UNIT-2

Symmetric & Asymmetric Key Cryptography

Symmetric Key encryption

Symmetric-key encryption algorithms in cryptography use a single key or the same

cryptographic keys (secret key) shared between the two parties for both encrypting plain-text
and decrypting cipher-text. The keys could be identical or there could be a simple change to
go between the two keys.

Asymmetric Key encryption

Asymmetric key encryption is an encryption technique using a pair of public and private keys
to encrypt and decrypt plain-text and cipher-text correspondingly when communicating.
Comparatively, asymmetric key encryption takes longer time than symmetric key encryption.
It is also called public-key cryptography. Here, public keys are public and published and
shared widely with everyone.

Types of Cryptographic Algorithms

 1. Symmetric Key Algorithms
o Description: Use the same key for both encryption and decryption.
o Examples: AES (Advanced Encryption Standard), DES (Data Encryption
Standard), Blowfish, RC4.
2. Asymmetric Key Algorithms
o Description: Use a pair of keys—public and private keys—for encryption and
decryption.
o Examples: RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curve
Cryptography), DSA (Digital Signature Algorithm).
3. Hash Functions
o Description: Generate a fixed-size output (hash) from input data, used for data
integrity and authentication.
o Examples: SHA-256 (Secure Hash Algorithm), MD5 (Message Digest
Algorithm 5), SHA-1.
4. Message Authentication Codes (MAC)
o Description: Provide data integrity and authenticity using a secret key.
o Examples: HMAC (Hashed Message Authentication Code), CMAC (Cipher-
based Message Authentication Code).
5. Digital Signatures
o Description: Provide proof of authenticity and integrity of messages.
o Examples: RSA signatures, DSA signatures, ECDSA (Elliptic Curve Digital
Signature Algorithm).
Modes of Operation for Symmetric Key Algorithms
1. ECB (Electronic Codebook)
o Description: Divides plaintext into blocks and encrypts each block
independently.
o Use Case: Simple, but not secure for larger data due to patterns in identical
plaintext blocks.
2. CBC (Cipher Block Chaining)
o Description: Each plaintext block is XORed with the previous ciphertext
block before encryption.
o Use Case: More secure than ECB, but requires an initialization vector (IV).
3. CFB (Cipher Feedback)
 o Description: Operates on smaller units of plaintext (e.g., bytes) and uses
feedback from the previous ciphertext block.
o Use Case: Can encrypt data streams and is suitable for variable-length
messages.
4. OFB (Output Feedback)
o Description: Similar to CFB, but generates keystream blocks independently of
the plaintext.
o Use Case: Resilient to transmission errors, but vulnerable if the same
keystream is reused.
5. CTR (Counter)
o Description: Encrypts a counter value and XORs it with the plaintext.
o Use Case: Supports parallel processing, efficient for large data sizes.
6. GCM (Galois/Counter Mode)
o Description: Combines counter mode encryption with Galois mode
authentication.
o Use Case: Provides both confidentiality and integrity, widely used in secure
communications.
Data Encryption Standard (DES)
The Data Encryption Standard (DES) is a symmetric-key block cipher that encrypts
data in fixed-size blocks of 64 bits using a 56-bit key. Here’s a simplified explanation of
the DES algorithm along with a description of its components and a diagram to
illustrate its operation.
Overview of DES
1. Key Generation:
o The original key is 64 bits, but only 56 bits are used for encryption (the
remaining 8 bits are used for parity).
o The key is divided into 16 subkeys, each 48 bits long, using a series of
permutations and shifts.
2. Initial Permutation (IP):
o The 64-bit input block undergoes an initial permutation.
3. 16 Rounds of Processing:
o The block is divided into two halves (32 bits each).
o For each of the 16 rounds:
▪ The right half is expanded and permuted (E/P).
 ▪ A round key (generated from the original key) is XORed with the
expanded right half.
▪ The result is passed through 8 S-boxes, which substitute the bits
and produce a 32-bit output.
▪ The output is permuted (P).
▪ The left and right halves are swapped for the next round.
4. Final Permutation (IP⁻¹):
o After the 16 rounds, the two halves are combined and undergo a final
permutation, which is the inverse of the initial permutation.
Diagram of DES
Steps in Detail
1. Initial Permutation (IP):
o Rearranges the input bits to create the initial state.
2. Rounds:
o Each round uses a different 48-bit subkey.
o The process involves expansion, key mixing, substitution, and permutation.
3. Final Permutation (IP⁻¹):
o Reverses the initial permutation to produce the final ciphertext.

