CHAPTER 2

CRYPTOGRAPHY
 Cryptography
• Cryptographic algorithm converts a plain text block
into an encrypted block

• They take a fixed length block of message, a fixed key

and generate a block of output

• Modern block ciphers is one of the most widely used

types of cryptographic algorithms
• In cryptography,

- a cipher is an algorithm for performing encryption

and decryption

- the original information is known as plaintext

-the encrypted form as cipher text.

• The operation of a cipher usually depends on a piece
of auxiliary information, called a key

• The encrypting procedure is varied depending on the

key

• A key must be selected before using a cipher to

encrypt a message
 Data Key Data Key Data
Original Symmetric Scrambled Symmetric Original
Δεαρ
Dear Friend, Dear Friend,
Φριενδ,
I have seen I have seen
Ι ηαϖε σεεν
your your
ψουρ
message of message of
μεσσαγε οφ
… …
…
Decryption Encryption
• Cryptography is the art of achieving security by
encoding messages to make them non-readable

• Cryptanalysis is the technique of decoding

messages from a non readable format back to a
readable format without knowing how they were
initially converted
• Cryptology is the combination of cryptography
and cryptanalysis
• Most modern ciphers can be categorized in several
ways:

• By whether they work on

- blocks of symbols usually of a fixed size (block
ciphers)
- continuous stream of symbols (stream ciphers).
• By whether the

- same key is used for both encryption and decryption

(symmetric key algorithm)
- different key is used for each (asymmetric key
algorithm).
 Comparison of Symmetric and Asymmetric
Encryption
Secret Key

Original
Plaintext
Plaintext Ciphertext
Encryption Decryption

Symmetric (Single Key) Cryptography

Public Key Private Key

Original
Plaintext Ciphertext Plaintext
Encryption Decryption

Asymmetric (Two Key) Cryptography

• If the algorithm is symmetric, the key must be
known to the recipient and to no one else.
• If the algorithm is an asymmetric one, the
encrypting key is different from, but closely
related to, the decrypting key
 Block vs Stream Ciphers

• A block cipher is one in which a block of plaintext is

treated as a whole and used to produce a cipher
block of equal length

• block ciphers process messages into blocks, each of

which is then en/decrypted
• Stream cipher is one that encrypts a digital data
stream one bit or one byte at a time

• stream ciphers process messages a bit or byte at a

time when en/decrypting

• many current ciphers are block ciphers

• most symmetric block ciphers are based on a Feistel
Cipher Structure

• The Feistel Cipher uses a combination of substitution

and transposition techniques
Feistel Cipher Structure
• Inputs to the encryption algorithm is a plaintext
block of length 2w bits and a key K

• Plaintext is divided into two halves, Lo and Ro

• These two halves pass through n rounds of

processing
• Combine to produce the cipher text block

• Each round has inputs derived from previous round

and sub key derived from K
• A substitution is performed on the left half of the
data

• This is done by applying a round function F to the

right half of the data and then taking the
exclusive-OR of the output of the function and the
left half of the data
• After performing the substitution, a permutation is
performed

• It consists of the interchange of the two halves of the

data

• This structure is a form of substitution-permutation

network (SPN)
 Block Cipher Design Principles
• Confusion
• Diffusion
• Multiple Iterations
 Parameters and features

• Block size
– increasing size improves security, but slows cipher
• Key size
– increasing size improves security, makes exhaustive key
searching harder, but may slow cipher
• Number of rounds
– increasing number improves security, a typical size is 16
rounds
• Sub key generation
– greater complexity can make analysis harder
• Round function
– greater complexity can make greater resistance to
cryptanalysis
 Considerations in the design of
Feistel cipher
• Fast software en/decryption
– are more recent concerns for practical use and testing
– Encryption is embedded in such a way as to preclude a
hardware implementation

• Fast ease of analysis

– If algorithm is concise and clearly explained , it is easy to
analyze the algorithm for cryptanalytic vulnerabilities
 Data Encryption Standard (DES)
• most widely used block cipher in world

• encrypts 64-bit data using 56-bit key

• DES has become widely used, especially in

financial applications
• Its purpose is to provide a standard method
for protecting sensitive commercial and
unclassified data
• has widespread use
• simple logic operations
• DES uses the two basic techniques of
cryptography
- confusion
- diffusion
• Diffusion is achieved through numerous
permutations and confusions is achieved
through the XOR operation and the S-Boxes.

