CRYPTOGRAPHY

PRESENTED BY

REKHA SHEEL KOUSALYA

3/4CSE 3/4ECE

BAPATLA ENGINEERING COLLEGE

E-MAIL-ID:

rekhasheel@gmail.com

1
ABSTRACT
Cryptography has a long and colourful history. Historically, four groups
of people have used and contributed to the art of cryptography; the military,
the diplomatic corps, diarists, and lovers. Of these the military has had the
most important role and has shaped the field. Within military organizations,
the messages to be encrypted have traditionally been given to poorly paid
code clerks for encryption and transmission. The sheer volume of messages
prevented this work from being done by a few elite specialists. Until the
advent of computers, one of the main constraints on cryptography had been
the ability of the code clerk to perform the necessary transformations, often
on a battlefield with little equipment. An additional constraint has been the
difficulty in switching over quickly from one cryptographic method to another
one, since this entails retraining a large number of people.

What is cryptography:
Cryptography is the field concerned with linguistic and mathematical
techniques for securing information, particularly in communications.
Historically, cryptography was concerned solely with encryption; that is,
means of converting information from its normal, comprehensible form into
an incomprehensible format, rendering it unreadable without secret
knowledge

Encryption (or enciphering) is the process of converting ordinary

information (plaintext) into an unreadable form, termed ciphertext,. Its
purpose is to ensure privacy by keeping information hidden from anyone
for whom it is not intended, even those who have access to the encrypted
data. Decryption is the reverse of encryption; it is the transformation of
encrypted data back into a form that that is understandable.

Encryption and decryption generally require the use of some secret

information, referred to as a key. For some encryption mechanisms, the
same key is used for both encryption and decryption; for other
mechanisms, the keys used for encryption and decryption are different
Encryption was used primarily to ensure secrecy in important

2
 communications, such as those of spies, military leaders, and diplomats.
In recent decades, however, the field of cryptography has expanded its
remit: modern cryptography provides mechanisms for more than just
keeping secrets and has a variety of applications including, for example,
authentication, digital signatures, electronic voting and digital cash.
Moreover, people without extraordinary needs for secrecy use
cryptographic technology, which is often built transparently into much of
computing and telecommunications infrastructure.

Cryptography is an interdisciplinary subject, drawing from several fields.

Older forms of cryptography were chiefly concerned with patterns in
language. More recently, the emphasis has shifted, and cryptography makes
extensive use of mathematics, particularly discrete mathematics, including
topics from number theory, information theory, computational complexity,
statistics and combinatorics. Cryptography is also considered a branch of
engineering, but it is considered to be an unusual one as it deals with active,
intelligent and malevolent opposition. Cryptography is a tool used within
computer and network security.

History of cryptography:

Cryptography has had a long and colourful history. Generally, the earliest
forms of secret writing (now collectively termed classical cryptography)
required only pen and paper. The two main categories of classical ciphers are
transposition ciphers, which rearrange the order of letters in a message, and
substitution ciphers, which systematically replace letters or groups of letters
with other letters or groups of letters. One of the earliest and simplest
substitution ciphers was the Caesar cipher, used by Julius Caesar. Text
encrypted by classical ciphers tends to reveal a certain statistical information
about the plaintext. By using this information, classical ciphers are easily
broken. Classical ciphers still enjoy popularity today, though mostly as
puzzles.

With the advent of digital computers and electronics, very complex

ciphers could be implemented. A characteristic of computer ciphers is that
they operate on binary strings, unlike classical and mechanical schemes,

3
which use an alphabet of around 26 letters (depending on the language).
Computer ciphers are also much more resistant to cryptanalysis; few are
susceptible to a ciphertext-only attack.

Extensive academic research into modern cryptography is relatively

recent — it only began in the open community during the 1970s with the
specification of the Data Encryption Standard (DES) and the invention of
RSA. Since then, cryptography has become a widely-used tool in
communications and computer security.

Why is cryptography important?

Cryptography allows people to carry over the confidence found in the

physical world to the electronic world, thus allowing people to do business
electronically without worries of deceit and deception. Every day hundreds of
thousands of people interact electronically, whether it is through e-mail, e-
commerce (business conducted over the Internet), ATM machines, or cellular
phones. The perpetual increase of information transmitted electronically has
lead to an increased reliance on cryptography

Popular tecniques used in cryptography:

There are two types of cryptosystems: secret-key and public-key

cryptography

Secret key cryptography:

Other terms for symmetric-key encryption are single-key and

private-key encryptionSymmetric key ciphers either use the same key for
encryption and decryption,

Symmetric key ciphers can be broadly grouped into block ciphers and stream
ciphers. Stream ciphers encrypt one bit at a time, in contrast to a block
cipher, which operates on a group of bits (a "block") of a certain length all in
one go. Depending on the mode of operation, block ciphers can be
implemented as self-synchronizing stream ciphers (CFB mode). Likewise,
stream ciphers can be made to work on individual blocks of plaintext at a
time. Thus, there is some duality between the two. The block ciphers

4
DES(Data encrption standard), IDEA (International data encrption
algorithm)and AES(Advanced encryption standard), and the stream cipher
RC4, are among the most well-known symmetric key ciphers.

