CSC223

Blockchain Technology and Cryptography

SALAU-IBRAHIM, T. T. (PhD)
KULUGH, V. E. (PhD)

DEPARTMENT OF CYBERSECURITY
FACULTY OF COMPUTING
FEDERAL UNIVERSITY OF LAFIA
 Module Four Objectives
Upon completion of this Module, students will be able to:

❖ Understand the foundational concepts of cryptography, including the

importance of confidentiality, integrity, authentication, and non-
repudiation.
❖ Explain the processes of encryption and decryption in both symmetric and
asymmetric cryptographic systems.
❖ Describe how hash functions work and their role in ensuring data integrity.
❖ Understand the purpose and mechanisms of digital signatures.
❖ Identify the principles of public-key cryptography and its practical
applications in cybersecurity.
❖ Recognize common cryptographic algorithms and their use cases.
 Learning Outcome
Upon completion of this Module, students will be able to:

❖ Define key cryptographic terms such as plaintext, ciphertext, encryption,

decryption, and key management.
❖ Differentiate between symmetric and asymmetric encryption, citing
appropriate use cases for each.
❖ Explain the role of cryptographic hash functions and demonstrate how they
provide data integrity.
❖ Illustrate how digital signatures provide authentication, integrity, and non-
repudiation in digital communications.
❖ Analyze the structure and application of public-key cryptographic systems
including RSA and ECC.
❖ Apply basic cryptographic concepts to assess the security of data
transmission and storage scenarios.
 Cryptographic Concepts
▪ Cryptography is the practice and study of techniques for
securing communication and data in the presence of adversarial
attacks. It involves methods to convert readable data
(plaintext) into an unreadable format (cyphertext) and vice
versa to ensure confidentiality, integrity, authentication,
non-repudiation and trust.

▪ A cryptosystem is an implementation of cryptographic

techniques and their accompanying infrastructure to provide
information security services. A cryptosystem is also referred to
as a cipher system. The various components of a basic
cryptosystem are as follows −
 Cryptographic Concepts – cont’d
▪ Plaintext: Original, readable message or data.
▪ Ciphertext: Encrypted message that is unreadable without a key.
▪ Encryption Algorithm: The process of converting plaintext into ciphertext using an algorithm
and a key.
▪ Decryption Algorithm: The reverse process—converting ciphertext back into plaintext using
the appropriate key.
▪ Encryption Key: An encryption key is a string of bits used by an algorithm to convert plain
(readable) data into ciphertext (unreadable form). It ensures that only authorized users can
access the original information.
▪ Decryption Key: A decryption key is used to convert the ciphertext back into its original plain
text. It "undoes" the encryption, allowing the intended recipient to read the message.
▪ Key management is the processes, policies, and mechanisms involved in the generation,
distribution, storage, use, rotation, and destruction of cryptographic keys. It is one of the
most critical components of any secure cryptographic system because the security of the
encryption depends directly on proper key management.
 Cryptographic Concepts – cont’d
Cryptography Vs Cryptanalysis
▪ While cryptography is the science of securing data,
▪ Cryptanalysis is the science of analyzing and breaking
secure communication.
▪ Classical cryptanalysis involves an interesting
combination of:
✓ Analytical reasoning; application of mathematical
tools; pattern finding; patience; determination; and
luck.
▪ Cryptanalysts are also called attackers.
▪ Cryptology embraces both cryptography and
cryptanalysis.
 History of Cryptography

▪ As civilizations evolved, human beings got organized in

tribes, groups, and kingdoms. This led to the emergence
of ideas such as power, battles, supremacy, and politics
▪ These ideas further fueled the natural need of people to
communicate secretly with selective recipients which in
turn ensured the continuous evolution of cryptography
as well.
▪ The roots of cryptography are found in Roman and
Egyptian civilizations.
 History of Cryptography – cont’d
Notable
Age Key Features
Milestones
Communication ▪ Manual ciphers for secrecy in Caesar Cipher,
Age (Ancient to warfare/diplomacy. Vigenère, Enigma
Early 20th ▪ Shifting alphabets, substitution and
Century) transposition of letters, Polyalphabetic
ciphers
Information Age Digital cryptography for data security – used in DES, RSA, AES,
(Mid 20th Century WWII, public key encryption, e-commerce, Shannon's theory
to Early 21st internet security, and software protection.
Century)
Cybersecurity Age Protecting data, systems, and infrastructure TLS, Blockchain,
from advanced cyber threats; Widespread Post-Quantum
integration; regulations and Standardisation Cryptography
 History of Cryptography – cont’d
Hieroglyphs are a system of writing that uses symbols or pictures to represent
objects, concepts, sounds, or syllables. They are most famously associated with
ancient Egyptian writing, though similar forms existed in other ancient cultures
like the Maya.

