Unit 2

Symmetric & Asymmetric key cryptography: algorithm type & models,

DES, IDEA, differential & linear cryptanalysis, RSA, Symmetric &
asymmetric key together, digital signature, Knapsack algorithm.

1. Symmetric Key Cryptography

 Definition: A single secret key is used for both encryption and decryption.
 Key Features:
o Faster than asymmetric cryptography.
o Requires secure key distribution.
 Common Algorithms: DES, AES, IDEA.
 Example: If Alice encrypts a message using a secret key KKK, Bob needs the same
KKK to decrypt it.

Data Encryption Standard (DES):

 Type: Symmetric block cipher.

 Process: Operates on 64-bit blocks, using a 56-bit key.
 Steps:
o Input plaintext undergoes multiple rounds of substitution and permutation.
o Uses the Feistel structure for encryption.
 Weakness: Vulnerable to brute-force attacks due to the short key length.

Data Encryption Standard (DES)

The Data Encryption Standard (DES) is a symmetric key block cipher encryption
algorithm that encrypts data in fixed-size blocks (64 bits) using a 56-bit key. Developed in
the 1970s, DES operates on the principles of substitution and permutation, transforming
plaintext into ciphertext to ensure data confidentiality.

Key Features of DES

1. Block Size: 64 bits (plaintext is processed in 64-bit chunks).

2. Key Length: 56 bits (an additional 8 bits are used for parity, making it 64 bits total).
3. Rounds: DES consists of 16 rounds of processing, where each round applies
substitution, permutation, and XOR operations.
4. Feistel Structure: DES uses a Feistel network where data is split into two halves and
undergoes processing iteratively.

DES Encryption Process

 1. Initial Permutation (IP): Rearranges the bits of the plaintext based on a fixed
permutation table.
2. Rounds:
o The 64-bit block is divided into two halves: Left (L) and Right (R).
o In each round:
1. The right half is expanded using an expansion table.
2. XOR operation is performed between the expanded right half and the
subkey for that round.
3. The result is passed through substitution boxes (S-boxes) for
compression to 32 bits.
4. A permutation step is applied to the S-box output.
5. The result is XORed with the left half, and the two halves are swapped.
3. Final Permutation (FP): The output of the 16th round undergoes a final permutation
to produce the ciphertext.

Example

Input:

 Plaintext: "ABCDEFGH" (64-bit ASCII characters).

 Key: "A1B2C3D4E5F6G7H8" (56-bit effective key).

Process:

1. Convert plaintext and key into binary.

2. Apply the Initial Permutation (IP) to the plaintext.
3. Perform 16 rounds of encryption using subkeys derived from the main key:
o For each round, compute new L and R halves based on the Feistel function.
4. Combine the final L and R halves after the last round.
5. Apply the Final Permutation (FP) to get the ciphertext.

Output:

 Ciphertext: A 64-bit encrypted block, represented as binary or hexadecimal.

Limitation of DES

1. Key Length: The 56-bit key is vulnerable to brute-force attacks, making DES
insecure for modern use.
2. Superseded by AES: DES has been replaced by the Advanced Encryption Standard
(AES), which offers better security and efficiency.

2. Asymmetric Key Cryptography

  Definition: Uses a pair of keys—a public key for encryption and a private key for
decryption.
 Key Features:
o Solves the key distribution problem.
o Slower than symmetric algorithms.
 Common Algorithms: RSA, ECC.
 Example: Alice encrypts a message using Bob's public key; only Bob can decrypt it
using his private key.

Rivest-Shamir-Adleman (RSA) Algorithm

RSA is a widely used asymmetric encryption algorithm based on the principles of number
theory. It relies on a pair of keys: a public key for encryption and a private key for
decryption. RSA provides robust security by leveraging the computational difficulty of
factoring large prime numbers.

Key Features of RSA

1. Asymmetric Encryption: Uses a key pair (public and private).

2. Mathematical Foundation: Based on modular arithmetic and large prime
factorization.
3. Applications: Digital signatures, secure communications, and data encryption.

