CST 428:

BLOCKCHAIN TECHNOLOGIES
S8 CSE ELECTIVE
MODULE 1
 Lecture 1
Introduction to Cryptography
 Introduction to Cryptography
• Cryptosystem: A method of disguising messages so that only certain people can see
through the disguise.
• Cryptography: the art of creating and using a cryptosystem.
• Cryptanalysis: the art of breaking cryptosystems—seeing through the disguise even
when you’re not supposed to be able to.
• Cryptology: the study of both cryptography and cryptanalysis.

• The art and science of concealing the messages to introduce secrecy in information
security is recognized as cryptography.
Tutorial 1
• Write a program in python to implement a Caesar Cipher. Include
comment line explaining the working of each block/function
 Core principles of modern-day cryptography.

1. Confidentiality (secrecy) refers to certain rules and guidelines usually executed

under confidentiality agreements which ensure that the information is
restricted to certain people or places.
2. Data integrity (anti-tampering) refers to maintaining and making sure that the
over its entire life cycle.
3. Authentication is the process of making sure that the piece of data being
claimed by the user belongs to it. (verifying the identity of a user )
4. Non-repudiation refers to ability to make sure that a person or a party
associated with a contract or a communication cannot deny the authenticity
of their signature over their document or the sending of a message.
Cryptographic attacks
■ Ciphertext only: attacker has only ciphertext.
■ Known plaintext: attacker has plaintext and corresponding
ciphertext.
■ Chosen plaintext: attacker can encrypt messages of his
choosing
■ Distinguishing attack: an attacker can distinguish your cipher
from an ideal cipher (random permutation).
Kerckhoffs’ Principle
■ The security of an encryption system must depend
only on the key, not on the secrecy of the
algorithm.
■ Nearly all proprietary encryption systems have been broken
(Enigma, DeCSS, zipcrack).
■ Secure systems use published algorithms (PGP, OpenSSL,
Truecrypt).
Classical Encryption Techniques

• Cryptographic systems are characterized along three independent dimensions:

• The type of operations used for transforming plaintext to ciphertext.
• All encryption algorithms are based on two general principles: substitution,
in which each element in the plaintext (bit, letter, group of bits or letters) is
mapped into another element, and transposition, in which elements in the
plaintext are rearranged.
• The number of keys used.
• The way in which the plaintext is processed. (Block cipher or Stream cipher)
TRANSPOSITION
SUBSTITUTION
 Lecture 1.2
Symmetric cryptography,
AES
Types of cryptosystem
• Symmetric Cryptosyatem: If both sender and receiver use the same key, the
system is referred to as symmetric, single-key, secret-key, or conventional
encryption.
• Asymmetric Cryptosyatem: If the sender and receiver use different keys, the
system is referred to as asymmetric, two-key, or public-key encryption.
Symmetric Key Crypto System
Also known as SECRET KEY, SINGLE
KEY, PRIVATE KEY

Assumption: Sender and Receiver

share already a secret key

Requires solution to key-distribution

problem

“STRONGER” ALGORITHMS
⮚DES – No longer considered safe
WEAK ALGORITHMS ⮚Triple-DES
⮚Classical substitution and transposition ciphers ⮚AES (Rijndael)
⮚IDEA
⮚RC5, RC6
⮚Blowfish
⮚Many others
 Encryption & Decryption

Key (K)

Plaintext (P) Encrypt (E) Ciphertext (C)

C = EK (P)
Same
Key (K)
Ciphertext (C) Decrypt (D) Plaintext (P)

P = DK (C)

P = DK (EK (P))
 AES- Advanced Encryption Standard
• The Advanced Encryption Standard (AES) was published by NIST
(National Institute of Standards and Technology) in 2001.
• AES is a symmetric block cipher that is intended to replace DES as
the approved standard for a wide range of applications.
• For block cipher the size of cipher text should be same as plane
text.
• Also known as Rijndael algorithm
• AES uses a block size of 128 bits
• converts these individual blocks using keys of 128, 192, and 256
bits
• Once it encrypts these blocks, it joins them together to form the
cipher text based on a substitution-permutation network, known
as SP network
AES- Advanced Encryption Standard
AES- Advanced
Encryption
Standard
 Lecture 3
Asymmetric Cryptography
Public-Key Cryptosystems

• Asymmetric algorithms rely on one key for encryption and a different but related
key for decryption. These algorithms have the following important characteristic:
• It is computationally infeasible to determine the decryption key given only
knowledge of the cryptographic algorithm and the encryption key.

