Access Control in Cryptography

Access control ensures only authorized users, processes, or systems access specific resources. In
cryptography, it uses encryption, authentication, and authorization to protect sensitive data.

Key Components:

●​ Authentication: Verifies user identity (e.g., passwords, biometrics).

●​ Authorization: Grants/denies permissions (e.g., role-based control).
●​ Auditing & Monitoring: Tracks access logs for detecting unauthorized actions.
●​ Cryptographic Mechanisms: Uses encryption, digital signatures, and key management for
security.

Types of Access Control:

●​ Discretionary (DAC): Users control permissions (e.g., Unix file permissions).

●​ Mandatory (MAC): Based on security labels (e.g., military classifications).
●​ Role-Based (RBAC): Access depends on organizational roles.
●​ Attribute-Based (ABAC): Uses attributes like time, location for access decisions.

Relation Between
Access Control and Availability

●​ Both are components of the CIA Triad (Confidentiality, Integrity, Availability) in cybersecurity
and cryptography.
●​ Access Control ensures confidentiality by restricting unauthorized access to data.
●​ Availability ensures that authorized users have uninterrupted access to data and
cryptographic services.
●​ Balance Needed: Excessive access control (e.g., strict authentication) may reduce
availability, causing access difficulties.

Active Attacks in Network Security

Active attacks involve modifying, intercepting, or manipulating data during transmission, unlike
passive attacks that only eavesdrop. They can disrupt communication, alter data integrity, or
enable impersonation.

Types of Active Attacks:

1.​ Masquerade Attack: An attacker impersonates a legitimate user by stealing credentials or

cryptographic keys. Example: Session hijacking using stolen digital certificates. Countermeasures
include digital signatures, multifactor authentication, and challenge-response protocols.
2.​ Modification Attack: The attacker alters data in transit, such as modifying transaction
requests. Example: Changing "Transfer $100" to "Transfer $10,000." Countermeasures involve
hash functions (SHA-256), MACs, and digital signatures.
3.​ Replay Attack: This attack reuses captured valid messages to deceive systems. Example:
Replaying login requests for unauthorized access. Timestamps, nonces, and session tokens can
mitigate such attacks.
4.​ Man-in-the-Middle (MITM) Attack: The attacker intercepts and alters communication
between two parties. Example: Manipulating SSL/TLS connections. Countermeasures include
end-to-end encryption, PKI, and certificate pinning.
5.​ Denial-of-Service (DoS) Attack: An attacker floods a network with excessive traffic to
disrupt operations. Example: Overloading web servers with fake requests. Countermeasures
include rate limiting, CAPTCHA, and proof-of-work protocols.
6.​ Distributed Denial-of-Service (DDoS) Attack: A large-scale DoS using multiple
compromised devices (botnets). Example: Disrupting cryptocurrency exchanges with massive
traffic. Countermeasures involve blockchain security, decentralized authentication, and anomaly
detection.
7.​ Session Hijacking: The attacker takes control of an active user session. Example: Using
stolen session tokens for impersonation. HTTPS, secure session management, and token
expiration are effective countermeasures.
8.​ Injection Attacks: The attacker inserts malicious code to execute unauthorized commands.
Example: SQL Injection, Cross-Site Scripting (XSS). Mitigation strategies include input validation
and cryptographic hashing of inputs.

Diffie-Hellman Key Exchange Algorithm

The Diffie-Hellman (DH) key exchange is a cryptographic protocol that allows two parties to
securely establish a shared secret key over an insecure channel without prior knowledge of each
other. This shared key can be used for symmetric encryption.

Algorithm Steps:

1.​ Public Parameters Selection: Choose a large prime number ppp and a primitive root ggg of
ppp.
2.​ Key Generation:
○​ Alice selects a private key aaa and computes her public key A=gamod pA = g^a \mod
pA=gamodp.
○​ Bob selects a private key bbb and computes his public key B=gbmod pB = g^b \mod
pB=gbmodp.
3.​ Public Key Exchange: Alice and Bob exchange their public keys AAA and BBB over the
insecure channel.
4.​ Shared Secret Computation:
○​ Alice computes S=Bamod p=gabmod pS = B^a \mod p = g^{ab} \mod
pS=Bamodp=gabmodp.
○​ Bob computes S=Abmod p=gabmod pS = A^b \mod p = g^{ab} \mod
pS=Abmodp=gabmodp.

Since exponentiation is commutative, both derive the same shared secret SSS, used for
encryption.

