SUS SURYA GROUP OF INSTITUTIONS

SCHOOL OF ENGINEERING & TECHNOLOGY

Vikiravandi – Villupuram
Department Of Artificial Intelligence & Data Science

UNIT I-INTRODUCTION
Basics of cryptography ,conventional and public-key cryptography ,hash functions,
authentication, and digital signatures.

1. Basics of cryptography:

 Cryptography uses codes to protect data and communications so only the intended
receivers can decode and understand them. Consequently, restricting access to
information from outside parties.
 "Crypto" indicates "hidden," and "graphy" indicates "writing," respectively. The
techniques used in cryptography to secure data are based on mathematical principles
and a set of rule-based calculations known as algorithms to modify signals in a way that
makes them challenging to decode.
 These algorithms generate cryptographic keys, create digital signatures, safeguard data
privacy, enable online browsing on the Internet, and ensure the confidentiality of private
transactions like credit and debit card payments.

Types of Cryptography

Fig.1.1 Types of Cryptography

Symmetric key Cryptography:

• With the encryption technique, the sender and the recipient use the same shared key to
encrypt and decrypt messages.
 Also known as Secret Key Cryptography or Conventional Cryptography, Symmetric Key
Cryptography is an encryption system in which the sender and receiver of a message
share a single, common key that is used to encrypt and decrypt the message.
 The Algorithm use is also known as a secret key algorithm or sometimes called a

Page 1
symmetric algorithm

Page 2
  A key is a piece of information (a parameter) that determines the functional output of a
cryptographic algorithm or cipher.
 The key for encrypting and decrypting the file had to be known to all the recipients. Else,
the message could not be decrypted by conventional means.

Fig.1.2 Symmetric Cryptography

Problems with Symmetric Key cryptography Key

Management

 Symmetric-key systems are simpler and faster; their main drawback is that the
two parties must somehow exchange the key in a secure way and keep it secure
after that. Key Management caused nightmare for the parties using the symmetric
key cryptography. They were worried about how to get the keys safely and
securely across to all users so that the decryption of the message would be
possible.
 This gave the chance for third parties to intercept the keys in transit to decode the
top-secret messages. Thus, if the key was compromised, the entire coding system
was compromised and a “Secret” would no longer remain a “Secret”. This is why
the “Public Key Cryptography” came into existence.

Asymmetric Key Cryptography

 Asymmetric cryptography, also known as Public-key cryptography, refers to a

cryptographic algorithm which requires two separate keys, one of which is private and
one of which is public. The public key is used to encrypt the message and the private one
is used to decrypt the message.

Page 3
 Fig. 1.3 Asymmetric-Key Cryptography

Hash Functions:

• In this algorithm, no key is used. The plain text is used to produce a hash value that has
a fixed length, making it challenging to retrieve the plain text's information. Hash
functions are widely used by operating systems to encrypt passwords.
• The Public Key and Private Key are different from one another. Even if everyone knows
the public key, only the intended recipient may decode the message since only he can
access the private key.

Page 4
 o A cryptographic hash function is a hash function that takes an arbitrary block of
data and returns a fixed-size bit string, the cryptographic hash value, such that any
(accidental or intentional) change to the data will (with very high probability) change
the hash value. The data to be encoded are often called the message, and the hash
value is sometimes called the message digest or simply digest.

Fig.1.4 Hash Functions

The ideal cryptographic hash function has four main properties:

• It is easy to compute the hash value for any given message

• It is infeasible to generate a message that has a given hash
• It is infeasible to modify a message without changing the hash
• It is infeasible to find two different messages with the same hash.

Two Cryptography Encryption Techniques

• Substitution: Method by which units of plaintext are replaced with ciphertext according
to a regular system.
• Transposition: Here, units of plaintext are rearranged in a different and usually quite
complex order, but the units themselves are left unchanged.

Substitution Encryption Techniques

 These techniques involve substituting or replacing the contents of the plaintext by other
letters, numbers or symbols. Different kinds of ciphers are used in substitution
technique.
 Types of Substitution Technique
1. Monoalphabetic
2. Polyalphabetic
Page 5
1. Monoalphabetic cipher

Monoalphabetic cipher is a type of encryption technique in cryptography where each

character of the plain text is mapped to another fixed character of the cipher text.
Monoalphabetic cipher is a type of simple substitution cipher.

The relationship between the plain text character and the cipher text character is one-to-
one.

Example:

 If a plain text character 'a' is mapped to a character 'z', a plain text word which
contains 'a' anywhere will be substituted with 'z' when creating the cipher text.

Types of Monoalphabetic Ciphers

A. Additive Cipher:
A. Additive cipher is a type of monoalphabetic cipher where every character of plain
text is mapped to some other character in the cipher text depending on the value
of the key being used.

Encryption process:

The formula for encryption of plain text to cipher text in additive monoalphabetic cipher
is:

Here, P is the character in plain text, k is the key being used for defining the encryption
process, and C is the required cipher text.

Decryption process:

The formula for the decryption process of cipher text to plain text in additive cipher is:

Here, P is the plain text,C is the cipher text from which we need to convert to plain text and k
is the key.

Example

 The plain text is: 'this is encryption.' with the key being 4,
 The cipher text becomes: 'Lipps, xlmw mw irgvctxmsr'.

Page 6
 B. Caeser Cipher:
 Caeser cipher is a type of monoalphabetic cipher where every character of plain
text is mapped to another character by a distance of 3. It is essentially a type of
additive cipher where the key value is always 3.

Example

 If the plain text has a character 'a' then the value of its cipher text counterpart
will be 'd' since the value of the key is 3 in the Caeser cipher.
 The mathematical representation of the Caeser cipher

is: Encryption process:

The formula for encryption of plain text to cipher text in Caeser cipher is

Decryption process:

The formula for the decryption process of cipher text to plain text in Caeser cipher is

Here, P and C are plain text and cipher text respectively, and 3 is the key.

Example

o If the plain text is: 'hello world',

o The cipher text as per Caeser cipher is: 'khoor zruog'.

2. Poly-alphabetic Cipher

 Poly-alphabetic cipher is any cipher based on substitution, using several substitution

alphabets. In polyalphabetic substitution ciphers, the plaintext letters are enciphered
differently based upon their installation in the text.

Types of Poly-alphabetic Cipher

A. Playfair Cipher
B. Hill Cipher

Page 7
A. Playfair Cipher

 We encrypt a pair of alphabets(digraphs) instead of a single alphabet.

The Playfair Cipher Encryption Algorithm:

The Algorithm consists of 2 steps:

1. Generate the key Square(5×5):

The key square is a 5×5 grid of alphabets that acts as the key for encrypting the
plaintext. Each of the 25 alphabets must be unique and one letter of the
alphabet (usually J) is omitted from the table (as the table can hold only 25
alphabets). If the plaintext contains J, then it is replaced by I.
The initial alphabets in the key square are the unique alphabets of the key in the
order in which they appear followed by the remaining letters of the alphabet in order.
2. Algorithm to encrypt the plain text:
The plaintext is split into pairs of two letters (digraphs). If there is an odd number
of letters, a Z is added to the last letter.

