Unit 2

Contents:
Cryptographic basics, transposition cipher, substitution cipher,
Block and Stream cipher, Steganography,
Public v/s private key encryption,
Private key encryption: DES,
Public key encryption: RSA,
Key management, Key exchange – Diffie-Hellman
Digital Signature, One way hash functions

Slide #1-1
General idea of symmetric-key cipher

Slide #1-2
Substitution Ciphers
• A substitution cipher replaces one symbol with another.
• Substitution ciphers can be categorized as either
monoalphabetic ciphers or polyalphabetic ciphers.

A substitution cipher replaces one

symbol with another.

Slide #1-3
Monoalphabetic Substitution
Ciphers

In monoalphabetic substitution, the

relationship between a symbol in the
plaintext to a symbol in the cipher text
is always one-to-one.

Slide #1-4
 Examples

Example 1
The following shows a plaintext and its corresponding ciphertext.
The cipher is probably monoalphabetic because both l’s (els) are
encrypted as O’s.

Example 2
The following shows a plaintext and its corresponding ciphertext.
The cipher is not monoalphabetic because each l (el) is encrypted
by a different character.

Plaintext: hello Ciphertext: KHOLR

 Additive Cipher
The simplest monoalphabetic cipher is the additive cipher. This
cipher is sometimes called a shift cipher and sometimes a Caesar
cipher, but the term additive cipher better reveals its
mathematical nature.

Plaintext and ciphertext in Z26

 Additive cipher

Note

When the cipher is additive, the

plaintext, ciphertext, and key are
integers in Z26.
3.7
 Example:

Use the additive cipher with key = 15 to encrypt the message

“hello”.
Solution

We apply the encryption algorithm to the plaintext, character by

character:

3.8
 Example 3.4
Use the additive cipher with key = 15 to decrypt the message
“WTAAD”.

Solution
We apply the decryption algorithm to the plaintext character by
character:

3.9
 Shift Cipher and Caesar Cipher
Historically, additive ciphers are called shift ciphers. Julius
Caesar used an additive cipher to communicate with his officers.
For this reason, additive ciphers are sometimes referred to as the
Caesar cipher. Caesar used a key of 3 for his communications.

Note

Additive ciphers are sometimes referred

to as shift ciphers or Caesar cipher.
 Example
Eve has intercepted the Cipher text “UVACLYFZLJBYL”. Show
how she can use a brute-force attack to break the cipher.
Solution
Eve tries keys from 1 to 7. With a key of 7, the plaintext is “not
very secure”, which makes sense.

3.11
 Polyalphabetic Ciphers

In polyalphabetic substitution, each occurrence of a

character may have a different substitute. The
relationship between a character in the plaintext to a
character in the ciphertext is one-to-many.

Autokey Cipher
 Auto Key Cipher
Assume that Alice and Bob agreed to use an autokey cipher with
initial key value k1 = 12. Now Alice wants to send Bob the message
“Attack is today”. Enciphering is done character by character.

3.20
 Playfair Cipher

Let us encrypt the plaintext “hello” using the key

3.21
 Vigenere Cipher

We can encrypt the message “She is listening” using the 6-

character keyword “PASCAL”.

3.22
Let us see how we can encrypt the message “She is listening” using
the 6-character keyword “PASCAL”. The initial key stream is (15,
0, 18, 2, 0, 11). The key stream is the repetition of this initial key
stream (as many times as needed).

3.23
 TRANSPOSITION CIPHERS
A transposition cipher does not substitute one symbol for another,
instead it changes the location of the symbols.

Note

A transposition cipher reorders symbols.

Topics discussed in this section:

Keyless Transposition Ciphers
Keyed Transposition Ciphers
Combining Two Approaches
3.24
 Keyless Transposition Ciphers

Simple transposition ciphers, which were used in the

past, are keyless.

A good example of a keyless cipher using the first method is the

rail fence cipher. The ciphertext is created reading the pattern
row by row. For example, to send the message “Meet me at the
park” to Bob, Alice writes

She then creates the ciphertext “MEMATEAKETETHPR”.

3.25
 Examples

Alice and Bob can agree on the number of columns and use the
second method. Alice writes the same plaintext, row by row, in a
table of four columns.