• In addition, some algorithms, such as RSA, also exhibit the following

characteristic:
• Either of the two related keys can be used for encryption, with the other
used for decryption.
• A public-key encryption scheme has six ingredients
• Plaintext: This is the readable message or data that is fed into the algorithm as input.
• Encryption algorithm: The encryption algorithm performs various transformations on
the plaintext.
• Public and private keys: This is a pair of keys that have been selected so that if one is
used for encryption, the other is used for decryption. The exact transformations
performed by the algorithm depend on the public or private key that is provided as
input.
• Ciphertext: This is the scrambled message produced as output. It depends on the
plaintext and the key. For a given message, two different keys will produce two different
ciphertexts.
• Decryption algorithm: This algorithm accepts the ciphertext and the matching key and
produces the original plaintext.
 • The essential steps are the following:
• 1. Each user generates a pair of keys to
Encryption be used for the encryption and
decryption of messages.
• 2. Each user places one of the two keys
in a public register or other accessible
file. This is the public key. The
companion key is kept private. Each user
maintains a collection of public keys
obtained from others.
• 3. If Bob wishes to send a confidential
message to Alice, Bob encrypts the
message using Alice’s public key.
• 4. When Alice receives the message, she
decrypts it using her private key. No
other recipient can decrypt the message
because only Alice knows Alice's private
key.
Authentication
Conventional Encryption Public-Key Conventional Encryption Public-Key
Encryption Encryption
The same algorithm with the same key is One algorithm is used for encryption and
used for encryption and decryption decryption with a pair of keys, one for
encryption and one for decryption.

The sender and receiver must share the The sender and receiver must each have
algorithm and the key. one of the matched pair of keys (not the
same one).
 Applications for Public-Key Cryptosystems
• Encryption/decryption: The sender encrypts a message with the recipient's public
key.
• Digital signature: The sender "signs" a message with its private key. Signing is
achieved by a cryptographic algorithm applied to the message or to a small block of
data that is a function of the message.
• Key exchange: Two sides cooperate to exchange a session key. Several different
approaches are possible, involving the private key(s) of one or both parties.
 RSA
■ Developed in 1977 by Ron Rivest, Adi Shamir, and Len Adleman at MIT.
■ Public-key encryption technique used for secure data transmission
especially over the internet
RSA
Question
■ Explain public key cryptosystem. Perform encryption and
decryption using RSA for p=3, q=11, e= 7 and M=5
 Lecture 4
Elliptic curve Cryptography
Elliptic curve Cryptography(ECC)
• ECC is a Asymmetric/Public key Cryptosystem
• It generates security between key pairs for public key encryption by using the mathematics of elliptic
curves.
• ECC is an alternative technique to RSA
• The biggest difference between ECC and RSA is the greater cryptographic strength that ECC offers
for equivalent key size.
• An ECC key is more secure than an RSA key of the same size.
Elliptic curve Cryptography(ECC)
• It makes use of Elliptic Curves
• Standard form of Elliptic curves are:
• An elliptic curve for current ECC purposes is a plane curve over a
finite field which is made up of the points satisfying the
equation:

y²=x³ + ax + b
• a, b are constants
• equation is of 3rd degree
 Properties of Elliptic curves

