This presentation deals with the basic concepts of cryptography, its algorithms and examples. Special attention is devoted to Advanced Encryption Standard and its practical implementation in a .NET project. This presentation by Volodymyr Korobeynyk (C# Software Engineer) was delivered at GlobalLogic Kharkiv .NET Conference on July 5, 2016.

1. What? Why? Where? How?
By Volodymyr Korobeynyk
Cryptography

2. Kryptos
What is this? Where this is located?

3. Kryptos is a sculpture by the American artist Jim Sanborn that is located on the
grounds of the Central Intelligence Agency (CIA) in Langley, Virginia.

4. BETWEEN SUBTLE SHADING AND THE ABSENCE OF LIGHT LIES THE
NUANCE OF IQLUSION
IT WAS TOTALLY INVISIBLE HOWS THAT POSSIBLE ? THEY USED THE
EARTHS MAGNETIC FIELD X THE INFORMATION WAS GATHERED AND
TRANSMITTED UNDERGRUUND TO AN UNKNOWN LOCATION X DOES
LANGLEY KNOW ABOUT THIS ? THEY SHOULD ITS BURIED OUT THERE
SOMEWHERE X WHO KNOWS THE EXACT LOCATION ? ONLY WW THIS
WAS HIS LAST MESSAGE X THIRTY EIGHT DEGREES FIFTY SEVEN
MINUTES SIX POINT FIVE SECONDS NORTH SEVENTY SEVEN DEGREES
EIGHT MINUTES FORTY FOUR SECONDS WEST X LAYER TWO
SLOWLY DESPARATLY SLOWLY THE REMAINS OF PASSAGE DEBRIS THAT
ENCUMBERED THE LOWER PART OF THE DOORWAY WAS REMOVED
WITH TREMBLING HANDS I MADE A TINY BREACH IN THE UPPER LEFT
HAND CORNER AND THEN WIDENING THE HOLE A LITTLE I INSERTED THE
CANDLE AND PEERED IN THE HOT AIR ESCAPING FROM THE CHAMBER
CAUSED THE FLAME TO FLICKER BUT PRESENTLY DETAILS OF THE
ROOM WITHIN EMERGED FROM THE MIST X CAN YOU SEE ANYTHING Q ?
Part 4 has so far not been publicly solved.

5. Cryptography basic terms
Encrypt: Scrambling data to make it unrecognizable
Decrypt: Unscrambling data to its original format
Cipher: Another word for algorithm
Key: A complex sequence of alpha-numeric characters, that allows you to
scramble and unscramble data
Plaintext: Decrypted or unencrypted data (it doesn’t have to be text only)
Ciphertext: Data that has been encrypted

6. Concealment ciphers
Used to hide a message in plain sight.
Worthie Sir John: Hope, that is the best comfort of the afflicated, cannot
much, I fear me, help you now. That I would saye to you, is this only: if
ever I may be able to requite that I do owe you, stand not upon asking
me: Tis not much I can do: but what I can do, bee you verie sure I wille.
I knowe that, if deathe comes, if ordinary men fear it, it frights not you,
accounting is for a high hounour, to have such a rewarde of your loyalty.
Pray yet that you may be spare this soe bitter, cup, I fear not that you
will grudge any suffereings; onlie if bie submission you can turn them
away, tis the part of a wise man. Tell me, as If you can, I do for you
anythinge that you can wolde have done. The general goes back on
Wednesday.
Restinge your servant to command. R.J.
The third letter after every punctuation
mark:
panel at east end of chapel slides

7. Substitution ciphers
The transformation can be represented by aligning two alphabets; the
cipher alphabet is the plain alphabet rotated left or right by some
number of positions. For instance, here is a Caesar cipher using a left
rotation of three places, equivalent to a right shift of 23 (the shift
parameter is used as the key).
Caesar cipher

8. Transposition ciphers
Spartan scytale

9. Book cipher
Terms like code and cipher are often used to refer to any form of
encryption. However, there is an important distinction between codes and
ciphers in technical work; it is, essentially, the scope of the transformation
involved. Codes operate at the level of meaning; that is, words or phrases
are converted into something else. Ciphers work at the level of individual
letters, or small groups of letters, or even, in modern ciphers, with
individual bits.
Traditionally book ciphers work by replacing words in the plaintext of a
message with the location of words from the book being used. In this
mode, book ciphers are more properly called codes.