1. Pair cannot be made with same letter. Break the letter in single and add a bogus
letter to the previous letter.

Plain Text: “hello”

After Split: ‘he’ ‘lx’ ‘lo’

Here ‘x’ is the bogus letter.

2. If the letter is standing alone in the process of pairing, then add an extra
bogus letter with the alone letter

Plain Text: “helloe”

AfterSplit: ‘he’ ‘lx’ ‘lo’ ‘ez’

Here ‘z’ is the bogus letter.

Rules for Encryption:

1. If both the letters are in the same column: Take the letter below each one (going
back to the top if at the bottom).

Example:

Key: MONARCHY

Page 8
 Plain Text : INSTRUMENTS

For example:

Diagraph: "me"

Encrypted Text:

cl Encryption:

m ->

c e ->

2. If both the letters are in the same row: Take the letter to the right of each one
(going back to the leftmost if at the rightmost position).

For example:

Diagraph: "st"

Encrypted Text:

tl Encryption:

s -> t

t -> l

3. If neither of the above rules is true: Form a rectangle with the two letters and take
the letters on the horizontal opposite corner of the rectangle.

For example:
Page 9
Page 10
 Diagraph: "nt"

Encrypted Text:

rq Encryption:

n -> r

t -> q

Plain Text: "instrumentsz"

Encrypted Text:

gatlmzclrqtx Encryption:

i -> g

n -> a

s -> t

t -> l

r ->

mu-

>zm

-> c e

-> l n

-> r t

-> q s

-> t z

-> x

Page 11
Page 12
 Decryption Technique

 Decrypting the Playfair cipher is as simple as doing the same process in reverse. The
receiver has the same key and can create the same key table, and then decrypt any
messages made using that key.

CipherText: "gatlmzclrqtx"

After Split: 'ga' 'tl' 'mz' 'cl' 'rq' 'tx'

Rules for Decryption:

A. If both the letters are in the same column: Take the letter above each one
B. If both the letters are in the same row: Take the letter to the left of each one
C. If neither of the above rules is true: Form a rectangle with the two letters and take
the letters on the horizontal opposite corner of the rectangle.

Plain Text: "gatlmzclrqtx"

Decrypted Text: instrumentsz

Decryption:

ga -> in

tl -> st

mz ->

ru cl ->

me rq -

> nt tx -

> sz

B. Hill Cipher

 Hill cipher is a polygraphic substitution cipher based on linear algebra.Each letter is

represented by a number modulo 26. Often the simple scheme A = 0, B = 1, …, Z = 25 is
used, but this is not an essential feature of the cipher.
 To encrypt a message, each block of n letters (considered as an n-component vector) is
multiplied by an invertible n × n matrix, against modulus 26. To decrypt the message,
each block is multiplied by the inverse of the matrix used for encryption.

Page 13
Page 14
  The matrix used for encryption is the cipher key, and it should be chosen randomly
from the set of invertible n × n matrices (modulo 26).
Example:
Input : Plaintext: ACT
Key: GYBNQKURP
Output : Ciphertext: POH

Encryption

 We have to encrypt the message ‘ACT’ (n=3).The key is ‘GYBNQKURP’ which can
be written as the nxn matrix:

The message ‘ACT’ is written as vector:

The enciphered vector is given as:

 which corresponds to ciphertext of ‘POH’

Decryption

Page 15
  To decrypt the message, we turn the ciphertext back into a vector, then simply multiply by
the inverse matrix of the key matrix (IFKVIVVMI in letters).The inverse of the matrix used in
the previous example is:

For the previous Ciphertext ‘POH’:

 which gives us back ‘ACT’.

Transposition Encryption Technique

• A transposition cipher is a method of encryption by which the positions held by units of

plaintext (which are commonly characters or groups of characters) are shifted according
to a regular system, so that the ciphertext constitutes a permutation of the plaintext.
• That is, the order of the units is changed. Transposition ciphers encrypt plaintext by
moving small pieces of the message around. Anagrams are a primitive transposition
cipher.
• This table shows "VOYAGER" being encrypted with a primitive transposition cipher
where every two letters are switched with each other:

Another simple example for transposition cipher is the rail fence technique, in which the
plaintext is written down as a sequence of diagonals and then read off as a sequence of rows.

Page 16
Page 17
Example 1, write the message “meet me after toga party” out as:

mematrhtgpry

etefeteoaat

giving ciphertext : MEMATRHTGPRYETEFETEOAAT

Example 2

 The following example shows how a pure permutation cipher could work: You write your
plaintext message along the rows of a matrix of some size.
 You generate ciphertext by reading along the columns. The order in which you read the
columns is determined by the encryption key:

ciphertext: TITESMAIRDEMHHEENOOYETGTI

The cipher can be made more secure by performing multiple rounds of such permutations.

2. Conventional Cryptography

 It is a Symmetric Cryptography Algorithm

 Conventional encryption also referred to as symmetric encryption or single-key encryption
is a cryptographic system which uses the same key used by the sender to encrypt the
message and by the receiver to decrypt the message.
 In this encryption model, the sender encrypts the plaintext using the receiver’s secret
key, which can be later used by the receiver to decrypt the ciphertext. It is a relatively fast
process since it uses a single key for both encryption and decryption.
 The main problem with this widely used encryption model is that this scheme does not
scale well to a large number of users because both the sender and the receiver have to
agree on a secret key before transmission.

Page 18
  This makes it less secure as the key is exchanged between many senders and receivers.
The idea of single-key encryption is very old, that is why it is known as conventional
encryption.

Principles

Symmetric encryption scheme has five ingredients

1. Plain Text: This is the original message or data which is fed into the algorithm as input.

2. Encryption Algorithm: This encryption algorithm performs various substitutions and

transformations on the plain text.

3. Secret Key: The key is another input to the algorithm. The substitutions and
transformations performed by algorithm depend on the key.

4. Cipher Text: This is the scrambled (unreadable) message which is output of the
encryption algorithm. This cipher text is dependent on plaintext and secret key. For a
given plaintext, two different keys produce two different cipher texts.

5. Decryption Algorithm: This is the reverse of encryption algorithm. It takes the cipher
text and secret key as inputs and outputs the plain text.

Fig.1.5 Simplified Model of Conventional Encryption

Symmetric Key Cryptography - Examples

Data Encryption Standard (DES)

 The Data Encryption Standard was published in 1977 by the US National Bureau
of Standards. DES uses a 56 bit key and maps a 64 bit input block of plaintext
onto
Page 19
Page 20
 a 64 bit output block of ciphertext. 56bits is a rather small key for today's
computing power.

Triple DES

 Triple DES was the answer to many of the shortcomings of DES. Since it is based
on the DES algorithm, it is very easy to modify existing software to use Triple DES.
It also has the advantage of proven reliability and a longer key length that
eliminates many of the shortcut attacks that can be used to reduce the amount of
time it takes to break DES.

