MODULE 2: CRYPTOGRAPHY AND AUTHENTICATION TECHNIQUES

INTRODUCTION TO CRYPTOGRAPHY
Cryptography is the science of protecting information using mathematical techniques to ensure
confidentiality, integrity, and authentication. It transforms readable data into unreadable form,
preventing unauthorized access and tampering.
 Converts plaintext into cipher text using algorithms and keys
 Ensures confidentiality, integrity, authentication, and non-repudiation
 Used in secure communication, digital signatures, passwords, and online transactions

Cryptographic systems are characterized along three independent dimensions:

1. The type of operations used for transforming plaintext to cipher text: All encryption
algorithms are based on two general principles: substitution, in which each element in the
plaintext (bit, letter, group of bits or letters) is mapped into another element, and
transposition, in which elements in the plaintext are rearranged. The fundamental
requirement is that no information be lost (that is, that all operations are reversible). Most
systems, referred to as product systems, involve multiple stages of substitutions and
transpositions.
2. The number of keys used: If both sender and receiver use the same key, the system is
referred to as symmetric, single-key, secret-key, or conventional encryption. If the sender
and receiver use different keys, the system is referred to as asymmetric, two-key, or
public-key encryption.
3. The way in which the plaintext is processed: A block cipher processes the input one
block of elements at a time, producing an output block for each input block. A stream
cipher processes the input elements continuously, producing output one element at a time,
as it goes along.

ENCRYPTION
 Definition: Transforms plaintext into cipher text.
 Process: An algorithm scrambles the original message using a cryptographic key, creating
meaningless jumbled text.
 Purpose: To prevent unauthorized access and maintain confidentiality.

1
 DECRYPTION
 Definition: Converts cipher text back into plaintext.
 Process: Reverses the encryption using the corresponding key to unscramble the data.
 Purpose: To restore the data to its original, readable format.

SYMMETRIC AND ASYMMETRIC KEY CRPTOGRAPHY

SYMMETRIC KEY CRYPTOGRAPHY
When the plain text is encrypted and decrypted using the same key, it is known as symmetric
key cryptography. It is also known as "shared-key" or "private-key" cryptography. It ensures
confidentiality by ensuring only authorized parties with the key can access the original data.
The key is a piece of a shared secret between the two parties involved, hence it is 'shared-key'
and is kept secret, hence the name 'private-key' is justified.

1. Key Generation:
The first step involves selecting a private key. A secure key is generated using algorithms like
PBKDF2 (Password-Based Key Derivation Function 2) or hardware random number
generators. This key must be securely shared or transferred over the network for future use.
Example: A 256-bit AES key: 3A7F2B4E... (32-byte hexadecimal string).
2. Encryption:
In this step, the original message (plain text) is transformed into unreadable text (cipher text)
,and the plaintext is processed in blocks or streams using an encryption algorithm and the
secret key.
Example: AES-256 in CBC (Cipher Block Chaining) mode encrypts a 128-bit block of
plaintext with the key and an initialization vector (IV) to produce cipher text.
3. Transfer of Cipher text:
The encrypted message (cipher text) is then sent over the network. Even if intercepted, it
remains unreadable to the attacker unless they have access to the shared secret key and the
algorithm used for encryption.
4. Decryption:
In the final step, the recipient uses the same secret key and a reverse encryption algorithm to
convert the cipher text back into the original message (plain text).

ASYMMETRIC KEY CRYPTOGRAPHY

Asymmetric encryption, also known as public-key cryptography, is a type of encryption that
uses a pair of keys to encrypt and decrypt data. The pair of keys includes a public key, which
can be shared with anyone, and a private key, which is kept secret by the owner.
In asymmetric encryption, the sender uses the recipient's public key to encrypt the data. The
recipient then uses their private key to decrypt the data. This approach allows for secure

2
communication between two parties without the need for both parties to have the same secret
key.

