Unit Ii

UNIT – II
1. Symmetric Key Cryptographic Algorithms: Algorithm types and modes-overview of

symmetric key cryptography-DES-IDEA-Blowfish-AES-Differential and Linear
Cryptanalysis.
2. Asymmetric Key Cryptographic Algorithms: Overview of asymmetric key
cryptography-RSA algorithm-symmetric and asymmetric key cryptography together-digital
signatures.
1. Symmetric Key Cryptographic Algorithms

Block Cipher Principles:
Virtually, all symmetric block encryption algorithms in current use are based on a
structure referred to as Fiestel block cipher. For that reason, it is important to examine the
design principles of the Fiestel cipher. We begin with a comparison of stream cipher with
block cipher.
A stream cipher is one that encrypts a digital data stream one bit or one byte at a
time. E.g., Vigenere Cipher. A block cipher is one in which a block of plaintext is treated as
a whole and used to produce a cipher text block of equal length. Typically a block size of 64
or 128 bits is used.
Principles of Block Cipher:
1. Most symmetric block ciphers are based on a Feistel Cipher Structure needed since
must be able to decrypt cipher text to recover messages efficiently. Block ciphers
look like an extremely large substitution.
a. would need table of 264 entries for a 64-bit block
b. Instead create from smaller building blocks
c. using idea of a product cipher in 1949 Claude Shannon introduced idea of
substitution-permutation (S-P) networks called modern substitution-
transposition product cipher these form the basis of modern block ciphers
2. S-P networks are based on the two primitive cryptographic operations we have seen
before:
a. substitution (S-box)
b. permutation (P-box)
c. provide confusion and diffusion of message
G.Ramesh Kumar B V Raju College Vishnu Campus Bhimavaram – 534 202 Page 1
3. diffusion – dissipates statistical structure of plaintext over bulk of cipher text
4. confusion – makes relationship between cipher text and key as complex as possible
Data Encryption Standard (DES):
The most widely used encryption scheme is based on the DES adopted in 1977 by the
National Bureau of Standards (NBS or now NIST-National Institute of Standards and
Technology), as Federal Information Standard 46 (FIPS PUB 46). DES algorithm converts
64-bit plain text into 64-bit cipher text using a key of 56 bits. The general diagram for DES
Encryption algorithm as follows:
The 64-bit plaintext block is arranged in 8x8 matrix format as the following:
The DES encryption algorithm involves five functions. They are

1. Initial Permutation
2. Inverse Initial Permutation
3. 32-bit swap
4. Generation of Sub Keys
5. Details of Single Round
1. Initial Permutation (IP):
The plaintext 64-bit block passed to IP function and the bit positions will be changed.
The IP function is described as the following:
The output of the IP function is as follows:
2. Inverse Initial Permutation (IP-1):

The output of 32-bit swap is passed to IP-1 function and the output of IP-1 is the 64-bit
Cipher text. The format of IP-1 function is as follows:
3. 32-bit Swap:
The output of 16th round is divided into two 32-bit halves (left half and right half).
Now they are swapped and generated 64-bit output.
4. Generation of Sub Keys:
A total of 16 sub keys are required and each one size is 48-bits because there are 16
rounds in DES algorithm. But the input key size is 56-bits.
The actual key of DES algorithm looks like 64-bit long. But each and every 8th bit is
called the odd parity. So, we exclude these bits i.e., we exclude 8, 16, 24, 32, 40, 48, 56, 64.
From remaining 56-bits generate the 16 sub keys. Initially the 56-bits are permutated and
divided into two halves (C0, D0) and are explained as the following:
Reduced Permutation:
The two 28-bit blocks are grouped into 56-bit block. This passes through a reduced
permutation giving 48-bit block output, representing the key Ki. The general format of
reduced permutation function is:
5. Details of Single Round:
The following diagram describes internal structure of a single round. The 64-bit
intermediate value is divided into in to 32-bit two halves.
The overall processing at each round can be summarized in the following formulas:
The round key Ki is 48 bits. The R input is 32 bits. This R input is first expanded to 48
bits by using a table that defines a permutation plus an expansion that involves duplication of
16 of the R bits. The resulting 48 bits are XORed with Ki.
This 48-bit result passes through a substitution function that produces a 32-bit output,
which is permuted as defined by the following table.
The role of the S-boxes in the function F is explained in the following diagram. The
substitution consists of a set of eight S-boxes, each of which accepts 6 bits as input and
produces 4 bits as output.
S-Box (Substitution Box):

The S-boxes do the real mixing (confusion). DES uses 8 S-boxes, each with a 6-bit
input and a 4-bit output.
S-Box Rule:
The following table shows the permutation for S-box 1.
Ex: The input to S-box 1 is 100011. What is the output?

Solution:
If we write the first and the sixth bits together, we get 11 in binary, which is 3 in
decimal. The remaining bits are 0001 in binary, which is 1 in decimal. We look for the value
in row 3, column 1, in the above Table (S-box 1). The result is 12 in decimal, which in binary
is 1100. So the input 100011 yields the output 1100.
DES Decryption:
The decryption uses the same algorithm as encryption, except that the application of
the sub keys is reversed.
The Avalanche Effect:
This is a desirable property of any encryption algorithm is that a small change in
either the plaintext or the key should produce a significant change in the cipher text. In
particular, a change in one bit of the plaintext or one bit of the key should produce a change
in many bits of the cipher text. If the change were small, this might provide a way to reduce
the size of the plaintext or key space to be searched. DES shows a strong avalanche effect.
The Strength of DES:
With a key length of 56 bits, there are 256 possible keys, which is approximately 7.2 x
1016. Thus, on the face of it, a brute-force attack appears impractical. Assuming that, on
average, half the key space has to be searched, a single machine performing one DES
encryption per microsecond would take more than a thousand years to break the cipher.
Double DES:
In double DES we have multiple stages of encryption for the given plain text. In the
double DES we use encryption twice. The following diagram explains the idea.
Decryption:
This scheme involves a key length of 56 * 2 = 112 bits. It will increase the key space
and security.
Suppose it is true that, given two key values it is possible to find a key value K3 such
that
EK2(EK1(P) ) = EK3(P).
If the above equation holds double DES becomes useless and it is equivalent to a
Single DES. So, we assume that if DES is used twice as in the above diagram with two
different keys, it will produce a cipher text and we will not get that cipher text with any
possible single key application of DES i.e., the above equation will not be hold.
Meet in the Middle Attack (MIMA):
Suppose sender and receiver are going to use Double DES algorithm, then the intruder
proceeds according to a scheme that does not depend upon any property of DES, but will
work. The attack is described as the following.
The intruder observes that C = EK2(EK1(P)), X = EK1(P) = DK2(C).
Suppose the intruder knows a pair (P, C). He proceeds in the following way.
The intruder first encrypts the plain text P with all possible 256 keys of K1. Now he
stores all the 256 resultant values in the table and sort them according to their values. Now the
intruder decrypts the cipher text with all possible 2 56 key values of K2. At the end of each
decryption we get a 64 – bit value for X. This value is compared against the table for a match.
If the match occurs then the intruder takes the corresponding K1 and K2. Now these two keys
are tested against the known (P, C) pair. After he satisfies he will decrypt the remaining
cipher text easily.
Triple DES:
The following diagram explains the encryption and decryption used in TDES.
The equations are