• This is also called an S-P network.

Working
• The basic process in encryption consists of:

∙ An initial permutation (IP)

∙ 16 rounds of a complex key dependent calculation
f
∙ A final permutation, being the inverse of IP
• The 64 bit text passes through initial
permutation
• IP rearranges the bits to produce the
permuted input
• Rounds involves both permutation and
substitution functions
• The output of the 16th round consist of 64 bits
• It is a function of input text and the key
• The left and right halves are swapped to
produce the pre output
• The pre output is passed through the inverse
IP to produce the 64 bit ciphertext
• The 56 bit key is initially passed through a
permutation function
• For each round a subkey Ki is produced
• Ki is the combination of a left circular shift
and a permutation
 Steps in DES
1. 64 bit plain text is given to IP function
2. IP is performed on plain text
3. IP Produces two halves of permuted block
- LPT
- RPT
4. Each LPT and RPT go through 16 rounds
5. In the end, LPT and RPT are rejoined and a Final
Permutation (FP) is performed
6. Produces a 64 bit cipher text
DES Encryption Algorithm
64-bit Plaintext 64-bit Key

… …
Initial Permuted Choice
Permutation 1

K1 Permuted Choice
Round 1 Left Circular Shift
2

K2 Permuted Choice
Round 2 Left Circular Shift
2

K16 Permuted Choice

Round 16 Left Circular Shift
2

32-bit Swap

Inverse Initial
Permutation
…
64-bit Ciphertext
• Initial key consists of 64 bits

• Before the DES process starts every eight bit of

the key is discarded

• This will result in a 56 bit key from original 64

bit key
Initial Permutation
 Steps of one round

1. Key transformation
2. Expansion Permutation
3. S-box substitution
4. P-box substitution
5. XOR and Swap
Steps in a single round
 Details of a single Round

32 bits 32 bits 28 bits 28 bits

Li-1 Ri-1 Ci-1 Di-1

32 bits
(E-Table)
Permutation
Expansion / Left Shift(s) Left Shift(s)
48 bits
X
48 bits Permutation Choice
O Ki (PC-2)
R
48 bits

Substitution Box
(S-Box)

32 bits
Permutation Box
(P)

32 bits
X
O
R
32 bits

Li Ri Ci Di
• The 64 bit data is divided into two 32-bit L & R
halves

• As for any Feistel cipher, the overall processing

of each round is
Li = Ri–1
Ri = Li–1 xor F(Ri–1, Ki)
• takes 32-bit R half and 48-bit subkey and:
– expands R to 48-bits using perm E
– adds to subkey
– passes through 8 S-boxes to get 32-bit result
– finally permutes this using 32-bit perm P
 Key transformation
• From 56 bit key, a different 48 bit sub key is
generated for all rounds
• This is done using a process called key
transformation
• 28 bit data is circularly shifted 1 or 2 positions,
depending on the round
• For rounds 1,2,9 or 16 , shift is done by one position
Compression permutation
Expansion permutation
 Substitution Boxes (S-Boxes)
• S box substitution is a process that accepts the
48 bit input from the XOR operation involving
the compressed key and expanded RPT, and
produces a 32 bit output using the
substitution technique
• An n x m S box has n inputs and m outputs bits
• DES have eight S-boxes
• Each maps 6 x 4 bits
• Larger the S box, the more difficult to design
• S-boxes are the nonlinear components
• very sensitive design
S-box 1
P-box permutation
 XOR and Swap
• All operations are performed on the 32 bit RPT
• LPT was untouched
• Now LPT is XORed with the output of P box
• Result of this XOR is the new right half for the
next round
• Old RPT will become the new LPT
Final permutation
 DES decryption
• Same algorithm is used for decryption also
• value of tables and operations are shown in
such a way that the algorithm is reversible
• Difference is in the reversal of key portions
• For decryption key is used as
k16, k15, k14 ……. k1
 Strength of DES
• Since the inner working of DES algorithm is
known to all , its strength lies in its key
• Key must be kept secret
• Since 56 bit key is used, there is 256
possibilities of key
 Variation of DES

