Specifications and Algorithms of Cryptographic

Processes
with Python Examples

Introduction
This document summarizes the specifications and algorithms of various cryptographic
processes, including symmetric and asymmetric ciphers, hash functions, key exchange
protocols, and security frameworks. Each section includes a Python code example where
appropriate.

Security Note
• Avoid deprecated algorithms: MD5, RC4, DES, SHA1 (marked with †)

• Use AES-128/256, SHA-256/384, RSA-2048+, ECC-256+ in production

• Always use modern cryptographic libraries (PyCryptodome, cryptography)

1 AES (Advanced Encryption Standard)

Specifications
• Symmetric block cipher

• Block size: 128 bits

• Key sizes: 128, 192, or 256 bits

• Rounds: 10, 12, or 14 (depending on key size)

Algorithm
1. Key Expansion: Derive round keys from the cipher key.

2. Initial Round: AddRoundKey (XOR state with round key).

3. Main Rounds (9/11/13 rounds):

• SubBytes: Non-linear byte substitution using S-box.

1
 • ShiftRows: Cyclically shift rows.
• MixColumns: Mix columns using finite field arithmetic.
• AddRoundKey.

4. Final Round: SubBytes, ShiftRows, AddRoundKey (no MixColumns).

Python Example
1 from Crypto . Cipher import AES
2 from Crypto . Random import get_random_bytes
3
4 key = get_random_bytes (32) # AES -256
5 data = b " Sensitive data "
6 cipher = AES . new ( key , AES . MODE_GCM )
7 ciphertext , tag = cipher . en cr yp t_ an d_ di ge st ( data )
8

9 # Decryption
10 try :
11 cipher = AES . new ( key , AES . MODE_GCM , nonce = cipher . nonce )
12 plaintext = cipher . d ecr yp t_ an d_ ve ri fy ( ciphertext , tag )
13 except ValueError :
14 print ( " Authentication failed " )

2 DES and 3DES †

Specifications
• Symmetric block cipher

• DES: 64-bit block, 56-bit key, 16 rounds

• 3DES: 168-bit key (three DES operations)

Algorithm
1. Initial Permutation

2. 16 Feistel Rounds: Expansion, key mixing, S-box substitution, permutation

3. Final Permutation (inverse of initial)

4. 3DES: Encrypt-Decrypt-Encrypt (EDE) sequence with 2 or 3 keys

Python Example
1 from Crypto . Cipher import DES3
2 from Crypto . Util . Padding import pad
3
4 key = DES3 . a djust_ key_pa rity ( get_random_bytes (24) ) # 3 DES
5 data = pad ( b " Legacy data " , DES3 . block_size )
6 cipher = DES3 . new ( key , DES3 . MODE_CBC )

2
7 ciphertext = cipher . encrypt ( data )
8
9 # Warning : DES /3 DES is vulnerable to brute - force attacks

3 IDEA (International Data Encryption Algorithm)

Specifications
• Symmetric block cipher

• Block size: 64 bits

• Key size: 128 bits

• 8.5 rounds

Algorithm
1. Key Schedule: Generate 52 subkeys from the 128-bit key

2. 8 Rounds: Modular addition, modular multiplication, XOR

3. Output Transformation: Final key mixing

Python Example
1 # No standard Python implementation available
2 # Use AES instead for modern applications

4 Linear Congruential Generator (LCG)

Specifications
• Pseudorandom number generator

• Formula: Xn+1 = (aXn + c) mod m

Algorithm
1. Choose parameters a, c, m, and seed X0

2. Iterate: Xn+1 = (aXn + c) mod m

3
 Python Example
1 class LCG :
2 def __init__ ( self , seed , a =1103515245 , c =12345 , m =2**31) :
3 self . state = seed
4 self . a = a
5 self . c = c
6 self . m = m
7 def next ( self ) :
8 self . state = ( self . a * self . state + self . c ) % self . m
9 return self . state
10 # Not crypt ograph ically secure

5 Blum Blum Shub (BBS)

Specifications
• Cryptographically secure pseudorandom number generator

• Based on integer factorization

Algorithm
1. Choose primes p, q ≡ 3 mod 4, compute M = pq

2. Select seed x0 coprime to M

3. Iterate: xn+1 = x2n mod M ; output bits from xn+1

Python Example
1 from sympy import nextprime
2
3 def bbs_primes () :
4 p = nextprime (0 xdeadbeef )
5 while p % 4 != 3: p = nextprime ( p )
6 q = nextprime (0 xcafebabe )
7 while q % 4 != 3: q = nextprime ( q )
8 return p , q
9
10 p , q = bbs_primes ()
11 seed = 0 x12345678
12 for _ in range (10) :
13 seed = pow ( seed , 2 , p * q )
14 print ( seed & 1 , end = ’ ’)

