Module 2 – Cryptography: Key Management, distribution & user authentication

- Traditional Block Cipher Structure

1. Stream Ciphers

• A stream cipher encrypts plaintext one bit (or byte) at a time, producing a continuous stream of
ciphertext.

• The encryption is based on combining the plaintext with a keystream (a sequence of pseudorandom
bits).

• Typically uses XOR operation:

Ci=Pi ⊕ Ki

where Ci = ciphertext bit, Pi = plaintext bit, Ki = key bit.

• Advantages:

o Fast and efficient for real-time applications (e.g., secure voice communication, streaming).

o Lower memory requirement.

• Example: RC4, A5/1 (used in GSM), Salsa20/ChaCha.

- Prem Hanchate
2. Block Ciphers

• A block cipher encrypts data in fixed-size blocks (e.g., 64 bits in DES, 128 bits in AES).

• The same key is applied to all blocks.

• Works as a substitution–permutation network (SPN) or Feistel structure.

• For plaintext longer than block size, special modes of operation (ECB, CBC, CFB, OFB, CTR) are
used.

• Advantages:

o Provides strong confusion and diffusion.

o More resistant to statistical attacks compared to stream ciphers.

• Examples: DES, AES, Blowfish.

Block Cipher Modes of Operation

Block ciphers work on fixed block sizes. But real data is often much larger or smaller. To handle this, special
modes of operation are used.

- Prem Hanchate
Electronic Codebook (ECB):

• Encrypts each block independently.

• Weak: Same plaintext block → same ciphertext block.

• Best only for very short data (like encrypting keys).

Cipher Block Chaining (CBC):

• Each block of plaintext is XORed with the previous ciphertext block.

• Needs an Initialization Vector (IV) for the first block.

• Prevents patterns, secure for longer data.

Cipher Feedback (CFB):

• Converts block cipher into a stream cipher.

• Encrypts small segments (like 8 bits at a time).

• Good for real-time applications.

Output Feedback (OFB):

• Similar to CFB but feedback comes from the cipher output, not ciphertext.

• Prevents error propagation.

• Useful in noisy communication channels.

Counter Mode (CTR):

• Uses a counter value, encrypts it, then XORs with plaintext.

• Blocks can be encrypted in parallel → very fast.

• Widely used in modern systems (e.g., AES-CTR).

- Prem Hanchate
3. Motivation for the Feistel Cipher Structure

• Designing ciphers requires that encryption and decryption be possible with the same algorithm
(except key order).

• Many substitution–permutation networks are not naturally invertible.

• Horst Feistel proposed a structure where:

o Encryption is easy.

o Decryption uses the same algorithm but with round keys in reverse order.

• Benefits:

o Simplifies hardware/software implementation.

o Easy to analyze and extend security by increasing rounds.

o Foundation for many famous ciphers (DES, Blowfish).

- Prem Hanchate
4. Feistel Cipher
Feistel suggested a simple but powerful design:

1. Start with a plaintext block (size = 2w bits).

2. Split it into Left Half (L0) and Right Half (R0).

3. For each round:

4. After several rounds, swap and recombine halves → ciphertext.

Decryption : Uses the same process but applies subkeys in reverse order .

This makes Feistel ciphers very efficient and flexible.

Design Parameters:

• Block size: Bigger blocks → better security but slower. (DES = 64 bits, AES = 128 bits).

• Key size: Bigger keys → harder brute-force attacks. (DES = 56 bits, AES = 128/192/256 bits).

• Number of rounds: More rounds = stronger cipher (DES = 16 rounds).

• Round function (F): Must be complex, nonlinear, and provide avalanche effect.

• Subkey generation: Must make subkeys look very different to avoid easy attacks.

❖ Data Encryption Standard (DES)

Introduction

• Issued in 1977 by the National Bureau of Standards (now NIST) as Federal Information Processing
Standard 46 (FIPS PUB 46).

• Algorithm name: Data Encryption Algorithm (DEA).

• Operates on 64-bit blocks of data using a 56-bit key.

• Encryption and decryption use the same steps, except decryption applies the round keys in reverse
order.

- DES Encryption Process

DES works in three main phases:

1. Initial Permutation (IP)

• The 64-bit plaintext input is rearranged according to a fixed pattern.

• This doesn’t add real security but helps with the internal structure.