• Generally accepted method of making DES

more secure through multiple encryption.

• Two main variations of DES are

1. Double DES
2. Triple DES
 Double DES
• It uses two keys K1 and K2
• First performs DES on original plain text using
K1 to get encrypted text
• Again performs DES on encrypted text with
the key K2
 Encryption

Encrypt Cipher Encrypt Cipher

Original PT
Text Text

K1 K2
 Decryption

Cipher Decrypt Cipher Decrypt Original

Text Text Plain Text

K2 K1
 Triple DES
• It is DES –three times

• It includes
1. Triple DES with three keys
2. Triple DES with two keys
 Triple DES with three keys

• Plain text block is first encrypted with a key k1,

then encrypted with a second key k2 and
finally with a third key k3

• All these keys are different from each other

• To encrypt and to obtain the cipher text C,
C=Ek3(Ek2(Ek1(P)))

• To decrypt and to obtain the plain text P,

P=Dk1(Dk2(Dk3(C)))
• It is highly secure

• Major drawback is that it requires 56*3= 168

bits for the key
 Triple DES with two keys

• Uses only two keys

• First key is used twice rather than using a third

key

• It also provide security

• First encrypt the plain text with key k1

• Then decrypt the output with key k2

• Then finally encrypt the output again with key

k1
• Then
C= Ek1(Dk2(Ek1(P)))

• To decrypt the cipher text and to obtain P

P=Dk1(Ek2(Dk1(C)))
 Uses of secret key cryptography
• A block cipher algorithm is the basic building block
for providing security

• TO apply a block cipher in a variety of applications

four “modes of operation” have been defined

• These modes cover all possible applications of

encryption that include DES
• Algorithm mode - combination of a series of
basic algorithm steps on block cipher and
some kind of feedback from the previous step

• Four important algorithm modes are there

 International Data Encryption Algorithm
[IDEA]
• IDEA was originally called PES
( Proposed Encryption Standard)

• Then some improvements are made and

renamed as IPES (Improved Proposed
Encryption Standard)
• It is considered as one of the strongest
cryptographic algorithms
• It was designed to be efficient to compute in
software
• It encrypts 64 bits block of plaintext in to 64
bits blocks of cipher text using a 128 bit key

• It is a block cipher

• Uses confusion and diffusion

• Email privacy technology PGP is made on IDEA

• 64 bit input plain text is divided in to 4
portions
• Each portion is having 16 bits
• These portions are given as the inputs to the
first round
• There are 8 such rounds
• In each round 6 sub-keys are generated from
the original key
• Each sub- key consist of 16 bits
• These sub-keys are applied to the 4 input
blocks P1 to P4
• For first round k1 to k6 keys are generated
• For second round k7 to k12 keys are generated
• For eighth round k43 to k48 keys are
generated
• Final step is the output transformation
• In this 4 sub-keys are generated, k49 to k52
• It will produce 4 blocks of ciphertext C1 to C4
• These are combined to form the final 64 bit
cipher text block
 Rounds
• There are eight rounds