Hieroglyph
▪ The first known evidence of cryptography can be traced to the use
of ‘hieroglyph’. Some 4000 years ago, the
▪ Egyptians used to communicate by messages written in hieroglyph.
 History of Cryptography – cont’d
Caesar Shift Cipher
▪ Caesar Shift Cipher, relies on shifting the letters of a
message by an agreed number (three was a common
choice),
✓ The recipient of this message would then shift the
letters back by the same number and obtain the
original message.
▪ The Caesar cipher is named after Julius Caesar, who used
it with
✓ A shift of three to protect messages of military
significance.
 History of Cryptography – cont’d
Caesar Shift Cipher

Eencryption Decryption

Federal university Lafia

PLAINTEXT:
CYPHERTEXT: Ihghudp xrlyhuvlwb pdild
 History of Cryptography – cont’d

Kamasutra Cipher
▪ The Kamasutra cipher is one of the earliest known
substitution methods.
▪ It is described in the Kamasutra around 400 BC.
▪ The purpose was to teach women how to hide secret
messages from prying eyes.
 History of Cryptography – cont’d
Kamasutra Cipher
▪ The techniques involves randomly pairing letters of the
alphabet, and then substituting each letter in the
original message with its partner.
UPPER HALF W Z V P O F D E A B R M Y
LOWER HALF N H G X K S I C J U T Q L

The key is the permutation of the alphabet.

PLAINTEXT: Federal University Lafia
CYPHERTEXT: scictjy bwdgctfdrl yjsdj
 Goals of Cryptography and Cryptographic Services
The primary goal of cryptography is to secure critical data in any state,
i.e. in storage, in transit or in processing.

Cryptographic Services
Cryptography provides the following key services to ensure secure
communication and data protection:

Confidentiality
Ensures that information is not disclosed to unauthorized individuals.
Achieved through encryption.

Integrity
Ensures that data has not been tampered with or altered.
Achieved using hash functions and message authentication codes (MACs).
 Goals of Cryptography and Cryptographic Services – cont’d
Authentication
Verifies the identity of users, devices, or systems.
Achieved through digital signatures and authentication protocols.

Non-repudiation
Prevents entities from denying previous actions, such as sending a
message.
Achieved using digital signatures and secure logging.

Access Control
Supports mechanisms that enforce permissions and restrictions.
Often integrated with key management systems and authorization
protocols.
 Challenges of Cryptography
While cryptography is a powerful tool for securing information, it also
presents several challenges, including:

Key management: Cryptography relies on the use of keys, which must

be managed carefully to maintain the security of the communication.

Quantum computing: The development of quantum computing poses a

potential threat to current cryptographic algorithms, which may
become vulnerable to attacks.

Human error: Cryptography is only as strong as its weakest link, and

human error can easily compromise the security of communication.
 Differentiate Between Symmetric and Asymmetric Encryption

Symmetric encryption
These algorithms use the same pre-shared key, sometimes called a secret
key pair, to encrypt and decrypt data. Both the sender and receiver know
the pre-shared key before any encrypted communication begins.
Symmetric algorithms use the same key to encrypt and decrypt the
plaintext on both ends of the process. Encryption algorithms that use a
common key are simpler and need less computational power.
 Examples of Symmetric Encryption Algorithms
# Encryption Description
Algorithm
1 DES (Data Developed by the national Institute of Standards and Technology (NIST), first
Encryption widely used cryptographic algorithms that uses one key for encryption and
Standard) decryption. Is a symmetric block-cipher in which a 64-bit plaintext and 56-bit key
are input to generate a 64-bit ciphertext. The password capacity is 56-bits only,
making it weak, thus the 3DES is proposed.
2 3DES (Tripple Data The 3DES uses 128-bit key. 3DES was designed to overcome the limitations of
Encryption DES. It uses 56-bit - three keys and multiple rounds of encryption, 3DES
Standard) effectively increases the key size and the complexity of the encryption process,
making it much harder to break with brute force attacks.
3 AES (Advanced ▪ Developed by National Institute of Standards and Technology (NIST). Is Block
Encryption Cipher that processes data in fixed-size blocks.
Standard) ▪ The standard block size is 128 bits. AES supports three key sizes: 128 bits, 192
bits, and 256 bits.
▪ The key size determines the number of possible keys and, consequently, the
strength of the encryption.
▪ The encryption process involves a number of transformation rounds:AES-128
uses 10 rounds; AES-192 uses 12 rounds and AES-256 uses 14 rounds.
 Examples of Symmetric Encryption Algorithms
# Encryption Description
Algorithm
4 SM1 ▪ Developed by the Chinese national standards for cryptography.
▪ It is a proprietary encryption standard and, it is used to ensure data security
and integrity within the frameworks defined by Chinese regulations.

