1.

4 ELEMENTARY CRYPTOGRAPHY: SUBSTITUTION CIPHER

Encryption is the process of encoding a message so that its meaning is not obvious;
decryption is the reverse process, transforming an encrypted message back into its normal,
original form. Alternatively, the terms encode and decode or encipher and decipher are used
instead of encrypt and [Link] is, we say that we encode, encrypt, or encipher the
original message to hide its meaning. Then, we decode, decrypt, or decipher it to reveal the
original message. A system for encryption and decryption is called a cryptosystem.
The original form of a message is known as plaintext, and the encrypted form is called
cipher text. For convenience, we denote a plaintext message P as a sequence of individual
characters P = <p1, p2, …, pn>. Similarly, cipher text is written as C = <c1, c2, …,cm>.

Plain text Encryption Cipher text

Cipher text Decryption plain text

 For instance, the plaintext message "I want cookies" can be denoted as the message
string <I, ,w,a,n,t,c,o,o,k,i,e,s>. It can be transformed into cipher text<c1, c2, …,c14>, and
the encryption algorithm tells us how the transformation is done.

We use this formal notation to describe the transformations between plaintext and cipher text.
For example:
we write C = E (P) and P = D(C), where C represents the cipher text, E is the
encryption rule, P is the plaintext, and D is the decryption rule.

P = D (E(P)).
In other words, we want to be able to convert the message to protect it from an intruder, but
we also want to be able to get the original message back so that the receiver can read it
properly.
The cryptosystem involves a set of rules for how to encrypt the plaintext and how to decrypt
the cipher text. The encryption and decryption rules, called algorithms, often use a device
called a key, denoted by K, so that the resulting cipher text depends on the original plaintext
message, the algorithm, and the key value. We write this dependence as C =E (K, P).
Essentially, E is a set of encryption algorithms, and the key K selects one specific algorithm
from the set.
There are many types of encryption. In the next sections we look at two simple forms of
encryption: substitutions in which one letter is exchanged for another and transpositions,
in which the order of the letters is rearranged.

Cryptanalyst: cryptanalyst is a person who studies encryption and encrypted message and
tries to find the hidden meanings (to break an encryption).

Confusion: it is a technique for ensuring that ciphertext has no clue about the original
message.

Diffusion: it increases the redundancy of the plaintext by spreading it across rows and
columns.

Substitutions Cipher: It basically consists of substituting every plaintext character for a

different cipher text character.
It is of two types-
I. Mono alphabetic substitution cipher
II. Poly alphabetic substitution cipher

Mono alphabetic substitution cipher:

Relationship between cipher text symbol and plain text symbol is 1:1.
 Additive cipher:
Key value is added to plain text and numeric value of key ranges from 0 – 25.

Example:
Plain text(P)- H E L LO (H=7,E=4,L=11,L=11,O=14)
Key (K)=15
Cipher text (C)= 7+15,4+15,11+15,11+15,14+15
= 22,19, 26,26,(29%26)=3
= W T A AD
  Affine cipher: C= (P+K) mod 26
It is the combination f additive
P= (C-K)and multiplica
mod 26 tive cipher
o

Let K1 and K2 are two keys

C= [(P x K1) + K2] mod 26

P= [(C-K2) x K1-1] mod 26

Polyalphabetic substitution cipher

In polyalphabetic cipher each occurrence of a character may have different substitution. The
relationship between characters in plain text and cipher text is 1 to many.
 Auto key cipher
 Playfair cipher
 Vigegeire cipher
 Hill cipher

Auto key cipher:

 In this cipher, key is stream of subkeys in which subkey is used to encrypt the
corresponding character in the plain text.
 Here 1st subkey is predefined and 2nd subkey is the value of the 1st character of the
plain text 3rd subkey is the value of the 2nd plain text and so on.