Step 1. Key Pair Generation:

 The first step in asymmetric encryption is generating a pair of keys: a public key and a
private key.
 The public key is shared openly, while the private key is kept secret.
Step 2. Encryption:
 The sender uses the public key of the recipient to encrypt the message.
 The public key is used because it is freely available and can be used to convert the message
into an unreadable format (cipher text).
Step 3. Transmission:
 The encrypted message (cipher text) is sent over the network to the recipient. Even if
intercepted by someone, it remains unreadable without the corresponding private key.
Step 4. Decryption:
 Upon receiving the encrypted message, the recipient uses their private key to decrypt it.
 The private key is kept secure and is never shared, ensuring that only the intended recipient
can decrypt and read the message.
Step 5. Verification (Digital Signature):
 In some cases, the sender may also sign the message using their private key to ensure its
authenticity.
 The recipient can verify the signature using the sender's public key, confirming that the
message was not tampered with and was indeed sent by the intended sender.
Step 6. Result:
 Once decrypted, the message is returned to its original form (plain text), and the recipient
can read it.
 This method ensures both the confidentiality of the message (by using the recipient’s public
key) and the integrity and authenticity (via digital signatures using the sender’s private
key).

SYMMETRIC KEY ENCIPHERMENT

TRADITIONAL SYMMETRIC KEY CIPHERS
Symmetric key encipherment uses the same secret key for both encrypting (scrambling) and
decrypting (unscrambling) data. A symmetric encryption scheme has five ingredients:
 Plaintext: This is the original intelligible message or data that is fed into the algorithm as
input.
 Encryption algorithm: The encryption algorithm performs various substitutions and
transformations on the plaintext.
 Secret key: The secret key is also input to the encryption algorithm. The key is a value
independent of the plaintext and of the algorithm. The algorithm will produce a different
output depending on the specific key being used at the time. The exact substitutions and
transformations performed by the algorithm depend on the key.
3
 Cipher text: This is the scrambled message produced as output. It depends on the plaintext
and the secret key. For a given message, two different keys will produce two different cipher
texts. The cipher text is an apparently random stream of data and, as it stands, is
unintelligible.
 Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes
the cipher text and the secret key and produces the original plaintext.

(You can also refer the symmetric key cryptography. Both are same concepts. But made as
separate for following the syllabus structure)

KIRCHHOFF’S PRINCIPLE
Kirchhoff's principle is a 19th-century cryptographic rule stating that a system's security should
rely on the secrecy of the key, not on the secrecy of the algorithm itself. This means the
cryptographic system should remain secure even if its design and implementation are public
knowledge, a concept also known as "security through obscurity is not security".

CRYPTANALYSIS
Cryptanalytic attacks rely on the nature of the algorithm plus perhaps some knowledge of the
general characteristics of the plaintext or even some sample plaintext–ciphertext pairs. This type
of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or
to deduce the key being used.

4
CATEGORIES OF TRADITIONAL CIPHERS
Traditional ciphers are primarily categorized into substitution ciphers, which replace plaintext
characters with cipher text characters, and transposition ciphers, which rearrange the order of
plaintext characters. Other important categories include modern ciphers and concealment
ciphers.

 SUBSTITUTION CIPHER
A substitution technique is one in which the letters of plaintext are replaced by other letters or by
numbers or symbols. If the plaintext is viewed as a sequence of bits, then substitution involves
replacing plaintext bit patterns with cipher text bit patterns.

1) MONOALPHABETIC CIPHER
A Monoalphabetic Cipher is a type of substitution cipher in which each letter in the plaintext
is replaced by another single fixed letter of the alphabet. The substitution rule remains the
same throughout the message.
Explanation:
• The same substitution rule is used for the entire message.
• For example, if A → D, then every A in the message will always be replaced by D.
• There are 26 (factorial) possible keys.

Encryption Process:
1. Choose a substitution rule (a key).
2. Replace each letter of plaintext with the corresponding cipher letter.

Decryption Process:
Replace each letter of the cipher text with its matching plaintext letter (using the reverse key).

