Cryptography

ICT802 – Assignment 3

Team Members:

David Brooks (0236905)

Le Bui (10063872)

Saththiyan Satchithanantham (10078699)

Table of Contents
1. Introduction ..........................................................................................................................3

2. Historical Background. ........................................................................................................3

2.1 Vigenere Cipher .......................................................................................................................4

2.2 The One-Time Pad ...................................................................................................................5

2.3 Transposition cipher ...............................................................................................................6

2.3.1 Rail fence cipher. ................................................................................................................................. 6
2.3.2 Row Transposition Cipher ................................................................................................................... 7

3. Cryptography- Evolution.............................................................................................................7

4. Modern Cryptography .................................................................................................................8

5. Symmetric Key Encryption .................................................................................................10

5.1 Digital Encryption Standard (DES) .....................................................................................10
5.1.1 DES Architect Structure. .................................................................................................................... 10
5.1.2 Round Operation. ............................................................................................................................... 12
5.1.3 Cracking DES..................................................................................................................................... 12
5.1.4 Advantages and Disadvantages .......................................................................................................... 13

5.2 Triple Digital Encryption Standard (3DES) ........................................................................13

5.3 Advance Encryption Standard Algorithm (AES) ......................................................................14

5.3.1 The features of AES .......................................................................................................................... 15
5.3.2 Substitute Bytes.................................................................................................................................. 17
5.3.3 Row shift function. ............................................................................................................................ 17

6. Block Cipher .......................................................................................................................18

6.1 ECB..........................................................................................................................................18

6.2 CBC .........................................................................................................................................19

6.3 OFB..........................................................................................................................................19

6.4 Counter Mode .........................................................................................................................20

7. Asymmetric Encryption ......................................................................................................20

7.1 Diffie-Hellman (DH) Algorithm ...................................................................................................21

7.2 Digital Signature............................................................................................................................21

7.3 RSA .................................................................................................................................................24

Reference: ...................................................................................................................................25

2
 1. Introduction
The cryptography concept was born way back along with the art of writing. But it was technically
not developed and improved mathematically. Human were organized into small tribes, groups of
people, and various kingdoms. Eventually this has led power between groups, battles, supremacy,
and politics in the groups of people. Due to his battles they needed to communicate secretly with
the very selected people. This is where the initial cryptography concept initiated. The roots of the
crypto was found in Roman and Egypt.

“Cryptography is the science of using mathematics to encrypt and decrypt data” - Phil
Zimmermann

“Cryptography is the art and science of keeping messages secure” - Bruce Schneier

The current cryptography is totally depending on very high complex mathematical algorithms,
which provides most security protocols.

Study of mathematical techniques with the focus to information security namely confidentiality ,
integrity and availability is what called Cryptography.

Cryptology is a very common term we use in crypto discussions and communications.

Cryptology has two main branches such as Cryptanalysis and Cryptanalysis. We have seen what
is cryptography but what is Cryptanalysis? It’s a science and art of breaking the cryptosystems.
Most people often think it is an illegal act or a crime. But most cryptoanalysis is done by academia
ethically.

2. Historical Background.
The Roman Biographer and Historian Suetonius said “Julius Caesar” encrypted messages by
writing D for A, E for B and so on. Mean time “Augustus Caesar” used C for A and D for B.
Which tells us the cryptography has a very long historical background. Today in developed
technological world we call the message is changed and the key is A to C, B to D.

Later Arabs used monoalphabetic substitution in that they used a key work to permute the cipher
letters.

3
 Figure 1: Monoalphabetic substitution cipher

from this we have developed many cryptographies methods time to time, and it’s been proven
again and again there is no single cryptography can provide CIA to the message. There is two
ways to create a strong cipher, one is stream cipher and the other one is block cipher.

2.1 Vigenere Cipher

The Vigenere cipher was developed in the 16th centaury by Frenchmen called Blaise de Vigenre.
Vigenere cipher is a polyalphabetic cipher algorithm, means its uses more than one alphabets to
encrypt the plaintext data. It works by adding a key again and again into plain text using A=0,
B=1…. Z=25. When adding number of the number become 26 or more then it will be carried out
modulo 26. The following simple equation explains this concept every easily.

C = P + K mod 26

To explain this more let’s look at an example, when we add J (10) to U(20) we get 30, which
will be reduced to 4 by subtracting 26, 4 now corresponds to D, so the encryption of J with the
key is D.

