Cryptography In The Digital Era
What will we eat in 30 years?
This article covers different cryptographic techniques that ensure data confidentiality, integrity and availability.
1.1 Computer Security
Computer Security refers to the security of a computer system and important information from unauthorized access and
Three main objectives of Computer Security are as follows:
It ensures that unauthorized persons are not able to access important and private information. The two main concerns
in this process is secrecy and privacy.
Privacy ensures that an individual’s information will be disclosed to only those to whom the individual has
given the specific access to obtain that information.
The technique used for this purpose is Encryption. Let's take a basic example to get to know about Encryption.
Suppose you have the word “Hello”, the technique used is that you replace every character of the word
with some character, in this way the information you want to transmit to the other end becomes meaningless and any
intruder cannot access the information. The receiver will use the same technique to replace those characters with
the original character in this way the information again becomes accessible.
It ensures that data can only be modified by authorized individuals and those who don’t have access will not
be able to modify the data.
The technique used for this purpose is hashing. There are multiple hash calculators available.
For example Microsoft File Checksum Integrity Verifier uses two hashing algorithms, md5 and sha1. Using this hash
calculator, the hash code of the information is created and the receiver end will match the hash code of the file
on his end with the original hash code, in order to make sure that the integrity of data has been maintained.
The main objective of this is so that the data remains available all the time when it is needed. The service is denied
to those who have authorized access.
There are multiple reasons that affect the availability of data, one of them is the DOS attack. That makes the service
to be denied for authorized users.
These three objectives are referred to as CIA Triad (Confidentiality, Integrity, Availability).
Classical Encryption Techniques
2.1 Basic Terms and Terminologies
The meaningful information that is to be processed to make it secure is called plain text.
The coded message that is meaningless is called cipher text.
The process of converting the meaningful information into a meaningless coded message is called encryption or enciphering.
The process of retrieving the plain text in the form of meaningful information from meaningless ciphertext is called
decryption or deciphering.
The area that focuses on these encryption and decryption scenarios is called Cryptography and such a system is called
2.2 Requirements for Secure Encryption
Strong Encryption Algorithm
The first requirement for a secure encryption algorithm is that the algorithm we have chosen for encryption should
be strong enough so that if any intruder or attacker who even knows the encryption algorithm or has access to one
of ciphertexts wouldn’t be able to figure out the key and not be able to decrypt the ciphertext.
It is necessary for the sender and the receiver to have the copies of the secret key in a protected way so that it
remains private in between both the individuals. If somehow a third party knows about the secret key then the information
won’t remain confidential.
2.3 Cryptographic Systems
Cryptographic Systems are divided into three main regions,
2.3.1 Nature of Operations used
Each encryption the algorithm is based upon two methods, substitution and transposition. In substitution , the mapping
of elements in such a way that each element in plaintext is substituted to another element whereas in the case of
transposition, the plaintext elements are rearranged with each other.
2.3.2 Number of Keys
If both the parties use the same key for encryption and decryption process, then it is called symmetric, single key
or conventional encryption. If both parties use different keys for encryption and decryption process then it is called
asymmetric, or public-key encryption.
2.3.3 Way of Processing Plaintext
There are two methods for processing plaintext. One is a block cipher in which the plaintext is processed block by
block and the other one is a stream cipher where the text is processed bit by bit.
2.3 Symmetric Ciphers
Symmetric Ciphers are a form of cryptosystems where encryption-decryption is done based on the same key and it is
also known as Single Key Cryptography. It is a conventional cryptosystem which is used in Data Encryption Standard(DES)
and Advance Encryption Standard(AES).
2.4 Substitution Techniques
2.4.1 Caesar Cipher
This is the most common and simplest kind of substitution cipher in which each letter of the alphabet is replaced
with some other letter with fixed positions down the alphabet. For example, with a shift of +3, the letter D will
be replaced with G.
Where x is the letter and n is the number of places to shift.
2.4.2 Monoalphabetic Cipher
A monoalphabetic cipher is a type of substitution cipher where each letter of the alphabet is replaced with some other
letter. In this technique there are 26! Possible keys.
For example, if we substitute a letter “a” with a letter with “D” so when we have the letter
“a” in our message then we are going to replace it with “D”
2.4.3 Frequency Analysis
This technique is used to study the frequency of letters in a cipher text in order to retrieve the plain text.
All English alphabets have varying occurrences thus having varying frequencies. Having the knowledge of the frequency
of these English alphabets, if the encryption algorithm is not fully applied then it is able to figure out the plain
text by just looking at the ciphertext.