6 RC4 †
Specifications
• Stream cipher

4
 • Key size: 40–2048 bits

Algorithm
1. Key Scheduling Algorithm (KSA): Initialize a 256-byte state array using the key

2. Pseudo-Random Generation Algorithm (PRGA): Generate keystream by permuting

the state array

Python Example
1 # Historical reference only - insecure !
2 def rc4 ( key , data ) :
3 S = list ( range (256) )
4 j = 0
5 # Key - scheduling
6 for i in range (256) :
7 j = ( j + S [ i ] + key [ i % len ( key ) ]) % 256
8 S[i], S[j] = S[j], S[i]
9 # PRGA
10 i = j = 0
11 out = []
12 for byte in data :
13 i = ( i + 1) % 256
14 j = ( j + S [ i ]) % 256
15 S[i], S[j] = S[j], S[i]
16 out . append ( byte ^ S [( S [ i ] + S [ j ]) % 256])
17 return bytes ( out )

7 RSA
Specifications
• Asymmetric encryption

• Key sizes: 1024–4096 bits

Algorithm
1. Key Generation: Choose primes p, q, compute n = pq, ϕ(n), select e, compute d

2. Encryption: c = me mod n

3. Decryption: m = cd mod n

Python Example
1 from Crypto . PublicKey import RSA
2 from Crypto . Cipher import PKCS1_OAEP
3
4 key = RSA . generate (3072)

5
 5 public_key = key . publickey ()
6 cipher = PKCS1_OAEP . new ( public_key )
7 ciphertext = cipher . encrypt ( b " RSA - encrypted data " )
8
9 # Decryption
10 cipher = PKCS1_OAEP . new ( key )
11 plaintext = cipher . decrypt ( ciphertext )

8 ElGamal
Specifications
• Asymmetric encryption and digital signatures

• Security based on discrete logarithm problem

Algorithm
1. Key Generation: Choose group, generator g, private key x, public key h = g x

2. Encryption: Select random k, compute c1 = g k , c2 = m · hk

3. Decryption: m = c2 /cx1

Python Example
1 from cryptography . hazmat . primitives . asymmetric import dsa
2 from cryptography . hazmat . primitives import hashes
3
4 private_key = dsa . g e n e r a t e _ p r i v a t e _ k e y ( key_size =3072)
5 signature = private_key . sign ( b " message " , hashes . SHA256 () )
6 public_key = private_key . public_key ()
7 public_key . verify ( signature , b " message " , hashes . SHA256 () )

9 Elliptic Curve Cryptography (ECC)

Specifications
• Asymmetric encryption

• Key sizes: 160–521 bits

Algorithm
1. Key Generation: Private key d, public key Q = d · G

2. ECDH: Shared secret = d1 · Q2 = d2 · Q1

6
 Python Example
1 from cryptography . hazmat . primitives . asymmetric import ec
2 from cryptography . hazmat . primitives import hashes
3
4 private_key = ec . g e n e r a t e _ p r i v a t e _ k e y ( ec . SECP384_R1 () )
5 public_key = private_key . public_key ()
6 signature = private_key . sign ( b " message " , ec . ECDSA ( hashes . SHA256 () ) )
7 public_key . verify ( signature , b " message " , ec . ECDSA ( hashes . SHA256 () ) )

10 RSADSA (RSA Digital Signature Algorithm)

Specifications
• RSA-based digital signature scheme

Algorithm
1. Signing: s = Hash(m)d mod n

2. Verification: Check se mod n = Hash(m)

11 DSS (Digital Signature Standard, ElGamal DSA)

Specifications
• Digital signature based on ElGamal

Algorithm
1. Key Generation: Choose p, q, g, x, compute y = g x

2. Signing: Select k, compute r = (g k mod p) mod q, s = k −1 (Hash(m)+xr) mod q

−1 Hash(m) −1 r
3. Verification: Check r = (g s · ys mod p) mod q

12 ECCDSA (Elliptic Curve DSA)

Specifications
• Elliptic curve-based digital signature

Algorithm
1. Signing: Compute k · G = (x1 , y1 ), r = x1 mod n, s = k −1 (Hash(m) + dr) mod n