5 SM4 ▪ SM4 is a block cipher algorithm that is part of the Chinese National Standard
for Information Security.
▪ It is used for ensuring the confidentiality and integrity of data within China.
Developed by the Chinese State Encryption Management Bureau,
▪ SM4 is also known as the "SMS4" algorithm and is widely used in various
applications, particularly in wireless networks.

6 Blowfish, etc ▪ Blowfish is a symmetric-key block cipher designed in 1993 by Bruce Schneier.
▪ It is known for its simplicity, speed, and strong security.
▪ Unlike some encryption algorithms, Blowfish is unpatented and license-free,
making it a popular choice for a wide range of applications.
▪ Operates on 64-bit blocks of data; key size varies from 32 bits to 448 bits,
providing a flexible range of security levels, uses 16 rounds of encryption.
 problem with Symmetric Key Encryption
Key Management
▪ Symmetric-key systems are simpler and faster; their main drawback is
that the two parties must somehow exchange the key in a secure way and
keep it secure after that.
▪ Key Management is problematic for the parties using the symmetric key
cryptography.
▪ There is concern on how to get the keys safely and securely across to all users
so that the decryption of the message would be possible.
✓ This makes the key vulnerable to third parties to interception as the keys
transit to decode the top-secret messages.
▪ Thus, if the key is compromised, the entire coding system is compromised and
a “Secret” would no longer remain a “Secret”.
✓ This is why the “Public Key Cryptography” came into existence.
 Asymmetric or Public Key Encryption
▪ Public Key Cryptography is a very advanced form of cryptography.
▪ Officially, it was invented by Whitfield Diffie and Martin Hellman in 1975.
▪ The basic technique of public key cryptography was first discovered in 1973 by the British Clifford Cocks
of Communications-Electronics Security Group (CESG) of (Government Communications Headquarters -
GCHQ) but this was a secret until 1997.

▪ Asymmetric encryption algorithms use one key to encrypt data and a different key to decrypt
data. One key is public, and the other is private.

▪ In a public-key encryption system, any person can encrypt a message using the public key of
the receiver, and the receiver is the only one that can decrypt it using their private key.

▪ Parties exchange secure messages without needing a pre-shared key. Asymmetric algorithms
are more complex, resource intensive and slower to execute.
 How Asymmetric Encryption Works

Step 1
Step 3
✓ Two employees at FULafia,
✓ Alice mails the box to
Bob and Alice, exchange a
Bob and, as the box
confidential message using public Step 2
travels through the mail
key encryption. They use an ✓ When Alice receives the
system, no one can open
asymmetric algorithm. padlock, she writes her
it. When Bob receives the
secret message and puts it
box, he can use his key to
✓ With this exchange, Bob and in a small box. She also
unlock the box and
Alice do not exchange keys prior puts her open padlock in
retrieve the message from
to sending secret messages. the box but keeps her key.
Alice.
Instead, they each have a She then locks the box with
✓ To send a secure reply,
separate padlock with separate Bob’s padlock. When
Bob puts his secret
corresponding keys. For Alice to Alice locks the box, she is
message in the box, along
send a secret message to Bob, no longer able to get inside
with his open padlock, and
she must first contact him and because she does not have
locks the box using Alice’s
ask him to send his open padlock a key to that padlock.
padlock. Bob mails the
to her. Bob sends the padlock but
secured box back to Alice
keeps his key.
 Differentiate Between Symmetric and Asymmetric Encryption
Key Generation Public Key Sharing
Private Key Security
•A user or system The public key is shared
generates a key pair: openly and widely. It can ▪ The private key is
one public key and one be: kept secret.
private key. ▪ Sent via email ▪ Only the owner of the
▪ Published on a key pair should have
•The keys are website access to it.
mathematically related: ▪ Stored in a public ▪ It's typically stored in
key server (like for secure hardware (e.g.,
what one encrypts, the
PGP – Pretty Good HSM, smart cards) or
other can decrypt.
privacy) software with
• E.g., if you encrypt
Since the public key can't encryption.
with the public key,
decrypt data it encrypted,
only the private key sharing it doesn’t
can decrypt it (and compromise security.
vice versa).
 Use Cases of Public Key Encryption

