CS6701 – CRYPTOGRAPHY AND NETWORK SECURITY

IV YEAR / VII SEMESTER (COMMON TO CSE & IT)

UNIT – II
BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY

PREPARED BY
O.K.GOWRISHANKAR M.E., (AP/CSE)

VERIFIED BY

HOD PRINCIPAL CORRESPONDENT

SENGUNTHAR COLLEGE OF ENGINEERING – TIRUCHENGODE

`
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

1
 UNIT II
BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY

 Data Encryption Standard (DES)

 Block cipher principles
 block cipher modes of operation
 Advanced Encryption Standard (AES)
 Triple DES
 RC5 algorithm
 Public key cryptography: Principles of public key cryptosystems
 The RSA algorithm
 Key management - Diffie Hellman Key exchange
 Elliptic curve arithmetic-Elliptic curve cryptography.

2
 LIST OF IMPORTANT QUESTIONS

PART-A

1.State the difference between private key and public key algorithm [A/M-2017]
2.Give the five modes of operation of block cipher [A/M-2017]
3.Brief the strengths of triple DES [N/D-2016]
4.What is an elliptic curve? [N/D-2016]
5.What is meant by Avalanche effect in DES [M/J-2016]
6.State the siginificance of blinding in RSA [M/J-2016]
7.Define Primitive root. [N/D 2012] [A/M-2015]
8.State few applications of RC 4 Algorithm [A/M-2015]
9.What is optimal Asymmetric Encryption Padding? [M/J 2014]
10.What are the disadvantages of double DES? [N/D 2012]
11.What are the different modes of operation in DES? [April/May 2011][Nov/Dec 2013]
12.Define factoring. [May/June 2012]
13.What do you mean by differential cryptoanalysis? [May/June 2012]
14.Write out Data Encryption Standard. [May/June 2012]
15.Write down the purpose of the S-Boxes in DES? [N/D 2011]
16.Perform encryption and decryption using RSA Algorithm. For the following.
P=7; q=11; e=17; M=8.

3
 PART-B

1.Describe DES algorithm with neat diagram and explain the steps [N/D 2011,2012]
[M/J 2013,2014] [A/M-2015,2017]
2. Write down the Triple DES algorithm and explain with neat diagram. [N/D 2013]
[M/J 2012]
3. Explain about RC4 algorithm. [M/J 2012] [M/J 2016]

4(a) Explain RSA algorithm. Demonstrate encryption and decryption for the RSA
algorithm parameter: p=17, q=11, e=7, d=?, M=88. [M/J 2014,2013] [A/M-2015]
[N/D-2011.2012,2016]
4(b) Explain AES (advanced encryption standard) Algorithm with all its round
functions in detail [M/J-2016][N/D-2016]
5(a) Explain about Diffie Hellman Key exchange algorithm with one suitable example.
[M/J 2013,2014] [A/M-2017]
5.(b) Explain Elliptic curve cryptography with an example

4
UNIT II BLOCK CIPHERS & PUBLIC KEY CRYPTOGRAPHY

Data Encryption Standard-Block cipher principles-block cipher modes of operation-

Advanced Encryption Standard (AES)-Triple DES-Blowfish-RC5 algorithm. Public key
cryptography: Principles of public key cryptosystems-The RSA algorithm-Key
management - Diffie Hellman Key exchange- Elliptic curve arithmetic-Elliptic curve
cryptography.

PART-A
1.State the difference between private key and public key algorithm [A/M-2017]
Public Key : A public key is only used to encrypt messages. A public key is published so
that anyone can send a particular receiver a secure message.
Private Key : A private key can be used to decrypt messages encrypted with a matching
public key. As the term suggests, private keys are intended to be secret.

