securty system

1. Chapter 2. Overview of Cryptography
Contents
Concepts of encryption
Cryptanalysis: how encryption systems are "broken"
Cryptography System: Symmetric (secret key) encryption and the
DES and AES algorithms
Asymmetric (public key) encryption and the RSA algorithm

2. Cryptography(secret writing) is the strongest tool for controlling
against many kinds of security threats.
Well-disguised data cannot be read, modified, or fabricated easily.
Cryptography is rooted in higher mathematics: group and field
theory, computational complexity, and even real analysis,
not to mention probability and statistics
We introduce the basic principles of encryption with two simple
encryption methods: substitution and transposition.
Next, we explore how they can be expanded and improved to
create stronger, more sophisticated protection.
We analyze techniques used to break through the protective
scheme and reveal the original text. Three very popular
algorithms are in use today: DES, AES, and RSA

3. 2.1. Terminology and Background
Consider the steps involved in sending messages from a sender,
S, to a recipient, R. If S entrusts the message to T, who then
delivers it to R, T then becomes the transmission medium.
If an outsider, O, wants to access the message (to read, change,
or even destroy it), we call O an interceptor or intruder.
Any time after S transmits it via T, the message is vulnerable to
exploitation, and O might try to access the message in any of the
following ways:
Block it, by preventing its reaching R, thereby affecting the
availability of the message.

4. Intercept it, by reading or listening to the message, thereby
affecting the confidentiality of the message.
Modify it, by seizing the message and changing it in some way,
affecting the message's integrity.
Fabricate an authentic-looking message, arranging for it to be
delivered as if it came from S, thereby also affecting the integrity
of the message.
Encryption is a technique that can address all these problems.
Encryption, probably the most fundamental building block of
secure computing, is a means of maintaining secure data in an
insecure environment.
We will study encryption as a security technique, and we see how
it is used in protecting programs, databases, networks, and
Electronic communications

5. Terminology
Cryptography: is “the science of coding and decoding
messages so as to keep these messages secure”.
 Schemes for encryption and decryption
Encryption is the process of encoding a message
Decryption is the reverse process, transforming an encrypted
message back into its normal, original form.
Alternatively, the terms encode and decode or encipher and
decipher are used instead of encrypt and decrypt.
That is, we say that we encode, encrypt, or encipher the original
message to hide its meaning.
Then, we decode, decrypt, or decipher it to reveal the original
message.
A system for encryption and decryption is called a cryptosystem.

6. Secret key: Used to set some or all of the various parameters
used by the encryption algorithm.
In a classical (symmetric key) cryptography, the same secret key is
used for encryption and decryption.
The original form of a message is known as plaintext, and the
encrypted form is called cipher text.
Cryptanalysis : The study of “breaking the code”.
 is the art and science of “cracking codes, decoding secrets,
violating authentication schemes, and in general, breaking
cryptographic protocols,” all without knowing the secret key.
Systems for encrypting information are referred to as cryptosystems.
Cryptology: Cryptography and cryptanalysis together constitute
the area of cryptology.

7. For convenience, we denote a plaintext message P as a sequence of
individual characters P = <p1, p2, …, pn>.
Similarly, ciphertext is written as C = <c1, c2, …, cm>. For
instance, the plaintext message "I want cookies" can be denoted as
the message string <I, ,w,a,n,t, , c,o,o,k,i,e,s>.
It can be transformed into cipher text <c1, c2, …, c14>, and the
encryption algorithm tells us how the transformation is done.

8. Cryptography has five ingredients:
• Plaintext
• Encryption algorithm
• Secret Key
• Ciphertext
• Decryption algorithm
Security depends on the secrecy of the key, not the
secrecy of the algorithm

10. A sender S wanting to transmit message M to a
receiver R
To protect the message M, the sender first encrypts
it into an unintelligible message M’
After receipt of M’, R decrypts the message to
obtain M
M is called the plaintext
 What we want to encrypt
M’ is called the ciphertext
 The encrypted output
Description:

11. Given
P=Plaintext
C=CipherText
 k=key shared by sender and receiver
C = EK (P) Encryption
P = DK (C) Decryption
Notation:

12. Representing Characters
We want to study ways of encrypting any computer material,
whether it is written as ASCII characters, binary data, object
code, or a control stream.
However, to simplify the explanations, we begin with the
encryption of messages written in the standard 26-letter
English[2] alphabet, A through Z.

