Sunteți pe pagina 1din 137

Gyan Prakash

Divisional Engineer(C-III)
Computer Faculty
BRBRAITT, Jabalpur

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 1


BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 2
Introduction to Cryptosystems
 Cryptosystem converts the original
message into unintelligible
 The Cryptosystem can be broadly
classified into:
 Cryptography
 Cryptanalysis
 Cryptography is dedicted to
encrypting/decrypting the messages
 Cryptanalysis is used to break the
encrypted codes without the known
key
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 3
Elements of Cryptography
 Original message, called the
plain-text
 For example orders to attack, Bank
A/c No., Credit card details etc., that
we want hide
 An algorithm, commonly known
as the cipher
 the process that makes the original
message un-readable
 The information that has been
altered, which we call the cipher-
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 4
Elements of Cryptography

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 5


Encryption and Decryption

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 6


Parts of Cryptography
 Private-key encryption
A Private-key cryptosystem is used
among a small group of people
 Also known as Symmetric-key
encryption
 Public-key encryption
A public-key cryptosystem is
encryption at a much larger scale
 Also known as Asymmetric-key
encryption
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 7
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 8
Symmetric-Key Cryptography
 The sender uses the shared key for
encryption
 The receiver uses the same key for
decryption
 Symmetric-key cryptography is often used
for long messages

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 9


Cryptanalysis
 The focus of Cryptanalysis is the
break those encrypted codes.
 This discipline is the study of
decoding information without the
use of a known key
 The various algorithms to
decipher encrypted messages are
 ExhaustiveKey Search
 Frequency Analysis

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 10


Traditional Ciphers
 Inthe earliest and simplest ciphers, a
character was the unit of data to be
encrypted.
 Suitable for the general public
 These traditional ciphers
 Substitution Ciphers
 Transposition Ciphers
 Permutation/Matrix Ciphers

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 11


Schemes of Private-key
Encryption
 Substitutional Ciphers
 Caesar Cipher
 Vigenere Cipher
 Affine Cipher
 Random Cipher
 TranspositionCiphers
 Permutation/Matrix Ciphers

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 12


Substitution Cipher
 Substitution Cipher substitutes one
symbol with another
 Alphabeticcharacters are replaced with
another character
 Numbers are replaced with another
number
 Substitution Ciphers can be
categorized as:
 Mono-alphabetic
 Poly-alphabetic
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 13
Mono-alphabetic Substitution
 In monoalphabetic substitution, the
relationship between a character in
the plain-text to the character in the
cipher-text is always one-to-one

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 14


Mono-alphabetic Substitution
 In this substitution, a character in the
plain-text is always changed to the
same character in the cipher-text
regardless of its position in the text
 Example: If character ‘A’ in the plain-
text must be changed to character
‘D’, every character ‘A’ is changed to
character ‘D’, regardless of its
position in the text
 The first recorded cipher-text was
used by Julius Caesar called “Caesar
cipher”
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 15
Caesar Cipher

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 16


Caesar Cipher an example

ABCDEFGHIJKLMNOPQRSTUVWXYZ
rotate 13 positions
NOPQRSTUVWXYZABCDEFGHIJKLM

ATTACK AT MIDNIGHT Plain-text


13 Key

NFFNPW NF YVQZVTUF Cipher-text

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 17


Encryption Practice
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0 1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5

 Let character A=0, B=1,…,Z=25 as shown above


 Let the key be K= +9
 Encrypt: CAPTURE TBEEBN
 Procedure:
 Convert plain-text into numbers as shown in the table
 Add the key
 If the total is more than 25 deduct 26 (mod 26)
 Convert the numbers into characters as shown in the
table
 This is cipher-text, which can be transmitted
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 18
Encryption Practice (contd.)
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0 1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5

Plain-text C A P T U R E T B E E B N

Covert to number
2 0 15 19 20 17 4 19 1 4 4 2 13

Add key (+9)


11 9 24 28 29 26 13 28 10 13 13 10 22
Deduct 26 if > 25
11 9 24 2 3 0 13 2 10 13 13 10 22
Re-convert to
letters
Cipher-text L J Y C D A N C K N N K W

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 19


Decryption Practice
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0 1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5

