S 4 - Cryptography and

Encryption Algorithms

B B Chakrabarti
Professor of Finance
 Cryptography - Definition
• Cryptography is a method of protecting information and
communications through the use of codes so that only
those for whom the information is intended can read and
process it. The pre-fix "crypt" means "hidden" or "vault"
and the suffix "graphy" stands for "writing.“
• In computer science, cryptography refers to secure
information and communication techniques derived from
mathematical concepts and a set of rule-based calculations
called algorithms to transform messages in ways that are
hard to decipher.
• These deterministic algorithms are used for cryptographic
key generation and digital signing and verification to
protect data privacy, web browsing on the internet and
confidential communications such as credit card
transactions and email.
 Cryptography - Definition
• In cryptography, we start with the unencrypted data,
referred to as plaintext. Plaintext is encrypted into
ciphertext, which will in turn be decrypted back into
usable plaintext. The encryption and decryption is
based upon the type of cryptography scheme being
employed and some form of key.
• This process is can be written as:
C = Ek(P)
P = Dk(C)
where P = plaintext, C = ciphertext, E =encryption
method, D = decryption method, and k = key.
 Cryptography - Definition
• Two communicating parties will be referred to as
Alice and Bob; this is the common nomenclature in
the crypto field and literature to make it easier to
identify the communicating parties.
• If there is a third and fourth party to the
communication, they will be referred to as Carol and
Dave, respectively.
• A malicious party is referred to as Mallory, an
eavesdropper as Eve, and a trusted third party as
Trent.
 Cryptography - Functions
• There are five primary functions of cryptography:
• Privacy/confidentiality: Ensuring that no one can read
the message except the intended receiver.
• Authentication: The process of proving one's identity.
• Integrity: Assuring the receiver that the received
message has not been altered in any way from the
original.
• Non-repudiation: A mechanism to prove that the sender
really sent this message.
• Key exchange: The method by which crypto keys are
shared between sender and receiver.
 Cryptographic Algorithms
• The three types of algorithms are:
• Secret Key Cryptography (SKC): Uses a single key for
both encryption and decryption; also
called symmetric encryption. Primarily used for
privacy and confidentiality.
• Public Key Cryptography (PKC): Uses one key for
encryption and another for decryption; also
called asymmetric encryption. Primarily used for
authentication, non-repudiation, and key exchange.
• Hash Functions: Uses a mathematical transformation
to irreversibly "encrypt" information, providing a
digital fingerprint. Primarily used for message
integrity.
Cryptographic Algorithms
 Secret Key Cryptography
• Secret key cryptography methods employ a single key for both
encryption and decryption.
• The sender uses the key to encrypt the plaintext and sends
the ciphertext to the receiver.
• The receiver applies the same key to decrypt the message and
recover the plaintext.
• Because a single key is used for both functions, secret key
cryptography is also called symmetric encryption.
• With this form of cryptography, it is obvious that the key must
be known to both the sender and the receiver; that, in fact, is
the secret. The biggest difficulty with this approach, of course,
is the distribution of the key.
 Public Key Cryptography
• PKC employs two keys that are mathematically related
although knowledge of one key does not allow someone to
easily determine the other key. One key is used to encrypt the
plaintext and the other key is used to decrypt the ciphertext.
• Because a pair of keys are required, this approach is also
called asymmetric cryptography.
• In PKC, one of the keys is designated the public key and may
be advertised as widely as the owner wants. The other key is
designated the private key and is never revealed to another
party. It is straight-forward to send messages under this
scheme.
• Suppose Alice wants to send Bob a message. Alice encrypts
some information using Bob's public key; Bob decrypts the
ciphertext using his private key.
Public Key Cryptography
 PKC – Method RSA
• Some Math:
a) Mod operator
13/5 = 2 remainder 3
13 mod 5 = 3
b) Prime number – A prime is a number that can
only be divided without a reminder by itself and 1.
c) Euler’s Totient – It is the count of no. of elements
in a prime no. If p is a prime no., Totient φ (p) = p-1
