Symmetric Cryptography

&
Public Key Cryptography
CSE436
BLOCKCHAIN Unit 2
Symmetric
Cryptography
Cryptography
Keyless primitives
Symmetric cryptography
Data Encryption Standard (DES)
Advanced Encryption Standard (AES)
Cryptography
Alice Bob
(Sender) (Receiver)

M M

K E E K

C C
Channel

Adversary

A model of the generic encryption and decryption model

Cryptography
Confidentiality
 Confidentiality is the assurance that information is only available to authorized entities.

Integrity
 Integrity is the assurance that information is modifiable only by authorized entities.

Authentication
Authentication provides assurance about the identity of an entity or the validity of a message.

There are two types of authentication mechanisms

1. Entity Authentication
2. Data Origin Authentication
Cryptography
Non-repudiation

Non-repudiation is the assurance that an entity cannot deny a previous commitment or action by providing incontrovertible
evidence.

Accountability

Accountability is the assurance that actions affecting security can be traced back to the responsible party.
Cryptographic primitives

Keyless primitives Symmetric Key primitives Asymmetric Key primitives

Random Numbers Secret Key Ciphers MACs Digital Signature
Hash Function Block Ciphers Public Key Cipher
Stream Ciphers
What You’ll Learn
Basic cryptographic primitives behind the blockchain technology
◦ Cryptographically Secure Hash Function
◦ Digital Signature

Hash Function: Used to connect the “blocks” in a “chain” in a tamper-proof way

Digital Signature: Digitally sign the data so that no one can “deny” about their own activities. Also, others can
check whether it is authentic.
Cryptographic Hash Functions
Takes any arbitrarily sized string as input
Input M: The message

Fixed size output (We use 256 bits in Blockchain)

Output H(M): We call this as the message digest

Efficiently computable
Cryptographic Hash Function: Properties
Deterministic
Always yield identical hash value for identical input data

Collision-Free
If two messages are different, then their digests also differ

Hiding
Hide the original message; remember about the avalanche effect

Puzzle-friendly
Given X and Y, find out k such that - used to solve the mining puzzle in Bitcoin Proof of Work
Hash as A Message Digest
If we observe , it is safe to assume

We need to remember just the hash value rather than the entire message – we call this as the message digest

To check if two messages and are same, , simply check if

This is efficient because the size of the digest is significantly less than the size of the original messages
Hashing - Illustration
http://www.blockchain-basics.com/HashFunctions.html
Information Hiding through Hash
Given an , it is “computationally difficult” to find

The difficulty depends on the size of the message digests

Hiding helps to commit a value and then check it later

Compute the message digest and store it in a digest store – commit
To check whether a message has been committed, match the message digest at the digest store
Message Commitment through Multiple Parties
Alice Bob Jane

H(M,KA),M,KA H(M,KA),M,KA

Commit Verify Verify

KA is the public key of Alice – A public identity that only Alice can
have
Puzzle Friendly
Say is chosen from a widely spread distribution; it is computationally difficult to compute , such that , where
and are known a priori.

A Search Puzzle (Used in Bitcoin Mining)

 and are given, is the search solution
Note: It might be not exactly a particular value Z, but some properties that Z satisfies, i.e., Z could be a set of possible
values

Puzzle friendly property implies that random searching is the best strategy to solve the above puzzle
 Secure Hash Algorithms

SHA-0: This is a 160-bit function introduced by the U.S. National Institute of Standards and Technology (NIST) in
1993.
SHA-1: SHA-1 was introduced in 1995 by NIST as a replacement for SHA-0.
This is also a 160‑bit hash function.
SHA-1 is used commonly in SSL and TLS implementations.
SHA-1 is now considered insecure, and it is being deprecated by certificate authorities.
SHA-2: This category includes four functions defined by the number of bits of the hash:
SHA‑224, SHA-256, SHA-384, and SHA-512.
SHA-3:
• This is the latest family of SHA functions. SHA3-224, SHA3-256, SHA3-384, and SHA3 ‑512 are members of
this family.
• SHA3 is a NIST-standardized version of Keccak.
• Keccak uses a new approach called sponge construction instead of the commonly used Merkle- Damgard
transformation.

RIPEMD:
• RIPEMD is the acronym for RACE Integrity Primitives Evaluation Message Digest.
• It is based on the design ideas used to build MD4.
• There are multiple versions of RIPEMD, including 128-bit, 160-bit, 256-bit, and 320-bit.

Whirlpool:
• This is based on a modified version of the Rijndael cipher known as W.
• It uses the Miyaguchi-Preneel compression function, which is a type of one-way function used for the
compression of two fixed-length inputs into a single fixed-length output.
• It is a single block length compression function.
Hash Function – SHA256
SHA256 is used in Bitcoin mining – to construct the Bitcoin blockchain

Secure Hash Algorithm (SHA) that generates 256 bit message digest

 A part of SHA-2, a set of cryptographic hash functions designed by United States National Security Agency
(NSA)
SHA256 Algorithm - Preprocessing
Pad the message such that the message size is a multiple of 512
Suppose that the length of the message M is and
Append the bit “1” at the end of the message
Append zero bits, where is the smallest non-negative solution to the equation
Append the 64-bit block which is equal to the number written in binary
The total length gets divisible by 512
Partition the message into 512-bit blocks , ,…,
Every 512 bit block is further divided into 32 bit sub-blocks , ,…,
SHA-256 Algorithm
The message blocks are processed one at a time

Start with a fix initial hash value

Sequentially compute ; is the SHA-256 compression function and + means mod addition. is the hash of .
Pre-processing
1. Padding of the message is used to adjust the length of a block to 512 bits if it is smaller than the required
block size of 512 bits.