Substitution Key Mapping follows;

5
a) CAESAR CIPHER
The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar. The
Caesar cipher involves replacing each letter of the alphabet with the letter standing three places
further down the alphabet. For example,

Then the algorithm can be expressed as follows. For each plaintext letter , substitute the cipher
text letter C

6
 b) ATBASH CIPHER
The Atbash cipher is a simple substitution cipher that reverses the alphabet, mapping A to Z, B
to Y, C to X, and so on, creating a mirror image for encryption and decryption without needing a
complex key, making "HELLO" become "SVOO" and "DOG" become "WLT".
How it Works
1. Standard Alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ
2. Reversed Alphabet: ZYXWVUTSRQPONMLKJIHGFEDCBA
3. Mapping: Find the letter in the standard alphabet and replace it with the letter directly below it
in the reversed alphabet.
Example: Encrypting "SECRET"
 S (19th letter) maps to H (19th from end)
 E (5th letter) maps to V (5th from end)
 C (3rd letter) maps to X (3rd from end)
 R (18th letter) maps to I (18th from end)
 E (5th letter) maps to V (5th from end)
 T (20th letter) maps to G (20th from end)
Result: SECRET becomes HVXIVG.

2) POLYALPHABETIC CIPHER
A Polyalphabetic Cipher is a type of substitution cipher in which multiple cipher alphabets are
used to encrypt the message. That means the same letter can be replaced by different letters at
different places in the text — making it more secure than monoalphabetic ciphers.
Main Idea:
• Uses two or more substitution alphabets.
• A key determines which alphabet is used for each letter.
• Prevents frequency analysis because a single plaintext letter can have multiple cipher text
forms.
a) VIGENÈRE CIPHER
The Vigenère Cipher is the most common type of polyalphabetic cipher. It uses a keyword to
decide how much each letter in the plaintext should be shifted.

7
b) PLAYFAIR CIPHER
The Playfair algorithm is based on the use of a 5 × 5 matrix of letters constructed using a
keyword.
In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of
the keyword (minus duplicates) from left to right and from top to bottom, and then filling in
the remainder of the matrix with the remaining letters in alphabetic order. The letters I and J
count as one letter. Plaintext is encrypted two letters at a time, according to the following
rules:

8
1. Repeating plaintext letters that are in the same pair are separated with a filler letter, such as
x, so that balloon would be treated as ba lx lo on.
2. Two plaintext letters that fall in the same row of the matrix are each replaced by the letter
to the right, with the first element of the row circularly following the last. For example, ar is
encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by the letter beneath,
with the top element of the column circularly following the last. For example, mu is
encrypted as CM.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row
and the column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes
IM (or JM, as the encipherer wishes).

Plaintext: BALLOON
Step 1: Form digraphs
Rules: Same letters in a pair → insert X
If one letter left → add X

BA | LX | LO | ON

Encryption Rules Reminder

Same row → take the letter to the right
Same column → take the letter below
Rectangle → swap columns

Encrypt Each Digraph

 BA
B (row2, col4), A (row1, col4) → same column ↓ take letters below
B → I , A → B BA → IB

 LX
L (row4, col1), X (row5, col4) → rectangle
L → S , X → U LX → SU

 LO
L (row4, col1), O (row1,col2) → rectangle
L → P , O → M LO → PM

 ON
O (row1, col2), N (row1,col3) → same row → take letters to the right
O → N , N → A ON → NA

Final Cipher Text: IB SU PM NA

9
TRANSPOSITION CIPHER
A transposition cipher is a type of encryption in which the letters of the plaintext are changed
into cipher text by rearrangement. This rearrangement follows a specific permutation rule or
key, which determines the new order of the letters. The letters themselves are not changed, only
their positions, making the message unreadable to anyone who does not know the key.

 KEYLESS TRANSPOSITION CIPHER

• How it works: Uses a predefined, fixed pattern for rearranging the message.
• Key: No secret key is needed, as the algorithm is a fixed rule known in advance.
• Examples: The rail fence cipher, where text is written in a zigzag pattern on a set number of
"rails,"
• Security: Less secure because the predictable pattern can be exploited if the method is known.

 RAIL FENCE
The simplest transposition cipher is the rail fence technique, in which the plaintext is written
down as a sequence of diagonals and then read off as a sequence of rows. For example, to
encipher the message “meet me after the toga party” with a rail fence of depth 2, we write the
following

 KEYED TRANSPOSITION CIPHER

• How it works: Uses a secret key to determine the order in which characters are rearranged.
• Key: A secret key (often a keyword) is required for both encryption and decryption.
• Examples: The columnar transposition cipher, where a keyword determines the order of
columns to read the message, and double transposition, which combines multiple transposition
steps.
• Security: More secure than keyless ciphers because the key can be changed to prevent
unauthorized decryption.

