Cryptography, Network Security and Cyber Laws Notes 2019-2020

Cryptography, Network security and Cyber laws Notes 2019-2020
CRYPTOGRAPHY, NETWORK SECURITY AND CYBER LAWS
By ,
Swetha K H
Asst. professor
Dept. Of ISE
MODULE-2
Chapter-1 –Public key cryptography and RSA
Chapter-2- Cryptographic Hash
Chapter-3-Discrete logarithm and its applications
Swetha K H, Asst. prof., ISE Dept., AIT Page 1

MODULE-2
Chapter-1
Public key cryptography and RSA
RSA OPERATIONS:
• First step in RSA is to generate a public key/ private key pair.
• Key generation:
1) Choose two large prime numbers p and q. The product n=p x q is referred to as the
modulus and φ(n) is called as Euler totient function, where φ(n) =(p-1) x (q-1).
2) Choose an encryption key, e, such that gcd(e, φ(n) )=1. The pair of integers, (e,n) is
referred to as public key.
3) Compute the decryption key, d=e -1 mod φ(n) .
Note: The number of bits, b, used to represent n is referred to as the key size, b.
b=logn
Encryption: let m be the message or plaintext.

• |m|- denotes length of m.
• Message will be divided into multiple blocks, each of size b.
• For each block mi, calculate corresponding cipher text ci, as
Ci=mei mod n
Decryption: Given a block of ciphertext ci, the corresponding plaintext is
mi=cdi mod n
Example problem: Suppose the RSA prime numbers are p=3 and q=11, l=7 and M=5. Find
the ciphertext c and also message m from decryption.
Sol: given data is , p=3, q=11, message m=5 and l=7 (inverse of e, that is d value)
n= 3x11=33
φ(n)=2x10=20
C=53 mod 33=26
m=267 mod 33=5
Problem 2: RSA prime numbers p=3, q=11, e=3, message=00111011. Encrypt and decrypt
using RSA.

Sol: p=3, q=11, e=3
Block size b=6 (number of bits required to represent n=33)
m1=001110 (decimal value=14)
m2=11 (pad this with zeros)
m2=000011 (decimal value=3)
d=7 (find by using extended euclid’s algorithm)
m1=14, m2=3
encryption
C1=143 mod 33= 5
C2=33 mod 33 = 27
Decryption
m1=57 mod 33=14
m2=277 mod 33 =3
WHY DOES RSA WORK?

• To show the proof of how from ci we can derive and obtain mi


PERFORMANCE
Time complexity:
• Both encryption and decryption involve repeated multiplications (modulo n) of b-bit
numbers.
• The encryption key is usually a small integer. So encryption involves a small, constant
number modulo n multiplications.
• So, the time complexity of encryption is O(b2)
• Decryption d number of multiplications of b-bit numbers.
• d is of the same order as n, the complexity of decryption operation is O(nb2).
• Execution time of decryption is large as compared to encryption.
• It can be reduced by using square and multiply technique to O(b3)
Speeding up RSA:
• We can speed up the decryption of ciphertext c by computing c,c2,c3…etc up to
maximum of b terms.
• Each multiplication is a modulo n multiplication so the intermediate products are never
more than b-bits.
• This approach which computes squares followed by products, is called as “square and
multiply”
Use of “Square and multiply” approach in RSA

Example:
• Suppose decryption key is 57.
• Then obtain binary representation of 57 (111001).
• Square and multiply approach involves computing c2,c4,c8,c16,c32 each reduced modulo n.
• We selectively multiply c,c8,c16,c32 to obtain the original text.
• So decryption in done using only 5 squares and 3 multiplications.
• In naïve decryption method 56 multiplications are required!
• So in square and multiply approach, decryption involves b-1 square operations and at
most b-1 multiplications.
• Each square and multiplication is followed by modulo n. Hence time complexity for
decryption is O(b3).
Software performance
• The java programming language has a number of APIs of relevance to cryptography.