Limitations:

●​ No Authentication: Vulnerable to Man-in-the-Middle (MITM) attacks as it does not

authenticate parties.
●​ Computational Overhead: Requires large primes (e.g., 2048-bit) for security, increasing
computational demands.
●​ No Support for Encryption: Only establishes a shared key; requires a symmetric cipher like
AES for encryption.
●​ Static Key Vulnerability: Reusing private keys increases cryptanalysis risks.
●​ Logjam Attack Susceptibility: Weak parameters enable precomputed attacks using
number field sieve techniques.
●​ Quantum Computing Threat: Shor’s algorithm can break DH; post-quantum cryptography
(e.g., lattice-based methods) is needed.

Key Reuse in Triple DES (3DES)

Triple DES (3DES) is a symmetric encryption algorithm that enhances the original DES by applying
it three times to each data block. It uses three different keying options with varying security levels.
3DES can reuse keys in certain modes, affecting its overall security.

Keying Options in Triple DES:

1.​ 3-Key Triple DES (3TDEA): Uses three independent 56-bit keys (K1,K2,K3K_1, K_2,
K_3K1​,K2​,K3​), providing the highest security with a 168-bit key space.
2.​ 2-Key Triple DES (2TDEA): Uses two keys (K1=K3K_1 = K_3K1​=K3​) but K2K_2K2​is
different, providing moderate security (112-bit key space). Vulnerable to Meet-in-the-Middle (MitM)
attacks.
3.​ 1-Key Triple DES: All keys are the same (K1=K2=K3K_1 = K_2 = K_3K1​=K2​=K3​), reducing
security to the same level as single DES, with a 56-bit key space. This is considered weak and not
recommended.
How Key Reuse Works in 3DES:

1.​ 2-Key Triple DES: The same key K1K_1K1​is used for both the first and third encryption
steps, reducing the effective key strength to 112 bits:​
C=EK1(DK2(EK1(P)))C = E_{K_1} ( D_{K_2} ( E_{K_1} (P) ) )C=EK1​​(DK2​​(EK1​​(P)))
2.​ 1-Key Triple DES: All three keys are the same, effectively making 3DES equivalent to DES:​
C=EK1(DK1(EK1(P)))C = E_{K_1} ( D_{K_1} ( E_{K_1} (P) ) )C=EK1​​(DK1​​(EK1​​(P)))​
This provides no additional security, making it as vulnerable as single DES.

Security Implications:

●​ 2-Key Triple DES: Reduced to 112 bits of effective security, vulnerable to MitM attacks.
●​ 1-Key Triple DES: Equivalent to DES with a 56-bit key, susceptible to brute-force attacks.
●​ 3-Key Triple DES: Offers 168-bit security, but is now deprecated due to quantum threats.

Current Status:

●​ Deprecation: NIST deprecated 3DES in 2023, recommending AES as a more secure

alternative.

RSA Algorithm: Explanation and Example (5 Marks)

What is RSA?​
RSA (Rivest-Shamir-Adleman) is an asymmetric cryptographic algorithm used for secure key
exchange, encryption, and digital signatures. It ensures confidentiality and authenticity by
leveraging the difficulty of factoring large prime numbers.

Key Components and Steps:

1.​ Key Generation:

○​ Select two large prime numbers, ppp and qqq.
○​ Compute n=p×qn = p \times qn=p×q and Euler’s Totient Function ϕ(n)=(p−1)(q−1)\phi(n) = (p
- 1)(q - 1)ϕ(n)=(p−1)(q−1).
○​ Choose a public exponent eee coprime with ϕ(n)\phi(n)ϕ(n).
○​ Compute the private exponent ddd, such that d×e≡1 (mod ϕ(n))d \times e \equiv 1 \
(\text{mod} \ \phi(n))d×e≡1 (mod ϕ(n)).
○​ Public key: (e,n)(e, n)(e,n), Private key: (d,n)(d, n)(d,n).
2.​ Encryption:
○​ Given a message MMM, the ciphertext CCC is calculated as C=Me (mod n)C = M^e \
(\text{mod} \ n)C=Me (mod n).
3.​ Decryption:
○​ To decrypt, use the private key (d,n)(d, n)(d,n), with the formula M=Cd (mod n)M = C^d \
(\text{mod} \ n)M=Cd (mod n).