Advanced Encryption Standard (AES) (RFC3602)

 Advanced Encryption Standard (AES) is an encryption standard adopted by the

U.S. government. The standard comprises three block ciphers, AES-128, AES-192
and AES-256, adopted from a larger collection originally published as Rijndael.
Each AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits,
respectively. The AES ciphers have been analyzed extensively and are now used
worldwide, as was the case with its predecessor, the Data Encryption Standard
(DES).

IDEA

 The International Data Encryption Algorithm was developed in 1991. It uses a 128
bit key to encrypt a 64 bit block of plaintext into a 64 bit block of ciphertext. IDEA's
general structure is very similar to DES, it performs 17 rounds, each round taking
64 bits of input to produce a 64 bit output, using per-round keys generated from
the 128 bit key.

DATA ENCRYPTION STANDARD (DES)

 The IBM team created a symmetric-key cipher block algorithm known as DES (Data
Encryption Standard) Algorithm. The term symmetric key means that the same key is
used for encryption & decryption of plain text or message. The National Institute of
Standards and Technology (NIST) later adopted this algorithm.
 The DES algorithm takes the plain text of 64-bit as input & produces a ciphertext of
64- bit using a key of 56 bits. Initially, a 64-bit key length is used but an 8-bit is
discarded.

Page 21
  The Data Encryption Standard (DES) was discovered vulnerable to powerful attacks and
hence DES has slightly declined in use.
 The 56-bit key length used in DES makes it unsafe against cyber attacks like brute force
because the 56-bit key length requires 2^56 attempts for an attacker to find the correct
key, which is not enough to protect sensitive data against brute-force attacks with
modern computers.

How does the DES Algorithm work?

DES is a Feistel Block Cipher implementation, known as LUCIFER. It uses a Feistel structure
with 16 rounds, where a different key is used for each round.

Fig.1.6 General Structure of DES

The DES algorithm steps are given below:

 The process begins by giving 64-bit plain text as input to an initial permutation function
(IP).
 The initial permutation (IP) is then carried out on plain text.
 The initial permutation (IP) generates two halves of the permuted block, known as RPT
(Right Plain Text) and LPT (Left Plain Text).
 Each Left Plain Text (LPT) and Right Plain Text (RPT) is encrypted through 16 rounds.
 This encryption process consists of five stages:

Page 22
 o Key Transformation
o Expansion permutation
o S-box permutation
o P-box permutation
o XOR & Swap
 Finally Left Plain Text (LPT) is combined with Right Plain Text (RPT). After that, on the
newly combined block generated, a final permutation is performed.
 The output of this process will produce a 64-bit ciphertext.

The method of decryption uses the same algorithm, but it is done in reverse order of the same
key as the DES algorithm is the symmetric key algorithm.

Advantages of the DES Algorithm

 DES was developed in 1977 to run on hardware, hence, this algorithm works fast in
hardware.
 DES is relatively easy to implement because of its Feistel structure and basic or
uncomplicated logic.
 The same algorithm is used for both encryption & decryption by just reversing the order
of 16 round keys.

Disadvantages of the DES Algorithm

 The total number of 16 rounds in DES makes the algorithm complex.

 DES was mainly designed for hardware so it runs relatively slow on software compared to
hardware.
 The 56-bit key length used in DES makes it possible to decrypt the encrypted code with
modern technologies. Moreover, it can be broken using brute-force attacks and linear
cryptanalysis. Hence, AES (Advanced Encryption Standard) has replaced the DES (Data
Encryption Standard).

ADVANCED ENCRYPTION STANDARD (AES)

 Advanced Encryption Standard (AES) is a specification for the encryption of electronic

data established by the U.S National Institute of Standards and Technology (NIST) in
2001.
 AES is widely used today as it is a much stronger than DES and triple DES despite being
harder to implement.

Page 23
Points to remember

 AES is a block cipher.

 The key size can be 128/192/256 bits.
 Encrypts data in blocks of 128 bits each.
 That means it takes 128 bits as input and outputs 128 bits of encrypted cipher text as
output. AES relies on substitution-permutation network principle which means it is
performed using a series of linked operations which involves replacing and shuffling of
the input data.

Working of the cipher:

 AES performs operations on bytes of data rather than in bits. Since the block size is 128
bits, the cipher processes 128 bits (or 16 bytes) of the input data at a time.

The number of rounds depends on the key length as follows:

128 bit key – 10 rounds

192 bit key – 12 rounds

256 bit key – 14 rounds

Creation of Round keys:

 A Key Schedule algorithm is used to calculate all the round keys from the key. So the
initial key is used to create many different round keys which will be used in the
corresponding round of the encryption.

Fig.1.7 AES Structure

Page 24
Encryption:
AES considers each block as a 16 byte (4 byte x 4 byte = 128 ) grid in a column major arrangement.

[ b0 | b4 | b8 | b12 |

| b1 | b5 | b9 | b13 |

| b2 | b6 | b10| b14 |

| b3 | b7 | b11| b15 ]

Each round comprises of 4 steps:

 SubBytes

 ShiftRows

 MixColumns

 Add Round Key

The last round doesn’t have the MixColumns round.

The SubBytes does the substitution and ShiftRows and MixColumns performs the permutation
in the algorithm.

SubBytes:
This step implements the substitution.
 In this step each byte is substituted by another byte. Its performed using a lookup
table also called the S-box. This substitution is done in a way that a byte is never
substituted by itself and also not substituted by another byte which is a
compliment of the current byte.
 The result of this step is a 16 byte (4 x 4 ) matrix like before. The next two steps
implement the permutation.

ShiftRows:
This step is just as it sounds. Each row is shifted a particular number of times.

 The first row is not shifted

 The second row is shifted once to the left.

 The third row is shifted twice to the left.

 The fourth row is shifted thrice to the

left. (A left circular shift is performed.)

Page 25
 [ b0 | b1 | b2 | b3 ] b0 | b1 | b2 | b3 ]

| b4 | b5 | b6 | b7 |> b5 | b6 | b7 | b4 |

| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |

[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 | b14 ]

Mix Columns:

 This step is basically a matrix multiplication. Each column is multiplied with a

specific matrix and thus the position of each byte in the column is changed as a
result.

This step is skipped in the last round.

c0 ] [ 2 3 1 1 ] [ b0 ]

| c1 | |1 2 3 1| | b1 |

| c2 | |1 1 2 3| | b2 |

c3 ] [ 3 1 1 2 ][ b3 ]

Add Round Keys:

 Now the resultant output of the previous stage is XOR-ed with the corresponding
round key. Here, the 16 bytes is not considered as a grid but just as 128 bits of
data.
 After all these rounds 128 bits of encrypted data is given back as output. This
process is repeated until all the data to be encrypted undergoes this process.