• Like, APIs for key generation, encryption, decryption (for both symmetric and
asymmetric)
• These will be present in java.security package.
APPLICATIONS

• Providing Message confidentiality through encryption is the application of public key

cryptography.
• The principal drawback of public key cryptography is speed, while the principal
drawback of secret key cryptography is key management.
• So usually these two techniques are combined to utilize the advantages of them.(i.e the
speed of secret key cryptography and convenience of public key cryptography)
• Secret key cryptography is used to encrypt/decrypt the message.

• Public key cryptography is used to encrypt the secret key (session key) to safely
communicate the key to receiver.
• Public key cryptography is used to generate a digital signature that provides message
integrity and authentication together with non-repudiation.
Encrypted message with encrypted session key
To combine the speed of secret key cryptography and the convenience of public key
cryptography, a session key is used. It works as follows:
• The sender, chooses a fresh random number, s , as the secret key. This is referred to as
session key.
• Encrypts the message with the session key (E s(m))
• Encrypts the session key with the recipient’s public key (E B.pu(s)).
• Sends the encrypted message and the encrypted session key in the same message

• The receiver uses this private key to decrypt the part of message containing encrypted
session key.
• Then, uses the session key to decrypt the message.
• The session key is valid for the duration of session and is destroyed thereafter.
Other uses of public key cryptography:

• Used to generate digital signature.
• Digital signatures provide message integrity, authentication and non-repudiation.
PRACTICAL ISSUES
1) Generating primes
2) Side channel and other attacks.
a) Modulus factorization
b) Small exponent attack
c) Side channel attacks
Generating primes:
• RSA involves choosing two large prime numbers. So test for primality is required. It can
be done using Miller Rabin test. But its time complexity is too high for large numbers.
• There is AKS test which is a deterministic test for primality. Its time complexity after
improvements is O(log6p)
Side channel and other attacks:
There are several ways in which RSA may be attacked. Three of these are discussed here:
Modulus Factorization: (attack based on mathematical foundation)
Factorization of the modulus n (i.e obtaining prime factors p and q) is one way of
attacking RSA. From p and q attacker can obtain φ(n) and hence decryption key.
• So far no polynomial time algorithm has been devised for factoring a large integer.
• So far, no one has factorized a modulus larger than 663 bits.
• For sensitive financial and military applications key size of 2048 bits or larger is
recommended.
Small Exponent attack

There is a well known attack on RSA that exploits the idiosyncrasies in the way it is used.
Suppose if a person wants to send message to 3 different parties and if each party has same

encryption key(e=3). Then using chinese remainder theorem attacker can reconstruct the
message.(exponent-3 attack).
Side channel attacks

Attacks based on monitoring timing or power measurements of a cryptographic algorithm
on a device.
Ex: embedded devices such as smart card, in which private key is stored. This smart card can be
stolen, then use equipments to monitor variables like time and power consumption to know
duration for decryption. There by knowing bits of decryption key.
PUBLIC KEY CRYPTOGRAPHY STANDARD (PKCS)
• The PKCS specifies, format of each block to be encrypted by RSA. The format is:
• The bytes of the block from left should be 00 followed by the byte 02 (in hexadecimal)
followed by at least eight random non-zero bytes and another 00.
• The rest of the block is composed of data.
• The 00 to the right of the random byte string indicates the start of data section in a block.

• By padding a short message with random bytes, the ciphertext will be function of short
message and the random bytes.
• So the attacker will have to guess not only message but also the random bytes.
• So, a solution to the problems with small encryption keys is to pad the message with non-
zero random bit before performing encryption.
• Padding is also important if the message contains data that can be guessed.
MODULE 2 chapter 1 completed.

