A Review Paper on Cryptography

Abstract

Data security ensures that our data is only accessible by the intended receiver and prevents any
modification or alteration of data. In order to achieve this level of security, various algorithms
and methods have been developed.

Introduction

Cryptography - Techniques that cipher data, depending on specific algorithms that make the
data unreadable to the human eye unless decrypted by algorithms that are predefined by the
sender.

Cryptography is a technique to achieve confidentiality of messages. The term has a specific

meaning in Greek: “secret writing”.

Literature Review

Anjula Gupta et al. [1] Cryptography ensures:

i. Identification
ii. Availability
iii. Integrity
iv. Authentication
v. Confidentiality of users and their data by providing security and privacy.

Callas, J. [2] Observed that the future of cryptography relies on:

i. How society uses cryptography which depends on:

a. regulations,
b. current laws,
c. customs
d. what society expects it to achieve.
ii. Management system generating strong keys to ensure that only the right people
with the right keys can gain access, while others without the keys cannot.

1|Page
James L.Massey [3] pointed out that there are two goals that cryptography aims to achieve:
authenticity and/or secrecy.

Schneier [4] concluded that secrecy of security as a good thing is a myth and that it is not good
for security to be secret, as security completely relying on secrecy can be fragile. If that secrecy
was lost, regaining it would be impossible.

Chachapara, K. et al. [5] examined secure sharing with cryptography in cloud computing and
demonstrated a framework that makes use of cryptography algorithms like RSA and AES, with
AES been the most secure algorithm in cryptography.

CRYPTOGRAPHY CONCEPT

The basic concept of a cryptographic system is to cipher information or data in order to achieve
confidentiality of the information in a way that an unauthorized person would be unable to derive
its meaning.

Two of the most common uses of cryptography:

i. Using it to transmit data through an insecure channel, such as the internet

ii. Ensuring that unauthorized people do not understand what they are looking at in a
scenario in which they have accessed the information.

In cryptography, the concealed information is usually termed “plaintext”, and the process
of disguising the plaintext is defined as “encryption”; the encrypted plaintext is known as
“ciphertext”.

Process of Encryption

2|Page
 This process is achieved by a number of rules known as “encryption algorithms”.
Usually, the encryption process relies on an “encryption key”, which is then give to the
encryption algorithm as input along with the information.

Using a “decryption algorithm”, the receiving side can retrieve the information using the
appropriate “decryption key”.

HISTORICAL ALGORITHMS

i. Caesar Cipher

This is one of the oldest and earliest examples of cryptography, invented by Julius Caesar,
the emperor of Rome, during the Gallic Wars.

In this type of algorithm, the letters A through W are encrypted by being represented with the
letters that come three places ahead of each letter in the alphabet, while the remaining letters
A, B, and C are represented by X, Y, and Z.

This means that a “shift” of 3 is used, although by using any of the numbers between 1 and
25 we could obtain a similar effect on the encrypted text.

Therefore, nowadays, a shift is often regarded as a Caesar Cipher.

ii. Simple Substitution Ciphers

Example is Simple Substitutions Cipher, also known as Monoalphabetic Cipher.

3|Page
In a Simple Substitution Cipher, we take the alphabet letters and place them in random order
under the alphabet written correctly, as seen here:

In the encryption and decryption, the same key is used.

The rule of encryption here is that “each letter gets replaced by the letter beneath it”, and the rule
of decryption would be the opposite. For instance, the corresponding ciphertext for the plaintext
CAN is QDN.

iii. Transposition Ciphers

Transposition can be defined as the alteration of the letters in the plaintext through rules and a
specific key.

A columnar transposition cipher can be considered as one of the simplest types of transposition
cipher and has two forms: the first is called “complete columnar transposition”, while the second
is “incomplete columnar”.

Regardless of which form is used, a rectangle shape is utilized to represent the written plaintext
horizontally, and its width should correspond to the length of the key being used.

There can be as many rows as necessary to write the message. When complete columnar
transposition is used, the plaintext is written, and all empty columns are filled with null so that
each column has the same length.

For example:

The cipher text is then derived from the columns depending on the key. In this example, if we
used the key “321654”, the cipher text is going to be:
4|Page
 cvdng eiaii sdncn donox nsatt oivgh

However, when it comes to an incomplete columnar transposition cipher, the columns are not
required to be completed, so the null characters are left out.

This results in columns of different lengths, which can cause the ciphertext to be more difficult
to decipher without the key.

