UNIT 4

Introduction to Cryptography- Symmetric key Cryptography, Asymmetric key Cryptography, Message

Authentication, Digital Signatures, Applications of Cryptography.

Basic Concepts

Cryptography The art or science encompassing the principles and methods of transforming an
intelligible message into one that is unintelligible, and then retransforming that message back to its
original form

Plaintext The original intelligible message

Cipher text The transformed message

Cipher An algorithm for transforming an intelligible message into one that is unintelligible by
transposition and/or substitution methods

Key Some critical information used by the cipher, known only to the sender& receiver

Encipher (encode) The process of converting plaintext to cipher text using a cipher and a key

Decipher (decode) the process of converting cipher text back into plaintext using a cipher and a key

Cryptanalysis The study of principles and methods of transforming an unintelligible message back
into an intelligible message without knowledge of the key. Also called code breaking

Cryptology Both cryptography and cryptanalysis

Code An algorithm for transforming an intelligible message into an unintelligible one using a code-
book

SECURITY SERVICES

The classification of security services are as follows:

Confidentiality: Ensures that the information in a computer system a n d transmitted information

are accessible only for reading by authorized parties. E.g. Printing, displaying and other forms of
disclosure.

Authentication: Ensures that the origin of a message or electronic document is correctly identified,
with an assurance that the identity is not false.

Integrity: Ensures that only authorized parties are able to modify computer system assets and
transmitted information. Modification includes writing, changing status, deleting, creating and
delaying or replaying of transmitted messages.

Non repudiation: Requires that neither the sender nor the receiver of a message be able to deny the
transmission.

Access control: Requires that access to information resources may be controlled by or the target
system.

Availability: Requires that computer system assets be available to authorized parties when needed.
Cryptographic Attacks

Passive Attacks

Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of
the opponent is to obtain information that is being transmitted. Passive attacks are of two types:

Release of message contents: A telephone conversation, an e-mail message and a transferred file
may contain sensitive or confidential information. We would like to prevent the opponent from
learning the contents of these transmissions.

Traffic analysis: If we had encryption protection in place, an opponent might still be able to observe
the pattern of the message. The opponent could determine the location and identity of
communication hosts and could observe the frequency and length of messages being exchanged.
This information might be useful in guessing the nature of communication that was taking place.

Passive attacks are very difficult to detect because they do not involve any alteration of data.

However, it is feasible to prevent the success of these attacks.

Active attacks

These attacks involve some modification of the data stream or the creation of a false stream. These
attacks can be classified in to four categories:

Masquerade – One entity pretends to be a different entity.

Replay – involves passive capture of a data unit and its subsequent transmission to produce an
unauthorized effect.

Modification of messages – Some portion of message is altered or the messages are delayed or
recorded, to produce an unauthorized effect.

Denial of service – Prevents or inhibits the normal use or management of communication

facilities. Another form of service denial is the disruption of an entire network, either by disabling
the network or overloading it with messages so as to degrade performance.

It is quite difficult to prevent active attacks absolutely, because to do so would require physical
protection of all communication facilities and paths at all times. Instead, the goal is to detect them
and to recover from any disruption or delays caused by them.

Symmetric Key Cryptography also known as Symmetric Encryption is when a

secret key is leveraged for both encryption and decryption functions.
CLASSICAL ENCRYPTION TECHNIQUES

There are two basic building blocks of all encryption techniques: substitution and transposition.

SUBSTITUTION TECHNIQUES
A substitution technique is one in which the letters of plaintext are replaced by other letters or by
numbers or symbols. If the plaintext is viewed as a sequence of bits, then substitution involves
replacing plaintext bit patterns with cipher text bit patterns.

Caesar cipher (or) shift cipher

The earliest known use of a substitution cipher and the simplest was by Julius Caesar. The Caesar
cipher involves replacing each letter of the alphabet with the letter standing 3 places further down
the alphabet.

e.g., plain text : pay more money

Cipher text: SDB PRUH PRQHB

Note that the alphabet is wrapped around, so that letter following „z‟ is „a‟.