Example:
●​ Choose p=3p = 3p=3, q=11q = 11q=11, n=33n = 33n=33, and ϕ(n)=20\phi(n) = 20ϕ(n)=20.
●​ Choose e=7e = 7e=7, and compute d=3d = 3d=3.
●​ Public Key: (7,33)(7, 33)(7,33), Private Key: (3,33)(3, 33)(3,33).
●​ Encrypt message M=4M = 4M=4: C=47 (mod 33)=16C = 4^7 \ (\text{mod} \ 33) = 16C=47
(mod 33)=16.
●​ Decrypt ciphertext C=16C = 16C=16: M=163 (mod 33)=4M = 16^3 \ (\text{mod} \ 33) =
4M=163 (mod 33)=4.

Limitations:

●​ Slow Performance: RSA is computationally heavy for large data encryption.

●​ Large Key Size: Requires large key sizes (2048-bit or more) for strong security.
●​ Quantum Vulnerability: RSA is threatened by quantum algorithms like Shor’s Algorithm.

Digital Signature: Definition and Importance in Security (5 Marks)

What is a Digital Signature?​

A digital signature is a cryptographic technique that ensures the authenticity, integrity, and
non-repudiation of digital messages or documents. Unlike handwritten signatures, it uses
mathematical algorithms for enhanced security, relying on asymmetric encryption with a private
key for signing and a public key for verification.

How It Works:

1.​ Hashing:​
The message is processed through a hash function (e.g., SHA-256) to produce a fixed-size hash.
Any change in the message results in a different hash.
2.​ Signing:​
The hash is encrypted using the sender’s private key, creating the digital signature.
3.​ Verification:​
The recipient decrypts the signature using the sender’s public key and hashes the original
message again. If the hashes match, the signature is valid.

Importance for Security:Authentication: Confirms the sender’s identity.Integrity: Ensures the

message was not altered.Non-Repudiation: Prevents the sender from denying the signature.

Use Cases:Secure Emails: Used in PGP and S/MIME.Software Code Signing: Verifies
authenticity of software.Blockchain Transactions: Provides ownership proof.Legal/Financial
Documents: Secures contracts and banking transactions.SSL/TLS Certificates: Verifies website
authenticity.

Discuss the different kinds of attacks on digital signatures.

There are several types of attacks that can target digital signatures. These attacks aim to
compromise the authenticity, integrity, or non-repudiation of a signed message. Here are the key
types of attacks:
1.​ Forgery Attack: In this type of attack, an attacker tries to create a fraudulent digital
signature. If the signature scheme is weak, attackers may generate a valid signature for a
message without the private key. Forgery is possible if the attacker can exploit weaknesses in the
cryptographic algorithm or the signature generation process.
2.​ Replay Attack: A replay attack occurs when an attacker intercepts a signed message and
replays it to the recipient, pretending it is a new message. Although the signature is valid, the
attacker does not alter the message, but instead tries to deceive the recipient into believing it is a
fresh communication. To mitigate this, timestamps and nonces are often used to make each
signature unique.
3.​ Collision Attack: A collision attack involves finding two different messages that result in the
same hash value. If an attacker can find such a collision in the hash function used for the digital
signature, they could create two different messages with identical signatures. This could cause a
valid signature to be used for a message other than the one intended. A strong hash function like
SHA-256 helps prevent such attacks.
4.​ Key Substitution Attack: In this type of attack, an attacker manages to replace the public
key of a legitimate signer with a counterfeit key, thus redirecting verification to their own public key.
This would allow them to forge signatures that appear valid to the recipient. Public key
infrastructures (PKIs) and certificate authorities (CAs) are used to prevent this by ensuring proper
public key validation.
5.​ Man-in-the-Middle (MITM) Attack: In a MITM attack, an attacker intercepts and alters the
communication between the sender and the receiver. The attacker could change the signed
message or replace the public key used for signature verification. Though this attack can be
mitigated using encryption for the entire communication and verifying the integrity of the signature
with a trusted third party, it remains a significant risk.

Write down limitations of Caesar Cipher Technique. How can we overcome it?