3. Public-key Cryptography

 Public key cryptography enables the following:

 Encryption and decryption, which allow two communicating parties to disguise data that
they send to each other. The sender encrypts, or scrambles, the data before sending it.
The receiver decrypts, or unscrambles, the data after receiving it. While in transit, the
encrypted data is not understood by an intruder.
 Nonrepudiation, which prevents:

Page 26
 o The sender of the data from claiming, at a later date, that the data was never sent
o The data from being altered.
 Figure 1 shows you a simplified view of how public key cryptography works.

Fig.1.8 Public-key encryption

 Public-key encryption is the first truly revolutionary concept in cryptography which was
first proposed by Diffie and Hellman. Public-key encryption, also known as public-key
cryptography, is a cryptographic system that uses a pair of keys: a public key and a
private key.
 The public key can be shared freely among the users and the private key, or the secret
key, is known only to the recipient. The public key is used to encrypt a message or
content and the private key is then used to decrypt the message.
 The main objective of public-key encryption is to provide privacy, confidentiality, and
authentication. Public-key algorithms are based on mathematical functions rather than
on simple operations on bit patterns, such as are used in conventional encryption
algorithms.
 In public-key encryption system, there are six main ingredients: plaintext, encryption
algorithm, public key, private key, ciphertext, and decryption algorithm. It simply uses
one key for encryption and a different but related key for decryption.
 Public-key encryption, also known as asymmetric encryption, is a type of encryption
scheme which instead of a single key, uses a pair of keys – a public key and a private key.
The public key is used to encrypt a message and the private key is then used to decrypt
the message.

Page 27
Asymmetric Key Cryptography –

Examples Digital Signature

Standard (DSS)

 Digital Signature Standard (DSS) is the digital signature algorithm (DSA)

developed by the U.S. National Security Agency (NSA) to generate a digital
signature for the authentication of electronic documents.
 DSS was put forth by the National Institute of Standards and Technology (NIST) in
1994, and has become the United States government standard for authentication
of electronic documents. DSS is specified in Federal Information Processing
Standard (FIPS) 186.

RSA

 RSA (Rivest, Shamir and Adleman who first publicly described it in 1977) is an
algorithm for public-key cryptography. It is the first algorithm known to be
suitable for signing as well as encryption, and one of the first great advances in
public key cryptography.
 RSA is widely used in electronic commerce protocols, and is believed to be secure
given sufficiently long keys and the use of up-to-date implementations.

ElGamal

 ElGamal is a public key method that is used in both encryption and digital signing.
 The encryption algorithm is similar in nature to the Diffie-Hellman key agreement
protocol
 It is used in many applications and uses discrete logarithms.
 ElGamal encryption is used in the free GNU Privacy Guard software

1. Diffie Hellman Key Exchange Algorithm

 The Diffie-Hellman algorithm is being used to establish a shared secret that can be used for
secret communications while exchanging data over a public network using the elliptic
curve to generate points and get the secret key using the parameters.
A. For the sake of simplicity and practical implementation of the algorithm, we will
consider only 4 variables, one prime P and G (a primitive root of P) and two
private values a and b.

Page 28
 B. P and G are both publicly available numbers. Users (say Alice and Bob) pick
private values a and b and they generate a key and exchange it publicly. The
opposite person receives the key and that generates a secret key, after which they
have the same secret key to encrypt.
Step-by-Step explanation is as follows:

Example:
Step 1: Alice and Bob get public numbers P = 23, G = 9

Step 2: Alice selected a private key a = 4 and

Bob selected a private key b = 3

Step 3: Alice and Bob compute public values

Page 29
 Alice: x =(9^4 mod 23) = (6561 mod 23) = 6
Bob: y = (9^3 mod 23) = (729 mod 23) = 16

Step 4: Alice and Bob exchange public numbers

Step 5: Alice receives public key y =16 and

Bob receives public key x = 6

Step 6: Alice and Bob compute symmetric keys

Alice: ka = y^a mod p = 65536 mod 23 =
9 Bob: kb = x^b mod p = 216 mod 23 = 9

Step 7: 9 is the shared secret.

2. RSA Encryption algorithm

 RSA encryption algorithm is a type of public-key encryption algorithm.

Public key encryption algorithm:

 Public Key encryption algorithm is also called the Asymmetric algorithm. Asymmetric
algorithms are those algorithms in which sender and receiver use different keys for
encryption and decryption. Each sender is assigned a pair of keys:
 Public key
 Private key
 The Public key is used for encryption, and the Private Key is used for decryption.
Decryption cannot be done using a public key. The two keys are linked, but the private key
cannot be derived from the public key.
 The public key is well known, but the private key is secret and it is known only to the user
who owns the key. It means that everybody can send a message to the user using user's
public key. But only the user can decrypt the message using his private key.

The Public key algorithm operates in the following manner:

Page 30
 Fig.1.9 Encryption/Decryption using Public/Private Keys

 The data to be sent is encrypted by sender A using the public key of the intended receiver
 B decrypts the received ciphertext using its private key, which is known only to B. B
replies to A encrypting its message using A's public key.
 A decrypts the received ciphertext using its private key, which is known only to him.

RSA encryption algorithm:

 RSA is the most common public-key algorithm, named after its inventors Rivest,
Shamir, and Adelman (RSA).

Fig.1.10 RSA

Page 31
RSA algorithm uses the following procedure to generate public and private keys:

1. Select two large prime numbers, p and q.

2. Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.

3. Choose a number e less than n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n),
e is prime to φ (n),gcd (e,d(n)) =1

4. If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public
key <e, n>. To find ciphertext from the plain text following formula is used to get ciphertext
C. C = me mod n

5. Here, m must be less than n. A larger message (>n) is treated as a concatenation of messages,
each of which is encrypted separately.

6. To determine the private key, we use the following formula to calculate the d such that:
De mod {(p - 1) x (q - 1)} = 1

Or
De mod φ (n) = 1

7. The private key is <d, n>. A ciphertext message c is decrypted using private key <d, n>. To
calculate plain text m from the ciphertext c following formula is used to get plain text m.
m = cd mod n

Example 1:

 This example shows how we can encrypt plaintext 9 using the RSA public-key encryption
algorithm. This example uses prime numbers 7 and 11 to generate the public and private
keys.

Explanation:

Step 1: Select two large prime numbers, p, and q.

p=7

q = 11

Page 32
Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption
and decryption.

First, we calculate

n=pxq

n = 7 x 11

n = 77

Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is
prime to φ (n), gcd (e, d (n)) =1.

Second, we calculate

φ (n) = (p - 1) x (q-1)

φ (n) = (7 - 1) x (11 - 1)

φ (n) = 6 x 10

φ (n) = 60

Let us now choose relative prime e of 60 as 7.

Thus the public key is <e, n> = (7, 77)

Step 4: A plaintext message m is encrypted using public key <e, n>. To find ciphertext from the
plain text following formula is used to get ciphertext C.

To find ciphertext from the plain text following formula is used to get ciphertext C.