For each plaintext letter p, substitute the cipher text letter c such that

C = E(p) = (p+3) mod 26

A shift may be any amount, so that general Caesar algorithm is

C = E (p) = (p+k) mod 26

Where k takes on a value in the range 1 to 25. The decryption algorithm is simply

P = D(C) = (C-k) mod 26

Playfair cipher

For the encryption process let us consider the following example:

The Playfair Cipher Encryption Algorithm:

Generate the key Square(5×5):
The key square is a 5×5 grid of alphabets that acts as the key for encrypting the plaintext. Each of the
25 alphabets must be unique and one letter of the alphabet (usually J) is omitted from the table (as
the table can hold only 25 alphabets). If the plaintext contains J, then it is replaced by I.

The initial alphabets in the key square are the unique alphabets of the key in the order in which they
appear followed by the remaining letters of the alphabet in order.

Algorithm to encrypt the plain text: The plaintext is split into pairs of two letters (digraphs). If there is
an odd number of letters, a Z is added to the last letter.
For example:

PlainText: "instruments"
After Split: 'in' 'st' 'ru' 'me' 'nt' 'sz'
1. Pair cannot be made with same letter. Break the letter in single and add a bogus letter to the
previous letter.
Plain Text: “hello”
After Split: ‘he’ ‘lx’ ‘lo’
Here ‘x’ is the bogus letter.
2. If the letter is standing alone in the process of pairing, then add an extra bogus letter with the
alone letter
Plain Text: “helloe”
AfterSplit: ‘he’ ‘lx’ ‘lo’ ‘ez’
Here ‘z’ is the bogus letter.
Rules for Encryption:

If both the letters are in the same column: Take the letter below each one (going back to the top if at
the bottom).
For example:

Diagraph: "me"
Encrypted Text: cl
Encryption:
m -> c
e -> l

If both the letters are in the same row: Take the letter to the right of each one (going back to the
leftmost if at the rightmost position).
For example:

Diagraph: "st"
Encrypted Text: tl
Encryption:
s -> t
t -> l

If neither of the above rules is true: Form a rectangle with the two letters and take the letters on the
horizontal opposite corner of the rectangle.
For example:

Diagraph: "nt"
Encrypted Text: rq
Encryption:
n -> r
t -> q

For example:

Plain Text: "instrumentsz"

Encrypted Text: gatlmzclrqtx
Encryption:
i -> g
n -> a
s -> t
t -> l
r -> m
u -> z
m -> c
e -> l
n -> r
t -> q
s -> t
z -> x
Strength of playfair cipher

Playfair cipher is a great advance over simple mono alphabetic ciphers.

Since there are 26 letters, 26x26 = 676 diagrams are possible, so identification of individual diagram
is more difficult.

1.15.1.3 Polyalphabetic ciphers

Another way to improve on the simple monoalphabetic technique is to use different

monoalphabetic substitutions as one proceeds through the plaintext message. The general name for
this approach is polyalphabetic cipher. All the techniques have the following features in common.

A set of related monoalphabetic substitution rules are used

A key determines which particular rule is chosen for a given transformation.

Vigenere cipher

In this scheme, the set of related monoalphabetic substitution rules consisting of

26 caesar ciphers with shifts of 0 through 25. Each cipher is denoted by a key letter. e.g., Caesar
cipher with a shift of 3 is denoted by the key value 'd‟ (since a=0, b=1, c=2 and so on). To aid in
understanding the scheme, a matrix known as vigenere tableau is

Constructed

Each of the 26 ciphers is laid out horizontally, with the key letter for each cipher to its left. A normal
alphabet for the plaintext runs across the top. The process of