• Symmetric with respect to X axis

• If we draw a line it will touch
maximum of 3 points
• Curve can be extended to infinity.
• In the figure curve is limited to a
finite range defined by ‘n’
 Trap door function
• A trapdoor function is a function that is
easy to compute in one direction, yet
difficult to compute in the opposite
direction (finding its inverse) without
special information, called the "trapdoor".
• Trapdoor functions are a special case
of one-way functions and are widely used
in public-key cryptography.
 Elliptic Curve Discrete Logarithm Problem
(ECDLP)
• Elliptic Curve Discrete Logarithm Problem (ECDLP) is a mathematical problem that is
central to the security of elliptic curve cryptography (ECC) algorithms.
• ECDLP is the problem of finding the integer value "k" that satisfies the equation "P =
kG", where P is a point on an elliptic curve, G is a known generator point, and k is an
unknown integer.
• The ECDLP is considered to be a hard mathematical problem, and solving it is believed to
be computationally infeasible for large values of k. This makes ECC a secure encryption
method, as it is difficult for an attacker to determine the private key from the public key,
which is based on the solution to the ECDLP.
 Elliptic Curve Discrete Logarithm Problem
(ECDLP)
Let E(a, b) be the Elliptic curve.
Consider the equation
Q=K.P
Q,P are points on curve
K<n where n is the field limiter
If K and P given it is easy to calculate Q
If P and Q given it is difficult to calculate K
This mathematical problem called Elliptic Curve Discrete
Logarithm Problem (ECDLP) will add the security feature of
ECC
It is a one way function
 ECC Algorithm
• Step 1: Key Generation and exchange
• In this step, a public/private key pair is generated for the intended recipient of
encrypted messages. The private key is kept secret by the recepient and the public
key is made available to anyone who wants to send an encrypted message to the
recipient.
• Step 2: Encryption
• The sender of the message obtains the recipient's public key and uses it to encrypt
the message. The encrypted message can be decrypted only with the recipient's
private key.
• Step 3: Decryption
• The recipient uses their private key to decrypt the message, which was encrypted
with their public key
ECC Algorithm:
Key Exchange
ECC: Encryption
ECC: Decryption
 Lecture 5
Digital Signatures
 DIGITAL SIGNATURES
In situations where there is no complete trust
between sender and receiver, something more
than authentication is needed.

The most attractive solution to this problem is

the digital signature.

The digital signature must have the following

properties:

• It must verify the author and the

date and time of the signature.

• It must authenticate the contents at

the time of the signature.

• It must be verifiable by third

parties, to resolve disputes.
 Digital Signature Requirements
• The signature must be a bit pattern that depends on the message being signed.
• The signature must use some information unique to the sender to prevent both forgery
and denial.
• It must be relatively easy to produce the digital signature.
• It must be relatively easy to recognize and verify the digital signature.
• It must be computationally infeasible to forge a digital signature, either by constructing a
new message for an existing digital signature or by constructing a fraudulent digital
signature for a given message.
• It must be practical to retain a copy of the digital signature in storage.
RSA Digital Signature Process
RSA Signature
• The RSA algorithm can be used to sign and verify a message.
• In this case it is called as RSA digital signature scheme

• Normal RSA algorithm:

• Public Key: (e,n)
• Private Key: (d,n)
• Encryption (sender side) : C = Me mod n (Receivers Public Key)
• Decryption (receiver side) : M = Cd mod n (Receivers private key)

• For signing and verifying:

• For signing (sender side) : S = Md mod n (Senders private key)
• For Verifying (receiver side) : M’ = Se mod n (Senders public key)
• M’ is the copy message created at receiver end for verification purpose.
• The message is hashed before signing.
RSA Signature.
RSA Key Generation and Digital
Signature Algorithm • RSA Digital Signature Scheme: In
RSA, d is private; e and n are
public.
• Alice creates her digital signature
using S=M^d mod n where M is
the message
• Alice sends Message M and
Signature S to Bob
• Bob computes M1=S^e mod n
• If M1==M then Bob accepts the
data sent by Alice.
 Lecture 6
Secure Hash Algorithm SHA-256
 Secure Hash Function in Block Chain
Components of a single block in block chain
Block chain
• Tampering a single block makes the hash value invalid and as a result
all the subsequent blocks becomes invalid
 Secure Hash Functions
Authentication Algorithm can be classified into
1. Message Encryption - uses encryption algorithm
2. Message Authentication Code - generates fixed length code
3. Hash Function - generates fixed length code