IDEA - International Data Encryption Algorithm

An IDEA algorithm refers to the International Data Encryption Algorithm, a block

cipher widely used in cryptography. It is designed to provide confidentiality by encrypting
and decrypting messages securely. It operates on 64-bit blocks and uses a 128-bit key for
encryption, making it robust against various attacks.
Here’s a simplified explanation of how the IDEA algorithm works, along with a description
of a block diagram:
Key Features:
1. Block size: 64 bits
2. Key size: 128 bits
3. Rounds: 8.5 rounds of processing
Steps of the IDEA Algorithm:
1. Key Generation:
o The 128-bit key is divided into multiple 16-bit subkeys, which are used in
different rounds of encryption. IDEA requires 52 subkeys, which are derived
from the original key.
2. Block Input:
o The plaintext is divided into 64-bit blocks. Each block is then split into four
16-bit sub-blocks (X1, X2, X3, X4).
3. Rounds of Encryption:
o IDEA has 8 full rounds, each consisting of mathematical operations on the
data using the subkeys.
o In each round, three basic operations are performed:
1. Addition modulo 2^16 (used to combine the sub-blocks)
 2. Multiplication modulo 2^16 + 1 (for mixing and generating non-
linearity)
3. Bitwise XOR (used for diffusion and confusion)
o Sub-blocks are updated after every round.
4. Final Transformation:
o After the 8 full rounds, an additional half-round is applied. The operations in
this half-round are simpler but involve similar operations as in the full rounds.
5. Ciphertext Output:
o After all rounds, the final 64-bit output block is generated, which is the
ciphertext.
6. Decryption:
o The decryption process is similar to encryption but applies the inverse
operations and uses the subkeys in reverse order.
Block Diagram of the IDEA Algorithm
Differential and Linear Cryptanalysis

Cryptanalysis basically has two forms:

1. Linear Cryptanalysis:
Linear cryptanalysis is a general type of cryptanalysis based on discovering affine
approximations to a cipher’s action in cryptography. Block and stream ciphers have both
been subjected to attacks. Linear cryptanalysis is one of the two most common attacks against
block ciphers, with differential cryptanalysis being the other.
2. Differential Cryptanalysis:
Differential cryptanalysis is a sort of cryptanalysis that may be used to decrypt both block
and stream ciphers, as well as cryptographic hash functions. In the widest sense, it is the
study of how alterations in information intake might impact the following difference at the
output. In the context of a block cipher, it refers to a collection of strategies for tracking
differences across a network of transformations, finding where the cipher displays non-
random behavior, and using such attributes to recover the secret key (cryptography key).
Difference between Linear Cryptanalysis and Differential Cryptanalysis

.
No. Linear Cryptanalysis Differential Cryptanalysis

Linear cryptanalysis was basically Differential cryptanalysis was first

invented by Matsui and Yamagishi in defined in the year 1990 by Eli Biham
1. the year 1992. and Adi Shamir.

Linear cryptanalysis always works on a Differential cryptanalysis can work on

2. single bit (one bit at a time). multiple bits at a time.

In the case of Linear cryptanalysis, In the case of differential cryptanalysis

ciphertext attack is a very big plain text attack is a very big
3. disadvantage. disadvantage.

The use of differential cryptanalysis is to

The use of linear cryptanalysis is to
get clues about some critical bits,
figure out what is the linear relationship
reducing the need for an extensive
present between some plaintext bits,
4. search.
.
No. Linear Cryptanalysis Differential Cryptanalysis

The underlying structure of each

Subsets of input attributes refer to the individual input is unimportant in this
internal structures of a single input. case since the input attributes are
5. differential.

The cryptanalyst decrypts each After several encryption rounds,

ciphertext using all available subkeys Cryptanalyst analyses the changes in the
and analyses the resultant intermediate intermediate ciphertext obtained. The
ciphertext to determine the random practice of combining assaults is known
6. outcome for one encryption cycle. as differential linear cryptanalysis.

Any random plaintext is selected in Plaintext is Carefully chosen in

7. Linear Cryptanalysis. Differential Cryptanalysis.

Plaintext is used one by one in linear Plaintext is used in pairs in Differential

8. Cryptanalysis. Cryptanalysis.

Complexity of attack is low in linear Complexity of attack is High in

9. Cryptanalysis. Differential Cryptanalysis

Mathematical relation between

Mathematical relation between plaintexts
plaintexts used has Linear
used has Specific differences (such as
approximation (such as a series of XOR
XOR).
10. operations).

Goal of the attack is to identify the

linear relation between some bits of the Goal of the attack is to Identify some
plaintext, some bits of the cipher text bits of the unknown key.
11. and some bits of the unknown key.
RSA Algorithm

RSA algorithm is a public key encryption technique and is considered as the most secure way
of encryption. It was invented by Rivest, Shamir and Adleman in year 1978 and hence
name RSA algorithm.
Algorithm
The RSA algorithm holds the following features −
● RSA algorithm is a popular exponentiation in a finite field over integers including
prime numbers.
● The integers used by this method are sufficiently large making it difficult to solve.
● There are two sets of keys in this algorithm: private key and public key.
You will have to go through the following steps to work on RSA algorithm −
Step 1: Generate the RSA modulus
The initial procedure begins with selection of two prime numbers namely p and q, and then
calculating their product N, as shown −
N=p*q
Here, let N be the specified large number.
Step 2: Derived Number (e)
Consider number e as a derived number which should be greater than 1 and less than (p-1)
and (q-1). The primary condition will be that there should be no common factor of (p-1) and
(q-1) except 1
Step 3: Public key
The specified pair of numbers n and e forms the RSA public key and it is made public.
Step 4: Private Key
Private Key d is calculated from the numbers p, q and e. The mathematical relationship
between the numbers is as follows −
ed = 1 mod (p-1) (q-1)
The above formula is the basic formula for Extended Euclidean Algorithm, which takes p and
q as the input parameters.
Cryptography Digital signatures