She then creates the ciphertext “MMTAEEHREAEKTTP”.

3.26
 3.3.2 Keyed Transposition Ciphers

The keyless ciphers permute the characters by using

writing plaintext in one way and reading it in another
way The permutation is done on the whole plaintext to
create the whole cipher text. Another method is to divide
the plaintext into groups of predetermined size, called
blocks, and then use a key to permute the characters in
each block separately.

3.27
 3.3.2 Continued
Example 3.25

Alice needs to send the message “Enemy attacks tonight” to Bob..

The key used for encryption and decryption is a permutation key,

which shows how the character are permuted.

The permutation yields

3.28
Combining Two Approaches

3.29
Double Transposition Ciphers

3.30
DES( Data Encryption
Standard)

The Data Encryption Standard (DES) is a symmetric-key block cipher

published by the National Institute of Standards and Technology (NIST).

History
In 1973, NIST published a request for proposals for a national
symmetric-key cryptosystem.
A proposal from IBM, a modification of a project called Lucifer, was
accepted as DES. DES was published in the Federal Register in March
1975 as a draft of the Federal Information Processing Standard (FIPS).

Slide #1-31
 Overview

DES is a block cipher

Encryption and decryption with DES

DES STRUCTURE

The encryption process is made of two permutations (P-boxes),

which we call initial and final permutations, and sixteen Feistel
rounds.

6.33
 Rounds

DES uses 16 rounds. Each round of DES is a Feistel

cipher.

A round in DES
(encryption site)
 DES Function

The heart of DES is the DES function. The DES function

applies a 48-bit key to the rightmost 32 bits to produce a
32-bit output.

DES function
Expansion P-box
Since RI−1 is a 32-bit input and KI is a 48-bit key, we first
need to expand RI−1 to 48 bits.

Expansion permutation

6.38
Although the relationship between the input and output
can be defined mathematically, DES uses to define this P-
box.
Expansion P-box table

6.39
 Continue

Whitener (XOR)
After the expansion permutation, DES uses the XOR
operation on the expanded right section and the round
key. Note that both the right section and the key are 48-
bits in length. Also note that the round key is used only in
this operation.

6.40
 Continue

S-Boxes
The S-boxes do the real mixing (confusion). DES uses 8
S-boxes, each with a 6-bit input and a 4-bit output.

S-boxes

6.41
 Continue

S-box rule

6.42
 Continue
Table shows the permutation for S-box 1. For the rest of
the boxes see the textbook.

S-box 1

6.43
 Continued

The input to S-box 1 is 100011. What is the output?

Solution
If we write the first and the sixth bits together, we get 11 in
binary, which is 3 in decimal. The remaining bits are 0001 in
binary, which is 1 in decimal. We look for the value in row 3,
column 1, in Table 6.3 (S-box 1). The result is 12 in decimal,
which in binary is 1100. So the input 100011 yields the output
1100.

6.44
 Continued

The input to S-box 8 is 000000. What is the output?

Solution
If we write the first and the sixth bits together, we get 00 in
binary, which is 0 in decimal. The remaining bits are 0000 in
binary, which is 0 in decimal. We look for the value in row 0,
column 0, in Table 6.10 (S-box 8). The result is 13 in decimal,
which is 1101 in binary. So the input 000000 yields the output
1101.

6.45
 Continue

Straight Permutation

Straight permutation table

6.46
 Key generation

6.47
Key-compression table
Modular Arithmetic
The (mod n) operator maps all integers into the set of integers {0,1,
... (n 1)}.
PROPERTIES
1. [(a mod n) + (b mod n)] mod n = (a + b) mod n
2. [(a mod n) x (b mod n)] mod n = (a X b) mod n

Slide #1-49
Why Public Key
Cryptography?
developed to address two key issues:
 key distribution – how to have secure
communications in general without having to
trust a KDC with your key
 digital signatures – how to verify a message

comes intact from the claimed sender

07/08/23 Slide #1-50

Public Key Cryptography
public-key/two-key/asymmetric cryptography
involves the use of two keys:
 a public-key, which may be known by anybody, and can be used to encrypt
messages, and verify signatures
 a related private-key, known only to the recipient, used to decrypt
messages, and sign (create) signatures
infeasible to determine private key from public
is asymmetric because
 those who encrypt messages or verify signatures cannot decrypt messages
or create signatures