C = me mod n

C = 97 mod 77

C = 37

Step 5: The private key is <d, n>. To determine the private key, we use the following formula d
such that:

De mod {(p - 1) x (q - 1)} = 1

7d mod 60 = 1, which gives d = 43

The private key is <d, n> = (43, 77)

Page 33
Step 6: A ciphertext message c is decrypted using private key <d, n>. To calculate plain
text m from the ciphertext c following formula is used to get plain text m.

m = cd mod n

m = 3743 mod 77

m=9

In this example, Plain text = 9 and the ciphertext = 37

Example 2:

In an RSA cryptosystem, a particular A uses two prime numbers, 13 and 17, to generate the
public and private keys. If the public of A is 35. Then the private key of A is............................?.

Explanation:

Step 1: In the first step, select two large prime numbers, p and q.

p = 13

q = 17

Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption
and decryption.

First, we calculate

n=pxq

n = 13 x 17

n = 221

Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is
prime to φ (n), gcd (e, d (n)) =1.

Second, we calculate

φ (n) = (p - 1) x (q-1)

φ (n) = (13 - 1) x (17 - 1)

φ (n) = 12 x 16

Page 34
φ (n) = 192

g.c.d (35, 192) = 1

Step 3: To determine the private key, we use the following formula to calculate the d such that:

Calculate d = de mod φ (n) = 1

d = d x 35 mod 192 = 1

d = (1 + k.φ (n))/e [let k =0, 1, 2, 3.............................]

Put k = 0

d = (1 + 0 x 192)/35

d = 1/35

Put k = 1

d = (1 + 1 x 192)/35

d = 193/35

Put k = 2

d = (1 + 2 x 192)/35

d = 385/35

d = 11

The private key is <d, n> = (11, 221)

Hence, private key i.e. d = 11

Example 3:

 A RSA cryptosystem uses two prime numbers 3 and 13 to generate the public key= 3
and the private key = 7. What is the value of cipher text for a plain text?

Explanation:

Step 1: In the first step, select two large prime numbers, p and q.

p=3

q = 13

Page 35
Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption
and decryption.

First, we calculate

n=pxq

n = 3 x 13

n = 39

Step 3: If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using
public key <e, n>. Thus the public key is <e, n> = (3, 39).

To find ciphertext from the plain text following formula is used to get ciphertext C.

C = me mod n

C = 53 mod 39

C = 125 mod 39

C=8

Hence, the ciphertext generated from plain text, C = 8.

Example 4:

A RSA cryptosystem uses two prime numbers, 3 and 11, to generate private key = 7. What is the
value of ciphertext for a plain text 5 using the RSA public-key encryption algorithm?

Explanation:

Step 1: in the first step, select two large prime numbers, p and q.

p=3

q = 11

Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption
and decryption.

First, we calculate

n=pxq

n = 3 x 11

Page 36
n = 33

Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1< e < φ (n), e
is prime to φ (n), gcd (e, d (n)) =1.

Second, we calculate

φ (n) = (p - 1) x (q-1)

φ (n) = (3 - 1) x (11 - 1)

φ (n) = 2 x 10

φ (n) = 20

Step 4: To determine the public key, we use the following formula to calculate the d such that:

Calculate e x d = 1 mod φ (n)

e x 7 = 1 mod 20

e x 7 = 1 mod 20

e = (1 + k. φ (n))/ d [let k =0, 1, 2, 3.............................]

Put k = 0

e = (1 + 0 x 20) / 7

e = 1/7

Put k = 1

e = (1 + 1 x 20) / 7

e = 21/7

e=3

The public key is <e, n> = (3, 33)

Hence, public key i.e. e = 3

Page 37
4. Hash Functions.

 A hash function is a mathematical function that converts a numerical input value into
another compressed numerical value. The input to the hash function is of arbitrary length
but output is always of fixed length.
 Values returned by a hash function are called message digest or simply hash values. The
following picture illustrated hash function –

Fig.1.11 Hash Function

The hash function helps in:

 Store password in database securely

 Authenticates securely
 Organizes files & content efficiently
 Assurance of data integrity by giving indication whenever data is altered

How Does Hash Function Work?

 Hashing converts readable text into unreadable text, making it secure. And, once hashing
is executed, it’s not easy to reverse, which makes it a little different from encryption,
where you can reverse the encrypted information.
 The original data input is often broken down into small blocks of equal sizes in hashing
methods. And, if there’s not enough data within any block to make it of the same size,
padding (1s and 0s) is added. Similarly, those individual data blocks are run using a
hashing algorithm and give an output known as a hash value.
 No doubt, the process may differ if you’re hashing passwords for storing in a web server.
But, the hashing of passwords for storing involves salting. Salt is a unique random value

Page 38
 added to the message before it undergoes the hashing algorithm. Lastly, adding one
character will create a new hash value once the process is completed.
 Common Strong Hash Algorithm
 Some of the most commonly used hashing algorithms are:
o MD4
o MD5
o RIPEMD
o SHA
o TIGER
o WHIRLPOOL

Properties of Hash Function

 Deterministic: Output will not differ. And the hash value will be the same.
 Not Reversible: The hash function is not reversible. Henceforth, once the hash value is
generated, it’s impossible to reverse it.
 Collision Resistant: Two inputs will never have a similar output.
 Non-Predictable: A hash function randomly generates its hash value. So, each time a
unique hash value is generated, you can’t predict what it’ll be.
 Compression: The hash function produces a compressed hash value. It means the
output size is much smaller than the input size.

Applications of Hash Function

Storing Passwords

 Hashing secures passwords that are stored and saved on the server. Instead of storing
passwords in plaintext, you store actual hash values within the hash table by hashing.
Therefore, if an intruder tries to log into the system, they can only see the hash value and
not the actual passwords.

Verification of Passwords

 Hashing is useful for verifying passwords every time you log into your account or system.
Password verification shows you’re the actual user of the account. Similarly, if your
password matches the hash value on the server, it confirms you’re authorized.

Page 39
 The Integrity of the Data

 Hashing verifies data integrity. It assures you that your data is not modified and it’s
correct. Similarly, it also ensures your information is in its original form.

Common Uses of Hash Function

 Hash functions are helpful for most things. For instance, it’s used to sign new software
and verify digital signatures to secure the website connection with the computer or
mobile web browsers. Similarly, it’s also good for indexing and retrieving information
from the online database.
 For instance, the hash function is commonly seen in usage for:
o Data blocks within cryptocurrencies
o Blockchain technologies
o For storing passwords in an online database. (Though, it requires a little dash to
make hashing more secure.)
 In addition, the hash function is commonly found through public-key cryptography. For
example, the hash function is seen in:
o SSL/TLS certificate
o Code Signing certificate
o Email Signing certificate
o Document Signing certificate
o Used for comparing and preventing duplication within the database
o Used widely in computer graphics
o Used for finding specific data from the big database

Examples of Cryptographic Hash Functions

 Cryptographic hash functions are widely used in cryptocurrencies to pass transaction

information anonymously.
 For example, Bitcoin, the original and largest cryptocurrency, uses the SHA-256
cryptographic hash function in its algorithm.1 Ethereum, the second most popular
blockchain, uses Keccak-256 to hash information.