- Prem Hanchate
 • Output → called the permuted input.

2. Sixteen Rounds of Processing

• The heart of DES lies in 16 Feistel rounds.

• Each round performs:

o Substitution (using S-boxes).

o Permutation (bit shuffling).

o XOR operation with a round subkey.

• After the 16th round, the left and right halves are swapped → this is called the pre-output

- Prem Hanchate
3. Final Permutation (IP⁻¹)

• The pre-output goes through a final permutation, which is just the inverse of the initial permutation
(IP).

• Result → 64-bit ciphertext.

Except for the initial and final permutations, DES is a classic Feistel cipher

Key Processing in DES

• Input key size = 64 bits, but 8 bits are used for parity checking, leaving an effective key size of 56
bits.

• Steps:

1. The 56-bit key is permuted.

2. For each of the 16 rounds, a subkey (Kᵢ) is generated using:

▪ Left circular shifts of the key bits.

▪ Another permutation.

• Although the permutation pattern is fixed, the shifting makes each round key different.

- Prem Hanchate
DES Decryption

• Uses the same algorithm as encryption.

• Difference: Subkeys K1,K2,…,K16K_1, K_2, …, K_{16}K1,K2,…,K16 are applied in reverse order

during decryption.

• The initial and final permutations are also reversed.

Avalanche Effect

• A good encryption algorithm should show the avalanche effect:

o A 1-bit change in either plaintext or key → causes a large change in ciphertext.

• This ensures attackers can’t guess keys by observing small input changes.

S-Boxes (Substitution Boxes)

• DES uses 8 S-boxes in every round.

• Each S-box takes 6 input bits → produces 4 output bits.

• They provide non-linearity and are the main source of confusion in DES.

Concern:

• When DES was released, the design of the S-boxes was not made public.

• This led to suspicion that they may contain a “backdoor” (a hidden weakness).

• Over the years, researchers studied the S-boxes deeply.

o Some unusual patterns were found.

o But no serious weakness was discovered that makes DES “easily breakable.”

Advanced Encryption Standard (AES)

Introduction & History

• AES is a symmetric block cipher standardized by NIST in 2001 (FIPS 197).

• Replaced DES due to security concerns.

• Based on Rijndael algorithm.

- Prem Hanchate
Key Features

• Block size = 128 bits.

• Key sizes = 128, 192, or 256 bits.

• Number of rounds: 10, 12, or 14 depending on key size.

• Non-Feistel structure → uses substitution–permutation network.

AES Data Representation

• Operates on a 4×4 matrix of bytes, called the State.

• Each round transforms the State matrix.

Rounds & Transformations

Each round (except final) has:

1. SubBytes: Byte substitution using an S-Box (provides non-linearity).

2. ShiftRows: Cyclic shift of rows (permutation step).

3. MixColumns: Mixes bytes within each column (diffusion).

4. AddRoundKey: XOR with round key.

- Prem Hanchate
Final round excludes MixColumns.

Key Expansion

• AES expands cipher key into multiple round keys.

• Uses Rcon, SubWord, RotWord transformations.

Security

• Resistant to differential/linear attacks.

• Large key size makes brute-force impractical.

• Used worldwide for secure communications.

Modern Symmetric-Key Ciphers

Block Ciphers

• Operate on fixed-size blocks (e.g., 64 or 128 bits).

• Types:

o Substitution: Replace symbols with others.

o Transposition: Rearrange positions of symbols.

Product Ciphers

• Combine substitution + permutation for strength.

• Provide confusion (hide relation plaintext–key) and diffusion (spread plaintext influence).

Feistel vs Non-Feistel

• Feistel Cipher: Splits block, applies function + swapping (used in DES).

• Non-Feistel Cipher: Invertible functions with direct inverse mapping (used in AES).

Components

• P-Boxes: Bit-level permutations (straight, compression, expansion).

• S-Boxes: Substitution boxes for non-linearity.

• XOR operation: Common in mixing keys.

• Shift & Swap: Additional operations.

Attacks

• Differential Cryptanalysis: Observes input differences and corresponding output differences.

• Linear Cryptanalysis: Exploits linear approximations of cipher.

- Prem Hanchate
5. Key Management

Symmetric-Key Distribution

• Challenge: How to securely share keys?