The Caesar Cipher is a substitution cipher where each letter in the plaintext is shifted by a certain
number of positions down or up the alphabet. While it is simple and easy to use, it has several
limitations:

1.​ Weak Security:

○​ Limitation: The Caesar Cipher has a limited number of possible shifts (only 25 distinct
keys), which makes it vulnerable to brute-force attacks. A simple frequency analysis can also
easily break it since the same shift is applied to all letters.
○​ Overcome: To enhance security, use more complex encryption techniques like the Vigenère
cipher, which uses a series of Caesar shifts based on a keyword, offering a larger key space.
2.​ Predictability:
○​ Limitation: The predictable pattern of shifting letters makes it vulnerable to cryptanalysis,
especially if the language of the message is known. Certain letters like "e", "t", "a", and "o" are
more frequent in English, which helps attackers break the cipher easily.
○​ Overcome: Use a polyalphabetic cipher (e.g., Vigenère or Playfair) where different cipher
alphabets are used for different letters, making it harder to perform frequency analysis.
3.​ Fixed Key Size:
○​ Limitation: The Caesar cipher uses a fixed shift for all letters, making it easy to decipher if
an attacker knows the pattern or has enough plaintext-ciphertext pairs.
○​ Overcome: Using dynamic key generation or incorporating longer, random keys (like in
modern encryption techniques such as AES) increases security.
4.​ Vulnerability to Known-plaintext Attacks:
○​ Limitation: If part of the plaintext is already known, an attacker can easily derive the cipher's
key by comparing the plaintext with the ciphertext.
○​ Overcome: To counter this, modern cryptographic systems use asymmetric encryption (e.g.,
RSA) and more complex symmetric encryption algorithms that require much larger keys and are
resistant to such attacks.
5.​ Limited Alphabet:
○​ Limitation: The Caesar cipher only works effectively with a fixed alphabet (usually 26
letters), which limits its versatility. It does not handle numbers, symbols, or different character sets
well.
○​ Overcome: To expand its use, modern ciphers like AES and RSA are designed to handle a
variety of data types, including special characters, numbers, and multi-byte encodings, making
them far more flexible.

Transform the plain text "UNIVERSITY" into cipher text using Modified Caesar Cipher
Technique

To transform the plaintext "UNIVERSITY" into ciphertext using the Modified Caesar Cipher
technique, let's assume a simple variation of the Caesar Cipher where a shift key is chosen (e.g.,
shifting by 3 positions). The Modified Caesar Cipher works by shifting each letter in the plaintext by
a certain number of positions in the alphabet.

Here’s the process for transforming "UNIVERSITY" with a shift key of 3:

Steps:
Write the alphabet for reference:​
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Shift each letter of the plaintext by 3 positions forward:

U → X,N → Q,I → L,V → Y,E → H,R → U,S → V,I → ,T → W,Y → B,

Ciphertext: The transformed ciphertext is "XQLYHUVWLB".

So, the plaintext "UNIVERSITY" is encrypted to "XQLYHUVWLB" using the Modified Caesar
Cipher with a shift of 3.

This is a simple example, and the "Modified" version of the Caesar Cipher could involve varying
the shift for each letter or using a more complex mechanism (e.g., a keyword), depending on the
specific modification used.
Explain continuous encryption principle

ChatGPT said:

The continuous encryption principle is a concept in cryptography where data is encrypted and
decrypted continuously throughout its lifecycle, ensuring that the data remains protected at all
times. This principle aims to provide real-time security for sensitive information while minimizing
the potential for unauthorized access.

Key Points of Continuous Encryption Principle:

1.​ Real-Time Encryption: Data is encrypted as soon as it is created or received, ensuring it is

always protected while in transit or at rest.
2.​ Continuous Decryption: For authorized users, the data is continuously decrypted as it is
accessed, ensuring that only legitimate parties can interact with the information in its original form.
3.​ Dynamic Encryption and Decryption: Unlike traditional encryption methods where data is
encrypted in blocks or at certain intervals, continuous encryption ensures that every piece of data
is constantly encrypted, providing a seamless and consistent security model.
4.​ Minimal Interruption: Continuous encryption often operates in the background without
disrupting normal operations, providing security without hindering the performance of systems.
5.​ End-to-End Protection: From the time data is generated or received, to the time it is
accessed by an authorized user, continuous encryption ensures end-to-end security. This can be
particularly important in environments like cloud storage or messaging apps.
6.​ Real-Time Key Management: Continuous encryption requires effective key management
strategies to ensure that encryption keys are securely distributed and rotated in real-time.
7.​ Application Areas: It is widely used in areas such as secure communication channels (e.g.,
VPNs), cloud computing, online banking, and file storage systems where data confidentiality must
be maintained at all times.

explain secure socket layer for 5 marks

ChatGPT said:

Secure Socket Layer (SSL) is a cryptographic protocol designed to provide secure

communication over the internet. It ensures the confidentiality, integrity, and authenticity of data
exchanged between a client (like a web browser) and a server (like a web server). SSL has been
largely replaced by Transport Layer Security (TLS), but the term SSL is still commonly used.