07/08/23 Slide #1-51

Public-Key Cryptography
Symmetric vs Public-Key
 Public-Key Applications
 can classify uses into 3 categories:
 encryption/decryption (provide secrecy)
 digital signatures (provide authentication)
 key exchange (of session keys)
 some algorithms are suitable for all uses,
others are specific to one
 RSA
 by Rivest, Shamir & Adleman of MIT in 1977
 best known & widely used public-key scheme
 uses large integers (eg. 1024 bits)
 security due to cost of factoring large numbers
 RSA En/decryption
 to encrypt a message M the sender:
 obtains public key of recipient PU={e,n}
 computes: C = Me mod n, where 0≤M<n
 to decrypt the ciphertext C the owner:
 uses their private key PR={d,n}
 computes: M = Cd mod n
 note that the message M must be smaller
than the modulus n (block if needed)
 RSA Key Setup
 each user generates a public/private key pair by:
 selecting two large primes at random: p, q
 computing their system modulus n=p.q
 note ø(n)=(p-1)(q-1)
 selecting at random the encryption key e
 where 1<e<ø(n), gcd(e,ø(n))=1

 solve following equation to find decryption key d

 e.d=1 mod ø(n) and 0≤d≤n

 publish their public encryption key: PU={e,n}

 keep secret private decryption key: PR={d,n}
 RSA Example - Key Setup
1. Select primes: p=17 & q=11
2. Calculate n = pq =17 x 11=187
3. Calculate ø(n)=(p–1)(q-1)=16x10=160
4. Select e: gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160
Value is d=23 since 23x7=161= 10x60+1
6. Publish public key PU={7,187}
7. Keep secret private key PR={23,187}
 RSA Example - En/Decryption
 sample RSA encryption/decryption is:
 given message M = 88 ( 88<187)
 encryption:
C = 887 mod 187 = 11
 decryption:
M = 1123 mod 187 = 88
Key Management and
Distribution
Symmetric schemes require both parties to share
a common secret key

Public key schemes require parties to acquire valid

public keys

Have concerns with doing both

Slide #1-60
 Key Distribution
 symmetric schemes require both parties to share a
common secret key
 Issue is how to securely distribute this key while
protecting it from others
 Frequent key changes can be desirable
 Often secure system failure due to a break in the key
distribution scheme
 Key Distribution
 Given parties A and B have various key distribution
alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can use
previous key to encrypt a new key
4. if A & B have secure communications with a
third party C, C can relay key between A & B
 Key Hierarchy
 Typically have a hierarchy of keys
 Session key
 Temporary key

 Used for encryption of data between users

 For one logical session then discarded

 Master key
 used to encrypt session keys

 shared by user & key distribution center

Key Agreement in Symmetric
Crypto
For a group of N parties, every pair needs to share a different key
◦ Needs to establish N(N-1)/2 keys

Solution: Uses a central authority, a.k.a., Trusted Third Party (TTP)

◦ Every party shares a key with a central server.
◦ How to achieve that in an organization with many users?

64
Needham-Schroeder Shared-Key
Protocol: Use Trusted Third
Party
Parties: A, B, and trusted server T
Setup: A and T share KAT, B and T share KBT
Goal: Mutual entity authentication between A and B; key
establishment
A  T: A, B, NA (1)
A  T: E[KAT] (NA, B, k, E[KBT](k,A)) (2)
A  B: E[KBT] (k, A) (3)
A  B: E[k] (NB) (4)
A  B: E[k] (NB-1) (5)

07/08/23 Slide #1-65

 Symmetric Key Distribution Using
Public Keys
 Public key cryptosystems are inefficient because
 So almost never use for direct data encryption