▪ Encryption (Confidentiality)
✓ Sender encrypts a message using the recipient’s public key.
✓ Recipient decrypts it with their private key.
✓ Ensures that only the intended recipient can read the
message.

▪ Digital Signatures (Authentication & Integrity)

✓ Sender signs a message using their private key.
✓ Receiver verifies the signature using the sender’s public key.
✓ Confirms that the message:
• Came from the sender (authenticity)
• Was not tampered with (integrity)
 Examples of Public Key Encryption
# Encryption Description
Algorithm
1 DH (Diffie- ▪ Proposed by Whitfield Diffie and Martin Hellman in 1976.
Helman) ▪ The Diffie-Hellman key exchange is a method of securely exchanging
cryptographic keys over a public channel.
▪ It was one of the first practical implementations of public-key
exchange.
▪ The security of Diffie-Hellman relies on the difficulty of solving the
discrete logarithm problem, which is computationally hard.
▪ Diffie-Hellman is vulnerable to man-in-the-middle attacks if the
exchanged keys are not authenticated. Using digital signatures or a
public key infrastructure (PKI) can mitigate this risk.
2 RSA ▪ Named after its inventors - Ron Rivest, Adi Shamir and Leonard
Adleman (Rivest-Shamir-Adleman).
▪ It derives its security from the difficulty in factorizing large integers
that are the products of large prime numbers.
▪ Capable of implementing both digital signatures and
encryption/decryption
 Examples of Public Key Encryption – cont’d

# Encryption Description
Algorithm
3 Elliptic Curve This is a type of asymmetric encryption that uses
Cryptography mathematical properties of elliptic curves, considered more
(ECC): secure and efficient than RSA

4 Pretty Good This is a hybrid encryption algorithm, combining symmetric

Privacy (PGP) and asymmetric encryption together. It is used for secure
communication and data protection

5 DSA Digital signature algorithm, also called digital signature

standard (DSS), capable of implementing only digital
signatures.
 The Role of Cryptographic Hash Functions and Demonstrate
▪ A cryptographic hash function is a hash function that takes an arbitrary block
of data and returns a fixed-size bit string - the cryptographic hash value, such
that any (accidental or intentional) change to the data will (with very high
probability) change the hash value.
▪ The data to be encoded are often called the message, and the hash value is
sometimes called the message digest or simply digest.'

▪ Input: The input data can be of

Hashing is widely used in any length and form (e.g., a
various areas of string, file, or binary data).
computing, including:
▪ data integrity ▪ Hash Function: The input data
is processed through a hash
verification,
function, which applies a series of
▪ password storage, and mathematical operations.
▪ digital signatures.
▪ Output: The output is a fixed-
size hash value, regardless of the
size of the input data.
 Hashing Properties
▪ Deterministic: The same input always produces the same hash value.
▪ Fixed Output Size: Regardless of the size of the input data, the hash value has
a fixed length.

▪ Efficient Computation: Hash functions are designed to be computed quickly.

▪ Pre-image Resistance: It should be computationally infeasible to reverse-

engineer the original input from its hash value.

▪ Collision Resistance: It should be computationally infeasible to find two

different inputs that produce the same hash value.

▪ Avalanche Effect: A small change in the input should produce a significantly

different hash value.
 Hashing Algorithms
▪ MD5 (Message Digest Algorithm 5): Produces a 128-bit hash value. It is
now considered cryptographically broken and unsuitable for further use.

