SlideShare a Scribd company logo
1
Cryptography and
Network Security
CryptographyCryptography
 The word cryptography comes from the two Greek words:
Krypto (secret) and graphein (write). So cryptography means
secret writing .
 The art and science of keeping messages secure is called
cryptography and it is practiced by cryptographers
 It is the practice and study of techniques for secure
communication in the presence of third parties. Cryptography
deals with creating documents that can be shared secretly over
public communication channels.
 Modern cryptography exists at the intersection of the disciplines
of mathematics, computer science, and electrical engineering.
Applications of cryptography include ATM cards, computer
passwords, and electronic commerce.
4
HistoryHistory
• 50 B.C. Julius Caesar uses cryptographic
technique
• 400 A.D. Kama Sutra in India mentions
cryptographic techniques
• 1250 British monk Roger Bacon
describes simple ciphers
• 1466 Leon Alberti develops a cipher
disk
• 1861 Union forces use a cipher during
Civil War
5
HistoryHistory
• 1914 World War I – British, French, and
German forces use encryption
technology
• 1917 William Friedman, Father of U.S.
encryption efforts starts a school
for teaching cryptanalysis in
Illinois
• 1917 AT&T employee Gilbert Vernam
invents polyalphabetic cipher
• 1919 Germans develop the Engima machine
for encryption
6
HistoryHistory
• 1937 Japanese design the Purple
machine for encryption
• 1942 Navajo windtalkers help with secure
communication during World War II
• 1948 Claude Shannon develops statistical
methods for encryption/decryption
• 1976 IBM develops DES
• 1976 Diffie – Hellman develop public key /
private key cryptography
• 1977 Rivest – Shamir – Adleman develop the
RSA algorithm for public key / private key
PlaintextPlaintext
 Plaintext is a text , in natural readable form. It is the message
or data before it gets encrypted. In simple words it is the
original message.
 It is sometimes called clear text . Plaintext is denoted by M
(message) or P (plaintext).
 It can be a stream of bits , a text file , a bitmap, a stream of
digitized voice etc.
Cipher textCipher text
 An encrypted message is called cipher text . It is denoted by C
(cipher text).
 Sometime it has the same size as the plaintext, sometimes
larger than the plaintext.
 It is the results obtained from the plaintext by applying the
encryption algorithm on the plaintext.
 Cipher text is unreadable by anyone except the intended
recipients.
EncryptionEncryption
 The process of disguising a message in such a way to hide its
substance is called encryption.
 It is the process of scrambling a message using a specialized
cryptographic algorithm to make it unreadable by anyone
except the intended recipients.
 The encryption function E, operates on M to produce C. In
mathematical notation E(M)=C
How Encryption Works?How Encryption Works?
Hi buddy! D@#%^!245EncryptionEncryption
Plaintext
Apply Encryption
Algorithm Cipher text
DecryptionDecryption
 The process of converting cipher text back to the original
plaintext.
 In the reverse process, the decryption function D operates
on C to produce M: D(C) = M
 Since the whole point of encrypting and then decrypting a
message is to recover the original plaintext, the following
identity must hold true: D(E(M)) = M
How Decryption Works?How Decryption Works?
Hi buddy!D@#%^!245 DecryptionDecryption
Cipher text
Apply Decryption
Algorithm
Plaintext
Cryptography as a SystemCryptography as a System
CryptanalysisCryptanalysis
 The art and science of breaking cipher text is called
cryptanalysis.
 Cryptanalysis is seeing through the disguise and it is practiced
by cryptanalysts.
 Cryptanalysis deals with finding the encryption key for
breaking cryptographic algorithms without the knowledge of
the encryption
 Cryptanalyst: a person who breaks cryptographic codes . Also
referred to as “the attacker” or the “intruder”.
CryptologyCryptology
 Cryptography and cryptanalysis is collectively known as
Cryptology.
 The branch of mathematics encompasses both cryptography
and cryptanalysis is called cryptology and its practitioners are
called cryptologists.
 Modern cryptologists are generally trained in theoretical
mathematics—they have to be.
Confidentiality IssuesConfidentiality Issues
 It should be possible for the receiver of a message to ascertain
its origin. An intruder should not be able to masquerade as
someone else.
 It should be possible for the receiver of a message to verify
that it has not been modified in transit. An intruder should not
be able to substitute a false message for a legitimate one.
 A sender should not be able to falsely deny later that he sent a
message.
Confidentiality or CharacteristicsConfidentiality or Characteristics
Three confidentiality or characteristics of cryptography
• Authentication: It should be possible for the receiver of a
message to ascertain its origin. An intruder should not be
able to masquerade as someone else.
• Integrity: It should be possible for the receiver of a message
to verify that it has not been modified in transit. An intruder
should not be able to substitute a false message for a
legitimate one.
• Nonrepudiation: A sender should not be able to falsely
deny later that he sent a message.
AuthenticationAuthentication
 Authentication: Authentication means the act of proving who
you say you are. Authentication means that you know who
created and sent the message. Digital signature is used to
authenticate the source of messages. It ensures the sender of
the message.
 Authentication is of ensuring that whoever supplies or accesses
the message is an authorized party.
 Two solutions to ensure authentication are:
– Passwords
– Digital signatures
IntegrityIntegrity
 Integrity: Integrity means the message delivered to the receiver
intact, without being changed or altered anything. Integrity is the
assurance that the information is trustworthy and accurate.
Digital signature ensures the integrity of message.
 This involves ensuring that when a message is sent over a
network, the data that arrives is the same as the data that was
originally sent. It is important that the data has not been
modified or replaced .
 Technical solutions include:
– Encryption
– Hashing algorithms
Non-repudiationNon-repudiation
 Non-repudiation: this is an important criteria of digital
signature. As digital signature ensures the authentication of
the message, so the receiver can’t repudiate it later. At the
same time it also ensures the identity of the receiver, so the
receiver can’t repudiate it later.
 Ensuring that the intended recipient actually got the
message.
 Ensuring that the alleged sender actually sent the message.
Cryptographic AlgorithmCryptographic Algorithm
 A cryptographic algorithm, also called a cipher, is the
mathematical function used for encryption and decryption.
 Generally, there are two related functions: one for
encryption and the other for decryption.
 If the security of an algorithm is based on keeping the way
that algorithm works a secret, it is a restricted algorithm.
 Restricted algorithms have historical interest, but are
woefully inadequate by today’s standards.
Types of CryptographicTypes of Cryptographic
AlgorithmAlgorithm
 There are several ways of classifying cryptographic algorithms.
One efficient way is to categorize based on the number of keys
that are employed for encryption and decryption. Based on the
above consideration cryptographic algorithms can be classified in
three types:
1. Symmetric Algorithm: it is also called Secret Key Cryptography
(SKC). Uses a single key for both encryption and decryption
2. Asymmetric algorithm: it is also called Public Key Cryptography
(PKC). Uses one key for encryption and another for decryption
3. Hash Functions: Uses a mathematical transformation to
irreversibly "encrypt" information
Secret Key CryptographySecret Key Cryptography