Below is the frequency distribution of English alphabets:
2.4.4 Affine Cipher
A type of monoalphabetic cipher in which each letter of the corresponding alphabet is replaced to a numeric equivalent
which is encrypted through a mathematical formula. In this way, a letter can be encrypted and can be converted to
that letter during decryption.
This whole method works on module m. The key of affine cipher contains two numbers, consider them as “a”
and “b”. Suppose 26 letters are placed in an array and their indexes are given as follows which will
be used for encryption and decryption.
E(x) = (ax+b) mod m
Where a & b are the key to the cipher and “a” and “m” must be coprime.
D(x) = a
-1 (x-b) mod m
-1 is the multiplicative inverse of a modulo m.
A polyalphabetic cipher is a type of substitution cipher that uses multiple alphabets substitution. There are multiple
Polyalphabetic Ciphers which are as follows,
- Vigenere Cipher
- AutoKey Cipher
2.5.1 Vigenere Cipher
It uses a 26*26 table of alphabets where each alphabet is cyclically shifted to the left. This table is also known
as Vigenere Table. It also uses a keyword, that is repeated in such a way that it get equals to that of the plaintext
to form the key.
Suppose we have a keyword “STUDENT” and plaintext is BEGINNERS GUIDE TO CYBERSECURITY
Vigenere Table (fig)
2.5.2 Auto Key Cipher
AutoKey Cipher is similar to vigenere cipher, the difference is that instead of repeating the keyword to match the
length of the plaintext, the keyword is prefixed to the plaintext and not repeated.
Taking the previous example,
Cryptanalysis deals with the study of cryptosystems, ciphers and ciphertexts with the objective of getting knowledge
about the functioning of the specific cryptosystem and finding the ways the cryptosystem can break and how the security
can be compromised.
For example, a cryptanalyst tries to break the ciphertext without knowing which encryption algorithm has been used,
and what's the plain text and the key used for enciphering the plaintext.
3.2 Classification of Cryptanalysis Attacks
Depending upon the knowledge of the cryptanalyst and the information he has about the ciphertext, there are multiple
cryptanalysis attacks and techniques which are as follows:
3.2.1 Ciphertext-only Attack
In this attack, the attacker can obtain only one or more encrypted message, but he doesn’t know anything about
the underlying encryption algorithm, plaintext and the key is used for encrypting the message.
3.2.2 Known Plaintext Attack
In this attack, the attacker has access to some or part of the plaintext and the only thing the attacker has to do
is to figure out the key that was used to encrypt the message.
Once the attacker figures out the key , then he can decrypt all the messages and information will be compromised.
3.2.3 Chosen Plaintext Attack
In this attack, the attacker has knowledge about the encryption algorithm being used for the encryption process and
in this way the attacker can use this algorithm to encrypt the chosen plaintext to figure out the key used in encrypting
3.2.4 Man-in-the-middle Attack
In this the attack, the attacker somehow finds a way of getting in between the communication the channel between two
parties who uses public-key cryptography to exchange keys with each other in a secure way. The attacker sends exchanged
key to both of the parties and the parties consider it as an original key.In the end, both parties use keys specified
by the attacker.
Block Ciphers and Data Encryption Standards
A block cipher uses a technique in which a block of plaintext is taken and then it produces a ciphertext of equal
length of that of the block. Usually, the available block sizes are 64 bit and 128 bit.
4.1 Feistel Cipher Structure
To implement block ciphers, a structure is used that is known as Feistel Cipher Structure. It can have reversible,
irreversible, and self-reversible components in its structure.
Different keys are used for each round but matching keys are used for the encryption and decryption process.
- The input block of plaintext is divided into two halves which are represented as Left half(L) and right half( R).
- In every round, the right half remains as it is whereas the left half depends on the right half and an encrypting
- Instead of using the same encryption key in each round, a different key is used in each round. These subkeys are
somehow related to the original key.
- At the end of this step , the permutation is applied which permutes the L and R in such a way that R of previous
round that is unmodified would be the L of the next round and output of L of previous would be the R of next round.
- Once all the rounds are completed, the result of L and R block are concatenated to form the Ciphertext block.
4.2 Data Encryption Standard(DES)
Implementation of Feistel Structure is found in Data Encryption Standard(DES). It consists of 16 rounds having a block
size of 64 bits. It has an effective key length of 56 bits and 8 of the 64 bits are parity bits hence they are not
used for encryption purposes.
DES algorithm works on 64 bits of the input block. These 64 bits are then grouped to two halves, a right half and
left half, having 32 bits each. Similar operations are performed on 16 rounds having 16 different keys for each round
The function f takes input R of 32 bits and key of 48 bits. These are passed through an expansion box E which expands
the bits from 32 to 48. These expanded bits are then XORed with the 48-bit key. The result of this operation acts
as an input for the Substitution process. It contains 8 S-boxes which can take input of 6 bits and produce an output
of 4 bit and in total, we have 32 substituted bits and these 32 bits are then permuted by the P-box. Ther result
of the P-box is XORed with L to get the final of function f.