• Each round involves a series of operations on

the four data blocks using six keys

• Various steps are involved and these steps

perform a lot of mathematical operations
• The three basic operations are

XOR
Addition modulo
Multiplication modulo
• If the result of an addition or multiplication of
two 16 bit numbers contains more than 17 bit,
we have to bring it back to 16 bit
• For this purpose we are using the modulo
function
• Various steps involved in one round of IDEA
are as follows
Step1: Multiply* P1 and k1
Step2: Add* P2 and k2
Step3: Add* P3 and k3
Step4: Multiply* P4 and k4
Step5: XOR the result of step1 and step3
Step6: XOR the result of step2 and step4
Step7: Multiply* the result of step5 with k5
Step8: Add* the result of step6 and step7
Step9: Multiply* the result of step8 with k6
Step10: Add* the result of step7 and step9
Step11: XOR the result of step1 and step9
Step12: XOR the result of step3 and step9
Step13: XOR the result of step2 and
step10
Step14: XOR the result of step4 and
step10
 Key Expansion
• Each of the eight rounds make use of six
sub-keys and output transformation uses four
sub-keys

• Initial key consists of 128 bits

• From that 6 sub-keys are generated for the

first round
• Each sub-key uses 16 bit and as a result 96 bits
are used by the first round

• Bit positions 1-96 of the key are used by the

first round

• Positions 97-128 remain unused and they are

given to the second round
• Afterwards IDEA performs one key shifting

• The original key is shifted left circularly by 25

bits

• As a result the 26th bit of the original key

moves to the first position and the 25th bit
becomes the last position
• From this the second round uses the
necessary bits

• The unused bits of the second round is given

to the third round

• The process continues until it reaches the 8th

round
• At the end of the 8th round key is exhausted

• Then output transformation performs a

circular left shift of 25 bits

• Output transformation requires 4 sub-keys

only

• So it uses 64(4*16) bits

• The rest of the unused keys are discarded

 Output transformation
• It is a one time operation
• Takes place at the end of the 8th round
• Input to output transformation is the output
of the 8th round
• This is a 64 bit value divided into four sub
blocks R1 to R4
• It has four sub keys k1 to k4
 Comparison of IDEA with DES
• Both of them operates in rounds
• Both have a complicated mangler function
• Mangler function runs in same direction for
both encryption and decryption
• Both, encryption and decryption are identical
except for key expansion
• In DES same keys are used in reverse order
and in IDEA keys are related in complex
manner
PUBLIC KEY CRYPTOGRAPHY
 Public Key Algorithms

• Public key Algorithm is also known as

asymmetric algorithm

.
• In this user has a pair of keys

• One public key and a private key.

• The private key is kept secret

• public key may be widely distributed

• Incoming
. messages would have been
encrypted with the recipient's public key
and can only be decrypted with his
corresponding private key
Public key cryptosystems are based upon the
following idea

first generate a pair of keys and transmit one of them

(the public key)
Public key is used for encryption
the key which is kept is used to decrypt the
data (private key)
The value of private key cannot be deduced
from the value of the public key

The public key cannot be used to decrypt and

so no third party can decipher data
 RSA
• Named after its authors, Rivest, Shamir and
Adelman

• It was the first algorithm known to be suitable for

signing as well as encryption

• RSA is widely used in electronic commerce

protocols
• RSA involves a public key and a private key.
• The public key can be known to everyone
and is used for encrypting messages.
• Messages encrypted with the public key can
only be decrypted using the private key.
• Real challenge in RSA is the selection and
generation of public and private key
 RSA (for encryption)
• involves a public key and a private key.

• public key can be known to everyone and is

used for encrypting messages.

• Messages encrypted with the public key can

only be decrypted using the private key.