2. Parsing the message into message blocks, which ensures that the message and its padding is divided into
equal blocks of 512 bits.

3. Setting up the initial hash value, which consists of the eight 32-bit words obtained by taking the first 32
bits of the fractional parts of the square roots of the first eight prime numbers.
• These initial values are fixed and chosen to initialize the process.
• They provide a level of confidence that no backdoor exists in the algorithm.
Hash computation

4. Each message block is then processed in a sequence, and it requires 64 rounds to compute the full hash
output. Each round uses slightly different constants to ensure that no two rounds are the same.

5. The message schedule is prepared.

6. Eight working variables are initialized.

7. The compression function runs 64 times.

8. The intermediate hash value is calculated.

9. Finally, after repeating steps 5 through 8 until all blocks (chunks of data) in the input message
• As shown in the preceding diagram, SHA-256 is a Merkle Damgard
construction that takes the input message and divides it into equal blocks
(chunks of data) of 512 bits.
• Initial values (or initial hash values) or the initialization vector are composed
of eight 32 bit words (256 bits) that are fed into the compression function
with the first message.
• Subsequent blocks are fed into the compression function until all blocks are
processed and finally, the output hash is produced.
• a, b, c, d, e, f, g, and h are the registers for 8 working variables.
• Maj and Ch functions are applied bitwise. Σ0 and Σ1 perform bitwise rotation.
• The round constants are Wj and Kj, which are added in the main loop (compressor function) of the ha
function,
which runs 64 times.
 Open SSL
https://www.cryptool.org/en/cto/openssl
OpenSSL example of hash functions
Patterns of Hashing Data
Independent hashing
Repeated hashing
Combined hashing
Sequential hashing
Hierarchical hashing
Types of Hashing

Independent hashing

Repeated hashing
Types of Hashing

Combined hashing

Sequential hashing
Types of Hashing

Hierarchical hashing
Hash Pointer

A Cryptographic Hash Pointer (Often called Hash Reference) is a pointer to a location where
Some information is stored
Hash of the information is stored

With the hash pointer, we can

Retrieve the information
Check that the information has not been modified (by computing the message digest and then matching the digest with
the stored hash value)
Hash Pointer H(DATA)

DATA
Hash Pointer
Tamper Detection using Hash Pointer
Making Tampering a Hash Chain
Computationally Challenging
Detect Tampering from Hash Pointers -
Hashchain

H(D(i-1)) H(D(i)) H(D(i+1))

D(i) D(i+1) D(i+2)

Merkle Tree – Organization of Hash Pointers in
a Tree
Root Hash Merkle Root
Hroot=Hash(H0+H1)

L1 Hash L1 Hash
H0= Hash(H00+H01) H1=Hash(H10+H11)

L2 Hash L2 Hash L2 Hash L2 Hash

H01=Hash(T2) H10=Hash(T3) H11=Hash(T4)
H00=Hash(T1)

T1 T2 T3 T4
 Blockchain as a Hashchain
Block Header Block Header Block Header

Previous Previous Previous

Nonce Nonce Nonce
Hash Hash Hash

Merkle Merkle Merkle

Block Hash Block Hash Block Hash
Root Root Root
 In encryption schemes, there are also some random numbers that play a vital role in the operation of the
encryption process.

nonce:
• This is a number that can be used only once in a cryptographic protocol.
• It must not be reused.
• Nonces can be generated from a large pool of random numbers or they can also be sequential.
• The most common use of nonces is to prevent replay attacks in cryptographic protocols.

initial value or initialization vector (IV)

• random number, which is basically a nonce, but it must be chosen in an unpredictable manner.
• This means that it cannot be sequential.
• IVs are used extensively in encryption algorithms to provide increased security.

salt:
• Salt is a cryptographically strong random value that is typically used in hash functions to provide defense
against
dictionary or rainbow attacks.
• Using dictionary attacks, hashing-based password schemes can be broken by trying hashes of millions of
words from a dictionary in a brute-force manner and matching it with the hashed password.
• If a salt is used, then a dictionary attack becomes difficult to run because a random salt makes each password
unique, and secondly, the attacker will then have to run a separate dictionary attack for random salts, which
is quite unfeasible.
 Message authentication codes (MACs)

• called keyed hash functions,

• provide message integrity and authentication.
• provide data origin authentication.
• uses a shared key between the sender and the receiver.
• constructed using block ciphers or hash functions.