Basic Concepts in Number Theory and Finite Fields
5.1 Modular Arithmetic
If we have an integer “a” and positive integer “b” then “a mod b” is termed as
the remainder when a is divided by b.
12 mod 5 =2
The process of performing arithmetic operations using ( mod n ) operator is known as Modular Arithmetic.
5.2 Euclidean Algorithm
For a process of finding the greatest common divisor of two positive integers, a technique is used which is known
as the Euclidean Algorithm. It is based on the following two facts,
Gcd(x,y)=gcd(y,r) where is the mod of x and y
5.3 Extended Euclidean Algorithm
It is an extension of the Euclidean Algorithm that in addition to calculating the greatest common divisor also calculates
two additional integers x and y to be used in the equation.
Public Key Cryptography and RSA
6.1 Asymmetric Encryption
It is a form of cryptosystem in which encryption and decryption are performed using different keys. Either of the
processes can use a public key and the other uses a private key, also called public-key encryption.
During the encryption process, it uses either of the two keys and an encryption algorithm. During the decryption process,
it uses the paired key and decryption algorithm to retrieve the plaintext.
It is to ensure confidentiality and authenticity. The most common cryptosystem is RSA.
6.2 Necessary Steps for Public Key Cryptography
Following are the necessary steps that are required for public-key cryptography,
- For encryption and decryption process, every user produces a pair of keys.
- One of the keys is placed publicly that remains accessible whereas the other key is kept private.
- If user A wants to send a secret message to user B, then the public key of User B is used by the user A for the encryption
- Using the private key of the user B, the message is retrieved by user B, and because user B has the private key so
no other recipient is able to decrypt that message.
6.3 RSA Algorithm
This algorithm is used to encrypt a message without exchanging the secret key separately.
The following steps required to perform RSA Algorithm,
Step 1:RSA Modulus Generation
This process starts by selecting two prime numbers named as p and q.After that their product is calculated
Step 2:Derived Number
Condition is applied that (p-1) and (q-1) will have no common factor. The derived number will be less than (p-1),(q-1)
and greater than 1.
Step 3: Public Key
RSA public key is formed by the specific pair of e and n and it is made public.
Step 4: Private Key
The private key is calculated from the following formula,
Cipher Text C=M
e mod n
Plaintext M = C
d mod n
Key Management and Distribution
7.1 Key Distribution
This process is to ensure the successful delivery of a key between two parties who want to exchange encrypted data.
For the secure distribution of data, protocols need to be followed.
7.2 Distribution of Public Keys
Techniques used for public key distribution are as follows:
- Public Announcement
- Publicly Available Directory
- Public-key Authority
- Public-key Certificates
7.2.1 Public Announcement
As we are discussing public key encryption, then it needs a key that can be broadcasted in such a way that is publicly
available in the a community such as in RSA algorithm when user A can use the public key of user B to encrypt a message.
But it also has some weakness, suppose there is an intruder who pretends to be user A and broadcast a public key.
The intruder will be able to read the messages until that real user A makes alert other users.
7.2.2 Publicly Available Directory
To ensure the security of public keys such that no intruder can pretend to be some user A, there can be a public organization
also known as a dynamic directory which will make sure the organization remains secure and trusted.
It has the following objectives,
- The record of each participant is maintained in the directory by the authority.
- Every participant has to use a secured communication medium to register his public key with the authority.
- A participant has the option to change the public key at any time in the directory. There can be multiple reasons
for this like the old public key has been used for many large amounts of data or the private key that is associated
with the public key has been compromised.
7.2.3 Public-key Authority
For secured public key distribution, there should be some protocols be followed for the protected distribution of
public keys from the directory. Every participant is aware of a public key for the authority and only authority has
access to the associated private key.
7.2.4 Public-key Certificates
In this approach, parties can use certificates for exchanging public-key without the involvement of authority and
it is as secure as the keys were given by the public-key authority.
A certificate consists of three main components, a public key, to keep a record of the owner an the identifier is
used and a block on which third party has signed.
It has the following objectives,
- To check the public key of certificate’s owner and name, every participant can have the access to read the
- Each user has the option to check the originality of the certificate issued by the certificate authority.
- Modification can be made only by the certificate authority.
Information Security involves preventing or at least reducing the probability of unauthorized/inappropriate access
to data, or the unlawful use,
, disruption, deletion, corruption, modification, inspection, recording or devaluation of information.