760 likes | 1.75k Views
Cryptography. Presentation By Aniket Pujari. What is cryptography?. Definition : Cryptography is the art and science of achieving security by encoding message to make them non-readable. Cryptographic System. R#5 %^&”m,:p0S89!@^%$jhnlO0-#$. This is presentation on cryptography.
E N D
Cryptography Presentation By Aniket Pujari
What is cryptography? • Definition : Cryptography is the art and science of achieving security by encoding message to make them non-readable. Cryptographic System R#5 %^&”m,:p0S89!@^%$jhnlO0-#$ This is presentation on cryptography Readable message Unreadable message This process is systematic and well-structured
Some more terms need to be introduced in this presentation: • Cryptanalysis: It is the technique of decoding messages from a • non-readable format back to readable format without knowing • how they were initially converted from readable format to • non-readable format. • Cryptology: It is a combination of cryptography and cryptanalysis • Substitution technique: In this technique, the characters of a • plaintext message are replaced by other characters, numbers or • symbols. Caesar cipher is use a substitution technique. • Transportation technique: It is different from substitution • technique; in this technique do not simply replace one alphabet • with another: they also perform some permutation over the plain • text alphabets. • Symmetrical and asymmetrical method:
Symmetric key cryptography:In this method , the same key was • used for encryption and decryption.Therefore , both the sender and • the receiver had to know and agree about the key in advance.DES • was based on symmetric key cryptography. A few well-known • examples are: DES, Triple-DES (3DES), IDEA, CAST5, BLOWFISH, and • TWOFISH. • Asymmetric key cryptography:In this method, there are two pair • of key, one for encryption and decryption. If the message is encrypt by • one key, only the other key in a pair can decrypt it.the key which used • for encryption is known as private key and the key which used for • decryption is known as public key cryptography(PKC). Well-known • asymmetric algorithms are RSA, DSA, and ELGAMAL. • Algorithm type: • Stream cipher:in this method,the plain text is encrypted one byte • at a time. • Block cipher: in this method a block of bytes is encrypted at a time.
Used of cryptography in World war I and II: Cryptography was employed during world war I , two of the more notable machines were employed during world war II : the German enigma machine , developed Arthur Scherbius, and the Japanese Purple machine, developed using techniques first discovered by Herbert O Yardley. • Father of western cryptography: Leon Battista Alberta is known as ‘ the father of western cryptography’ in part, because of his development of polyalphabetic substitution. • Father of American cryptography: The father of American cryptography is James Lovell. He was loyal to the colonies, and solved many British ciphers some of which led to the revolutionary victories.
Historical used of cryptography: • Caesar cipher:Julius Caesar used another method • called Caesar cipher. The Caesar cipher was reputedly • used by the Emperor Julius Caesar to communicate • with his generals. • Given a plain text message like ATTACKATDAWN • we encrypt by shifting each letter forward a certain • distance in the alphabet. • For example, if we shift back three letters we get the • cipher text XQQXZHXQAXTK. • Think of the letters of the alphabet as being Arranged • in a circle, so that shifting A back by 1 unit gives Z, • shifting back by 2 gives Y, etc. To decode, we just shift • forward by 3. The key for this code is the number • 3.The Caesar code is easy to break even without the key.
Egyptian method: • Historical records available of this method date back • to 2000 B.C.in Egypt, where hieroglyphics were used to decorate the • tombs of dead rulers and kings. These hieroglyphics narrated the story • of the life of the king and talkedabout the great acts of his life. • They were deliberately cryptic, but not intended to hide the text. As • time went by, these writings became more and more complicated and • therefore, difficult to write as well as understand.
Symmetrical key algorithm: In the section; we study the symmetrical key algorithm by taking the example of data encryption standard(DES). Data encryption standard: (In 1970 , Dr. Horst Feistel established the precursor to what we today call data encryption standard(DES).Today Triple DES is security standard used by US financial institutions.) The DES (Data Encryption Standard) algorithm is the most widely used encryption algorithm in the world. For many years, and among many people, "secret code making" and DES have been synonymous. And despite the recent coup by the Electronic Frontier Foundation in creating a $220,000 machine to crack DES- encrypted messages.DES is generally used in the ECB,CBC or the CFB mode. The origins of DES go back to 1972,when in the US,The national bureau of standards(NBS) ,now known as the national institute of standards and technology(NIST) embarked upon a project for protecting the data in computers and computer communication. They wanted to develop a single cryptographic algorithm . After two years, NBS realized that IBM’s Lucifercould be considered as a serious candidate. when IBM submitted a candidate thatit had developed internally under the name LUCIFER.