▪ SHA-1 (Secure Hash Algorithm 1): Produces a 160-bit hash value. Like
MD5, it is also considered weak against collision attacks.

▪ SHA-256 (Secure Hash Algorithm 256-bit): Part of the SHA-2 family, it

produces a 256-bit hash value and is widely used for its strong security
properties.

▪ SHA-3: The latest member of the Secure Hash Algorithm family, designed to
provide additional security.
 Hashing Passwords

User Account Registration

User Create The system hashes Stored hash values

Account the password and for password:
stores the hash in a 3d0(mk$ +
database 7klp{}\2#)

User Account Authentication

If the hashes match, the

User Log in with System Compares the system grants the user
user name and hash of the password access. If hashes did not
password entered by user to the match, system denies
stored hash access
 Salting

❖ Salting is the process of adding a unique, random value (called a salt) to

a password before hashing it.

❖ It ensures that identical passwords produce different hash outputs,

preventing attackers from using precomputed tables like rainbow
tables.

❖ Salting strengthens password storage by making brute-force and

dictionary attacks less effective.

▪If two users have the same password, they will also have the same
password hashes.
 Salting – cont’d

▪A salt, which is a random string of characters, is an additional

input added to the password before hashing.

▪This creates a different hash result even when the two passwords
are identical, as shown here.

▪Then, the database stores both the hash and the salt. The same
password generates a different hash for different users, because the
salt in each instance is different.
 Salting Implementation

A cryptographically secure pseudo-random number generator (CSPRNG) is

the best way to generate salt.

CSPRNGs generate a random number that has a high level of randomness

and is completely unpredictable, so it is cryptographically secure.

The following processes will help ensure successful implementation of

salting:
▪ The salt needs to be unique for every user password.
▪ Never reuse a salt.
▪ The length of the salt should match the length of the hash function’s
output.
▪ Always hash on the server, in a web application.
 Salting Implementation

To store password To Validate Password

▪ Retrieve a user’s salt and hash from the
▪ Use CSPRNG to generate a long,
database.
random salt.
▪ Add the salt to the password and hash
▪ Add the salt to the beginning of
it with the same hash function.
the password.
▪ Compare the hash of the password just
▪ Hash it with SHA-256, a standard
submitted by the user trying to log-in to
cryptographic hash function.
the one stored in the database.
▪ Save the salt and the hash in the
▪ If the hashes do not match, the
user’s database record
password the user has just tried to log
in with is incorrect.
 Purpose and Mechanisms of Digital Signatures
▪A digital signature is an electronic equivalent of a traditional handwritten
signature.

▪It uses cryptography to verify the authenticity of digital messages,

documents and software.

▪Digital signatures ensure that the sender of a message is genuine and the
content has not been tampered with during transmission. They are used to
prevent:

▪Forgery – stop authorised users from impersonating the sender

▪Tampering – detection of alterations on the signed communication/data
▪Repudiation – They prevent the sender from denying they sent or signed
the message.
 Mechanisms of Digital Signatures
Digital signatures use a pair of keys: a private key and a public key. The
private key is used to sign the document while the public key is used to
verify the signature. The process works as follows:

▪ A hash function (e.g. SHA-256) is applied to the document to create a

unique digital footprint.

▪ The private key is used to encrypt the digital fingerprint, creating a

digital signature

▪ The digital signature is sent along with the documents to the recipient.

▪ The recipient uses the public key to decrypt the digital signature and
verify its authenticity by comparing the hash values.
 Digital Certificates
▪Digital certificate also known as X.509 certificate is an electronic document
that uses public key infrastructure (PKI) to verify the identity of a user,
device, or an organization.

▪It contains the public key and the other information, such as the name,
address, and expiration date of the certificate holder.

▪Digital certificates are issued by a trusted certificate authority known as CA

after verifying the identity of the applicant.

▪Digital certificates are used to establish secure connections, such as HTTPS,

and to authenticate the identity of individuals, organizations and devices.

