CST 428 BLOCK CHAIN TECHNOLOGIES

S8 CSE – ELECTIVE
MODULE – 1

Fundamentals of
Cryptography
 Definitions
■ Cryptography = the science (art) of encryption
■ Cryptanalysis = the science (art) of breaking
encryption
■ Cryptology = cryptography + cryptanalysis
Alice Bob
channel data, control
messages

data secure secure data

sender receiver

Eve
 Cryptography Goals
■ Encryption – Prevent Eve from intercepting message
■ Authentication – Prevent Eve from impersonating Alice

■ Cryptographic algorithms and protocols can be grouped into

four main areas:
■ Symmetric encryption: to conceal the contents of blocks or streams
of data
■ Asymmetric encryption: to conceal small blocks of data, keys and
hash function values, which are used in digital signatures
■ Data integrity algorithms: to protect blocks of data, such as
messages from alteration
■ Authentication protocols: to authenticate the identity of entities
Cryptographic Attacks
■ Ciphertext only: attacker has only ciphertext.
■ Known plaintext: attacker has plaintext and corresponding
ciphertext.
■ Chosen plaintext: attacker can encrypt messages of his
choosing.
■ Distinguishing attack: an attacker can distinguish your cipher
from an ideal cipher (random permutation).
■ A cipher must be secure against all of these
attacks.
Kerckhoffs’ Principle
■ The security of an encryption system
must depend only on the key, not on the
secrecy of the algorithm.
■ Nearly all proprietary encryption systems
have been broken (Enigma, DeCSS,
zipcrack).
■ Secure systems use published algorithms
(PGP, OpenSSL, Truecrypt).
Provable Security
■ There is no such thing as a provably secure
system.
■ Proof of unbreakable encryption does not
prove the system is secure.
■ The only provably secure encryption is the
one time pad: C = P + K, where K is as long
as P and never reused.
■ Systems are believed secure only when many
people try and fail to break them.
Transposition Cipher
Substitution Cipher
Symmetric Key Encryption
 Introduction
Also known as SECRET KEY, WEAK ALGORITHMS
SINGLE KEY, PRIVATE KEY Classical substitution and
transposition ciphers
Assumption: Sender and Receiver
share already a secret key
“STRONGER” ALGORITHMS
Assumption requires solution to
DES – No longer considered safe
key-distribution problem
Triple-DES
AES (Rijndael)
Symmetric key algorithms also
IDEA
popular for file encryption, then
RC5, RC6
Encrypter = Decrypter Blowfish
Many others

Network Security (N. Dulay & M. Huth) Symmetric Key Cryptography (3.13)
Symmetric Key Cryptography
 Encryption & Decryption
Key (K)

Plaintext (P) Encrypt (E) Ciphertext (C)

C = EK (P)
Same
Key (K)
Ciphertext (C) Decrypt (D) Plaintext (P)

P = DK (C)

P = DK (EK (P))
AES- Advanced Encryption Standard
• also known as Rijndael algorithm • Sub Key Generation
• symmetric block cipher algorithm • uses 128 bit Master Key
• block/chunk size of 128 bits • Key is processed in words of
• converts these individual blocks size 32 bit (4 words / 16
using keys of 128, 192, and 256 bytes)
bits • Each sub key size is 32 bit /
• Once it encrypts these blocks, it 1 word/4 bytes
joins them together to form the • Each round have 4 sub keys
cipher text (128 bit/4 words/16 bytes)
• based on a • For pre round calculation we
substitution-permutation network, use 4 sub key initially
known as SP network • Total sub key is 44
AES- Advanced Encryption Standard
Substitute Byte
Asymmetric Cryptography
Asymmetric Cryptography
Asymmetric Cryptography
RSA
■ RSA stands for Rivest, Shamir, Adleman -
creators
■ public-key encryption technique used for
secure data transmission especially over the
internet
RSA
Question
■ Explain public and private keys. Perform
encryption and decryption using RSA for p=3,
q=11, e= 7 and M=5
Elliptic Curve Cryptography
■ Asymmetric Public key cryptosystem
■ Provides security with smaller key size
■ alternative to the RSA algorithm
■ used for digital signatures in cryptocurrencies,
such as Bitcoin and Ethereum, as well as
one-way encryption of emails, data and
software
■ fast key generation, fast key agreement and

fast signatures
Elliptic Curve Cryptography
■ 2 families of Elliptic curves
■ Prime curves over Zp
■ uses cubic equation in which variables and
coefficients from 0 through p-1
■ best for software applications
■ Binary curves over GF(2m)
■ variables and coefficients in GF(2m)
■ best for hardware applications
Elliptic Curve Cryptography
■ Makes use of Elliptic Curves y²=x³ + ax + b
■ variables and coefficients restricted to
elements in a finite field
■ Properties of Elliptical Curve
■ symmetric over x axis
■ A non vertical line will
intersect the curve at
most 3 points
ECC Diffie
Hellman Key
Exchange
ECC Encryption/ Decryption
To encrypt and send a message Pm to B, A
chooses a random positive integer k and
produces the ciphertext Cm consisting of the
pair of points:
Cm = {kG, Pm + kPb}

