Uploaded by Sourav Kumar Giri

Cryptography Algorithms: Euclidean, RSA, DES, Block Ciphers

advertisement
2(b)
Extended Euclidean algorithm to find multiplicative inverse of a in 𝒁𝒏
π‘Ÿ1 = 𝑛, π‘Ÿ2 = π‘Ž;
𝑑1 = 0, 𝑑2 = 1;
while (π‘Ÿ2 > 0)
{
π‘ž = π‘Ÿ1 /π‘Ÿ2 ;
π‘Ÿ = π‘Ÿ1 − π‘ž × π‘Ÿ2 ;
π‘Ÿ1 = π‘Ÿ2 ;
π‘Ÿ2 = π‘Ÿ;
𝑑 = 𝑑1 − π‘ž × π‘‘2 ;
𝑑1 = 𝑑2 ;
𝑑2 = 𝑑;
}
if (π‘Ÿ1 == 1 )
π‘Ž−1 = 𝑑1 ;
q
𝐫𝟏
𝐫𝟐
r
𝐭𝟏
𝐭𝟐
t
2
26
11
4
0
1
−2
2
11
4
3
1
-2
5
1
4
3
1
-2
5
-7
3
3
1
0
5
-7
26
1
0
-7
26
Therefore, the required multiplicative inverse is 19
2(e)
Example: Let us take an example of this procedure to learn the concepts. For ease of
reading, it can write the example values along with the algorithm steps.
ο‚·
ο‚·
ο‚·
ο‚·
Choose two large prime numbers P and Q
Let P = 47, Q = 17
Calculate N = P x Q
We have, N = 7 x 17 = 119.
Choose the public key (i.e., the encryption key) E such that it is not an element
of (P -1) x (Q – 1)
o Let us find (7 - 1) x (17 -1) = 6 x 16 = 96
o The factors of 96 are 2, 2, 2, 2, 2, and 3 (because 96 = 2 x 2 x 2 x 2 x 2
x 3).
o Therefore, it can select E such that none of the factors of E is 2 and 3.
We cannot choose E as 4 (because it has 2 as a factor), 15 (because it
has 3 as a factor) and 6 (because it has 2 and 3 both as factors).
o Let us choose E as 5 (it can have been any other number that does not
its factors as 2 and 3).
Choose the private key (i.e., the decryption key) D including the following
equation is true:
(D x E) mod (P – 1) x (Q – 1) = 1
o Let us substitute the values of E, P, and Q in the equation.
o We have (D x 5) mod (7 – 1) x (17 – 1) = 1.
That is, (D x 5) mod (6) x (16) = 1.
That is, (D x 5) mod (96) = 1
After some calculations, let us take D = 77. Then the following is true: (77
x 5) mod (96) = 385 mod 96 = 1 which is what we wanted.
For encryption, calculate the cipher text (CT) from the plain text (PT) as follows:
CT = PTE mod N
Let us assume that we want to encrypt plain text 10. Then, we have
CT = 105 mod 119 = 100000 mod 119 = 40.
Send CT as the cipher text to the receiver.
Send 40 as the cipher text to the receiver.
For decryption, calculate the plain text (PT) from the cipher text (CT) as follows:
PT = CTD mod N
It perform the following:
PT = CTDmod N
That is,
PT = 4077mod 119 = 10, which was the original plaintext of step5.
o
o
o
ο‚·
ο‚·
ο‚·
2 (f)
Electronic Codebook (ECB)
The simplest mode is the electronic codebook (ECB) mode, in which plaintext is handled one block at
a time and each block of plaintext is encrypted using the same key. The term codebook is used because,
for a given key, there is a unique ciphertext for every b-bit block of plaintext. Therefore, we can imagine
a gigantic codebook in which there is an entry for every possible b-bit plaintext pattern showing its
corresponding ciphertext.
The plaintext (padded as necessary) consists of a sequence of -bit blocks, 𝑃1 , 𝑃2 , 𝑃3 , … , 𝑃𝑁 ; the
corresponding sequence of ciphertext blocks is 𝐢1 , 𝐢2 , 𝐢3 , … , 𝐢𝑁 .
We can define ECB mode as follows:
Encryption
𝐢𝑗 = 𝐸(𝐾, 𝑃𝑗 ) 𝑗 = 1, 2, … . , 𝑁
Decryption
𝑃𝑗 = 𝐷(𝐾, 𝐢𝑗 ) 𝑗 = 1, 2, … . , 𝑁
Note:

The ECB method is ideal for a short amount of data, such as an encryption key. Thus, if we
want to transmit a DES or AES key securely, ECB is the appropriate mode to use.

The most significant characteristic of ECB is that if the same b-bit block of plaintext appears
more than once in the message, it always produces the same ciphertext.