 RSA – Key Generation
1) Two large prime nos. p and q are needed.
2) Calculate the modulus, n = p x q
3) Totient of n = φ (n) = (p-1)*(q-1)
4) Public key (expressed as e) – A prime no. is
calculated from the range (3, φ (n)) that has a
gcd of 1 with φ (n)
5) Private key (expressed as d) – It is the
multiplicative inverse of the public key with
respect to mod φ (n)
 RSA – Simple Example
Suppose the plaintext message is 9.
We choose p = 11 and q = 13
Then n = 11*13 = 143
φ (n) = (11-1)*(13-1) = 120
Public key e is a prime no. less than φ (n) and has a gcd (greatest
common divisor) of 1 with φ (n). Let us choose e = 7
Private key, d is a no. such that e*d = 1 (mod (φ (n))). Using Extended
Euclidean Algorithm, we can find d = 103. e*d then = 721 =
1(mod120)
Encrypted message, c is 48 since
me mod n = 97 mod 143 = 48
Decrypted message is m again since
cd mod n = 48103 mod143 = 9 = m
 RSA – Real World Example
1) Plaintext – “Attack at dawn”
2) We convert this message into a numeric format. First the string
is converted to a bit array and then to a large number using
ASCII (American Standard Code for Information Interchange)
characters. The numeric text becomes
1976620216402300889624482718775150.
3) Key generation – We pick two large prime nos. p and q using
Rabin-Miller primality tests. These nos. must be random and not
too close to each other.
4) We generate p =
1213107243921127189732367153161244042847242763370141
0925634549312301964373042085619324197365322416866541
017057361365214171711713797974299334871062829803541
 RSA – Real World Example
5) And q =
1202752425547874888595622079373451212873338780368207543365389
9983955179850988797899869146900809131611153346817050832096022
160146366346391812470987105415233
6) Hence, n = p * q =
1459067680075833232301869393490706352924018723753571643995818
7101987343879900535893836957140267014980212181808629246742282
8157022922076746906543401224889672472407926969987100581290103
1993178587536637108623576565105078837142971156373427889114635
3510271203276516651841172685983798867211183720508552634661874
0053
7) φ (n) = (p-1)*(q-1) =
1459067680075833232301869393490706352924018723753571643995818
7101987343879900535893836957140267014980212181808629246742282
8157022922076746906543401224889648313811232279966317301397777
8523653015478482734788712972220585874571528916064592697181192
6897116355507080264399952954964411681194751651393818429668352
1280
 RSA – Real World Example
8) e – The public key – Let us choose 65537. It has a gcd of 1
with φ (n)
9) d – the private key is the multiplicative inverse of the public
key with respect to mod φ (n). We use extended Euclidean
algorithm to find d.
d=
8948942500927444436822854592177309391966958606588425
7445497854456487674839629818390934941973262879616797
9706089172836798754993315741611138540888132754881105
8824719307758252727843790650401568062342355006724004
2466665654232383502922215493623289472138866445818789
127946123407807725702626644091036502372545139713
 RSA – Real World Example
• Now, Plaintext = Attack at dawn
• Numeric text, m = 1976620216402300889624482718775150
• Encrypted message, c = me mod n =
35052111338673026690212423937053328511880760811579
98162064280234668581062310985023594304908097338624
11137840407947041939782153784997654130836464387847
40952306932534945195080183861574225226218879827232
45391282059688644037753608246568175007441745915148
54074458625110234722355608230534977915189288202722
57787786
• Decrypted message = cd mod n =
1976620216402300889624482718775150
= m = Attack at dawn
 Applications of PKC
• The most obvious application of a public key encryption system is in
encrypting communication to provide confidentiality – a message that a
sender encrypts using the recipient's public key can be decrypted only by
the recipient's paired private key.
• Another application in public key cryptography is the digital signature.
Digital signature schemes can be used for sender authentication.
• Non-repudiation system use digital signatures to ensure that one party
cannot successfully dispute its authorship of a document or
communication.
• Further applications include: digital cash, password-authenticated key
agreement, time-stamping services, non-repudiation protocols, etc.
• Because asymmetric key algorithms are nearly always much more
computationally intensive than symmetric ones, in many cases it is
common to exchange a key using a key-exchange algorithm, then transmit
data using that key and a symmetric key algorithm. PGP, SSH, and
the SSL/TLS family of schemes use this procedure, and are thus
called hybrid cryptosystems.
 PKC - Algorithms