Chapter 2
CRYPTOGRAPHIC HASH
INTRODUCTION
• A hash function is a deterministic function that maps an input element from a larger
(infinite)set to an output element in a much smaller set.
• The input element is mapped to a hash value.
• Hashes are used to speedup insertion, deletion, and querying of databases.
PROPERTIES
Basics
• A cryptographic hash function h(x), maps a binary string of arbitrary length to a fixed
length binary string.
• The properties of h (hash function)are :
1) one-way property
2) Weak collision resistance
3) Strong collision resistance
4) Confusion + diffusion


1) One-way property:
Given a hash value, y(belonging to the range of the hash function), it is computationally
infeasible to find an input x such that h(x)=y
2) Weak collision resistance:

Given an input value x1, it is computationally infeasible to find another input
value x2 such that h(x1)=h(x2).
3) Strong collision resistance:

It is computationally infeasible to find two input values x1 and x2 such that h(x1)=h(x2).
4) Confusion + diffusion:
If a single bit in the input string is flipped, then each bit of the hash value is flipped with
probability roughly equal to 0.5.

Attack complexity
Weak collision resistance:

Successful brute-force attacks on both the one-way function property and weak collision
resistance take O(2w). W is number of bits in hash value. (2w is possible hash value).
Strong collision resistance:

A brute force attack on this property involves generating roughly O(2 w) input strings
before a collision is detected.
The birthday analogy:

• It is known that in a class of only 23 random individuals, there is greater than
50% chance that the birthdays of at least two persons coincide (Birthday collision) . This
is referred to as birthday paradox.
• The random strings (input to hash function) are analogous to random individuals in the
birthday paradox.
• The birthday of a randomly chosen individual is analogous to the hash value of a
randomly chosen string.
CONSTRUCTION
Generic cryptographic hash:
• Input to a cryptographic hash function is often a message or document.

• Most of hash functions use iterative construction (ex. MD-5 and SHA-1) as shown in
figure

• C is a compression box. It accepts 2 binary strings of length b and w and produces an

output string of length w. Here, b is the block size and w is the width of the digest.
• During first iteration, the multiplexer at the second input accepts a pre-defined
initialization vector (IV) and the top input is the first block of the message.
• In subsequent iterations, the partial hash output is fed back as the second input to the C-
box. The top input is derived from successive blocks of the message.
• This is repeated until all the blocks of the message have been processed.
The above operation is summarized as:

h1= C(IV,m1) for first block of the message
hi=C(hi-1,mi) for all subsequent blocks of the message
Case study SHA-1
• SHA-1 uses the iterative hash construction.

• The message is split into blocks of size 512 bits.
• The length of the message is expressed in binary 64 bit number, and is appended to the
message.
• Between the end of message and the length field, a pad is inserted (message+pad+64) – is
multiple of 512, the block size.
• The pad has the form: 1 followed by the required number of 0’s.

SHA-1 hash of a message is computed as follows:

1) Array initialization:
Each block is split into 16 words, each of 32 bits wide. These 16 words populate the first
16 positions,
W1, W2,....,W16 of an array of 80 words. The remaining 64 words are obtained from
Wi=Wi-3 ⨁ Wi-8 ⨁ Wi-14 ⨁ Wi-16 16<i<=80
2) Hash computation:
• A 160-bit shift register is used to compute the intermediate hash values.
• It is initialized to a fixed pre-determined value at the start of the hash computation.
• Notation s1,s2,s3,s4 and s5 is used to denote 5 32-bit words making up the shift register.
• The bits of the shift register are then mangled together with each of the words of the array
in turn.
• The mangling is achieved using a combination of the following operations: ~+,ν,
,Λ,ROTATE.
• The SHA-1 hash of a message is the content of the shift register after all message blocks
are processed using procedure below:
• The initial values in s1,s2,s3,s4 and s5 and constants Ki, 1<=i<=80 are all predetermined.
• The function, Fi is defined below:

• The cryptographic hash has diverse applications ranging from secure storage of
passwords to electronic payments.
• Along with secret key cryptography or public key cryptography, it is used in security
protocols to provide authentication, data security and non-repudiation.
APPLICATIONS AND PERFORMANCE
HASH-BASED MAC:
• Message authentication code (MAC) is used as a message integrity check and to provide
message authentication.
• The cryptographic hash applied on a message creates a digest or digital fingerprint of the
message. i.e MAC=h(m||k), where m is message and k is secret key.
• It is appended to the message and sent to the receiver.
• A change of even single bit in message or MAC will result in mismatch between the
computed MAC (at receiver) and the received MAC.
• Thus, if there is match, the receiver concludes that
a) Sender of message is same entity it shares the secret key with- source authentication.
b) The message has not been corrupted or tampered with in transit- message integrity
.
• There are many other ways to compute hash MAC.
HMAC:
Given a key and message, HMAC is computed as shown in figure:
• The key is padded with 0’s to form a 64-byte string denoted K’ and XORed with a
constant (denoted IPAD)
• It is then concatenated with the message and a hash is performed on the result.

• K’ is also XORed with another constant (denoted OPAD) after which it is prepended to
the output of the first hash.
• A second hash is then computed to yield the HMAC.
• HMAC performs an extra hash computation but provides greatly enhanced security.
Digital Signatures
• This uses a secret that only the signer is privy to.

• EX: Using private key as secret. RSA signature by A on message m, is
EA.pr(m) where A.pr is A’s private key.
• The use of signer’s private key is a fundamental aspect of signature generation.
• Hence , a message sent together with sender’s signature guarantees not just integrity and
authentication but also non-repudiation.
• RSA private key operations are very expensive, so private key operation on just hash of
the message is performed rather than on entire message.
i.e EA.pr(h(m))
• RSA signature is authentic. To verify authenticity, the verifier needs to perform only a
public key operation on the digital signature (using signer’s public key) and a hash on the
message.
• The signature is authentic if:

EA.pu(EA.pr(h(m))) = h(m)
• A manual signature depends only on the signer and does not change from document to
document.
• Whereas, person’s digital signature is a function of the document that is signed and the
private key.
Performance estimates
DES is more than twice as expensive compared to SHA-1. RSA is three orders of magnitude
more expensive compared to DES and SHA-1.
The time to compute the hash is a small fraction of the signature time for both file sizes and for
both RSA key sizes.
THE BIRTHDAY ATTACK

• It is known that in a class of only 23 random individuals, there is greater than 50%
chance that the birthdays of at least two persons coincide (Birthday collision). This is
referred to as birthday paradox.
• Here is an example which illustrate the birthday attack:
• A malicious individual A wishes to forge signature of B on fake document, F. Then A
does the following:
– He creates millions of documents, F1,F2,....,Fm etc that are clones of F. (some
extra spaces are introduced b/w the words and document F is for example asserts
that B owes A several million rupees)
– He computes the hashes, h(F1), h(F2),...h(Fm) of each of these documents.
– He creates an innocuous document, D- which most people would not hesitate to

sign. (Document D is for example, espouse an environmental cause relating to
conservation of forest).
– He creates millions of clones of D. Like D1, D2,...,Dm.
– He computes the hashes, h(D1), h(D2),...,h(Dm) of each of the cloned documents.
– Using a corollary of the birthday paradox, it can be shown that if m is sufficiently
large, then with probability approaching ½ there will be atleast one pair of clones,
Fi and Dj, that hash to the same value.
– A asks B to sign the document Dj and B obliges.

– Later A accuses B of signing the document Fi (fraudulent one created by A).
 The birthday attack can be launched in time O(n1/2 ).
MODULE 2 Chapter 2 completed

