This document provides an introduction to cryptography concepts including symmetric and asymmetric cryptography, block ciphers, stream ciphers, hash functions, digital signatures, and digital envelopes. It defines common terms and describes popular algorithms for each concept. Symmetric cryptography uses a shared key for encryption and decryption while asymmetric cryptography uses public/private key pairs. Block and stream ciphers are the main types of symmetric algorithms. Hash functions and digital signatures provide integrity and authentication. Digital envelopes allow confidential messages with signatures.

1. Cryptography 101
By Aman Hardikar

2. Contents / Topics
INTRODUCTION
SYMMETRIC CRYPTOGRAPHY
Block Ciphers
 Introduction
 Terms
 Modes
Stream Ciphers
 Introduction
 Types
ASYMMETRIC CRYPTOGRAPHY
Introduction
Terms
Ciphers
HASH FUNCTIONS
Introduction
Merkle Damgard Technique
MAC
DIGITAL SIGNATURE
DIGITAL ENVELOPE
Skill Level:
Beginner - Intermediate

4. Introduction
Cryptography
Securing information in a form only readable by end parties
Cryptography Primitives (building blocks of cryptographic protocols)
Encryption
• Involves the conversion of plain text to cipher text
Decryption
• Involves the conversion of cipher text to plain text
Signature Generation
• Involves producing a special string that can be tied to a user
Signature Verification
• Involves verifying who the user is from the message
Key Negotiation and Exchange
• Involves negotiation and exchange of keys between the various parties involved
Steganography
Hiding information in other files
Ex: pictures, audio, video, executable files

5. Types
Symmetric Cryptography
One key for both encryption and decryption
Asymmetric Cryptography (Public Key Cryptography)
Two keys : One for encryption, other for decryption

6. Symmetric Cryptography
Advantages
Small Key Size
• Size ∞ Computational Power
Disadvantages
Key Management and transfer/sharing
• Number of keys required = n(n-1)/2, where n is the number of
parties involved.
• If there are 5 parties, then number of keys = 10
• If there are 10 parties, then number of keys = 45
• If there are 100 parties, then number of keys = 4950
Provides
Confidentiality, Integrity, Origin Authentication
[based on the Mode used]

7. Symmetric Crypto - Types
Block Ciphers
Divides the text into blocks and acts on each of them
Stream Ciphers
Acts on each bit of the text

8. Block Cipher Terms
Key Size
Effective Key Size
Block Size
Initialization Vector (IV)
Work Factor

9. Block Cipher Examples
Lucifer (64 bits), DES/DEA (56 bits), DESX (184 bits)
3DES / TDES / TripleDES (168 bits)
 EEE, EDE, ….
AES/Rijndael (Variable Size)
IDEA
Serpent, Blowfish, RC6

10. Block Cipher Modes
ECB (Electronic Code Book)
CBC (Cipher Block Chaining)
 CBC$
 CBCC
PCBC (Propagating CBC)
CFB (Cipher FeedBack)
OFB (Output FeedBack)
CTR (CounTeR)
 CTR$
 CTRC
Above modes provide confidentiality only.

11. Block Cipher Modes (2)
CMAC (Cipher based MAC)
Integrity + Authentication
CCM (Counter with CBC-MAC)
Integrity + Authentication
GCM (Galois/Counter Mode)
Integrity + Authentication
Above modes also provide other security services in addition to confidentiality.

12. Block Cipher Modes (3)
Properties:
 Provide Confidentiality
 Fast Data Storage and Retrieval
 Efficient Use of Disk Space
CBC (Cipher Block Chaining)
LRW (Liskov, Rivest and Wagner)
XEX (Xor Encrypt Xor)
XTS (XEX-based Tweaked Codebook Mode)
CMC (CBC Mask CBC)
EME (ECB Mask ECB)
Above modes primarily used in Full Disk Encryption.

13. Stream Ciphers
Uses key streams
Acts on bits of text
Most Hardware Implementations use these
Less complex than block ciphers
NOTE: Block Ciphers can also be used as Stream Ciphers.