MODERN ALGORITHMS

i. Stream ciphers

Stream ciphers operate on pseudorandom bits generated from the key, and the plaintext is
encrypted by XORing both the plaintext and the pseudorandom bits.

Stream ciphers were sometimes avoided in the past, as they were more likely than block ciphers
to be broken.

Nowadays, however, after years of developing designs, the stream cipher has become more
secure and can be trusted and relied on to be used in connections, Bluetooth, communications,
mobile 4G, TLS connections, and so on.

In a stream cipher, each bit is encrypted individually.

There are two types of stream ciphers:

a. the first is the synchronous stream cipher, in which the key stream relies on the key;
b. the asynchronous cipher, though, the ciphertext is dependent on the key stream.

In Figure 3, we have a dotted line. If it was present, the stream cipher would be asynchronous;
otherwise it would be synchronous.

5|Page
The cipher feedback (CFB) would be an example of an asynchronous cipher.

ii. Block ciphers:

This type of cipher consists of both an algorithm for encryption and an algorithm for decryption:

• A key (K) is given to the encryption algorithm (E) and a block of plaintext (P), of which
C is the product that consists of a ciphertext block. The encryption operation can be
expressed as: C = E (K, P).

• As for the decryption algorithm (D), this is the inverse of the previous operation in
which the ciphertext is decrypted for the plaintext, P. It can be written as: P =D (K, C).

A pseudorandom permutation (PRP) is used in order to make the block cipher more secure.

This means that if the key is kept secret, an attacker will not be able to decrypt the block cipher
and compute the output from any input.

This is as long as the secrecy of K and its randomness is assured from the attacker’s view.

6|Page
In a general form, this means that the attacker would not have the ability to find any pattern in
the values that are either input to or output from the block cipher.

In a block cipher, two values are generally referred to: the size of the block and the size of the
key. The security relies on the value of both.

Many block ciphers use a 64-bit block or a 128-bit block.

As it is crucial that the blocks are not too large, the memory footprint and the ciphertext length
are small in size.

Regarding the ciphertext length, blocks instead of bits are processed in a block cipher. That is, if
we wanted to encrypt a 16-bit message and the blocks with 128-bit blocks, we first need to the
message to be converted to 128-bit blocks; only if this condition is met will the block cipher start
processing and output a 128-bit ciphertext.

When it comes to a memory footprint, we need a memory of at least a 128-bit size in order to
work and process a 128-bit block.

The register of most CPUs is small enough to fit. Otherwise, dedicated hardware circuits can be
used for this to be implemented.

A 68 bits, 128 bits and even blocks with a size of 512 bits are still short enough in most cases for
efficient implementation.

However, as the blocks get larger, (i.e. kilobytes long), the cost and performance of the
implementation can be noticeably impacted.

iii. Hash functions:

Previously known as pseudo random functions (PRF), they work by mapping an arbitrarily-sized
input for a fixed-size output in a process called compression. This mapping that is non-invertible.

A hash function must align with two properties in order to be useful:

• The first property is that it must be one-way.

• The second property is that it must be collision-resistant.

7|Page
Implying one-way output of a hash function can be considered as an important characteristic of it
as well as being collision resistant, in which for another input to be found that generates the same
output (known as collision) would be nontrivial.

Two forms of collision resistance can be introduced:

a. Preimage collision resistance: this form of hash function operates on an output

Y, which is given by finding another input M in such a way that the hash of M
is the same as Y, nontrivially.

b. Second preimage collision resistance: this the second form of hash function in
which two messages are given (M1 and another, M2 that is chosen randomly)
in which the match would be nontrivial.

iv. Public key systems:

During the 70s and 80s, general cryptography and encryption were solely limited to the military
and intelligence fields. It was only through public key systems and techniques that cryptography
spread into other areas.

8|Page
Public key encryption gives us the ability to establish communication without depending on
private channels, as the public key can be publicized without ever worrying about it.

A summary of the public key and its features follows:

i. With the use of public key encryption, key distribution is allowed on public channels
in which the system’s initial deployment can be potentially simplified, easing the
system’s maintenance when parties join or leave.
ii. Public key encryption limits the need to store many secret keys.
 Even in a case in which all parties want the ability to establish secure
communication, each party can use a secure fashion to store their own private
key.
 The public keys of other parties can be stored in a non-secure fashion or can be
obtained when needed.
iii. In the case of open environments, public key cryptography is more suitable,
especially when parties that have never interacted previously want to
 communicate securely and interact. For example, a merchant may have the ability
to reveal their public key online, and anyone who wants to purchase something
can access the public key of the merchant as necessary when they want their
credit card information encrypted.