Chapter 3
DISCRETE LOGARITHM AND ITS APPLICATIONS
INTRODUCTION
• In RSA, security lies in infeasibility of factoring integers that are product of two prime
numbers.
• In this chapter schemes for key exchange, encryption, and digital signatures that depend
on hardness of the discrete logarithm problem is discussed.
• i.e, discrete logarithm is used in cryptography.
• Consider the finite, multiplicative group (Z*p,*p), where p is prime. Let g be a generator
of the group. So,
g1 mod p, g2 mod p,...., gp-1 mod p
*
are the elements of z p.
• Let x be an element in {0,1,..,p-2}. The function
y=gx mod p
is referred to as modular exponentiation
• The inverse operation is expressed as
x=loggy (mod p)
is referred to as discrete logarithm.
• Because of the one-way property of modular exponentiation (easy to compute but hard to
invert it), makes it great use in cryptography.
• There are many applications of the discrete logarithm. Ex: online secret key agreement,
encryption and digital signatures.
DIFFIE-HELLMAN KEY EXCHANGE
PROTOCOL
• Diffie-hellman key exchange is the method widely used for key exchange.
• Key exchange in this method is as follows:
• Let us assume that both A and B know the base g and modulus p in advance.

• They then participate in the following sequence of steps as shown in figure.
1. A chooses a random integer a, 1<a<p-1, computes the “partial key”, ga mod p and
sends this to B.
2. B chooses a random integer b, 1<b<p-1, computes the “partial key”, gb mod p and
sends this to A.
3. On receipt of A’s message, B computes (ga mod p)b mod p=gab mod p.
4. On receipt of B’s message, A computes (gb mod p)a mod p=gab mod p.
• Now, both A and B share a common secret, gab mod p.

• In this protocol the partial keys are sent in clear. Can an eavesdropper with the
knowledge of partial keys and public parameters p and g deduce common secret derived
by A and B? This problem is referred to as computational diffie- hellman problem.
• It is infeasible to do so, as diffie- hellman protocol is based on discrete logarithm. So it is
secured.

ATTACKS:
Man in the middle attack on diffie- hellman key exchange
• An attacker, C chooses an integer c and computes gc mod p.

• C then intercepts A’s message to B, substitutes it with g c mod p, and sends this instead to
B.
• In the same manner, C also intercepts B’s message to A sending g c mod p instead.
• After the message transfer,

• A and B might think that they have secure channel for communications by encrypting all
messages using common secret.
• But A shares the secret gac mod p with C and B shares the secret gbc mod p with C.
• In reality every subsequent message encrypted by A intended for B can be decrypted by
C.
• Likewise, every message from B to A can be decrypted and modified by C.
• This is a classical example of active “man in the middle attack”.
• This attack is possible because they neglected to authenticate the source of the partial
keys they had received.(which can be done by sending partial key with RSA signature).
CHOICE OF DIFFIE- HELLMAN PARAMETERS
• P is chosen to be prime and g as generator of z *p.

• If p is a large number and g is a generator of z*p, then there will be large pool of integers
from which we can choose private key and public key.

• To minimize chance of an attacker guessing any of these secrets, they should be chosen
from large pool of integers.
OTHER APPLICATIONS
EL GAMAL ENCRYPTION:
• This uses a large prime number p and a generator g in (Z *p, *p)

• El gamal private key is an integer, a, 1<a<p-1. The corresponding public key is the triplet
(p, g,α) where α is the encryption key calculated from
α=ga mod p
Let (p, g, α) be the public key of A. To encrypt a message m<p-1, to be sent to A, B does the
following:
• He chooses a random number r, 1<r<p-1 such that r is relatively prime to p-1.
• He compute
C1=gr mod p
and uses α from A’s public key to compute
C2=(m * αr) mod p
• He sends the cipher text (C1,C2) to A
To decrypt the cipher text (C1,C2) , A uses her private key, a and computes
(C1-a) * C2 mod p
• The strength of this encryption is related to the difficulty of solving the discrete logarithm
problem for large values of p.
• The same random number should not be used again to avoid attacks.
EL GAMAL SIGNATURES:
Let a and (p,g,α) be the private and public keys of A. To sign a message m, A does the
following:
1) She computes the hash h(m) of the message.
2) She chooses a random number r, 1<r<p-1 such that r is relatively prime to p-1.
3) She computes
x=gr mod p
4) She computes
y=(h(m)-ax)r-1 mod (p-1)
5) The signature is the pair (x, y).