C = EK1 ( ( DK2 ( EK1 ( P ) ) )
P = DK1 ( ( EK2 ( DK1 ( C ) ) )
Block Cipher:
A block cipher is one in which a block of plaintext is treated as a whole and used to
produce a ciphertext block of equal length. In general, a block size of 64 or 128 bits is used.
Block Cipher Design Principles:
The block ciphers that is cryptographically strong. There are three critical aspects of
block cipher design. They are
a. The number of rounds
b. Design of the function F
c. Key scheduling.
DES Design Criteria:
The criteria used in the design of DES, focused on the design of the S-boxes and on the P
function that takes the output of the S boxes. The criteria for the S-boxes are as follows:
1. No output bit of any S-box should be too close a linear function of the input bits.
Specifically, if we select any output bit and any subset of the six input bits, the
fraction of inputs for which this output bit equals the XOR of these input bits should
not be close to 0 or 1, but rather should be near 1/2.
2. Each row of an S-box (determined by a fixed value of the leftmost and rightmost
input bits) should include all 16 possible output bit combinations.
3. If two inputs to an S-box differ in exactly one bit, the outputs must differ in at least
two bits.
4. If two inputs to an S-box differ in the two middle bits exactly, the outputs must differ
in at least two bits.
5. If two inputs to an S-box differ in their first two bits and are identical in their last two
bits, the two outputs must not be the same.
6. For any nonzero 6-bit difference between inputs, no more than 8 of the 32 pairs of
inputs exhibiting that difference may result in the same output difference.
7. This is a criterion similar to the previous one, but for the case of three S-boxes.
The criteria for the permutation P are as follows:
1. The four output bits from each S-box at round i are distributed so that two of them
affect (provide input for) "middle bits" of round (i+1) and the other two affect end
bits. The two middle bits of input to an S-box are not shared with adjacent S-boxes.
2. The end bits are the two left-hand bits and the two right-hand bits, which are shared
with adjacent S-boxes.
3. The four output bits from each S-box affect six different S-boxes on the next round,
and no two affect the same S-box.
4. For two S-boxes j, k, if an output bit from Sj affects a middle bit of S k on the next
round, then an output bit from Sk cannot affect a middle bit of Sj. This implies that for
j = k, an output bit from Sj must not affect a middle bit of Sj.
These criteria are intended to increase the diffusion of the algorithm.
a. The Number of Rounds:
The 16-round DES, a differential cryptanalysis attack is slightly less efficient than
brute force: the differential cryptanalysis attack requires 255.1 operations, whereas brute force
requires 255. If DES had 15 or fewer rounds, differential cryptanalysis would require less
effort than brute-force key search.
b. Design of the Function F:
The function F of DES uses the S-boxes. An n x m S-box typically consists of 2n rows
of m bits each. The n bits of input select one of the rows of the S-box, and the m bits in that
row are the output. For larger S-boxes, such as 8 x 32, the question arises as to the best
method of selecting the S-box entries in order to meet the type of criteria.
c. Key Scheduling:
A final area of block cipher design is the key schedule algorithm. Hall suggests
[ADAM94] that, at minimum, the key schedule should guarantee key/ciphertext Strict
Avalanche Criterion and Bit Independence Criterion.
Modes of Operation or Block Cipher Modes:
While encrypting the message of length larger than 64–bits, we use the following
block cipher modes.
i) ECB (Electronic Code Book)
ii) CBC (Cipher Block Chaining)
iii) CFB (Cipher Feedback Mode)
iv) OFB (Output Feedback Mode)
v) Counter Mode
i) ECB: Initially the message is divided into 64–bit blocks. If it is necessary, the last block is
padded on right side with 0s (zeros) to get exactly 64-bits. Now each block is encrypted
separately with a key, we will get a cipher text block for each plain text block and it is
combined to get cipher text of the given message. We have to note that we use the same
algorithm and key for each encryption.
In the above diagram,
The receiver receives the cipher text. He divides it into 64-bits cipher blocks. Each
block is decrypted separately to get plain text blocks. All the blocks are combined to get the
original message. The decryption process uses the same key which is used in encryption.
In the above diagram,
Randomized Electronic Code Book:

In this mode, the drawback in ECB is removed i.e., even if the two plain text blocks
are identical, the corresponding cipher blocks are different. This is explained in the following
diagram.
The following is the decryption diagram.
ii) CBC (Cipher Block Chaining) Mode:

CBC is a method of avoiding some of the problem in ECB. In CBC, though the same
block repeats in the plain text, it will not cause repeats in the cipher text.
CBC generates its own random numbers. It uses ci as ri+1 i.e., it takes the previous
block of cipher text uses it as the random number that will be Exclusive ored into the next
plain text.
To avoid having two plain text messages that start the same windup with the same
cipher text in the beginning, CBC does select one random number, which gets Exclusive ored
into the first block of plain text and transmits it along with the data. This initial random
number is known as an IV (Initialization Vector).
Decryption:
iii) Cipher Feedback Mode (CFB):
In this method, k-bits at a time are generated and Exclusive ored with k-bits of plain
text. In CFB, the k-bits shifted in are the k-bits of cipher text from the previous block. So, in
CFB the one-time pad cannot be generated before the message is known.
Decryption:
iv) Output Feedback Mode (OFB):
OFB is a stream cipher. Encryption is performed by the message Exclusive ored with
the one-time pad generated by OFB.
Let us assume that the stream is created 64-bits at a time. A random number (64-bit)
is generated as IV as in CBC mode.
The advantages of this mode is,
i) The one time pad can be generated in advance, before the message to be
encrypted is known.
ii) If some of the bits of the cipher text get garbled, only those bits of plain
text get garbled.
iii) A message can arrive in arbitrarily sized and each time a chunk appears,
the associated cipher text can be immediately transmitted.
The disadvantage of OFB is,
i) If the plain text and cipher text are known to the bad guy, he can modify the
plain text into anything he wants by using Exclusive ored with the cipher
text with the known plain text and Exclusive ored with result with whatever
message he wants to transmit.
Decryption:
vi) Counter Mode:

Counter mode is similar to Output Feedback Mode in that a onetime pad is generated
and Exclusive ored with data. It is different in that instead of chaining by encrypting each
one-time pad block to get the next one. OFB increments the IV and encrypts the result to get
the successive blocks of the one-time pad.
The main advantage of counter mode is that, like OFB, the cryptography can be pre-
computed and encryption is simply Excusive or, we can decrypt the message starting at any
point rather than being forced to start the beginning.
Decryption:
Attacks on DES:
The prime concern with DES has been its vulnerability to brute-force attack because
of its relatively short (56 bits) key length. However, there has also been interest in 97 finding
cryptanalytic attacks on DES. With the increasing popularity of block ciphers with longer key
lengths, including triple DES, brute-force attacks have become increasingly impractical.
Thus, there has been increased emphasis on cryptanalytic attacks on DES and other
symmetric block ciphers are differential cryptanalysis and linear cryptanalysis which are
most powerful and promising approaches.
Differential Cryptanalysis:
One of the most significant advances in cryptanalysis in recent years is differential
cryptanalysis. Differential cryptanalysis is the first published attack that is capable of
breaking DES in less than 255 encryptions. The scheme as reported by Biham and Shamir in
1993, can successfully crypt analyze DES with an effort on the order of 2 47 encryptions,
requiring 247 chosen plaintexts. Although 247 is certainly significantly less than 255, the need
for the adversary to find 247 chosen plaintexts makes this attack of only theoretical interest.
Although differential cryptanalysis is a powerful tool, it does not do very well against
DES. The reason is that differential cryptanalysis was known to the team as early as 1974.
The need to strengthen DES against attacks using differential cryptanalysis played a large
part in the design of the S-boxes and the permutation P. Differential cryptanalysis of an eight-
round LUCIFER algorithm requires only 256 chosen plaintexts, whereas an attack on an
eight-round version of DES requires 214 chosen plaintexts.
Differential Cryptanalysis Attack:
The differential cryptanalysis attack is complex. Here, we provide a brief overview so
that you can get a flavor of the attack. The rationale behind differential cryptanalysis is to
observe the behavior of pairs of text blocks evolving along each round of the cipher, instead
of observing the evolution of a single text block.
We begin with a change in notation for DES. Consider the original plaintext block m
to consist of two halves m0, m1. Each round of DES maps the right-hand input into the left-
hand output and sets the right-hand output to be a function of the left-hand input and the sub-
key for this round. So, at each round, only one new 32-bit block is created. If we label each
new block mi, i=2 to 17, then the intermediate message halves are related as follows:
mi+1 = mi-1 + f(mi, Ki), i = 1, 2, …, 16
In differential cryptanalysis, we start with two messages, m and m‟, with a known
XOR difference dm = m ⊕ m', and consider the difference between the intermediate message
halves: dmi = mi ⊕ mi'. Then we have
Now, suppose that many pairs of inputs to f with the same difference yield the same
output difference if the same sub key is used. To put this more precisely, let us say that X
may cause Y with probability p, if for a fraction p of the pairs in which the input XOR is X,
the output XOR equals Y. We want to suppose that there are a number of values of that have
high probability of causing a particular output difference. Therefore, if we know dmi-1 and
dmi with high probability, then we know dmi+1 with high probability. Furthermore, if a
number of such differences are determined, it is feasible to determine the sub-key used in the
function f.
The overall strategy of differential cryptanalysis is based on these considerations for a
single round. The procedure is to begin with two plaintext messages m and m' with a given
difference and trace through a probable pattern of differences after each round to yield a
probable difference for the cipher text. Actually, there are two probable patterns of
differences for the two 32-bit halves. Next, we submit the plain text for encryption to
determine the actual difference under the unknown key and compare the result to the
probable difference. If there is a match, then we suspect that all the probable patterns at all
the intermediate rounds are correct. With that assumption, we can make some deductions
about the key bits. This procedure must be repeated many times to determine all the key bits.
Linear Cryptanalysis:
A more recent development is linear cryptanalysis. This attack is based on finding
linear approximations to describe the transformations performed in DES. This method can
find a DES key given known plaintexts, as compared to chosen plaintexts for differential
cryptanalysis. Although this is a minor improvement, because it may be easier to acquire
known plaintext rather than chosen plaintext, it still leaves linear cryptanalysis infeasible as
an attack on DES. So far, little work has been done by researchers to validate the linear
cryptanalytic approach.
International Data Encryption Algorithm (I D E A):
IDEA was originally called IPES (Improved Proposed Encryption Standard). It
was developed Xuejia Lai and James L. Massey of ETH Ztiria.
IDEA algorithm converts a 64-bits plain text into 64-bits cipher text using a 128-bits
key value. Here the 64-bits plain text undergoes 8 rounds of similar structure and an output
transformation function to give 64-bits cipher text.
Here we generate 52 sub keys of 16-bits from the 128-bits key. Each round uses 6 sub
keys and the output transformation uses 4 sub keys. The following is the block diagram.
Explanation:
Sub key Generation : First we consider the 128-bits key. It is divided into 8 equal parts. The
first part is called Z1, second part is called Z2 and so on. The last part is Z8. In this way we
generate Z1 to Z8 keys i.e., Z1 ( 1 ..16 ), Z2 ( 17 .. 32 ), Z3 ( 33 .. 48 ), Z4 ( 49 .. 64), Z5 ( 65 ..
80 ), Z6(81 .. 96 ), Z7 ( 97 .. 112), Z8 ( 113 .. 128 ).
Now we perform circular left shift of 25-bits on the given key to get 26 .. 128, 1 .. 25.
We divide these bits into 8 equal parts and call them as Z9 to Z16 i.e., Z9 [ 26 .. 41 ], Z10 [ 42 ..
57 ], Z11 [ 57 .. 73 ], Z12 [ 74 .. 89 ], Z13 [ 90 .. 105 ], Z14 [ 106 .. 121 ], Z15 [ 122, 123, 124,
125, 126, 127, 128, 1 .. 9 ], Z16 [ 10 .. 25 ].
Now again we perform circular left shift of 25-bits on the above input to get
51 .. 128, 1 .. 25, 26 .. 50.
From this we generate the text 8 sub keys from Z17 to Z24. Same procedure is repeated
until we get 52 sub keys.
Internal Organization of Rounds:
In IDEA algorithm we have 8 rounds of similar structure and an output transformation
function. Each round is further divided into two sub rounds. Hence we will get totally 17
different rounds. Out of these 17 rounds, all rounds are having similar structure. Now the
IDEA block diagram can be viewed as follows.
From the above diagram we observe that each round takes a 64-bit input and produces
64-bit input and produces 64-bit output. Each odd round takes 4-keys where as each even
round takes 2 keys.
Each round takes four 16-bit values as output. The following is the structure of odd
round. The odd round „i‟ takes four 16-bit values namely Xa, Xb, Xc and Xd as inputs with
keys Ka, Kb, Kc and Kd and produce Xa, Xb, Xc and Xd as outputs. The following diagram
explains this concept.
Structure of Even Round:
The even rounds takes four 16-bit inputs Xa, Xb, Xc, Xd and two key values Ke, Kf and
generate four 16-bit values output as Xa, Xb, Xc, Xd.
The following diagram explains this concept.
Initially Xa, Xb are Exclusive ored to get Yin. Xc, Xd are Exclusive ored to get Zin.
i.e., Yin = Xa Xb
Zin = Xc Xd
Now Yin, Zin are given to Mangler function with Ke, Kf. It gives two outputs Yout, Zout.
Yout = [ ( Ke Yin ) Zin ] Kf
Zout = ( Ke Yin ) + Yout
Finally Yout is added to Xa to get new Xa, Yout is added to Xb to get new Xb. Zout is
added to Xc to get new Xc, Zout is added to Xd to get Xd.
i.e., Xa = Xa Yout
Xb = Xb Yout
Xc = Xc Zout
Xd = Xd Zout
IDEA Decryption:
In IDEA decryption the 64-bit cipher text is converted into 64-bits plain text using the
same 128-bits key.
The 64-bit cipher text undergoes 8-rounds and output transformation to get 64-bit
plain text. In decryption process we require 52 sub keys of 16-bits each. These are labeled as
U1, U2, U3, ……… U52. These keys are identical to Z1 to Z52 with some permutation; minor
changes i.e., the decryption keys are generated by using the encryption keys in the following
way.
Encryption Keys
Stage Decryption Keys Used Equivalent to
Used
-1
Z1 Z2 Z3 Z4 Z5 U1 U2 U3 U4 U5 Z49 –Z50 –Z51 Z52-1 Z47
R1
Z6 U6 Z48
Z7 Z8 Z9 Z10 Z11 U7 U8 U9 U10 U11 Z43-1 –Z44 –Z45 Z46-1 Z41
R2
Z12 U12 Z42
Z13 Z14 Z15 Z16 U13 U14 U15 U16 Z -1 –Z38 –Z39 Z -1
Z35
37 40
R3
Z17 Z18 U17 U18 Z36
Z19 Z20 Z21 Z22 U19 U20 U21 U22 Z31-1 –Z32 –Z33 Z34-1 Z29
R4
Z23 Z24 U23 U24 Z30
-1
Z25 Z26 Z27 Z28 U25 U26 U27 U28 Z25 –Z26 –Z27 Z28-1 Z23
R5
Z29 Z30 U29 U30 Z24
Z31 Z32 Z33 Z34 U31 U32 U33 U34 Z19-1 –Z20 –Z21 Z22-1 Z17
R6
Z35 Z36 U35 U36 Z18
Z37 Z38 Z39 Z40 U37 U38 U39 U40 Z13-1 –Z14 –Z15 Z16-1 Z11
R7
Z41 Z42 U41 U42 Z12
Z43 Z44 Z45 Z46 U43 U44 U45 U46
R8 Z7-1 –Z8 –Z9 Z10-1 Z5 Z6
Z47 Z48 U47 U48
Output
Z49 Z50 Z51 Z52 U49 U50 U51 U52 Z1-1 –Z2 –Z3 Z4-1
( R9 )
Note 1:
Note 2: In IDEA algorithm we are using 3 operations. They are