• KDC (Key Distribution Center): Central server issues session keys.

• Session keys are temporary, valid for one session only.

Protocols

• Needham-Schroeder Protocol

• Otway-Rees Protocol

Kerberos

• Authentication system + KDC.

• Uses Authentication Server (AS) and Ticket Granting Server (TGS).

• Provides secure single sign-on.

Symmetric-Key Agreement

• Diffie-Hellman: Two parties establish a shared key over insecure channel.

Public-Key Infrastructure (PKI)

• Uses Certification Authorities (CAs) to manage public keys.

• Certificates (X.509) validate ownership of keys.

• Supports revocation and renewal.

6. Multiplicative Inverse & Euclidean Algorithm

Euclidean Algorithm

• Finds gcd(a, b) using repeated division.

• Extended Euclidean Algorithm gives coefficients to express gcd as a linear combination.

Multiplicative Inverse

• For integer a modulo n, the multiplicative inverse exists if gcd(a, n) = 1.

• Example:

o Find inverse of 15 mod 26.

o gcd(15, 26) = 1 → inverse exists.

o Using Euclidean algorithm → inverse is 7 (since 15×7 mod 26 = 1).

Application

• Essential for RSA decryption keys.

- Prem Hanchate
 • Also used in affine ciphers.

7. RSA & Diffie-Hellman

RSA (Rivest–Shamir–Adleman)

1. Key Generation

o Choose primes p, q.

o Compute n = p*q, φ(n) = (p-1)(q-1).

o Choose public exponent e (coprime with φ(n)).

o Compute private key d (inverse of e mod φ(n)).

2. Encryption: c = m^e mod n

3. Decryption: m = c^d mod n

4. Digital Signatures: Use private key to sign, public key to verify.

Security: Based on hardness of factoring large integers.

Diffie-Hellman Key Exchange

• First practical public-key exchange.

• Steps:

1. Choose prime p and generator g.

2. Alice picks secret a, sends g^a mod p.

3. Bob picks secret b, sends g^b mod p.

4. Shared key = g^(ab) mod p.

• Security: Based on difficulty of discrete logarithm problem.

• Weakness: No authentication (man-in-the-middle attack possible).

- Prem Hanchate
 • Hash functions & It’s Application :-

Hash functions are extremely useful and appear in almost all information security applications.
A hash function is a mathematical function that converts a numerical input value into another
compressed numerical value. The input to the hash function is of arbitrary length but output is
always of fixed length. Values returned by a hash function are called message digest or simply hash
values. The following picture illustrated hash function –

Features of Hash Functions :-

The typical features of hash functions are –

• Fixed Length Output (Hash Value)

• Hash function coverts data of arbitrary length to a fixed length. This process is often referred to as
hashing the data.
• In general, the hash is much smaller than the input data, hence hash functions are sometimes called
compression functions.
• Since a hash is a smaller representation of a larger data, it is also referred to as a digest.
• Hash function with n bit output is referred to as an n-bit hash function. Popular hash functions
generate values between 160 and 512 bits.

▪ Efficiency of Operation :

• Generally for any hash function h with input x, computation of h(x) is a fast operation.

- Prem Hanchate
 • Computationally hash functions are much faster than a symmetric encryption. Properties of Hash
Functions

In order to be an effective cryptographic tool, the hash function is desired to possess following properties

▪ Pre-Image Resistance :

• This property means that it should be computationally hard to reverse a hash function.
• In other words, if a hash function h produced a hash value z, then it should be a difficult process to
find any input value x that hashes to z.
• This property protects against an attacker who only has a hash value and is trying to find the input.

▪ Second Pre-Image Resistance :

• This property means given an input and its hash, it should be hard to find a different input with the
same hash.
• In other words, if a hash function h for an input x produces hash value h(x), then it should be difficult
to find any other input value y such that h(y) = h(x).
• This property of hash function protects against an attacker who has an input value and its hash, and
wants to substitute different value as legitimate value in place of original input value.

▪ Collision Resistance :

• This property means it should be hard to find two different inputs of any length that result in the
same hash. This property is also referred to as collision free hash function.
• In other words, for a hash function h, it is hard to find any two different inputs x and y such that h(x)
= h(y).
• Since, hash function is compressing function with fixed hash length, it is impossible for a hash
function not to have collisions. This property of collision free only confirms that these collisions
should be hard to find.
• This property makes it very difficult for an attacker to find two input values with the same hash.
• Also, if a hash function is collision-resistant then it is second pre-image resistant.