Public key crptography:

In public key encryption there are two keys used, a public and a private
key, with the public key for encryption and the private key for decryption. It
must be difficult to derive the private key from the public key. This means
that someone can freely send their public key out over an insecure channel
and yet be sure that only they can decrypt messages encrypted with it.

Public key cryptography is a form of cryptography which generally

allows users to communicate securely without having prior access to a
shared secret key. This is done by using a pair of cryptographic keys,
designated as public key and private key, which are related
mathematically.

The term asymmetric key cryptography is a synonym for public key

cryptography.

In public key cryptography, the private key is generally kept secret, while
the public key may be widely distributed. In a sense, one key "locks" a lock;
while the other is required to unlock it. It should not be possible to deduce
the private key of a pair given the public key.

There are many forms of public key cryptography, including:

• public key encryption — keeping a message secret from anyone that

does not possess a specific private key.
• public key digital signature — allowing anyone to verify that a
message was created with a specific private key.
• key agreement — generally, allowing two parties that may not
initially share a secret key to agree on one.

5
Use of cryptography: for Secure communications

Cryptography is commonly used for securing communications. Desired

properties can include:

1. Confidentiality, also known as secrecy: only an authorised recipient

should be able to extract the contents of the message from its
encrypted form. Otherwise, it should not be possible to obtain any
significant information about the message contents.
2. Integrity: the recipient should be able to determine if the message has
been altered during transmission.
3. Authentication: the recipient should be able to identify the sender, and
verify that the purported sender actually did send the message.
4. Non-repudiation: the sender should not be able to deny sending the
message.
5. Anti-replay: the message should not be allowed to be sent multiple
times to the recipient without the sender knowing.
6. Proof of delivery: the sender should be able to prove the recipient
received the message.

Applications of cryptography:

1.Key management

Key management deals with the secure generation, distribution, and

storage of keys. Once a key is randomly generated it must remain secret to
avoid unfortunate mishaps (such as impersonation). In practice, most attacks
on public-key systems will probably be aimed at the key management level,
rather than at the cryptographic algorithm itself.

Users must be able to securely obtain a key pair suited to their efficiency
and security needs. Users must be able to legitimately obtain others' public
keys; otherwise, an intruder can either change public keys listed in a
directory, or impersonate another user. Certificates are used for this
purpose. Certificates must be unforgeable. The issuance of certificates must
proceed in a secure way, impervious to attack. In particular, the issuer must

6
authenticate the identity and the public key of an individual before issuing a
certificate to that individual.

If someone's private key is lost or compromised, others must be made

aware of this, so they will no longer encrypt messages under the invalid
public key nor accept messages signed with the invalid private key. Users
must be able to store their private keys securely, so no intruder can obtain
them, yet the keys must be readily accessible for legitimate use. Keys need
to be valid only until a specified expiration date but the expiration date must
be chosen properly and publicized in an authenticated channel.

2.Electronic commerce

2.1 electronic money

Electronic money (also called electronic cash or digital cash) is a term

that is still fairly vague and undefined. It refers to transactions carried out
electronically with a net result of funds transferred from one party to
another. Electronic money may be either debit or credit. Digital cash per se is
basically another currency, and digital cash transactions can be visualized as
a foreign exchange market. This is because we need to convert an amount of
money to digital cash before we can spend it. The conversion process is
analogous to purchasing foreign currency.

Since digital cash is merely an electronic representation of funds, it is

possible to easily duplicate and spend a certain amount of money more than
once. Therefore, digital cash schemes have been structured so that it is not
possible to spend the same money more than once without getting caught
immediately or within a short period of time. Another approach is to have the
digital cash stored in a secure device, which prevents the user from double
spending.

Electronic money also encompasses payment systems that are analogous

to traditional credit cards and checks. Here, cryptography protects
conventional transaction data such as an account number and amount; a

7
digital signature can replace a handwritten signature or a credit-card
authorization, and public-key encryption can provide confidentiality.

2.2 IKP

The Internet Keyed Payments Protocol (IKP) is an architecture for

secure payments involving three or more parties. Developed at IBM's T.J.
Watson Research Center and Zurich Research Laboratory, the protocol
defines transactions of a ``credit card'' nature, where a buyer and seller
interact with a third party ``acquirer,'' such as a credit-card system or a
bank, to authorize transactions. The protocol is based on public-key
cryptography.

2.3 Micro payments

Micropayments are payments of small sums of money, generally in

denominations smaller than those in which physical currency is available. It
is envisioned that sums of as little as 1/1000th of a cent may someday be
used to pay for content access or for small quantities of network resources.
Conventional electronic payment systems require too much computation to
handle such sums with acceptable efficiency. Micropayment systems enable
payments of this size to be achieved in a computationally lightweight
manner, generally by sacrificing some degree of security.