Key Points:

1.​ Encryption: SSL encrypts data to make it unreadable to unauthorized third parties, ensuring
that sensitive information (e.g., passwords, credit card numbers) remains private.
2.​ Authentication: SSL uses digital certificates to authenticate the server to the client, ensuring
the client is connecting to the correct server. These certificates are issued by trusted Certificate
Authorities (CAs).
3.​ Integrity: SSL ensures data integrity by using message authentication codes (MACs),
preventing tampering of the data during transmission.
4.​ SSL Handshake: During the SSL handshake, the client and server agree on encryption
algorithms and generate session keys to securely encrypt the data being transferred.
5.​ Secure Communication: Once the session is established, SSL allows secure data
exchange, maintaining privacy and trust between parties, and providing protection from attacks like
man-in-the-middle.

SSL is essential for secure online transactions, ensuring privacy and security on websites that use
HTTPS.

explain secure hashing algorithm for 5 marks

ChatGPT said:

Secure Hashing Algorithm (SHA) is a family of cryptographic hash functions designed to provide
a secure method for generating a fixed-size output (hash) from an input of arbitrary size. SHA is
primarily used for ensuring data integrity, authentication, and digital signatures.

Key Points:

1.​ Hash Function: SHA takes an input (message) and produces a fixed-size string of
characters, typically represented as a hexadecimal value. This hash is unique to the input data.
2.​ Data Integrity: It ensures data integrity by producing a unique hash value for a given input.
Even a small change in the input will result in a drastically different hash, which helps detect
alterations in the data.
3.​ Types of SHA: The SHA family includes several versions, with SHA-1, SHA-256, and
SHA-512 being the most widely used. SHA-256 and SHA-512 are part of the SHA-2 family and are
considered more secure than SHA-1, which is no longer recommended due to vulnerabilities.
4.​ Fixed Length Output: Regardless of the input size, the output hash produced by SHA has a
fixed length. For example, SHA-256 produces a 256-bit hash, while SHA-512 produces a 512-bit
hash.
5.​ Applications: SHA is widely used in digital signatures, certificate generation, password
hashing, and blockchain technology, ensuring the authenticity and integrity of data.

SHA plays a vital role in modern cryptography by ensuring that data remains unaltered and secure
throughout its transmission.

Explain HILL cypher in cryptography for 5 marks

ChatGPT said:

Hill Cipher is a polygraphic substitution cipher that encrypts data in blocks of letters using linear
algebra. It is based on the use of matrix multiplication, which allows multiple plaintext letters to be
encrypted simultaneously.
Key Points:

1.​ Matrix-based Cipher: The Hill cipher uses an n x n matrix as the key, where n is the size of
the block (usually 2x2 or 3x3 matrices). Each letter of the plaintext is represented by a number,
and the encryption process involves multiplying the matrix by a column vector representing the
plaintext.
2.​ Encryption Process:
○​ The plaintext is divided into blocks of size n (e.g., 2 letters for a 2x2 matrix).
○​ Each block is represented as a column vector of numbers corresponding to the plaintext
letters.
○​ The plaintext vector is then multiplied by the key matrix and taken modulo 26 to produce the
ciphertext.
3.​ Key Matrix: The key matrix must be invertible, meaning its determinant should not be zero,
to ensure that the ciphertext can be decrypted properly. The matrix entries correspond to numbers
representing the letters of the alphabet.
4.​ Decryption Process: To decrypt the ciphertext, the inverse of the key matrix is used. The
inverse matrix is multiplied by the ciphertext vector to retrieve the original plaintext.
5.​ Security Considerations: The Hill cipher is relatively more secure than simple substitution
ciphers because it encrypts multiple letters at once. However, it can still be vulnerable to frequency
analysis and requires careful key management.

Example:

For a 2x2 Hill cipher, if the key matrix is:

K=[624117]K = \begin{bmatrix} 6 & 24 \\ 1 & 17 \end{bmatrix}K=[61​2417​]

The plaintext "HI" (which corresponds to [7, 8] in numeric form) would be encrypted using matrix
multiplication with K, resulting in the ciphertext.

The Hill cipher's strength lies in the use of linear transformations, making it a notable algorithm for
encrypting multiple letters at a time.

explain key exchange algorithm in cryptography for 5 makes

ChatGPT said:

Key Exchange Algorithm in cryptography is a method by which two parties can securely
exchange cryptographic keys over a public channel without anyone else being able to intercept or
decipher the key. It forms the basis for secure communication in various cryptographic systems,
allowing parties to agree on a shared secret key for encryption or digital signatures.