After evaluating the algorithm with the help of the National Security Agency (NSA), • the NBS adopted a modification of the LUCIFER algorithm as the new Data Encryption • Standard (DES) on July 15, 1977 Main features of DES: • It is used symmetric key algorithm. • It used same key for encryption and decryption • It is a block cipher. • It encrypt data in blocks of size 64 bits each. • The key length is 56 bits. Thus, there are 2⁵⁶ possible key. • Single requires 1000 year to crack this key if one DES encryption per • microsecond • Interestingly; the original proposal was to make use of 112 bit key. Problem associated with 112 bit keys: • It required more computational power • It hard to transmit • Create huge amount of pairs of keys.
Variation of DES: There are two main variation of DES have emerged, which are Double DES and Triple DES Double DES: It does twice what DES normally does once It used two keys K1 and K2. It is more secure than DES .becuase it encrypt the the PT twice. Original Plain Text Cipher Text Cipher Text Encrypt Encrypt K1 K2
Triple DES: It is more secure than Double DES It used three or two keys for encryption The plain text P encrypted using k1 then k2 and finally k3. Original Plain Text Encrypt Cipher Text Encrypt Cipher Text Encrypt K1 K2 K3 Cipher Text
Triple DES with Two Keys: Three key has drawback that it required 56 X3=168 bits for the keys which can be slightly difficult to have in practical situation. A workaround suggested by Tuchman uses just two keys for Triple DES Here, the algorithm works as follows: Encrypts the plain text with key K1,thus we have E k1(p). Decrypt the output of step 1 above with key k2. thus we have Dk2(Ek1(p)). Finally , encrypt the output of step2 again with key k1. thus, we have Ek1(Dk2(Ek1(p))). 3.To decrypt the cipher text C and obtain the original plain text P, we have to perform the operation p =Dk1(Ek2(Dk1C)))
How DES works: • DES based on two fundamental attribute of cryptography • Substitution (also called confusion) • Transportation (also called deffusion) • DES consist of 16 steps each of which called round. • DES used 56 bit keys.Actually ,initial key consist of 64 bits.however before the DES process even starts ,every eighth bit of the key is discared to produce a 56 bit key. • Discard bit are used for parity checking to ensure that the key does not contain any errors. Original 64-bit key Key discarding process Resulting 56-bit key Key Discarding Process
Les us now discuss the broad-level steps in DES: In the first step, the 64-bit plain text block is handed over to an Initial Permutation (IP) function. The initial permutation is performed on Plain text. Next, the initial permutation (IP) produces two halves of the permuted block; say Left plain text(LPT) and Right plain text(RPT). Now ,each of LPT and RPT go through 16 rounds of encryption process. In the end , LPT and RPT are rejoined and a final permutation (FP) is performed on the combined block. The result of this process produces 64-bit cipher text.
Plain text (64 bits) Initial Permutation(IP) LPT RPT 16 rounds 16 rounds KEY KEY Final Permutation(FP) Cipher text (64 bits) Brief steps in DES
Each of the 16 rounds , in turn consists of the broad level steps as follows: Key Transformation Expansion Permutation S-box substitution P-box substitution XOR and SWAP
Initial permutation(IP):in this IP replaces the first bit of the original plain text block With the 58th bit of the original plain text block, the second bit with the 50th bit of the Original plain text and so on. Initial permutation (IP) table Step 1.Key transformation:From the 56 bit key , a different 48 bit subkey is generated during Each round using a process called as key transformation.for this, the 56 bit key is divided into two halves,each of 28 bits.these halves are circularly shifted left by one or two position. Depanding on the round. For example, if the round number is 1,2,9 or 16, the shift is done by only position.
Numberof key bits shifted per round We observe the table carefully we will realize that it contains only 48bit position. Bit number 18 is discarded like 7 others, to reduce the 56 bit key to a 48 bit key . Since the key transformation process involves permutation as well as selection of the 48 bit sub –key iof the original 56 bit key .it is called as compression permutation.