Addition Modulo – It performs addition of two inputs modulo 216.
Multiplicative Modulo - It performs multiplication of two inputs modulo 216.
While multiplying the block of all zeros is considered as 216.
Exclusive OR – It is simple Exclusive or operation. ,
, .
Ex: We will see how these operations can be worked for 2-bits.
Important Definitions:
P-Box:
In cryptography, a permutation box (or P-box) is a method of bit-shuffling used to
permute or transpose bits across S-boxes inputs, retaining diffusion while transposing.
Diffusion and Confusion:
Confusion means that each character of the cipher text should depend on several parts
of the key. Diffusion means that if we change a character of the plaintext, then several
characters of the cipher text should change, and similarly, if we change a character of the
cipher text, then several characters of the plaintext should change.
Blowfish was designed in 1993 by Bruce Scheier as a fast, alternative to existing encryption
algorithms such AES, DES and 3 DES etc.
Blowfish Encryption Algorithm:
Blowfish is a symmetric block encryption algorithm designed in consideration with:
1. Fast : It encrypts data on large 32-bit microprocessors at a rate of 26 clock cycles per
byte.
2. Compact: It can run in less than 5K of memory.
3. Simple: It uses addition, XOR, lookup table with 32-bit operands.
4. Secure: The key length is variable ,it can be in the range of 32~448 bits: default 128
bits key length.
5. It is suitable for applications where the key does not change often, like
communication link or an automatic file encryptor.
6. Unpatented and royality-free.
The Feistel structure of Blowfish
Description of Algorithm:
Blowfish symmetric block cipher algorithm encrypts block data of 64-bits at a time.it
will follows the Feistel network and this algorithm is divided into two parts.
a. Key-Expansion
b. Data Encryption
a. Key-Expansion: It will convert a key of at most 448 bits into several sub key arrays
totaling 4168 bytes. Blowfish uses large number of sub keys. These keys are generating
earlier to any data encryption or decryption.
The p-array consists of 18, 32-bit sub keys:
P1, P2,…............ ,P 18
Four 32-bit S-Boxes consist of 256 entries each:
S1,0, S1,1,… ......... S1,255
S2,0, S2,1,… .......... S2,255
S3,0, S3,1,… .......... S3,255
S4,0, S4,1,. ........... S4,255
Generating the Sub keys:
The subkeys are calculated using the Blowfish algorithm:
1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This
string consists of the hexadecimal digits of pi (less the initial 3): P1 = 0x243f6a88, P2
= 0x85a308d3, P3 = 0x13198a2e, P4 = 0x03707344, etc.
2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key,
and so on for all bits of the key (possibly up to P14). Repeatedly cycle through the
key bits until the entire P-array has been XORed with key bits. (For every short key,
there is at least one equivalent longer key; for example, if A is a 64-bit key, then AA,
AAA, etc., are equivalent keys.)
3. Encrypt the all-zero string with the Blowfish algorithm, using the sub keys described
in steps (1) and (2).
4. Replace P1 and P2 with the output of step (3).
5. Encrypt the output of step (3) using the Blowfish algorithm with the modified sub
keys.
6. Replace P3 and P4 with the output of step (5).
7. Continue the process, replacing all entries of the P array, and then all four S-boxes in
order, with the output of the continuously changing Blowfish algorithm.
In total, 521 iterations are required to generate all required sub keys. Applications can
store the sub keys rather than execute this derivation process multiple times.
b. Data Encryption: It is having a function to iterate 16 times of network. Each round
consists of key-dependent permutation and a key and data-dependent substitution. All
operations are XORs and additions on 32-bit words. The only additional operations are four
indexed array data lookup tables for each round.
Algorithm: Blowfish Encryption
Divide x into two 32-bit halves: xL, xR
for i = 1 to 16:
xL = XL XOR Pi
xR = F(XL) XOR xR
Swap XL and xR
Swap XL and xR (Undo the last swap.)
xR = xR XOR P17
xL = xL XOR P18
Recombine xL and xR
Blowfish Encryption
Advanced Data Encryption Standard (AES):
This block cipher algorithm is proposed by Rijndael. This is a substitution
permutation network (DES is Fiestal Cipher Network). This is relatively easy to implement
when compared to DES and it occupies less memory space. This algorithm uses a block of
plain text and converts it into a block of cipher text using a block key.
The block length is a multiple of 32 and in between 128 and 256 bits. This algorithm
supports a large key in multiples of 32. The key is also a multiple of 32, between 128 and 256
bits.
The number of rounds in this algorithm depends upon the length of the key. If key
length is 128 bits then number of rounds is 10. If key length is 192, we have 12 rounds. If key
length is 256, we have 14 rounds.
Block Diagram:
The AES algorithm operates on 4 * 4 arrays of bytes. The following is the block
diagram of AES algorithm, which converts 128-bits plain text into 128-bit cipher text using
128-bit key i.e., 10 rounds.
Each round in the AES algorithm contains 4 stages except the last round. They are
i) Sub Bytes Step
ii) Shift Row Step
iii) Mix Column Step
iv) Add Round key Step
i) Sub Bytes Step:
In sub bytes step each byte of the input is updated using S-box to get an output byte.
This operation provides a non-linearity in the input. The S-box is generally derived from the
inverse functions. The following diagram explains this idea.
ii) Shift Row Step:
The output of first stage is given to shift rows step. It operates on the rows of the
input. The row 1 is unchanged. The second row is shifted one to its left. The third row is
shifted two to its left. The fourth row is shifted three to its left. This is shown in the following
diagram.
iii) Mix Column Step:

In this step the 4-bytes of each column are converted into transformations and
multiply with a fixed polynomial x4 + 1 to get the output. The input to this stage is 4 * 4
array of bytes (output of the shift rows). From this input, we get four groups. Each group is
transformed into polynomial. Each such polynomial is multiplied with X4 + 1 to get another
polynomial. It is again retransformed to a group of 4-bytes.
iv) Add Round Key Step:

In this step sub or round key is combined with each byte of the input to get the output.
We require a sub key of 4 * 4 arrays of bytes for each round. These sub keys are generated
from the given 128-bits key using key scheduler process. Each byte of the sub key is
Exclusive ored with corresponding byte of the input to get an output byte. The last round does
not have Mix Column Step. But it has the remaining 3 stages in the same order.
AES Key Expansion or Sub Keys Generation:
The AES key expansion algorithm takes as input a four-word (16-byte) key and
produces a linear array of 44 words (176 bytes).This is sufficient to provide a four-word
round key for the initial AddRoundKey stage and each of the 10 rounds of the cipher. The
following pseudocode describes the expansion.
KeyExpansion (byte key[16], word w[44])
{
word temp;
for (i = 0; i < 4; i++)
w[i] = (key[4*i], key[4*i+1], key[4*i+2], key[4*i+3]);
for (i = 4; i < 44; i++)
{
temp = w[i – 1];
if (i mod 4 == 0)
temp = SubWord (RotWord (temp)) ⊕ Rcon[i/4];
w[i] = w[i–4] ⊕ temp;
}
}
The key is copied into the first four words of the expanded key. The remainder of the
expanded key is filled in four words at a time. Each added word w[i] depends on the
immediately preceding word, w[i-1], and the word four positions back, w[i-4]. In three out of
four cases, a simple XOR is used. For a word whose position in the w array is a multiple of 4,
a more complex function is used. The following explains the generation of the expanded key,
using the symbol g to represent that complex function. The function g consists of the
following sub functions.
The round constant is a word in which the three rightmost bytes are always 0. Thus,
the effect of an XOR of a word with Rcon is to only perform an XOR on the leftmost byte of
the word. The round constant is different for each round and is defined as Rcon[j] = (RC[j],
0, 0, 0), with RC[1] = 1, RC[j] = 2 * RC[j–1], and with multiplication defined over the field
GF(28).
1. RotWord performs a one-byte circular left shift on a word. This means that an input
word [B0, B1, B2, B3] is transformed into [B1, B2, B3, B0] .
2. SubWord performs a byte substitution on each byte of its input word, using the S-box
3. The result of steps 1 and 2 is XORed with a round constant, Rcon[j].
2. Asymmetric Key Cryptographic Algorithms
Principles of Public-Key (Asymmetric) Cryptosystems:
The public-key crypto system uses two keys – a public & a private key. Asymmetric
(parties are not equal) algorithms depend on one key for encryption and a different key for
decryption. It is computationally infeasible to determine the decryption key. We have only
knowledge of the cryptographic algorithm and the encryption key.
A public-key encryption scheme has six elements:
1. Plaintext: This is the readable message or data that is fed into the algorithm as input.
2. Encryption algorithm: The encryption algorithm performs various transformations
on the plaintext.
3. Public and private keys: This is a pair of keys that have been selected so that if one
is used for encryption, the other is used for decryption. The exact transformations
performed by the algorithm depend on the public or private key that is provided as
input.
4. Ciphertext: This is the scrambled message produced as output. It depends on the
plaintext and the key. For a given message, two different keys will produce two
different ciphertexts.
5. Decryption algorithm: This algorithm accepts the ciphertext and the matching key
and produces the original plaintext.
The essential steps are the following:

1. Each user generates a pair of keys to be used for the encryption and decryption of
messages.
2. Each user places one of the two keys in a public register or other accessible file. This
is the public key. The companion key is kept private. As shown in the above Figure,
each user maintains a collection of public keys obtained from others.
3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message
using Alice's public key.
4. When Alice receives the message, she decrypts it using her private key. No other
recipient can decrypt the message because only Alice knows Alice's private key.
Differences between Conventional Encryption and Public-Key Encryption:
Conventional Encryption Public-Key Encryption
Needed to Work
1. The same algorithm with the One algorithm is used for encryption and
same key is used for encryption decryption with a pair of keys, one for
and decryption. encryption and one for decryption.
2. The sender and receiver
The sender and receiver must each have one
must share the algorithm and the
of the matched pair of keys (not the same one).
key.
Needed for Security
1. The key must be kept secret. One of the two keys must be kept secret.
2. It must be impossible or at
It must be impossible or at least impractical to
least impractical to decipher a
decipher a message if no other information is
message if no other information
available.
is available.
3. Knowledge of the algorithm
Knowledge of the algorithm plus one of the
plus samples of ciphertext must
keys plus samples of ciphertext must be
be insufficient to determine the
insufficient to determine the other key.
key.
Requirements for Public-Key Cryptography:
The crypto system is described in the following diagram:
Public-Key Cryptosystem: Secrecy
Public-Key Cryptosystem: Authentication
The cryptosystem depends on a cryptographic algorithm based on two related keys. Diffie
and Hellman proposed this system without demonstrating that such algorithms exist.
However, they did lay out the conditions that such algorithms must fulfill [DIFF76b]:
1. It is computationally easy for a party B to generate a pair (public key PUb, private
key PRb).
2. It is computationally easy for a sender A, knowing the public key and the message to
be encrypted, M, to generate the corresponding ciphertext:
C = E(PUb, M)
3. It is computationally easy for the receiver B to decrypt the resulting ciphertext using
the private key to recover the original message:
M = D(PRb, C) = D[PRb, E(PUb, M)]
4. It is computationally infeasible for an adversary, knowing the public key, PUb, to
determine the private key, PRb.
5. It is computationally infeasible for an adversary, knowing the public key, PUb, and a
ciphertext, C, to recover the original message, M.
We can add a sixth requirement that, although useful, is not necessary for all public-key
applications:
6. The two keys can be applied in either order:
M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)]
Public-Key Applications:
The applications of public-Key are:
1. The uses of public-key can classify into 3 categories:
1.1. encryption/decryption (provide secrecy)
1.2. digital signatures (provide authentication)
1.3. key exchange (of session keys)
2. some algorithms are suitable for all uses, others are specific to one
RSA Algorithm:
The RSA was developed in 1977 by Ron Rivest, Adi Shamir, Len Adleman at MIT.
Since then, the Rivest-Shamir-Adleman (RSA) scheme has become the most widely accepted
and implemented general-purpose approach to public-key encryption.
This algorithm is used to encrypt integer data. In the RSA algorithm the integer
message „M‟ is encrypted by using the following equation:
C = Me mod n
The receiver uses the following equation for decryption:
M = Cd mod n
Here both sender and receiver must know the integer value „n‟. The sender uses the
public key KU = { e, n }. The receiver uses the private key KR = {d, n}.
The following are the requirements for the RSA algorithm:
a) It is possible to find the values for e, d, n such that
M = Med mod n
b) It is easy to calculate Me, Cd for all M, C.
c) It is computationally infeasible to find „d‟ even { e, n } are known.
The RSA algorithm is stated as follows:
Key Generation:
1) Select two prime numbers p, q.
2) Calculate „n‟, n = p * q
3) Calculate (n) = (p -1) * (q-1)
4) Select an integer „e‟ such that gcd((n), e) = 1
5) Find an integer „d‟ such that de ≡ 1 mod (n)
6) Form the public key KU = { e, n }
7) Form the private key KR = { d, n }
Encryption:
1) Prepare the message „M‟ ( M is an integer value )
2) Calculate cipher text C = Me mod n
Decryption:
1) Receive the cipher text „C‟
2) Calculate plain text M = Cd mod n
In the RSA scheme, the following conditions are defined:
1) Select two prime numbers p and q ( Selected, Private )
2) Calculate n ( Calculated, Public )
3) Select „e‟ such that gcd ((n), e) = 1 ( Select, Public )
4) Calculate „d‟ such that de ≡ 1 mod (n) ( Calculated, Private )
5) KU is public ( KU = { e, n } )
6) KR is private ( KR = { d, n } )
Ex: 1
1) Key Generation:
i) Select two prime numbers p, q. Let p = 7 and q = 17
ii) Calculate n = 7 * 17 = 119
iii) Calculate (n) = 6 * 16 = 96
iv) Select integer „e‟ such that gcd((n), e) = 1 => gcd(96, e) = 1 and let e = 5
v) Calculate „d‟ such that de ≡ 1 mod (n)
=> de mod (n) = 1
=> d5 mod 96 = 1
=> 5 * 77 mod 96 = 1
=> d = 77
vi) Form public key KU = {5, 119}
vii) Form private key KR = {77, 119}
Assume that M = 19
( Sender ) Now C = Me mod n = 195 mod 119 = 66
Now the receiver performs decryption in the following way:
M = Cd mod n = 6677 mod 119 = 19
Calculation of 195 mod 119:
192 mod 119 => 361 mod 119 = 4
195 = ( 192 * 192 * 19 ) = ( 4 * 4 * 19 ) mod 119 = 304 mod 119 = 66
Calculation of 6677 mod 119:
662 mod 119 = 4356 mod 119 = 72
664 mod 119 = ( 662 * 662 ) mod 119 = ( 72 * 72 ) mod 119 = 67
668 mod 119 = ( 664 * 664 ) mod 119 = ( 67 * 67 ) mod 119 = 86
6616 mod 119 = ( 668 * 668 ) mod 119 = ( 86 * 86 ) mod 119 = 18
6632 mod 119 = ( 6616 * 6616 ) mod 119 = ( 18 * 18 ) mod 119 = 86
6664 mod 119 = (6632 * 6632 ) mod 119 = ( 86 * 86 ) mod 119 = 18
6677 mod 119 = ( 6664 * 668 * 664 * 66 ) mod 119
 ( 18 * 86 * 67 * 66 ) mod 119 = 19
Ex: 2
Perform the encryption and decryption using RSA for the following data:
p = 5, q = 11, e = 3, m = 9
n = 5 * 11 = 55
(n) = 4 * 10 = 40
Select an integer „e‟ such that gcd((n), e) = 1 => gcd(40, 3) = 1
Calculate „d‟ such that de ≡ 1 mod (n)
 de mod (n) = 1
 d3 mod 40 = 1
 3 * 27 mod 40 = 1
 Therefore d = 27
KU = {3, 55} and KR = {27, 55}, M = 9
( Sender ) Encryption => C = Me mod n => 93 mod 55 = 14
( Receiver ) Decryption => M = Cd mod n => 1427 mod 55 = 9
Ex: 3
Perform the encryption and decryption using RSA for the following data:
p = 3, q = 11, d = 7, M = 5
n = 3 *11 = 33
(n) = 2 * 10 = 20
Select an integer „e‟ such that gcd((n), e) = 1
 gcd(20, e) = 1
 e=3
Calculate „d‟ such that de = 1 mod (n)
 7 * 3 = 1 mod 20 = 1
KU = {3, 33} and KR = {7, 33}, M =5
(Sender) Encryption => C = Me mod n => 53 mod 33 = 26
(Receiver) Decryption => M = Cd mod n => 2627 mod 33 = 5
RSA Security:
Three approaches to attacking RSA:
1. brute force key search (infeasible given size of numbers)
2. mathematical attacks (based on difficulty of computing ø(N), by factoring
modulus N)
3. timing attacks (on running of decryption)
Symmetric and Asymmetric Key Cryptography Together:
Symmetric encryption is an old technique while asymmetric encryption is relatively
new. Symmetric Encryption is a technique which allows the use of only one key for
performing both the encryption and the decryption of the message shared over the internet. It
is also known as the conventional method used for encryption. In symmetric encryption, the
plaintext is encrypted and is converted to the ciphertext using a key and an encryption
algorithm. While the cipher text is converted back to plain text using the same key that was
used for encryption, and the decryption algorithm.
Asymmetric encryption is an encryption technique that uses a pair of key (private
key and public key) for encryption and decryption. Asymmetric encryption uses the public
key for the encryption of the message and the private key for the decryption of the message.
The public key is freely available to anyone who is interested in sending the message. The
private key is kept secret with the receiver of the message. Any message that is encrypted by
the public key and the algorithm is decrypted using the same the algorithm and the matching
private key of corresponding public key.
Comparison between Symmetric and Asymmetric key Cryptography:
Comparison
Symmetric Encryption Asymmetric Encryption
Factor
Symmetric encryption Asymmetric Encryption consists
Number of incorporates only one key for of two cryptographic keys.
Cryptographic Keys encryption as well as These keys are regarded
decryption. as Public Key and Private Key.
Symmetric encryption is a
Contribution from separate keys
simple technique compared to
for encryption and decryption
Complexity asymmetric encryption as only
makes it a rather complex
one key is employed to carry
process.
out both the operations.
Because of encryption and
Due to its simplistic nature, decryption by two separate keys
Swiftness of
both the operations can be and the process of comparing
Execution
carried out pretty quickly. they make it a little bit slow
procedure.
RC4 RSA
Algorithms AES Diffie-Hellman
Employed DES ECC
3DES
The asymmetric encryption is
The symmetric encryption is
Purpose often used for securely
used for bulk data transmission.
exchanging secret keys.
The Best of Both Worlds:

Both symmetric and asymmetric key cryptography have their own advantages. To
achieve the better of two, we need to ensure that the following g objectives are met:
1. The solution should be completely secure.
2. The encryption and decryption processes must not take a long time.
3. The generated cipher text should be compact in size.
4. The solution should scale to a large number of users easily, without introducing any
additional complications.
5. The key distribution problem must be solved by the solution.
Indeed, in practice, symmetric-key cryptography and asymmetric-key cryptography
are combined to have a very efficient security solution. The way it works is as follows,
assuming that A is the sender of message and B is its receiver.
1. A‟s computer encrypts the original plain-text message (PT) with the help of a standard
symmetric key cryptography algorithm, such DES, IDEA or RC5, etc. this produces a cipher-
text message (CT) as shown in Fig. below. The key used in this operation (K1) is called one-
time symmetric key, as it is used once and then discarded.
2. We would now think, we are back to square one! We have encrypted the plain text (PT)
with a symmetric-key operation. We must now transport this one-time symmetric key (K1) to
the server so that the server can decrypt the cipher text (CT) to get back the original plain-text
message (PT). Does this not again lead us to the key-exchange problem? Well, a novel
concept is used now. A now takes the one-time symmetric key of step1 (i.e. K1), and encrypts
K1 with B‟s public key (K2). This process is called key wrapping of the symmetric key, and is
shown in fig. below. We have shown that the symmetric key K1 goes inside a logical box,
which is sealed by B‟s public key (i.e. K2).
3. Now, A puts the cipher text CT1 and the encrypted symmetric key together inside a digital
envelope. This is shown in the following figure:
4. The sender (A) now sends the digital envelope [which contains the cipher text (CT) and the
onetime symmetric key (K1) encrypted with B‟s public key, (K2)] to B using the underlying
transport mechanism (network). This is shown in fig .we do not show the contents of the
envelope, and assume that the envelope contains the two entities, as discussed.
5. B receives digital envelope and opens it. After B opens this digital envelope, he gets 2
things first is cipher text (CT) and another one is the one-time session key (K1) which is
encrypted using B‟s public key (K2). This is shown in the following figure:
6. B now uses the same asymmetric-key algorithm as was used by A and her private key (K3)
to decrypt (i.e. open up) the logical box that contains the symmetric key (K1), which was
encrypted with B‟s public key (K2). This is shown in fig. below. This output of the process is
the one-time symmetric key K1.
7. Finally, B applies the same symmetric-key algorithm as was used by A, and the symmetric
key K1 to decrypt the cipher text (C1). This process yields the original plain text (PT), as
shown in the following figure:
Authentication Requirements (Security Requirements):

In the context of communications across a network, the following attacks can be
identified:
1. Disclosure: Release of message contents to any person or process not possessing the
appropriate cryptographic key.
2. Traffic Analysis: Discovery of the pattern of traffic between parties. In a connection-
oriented application, the frequency and duration of connections could be determined.
In either a connection-oriented or connectionless environment, the number and length
of messages between parties could be determined.
3. Masquerade: Insertion of messages into the network from a fraudulent source. This
includes the creation of messages by an opponent that are purported to come from an
authorized entity. Also included are fraudulent acknowledgments of message receipt
or non-receipt by someone other than the message recipient.
4. Content Modification: Changes to the contents of a message, including insertion,
deletion, transposition, and modification.
5. Sequence Modification: Any modification to a sequence of messages between
parties, including insertion, deletion, and reordering.
6. Timing Modification: Delay or replay of messages. In a connection-oriented
application, an entire session or sequence of messages could be a replay of some
previous valid session, or individual messages in the sequence could be delayed or
replayed. In a connectionless application, an individual message (e.g., datagram)
could be delayed or replayed.
7. Source Repudiation: Denial of transmission of message by source.
8. Destination Repudiation: Denial of receipt of message by destination.
Authentication Functions:
There are three authentication functions. They are
1. Message encryption: The ciphertext of the entire message serves as its authenticator
2. Message authentication code (MAC): A function of the message and a secret key
that produces a fixed-length value that serves as the authenticator
3. Hash function: A function that maps a message of any length into a fixed-length hash
value, which serves as the authenticator
Message Encryption:
Message encryption by itself can provide a measure of authentication. There is a
difference between for symmetric and public-key encryption schemes.
Symmetric Encryption:
A message M transmitted from source A to destination B is encrypted using a secret
key K shared by A and B. If no other party knows the key, then confidentiality is provided:
No other party can recover the plaintext of the message. This is explained in the following
diagram.
Basic Uses of Message Encryption
Public-Key Encryption:
This provides no confidence of sender because anyone potentially knows public-key.
However, if sender signs message using their private-key, then encrypts with recipients
public key. Hence it provides both secrecy and authentication.
Message Authentication Code (MAC):
An alternative authentication technique involves the use of a secret key to
generate a small fixed-size block of data, known as a cryptographic checksum or MAC and is
appended to the message. This technique assumes that two communicating parties, say A and
B, share a common secret key K. This is explained in the following diagram.
Basic Uses of Message Authentication Code (MAC)
Hash Function:
The hash algorithms are known as Message Digest Functions or One Way
Transformation Functions. It is considered as a function because it takes an input message
and produces an output. A hash function is a mathematical transformation, which takes
arbitrary (random) length of message and computes a fixed length of numerical value. We
call the hash of the message as H (M). We will use the terms hash and message digest
interchangeably. The basic uses of hash functions are explained in the following table and
diagram:
Basic Uses of Hash Function
Birthday Problem:
Given a group of people, what is the minimum number of people such that two will
share the same birthday with probability > 0.5?
1. For a single person P1, there are n = 365 possible birthdays → The probability p1 of
having birthday at one of the days is n/n
2. For the second person P2, there are 364 (i.e. n-1) possibilities to have birthday at a
day different from P1; the probability for this is p2 = ( n / n) * ( n – 1 ) / n
3. Generalizing - the probability of having birthday on different days for r people:
Pr = n! / (( n – r )! * nr)
4. The probability of a match is 1 - pr
5. On the average, a match will occur after ≈ n steps
How to compute a Message Digest?
1. First idea: convert a secret key algorithm into a message digest algorithm for arbitrary
messages
2. Used e.g. to store hashes of UNIX passwords instead of the passwords it selves
3. Given: A secret key algorithm with key bits and message block length b bits (e.g.
DES: k=56 and b=64)
Algorithm:
Split message m into k-bit chunks m1, m2, ...
Use m1 as a key to encrypt a “constant”
Use m2 to encrypt the previous result
.............
Use the final b-bit result as message digest
Problem: 64 bit message digest is too short