 Rather use to encrypt secret keys for distribution

 Secret Key Distribution with
Confidentiality and Authentication
 Hybrid Key Distribution
 Retain use of private-key KDC
 Shares secret master key with each user
 Distributes session key using master key
 Public-key used to distribute master keys
 especially useful with widely distributed users
 Distribution of Public Keys
 Can be considered as using one of:
 public announcement
 publicly available directory
 public-key authority
 public-key certificates
Diffie-Hellman Key Exchange
 first public-key type scheme proposed
 Astounding concept that two parties can
carry on a public conversation, and still
end up with a secret that only the two of
them know!
 Public Secret Sharing
 Shared secret is derived from private
secrets and publically shared information
Diffie-Hellman Key Exchange
 first public-key type scheme proposed
 by Diffie & Hellman in 1976 along with the
exposition of public key concepts
 note: now know that Williamson (UK CESG)
secretly proposed the concept in 1970
 is a practical method for public exchange
of a secret key – in practice, a “pre-key”
 used in a number of commercial products
Diffie-Hellman Key Exchange
 a public-key distribution scheme
 cannot be used to exchange an arbitrary
message
 rather it can establish a common key

 known only to the two participants

 value of key depends on the participants

(and their private and public key
information)
Diffie-Hellman Key Exchange
 Derivation of shared secret is based on
exponentiation in a finite (Galois) field
(modulo a prime or a polynomial)
- easy
 security relies on the difficulty of working
backward to get secrets by computing
discrete logarithms (similar to factoring)
– hard
 Diffie-Hellman Setup
 all users agree on global parameters:
 large prime integer or polynomial q
 a, which is a primitive root mod q
 each user (e.g. A) generates their key
 chooses a secret key (number): xA < q
xA
 computes their public key: yA = a mod q
 each user makes public that key yA
Diffie-Hellman Key Exchange
 shared session key for users A & B is K :
AB
xA.xB
KAB = a mod q
xB
= y A mod q
(which B can compute)
xA
= y B mod q
(which A can compute)

Each principal has the other's public key and

their own secret, along with a and q.
 Diffie-Hellman Key Exchange
Bob Agree on a and q Alice
xB
yB = a mod q
xA
yA = a mod q
xB xA
KAB = y
A mod q KAB = y B mod q

Both Alice and Bob have

xA.xB
KAB = a mod q
Diffie-Hellman Key Exchange
K is used as session key (or pre-key) in
AB
private-key encryption scheme between
Alice and Bob
 if Alice and Bob subsequently
communicate, they will have the same key
as before, unless they choose new public-
keys (can use nonces and pre-key to
make session key different)
 attacker needs a private key x, must solve
discrete log base a modulo q to get it
 Diffie-Hellman Example
 users Alice & Bob who wish to swap keys:
 agree on prime q=353 and a=3
 select random secret keys:

A chooses xA=97, B chooses xB=233
 compute respective public keys:
97

yA=3 mod 353 = 40 (Alice)
233

yB=3 mod 353 = 248 (Bob)
 compute shared session key as:
xA 97

KAB= yB mod 353 = 248 = 160 (Alice)
xB 233

KAB= yA mod 353 = 40 = 160 (Bob)
 Key Exchange Protocols
 users could create random private/public
D-H keys each time they communicate
 users could create a known private/public
D-H key and publish in a directory, then
consult and use them to securely
communicate with them
 both of these are vulnerable to a Man-in-
the-Middle Attack
 authentication of the keys is needed
Digital
Signatures
 Requirement for Digital
Signatures
Message authentication protects two parties who exchange messages from any
third party.
However, it does not protect the two parties against each other. Several forms of
dispute between the two are possible.
Digital signatures provide the ability to:
◦ Verify author, date & time of signature
◦ Authenticate message contents
◦ Be verified by third parties to resolve disputes

