack based on weaknesses in a particular cryptographic algorithm.
Examples of hash functions include Secure Hash Algorithm, Message Digest 5.
Message Digest(MD): MD5 was most popular and widely used hash function for quite some years. The input
message is broken up into 512-bit blocks and it produces a 128-bit hash value ( or message digest). In 2004,
collisions were found in MD5. This collision attack resulted in compromised MD5 and hence it is no longer
recommended for use.

Secure Hash Algorithm (SHA): In recent years, the most widely used hash function has been the Secure Hash
Algorithm. SHA has two important versions: SHA1 and SHA2. SHA-1 produces a hash value of 160 bits. SHA2
has different versions with hash value lengths of 224, 256, 384, and 512 bits, known as SHA-224, SHA-256,
SHA-384, and SHA-512, respectively. Both SHA1 and SHA2 have the same underlying structure and
operations.
Table: comparison of SHA parameters

Secure Hash Algorithm (SHA-1) has not yet been “broken.” That is, no one has demonstrated a technique for
producing collisions in a practical amount of time. However, because SHA-1 is very similar, in structure and in
the basic mathematical operations used, to MD5 and SHA-0, both of which have been broken, SHA-1 is
considered insecure and has been phased out for SHA-2.

4.4.2. Message Authentication Code

More commonly, message authentication is achieved using a message authentication code (MAC), also
known as a keyed hash function. Typically, MACs are used between two parties that share a secret key to
authenticate information exchanged between those parties. A MAC function takes as input a secret key and a
data block and produces a hash value, referred to as the MAC. This can then be transmitted with or stored
with the protected message. If the integrity of the message needs to be checked, the MAC function can be

Page 23 of 24
 Chapter 4: Modern Cryptography

applied to the message and the result compared with the stored MAC value. An attacker who alters the
message will be unable to alter the MAC value without knowledge of the secret key. Note that the verifying
party also knows who the sending party is because no one else knows the secret key. Message Authentication
Code (MAC) is used to verify the source of the message (Source authentication) and the received message
has not modified (Data integrity ). Note that the combination of hashing and encryption results in an overall
function that is, in fact, a MAC.

In Figure 4.16 (a), the message plus concatenated hash code is encrypted using symmetric encryption. The
destination, will decrypt the received data (which is the encrypted value of the message concatenated with
the hash value) to produce the message and a corresponding hash value. Then, the destination will compute
a hash value of the decrypted messaged and compares it with the hash code received. If they don’t match,
then the message is modified. Because only A and B share the secret key, the message must have come from
A and has not been altered. The hash code provides the structure or redundancy required to achieve
authentication. Because encryption is applied to the entire message plus hash code, confidentiality is also
provided. Whereas in (b), only the hash code is encrypted, using symmetric encryption. This reduces the
processing burden for those applications that do not require confidentiality. But, in both cases, the data
integrity and source authentication are maintained.

Figure 4.16: MAC

Another cryptographic technique, digital signature, which is based on public key cryptography provides a set
of security capabilities that would be difficult to implement in any other way. You may read further on digital
signature and details of the cryptographic hashing functions and Message Authentication Codes.

Page 24 of 24