Public key and private key is the couple of keys used in public key cryptography. If the
locking key is made public, then the unlocking key becomes the private key, and vice versa.
Public key cannot be used to derive the private key. If the public key is the locking key, then
it can be used to send private communication (i.e. to preserve confidentiality). If the private
key is the locking key, then the system can be used to verify documents sent by the holder
of the private key (i.e. to preserve authenticity).

2.Give the five modes of operation of block cipher [A/M-2017]

Block cipher processes the data blocks of fixed size. Usually, the size of a message is
larger than the block size. Hence, the long message is divided into a series of sequential
message blocks, and the cipher operates on these blocks one at a time.
The five modes of operation of block cipher are as follows

1 Electronic Codebook (ECB)

2 Cipher Block Chaining (CBC)
3 Cipher Feedback (CFB)
4 Output Feedback (OFB)
5 Counter (CTR)

5
3.Brief the strengths of triple DES [N/D-2016]
Three-key Triple-DES provides 112 bits of cryptographic strength. That's a lot more strength
thanDES provides. It's actually stronger by a factor of 2 56The reason for going through this
multiple encryption exercise is to build a composite cipher that is stronger than Single DES.
Because of meet-in-the-middle attacks, Double DES is only one bit stronger than Single
DES. Two-key Triple DES (which is no longer approved for encryption due to its
susceptibility to brute force attacks) thus has 112 bits of strength (56 multiplied by two).

4.What is an elliptic curve? [N/D-2016]

An elliptic curve is a plane curve defined by the equation , where is a cubic polynomial with
no repeated roots .Elliptic curve cryptography (ECC) is an approach to public-key
cryptography based on the algebraic structure of elliptic curves over finite fields.

5.What is meant by Avalanche effect in DES [M/J-2016]

The avalanche effect refers to a desirable property of cryptographic algorithms, typically

block ciphers and cryptographic hash functions. the avalanche effect is evident if, when an
input is changed slightly (for example, flipping a single bit) the output changes significantly
(e.g., half the output bits flip). in the case of high-quality block ciphers, such a small change
in either the key or the plaintext should cause a drastic change in the ciphertext

6.State the siginificance of blinding in RSA [M/J-2016]

Blind signature is a form of digital signature in which the content of a message is disguised
blinded) before it is signed. The resulting blind signature can be publicly verified against the
original, unblinded message in the manner of a regular digital signature. Blind signatures
are typically employed in privacy-related protocols where the signer and message author
are different parties. Examples include cryptographic election systems and digital cash
schemes.

6
7.Define Primitive root. [N/D 2012] [A/M-2015]

Primitive root if r and n are relatively prime integers with n>0 and if Φ(n) is the least positive
exponent m such that rm≡ 1 mod n, then r is called primitive root modulo n.

8.List the uses of RC4. (or) State few applications of RC 4 Algorithm

[N/D 2013] [A/M-2015]
 RC4 is used in the Secure Sockets Layer/Transport Layer Security (SSL/TLS)
standards that have been defined for communication between Web browsers and
servers.
 It is also used in the Wired Equivalent Privacy (WEP) protocol and the newer WiFi
Protected Access (WPA) protocol that are part of the IEEE802.11 wireless LAN
standard.
 RC4 was kept as a trade secret by RSA Security.

9.What is optimal Asymmetric Encryption Padding? [M/J 2014]

In cryptography, Optimal Asymmetric Encryption Padding (OAEP) is a padding scheme

often used together with RSA encryption The OAEP algorithm is a form of Feistel network
which uses a pair of random oracles G and H to process the plaintext prior to asymmetric
encryption. When implemented with certain trapdoor permutations (e.g., RSA), OAEP is
also proved secure against chosen ciphertext attack.

10.What are the disadvantages of double DES? [N/D 2012]

Meet-in-the–middle attack
The most effective attack against double DES. The attacker would encrypt the plaintext
using all possible keys and create a table containing all possible result. We call this
intermediate cipher m. The table would then be sorted according to value of m. The attacker
would then decrypt the cipher text using all possible key until he found a match with value
of m.