Key Points:
1.​ Purpose: The primary purpose of key exchange algorithms is to enable two parties (e.g.,
Alice and Bob) to securely share a secret key, which can later be used for symmetric encryption or
other cryptographic operations, even if the communication channel is insecure.
2.​ Public Key Cryptography: Key exchange often involves asymmetric (public-key)
cryptography, where each party has a public key (which is shared) and a private key (which is
kept secret). This allows secure communication without needing to meet in person or exchange a
secret key beforehand.
3.​ Diffie-Hellman Key Exchange:
○​ One of the most famous and widely used key exchange protocols is the Diffie-Hellman
algorithm.
○​ Both parties agree on a large prime number and a base (both public).
○​ They each select a private key, compute their public key by raising the base to the power of
their private key modulo the prime, and exchange their public keys.
○​ Finally, each party combines their private key with the other party’s public key to compute the
shared secret key.
4.​ Elliptic Curve Diffie-Hellman (ECDH):
○​ This is a variant of Diffie-Hellman that uses elliptic curve cryptography (ECC) to generate
keys.
○​ ECDH provides the same level of security as Diffie-Hellman with much smaller key sizes,
making it more efficient and faster.
5.​ Security: The security of key exchange algorithms is based on the mathematical difficulty
of certain problems (like discrete logarithms in Diffie-Hellman), which makes it hard for an
eavesdropper to compute the shared key even if they can intercept the public keys.

Example:

In the Diffie-Hellman key exchange, let’s assume Alice and Bob agree on a prime number ppp and
a base ggg. Alice and Bob then choose private keys aaa and bbb, respectively. They calculate
their public keys, exchange them, and then compute the shared secret key:

●​ Alice: A=gamod pA = g^a \mod pA=gamodp

●​ Bob: B=gbmod pB = g^b \mod pB=gbmodp
●​ Shared secret key: S=Abmod p=Bamod pS = A^b \mod p = B^a \mod pS=Abmodp=Bamodp

Even though an eavesdropper might intercept the values AAA and BBB, they cannot easily
compute the shared secret key.

Conclusion:

Key exchange algorithms are critical for enabling secure communication over insecure channels.
By using mathematical techniques such as Diffie-Hellman and elliptic curve methods, these
algorithms provide a way to establish a shared secret key securely, which can then be used for
encrypted communication.

Caesar Cipher: Detailed Explanation and How It Works

The Caesar Cipher is one of the simplest and most well-known encryption techniques in
cryptography. It is a type of substitution cipher where each letter of the plaintext is replaced by a
letter with a fixed number of positions down or up the alphabet.

How It Works:

1.​ Shift (Key):