Compression permutation Step2: Expansion permutation:we had two 32 bit plain text area called as left plain text and right plain text .during expansion permutation the RPT is expanded form 32 bits to 48 bits.The bits are permuted as well, hence the name expansion per- -mutation .This happpen as follows: The 32 bit RPT is divided into 8 blocks, with each block consisted of 4 bits.This is shown in following figure. 2. Next,each 4 bit block of the previous step is then expanded to a corresponding 6 bit block.that is per 4 bit block,2 more bits are added.What are these two bits? They are actually the repeated first and the fourth bitos of the 4 bit block.
Original right plain text of32 bits Block 1 (4 BITS) block2(4BITS) so on Division of 32 bit RPT into eight 4 bit blocks Original block 1(6bits) Original block2(6bits) Orignial block8(6bits) RPT expansion permutation process
RPT expansion permutation table Now, the 48 bit key is XORed with 48 bit RPT and the resulting output is given to next step which is the S-box substitution. Step 3 S-box substitution:it is a process that accepts the 48 bit input from the XOR Operation involving the compressed key and expanded RPT and produces a 32 bit Output using the substitution.thesustitution is performed by eight substitution Boxes .each of the eight s –boxes has a 6 bit input and 4-bit output the 48 bit input Block is divided into 8 sub blocks and each such sub block is give to s-box Key transformation (compress key from 56 bits to 48 bits) Expansion permutation (expand RPT from 32 bits to 48 bits) 48 bit key XOR 48 bit RPT S-box substitution Fig. Way tot S-box substitution
48 bit input block 6 bit sub block 6 bit sub block 6 bit sub block S-box 1 S-box 2 S-box 8 4 bit output 4 bit output 4 bit output 32 bit output block S box substitution
The 6 bit input indicate which row and column and therefore which intersection is to be Selected thus, determining the 4 bit output how is done? Let us assume that the six bits of a s-box are indicated by b1,b2,b3,b4,b5, and b6. Now ,bits b1 and b6 are combined to form a two bit number. two bit number store any decimal Number between 0(binary 00) and 3( binary11). This specifies the row number . The store Remaining four bits b2,b3,b4 and b5 make up a four –bit number. b1 B2 b3 b4 b5 b6 4-bit column number 2 bit row number Selecting an entry in a s-box based on the 6 bit input
Step 4:P box substitution:there output of s box consist 32 bits these 32 bit Are permuted using p box. P –box permutation
Step 5 XOR and swap: Original 64-bit plain text block 32 bit LPT 32 bit RPT Key transformation Expansion permutation S-box substitution P-box permutation XOR 32 bit LPT 32 bit RPT Next round
Final permutaion: At the end of the 36 round , final permutation is performed once this is a simple transposition base on following table
Final permutation The output of the Final permutation is the 64 bit encrypted block. DES decryption: the same algorithm used for encryption in DES also Works for decryption! The only difference between the encryption And the decryption process is the reversal of key protions.If the original key K Was divided into k1,k2….k16 for the encryption rounds, then for decryption The key should be used as k16…..k2,k1
Asymmetrical key algorithm: In the section; we study the asymmetrical key algorithm by taking the example of one of famous asymmetrical method known as RSA. Before studying an RSA; the fundamental concept of asymmetrical key alogrithm should know . In asymmetrical key Cryptography,also called as public key cryptography,two different keys (which form a key pair) are used.One key is used for encryption and only the other corresponding key must be used for decryption. One of the two keys is called as public key and other is the private key Lets us assume that you want to communicate over a computer network such as the internet in a secure manner. You need to obtain a public key and private key.the private key remains with you as a secret . You must not disclose your private key to anybody. However ,the public key is for the general public. It is disclosed to all parties that you want to communicate with. In this schema ,in fact each party or node publishes its public key .using this , a directory can be constructed where the various parties or nodes (ie their ids) and the corresponding public key are maintained.
Suppose A wants to send a message to B without having to worry about its security.then A and B should each have a private key and a public key. • A should keep her private key secret. • B should keep his private key secret. • A should inform B about her public key. • B should inform A about his public key. • Thus , we have a matrix as shown in Table
RSA: The most famous asymmetric key cryptographic algorithm is RSA.RSA designed by Rivest, Shamir and Adleman. They posed a challenge and declared a reward of $100 for anyone who would decrypt the message, which they had encrypted. This was published in 1997 by Martin Gardner in Scientific American in a widely read column, Mathematical Games , which he edited .It was estimated that even using the most powerful computers available at that time ,it would take about 40 quadrillion years to decrypt this message!! Later in 1978, RSA formally introduced the PKC system
How RSA Works: TheRSA algorithm is based on the mathematical fact that it is easy to find and multiply large prime number together.but it is extremely difficult to factor their product.The private and public keys in RSA are based on very large (made up of 100 or more digits) prime numbers. The algorithm itself is quite simple .However the real challenge in the case of RSA is the selection and generation of the public and private keys. Let us now understand how the public and private key are generated,how we can perform encryption and decryption in RSA.Whole process is shown in following figure 1.choose two large prime numbers P and Q. 2.calculate N=P X Q.