➢COLUMNAR TRANSPOSITION CIPHER

This sort of thing would be trivial to crypt analyze. A more complex scheme is to write the
message in a rectangle, row by row, and read the message off, column by column, but permute
the order of the columns. The order of the columns then becomes the key to the algorithm. For
example,

10
Thus, in this example, the key is [Link] encrypt, start with the column thati s labeled 1, in
this case column [Link] down all the letters in that column. Proceed to column 4, which is
labeled 2, then column 2, then column 1, then columns 5, 6, and 7.

 DOUBLE TRANSPOSITION CIPHER

The transposition cipher can be made significantly more secure by performing more than one
stage of transposition. The result is a more complex permutation that is not easily reconstructed.
Thus, if the foregoing message is reencrypted using the same algorithm.

STEGANOGRAPHY
Steganography is the practice of concealing a file, message, or information within another
nonsecret file, message, or object to prevent detection.
• Character marking: Selected letters of printed or typewritten text are overwritten in pencil.
The marks are ordinarily not visible unless the paper is held at an angle to bright light.
• Invisible ink: A number of substances can be used for writing but leave no visible trace until
heat or some chemical is applied to the paper.
• Pin punctures: Small pin punctures on selected letters are ordinarily not visible unless the
paper is held up in front of a light.
• Typewriter correction ribbon: Used between lines typed with a black ribbon, the results of
typing with the correction tape are visible only under a strong light.

AUTHENTICATION METHODS
Authentication is the process of verifying someone or something's identity, confirming they are
who or what they claim to be, usually by checking credentials like passwords, biometrics, or
security tokens, to grant secure access to systems, networks, or resources, preventing
unauthorized entry.

 PASSWORDS
Password authentication is a method where a user enters a user ID and password to access a
system. The system checks these details with stored information and allows access only if they
match. A password is a secret code made using letters, numbers, and special characters and
should be known only to the correct user. For security, passwords should have at least 8
characters and include uppercase letters, lowercase letters, numbers, and symbols. Passwords are
the most common way to prove that a user is authorized to use a computer system or network.
Static password: A static password is a fixed password that remains the same until the user
changes it.
Dynamic password: A dynamic password changes automatically each time or after a short
period of time. Example is a One Time Password(OTP) sent to a user’s mobile phone or email,
which changes every time and is valid for only a short time.

11
 BIOMETRICS
Biometric authentication verifies a person’s identity using unique biological features such as
fingerprints, face, iris, or voice. It works by capturing these features and comparing them with
stored data to allow access. It is more secure and convenient than passwords because it depends
on who you are, not what you know.
Fingerprint Recognition – Identifies a person using fingerprint patterns.
Facial Recognition – Uses facial features to verify identity.
Iris Recognition – Identifies a person using iris patterns in the eye.
Voice Recognition – Verifies identity using a person’s voice.
Retina Recognition – Uses blood vessel patterns in the eye.
Hand Geometry – Identifies a person using hand shape and size.

 MULTIFACTOR AUTHENTICATION
Multi-Factor Authentication (MFA) is a security method that requires two or more verification
factors to access an account. Instead of using only a password, it adds extra layers such as
something you know (password), something you have (a code sent to a phone), or something you
are (fingerprint). This improves security and helps prevent unauthorized access even if a
password is stolen.
Types of MFA:
 Something you know – Password or PIN
 Something you have – OTP, smart card, or mobile device
 Something you are – Fingerprint, face, or iris recognition

 HASH FUNCTIONS
Hash-based Authentication checks that data is correct and comes from the right sender. The
system turns the data into a short code called a hash. If the data changes, the hash changes too,
so any tampering can be detected.

HMAC (Hash-based Message Authentication Code) is a method that adds a secret key to the
hash. This makes it more secure because only someone with the secret key can create the correct
hash. It ensures that the data is authentic and that both the sender and receiver can trust each
other.

 DIGITAL SIGNATURE
A digital signature is a way to verify that a message or document really comes from the sender
and has not been changed. It works like a handwritten signature but in a digital form.

 The sender creates a digital signature using a private key.

 The receiver uses the sender’s public key to check the signature.
 If the signature is valid, it proves the message is authentic and has not been altered.

Digital signatures are widely used in emails, online transactions, and documents to ensure
security, authenticity, and integrity.

12