 Let character A=0, B=1,…,Z=25 as shown above


 Let the key be K= -9
 Decrypt: LJYCDAN CKNNKW
 Procedure:
 Convert cipher-text into numbers as shown in the table
 Deduct the key
 If the result is less than 0 add 26 (mod 26)
 Convert the numbers into characters as shown in the
table
 This is plain-text, which can be understood
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 20
Decryption Practice (contd.)
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0 1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5

cipher-text L J Y C D A N C K N N K W

Covert to number
11 9 24 2 3 0 13 2 10 13 13 10 22

Deduct key (-9)


2 0 15 -7 -6 -9 4 -7 1 4 4 1 13

Add 26 if < 0
2 0 15 19 20 17 4 19 1 4 4 1 13
Re-convert to
letters
Cipher-text C A P T U R E T B E E B N

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 21


Caesar Cipher, Good ?
 No, Not Secure.
 Key-space is very small, only 25
possible keys.
 Can easily be deciphered by an
exhaustive key search.
 Try K=1…25, until get a text that
makes sense.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 22


Mono-alphabetic substitution
problems
 Mon-alphabetic substitution is very
simple and the code can be attacked
easily
 This method cannot hide the natural
frequencies of characters in the
language being used
 Example: In English the most
frequently used characters are E, T, O,
A.
 An attacker can easily break the code
by finding which character is used the
most and replace that one with the
letter E
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 23
Poly-alphabetic substitution
 In this substitution, each occurrence of
a character can have a different
substitute.
 The relationship between a character
in the plaintext to a character in the
ciphertext is one-to-many.
 For e.g.: Character ‘A’ can be changed to
‘D’ in the beginning of the text, but it
could be changed to ‘N’ at the middle
 “Vigenere Cipher” is an example of
Poly-alphabetic substitution.
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 24
Vigenere Cipher
 The Vigenere cipher has been
widely used to develop
cryptosystems dating back to the
16th century.
 Its basic construction is a
combination of a Caesar shift
combined with a keyword.
 To construct the Vigenere cipher,
first a keyword must be chosen.
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 25
Vigenere Cipher
 In the Vigenere cipher, the cipher-text is
chosen from a two-dimensional table
 Not all rows are shown
 Each row is a permutation of 26 letters
 A key is to be chosen of length ‘m’
(m>0)
 Therefore Key-space= 26m
 If the key is longer code-breaking
becomes difficult
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 26
Vigenere Cipher – Encryption
Plain-text A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
C Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
D X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Key E W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
F V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
G U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
H T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
I S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

 Let key length be ‘m’ (m>0)


 Let today’s key = HIDE
 Plain-text : CAPTURE TBEEBN
 Key : HIDEHID EHIDEH Cipher-text
 Cipher-text : VSMPNJB PUWBXG
 Watch: for same letters ‘B’ & ‘E’ differenet
substitutions. This is the power of vigenere cipher
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 27
Vigenere Cipher – Decyption
Plain-text A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
C Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
D X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Key E W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
F V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
G U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
H T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
I S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

 Let’s Decrypt : VSMPNJB PUWBXG


 Today’s key = HIDE
 Cipher-text : VSMPNJB PUWBXG
 Key : HIDEHID EHIDEH Cipher-text
 Plain-text : CAPTURE TBEEBN
 Watch : Without key decyption is difficult
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 28
Vigenere Cipher, Good ?
 Better than Shift Cipher
 Key-space is (26)m
 If m=5, then key-space size is
(26)5 approx 1.1x107
 So, exhaustive key search not
feasible by hand
 That is why Vigenere Cipher was
famous in 16th century.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 29


Affine Transformations
 “Affine transformation” is more
secure than Shift cipher
 It is mono-alphabetic transformation
 An Affine transformation is a function
of the form
C = f (P) (aP + b) mod N, where
P is the numerical value assigned to the
plaintext character (0 .. 25)
 C is the result of each letter (cipher-text)
 a and b are integers
 N=26 is the number of characters in the
plaintext alphabet
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 30
Affine Cipher functions
 To make affine transformation to
be a one-to-one function
 the integer ‘a’ and the number N
should be co-prime.
 i.e. the numbers ‘a’ & ‘N’ both
should not have any common
divisors other than ‘1’

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 31


Affine Cipher encryption-
Example
 Consider the function defined as 
C=f(P) = [3P + 8] mod 26
 mod 26 means
 divide by 26
 ignore the quotient &
 take the reminder as the result