14. Stream Cipher Types
Synchronous
These generate random sequence of bits independent of the plain text
and cipher text.
Ex: RC4, HC-128
Asynchronous
These generate key streams based on a set of former cipher text bits.
Ex: CTAK, CFB Mode Block Ciphers

15. Asymmetric Cryptography
Advantages
Key Management
Disadvantages
Large Key Size
• Size ∞ Computational Power
Provides
Confidentiality, Integrity, Authentication, Non-Repudiation

16. Asymmetric Crypto Terms
Trapdoor Functions
 Mathematical functions that are easy to apply in one direction,
but extremely difficult in the reverse.

17. Asymmetric Ciphers
DH (DHM)
Based on discrete logarithms
No Authentication
• Digital Signature Required
RSA
Based on factorisation of large numbers
Example Key Sizes: 512bits, 1024bits, 2048bits
Other Ciphers/Algorithms
El Gamal – Based on DH
Cramer-Shoup – Based on El Gamal
Knapsack

18. Elliptical Curve Cryptography
Mathematical equations that use Elliptical Curves
Advantages:
 Small Key Size (Size ∞ Computational Power)
 256 bit ECC key ≈ 3072 bit RSA/DH key; 384 bit ECC key ≈ 7680 bit RSA/DH key
Algorithms
 Digital Signatures
 ECDSA: Elliptic Curve Digital Signature Algorithm
 ECPVS: Elliptic Curve Pintsov Vanstone Signatures
 ECNR: Elliptic Curve Nyberg Rueppel
 Key Agreement
 ECMQV: Elliptic Curve Menezes-Qu-Vanstone
 ECDH: Elliptic Curve Diffie-Hellman
 Encryption
 ECIES: Elliptic Curve Integrated Encryption Standard

19. Hash Functions
Provides condensed representation of a given text or message
(Message Digest)
Provides
Integrity, Origin Authentication
Collision
Situation when two different texts have the same hash
Examples
MD5 – 128bits – Insecure – Collisions Possible
SHA1 – 160 bits –
263 Hash Operations for identifying a collision instead of 280 operations
RIPEMD-160 – 160 bits – Secure (no collisions identified yet)
SHA256 – 256 bits – Secure

20. Merkle Damgard Technique
A method to build collision resistant hash functions
Used by common hash functions like MD5, SHA1 and SHA256

21. Block Ciphers - MAC
Block Ciphers can also be used as hash functions
MDC-2 – 128 bits
Whirlpool – 512 bits
Used in Message Authentication Code (MAC)
Adds a secret key to message during input
• Provides Origin Authentication
Provides Integrity
Popular Implementation: CBC-MAC

22. Hash Functions - MAC
Hash Algorithms can also be used to produce MAC
Two Types
MDx-MAC Scheme
 Uses modified hash functions
 SHA1, RIPEMD-160 can be used
HMAC
 Unmodified hash functions
 Secret key added to message
 Used in IPSec, NAS, Mobiles
 Ref: RFC2104, FIPS PUB 180, ISO 9797-2

23. Digital Signatures
Equivalent to physical signature
Provides
Integrity, Origin Authentication and Non-Repudiation

24. Digital Signatures (2)
Software Components
 Cryptographic Hash Function
 Key Generation Algorithm
 Signing Algorithm
 Verification Algorithm
Implemented using
Public Cryptosystems: ECC, DSA, RSA, El Gamal
DSA – Digital Signature Algorithm
Used in Digital Signature Standard
Ref: FIPS PUB 186, ISO 9696 and ISO 14888

25. Digital Envelope
Provides
Confidentiality in addition to Integrity, Origin Authentication and Non-
Repudiation
Two possible ways:
 Encrypt the message and the digital signature with the recipient's public key
 Encrypt the message with a secret key, then encrypt the secret key and the
digital signature with recipient’s public key

26. Further Presentations ….
PKI 101 PKI 201 Crypto Attacks 101
Basics of PKI
infrastructure
and
Key
Management.
Advanced PKI stuff,
which includes
various PKI
models, CRL types
and auditing PKI
infrastructure.
Discussion on
various attacks.