Example: A T T A C K
0 19 19 0 2 10
Key=12

12 0 19 19 0 2

Cipher text(C)= (12,19,38 19,2 12)%26 MTMTCM

Playfair cipher
In playfair cipher the secret key is made of 25 characters arranged in 5x5 matrix
Rules:
-  If 2 letters in a plaintext are located in the same row of the secret key then the
corresponding encrypted character for each letter is next letter to the right.
 If 2 letters in a pair are in same column then the corresponding encrypted
character is next below in the same column.
 If 2 letters are neither in same row or in same column then encrypted
character is in its own row but in the same column as the other character.
Example:

L G D B A
Q M H E C
K= U R N I/J F
XV S O K
ZY W T P
Plain text= HELLO

It is then made as pair.

HE LX LO
H E L Q L B
E C X Z O X

Vigener cipher:
The key stream is the repetition of the initial secret key stream of length m.
(1<=m<=26)
Example:
Plaintext- A B C D E F G H
Ks= 0, 5, 8

A B C D E F G H (B=1 =>1+5=6=>G)
0 5 8 0 5 8 0 5
0 6 10 3 9 13 6 12
A G K D J N G M <= ciphertext

Transposition cipher:

A transposition cipher is a method of encryption by which the positions held by units of

plaintext (which are commonly characters or groups of characters) are shifted according to a
regular system, so that the ciphertext constitutes a permutation of the plaintext. That is, the
order of the units is changed.
The goal of substitution is confusion; the transposition method is an attempt to make
it difficult i.e diffusion.

1. Keyless transposition cipher

There are two methods for permutation of characters
 Text is written into a table column by column and transmitted row by
row Example: plaintext- meet me at the park
memateake t
e thpr
ciphertext- memateaketethpr
 Text is written into the table row by row and then transmitted column by
column.
Example: m e e t
m e a t t
hepa
rk
ciphertext- mmtaeehreaekttp
 2. Keyed transposition cipher
Plaintext is divided into groups and permutes the character in each group.
Example: plaintext- “enemy attack at night”

keys:

encryption 31452 decryption

12345
appended to make a group of 5 characters
e n e m y a t t a c k a t n i g h t y z (Group of 5 characters)
encryption: e e m y n t a a c t t k n i k t g y z h
decryption: e n e m y a t t a c k a t n i g h t y z
the characters exceeding the length of plaintext are discarded.
Like y and z two characters are discarded

3. Combining the two approaches:

Encryption and decryption is done in three steps.
 Text is written into a table row by row.
 Permutation is done by reordering the column.
 New table is read column by column

1.5 MAKING GOOD ENCRYPTION ALGORITHM

So far, the encryption algorithms we have seen are trivial, intended primarily to demonstrate
the concepts of substitution and permutation. At the same time, we have examined several
approaches cryptanalysts use to attack encryption algorithms. Now we examine algorithms
that are widely used in the commercial world.
For each type of encryption we considered, has the advantages and disadvantages. But there
is a broader question: What does it mean for a cipher to be "good"? The meaning of good
depends on the intended use of the cipher. A cipher to be used by military personnel in the
field has different requirements from one to be used in a secure installation with substantial
computer support. In this section, we look more closely at the different characteristics of
ciphers.
Shannon's Characteristics of "Good" Ciphers
In 1949, Claude Shannon [SHA49] proposed several characteristics that identify a
good cipher.
1. The amount of secrecy needed should determine the amount of labor appropriate for
the encryption and decryption.

2. The set of keys and the enciphering algorithm should be free from complexity.

This principle implies that we should restrict neither the choice of keys nor the types of
plaintext on which the algorithm can work. For instance, an algorithm that works only on
plaintext having an equal number of A's and E's is useless. Similarly, it would be difficult
to select keys such that the sum of the values of the letters of the key is a prime number.
Restrictions such as these make the use of the encipherment prohibitively complex. If the
process is too complex, it will not be used. Furthermore, the key must be transmitted,
stored, and remembered, so it must be short.
3. The implementation of the process should be as simple as possible.
Principle 3 was formulated with hand implementation in mind: A complicated algorithm is
prone to error or likely to be forgotten. With the development and popularity of digital
computers, algorithms far too complex for hand implementation became feasible. Still, the
issue of complexity is important. People will avoid an encryption algorithm whose
implementation process severely hinders message transmission, thereby undermining
security. And a complex algorithm is more likely to be programmed incorrectly.