 Encrypt: FIRE AT NOON


 Convert each letter to a number (0..25) 
 The message FIRE AT NOON is converted
into its numerical equivalent
 5 8 17 4 0 19 13 14 14 13
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 32
Affine Cipher encryption-
Example
 Applying the function to the number 5
 f(5)=[3(5) + 8] mod 26= 23 mod 26
 Similarly, the number 8 is encoded as
 f(8)=[3(8) + 8] mod 26=6 mod 26
 Continuing in this method yields the
code
 23 6 7 20 8 13 21 24 24 21
 Converting each number back into
letters the cipher-text is
 XGHU IN VYYV
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 33
Affine Cipher decryption-
Example
 To decode the message, we use
the inverse of the function f,
which is
 P=f-1(C) = [a-1(C) – a-1(b)] mod N
 The mathematics of finding inverse
is skipped here
 P= f -1(C)= (9(C) + 6) mod 26
 With the above decoding function
decrypt: XGHU IN VYYV
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 34
Affine Cipher decryption-
Example
 Decrypt: XGHU IN VYYV
 Convert each letter to a number (0..25)
 23 6 7 20 8 13 21 24 24 21
 f-1(23)=[9(23) + 6] mod 26=5 mod 26
 Similarly all cipher-text is converted to
 5 8 17 4 0 19 13 14 14 13
 Converting each number into plain-text:
 FIRE AT NOON
 This is plain-text
 Uhh ! Full of Mathematics
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 35
Random Substitution Ciphers
A random substitution cipher
randomly maps each letter A,B, .., Z
to some other letter in the same set
{ A,B,..,Z}
 This method differs from the affine
transformations that there is no
mathematics in this.
 Ah ! Great relief ! (feel-good factor
increased?)
 As there is no predictable pattern
involved in this encryption, the
encoded message is much harder to
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 36
break
Random Substitution Ciphers
 In Random Substitution Cipher,
 there are 26 choices of letters to substitute
for a,
 then 25 remaining letters that can be
substituted for b,
 then 24 remaining letters that can be
substituted for c, etc.
 This results in 26 x 25 x 24 x…..x 2 x 1
possible random keys ( 26! Keys)
 In fact, there are
 403,291,461,126,605,635,584,000,000
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006
37
Random Substitution Ciphers
 Key Distribution (Problem & head
ache)
 Traditionally this has been done by
means of a trusted courier.
 Key distribution is always a problem.
 The large number of possible keys makes
life difficult for the cryptanalyst
 Key security (Problem & head ache)
 Sender/Receiver cannot memorize, the
plaintext-ciphertext relation (key) must
be written
 Unauthorized may steal the key and
break all messages enciphered by it. 38
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006
The Enigma Machine
 Germans developed the Enigma
Cipher machine & used during
World War-II
 The machine was based on a
system of three rotors that
substituted cipher-text letters for
plain-text letters.
 Substitutions much like the
Caesar Shift.
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 39
The Enigma Machine - front panel

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 40


The Enigma Machine
 This cipher is the basic idea behind the
Enigma machine, which used three rotors to
encode.
 When a letter was typed, the first rotor
substitues the letter according to its present
setting

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 41


The Enigma Machine- a closer
look

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 42


The Enigma Machine (contd.)
 Then the second rotor substitutes the
letter according to the present setting
on it
 The third rotor also substitutes the
letter according to the present setting
on it
 Now, this new letter would be
bounced off of a reflector, and back
through the three rotors in reverse
order.
 This cipher-text is transmitted
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 43
The Enigma Machine- the trick
 The trick of Enigma is the spinning of the
rotors which made it so powerful, until
Polish broke it.
 When one letter is typed, the first rotor would
rotate one position
 The other two rotors would remain stationary
 Then the second rotor would rotate one position
for every 26 letters
 The third rotor would rotate one position for
every 26x26 letters
 The original combination returns after
26X26X26 = 17576 letter inputs.
 German had Initial key setting every day
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 44
Transposition Cipher
 The transpostition cipher is very
simple
 The order of the characters are
changed Instead of replacing the
characters
 Since no substitution is done, this
cipher is not affected by a frequency
analysis.
 The key for this cipher is also not
standard.
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 45
Transposition Cipher-Example
 For example break the message
“WORLD IS SMALLEST”into 5
letter blocks
 WORLD ISSMA LLEST (plain-text)
 Transposition key is such as:
 (1,2,3,4,5)=(3,4,5,2,1)
 means that the 3rd element is put in
place of the first, followed by the 4th,
5th, 2nd, and finally 1st element.
 RLDOW SMASI ESTLL (cipher-text)
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 46
Permutations/Matrix Ciphers
 Permutations of this cipher run in
blocked matrices.
 The message is spread out into a
matrix.
 The message is:"FOOD IS GOOD FOR YOU"
 In a matrix form this becomes:
F O O D R Y O U
I S G O Let the key is F O O D
ROW (1,2,3,4)=ROW (4,1,3,2)
O D F O O D F O
R Y O U I S G O

