CSS 2025 Module 2
CSS 2025 Module 2
Cryptographic algorithms
Symmetric key –
Same key is used for encryption and decryption.
Hence the key is called the shared secret key.
Drawbacks of symmetric key :
◦ Key must remain secret at both ends
◦ In large networks, there are many keys pairs to be
managed
◦ Sound cryptographic practices dictates that the key be
changed frequently
◦ The shared secret key must be transmitted through an
insecure transmission channel.
Call the plaintext stream P, the ciphertext stream C, and the key stream K.
Keystream may be a stream of predetermined values or
May be created by an algorithm or can be a single value.
Note : Monoalphabetic cipher
k={k,k,k…….}
Block Cipher:
Encrypts a group of plaintext symbols to produce a group of
ciphertext symbols of the same size.
A single key is used to encrypt the block even if the key is
made
up of multiple values.
With the advent of computer –What we need is bit oriented
protocols.
Since information to be encrypted is not just text but can
be numbers, graphics, audio and video data.
Components used by a modern block cipher :
1. D-box /P- box(diffusion box/permutation box)
Parallels the transposition cipher for characters.
It transposes bits.
3 types of D-boxes :
a) Straight D-box
Box with m inputs and n outputs where m=n
b) Compression D-box
Box with m inputs and n outputs where m>n.
Some of the inputs are blocked and do not reach the output.
Eg : 32 x 24 Compression D- box
c) Expansion D-box
A box with m inputs and n outputs where m<n
and decryption.
The function that matches input to the output is defined by
a table.
Eg :of a 3 x 2 S-box
First an the last bits select the row. Middle 4 select the column
The input to S-box 8 is 000000. What is the output?
O/p- 1110
The input to S-box 1 is 100011. What is the output?
O/p- 1100
An S-box may or may not be invertible. In an invertible S-
box, the number of input bits should be the same as the
number of output bits.
For example, if the input to the left box is 001, the output is
101. The input 101 in the right table creates the output
001, which shows that the two tables are inverses of each
other.
3. XOR
An important component in most block ciphers is the
exclusive-or operation.
4. Rotation
Another component found in some modern block
ciphers is the
circular shift operation.
1. Diffusion
Hides the relationship between the ciphertext and the
plaintext.
This will frustrate the interceptor who uses the ciphertext
to
find the plain text.
It implies that each symbol (char/bit) in the ciphertext is
confusion.
Each iteration is referred to as a round.
1. Feistel ciphers :
A Feistel cipher can have three types of components: self-
2. Non-Feistel ciphers :
Consists of only invertible components. Eg: AES
A Feistel cipher can have three types of components: self-
invertible, invertible, and noninvertible.
How are encryption and decryption algos. inverse of each
Inputs to the funtion should be exactly the same in encrp. and decryp
Hence right side of PT in encrp and right side of CT in decry
must be the same
Assume L3=L2 and R3=R2(i.e no change in ciphertext
during transmission)
R4=R3=R2=R1
L4=L3 ⊕ f(R3,K)
=L2 ⊕ f(R2,k)
L4=L1
Drawback of the previous design :
The right side of the plaintext does not undergo
encryption.
Improvement
1. Increase the no. of rounds/iterations.
2. Add a new element to each round , a swapper which
swaps the left and right halves in each round.
Note : Instead of f(R5,K1) it is f(L5,K1)
Prove L6=L1 and R6=R1 if L4=L3 and R4=R3
3. S-boxes
DES uses 8 S-boxes, each with a 6-bit input and a 4-bit output.
S box 1
4. Straight P-box
The round-key generator creates sixteen 48-bit keys out of a 56-
bit cipher key.
The cipher key is actually a 64-bit key in which 8 extra bits are
the parity bits which are dropped before the actual key
generation process.
Process :
1. Parity Drop :
Parity drop step is called the compression transposition step.
Step 1 : Drop the parity bits (bits 8,16,24,32,40,48,56,64) from
the 64-bit key.
Step2 : Permute the bits according to
Key
generation
2. Shift left :
Key is divided into 2 parts and each part is shifted left
(circular) 1 or 2 bits; depending on the round.
The 2 parts are then combined to form a 56-bit part.
3. Compression box :
Changes 56 bits to 48 bits which are used as a key for a
round.
The DES algorithm itself had become obsolete and was in
need of replacement.
To this end, the National Institute of Standards and
Technology (NIST) ratified the Advanced Encryption
Standard (AES) as a replacement for DES.
Triple DES had been endorsed by NIST as a temporary
standard to be used until AES was finished.
Triple DES uses a "key bundle" which comprises three DES
keys, K1, K2 and K3, each of 56 bits (excluding parity bits)
Each triple encryption encrypts one block of 64 bits of data.
The encryption algorithm is:
ciphertext = EK3(DK2(EK1(plaintext)))
i.e., DES encrypt with K1, DES decrypt with K2, then DES
encrypt with K3.