For lengthy messages, the ECB mode may not be secure. If the message is highly structured, it
may be possible for a cryptanalyst to exploit these regularities.
Cipher block chaining (CBC)
To overcome the security deficiencies of ECB, we would like a technique in which the same plaintext
block, if repeated, produces different ciphertext blocks. A simple way to satisfy this requirement is the
cipher block chaining (CBC) mode. In this scheme, the input to the encryption algorithm is the XOR of
the current plaintext block and the preceding ciphertext block; the same key is used for each block. In
effect, we have chained together the processing of the sequence of plaintext blocks.
We can define CBC mode as follows:
Encryption
𝐢1 = 𝐸(𝐾, [𝑃1 ⨁ 𝐼𝑉])
𝐢𝑗 = 𝐸(𝐾, [𝑃1 ⨁ 𝐢𝑗−1 ])
Decryption
𝑗 = 2,3, … , 𝑁
𝑃1 = 𝐷(𝐾, 𝐢1 )⨁𝐼𝑉
𝑃𝑗 = 𝐷(𝐾, 𝐢𝑗 )⨁𝐢𝑗−1
𝑗 = 2, 3, … , 𝑁
Note:

The IV must be known to both the sender and receiver but be unpredictable by a third party

The input to the encryption function for each plaintext block bears no fixed relationship to the
plaintext block. Therefore, repeating patterns of b bits are not exposed.

As with the ECB mode, the CBC mode requires that the last block be padded to a full b bits if
it is a partial block.
Cipher feedback (CFB)
For AES, DES, or any block cipher, encryption is performed on a block of b bits. In the case of DES,
𝑏 = 64 and in the case of AES, 𝑏 = 128. However, it is possible to convert a block cipher into a stream
cipher, using one of the three modes to be discussed in this and the next two sections: cipher feedback
(CFB) mode, output feedback (OFB) mode, and counter (CTR) mode.
A stream cipher eliminates the need to pad a message to be an integral number of blocks. It also can
operate in real time. Thus, if a character stream is being transmitted, each character can be encrypted
and transmitted immediately using a character-oriented stream cipher.
The input to the encryption function is a b-bit shift register that is initially set to some initialization
vector (IV). The leftmost (most significant) s bits of the output of the encryption function are XORed
with the first segment of plaintext 𝑃1 to produce the first unit of ciphertext 𝐢1 , which is then transmitted.
In addition, the content of the shift register are shifted left by s bits, and 𝐢1 is placed in the rightmost
(least significant) s bits of the shift register. This process continues until all plaintext units have been
encrypted.
For decryption, the same scheme is used, except that the received ciphertext unit is XORed with the
output of the encryption function to produce the plaintext unit. Note that it is the encryption function
that is used, not the decryption function. This is easily explained. Let 𝑀𝑆𝐡𝑠 (𝑋) be defined as the most
significant s bits of X. Then,
𝐢1 = 𝑃1 ⨁𝑀𝑆𝐡𝑠 [𝐸(𝐾, 𝐼𝑉)]
4)
DES (Data Encryption Standard)
The most widely used encryption scheme is based on the Data Encryption Standard (DES) adopted in
1977 by the National Bureau of Standards, now the National Institute of Standards and Technology
(NIST). 7 For DES, data are encrypted in 64-bit blocks using a 56-bit key. The algorithm transforms
64-bit input in a series of steps into a 64-bit output. The same steps, with the same key, are used to
reverse the encryption.
The DES enjoys widespread use. It has also been the subject of much controversy concerning how
secure the DES is.
DES Encryption
[General Depiction of DES Encryption Algorithm]
Various steps involved in DES encryption are:
Initial Permutation: The initial permutation and its inverse are defined by tables, as shown in below
Tables respectively. The tables are to be interpreted as follows:
The input to a table consists of 64 bits numbered from 1 to 64.The 64 entries in the permutation table
contain a permutation of the numbers from 1 to 64. Each entry in the permutation table indicates the
position of a numbered input bit in the output, which also consists of 64 bits.
Details of Single Round: The left and right halves of each 64-bit intermediate value are treated as
separate 32-bit quantities, labeled L (left) and R (right). As in any classic Feistel cipher, the overall
processing at each round can be summarized in the following formulas:
π‘³π’Š = π‘Ήπ’Š−𝟏
π‘Ήπ’Š = π‘³π’Š−𝟏 ⨁𝑭(π‘Ήπ’Š−𝟏 , π‘²π’Š )
The round key 𝐾𝑖 is 48 bits. The R input is 32 bits. This R input is first expanded to 48 bits by using a
table that defines a permutation plus an expansion that involves duplication of 16 of the R bits (Table
below). The resulting 48 bits are XORed with 𝐾𝑖 . This 48-bit result passes through a substitution
function that produces a 32-bit output, which is permuted as defined by Table below.
[Single Round of DES Algorithm]
[Calculation of F(R, K)]
Download