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 47


Permutations/Matrix Ciphers
 
 Now transmit the message left to
right in a row and top to bottom as
 RYOU FOOD ODFO ISGO
 Or it can be transmitted top to bottom
in a column and left to right as:
 RFOI YODS OOFG UDOO
 Isthis sounds good for you?
 The main advantage the permutation
method is the a cryptanalysts will
become mad
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 48
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 49
Asymmetric-Key Encryption
 Asymmetric-key encryption schemes are
more difficult to implemen
 Also known as Public-key cryptography
 Public-key algorithms are more efficient for
short messages.
 Mathematically-sophisticated
 More secure than the Symmetric-key encryption
schemes
 The popular Asymmetric-key encryption
schemes are:
 Rivest, Shamir, Adelman (RSA)
 Pretty Good Privacy (PGP)

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 50


Public-Key Cryptography
 InPublic-key cryptography there exists
two keys:
 Public key
 The public key is announced to the public.
 Example: Alice sends a message to Bob
 Alice uses the “public key” to encrypt the
message
 Private key
 The private key is kept by the receiver
 Bob uses the “private key” to decrypt the
message
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 51
Public-Key Cryptography

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 52


Public-Key (Advantages)
 Public key encryption has two
advantages:
 The First advantage is:
 It removes the restriction of a shared
symmetric key between two entities
 In a shared symmetric key the key is
shared by two parties and cannot be
used when one wants to communicate
with a third party
 In public key each entity creates a pair
of keys, private one is kept and the
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 53
public one is distributed
Public-Key (Advantages)

 The second advantage is:


 The number of keys needed is reduced
greatly
 In this system for 1 million users to
communicate only 2 million keys are
needed.
 Whereas in symmetric key encryption
500 billion would be needed

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 54


Public-Key (Disadvantages)
 The two disadvantages are:
 The complexity of the algorithm, to
be effective algorithm needs large
numbers
 Takes a lot of time for large amount of
text
 The association between an entity
and its public key must be verified.
 In other words if Alice sends her public
key to Bob in an email, Bob must be
sure it really is Alice’s key.
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 55
RSA algorithm
 The most common public-key algorithm
is:
 RSA (Rivest, Shamir, and Adleman) method.
 The private key is a pair of numbers (N, d)
 The public key is also a pair of numbers (N,
e)
 The sender uses the following algorithm
to encrypt:
 C = P e mod N
 P is the plain-text, C is the number that
represents the cipher-text.
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 56

RSA algorithm
 The receiver uses the following
algorithm to decrypt:
 P = C d mod N
 d and N are components of the
private key
 P is the plain-text, C is the number
that represents the cipher-text

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 57


RSA algorithm – an Example
 Private key is the pair (119, 77) public key
is the pair (119, 5).
 The sender sends the character ‘F’.
 Encryption calculates 65 mod 119 = 41
 This number is sent to the receiver as the
cipher text.
 The receiver calculates P = 4177 mod 119 =
6.
 The number 6 is then interpreted as ‘F’.
 For security reasons large numbers are
used for ‘d’ and ‘e’.
 Uses number theory to choose ‘N’ , ‘d’, and
‘e’.
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 58
RSA algorithm

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 59


BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 60
Message Security
 Privacy: achieved using shared-key or
public-key
 Authentication: verifying sender’s identity.
 Integrity: data must arrive exactly as it was
sent.
 Non-repudiation: receiver must be able to
prove that a message
Message came from a specific
sender. Security