2. Verification: Check r equals x-coordinate of s−1 Hash(m) · G + s−1 r · Q

7
 13 Diffie-Hellman Key Exchange
Two-Party
1. Agree on prime p and generator g

2. Alice sends A = g a mod p, Bob sends B = g b mod p

3. Shared secret: s = Ab = B a mod p

Three-Party
1. Each party selects a private key and exchanges public values

2. Shared secret: s = g abc mod p

Python Example (ECDH)

1 from cryptography . hazmat . primitives . asymmetric import ec
2
3 # Alice
4 alice_priv = ec . g e n e r a t e _ p r i v a t e _ k e y ( ec . SECP384_R1 () )
5 alice_pub = alice_priv . public_key ()
6
7 # Bob
8 bob_priv = ec . g e n e r a t e _ p r i v a t e _ k e y ( ec . SECP384_R1 () )
9 bob_pub = bob_priv . public_key ()
10
11 # Shared secret
12 alice_shared = alice_priv . exchange ( ec . ECDH () , bob_pub )
13 bob_shared = bob_priv . exchange ( ec . ECDH () , alice_pub )
14 assert alice_shared == bob_shared

14 MD5 †
Specifications
• Hash function

• Output: 128 bits

• Vulnerable to collisions

Algorithm
1. Padding: Extend message to 512-bit blocks

2. Process blocks using compression function and constants

8
 Python Example
1 import hashlib
2 print ( hashlib . md5 ( b " test " ) . hexdigest () ) # Do not use for security

15 HMAC
Specifications
• Hash-based Message Authentication Code

Algorithm
1. HMAC(K, m) = Hash((K ⊕ opad) ∥ Hash((K ⊕ ipad) ∥ m))

Python Example
1 import hmac , hashlib
2 key = b " secret "
3 msg = b " authenticated "
4 digest = hmac . new ( key , msg , hashlib . sha256 ) . hexdigest ()

16 Kerberos
Specifications
• Authentication protocol

Algorithm
1. AS Exchange: Client requests Ticket-Granting Ticket (TGT)
2. TGS Exchange: Client presents TGT for service ticket
3. Client/Server Exchange: Service ticket grants access

Python Example
1 # Use python - krb5 library for real implementations
2 from krb5 import Krb5Context
3 ctx = Krb5Context ()
4 principal = ctx . parse_name ( " user@EXAMPLE . COM " )

17 X.509
Specifications
• PKI certificate standard

9
 Structure
• Issuer, Subject, Validity, Public Key, Signature

Python Example
1 from cryptography import x509
2 from cryptography . x509 . oid import NameOID
3 from cryptography . hazmat . primitives import hashes
4 from datetime import datetime , timedelta
5
6 subject = issuer = x509 . Name ([
7 x509 . NameAttribute ( NameOID . COUNTRY_NAME , " US " ) ,
8 x509 . NameAttribute ( NameOID . COMMON_NAME , " example . com " ) ,
9 ])
10 cert = x509 . C er ti fi ca te Bu il de r () . subject_name (
11 subject
12 ) . issuer_name (
13 issuer
14 ) . public_key (
15 public_key
16 ) . serial_number (
17 x509 . r a n d o m _ s e r i a l _ n u m b e r ()
18 ) . not_valid_before (
19 datetime . utcnow ()
20 ) . not_valid_after (
21 datetime . utcnow () + timedelta ( days =365)
22 ) . sign ( private_key , hashes . SHA256 () )

18 PKI (Public Key Infrastructure)

Components
• Certificate Authority (CA): Issues certificates

• Registration Authority (RA): Validates identities

• CRL/OCSP: Revocation checking

19 SSL/TLS
Specifications
• Transport-layer security protocol

Handshake Steps
1. Cipher suite negotiation

2. Key exchange (e.g., RSA, ECDHE)

3. Authentication via certificates

10
 4. Symmetric encryption setup

Python Example
1 import ssl , socket
2 context = ssl . c r e a t e _ d e f a u l t _ c o n t e x t ()
3 with socket . cr eate_c onnect ion (( " example . com " , 443) ) as sock :
4 with context . wrap_socket ( sock , server_hostname = " example . com " ) as
ssock :
5 print ( ssock . version () )

20 IPSec
Specifications
• Network-layer security protocol

• Modes: Transport, Tunnel

• Protocols: AH (Authentication Header), ESP (Encapsulating Security Payload)

Algorithm
1. IKE: Establish Security Associations (SAs)

2. Data Transfer: Encrypted/Authenticated via SAs

11