2(b) Extended Euclidean algorithm to find multiplicative inverse of a in ππ π1 = π, π2 = π; π‘1 = 0, π‘2 = 1; while (π2 > 0) { π = π1 /π2 ; π = π1 − π × π2 ; π1 = π2 ; π2 = π; π‘ = π‘1 − π × π‘2 ; π‘1 = π‘2 ; π‘2 = π‘; } if (π1 == 1 ) π−1 = π‘1 ; q π«π π«π r ππ ππ t 2 26 11 4 0 1 −2 2 11 4 3 1 -2 5 1 4 3 1 -2 5 -7 3 3 1 0 5 -7 26 1 0 -7 26 Therefore, the required multiplicative inverse is 19 2(e) Example: Let us take an example of this procedure to learn the concepts. For ease of reading, it can write the example values along with the algorithm steps. ο· ο· ο· ο· Choose two large prime numbers P and Q Let P = 47, Q = 17 Calculate N = P x Q We have, N = 7 x 17 = 119. Choose the public key (i.e., the encryption key) E such that it is not an element of (P -1) x (Q – 1) o Let us find (7 - 1) x (17 -1) = 6 x 16 = 96 o The factors of 96 are 2, 2, 2, 2, 2, and 3 (because 96 = 2 x 2 x 2 x 2 x 2 x 3). o Therefore, it can select E such that none of the factors of E is 2 and 3. We cannot choose E as 4 (because it has 2 as a factor), 15 (because it has 3 as a factor) and 6 (because it has 2 and 3 both as factors). o Let us choose E as 5 (it can have been any other number that does not its factors as 2 and 3). Choose the private key (i.e., the decryption key) D including the following equation is true: (D x E) mod (P – 1) x (Q – 1) = 1 o Let us substitute the values of E, P, and Q in the equation. o We have (D x 5) mod (7 – 1) x (17 – 1) = 1. That is, (D x 5) mod (6) x (16) = 1. That is, (D x 5) mod (96) = 1 After some calculations, let us take D = 77. Then the following is true: (77 x 5) mod (96) = 385 mod 96 = 1 which is what we wanted. For encryption, calculate the cipher text (CT) from the plain text (PT) as follows: CT = PTE mod N Let us assume that we want to encrypt plain text 10. Then, we have CT = 105 mod 119 = 100000 mod 119 = 40. Send CT as the cipher text to the receiver. Send 40 as the cipher text to the receiver. For decryption, calculate the plain text (PT) from the cipher text (CT) as follows: PT = CTD mod N It perform the following: PT = CTDmod N That is, PT = 4077mod 119 = 10, which was the original plaintext of step5. o o o ο· ο· ο· 2 (f) Electronic Codebook (ECB) The simplest mode is the electronic codebook (ECB) mode, in which plaintext is handled one block at a time and each block of plaintext is encrypted using the same key. The term codebook is used because, for a given key, there is a unique ciphertext for every b-bit block of plaintext. Therefore, we can imagine a gigantic codebook in which there is an entry for every possible b-bit plaintext pattern showing its corresponding ciphertext. The plaintext (padded as necessary) consists of a sequence of -bit blocks, π1 , π2 , π3 , … , ππ ; the corresponding sequence of ciphertext blocks is πΆ1 , πΆ2 , πΆ3 , … , πΆπ . We can define ECB mode as follows: Encryption πΆπ = πΈ(πΎ, ππ ) π = 1, 2, … . , π Decryption ππ = π·(πΎ, πΆπ ) π = 1, 2, … . , π Note: ο§ The ECB method is ideal for a short amount of data, such as an encryption key. Thus, if we want to transmit a DES or AES key securely, ECB is the appropriate mode to use. ο§ The most significant characteristic of ECB is that if the same b-bit block of plaintext appears more than once in the message, it always produces the same ciphertext. ο§ For lengthy messages, the ECB mode may not be secure. If the message is highly structured, it may be possible for a cryptanalyst to exploit these regularities. Cipher block chaining (CBC) To overcome the security deficiencies of ECB, we would like a technique in which the same plaintext block, if repeated, produces different ciphertext blocks. A simple way to satisfy this requirement is the cipher block chaining (CBC) mode. In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block; the same key is used for each block. In effect, we have chained together the processing of the sequence of plaintext blocks. We can define CBC mode as follows: Encryption πΆ1 = πΈ(πΎ, [π1 β¨ πΌπ]) πΆπ = πΈ(πΎ, [π1 β¨ πΆπ−1 ]) Decryption π = 2,3, … , π π1 = π·(πΎ, πΆ1 )β¨πΌπ ππ = π·(πΎ, πΆπ )β¨πΆπ−1 π = 2, 3, … , π Note: ο§ The IV must be known to both the sender and receiver but be unpredictable by a third party ο§ The input to the encryption function for each plaintext block bears no fixed relationship to the plaintext block. Therefore, repeating patterns of b bits are not exposed. ο§ As with the ECB mode, the CBC mode requires that the last block be padded to a full b bits if it is a partial block. Cipher feedback (CFB) For AES, DES, or any block cipher, encryption is performed on a block of b bits. In the case of DES, π = 64 and in the case of AES, π = 128. However, it is possible to convert a block cipher into a stream cipher, using one of the three modes to be discussed in this and the next two sections: cipher feedback (CFB) mode, output feedback (OFB) mode, and counter (CTR) mode. A stream cipher eliminates the need to pad a message to be an integral number of blocks. It also can operate in real time. Thus, if a character stream is being transmitted, each character can be encrypted and transmitted immediately using a character-oriented stream cipher. The input to the encryption function is a b-bit shift register that is initially set to some initialization vector (IV). The leftmost (most significant) s bits of the output of the encryption function are XORed with the first segment of plaintext π1 to produce the first unit of ciphertext πΆ1 , which is then transmitted. In addition, the content of the shift register are shifted left by s bits, and πΆ1 is placed in the rightmost (least significant) s bits of the shift register. This process continues until all plaintext units have been encrypted. For decryption, the same scheme is used, except that the received ciphertext unit is XORed with the output of the encryption function to produce the plaintext unit. Note that it is the encryption function that is used, not the decryption function. This is easily explained. Let πππ΅π (π) be defined as the most significant s bits of X. Then, πΆ1 = π1 β¨πππ΅π [πΈ(πΎ, πΌπ)] 4) DES (Data Encryption Standard) The most widely used encryption scheme is based on the Data Encryption Standard (DES) adopted in 1977 by the National Bureau of Standards, now the National Institute of Standards and Technology (NIST). 7 For DES, data are encrypted in 64-bit blocks using a 56-bit key. The algorithm transforms 64-bit input in a series of steps into a 64-bit output. The same steps, with the same key, are used to reverse the encryption. The DES enjoys widespread use. It has also been the subject of much controversy concerning how secure the DES is. DES Encryption [General Depiction of DES Encryption Algorithm] Various steps involved in DES encryption are: Initial Permutation: The initial permutation and its inverse are defined by tables, as shown in below Tables respectively. The tables are to be interpreted as follows: The input to a table consists of 64 bits numbered from 1 to 64.The 64 entries in the permutation table contain a permutation of the numbers from 1 to 64. Each entry in the permutation table indicates the position of a numbered input bit in the output, which also consists of 64 bits. Details of Single Round: The left and right halves of each 64-bit intermediate value are treated as separate 32-bit quantities, labeled L (left) and R (right). As in any classic Feistel cipher, the overall processing at each round can be summarized in the following formulas: π³π = πΉπ−π πΉπ = π³π−π β¨π(πΉπ−π , π²π ) The round key πΎπ is 48 bits. The R input is 32 bits. This R input is first expanded to 48 bits by using a table that defines a permutation plus an expansion that involves duplication of 16 of the R bits (Table below). The resulting 48 bits are XORed with πΎπ . This 48-bit result passes through a substitution function that produces a 32-bit output, which is permuted as defined by Table below. [Single Round of DES Algorithm] [Calculation of F(R, K)]