4. Errors in ciphering should not propagate and cause corruption of further information
in the message.
Principle 4 acknowledges that humans make errors in their use of enciphering algorithms.
One error early in the process should not throw off the entire remaining ciphertext. For
example, dropping one letter in a columnar transposition throws off the entire remaining
encipherment. Unless the receiver can guess where the letter was dropped, the remainder of
the message will be unintelligible. By contrast, reading the wrong row or column for a
polyalphabetic substitution affects only one character and remaining characters are
unaffected.
5. The size of the enciphered text should be no larger than the text of the original
message.

The idea behind principle 5 is that a ciphertext that expands dramatically in size
cannotpossibly carry more information than the plaintext, yet it gives the cryptanalyst more
datafrom which to infer a pattern. Furthermore, a longer ciphertext implies more space for
storage and more time to communicate.

Properties of "Trustworthy" Encryption Systems

Commercial users have several requirements that must be satisfied when they select an
encryption algorithm. Thus, when we say that encryption is "commercial grade," or
"trustworthy," we mean that it meets these constraints:
 It is based on sound mathematics. Good cryptographic algorithms are not just
invented; they are derived from solid principles.
 It has been analyzed by competent experts and found to be sound. Even the best
cryptographic experts can think of only so many possible attacks, and the developers
may become too convinced of the strength of their own algorithm. Thus, a review by
critical outside experts is essential.
 It has stood the atest of time.a As a new algorithm gains popularity, people continue
to review both its mathematical foundations and the way it builds on those
foundations. Although a long period of successful use and analysis is not a guarantee
of a good algorithm, the flaws in many algorithms are discovered relatively soon
after their release.

We can divide all the cryptography algorithms (ciphers) into two groups: symmetric key
cryptography algorithms and asymmetric cryptography algorithms. Figure shows the
taxonomy.
 CRYPTOGRAPHY

SYMMETRIC -KEY ASYMMETRIC-KEY

Fig :Categories of Cryptography

1. Symmetric·Key Cryptography
In symmetric-key cryptography, the same key is used by both parties. The sender uses this
key and an encryption algorithm to encrypt data; the receiver uses the same key and the
corresponding decryption algorithm to decrypt the data.

Fig :Symmetric-key Cryptography

2. Asymmetric-Key Cryptography:
In asymmetric or public-key cryptography, there are two keys: a private key and a public
key. The private key is kept by the receiver. The public key is announced to the public.
Fig 7:Asymmetric-key Cryptography

1.6 PRIVATE KEY CRYPTO SYSTEM

Symmetric encryption (also called private-key encryption or secret-key encryption) involves

using the same key for encryption and decryption.

Encryption involves applying an operation (an algorithm) to the data to be encrypted using
the private key to make them unintelligible. The slightest algorithm (such as an exclusive
OR) can make the system nearly tamper proof (there being so such thing as absolute
security).
However, in the 1940s, Claude Shannon proved that to be completely secure, private-key
systems need to use keys that are at least as long as the message to be encrypted. Moreover,
symmetric encryption requires that a secure channel be used to exchange the key, which
seriously diminishes the usefulness of this kind of encryption system.
The main disadvantage of a secret-key cryptosystem is related to the exchange of keys.
Symmetric encryption is based on the exchange of a secret (keys). The problem of key
distribution therefore arises:
Moreover, a user wanting to communicate with several people while ensuring separate
confidentiality levels has to use as many private keys as there are people. For a group
of N people using a secret-key cryptosystem, it is necessary to distribute a number of keys
equal to N * (N-1) / 2.
In the 1920s, Gilbert Vernam and Joseph Mauborgne developed the One-Time Pad method
(sometimes called "One-Time Password" and abbreviated OTP), based on a randomly
generated private key that is used only once and is then destroyed. During the same period,
the Kremlin and the White House were connected by the famous red telephone, that is, a
telephone where calls were encrypted thanks to a private key according tothe one-time
pad method. The private key was exchanged thanks to the diplomatic bag (playing the role
ofsecure channel).