○​ The cipher works by shifting each letter of the plaintext by a fixed number of positions down
or up the alphabet. The number of positions to shift is called the key (denoted as 'k').
○​ For example, if the key is 3, then each letter in the plaintext is shifted by 3 positions in the
alphabet.
2.​ Encryption Process:
○​ Let the plaintext be represented as a sequence of letters (e.g., "HELLO").
○​ Each letter of the plaintext is replaced with the letter at a position that is shifted by the key
value.
○​ The general formula for encryption is:
3.​ Ci=(Pi+k)mod 26C_i = (P_i + k) \mod 26Ci​=(Pi​+k)mod26​
Where:
○​ CiC_iCi​is the cipher letter (encrypted letter).
○​ PiP_iPi​is the plaintext letter (converted to its corresponding numerical value, where A = 0, B
= 1, C = 2, ..., Z = 25).
○​ kkk is the key (shift value).
○​ mod 26\mod 26mod26 ensures that after Z, the alphabet wraps around back to A.
4.​ Example:
○​ Suppose we want to encrypt the plaintext message "HELLO" using a Caesar Cipher with a
key of 3.
■​ First, convert the letters of "HELLO" into numbers: H = 7, E = 4, L = 11, L = 11, O = 14.
■​ Then, apply the encryption formula for each letter:
■​ C1=(7+3)mod 26=10C_1 = (7 + 3) \mod 26 = 10C1​=(7+3)mod26=10, which corresponds to
'K'.
■​ C2=(4+3)mod 26=7C_2 = (4 + 3) \mod 26 = 7C2​=(4+3)mod26=7, which corresponds to 'H'.
■​ C3=(11+3)mod 26=14C_3 = (11 + 3) \mod 26 = 14C3​=(11+3)mod26=14, which corresponds
to 'O'.
■​ C4=(11+3)mod 26=14C_4 = (11 + 3) \mod 26 = 14C4​=(11+3)mod26=14, which corresponds
to 'O'.
■​ C5=(14+3)mod 26=17C_5 = (14 + 3) \mod 26 = 17C5​=(14+3)mod26=17, which corresponds
to 'R'.
○​ So, the encrypted message ("ciphertext") is: "KHOOR".
5.​ Decryption Process:
○​ To decrypt the message, the receiver needs to know the key (shift value) used for encryption.
The decryption formula is:
6.​ Pi=(Ci−k)mod 26P_i = (C_i - k) \mod 26Pi​=(Ci​−k)mod26​
Where:
○​ PiP_iPi​is the plaintext letter (original letter).
○​ CiC_iCi​is the cipher letter (encrypted letter).
○​ kkk is the key (shift value).
7.​ Using the previous example, to decrypt "KHOOR" with a key of 3:
○​ P1=(10−3)mod 26=7P_1 = (10 - 3) \mod 26 = 7P1​=(10−3)mod26=7, which corresponds to
'H'.
○​ P2=(7−3)mod 26=4P_2 = (7 - 3) \mod 26 = 4P2​=(7−3)mod26=4, which corresponds to 'E'.
○​ P3=(14−3)mod 26=11P_3 = (14 - 3) \mod 26 = 11P3​=(14−3)mod26=11, which corresponds
to 'L'.
○​ P4=(14−3)mod 26=11P_4 = (14 - 3) \mod 26 = 11P4​=(14−3)mod26=11, which corresponds
to 'L'.
○​ P5=(17−3)mod 26=14P_5 = (17 - 3) \mod 26 = 14P5​=(17−3)mod26=14, which corresponds
to 'O'.
○​ The decrypted message is: "HELLO".

Summary:

The Caesar Cipher works by shifting each letter of the plaintext by a fixed number (key). It is
simple to implement but insecure because there are only 25 possible keys, making it vulnerable to
brute force attacks. The formulas for encryption and decryption are as follows:

●​ Encryption: Ci=(Pi+k)mod 26C_i = (P_i + k) \mod 26Ci​=(Pi​+k)mod26

●​ Decryption: Pi=(Ci−k)mod 26P_i = (C_i - k) \mod 26Pi​=(Ci​−k)mod26

Conventional Encryption Principles with Working (5 Marks)

Conventional encryption, or symmetric-key encryption, is based on the use of the same key for
both the encryption and decryption processes. The key is shared between the sender and the
receiver, and its secrecy is essential to ensure secure communication. The working of conventional
encryption can be explained through a simple example.

Key Principles of Conventional Encryption:

1.​ Symmetric Key:

○​ A single shared key is used for both encryption and decryption of data. Both the sender and
receiver must have the same key to communicate securely.
2.​ Encryption Process:
○​ The sender uses the encryption algorithm and the secret key to transform plaintext (the
original message) into ciphertext (the encrypted message). The encryption algorithm applies
mathematical operations on the plaintext with the key to make it unreadable to anyone who does
not have the key.
3.​ Formula for Encryption:​
C=E(K,P)C = E(K, P)C=E(K,P)​
Where:CCC is the ciphertext.EEE is the encryption function.KKK is the key.PPP is the plaintext.
4.​ Decryption Process:
○​ The receiver uses the same key to decrypt the ciphertext back into its original plaintext form.
The decryption algorithm applies reverse mathematical operations using the secret key.
5.​ Formula for Decryption:​
P=D(K,C)P = D(K, C)P=D(K,C)​
Where:PPP is the plaintext.,DDD is the decryption function.,KKK is the key.,CCC is the ciphertext.
6.​ Confidentiality,
○​ The main goal is to ensure confidentiality. Only the sender and receiver who share the same
key can encrypt and decrypt the message. Anyone without the key cannot read the ciphertext.
7.​ Key Distribution Problem:
○​ A major issue in conventional encryption is how to securely share the secret key between the
sender and the receiver. If an attacker intercepts the key during transmission, they can decrypt the
message.