• Real challenge in RSA is the selection and

generation of public and private key
 RSA Key Generation
• users of RSA must:
– determine two primes numbers : p, q
– select either e or d and compute the other

• Select two primes numbers p,q and calculate

n=p.q

• p and q must be large numbers to avoid guessing

Then find
ø(n)=(p-1)(q-1)
• Then select a value of e and calculate d or
alternatively

• Select e such that e is relatively prime to φ(n)

and less than φ(n)

• Then calculate d such that

de modφ(n) = 1
• publish their public encryption key:
KU={e,n}

• keep secret private decryption key:

KR={d,n}
 Key Generation Algorithm

Select p, q p and q both prime

where p not equal to q
calculate n = p x q
calculate φ(n) =(p-1)(q-1)
select integer e e is relatively prime to φ(n)
1<e< φ(n)
calculate d de modφ(n) = 1
public key KU = {e,n}
private key KR = {d,n}
 RSA Encryption
• Consider A transmits public key to B
• A keeps the private key secret.
• B then wishes to send message M to A
• First turns M into a number < n by using an
reversible protocol

• Then computes the cipher text C

C = Me (mod n)
RSA Encryption Algorithm

Plaintext : M<n
e
Ciphertext : C = M (mod n)
 RSA Decryption
• A can recover M from C by using her
private key
• It uses the computation
M=Cd(mod n)

• M is the original message

• C is the cipher text
RSA Decryption Algorithm

Ciphertext : C
d
Plaintext : M= C (mod n)
 Example

• Select 2 prime numbers

Let P=7 and Q = 17

• Calculate N
N = P*Q
= 7 *17
= 119
 φ(n) =(p-1)(q-1)
= (7-1)(17-1)
= 6*16
= 96

• Select e such that e is relatively prime to φ

(n) and less than φ(n)
so select e = 5
• Find d using e

de modφ(n) = 1
d * 5 mod 96 = 1
• D = e-1 modφ(n)

• To find e-1, we have to use extended euclids

algorithm
• Consider d as 77

So that
77 *5 mod 96 =1
385 mod 96 = 1
1 =1
• Assume A want send a character F to B

Using alphabet numbering scheme,

F= 6
M= 6
 For Encrypting
C = Me (mod n)
= 65 (mod 119)
= 777(mod 119)
= 41

This 41 is send through network

 For Decrypting
M = Cd (mod n)
= 41 77 (mod 119)
=6

This gives back the original plain text

 RSA Security
• Three possible approaches to attacking RSA:
1. Brute force :This involves trying all
possible keys
2. Mathematical attacks :based on
difficulty of computing ø(N), by
factoring modulus N
3. Timing attacks : depends on the
running time of decryption algorithm
 RSA (for signing)

⚫ If A wants to send a message M to B along with

digital signature S calculated over M
• Step 1

- sender A uses SHA-1 algorithm to calculate MD1

over M
• Step 2

- sender A encrypts the message digest

with her private key
- output of this process is called as digital
signature of A
• Step 3

- sender A sends original message along with

digital signature to the receiver B
• Step 4

- when B receives message and digital signature,

it uses the same MD algorithm used by A and
calculates its own message digest MD2
• Step 5

- using A’s public key, B will decrypt the digital

signature of A
- it gives MD1
• Step 6

- B compares MD1 and MD2

- if equal , accepts the message
- if not equal , rejects the message
 References
• Block encryption, DES, Block Cipher modes of
operation - cryptography and network security,
William Stallings

• Multiple Encryption DES, IDEA - Cryptography and

network security, Atul Kahate

• RSA – cryptography and network security by

Atul Kahate
 Questions
1. What is cryptography? What are the advantages and
disadvantages of symmetric and asymmetric
algorithms?
2. Explain ECB and CBC mode of encryption
3. Explain following steps in DES algorithm
1. basic Principle
2. Initial Permutation
3. Rounds
4. What are different modes of algorithm? Explain.
5. Differentiate
a. DES and IDEA
b. ECB and CBC
6. Explain symmetric key encryption algorithm IDEA in
detail
7. Name the methods used for encrypting large
messages. Explain any one
8. Explain how security can be provided to DES using
multiple Encryption.
9. Discuss RSA with suitable numerical example
10. What is a digital signature? Explain how
asymmetric key encryption can be used to
generate a digital signature