7
11.What are the different modes of operation in DES? [April/May 2011] [Nov/Dec
2013]
There are five common modes of operation:
 Electronic code-book
 Cipher block chaining
 Cipher feedback
 Output feedback and
 Counter
12.Define factoring. [May/June 2012]
To factor a number means to break it up into numbers that can be multiplied together to get
the original number.
Examples:
6 = 3 x 2 so, factors of 6 are 3 and 2
9 = 3 x 3 so, factors of 9 are 3 and 3

13.What do you mean by differential cryptoanalysis? [May/June 2012]

A technique in which chosen plaintexts with particular XOR difference patterns are
encrypted. The difference patterns of the resulting ciphertext provide information that can
be used to determine the encryption key.

14.Write out Data Encryption Standard. [May/June 2012]

The Data Encryption Standard (DES) has been the most widely used encryption algorithm
until recently. It exhibits the classic Feistel structure. For DES, data are encrypted in 64-bit
blocks using a 56-bit key. The algorithm transforms 64-bit input in a series of steps into a
64-bit output. The same steps, with the same key, are used to reverse the encryption.

15.Write down the purpose of the S-Boxes in DES? [N/D 2011]

An S-Box (Substitution-box) is a basic component of symmetric key algorithms which
performs substitution. In block ciphers, they are typically used to obscure the relationship
between the key and the cipher text. An S-box is an m*n substitution unit, where m and n are
not necessarily the same. It consists of Linear and Nonlinear S-Boxes.

16.Perform encryption and decryption using RSA Algorithm. For the following.
P=7; q=11; e=17; M=8.
Encryption:
Ciphertext C=Me mod n
n=pq
n=7×11= 77
C= 817mod 77
C=57

8
Decryption:
M= Cd mod n
Φ (n) = (p-1) (q-1)
Φ (n) = (7- 1) (11-1) = 60
d ≡ e -1 (mod Φ (n))
d≡ 17-1 mod 60
d≡ 53
M= 5753 mod 77
M=8

9
 PART B

1.Describe DES algorithm with neat diagram and explain the steps [N/D 2011,2012]
[M/J 2013,2014] [A/M-2015,2017]
The Data Encryption Standard (DES) is a symmetric-key block cipher published by the
National Institute of Standards and Technology (NIST).
DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure. The block
size is 64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since
8 of the 64 bits of the key are not used by the encryption algorithm (function as check bits
only). General Structure of DES is depicted in the following illustration

10
Since DES is based on the Feistel Cipher, all that is required to specify DES is –

 Initial permutation
 Key Management
 Round function
 Final permutation

The DES algorithm

The steps involved in DES algorithm are as follows:

Step 1:Fractioning of the text into 64-bit (8 octet) blocks;

Step 2Initial permutation of blocks;

Step 3Breakdown of the blocks into two parts: left and right, named L and R;

Step 4Permutation and substitution steps repeated 16 times (called rounds);

Step 5 Re-joining of the left and right parts then inverse initial permutation.

11
Initial and Final Permutations
Each of these permutations takes a 64-bit input and permutes them according to a
predefined rule. For example, in the initial permutation, the 58th bit in the input becomes the
first bit in the output. Similarly, in the final permutation, the first bit in the input becomes the
58th bit in the output. In other words, if the rounds between these two permutations do not
exist, the 58th bit entering the initial permutation is the same as the 58th bit leaving the final
permutation

12
the permutation rules for these P-boxes are shown

13
DES Key Generation

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key.

The left and right halves of each 64-bit intermediate value are treated as separate 32-bit
quantities, labeled L (left) and R (right). As in any classic Feistel cipher, the overall
processing at each round can be summarized in the following formulas:

The round key Ki is 48 bits. The R input is 32 bits. This R input is first expanded to 48 bits
by using a table that defines a permutation plus an expansion that involves duplication of 16
of the R bits. The resulting 48 bits are XORed with K i. This 48-bit result passes through a
substitution function that produces a 32-bit output, which is permuted..The substitution
consists of a set of eight S-boxes, each of which accepts 6 bits as input and produces 4 bits
as output.