▪They ensure that users are communicating with the intended party and not
an imposter.
 Benefits of Signatures and Digital Certificates

Integrity: Ensuring that data Authentication: identity

has not been compromised verification of individuals,
during transmission organizations and devices

Non – repudiation: Confidentiality: Protects

prevents senders from sensitive information from
denying their actions unauthorized access.
 Applications of Digital Signatures and Certificates

Digital signatures and digital certificates applications include:

❑Secure online transactions: verifies the authenticity of digital

payments and transactions

❑Digital documents: signing and verification of electronic

contracts, agreements and documents

❑Email security: authenticating the senders identity and ensuring

the integrity of email contents

❑Virtual private networks: establishing secure connections and

authenticating users.
 Applications of Digital Signatures and Certificates - TLS And SSL
Transport Layer Security (TLS) and its predecessor Secure
Sockets Layer (SSL) are both cryptographic protocols that secure
communication between a website and its users. Here is how TLS/SSL
secures a website.

▪Encryption: TLS/SSL encrypts the data exchanged between the

websites and its users by making it unreadable to unauthorized parties.
This ensures that sensitive information such as passwords, credit card
numbers and personal data remains confidential.

▪Authentication: It verifies the identity of the websites ensuring that

users are communicating with the intended site and not an impostor.
This is achieved through digital certificates issued by trusted
Certificates Authorities (CA).
Applications of Digital Signatures and Certificates - TLS And SSL – cont’d
▪Key Exchange: TLS/SSL establishes a secure key exchange
between the website and its users enabling them to share a secret key
without actually exchanging it. This secrete key is used for both
encryption and decryption.

▪Trust: TLS/SSL establishes a trust relationship between the website

and its users by ensuring that the website is genuine and not a fake or
malicious site.

▪Integrity: TLS/SSL ensures that the data exchanged between the

website and its users is not tampered with or altered during
transmission.
 Applications of Digital Signatures and Certificates - TLS/SSL Handshake

The browser Key Exchange

The user’s Server Hello verifies the The browser
browser website’s digital The browser and website
initiates a The website and website
certificate uses the shared
connection to responds with negotiate a
ensuring it is secrete key to
the website its own hello shared secret
issued by a encrypt and
and sends a message along key using
trusted CA and decrypt the
hello message with its digital selected
has not expired communication
certificates and cipher suite
a list of
supported Encryption
Client Hello Certificate
cipher suites Verification
 Cryptographic Algorithms and their Use Cases

# Category Algorithm Use Cases

1 AES (Advanced Secure data encryption (e.g., file,
Encryption disk, VPN encryption)
Standard)
2 3DES (Triple DES) Legacy systems requiring
encryption
3 Symmetric Blowfish Fast encryption for embedded
Encryption systems
4 RC4 (now obsolete) Formerly used in SSL/TLS (now
discouraged due to vulnerabilities)
5 ChaCha20 Secure encryption in mobile
devices and TLS (e.g., Google
apps)
 Cryptographic Algorithms and their Use Cases

# Category Algorithm Use Cases

1 Secure key exchange, digital

RSA
signatures, SSL/TLS
2 Asymmetric ECC (Elliptic Curve Lightweight encryption for mobile,
Encryption Cryptography) IoT, digital signatures
3 Encrypted communications and
ElGamal
digital signatures
 Cryptographic Algorithms and their Use Cases

# Category Algorithm Use Cases

1 SHA-256 (part of Data integrity verification,
SHA-2) blockchain, digital signatures
2 Enhanced hashing for post-
SHA-3
quantum resistance
3 Hashing Checksums (not secure for
MD5
cryptographic use)
4 Legacy systems (deprecated due to
SHA-1
vulnerabilities)
 Cryptographic Algorithms and their Use Cases

# Category Algorithm Use Cases

1 HMAC (Hash-based Verifying message integrity and

Message authenticity
Authentication
Message
Code)
Authentication

2 CMAC (Cipher-based Secure authentication using block

MAC) ciphers
 Cryptographic Algorithms and their Use Cases

# Category Algorithm Use Cases

1 DSA (Digital Signing digital documents and
Signature messages
Algorithm)
Digital
2 Signature RSA Digital Email signing, software distribution
Signature

3 ECDSA (Elliptic Mobile and resource-constrained

Curve DSA) signature verification
 Cryptographic Algorithms and their Use Cases

# Category Algorithm Use Cases

1 Key Exchange Diffie-Hellman (DH) Secure key exchange over public

networks

2 ECDH (Elliptic Lightweight secure key exchange

Curve DH) for mobile and IoT devices
Mitigation Strategies for Chain Threats in CIIs – cont’d

Thank you for your attention.