# Introduction:

advertisement ```AN INTRODUCTION TO CRYPTOGRAPHY
Name: Akshay Ahooja
Date: June 11, 2004
To: Mr. Mercurio
Course: ICE4M1
INTRODUCTION
As technology advances, society finds new and improved ways to communicate with
others regardless of the distance that separates them. To be able to talk to someone
that lives 2000km away through your computer is quite fascinating, but the question that
arises is, how private are these conversations?
In the army and in corporate business, being able to communicate in privacy is as
important as being able to communicate at all. The basic question for cryptography lies
when two people, Person A and Person B, want to talk in private while Person C wants
to hear the conversation. How can Person A talk to Person B over the internet, without
letting Person C listen in? In this case, Person A and B could be two private jets in the
army, or executive members in a corporate office, while Person C could be a spy or a
hacker. The best way to transfer this message is to use encryption, which is a secret
code between two people. But in this case, you can converse in regular language while
an encrypting software will encrypt (code) and decrypt (decode), the message for you.
Cryptography is a system for encrypting and decrypting data using different algorithms.
There are two basic types of encryptions; Symmetric Key Encryption and Public Key
Encryption.
&lt;http://pajhome.org.uk/crypt/rsa/intro.html&gt;
PERSON B
PERSON A
PERSON C
2
Symmetric Key Encryption:
This is the basic form of cryptography. In this situation Person A will have encrypting
software that uses a certain algorithm to encrypt the message. Then at the other end,
Person B will have the reverse decrypting software to decode and read the message.
Since Person C does not have this software, they will not be able to read the message.
Even though this works well most times, the only secure way to give the decrypting
software to Person B is by physically handing it to them. This, in most cases, is very
impractical, so a different system must be used.
&lt;http://pajhome.org.uk/crypt/rsa/intro.html&gt;
PERSON B
PERSON A
PERSON C
Public Key Encryption:
Using reverse thinking, there is a way that two people can communicate in a private
conversation without really having to physically meet and exchange algorithms. They
way to do this is by splitting up the software into two sections, a public key for encryption
and a private key for decryption. So Person B will have a private key to decrypt that only
Person B possesses. It will also send out a public key to Person A for encrypting. If
Person C somehow gets this software, they cannot do anything but encrypt messages.
This way person A can use the public key to encrypt the message and send it to Person
3
B, who uses the private key to decrypt it. Even if Person C gets a hold of this message,
they do not, and cannot have the key to decrypt it.
There are many cryptography software’s that use different algorithms. Three of these are
RSA, AES and SHA-1.
&lt;http://pajhome.org.uk/crypt/rsa/intro.html&gt;
PERSON B
PERSON B’s
Public Key
PERSON A
PERSON C
RSA
RSA is a type of Public Key Encryption and is used for most part in electronic
commerce. RSA are the initials for the three gentlemen who created the asymmetric
algorithm; Ron Rivest, Adi Shamir and Len Adleman. This algorithm was created in
1977, but was not patented till 1983 in MIT. The algorithm for this encrypting software is
based on mathematical factoring of large numbers.
Algorithm: (http://pajhome.org.uk/crypt/rsa/rsa.html)
1. Generate two large prime numbers, p and q
2. Let n = pq
3. Let m = (p-1)(q-1)
4
4. Choose a small number e, co-prime to m
5. Find d, such that de % m = 1
Publish e and n as the public key.
Keep d and n as the private key.
Note: x % y means the remainder of x divided by y (mod)
In general, the encryption formula for any one digit number is C = Pe % n. This is the
message that is sent from person A to Person B. Now, Person B can use their private
key ‘d’ and ‘n’ to decode the message by using the general formula P = Cd % n. RSA
uses only numerical values, and all alpha values are changed to numerical ASCII values
before encryption. Since this entire system stands on the basis of random number
generation, it should be very clear the prime numbers (‘p’ and ‘q’) that are chosen are
truly random. If the key generator can be predictable in any way, then the code has a
chance of being cracked. This is why, in order to increase security, the numbers
randomly chosen are very large, and so the predictability factor is reduced. Also, it is
made sure that prime numbers ‘p’ and ‘q’ are not close together. RSA is not as fast as
some other symmetric cryptosystems, but is efficient in its work.
ADVANCED ENCRYPTION STANDARD (AES):
AES is the standard encryption cryptographer for the US government since 2001. It was
created by two Belgium cryptographers named Joan Daemen and Vincent Rijmen. The
original name for AES was Rijndael, pronounced ‘Rhine-dahl’. AES is a block cipher
style of encrypted. This basically means that the message is encrypted and decrypted in
blocks, and then put together. It chooses a fixed block size of 128 bits and encrypts
them first, before encrypting the next 128 bits. The same cycle is used for decryption.