10. Vigenère cipher
The Vigenère cipher is a method of encrypting alphabetic text by using a
series of different Caesar ciphers based on the letters of a keyword. It is a
simple form of polyalphabetic substitution
Plaintext: ATTACKATDAWN
Key: LEMONLEMONLE
Ciphertext:
LXFOPVEFRNHR
The idea behind the Vigenère
cipher, like all polyalphabetic
ciphers, is to disguise plaintext
letter frequencies

11. Enigma machine
The Enigma machine looked
roughly like a typewriter except that
it had a number of different rotors,
sort of like the odometer on your
car. These rotors were placed next
to one another on a shaft and then
spun to set the shift in letters for
substitution.

12. XOR operation
Majority of modern algorithms use the XOR operation during the
encryption process.
Exclusive disjunction essentially means 'either one, but not both'. In
other words, one is true if and only if the other is not true.
Plaintext = baby = 01100010 01100001 01100010 01111001
XOR key = data = 01100100 01100001 01110100 01100001
Ciphertext = ???? = 00000110 00000000 00010110 00011000

13. Cryptographic hash function
A cryptographic hash function is a mathematical algorithm that maps
data of arbitrary size to a bit string of a fixed size (a hash function)
which is designed to also be one-way function, that is, a function which
is infeasible to invert. The input data is often called the message, and
the output (the hash value or hash) is often called the message digest
or simply the digest. Example: SHA-1 (Secure Hash Algorithm 1)

14. Base64
Base64 is a group of similar binary-to-text encoding schemes that represent
binary data in an ASCII string format by translating it into a radix-64
representation. The term Base64 originates from a specific MIME content
transfer encoding.
TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZWFzb24sIGJ1dC
BieSB0aGlz
IHNpbmd1bGFyIHBhc3Npb24gZnJvbSBvdGhlciBhbmltYWxzLCB3aGljaCBpcyBhIGx1c
3Qgb2Yg
dGhlIG1pbmQsIHRoYXQgYnkgYSBwZXJzZXZlcmFuY2Ugb2YgZGVsaWdodCBpbiB0a
GUgY29udGlu
dWVkIGFuZCBpbmRlZmF0aWdhYmxlIGdlbmVyYXRpb24gb2Yga25vd2xlZGdlLCBleG
NlZWRzIHRo
ZSBzaG9ydCB2ZWhlbWVuY2Ugb2YgYW55IGNhcm5hbCBwbGVhc3VyZS4=

15. Algorithms
Symmetric key algorithms all use one key to encrypt data and the same
key to decrypt it. That’s why they are called symmetric.
Example: 3DES (Triple Data Encryption Algorithm ), AES (Advanced
Encryption Standard, Rijndael)
Asymmetric keys making two separate keys that are mathematically
connected. You use a “private” key that you never reveal to anyone to
decrypt the data you’ve received and the recipient uses their
corresponding “public” key that everyone can have to encrypt the data.
Example: RSA (Ron Rivest, Adi Shamir, and Leonard Adleman)

16. Advanced Encryption Standard
AES is based on a design principle known as a substitution-
permutation network, combination of both substitution and
permutation.
AES is a variant of Rijndael which has a fixed block size of 128
bits, and a key size of 128, 192, or 256 bits.
The key size used for an AES cipher specifies the number of
repetitions of transformation rounds that convert the input, called the
plaintext, into the final output, called the ciphertext. The number of
cycles of repetition are as follows:
10 cycles of repetition for 128-bit keys.
12 cycles of repetition for 192-bit keys.
14 cycles of repetition for 256-bit keys.

17. Advanced Encryption Standard
1.KeyExpansions—round keys are derived from the cipher key using Rijndael's key
schedule. AES requires a separate 128-bit round key block for each round plus one
more.
2.InitialRound
2.1.AddRoundKey—each byte of the state is combined with a block of the round key
using bitwise XOR.
3.Rounds
3.1.SubBytes—a non-linear substitution step where each byte is replaced with another
according to a lookup table.
3.2.ShiftRows—a transposition step where the last three rows of the state are shifted
cyclically a certain number of steps.
3.3.MixColumns—a mixing operation which operates on the columns of the state,
combining the four bytes in each column.
3.4.AddRoundKey
4.Final Round (no MixColumns)
4.1.SubBytes
4.2.ShiftRows
4.3.AddRoundKey.