For decryption, B multiplies the first point in the

pair by B’s private key and subtracts the result
from the second point
Digital Signatures
■ an electronic, encrypted, stamp of authentication on
digital information such as email messages, macros,
or electronic documents
■ confirms that the information originated from the
signer and has not been altered
RSA Digital Signature Process
 Secure Hash Functions
Authentication Algorithm can be classified into
1. Message Encryption - uses encryption algorithm
2. Message Authentication Code - generates fixed length code
3. Hash Function - generates fixed length code

■ Message authentication code - uses the message

authentication function on the plain text along with the key to
generate fixed length code. This fixed length code will be
appended with the message and send to the receiver for
authentication
■ hash function do not use the key for generating the fixed
length code
 SHA- 256
■ one of the strongest hash functions available

■ Secure communications for websites and web

services are based on files known as certificates
■ They are used to establish and authenticate secure
connections
■ These certificates contain cryptographic elements
that are generated using algorithms such as
SHA-256
 SHA- 256
■ hash value will always be 256 bits
■ Characteristics
■ Message Length: less than 264 bits
■ Digest Length: 256 bits
■ Bigger digests suggest significantly more
calculations at the cost of speed and space
■ Irreversible: all hash functions such as the SHA 256 are

irreversible neither get a plaintext when you have the digest

beforehand nor should the digest provide its original value
when you pass it through the hash function again
 SHA- 256 Steps
■ Padding
■ first bit should be one, and the rest of it should
be filled with zeroes
 SHA- 256 Steps
■ Padding Length
■ add 64 bits of data to make the final plaintext a
multiple of 512 applying the modulus to original
text without the padding
 SHA- 256 Steps
■ Initialising buffers
■ initialize the default values for eight buffers to be
used in the rounds
■ store 64 different keys in an array,
ranging from K[0] to K[63]
 SHA- 256 Steps
■ Compression Functions

value of K[i] in all rounds is

pre-initialized, W[i] is
another input that is
calculated individually for
each block, depending on
the number of iterations
being processed at the
moment
SHA- 256 Applications
 Merkle Tree
■ fundamental part of blockchain technology
■ mathematical data structure composed of
hashes of different blocks of data, and which
serves as a summary of all the transactions in
a block
■ allows for efficient and secure verification of
content in a large body of data
 Merkle Tree
■ Both Bitcoin and Ethereum use Merkle Trees
structure
■ also known as Binary Hash Tree
■ used to encrypt blockchain data more
efficiently and securely
■ enables quick and secure content verification
across big datasets and verifies the
consistency and content of the data
Merkle Root
 Merkle Tree Working
■ totals all transactions in a block and generates
a digital fingerprint of the entire set of
operations, allowing the user to verify whether
it includes a transaction in the block
■ Each non-leaf node is a hash of its previous
hash, and every leaf node is a hash of
transactional data
Merkle Tree
 Merkle Tree Working
■ Merkle Root is stored in the block header
■ block header is the part of the bitcoin block
which gets hash in the process of mining
■ It contains the hash of the last block, a Nonce,
and the Root Hash of all the transactions in
the current block in a Merkle Tree
 Merkle Tree Working
■ having the Merkle root in block header makes
the transaction tamper-proof
■ As this Root Hash includes the hashes of all
the transactions within the block, these
transactions may result in saving the disk
space
Merkle Tree Working
 Merkle Tree Benefits
■ Validates the data's integrity effectively
■ Compared to other data structures, the Merkle
tree takes up very little disk space
■ can be broken down into small pieces of data
for verification
■ data format is efficient, and verifying the
data's integrity takes only a few moments.
 Distributed Hash Tables
■ a decentralized data store based on key-value
pairs
■ Every node is responsible for a set of keys and
their associated values
■ The key is a unique identifier for its associated
data value, created through a hashing
function
■ The data values can be any form of data
 Distributed Hash Tables
■ provide an easy way to find information in a
large collection of data
■ each node stores the key partitioning scheme
so that if it receives a request to access a
given key, it can quickly map the key to the
node that stores the data
■ It then sends the request to that node
 Distributed Hash Tables
■ nodes can be easily added or removed