3.Select the public key(i.e. the encryption key) E such that it is not a factor of (P-1) and (Q-1). 4.Select the private key (i.e. the decryption key) D such that the following equation is true: (D X E) mod (P-1) X (Q-1)=1 5.for encryption,calculate the cipher text CT from the plain text PT as follows: CT=P mod N 6. send CT as the cipher text to the receiver 7.For decryption, calculate the plain text PT from the cipher text CT as follows: • PT=C mod N
Example of RSA: Let us take an example of this process to understand concepts.For ease of reading,we shall write the example values along with the algorithm steps. 1.choose two large prime numbers P and Q. Let p=7 ,Q=17 2.Calculate N=PXQ. We have N=47 X 17=119 • Select the public key (i.e. the encryption key) E such that it is not a • factor of (P-1) X (Q-1). • Let us find (7-1) X (17-1) = 6 X 16=96 • Factor of 96 are 2,2,2,2,2 and 3 (because 96=2X2X2X2X2X3). • Thus, we have to choose E such that none of the factors of E is 2 and 3. • As a few examples.We can not choose E as 4 • .
(because it has 2 as a factor),15(because , it has 3 as a factor), • 6(because it has 2 and 3 both as factors).Let us choose E as 5 • (it could have been any other number • that does not its factors as 2 and 3).
4.select the private key (i.e. the decryption key D such that the following equation is true: (DXE) mod (P-1)X(Q-1)=1 Thus, (DX 5) mod (7-1)(17-1)=1 Hence D=77. 5.For encryption ,calculate the cipher text CT from the plain text PT as follows: CT=
Let us assume that we want to encrypt plain text 10. Then we have CT= mod119=100000 mod 119=40 6.send CT as the cipher text to the receiver. Send 40 as the cipher text to the receiver. 7. for decryption calculate the plain text PT from the cipher text CT as follows:
Thus, PT= mod 119=10 , which was the original Plain text of step 5. PT= mod N
Future Work: There are a couple of algorithms which are considered safe by mathematicians. Safe means, that there is no known weak point in the algorithm, resulting in the fact, that the only possible attack is brute force3. Brute force means that every possible key is tried, until the right one has been found. A brute force attack against a 56 bit DES key took a little more than a year to crack by thousands of computers spending their idle time to crack it in 1997/1998 in the distributed.net effort. In 1999, specialized hardware built by the EFF was able to crack it within less than a day. So 56 bit DES can no longer be considered to be safe. [3] As every single bit in the length of the key doubles the number of possible keys, reasonably long keys are safe, unless some mathematician finds a weak point in the algorithm. The 168 bits of Triple DES won't be found by brute force attacks within the next hundred years. If computer power increased by a factor of two every year, you'd need one more bit every year for the same level of safety .[3] So possible way to secure system is to to keep abreast of new updates in computer world. Also change the key once within the week. RSA is find more secure than Des but it is slow in speed and generate huge cipher text as compared to plain text .RSA patent expired in 2000 so we can used it as free for our system.
Conclusion However, asymmetric algorithms are much slower than symmetric ones. More specifically we need to ensure that the following objectives are meet: 1.the solution should be completely secure. 2.the encryption and decryption processes must not take a long time. 3.the generated cipher text should be compact in size 4.the solution should scale to a large number of user easily, without introducing any additional complications 5.the key distribution problem must be solved by the solution Therefore, in many applications, a combination of both is being used. The asymmetric keys are used for authentication and after this have been successfully done; one or more symmetric keys are generated and exchanged using the asymmetric encryption.
References: • Cryptography and network security-AtulKahate • http://www.suse.de/~garloff/Writings/mutt_gpg/node3.html • http://orlingrabbe.com/des.htm • http://www.suse.de/~garloff/Writings/mutt_gpg/node2.html