Cryptography

INTRODUCTION

Cryptography is the science of devising methods that allow information to be sent in secure form in such a way that the only person able to retrieve this information is the intended recipient.



CRYPTOGRAPHY









Process of Encryption & decryption


A message being sent is known as Plain text. The message is coded using a cryptographic algorithm. This process is called Encryption. An encrypted message is known as cipher text and is turned back into plain text by the process of decryption.

SYMMETRIC CRYPTOGRAPHY

Symmetric algorithms have one key that is used both to encrypt and decrypt the message, hence the name. Now what is a key?

KEY: - Key is a value that causes a cryptographic algorithm to run in a specific manner and produce a specific cipher text as an output. Size of key is usually measured in bits. The bigger the key size, the more secure will be the algorithm.

In symmetric cryptography, the two parties that exchange messages use the same algorithm. Only the key is changed from time to time. The same plain text with a different key results in a different cipher text. The encryption algorithm is available to the public. Hence should be strong and well-tested. The more powerful algorithm is the less likely that an attacker will be able to decrypt the resulting cipher.
Symmetric cryptography provides a means of satisfying the requirements of message content security, because the content can’t be read without the secret key. There remains a risk of exposure, because neither party can be sure that the other party has not exposed the secret key to a third party.


Key Management

A major difficulty with symmetric schemes is that the secret key has to be possessed by both parties, and hence has to be transmitted from whoever creates it to the other party. Moreover, if the key is compromised, all of the message transmission security majors are undermined. The steps taken to provide a secure mechanism for creating and passing on the secret key are referred to as key management.




The algorithm used for symmetric cryptography is Data Encryption Standard (DES), which came about due to requests for the following criteria:

• Provides a high level of security
• The security depends on keys, not the secrecy of the algorithm
• The security is capable of being evaluated
• The algorithm is completely specified and easy to understand
• It is efficient to use and adaptable
• Must be available to all users
• Must be exportable

Data Encryption Algorithm
DEA is a symmetric, block-cipher algorithm with a key length of 64-bis, and a block size of 64-bits. DEA has 16 rounds, meaning the main algorithm is repeated 16 times to produce the cipher text. It has been found that the number of rounds is exponentially proportional to the amount of time required to find a key using a brute-force attack. So as the number of rounds increases, the security of the algorithm increases exponentially.


How DES Works in Detail
DES is a block cipher--meaning it operates on plaintext blocks of a given size (64-bits) and returns cipher text blocks of the same size. Thus DES results in a permutation among the 2^64 (read this as: "2 to the 64th power") possible arrangements of 64 bits, each of which may be either 0 or 1. Each block of 64 bits is divided into two blocks of 32 bits each, a left half block L and a right half R. (This division is only used in certain operations.)
Example: Let M be the plain text message M = 0123456789ABCDEF, where M is in hexadecimal (base 16) format. Rewriting M in binary format, we get the 64-bit block of text:
M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
L = 0000 0001 0010 0011 0100 0101 0110 0111
R = 1000 1001 1010 1011 1100 1101 1110 1111
The first bit of M is "0". The last bit is "1". We read from left to right.
DES operates on the 64-bit blocks using key sizes of 56- bits. The keys are actually stored as being 64 bits long, but every 8th bit in the key is not used (i.e. bits numbered 8, 16, 24, 32, 40, 48, 56, and 64). However, we will nevertheless number the bits from 1 to 64, going left to right, in the following calculations. But, as you will see, the eight bits just mentioned get eliminated when we create subkeys.
Example: Let K be the hexadecimal key K = 133457799BBCDFF1. This gives us as the binary key (setting 1 = 0001, 3 = 0011, etc., and grouping together every eight bits, of which the last one in each group will be unused):
K = 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001
The DES algorithm uses the following steps:
Create 16 sub keys, each of which is 48-bits long.
The 64-bit key is permuted according to the following table, PC-1. Since the first entry in the table is "57", this means that the 57th bit of the original key K becomes the first bit of the permuted key K+. The 49th bit of the original key becomes the second bit of the permuted key. The 4th bit of the original key is the last bit of the permuted key. Note only 56 bits of the original key appear in the permuted key.


PC-1

57 49 41 33 25 17 9
1 58 50 42 34 26 18
10 2 59 51 43 35 27
19 11 3 60 52 44 36
63 55 47 39 31 23 15
7 62 54 46 38 30 22
14 6 61 53 45 37 29
21 13 5 28 20 12 4

Example: From the original 64-bit key
K = 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001
We get the 56-bit permutation
K+ = 1111000 0110011 0010101 0101111 0101010 1011001 1001111 0001111
Next, split this key into left and right halves, C0 and D0, where each half has 28 bits.
Example: From the permuted key K+, we get
C0 = 1111000 0110011 0010101 0101111
D0 = 0101010 1011001 1001111 0001111
With C0 and D0 defined, we now create sixteen blocks Cn and Dn, 1<=n<=16. Each pair of blocks Cn and Dn is formed from the previous pair Cn-1 and Dn-1, respectively, for n = 1, 2, ..., 16, using the following schedule of "left shifts" of the previous block. To do a left shift, move each bit one place to the left, except for the first bit, which is cycled to the end of the block.