 In secret key cryptography, a single or same key is used for both
encryption and decryption. In some SKC, the encryption key is
calculated from the decryption key and vice versa.
 The sender uses the key (or some set of rules) to encrypt the
plaintext and sends the ciphertext to the receiver. The receiver
applies the same key (or ruleset) to decrypt the message and
recover the plaintext.
 Because a single key is used for both functions, secret key
cryptography is also called symmetric encryption.
 With this form of cryptography, it is obvious that the key must be
known to both the sender and the receiver. And the key must be
kept secret. The major difficulties with this technique is to
distribute the key and keep the key secret.
Secret Key CryptographySecret Key Cryptography
 These algorithms, also called single key algorithms, or one-key
algorithms. This algorithm requires the sender and receiver to
agree on a unique key before they can communicate securely.
 The security of a symmetric algorithm rests in the key; divulging
the key means that anyone could encrypt and decrypt messages.
A wide variety of symmetric key algorithms are currently in use:
– Data Encryption Standard (DES) ,
– Triple DES (3DES),
– Advanced Encryption Standard (AES) ,
– Blowfish
– CAST
– International Data Encryption Algorithm (IDEA) ,
– Rivest Cipher (RC2, RC3, RC4, RC5, RC6)
Secret Key CryptographySecret Key Cryptography
 Symmetric algorithms can be divided into two categories:
Stream cipher and block cipher.
 Steam cipher: it operates on the plaintext a single bits(or
sometimes byte) at a time; these are called stream algorithms
or stream ciphers
 Block cipher: it operates on the plaintext in groups of bits. The
groups of bits are called blocks, and the algorithms are called
block algorithms or block ciphers. For modern computer
algorithms, a typical block size is 64 bits—large enough to
preclude analysis and small enough to be workable. Example:
DES, AES, Blowfish, IDEA
Secret Key CryptographySecret Key Cryptography
Public Key CryptographyPublic Key Cryptography
 The concept Asymmetric Encryption (also known as Public Key
Encryption) was devised in 1975 by Whitfield Diffie and Martin
Hellman and is based on the concept of using a pair of keys, one for
encryption and one for decryption. The encryption key is often called
the public key, and the decryption key is often called the private key.
 It is designed so that the key used for encryption is different from the
key used for decryption. Furthermore, the decryption key cannot be
calculated from the encryption key.
 It is called "public-key cryptography" because the encryption key can
be made public. A complete stranger can use the encryption key to
encrypt a message, but only a specific person with the corresponding
decryption key can decrypt the message.
 Sometimes, messages is encrypted with the private key and
decrypted with the public key; such as digital signature.
Public Key CryptographyPublic Key Cryptography
 Examples: RSA(Rivest, Shamir and Adleman), DSA(Digital Signature
Algorithm), Diffie-Hellman
Mathematical Base of PKCMathematical Base of PKC
 PKC depends upon the existence of one-way functions that are
easy to compute whereas their inverse function is relatively
difficult to compute. Let me give you two simple examples:
 Multiplication vs. factorization: Suppose I tell you that I have
two prime numbers, 3 and 7, and that I want to calculate the
product; it should take almost no time to calculate that value,
which is 21.
 Now suppose, instead, that I tell you that I have a number, 21, and
I need you tell me which pair of prime numbers I multiplied
together to obtain that number. You will eventually come up with
the solution but whereas calculating the product took
milliseconds, factoring will take longer. The problem becomes
much harder if I start with primes that have 400 digits or so,
because the product will have ~800 digits.
Mathematical Base of PKCMathematical Base of PKC
 Exponentiation vs. logarithms: Suppose I tell you that I want to
take the number 3 to the 6th power; again, it is relatively easy to
calculate 36
= 729. But if I tell you that I have the number 729 and
want you to tell me the two integers that I used, x and y so that
logx 729 = y, it will take you longer to find the two values.
 While the examples above are trivial, they do represent two of
the functional pairs that are used with PKC; namely, the ease of
multiplication and exponentiation versus the relative difficulty
of factoring and calculating logarithms, respectively.
 The mathematical "trick" in PKC is to find a trap door
in the one-way function so that the inverse calculation
becomes easy given knowledge of some item of
information.
Hash FunctionHash Function
 Hashing is the transformation of a string of characters
into a usually shorter fixed-length value or key
 A hash function is any function that can be used to map
digital data of arbitrary size to digital data of fixed size.
The values returned by a hash function are called hash
values, hash codes, hash sums, or simply hashes.
 Hash functions are not reversible.
Restricted algorithmRestricted algorithm
• Drawbacks of restricted algorithm:
1. A large or changing group of users cannot use them, because every
time a user leaves the group everyone else must switch to a
different algorithm.
2. If someone accidentally reveals the secret, everyone must change
their algorithm.
3. Restricted algorithms allow no quality control or standardization.
4. Every group of users must have their own unique algorithm. Such a
group can’t use off-the-shelf hardware or software products; an
eavesdropper can buy the same product and learn the algorithm.
5. They have to write their own algorithms and implementations. If no
one in the group is a good cryptographer, then they won’t know if
they have a secure algorithm.
AttackAttack
 An attempted cryptanalysis is called an attack or
cryptanalytic attack.
 However, The loss of a key through noncryptanalytic
means is called a compromise.
 There are four general types of cryptanalytic attacks. Of
course, each of them assumes that the cryptanalyst has
complete knowledge of the encryption algorithm used:
1. Ciphertext-only attack
2. Known-plaintext attack
3. Chosen-plaintext attack
4. Adaptive-chosen-plaintext attack
Ciphertext-only attackCiphertext-only attack
 Ciphertext-only attack : The cryptanalyst has the
ciphertext of several messages, all of which have been
encrypted using the same encryption algorithm.
 The cryptanalyst’s job is to recover the plaintext of as
many messages as possible, or better yet to deduce the
key (or keys) used to encrypt the messages, in order to
decrypt other messages encrypted with the same keys.
Known-plaintext attackKnown-plaintext attack
 Known-plaintext attack: The cryptanalyst has access not only to
the ciphertext of several messages, but also to the plaintext of
those messages.
 His job is to deduce the key (or keys) used to encrypt the
messages or an algorithm to decrypt any new messages
encrypted with the same key (or keys).
 Powerful and easier that ciphertext only attack.
 Known-plaintext attacks (and even chosen-plaintext attacks)
were successfully used against both the Germans and the
Japanese during World War II.
Chosen-plaintext attackChosen-plaintext attack
 Chosen-plaintext attack: The cryptanalyst not only has access to
the ciphertext and associated plaintext for several messages, but
he also can choose the plaintext that gets encrypted.
 This is more powerful and easier than a known-plaintext attack,
because the cryptanalyst can choose specific plaintext blocks to
encrypt, ones that might yield more information about the key.
 His job is to deduce the key (or keys) used to encrypt the
messages or an algorithm to decrypt any new messages
encrypted with the same key (or keys).
Adaptive-chosen-plaintextAdaptive-chosen-plaintext
attackattack