18. .NET cryptographic primitives
The System.Security.Cryptography namespace provides cryptographic
services, including secure encoding and decoding of data, as well as
many other operations, such as hashing, random number generation, and
message authentication.

19. private const int _saltSize = 32;
In cryptography, a salt is random data that is used as an additional input to
a one-way function that "hashes" a password or passphrase. The primary
function of salts is to defend against dictionary attacks versus a list of
password hashes and against pre-computed rainbow table attacks.
A new salt is randomly generated for each password. In a typical setting,
the salt and the password are concatenated and processed with a
cryptographic hash function, and the resulting output (but not the original
password) is stored with the salt. Hashing allows for later authentication
while protecting the plaintext password in the event that the authentication
data store is compromised.
Initialization vector
An IV or initialization vector is, in its broadest sense, just the initial value
used to start some iterated process.

20. public static string EncryptPllainTextToCiphertextAES(string plainText, string securityKey)
{
using (var keyDerivationFunction = new Rfc2898DeriveBytes(securityKey, _saltSize))
{
byte[] saltBytes = keyDerivationFunction.Salt;
byte[] keyBytes = keyDerivationFunction.GetBytes(32);
byte[] ivBytes = keyDerivationFunction.GetBytes(16);
using (var aesManaged = new AesManaged())
{
aesManaged.KeySize = 256;
using (var encryptor = aesManaged.CreateEncryptor(keyBytes, ivBytes))
{
MemoryStream memoryStream = null;
CryptoStream cryptoStream = null;
return WriteMemoryStream(plainText, ref saltBytes, encryptor, ref memoryStream,
ref cryptoStream);
}
}
}
}

21. private static string WriteMemoryStream(string plainText, ref byte[] saltBytes, ICryptoTransform encryptor, ref
MemoryStream memoryStream, ref CryptoStream cryptoStream)
{
try
{
memoryStream = new MemoryStream();
try
{
cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write);
using (var streamWriter = new StreamWriter(cryptoStream))
{
streamWriter.Write(plainText);
}
}
finally
{
if (cryptoStream != null)
{
cryptoStream.Dispose();
}
}
var cipherTextBytes = memoryStream.ToArray();
Array.Resize(ref saltBytes, saltBytes.Length + cipherTextBytes.Length);
Array.Copy(cipherTextBytes, 0, saltBytes, _saltSize, cipherTextBytes.Length);
return Convert.ToBase64String(saltBytes);
}
finally
{
if (memoryStream != null)
{
memoryStream.Dispose();
}
}
}

22. public static string DecryptCipherTextToPlainTextAES(string ciphertext, string securityKey)
{
var allTheBytes = Convert.FromBase64String(ciphertext);
var saltBytes = allTheBytes.Take(_saltSize).ToArray();
var ciphertextBytes = allTheBytes.Skip(_saltSize).Take(allTheBytes.Length
_saltSize).ToArray();
using (var keyDerivationFunction = new Rfc2898DeriveBytes(securityKey, saltBytes))
{
var keyBytes = keyDerivationFunction.GetBytes(32);
var ivBytes = keyDerivationFunction.GetBytes(16);
return DecryptWithAES(ciphertextBytes, keyBytes, ivBytes);
}
}

23. private static string DecryptWithAES(byte[] ciphertextBytes, byte[] keyBytes, byte[] ivBytes)
{
using (var aesManaged = new AesManaged())
{
using (var decryptor = aesManaged.CreateDecryptor(keyBytes, ivBytes))
{
MemoryStream memoryStream = null;
CryptoStream cryptoStream = null;
StreamReader streamReader = null;
try
{
memoryStream = new MemoryStream(ciphertextBytes);
cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
streamReader = new StreamReader(cryptoStream);
return streamReader.ReadToEnd();
}
finally
{
if (memoryStream != null)
{
memoryStream.Dispose();
memoryStream = null;
}
}
}
}
}

24. Solving Kryptos

25. Thank you!
Q&A