Various people tried to break this algorithm but there was not public solution for this algorithm
until 1863 by Friedrich Kasiski, he identified that if you have a very long piece of encrypted
text call ciphertext, you will have a common pattern and that will appear multiples of time. In
the keyword length.

4
 Figure 2: Vigenère substitution cipher

In the above Figure 3, you could see KIOV word is been repeated after few letters, and NU
after 6 letters. Since 3 could divide both 6 and 9, we can guess a keyword of 3 letters. So, we
should be able to use frequency analysis techniques to identify the likely key values of this
letter, similarly then repeat the process for the second and third letters of the key.

2.2 The One-Time Pad

To make cipher text stronger we need sought of strong key sequence as similar to plain text and
it should never be repeated. This idea was proposed in WWI but invented in. 1917 by
G.S.Vernam. This is a Vigenere cipher, but the key length is same as plaintext. Also, this key
must be chosen randomly, and this cannot be used again. The hotline between Washington
Moscow uses this system.

The one-time pad is still in use for high-level Politicians or intelligence teams for traffic sharing,
Problem with the OTP is it consumes same size of key material, therefor is too expensive practice
for most applications. One time pad is a stream cipher and its widely used in hardware
applications.

Since its very large key and its only used one time, can that be told unconditionally secure? The
answer is no. Because we don’t know the attacker’s computational power. We know the 128-bit
keys are highly secure so if we have a plaintext with 10000 words will have 10000-word key and
it must be secure unconditionally? As I said above if the attacker has a computer with 2^1000
computers available and each computer can check one key, this will let us know the correct key
at some point. However, we have 2266 atoms in the known universe, so we call One-Time pad is
computationally secure but not unconditionally secure.

One-Time pad required three actions to implement, firstly we need a device that truly generate a
one-time pad, then secondly the receiver must get the one-time pad securely. In practical sender
must write the keys on a CD and send to receiver via a post. Thirdly, this is quite not practical,
since the keys cannot be re-use, we need keys to each and every plaintext. However, the key
length is similar to plaintext, so if they share the CD with keys, they need to do it every time
when they want to communicate.

5
 Figure 3:one time pad

E.g. : Plain Text = HAPPY

One-time pad = 8 19 13 4 23

H A P P Y

8 1 16 16 25

8 19 13 4 23

16 20 29 = > 20 48
mod 26

16 20 3 20 22

P T C T V

So the cipher of this one time pad is “PTCTV” why its unbreakable or hard to break is you
could see there is two “T” but they both doesn’t have same plaintext. This is all depend on what
you use in Key and the key cannot be reused. Hence it’s a hard encryption to break.

2.3 Transposition cipher

2.3.1 Rail fence cipher.

6
Rail fence cipher is very easy to make encryption. However, it’s not practically a very secure
encryption mechanism. Since there is a very limited number of keys available for small messages
it’s very easy to break.

2.3.2 Row Transposition Cipher

Row Transposition is quite similar and easy encryption like Rail Fence, in Row Transposition
we have to define a key with a length. The key should be a unique number with no repetition.

Plain text – Welcome to my session

Key- “Unique number should be used with no repetition “
Key = 3 2 4 5 1
Now that we follow the below to create the cipher text

The key will be written in a table like below, if the key length is 5, then we will create 5 x 5
table and write the plaintext in row order. Once its completed the empty boxes will be fille with
some garbage value to make the matrix.

Then in the ascending order of the keys we will have to write the characters to make cipher
text.

3 2 4 5 1

W E L C O
M E T O M
Y S E S S
I O N X Y

Hence the cipher text will be

Cipher Text = OMSYEESOWMYILTENCOSX

3. Cryptography- Evolution.
During and after the European Renaissance various attacks and research carried out to break the
secret code.

• Vigenere Coding came in 15th centaury which introduce moving letters in with variable
places then moving them on a fixed length place.

7
 • In 19th centaury sophisticated art and science introduced in information security to
encrypt.
• In early 20th century after the invention of computers mechanical and
electromechanical machines provided advanced coding.
• During and after the WWII cryptography and cryptoanalyses became an essential in
information security.

With the development in computing and internet cryptography reached almost all the general
people. Specially Government, Military and cooperate adopted the cryptography to. guard their
secrets from others.