 Adaptive-chosen-plaintext attack : This is a special case of a
chosen-plaintext attack. The cryptanalyst not only can choose
the plaintext that is encrypted, but he can also modify his choice
based on the results of previous encryption.
 In a chosen-plaintext attack, a cryptanalyst might just be able
to choose one large block of plaintext to be encrypted.
 In an adaptive chosen-plaintext attack he can choose a smaller
block of plaintext and then choose another based on the results
of the first, and so forth.
Adaptive-chosen-plaintextAdaptive-chosen-plaintext
attackattack
 There are at least three other types of cryptanalytic
attack:
1. Chosen-ciphertext attack
2. Chosen-key attack
3. Rubber-hose cryptanalysis
Chosen-ciphertext attackChosen-ciphertext attack
 Chosen-ciphertext attack: . The cryptanalyst can choose different
ciphertexts to be decrypted and has access to the decrypted
plaintext. For example, the cryptanalyst has access to a
tamperproof box that does automatic decryption. His job is to
deduce the key.
 This attack is primarily applicable to public-key algorithms . A
chosen-ciphertext attack is sometimes effective against a
symmetric algorithm as well.
 Sometimes a chosen-plaintext attack and a chosen-ciphertext
attack are together known as a chosen-text attack .
 Chosen-key attack : This attack doesn’t mean that the
cryptanalyst can choose the key. It means that he has
some knowledge about the relationship between
different keys . It’s strange and obscure, not very practical
 Rubber-hose cryptanalysis : The cryptanalyst threatens,
blackmails, or tortures someone until they give him the
key. Bribery is sometimes referred to as a purchase-key
attack
Chosen-Key & Rubber HoseChosen-Key & Rubber Hose
attackattack
Complexity of an AttackComplexity of an Attack
 The complexity of an attack can be measured in three different
ways:
1. Data complexity : The amount of data needed(as input) to
perform the attack.
2. Processing or time complexity : The time needed to perform the
attack : This is often called the work factor. This Complexities are
expressed as orders of magnitude. If an algorithm has a processing
complexity of 2128
then 2128
operations are required to break the
algorithm. If it is possible to perform a million operations every
second and a million parallel processors are set against the task, it
will still take over 1019
years to recover the key. That’s a billion
times the age of the universe.
3. Storage requirements : The amount of memory needed to
perform the attack.
Kerckhoffs’s AssumptionKerckhoffs’s Assumption
1. If the strength of your new cryptosystem relies on the
fact that the attacker does not know the algorithm’s
inner workings, you’re sunk.
2. If you believe that keeping the algorithm’s insides
secret improves the security of your cryptosystem more
than letting the academic community analyze it, you’re
wrong.
3. And if you think that someone won’t disassemble your
code and reverse-engineer your algorithm, you’re naïve.
Security of AlgorithmsSecurity of Algorithms
 Different algorithms offer different degrees of security. It depends
on how hard they are to break.
• If the cost required to break an algorithm is greater than the value
of the encrypted data, then you’re probably safe.
• If the time required to break an algorithm is longer than the time
the encrypted data must remain secret, then you’re probably safe.
• If the amount of data encrypted with a single key is less than the
amount of data necessary to break the algorithm, then you’re
probably safe.
1. I say "probably" because there is always a chance of new
breakthroughs in cryptanalysis. On the other hand, the value of
most data decreases over time. It is important that the value of
the data always remain less than the cost to break the security.
Security of AlgorithmsSecurity of Algorithms
 Unconditionally secure: An algorithm is unconditionally
secure if, no matter how much ciphertext a cryptanalyst has,
there is not enough information to recover the plaintext.
 In point of fact, only a one-time pad is unbreakable given infinite
resources. All other cryptosystems are breakable in a
ciphertextonly attack, simply by trying every possible key one
by one and checking whether the resulting K plaintext is
meaningful. This is called a brute-force attack.
 Computationally secure : An algorithm is considered
computationally secure (sometimes called strong) if it cannot be
broken with available resources, either current or future.
Key and Key SpaceKey and Key Space
 Key: it controls the operation and behavior of the
cryptographic algorithm
 rules used in algorithms to convert a document into a secret
document
 Keyspace : The range of possible values of the key is called the
keyspace.
 Ek(M)=C , Dk(C)=M then Dk(Ek(M))=M
Encryption Decryption
Plaintext
Ciphertext
Plaintext
Key Key
47
CryptosystemCryptosystem
• Cryptosystem – The combination of algorithm, plaintext,
ciphertext, key, and key management functions used to
perform cryptographic operations is called cryptosystem
• A cryptosystem is a 5-tuple (E,D,M,K,C), where
E: M x K  C —the set of encryption functions;
D: C x K  M —the set of decryption functions;
M —a set of plaintexts (some use P as symbol);
K —the set of keys;
C —the set of ciphertexts;
Substitution CiphersSubstitution Ciphers
 A substitution cipher is one in which each character in the
plaintext is substituted for or replaced by another character in
the ciphertext. The receiver inverts the substitution on the
ciphertext to recover the plaintext. Easy to break by analyzing
statistical properties of written language
 In classical cryptography, there are four types of substitution
ciphers:
1. Simple substitution cipher or mono alphabetic cipher
2. Homophonic substitution cipher
3. Polygram substitution cipher
4. poly alphabetic substitution cipher
Substitution CiphersSubstitution Ciphers
 Simple substitution cipher: A simple substitution cipher, or
mono alphabetic cipher, is one in which each character of the
plaintext is replaced with a corresponding character of
ciphertext. Caesar cipher is an example of a mono-alphabetic
cipher.
 Homophonic substitution cipher: A homophonic substitution
cipher is like a simple substitution cryptosystem, except that a
single character of plaintext can map to one of several
characters of ciphertext.
 For example, "A" could correspond to either 5, 13, 25, or 56, "B"
could correspond to either 7, 19, 31, or 4 2, and so on.
Substitution CiphersSubstitution Ciphers
 Polygram substitution cipher: A polygram substitution cipher
is one in which blocks of characters are encrypted in groups.
For example, "ABA" could correspond to "RTQ," "ABB" could
correspond to "SLL, “ and so on.
 Polyalphabetic substitution cipher: A polyalphabetic
substitution cipher is made up of multiple simple substitution
ciphers.
 For example, there might be five different simple substitution
ciphers used; the particular one used changes with the position
of each character of the plaintext.
 Vigenere cipher is an example of a poly-alphabetic cipher
Transposition cipherTransposition cipher
 Transposition Ciphers: Instead of substituting letters in the
plaintext, the order of the letters are changed. Also easy to
break by analyzing structure of language
 In a transposition cipher the plaintext remains the same, but
the order of characters is shuffled around.
 In a simple columnar transposition cipher, the plaintext is
written horizontally onto a piece of graph paper of fixed width
and the ciphertext is read off vertically
 Decryption is a matter of writing the ciphertext vertically onto
a piece of graph paper of identical width and then reading the
plaintext off horizontally.
References
 http://en.wikipedia.org/wiki/
 Applied Cryptography by Bruce Schneier; 10th
Anniversary
edition
53
Md. Shakhawat Hossain
Student of Department of Computer Science &
Engineering
University of Rajshahi
E-mail: mshimul86@gmail.com

More Related Content

What's hot

13 asymmetric key cryptography
13   asymmetric key cryptography13   asymmetric key cryptography
13 asymmetric key cryptography
drewz lin
 

What's hot (20)

Cryptography
CryptographyCryptography
Cryptography
 
13 asymmetric key cryptography
13   asymmetric key cryptography13   asymmetric key cryptography
13 asymmetric key cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
 
Basic cryptography
Basic cryptographyBasic cryptography
Basic cryptography
 
Email security
Email securityEmail security
Email security
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
 
cryptography
cryptographycryptography
cryptography
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
 
Cryptography
CryptographyCryptography
Cryptography
 
Key management
Key managementKey management
Key management
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 

Viewers also liked

Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
Mohd Arif
 

Viewers also liked (20)

Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
 
Cryptography
CryptographyCryptography
Cryptography
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
GeneticAlgorithms_AND_CuttingWoodAlgorithm
GeneticAlgorithms_AND_CuttingWoodAlgorithm  GeneticAlgorithms_AND_CuttingWoodAlgorithm
GeneticAlgorithms_AND_CuttingWoodAlgorithm
 
Toni leslie james
Toni leslie jamesToni leslie james
Toni leslie james
 
A NEW PROPOSED SYMMETRIC KEY ALGORITHM FOR MODERN CRYPTOGRAPHIC
A NEW PROPOSED SYMMETRIC KEY ALGORITHM FOR MODERN CRYPTOGRAPHICA NEW PROPOSED SYMMETRIC KEY ALGORITHM FOR MODERN CRYPTOGRAPHIC
A NEW PROPOSED SYMMETRIC KEY ALGORITHM FOR MODERN CRYPTOGRAPHIC
 
Ch02
Ch02Ch02
Ch02
 
Cryptography basices
Cryptography basicesCryptography basices
Cryptography basices
 
Lru Algorithm
Lru AlgorithmLru Algorithm
Lru Algorithm
 
Elementry Cryptography
Elementry CryptographyElementry Cryptography
Elementry Cryptography
 
8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )
8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )
8051 microcontroller lecture ppt by Tarun Khaneja ( 9034406598 )
 
Cryptology
CryptologyCryptology
Cryptology
 
Cryptoppt
CryptopptCryptoppt
Cryptoppt
 
Idea (international data encryption algorithm)
Idea (international data encryption algorithm)Idea (international data encryption algorithm)
Idea (international data encryption algorithm)
 
Cryptography
CryptographyCryptography
Cryptography
 
04 brute force
04 brute force04 brute force
04 brute force
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 

Similar to Fundamentals of cryptography

Cryptography & Network Security.pptx
Cryptography & Network Security.pptxCryptography & Network Security.pptx
Cryptography & Network Security.pptx
sunil sharma
 
PresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.ppt
vinitajain703
 

Similar to Fundamentals of cryptography (20)

Cryptography & Network Security.pptx
Cryptography & Network Security.pptxCryptography & Network Security.pptx
Cryptography & Network Security.pptx
 
Evolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniquesEvolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniques
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
 
Cryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarCryptography by Durlab Kumbhakar
Cryptography by Durlab Kumbhakar
 
Analysis of Cryptography Techniques
Analysis of Cryptography TechniquesAnalysis of Cryptography Techniques
Analysis of Cryptography Techniques
 
Pertemuan 4 information hiding (cryptography)
Pertemuan 4 information hiding (cryptography)Pertemuan 4 information hiding (cryptography)
Pertemuan 4 information hiding (cryptography)
 
Pertemuan 4 information hiding (cryptography)
Pertemuan 4 information hiding (cryptography)Pertemuan 4 information hiding (cryptography)
Pertemuan 4 information hiding (cryptography)
 
A Study of Different Partitioning Clustering Technique
A Study of Different Partitioning Clustering TechniqueA Study of Different Partitioning Clustering Technique
A Study of Different Partitioning Clustering Technique
 
PresentationonCRYPTOGRAPHYppt.ppt - Read-Only - Compatibility Mode.ppt
PresentationonCRYPTOGRAPHYppt.ppt  -  Read-Only  -  Compatibility Mode.pptPresentationonCRYPTOGRAPHYppt.ppt  -  Read-Only  -  Compatibility Mode.ppt
PresentationonCRYPTOGRAPHYppt.ppt - Read-Only - Compatibility Mode.ppt
 