Privacy Authentication Integrity Non-repudiation

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 61


Privacy with Shared-key
encryption

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 62


Privacy with Public-key
encryption

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 63


Use of Digital Signature
 Digital signatures provides each of
the following services.
 Message Authentication: means a
receiver has to be sure of the sender’s
identity.
 Integrity: means that data must arrive
exactly as it was sent.
 Non-repudiation: means a receiver
must be able to prove that a message
came from a specific sender.
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 64
What is Digital Signature?
 Similarto the signing of a
document.
 Have two choices:
 entiredocument can be signed or
 a digest of the document can be
signed
 Public-key encryption can be used
to sign a document or the digest
 the private key is used for encryption
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 65
and
Signing the whole document

 Digital signature does not provide


privacy
 If there is a need for privacy, another
layer of encryption & decryption must be
applied with Bob’s Public & Bob’s
private-key

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 66


What is Digest?
 Public-key encryption is inefficient
if the message is long
 The solution is to let the sender
sign a digest instead of the whole
document
 To create a digest a “hash
function” is used
 The hash function creates a fixed
length digest from a variable-
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 67
Hash function & Message
Digest

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 68


Hash Functions
 Hash is also called message digest
 One-way function: Cannot find the
message given a digest
 Arbitrary-length message to fixed-
length digest
 Most common hash functions are:
 MD5 ( Message Digest 5)
 MD5 produces a 128-bit digest
 SHA-1 (Secure Hash Algorithm-1)
 SHA-1 produces a 160-bit digest

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 69


Hash Functions
 Most common hash functions are:
 MD5 ( Message Digest 5)
 MD5 produces a 128-bit digest
 SHA-1 (Secure Hash Algorithm-1)
 SHA-1 produces a 160-bit digest
 After the digest has been created,
it is encrypted using the sender’s
private key

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 70


Signing the Digest at Sender’s
site

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 71


Verifying the signed Digest at Receiver’s
site

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 72


Pretty Good Privacy – a
History
 PGP is a personal high-security
cryptographic software application that
allows people to exchange messages or
files with privacy, authentication, and
convenience.
 PGP can be used to encrypt and digitally
sign files and e-mail.
 Developed by Phil Zimmerman in the mid
‘80s.
 First version released on the Internet in
1991;
 Encountered legal issues on its use of RSA
and Merkle-Hellman cryptography patents.
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 73
Pretty Good Privacy
 PGP stores each public key in a key
certificate which contains:
 The public key itself.
 The ID of the key’s creator (usually
name & email address).
 The date the key was created &
expiration date.
 A list of digital signatures provided
by people who attest to the key’s
authenticity.
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 74
PGP – at sender’s site

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 75


PGP – at receiver’s site

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 76


BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 77
Block Ciphers
 Modern ciphers use a block of bits
as the unit of
encryption/decryption.
 It can be implemented in hardware
or software.
 Hardware implementation is
faster.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 78


Block Ciphers

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 79


Data Encryption Standard
(DES)
 One example of a complex block
cipher is the Data Encryption
Standard (DES).
 DES was designed by IBM
 Adopted by the U.S. government
as the standard encryption
method for non-military use.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 80


DES Procedure

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 81


DES Algorithm
 The alogrithim for it is complex
however very straight-forward
 There are two basic steps:
 Confusion and Diffusion
 After each of the these steps are
down, a permutation or shift is
performed
 This process is known as a round
 To complete the algorithim, this
process is repeated 16 times
 Hence DES is a 16 round algorithim
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 82
Data Encryption Standard
(DES)
 The algorithm encrypts a 64-bit
plaintext using a 56-bit key.
 The text is put through 19 different
complex procedures to create a 64-bit
cipher text.
 DES has 2 transposition blocks, one
swapping and 16 complex blocks
called “Iteration blocks”.
 Each “Iteration block” uses a different
key derived from the original key.
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 83
DES Procedure

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 84


DES Algorithm (contd.)
 Permutation-Box (P-box) performs a
transposition at the bit level
(Confusion)
 During each round, the 64-bit block is
split
 Each half is expanded to 48 bits
(Diffusion), then substituted with 48
bits of the key
 As with most ciphers, the heart of the
algorithim is in the key
 The key for the DES is a 56-bit number in
a hexidecimal format.
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 85
P- Box

