NEHRU ARTS AND SCIENCE COLLEGE
T.M.PALAYAM, COIMBATORE
NAME OF THE PAPER: NETWORK SECURITY AND CRYPTOGRAPHY
STAFF NAME: A.SENTHIL KUMAR
ACADEMIC YEAR : 2011 - 2012
UNIT-II:
Triple des-blow fish – RCS Advanced Symmetric Block Ciphers –RC4 stream Cipher
confidentially using symmetric encryption – introduction to number theory – public – key
cryptography and RSA.
Triple des
In cryptography, Triple DES (3DES) is the common name for the Triple Data Encryption
Algorithm (TDEA) block cipher, which applies the Data Encryption Standard (DES) cipher
algorithm three times to each data block. Because of the availability of increasing computational
power, the key size of the original DES cipher was becoming subject to brute force attacks;
Triple DES was designed to provide a relatively simple method of increasing the key size of
DES to protect against such attacks, without designing a completely new block cipher algorithm.
Triple DES uses a "key bundle" which comprises three DES keys, K1, K2 and K3, each of 56 bits
(excluding parity bits). The encryption algorithm is:
ciphertext = EK3(DK2(EK1(plaintext)))
I.e., DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3.
Decryption is the reverse:
plaintext = DK1(EK2(DK3(ciphertext)))
I.e., decrypt with K3, encrypt with K2, then decrypt with K1.
Each triple encryption encrypts one block of 64 bits of data.
In each case the middle operation is the reverse of the first and last. This improves the strength of
the algorithm when using keying option 2, and provides backward compatibility with DES with
keying option 3.
Blow fish
Blowfish (cipher)
From Wikipedia, the free encyclopedia
Jump to: navigation, search
Blowfish
The round function (Feistel function) of Blowfish
General
Designers
Bruce Schneier
First published
1993
Successors
Twofish
Cipher detail
Key sizes
8–448 bits in steps of 8 bits
Block sizes
64 bits
Structure
Feistel network
Rounds
16
Best public cryptanalysis
Four rounds of Blowfish are susceptible to a secondorder differential attack (Rijmen, 1997);[1] for a class
of weak keys, 14 rounds of Blowfish can be
distinguished from a pseudorandom permutation
(Vaudenay, 1996).
Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included
in a large number of cipher suites and encryption products. Blowfish provides a good encryption
rate in software and no effective cryptanalysis of it has been found to date. However, the
Advanced Encryption Standard now receives more attention.
Schneier designed Blowfish as a general-purpose algorithm, intended as an alternative to the
aging DES and free of the problems and constraints associated with other algorithms. At the time
Blowfish was released, many other designs were proprietary, encumbered by patents or were
commercial/government secrets. Schneier has stated that, "Blowfish is unpatented, and will
remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely
used by anyone."
Notable features of the design include key-dependent S-boxes and a highly complex key
schedule.
RCS Advanced Symmetric Block Ciphers
A block cipher consists of two paired algorithms, one for encryption, E, and the other for
decryption, E−1. Both algorithms accept two inputs: an input block of size n bits and a key of size
k bits, yielding an n-bit output block. For any one fixed key, decryption is the inverse function of
encryption, so that
for any block M and key K. M is termed the plaintext and C the ciphertext.
For each key K, EK is a permutation (a bijective mapping) over the set of input blocks. Each key
selects one permutation from the possible set of 2n! (see Factorial).
The block size, n, is typically 64 or 128 bits, although some ciphers have a variable block size.
64 bits was the most common length until the mid-1990s, when new designs began to switch to
the longer 128-bit length. One of several modes of operation is generally used along with a
padding scheme to allow plaintexts of arbitrary lengths to be encrypted. Each mode has different
characteristics in regard to error propagation, ease of random access and vulnerability to certain
types of attack. Typical key sizes (k) include 40, 56, 64, 80, 128, 192 and 256 bits. As of 2006,
80 bits is normally taken as the minimum key length needed to prevent brute force attacks. For
creating ciphers with arbitrary block sizes (or on domains that aren't powers of two) see Formatpreserving encryption.
Iterated block ciphers
Most block ciphers are constructed by repeatedly applying a simpler function. This approach is
known as iterated block cipher (see also product cipher). Each iteration is termed a round, and
the repeated function is termed the round function; anywhere between 4 to 32 rounds are typical.
Usually, the round function R takes different round keys Ki as second input, which are derived
from the original key:
where M0 is the plaintext and Mr the ciphertext, with r being the round number.
Frequently, key whitening is used in addition to this. At the beginning and the end, the data is