Generate a second 64-bit quantity using the chunks m1, m2, ... e.g. in reverse order.
MD5 (Message Digest 5) Algorithm:
This algorithm was developed by Ron Rivest. MD5 is seen as more secure and speed
than MD4. This is a hash algorithm. This algorithm takes an arbitrary length of input message
and produces a message digest of 128 bits. The input is processed as 512 bit blocks. This
algorithm contains the following steps:
a) Append Padding Bits: This algorithm takes an arbitrary length of message. This message is
padded, so that its length is congruent to 448 mod 512 i.e., length ≡ 448 mod 512, we can the
bits as 1 followed by zeros.
Ex:
1. If the length of message contains 550 bits, we have to pad 410 bits i.e., 1 followed
by 409 zeros to satisfy length mod 512 = 448.
2. If the original message length is 2000, we have to pad 496 bits.
3. If the original message length is 448, 960 or 1472, we have to pad 512 bits. The
padding bits are always appended to the right of the original message.
b) Appending Length: Find out the length of the original message and represent it is 64 bits
and are appended to the right side of the step (a) output. Now the total message consists 512
bit blocks. The output of step (b) contains a multiple of 512 bits.
c) Initializing MD Buffer: The MD5 algorithm uses a buffer of 128 bits. The buffer can be
represented as 4 registers d0, d1, d2 and d3. The registers are initialized to the following
Hexadecimal values.
d0 = 67452301 (MSB (Most Significant Byte) = 67 & LSB (Least SB) = 01)
d1 = efcdab89 (MSB (Most Significant Byte) = ef & LSB (Least SB) = 89)
d2 = 98badcfe (MSB (Most Significant Byte) = 98 & LSB (Least SB) = fe)
d3 = 10325476 (MSB (Most Significant Byte) = 67 & LSB (Least SB) = 01)
Now these values are stored in little Endean format i.e., the least significant byte will
store in low address. Now d0 = 01234567 d1 = 89abcdef d2 = fedcba98 d3 = 76543210
d) We divide the entire message (original message + appending padding + appending length)
into 512 bit blocks and for each block a separate HMD5 is applied. This is shown in the
following diagram (IV=Initial Value for the d0, d1, d2 and d3 buffer (4 * 32-bits=128–bits).
Processing of the 512 bit blocks:
The heart of the algorithm is called a compression function. It consists 4 rounds. The
4 rounds are having similar structure, but each round uses a different primitive function. The
following diagram explains this concept.
CVq = Changing Variable processed with qth block of the message

Yq = The qth 512 – bit block of the message
From the above diagram, the following expressions are used in the MD5 algorithm.
MD5 Compression Function:
In MD5 algorithm, we have 4 rounds and each round contains 16 steps in it. These
steps operate on the d0, d1, d2 and d3. The following diagram explains the internal structure of
each step:
From the above compression function, the following functions are used.
d0 = d3 CLS = Circular Left Shift
d1 = sum32 ( d1, CLS ( Ti ( Xk, ( d0, g (d1, d2, d3 ) ) ) )

d2 = d1 sum32 = Addition of modulo 232 performed separately on each word of the pair of inputs
d3 = d2 g = One of the primitive functions of F, G, H, I
The following primitive functions are used in HMD5 algorithm.

Pass 1: Selection function
• Calculation bases on function F(x, y, z) = (x y) (~x z)
„i‟ value varies from 0 through 15.
Pass 2: Second selection function

• Calculation bases on function G(x, y, z) = (x z) (y ~z)
Pass 3: First modification function
• Calculation bases on function H(x, y, z) = x y z
Pass 4: Second modification function