Cryptography in the real world

1.Security on the internet

S/MIME

S/MIME (Secure / Multipurpose Internet Mail Extensions) is a protocol

that adds digital signatures and encryption to Internet MIME (Multipurpose
Internet Mail Extensions) messages described in RFC 1521. MIME is the
official proposed standard format for extended Internet electronic mail. MIME
defines how the body of an e-mail message is structured. The MIME format
permits e-mail to include enhanced text, graphics, audio, and more in a
standardized manner via MIME-compliant mail systems. However, MIME itself

8
does not provide any security services. The purpose of S/MIME is to define
such services, following the syntax given in PKCS #7 for digital signatures
and encryption.

IPSEC

The Internet Engineering Task Force (IETF)'s IP Security Protocol

(IPSec) working group is defining a set of specifications for cryptographically-
based authentication, integrity, and confidentiality services at the IP
datagram layer. The IPSec group's results comprise a basis for interoperably
secured host-to-host pipes, encapsulated tunnels, and Virtual Private
Networks (VPNs), thus providing protection for client protocols residing above
the IP layer.

2.Development security products

CAPIs:

A CAPI, or cryptographic application programming interface, is an

interface to a library of functions software developers can call upon for
security and cryptography services. The goal of a CAPI is to make it easy for
developers to integrate cryptography into applications. Separating the
cryptographic routines from the software may also allow the export of
software without any security services implemented. The software can later
be linked by the user to the local security services. CAPIs can be targeted at
different levels of abstraction, ranging from cryptographic module interfaces
to authentication service interfaces. The International Cryptography
Experiment (ICE) is an informally structured program for testing U.S.
government's export restrictions

PGP

Pretty Good Privacy (PGP) is a software package originally developed

by Philip R. Zimmermann that provides cryptographic routines for e-mail and
file storage applications. Zimmerman took existing cryptosystems and
cryptographic protocols and developed a program that can run on multiple

9
platforms. It provides message encryption, digital signatures, data
compression, and e-mail compatibility.

U.S. versions of PGP have been bound by Federal export laws due to their
use of export-controlled cryptosystems, but recent relaxations of the U.S.
export restrictions will eliminate several such obstacles.

Cryptography standards

ANSI X9 standard

American National Standards Institute (ANSI) is broken down into

committees, one being ANSI X9 2. The committee ANSI X9 develops
standards for the financial industry, more specifically for personal
identification number (PIN) management, check processing, electronic
transfer of funds, etc. Within the committee of X9, there are subcommittees;
further broken down are the actual documents, such as X9.9 and X9.17.

ANSI X9.9 [ANS86a] is a United States national wholesale banking

standard for authentication of financial transactions. ANSI X9.9 addresses
two issues: message formatting and the particular message authentication
algorithm. The algorithm defined by ANSI X9.9 is the so-called DES-MAC
based on DES in either CBC or CFB modes. A more detailed standard for
retail banking was published as X9.19 [ANS96].

ISO Standard

The International Organization for Standardization, (ISO), is a non-

governmental body promoting standardization developments globally.
Altogether, ISO is broken down into about 2700 Technical Committees,
subcommittees and working groups. ISO/IEC (International Electrotechnical
Commission) is the joint technical committee developing the standards for
information technology

IETF Security area

10
The Internet Engineering Task Force (IETF) has evolved to become the
primary international forum for standardization of protocols used in IP
networking environments. IETF activities are divided into several functional
areas; within the Security Area, several working groups have been active in
defining security protocols and infrastructure facilities. Extensive information
on IETF work is available at http://www.ietf.org/, including working group
charters, working documents (Internet-Drafts), and published specifications
(RFCs). RFCs are issued as standards-track, Informational, and Experimental
documents; the standards-track documents advance through three maturity
levels (Proposed Standard, Draft Standard, and Full Standard).

Laws concerning Cryptography

It deals with the legal and political issues associated with

cryptography, including government involvement, patent issues, and import
and export regulations.

1.Legal disclaimer

The materials should not be treated or relied upon as advice on

technical and non-technical issues and the materials have not been updated
to reflect recent changes in technology, the law, or any other areas.
Furthermore, RSA cannot warrant that the information herein is complete or
accurate and does not assume, and hereby disclaims, any liability to any
person for any loss or damage caused by errors or omissions in the FAQ
resulting from negligence, accident or any other cause.

2.Government Involment

NISTNIST is an acronym for the National Institute of Standards and Technology, a

division of the U.S. Department of Commerce. NIST was formerly known as the National
Bureau of Standards (NBS). Through its Computer Systems Laboratory it aims to
promote open systems and interoperability that will spur the development of computer-
based economic activity. NIST issues standards and guidelines intended to be adopted in
all computer systems in the U.S., and also sponsors workshops and seminars. Official
standards are published as FIPS .

11