13. There are many types of encryption. In the next two sections
we look at two simple forms of encryption:
 Substitutions, in which one letter is exchanged for another, and
 Transpositions, in which the order of the letters is rearranged.
A)Substitution Ciphers
use a correspondence table with which to substitute a character
or symbol for each character of the original message.
This technique is called a monoalphabetic cipher or simple
substitution.
A substitution is an acceptable way of encrypting text and there
are several kinds of substitution ciphers.

14. The Caesar Cipher-early example:
The Caesar cipher has an important place in history.
The earliest known example of a substitution cipher in which
each character of a message is replaced by a character three
position down in the alphabet.
Julius Caesar is said to have been the first to use this
scheme, in which each letter is translated to the letter a
fixed number of places after it in the alphabet.
Caesar used a shift of 3, so plaintext letter pi was
enciphered as ciphertext letter ci by the rule
ci = E(pi) = pi + 3

15. Using this encryption, the message
IMPOSSIBLE
would be encoded as
I M P O S S I B L E
l p s r v v l e o h
Cryptanalysis of the Caesar Cipher
Let us take a closer look at the result of applying Caesar's
encryption technique to "TREATY IMPOSSIBLE.“
If we did not know the plaintext and were trying to guess it, we
would have many clues from the ciphertext.

16. If we represent each letter of the alphabet by an
integer that corresponds to its position in the
alphabet:
The formula for replacing each character ‘p’ of the
plaintext with a character ‘c’ of the ciphertext can be
expressed as:
c = E3(p ) = (p + 3) mod 26

17. A more general version of this cipher that allows
for any degree of shift:
c = Ek(p ) = (p + k) mod 26
The formula for decryption would be
p = Dk(c ) = (c - k) mod 26
In these formulas
 ‘k’ is the secret key. The symbols ’E’ and ’D’ stand for
Encryption and Decryption respectively, and p and c are
characters in the plain and cipher text respectively.

18. Other Substitutions
One-Time Pads
Long Random Number Sequences
The Vernam Cipher
B)Transpositions (Permutations)
A transposition is an encryption in which the letters of the
message are rearranged.
With transposition, the cryptography aims for diffusion, widely
spreading the information from the message or the key across
the cipher text.

19. Columnar Transpositions
The columnar transposition is a rearrangement of the characters
of the plaintext into columns.
The following set of characters is a five-column transposition.
The plaintext characters are written in rows of five and arranged
one row after another, as shown here.

20. For instance, suppose you want to write the plaintext message
THIS IS A MESSAGE TO SHOW HOW A COLUMNAR
TRANSPOSITION WORKS. We arrange the letters in five columns as
T H I S I
S A M E S
S A G E T
O S H O W
H O W A C
O L U M N
A R T R A
N S P O S
I T I O N
W O R K S
The resulting ciphertext would then be read down the columns as
tssoh oaniw haaso lrsto imghw
utpir seeoa mrook istwc nasns
T H I S I
S A M E S
S A G E T
O S H O W
H O W A C
O L U M N
A R T R A
N S P O S
I T I O N
W O R K S

21. Cryptography System
There are two fundamentally different
cryptographic systems
Symmetric cryptosystem/ Private key
Asymmetric cryptosystem/ Public key

22. Cryptography
Symmetric Cryptosystem
Also called secret-key/private-key cryptosystem
The study of symmetric cryptosystems is referred to as
symmetric cryptography
The same key is used to encrypt and decrypt a
message
 P = DK [EK (P) ]
Have been used for centuries in a variety of forms
The key has to be kept secret
The key has to be communicated using a secure
channel

24. Prior to 1970, all cryptosystems employed symmetric key
encryption.
Even today, its relevance is very high and it is being used
extensively in many cryptosystems.
The salient features of cryptosystem based on symmetric key
encryption are −
 Persons using symmetric key encryption must share a common
key prior to exchange of information.
Keys are recommended to be changed regularly to prevent any
attack on the system.
A robust mechanism needs to exist to exchange the key between
the communicating parties. As keys are required to be changed
regularly, this mechanism becomes expensive and cumbersome.

25. In a group of n people, to enable two-party communication
between any two persons, the number of keys required for group is
n × n – 1/2.
Length of Key number of bits in this encryption is smaller and
hence, process of encryption- decryption is faster than asymmetric
key encryption.
Processing power of computer system required to run symmetric
algorithm is less
Challenge of Symmetric Key Cryptosystem
There are two restrictive challenges of employing symmetric key
cryptography.
Key establishment − Before any communication, both the sender and
the receiver need to agree on a secret symmetric key. It requires a secure
key establishment mechanism in place.
Trust Issue − Since the sender and the receiver use the same symmetric
key, there is an implicit requirement that the sender and the receiver
‘trust’ each other.

26. A symmetric encryption schemes can be classified in to :
Block Ciphers
In this scheme, the plain binary text is processed in blocks
groups of bits at a time; i.e. a block of plaintext bits is selected, a
series of operations is performed on this block to generate a
block of cipher text bits.
The number of bits in a block is fixed. For example, the schemes
DES and AES have block sizes of 64 and 128, respectively.
Stream Ciphers
In this scheme, the plaintext is processed one bit at a time i.e.
one bit of plaintext is taken, and a series of operations is
performed on it to generate one bit of cipher text.

28. Block Cipher Schemes
There is a vast number of block ciphers schemes that are in use.
Many of them are publically known.
Most popular and prominent block ciphers are listed below.
Digital Encryption Standard
Double DES
Triple DES
Advanced Encryption Standard AES

29. FEISTEL BLOCK CIPHER
Feistel Cipher is not a specific scheme of block cipher.
It is a design model from which many different block ciphers are
derived. DES is just one example of a Feistel Cipher.
A cryptographic system based on Feistel cipher structure uses the
same algorithm for both encryption and decryption.
Encryption Process
The encryption process uses the Feistel structure consisting multiple
rounds of processing of the plaintext, each round consisting of a
“substitution” step followed by a permutation step.
Feistel Structure is shown in the following illustration

31. The input block to each round is divided into two halves that can
be denoted as L and R for the left half and the right half.
In each round, the right half of the block, R, goes through
unchanged. But the left half, L, goes through an operation that
depends on R and the encryption key. First, we apply an
encrypting function ‘f’ that takes two input − the key K and R.
The function produces the output fR, K. Then, we XOR the
output of the mathematical function with L.
In real implementation of the Feistel Cipher, such as DES,
instead of using the whole encryption key during each round, a
round-dependent key a sub key is derived from the encryption
key.
This means that each round uses a different key, although all
these sub keys are related to the original key.

32. The permutation step at the end of each round swaps the
modified L and unmodified R. Therefore, the L for the next
round would be R of the current round. And R for the next
round be the output L of the current round.
Above substitution and permutation steps form a ‘round’. The
number of rounds are specified by the algorithm design.
Once the last round is completed then the two sub blocks, ‘R’
and ‘L’ are concatenated in this order to form the ciphertext
block.

33. Decryption Process
The process of decryption in Feistel cipher is almost similar.
Instead of starting with a block of plaintext, the ciphertext block
is fed into the start of the Feistel structure and then the process
thereafter is exactly the same as described in the given
illustration.
The process is said to be almost similar and not exactly same. In
the case of decryption, the only difference is that the subkeys
used in encryption are used in the reverse order.
The final swapping of ‘L’ and ‘R’ in last step of the Feistel Cipher
is essential.
If these are not swapped then the resulting ciphertext could not
be decrypted using the same algorithm.

34. Number of Rounds
The number of rounds used in a Feistel Cipher depends on
desired security from the system.
More number of rounds provide more secure system. But at the
same time, more rounds mean the inefficient slow encryption
and decryption processes.
Number of rounds in the systems thus depend upon efficiency–
security tradeoff.

35. Cryptography
DES - Popular Example of Symmetric Cryptosystem
In 1973, the NBS (National Bureau of Standards, now called NIST -
National Institute of Standards and Technology) published a request for
an encryption algorithm that would meet the following criteria:
have a high security level
be easily understood
not depend on the algorithm's confidentiality
be adaptable and economical
be efficient and exportable
In late 1974, IBM proposed "Lucifer", which was then modified by NSA
(National Security Agency) in 1976 to become the DES (Data Encryption
Standard).
DES was approved by the NBS in 1978. The DES was standardized by
the ANSI under the name of ANSI X3.92, also known as DEA (Data
Encryption Algorithm).

36. Cryptography
DES- Example of Symmetric Cryptosystem …
DES Utilizes block cipher, which means that during the
encryption process, the plaintext is broken into fixed length blocks
of 64 bits.
The key is 56 bits wide. 8-bit out of the total 64-bit block key is
used for parity check (for example, each byte has an odd number
of bits set to 1).
56-bit key gives 256 ( 7.2*1016) possible key variations
DES algorithm involves carrying out combinations, substitutions
and permutations between the text to be encrypted and the key,
while making sure the operations can be performed in both
directions (for decryption).
The combination of substitutions and permutations is called a
product cipher.

37. Cryptography
DES- Example of Symmetric Cryptosystem …
DES was best suited for implementation in hardware,
probably to discourage implementations in software, which
tend to be slow by comparison during that time.
Modern computers are so fast that satisfactory software
implementations for DES are possible.
DES is the most widely used symmetric algorithm despite
claims whether 56 bits is long enough to guarantee security.
Using current technology, 56-bit key size is vulnerable to a
brute force attack.

38. Cryptography
DES- Example of Symmetric Cryptosystem …
DES Encryption starts with an initial permutation (IP) of the 64
input bits. These bits are then divided into two 32-bit halves
called L and R. The encryption then proceeds through 16 rounds,
each using the L and R parts, and a subkey.
The R and subkeys are processed in the so called f-function, and
exclusive-or of the output of the f-function with the existing L
part to create the new R part. The new L part is simply a copy of
the incoming R part.
In the final round, the L and R parts are swapped once more
before the final permutation (FP) producing the output block.
Decryption is identical to encryption, except that the subkeys are
used in the opposite order. That is, subkey 16 is used in round 1,
subkey 15 is used in round 2, etc., ending with subkey 1 being
used in round 16.

39. Cryptography
DES Algorithm - Overall and Detail Structure

40. Cryptography
DES- Example of Symmetric Cryptosystem …
The f-function mixes the bits of the R portion using the
Subkey for the current round. First the 32-bit R value is
expanded to 48 bits using a permutation E. That value is
then exclusive-or'ed with the subkey.
The 48 bits are then divided into eight 6-bit chunks, each of
which is fed into an S-Box that mixes the bits and produces
a 4-bit output. A little bit funny operation!!
Those 4-bit outputs are combined into a 32-bit value, and
permuted once again to produce the f-function output.

41. Cryptography
The
S-Box
If S1 is the function defined in this table and B is a block of 6 bits, then S1(B) is determined as
follows: The first and last bits of B represent in base 2 a number in the decimal range 0 to 3 (or
binary 00 to 11). Let that number be i. The middle 4 bits of B represent in base 2 a number in the
decimal range 0 to 15 (binary 0000 to 1111). Let that number be j. Look up in the table the number in
the i-th row and j-th column. It is a number in the range 0 to 15 and is uniquely represented by a 4
bit block. That block is the output S1(B) of S1 for the input B. For example, for input block B =
011011 the first bit is "0" and the last bit "1" giving 01 as the row. This is row 1. The middle four bits
are "1101". This is the binary equivalent of decimal 13, so the column is column number 13. In row
1, column 13 appears 5. This determines the output; 5 is binary 0101, so that the output is 0101.
Hence S1(011011) = 0101.

42. Cryptography
DES- Algorithm, the f-function

43. Cryptography
DES- Generating Subkey
To generate the subkeys, start with the 56-bit key (64 bits if
you include the parity bits). These are permuted and
divided into two halves called C and D.
For each round, C and D are each shifted left circularly one
or two bits (the number of bits depending on the round).
The 48-bit subkey is then selected from the current C and D
bits.

44. Cryptography
DES- Algorithm - Key Schedule and Subkey Generation

45. Cryptography
IP
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4
62 54 46 38 30 22 14 6
64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1
59 51 43 35 27 19 11 3
61 53 45 37 29 21 13 5
63 55 47 39 31 23 15 7
DES- Permutation principles
Initial Permutation (IP) Final Permutation(FP)
IP
-1
40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25
“First Bit of the output is taken from the 58th bit of the input, etc...”

46. Cryptography
E
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
DES- Permutation principles
Expansion/Permutation Contraction/Permuted Choice (PC-2)
PC-2
14 17 11 24 1 5
3 28 15 6 21 10
23 19 12 4 26 8
16 7 27 20 13 2
41 52 31 37 47 55
30 40 51 45 33 48
44 49 39 56 34 53
46 42 50 36 29 32
Selects/Extracts the 48-bit subkey for each
round from the 56-bit key-schedule state.
The 32-bit half-block of data is expanded
to 48 bits.

47. Cryptography
DES-
Algorithm,
G
eneral
depiction
(W.
Stallings)

48. Cryptography
DES- Single round of DES Algorithm (W. Stallings)

49. Cryptography
DES- Example of Symmetric Cryptosystem …
Cracking: The most basic method of attack for any cypher is
brute force - trying every possible key in turn.
The length of the key determines the number of possible
keys, and hence the feasibility of the approach.
DES is not adequate with this regard due to its key size
In academia, various proposals for a DES-cracking machine
were advanced.
In 1977, Diffie and Hellman proposed a machine costing an
estimated US$20 million which could find a DES key in a single day.
By 1993, Wiener had proposed a key-search machine costing US$1
million which would find a key within 7 hours.
However, none of these early proposals were ever
implemented.

50. Cryptography
DES- Example of Symmetric Cryptosystem …
The vulnerability of DES was practically demonstrated in
1997, where RSA Security sponsored a series of contests,
offering a $10,000 prize to the first team that broke a
message encrypted with DES for the contest. That contest
was won by the DESCHALL Project, led by Rocke Verser,
Matt Curtin, and Justin Dolske, using idle cycles of
thousands of computers across the Internet.
The feasibility of cracking DES quickly was demonstrated
in 1998 when a custom DES-cracker was built by the
Electronic Frontier Foundation (EFF), a cyberspace civil
rights group, at the cost of approximately US$250,000. Their
motivation was to show that DES was breakable in practice
as well as in theory.

51. Cryptography
DES- Example of Symmetric Cryptosystem …
The EFF's US$250,000 DES
cracking machine
contained 1,856 custom
chips and could brute force
a DES key in a matter of
days - the photo shows a
DES Cracker circuit board
fitted with several Deep
Crack chips.

52. Cryptography
DES- Example of Symmetric Cryptosystem …
A variant of DES, Triple DES (3-DES), provides enhanced security by executing
the core algorithm three times in a row.
With triple length key of three 56-bit keys K1, K2 & K3, encryption is:
 Encrypt with K1
 Decrypt with K2
 Encrypt with K3
Decryption is the reverse process:
 Decrypt with K3
 Encrypt with K2
 Decrypt with K1
Setting K3 equal to K1 in these processes gives us a double length key K1, K2.
Setting K1, K2 and K3 all equal to K has the same effect as using a single-length
(56-bit key).
Thus it is possible for a system using triple-DES to be compatible with a system
using single-DES.

53. Cryptography
Click for
DES Preliminary
Examples

54. Cryptography
Asymmetric/Public key/ Cryptosystem
Also called public-key cryptosystem
 keys for encryption and decryption are different but form a unique pair
 P = DKD [EKE (P) ]
 Only one of the keys need to be private while the other can be public
Invented by Diffie and Hellman in 1976
Uses Mathematical functions whose inverse is not known by
Mathematicians of the day
It is a revolutionary concept since it avoids the need of using a
secure channel to communicate the key
It has made cryptography available for the general public and made
many of today’s on-line application feasible

56. The salient features of this encryption scheme are as follows :
Every user in this system needs to have a pair of dissimilar
keys, private key and public key.
These keys are mathematically related − when one key is
used for encryption, the other can decrypt the ciphertext
back to the original plaintext.
It requires to put the public key in public repository and the
private key as a well-guarded secret. Hence, this scheme of
encryption is also called Public Key Encryption.

57. Though public and private keys of the user are related, it is
computationally not feasible to find one from another. This is
a strength of this scheme.
When Host1 needs to send data to Host2, he obtains the
public key of Host2 from repository, encrypts the data, and
transmits.
Host2 uses his private key to extract the plaintext.
Length of Keys number of bits in this encryption is large and
hence, the process of encryption-decryption is slower than
symmetric key encryption.
Processing power of computer system required to run
asymmetric algorithm is higher.

58. Cryptography
Public-key Cryptosystem
Which one of the encryption or decryption key is
made public depends on the use of the key
If Hana wants to send a confidential message to
Ahmed
 She encrypts the message using Ahmed’s public key
 Send the message
 Ahmed will then decode it using his own private key
On the other hand, if Ahmed needs to make sure that
a message sent by Hana really comes from her, how
can he make that?

59. Cryptography
Public-key Cryptosystem
Using digital signature
Hana has to first encrypt a digital signature using her
private key
Then encrypt the message (signature included) with
Ahmed’s public key
Sends the encrypted message to Ahmed
Ahmed decrypts the message using his private key
Ahmed then decrypts the signature using Hana’s
public key
If successful, he insures that it comes from Hana

60. Cryptography
Public-key Cryptosystem: Example RSA
RSA is from R. Rivesh, A. Shamir and L. Aldermen
Principle: No mathematical method is yet known to efficiently
find the prime factors of large numbers
In RSA, the private and public keys are constructed from very
large prime numbers (consisting of hundred of decimal digits)
One of the keys can be made public
Breaking RSA is equivalent to finding the prime factors: this is
know to be computationally infeasible
It is only the person who has produced the keys from the prime
number who can easily decrypt the messages

61. Cryptography
Public-key Cryptosystem: Average time required
for exhaustive (full) key search
Key Size
(bits)
Number of
Alternative Keys
Time required at
106 Decryption/µs
32 232 = 4.3 x 109 2.15 milliseconds
56 256 = 7.2 x 1016 10 hours
128 2128 = 3.4 x 1038 5.4 x 1018 years
168 2168 = 3.7 x 1050 5.9 x 1030 years

62. Cryptography
Public-key Cryptosystem
Summary
 A pair of keys (private, public)
 If you have the private key, you can easily
decrypt what is encrypted by the public key
 Otherwise, it is computationally infeasible to
decrypt what has been encrypted by the
public key

63. Cryptography
RSA- Example of Asymmetric/Public-Key Cryptosystem
The RSA algorithm
 Used for both public key encryption and digital
signatures.
 Security is based on the difficulty of factoring large
integers.
Major Activities
 Key Generation (Algorithm)
 Encryption
 Digital signing
 Decryption
 Signature verification

64. Cryptography
RSA- Key Generating Algorithm
1. Generate two large random primes, p and q
2. Compute n = pq and (φ) phi = (p-1)(q-1)
3. Choose an integer e, 1 < e < φ, such that gcd(e, phi) = 1
4. Compute the secret exponent d, 1 < d < φ, such that
d = e-1 mod φ , i.e. φ divides (ed-1)
5. The public key is (n, e) and the private key is (n, d).
 Keep all the values d, p, q and φ secret
 n is known as the modulus
 e is known as the public exponent or encryption exponent
 d is known as the secret exponent or decryption exponent.

65. Cryptography
RSA- Encryption
Sender A does the following
 Obtains the recipient B's public key (n, e)
 Represents the plaintext message as a positive integer m
 Computes the ciphertext c = me mod n
 Sends the ciphertext c to B
RSA- Decryption
Recipient B does the following
 Uses his private key (n, d) to compute m = cd mod n
 Extracts the plaintext from the message representative
m

66. Cryptography
RSA- Digital signing
Recipient B does the following
 Uses sender A's public key (n, e) to compute integer v = se mod n
 Extracts the message digest from this integer
 Independently computes the message digest of the information that has
been signed
 If both message digests are identical, the signature is valid
RSA- Signature verification
Sender A does the following
 Creates a message digest of the information to be sent
 Represents this digest as an integer m between 0 and n-1
 Uses her private key (n, d) to compute the signature
s = md mod n.
 Sends this signature s to the recipient, B.

67. Cryptography
RSA- Key Generating Algorithm
1. Generate two large random primes, p and q
2. Compute n = pq and (φ) phi = (p-1)(q-1)
3. Choose an integer e, 1 < e < φ, such that gcd(e, phi) = 1
4. Compute the secret exponent d, 1 < d < φ, such that
d = e-1 mod φ , i.e. φ divides (ed-1)
5. The public key is (n, e) and the private key is (n, d).
 Keep all the values d, p, q and φ secret
 n is known as the modulus
 e is known as the public exponent or encryption exponent
 d is known as the secret exponent or decryption exponent.

68. Cryptography
RSA- Key Generation Simple Example
1. Select primes p=11, q=3.
2. n = pq = 11*3 = 33
phi = (p-1)(q-1) = 10*2 = 20
3. Choose e=3
Check gcd(e, p-1) = gcd(3, 10) = 1 (i.e. 3 and 10 are relatively prime -
have no common factors except 1) and check gcd(e, q-1) = gcd(3, 2) = 1,
therefore gcd(e, phi) = gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1
4. Compute d (1<d<phi) such that d = e-1 mod phi = 3-1 mod 20
i.e. find a value for d such that phi divides ed-1 (20 divides 3d-1.)
Simple testing (d = 2, 3 ...) gives d = 7
Check: ed-1 = 3*7 - 1 = 20, which is divisible by phi (20).
5. Public key = (n, e) = (33, 3)
Private key = (n, d) = (33, 7).

69. Cryptography
RSA- Encryption Example
Now say we want to encrypt the message m = 7
 c = me mod n = 73 mod 33 = 343 mod 33 = 13
 Hence the ciphertext c = 13
To check decryption we compute
 m = cd mod n = 137 mod 33 = 7
RSA- Decryption Example
Given
Public key = (n, e) = (33, 3)
Private key = (n, d) = (33, 7)

70. Cryptography
RSA- More Meaningful Example
Message: ATTACKxATxSEVEN
Grouping the characters into blocks of three and computing a
message representative integer for each block:
 ATT ACK XAT XSE VEN
 In the same way that a decimal number can be represented as the sum
of powers of ten, e.g. 135 = 1 x 102 + 3 x 101 + 5, we could represent our
blocks of three characters in base 26 using A=0, B=1, C=2, ..., Z=25
ATT = 0 x 262 + 19 x 261 + 19 = 513
ACK = 0 x 262 + 2 x 261 + 10 = 62
XAT = 23 x 262 + 0 x 261 + 19 = 15567
XSE = 23 x 262 + 18 x 261 + 4 = 16020
VEN = 21 x 262 + 4 x 261 + 13 = 14313

71. Cryptography
RSA- More Meaningful Example – Key Generation
1. We "generate" primes p=137 and q=131 (we cheat by
looking for suitable primes around √n)
2. n = pq = 137*131 = 17,947
phi = (p-1)(q-1) = 136*130 = 17680
3. Select e = 3
check gcd(e, p-1) = gcd(3, 136) = 1, OK and
check gcd(e, q-1) = gcd(3, 130) = 1, OK.
4. Compute d = e-1 mod phi = 3-1 mod 17680 = 11787.
 d = e-1 mod phi , i.e. phi divides (ed-1)
5. Hence
 public key, (n, e) = (17947, 3) and
 private key (n, d) = (17947, 11787).

72. Cryptography
RSA- More Meaningful Example – Encryption/Decryption
To encrypt the first integer that represents "ATT“ (513),
we have
 c = me mod n = 5133 mod 17947 = 8363
We can verify that our private key is valid by decrypting
 m = cd mod n = 836311787 mod 17947 = 513
Given
Public key = (n, e) = (17947, 3)
Private key = (n, d) = (17947, 11787)
Overall, our plaintext is represented by the set of integers m
 (513, 62, 15567, 16020, 14313)
 We compute corresponding cipher text integers c = me mod n
 (8363, 5017, 11884, 9546, 13366)

73. Cryptography
Digital Signature

74. Cryptography
Digital Signature for Message Integrity and Confidentiality
Confidentiality insures that messages cannot be
intercepted and read by eavesdroppers
Message integrity insures that messages are protected
against modification
Principles of Digital Signature
 User A signs digitally a message m using “backward”
cryptographic hash of the message m with the private
key of A and attach it to the message m.
 Anybody can then decrypt A’s digital signature using
A’s public key and compare it with the cryptographic
hash of the message m to verify that m was signed by
A and m was not altered.

75. Cryptography
Digital Signature for Assurance
Consider the situation where Bob has just sold Alice something for
500 Birr through a deal that is made by E-mail
Alice sends an E-mail accepting to pay 500 Birr
Two issues need to be taken care of in addition to
authentication
 Alice needs to be assured that Bob will not modify the amount and
show that Alice promised to pay more than 500 Birr
 Bob needs to be assured that Alice will not deny that she sends the
message
If Alice signs the message digitally, the two issues will be solved
There are several ways to place digital signatures
One popular way is to use public-key cryptosystem such as RSA

76. Cryptography
Digital Signature Using Public Key Cryptosystem
Notation: KX
- : Private key of X
KX
+ : Public key of X
When Alice sends her message m to Bob, she
encrypts it with her private key KA
-(m)
If she wants to keep the message content a
secret, she can use Bob’s public key and send
KB
+(m, KA
-(m))
Alice is protected against modification by Bob
since if Bob produces m’, he has to find KA
-(m’)

77. Cryptography
Digital Signature Using Public Key Cryptosystem …

78. Cryptography
Digital Signature Using Message Digest
H = H (m) is sent along m, where H is a cryptographic
hash function
KA
-(H(m)) (or KB
+(m, KA
-(H(m)))) is sent so that Bob
knows that it comes from Alice by decrypting it
Bob hashes the message m and compares it with H that
he has received from Alice
Hash/Message Digest: Short “signature” of the
message, 128–512 bits, that depend on entire message
It is extremely improbable that unequal messages have
same hash
Example: MD5 (Message Digest version 5)

79. Cryptography
Digital Signature Using Message Digest …

80. Cryptography
Key Distribution: Verifying Someone’s Public Key
Even with public-key cryptosystems and digital
signatures, we still have the problem of authentication:
binding users to keys.
Early days articles envisioned phonebook-like database
with Name and Public Key entries.
Attacker can put in his own key for someone else, and
start signing fake contracts (and even checks!).
Maybe we can secure the phonebook, but then it kills the
idea of keys widely and easily available (publicly) .
Problem: How secure is that database itself?

81. Cryptography
Key Distribution: Problems
Distribution of a key is a difficult matter!
Solution: Certification/Certificate Authority (CA)
that signs (certifies) the public key
For public key, we need a body that certifies the
public key is that of the party we need to
communicate with
For a symmetric cryptosystem, the initial key must
be communicated along a secured channel(?)

82. Cryptography
Certification
A certificate is a public key and some naming “stuff”, digitally signed
by someone you trust (third party) - Certification Authority (CA).
Remark: Just because they are CAs doesn’t mean you should trust them.
The critical thing is that the name in the certificate must match the
alleged name.
Common solution to public key distribution today is to have trusted
third party to sign the user’s public encryption key.
Resulting certificate will contain information like user’s name/ID,
user’s public key, name of CA, start date of certificate, and length of
time it is valid.
User publishes certificate with the X.509 standard (for formatting
certificates).

83. Cryptography
Certification - Associated Overheads
An important issue is the longevity of certificates
Lifelong certificates are not feasible
Therefore, we need a way to revoke (cancel) certificates
 Certificate Revocation List (CRL) published regularly
 Problems
 Vulnerability between the publishing and the request for
revocation
 Restricting the lifetime of a certificate
 A client contacts the certification authority for each public key,
checks whether it is valid or not

84. Cryptography
Applications – Electronic Payment
Payment systems - based on direct payment
a) Paying in cash.
b) Using a check.
c) Using a credit card.

85. Cryptography
Applications – Electronic Payment …
Payment systems based on money transfer between banks.
a) Payment by money order.
b) Payment through debit order.

86. Cryptography
Applications – Security in Electronic Payment
General requirements
 In cash based systems (using ATM), the main issue is
authentication
 Use of magnetic card
 PIN
 Digital money
 Protection against fraud
 It should not be possible to use the money more than once
 It should not be possible to use forged money
 Credit card or check based system
 No tampering/alteration
 Protection against repudiation (the buyer denies having made
the order)

87. Cryptography
Applications – Electronic Cash (E-Cash)
There are a number of electronic payment
systems based on the concept of digital coins
E-cash is one of the most famous
 Achieves anonymity in the payment system
 When Alice wants to buy some goods from Bob she
contacts her bank and requests for withdrawal
 The Bank hands out the digital money in the form of
signed notes representing some value with each
having a uniquely associated signature

88. Cryptography
Applications – Electronic Cash (E-Cash) …
To prevent the notes to be copied each note has a
serial number
Bob can check that it is not a forged money by
looking at the bank’s signature
Bob can check that the money has not already
been spent by contacting the bank
The drawback of this system is that the bank has
to remember the serial numbers that have been
spent or not

89. Cryptography
Applications – Secure Electronic Transaction (SET)
SET is the result of efforts by VISA, Mastercard, etc.
to develop a standard way of purchasing goods over a
network using a credit card
SET is an open standard: entire protocol is published
Dual signature is used in order to avoid
 The merchant from knowing the detail of the payment
information
 The Bank from knowing about the order information

90. Cryptography
The concept of session keys after authentication
During the establishment of a secure channel, after the
authentication phase, the communicating parties use
session/temporary keys
Benefits
 The session key is safely discarded when the channel is no longer
used
 When a key is used very often it becomes vulnerable. Thus by
using the main key less often, we make them vulnerable
 Replay attacks can be avoided
Authentication keys are often expensive to replace
Such a combination of long-lasting and cheaper/more
temporary session keys is a good choice

91. Cryptography
Summary
Advantage of private/secret key cryptography is that
it provides better secrecy but needs prearranged key
exchange.
Advantage of public-key cryptography is that it
allows for secrecy between two parties who have not
arranged in advance to have a shared key (or trusted
some third party to give it to them) and the
disadvantage is overhead and speed.
Therefore, in practice, hybrid systems use public-key
to establish session key for private key !!

92. Assignments
Cryptographic Attacks.
END!!!