An important distinction in symmetric cryptographic algorithms is between stream and block

ciphers.
Stream cipher: Stream ciphers convert one symbol of plaintext directly into a symbol of
ciphertext.
Advantages:
 Speed of transformation: algorithms are linear in time and constant in space.
 Low error propogation: an error in encrypting one symbol likely will not affect
subsequent symbols.
Disadvantages:
 Low diffusion: all information of a plaintext symbol is contained in a single ciphertext
symbol.
 Susceptibility to insertions/ modifications: an active interceptor who breaks the
algorithm might insert spurious text that looks authentic.

Block ciphers: It encrypt a group of plaintext symbols as one block.

Advantages:
 High diffusion: information from one plaintext symbol is diffused into several
ciphertext symbols.
 Immunity to tampering: difficult to insert symbols without detection.
Disadvantages:
 Slowness of encryption: an entire block must be accumulated before encryption /
decryption can begin.
 Error propagation: An error in one symbol may corrupt the entire block.
Simple substitution is an example of a stream cipher. Columnar transposition is a block
cipher.

1.7 THE DATA ENCRYPTION STANDARD

The Data Encryption Standard (DES), a system developed for the U.S. government, was
intended for use by the general public. It has been officially accepted as a cryptographic
standard both in the United States and abroad.

The DES algorithm is a careful and complex combination of two fundamental building
blocks of encryption: substitution and transposition. The algorithm derives its strength from
repeated application of these two techniques, one on top of the other, for a total of 16 cycles.
The sheer complexity of tracing a single bit through 16 iterations of substitutions and
transpositions has so far stopped researchers in the public from identifying more than a
handful of general properties of the algorithm. The algorithm begins by encrypting the
plaintext as blocks of 64 bits. The key is 64 bits long, but in fact it can be any 56-bit number.
(The extra 8 bits are often used as check digits and do not affect encryption in normal
implementations.) The user can change the key at will any time there is uncertainty about the
Features: –
Block size = 64 bits
– Key size = 56 bits (in reality, 64 bits, but 8 are used
as parity-check bits for error control, see next slide)
– Number of rounds = 16
– 16 intermediary keys, each 48 bits

key 56 bit

plaintext ciphertext
DES
64 bit 64 bit

Working principle:
64 bit plaintext

Initial permutation
56 bit cipher key

Round 1

Round 2
Round key generation
.
.
.
Round 16

final permutation

The Feistel (F) function

The F-function, depicted in Figure 2, operates on half a block (32 bits) at a time and consists
of four stages:
 Fig: —The Feistel function (F-function) of DES

1. Expansion — the 32-bit half-block is expanded to 48 bits using the expansion

permutation, denoted E in the diagram, by duplicating half of the bits. The output
consists of eight 6-bit (8 * 6 = 48 bits) pieces, each containing a copy of 4
corresponding input bits, plus a copy of the immediately adjacent bit from each of the
input pieces to either side.
2. Key mixing — the result is combined with a subkey using an XOR operation. 16 48-
bit subkeys — one for each round — are derived from the main key using the key
schedule (described below).
3. Substitution — after mixing in the subkey, the block is divided into eight 6-bit pieces
before processing by the S-boxes, orsubstitution boxes. Each of the eight S-boxes
replaces its six input bits with four output bits according to a non-linear
transformation, provided in the form of a lookup table. The S-boxes provide the core
of the security of DES — without them, the cipher would be linear, and trivially
breakable.
4. Permutation — finally, the 32 outputs from the S-boxes are rearranged according to a
fixed permutation, the P-box. This is designed so that, after permutation, each S-box's
output bits are spread across 4 different S boxes in the next round.
The alternation of substitution from the S-boxes, and permutation of bits from the P-box and
E-expansion provides so-called "confusion and diffusion" respectively, a concept identified
by Claude Shannon in the 1940s as a necessary condition for a secure yet practical cipher.
Key schedule

Fig:— The key-schedule of DES

Figure illustrates the key schedule for encryption — the algorithm which generates the
subkeys. Initially, 56 bits of the key are selected from the initial 64 by Permuted Choice
1 (PC-1) — the remaining eight bits are either discarded or used as parity check bits. The 56
bits are then divided into two 28-bit halves; each half is thereafter treated separately. In
successive rounds, both halves are rotated left by one or two bits (specified for each round),
and then 48 subkey bits are selected by Permuted Choice 2 (PC-2) — 24 bits from the left
half, and 24 from the right. The rotations (denoted by "<<<" in the diagram) mean that a
different set of bits is used in each subkey; each bit is used in approximately 14 out of the 16
subkeys.
The key schedule for decryption is similar — the subkeys are in reverse order compared to
encryption. Apart from that change, the process is the same as for encryption. The same 28
bits are passed to all rotation boxes.