DES FUNCTION
The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the
rightmost 32 bits to produce a 32-bit output.

14
Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we first
need to expand right input to 48 bits. Permutation logic is graphically depicted in the
following illustration

The graphically depicted permutation logic is generally described as table in DES

specification illustrated as shown

XOR After the expansion permutation, DES does XOR operation on the expanded right
section and the round key. The round key is used only in this operation.

Substitution Boxes. The S-boxes carry out the real mixing (confusion). DES uses 8 S-
boxes, each with a 6-bit input and a 4-bit output.

The S-box rule is illustrated below

15
  There are a total of eight S-box tables. The output of all eight s-boxes is then
combined into 32 bit section.

 Straight Permutation − The 32 bit output of S-boxes is then subjected to the

straight permutation with rule shown in the following illustration:

DES Decryption
As with any Feistel cipher, decryption uses the same algorithm as encryption, except that
the application of the subkeys is reversed.

2. Write down the Triple DES algorithm and explain with neat diagram. [N/D 2013]
[M/J 2012]
Triple DES with two key
In cryptography ,Triple DES is block cipher, which applies the Data encryption Standard
(DES) cipher algorithm three times data block
The original DES cipher's key size of 56 bits was generally sufficient when that algorithm
was designed ,but the availability of increasing computational power made Brute Force
Attacks feasible. Triple DES provides a relatively simple method of increasing the key size
of DES to product against such attacks ,with the need to design a completely new block
algorithm
An obvious counter to the meet-in-the-middle attack is to use three stages of encryption
with three different keys. This raises the cost of the meet-in-the-middle attack to 2 112, which
is beyond what is practical now and far into the future. However, it has the drawback of
requiring a key length of bits, which may be somewhat unwieldy. As an alternative,
Tuchman proposed a triple encryption method that uses only two keys. The function follows
an encrypt-decrypt-encrypt (EDE) sequence:

There is no cryptographic significance to the use of decryption for the second stage. Its only
advantage is that it allows users of 3DES to decrypt data encrypted by users of the older

16
single DES:

This method is an improvement over the chosen-plaintext approach but requires more
effort.
The attack is based on the observation that if we know A and C, then the problem reduces
to that of an attack on double DES. Of course, the attacker does not know A, even if P and
C are known, as long as the two keys are unknown. However, the attacker can choose a
potential value of A and then try to find a known (P, C) pair that produces A. The attack
proceeds as follows.
1. Obtain n (P, C) pairs. This is the known plaintext. Place these in a table sorted on the
values of P.
2. Pick an arbitrary value a for A, and create a second table with entries defined in the
following fashion. For each 2 56 of the possible keys, K1 =i, calculate the plaintext value P i
that produces a:
Pi = D(i,a)
For each Pi that matches an entry in table1, create an entry in another table2 consisting of
the K1 value and the value of B that is produced for the (P,C) pair from Table1, assuming
that value of K1:
B = D (i,C)
At the end of this step, sort table 2 on the values of B.
Two –key triple encryption with candidate pair of keys

Known-Plaintext Attack on Triple DES

3. A number of candidate values of K 1 in Table 2 and are in a position to search for a value
of K2 .For each of the 256 possible keys, K2= j calculate the second intermediate value for
our chosen value of a: Bj = D(j,a)
At each step, look up Bj in Table 2. If there is a match, then the corresponding key i from
Table 2 plus this value of j are candidate values for the unknown keys (k 1, K2).

17
4. Test each candidate pair of keys (i, j) on a few other plaintext–ciphertext pairs. If a pair of
keys produces the desired ciphertext, the task is complete. If no pair succeeds, repeat from
step 1 with a new value of a.