PLAIN TEXT

K a b c d e f g h i j k … x y z

E a A B C D E F G H I J K … X Y Z
Y b B C D E F G H I J K L … Y Z A
L c C D E F G H I J K L M … Z A B
E d D E F G H I J K L M N … A B C
T e E F G H I J K L M N O … B C D
T f F G H I J K L M N O P … C D E
E
g G H I J K L M N O P Q … D E F
R
:: :: :: :: :: :: :: :: :: :: :: :: … :: :: ::
S
x X Y Z A B C D E F G H … W

y Y Z A B C D E F G H I … X

z Z A B C D E F G H I J … Y

Encryption is simple: Given a key letter X and a plaintext letter y, the cipher text is at the intersection
of the row labeled x and the column labeled y; in this case, the ciphertext is V.
To encrypt a message, a key is needed that is as long as the message. Usually, the key is a repeating
keyword.

e.g., key = d e c e p t i v e d e c e p t i v e d e c e p t i v e PT = w e a r e d i s c o v e r e d s a

v e y o u r s e l f CT = ZICVTWQNGRZGVTWAVZHCQYGLMGJ

Decryption is equally simple. The key letter again identifies the row. The position of the cipher text
letter in that row determines the column, and the plaintext letter is at the top of that column.

Strength of Vigenere cipher o There are multiple cipher text letters for each plaintext letter. o Letter
frequency information is obscured.

One Time Pad Cipher

It is an unbreakable cryptosystem. It represents the message as a sequence of 0s and 1s.

this can be accomplished by writing all numbers in binary, for example, or by using ASCII. The key is a
random sequence of 0‟s and 1‟s of same length as the message. Once a key is used, it is discarded
and never used again. The system can be expressed as Follows:

Ci = Pi Ki Ci - ith binary digit of cipher text Pi - ith binary digit of

plaintext Ki - ith binary digit of key

Exclusive OR operation

Thus the cipher text is generated by performing the bitwise XOR of the plaintext and the key.
Decryption uses the same key. Because of the properties of XOR, decryption simply involves the
same bitwise operation:

Pi = Ci Ki

e.g., plaintext = 0 0 1 0 1 0 0 1

Key =10101100

------------------- ciphertext = 1 0 0 0 0 1 0 1

Advantage:

Encryption method is completely unbreakable for a ciphertext only attack.

Disadvantages

It requires a very long key which is expensive to produce and expensive to transmit.

Once a key is used, it is dangerous to reuse it for a second message; any knowledge on the
first message would give knowledge of the second.

TRANSPOSITION TECHNIQUES
All the techniques examined so far involve the substitution of a cipher text symbol for a
plaintext symbol. A very different kind of mapping is achieved by performing some sort of
permutation on the plaintext letters. This technique is referred to as a transposition cipher.

Rail fence

is simplest of such cipher, in which the plaintext is written down as a sequence of diagonals and then
read off as a sequence of rows.

Plaintext = meet at the school house

To encipher this message with a rail fence of depth 2, we write the message as follows: m e a t e
c o l o se t t h s h o h u e

The encrypted message is

MEATECOLOSETTHSHOHUE

Row Transposition Ciphers-

A more complex scheme is to write the message in a rectangle, row by row, and read the message
off, column by column, but permute the order of the columns. The order of columns then becomes
the key of the algorithm.

e.g., plaintext = meet at the school house

Key = 4 3 1 2 5 6 7

PT = m e e t a t t

heschoolhouse

CT = ESOTCUEEHMHLAHSTOETO

A pure transposition cipher is easily recognized because it has the same letter frequencies as the
original plaintext. The transposition cipher can be made significantly more secure by performing
more than one stage of transposition. The result is more complex permutation that is not easily
reconstructed.

Feistel cipher structure

The input to the encryption algorithm are a plaintext block of length 2w bits and a key K.

the plaintext block is divided into two halves L0 and R0. The two halves of the data pass through „n‟
rounds of processing and then combine to produce the ciphertext block. Each round „i‟ has inputs Li-
1 and Ri-1, derived from the previous round, as well as the subkey Ki, derived from the overall key K.
in general, the subkeys Ki are different from K and from each other.

All rounds have the same structure. A substitution is performed on the left half of the data (as
similar to S-DES). This is done by applying a round function F to the right half of the data and then
taking the XOR of the output of that function and the left half of the data. The round function has the
same general structure for each round but is parameterized by the round sub key ki.

