Ql. Explain key pair generation using the RSA algorithm. (P4 - Appeared 1 Time) (3-7 Marks) Ans: Generating Public Key :Select two prime no's. . Suppose P = 53 and Q =539. Now First part of the Public key :n = P*Q=3127. We also need a small exponent say e: But e Must be o Aninteger © Not be a factor of n. ° 1«e<@(n)] Consider it to be equal to 3. Our Public Key is made of n ande Generating Private Key :We need to calculate (n) : . Such that (n) = (P-1)(Q-1) so, &(n) = 3016 Now calculate Private Key, d: . d= (k*@(n) +1) / e for some integer k For k = 2, the value of d is 2011. Now we are ready with our — Public Key (n = 3127 and e = 3) and Private Key(d = 2011)Cipher key Plaintext | | Ko (128 bits) ——-> AddRoundKey SubBytes | ShiffRows | } Pee @re) tntany Ki (128 bits) AddRoundKey * Byte Substitution (SubBytes)- The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result is in a matrix of four rows and four columns. Shiftrows- Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-inserted on the right side of the row. Shift is carried out as follows - © First row is not shifted. © Second row is shifted one (byte) position to the left. © Third row is shifted two positions to the left. o Fourth rowis shifted three positions to the left. ° The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other. « MixColumns- Each column of four bytes is now transformed using a special mathematical function. This function takes asQ2. Explain encryption and decryption using RSA. (P4 - Appeared 1 Time) (3-7 Marks) Ans: RSA Encryption Suppose the sender wishes to send some text message to someone whose public key is (n, e). The sender then represents the plaintext as a series of numbers less than n. To encrypt the first plaintext P, which is a number modulo n. The encryption process is simple mathematical step as - C=Pemodn In other words, the ciphertext C is equal to the plaintext P multiplied by itself e times and then reduced modulo n. This means that C is also a number less than n. Returning to our Key Generation example with plaintext P = 10, we get ciphertext C - C =105 mod 91 RSA Decryption The decryption process for RSA is also very straightforward. Suppose that the receiver of a public-key pair (n, e) has received a ciphertext C. Receiver raises C to the power of his private key d. The result modulo n will be the plaintext P. Plaintext = Cd mod nQ5. What is the purpose of the X.509 standard? How is an X.509 certificate revoked? (P4 - Appeared | Time) (3-7 Marks) Ans: An X. 509 certificate is a digital certificate that uses the widely accepted international X. 509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate. Purpose of X.509 standard- 509 is a standard defining the format of public-key certificates.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure protocol for browsing the web. They are also used in offline applications, like electronic signatures. 509 certificate revoked- The X. 509 standard defines the format and semantics of a CRI for a public key infrastructure or if a certificate is discovered to be counterfeit, the CA will revoke it and add it to the CRL.Ans: Substitution Cipher Technique Transposition Cipher Technique In substitution Cipher Technique, plain text characters are replaced with other characters, numbers and symbols. In transposition Cipher Technique, plain text characters are rearranged with respect to the position. Substitution Cipher’s forms are: Mono alphabetic substitution cipher and poly alphabetic substitution cipher. Transposition Cipher’s forms are: Keyless transposition cipher and keyed transposition cipher. In substitution Cipher Technique, a character's identity is changed while its position remains unchanged. While in transposition Cipher Technique, The position of the character is changed but the character's identity is not changed. In substitution Cipher Technique, The letter with low frequency can detect plain text. While in transposition Cipher Technique, The Keys which are nearer to the correct key can disclose plain text.Signer's Hashing Data Private Function 1 et) Equal? | t Data | ; ; Hashing Signature ‘ | Verification Function | | Algorithm Signature +) Algorithm | Hash | [a Signer's Hash | Public Key The following points explain the entire process in detail - Each person adopting this scheme has a public-private key pair. Generally, the key pairs used for encryption/decryption and signing/verifying are different. The private key used for signing is referred to as the signature key and the public key as the verification key. Signer feeds data to the hash function and generates hash of data. Hash value and signature key are then fed to the signature algorithm which produces the digital signature on given hash. Signature is appended to the data and then both are sent to the verifier. Verifier feeds the digital signature and the verification key into the verification algorithm. The verification algorithm gives some value as output.Ans: Block Cipher Stream Cipher Block Cipher Converts the plain text into cipher text by taking plain text’s block at a time. Stream Cipher Converts the plain text into cipher text by taking | byte of plain text at a time. Page no - 75 Handcrafted by Engineers | P - Priority Block cipher uses either 64 bits ‘or more than 64 bits. The stream cipher uses 8 bits. The complexity of block cipher is simple. The stream cipher is more complex. Block cipher Uses confusion as well as diffusion. while stream cipher uses only confusion. In block cipher, reverse encrypted text is hard. While in stream cipher, reverse encrypted text is easy. The algorithm modes which are used in block cipher are: ECB (Electronic Code Book) and CBC (Cipher Block Chaining) The algorithm modes which are used in stream cipher are: CFB (Cipher Feedback) and OFB (Output Feedback). Block cipher works on transposition techniques like Caesar cipher, polygram substitution cipher, etc While stream cipher works on substitution techniques like rail-fence technique, columnar transposition technique, etc. Block cipher is slow as compared to stream cipher. While stream cipher is fast in comparison to block cipher.Q4. Discuss in detail encryption and decryption process of AES. (P4 - Appeared 1 Time) (3-7 Marks) Ans: The more popular and widely adopted symmetric encryption An algorithm likely to be encountered nowadays is the Advanced Encryption Standard (AES). It is found at least six times faster than triple DES. e Encryption Process- Here, we restrict to description of a typical round of AES encryption. Each round comprises four sub-processes. The first round process is depicted below -Ans: Monoalphabetic Cipher : A monoalphabetic cipher is any cipher in which the letters of the plain text are mapped to cipher text letters based ona single alphabetic key. Examples of monoalphabetic ciphers would include the Caesar-shift cipher, where each letter is shifted based on a numeric key, and the atbash cipher, where each letter is mapped to the letter symmetric to it about the center of the alphabet. Monoalphabetic cipher is one where each symbol in plain text is mapped to a fixed symbol in cipher text. The relationship between a character in the plain text and the characters in the ciphertext is one-to-one. Each alphabetic character of plain text is mapped onto a unique alphabetic character of a cipher text. A stream cipher is a monoalphabetic cipher if the value of the key does not depend on the position of the plain text character in the plain text stream. It includes additive, multiplicative, affine and monoalphabetic substitution cipher. It is a simple substitution cipher.Q4. Explain man in middle attack in Diffie Hellman key exchange. (P4 - Appeared 1 Time) (3-7 Marks) Ans: MIM in Diffie Hellman Key Exchange: The Diffie-Hellman key exchange is vulnerable to a man-in-the-middle attack. In this attack, an opponent Carol intercepts Alice's public value and sends her own public value to Bob. When Bob transmits his public value, Carol substitutes it with her own and sends it to Alice. Carol and Alice thus agree on one shared key and Carol and Bob agree on another shared key. After this exchange, Carol simply decrypts any messages sent out by Alice or Bob, and then reads and possibly modifies them before re-encrypting with the appropriate key and transmitting them to the other party. This vulnerability is present because Diffie-Hellman key exchange does not authenticate the participants. PossibleQ13. bescribe the Diffie Hellman key exchange Algorithm with example. (P4 - Appeared 1 Time) (3-7 Marks) Page no - 56 Handerafted by Engineers | P - Priority Ans: In Public key encryption schemes are secure only if authenticity of the public key is assured. * Diffie-Hellman key exchange is a simple public key algorithm. The protocol enables 2 users to establish a secret key using a public key scheme based on discrete algorithms. The protocol is secure only if the authenticity of the 2 participants can be established. Or this scheme, there are 2 publicly known numbers A prime number q An integer a that is a primitive root of q. * Suppose users A and B wish to exchange the key. User A selects a random integer XAcalculated by user A=(aXBmod q)Xmod q=(axB)XA(mod q)->By rules of modular arithmetic=aXB mod q=(aXA)XBmod qk =(YB)XAmod q->calculated by user A=(aXBmod q)Xmod q=(axB)XA(mod q)->By rules of modular arithmetic=axB mod q=(axA)XBmod gk=(axAmod q)XBmod q Diffie Hellman key Exchange AlgorithmQl 6. Write the differences between conventional encryption and public key encryption. (P4 - Appeared 1 Time) (3-7 Marks) Ans: Conventional encryption Public key encryption. It is a type of cryptographic system which uses a single key to both encrypt the message and decrypt it It is a type of encryption scheme which instead of a single key iuses a pair of keys to encrypt the message and decrypt it. The same secret key is shared by the sender and the recipient The public can be shared freely to anyone while the private key Page no - 62 Handcrafted by Engineers | P - Priority and must be kept secret at all times is kept secret and is known only to the recipient. Conventional encryption algorithms are generally faster because they do not require as many CPU cycles as public key encryption Public key encryption schemes are typically substantial slower than conventional encryption algorithms. Itis less secure because the same secret key is shared by both the sender and the recipient. It is more secure because the secret key is only known to the receiver and there are infinite numbers of possibilities for keys.Q8. explain Eigamal Digital signature Scheme. - Module No 11| (4M)(P2-Appeared 3 time) (3-7 marks) Ans Page no- :As with Elgamal encryption, the global elements of Elgamal digital signature are a prime number q and a, which is a primitive root of q. User A generates a private/public key pair as follows. 1. Generate a random integer XA, such that 1 6 XA 6 q- 1. 2. Compute YA = aXA mod q. 156 Handcrafted by Engineers I P - Priority 3. A’s private key is XA; A's pubic key is {q, a, YA}. To sign a message M, user A first computes the hash m = H(M), such that m is an integer in the range 0..m..q-1LA then forms a digital signature as follows. 1. Choose a random integer K such that 1... K ..q- land ged(k, q-1) = 1. Thatis, K is relatively prime to q - 1 2. Compute $1 = akKmod q. Note that this is the same as the computation of Cl for Elgamal encryption. 3, Compute K-] mod (q - 1). That is, compute the inverse of K modulo q - 1. 4, Compute S2 = K-1 (m - XASI)mod (q ~ 1). 5. The signature consists of the pair (SI, $2). Any user B can verify the signature as follows. 1. Compute V1 = am mod q. 2. Compute V2 = (YA) SI (S1) $2 mod q. The signature is valid if V1 = V2. Let us demonstrate that this is so. Assume that the equality is true. Then we have am mod q = (YA) SI (SI) $2 mod q assume VI = V2am mod q = AXASI aKS2 mod q substituting for YA and $1 am-XA Sl mod q = aKS2 mod q rearranging terms m - XASI K KS2 mod (q - 1) property of primitive roots m ~ XASI K KK-1 (m - XASI) mod (q - 1) substituting for $2 For example, let us start with the prime field GF(19); that is, q = 19. It has primitive roots {2, 3, 10, 13, 14, 15} We choose a = 10.Q2. Explain one time pad cipher with an example. (P4 - Appeared 1 Time) (3-7 Marks) Ans: One-time pad cipher : One-time pad cipher is a type of Vignere cipher which includes the following features - © [tis an unbreakable cipher. * The key is exactly the same as the length of the message which is encrypted. * The key is made up of random symbols. Page no - 21 Handcrafted by Engineers | P - Priority * As the name suggests, the key is used one time only and never used again for any other message to be encrypted Due to this, encrypted messages will be vulnerable to attack for a cryptanalyst. The key used for a one-time pad cipher is called pad, s it is printed on pads of paper. The key is unbreakable owing to the following features ~ * The key is as long as the given message. * The keys truly random and specially auto-generated. © Key and plain text calculated as modulo 10/26/2. * Each key should be used once and destroyed by both sender and receiver. * There should be two copies of the key: one with the sender and other with the receiver. * Encryption: To encrypt a letter, a user needs to write a key underneath the plaintext. The plaintext letter is placed on the top and the key letter on the left. The cross section achieved between two letters is the plain text. Itis described in the example below © Plain text: THIS IS SECRET o OTP-ket: XVHE UW NOPGDZ © Cipher text: QCPW CO FSRXHS, © In groups: QCPWC OFSRX HS © Decryption: To decrypt a letter, the user takes the key letterQ3. Explain Ditfie Hellman key exchange algorithm. (P4 - Appeared I Time) (3-7 Marks) Ans: Diffie-Hellman algorithm- The Diffie-Hellman algorithm is being used to establish a shared secret that can be used for secret communications while exchanging data over a public network using the elliptic curve to generate points and get the secret key using the parameters. For the sake of simplicity and practical implementation of the algorithm, we will consider only 4 variables: one prime P and G (a primitive root of P) and two private values a and b. P and G are both publicly available numbers. Users (say Alice and Bob) pick private values a and b and they generate a key and exchange it publicly, the opposite person receives the key and from that generates a secret key after which they have the same secret key to encrypt. Example: Page no - Step I: Alice and Bob get public numbers P = 23, G = 9 Step 2: Alice selected a private key a = 4 and Bob selected a private key b = 3 Step 3: Alice and Bob compute public values Alice: x =(944 mod 23) = (6561 mod 23) = 6 45 Handcrafted by Engineers | P - Priority Bob: y = (9A3 mod 23) = (729 mod 23) = 16 Step 4: Alice and Bob exchange public numbers Step 5: Alice receives public key y =16 and Bob receives public key x = 6 Step 6: Alice and Bob compute symmetric keys Alice: ka = yAa mod p = 65536 mod 23 =9 Bob: kb = xAb mod p = 216 mod 23 = 9 Step 7: is the shared secret.