Triple DES with Three Keys:

Although the attacks just described appear impractical, anyone using two-key 3DES may
feel some concern. Three-key 3DES has an effective key length of 168 bits and is defined
as C = E(K3, D(K2, E(K1,P)))

3. Explain about RC4 algorithm. [M/J 2012] [M/J 2016]

The RC4 algorithm is remarkably simple and quite easy to explain. A variable-
length key of from 1 to 256 bytes (8 to 2048 bits) is used to initialize a 256-byte state vector
S, with element S [0], S [1]... S [255].At all times, contains a permutation of all 8-bit
numbers from 0 through 255. For encryption and decryption, a byte is generated from S by
selecting one of the 255 entries in a systematic fashion. As each value of is generated, the
entries in S are once again permuted.
Initialization of S
To begin, the entries of S are set equal to the values from 0 through 255 in
ascending order; that is; S[0] = 0, S[1] = 1,..., S[255] = 255.
A temporary vector, T, is also created. If the length of the key K is 256 bytes, then K is
transferred to T. Otherwise, for a key of length keylen bytes, the first keylen elements of T
are copied from K and then K is repeated as many times as necessary to fill out T. These
preliminary operations can be summarized as follows:

/* Initialization */
for i = 0 to 255 do
S[i] = i;
T[i] = K[i mod keylen];

18
 Next we use T to produce the initial permutation of S. This involves starting with S[0]
and going through to S[255], and, for each S[i],
swapping S[i] with another byte in S according to a scheme dictated by T[i]:
/* Initial Permutation of S */
j = 0;
for i = 0 to 255 do
j = (j + S[i] + T[i]) mod 256;
Swap (S[i], S[j]);

Because the only operation on S is a swap, the only effect is a permutation. S still contains
all the numbers from 0 through 255.

Stream Generation
Once the S vector is initialized, the input key is no longer used. Stream generation involves
cycling through all the elements of S[i], and, for each S[i], swapping S[i] with another byte in
S according to a scheme dictated by the current configuration of S. After S[255] is reached,
the process continues, starting over again at S[0]:

/* Stream Generation */
i, j = 0;
while (true)
i = (i + 1) mod 256;
j = (j + S[i]) mod 256;
Swap (S[i], S[j]);
t = (S[i] + S[j]) mod 256;
k = S[t];

To encrypt, XOR the value k with the next byte of plaintext. To decrypt, XOR the valuek with
the next byte of ciphertext.

Strength of RC4
The WEP protocol, intended to provide confidentiality on 802.11 wireless LAN

19
networks, is vulnerable to a particular attack approach. In essence, the problem is not with
RC4 itself but the way in which keys are generated for use as input to RC4.This particular
problem does not appear to be relevant to other applications using RC4 and can be
remedied in WEP by changing the way in which keys are generated. This problem points
out the difficulty in designing a secure system that involves both cryptographic functions
and protocols that make use of them.

20
4(a).Explain RSA algorithm. Demonstrate encryption and decryption for the RSA
algorithm parameter: p=17, q=11, e=7, d=?, M=88. [M/J 2014] [A/M-2015] [N/D-2016]
(or)
Explain about RSA with parameter P=11, q=5, e=3 and PT=9 [M/J 2013]
[N/D 2011,2012,2013]

RSA was first described in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman of
the Massachusetts Institute of Technology. Public-key cryptography, also known as
asymmetric cryptography, uses two different but mathematically linked keys, one public and
one private. The public key can be shared with everyone, whereas the private key must be
kept secret. In RSA cryptography, both the public and the private keys can encrypt a
message; the opposite key from the one used to encrypt a message is used to decrypt it.
This attribute is one reason why RSA has become the most widely used asymmetric
algorithm: It provides a method of assuring the confidentiality, integrity, authenticity and
non-reputability of electronic communications and data storage.