Digital signatures are the public-key primitives of message authentication. In the physical
world, it is common to use handwritten signatures on handwritten or typed messages. They
are used to bind signatory to the message.
Similarly, a digital signature is a technique that binds a person/entity to the digital data. This
binding can be independently verified by receiver as well as any third party.
Digital signature is a cryptographic value that is calculated from the data and a secret key
known only by the signer.
In real world, the receiver of message needs assurance that the message belongs to the sender
and he should not be able to repudiate the origination of that message. This requirement is
very crucial in business applications, since likelihood of a dispute over exchanged data is
very high.
Model of Digital Signature
As mentioned earlier, the digital signature scheme is based on public key cryptography. The
model of digital signature scheme is depicted in the following illustration −
The following points explain the entire process in detail −
● Each person adopting this scheme has a public-private key pair.
● Generally, the key pairs used for encryption/decryption and signing/verifying are
different. The private key used for signing is referred to as the signature key and the
public key as the verification key.
● Signer feeds data to the hash function and generates hash of data.
● Hash value and signature key are then fed to the signature algorithm which produces
the digital signature on given hash. Signature is appended to the data and then both
are sent to the verifier.
● Verifier feeds the digital signature and the verification key into the verification
algorithm. The verification algorithm gives some value as output.
● Verifier also runs same hash function on received data to generate hash value.
● For verification, this hash value and output of verification algorithm are compared.
Based on the comparison result, verifier decides whether the digital signature is valid.
● Since digital signature is created by ‘private’ key of signer and no one else can have
this key; the signer cannot repudiate signing the data in future.

Knapsack Encryption Algorithm

The knapsack cryptosystem, also known as the Merklee-Hellman cipher, begins by

generating user encryption keys as two knapsacks, one public and one private. The public key
is the hard knapsack and the private key is the super-increasing knapsa
Example –
{1, 2, 4, 10, 20, 40} is a super increasing as
1<2, 1+2<4, 1+2+4<10, 1+2+4+10<20 and 1+2+4+10+20<40.
Derive the Public key
● Step-1: Choose a super increasing knapsack {1, 2, 4, 10, 20, 40} as the private key.

● Step-2: Choose two numbers n and m. Multiply all the values of the private key by
the number n and then find modulo m. The value of m must be greater than the sum of
all values in the private key, for example, 110. The number n should have no common
factor with m, for example, 31.

● Step-3: Calculate the values of the Public key using m and n.

1x31 mod(110) = 31
2x31 mod(110) = 62
4x31 mod(110) = 14
10x31 mod(110) = 90
20x31 mod(110) = 70
40x31 mod(110) = 30
● Thus, our public key is {31, 62, 14, 90, 70, 30}
And Private key is {1, 2, 4, 10, 20, 40}.

● Now take an example for understanding the process of encryption and decryption.

● Example – Let our plain text be 100100111100101110.

● 1. Encryption : As our knapsacks contain six values, so we will split our plain text
into groups of six:
● 100100 111100 101110
● Multiply each value of the public key with the corresponding values of each group
and take their sum.
● 100100 {31, 62, 14, 90, 70, 30}
1x31+0x62+0x14+1x90+0x70+0x30 = 121
111100 {31, 62, 14, 90, 70, 30}
1x31+1x62+1x14+1x90+0x70+0x30 = 197
101110 {31, 62, 14, 90, 70, 30}
1x31+0x62+1x14+1x90+1x70+0x30 = 205
● So, our cipher text is 121 197 205.
● 2. Decryption : The receiver receives the cipher text which has to be decrypted. The
receiver also knows the values of m and n.
So, first, we need to find the n−1 n−1 , which is the multiplicative inverse of n mod
m i.e.,
● n x n−1n−1 mod(m) = 131 xn−1n−1 mod(110) = 1n−1n−1 = 71
● Now, we have to multiply 71 with each block of cipher text and take modulo m.
● 121 x 71 mod(110) = 11
● Then, we will have to make the sum of 11 from the values of private key {1, 2, 4, 10,
20, 40} i.e., 1+10=11 so make the corresponding bits 1 and others 0 which is
100100. Similarly,
● 197 x 71 mod(110) = 17
1+2+4+10=17 = 111100
And, 205 x 71 mod(110) = 35
1+4+10+20=35 = 101110
● After combining them we get the decoded text.
100100111100101110 which is our plain text.