ASSIGNMENT - 1

Introduction to Cryptography: Definitions and Goals

Cryptography is the practice and study of techniques for secure communication in the presence of
adversaries. The word originates from the Greek words kryptos ("hidden") and graphein ("to write").
Its primary goal is to protect information and ensure secure data transmission and storage.

The main goals of cryptography, often referred to as the pillars of information security, are:

 Confidentiality: Ensures that information is accessible only to authorized parties. It prevents

the unauthorized disclosure of sensitive data. This is typically achieved through encryption.

o Example: When you enter your password on a website, encryption ensures that an
eavesdropper on the network cannot read it.

 Integrity: Guarantees that the data has not been altered, tampered with, or corrupted in
transit.

o Example: When you download a software file, a hash value is often provided. You
can compute the hash of the downloaded file and compare it to the provided one to
ensure the file wasn't modified.

 Authentication: Verifies the identity of a user, system, or entity. It confirms that the parties
involved in a communication are who they claim to be.

o Example: Logging into your email account with a username and password
authenticates your identity to the server.

 Non-repudiation: Provides proof that a specific party sent a message or performed an

action, preventing them from later denying it.

o Example: A digital signature on a contract provides non-repudiation, as only the

person with the private key could have created it.

Symmetric Key Cryptography

Also known as secret-key cryptography, this method uses a single, shared key to both encrypt and
decrypt data. Both the sender and the receiver must have the same key, which must be kept secret.
This method is generally very fast.

Algorithms

 DES (Data Encryption Standard):

o Developed by IBM in the 1970s and adopted as a U.S. government standard.

o It is a block cipher, meaning it encrypts data in fixed-size blocks.

o Block Size: 64 bits.

o Key Size: 56 bits (originally 64 bits, but 8 are parity bits).

 o Status: DES is now considered insecure due to its small key size. A 56-bit key can be
cracked relatively quickly with modern computing power using brute-force attacks.
Its successor, 3DES (Triple DES), applies the DES algorithm three times but is much
slower.

 AES (Advanced Encryption Standard):

o The current global standard for symmetric encryption, adopted by the U.S.
government in 2001.

o It is based on the Rijndael algorithm.

o Block Size: 128 bits.

o Key Sizes: Can be 128, 192, or 256 bits, making it much more secure than DES.

o How it works: AES operates in a series of rounds. The number of rounds depends on
the key size (10 rounds for 128-bit, 12 for 192-bit, and 14 for 256-bit). Each round
consists of several steps: SubBytes (substitution), ShiftRows (transposition),
MixColumns (mixing), and AddRoundKey (key addition).

Modes of Operation
When encrypting messages longer than a single block, a mode of operation is required. These modes
define how to repeatedly apply a cipher's single-block operation to securely transform amounts of
data larger than a block.

 Electronic Codebook (ECB): The simplest mode. Each block is encrypted independently with
the same key. This mode is not recommended because identical plaintext blocks result in
identical ciphertext blocks, revealing patterns in the data.

o Example: Encrypting an image in ECB mode might still show the outline of the
original image.

 Cipher Block Chaining (CBC): Each plaintext block is XORed with the previous ciphertext
block before being encrypted. An Initialization Vector (IV) is used for the first block. This
ensures that even if two plaintext blocks are identical, their corresponding ciphertext blocks
will be different.

 Counter (CTR): Turns a block cipher into a stream cipher. It encrypts a "counter" value for
each block and then XORs the result with the plaintext block. This allows for parallel
encryption and decryption.

Key Management

The biggest challenge in symmetric cryptography is key distribution. How do you securely share the
secret key with the intended recipient without an adversary intercepting it? If the key is
compromised, all communication is compromised. This problem is a primary motivation for the
development of asymmetric cryptography.
Asymmetric Key Cryptography
Also known as public-key cryptography, this system uses a pair of keys for each user: a public key
and a private key.

 The public key can be shared with anyone.

 The private key must be kept secret by the owner.

Data encrypted with the public key can only be decrypted with the corresponding private key. This
solves the key distribution problem of symmetric cryptography.

Licensed by Google

RSA (Rivest-Shamir-Adleman)
RSA is the most widely used asymmetric algorithm. Its security relies on the computational difficulty
of factoring large prime numbers.

 Key Generation:

1. Choose two large prime numbers, p and q.

2. Calculate n=p×q.

3. Calculate Euler's totient function: ϕ(n)=(p−1)×(q−1).

4. Choose an integer e (the public key exponent) such that 1<e<ϕ(n) and e is coprime
to ϕ(n).

5. Calculate d (the private key exponent) such that d×e≡1(modϕ(n)).

o Public Key: (e,n)

o Private Key: (d,n)

 Encryption: To encrypt a message P, the sender uses the recipient's public key (e,n):
C=Pe(modn).
  Decryption: The recipient uses their private key (d,n) to decrypt the ciphertext C:
P=Cd(modn).

 Example:

1. p=3, q=11⟹n=33, ϕ(n)=(3−1)(11−1)=20.