Asymmetric Key Cryptography

Key

It's easiest to think of keys in a conceptual way. First, visualize a cipher as a machine. To run the machine, you need to stick a key in it. You can stuff plaintext in one side and get cipher-text out the other side. You can run the cipher in reverse to convert cipher-text to plaintext.

Cipher

To protect your information from curious eyes, you need to take extra precautions. A common way to protect information is to encrypt it at the sending end and decrypt it at the receiving end. Encryption is the process of taking data, called plaintext, and mathematically transforming it into an unreadable mess, called cipher-text. Decryption takes the cipher-text and transforms it back into plaintext.








Asymmetric Ciphers

• The shortcomings of symmetric ciphers are addressed by asymmetric ciphers, also called public key ciphers.
• These ciphers actually involve a public key, which can be freely distributed, and a private key, which is secret.
• These keys are always generated in matching pairs.
• Public keys really are public; you can publish them in a newspaper or write them in the sky.
• No one can violate your privacy or impersonate you without your private key.
• The mechanism for distributing public keys, however, is a big challenge.
• Data encrypted using the public key can be decrypted using the private key. No other key will decrypt the data, and the private key will decrypt only data that was encrypted using the matching public key.
• In some cases, the reverse of the process also works; data encrypted with the private key can be decrypted with the public key.

For Example If Marian wants to send a message to Robin Hood, she can encrypt it using Robin Hood's public key. Only the matching private key, which should be known only to Robin Hood, can be used to decrypt the message.
The Sheriff can intercept this message, but it doesn't do him any good because the message can be decrypted only with Robin Hood's private key. And as long as Robin Hood keeps his private key secret, he can give his public key to anyone who wants it, even the Sheriff. With the public key, the Sheriff can send Robin messages (if he wants), but can't decode anything that others send.





Asymmetric Key Algorithms
Historically, distributing the keys has always been the weakest link in most cryptosystems. No matter how strong a cryptosystem was, if an intruder could steal the key, the system was worthless. Cryptologists always took for granted that the encryption key and decryption key were the same (or easily derived from one another). But the key had to be distributed to all users of the system. Thus, it seemed as if there was an inherent built-in problem. Keys had to be protected from theft, but they also had to be distributed, so they could not just be locked up in a bank vault.

In 1976, two researchers at Stanford University, Diffie and Hellman (1976), proposed a radically new kind of cryptosystem, one in which the encryption and decryption keys were different, and the decryption key could not feasibly be derived from the encryption key. In their proposal, the (keyed) encryption algorithm, E, and the (keyed) decryption algorithm, D, had to meet three requirements. These requirements can be stated simply as follows:

1. D (E (P)) = P.
2. It is exceedingly difficult to deduce D from E.
3. E cannot be broken by a chosen plaintext attack.

The first requirement says that if we apply D to an encrypted message, E (P), we get the original plaintext message, P, back. Without this property, the legitimate receiver could not decrypt the cipher text. The second requirement speaks for itself. The third requirement is needed because, as we shall see in a moment, intruders may experiment with the algorithm to their hearts' content. Under these conditions, there is no reason that the encryption key cannot be made public.

The two main branches of public key cryptography are:

1. Public key encryption — a message encrypted with a user's public key cannot be decrypted by anyone except the user possessing the corresponding private key. This is used to ensure confidentiality.

2. Digital signatures — a message signed with a user's private key can be verified by anyone who has access to the user's public key, thereby proving that the user signed it and that the message has not been tampered with. This is used to ensure authenticity.

• An analogy for public-key encryption is that of a locked mailbox with a mail slot. The mail slot is exposed and accessible to the public; its location (the street address) is in essence the public key. Anyone knowing the street address can go to the door and drop a written message through the slot; however, only the person who possesses the key can open the mailbox and read the message.

• An analogy for digital signatures is the sealing of an envelope with a personal wax seal. The message can be opened by anyone, but the presence of the seal authenticates the sender. A central problem for public-key cryptography is proving that a public key is authentic, and has not been tampered with or replaced by a malicious third party. The usual approach to this problem is to use a public-key infrastructure (PKI), in which one or more third parties, known as certificate authorities, certify ownership of key pairs.