Following this substitution, a permutation is performed that consists of the interchange of the two
halves of the data. This structure is a particular form of the substitution-permutation network. The
exact realization of a Feistel network depends on the choice of the following parameters and design
features:

Block size - Increasing size improves security, but slows cipher

Key size - Increasing size improves security, makes exhaustive key searching harder, but may slow
cipher

Number of rounds - Increasing number improves security, but slows cipher

Subkey generation - Greater complexity can make analysis harder, but slows cipher

Round function - Greater complexity can make analysis harder, but slows cipher

Fast software en/decryption & ease of analysis - are more recent concerns for practical use and
testing.

Fig: Classical Feistel Network

Fig: Feistel encryption and decryption

The process of decryption is essentially the same as the encryption process. The rule is as follows:
use the cipher text as input to the algorithm, but use the subkey ki in reverse order. i.e., kn in the
first round, kn-1 in second round and so on. For clarity, we use the notation LEi and REi for data
traveling through the decryption algorithm. The diagram below indicates that, at each round, the
intermediate value of the decryption process is same (equal) to the corresponding value of the
encryption process with two halves of the value swapped.

i.e., REi || LEi (or) equivalently RD16-i || LD16-i

After the last iteration of the encryption process, the two halves of the output are swapped,
so that the cipher text is RE16 || LE16. The output of that round is the cipher text. Now take the
cipher text and use it as input to the same algorithm. The input to the first round is RE16 || LE16,
which is equal to the 32-bit swap of the output of the sixteenth round of the encryption process.

Now we will see how the output of the first round of the decryption process is equal to a 32-bit swap
of the input to the sixteenth round of the encryption process. First consider the encryption process,

LE16 = RE15

RE16 = LE15 F (RE15, K16) On the decryption side,

LD1 =RD0 = LE16 =RE15

 RD1 = LD0 F (RD0, K16)

= RE16 F (RE15, K16)

= [LE15 F (RE15, K16)] F (RE15, K16)

= LE15

Therefore, LD1 = RE15

RD1 = LE15 In general, for the ith iteration of the encryption algorithm, LEi = REi-1 REi = LEi-1 F (REi-
1, Ki)

Finally, the output of the last round of the decryption process is RE0 || LE0. A 32-bit swap recovers
the original plaintext.

Data Encryption Standard

The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST).

DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block size is 64-
bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64 bits of
the key are not used by the encryption algorithm (function as check bits only). General Structure of
DES is depicted in the following illustration −

Since DES is based on the Feistel Cipher, all that is required to specify DES is −
  Round function

 Key schedule

 Any additional processing − Initial and final permutation

Initial and Final Permutation

The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of each
other. They have no cryptography significance in DES. The initial and final permutations are shown as
follows −

Round Function

The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the rightmost
32 bits to produce a 32-bit output.
 Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we first
need to expand right input to 48 bits. Permutation logic is graphically depicted in the
following illustration −

 The graphically depicted permutation logic is generally described as table in DES specification
illustrated as shown −

 XOR (Whitener). − After the expansion permutation, DES does XOR operation on the
expanded right section and the round key. The round key is used only in this operation.

 Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-boxes,
each with a 6-bit input and a 4-bit output. Refer the following illustration −

 The S-box rule is illustrated below −

  There are a total of eight S-box tables. The output of all eight s-boxes is then combined in to
32 bit section.

 Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight
permutation with rule shown in the following illustration:

Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The process of key
generation is depicted in the following illustration −

The logic for Parity drop, shifting, and Compression P-box is given in the DES description.

DES Analysis
The DES satisfies both the desired properties of block cipher. These two properties make cipher very
strong.

 Avalanche effect − A small change in plaintext results in the very great change in the
ciphertext.

 Completeness − Each bit of ciphertext depends on many bits of plaintext.

During the last few years, cryptanalysis have found some weaknesses in DES when key selected are
weak keys. These keys shall be avoided.

DES has proved to be a very well designed block cipher. There have been no significant cryptanalytic
attacks on DES other than exhaustive key search.