2. Choose e=7 (coprime to 20).

3. Find d such that 7d≡1(mod20). Here, d=3 because 7×3=21≡1(mod20).

4. Public key is (7,33), Private key is (3,33).

5. To encrypt plaintext P=2: C=27(mod33)=128(mod33)=29.

6. To decrypt ciphertext C=29: P=293(mod33)=24389(mod33)=2.

ECC (Elliptic Curve Cryptography)

ECC is an alternative to RSA that provides the same level of security with much smaller key sizes. This
makes it ideal for devices with limited processing power, like smartphones and IoT devices. Its
security is based on the difficulty of solving the elliptic curve discrete logarithm problem.

Digital Signatures

Digital signatures use asymmetric cryptography to provide authentication, integrity, and non-
repudiation.

 Signing Process:

1. The sender creates a hash of the message.

2. The sender encrypts this hash value with their own private key. The result is the
digital signature.

3. The signature is attached to the original message and sent.

 Verification Process:

1. The receiver decrypts the signature using the sender's public key. This reveals the
original hash.

2. The receiver computes a new hash of the received message.

3. If the two hashes match, the signature is valid. This proves the message came from
the sender (authentication) and was not altered (integrity).

Hash Functions
A cryptographic hash function is a mathematical algorithm that maps data of arbitrary size to a bit
string of a fixed size (the hash value). It's a one-way function, meaning it's computationally infeasible
to reverse.

Key properties include:

  Pre-image resistance: Given a hash h, it should be hard to find a message m such that
hash(m)=h.

 Second pre-image resistance: Given a message m1, it should be hard to find a different
message m2 such that hash(m1)=hash(m2).

 Collision resistance: It should be hard to find two different messages, m1 and m2, such that
hash(m1)=hash(m2).

SHA (Secure Hash Algorithm)

 A family of hash functions developed by the U.S. National Security Agency (NSA).

 SHA-1: Produces a 160-bit hash. It is no longer considered secure against well-funded

adversaries due to discovered collision attacks.

 SHA-2: Includes variants like SHA-256 and SHA-512, producing 256-bit and 512-bit hashes,
respectively. They are widely used and currently considered secure.

 SHA-3: A newer standard selected in 2012, based on a different structure called a "sponge
construction."

MD5 (Message Digest 5)

 Produces a 128-bit hash value.

 MD5 is now considered broken and insecure for cryptographic purposes because practical
collision attacks have been demonstrated. It should not be used for applications like digital
signatures or password storage. It is sometimes still used for file integrity checks where
security is not a primary concern.

Applications of Hashing

 Password Storage: Systems store the hash of a user's password instead of the password
itself. When a user logs in, the system hashes the entered password and compares it to the
stored hash.

 Data Integrity: To verify that a file has not been altered during download or transfer.

 Digital Signatures: Hashing is the first step in creating a digital signature.

 Blockchains: Hashing is fundamental to cryptocurrencies like Bitcoin for linking blocks

together in a chain.

Cryptographic Protocols
Protocols are sets of rules that dictate how cryptographic algorithms should be used to achieve
secure communication.

SSL/TLS (Secure Sockets Layer/Transport Layer Security)

 TLS is the successor to SSL. It is the standard protocol for providing a secure communication
channel over a computer network. It is the "S" in HTTPS.
  Goal: To provide confidentiality and integrity between two communicating applications.

 The TLS Handshake: When you connect to a secure website, a handshake process occurs:

1. The client sends a "ClientHello" message, listing its supported cipher suites
(combinations of encryption, key exchange, and hash algorithms).

2. The server responds with a "ServerHello," choosing a cipher suite from the client's
list.

3. The server sends its digital certificate, which contains its public key and is signed by
a trusted Certificate Authority (CA).

4. The client verifies the server's certificate.

5. The client and server use a key exchange protocol (like Diffie-Hellman) to securely
generate a shared session key.

6. All further communication is encrypted and decrypted using this symmetric session
key.

PGP (Pretty Good Privacy)

 A popular program used for encrypting and signing emails and files.

 It uses a combination of symmetric and asymmetric cryptography. For example, to send an

encrypted email, PGP generates a random symmetric key, encrypts the email with it, and
then encrypts that symmetric key with the recipient's public key.

 Web of Trust: Unlike the centralized CA model of TLS, PGP uses a decentralized trust model.
Users can sign each other's public keys, vouching for the identity of the key's owner.

Key Exchange Protocols

These protocols allow two parties who have no prior knowledge of each other to jointly establish a
shared secret key over an insecure channel.

 Diffie-Hellman Key Exchange: This protocol allows two parties to create a shared secret
without ever transmitting it directly.

o Analogy (Mixing Paint):

1. Alice and Bob publicly agree on a common paint color (e.g., yellow). This is a
public value.

2. Alice secretly chooses her own private color (e.g., red) and Bob secretly
chooses his (e.g., blue).

3. Alice mixes the common yellow with her secret red to get orange. Bob mixes
the common yellow with his secret blue to get light blue.

4. They exchange their mixed colors over the public channel. Alice sends her
orange paint to Bob, and Bob sends his light blue paint to Alice.

5. Alice mixes her secret red with the light blue paint she received from Bob.
Bob mixes his secret blue with the orange paint he received from Alice.
 6. Both now have the same final color (a brownish mix), which is their shared
secret. An eavesdropper who only saw the common yellow, orange, and light
blue paints cannot easily determine the final secret color.

o Mathematical Process: This is done with modular arithmetic, but the principle is the
same. The public values are a prime modulus p and a generator g. The secret
"colors" are secret integers chosen by Alice and Bob.