Working Example:

Let’s consider a simple Caesar Cipher, a type of conventional encryption:

●​ Plaintext: "HELLO"
●​ Key: 3 (Each letter will be shifted by 3 positions)

Step 1: Encryption​
Using the Caesar Cipher encryption algorithm, we shift each letter of the plaintext by 3 positions in
the alphabet

H → K, E → H, L → O, L → O, O → R,

Thus, the ciphertext is: KHOOR

Step 2: Decryption​
To decrypt the ciphertext, the receiver uses the same key (3) and shifts each letter of the ciphertext
back by 3 positions:

K → H,H → E,O → L,O → L,R → O

The original plaintext is restored: HELLO

Conventional Encryption Algorithms (5 Marks)

Conventional encryption algorithms, also known as symmetric-key encryption algorithms, use the
same key for both encryption and decryption of data. The security of these algorithms relies on the
secrecy of the key. The main goal is to convert plaintext into ciphertext and vice versa, ensuring
confidentiality. Here are some widely used conventional encryption algorithms:

1. Caesar Cipher

●​ Working: The Caesar Cipher is a substitution cipher where each letter in the plaintext is
shifted by a fixed number (key) positions in the alphabet.
●​ Example: For a key of 3, the letter 'A' becomes 'D', 'B' becomes 'E', etc.
●​ Encryption: Each character of the plaintext is replaced by a letter a fixed number of positions
ahead in the alphabet.
●​ Decryption: The same key is used to reverse the shift.
●​ Limitations: Very basic and insecure due to the small key space (only 25 possible keys).

2. Monoalphabetic Cipher

●​ Working: In a monoalphabetic cipher, each letter of the plaintext is substituted by another

letter from the alphabet. Unlike the Caesar Cipher, the shift is not uniform and each letter can be
mapped to a different one.
●​ Example: The plaintext "HELLO" could be encrypted as "XUBBE" using a predefined
mapping table.
●​ Limitations: Although more complex than the Caesar Cipher, it is still vulnerable to frequency
analysis.

3. Vigenère Cipher

●​ Working: The Vigenère Cipher is a more advanced form of the Caesar Cipher that uses a
keyword. The key is repeated to match the length of the plaintext. Each letter of the plaintext is
shifted according to the corresponding letter of the keyword.
●​ Encryption: For a given key, the plaintext letter is shifted by a number equal to the
alphabetical position of the key letter.
●​ Decryption: The ciphertext is decrypted by reversing the shift using the same key.
●​ Example: Plaintext: "HELLO", Key: "KEY" → Encrypted as "RIJVS".
●​ Limitations: The key must remain secret, and short keys are vulnerable to cryptanalysis.

4. Data Encryption Standard (DES)

●​ Working: DES is a block cipher that encrypts data in 64-bit blocks using a 56-bit key. It uses
a series of complex transformations and substitutions to encrypt the data.
●​ Rounds: The algorithm operates in 16 rounds of substitution and permutation, using an initial
permutation, a series of rounds, and a final permutation.
●​ Decryption: Decryption is the reverse of encryption, using the same key.
●​ Limitations: DES is considered insecure due to the small key size (56 bits), making it
vulnerable to brute-force attacks.

5. Advanced Encryption Standard (AES)

●​ Working: AES is a symmetric block cipher that operates on 128-bit blocks of data with key
sizes of 128, 192, or 256 bits. It uses a series of substitutions, permutations, and XOR operations
to transform the plaintext into ciphertext.
●​ Rounds: AES performs 10 rounds of encryption for a 128-bit key, 12 rounds for a 192-bit key,
and 14 rounds for a 256-bit key.
●​ Decryption: The decryption process is the reverse of encryption.
●​ Strength: AES is considered highly secure and is widely used for data encryption in
government, banking, and secure communications.

6. Triple DES (3DES)

●​ Working: Triple DES enhances the security of DES by applying the DES algorithm three
times using either two or three different keys.
●​ Modes: 3DES operates in three modes: encryption with three keys (3TDEA), encryption with
two keys (2TDEA), and encryption with a single key (which reverts to single DES).
●​ Decryption: The decryption process is similar to encryption but is performed with the reverse
order of keys.
●​ Limitations: 3DES is slower compared to AES, and while more secure than DES, it is being
phased out due to its vulnerability to modern cryptographic attacks.

7. RC4 (Rivest Cipher 4)

●​ Working: RC4 is a stream cipher that generates a keystream (a sequence of random bits)
using a variable-length key. The keystream is XORed with the plaintext to produce ciphertext.
●​ Decryption: The same key is used to generate the same keystream, which is XORed with the
ciphertext to obtain the original plaintext.
●​ Limitations: RC4 is known to have vulnerabilities and weaknesses that make it less secure
for modern use, especially in SSL/TLS protocols.