CRYPTOGRAPHY-PAYAL CHOPRA.ppt
CRYPTOGRAPHY-PAYAL CHOPRA.pptCRYPTOGRAPHY-PAYAL CHOPRA.ppt
CRYPTOGRAPHY-PAYAL CHOPRA.ppt
 
PresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.ppt
 
PresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.pptPresentationonCRYPTOGRAPHYppt.ppt
PresentationonCRYPTOGRAPHYppt.ppt
 
Presentationon ON THE TOPIC CRYPTOGRAPHY
Presentationon ON THE TOPIC CRYPTOGRAPHYPresentationon ON THE TOPIC CRYPTOGRAPHY
Presentationon ON THE TOPIC CRYPTOGRAPHY
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography- "A Black Art"
Cryptography- "A Black Art"Cryptography- "A Black Art"
Cryptography- "A Black Art"
 
A Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfA Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdf
 
Overview Of Cryptography
Overview Of CryptographyOverview Of Cryptography
Overview Of Cryptography
 
Cryptography, a science of secure writing
Cryptography, a science of secure writingCryptography, a science of secure writing
Cryptography, a science of secure writing
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 

More from Hossain Md Shakhawat

More from Hossain Md Shakhawat (20)

Recipe for the effective presentaion
Recipe for the effective presentaionRecipe for the effective presentaion
Recipe for the effective presentaion
 
The Road to Higher study in Japan
The Road to Higher study in JapanThe Road to Higher study in Japan
The Road to Higher study in Japan
 
Application of dfs
Application of dfsApplication of dfs
Application of dfs
 
Breadth first search and depth first search
Breadth first search and  depth first searchBreadth first search and  depth first search
Breadth first search and depth first search
 
Islamic jurisprudence
Islamic jurisprudenceIslamic jurisprudence
Islamic jurisprudence
 
Introduction to Medical Imaging
Introduction to Medical ImagingIntroduction to Medical Imaging
Introduction to Medical Imaging
 
Jpeg compression
Jpeg compressionJpeg compression
Jpeg compression
 
Surah Fatiha
Surah FatihaSurah Fatiha
Surah Fatiha
 
Hashing
HashingHashing
Hashing
 
Decision making and looping
Decision making and loopingDecision making and looping
Decision making and looping
 
Decision making and branching
Decision making and branchingDecision making and branching
Decision making and branching
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Caesar cipher
Caesar cipherCaesar cipher
Caesar cipher
 
Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adleman
 
Introduction to programming with c,
Introduction to programming with c,Introduction to programming with c,
Introduction to programming with c,
 
Introduction to digital image processing
Introduction to digital image processingIntroduction to digital image processing
Introduction to digital image processing
 
History of computing
History of computingHistory of computing
History of computing
 
Introduction to Printers
Introduction to PrintersIntroduction to Printers
Introduction to Printers
 
Input devices_(Mouse and Keyboard)
Input devices_(Mouse and Keyboard)Input devices_(Mouse and Keyboard)
Input devices_(Mouse and Keyboard)
 
Binary search tree(bst)
Binary search tree(bst)Binary search tree(bst)
Binary search tree(bst)
 

Recently uploaded

ppt your views.ppt your views of your college in your eyes
ppt your views.ppt your views of your college in your eyesppt your views.ppt your views of your college in your eyes
ppt your views.ppt your views of your college in your eyes
ashishpaul799
 

Recently uploaded (20)

[GDSC YCCE] Build with AI Online Presentation
[GDSC YCCE] Build with AI Online Presentation[GDSC YCCE] Build with AI Online Presentation
[GDSC YCCE] Build with AI Online Presentation
 
B.ed spl. HI pdusu exam paper-2023-24.pdf
B.ed spl. HI pdusu exam paper-2023-24.pdfB.ed spl. HI pdusu exam paper-2023-24.pdf
B.ed spl. HI pdusu exam paper-2023-24.pdf
 
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdfINU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
 
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
 
Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17
 
size separation d pharm 1st year pharmaceutics
size separation d pharm 1st year pharmaceuticssize separation d pharm 1st year pharmaceutics
size separation d pharm 1st year pharmaceutics
 
ppt your views.ppt your views of your college in your eyes
ppt your views.ppt your views of your college in your eyesppt your views.ppt your views of your college in your eyes
ppt your views.ppt your views of your college in your eyes
 
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
 
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptxJose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
 
Basic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Basic Civil Engg Notes_Chapter-6_Environment Pollution & EngineeringBasic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
Basic Civil Engg Notes_Chapter-6_Environment Pollution & Engineering
 
Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
Basic_QTL_Marker-assisted_Selection_Sourabh.pptBasic_QTL_Marker-assisted_Selection_Sourabh.ppt
Basic_QTL_Marker-assisted_Selection_Sourabh.ppt
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdfDanh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
 
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
Operations Management - Book1.p  - Dr. Abdulfatah A. SalemOperations Management - Book1.p  - Dr. Abdulfatah A. Salem
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
 
Salient features of Environment protection Act 1986.pptx
Salient features of Environment protection Act 1986.pptxSalient features of Environment protection Act 1986.pptx
Salient features of Environment protection Act 1986.pptx
 
Pragya Champions Chalice 2024 Prelims & Finals Q/A set, General Quiz
Pragya Champions Chalice 2024 Prelims & Finals Q/A set, General QuizPragya Champions Chalice 2024 Prelims & Finals Q/A set, General Quiz
Pragya Champions Chalice 2024 Prelims & Finals Q/A set, General Quiz
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
 