DIGITAL SIGNATURES

Unlike cryptography, digital signatures did not exist before the invention of computers.

As computer communications were introduced, the need arose for digital signatures to be
discussed, especially in the business environments where multiple parties take place and each
must commit to keeping their declarations and/or proposals.

Therefore, in a situation where the sender and receiver do not completely trust each other,
authentication alone cannot fill the gap between them. Something more is required, i.e. the
digital signature, in a way similar to the handwritten signature.

Digital Signature Requirements:

9|Page
 - The requirements for an unforgeable signature schema would be:
 Each user should have the ability to generate their own signature on any selected
document they chose.
 Each user should have the ability to efficiently verify whether or not a given
string is the signature of another particular user.
 No one should have the ability to generate signatures on documents that the
original owner did not sign.

Digital Signature Principles:

As for generating digital signatures, public-key cryptography is applied, in which the basic idea
is that the individual who signs a document or message uses a private key (called private-key),
while the individual receiving the message or document must use the matching public-key.

The principle of the digital signature scheme is demonstrated in Figure 7.

 This process starts with the signer, who signs the message x. The algorithm used
in the signing process is a function that belongs to the signer’s private key (kpr),
assuming that the signer will keep the private key secret.
 Thus, a relation can be created between the message x and the signature
algorithm; the message x is also given to the signature algorithm as an input.
 After the message has been signed, the signature s is attached to the message x,
and they are sent to the receiver in the pair of (x, s).

10 | P a g e
  The digital signature itself has an integer value that is quite large, e.g. a string
with 2048 bits. In order for the signature to be verified, a verification function is
needed in which both the message x and the signature s are given as inputs to the
function.
 The function will require a public key in order to link the signature to the sender
who signed it, and the output of the verification function would be either “true” or
“false”.
 The output would be true in a case in which the message x was signed through the
private key that is linked with the other key, i.e. the public verification key.
Otherwise, the output of the verification function would be false.

11 | P a g e
Difference between Digital Signature and Message Authentication:

- Message authentication can be said to be similar to digital signature, in a way, but the
difference between them is that in message authentication, it is required that only the
second party verify the message. No third party can be involved to verify the message’s
validity and whether it was generated by the real sender or not.
- In digital signature, however, third parties have the ability to check the signature’s
validity. Therefore, digital signatures have created a solution for message authentication

CONCLUSION

- Cryptography plays a vital and critical role in achieving the primary aims of security
goals, such as authentication, integrity, confidentiality, and no-repudiation.
- Cryptographic algorithms are developed in order to achieve these goals.
- Cryptography has the important purpose of providing reliable, strong, and robust network
and data security.
-

REFERENCES

[1] N. Sharma , Prabhjot and H. Kaur, "A Review of Information Security using Cryptography
Technique," International Journal of Advanced Research in Computer Science, vol. 8, no.
Special Issue, pp. 323-326, 2017.

[2] B. Preneel, Understanding Cryptography: A Textbook for Students and Practitioners,

London: Springer, 2010.

[3] J. Katz and Y. Lindell, lntroduct:ion t:o Modern Cryptography,London: Taylor & Francis
Group, LLC , 2008.

[4] S. J. Lincke and A. Hollan, "Network Security: Focus on Security, Skills, and Stability," in
37th ASEE/IEEE Frontiers in Education Conference, Milwaukee, 2007.

[5] O. O. Khalifa, M. R. Islam, S. Khan and M. S. Shebani,"Communications cryptography," in

RF and Microwave Conference, 2004. RFM 2004. Proceedings, Selangor, 2004.

12 | P a g e
EXTRA NOTES

- When using algorithms in cryptography, we generally have two inputs for encryption and
two inputs for decryption:
 The encryption process will take the plaintext message (P) along with an
encryption key (K) and then run the plaintext through encryption algorithms,
which will return ciphertext (C).
 On the decryption side, the ciphertext (C) will be supplied along with the
encryption key (K), which will produce the plaintext (P) message.

Kerberos

- Is an authentication and access control service for workstation clustering.