4. Modern Cryptography
Today cryptography is the cornerstone for computers and communications. It’s a very complex
mathematics, probability and computational. Modem cryptography has three main character,
which differentiate it from old and classical approach.

• Modern Crypto operates in binary bit sequences

• Algorithm is publicly available, but the secrecy is maintained through secret keys.
Computing and unknown keys, difficult algorithm make it impossible to break the
encryption
• Both sender and receiver need secure media to pass the secret key.

The modern cryptography and cryptanalysis are the context of cryptography.

Primary object of cryptography is to provide security services. Following four services are the
important one

1. Confidentiality
2. Data Integrity
3. Authentication
4. Non-repudiation

Let’s see what each of these means,

1. Confidentiality

The primary service provided by the cryptography is the confidentiality. Confidentiality keeps
secure the information from accessing by an unauthorized person. This sometimes called as
privacy or secrecy.

8
Confidentiality would be able to achieve through various ways starting from physical securing to
the use of algorithms for data encryption.

2. Data Integrity

Since we communicate over the public internet there is a high chance that the date may be able
to modify by someone, we call it man in the middle attack. Hence You must identify any
modification or changes to the data. The transferred data may have been modified by an
unauthorized person or a system intentionally or unintentionally. The Integrity in cryptography
confirms that whether the data is modified or not since it was last sent from the source system,
transmitted over the media, or accessed by an authorized user and stored for future usage.

Data integrity will only provide information to whether the data is modified or not but will not
prevent the data from information modification, but it will provide a way for identifying whether
data has been modified or changed by an unauthorized person or a way.

3. Authentication

Authentication provides a way to identify of the originator of the data. This would confirm to the
receiver that the received data was sent only by an identified and verified sender who is already
initiated the session with me.

The Authentication service has two types:

• Message authentication: Message authentication service identifies the creator of the

message without any regard router or a system that has sent the message originally.
• Entity authentication: This is an assurance to confirm that the received data has come
from a specific sender, it could be a website or a system.

Apart from just the original creator, authentication also provide means to check about other
factors such as date and time of transmission.

4. Non-repudiation

Non-repudiation is another security related service provided by cryptography that confirms that
a party involves in transfer cannot reject the ownership of its commitment. It is an confirmation
that the owner of the data can’t deny or reject the creation of his information or transmission of
data to a specific receiver once its initiated.

There are situations that a dispute on the transfer of data, such as, once an online order is made
electronically, the purchaser cannot decide or withdraw the order they placed to purchase, only
if non-repudiation service was enabled in that specific online or electronic transaction.

9
5. Symmetric Key Encryption
In symmetric Key encryption process the same key used for encryption will be used for
decryption as well. This encryption mechanism sometimes called as secret key cryptosystems.
There are many well-known symmetric Key encryption algorithms/methods are available.
Following are few of the symmetric Key encryption methods

1. Digital Encryption Standard (DES)

2. Triple-DES (3DES)
3. Blowfish
4. AES
5. RC4

The most widely used algorithm is AES-128, AES-192, and AES-256.

Let’s look at each of the Protocols in detail

5.1 Digital Encryption Standard (DES)

DES is an old and early days encryption protocol introduced by US NIST in 1973. Unfortunately,
DES is outdated in 21st centaury due to strong computation power to break the algorithms. DES
is a block cipher algorithm which process the data in 64-bit plaintext blocks. Each 64-bit block
will be converted to ciphertext using a key value of 56bit. Since DES is a symmetric algorithm it
uses the same key to decrypt the ciphertext on the receiver site.

5.1.1 DES Architect Structure.

Let’s look at DES algorithm and see how it works. As I said earlier it’s a block cipher
algorithm and it breaks the plaintext in to 64bit blocks and it follows the Feistel Structure. We
will look at Feistel Structure later in this report.

The 64-bit block Plaintext will go through 16 rounds before it comes out as an encrypted text.
To produce this encrypted cipher text as explained earlier we will use in real world 64 bit key
but using some other techniques we will reduce it to 56-bit key size. Since the Algorithm runs
16 rounds, we will have to generate 16 subkeys from the 64-bit algorithm, each of these sub
keys are 48 bits length.

The Question is what is the subkey size? here the subkey size is 48-bit subkeys. From the 64
bits Key we have to generate 16, 48-bit subkeys. This sub key will be used in each and every
round. Since this is a block cipher algorithm the ciphertext will be the same size of plaintext.