Security of the DES

Since its was first announced, DES has been controversial. Many researchers have questioned
the security it provides. Much of this controversy has appeared in the open literature, but
certain DES features have neither been revealed by the designers nor inferred by outside
analysts.
In 1990, Biham and Shamir invented a technique, differential cryptanalysis, that
investigates the change in algorithmic strength when an encryption algorithm is changed in
some way. In 1991 they applied their technique to DES, showing that almost any change to
the algorithm weakens it. Their changes included cutting the number of iterations from 16
to 15, changing the expansion or substitution rule, or altering the order of an iteration. In
each
case, when they weakened the algorithm, Biham and Shamir could break the modified
version. Thus, it seems as if the design of DES is optimal.
However, Diffie and Hellman argued in 1977 that a 56-bit key is too short. In 1977, it was
prohibitive to test all 256 (approximately 1015) keys on then current computers. But they
argued that over time, computers would become more powerful and the DES algorithm
would remain unchanged; eventually, the speed of computers would exceed the strength of
DES. Exactly that has happened. In 1997 researchers using over 3,500 machines in parallel
were able to infer a DES key in four months' work. And in 1998 for approximately $100,000,
researchers built a special "DES cracker" machine that could find a DES key in
approximately four days.
In 1995, the U.S. National Institute of Standards and Technology (NIST, the renamed
NBS) began the search for a new, strong encryption algorithm. The response to that search
has become the Advanced Encryption Standard, or AES.

1.8 The AES Encryption Algorithm

The AES is likely to be the commercial-grade symmetric algorithm of choice for years, if not
decades. Let us look at it more closely.
The AES Contest
In January 1997, NIST called for cryptographers to develop a new encryption system. As
with the call for candidates from which DES was selected, NIST made several important
restrictions. The algorithms had to be
 Unclassified
 publicly disclosed
 available royalty-free for use worldwide
 symmetric block cipher algorithms, for blocks of 128 bits
 usable with key sizes of 128, 192, and 256 bits

AES is based on a design principle known as a substitution-permutation network,

combination of both substitution and permutation, and is fast in both software and hardware.
[9]
Unlike its predecessor DES, AES does not use a Feistel network. AES is a variant of
Rijndael which has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits.
By contrast, the Rijndael specification per se is specified with block and key sizes that may
be any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits.
AES operates on a 4×4 column-major order matrix of bytes, termed the state, although some
versions of Rijndael have a larger block size and have additional columns in the state. Most
AES calculations are done in a special finite field.
The key size used for an AES cipher specifies the number of repetitions of transformation
rounds that convert the input, called the plaintext, into the final output, called the ciphertext.
The number of cycles of repetition are as follows:

 10 cycles of repetition for 128-bit keys.

 12 cycles of repetition for 192-bit keys.
 14 cycles of repetition for 256-bit keys.
Each round consists of several processing steps, each containing four similar but different stages,
including one that depends on the encryption key itself. A set of reverse rounds are applied to
transform ciphertext back into the original plaintext using the same encryption key.

High-level description of the algorithm

1. KeyExpansions—round keys are derived from the cipher key using Rijndael's key
schedule. AES requires a separate 128-bit round key block for each round plus one
more.
2. InitialRound
1. AddRoundKey—each byte of the state is combined with a block of the round
key using bitwise xor.
3. Rounds
1. SubBytes—a non-linear substitution step where each byte is replaced with
another according to a lookup table.
2. ShiftRows—a transposition step where the last three rows of the state are
shifted cyclically a certain number of steps.
3. MixColumns—a mixing operation which operates on the columns of the state,
combining the four bytes in each column.
4. AddRoundKey
4. Final Round (no MixColumns)
1. SubBytes
2. ShiftRows
3. AddRoundKey.
The SubBytes steps

In the SubBytes step, each byte in the state is replaced with its entry in a fixed 8-bit lookup
table, S; bij =S(aij).