Advanced Encryption Standard (AES)




Advanced Encryption Standard (AES) is a specification for the encryption of
electronic data established by the U.S National Institute of Standards and Technology
(NIST) in 2001. AES is widely used today as it is a much stronger than DES and triple
DES despite being harder to implement.
Points to remember
 AES is a block cipher.
 The key size can be 128/192/256 bits.
 Encrypts data in blocks of 128 bits each.
That means it takes 128 bits as input and outputs 128 bits of encrypted cipher text as
output. AES relies on substitution-permutation network principle which means it is
performed using a series of linked operations which involves replacing and shuffling
of the input data.
Working of the cipher :
AES performs operations on bytes of data rather than in bits. Since the block size is
128 bits, the cipher processes 128 bits (or 16 bytes) of the input data at a time.
The number of rounds depends on the key length as follows :
 128 bit key – 10 rounds
 192 bit key – 12 rounds
 256 bit key – 14 rounds
Creation of Round keys :
A Key Schedule algorithm is used to calculate all the round keys from the key. So the
initial key is used to create many different round keys which will be used in the
corresponding round of the encryption.
Encryption :
AES considers each block as a 16 byte (4 byte x 4 byte = 128 ) grid in a column major
arrangement.
[ b0 | b4 | b8 | b12 |
| b1 | b5 | b9 | b13 |
| b2 | b6 | b10| b14 |
| b3 | b7 | b11| b15 ]
Each round comprises of 4 steps :
 SubBytes
 ShiftRows
 MixColumns
 Add Round Key
The last round doesn’t have the MixColumns round.
The SubBytes does the substitution and ShiftRows and MixColumns performs the
permutation in the algorithm.
SubBytes :
This step implements the substitution.
In this step each byte is substituted by another byte. Its performed using a lookup table
also called the S-box. This substitution is done in a way that a byte is never substituted
by itself and also not substituted by another byte which is a compliment of the current
byte. The result of this step is a 16 byte (4 x 4 ) matrix like before.
The next two steps implement the permutation.
ShiftRows :
This step is just as it sounds. Each row is shifted a particular number of times.
 The first row is not shifted
 The second row is shifted once to the left.
 The third row is shifted twice to the left.
 The fourth row is shifted thrice to the left.
(A left circular shift is performed.)
[ b0 | b1 | b2 | b3 ] [ b0 | b1 | b2 | b3 ]
| b4 | b5 | b6 | b7 | -> | b5 | b6 | b7 | b4 |
| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |
[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 | b14 ]
MixColumns :
This step is basically a matrix multiplication. Each column is multiplied with a
specific matrix and thus the position of each byte in the column is changed as a result.
This step is skipped in the last round.
[ c0 ] [ 2 3 1 1 ] [ b0 ]
| c1 | = | 1 2 3 1 | | b1 |
| c2 | | 1 1 2 3 | | b2 |
[ c3 ] [ 3 1 1 2 ] [ b3 ]
Add Round Keys :
Now the resultant output of the previous stage is XOR-ed with the corresponding
round key. Here, the 16 bytes is not considered as a grid but just as 128 bits of data.
After all these rounds 128 bits of encrypted data is given back as output. This process
is repeated until all the data to be encrypted undergoes this process.
Decryption :
The stages in the rounds can be easily undone as these stages have an opposite to it
which when performed reverts the changes.Each 128 blocks goes through the 10,12 or
14 rounds depending on the key size.
The stages of each round in decryption is as follows :
 Add round key
 Inverse MixColumns
 ShiftRows
 Inverse SubByte
The decryption process is the encryption process done in reverse so i will explain the
steps with notable differences.
Inverse MixColumns :
This step is similar to the MixColumns step in encryption, but differs in the matrix
used to carry out the operation.
[ b0 ] [ 14 11 13 9 ] [ c0 ]
| b1 | = | 9 14 11 13 | | c1 |
| b2 | | 13 9 14 11 | | c2 |
[ b3 ] [ 11 13 9 14 ] [ c3 ]
Inverse SubBytes :
Inverse S-box is used as a lookup table and using which the bytes are substituted
during decryption.
Applications:

RSA Algorithm in Cryptography

RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means that it works on
two different keys i.e. Public Key and Private Key. As the name describes that the Public Key is given
to everyone and the Private key is kept private.