modified with key material (often with XOR, but simple arithmetic operations like adding and
subtracting are also used):
Many block ciphers can be categorised as Feistel networks, or, as more general substitutionpermutation networks. Arithmetic operations, logical operations (especially XOR), S-boxes and
various permutations are all frequently used as components.
RC4 stream Cipher confidentially using symmetric encryption
Symmetric ciphers are often used to achieve other cryptographic primitives than just encryption.
Encrypting a message does not guarantee that this message is not changed while encrypted.
Hence often a message authentication code is added to a ciphertext to ensure that changes to the
ciphertext will be noted by the receiver. Message authentication codes can be constructed from
symmetric ciphers (e.g. CBC-MAC).
However, symmetric ciphers also can be used for non-repudiation purposes by ISO 13888-2
standard.
Another application is to build hash functions from block ciphers. See one-way compression
function for descriptions of several such methods.
Public-key cryptography
An unpredictable (typically large and random) number is used to begin generation of an
acceptable pair of keys suitable for use by an asymmetric key algorithm.
In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but
only the holder of the paired private key can decrypt. Security depends on the secrecy of that
private key.
In some related signature schemes, the private key is used to sign a message; but anyone can
check the signature using the public key. Validity depends on private key security.
In the Diffie–Hellman key exchange scheme, each party generates a public/private key pair and
distributes the public key. After obtaining an authentic copy of each other's public keys, Alice
and Bob can compute a shared secret offline. The shared secret can be used as the key for a
symmetric cipher.
Public-key cryptography is a cryptographic approach which involves the use of asymmetric
key algorithms instead of or in addition to symmetric key algorithms. Unlike symmetric key
algorithms, it does not require a secure initial exchange of one or more secret keys to both sender
and receiver. The asymmetric key algorithms are used to create a mathematically related key
pair: a secret private key and a published public key. Use of these keys allows protection of the
authenticity of a message by creating a digital signature of a message using the private key,
which can be verified using the public key. It also allows protection of the confidentiality and
integrity of a message, by public key encryption, encrypting the message using the public key,
which can only be decrypted using the private key.
Public key cryptography is a fundamental and widely used technology around the world. It is the
approach which is employed by many cryptographic algorithms and cryptosystems. It underlies
such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP, and GPG.
RSA:
In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first publicly
described it) is an algorithm for public-key cryptography.[1] It is the first algorithm known to be
suitable for signing as well as encryption, and was one of the first great advances in public key
cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure
given sufficiently long keys and the use of up-to-date implementations.
The RSA algorithm involves three steps: key generation, encryption and decryption.
[edit] Key generation
RSA involves a public key and a private key. The public key can be known to everyone and is
used for encrypting messages. Messages encrypted with the public key can only be decrypted
using the private key. The keys for the RSA algorithm are generated the following way:
1. Choose two distinct prime numbers p and q.
o For security purposes, the integers p and q should be chosen uniformly at random
and should be of similar bit-length. Prime integers can be efficiently found using a
primality test.
2. Compute n = pq.
o n is used as the modulus for both the public and private keys
3. Compute φ(pq) = (p − 1)(q − 1). (φ is Euler's totient function).
4. Choose an integer e such that 1 < e < φ(pq), and e and φ(pq) share no divisors other than
1 (i.e., e and φ(pq) are coprime).
o e is released as the public key exponent.
o e having a short bit-length and small Hamming weight results in more efficient
encryption - most commonly 0x10001 = 65537. However, small values of e (such
as e = 3) have been shown to be less secure in some settings.[4]
5. Determine
(using Modular multiplicative
inverse). This satisfies the congruence relation
.
o Stated differently, ed − 1 can be evenly divided by the totient (p − 1)(q − 1).
o This is often computed using the Modular multiplicative inverse and extended
Euclidean algorithm.
o d is kept as the private key exponent.
The public key consists of the modulus n and the public (or encryption) exponent e. The private
key consists of the private (or decryption) exponent d which must be kept secret.
Note:

An alternative, used by PKCS#1, is to choose d matching e d ≡ 1 (mod λ) with λ = lcm(p1,q-1), where lcm is the least common multiple. Using λ instead of φ(n) allows more
choices for d. λ can also be defined using the Carmichael function λ(n).
Encryption
Alice transmits her public key (n,e) to Bob and keeps the private key secret. Bob then wishes to
send message M to Alice.
He first turns M into an integer 0 < m < n by using an agreed-upon reversible protocol known as
a padding scheme. He then computes the ciphertext c corresponding to:
This can be done quickly using the method of exponentiation by squaring. Bob then transmits c
to Alice.
Decryption
Alice can recover m from c by using her private key exponent d by the following computation:
Given m, she can recover the original message M by reversing the padding scheme.
(In practice, there are more efficient methods of calculating cd using the pre computed values
above.)
A worked example
Here is an example of RSA encryption and decryption. The parameters used here are artificially
small, but one can also use OpenSSL to generate and examine a real keypair.
1. Choose two prime numbers
p = 61 and q = 53 Make sure that these prime numbers are distinct (i.e. they are not both
the same number).
2. Compute n = pq
3. Compute the totients of product. For primes the totient is maximal and equals the prime
minus one. Therefore
4. Choose any number e > 1 that is coprime to 3120. Choosing a prime number for e leaves
you with a single check: that e is not a divisor of 3120.
e = 17
5. Compute d such that
e.g., by computing the modular
multiplicative inverse of e modulo
:
d = 2753
since 17 · 2753 = 46801 and 46801 mod 3120 = 1, this is the correct answer.
(iterating finds (15 times 3120)+1 divided by 17 is 2753, an integer, whereas other values
in place of 15 do not produce an integer. The extended euclidean algorithm finds the
solution to Bézout's identity of 3120x2 + 17x-367=1, and -367 mod 3120 is 2753)
The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption function
is
or abstractly:
The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the decryption function
is
or in its general form:
For instance, in order to encrypt m = 65, we calculate
To decrypt c = 2790, we calculate
.
Both of these calculations can be computed efficiently using the square-and-multiply algorithm
for modular exponentiation. In real life situations the primes selected would be much larger; in
our example it would be relatively trivial to factor n, 3233, obtained from the freely available
public key back to the primes p and q. Given e, also from the public key, we could then compute
d and so acquire the private key.
Using the Chinese remainder algorithm
For efficiency many popular crypto libraries (like OpenSSL, Java and .NET) use the following
optimization for decryption and signing: The following values are precomputed and stored as
part of the private key:

p and q: the primes from the key generation,

,

and

.
These values allow to compute the exponentiation
computed as follows:
more efficiently



(if m1 < m2 then some libraries compute h as
)

This is more efficient than computing
even though two modular
exponentiations have to be computed. The reason is that these two modular exponentiations both
use a smaller exponent and a smaller modulus.
Padding schemes
When used in practice, RSA is generally combined with some padding scheme. The goal of the
padding scheme is to prevent a number of attacks that potentially work against RSA without
padding:



When encrypting with low encryption exponents (e.g., e = 3) and small values of the m,
(i.e. m < n1 / e) the result of me is strictly less than the modulus n. In this case, ciphertexts
can be easily decrypted by taking the eth root of the ciphertext over the integers.
If the same clear text message is sent to e or more recipients in an encrypted way, and the
receivers share the same exponent e, but different p, q, and n, then it is easy to decrypt the
original clear text message via the Chinese remainder theorem. Johan Håstad noticed that
this attack is possible even if the cleartexts are not equal, but the attacker knows a linear
relation between them.[5] This attack was later improved by Don Coppersmith.[6]
Because RSA encryption is a deterministic encryption algorithm – i.e., has no random
component – an attacker can successfully launch a chosen plaintext attack against the
cryptosystem, by encrypting likely plaintexts under the public key and test if they are
equal to the ciphertext. A cryptosystem is called semantically secure if an attacker cannot
distinguish two encryptions from each other even if the attacker knows (or has chosen)

the corresponding plaintexts. As described above, RSA without padding is not
semantically secure.
RSA has the property that the product of two ciphertexts is equal to the encryption of the
product of the respective plaintexts. That is
Because of this multiplicative property a chosen-ciphertext attack is possible. E.g. an
attacker, who wants to know the decryption of a ciphertext c = me(mod n) may ask the
holder of the private key to decrypt an unsuspicious-looking ciphertext c' = cre(mod n)
for some value r chosen by the attacker. Because of the multiplicative property c' is the
encryption of mr(mod n). Hence, if the attacker is successful with the attack, he will learn
mr(mod n) from which he can derive the message m by multiplying mr with the modular
inverse of r modulo n.
To avoid these problems, practical RSA implementations typically embed some form of
structured, randomized padding into the value m before encrypting it. This padding ensures that
m does not fall into the range of insecure plaintexts, and that a given message, once padded, will
encrypt to one of a large number of different possible ciphertexts.
Standards such as PKCS#1 have been carefully designed to securely pad messages prior to RSA
encryption. Because these schemes pad the plaintext m with some number of additional bits, the
size of the un-padded message M must be somewhat smaller. RSA padding schemes must be
carefully designed so as to prevent sophisticated attacks which may be facilitated by a
predictable message structure. Early versions of the PKCS#1 standard (up to version 1.5) used a
construction that turned RSA into a semantically secure encryption scheme. This version was
later found vulnerable to a practical adaptive chosen ciphertext attack. Later versions of the
standard include Optimal Asymmetric Encryption Padding (OAEP), which prevents these
attacks. The PKCS#1 standard also incorporates processing schemes designed to provide
additional security for RSA signatures, e.g., the Probabilistic Signature Scheme for RSA (RSAPSS).
In the common case where RSA is used to exchange symmetric keys, key encapsulation provides
a simpler alternative to padding. Instead of generating a random symmetric key, padding it and
then encrypting the padded version with RSA, a random integer m between 1 and n-1 is
generated and encrypted directly using RSA. Both the sender and receiver generate identical
symmetric keys by applying the same key derivation function to m.[7]
Signing messages
Suppose Alice uses Bob's public key to send him an encrypted message. In the message, she can
claim to be Alice but Bob has no way of verifying that the message was actually from Alice
since anyone can use Bob's public key to send him encrypted messages. In order to verify the
origin of a message, RSA can also be used to sign a message.
Suppose Alice wishes to send a signed message to Bob. She can use her own private key to do
so. She produces a hash value of the message, raises it to the power of dmod n (as she does when
decrypting a message), and attaches it as a "signature" to the message. When Bob receives the
signed message, he uses the same hash algorithm in conjunction with Alice's public key. He
raises the signature to the power of emod n (as he does when encrypting a message), and
compares the resulting hash value with the message's actual hash value. If the two agree, he
knows that the author of the message was in possession of Alice's private key, and that the
message has not been tampered with since.
Note that secure padding schemes such as RSA-PSS are as essential for the security of message
signing as they are for message encryption, and that the same key should never be used for both
encryption and signing purposes.