Hence include authentication function with additional capabilities

Definition
A digital signature is a construct that authenticates both the origin and
contents of a message in a manner that is provable to a disinterested
third party.
Properties
A digital signature must meet two primary conditions:
◦ It must be unforgeable: If a person P signs message M with signature S(P,M),
it is impossible for anyone else to produce the pair [M,S(P,M)]
◦ It must be authentic: If a person R receives the pair [M, S(P,M)] purportedly
from P,R can check that the signature is really from P.
DSS and RSA
Signatures- Two types
DSS Approach for Digital
Signature
The DSS approach also makes use of a hash function.
◦ Sender side
◦ The hash code is provided as input to a signature function along with a
random number k generated for this particular signature.
◦ The signature function also depends on the sender's private key (PR a)
and a set of parameters known to a group of communicating
principals. We can consider this set to constitute a global public key
(PUG).
◦ The result is a signature consisting of two components- labeled s and r
DSS Approach for Digital
Signature
Receiver side
At the receiving end, the hash code of the incoming message is
generated.
This plus the signature is input to a verification function. The
verification function also depends on the global public key as well
as the sender's public key (PUa), which is paired with the sender's
private key.
The output of the verification function is a value that is equal to the
signature component r if the signature is valid.
The signature function is such that only the sender, with
knowledge of the private key, could have produced the valid
signature.
Stream and Block Ciphers
Block Cipher: Let E be an encipherment algorithm and Let Ek(b) be the
encipherment of message b with key k. Let a message m= b1b2…., where
bi is of a fixed length. Then a block cipher is a cipher for which Ek(m)=
Ek(b1)Ek(b2)……

Stream Cipher: Let E be an encipherment algorithm and let Ek(b) be the

encipherment of message b with key k. Let a message m= b1b2….,
where bi is of a fixed length and let k= k1k2k3…… Then a stream cipher
is a cipher for which Ek(m)=Ek1(b1)Ek2(b2)….

If the key stream k of a stream cipher repeats itself, it is a periodic cipher.

Hash Function
The hash value represents
concisely the longer message
◦ may called the message digest

A message digest is as a ``digital

fingerprint'' of the original
document
condenses arbitrary message to fixed size
h = H(M)

96
 Hash Function
•A hash function H accepts a variable-length block of data M as input and
produces a fixed-size hash value h = H(M).
•A "good" hash function has the property that the results of applying the
function to a large set of inputs will produce outputs that are evenly distributed,
and apparently random.
•In general terms, the principal object of a hash function is data integrity.
• A change to any bit or bits in M results, with high probability, in a change to the
hash code.
•Previous Figure depicts the general operation of a cryptographic hash function.
•Typically, the input is padded out to an integer multiple of some fixed length
(e.g., 1024 bits) and the padding includes the value of the length of the original
message in bits.

07/08/23 Slide #1-97

Hash Function
The kind of hash function needed for security applications is referred to
as a cryptographic hash function.
A cryptographic hash function is an algorithm for which it is
computationally infeasible (because no attack is significantly more
efficient than brute force) to find either (a) a data object that maps to a
pre-specified hash result (the one-way property) or (b) two data objects
that map to the same hash result (the collision-free property).
 Because of these characteristics, hash functions are often used to
determine whether or not data has changed.

07/08/23 Slide #1-98

 Hashing V.S.
Encryption
Hello, world. k NhbXBsZSBzZW50ZW5jZS
A sample sentence to E B0byBzaG93IEVuY3J5cHR
show encryption. pb24KsZSBzZ

Hello, world. k NhbXBsZSBzZW50ZW5jZS

A sample sentence to D
B0byBzaG93IEVuY3J5cHR
show encryption. pb24KsZSBzZ

 Encryption is two way, and requires a key to encrypt/decrypt

This is a clear text that

can easily read without 52f21cf7c7034a20
using the key. The 17a21e17e061a863
sentence is longer than
the text above.
◦ Hashing is one-way. There is no 'de-hashing’
 Integrity

to create a one-way password file

◦ store hash of password not actual password

for intrusion detection and virus detection

◦ keep & check hash of files on system
 Password Verification
Store Hashing Password Verification an input password against the stored hash

Iam#4VKU Iam#4VKU
Passwor
d store
h h

661dce0da2bc 661dce0da2bc 661dce0da2bc

b2d8 b2d8 b2d8
2884e0162acf 2884e0162acf 2884e0162acf
8194 8194 Hash Matching
8194
Exactly?
Passwor
Yes No
d store Deny
Grant
Hash Function Usages (I)

Message encrypted : Confidentiality and authentication

Message unencrypted: Authentication

Hash Function Usages (II)

Message encrypted : Authentication (no encryption needed!)

Message unencrypted: Authentication, confidentiality

Hash Function Usages (III)

Authentication, digital signature

Authentication, digital signature, confidentiality