In the SubBytes step, each byte in the state matrix is replaced with a SubByte using
an 8-bit substitution box, the Rijndael S-box. This operation provides the non-linearity in the
cipher. The S-box used is derived from the multiplicative inverse over GF(28), known to have
good non-linearity properties. To avoid attacks based on simple algebraic properties, the S-
box is constructed by combining the inverse function with an invertible affine transformation.
The S-box is also chosen to avoid any fixed points (and so is a derangement), i.e.,
, and also any opposite fixed points, i.e., . While
performing the decryption, Inverse SubBytes step is used, which requires first taking
the affine transformation and then finding the multiplicative inverse (just reversing the steps
used in SubBytes step).

The ShiftRows step

In the ShiftRows step, bytes in each row of the state are shifted cyclically to the left. The
number of places each byte is shifted differs for each row.

The ShiftRows step operates on the rows of the state; it cyclically shifts the bytes in each row
by a certain offset. For AES, the first row is left unchanged. Each byte of the second row is
shifted one to the left. Similarly, the third and fourth rows are shifted by offsets of two and
three respectively. For blocks of sizes 128 bits and 192 bits, the shifting pattern is the same.
Row n is shifted left circular by n-1 bytes. In this way, each column of the output state of
the ShiftRows step is composed of bytes from each column of the input state. (Rijndael
variants with a larger block size have slightly different offsets). For a 256-bit block, the first
row is unchanged and the shifting for the second, third and fourth row is 1 byte, 3 bytes and 4
bytes respectively—this change only applies for the Rijndael cipher when used with a 256-bit
block, as AES does not use 256-bit blocks. The importance of this step is to avoid the
columns being linearly independent, in which case, AES degenerates into four independent
block ciphers.
The MixColumns step

In the MixColumns step, each column of the state is multiplied with a fixed polynomial c(x).

In the MixColumns step, the four bytes of each column of the state are combined using an
invertible linear transformation. The MixColumns function takes four bytes as input and
outputs four bytes, where each input byte affects all four output bytes. Together
with ShiftRows, MixColumns provides diffusion in the cipher.
During this operation, each column is multiplied by a fixed matrix:

Matrix multiplication is composed of multiplication and addition of the entries, and here
the multiplication operation can be defined as this: multiplication by 1 means no change,
multiplication by 2 means shifting to the left, and multiplication by 3 means shifting to
the left and then performing XOR with the initial unshifted value. After shifting, a
conditional XOR with 0x1B should be performed if the shifted value is larger than 0xFF.
(These are special cases of the usual multiplication in GF. Addition is simply XOR.
In more general sense, each column is treated as a polynomial over GFand is then
multiplied modulo x4+1 with a fixed polynomial c(x) = 0x03 · x3 + x2 + x + 0x02. The
coefficients are displayed in their hexadecimal equivalent of the binary representation of
bit polynomials from GF(2)[x]. The MixColumns step can also be viewed as a
multiplication by the shown particular MDS matrix in the finite field GF(28). This
process is described further in the article Rijndael mix columns.
The AddRoundKey step

In the AddRoundKey step, each byte of the state is combined with a byte of the round
subkey using the XORoperation (⊕).

In the AddRoundKey step, the subkey is combined with the state. For each round, a
subkey is derived from the main keyusing Rijndael's key schedule; each subkey is the
same size as the state. The subkey is added by combining each byte of the state with the
corresponding byte of the subkey using bitwise XOR.
Optimization of the cipher
On systems with 32-bit or larger words, it is possible to speed up execution of this cipher
by combining the SubBytes andShiftRows steps with the MixColumns step by
transforming them into a sequence of table lookups. This requires four 256-entry 32-bit
tables, and utilizes a total of four kilobytes (4096 bytes) of memory — one kilobyte for
 each table. A round can then be done with 16 table lookups and 12 32-bit exclusive-or
operations, followed by four 32-bit exclusive-or operations in the AddRoundKey steps.
If the resulting four-kilobyte table size is too large for a given target platform, the table
lookup operation can be performed with a single 256-entry 32-bit (i.e. 1 kilobyte) table
by the use of circular rotates.
Using a byte-oriented approach, it is possible to combine the SubBytes, ShiftRows,
and MixColumns steps into a single round operation.