•Diffie–Hellman key exchange protocol

•DSS (Digital Signature Standard),
which incorporates the Digital Signature Algorithm
•ElGamal
•Various elliptic curve techniques
•Various password-authenticated key
agreement techniques
•Paillier cryptosystem
•RSA encryption algorithm
•Cramer–Shoup cryptosystem
•YAK authenticated key agreement protocol
 Hash Functions
• Hash functions, also called message digests and one-way
encryption, are algorithms that, in essence, use no key.
Instead, a fixed-length hash value is computed based
upon the plaintext that makes it impossible for either the
contents or length of the plaintext to be recovered.
• Hash algorithms are typically used to provide a digital
fingerprint of a file's contents, often used to ensure that
the file has not been altered by an intruder or virus.
• Hash functions are also commonly employed by many
operating systems to encrypt passwords. Hash functions,
then, provide a mechanism to ensure the integrity of a
file.
 Hash Function - Example
• Message: Komodo Platform strives to accelerate the global
adoption of blockchain technology and to lead the world in
blockchain integration.
• When put through the SHA-256 hash function, this sentence
creates the following digest:
• AE61266750D019063512516C7EE01968012C81F25A896A38517D
CD5A7E99FE26
• The digest is a combination of letters and numbers and is exactly
64 (1 digit = 4 bits under hexadecimal representation) characters in
length. But, apart from that, there’s really not much else one can
learn from looking at this digest. There are no patterns or clues as
to what the input was. It’s more or less complete nonsense.
• Now, let’s see what happens when we make one subtle change to
the input message:
 Hash Function - Example
• Komodo Platform strives to accelerate the global adoptoin of
blockchain technology and to lead the world in blockchain
integration.
• Notice that the letters “i” and “o” have been switched in the
word “adoption.” Here’s the new digest:
• 437974C159B15BAF222F868493C167125FA32452E9460731C575
15E76B603EB1
• This is a radically different result from the first digest. Even
though the inputs were practically identical, changing a single
character generated a completely different output.
• It’s worth emphasizing that literally any input can be put into the
SHA-256 hash function. Regardless of the length of the input, the
output will always be the same fixed length and it will always
appear completely random.
 Hash Functions - Properties
• The ideal cryptographic hash function has five main
properties:
• It is deterministic, meaning that the same message always
results in the same hash.
• It is quick to compute the hash value for any given message.
• It is practically infeasible to generate a message that yields a
given hash value.
• A small change to a message should change the hash value
so extensively that the new hash value appears uncorrelated
with the old hash value.
• It is infeasible to find two different messages with the same
hash value.
 Hash Functions - Applications
• There are many applications of hashing,
including modern day cryptography hash
functions. Some of these applications are listed
below:
• Message Digest
• Password Verification
• Data Structures(Programming Languages)
• Compiler Operation
• Rabin-Karp Algortithm
• Linking File name and path together
 Hash Functions - Applications
• Message Digest:
Cryptographic hash functions are the functions which produce an output from
which reaching the input is close to impossible. This property of hash functions is
called irreversibility.
• Lets take an Example:
Suppose you have to store your files on any of the cloud services available. You
have to be sure that the files that you store are not tampered by any third party.
You do it by computing “hash” of that file using a Cryptographic hash algorithm,
say SHA 256. The hash thus computed has a maximum size of 32 bytes. So a
computing the
hash of large number of files will not be a problem. You save these hashes on
your local machine.
• Now, when you download the files, you compute the hash again. Then you match
it with the previous hash computed. Therefore, you know whether your files were
tampered or not. If anybody tamper with the file, the hash value of the file will
definitely change. Tampering the file without changing the hash is nearly
impossible.
 Hash Functions - Applications
• Password Verification
Cryptographic hash functions are very commonly used in
password verification. Let’s understand this using
an Example:
• When you use any online website which requires a user login,
you enter your E-mail and password to authenticate that the
account you are trying to use belongs to you.
• When the password is entered, a hash of the password is
computed which is then sent to the server for verification of
the password. The passwords stored on the server are
actually computed hash values of the original passwords.
• This is done to ensure that when the password is sent from
client to server, no sniffing takes place.
 Hash Function Algorithms
• Message Digest Algorithm 5 (MD5) - It creates a 128-bit string value
from an arbitrary length string. Although there has been insecurities
identified with MD5, it is still widely used. MD5 is most commonly used
to verify the integrity of files.
• SHA-2 (Secure Hash Algorithm 2) - Designed by the US National
Security Agency (NSA). It basically consists of two hash algorithms: SHA-
256 and SHA-512. SHA-512 is more secure than SHA-256 and is
commonly faster than SHA-256.
• The output size in bits is given by the extension to the "SHA" name, so
SHA-256 has an output size of 256 bits (32 bytes) SHA-512 produces 512
bits (64 bytes) (1 byte = 8 bits).
• Whirlpool: It operates on messages less than 2256 bits in length and
produces a message digest of 512 bits. The design of this hash function
is very different than that of MD5 and SHA-1, making it immune to the
same attacks as on those hashes.
 Why Three Encryption Techniques?

• Each scheme is optimized for some specific cryptographic application(s).

• Hash functions are well-suited for ensuring data integrity because any
change made to the contents of a message will result in the receiver
calculating a different hash value than the one placed in the transmission by
the sender.
• Secret key cryptography is ideally suited to encrypting messages, thus
providing privacy and confidentiality. The sender can generate a session
key on a per-message basis to encrypt the message; the receiver, of course,
needs the same session key in order to decrypt the message.
• Key exchange, of course, is a key application of public key cryptography.
Asymmetric schemes can also be used for non-repudiation and user
authentication; if the receiver can obtain the session key encrypted with the
sender's private key, then only this sender could have sent the message.
• Public key cryptography could, theoretically, also be used to encrypt
messages. But secret key cryptography values can generally be computed
about 1000 times faster than public key cryptography values.