Password Verification

 Storing passwords in a regular text file is dangerous, so nearly all sites store passwords
as hashes. When a user inputs their password, it is hashed, and the result is compared to
the list of hashed values stored on the company's servers.

Page 40
  However, this is not a fool-proof practice—hackers have created databases of common
passwords and their hashes, called rainbow tables, which make it easier for them to get
into accounts whose information has been stolen.3

Signature Generation and Verification

 Verifying signatures is a mathematical process used to verify the authenticity of digital

documents or messages. A valid digital signature, where the prerequisites are satisfied,
gives its receiver strong proof that a known sender created the message and that it was
not altered in transit.
 A digital signature scheme typically consists of three algorithms: a key generation
algorithm; a signing algorithm that, given a message and a private key, produces a
signature; and a signature verifying algorithm.

Verifying File and Message Integrity

 Hashes can ensure messages and files transmitted from sender to receiver are not
tampered with during transit. The practice builds a "chain of trust."
 For example, a user might publish a hashed version of their data and the key so that
recipients can compare the hash value they compute to the published value to make sure
they align.

Common hashing algorithms

include: MD-5

 This is one of the first algorithms to gain widespread approval. It was designed in
1991, and at the time, it was considered remarkably secure.
 Since then, hackers have discovered how to decode the algorithm, and they can do so
in seconds. Most experts feel it's not safe for widespread use since it is so easy to tear
apart.

RIPEMD-160

 The RACE Integrity Primitives Evaluation Message Digest (or RIPEMD-160) was
developed in Belgium in the mid-1990s. It's considered remarkably secure, as hackers
haven't quite figured out how to crack it.

SHA

Page 41
  Algorithms in the SHA family are considered slightly more secure. The first versions
were developed by the United States government, but other programmers have built on
the original frameworks and made later variations more stringent and harder to break.
 In general, the bigger the number after the letters "SHA," the more recent the release
and the more complex the program.
 For example, SHA-3 includes sources of randomness in the code, which makes it much
more difficult to crack than those that came before. It became a standard hashing
algorithm in 2015 for that reason.

Whirlpool

 In 2000, designers created this algorithm based on the Advanced Encryption

Standard. It's also considered very secure.
 The government may no longer be involved in writing hashing algorithms. But the
authorities do have a role to play in protecting data.
 The Cryptographic Module Validation Program, run in part by the National Institute
of Standards and Technology, validates cryptographic modules.
 Companies can use this resource to ensure that they're using technologies that are
both safe and effective.

MESSAGE DIGEST (MD)

 MD5 is a cryptographic hash function algorithm that takes the message as input of any
length and changes it into a fixed-length message of 16 bytes.
 MD5 algorithm stands for the message-digest algorithm. MD5 was developed as an
improvement of MD4, with advanced security purposes.
 The output of MD5 (Digest size) is always 128 bits. MD5 was developed in 1991 by Ronald
Rivest.

Use of MD5 Algorithm:

 It is used for file authentication.

 In a web application, it is used for security purposes. e.g. Secure password of users etc.
 Using this algorithm, We can store our password in 128 bits format.

Page 42
 Fig. 1.12 Hash Function

Working of the MD5 Algorithm

MD5 algorithm follows the following steps

1. Append Padding Bits

 In the first step, we add padding bits in the original message in such a way that the total
length of the message is 64 bits less than the exact multiple of 512.
 Suppose we are given a message of 1000 bits. Now we have to add padding bits to the
original message. Here we will add 472 padding bits to the original message. After adding
the padding bits the size of the original message/output of the first step will be 1472 i.e.
64 bits less than an exact multiple of 512 (i.e. 512*3 = 1536).
 Length(original message + padding bits) = 512 * i – 64 where i = 1,2,3 . . .

2. Append Length Bits

 In this step, we add the length bit in the output of the first step in such a way that the
total number of the bits is the perfect multiple of 512. Simply, here we add the 64-bit as a
length bit in the output of the first step.
 i.e. output of first step = 512 * n – 64
 length bits = 64.
 After adding both we will get 512 * n i.e. the exact multiple of 512.

3. Initialize MD buffer

 Here, we use the 4 buffers i.e. J, K, L, and M. The size of each buffer is 32 bits.

- J = 0x67425301

- K = 0xEDFCBA45

- L = 0x98CBADFE

- M = 0x13DCE476

4. Process Each 512-bit Block

Page 43
  This is the most important step of the MD5 algorithm. Here, a total of 64 operations are
performed in 4 rounds. In the 1st round, 16 operations will be performed, 2nd round 16
operations will be performed, 3rd round 16 operations will be performed, and in the 4th
round, 16 operations will be performed.
 We apply a different function on each round i.e. for the 1st round we apply the F function,
for the 2nd G function, 3rd for the H function, and 4th for the I function.
 We perform OR, AND, XOR, and NOT (basically these are logic gates) for calculating
functions. We use 3 buffers for each function i.e. K, L, M.

- F(K,L,M) = (K AND L) OR (NOT K AND M)

- G(K,L,M) = (K AND L) OR (L AND NOT M)

- H(K,L,M) = K XOR L XOR M

- I(K,L,M) = L XOR (K OR NOT M)

 After applying the function now we perform an operation on each block. For performing
operations we need

add modulo 232

M[i] – 32 bit
message.

K[i] – 32-bit
constant.

<<<n – Left shift by n bits.

 Now take input as initialize MD buffer i.e. J, K, L, M. Output of K will be fed in L, L will
be fed into M, and M will be fed into J. After doing this now we perform some
operations to find the output for J.
o In the first step, Outputs of K, L, and M are taken and then the function F is
applied to them. We will add modulo 232 bits for the output of this with J.
o In the second step, we add the M[i] bit message with the output of the first step.
o Then add 32 bits constant i.e. K[i] to the output of the second step.
o At last, we do left shift operation by n (can be any value of n) and addition modulo
by 232.
o After all steps, the result of J will be fed into K. Now same steps will be used for all
functions G, H, and I. After performing all 64 operations we will get our message
digest.

Output:
Page 44
  After all, rounds have been performed, the buffer J, K, L, and M contains the MD5
output starting with the lower bit J and ending with Higher bits M.

SECURE HASH FUNCTION (SHA)

 SHA-1 or Secure Hash Algorithm 1 is a cryptographic hash function which takes an

input and produces a 160-bit (20-byte) hash value.
 This hash value is known as a message digest.
 This message digest is usually then rendered as a hexadecimal number which is 40
digits long.
 It is a U.S. Federal Information Processing Standard and was designed by the United
States National Security Agency.