Fundamentals of cryptography

  • 2. CryptographyCryptography  The word cryptography comes from the two Greek words: Krypto (secret) and graphein (write). So cryptography means secret writing .  The art and science of keeping messages secure is called cryptography and it is practiced by cryptographers  It is the practice and study of techniques for secure communication in the presence of third parties. Cryptography deals with creating documents that can be shared secretly over public communication channels.  Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.
  • 3.
  • 4. 4 HistoryHistory • 50 B.C. Julius Caesar uses cryptographic technique • 400 A.D. Kama Sutra in India mentions cryptographic techniques • 1250 British monk Roger Bacon describes simple ciphers • 1466 Leon Alberti develops a cipher disk • 1861 Union forces use a cipher during Civil War
  • 5. 5 HistoryHistory • 1914 World War I – British, French, and German forces use encryption technology • 1917 William Friedman, Father of U.S. encryption efforts starts a school for teaching cryptanalysis in Illinois • 1917 AT&T employee Gilbert Vernam invents polyalphabetic cipher • 1919 Germans develop the Engima machine for encryption
  • 6. 6 HistoryHistory • 1937 Japanese design the Purple machine for encryption • 1942 Navajo windtalkers help with secure communication during World War II • 1948 Claude Shannon develops statistical methods for encryption/decryption • 1976 IBM develops DES • 1976 Diffie – Hellman develop public key / private key cryptography • 1977 Rivest – Shamir – Adleman develop the RSA algorithm for public key / private key
  • 7. PlaintextPlaintext  Plaintext is a text , in natural readable form. It is the message or data before it gets encrypted. In simple words it is the original message.  It is sometimes called clear text . Plaintext is denoted by M (message) or P (plaintext).  It can be a stream of bits , a text file , a bitmap, a stream of digitized voice etc.
  • 8. Cipher textCipher text  An encrypted message is called cipher text . It is denoted by C (cipher text).  Sometime it has the same size as the plaintext, sometimes larger than the plaintext.  It is the results obtained from the plaintext by applying the encryption algorithm on the plaintext.  Cipher text is unreadable by anyone except the intended recipients.
  • 9. EncryptionEncryption  The process of disguising a message in such a way to hide its substance is called encryption.  It is the process of scrambling a message using a specialized cryptographic algorithm to make it unreadable by anyone except the intended recipients.  The encryption function E, operates on M to produce C. In mathematical notation E(M)=C
  • 10. How Encryption Works?How Encryption Works? Hi buddy! D@#%^!245EncryptionEncryption Plaintext Apply Encryption Algorithm Cipher text
  • 11. DecryptionDecryption  The process of converting cipher text back to the original plaintext.  In the reverse process, the decryption function D operates on C to produce M: D(C) = M  Since the whole point of encrypting and then decrypting a message is to recover the original plaintext, the following identity must hold true: D(E(M)) = M
  • 12. How Decryption Works?How Decryption Works? Hi buddy!D@#%^!245 DecryptionDecryption Cipher text Apply Decryption Algorithm Plaintext
  • 13. Cryptography as a SystemCryptography as a System
  • 14. CryptanalysisCryptanalysis  The art and science of breaking cipher text is called cryptanalysis.  Cryptanalysis is seeing through the disguise and it is practiced by cryptanalysts.  Cryptanalysis deals with finding the encryption key for breaking cryptographic algorithms without the knowledge of the encryption  Cryptanalyst: a person who breaks cryptographic codes . Also referred to as “the attacker” or the “intruder”.
  • 15. CryptologyCryptology  Cryptography and cryptanalysis is collectively known as Cryptology.  The branch of mathematics encompasses both cryptography and cryptanalysis is called cryptology and its practitioners are called cryptologists.  Modern cryptologists are generally trained in theoretical mathematics—they have to be.
  • 16. Confidentiality IssuesConfidentiality Issues  It should be possible for the receiver of a message to ascertain its origin. An intruder should not be able to masquerade as someone else.  It should be possible for the receiver of a message to verify that it has not been modified in transit. An intruder should not be able to substitute a false message for a legitimate one.  A sender should not be able to falsely deny later that he sent a message.
  • 17. Confidentiality or CharacteristicsConfidentiality or Characteristics Three confidentiality or characteristics of cryptography • Authentication: It should be possible for the receiver of a message to ascertain its origin. An intruder should not be able to masquerade as someone else. • Integrity: It should be possible for the receiver of a message to verify that it has not been modified in transit. An intruder should not be able to substitute a false message for a legitimate one. • Nonrepudiation: A sender should not be able to falsely deny later that he sent a message.
  • 18. AuthenticationAuthentication  Authentication: Authentication means the act of proving who you say you are. Authentication means that you know who created and sent the message. Digital signature is used to authenticate the source of messages. It ensures the sender of the message.  Authentication is of ensuring that whoever supplies or accesses the message is an authorized party.  Two solutions to ensure authentication are: – Passwords – Digital signatures
  • 19. IntegrityIntegrity  Integrity: Integrity means the message delivered to the receiver intact, without being changed or altered anything. Integrity is the assurance that the information is trustworthy and accurate. Digital signature ensures the integrity of message.  This involves ensuring that when a message is sent over a network, the data that arrives is the same as the data that was originally sent. It is important that the data has not been modified or replaced .  Technical solutions include: – Encryption – Hashing algorithms
  • 20. Non-repudiationNon-repudiation  Non-repudiation: this is an important criteria of digital signature. As digital signature ensures the authentication of the message, so the receiver can’t repudiate it later. At the same time it also ensures the identity of the receiver, so the receiver can’t repudiate it later.  Ensuring that the intended recipient actually got the message.  Ensuring that the alleged sender actually sent the message.
  • 21. Cryptographic AlgorithmCryptographic Algorithm  A cryptographic algorithm, also called a cipher, is the mathematical function used for encryption and decryption.  Generally, there are two related functions: one for encryption and the other for decryption.  If the security of an algorithm is based on keeping the way that algorithm works a secret, it is a restricted algorithm.  Restricted algorithms have historical interest, but are woefully inadequate by today’s standards.
  • 22. Types of CryptographicTypes of Cryptographic AlgorithmAlgorithm  There are several ways of classifying cryptographic algorithms. One efficient way is to categorize based on the number of keys that are employed for encryption and decryption. Based on the above consideration cryptographic algorithms can be classified in three types: 1. Symmetric Algorithm: it is also called Secret Key Cryptography (SKC). Uses a single key for both encryption and decryption 2. Asymmetric algorithm: it is also called Public Key Cryptography (PKC). Uses one key for encryption and another for decryption 3. Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information
  • 23.