An example of asymmetric cryptography:

1. A client (for example browser) sends its public key to the server and requests some data.

2. The server encrypts the data using the client’s public key and sends the encrypted data.

3. The client receives this data and decrypts it.

Since this is asymmetric, nobody else except the browser can decrypt the data even if a third party
has the public key of the browser.
The idea! The idea of RSA is based on the fact that it is difficult to factorize a large integer. The public
key consists of two numbers where one number is a multiplication of two large prime numbers. And
private key is also derived from the same two prime numbers. So if somebody can factorize the large
number, the private key is compromised. Therefore encryption strength totally lies on the key size
and if we double or triple the key size, the strength of encryption increases exponentially. RSA keys
can be typically 1024 or 2048 bits long, but experts believe that 1024-bit keys could be broken in the
near future. But till now it seems to be an infeasible task.

Let us learn the mechanism behind the RSA algorithm : >> Generating Public Key:

Select two prime no's. Suppose P = 53 and Q = 59.

Now First part of the Public key : n = P*Q = 3127.
We also need a small exponent say e :
But e Must be
An integer.
Not be a factor of Φ(n).
1 < e < Φ(n) [Φ(n) is discussed below],
Let us now consider it to be equal to 3.
Our Public Key is made of n and e

>> Generating Private Key:

We need to calculate Φ(n) :

Such that Φ(n) = (P-1)(Q-1)
so, Φ(n) = 3016
Now calculate Private Key, d :
d = (k*Φ(n) + 1) / e for some integer k
For k = 2, value of d is 2011.

Now we are ready with our – Public Key ( n = 3127 and e = 3) and Private Key(d = 2011) Now we will
encrypt “HI”:

Convert letters to numbers : H = 8 and I = 9

Thus Encrypted Data c = (89e)mod n
Thus our Encrypted Data comes out to be 1394
Now we will decrypt 1394 :
Decrypted Data = (cd)mod n
Thus our Encrypted Data comes out to be 89
8 = H and I = 9 i.e. "HI".

Message Authentication Code (MAC)

MAC algorithm is a symmetric key cryptographic technique to provide message authentication. For
establishing MAC process, the sender and receiver share a symmetric key K.
Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along
with a message to ensure message authentication.

The process of using MAC for authentication is depicted in the following illustration −

Let us now try to understand the entire process in detail −

 The sender uses some publicly known MAC algorithm, inputs the message and the secret key
K and produces a MAC value.

 Similar to hash, MAC function also compresses an arbitrary long input into a fixed length
output. The major difference between hash and MAC is that MAC uses secret key during the
compression.

 The sender forwards the message along with the MAC. Here, we assume that the message is
sent in the clear, as we are concerned of providing message origin authentication, not
confidentiality. If confidentiality is required then the message needs encryption.

 On receipt of the message and the MAC, the receiver feeds the received message and the
shared secret key K into the MAC algorithm and re-computes the MAC value.

 The receiver now checks equality of freshly computed MAC with the MAC received from the
sender. If they match, then the receiver accepts the message and assures himself that the
message has been sent by the intended sender.

 If the computed MAC does not match the MAC sent by the sender, the receiver cannot
determine whether it is the message that has been altered or it is the origin that has been
falsified. As a bottom-line, a receiver safely assumes that the message is not the genuine.

Limitations of MAC

There are two major limitations of MAC, both due to its symmetric nature of operation −

 Establishment of Shared Secret.

o It can provide message authentication among pre-decided legitimate users who have
shared key.

o This requires establishment of shared secret prior to use of MAC.

 Inability to Provide Non-Repudiation

 o Non-repudiation is the assurance that a message originator cannot deny any
previously sent messages and commitments or actions.

o MAC technique does not provide a non-repudiation service. If the sender and
receiver get involved in a dispute over message origination, MACs cannot provide a
proof that a message was indeed sent by the sender.

o Though no third party can compute the MAC, still sender could deny having sent the
message and claim that the receiver forged it, as it is impossible to determine which

o of the two parties computed the MAC.