• Calculation bases on function I(x, y, z) = y (x ~z)
In the MD5 algorithm, we add a Ti value in each step. The Ti value is found in the
following way. It is equal to an integer part of 232 * abs ( sin ( i ) ).
E.g. : T [ 1 ] = Integer part of 232 * abs ( sin ( 1 ) )
= D7A6A478
In MD5 algorithm we use Xi values. The Xi values are calculated in the following
way. First, we have to consider the 512 bits input to the round. It divided into 16 equal parts
and they are called X [ 1 ] to X [ 16 ]. These are used in first 16 steps or in pass 1. For the
remaining passes ( 2, 3, 4 ), we found the X values in the following way.
2(i) = (1 + 5i) mod 16
3(i) = (5 + 3i) mod 16
4(i) = 7i mod 16
In this way, the MD5 compression function will be worked.
Differences between MD4 and MD5:
MD5 is speed and security than MD4. MD5 is similar to MD4. The major differences are:
a. MD4 takes three passes over each 16-octet chunk of the message. MD5 makes
four passes over each 16-octet chunk.
b. The functions are slightly different, as are the number of bits in the shifts.
c. MD4 has one constant which is used for each message word in pass 2and a
different constant used for all the 16 message words in pass 3. No constant is
used in pass 1.
d. MD5 uses different constants for each message word on each pass. Since there
are 4 passes, each of which deals with 16 message words, there are 64 32-bit
constants used in MD5. We call them T 1 through T64. Ti is based on the sine
function, i.e., Ti = [ 232 | sin i | ] = Integer part of 232 * abs ( sin ( i ) )
Strength of MD5:
1. MD5 hash is dependent on all message bits
2. Rivest claims security is good as can be
3. known attacks are:
a. Berson 92 attacked any 1 round using differential cryptanalysis (but can‟t
extend)
b. Boer & Bosselaers 93 found a pseudo collision (again unable to extend)
c. Dobbertin 96 created collisions on MD compression function (but initial
constants prevent exploit)
4. conclusion is that MD5 looks vulnerable soon
SHA – 1 (Secure Hash Algorithm):
The Secure Hash Algorithm takes an arbitrary length of input message and produces a
160-bit message digest value.
The algorithm proceeds in the following way:
1. Take message and add padding (1 followed by 0‟s) so that the entire message length,
including the padding, is evenly divided by 512.
2. The SHA algorithm works on blocks of 512.
3. Establish Wn for processing such that 0 <= n <= 79
a) Wn is a length of 32 bits
b) Segment the 512 bit block into 16 blocks of 32 bits to obtain W0
through W15
c) Starting with n=16, use the following calculation to obtain W16
through W79: Wn = Wn-3  Wn-8  Wn-14  Wn-16
4. The SHA-1 uses a 160 bit buffer. It is divided into Five 32 bit registers
called A, B, C, D and E. The initialized values of A, B, C, D, and E are as
follows:
A = 67452301 B = EFCDAB89 C = 98BADCFE D = 10325476
E = C3D2E1F0
5. For each round from 0 through 79 A, B, C, D, and E are processed as follows:
A = E + (A  5) + Wt + Kt + f(t, B, C, D)
B = old A
C = old B  30
D = old C
E = old D
Where Wt is the tth 32 – bit word in the 80-word block. Kt is a constant.
a. Each round also uses the additive constants Kt, where 0  t  79
indicates one of the 80 steps across 4 rounds
b. In fact only 4 constants are used:
6. Each primitive function takes three 32-bit words as input and produces a 32-bit word
output. Each function performs a set of bitwise logical operations
a) For 0 <= t <= 19, f(t, B, C, D) = (B ^ C) v (~B ^ D) and Kt = 5A827999
b) For 20 <= t <= 39, f(t, B, C, D) = B  C  D and Kt = 6ED9EBA1
c) For 40 <= t <= 59, f(t, B, C, D) = (B ^ C) v (B ^ D) v (C ^ D) and Kt = 8F1BBCDC
d) For 60 <= t <= 79, f(t, B, C, D) = B  C  D and Kt = CA62C1D6
7. The result of the last round n=79 is added to the initial values of A, B, C, D, and E to
obtain the 160 (32*5) bit message digest for the block.
Comparison of SHA-1 and MD5:
The two algorithms are compared using their design goals. They are
Security against brute-force attacks: The most important difference is that SHA-1 digest is
32-bits longer than MD5 digest.
1. Security against cryptanalysis: MD5 is vulnerable to cryptanalytic attacks, where as
SHA-1 not be vulnerable to such attacks.
2. Speed: SHA-1 should execute more slowly than MD5 due to size of digest and
number iterations.
3. Simplicity and compactness: Both algorithms are simple to describe and implement.
They do not require larger programs and substitution tables.
4. Little-endian versus big-endian architecture: MD5 uses little-endian scheme for
message sequence for 32-bit words. But SHA-1 uses big-endian scheme and is not
giving strong advantage.
HMAC (MAC with Hash):
Hash algorithms like SHA -1 and MD5 could not use any secret key, whereas the
MAC algorithm uses a secret key. If we combine these two, so that key is used in Hashing.
Hence, this algorithm is known as HMAC algorithm.
This algorithm consists the following steps:
1. Consider the arbitrary length message M and divide it in to „L‟ 512 bit blocks.
Each block length is denoted by „b‟.
2. Initially we generate a secret key of length „n‟. Now we pad some zeros on left of
3. „k‟ to get m-bit key ( Here m < b ). Now the key is padded with zeros on left. So the
length of key is equal to „b‟. We denote it as K+.
4. Initialize ipad = 00110110 repeated b / 8 times. The length of ipad = 512 bits or b.
5. Initialize opad = 01011010 repeated b / 8 times. The length of opad = 512 bits or b.
6. Apply the Exclusive-or on K+ and ipad to get a b-bit output block called Si.
7. Si is appended to the message blocks y0 to yL-1 at the beginning. So, we have a total of
L + 1 blocks.
8. Apply the Hash function to the above blocks to get n-bit Hash value H (Si || M)
9. Apply the Exclusive or operation on K+ and opad to get So of b-bits.
10. S0 is appended to the output of H in step 7 at the beginning.
11. H ( Si || M ) is padded with zeros on left side until it becomes a b-bit blocks.
12. Now we apply H to the output of step 10. The result contains n-bits and this is
called HMAC value of the given message.
The above all steps are shown in the following figure:
In a brief HMAC is explained in the following figure:
HMAC Security:
1. We know that the security of HMAC relates to that of the underlying hash algorithm
2. To attack HMAC requires either:
a. brute force attack on key used
b. birthday attack (but since keyed would need to observe a very large number of
messages)
To choose hash function used based on speed verses security constraints
Digital Signature Standard (DSS) Algorithm:
This Algorithm is known as the Digital Signature Algorithm. This was developed by
NIST, National Institute of Standards and Technology in 1991. This employs an irreversible
public key system.
In the DSS approach sender prepares a message and calculates Hash value and sign on
it. The signed Hash value is appended to the original message and sends it to the receiver.
The receiver verifies the signature and if it matches, he accepts the message. The following
diagram explains this idea:
Algorithm:
1. Select a large prime number p
2. Select prime number q which is a divisor of (p-1) where 2159<q< 2160
3. Select a number h where 1<h<(p-1)
4. Calculate g = h(p-1)/q mod p such that h(p-1)/q mod p > 1
5. Select a private key which is random number x where 0<x<q
6. Then the public key is y = gx mod p
Per Message Application:
1. Select a random integer k such that 0<k<q
2. Let M be the message to be transmitted
3. Let H(M) be the hash of the message to be transmitted using SHA-1. SHA-1 closely
models MD4
4. Calculate r (text uses Tm), where r = (gk mod p) mod q
5. Calculate s (text uses X), where s = (k-1(H(M) + x*r) mod q
6. Transmit M, r, and s
Verifying Signature:
1. Calculate (s1)-1 mod q = w
2. Calculate H(M1)
3. Calculate u1 (text uses x), where u1 = [H(M1)*w] mod q
4. Calculate u2 (text uses y), where u2 = (r1*w) mod q
5. Calculate v, where v = [(gu1 * yu2) mod p] mod q
6. If v = r then the signature is verified
Signature Function:
In the DSS algorithm, we use three global key elements. They are p (Prime Number),
q (is divisor of p -1) and g (h(p-1)/q mod p such that h(p-1)/q mod p > 1). These three values make
KUG (Global public Key Elements).
The signature function uses the secret key of sender i.e., private key X = KRa. The
signature function uses a secret number „k‟. It is selected randomly. The sender prepares the
message and calculates its Hash value and gives it to the signature function along with K UG,
KRa and k. Now the signature is produced. It contains two components r and s.
r = (gk mod p) mod q s = (k-1(H (M) + x*r) mod q
Signature Verification:
After receiving M1, r1, s1, the receiver first calculates the hashed value of the received
message. Then the receiver needs to collect KUG, KUa. The KUG contains three components p,
q, g and the public key of sender is also collected. Earlier the sender calculates his public key
using the following formulae:
KUa = y = gx mod p and the public key is kept opened to all.
Now the receiver gives H (M1), r1, s1, KUG and KUA to verification function. The
following expressions are used in verification function:
w = (s1)-1 mod q u1 = [H(M1)*w] mod q u2 = (r1*w) mod q v = [(gu1 * yu2) mod p] mod q
Now the receiver is going to test whether v = r1 or not. If these two are equal means
the signature is verified. Otherwise, signature is not matched. If signature is matched,
receiver accepts M1, otherwise, he rejects M1. The following diagram explains how signature
is generated and verified:
Signature = (r, s):
Verification:
*************

Unit Ii

Uploaded by

Copyright:

Available Formats

Unit Ii

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unit Ii

Uploaded by

Copyright:

Available Formats

UNIT – II

1. Symmetric Key Cryptographic Algorithms: Algorithm types and modes-overview of

1. Symmetric Key Cryptographic Algorithms

The DES encryption algorithm involves five functions. They are

The output of the IP function is as follows:

2. Inverse Initial Permutation (IP-1):

S-Box (Substitution Box):

Ex: The input to S-box 1 is 100011. What is the output?

The equations are

In the above diagram,

In the above diagram,

Randomized Electronic Code Book:

ii) CBC (Cipher Block Chaining) Mode:

vi) Counter Mode:

Note 2: In IDEA algorithm we are using 3 operations. They are

iii) Mix Column Step:

iv) Add Round Key Step:

The essential steps are the following:

Public-Key Cryptosystem: Secrecy

Public-Key Cryptosystem: Authentication

The Best of Both Worlds:

Authentication Requirements (Security Requirements):

Basic Uses of Message Authentication Code (MAC)

Problem: 64 bit message digest is too short

CVq = Changing Variable processed with qth block of the message

d1 = sum32 ( d1, CLS ( Ti ( Xk, ( d0, g (d1, d2, d3 ) ) ) )

The following primitive functions are used in HMD5 algorithm.

Pass 2: Second selection function

Pass 4: Second modification function

In a brief HMAC is explained in the following figure:

You might also like