The RSA scheme is a block cipher in which the plaintext and ciphertext are integers
between 0 and n - 1 for some n. A typical size for n is 1024 bits, or 309 decimal digits. That
is, n is less than 21024 .

Key generation
Each user generates a public/private key pair by:
• selecting two large primes at random: p,q
• computing their system modulus n = p.q
ø(n) = (p-1)(q-1)
• selecting at random the encryption key e where 1 < e < ø(n), gcd(e,ø(n)) = 1
• solve following equation to find decryption key d
e.d = 1 mod ø(n)
• publish their public encryption key: PU = {e,n}
• keep secret private decryption key: PR = {d,n}

21
Encryption

To encrypt a message M the sender obtains public key of recipient PU = {e,n}

computes:
C = Me mod n, where 0 <= M < n

Decryption

• To decrypt the cipher text C receiver uses their private key PR = {d,n}
computes:

M = Cd mod n

The RSA Algorithm

22
For example,
Key Generation
1. Select two prime numbers, p= 17 and q=11
2. Calculate n = pq = 17 x 11 = 187.
3. Calculate Φ(n) = (p-1)(q-1) = 16 x 10 = 160
4. Select e such that e is relatively prime to Φ(n) = 160 and less than Φ(n); then choose
e=7.
5. Determine d such that de ≡ 1 (mod 160) and d<160. The correct value is d = 23,
because 23 x 7 = 161 = (1x161)+1; d can be calculated using the extended Euclid’s
algorithm.
The resulting keys are public key PU={7,187} and private key PR = {23,187}. The
example shows the use of these keys dor a plaintext input of M=88. For encryption, to
calculate C= 887 mod 187. Exploiting the properties of modular arithmetic, the expression
as follows,
For Encryption
C = Me mod n , where 0 <= M < n
887 mod 187 = [(884 mod 187) x (882 mod 187) x (881 mod 187)] mod 187
881 mod 187 = 88
882 mod 187 = 7744 mod 187 = 77
884 mod 187 = 59,969,536 mod 187 = 132
887 mod 187 = (88 x 77 x 132) mod 187 = 894,432 mod 187 = 11
C=11
For decryption
M = Cd mod n
calculate M = 1123 mod 187:
1123 mod 187 = [(111 mod 187) x (112 mod 187) x (114 mod 187) x (118 mod 187) x (1123 mod
187)
111 mod 187 = 11
112 mod 187 = 121
114 mod 187 = 14,641 mod 187 = 55
118 mod 187 = 214,358,881 mod 187 = 33
1123 mod 187 = (11 x 121 x 55 x 33 x 33)mod 187 = 79,720,245 mod 187 = 88
M=88

23
4(b) Explain AES (advanced encryption standard) Algorithm with all its round
functions in detail [M/J-2016][N/D-2016]

The more popular and widely adopted symmetric encryption algorithm likely to be
encountered nowadays is the Advanced Encryption Standard (AES). It is found at least six
time faster than triple DES.

A replacement for DES was needed as its key size was too small. With increasing
computing power, it was considered vulnerable against exhaustive key search attack. Triple
DES was designed to overcome this drawback but it was found slow.

The features of AES are as follows −

 Symmetric key symmetric block cipher

 128-bit data, 128/192/256-bit keys
 Stronger and faster than Triple-DES
 Provide full specification and design details
 Software implementable in C and Java

Operation of AES

AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation

network’. It comprises of a series of linked operations, some of which involve replacing
inputs by specific outputs (substitutions) and others involve shuffling bits around
(permutations).

Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats
the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns
and four rows for processing as a matrix −

Unlike DES, the number of rounds in AES is variable and depends on the length of the key.
AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit
keys. Each of these rounds uses a different 128-bit round key, which is calculated from the
original AES key.

24
The schematic of AES structure is given in the following illustration

Encryption Process
Here, we restrict to description of a typical round of AES encryption. Each round comprise
of four sub-processes. The first round process is depicted below

Byte Substitution (SubBytes)

The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The
result is in a matrix of four rows and four columns.