Digital Signature
Digital signatures allow us to verify the author, date and time of signatures, authenticate the
message contents. It also includes authentication function for additional capabilities.

A digital signature should not only be tied to the signing user, but also to the message.

Applications
There are several reasons to implement digital signatures to communications:

Authentication

Digital signatures help to authenticate the sources of messages. For example, if a bank’s branch
office sends a message to central office, requesting for change in balance of an account. If the
central office could not authenticate that message is sent from an authorized source, acting of such
request could be a grave mistake.

Integrity

Once the message is signed, any change in the message would invalidate the signature.

Non-repudiation

By this property, any entity that has signed some information cannot at a later time deny having
signed it.

Digital Signature Standard (DSS)

Digital Signature Standard (DSS) is a Federal Information Processing Standard(FIPS) which defines
algorithms that are used to generate digital signatures with the help of Secure Hash
Algorithm(SHA) for the authentication of electronic documents. DSS only provides us with the digital
signature function and not with any encryption or key exchanging strategies.

Sender Side : In DSS Approach, a hash code is generated out of the message and following inputs are
given to the signature function –

1. The hash code.

2. The random number ‘k’ generated for that particular signature.

3. The private key of the sender i.e., PR(a).

4. A global public key(which is a set of parameters for the communicating principles) i.e., PU(g).
These input to the function will provide us with the output signature containing two components –
‘s’ and ‘r’. Therefore, the original message concatenated with the signature is sent to the
receiver. Receiver Side : At the receiver end, verification of the sender is done. The hash code of the
sent message is generated. There is a verification function which takes the following inputs –

1. The hash code generated by the receiver.

2. Signature components ‘s’ and ‘r’.

3. Public key of the sender.

4. Global public key.

The output of the verification function is compared with the signature component ‘r’. Both the values
will match if the sent signature is valid because only the sender with the help of it private key can
generate a valid signature.

Digital signature using Rivest-Shamir-Adleman (RSA) approach

Applications Of Cryptography:

1. Computer passwords: Cryptography is widely utilized in computer security, particularly when

creating and maintaining passwords. When a user logs in, their password is hashed and
compared to the hash that was previously stored. Passwords are hashed and encrypted
before being stored. In this technique, the passwords are encrypted so that even if a hacker
gains access to the password database, they cannot read the passwords.

2. Digital Currencies: To safeguard transactions and prevent fraud, digital currencies like Bitcoin
also use cryptography. Complex algorithms and cryptographic keys are used to safeguard
transactions, making it nearly hard to tamper with or forge the transactions.

3. Secure web browsing: Online browsing security is provided by the use of cryptography,
which shields users from eavesdropping and man-in-the-middle assaults. Public key
cryptography is used by the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
protocols to encrypt data sent between the web server and the client, establishing a secure
channel for communication.

4. Electronic signatures: Electronic signatures serve as the digital equivalent of a handwritten

signature and are used to sign documents. Digital signatures are created using cryptography
and can be validated using public key cryptography. In many nations, electronic signatures
are enforceable by law, and their use is expanding quickly.

5. Authentication: Cryptography is used for authentication in many different situations, such as

when accessing a bank account, logging into a computer, or using a secure network.
Cryptographic methods are employed by authentication protocols to confirm the user’s
identity and confirm that they have the required access rights to the resource.

6. Cryptocurrencies: Cryptography is heavily used by cryptocurrencies like Bitcoin and

Ethereum to safeguard transactions, thwart fraud, and maintain the network’s integrity.
 Complex algorithms and cryptographic keys are used to safeguard transactions, making it
nearly hard to tamper with or forge the transactions.

7. End-to-End Encryption: End-to-end encryption is used to protect two-way communications

like video conversations, instant messages, and email. Even if the message is encrypted, it
assures that only the intended receivers can read the message. End-to-end encryption is
widely used in communication apps like WhatsApp and Signal, and it provides a high level of
security and privacy for users.