Applications of RSA

1. Secure Data Transmission: Ensures confidentiality in communication (e.g.,

SSL/TLS).
2. Digital Signatures: Verifies authenticity and integrity.
3. Key Exchange: Secures symmetric key sharing in hybrid encryption systems.

Limitations of RSA

1. Computational Overhead: RSA is slower than symmetric algorithms like AES.

2. Key Size: Requires large keys (2048+ bits) to ensure security against modern
computational power.

3. Symmetric & Asymmetric Key Together

 Hybrid Cryptography:
 o Combines the efficiency of symmetric encryption with the security of
asymmetric encryption.
o Example: SSL/TLS protocols use RSA to exchange symmetric keys and AES
for actual data encryption.

4. International Data Encryption Algorithm (IDEA):

 Type: Symmetric block cipher.

 Features:
o Operates on 64-bit blocks with a 128-bit key.
o Uses eight rounds of transformations involving XOR, modular addition, and
multiplication.

International Data Encryption Algorithm (IDEA)

The International Data Encryption Algorithm (IDEA) is a symmetric key block cipher
used for secure data encryption. It was designed in 1991 by James Massey and Xuejia Lai as
an improvement over the Data Encryption Standard (DES). IDEA is known for its simplicity,
speed, and high level of security.

Key Features of IDEA

1. Block Size: 64 bits (plaintext is processed in 64-bit chunks).

2. Key Size: 128 bits.
3. Structure: Based on substitution-permutation and a mix of modular arithmetic, bitwise XOR,
and multiplication operations.
4. Number of Rounds: 8.5 (eight full rounds plus a final transformation).
5. Applications: Used in PGP (Pretty Good Privacy) and other encryption tools.

How IDEA Works

1. Input

 A 64-bit plaintext block.

 A 128-bit encryption key.

2. Key Generation

 The 128-bit key is divided into 52 subkeys, each 16 bits long, for use in the encryption
process.

3. Encryption Process
  The plaintext is divided into four 16-bit sub-blocks.
 In each round, the blocks are transformed using:
1. Modular Addition: Addition modulo 2162116.
2. Modular Multiplication: Multiplication modulo 216+1216+ 1.
3. Bitwise XOR: XOR operation.
 The final half-round applies additional transformations to complete the encryption.

4. Decryption Process

 The decryption process uses the same algorithm but applies the subkeys in reverse order,
with specific modular inverses for addition and multiplication.

Example

Scenario

Encrypt the plaintext "HELLO!" using IDEA.

1. Input:
o Plaintext: "HELLO!"
o Convert to binary or hexadecimal: Assume 48 48-bit representation in ASCII.

2. Key:
o A random 128-bit key

(e.g.,0x2BD6459F82C5B300952C49104881FF480x2BD6459F82C5B300952C49104881FF48).

3. Process:
o Divide the plaintext into 16-bit chunks.
o Use modular addition, multiplication, and XOR with subkeys to perform 8.5 rounds
of transformation.

4. Output:
o Ciphertext: Encrypted 64-bit block

(e.g., 0x3A94D63F1E538C220x3A94D63F1E538C22).

Advantages of IDEA

1. Strong Security: Resistant to many cryptographic attacks, including differential and linear
cryptanalysis.
2. Efficient: Suitable for both hardware and software implementation.
3. Compact Key Size: 128-bit key provides robust security while remaining efficient.
Limitations

1. Block Size: A 64-bit block size is smaller compared to modern standards (e.g., AES uses 128-
bit blocks).
2. Patent Restrictions: Initially patented, limiting its adoption; the patent expired in 2011.
3. Obsolescence: Less commonly used in favor of newer algorithms like AES.

Applications of IDEA

1. Pretty Good Privacy (PGP): Used for encrypting emails and files.
2. Secure File Storage: Encrypting sensitive data on disk.
3. Communication Security: Encrypting messages in secure communication systems.