Now let’s look at the block diagram.

10
 Sub
64 Bit PT T 64 T 64 Bit Cipher
Module

56 Bit Key

In High level we 64 Bit Plain text will be given as input to the initial permutation. Where we
have to follow the transposition order so that means we have to rearrange the bits positions and
from that we will get again 64-bits as output. The output of the initial permutated 64 bits will be
given to round one. Parallelly we have to use a key so apparently; we have to generate the subcase
which we have to use in the round function.

64 bits plain text key will be given to initial permutation. This will produce an output of 56-bit
keys. The 56-bit key will be given to LEFT CIRCULAR SHIFT operation. This will bring an
output in 56 bits, again this output will be sent to permutation choice 2. permutation choice means
rearranging the bits in a given order. At the end of this round, you will get a 48bit key. Output
from this with the file size 48 bits wail be used in Round 1.

Then from round one we will move to round two, in round two the outcome of round one and
LEFT CIRCULAR SHIFT of previous round will be used again to do another LEFT CIRCULAR
SHIFT and similarly the output of 2nd LEFT CIRCULAR SHIFT will go through permutation
choice and produce 48 bits key, which is called Key 2. Likewise, this will continue until round
16.

After completing all these rounds DES will perform 32 bits swap, the round 16 output 64 bit
will be divide into 2 equal parts 32 left half and 32 right half. Those 32 bits will be swapped
that means left 32 bits will be copied to the right and right side 32 bits will be copied to the left
side. so, after accomplished on these 32 bits swap again, we have to apply inverse initial
permutation. Output form this inverse initial permutation is called Cipher Text.

11
 5.1.2 Round Operation.

Let’s look what is happening in each Round functions. Based on the above diagram the
operations are given below in points.

• IP Divided in to two 32 bits as R & L

• R 32 bit will be given to Expansion permutation and add 16 more bits to get 48-bit
output
• output will be XOR with Key
• Output 48 bit will go to substitution box (S-Box)
• Output will be 32 bits
• Again, apply the permutation function.
• Then XOR with L half.
• Stored in R
• Right half (R) will be saved in the Left Half (L)

5.1.3 Cracking DES

In the year of 1975, Martin Hellman and Whitfield Diffie showed their objection against the DES
algorithm, they claimed this may be secure against commercial attack but its extremely possible
to break by powerful computing machine.

Diffie said its possible to break the keys with a “brute force" attack and it would cost $20 million
to build such a machine. After almost 23 years later in 1998 a team led by John Gilmore at EFF
spend $220,000 to build a machine which can do 2^56 possible keys in an average of 4.5 days
and in July they cracked DES algorithm key successfully after 56 hours of “brute force"

12
 5.1.4 Advantages and Disadvantages
Advantages.

• 56 Bits key make the “Brute Force” attacks harder on normal computers.
• Use the same key to encrypt and Decrypt.
• Algorithm itself is very secure. Cryptanalyst could break the code but no one has done
yet.

Disadvantages.

• Week Keys.
• S-Box may create same Key for different input.
• The permutation functions are not very clear.

5.2 Triple Digital Encryption Standard (3DES)

The main issues with the DES algorithm were the key length, Key length of 56 bits is relately too
small to break. So, to avoid we must run DES multiple times. Every time using different keys the
sender has to run DES three times and this is called the 3DES. The sender is to run the encryption
process first then decryption process secondly then finally one more time encryption process
again, and similarly for decryption. this means to run the decryption process first then the
encryption process finally again then it decryption.

The decryption process is actually the same as the encryption process only that we apply the keys
in the reverse order the advantage of using this order of operations is that it supports multiple key
lengths in particular if key one is the same as key 3 then the result is a 112 bit DES if all three
keys are different then the result is 168 bit DES if we set key 2 the same as key 1 then the triple
DES has in effect become a single DES with key 3 this is useful for compatibility for example a
triple DES device can be configured to communicate with a single DES device by simply sitting
key 2 the same as key .

13
 Figure 4: 3DES Algorithm

3DES key has length 3×56 = 168 bits. The encryption scheme is illustrated as follows. 3DES
Encryption algorithm are significantly more secure than DES, but due to its multiple encryption
and decryption process and a long key length 3DES is much slower process than using DES.

5.3 Advance Encryption Standard Algorithm (AES)

The Advance Encryption Standard Algorithm so similar to the DES algorithm. In this, the
plaintext is processed in blocks so that means there will be a block size, standard block size is
128 bits. AES will not process the entire plaintext to ciphertext, first the plaintext will be
divided into different blocks. Every time AES will process one block. AES also use a key in
each and every round similar to the DES algorithm. But the different is the key size. Des used
56 bits key and AES uses 128bits keys.

The plain text in AES is processed in 10 rounds and the number of keys used to process AED is
44 subkeys. Each subkeys are 32bits length.

• Block Size = 128 Bit plain text

• No of Round = 10
• Key size = 128 bits (4 WORDS / 16 BYTES) – 1 WORD – 32 bit
• Number Subkeys = 44
14
 • Subkey size = 32 bits
• Each Round 4 sub keys will be used (128 bits/4WORDS/16 bytes)
• Per Round calculation – 4 sub keys will be used
• Cipher text = 128 bits

5.3.1 The features of AES

• Symmetric key symmetric block cipher
• 128-bit data, 128/192/256-bit keys
• Stronger and faster than Triple-DES
• Provide full specification and design details
• Software implementable in C and Java

The below diagram shows the process of AES algorithm.

A replacement for DES was needed as its key size was too small and today AES is the most
popular and widely adopted symmetric encryption algorithm after its been proven that DES is
possible breakable and 3DES is slow. AES is found at least six time faster than triple DES.
Triple DES was designed to overcome this drawback, but it was found slow.

15
Figure 5: CISCO CCNA SECURITY

• Need to run this 10 times

• Add Round key – XOR Operation
• Substitute Bytes – Similar to S-BOX in DES
• Shift Rows – Circular right shift Operation
• MIX Columns – Multiply by predefined 4x4 matrix

16
 Figure 6: Key transformations

Each Round has 4 Operation except last has 3 operation. Substitute Bytes Shift Rows MIX
Columns Add Round key

5.3.2 Substitute Bytes

Following diagrams explain the Substitute byte in AES

S 0,0 is an 8 bits value, that will be divide in to 2 ,4 bits values say 3 & 7. Left 4 bits are considered
row number – (3) and the Right 4 bits are considered Column number (7). Let’s say (S 1,2) had
37 in the matrix that will be transferred to 95 as per the table. This is how the substitution function
works in AES Algorithm.

5.3.3 Row shift function.

Let’s look at how does the row shift works in AES. Following table explains the function. In
row shift we don’t do any change to first row, which called Row zero. 2nd row will go through 1

17
circular shift function and the next row will be going through two circular shift function and the
3rd will go through three circular shift function and so on.

S 0,0 S 0,1 S 0,2 S 0,3 S 0,0 S 0,1 S 0,2 S 0,3

S 1,0 S 1,1 S1,2 S 1,3 S 1,1 S 1,2 S1,3 S 1,0

S 2,0 S 2,1 S 2,2 S 2,3 S 2,2 S 2,3 S 2,0 S 2,1

S 3,0 S 3,1 S 3,2 S 3,3 S 3,3 S 3,2 S 3,1 S 3,0

6. Block Cipher
In Stream cipher the plaintext bit by bit converted to the ciphertext. So, each bit of plaintext
will be converted to ciphertext. we call it a stream cipher encryption. In block cypher the name
itself indicates we will collect bits, or we will group some plaintext bits and will form a block
and edit. At a given time each block will be processed. where considering the same length so
ciphertext would be generated so the complete plaintext will be divided into different blocks.
Hence what is the block size, the block size depends on the algorithm. Different algorithms use
different block size. There are few ways this block cipher can be converted into ciphertext so
there are different modes to process the block of plaintext to ciphertext.

• ECB (Electronic Code Block)

• CBC (Cipher Block Chain)
• OFB (Output Feed Back)
• CFB (Cipher feed Back)
• Counter Mode

Let’s look each of these block cipher modes.

6.1 ECB
Plain text will pass to encryption algorithm and it will produce the cipher text. Algorithm will
be given the secret key. This is the first block. Likewise, the plaintext 2 and so on will continue.

Plain Text(P1) Plain Text(P2) Plain Text(Pn)

K K K
ENCRYPT ENCRYPT ENCRYPT

CIPHER(C1) CIPHER(C2) CIPHER(Cn) 18

 6.2 CBC
Ciphertext of first block will be given as input for the Second block. That means we have to use
the ciphertext of first block in the second block processor. Which means we will apply the
XOR operation for the ciphertext coming from the first block and the plaintext which we are
giving input for the 2nd block.

P2 Pn
P1

K K K
ENCRYPT ENCRYPT ENCRYPT

C1 C2 Cn

In this for Plain Text one we must give some Initialisation vector and XOR. There after the
previous block cipher text will be XORed with the Plain Text.

6.3 OFB
Output feedback mode or Cipher feedback mode are similar. The working is similar for both
output feedback mode and the cypher feedback mode. In this mode the bits are processed in S
bits size. In General S bits is considered 8. Consider initially 64 bits and from it we will get 8
bits. Firstly, the 64 bits and divided it to 64 – S & S bits. In this process we are going to work
with only 8 bits. The 64 bits we considered is called IV.

Encrypt the bits using K secret key, this will produce 64-bit output call cipher, from the
encrypted 64 bits, consider the S bit and discard the rest of the bits. Now apply an XOR with
Plaintext with P1. So, the plaintext is the same size of S bit. Finally, we produce a S-bits size
cipher text.

Figure 7: OFB

19
 6.4 Counter Mode
It's a counter Mode the last one on block cipher. Consider a counter value, which is in length
equal to the plaintext block. so here the counter length and the plaintext block must be same
because we have to apply the XOR operation. The counter will be encrypted using a key
automatically and the output will be XOR with plain next so that ciphertext will be generated.

This is not a a Chaining or feedback so second block is just an increment this counter. for the
second block just increase the counter by one counter value is incremented by one and apply the
same encryption. Apply the K value XOR the plane text 2 so that we will get the ciphertext 2 this
process will be continuing until the last block. Apply the encryption and output will be encrypted.

7. Asymmetric Encryption
This is Albert and Sheila they want to start sending each other secret messages too but they've
never done it before what's more Albert lives in England and Sheila lives in Australia. Using
email for example they can agree on a cipher but somehow, they also need to agree upon a secret
key. Either one of them could come up with a key and send it to the other person but don't forget
criminals and other naughty people are watching. Albert could encrypt the key, but Sheila won't
be able to decrypt it and Australia is too far away to deliver it in person. what a dilemma!!

Fortunately, three guys invented a solution, and their names are Ron Rivest Adi, shamir and
Leonard Adleman. Their basic idea was really simple and very elegant they suggested using two
separate keys one to encrypt the data and the different key to decrypt it. Let's be clear for a
particular encryption key there is only one decryption key that will work since the keys are
different, they are known as asymmetric keys. Rivest shamir adleman came up with a way to
generate matching pairs of keys and they worked out the algorithms needed to encrypt and
decrypt the data the mathematics behind this cryptosystem very cleaver.

The decryption process is essentially the opposite of the encryption process. Asymmetric key
cryptography on the other hand uses one key for encryption and the different but related key for
decryption. A pair of related asymmetric keys are often referred to as the public key and the
private key because it doesn't matter who gets a copy of the encryption key. Aa long as the
decryption key stays private. Asymmetric key cryptography is only really good for small
messages so typically asymmetric key cryptography is used to exchange a symmetric key.
asymmetric key cryptography is at the heart of secure Internet communication when you visit an
online shop or an online bank. Asymmetric key cryptography is going on behind the scenes to
ensure your privacy. Your web browser takes care of everything for you in fact you can view the
public key that your browser is using when you connect to a secure website.

20
7.1 Diffie-Hellman (DH) Algorithm
The Diffie–Hellman (DH) key exchange technique was first defined in their seminal paper in
1976. DH key exchange is a method of exchanging public (i.e., non-secret) information to obtain
a shared secret. DH is not an encryption algorithm.

A protocol between two parties to establish a shared key (“session key”) such that:

• Authenticity: they both know who the other party is

• Secrecy: only they know the resultant shared key
• Consistency: if two honest parties establish a common session key then both have a
consistent view of who the peers to the session are

DH key exchange was first proposed before there were any known public key algorithms, but
the idea behind it motivated the hunt for practical public key algorithms. DH key exchange is
not only a useful and practical key establishment technique, but also a significant milestone in
the history of modern cryptography key exchange assumes first that there exists. A public key
cipher system that has a special property . A carefully chosen, publicly known function F that
takes two numbers x and y as input, and outputs a third number F(x,y) (for example,
multiplication is such a function).

Assume that Alice and Bob are the parties who wish to establish a shared secret and let their
public and private keys in the public key cipher system be denoted by (PA , SA) and (PB , SB)
respectively. The basic principle behind Diffie–Hellman key exchange is as follows:

7.2 Digital Signature

As we know that in the symmetric encryption, we will be having two different keys one is a
public key and another one is a private key. where the public key is available for all the users
and the private key will be not shareable only it will be with a particular person. If the message
is encrypted using sender private key, we call it as a digital signature. The private key is not

21
shareable only the user or a sender can send the message 'because the sender will not share their
private key with any other user. Hence the message can be encrypted only by the sender.

Apply the hash function ‘H’ to plain text to get hash code ‘h’. Append the plain message to ‘h’
code. Which is encrypted using Private Key of ‘a’. So, the message will be encrypted with h
code. Decrypted with Public Key of ‘a’. Will get plain text and Hash code. Hash function
applied to get hash code. Hash codes will be compared

Let’s take an example.

Jack (Sender) And Jill(receiver) wants to send a document to Jill by email. No paper this time.
now let's be clear there's nothing secret about the document neither of them cares if somebody
else reads it. Jill just wants to be sure that it definitely came from Jack and that nobody else has
made any changes to it on the way. Before his document is sent. Some software on Jack's
computer prepares the digital signature. The purpose of this software is to create something called
a “hash” of the document. These days most computers do this using an algorithm called SHA
256 which was invented by the USA's National Security Agency. SHA 256 takes a copy of the
document text and subjects it to a sequence of complex mathematical calculations and other
transformations. Remember as far as the computer is concerned the document consists of binary
ones and zeros. The result is called a hash value it's also referred to as a “digest” of the Document.

The hashing process has been designed so that even the tiniest difference in the original document
would result in a completely different hash value. This part of the signing process is not
Encryption. because the transformations done by sha 256 are practically impossible to reverse.
You can't take a hash value and use it to work out what was in the original document like baking
a cake, hashing is a one-way process but if you were to apply the same process to the same
document you would get exactly the same hash. Some software on Jack's computer now encrypts
the hash using Jack's private key and the encrypted hash is embedded in the original document.
The document now has a digital signature.

Jack sends Jill a copy of the signed document. he also sent her a copy of the public key.
Alternatively, he can put the public key on a website for Jill to go and fetch. Jules computer
decrypts the digital signature using Jack's public key, if she can decrypt it she knows it came
from Jack. Jills computer then uses SHA-256 to calculate the hash value again using the text of
the document. If the hash value that Jill's computer calculates is the same as the hash value that

22
was sent by Jack, then she can be pretty sure that it hasn't been tampered with since it was created.
Remember Jack and Jill really don't care if someone else has seen the signed document. it's not
a secret and it doesn't matter if someone else gets a hold of Jack's public key Jill simply wants to
be sure that the document was sent by Jack.

Of course, anyone else could have been pretending to be Jack. From the start a criminal could
create a fake document hash it with SHA 256 and generate an asymmetric pair of keys using their
computer. So how can Jill be really sure that she's communicating with Jack? well that's where
digital certificates come in. For a fee Jack can apply for a digital certificate to a well-known and
well trusted organisation called a “certification authority”. certification authorities include
companies like veri sign, global sign and Symantec to name. But a few as part of the application
process.

Jack’s computer generates an asymmetric pair of keys and he sends the public key to the
certification authority along with various details about himself. The certification authority
carefully checks that, Jack is who? He is then they send them a special type of file called a “digital
certificate” this contains details about Jack along with information about the certification
authority and then expiry date bounded to this digital certificate Is Jack's public key.

Jack still has the corresponding private key, which never left his computer Jack must of course
keep his private keys safe. So now when Jack sends a signed document to Jill he can also send
her a copy of the whole certificate or put it in a public place for her to go and get. This means
that when Jill wants to decrypt something that Jack is encrypted she can inspect this certificate
1st , and if she's happy to trust it she can use the public key within. The public key that is being
guaranteed by the certification authority to belong to Jack. Essentially the certification authority
is vouching for Jack. Needless to say applying to a certification authority for a digital certificate
is itself a very secure process, Anything the certification authority sent to Jack was digitally
signed by them using their own digital certificate and this was provided by an even higher
certification authority. In the year 2000 a laws passed in the UK called the electronic
Communications Act this law made digital signatures legally binding and this has allowed
businesses to thrive on the web, since then we've seen the rise of crypto currencies like bitcoin a
cryptocurrency.

In Summary, Digital signatures rely on asymmetric key cryptography. A document's contents are
hashed to create a digest for example using sha 256.The digest is encrypted by the sender using
their private key. The digest is then embedded in the document which can be sent. The recipient
decrypts the digest using the sender's public key. The recipient also calculates a hash from the
document's contents using the same hash algorithm, if the re calculated digest matches the
decrypted digest it can be assumed that the document hasn't been tampered with since it was sent.
A digital certificate is issued by a certification authority which guarantees the sender's identity.
The digital certificate contains a public key along with other information about the sender and an
expiry date.
23
7.3 RSA
Massage applied to Hash function to get Hash code; this hash code will be encrypted using
Public Key of A. E(PRa,h) – Hash Code encrypted using Private Key of A

Messages are encrypted with a code called a public key. Once a message has been encrypted with
the public key, it can only be decrypted by another key, known as the private key. Each RSA user
has a key pair consisting of their public and private keys. Private key must be kept secret. RSA
encryption is often used in digital signatures. It isn’t generally used to encrypt entire messages or
files. File will generally be encrypted with a symmetric-key algorithm, and then the symmetric
key will be encrypted with RSA encryption. RSA is still seen in a range of web browsers, email,
VPNs, chat and other communication channels

Two Prime numbers are used. Easy to compute in one direction, but almost impossible in reverse.
701,111 is a product of two prime numbers, would you be able to figure out what those two
numbers are? 2048-bit RSA, keys that are 617 digits long. Data to be encrypted with one key in
a way that can only be decrypted by the other key from the pair. First, they each need to set up
their own key pairs and share the public key with one another. Once the sender has the public
key of their recipient, they can use it to encrypt the data that they want to keep secure. Once it
has been encrypted with a public key, it can only be decrypted by the private key from the same
key pair. Even the same public key can’t be used to decrypt the data

24
Reference:
1. 2017. Monoalphabetic substitution. [video] Available at:
<https://www.youtube.com/watch?v=Dz1RW_W2zGI> [Accessed 27 January 2021].
2. http://swarm.cs.pub.ro/~mbarbulescu/cripto/Understanding%20Cryptography%20by%2
0Christof%20Paar%20.pdf
3. Youtube.com. 2017. One-Time Pad. [online] Available at:
<https://www.youtube.com/watch?app=desktop&v=vEbaF1jmbcM> [Accessed 28
January 2021].
4. Page.math.tu-berlin.de. 2021. The DES Algorithm Illustrated. [online] Available at:
<http://page.math.tu-berlin.de/~kant/teaching/hess/krypto-ws2006/des.htm> [Accessed
3 February 2021].
5. Page.math.tu-berlin.de. 2021. The DES Algorithm Illustrated. [online] Available at:
<http://page.math.tu-berlin.de/~kant/teaching/hess/krypto-ws2006/des.htm> [Accessed
3 February 2021].
6. Alsultanny, Y., 2021. Testing Image Encryption by Output Feedback (OFB). [online]
Semanticscholar.org. Available at: <https://www.semanticscholar.org/paper/Testing-
Image-Encryption-by-Output-Feedback-(OFB)-
Alsultanny/aaaf003c365ecd0a1444a3da07129e8a2e25caf1/figure/0> [Accessed 6
February 2021].
7. https://ealtili.medium.com/cryptography-encryption-hash-functions-and-digital-
signature-101-298a03eb9462
8. Libfeld, R. (no date) Symmetric key cryptography, Doubleoctopus.com. Available at:
https://doubleoctopus.com/security-wiki/encryption-and-cryptography/symmetric-key-
cryptography/ (Accessed: February 11, 2021).
9. Types of encryption: Symmetric or asymmetric? RSA or AES? - the missing
report (2020) Preyproject.com. Available at: https://preyproject.com/blog/en/types-of-
encryption-symmetric-or-asymmetric-rsa-or-aes/ (Accessed: February 11, 2021).
10. what is rsa encryption? And where is rsa encryption used for (2020) Ssla.co.uk.
Available at: https://www.ssla.co.uk/rsa-encryption/ (Accessed: February 11, 2021).

25