Input bits

Output bits

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 86


DES - Confusion & Diffusion
 P-Box creates confusion in each 64 bit
block
 Iteration block divides this into two 32
bit blocks
 2nd 32 bits block is swapped and put in
the beginning of the block
 Also 2nd 32 bits block diffused to 48 bits
by adding additional bits before X-OR
ing with 48 bit key
 1st 32 bits block is diffused the to 48
bits and X-OR ed with the result of
previous step
 The result of the previous steps is
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 87
reduced to 32 bits and stored as 2 32 nd
Iteration Block

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 88


Data Encryption Standard
(DES)
 DES takes the data and chops
them into 8-byte segments.
 The encryption and the key are
the same for each segment.
 Critics of DES contend the key is
too short.
 Therefore, “Triple DES” was
designed to lengthen the key and
keep the new block compatible
with the original.
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 89
Triple DES

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 90


DES/Triple DES
 TripleDES uses three DES blocks and
two 56-bit keys
 DES / triple DES are long cipher
substitutes that operate on 8-
character messages.
 The DES/Triple DES uses the same
concept as the Caesar cipher
 The encryption/decryption algorithm is
more complex due to the sixteen 48-bit
keys derived from a 56-bit key.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 91


Electronic Code Block Mode
(ECB)
 In ECB the message is divided into
64-bit blocks, and encrypt each block
separately.
 Encryption is independent for each
block.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 92


BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 93
Hash Functions
 Hash is also called message digest
 One-way function: Cannot find the
message given a digest
 Arbitrary-length message to fixed-
length digest
 Most common hash functions are:
 MD5 ( Message Digest 5)
 MD5 produces a 128-bit digest
 SHA-1 (Secure Hash Algorithm-1)
 SHA-1 produces a 160-bit digest

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 94


MD5 algorithm
 Message digest algorithm
developed by Ron Rivest
 RFC 1321 describes MD5
algorithm
 MD5 algorithm takes a message
of arbitrary length and produces a
128-bit digest
 The resulting digest is the unique
“fingerprint” of the original
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 95
MD5 Box

512-bit message chunks (16 words)

Initial F: (x∧y)∨(~x ∧ z)
128-bit vector G:(x ∧ z) ∨(y ∧~ z)
H:x⊕y⊕ z
I: y⊕(x ∧ ~z)
+: binary sum
x↵y: x left rotate y bits

128-bit result
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 96
MD5 Blocks

512: B1

512: B2
MD5
Initial Vector
512: B3
(128 bits) MD5
512: BL
MD5

MD5

Result (128 bits)

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 97


MD5 algorithm
 Pad message so its length is 448 mod
512
 Append a 64-bit length value to message
 Initialize 4-word (128-bit) MD buffer
(A,B,C,D)
 Process message in 16-word (512-bit)
blocks:
 Use 4 rounds of 16 bit operations on
message block & buffer
 Add output to buffer input to form new
buffer value
 Output hash value is the final buffer
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 98
value
MD5 algorithm
Append PAD (1- 512 bits) Append message
upto 448 mod 512 Length(64 bits)

Message 100…0
L X 512 bits

512 bits 512 bits 512 bits 512 bits


Block0 Block1 ... Blockn ... BlockL-1

512 512 512 512


128
... ...
HMD5 HMD5 HMD5 HMD5

MD MD MD
MD
buffer0 buffern bufferL-1
buffer1
128-bit
digest
Note: HMD5 = 4-round compression function

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 99


Padding
 Message is padded so that its length
in bits is equal to 448 modulo 512
 means Length of padded message is 64
bits less than an integer multiple of 512
bits
 Padding is always added even if the
message is the desired length(min 1
to max 512 bits)
 Padding consists of a single 1 bit
followed by 0 bits (1000~000*)
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 100
Append Length
A 64 bit length field containing
the length in bits of the original
message (before padding) is
appended to the result of
previous step
 If the original length is greater
than 264, only the low-order 64
bits of the length are used
 The outcome of the adding PAD &
length makes the message a
multiple of 512 bits
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 101
Initialize MD buffer
A 128-bit buffer is used to hold
intermediate and final results of the
hash function
 Buffer can be represented as Four 32-
bit registers (A,B,C,D)
 As 32 bit strings the init values (in
hex):
 word A: 01 23 45 67
 word B: 89 AB CD EF
 word C: FE DC BA 98
 word D: 76 54 32 10
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 102
Message Processing
 Message is processed in 512-bit
blocks
 Each block goes through a 4
round compression function
 After all 512-bit blocks have been
processed, the output from the
compression function is the 128-
bit digest
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 103
MD5 Processing of 512-bit Block
Buffer q 128
Block q
512 A B C D
Round 1