Hash-based MACs (HMACs)

• Hash-based MACs (HMACs) produce a fixed-length output and take an arbitrarily long message as the input.
• Sender signs a message using the MAC and the receiver verifies it using the shared key.
• The key is hashed with the message using either of the two methods known as secret prefix or secret suffix.
• With the secret prefix method, the key is concatenated with the message; that is, the key comes first and the
message comes afterward,
• With the secret suffix method, the key comes after the message, as shown in the following equations:
 There are two types of symmetric ciphers:

Stream ciphers and Block ciphers

• Block ciphers

Data Encryption Standard (DES) and Advanced Encryption Standard (AES),

• Stream ciphers

RC4 and A5
Stream ciphers
Stream ciphers are encryption algorithms that apply encryption algorithms on a bit-by-bit basis (one bit at a
time) to plaintext using a keystream.
 Block ciphers
• break up the text to be encrypted (plaintext) into blocks of a fixed length and apply the encryption block by
block.
• built using a design strategy known as a Feistel cipher
• block ciphers such as AES (Rijndael) have been built using a combination of substitution and permutation
called a
• Substitution-Permutation Network (SPN).
• Feistel networks operate by dividing data into two blocks (left and right) and processing these blocks via
keyed
• round functions in iterations to provide sufficient pseudorandom permutations.
• achieve desirable cryptographic properties known as confusion and diffusion.
• Confusion
• Diffusion
Various modes of operation for block ciphers are :

Electronic Code Book (ECB),

Cipher Block Chaining (CBC),
Output Feedback (OFB)
Counter (CTR)
Electronic codebook

most straightforward mode, but it should not be used in practice as it is insecure and can reveal information:
Cipher block chaining
IV be randomly chosen
 Counter mode

• works by utilizing a nonce (N) and a counter (C) that feed into the block cipher
encryption function.
• The block cipher encryption function takes the secret key (KEY) as input and
produces a keystream (a stream of pseudorandom or random characters), which,
when XORed with the plaintext (P), produces the ciphertext (C).
 Message authentication mode
• cryptographic checksum that provides an integrity
• method to generate a MAC using block ciphers is CBC-MAC
• block ciphers are used in the cipher block chaining mode (CBC mode)
to generate a MAC
• used to check if a message has been modified by an unauthorized
entity
• can be achieved by encrypting the message with a key using the
• resulting message and the MAC of the message, once received by the receiver, are
MAC functionchecked by encrypting the message received, again with the key, and comparing
it with the MAC received from the sender.
• If they both match, then it means that the message has not been modified by some
unauthorized entity, thus an integrity service is provided.
• If they don't match, then it means that the message has been altered by some
unauthorized entity during transmission.
Cryptographic hash mode

• Hash functions are primarily used to compress a message to a fixed-length digest.

• In cryptographic hash mode, block ciphers are used as a compression function to

produce a hash of plaintext.
Data Encryption Standard (DES)

• DES uses a key of only 56 bits, which raised some concerns.

• This problem was addressed with the introduction of Triple DES (3DES),
which proposed the use of a 168-bit key by means of three 56-bit keys and the
same number of executions of the DES algorithm, thus making bruteforce
attacks almost impossible.

• However, other limitations, such as slow performance and 64- bit block size,
were not desirable.
 Advanced Encryption Standard (AES)

How AES works

• 4 × 4 array of bytes known as the state is modified using multiple rounds.

• Full encryption requires 10 to 14 rounds, depending on the size of the key.

1. AddRoundKey: In this step, the state array is XORed with a subkey, which is derived from the
master key.

2. SubBytes: This is the substitution step where a lookup table (S-box) is used to replace all bytes of the
state array.

3. ShiftRows: This step is used to shift each row to the left, except for the first one, in the state array in a
cyclic and incremental manner.

4. MixColumns: Finally, all bytes are mixed in a linear fashion (linear transformation), column-wise.
https://www.google.com/search?q=aes+animation&rlz=1C1JZAP_enIN872IN872&source=lnms&tbm=vid&sa
=X&ved=2ahUKEwidw9KHsun8AhXkR2wGHWZ0CVUQ_AUoAXoECAEQAw&biw=1280&bih=569&dpr=
1.5#fpstate=ive&vld=cid:a2b15287,vid:gP4PqVGudtg

HOW AES WORKS : ANIMATION

An OpenSSL example of how to encrypt and decrypt using AES

STEP1. First, we create a plain text file to be encrypted

STEP2: run the OpenSSL tool with appropriate parameters to encrypt

the file consensus.txt using 256-bit AES in CBC mode
it will produce a smartcon.bin file containing the encrypted data from the
consensusalgo.txt file. We can view this file, which shows encrypted contents of
the consensusalgo.txt file:
• Note that smartcon.bin is a binary file.
• Sometimes, it is desirable to encode this binary file in a text format for compatibility/interoperability
reasons.
• A common text encoding format is base64. The following commands can be used to create a base64-
encoded message:

STEP3: In order to decrypt an AES-encrypted file, the following commands can be

used.
In order to decode from base64, the following commands are used.
Follow the smartcon.b64 file from the previous example: