UNIT-II

Advanced Encryption Standard: Introduction, Transformations, Key Expansion, Ciphers.

Asymmetric Key Cryptography: Introduction, RSA Cryptosystem, Robin Cryptosystem,
Elgamal Cryptosystem.
Message Integrity and Message Authentication: Message Integrity, Message Authentication.
Cryptographic Hash Functions: Introduction, SHA-512.

2.1 Advanced Encryption Standard:

Introduction:
An AES is a “Symmetric Encryption Algorithm”, it means that it uses the same key to encrypt and decrypt
data. The sender and the receiver must both know and use the same secret encryption key.

The features of AES are as follows −

 Symmetric key symmetric block cipher

 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES
 Provide full specification and design details

How AES encryption works

Fixed-length blocks of data (so 128, 192, or 256 bits) are transformed as a series of substitutions,
permutations, and mixing operations are applied to encrypt and decrypt the data. As AES encryption uses a
symmetric key, the same one is used for encryption and decryption.

2.1.1 Operation of AES

It is based on ‘substitution–permutation network’. It comprises of a series of linked operations, some of

which involve replacing inputs by specific outputs (substitutions) and others involve shuffling bits around
(permutations).

A permutation is an arrangement of objects in a definite order. The members or elements of sets are
arranged here in a sequence or linear order.
We can represent permutation in many ways, such as:P(n,k)
For example, the permutation of set A={1,6} is 2, such as {1,6}, {6,1}.
the permutation of set X={1,2,3}=123,213,312
Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats the 128 bits of
a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four rows for processing as
a matrix −

Unlike DES, the number of rounds in AES is variable and depends on the length of the key. AES uses 10
rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each of these rounds
uses a different 128-bit round key, which is calculated from the original AES key.

The schematic of AES structure is given in the following illustration −

Encryption Process: Here, we restrict to description of a typical round of AES encryption. Each
round comprise of four sub-processes. The first round process is depicted below −

2.1.2Transformations in advanced encryption standard

Byte Substitution (Sub Bytes)

The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result is in a
matrix of four rows and four columns.
 Shift rows: Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-inserted
on the right side of row. Shift is carried out as follows –

 First row is not shifted.

 Second row is shifted one (byte) position to the left.
 Third row is shifted two positions to the left.
 Fourth row is shifted three positions to the left.
 The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other.

Mix Columns

Each column of four bytes is now transformed using a special mathematical function. This function takes
as input the four bytes of one column and outputs four completely new bytes, which replace the original
column. The result is another new matrix consisting of 16 new bytes. It should be noted that this step is
not performed in the last round.

Add round key

The 16 bytes of the matrix are now considered as 128 bits and are XOR to the 128 bits of the round key. If
this is the last round then the output is the cipher text. Otherwise, the resulting 128 bits are interpreted as 16
bytes and we begin another similar round.

Decryption Process

The process of decryption of an AES cipher text is similar to the encryption process in the reverse order.
Each round consists of the four processes conducted in the reverse order −

 Add round key

 Mix columns
 Shift rows
 Byte substitution

Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the encryption and
decryption algorithms needs to be separately implemented, although they are very closely related

Applications of AES
AES is widely used in many applications which require secure data storage and transmission. Some
common use cases include:
 Wireless security: AES is used in securing wireless networks, such as Wi-Fi networks, to ensure data
confidentiality and prevent unauthorized access.
 Database Encryption: AES can be applied to encrypt sensitive data stored in databases. This helps
protect personal information, financial records, and other confidential data from unauthorized access in
case of a data breach.
 Secure communications: AES is widely used in protocols such as internet communications, email,
instant messaging, and voice/video calls. It ensures that the data remains confidential.
 Data storage: AES is used to encrypt sensitive data stored on hard drives, USB drives, and other storage
media, protecting it from unauthorized access in case of loss or theft.
 Virtual Private Networks (VPNs): AES is commonly used in VPN protocols to secure the
communication between a user’s device and a remote server. It ensures that data sent and received
through the VPN remains private and cannot be deciphered by eavesdroppers.
 Secure Storage of Passwords: AES encryption is commonly employed to store passwords securely.
Instead of storing plaintext passwords, the encrypted version is stored. This adds an extra layer of
security and protects user credentials in case of unauthorized access to the storage.
 File and Disk Encryption: AES is used to encrypt files and folders on computers, external storage
devices, and cloud storage. It protects sensitive data stored on devices or during data transfer to prevent
unauthorized access.

2.1.3 Key Expansion

It is the process of expanding a single key into multiple keys for each round of encryption. The key
expansion algorithm uses a key schedule to generate the round keys.

How it works
 The key expansion algorithm takes a 128-bit key as input
 The algorithm uses the key schedule to apply the key expansion function \(g\) to generate a key for
each round
 The key expansion function \(g\) performs byte substitutions, XOR operations with round constants,
and other operations
 The algorithm produces a linear array of 44 words (176 bytes)
 The round keys are used in the encryption and decryption process

2.1.4 Ciphers:
In cryptography a cipher is a set of steps for encrypting or decrypting the information during the
transmission.
or
A cipher is a technique that is used in transforming the readable data (plain text) into coded data (cipher
text).
The first step in converting regular text into an unrecognizable form is encryption and the process of
converting the encoded text back into regular text is decryption. Ciphers are able to perform these
transformation using keys; specific pieces of information. It guarantees that only the right person can get
to the primary data.

Ciphers have a wide range of applications across various fields to ensure the security and integrity
of information:
 Secure Communications: Encryption of emails, instant messages, and VoIP convert messages
to codes that cannot be understandable to an unauthorized person and thus allow only the target
receiver to be able to read the message.
 Protect Financial Transactions: Secure Internet connection, which is applied in online
banking and e-commerce, uses encryption to safeguard consumers’ private data and, in
particular, their credit card numbers and other personal data, against scammers.
 Safeguard Data Storage: Encryption is applied for safeguard of data which is stored in
devices, servers and even in cloud. This guarantees that even in cases where the disks on which
data is stored are lost or mobile phone is stolen, the content of it cannot be accessed without the
Decryption Key.
 Ensure Authentication: The authentication protocols entail the use of encryption to be able to
identify the user and or devices. It also assist in avoiding fraudulent communications and
transaction, thereby securing the communications from unauthorized access.
 Enable Secure Digital Signatures: Digital signals are implemented using encryption to reduce
the reliability of documents and messages that are transmitted electronically. This makes sure
that it has not been interfered with and that it is original from the source that has the
information.

Types of Ciphers
Ciphers can be broadly classified into two categories

1. Substitution Ciphers
Substitution ciphers involve replacing each member of the plaintext with another member which
can be of the same set. One of the early examples of the substitution technique is the Caesar
cipher that got its name from Julius Caesar, who allegedly employed it in his secret letters.

Caesar Cipher
The Caesar cipher is a substitution cipher where each letter in the plaintext is replaced by another
letter shifted a fixed number of positions down the alphabet.

Simple Substitution Cipher

A simple substitution cipher is a technique in which each letter in the plain text is replaced with
another letter. The key is the alphabet but in a random order.

2. Transposition Ciphers
Transposition ciphers are those forms of ciphers that work on the principle of shifting the
positions of the characters of the plaintext to create the ciphertext. While in substitution ciphers
the actual letters are replaced, in transposition ciphers the letters’ positions are changed instead.

Rail Fence Cipher

In the Rail Fence Cipher, the plaintext is arranged in a manner of a zigzag pattern on the number
of ‘rails’ and then read row-wise.

Columnar Transposition Cipher

In Columnar Transposition Cipher, the plaintext is written into rows under a certain key. The
columns are then arranged in order of the key names by using the sort function.

Features of AES

Here are some key features that make it a robust encryption algorithm.

 Symmetric key encryption. AES uses the same key to encrypt and decrypt data. This is
different from other setups, using different keys for each stage.
 Key sizes. AES supports various key sizes like 128, 192, and 256 bits. These different
versions mean that the larger the key is, the stronger the encryption is. On the other hand,
this also means that more computational resources are needed.
 Security and efficiency. AES is one of the algorithms that performs no practical crypt-
analytics attacks. In addition, it's also relatively fast and efficient in both hardware and
software implementations.
 Widely accepted standard. AES is a de facto standard when securing wireless networks,
VPNs, SSL/TLS for secure web browsing, and more.
 Open-source. AES is an open standard. It's freely available to the public and can be
implemented in any software or hardware without paying royalties.
 2.2 Asymmetric Key Cryptography:
Introduction
It is a cryptographic system that uses two keys to encrypt and decrypt data. It's also known as public-key
cryptography.

How it works

 Each user has a private key that's kept secret

 The user uses their private key to generate a public key
 The user shares their public key with others
 To send a message, the sender uses the recipient's public key to encrypt the message
 The recipient uses their private key to decrypt the message

Benefits

 Secure data exchange: Asymmetric key cryptography enables secure data exchange because the
private key is kept confidential
 Digital signatures: Users can digitally sign data with their private key, and anyone with the
corresponding public key can verify the signature
 Non repudiation: The sender can't deny sending a message

In asymmetric Key cryptography, there are two keys, also known as key pairs: a public key and a
private key. The public key is publicly distributed. Anyone can use this public key to encrypt
messages, but only the recipient, who holds the corresponding private key, can decrypt those
messages. "Public-key cryptography" is another representation used to refer to Asymmetric Key
cryptography.

This cryptographic system addresses two major challenges faced in traditional (symmetric)
cryptography: key distribution and digital signatures. Asymmetric algorithms use one key for
encrypting data and another, related key for decrypting it.

These algorithms possess an important feature:

 It's impossible to figure out the decryption key just by knowing the encryption key and the
cryptographic algorithm.
 Either of the two keys can be used for encryption, while the other is used for decryption.
Asymmetric-key cryptography uses mathematical functions to transform plaintext and ciphertext
represented as numbers for encryption and decryption, while symmetric-key cryptography involves
symbol substitution or permutation. In asymmetric-key cryptography, plaintext and ciphertext are
treated as integers, requiring encoding and decoding processes for encryption and decryption.

Characteristics of Asymmetric Key Cryptography

Security Responsibility
 In asymmetric cryptography, the burden of security primarily falls on the receiver, like Bob.
 Bob must generate both a private and a public key, with the public key distributed to the community.
 Distribution occurs through a public-key channel, which doesn't need secrecy but requires authentication
and integrity to prevent impersonation.
Key Components
 Plaintext: This refers to the original, readable message or data that is inputted into the encryption
algorithm.
 Encryption algorithm: This algorithm transforms the plaintext in various ways.
 Public and private keys: A pair of keys chosen so that if one is used for encryption, the other is used for
decryption. The specific transformations performed depend on whether the public or private key is
provided as input.
 Cipher text: The encrypted, scrambled message produced as output. It can be find using both the
plaintext and the key.
 Decryption algorithm: This algorithm takes the cipher text and the corresponding key and retrieves the
original plaintext.

Advantages
 Enhanced Security: The private key remains secret, making it difficult for someone to decrypt
intercepted messages.
 Secure Key Distribution: Public keys can be shared openly without compromising security, unlike
symmetric keys that require secure distribution.

RSA Cryptosystem:
RSA(Rivest-Shamir-Adleman) Algorithm is an asymmetric or public-key cryptography algorithm which
means it works on two different keys: Public Key and Private Key.
The Public Key is used for encryption and is known to everyone, while the Private Key is used
for decryption and must be kept secret by the receiver.

RSA Algorithm is named after Rivest, Shamir and Adleman, who published this algorithm in 1977.

Example of Asymmetric Cryptography:

 If Person A wants to send a message securely to Person B:
 Person A encrypts the message using Person B’s Public Key.
 Person B decrypts the message using their Private Key.
RSA Algorithm
RSA Algorithm is based on factorization of large number and modular arithmetic for encrypting and
decrypting data. It consists of three main stages:
 Key Generation: Creating Public and Private Keys
 Encryption: Sender encrypts the data using Public Key to get cipher text.
 Decryption: Decrypting the cipher text using Private Key to get the original data.

1. Key Generation
Step1.Choose two large prime numbers, say p and q. These prime numbers should be kept secret.
Step2.Calculate the product of primes, n = p * q. This product is part of the public as well as the private
key.
Step3.Calculate Euler Totient FunctionΦ(n) as The Euler's Totient Function counts the numbers lesser
than a number say n that do not share any common positive factor other than 1 with n Hence, n=8,there
are 4 numbers(2,3,5 and 7) that are lesser than 8.

Φ(n) = Φ(p * q) = Φ(p) * Φ(q) = (p – 1) * (q – 1).

Step4.Choose encryption exponent e, such that

1 < e < Φ(n), and gcd(e, Φ(n)) = 1, that is e should be co-prime with Φ(n).
Calculate decryption exponent d, such that d= Φ(n)*i+1/e that is d is modular multiplicative
inverse of e mod Φ(n). Some common methods to calculate multiplicative inverse.

Step5.We can have multiple values of d satisfying (d * e) ≡ 1 mod Φ(n) but it does not matter which
value we choose as all of them are valid keys and will result into same message on decryption.
Finally, the Public Key = (n, e) and the Private Key = (n, d).

2. Encryption: It is a convertor which converts the data in plain text to cipher text.

Ex:”India”->”$&+S%”

To encrypt a message M, it is first converted to numerical representation using ASCII and other encoding
schemes. Now, use the public key (n, e) to encrypt the message and get the cipher text using the formula:
C = Me mod n, where C is the Cipher text and e and n are parts of public key.

3. Decryption: It is an inverse of encryption which converts the data from cipher text to plain text.
Ex:”$&+S%”->:”India”
 To decrypt the cipher text C, use the private key (n, d) and get the original data using the formula:
M = Cd mod n, where M is the message and d and n are parts of private key.

Modular
A Modular is a branch of arithmetic mathematics which can be represented by “mod”. A modular
arithmetic is related to the computation of a “mod” of expressions. Expressions may have digits and
computational symbols of addition, subtraction, multiplication, division or any other.

Characteristics of RSA
 It is a public key encryption technique.
 It is safe for exchange of data over internet.
 It maintains confidentiality of the data.
 RSA has high toughness as breaking into the keys by interceptors is very difficult.

Advantages
 Security: RSA algorithm is considered to be very secure and is widely used for secure data
transmission.
 Public-key cryptography: RSA algorithm is a public-key cryptography algorithm, which means
that it uses two different keys for encryption and decryption. The public key is used to encrypt the
data, while the private key is used to decrypt the data.
 Key exchange: RSA algorithm can be used for secure key exchange, which means that two parties
can exchange a secret key without actually sending the key over the network.
 Digital signatures: RSA algorithm can be used for digital signatures, which means that a sender
can sign a message using their private key, and the receiver can verify the signature using the
sender’s public key.
 Widely used: Online banking, e-commerce, and secure communications are just a few fields and
applications where the RSA algorithm is extensively developed.

Disadvantages
 Slow processing speed: RSA algorithm is slower than other encryption algorithms, especially
when dealing with large amounts of data.
 Large key size: RSA algorithm requires large key sizes to be secure, which means that it requires
more computational resources and storage space.
 Vulnerability to side-channel attacks: RSA algorithm is vulnerable to side-channel attacks,
which means an attacker can use information leaked through side channels such as power
consumption, electromagnetic radiation, and timing analysis to extract the private key.
 Limited use in some applications: RSA algorithm is not suitable for some applications, such as
those that require constant encryption and decryption of large amounts of data, due to its slow
processing speed.
 Complexity: The RSA algorithm is a sophisticated mathematical technique that some individuals
may find challenging to comprehend and use.
 Key Management: The secure administration of the private key is necessary for the RSA
algorithm, although in some cases this can be difficult.
 Vulnerability to Quantum Computing: Quantum computers have the ability to attack the RSA
algorithm, potentially decrypting the data.

Key components of the RSA algorithm

The key components include:
 Public Key: Used for encryption and shared openly.
 Private Key: Used for decryption and kept secret.
 Modulus (n): The product of two large prime numbers.
 Public Exponent (e): A number co-prime to phi(n).
 Private Exponent (d): The modular multiplicative inverse of e.
Robin Cryptosystem:
It is an “public-key cryptosystem” which is invented by Michael Rabin. It is based upon “quadratic
congruence”. In math, congruent means having the same shape and size. Congruent shapes have the same
measurements, including the lengths of their sides and the sizes of their angles.

Public-key cryptosystem: A public-key cryptosystem, also known as asymmetric cryptography, uses a pair
of keys to encrypt and decrypt messages. The public key can be shared with anyone, but the private key is
kept secret.

It uses asymmetric key encryption for communicating between two parties and encrypting the message. The
security of Rabin cryptosystem is related to the difficulty of factorization.

Steps in Rabin cryptosystem

Key generation
Generate two very large prime numbers, p and q, which satisfies the condition p ≠ q → p ≡ q ≡ 3 (mod 4)
For example: p=139 and q=191
Calculate the value of n n = p.q
Publish n as public key and save p and q as private key

Encryption
Get the public key n.
Convert the message to ASCII value. Then convert it to binary and extend the binary value with itself, and
change the binary value back to decimal m.
Encrypt with the formula: C = m2 mod n Send C to recipient.

Decryption
Accept C from sender.
Specify a and b with Extended Euclidean GCD such that, a.p + b.q = 1
Compute r and s using following formula: r = C(p+1)/4 mod p s = C(q+1)/4 mod q
Now, calculate X and Y using following formula: X = ( a.p.r + b.q.s ) mod p Y = ( a.p.r – b.q.s ) mod q
The four roots are, m1=X, m2=-X, m3=Y, m4=-Y

Now, Convert them to binary and divide them all in half.

Determine in which the left and right half are same. Keep that binary’s one half and convert it to decimal m.

Advantages of Rabin cryptosystem:

 Proven security:
The security of the Rabin cryptosystem is directly tied to the difficulty of integer factorization,
providing a strong theoretical guarantee against attacks.
 Efficient encryption:
The encryption process in Rabin is computationally fast as it only involves squaring modulo n.

Key disadvantages of Rabin cryptosystem:

 Ambiguous decryption:
Each cipher text can correspond to four possible plaintexts due to the nature of square roots
modulo n, requiring additional steps to determine the correct plaintext during decryption.
 Implementation complexity:
Handling the multiple possible plaintexts during decryption adds complexity to the
implementation, making it less user-friendly compared to RSA.

Elgamal Cryptosystem: An ElGamal encryption system is an “asymmetric key encryption algorithm” for
public-key cryptography. It is based upon “Diffie-Hellmen Key Exchang. It was invented by Taher ElGamal
in 1985. This algorithm is widely used for secure data transmission through digital signatures and
encryption applications.

Key Generation:
Public Parameters: Select a large prime number p and a generator g of the multiplicative group Z*p.
Private Key: Select a private key x such that 1 ≤ x ≤p −2.
Public Key: Compute h=gx mod p. The public key is (p,g,h) and the private key is x.
Encryption:
To encrypt a message M:
Choose a random integer k such that 1 ≤ k ≤ p−2.
Compute C1 = gk mod p.
Compute C2 =M⋅hk mod p.
The cipher text is (c1,c2).
Decryption:
To decrypt the cipher text (c1,c2) using the private key x:
Compute the shared secret s= Cx1 mod p.
Compute s−1 mod p (the modular inverse of s).
Compute the original message M = C2⋅s−1 mod p.

Applications of ElGamal Encryption Algorithm

Encryption: ElGamal is used for encrypting messages where public key cryptography is required.
Digital Signatures: A variant of ElGamal is used for creating digital signatures, ensuring message
authenticity and integrity.

Advantages
Security: ElGamal is based on the discrete logarithm problem, which is considered to be a hard problem to
solve. This makes it secure against attacks from hackers.
Key distribution: The encryption and decryption keys are different, making it easier to distribute keys
securely. This allows for secure communication between multiple parties.
Digital signatures: ElGamal can also be used for digital signatures, which allows for
secure authentication of messages.
Disadvantages
Slow processing: ElGamal is slower compared to other encryption algorithms, especially when used with
long keys. This can make it impractical for certain applications that require fast processing speeds.
Key size: ElGamal requires larger key sizes to achieve the same level of security as other algorithms. This
can make it more difficult to use in some applications.
Vulnerability to certain attacks: ElGamal is vulnerable to attacks based on the discrete logarithm
problem, such as the index calculus algorithm. This can reduce the security of the algorithm in certain
situations.

2.3 Message Integrity and Message Authentication:

Message Integrity: In Cryptography the “Message integrity” is a process of verifying the receiver’s message is
intact(No change) and is exactly as sent.
The word Integrity means “correctness”. This ensures that the transmitted message from the sender to the
receiver is not altered.
It can implement any type of manipulation such as changing content, adding fragments, removing fragments
or content transposition.
Message integrity in cryptography ensures that a message has not been tampered with or changed. The
most typical method is to use a hash function, which combines all the bytes in the message with a secret
key to generate a message digest that is difficult to reverse. Integrity verification is a component of an
information security program. The message authentication code, also known as a digital authenticator, is
used as an integrity check that uses a secret key held by two parties to validate information sent between
them. It is supported by using a cryptographic hash or symmetric encryption technique.

How Message Integrity in Cryptography Works?

Message integrity is commonly used in computing systems for integrity verification and information
authentication. They are regarded cryptographically "weak" since they can be solved in polynomial time
but are difficult to interpret.

Message integrity enhances traditional hash algorithms with security characteristics, making it more
difficult to discover message content or receiver and sender information.

 Hash functions: Map data to a fixed size, returning a deterministic output from an input value.
 Message integrity: Assured by hashing a message based on a secret key in a MAC operation.
 Digital signing: Involves verification that assures authenticity.
 Zero-knowledge: A basic notion that can be used to assure that actions taken in a cryptographic
protocol are in accordance with the protocol specification.
Steps to Verify the Integrity of a Message
Message Authentication Codes: Suppose two users, a sender, and a receiver, want to connect via
messages. In MAC, or Message Authentication Codes, the transmitter and receiver use the same MAC
algorithm or key.

Certificates: A certificate is a digital document that validates a public key. The certificate provides
information about the key, the owner's identity, and the organization's digital signature, which has verified
the certificate's contents.

Non repudiation: Non repudiation is the property of agreeing to adhere to an obligation. More
specifically, it is the inability to refute responsibility.

Message Authentication Codes: In the case of MAC, there is no public key. There is just one private key,
which is known only to the sender and receiver. As a result, there is no interference from external parties.
Even if a third-party user had access to the secret key, he could not guarantee that either the sender or the
recipient signed the message because both can encrypt or decrypt it.

Methods for Message Integrity in Cryptography

 To maintain integrity, the message and digest pair serve as the electronic equivalent of the
document and fingerprint pairs.
 The message digest needs to be stable and resistant to modification.
 The message digest is computed using a cryptographic hash function.

Message Authentication Codes

Suppose two users, a sender, and a receiver, want to connect via messages. The transmitter and receiver use
the same MAC Algorithm or Key in MAC, or Message Authentication Codes. The sender uses the MAC
Algorithm to the text message and produces cipher text. The sender then combines the cipher text and key.
This combination is known as a MAC Code, or Message Authentication Code.

 The advantages of being honest, is that you will gain a reputation of integrity which is a good thing
to know you can be trusted.
 The disadvantage, is that most time we don't really like honesty and you may not be a big fan
amongst your peers.

Message Authentication:
Authentication means “A user or an organization has to prove its identity to the server or client”.
A Data is to be prone(damages or illness)due to various attacks. One of these attacks includes message
authentication. This threat arises when the user does not have any information about the originator of the
message.
Message authentication can be achieved using cryptographic methods.

Authentication Requirements:

Revelation: It means releasing the content of the message to someone who does not have an appropriate
cryptographic key.

Analysis of Traffic: Determination of the pattern of traffic through the duration of connection and
frequency of connections between different parties.

Deception: Adding out of context messages from a fraudulent source into a communication network. This
will lead to mistrust between the parties communicating and may also cause loss of critical data.
Modification in the Content: Changing the content of a message. This includes inserting new
information or deleting/changing the existing one.

Modification in the sequence: Changing the order of messages between parties. This includes insertion,
deletion, and reordering of messages.

Modification in the Timings: This includes replay and delay of messages sent between different parties.
This way session tracking is also disrupted.

Source Refusal: When the source denies being the originator of a message.

Destination refusal: When the receiver of the message denies the reception.

Message Authentication Functions:

All message authentication and digital signature mechanisms are based on two functionality levels:

Lower level: At this level, there is a need for a function that produces an authenticator, which is the value
that will further help in the authentication of a message.

Higher-level: The lower level function is used here in order to help receivers verify the authenticity of
messages.

These message authentication functions are divided into three classes:

Message encryption: While sending data over the internet, there is always a risk of a Man in the middle
(MITM) attack. A possible solution for this is to use message encryption. In message encryption, the data is
first converted to a cipher text and then sent any further. Message encryption can be done in two ways:

Symmetric Encryption: Say we have to send the message M from a source P to destination Q. This
message M can be encrypted using a secret key K that both P and Q share. Without this key K, no other
person can get the plain text from the cipher text. This maintains confidentiality. Further, Q can be sure that
P has sent the message. This is because other than Q, P is the only party who possesses the key K and thus
the cipher text can be decrypted only by Q and no one else. This maintains authenticity. At a very basic
level, symmetric encryption looks like this:

Public key Encryption: Public key encryption is not as advanced as symmetric encryption as it provides
confidentiality but not authentication. To provide both authentication and confidentiality, the private key is
used.

Message authentication code (MAC): A message authentication code is a security code that the user of a
computer has to type in order to access any account or portal. These codes are recognized by the system so
 that it can grant access to the right user. These codes help in maintaining information integrity. It also
confirms the authenticity of the message.

Hash function: A hash function is nothing but a mathematical function that can convert a numeric value
into another numeric value that is compressed. The input to this hash function can be of any length but the
output is always of fixed length. The values that a hash function returns are called the message digest or
hash values.

MAC ensures that the message is coming from the correct sender, has not been changed, and that the data
transferred over a network or stored in or outside a system is legitimate and does not contain harmful code.

Differences between message confidentiality and message integrity

 Confidentiality is ensuring that the message is only readable by the intended parties and is best
accomplished using the recipient's key pair.
 Integrity is ensuring that the message is as intended by the sender and is best accomplished using
the sender's key pair.

2.4 Cryptographic Hash Functions:

Cryptographic Hash Function: A cryptographic hash function (CHF) is a mathematical equation that
verifies the authenticity of data. It's used in many applications, including digital signatures and user
authentication.

How it works
 A CHF translates data of any length into a fixed-length numerical string called a hash.
 It's a one-way function, making it very difficult to reverse the process.
 A good CHF produces the same hash value for the same message.
 It should be very difficult to regenerate the message or find two messages with the same hash value.

Examples of cryptographic hash functions

 SHA-256: A member of the Secure Hash Algorithm (SHA-2) family, SHA-256 is used by many
organizations and institutions to protect sensitive information.
 SHA-1: A 160-bit hash function that was widely used for digital signatures, but is no longer considered
secure. A CHF applications digital signatures, certificates, cryptocurrencies, and user authentication.
A hash function in cryptography takes a plaintext input and produces a hashed value output of a
particular size that cannot be reversed. However, from a high-level viewpoint, they do more.

 Secure against unauthorized alterations: It assists you in even minor changes to a message that will
result in the generation of a whole new hash value.
 Protect passwords and operate at various speeds: Many websites allow you to save your passwords so
that you don't have to remember them each time you log in. However, keeping plaintext passwords on a
public-facing server is risky since it exposes the information to thieves. Websites commonly use hash
passwords to create hash values, which they then store.

Applications of Cryptographic Hash Functions

Below are some applications of cryptography hash functions
Message Authentication
 Message authentication is a system or service that verifies the integrity of a communication.
 It ensures data is received precisely as transmitted, with no modifications, insertions, or deletions, a hash
function is used for message authentication, and the value is sometimes referred to as a message digest.

 Message authentication often involves employing a message authentication code (MAC).

 MACs are widely used between two parties that share a secret key for authentication purposes. A MAC
function uses a secret key and data block to generate a hash value, that identifies the protected
communication.

Data Integrity Check

 Hash functions are most commonly used to create checksums for data files.
 This program offers the user with assurance that the data is correct.
 The integrity check allows the user to detect any modifications to the original file.
 It does not assure uniqueness. Instead of altering file data, the attacker can update the entire file, compute
a new hash, and deliver it to the recipient.