A B
P E D E C
(a) Encryption
K3 K2 K1
B A
C D E D P
(b) Decryption
Keying options
The standards define three keying options:
Keying option 1:
transformation table.
(00100000)2 = (20)16
This byte is replaced by B7 (i.e. row 2 and column 0)
In decryption we have Inverse Sub bytes transformation
The SubBytes and InvSubBytes transformations
are inverses of each other.
2. Shift row
Each row of s’ undergoes a circular left shift.
Each row i is shifted left circular by i bytes where i 0-3
InvShiftRows
In the decryption, the transformation is called InvShiftRows and the shifting is to the
right.
3. Mix columns
4 elements of each column are multiplied by a constant
matrix
The MixColumns transformation operates at the column level; it
Multiplying by 3 means shift left one bit and ex-oring with the
original unshifted value and exoring with 0001 1011 if the
leftmost bit of the original value (before the shift) is 1
InvMixColumns
The InvMixColumns transformation is basically the same as the MixColumns
transformation.
The final step is to ex-or the key with the result so far.
To create round keys for each round, AES uses a key-
expansion process. If the number of rounds is Nr , the key-
expansion routine creates Nr + 1 128-bit round keys from one
single 128-bit cipher key.
The key expansion routine creates round keys word by word ,
where a word is an array of 4 bytes.
In the AES-128 version(10 rounds) there are 44 words.
In the AES-192 version(12 rounds) there are 52 words.
In the AES-256 version(14 rounds) there are 60 words.
Each round key is made up of 4 words
Creation of words from the original cipher key(128 bits)
The process is as follows :
The first four words( w0,w1,w2,w3) are made directly from the
cipher key.
The cipher is an array of 16 bytes(k0 to k15). The first 4 bytes (k0
to k3) become w0; the next 4 bytes (k4 to k7) become w1; and so
on. i.e the concatenation of first 4 words replicates the cipher
key.
The rest of the words( wi for i=4 to 43) are made as follows:
Most widely used stream cipher used to protect internet traffic and to secure
wireless networks.
Designed by Ron Rivest in 1984.
8 bits of the plain text is Exored with a byte of the key to produce a byte of
ciphertext.
Key stream is a a sequence of bytes( can contain 1-256 bytes).
Based on the concept of state. At each moment, a state of 256 byte is active
from which one of the bytes is selected to serve as the key for encryption.
1. We have an array S ---
S[0], S[1],S[2]…… S[255]
The contents of each element is also a byte ( 8 bits) that is
an integer between 0 and 255.
2. There is an array key of length varying from 1 to 256
bytes. Typically between 5 and 16 bytes. Typically between
40-128 bits.
Note: S is initialized to the identity permutation.
Iteration 1:
– i=0, f=0, g=0
– S[ ]=[ S0, S1, S2, S3] = [ 0, 1, 2, 3 ]
– K[ ]=[ K0, K1] = [ 2, 5 ]
Iteration 2:
– i=1, f=2, g=1
– S[ ]=[ S0, S1, S2, S3] = [ 2, 1, 0, 3 ]
– K[ ]=[ K0, K1] = [ 2, 5 ]
Iteration 3:
– i=2, f=0, g=0
– S[ ]=[ S0, S1, S2, S3] = [ 1, 2, 0, 3]
– K[ ]=[ K0, K1] = [ 2, 5 ]
Iteration 4:
– i=3, f=2, g=1
– S[ ]=[ S0, S1, S2, S3] = [ 1, 2, 0, 3 ]
– K[ ]=[ K0, K1] = [ 2, 5 ]
– i=0, f=0
– S[ ]=[ S0, S1, S2, S3] = [ 1, 2, 3, 0 ]
Because i = ( i + 1 )mod 4 = 1
f = ( f + S1 )mod 4 = 2, then swap S1with S2
New array S[ ]=[ S0, S1, S2, S3 ] = [ 1, 3, 2, 0 ]
Example (Ciphering phase)
t = ( S1 + S2 )mod 4 = 1
S1 = 3 ( 0000 0011 )
H
0100 1000
XOR 0000 0011
0100 1011
Example (Ciphering phase)
“I”:
– i=1, f=2
– S[ ]=[ S0, S1, S2, S3] = [ 1, 3, 2, 0 ]
Because i = ( i + 1 )mod 4 = 2
f = ( f + S2 )mod 4 = 0, then swap S2with S0
New array S[ ]=[ S0, S1, S2, S3 ] = [ 2, 3, 1, 0 ]
Example (Ciphering phase)
t = ( S2 + S0 )mod 4 = 3
S3 = 0 ( 0000 0000 )
I
0100 1001
XOR 0000 0000
0100 1001
Result
– Plaintext : 0100 1000 0100 1001
– Cipher : 0100 1011 0100 1001
S={0,1,2,3}
K={1,7,1,7}
I st iteration
f=0, i=0, g=0
f=(0 + 0 +1) mod 4
f=1
Swap S0 with S1
New S={S0,S1,S2,S3} ---{1, 0, 2, 3}
i=i+1, g=(g+1) mod 4 =1
II nd iteration
f=1, i=1, g=1
f=(1 + 0 +7) mod 4
f=0
Swap S0 with S1
New S={S0,S1,S2,S3} ---{0, 1, 2, 3}
i=i+1, g=(g+1) mod 4 =2
III rd iteration
f=0, i=2, g=2
f=(0 + 2 +1) mod 4
f=3
Swap S2 with S3
New S={S0,S1,S2,S3} ---{0, 1, 3, 2}
i=i+1=3, g=(g+1) mod 4 =3
I V rth iteration
f=3, i=3, g=3
f=(3 + 2 +7) mod 4
f=0
Swap S3 with S0
New S={S0,S1,S2,S3} ---{2, 1, 3, 0}
1. Speed of Transformation
Stream – Each symbol is encrypted as soon as it is read. Hence
the time to encrypt the symbol depends only on the encryption
algorithm.