- Its design goals include:
 Security
 Reliability
 Transparency
 scalability.
- Assume that Alice wants to access one or more different services that are provided by
different servers: Server 1, Server 2, etc.
- Each server is connected over an insecure network. The Kerberos protocol will handle the
authentication, access control, and key exchange:
- Authentication: Alice will authenticate to an authentication server, which will provide a
temporary permit to demand access for services. The permit is called a Ticket-Granting
ticket (TicketTGS); the ticket can be thought of like a temporary passport.
- Access Control: Alice is able to present her ticket (TicketTGS) to a Ticket Granting Server
(TGS) to obtain access for a service provided by a specific server; in this example, we
will call it Server 1. The TGS decides if the access will be permitted and answers Alice
with a ticket for Server 1, TicketS1.
- Key Exchange: The authentication server provides a session key for communication
between Alice and the TGS; the TGS will provide a session key for communication

13 | P a g e
 between Alice and Server 1. The session key also serves Alice for authentication
purposes.
- Alice begins the process by logging in to her workstation and requests access to a service.
 The first message is sent to the authentication server AS, containing her name, the
name of the appropriate Ticket Granting Server TGS, and a timestamp tA:

- The authentication server verifies that Alice may authenticate to access services,
generates the key KA out of Alice’s password (which is known to the AS), extracts the
workstation address AddrA from the request, creates a Ticket Granting Ticket TicketTGS
and a session key KA, TGS, and sends the following message to Alice:

- Once the workstation receives the message, it will ask Alice to type in her password. The
workstation will compute the key KA and use this key to decrypt the message.
 If Alice does not provide her correct password, the extracted values will be
garbage and the rest of the protocol will fail.
- Alice creates an authenticator and sends it together with the Ticket Granting Ticket and
the name of the server to TGS:

- Once the TGS receives the message, it will decrypt TicketTGS, extract the key KA, TGS from
the message, and use the key to decrypt AuthenticatorA, TGS.
 If the name, ticket, and address of the authenticator matches, the TGS will ensure
the timestamp is still valid, check if Alice may access the service S1, and create
the following message:

- Alice decrypts the message and holds a session key for secure communication between
her and S1. She sends a message to S1 to show her ticket and a new authenticator:

14 | P a g e
 - Once the ticket from Alice is received by Server 1, the server decrypts the ticket with the
key KTGS, S1 and shares with TGS the session key KA, S1 for secure communication with
A. Using the obtained key, the S1 checks the authenticator and responds to A:

- Alice is able to verify that she is communicating with S1 and only S1 and the TGS knows
the key KTGS, S1 to decrypt TicketS1, which contains the session key KA, S1 and so only S1 is
able to decrypt AuthenticatorA, S1 and to answer with
t``A+1 encrypted with KA, S1.
Public-Key Certificates
- Public-key certificates essentially act as a passport that certifies that a public-key belongs
to a specific name or organization.
 Certificates are issued by certificate authorities, more commonly known as CAs.
- One of the properties of using public-key certificates is that they allow all users to know
without question that the public-key of the CA can be checked by each user.

Understanding Cryptanalysis

- Cryptanalysis is the study of restoring an encrypted message back to plaintext.

 Cryptanalysis is a critical aspect of cryptography as it helps ensure that current
cryptography schemes are secure.
i. Brute-Force Attack
- In a brute-force attack, the advisory attempts to decrypt the ciphertext by using every
possible key.
 If the key is small enough, a brute-force attack can be successful in a matter of
minutes.
ii. Side-Channel Attacks
- A side-channel attack is performed when the advisory has awareness of the physical
implementation of the code to leak information.
 This could be done by observing the power usage of the CPU during the
encryption or decryption process, or examining the amount of shared memory
consumption of processes in virtual machines that are encrypting or decrypting
messages.

15 | P a g e
 iii. Social Engineering

It

- Relies on exploiting people with human interactions and often involves tricking people
into breaking normal security procedures.
 Some common social engineering attacks include phishing, pretexting, baiting,
quid pro quo, tailgating, or shoulder surfing.
iv. Analytical Attacks
- Analytical attacks in cryptography are attacks against the underlying encryption scheme
to find weaknesses that can be exploited.
v. Frequency Analysis
- Frequency analysis is the study of the frequency with which letters or groups of letters
appear in ciphertext.
- In examining the English language, the most common letters are E, T, A, and O. In
addition to examining single letters, we also examine common pairs of letters, which are
referred to as digraphs.
- Examples of digraphs in the English language include TH, ER, ON, and AN.
- There are also letters that are often repeated, which include SS, EE, TT, and FF.

16 | P a g e