5. Differential & Linear Cryptanalysis:

 Differential Cryptanalysis:
o Studies differences in input and how they affect output differences.
o Effective against Feistel ciphers like DES.

 Linear Cryptanalysis:
o Approximates the behavior of the cipher using linear equations.
o Focuses on the relationship between plaintext, ciphertext, and key bits.

Differential and Linear Cryptanalysis

Both differential cryptanalysis and linear cryptanalysis are techniques for analyzing and
attacking block ciphers. They aim to discover vulnerabilities in cryptographic algorithms,
particularly substitution-permutation networks (SPNs) and Feistel ciphers, to recover secret
keys or plaintext.

1. Differential Cryptanalysis

Differential cryptanalysis is a chosen-plaintext attack that studies how differences in input

data affect differences in output data through the encryption process.

Key Concepts

1. Input Difference: The XOR difference between two plaintexts.

2. Output Difference: The XOR difference between the corresponding ciphertexts.
3. Differential Pair: A pair of plaintexts with a specific input difference.

The attacker tries to predict how input differences propagate through the cipher using patterns
in the S-boxes and other transformations.
2. Linear Cryptanalysis

Linear cryptanalysis is a known-plaintext attack that exploits statistical biases in linear

approximations of the cipher's components (S-boxes, XORs, etc.).

Key Concepts

1. Linear Approximation: A probabilistic equation that relates plaintext, ciphertext,

and key bits.
2. Bias: The deviation of the approximation probability from 0.50.5.

Comparison of Differential and Linear Cryptanalysis

Feature Differential Cryptanalysis Linear Cryptanalysis

Type of Attack Chosen-plaintext attack Known-plaintext attack

Analyzes differences between Exploits statistical biases in

Focus
inputs/outputs approximations

Requires pairs of plaintexts with specific Requires many known plaintext-

Requirement
differences ciphertext pairs

S-box differentials and propagation Linear approximations of cipher

Target
patterns components

Example
DES, FEAL DES, Serpent
Cipher

6. Digital Signature:

Digital Signature

A digital signature is a cryptographic technique that ensures the authenticity, integrity, and
non-repudiation of digital messages or documents. It functions as the electronic equivalent of
a handwritten signature or a stamped seal, but it is far more secure due to its cryptographic
foundation.

 Process:
1. Generate a hash of the message.
2. Encrypt the hash using the sender’s private key.
3. Verify the signature using the sender’s public key.
 Example: RSA is commonly used for digital signatures.
Key Features

1. Authenticity: Confirms the sender's identity.

2. Integrity: Ensures that the message was not altered after signing.
3. Non-Repudiation: Prevents the sender from denying they signed the document.
4. Asymmetric Cryptography: Relies on a pair of keys (public and private).

How Digital Signatures Work

Digital signatures use public key infrastructure (PKI) and operate as follows:

1. Key Generation

 The sender generates a key pair:

o Private Key: Used for signing.
o Public Key: Used for verifying.

2. Signing Process

 Message Digest: The sender applies a cryptographic hash function to the original message to
generate a fixed-size hash (digest).
 Signature Creation: The sender encrypts the hash using their private key to create the digital
signature.
 The sender sends both the original message and the digital signature.

3. Verification Process

 The receiver decrypts the digital signature using the sender's public key to obtain the hash.
 The receiver computes the hash of the original message using the same hash function.
 If the two hashes match:
o The message is authentic.
o The message integrity is preserved.

Example

Scenario

Alice wants to send a digitally signed message to Bob.

1. Message: "Hello, Bob!"

2. Hash Function: SHA-256 (produces a 256-bit hash).
Step 1: Signing Process (Alice)

1. Alice hashes the message:

o Hash("Hello, Bob!") →
f7bc83f430538424b13298e6aa6fb143ef4d59a149460ddde781a5f5.
2. Alice encrypts the hash using her private key:
o Digital Signature = Encrypt(Hash, Private Key).

Alice sends:

 Original Message: "Hello, Bob!"

 Digital Signature.