  • 24. Secret Key CryptographySecret Key Cryptography  In secret key cryptography, a single or same key is used for both encryption and decryption. In some SKC, the encryption key is calculated from the decryption key and vice versa.  The sender uses the key (or some set of rules) to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key (or ruleset) to decrypt the message and recover the plaintext.  Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.  With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver. And the key must be kept secret. The major difficulties with this technique is to distribute the key and keep the key secret.
  • 25. Secret Key CryptographySecret Key Cryptography  These algorithms, also called single key algorithms, or one-key algorithms. This algorithm requires the sender and receiver to agree on a unique key before they can communicate securely.  The security of a symmetric algorithm rests in the key; divulging the key means that anyone could encrypt and decrypt messages. A wide variety of symmetric key algorithms are currently in use: – Data Encryption Standard (DES) , – Triple DES (3DES), – Advanced Encryption Standard (AES) , – Blowfish – CAST – International Data Encryption Algorithm (IDEA) , – Rivest Cipher (RC2, RC3, RC4, RC5, RC6)
  • 26. Secret Key CryptographySecret Key Cryptography  Symmetric algorithms can be divided into two categories: Stream cipher and block cipher.  Steam cipher: it operates on the plaintext a single bits(or sometimes byte) at a time; these are called stream algorithms or stream ciphers  Block cipher: it operates on the plaintext in groups of bits. The groups of bits are called blocks, and the algorithms are called block algorithms or block ciphers. For modern computer algorithms, a typical block size is 64 bits—large enough to preclude analysis and small enough to be workable. Example: DES, AES, Blowfish, IDEA
  • 27. Secret Key CryptographySecret Key Cryptography
  • 28. Public Key CryptographyPublic Key Cryptography  The concept Asymmetric Encryption (also known as Public Key Encryption) was devised in 1975 by Whitfield Diffie and Martin Hellman and is based on the concept of using a pair of keys, one for encryption and one for decryption. The encryption key is often called the public key, and the decryption key is often called the private key.  It is designed so that the key used for encryption is different from the key used for decryption. Furthermore, the decryption key cannot be calculated from the encryption key.  It is called "public-key cryptography" because the encryption key can be made public. A complete stranger can use the encryption key to encrypt a message, but only a specific person with the corresponding decryption key can decrypt the message.  Sometimes, messages is encrypted with the private key and decrypted with the public key; such as digital signature.
  • 29. Public Key CryptographyPublic Key Cryptography  Examples: RSA(Rivest, Shamir and Adleman), DSA(Digital Signature Algorithm), Diffie-Hellman
  • 30. Mathematical Base of PKCMathematical Base of PKC  PKC depends upon the existence of one-way functions that are easy to compute whereas their inverse function is relatively difficult to compute. Let me give you two simple examples:  Multiplication vs. factorization: Suppose I tell you that I have two prime numbers, 3 and 7, and that I want to calculate the product; it should take almost no time to calculate that value, which is 21.  Now suppose, instead, that I tell you that I have a number, 21, and I need you tell me which pair of prime numbers I multiplied together to obtain that number. You will eventually come up with the solution but whereas calculating the product took milliseconds, factoring will take longer. The problem becomes much harder if I start with primes that have 400 digits or so, because the product will have ~800 digits.
  • 31. Mathematical Base of PKCMathematical Base of PKC  Exponentiation vs. logarithms: Suppose I tell you that I want to take the number 3 to the 6th power; again, it is relatively easy to calculate 36 = 729. But if I tell you that I have the number 729 and want you to tell me the two integers that I used, x and y so that logx 729 = y, it will take you longer to find the two values.  While the examples above are trivial, they do represent two of the functional pairs that are used with PKC; namely, the ease of multiplication and exponentiation versus the relative difficulty of factoring and calculating logarithms, respectively.  The mathematical "trick" in PKC is to find a trap door in the one-way function so that the inverse calculation becomes easy given knowledge of some item of information.
  • 32. Hash FunctionHash Function  Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key  A hash function is any function that can be used to map digital data of arbitrary size to digital data of fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes.  Hash functions are not reversible.
  • 33. Restricted algorithmRestricted algorithm • Drawbacks of restricted algorithm: 1. A large or changing group of users cannot use them, because every time a user leaves the group everyone else must switch to a different algorithm. 2. If someone accidentally reveals the secret, everyone must change their algorithm. 3. Restricted algorithms allow no quality control or standardization. 4. Every group of users must have their own unique algorithm. Such a group can’t use off-the-shelf hardware or software products; an eavesdropper can buy the same product and learn the algorithm. 5. They have to write their own algorithms and implementations. If no one in the group is a good cryptographer, then they won’t know if they have a secure algorithm.
  • 34. AttackAttack  An attempted cryptanalysis is called an attack or cryptanalytic attack.  However, The loss of a key through noncryptanalytic means is called a compromise.  There are four general types of cryptanalytic attacks. Of course, each of them assumes that the cryptanalyst has complete knowledge of the encryption algorithm used: 1. Ciphertext-only attack 2. Known-plaintext attack 3. Chosen-plaintext attack 4. Adaptive-chosen-plaintext attack
  • 35. Ciphertext-only attackCiphertext-only attack  Ciphertext-only attack : The cryptanalyst has the ciphertext of several messages, all of which have been encrypted using the same encryption algorithm.  The cryptanalyst’s job is to recover the plaintext of as many messages as possible, or better yet to deduce the key (or keys) used to encrypt the messages, in order to decrypt other messages encrypted with the same keys.
  • 36. Known-plaintext attackKnown-plaintext attack  Known-plaintext attack: The cryptanalyst has access not only to the ciphertext of several messages, but also to the plaintext of those messages.  His job is to deduce the key (or keys) used to encrypt the messages or an algorithm to decrypt any new messages encrypted with the same key (or keys).  Powerful and easier that ciphertext only attack.  Known-plaintext attacks (and even chosen-plaintext attacks) were successfully used against both the Germans and the Japanese during World War II.
  • 37. Chosen-plaintext attackChosen-plaintext attack  Chosen-plaintext attack: The cryptanalyst not only has access to the ciphertext and associated plaintext for several messages, but he also can choose the plaintext that gets encrypted.  This is more powerful and easier than a known-plaintext attack, because the cryptanalyst can choose specific plaintext blocks to encrypt, ones that might yield more information about the key.  His job is to deduce the key (or keys) used to encrypt the messages or an algorithm to decrypt any new messages encrypted with the same key (or keys).