Block – The system has to wait until an entire block of plaintext
has been received before staring the encryption process.
Hence slowness of encryption.
2. Diffusion
Stream- Low diffusion
Each symbol is seperately enciphered. Therefore all the
information of that symbol is contained in one symbol of the
ciphertext.
Block- High diffusion
Information from the plaintext is diffused into several ciphertext
symbols.
3. Error Propagation
Stream – Low error Propagation
Because each symbol is seperately encoded, an error in the encryption
process affects only that character.
Block- High error Propagation
An error will affect the transformation of all other characters in the
same block.
4. Insertion of symbols
Stream- Susceptibility to malicious insertions and modifications.
Because each symbol is seperately enciphered , an active interceptor
who has broken the code can splice together pieces of previous
messages and transmit a spurious new message that may look may
authentic.
Block- Immunity to insertion of symbols.
Because blocks of symbols are enciphered, it is impossible to insert a
single symbol into one block. The length of the block would then be
incorrect, and the decipherment would quickly reveal the insertion.
1. Speed of Transformation
Stream – Each symbol is encrypted as soon as it is read. Hence
the time to encrypt the symbol depends only on the encryption
algorithm.
Block – The system has to wait until an entire block of plaintext
has been received before staring the encryption process.
Hence slowness of encryption.
2. Diffusion
Stream- Low diffusion
Each symbol is seperately enciphered. Therefore all the
information of that symbol is contained in one symbol of the
ciphertext.
Block- High diffusion
Information from the plaintext is diffused into several ciphertext
symbols.
3. Error Propagation
Stream – Low error Propagation
Because each symbol is seperately encoded, an error in the encryption
process affects only that character.
Block- High error Propagation
An error will affect the transformation of all other characters in the
same block.
4. Insertion of symbols
Stream- Susceptibility to malicious insertions and modifications.
Because each symbol is seperately enciphered , an active interceptor
who has broken the code can splice together pieces of previous
messages and transmit a spurious new message that may look may
authentic.
Block- Immunity to insertion of symbols.
Because blocks of symbols are enciphered, it is impossible to insert a
single symbol into one block. The length of the block would then be
incorrect, and the decipherment would quickly reveal the insertion.
1. In a community of n people ->
Symmetric- Key cryptography requires n(n-1)/2 shared secret
keys
Asymmetric- key cryptography requires n personal secret keys
are needed
2. Symmetric Key cryptography is based on sharing secrecy.
Asymmetric- key cryptography is based on personal secrecy.
3. Symmetric – Plain text and ciphertext are
symbols(bits/characters).
Asymmetric- Plaintext and ciphertext are numbers.
4. Symmetric-Encryption and decryption is based on
permutation and substitution of symbols.
Asymmetric- Encryption and decryption are mathematical
functions
Plaintext/Ciphertext
Unlike in symmetric-key cryptography, plaintext and
1. f is easy to compute.
In other words, given x, y=f(x) can be
easily computed
2. f −1 is difficult to compute.
In other words, given y, it is
computationally infeasible to
calculate x= f −1(y).
A trapdoor one-way function is a one-way function with a third
property :
3. Given y and a trapdoor(secret), x can be computed easily.
Superincreasing Tuple
ai ≥ a1 + a2 + … + ai−1
In other words, each element(except a1) is greater than or equal to the sum
of all previous elements.
As an example, assume that a = [17, 25, 46, 94,201,400] and s =
272 are given.
Table shows how the tuple x is found using inv_knapsackSum
routine in Algorithm
. In this case x = [0, 1, 1, 0, 1, 0], which means that 25, 46, and 201 are
in the knapsack.