• For signature generation, private key, a , is used.

• For verification public key component α is used.
• Verification is done by checking for equality of following quantities,
αx * xy mod p = gh(m) mod p
RELATED SIGNATURES SCHEMES:
SCHNORR SIGNATURE
It is the pair (x,y) where,

x=h(m||gr mod p) and
y=(r+ax) mod q
Signature verification is performed by computing the value of x using the signer’s public
key and checking whether it equals the value of x received as shown below:
x=h(m||gy α–x mod p)

Cryptography, Network Security and Cyber Laws Notes 2019-2020

Uploaded by

Copyright:

Available Formats

Cryptography, Network Security and Cyber Laws Notes 2019-2020

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cryptography, Network Security and Cyber Laws Notes 2019-2020

Uploaded by

Copyright:

Available Formats

Cryptography, Network security and Cyber laws Notes 2019-2020

CRYPTOGRAPHY, NETWORK SECURITY AND CYBER LAWS

Swetha K H, Asst. prof., ISE Dept., AIT Page 1

• First step in RSA is to generate a public key/ private key pair.

Encryption: let m be the message or plaintext.

C=53 mod 33=26

m=267 mod 33=5

Swetha K H, Asst. prof., ISE Dept., AIT Page 2

Sol: p=3, q=11, e=3

Block size b=6 (number of bits required to represent n=33)

m1=001110 (decimal value=14)

m2=11 (pad this with zeros)

m2=000011 (decimal value=3)

d=7 (find by using extended euclid’s algorithm)

C1=143 mod 33= 5

m1=57 mod 33=14

WHY DOES RSA WORK?

Swetha K H, Asst. prof., ISE Dept., AIT Page 3

Swetha K H, Asst. prof., ISE Dept., AIT Page 4

Use of “Square and multiply” approach in RSA

Swetha K H, Asst. prof., ISE Dept., AIT Page 5

• The java programming language has a number of APIs of relevance to cryptography.

Swetha K H, Asst. prof., ISE Dept., AIT Page 6

• Providing Message confidentiality through encryption is the application of public key

• Secret key cryptography is used to encrypt/decrypt the message.

Encrypted message with encrypted session key

Swetha K H, Asst. prof., ISE Dept., AIT Page 7

Other uses of public key cryptography:

Side channel and other attacks:

Small Exponent attack

Swetha K H, Asst. prof., ISE Dept., AIT Page 8

Side channel attacks

PUBLIC KEY CRYPTOGRAPHY STANDARD (PKCS)

Swetha K H, Asst. prof., ISE Dept., AIT Page 9

MODULE 2 chapter 1 completed.

Swetha K H, Asst. prof., ISE Dept., AIT Page 10

Swetha K H, Asst. prof., ISE Dept., AIT Page 11

Swetha K H, Asst. prof., ISE Dept., AIT Page 12

2) Weak collision resistance:

3) Strong collision resistance:

Swetha K H, Asst. prof., ISE Dept., AIT Page 13

Weak collision resistance:

Strong collision resistance:

The birthday analogy:

Generic cryptographic hash:

• Input to a cryptographic hash function is often a message or document.

Swetha K H, Asst. prof., ISE Dept., AIT Page 14

• C is a compression box. It accepts 2 binary strings of length b and w and produces an

The above operation is summarized as:

Case study SHA-1

• SHA-1 uses the iterative hash construction.

Swetha K H, Asst. prof., ISE Dept., AIT Page 15

SHA-1 hash of a message is computed as follows:

Swetha K H, Asst. prof., ISE Dept., AIT Page 16

APPLICATIONS AND PERFORMANCE

• Thus, if there is match, the receiver concludes that

Swetha K H, Asst. prof., ISE Dept., AIT Page 17

• This uses a secret that only the signer is privy to.

• The signature is authentic if:

• This uses a large prime number p and a generator g in (Z p, p)