Design of Hashing Algorithms :

At the heart of a hashing is a mathematical function that operates on two fixed-size blocks of data to create
a hash code. This hash function forms the part of the hashing algorithm.
The size of each data block varies depending on the algorithm. Typically the block sizes are from 128 bits
to 512 bits. The following illustration demonstrates hash function −

- Prem Hanchate
Hashing algorithm involves rounds of above hash function like a block cipher. Each round takes an input of
a fixed size, typically a combination of the most recent message block and the output of the last round.

This process is repeated for as many rounds as are required to hash the entire message. Schematic of
hashing algorithm is depicted in the following illustration –

Since, the hash value of first message block becomes an input to the second hash operation, output of
which alters the result of the third operation, and so on. This effect, known as an avalanche effect of
hashing.
Avalanche effect results in substantially different hash values for two messages that differ by even a single
bit of data.
Understand the difference between hash function and algorithm correctly. The hash function generates a
hash code by operating on two blocks of fixed-length binary data.
Hashing algorithm is a process for using the hash function, specifying how the message will be broken up
and how the results from previous message blocks are chained together.
Popular Hash Functions
Let us briefly see some popular hash functions −
Message Digest (MD)

MD5 was most popular and widely used hash function for quite some years.
• The MD family comprises of hash functions MD2, MD4, MD5 and MD6. It was adopted as
Internet Standard RFC 1321. It is a 128-bit hash function.
• MD5 digests have been widely used in the software world to provide assurance about
integrity of transferred file. For example, file servers often provide a pre-computed MD5
checksum for the files, so that a user can compare the checksum of the downloaded file to it.
• In 2004, collisions were found in MD5. An analytical attack was reported to be successful
- Prem Hanchate
 only in an hour by using computer cluster. This collision attack resulted in compromised
MD5 and hence it is no longer recommended for use.

Secure Hash Function (SHA)

Family of SHA comprise of four SHA algorithms; SHA-0, SHA-1, SHA-2, and SHA-3. Though from same
family, there are structurally different.
• The original version is SHA-0, a 160-bit hash function, was published by the National
Institute of Standards and Technology (NIST) in 1993. It had few weaknesses and did not
become very popular. Later in 1995, SHA-1 was designed to correct alleged weaknesses of
SHA-0.
• SHA-1 is the most widely used of the existing SHA hash functions. It is employed in several
widely used applications and protocols including Secure Socket Layer (SSL) security.
• In 2005, a method was found for uncovering collisions for SHA-1 within practical time frame
making long-term employability of SHA-1 doubtful.
• SHA-2 family has four further SHA variants, SHA-224, SHA-256, SHA-384, and SHA-512
depending up on number of bits in their hash value. No successful attacks have yet been
reported on SHA-2 hash function.
• Though SHA-2 is a strong hash function. Though significantly different, its basic design is
still follows design of SHA-1. Hence, NIST called for new competitive hash function designs.
• In October 2012, the NIST chose the Keccak algorithm as the new SHA-3 standard. Keccak
offers many benefits, such as efficient performance and good resistance for attacks.

Other popular HASH functions :

RIPEMD and Whirlpool

Applications of Hash Functions

There are two direct applications of hash function based on its cryptographic properties.
Password Storage

Hash functions provide protection to password storage.

• Instead of storing password in clear, mostly all logon processes store the hash values
of passwords in the file.
• The Password file consists of a table of pairs which are in the form (user id, h(P)).
• The process of logon is depicted in the following illustration −

- Prem Hanchate
 • An intruder can only see the hashes of passwords, even if he accessed the password. He can
neither logon using hash nor can he derive the password from hash value since hash function
possesses the property of pre-image resistance.

Data Integrity Check

Data integrity check is a most common application of the hash functions. It is used to generate the
checksums on data files. This application provides assurance to the user about correctness of the data.
The process is depicted in the following illustration −

The integrity check helps the user to detect any changes made to original file. It however, does not provide
any assurance about originality. The attacker, instead of modifying file data, can change the entire file and
compute all together new hash and send to the receiver. This integrity check application is useful only if
the user is sure about the originality of file.