1.9 PUBLIC KEY CRYPTOSYSTEM

Public-key cryptography, also known as asymmetric cryptography, is a class
of cryptographic algorithms which requires two separate keys, one of which
is secret (or private) and one of which is public.
Public-key cryptography is often used to secure electronic communication over an open
networked environment such as the internet. Open networked environments are susceptible to
a variety of communication security problems such as man-in-the-middle attacks and other
security threats. Sending a secure communication means that the communication being sent
must not be readable during transit (preserving confidentiality), the communication must not
be modified during transit (preserving the integrity of the communication) and to
enforce non-repudiation or non-denial of the sending of the communication. Combining
public-key cryptography with an Enveloped Public Key Encryption (EPKE) method, allows
for the secure sending of a communication over an open networked environment.
The distinguishing technique used in public-key cryptography is the use of asymmetric key
algorithms, where the key used to encrypt a message is not the same as the key used
to decrypt it. Each user has a pair of cryptographic keys – a public encryption key and
a private decryption key. Similarly, a key pair used for digital signatures consists of
aprivate signing key and a public verification key. The public key is widely distributed,
while the private key is known only to its proprietor. The keys are related mathematically, but
the parameters are chosen so that calculating the private key from the public key is either
impossible or prohibitively expensive.
In contrast, symmetric-key algorithms – variations of which have been used for thousands of
years – use a single secret key, which must be shared and kept private by both the sender and
the receiver, for both encryption and decryption. To use a symmetric encryption scheme, the
sender and receiver must securely share a key in advance.
Fig : Public Key cryptosystem

1.10 USE OF ENCRYPTION

Encryption has long been used by militaries and governments to facilitate secret
communication. It is now commonly used in protecting information within many kinds of
civilian systems. For example, the Computer Security Institute reported that in 2007, 71% of
companies surveyed utilized encryption for some of their data in transit, and 53% utilized
encryption for some of their data in [Link] can be used to protect data "at rest",
such as files on computers and storage devices (e.g. USB flash drives). In recent years there
have been numerous reports of confidential data such as customers' personal records being
exposed through loss or theft of laptops or backup drives. Encrypting such files at rest helps
protect them should physical security measures fail. Digital rights management systems,
which prevent unauthorized use or reproduction of copyrighted material and protect software
against reverse engineering (see also copy protection), is another somewhat different example
of using encryption on data at rest.
Encryption is also used to protect data in transit, for example data being transferred
via networks (e.g. the Internet, e-commerce), mobile telephones, wireless
microphones,wireless intercom systems, Bluetooth devices and bank automatic teller
machines. There have been numerous reports of data in transit being intercepted in recent
[Link] data in transit also helps to secure it as it is often difficult to physically
secure all access to networks.
Let us look more closely at four applications of encryption: cryptographic hash functions, key
exchange, digital signatures, and certificates.
Message verification
Encryption, by itself, can protect the confidentiality of messages, but other techniques are still
needed to protect the integrity and authenticity of a message; for example, verification of
a message authentication code (MAC) or a digital signature. Standards for cryptographic
software and hardware to perform encryption are widely available, but successfully using
encryption to ensure security may be a challenging problem. A single error in system design
or execution can allow successful attacks. Sometimes an adversary can obtain unencrypted
information without directly undoing the encryption. See, e.g., traffic analysis, TEMPEST,
or Trojan horse.
Digital signature and encryption must be applied to the ciphertext when it is created (typically
on the same device used to compose the message) to avoid tampering; otherwise any node
between the sender and the encryption agent could potentially tamper with it. Encrypting at
the time of creation is only secure if the encryption device itself has not been tampered with.