Salient Features

 Works for any input message that is less than 2^64 bits
 Produces 160 bits length message digest
 Infeasible to retain the original message from the message digest
 Same message digest to be produced from both sender and receiver
 Purpose: Authentication, not Encryption
 Widely used in security applications and protocols, including TLS,SSL,PGP,SSH,IPSec
and S/MIME

Fig. 1.13 Abstract view of SHA

Page 45
Steps involved in Hash Function

Fig.1.14 Compression Function

SHA1 Algorithm Description

 It is a 6-step process of padding of '1000...',

o appending message length,
o preparing 80 process functions,
o preparing 80 constants,
o preparing 5 word buffers,
o processing input in 512 blocks.

SHA1 algorithm consists of 6 tasks

Task 1.Appending Padding Bits.

 The original message is "padded" (extended) so that its length (in bits) is congruent to
448, modulo 512.
 The padding rules are:
o The original message is always padded with one bit "1" first.
o Then padded with as many 0’s as necessary to bring the message length to 64 bits
fewer than a multiple of 512.

Page 46
 Fig.1.15 Padding of Extra String

Task 2.Appending Length.

 64 bits are appended to the end of the padded message to indicate the length of the
original message.
 The rules of appending length are:
o The length of the original message in bytes is converted to its binary format of 64 bits.
o If overflow happens, only the low-order 64 bits are used.
o Break the 64-bit length into 2 words (32 bits each).
o The low-order word is appended first and followed by the high-order word.

Fig. 1.16 Padding with multiplication

Page 47
Task 3.Preparing Processing Functions.

SHA1 requires 80 processing functions defined as:

f(t;B,C,D) = (B AND C) OR ((NOT B) AND D) ( 0 <= t <= 19)

f(t;B,C,D) = B XOR C XOR D (20 <= t <= 39)

f(t;B,C,D) = (B AND C) OR (B AND D) OR (C AND D) (40 <= t <=

59) f(t;B,C,D) = B XOR C XOR D (60 <= t <= 79)

Task 4.Preparing Processing Constants.

SHA1 requires 80 processing constant words defined as:

K(t) = 5A827999 ( 0 <= t <= 19)

K(t) = 6ED9EBA1 (20 <= t <=

39) K(t) = 8F1BBCDC (40 <= t <=

59) K(t) = CA62C1D6 (60 <= t <= 79)

Task 5.Initializing Buffers.

SHA1 algorithm requires 5 word buffers with the following initial values:

H0 = 67452301

H1 = EFCDAB89

H2 = 98BADCFE

H3 = 10325476

H4 = C3D2E1F0

Task 6.Processing Message in 512-bit Blocks.

This is the main task of SHA1 algorithm, which loops through the padded and appended
message in blocks of 512 bits each.

For each input block, a number of operations are performed

Computing the Message Digest

Page 48
  The message digest is computed using the final padded message.
 The computation uses two buffers:
o each consisting of five 32-bit words
o a sequence of eighty 32-bit words.
 The words of the first 5-word buffer are labeled A,B,C,D,E.
 The words of the second 5-word buffer are labeled H0, H1, H2, H3, H4.
 The words of the 80-word sequence are labeled W0, W1,..., W79.
 A single word buffer TEMP is also employed.
 To generate the message digest, the 16-word blocks M1, M2,..., Mn .
 The processing of each Mi involves 80 steps.

SHA-1 Framework Final Step

Input and predefined functions:

M[1, 2, ..., L]: Blocks of the padded and appended message

f(0;B,C,D), f(1,B,C,D), ..., f(79,B,C,D): 80 Processing Functions

K(0), K(1), ..., K(79): 80 Processing Constant Words

H0, H1, H2, H3, H4, H5: 5 Word buffers with initial values

Output:

H0, H1, H2, H3, H4, H5: Word buffers with final message digest

Applications of Hash Functions

There are two direct applications of hash function based on its cryptographic properties.

Password Storage

 Hash functions provide protection to password storage.

 Instead of storing password in clear, mostly all logon processes store the hash
values of passwords in the file.
 The Password file consists of a table of pairs which are in the form (user id, h(P)).
 The process of logon is depicted in the following illustration –

Page 49
 Fig. 1.17 Password Storage

 An intruder can only see the hashes of passwords, even if he accessed the
password. He can neither logon using hash nor can he derive the password from
hash value since hash function possesses the property of pre-image resistance.

Data Integrity Check

 Data integrity check is a most common application of the hash functions. It is used
to generate the checksums on data files. This application provides assurance to the
user about correctness of the data.

The process is depicted in the following illustration –

Fig.1.18 Data Integrity Check

 The integrity check helps the user to detect any changes made to original file. It
however, does not provide any assurance about originality. The attacker, instead
of modifying file data, can change the entire file and compute all together new
hash
Page 50
Page 51
 and send to the receiver. This integrity check application is useful only if the user
is sure about the originality of file.

5. Authentication in Cryptography.

 Authentication can be defined as determining an identity to the required level of

assurance Authentication is the first step in any cryptographic solution. Because unless
we know who is communicating, there is no point in encryption what is being
communicated.
 Authentication is any process by which a system verifies the identity of a user who
wishes to access it
 Authentication may be implemented using Credentials, each of which is composed of a
User ID and Password. Alternately, Authentication may be implemented with Smart
Cards, an Authentication Server or even a Public Key Infrastructure

What you know

Passwords/Secret key

Where you are

IP address

What you are

Biometrics (e.g. fingerprint)

What you have

Secure tokens/smart card/ ATM card

Passwords

 A password is a string of alphabets, numbers and special characters, which is

supposed to be known only to the entity (usually person) that is being authenticated
• Password Based Authentication
o Clear Text Passwords
o Simplest Password based Authentication

Page 52
Mechanism

– Prompt for user ID and Password

– User enters user ID and Password

– User ID and Password Validation

– Authentication Result

– Inform user accordingly

Password Based Authentication

Fig.1.19 Password Authentication

 User Authentication using Clear Text Password

 Clear Text Passwords are being sent from Client to Server
 User Database stores Passwords in Clear Text Format

Authentication Methods

 Authentication keeps invalid users out of databases, networks, and other resources.
These types of authentication use factors, a category of credential for verification, to
confirm user identity. Here are just a few authentication methods.

Single-Factor / Primary Authentication

 Historically the most common form of authentication, Single-Factor Authentication, is

also the least secure, as it only requires one factor to gain full system access.

Page 53
 It could be a username and password, pin-number or another simple code. While user-
friendly, Single-Factor authenticated systems are relatively easy to infiltrate by phishing,
key logging, or mere guessing.
 As there is no other authentication gate to get through, this approach is highly vulnerable
to attack.