- Prem Hanchate
 Digital signatures

Digital signatures are the public-key primitives of message authentication. In the physical world, it is
common to use handwritten signatures on handwritten or typed messages. They are used to bind
signatory to the message.

Similarly, a digital signature is a technique that binds a person/entity to the digital data. This binding
can be independently verified by receiver as well as any third party.

Digital signature is a cryptographic value that is calculated from the data and a secret key known only by
the signer.

In real world, the receiver of message needs assurance that the message belongs to the sender and he
should not be able to repudiate the origination of that message. This requirement is very crucial in
business applications, since likelihood of a dispute over exchanged data is very high.

Model of Digital Signature

As mentioned earlier, the digital signature scheme is based on public key cryptography. The model
of digital signature scheme is depicted in the following illustration −

The following points explain the entire process in detail −

• Each person adopting this scheme has a public-private key pair.

• Generally, the key pairs used for encryption/decryption and signing/verifying are different.
The private key used for signing is referred to as the signature key and the public key as the
verification key.
• Signer feeds data to the hash function and generates hash of data.
 • zHash value and signature key are then fed to the signature algorithm which produces the
digital signature on given hash. Signature is appended to the data and then both are sent to
the verifier.
• Verifier feeds the digital signature and the verification key into the verification algorithm.
The verification algorithm gives some value as output.
• Verifier also runs same hash function on received data to generate hash value.
• For verification, this hash value and output of verification algorithm are compared. Based on
the comparison result, verifier decides whether the digital signature is valid.
• Since digital signature is created by ‘private’ key of signer and no one else can have
this key; the signer cannot repudiate signing the data in future.
It should be noticed that instead of signing data directly by signing algorithm, usually a hash of data
is created. Since the hash of data is a unique representation of data, it is sufficient to sign the hash in place
of data. The most important reason of using hash instead of data directly for signing is efficiency of the
scheme.

Let us assume RSA is used as the signing algorithm. As discussed in public key encryption chapter, the
encryption/signing process using RSA involves modular exponentiation.

Signing large data through modular exponentiation is computationally expensive and time
consuming. The hash of the data is a relatively small digest of the data, hence signing a hash is more
efficient than signing the entire data.

Importance of Digital Signature

Out of all cryptographic primitives, the digital signature using public key cryptography is considered as
very important and useful tool to achieve information security.

Apart from ability to provide non-repudiation of message, the digital signature also provides
message authentication and data integrity. Let us briefly see how this is achieved by the digital
signature −
• Message authentication − When the verifier validates the digital signature using public
key of a sender, he is assured that signature has been created only by sender who possess
the corresponding secret private key and no one else.
• Data Integrity − In case an attacker has access to the data and modifies it, the digital
signature verification at receiver end fails. The hash of modified data and the output
provided by the verification algorithm will not match. Hence, receiver can safely deny the
message assuming that data integrity has been breached.
• Non-repudiation − Since it is assumed that only the signer has the knowledge of the
signature key, he can only create unique signature on a given data. Thus the receiver can
present data and the digital signature to a third party as evidence if any dispute arises in the
future.
By adding public-key encryption to digital signature scheme, we can create a cryptosystem that can
provide the four essential elements of security namely − Privacy, Authentication, Integrity, and Non-
repudiation.

Encryption with Digital Signature

In many digital communications, it is desirable to exchange an encrypted messages than plaintext to
achieve confidentiality. In public key encryption scheme, a public (encryption) key of sender is available
in open domain, and hence anyone can spoof his identity and send any encrypted message to the receiver.
This makes it essential for users employing PKC for encryption to seek digital signatures along with
encrypted data to be assured of message authentication and non-repudiation.

This can archived by combining digital signatures with encryption scheme. Let us briefly discuss how
to achieve this requirement. There are two possibilities, sign-then-encrypt and encrypt- then-sign.

However, the crypto system based on sign-then-encrypt can be exploited by receiver to spoof identity of
sender and sent that data to third party. Hence, this method is not preferred. The process of encrypt-
then-sign is more reliable and widely adopted. This is depicted in the following illustration −

The receiver after receiving the encrypted data and signature on it, first verifies the signature using
sender’s public key. After ensuring the validity of the signature, he then retrieves the data through
decryption using his private key.