  • 38. Adaptive-chosen-plaintextAdaptive-chosen-plaintext attackattack  Adaptive-chosen-plaintext attack : This is a special case of a chosen-plaintext attack. The cryptanalyst not only can choose the plaintext that is encrypted, but he can also modify his choice based on the results of previous encryption.  In a chosen-plaintext attack, a cryptanalyst might just be able to choose one large block of plaintext to be encrypted.  In an adaptive chosen-plaintext attack he can choose a smaller block of plaintext and then choose another based on the results of the first, and so forth.
  • 39. Adaptive-chosen-plaintextAdaptive-chosen-plaintext attackattack  There are at least three other types of cryptanalytic attack: 1. Chosen-ciphertext attack 2. Chosen-key attack 3. Rubber-hose cryptanalysis
  • 40. Chosen-ciphertext attackChosen-ciphertext attack  Chosen-ciphertext attack: . The cryptanalyst can choose different ciphertexts to be decrypted and has access to the decrypted plaintext. For example, the cryptanalyst has access to a tamperproof box that does automatic decryption. His job is to deduce the key.  This attack is primarily applicable to public-key algorithms . A chosen-ciphertext attack is sometimes effective against a symmetric algorithm as well.  Sometimes a chosen-plaintext attack and a chosen-ciphertext attack are together known as a chosen-text attack .
  • 41.  Chosen-key attack : This attack doesn’t mean that the cryptanalyst can choose the key. It means that he has some knowledge about the relationship between different keys . It’s strange and obscure, not very practical  Rubber-hose cryptanalysis : The cryptanalyst threatens, blackmails, or tortures someone until they give him the key. Bribery is sometimes referred to as a purchase-key attack Chosen-Key & Rubber HoseChosen-Key & Rubber Hose attackattack
  • 42. Complexity of an AttackComplexity of an Attack  The complexity of an attack can be measured in three different ways: 1. Data complexity : The amount of data needed(as input) to perform the attack. 2. Processing or time complexity : The time needed to perform the attack : This is often called the work factor. This Complexities are expressed as orders of magnitude. If an algorithm has a processing complexity of 2128 then 2128 operations are required to break the algorithm. If it is possible to perform a million operations every second and a million parallel processors are set against the task, it will still take over 1019 years to recover the key. That’s a billion times the age of the universe. 3. Storage requirements : The amount of memory needed to perform the attack.
  • 43. Kerckhoffs’s AssumptionKerckhoffs’s Assumption 1. If the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm’s inner workings, you’re sunk. 2. If you believe that keeping the algorithm’s insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you’re wrong. 3. And if you think that someone won’t disassemble your code and reverse-engineer your algorithm, you’re naïve.
  • 44. Security of AlgorithmsSecurity of Algorithms  Different algorithms offer different degrees of security. It depends on how hard they are to break. • If the cost required to break an algorithm is greater than the value of the encrypted data, then you’re probably safe. • If the time required to break an algorithm is longer than the time the encrypted data must remain secret, then you’re probably safe. • If the amount of data encrypted with a single key is less than the amount of data necessary to break the algorithm, then you’re probably safe. 1. I say "probably" because there is always a chance of new breakthroughs in cryptanalysis. On the other hand, the value of most data decreases over time. It is important that the value of the data always remain less than the cost to break the security.
  • 45. Security of AlgorithmsSecurity of Algorithms  Unconditionally secure: An algorithm is unconditionally secure if, no matter how much ciphertext a cryptanalyst has, there is not enough information to recover the plaintext.  In point of fact, only a one-time pad is unbreakable given infinite resources. All other cryptosystems are breakable in a ciphertextonly attack, simply by trying every possible key one by one and checking whether the resulting K plaintext is meaningful. This is called a brute-force attack.  Computationally secure : An algorithm is considered computationally secure (sometimes called strong) if it cannot be broken with available resources, either current or future.
  • 46. Key and Key SpaceKey and Key Space  Key: it controls the operation and behavior of the cryptographic algorithm  rules used in algorithms to convert a document into a secret document  Keyspace : The range of possible values of the key is called the keyspace.  Ek(M)=C , Dk(C)=M then Dk(Ek(M))=M Encryption Decryption Plaintext Ciphertext Plaintext Key Key
  • 47. 47 CryptosystemCryptosystem • Cryptosystem – The combination of algorithm, plaintext, ciphertext, key, and key management functions used to perform cryptographic operations is called cryptosystem • A cryptosystem is a 5-tuple (E,D,M,K,C), where E: M x K  C —the set of encryption functions; D: C x K  M —the set of decryption functions; M —a set of plaintexts (some use P as symbol); K —the set of keys; C —the set of ciphertexts;
  • 48. Substitution CiphersSubstitution Ciphers  A substitution cipher is one in which each character in the plaintext is substituted for or replaced by another character in the ciphertext. The receiver inverts the substitution on the ciphertext to recover the plaintext. Easy to break by analyzing statistical properties of written language  In classical cryptography, there are four types of substitution ciphers: 1. Simple substitution cipher or mono alphabetic cipher 2. Homophonic substitution cipher 3. Polygram substitution cipher 4. poly alphabetic substitution cipher
  • 49. Substitution CiphersSubstitution Ciphers  Simple substitution cipher: A simple substitution cipher, or mono alphabetic cipher, is one in which each character of the plaintext is replaced with a corresponding character of ciphertext. Caesar cipher is an example of a mono-alphabetic cipher.  Homophonic substitution cipher: A homophonic substitution cipher is like a simple substitution cryptosystem, except that a single character of plaintext can map to one of several characters of ciphertext.  For example, "A" could correspond to either 5, 13, 25, or 56, "B" could correspond to either 7, 19, 31, or 4 2, and so on.
  • 50. Substitution CiphersSubstitution Ciphers  Polygram substitution cipher: A polygram substitution cipher is one in which blocks of characters are encrypted in groups. For example, "ABA" could correspond to "RTQ," "ABB" could correspond to "SLL, “ and so on.  Polyalphabetic substitution cipher: A polyalphabetic substitution cipher is made up of multiple simple substitution ciphers.  For example, there might be five different simple substitution ciphers used; the particular one used changes with the position of each character of the plaintext.  Vigenere cipher is an example of a poly-alphabetic cipher
  • 51. Transposition cipherTransposition cipher  Transposition Ciphers: Instead of substituting letters in the plaintext, the order of the letters are changed. Also easy to break by analyzing structure of language  In a transposition cipher the plaintext remains the same, but the order of characters is shuffled around.  In a simple columnar transposition cipher, the plaintext is written horizontally onto a piece of graph paper of fixed width and the ciphertext is read off vertically  Decryption is a matter of writing the ciphertext vertically onto a piece of graph paper of identical width and then reading the plaintext off horizontally.
  • 52. References  http://en.wikipedia.org/wiki/  Applied Cryptography by Bruce Schneier; 10th Anniversary edition
  • 53. 53 Md. Shakhawat Hossain Student of Department of Computer Science & Engineering University of Rajshahi E-mail: mshimul86@gmail.com