■ Message authentication code - uses the message authentication function on the plain
text along with the key to generate fixed length code. This fixed length code will be
appended with the message and send to the receiver for authentication
■ hash function do not use the key for generating the fixed length code
 Secure Hash Function in Block Chain
• Each block in the blockchain contains the hash of the previous block header
within its header.
• This ensures that changing a single block in the blockchain without detection is
impossible.
• Modifying one block in the chain requires generating new versions of every
following block as well, increasing the difficulty and helping to preserve the
integrity of the blockchain’s digital ledger
 Secure Hash Function in Block Chain
Some of the most common uses of hash function in blockchain include:
• Digital signatures: Hash functions are a vital part of digital signature algorithms,
summarizing the data to a compact value while preserving its integrity. Digital signatures
are used for preserving data integrity and authentication for blockchain transactions and
blocks
• Merkle trees: Merkle tree summarizes a list of transactions contained within a block into
a single value within a block header. They use hash functions to ensure that it is infeasible
to find two Merkle trees with the same root hash. This way, by storing the root hash
within a block header and protecting the integrity of the block header, the integrity of the
transactions contained within the block’s body is protected as well
• Proof of Work consensus: The Proof of Work consensus algorithm defines a valid block
as one whose header has a hash value less than a given threshold.
 SHA- 256

• one of the strongest hash functions

available
• Secure communications for websites and
web services are based on files known as
certificates
• They are used to establish and
authenticate secure connections
• These certificates contain cryptographic
elements that are generated using
algorithms such as SHA-256
Step 4:Single round in SHA 256
Step 4
Step 5:Append the final Hash values

• Step 6:Append the final Hash values

 Lecture 7
Applications of Cryptographic Hash Functions:
Merkle Tree and Distributed Hash Functions
 Merkle Tree
■ fundamental part of blockchain technology
■ mathematical data structure composed of hashes of
different blocks of data, and which serves as a
summary of all the transactions in a block
■ allows for efficient and secure verification of content in
a large body of data
 Merkle Tree
■ Both Bitcoin and Ethereum use Merkle Trees structure
■ also known as Binary Hash Tree
■ used to encrypt blockchain data more efficiently and
securely
■ enables quick and secure content verification across
big datasets and verifies the consistency and content
of the data
Merkle Root
 Merkle Tree Working
■ totals all transactions in a block and generates a
digital fingerprint of the entire set of operations,
allowing the user to verify whether it includes a
transaction in the block
■ Each non-leaf node is a hash of its previous hash,
and every leaf node is a hash of transactional data
Merkle Tree
 Merkle Tree Working
■ Merkle Root is stored in the block header
■ block header is the part of the bitcoin block which
gets hash in the process of mining
■ It contains the hash of the last block, a Nonce, and
the Root Hash of all the transactions in the current
block in a Merkle Tree
 Merkle Tree Working
■ having the Merkle root in block header makes the
transaction tamper-proof
■ As this Root Hash includes the hashes of all the
transactions within the block, these transactions may
result in saving the disk space
Merkle Tree Working
 Merkle Tree Benefits
■ Validates the data's integrity effectively
■ Compared to other data structures, the Merkle
tree takes up very little disk space
■ can be broken down into small pieces of data
for verification
■ data format is efficient, and verifying the
data's integrity takes only a few moments.
 Distributed Hash Tables
■ a decentralized data store based on key-value pairs
■ Every node is responsible for a set of keys and their
associated values
■ The key is a unique identifier for its associated data
value, created through a hashing function
■ The data values can be any form of data
 Distributed Hash Tables
■ provide an easy way to find information in a large
collection of data
■ each node stores the key partitioning scheme so
that if it receives a request to access a given key, it
can quickly map the key to the node that stores the
data
■ It then sends the request to that node
 Distributed Hash Tables
■ nodes can be easily added or removed
University Model QP
Some reference Links
• AES algorithm : https://www.youtube.com/watch?v=X8whYEWoDSI
• Elliptic Curve:
https://www.youtube.com/watch?v=agKfhxm2kjA&t=300s
• RSA: https://www.youtube.com/watch?v=-0slxSL9B6A
THANK YOU