Key Generation (Done by Bob)
1. Create a superincreasing k-tuple b = [b1, b2, …… ,bk]
2. Choose a modulus n, such that n > b1+ b2 + …. + bk
3. Select a random
integer r that is relatively prime with n and 1 <= r <=
n-1
4. Create a temporary k-tuple t = [t1 , t2 , ….. tk] in which
ti = r x bi mod n
5. Select a permutation
of k objects and find a new tuple a = permute(t)
6. The public key is the k tuple a. The private key
is n, r, and the k-tuple b
Encryption Suppose Alice needs to send
a message to Bob
1. Alice converts her message to a k-tuple x = [x1, x2 , …,
xk] in which xi is either 0 or 1. The tuple x is the plaintext
2. Alice uses the knapsackSum(a,x) routine to calculate s.
She then sends the value of s as the ciphertext
Decryption
= 48.
Choose E = 11.
D = 35.
For example, to encrypt 3, we find
3^11 mod 65 =22
22^35 mod 65 =3
Symmetric key distribution needs a shared secret key
between 2 parties.
How are shared secret keys maintained and distributed?
1. Key distribution Centre : KDC
• Use atrusted third party : KDC
• Each person establishes a shared secret key with the
KDC.
A KDC creates a secret key for each member. This secret
key
can be used only between the member and the KDC, not
between two members.
How can Alice send a confidential message to Bob?
1. Alice sends a request to the KDC stating that a
session(temporary) secret key is needed so that Alice could
communicate with Bob.
2. KDC informs Bob about Alice’s request.
3. If B agrees, a session key is created between the two.
One such protocol is KERBEROS
Note : KAlice and KBob is used to authenticate Alice and Bob to
the KDC to prevent Eve from impersonating either of them.
2. Establishing a session keywithout using a KDC.
Alice and Bob can create a session key between
themselves without using a KDC. This method of session-
key creation is referred to as the symmetric-key
agreement.
Eg: Diffie Hellman key agreement.
34 mod 7 =4
35 mod 7 =5
36 mod 7 =1
37 mod 7 =3
38 mod 7 =2
Hence 3 is a primitive root of 7
Note ; A prime no. can have a no. of primitive roots.
Eg 2 : If p=13 --
Is 2 a primitive root of 13 ?
1,2,4,8,3,6,12,11,9,5,10,7
no repetition
Hence 2 is a primitive root of 13.
1. Alice chooses a large random no. x such that 0<= x <= p-1 and calculates
R1= gx mod p.
2. Bob chooses another large random no. y such that 0<= y <= p-1 and
calculates R2=gy mod p.
3. Alice sends R1 to Bob. Alice does not send x; she only sends R1.
4. Bob sends R2 to Alice. Bob does not send y; he only sends R2.
5. Alice calculates K= (R2)x mod p.
6. Bob calculates K= (R1)y mod p.
K is the symmetric key for the session.
K = (gx mod p)y mod p = (gy mod p)x mod p = gxy mod
p.
Both have reached the same value without Bob knowing
value of x and without Alice kowing the value of y.
Eg: Assume (small nos. ) Let p=23 and g=7
1. Alice chooses x = 3 and calculates R1 = 73 mod 23 = 21.
2. Bob chooses y = 6 and calculates R2 = 76 mod 23 = 4.
3. Alice sends the number 21 to Bob.
4. Bob sends the number 4 to Alice.
5. Alice calculates the symmetric key K = 43 mod 23 = 18.
6. Bob calculates the symmetric key K = 216 mod 23 = 18.
7. The value of K is the same for both Alice and Bob;
gxy mod p = 718 mod 23 = 18.
Security of Diffie Hellman
Susceptible to 2 attacks :
1. Discrete logarithm attack
2. Man in the middle attack.
the protocol.
1. Alice chooses x,
calculates R1= gx mod p
and sends R1 to Bob.
2. Eve, intercepts R1. She
chooses z, calculates
R2=gz mod p and sends R2
to both Alice & Bob.
3. Bob chooses y, calculates
R3= gy mod p and sends
R3 to Alice. R3 is
intecepted by Eve and
never reaches Alice.
4. Alice and Eve calculate
K1=gxz mod p, which
becomes the shared key
between Alice and Eve.
Alice however thinks that
it is a shared key between
Bob and herself.
5. Bob and Eve calculate K2=gzy mod p, which becomes the shared key between
Bob and Eve. Bob however thinks that it is a shared key between Alice and
himself.
When Alice sends data to Bob encrypted with k1, Eve can
decipher the msg. or send a totally new message encrypted
by k2 to Bob.
Bob is fooled into believing that the message has come
from Alice.
Similar scenario can happen to Alice in the other direction.
Called man in the middle attack because Eve comes in
between and intercepts R1 sent by Alice to Bob and R3 sent
by Bob to Alice.