PSEUDO-RANDOMNESS
Forcryptography, the use of pseudorandom number generators (whether hardware or software
or some combination) is insecure. When random values are required in cryptography, the
goal is to make a message as hard to crack as possible, by eliminating or obscuring the
parameters used to encrypt the message (the key) from the message itself or from the context
in which it is carried. Pseudorandom sequences are deterministic and reproducible; all that is
required in order to discover and reproduce a pseudorandom sequence is the algorithm used
to generate it and the initial seed. So the entire sequence of numbers is only as powerful as
the randomly chosen parts - sometimes the algorithm and the seed, but usually only the seed.
There are many examples in cryptographic history of cyphers, otherwise excellent, in which
random choices were not random enough and security was lost as a direct consequence.
The World War II Japanese PURPLE cypher machine used for diplomatic communications is
a good example. It was consistently broken throughout WWII, mostly because the "key
values" used were insufficiently random. They had patterns, and those patterns made any
intercepted traffic readily decryptable. Had the keys (i.e. the initial settings of the stepping
switches in the machine) been made unpredictably (i.e. randomly), that traffic would have
been much harder to break, and perhaps even secure in practice.
Users and designers of cryptography are strongly cautioned to treat their randomness needs
with the utmost care. Absolutely nothing has changed with the era of computerized
cryptography, except that patterns in pseudorandom data are easier to discover than ever
before. Randomness is, if anything, more important than ever.

HASHING
A cryptographic hash function is a hash function which is considered practically impossible
to invert, that is, to recreate the input data from its hash value alone. These one-way hash
functions have been called "the workhorses of modern cryptography". The input data is often
called the message, and the hash value is often called the message digest or simply the digest.
The ideal cryptographic hash function has four main properties:

 it is easy to compute the hash value for any given message

 it is infeasible to generate a message that has a given hash
 it is infeasible to modify a message without changing the hash
 it is infeasible to find two different messages with the same hash.
Cryptographic hash functions have many information security applications, notably in digital
signatures, message authentication codes (MACs), and other forms of authentication. They
can also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to
detect duplicate data or uniquely identify files, and aschecksums to detect accidental data
corruption. Indeed, in information security contexts, cryptographic hash values are sometimes
called (digital) fingerprints, checksums, or just hash values, even though all these terms stand
for more general functions with rather different properties and purposes.
Most cryptographic hash functions are designed to take a string of any length as input and
produce a fixed-length hash value.
A cryptographic hash function must be able to withstand all known types of cryptanalytic attack.
At a minimum, it must have the following properties:
 Pre-image resistance
Given a hash h it should be difficult to find any message m such that h = hash(m). This
concept is related to that of one-way function. Functions that lack this property are
vulnerable to preimage attacks.
 Second pre-image resistance
Given an input m1 it should be difficult to find another input m2 such
that m1 ≠ m2 and hash(m1) = hash(m2). Functions that lack this property are vulnerable
to second-preimage attacks.
 Collision resistance
It should be difficult to find two different messages m1 and m2 such that hash(m1)
= hash(m2). Such a pair is called a cryptographic hash collision. This property is
sometimes referred to as strong collision resistance. It requires a hash value at least
twice as long as that required for preimage-resistance; otherwise collisions may be
found by a birthday attack.
These properties imply that a malicious adversary cannot replace or modify the input data
without changing its digest. Thus, if two strings have the same digest, one can be very
confident that they are identical.
A function meeting these criteria may still have undesirable properties. Currently popular
cryptographic hash functions are vulnerable to length-extension attacks:
given hash(m)and len(m) but not m, by choosing a suitable m ' an attacker can
calculate hash(m || m ') where || denotes concatenation.[2] This property can be used to break
naive authentication schemes based on hash functions. The HMAC construction works
around these problems.
Ideally, one may wish for even stronger conditions. It should be impossible for an adversary to
find two messages with substantially similar digests; or to infer any useful information about
the data, given only its digest. Therefore, a cryptographic hash function should behave as
much as possible like a random function while still being deterministic and efficiently
computable.
Checksum algorithms, such as CRC32 and other cyclic redundancy checks, are
designed to meet much weaker requirements, and are generally unsuitable as
cryptographic hash functions. For example, a CRC was used for message integrity in
the WEP encryption standard, but an attack was readily discovered which exploited
the linearity of the checksum.