Digital Signatures
 The digital signature application is comparable to message authentication.
 Digital signatures operate similarly to MACs.
 Digital signatures encrypt message hash values using a user's private key.
 The digital signature may be verified by anybody who knows the user's public key.
SHA-512: SHA Stands for “Secure Hash Algorithm”. It is mainly used for hashing the data and create
certificate files.

Data Hashing is a process that turns data into a fixed-length string of characters, called a hash value. It's a
one-way function, meaning the original data can't be recovered from the hash value.

SHA 512 is a “cryptographic hash function” that turns data of any length into a fixed-size string. It's part of
the SHA-2 family of hashing algorithms.

How is hashing used?

Data security: Hashing is a key tool for protecting sensitive data like passwords, messages, and
documents.
Data integrity: Hashing can verify that data hasn't been changed since it was created.
Data retrieval: Hashing can quickly store and retrieve data in hash tables.
Digital signatures: Hashing can be used to create digital signatures that verify the authenticity of
documents.
Personal identifiable information (PII): Hashing can be used to safely share PII while still protecting it
from unauthorized access.

How does hashing work?

 A hash function is an algorithm that converts data into a hash value.
 The input data is often called the "key".
 The results of the hash function are called hash values, hash codes, or just hashes.

Key Features of the SHA-512 Hash Function

 Robustness and Resistance to various cryptographic attacks — SHA-512 produces a fixed-size 512-
bit hash value, providing a vast number of possible output combinations, which enhances its
resistance to collision attacks.
 Logical and bitwise operations — Solutions such as modular addition and bitwise rotation ensure
the unpredictability and irreversibility of the hash function.
 The algorithm is designed to handle input messages of up to 2^128 - 1 bits in length, making it
suitable for a wide range of data sizes.
 Iterative Structure: SHA-512 employs an iterative process with multiple rounds of processing, each
involving a set of specific mathematical functions. This iterative structure enhances the diffusion
and avalanche effects, making it computationally infeasible to predict the hash output from small
changes in the input.
 Versatility: While SHA-512 is commonly used for cryptographic purposes, it also finds applications
in other fields, such as checksum verification and data integrity checks. Its versatility makes it a
valuable tool for a wide range of information security and data management scenarios.
 Resistance to Birthday Attacks: The 512-bit output length significantly increases resistance to
birthday attacks, a type of cryptographic attack that exploits the probability of two different inputs
producing the same hash value. The large output space reduces the likelihood of such collisions,
bolstering the security of the hash function.

Difference Between AES and DES

S.No AES DES

AES stands for Advanced Encryption

DES stands for Data Encryption Standard
1. Standard

2. The date of creation is 2001. The date of creation is 1977.

Bit-Oriented.
Byte-Oriented.
3.

Key length can be 128-bits, 192-bits, and

The key length is 56 bits in DES.
4. 256-bits.

Number of rounds depends on key length:

DES involves 16 rounds of identical operations
5. 10(128-bits), 12(192-bits), or 14(256-bits)

The structure is based on a substitution-

The structure is based on a Feistel network.
6. permutation network.

7. The design rationale for AES is open. The design rationale for DES is closed.

8. The selection process for this is secret but The selection process for this is secret.
S.No AES DES

accepted for open public comment.

DES can be broken easily as it has known vulnerabilities.

AES is more secure than the DES cipher
3DES(Triple DES) is a variation of DES which is secure than
and is the de facto world standard.
9. the usual DES.

The rounds in AES are: Byte Substitution,

The rounds in DES are: Expansion, XOR operation with round
Shift Row, Mix Column and Key
key, Substitution and Permutation
10. Addition

11. AES can encrypt 128 bits of plaintext. DES can encrypt 64 bits of plaintext.

It can generate Cipher text of 128, 192,

It generates Cipher text of 64 bits.
12. 256 bits.

AES cipher is derived from an aside-

DES cipher is derived from Lucifer cipher.
13. channel square cipher.

AES was designed by Vincent Rijmen and

DES was designed by IBM.
14. Joan Daemen.

15. It is faster than DES. It is slower than AES.

16. It is flexible. It is not flexible.

It is efficient with both hardware and

It is efficient only with hardware.
17. software.