25
Shiftrows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-
inserted on the right side of row. Shift is carried out as follows −
 First row is not shifted.
 Second row is shifted one (byte) position to the left.
 Third row is shifted two positions to the left.
 Fourth row is shifted three positions to the left.
 The result is a new matrix consisting of the same 16 bytes but shifted with respect to
each other.
MixColumns
Each column of four bytes is now transformed using a special mathematical function. This
function takes as input the four bytes of one column and outputs four completely new bytes,
which replace the original column. The result is another new matrix consisting of 16 new
bytes. It should be noted that this step is not performed in the last round.
Addroundkey
The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of
the round key. If this is the last round then the output is the ciphertext. Otherwise, the
resulting 128 bits are interpreted as 16 bytes and we begin another similar round.
Decryption Process
The process of decryption of an AES ciphertext is similar to the encryption process in the
reverse order. Each round consists of the four processes conducted in the reverse order −
 Add round key
 Mix columns
 Shift rows
 Byte substitution
Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the
encryption and decryption algorithms needs to be separately implemented, although they
are very closely related.
AES Analysis
In present day cryptography, AES is widely adopted and supported in both hardware and
software. Till date, no practical cryptanalytic attacks against AES has been discovered.
Additionally, AES has built-in flexibility of key length, which allows a degree of ‘future-
proofing’ against progress in the ability to perform exhaustive key searches.

26
5(a).Explain about Diffie Hellman Key exchange algorithm with one suitable example.
[M/J 2013] [A/M-2017] (OR)
Briefly explain Diffie – Hellman key exchange technique with a common prime
q = 71 and a primitive root α = 7. If user A has private key X A = 5, what is A’s public
key YA ? [M/J 2014]
The purpose of the Diffie Hellman key exchange algorithm is to enable two
users to securely exchange a key that can then be used for subsequent encryption of
messages. The algorithm itself is limited to the exchange of secret values.
The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of
computing discrete logarithms. The discrete logarithm in the following way,First, define a
primitive root of a prime number p as one whose powers modulo p generate all the
integers from 1 to p 1. That is, if a is a primitive root of the prime number p, then the
numbers p, then the number are distinct and consist of the integers from 1 through p- 1 in
some permutation.
a mod p, a2 mod p... ap-1 mod p
For any integer b and a primitive root a of prime number p, we can find a unique
exponent i such that
b≡ a i (mod p) where 0 ≤ i ≤ (p 1)
The exponent i is referred to as the discrete logarithm of b for the base a, mod p. We
express this value as dlogα, p (b).
Algorithm
For this scheme, there are two publicly known numbers: a prime number q and an
integer that is a primitive root of q.

Suppose the users A and B wish to exchange a key. User A selects a random integer X A
< q and computes YA = αXA mod q. Similarly, user B independently selects a random
integer X B < q and computes YB = aXB mod q.

Each side keeps the X value private and makes the Y value available publicly to the
XA
other side. User A computes the key as K = (YB) mod q and user B computes the key
as K = (YA) XB mod q.

27
Diffie – Hellman key exchange algorithm

28
 Example 1:

Example 2:
 given prime p=97 with primitive root a=5
 Alice chooses secret xA=36 & computes public key yA=536=50 mod 97
 Bob chooses secret xB=58 & computes public key yB=558=44 mod 97
 Alice and Bob exchange their public keys (50 & 44 respectively)

29
 Alice computes the shared secret K=4436=75 mod 97
 Bob computes the shared secret K=5058=75 mod 97
 an attacker Charlie would need to first crack one of the secrets knowing only the
public information, eg Alice's by solving xA=log550=36 mod 97 (hard), and then doing
Alice's key computation K=4436=75 mod 97

30
Example 3:
Common prime q = 71 and a primitive root α = 7. If user A has private key X A = 5, what is A’s
public key YA ?
Given: q=71, α = 7, XA = 5
We know that,
YA = αXA mod q
YA = 75 mod 71
YA = 16807 mod 71
YA = 51

5.(b)Explain Elliptic curve cryptography with an example

Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on

the algebraic structure of elliptic curves over finite fields

Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic
curve theory that can be used to create faster, smaller, and more efficient cryptographic
keys.