Step 2: Verification Process (Bob)

1. Bob decrypts the digital signature using Alice's public key to obtain the hash:
o Decrypt(Digital Signature, Public Key) →
f7bc83f430538424b13298e6aa6fb143ef4d59a149460ddde781a5f5.
2. Bob hashes the received message:
o Hash("Hello, Bob!") →
f7bc83f430538424b13298e6aa6fb143ef4d59a149460ddde781a5f5.
3. Bob compares the hashes:
o If the hashes match, the message is verified.

Applications of Digital Signatures

1. Email Security: Verifying the sender and ensuring the email's integrity.
2. Software Distribution: Ensuring software is from the original publisher and unaltered.
3. Legal Documents: Digitally signing contracts or agreements.
4. Blockchain: Validating transactions in cryptocurrencies.

Advantages

 High security and reliability.

 Detects tampering.
 Establishes trust in digital communication.

Disadvantages

 Relies on the security of private keys.

 Computationally intensive compared to symmetric cryptography.
7. Knapsack Algorithm:

 Type: Asymmetric encryption algorithm based on the subset sum problem.

 Process:
o Public key: Superincreasing sequence (e.g., 2,3,6,132, 3, 6, 132,3,6,13).
o Encrypt message using linear combinations of the public key.
o Decrypt using the modular inverse of the private key.

Knapsack Algorithm

The Knapsack Problem is a combinatorial optimization problem. It asks: Given a set of

items, each with a weight and a value, how can you select items to maximize the total value
without exceeding a given weight limit (capacity)?

The Knapsack Algorithm solves this problem using techniques such as dynamic
programming, greedy approaches, or backtracking, depending on the problem type.

Types of Knapsack Problems

1. 0/1 Knapsack Problem:

o Each item can either be included or excluded.
o No partial items are allowed.

2. Fractional Knapsack Problem:

o Items can be divided into fractions.
o Suitable for greedy approaches.

1. 0/1 Knapsack Problem

Problem Statement

 Items:
o Item 1: Weight = 2, Value = 3
o Item 2: Weight = 3, Value = 4
o Item 3: Weight = 4, Value = 5
o Item 4: Weight = 5, Value = 6
 Capacity: 5

Dynamic Programming Approach

1. Create a table dp[i][w] where:

o i: Number of items considered.
o w: Weight capacity.
 o dp[i][w]: Maximum value attainable with ii items and capacity ww.

2. Recurrence Relation:

dp[i][w]= {dp[i−1][w]
max(dp[i−1][w],value[i]+dp[i−1][w−weight[i]])
if w<weight[i]otherwise

3. Table Construction:
o Use the recurrence relation to fill the table.
o The value at dp[n][W] gives the maximum value, where nn is the number of items
and WW is the capacity.

Example Solution

1. Initialization: Start with a 2D array of zeros for 4 items and capacity 5.

2. Fill the table using the recurrence relation:

Items\Weight 0 1 2 3 4 5
0 000000

1 003333

2 003447

3 003457

4 003456

Maximum Value: 7 (by selecting items 1 and 2).

2. Fractional Knapsack Problem

Problem Statement

 Items:
o Item 1: Weight = 10, Value = 60
o Item 2: Weight = 20, Value = 100
o Item 3: Weight = 30, Value = 120
 Capacity: 50

Greedy Approach

1. Calculate value-to-weight ratio for each item:

o Item 1: 60/10=660 / 10 = 6
 o Item 2: 100/20=5100 / 20 = 5
o Item 3: 120/30=4120 / 30 = 4

2. Sort items by ratio in descending order.

3. Pick items until the knapsack is full:
o Take all of Item 1 (Weight = 10, Value = 60).
o Take all of Item 2 (Weight = 20, Value = 100).
o Take 20/30 of Item 3 (Weight = 20, Value = 120×(20/30)=80120 \times (20/30) = 80).

4. Total Value: 60+100+80=24060 + 100 + 80 = 240.

Applications of Knapsack Algorithm

1. Resource allocation under constraints.

2. Load balancing in systems.
3. Portfolio optimization in finance.