5
Key Size and Safety: (http://www.di-mgt.com.au/cryptokeys.html):
The key size for AES can be from one of the following; 128, 192 or 256 bits. A key is a
string of bits that are used to encrypt and decrypt data. It is the ‘key’ between plain text
and cipher text. The longer the key, the harder it is to crack the code, but it is also takes
longer to carry out the encryption, so proper equipment is needed. If a hacker was trying
to crack one of the cryptographic codes, with a 64 bit key length (half of regular AES), it
could take roughly 264 possible combinations to crack the code. To roughly estimate, it
can be guessed that the code can be cracked in roughly half the amount of
combinations. So if the computer was to carry out one encryption operation every one
millisecond, it would take about 292 million years to find the correct value! A 128-bit
encryption literally means a 128 bit code, or a string corresponding to 16 bytes. An
example of this can be (“FEDCBA98765432100123456789ABCDEF”). Most, who try to
crack these codes, do not do it by trying every single combination, because it is
obviously not useful. The only way to break into the code is to have some sort of
familiarity with the actual individual who derived the key, or find a loop in the original
algorithm. Some of these ways could be listening into their typing keystrokes using a
keystroke logger or perhaps finding something in the memory of the computer.
Algorithm:
The actual formula for encrypting with AES is quite confusing, and requires a great deal
of knowledge in mathematics. It is very efficient in its 128 bit encryption, and uses
several methods for complete unpredictability. The general formula for one round of
encrypting is as follows:
With multiple rounds of encryption, substitution of the same formulae is required to
derive a new formula. As an example, the third round of encryption in AES, goes through
the following formula:
6
SECURE HASH ALGORITHM (SHA-1):
SHA-1 is a cryptographic hash algorithm first published in 1993 by the National Security
Agency. It produces a constant 160-bit encrypted code for any message up to 264 bits.
The algorithm is confusing, but the basic concept works by breaking up the input into
blocks. Each of those blocks, are then broken up into even smaller blocks. This happens
4 times. Then all these blocks are hashed into the encrypted code. Hash cryptography
works a little differently then the other algorithms explained above.
Hash Cryptography:
In Hash cryptography, the encrypted output that is received is always of the same
length. Any number of bits can be entered in as the original message, but the encrypted
one will always be a certain specified length. If you were to take a hash function as a
function H, then any H(m) must equal to a certain constant h. Also, you must be able to
find an H(x) = h, to be able to decrypt the message. In order for this to occur, H(x) must
be unique, and no collisions should occur. If H(x) were to equal some H(y), then finding
H(x) is computationally infeasible, and the message cannot be decrypted.
Example: (http://pajhome.org.uk/crypt/md5/)
This is what you would see if you intercepted a message saying “Grade 12 Computer
Engineering”, encrypted by SHA-1:
ff1a961b56ab35cad80991913e9dbe984de956ec (40 characters)
Since this is hash cryptography, if “Grade 12 University/College Computer Engineering”,
was encrypted by SHA-1, you would see:
6adcff8341ad7d8dbda9a7f02af177d64d65bce9 (40 characters)
It can be seen that regardless of the size of the input, the output stays at a constant
string length of 160 bits. This is very useful, because due to the constant output size, it
7
is even more difficult for someone to get the slightest idea about the initial message.
This way, no patterns can be found about the length of the original message.
CONCLUSION
These are just few of the many algorithms that are being used today to defend privacy in
the widely connected computer world. This practice requires a great deal of knowledge
not only in computer science but also in mathematics. Being able to scramble numbers
into a logical yet unpredictable format is a very difficult task. On top of that, the mess that
is created by encrypting also needs to be cleaned up by decrypting. It is certainly a
tough practice, and cryptographers are continuing to find new and improved ways to
encrypt data. Hash technology is the modern style of cryptography, and is also very
proficient. With hackers gaining more and more knowledge about computer science, it
becomes very difficult to make any message 100% private for ever; but for a various
periods of time, algorithms are created to generate an unbreakable barrier between
Person A/B and Person C.
Total words: 1796
8
BIBLIOGRAPHY
1. http://www.di-mgt.com.au/cryptokeys.html
2. http://www.garykessler.net/library/crypto.html\
3. http://en.wikipedia.org/wiki/AES
4. http://en.wikipedia.org/wiki/RSA
5. http://en.wikipedia.org/wiki/SHA-1
6. http://pajhome.org.uk/crypt/index.html
7. http://pajhome.org.uk/crypt/md5/
8. http://www.x5.net/faqs/crypto/q94.html
9
```