ECC generates keys through the properties of the elliptic curve equation instead of the
traditional method of generation as the product of very large prime numbers. The
technology can be used in conjunction with most public key encryption methods, such as
RSA, and Diffie-Hellman. According to some researchers,

ECC can yield a level of security with a 164-bit key that other systems require a 1,024-bit
key to achieve. Because ECC helps to establish equivalent security with lower computing
power and battery resource usage, it is becoming widely used for mobile applications.

ECC Encryption/Decryption
The sender must first encode any message m as a point on the elliptic curve Pm The cipher
text is a pair of points on the elliptic curve. The sender masks the message using random k,
but also sends along a “clue” allowing the receiver who know the private-key to recover k
and hence the message. For an attacker to recover the message, the attacker would have
to compute k given G and kG, which is ECC assumed hard.

31
Encryption
Cm={kG, Pm + kPB}

Decryption

Pm + kPB – nB(kG) = Pm + k(nBG) – nB(kG) = Pm

ECC Algorithm
Step 1:first encode any message m as a point on the elliptic curve Pm
Step 2:select suitable curve & point G as in D-H
Step 3:A & B select private keys nA<n, nB<n
Step 4:compute public keys: PA = nAG, PB = nBG
Step 5:A encrypts Pm :
Cm={kG, Pm + kPB},
Where k: random positive integer ,PB: B’s public key
Step 6: B decrypts Cm compute:
Pm + kPB – nB(kG) = Pm + k(nBG) – nB(kG) = Pm
Advantages
ECC employs a relatively short encryption key a value that must be fed into the encryption
algorithm to decode an encrypted message. This short key is faster and requires less
computing power than other first-generation encryption public key algorithms. For example,
a 160-bit ECC encryption key provides the same security as a 1024-bit RSA encryption key
and can be up to 15 times faster, depending on the platform on which it is implemented.
Both RSA and ECC are in widespread use. The advantages of ECC over RSA are
particularly important in wireless devices, where computing power, memory and battery life
are limited.

Disadvantages
One of the main disadvantages of ECC is that it increases the size of the encrypted
message significantly more than RSA encryption. Furthermore, the ECC algorithm is more
complex and more difficult to implement than RSA, which increases the likelihood of
implementation errors, thereby reducing the security of the algorithm.

32
Example:1
The global public elements are q = 257; Eq(a, b) = E257(0, -4), which is equivalent to
the curve y2 = x3 - 4; and G = (2, 2).

Bob’s private key is nB = 101, and his public key is PB = nBG = 101(2, 2)= (197, 167).

Alice wishes to send a message to Bob that is encoded in the elliptic point Pm = (112, 26).

Alice chooses random integer k = 41 and computes kG = 41(2, 2) = (136, 128), kPB =
41(197, 167) = (68, 84) and Pm + kPB = (112, 26) + (68, 84) = (246, 174).

Alice sends the ciphertext Cm = (C1, C2) = {(136, 128), (246, 174)} to Bob. Bob receives
the ciphertext and
computes C2 - nBC1 = (246, 174) - 101(136, 128) = (246, 174) - (68, 84) = (112, 26).

Example:2
p = 751; Eq(-1, 188) → y2 = x3 − x +188; and G = (0, 376).
A → B: Pm = (562, 201)
A selects the random number k = 386.
B’s Public key: PB = (201, 5).
A computes: 386(0, 376) = (676, 558) and
(562, 201) + 386(201, 5) = (385, 328).
A sends the cipher text: {(676, 558), (385, 328)}.

33