Two-Factor Authentication (2FA)

 By adding a second factor for verification, two-factor authentication reinforces security

efforts. It is an added layer that essentially double-checks that a user is, in reality, the
user they’re attempting to log in as—making it much harder to break.
 With this method, users enter their primary authentication credentials (like the
username/password mentioned above) and then must input a secondary piece of
identifying information.
 The secondary factor is usually more difficult, as it often requires something the valid
user would have access to, unrelated to the given system. Possible secondary factors are a
one- time password from an authenticator app, a phone number, or device that can
receive a push notification or SMS code, or a biometric like fingerprint (Touch ID) or
facial (Face ID) or voice recognition.
 2FA significantly minimizes the risk of system or resource compromise, as it’s unlikely an
invalid user would know or have access to both authentication factors.
 While two-factor authentication is now more widely adopted for this reason, it does
cause some user inconvenience, which is still something to consider in implementation.

Single Sign-On (SSO)

 With SSO, users only have to log in to one application and, in doing so, gain access to
many other applications.
 This method is more convenient for users, as it removes the obligation to retain
multiple sets of credentials and creates a more seamless experience during operative
sessions.
 Organizations can accomplish this by identifying a central domain (most ideally, an IAM
system) and then creating secure SSO links between resources.

Page 54
  This process allows domain-monitored user authentication and, with single sign-off, can
ensure that when valid users end their session, they successfully log out of all linked
resources and applications.
Multi-Factor Authentication (MFA)

 Multi-factor authentication is a high-assurance method, as it uses more system-irrelevant

factors to legitimize users.
 Like 2FA, MFA uses factors like biometrics, device-based confirmation, additional
passwords, and even location or behavior-based information (e.g., keystroke pattern or
typing speed) to confirm user identity.
 However, the difference is that while 2FA always utilizes only two factors, MFA could use
two or three, with the ability to vary between sessions, adding an elusive element for
invalid users.
Common Authentication Protocols

 Authentication protocols are the designated rules for interaction and verification that
endpoints (laptops, desktops, phones, servers, etc.) or systems use to communicate. For
as many different applications that users need access to, there are just as many standards
and protocols.
 Selecting the right authentication protocol for your organization is essential for ensuring
secure operations and use compatibility. Here are a few of the most commonly used
authentication protocols.
Password Authentication Protocol (PAP)

 While common, PAP is the least secure protocol for validating users, due mostly to its
lack of encryption.
 It is essentially a routine log in process that requires a username and password
combination to access a given system, which validates the provided credentials.
 It’s now most often used as a last option when communicating between a server and
desktop or remote device.

Page 55
Challenge Handshake Authentication Protocol (CHAP)

 CHAP is an identity verification protocol that verifies a user to a given network with a
higher standard of encryption using a three-way exchange of a “secret.”
 First, the local router sends a “challenge” to the remote host, which then sends a response
with an MD5 hash function.
 The router matches against its expected response (hash value), and depending on
whether the router determines a match, it establishes an authenticated connection—the
“handshake”—or denies access.
 It is inherently more secure than PAP, as the router can send a challenge at any point
during a session, and PAP only operates on the initial authentication approval.

Extensible Authentication Protocol (EAP)

 This protocol supports many types of authentication, from one-time passwords to smart
cards.
 When used for wireless communications, EAP is the highest level of security as it allows a
given access point and remote device to perform mutual authentication with built-in
encryption.
 It connects users to the access point that requests credentials, confirms identity via an
authentication server, and then makes another request for an additional form of user
identification to again confirm via the server—completing the process with all messages
transmitted, encrypted.

6. Digital Signature in Cryptography.

 Signature is a way of authenticating the data coming from a trusted individual. Similarly,
digital signature is a way of authenticating a digital data coming from a trusted source.
 Digital Signature Standard (DSS) is a Federal Information Processing Standard(FIPS)
which defines algorithms that are used to generate digital signatures with the help of
Secure Hash Algorithm(SHA) for the authentication of electronic documents.
 DSS only provides us with the digital signature function and not with any encryption or
key exchanging strategies.

Page 56
 Fig.1.20 Digital Signature Standard

Sender Side:

 In DSS Approach, a hash code is generated out of the message and following inputs are
given to the signature function –
o The hash code.
o The random number ‘k’ generated for that particular signature.
o The private key of the sender i.e., PR(a).
o A global public key(which is a set of parameters for the communicating principles)
i.e., PU(g).
 These input to the function will provide us with the output signature containing two
components – ‘s’ and ‘r’. Therefore, the original message concatenated with the signature
is sent to the receiver.

Receiver Side:

At the receiver end, verification of the sender is done.

 The hash code of the sent message is generated. There is a verification function which
takes the following inputs –
o The hash code generated by the receiver.
o Signature components ‘s’ and ‘r’.
o Public key of the sender.
o Global public key.

Page 57
  The output of the verification function is compared with the signature component ‘r’. Both
the values will match if the sent signature is valid because only the sender with the help
of it private key can generate a valid signature.

Types of Digital Signatures

There are three main types of digital signatures – simple, advanced, and qualified – each
with its level of security and use cases.

a) Simple Digital Signature: A simple digital signature is the most basic type of digital
signature and is not protected by any encryption method. It is the electronic equivalent of
a scanned wet signature or an email signature.
b) Advanced Digital Signature: An advanced digital signature is linked to specific signers
and provides a higher level of security than a simple digital signature. It uses Public Key
Infrastructure (PKI) standards to provide a high level of security and universal
acceptance.
c) Qualified Digital Signature: A qualified digital signature is the most secure type of
digital signature and requires a more rigorous level of identity assurance through digital
certificates. It is legally binding in many countries and holds the same value as traditional
handwritten signatures.

Overall, digital signatures are a type of electronic signature based on PKI standards, ensuring
that a message’s contents have not been changed or altered in transit.

Benefits of Using Digital Signatures

Using digital signatures provides multiple benefits for both organisations and individuals. Some
of the most notable benefits of digital signatures include:

 Increased Contract Speed: Digital signatures naturally accelerate the contract process
by eliminating the need for physical signatures and paper-based documentation. In turn,
parties experience faster turnaround times and improved efficiency.
 Enhanced Security: Digital signatures provide additional security through advanced
encryption, decryption, and an unforgeable audit trail outlining all the changes made
within the document. They ensure the origin, integrity, and indisputability of the signed
document or information.

Page 58
 Lower Transaction Costs: By replacing past hardcopy processes, digital signatures
reduce transaction costs by eliminating the need for printing, scanning, and mailing
documents. Eliminating tangible documentation means organisations can benefit from
significant cost savings when conducting business.
 Reliability: A digital signature is inherently designed to be reliable and authentic. Thus,
it provides certainty about who signed the document and that no one has modified the
signed information afterwards.
 Location Independence: With digital signatures, documents can be signed from
anywhere, making them useful, especially when several parties must sign the same
document.
 Cost-Effective: Digital signatures are cost-effective, eliminating the need for printing,
scanning, and mailing paper. They can also reduce the need for physical storage space for
paper documents.
 Faster Document Processing Time: Digital signatures can speed up document
processing time by eliminating the need for physical signatures, paper-based
documentation, and mail delivery methods.

Digital signatures have revolutionised how we authenticate documents and transactions,

helping accelerate and further secure countless functions that many businesses and
professionals rely on in their day-to-day operations.

Page 59