Round 2

Round 3

Round 4

+ + + +

Buffer q +1 128

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 104


Round 1 & 2 (F & G)
 g = primitive function
 X[k] = kth 32-bit word in one of the 512 bit
blocks
 T[i] = 232 x abs(sin(i))
 Round 1 (F)
 g(b,c,d) = (b AND c) OR (NOT b AND d)
 k = 0...15
 i = 1...16
 Round 2 (G)
 g(b,c,d) = (b AND d) OR (c AND NOT d)
 k = (1 + 5j)mod 16 where j = 1…16
 i = 17..32
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 105
Round 3 & 4 (H& I)

 Round 3 (H)
 g(b,c,d)
= b XOR c XOR d
 k = (5 + 3j)mod 16 where j = 1…16
 i = 33…48
 Round 4 (I)
 g(b,c,d) = c XOR (b OR NOT d)
 k = 7j mod 16 where j = 1…16
 i = 49…64

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 106


MD5 Compression Function
 Each round (F,G,H & I) has 16 steps of the
form:
 a <- b+((a+g(b,c,d)+X[k]+T[i])<<<s)
 a,b,c,d refer to the 4 words of the buffer, but
used in varying permutations
 note each step updates only 1 word of the buffer
 ‘s’ is left shift (for more details see RFC 1321)
 after 16 steps each word is updated 4 times
 g(b,c,d) is a non-linear function in each round
(F,G,H,I)
 X[k] is one of the 16 words (32 bits) of the 512
bits block
 T[i] is a constant value derived from sine(i)
 T[i] =
BRBRAITT/Basics  264 x abs(sin
of Cryptography & Hash Functions/  (take
(i)) Sept 2006 the Integer107
MD5 Compression Function (one
step)
A B C D

+ g

X[k] +

T[i] +

CLSs

A B C D

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 108


Security of MD5
 MD5 hash is dependent on all message bits
 However known attacks include
 Berson in 1992 attacked any 1 round using
differential cryptanalysis (but can’t extend)
 Boer & Bosselaers in 1993 found a pseudo
collision (again unable to extend)
 Dobbertin in 1996 created collisions on MD
compression function (but initial constants
prevent exploit)
 Wang et al announced cracking MD5 on Aug 17,
2004 (paper available on Useful Links)
 Thus MD5 looks vulnerable soon

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 109


Secure Hash Algorithm (SHA)
 Developed by NIST(National
Institute of Standards &
Technology), specified in the
Secure Hash Standard (SHS, FIPS
Pub 180), 1993
 SHA is specified as the hash
algorithm in the Digital Signature
Standard (DSS) & NIST

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 110


Secure Hash Algorithm (SHA-1)

 SHA-0 was revised 1995 as SHA-1


 Internet standard is RFC 3174
 Produce hash values of 160 bits
 Now the generally preferred hash
algorithm
 Based on design of MD4 with key
differences

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 111


SHA-General Logic
 Input message must be < 264 bits
 not really a problem
 Message is processed in 512-bit
blocks sequentially
 Message digest is 160 bits
 SHA design is similar to MD5, but
a lot stronger

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 112


SHA-1 Algorithm
Buffer q 160
Block q
512 A B C D E
Round 1

Round 2

Round 3

Round 4

+ + + + +

Buffer q +1 160
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 113
SHA-1 Compression Function
 Each round has 20 steps which
replaces the 5 buffer words thus:
(A,B,C,D,E) <-
(E+f(t,B,C,D)+(A<<5)+Wt+Kt),A,(B<<30),C,D)

 a,b,c,d refer to the 4 words of the


buffer
 t is the step number
 f(t,B,C,D) is nonlinear function for
round
 Wt is derived from the message block

Kt is a constant value derived from


BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 114

SHA-1 Compression Function

A B C D E

ft +

S5 +

+ Wt

S30 + Kt

A B C D A

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 115


Basic Steps
Step1: Padding
Step2: Appending length as 64 bit
unsigned
Step3: Initialize MD buffer five 32-bit
words
A|B|C|D|E
A = 67452301
B = efcdab89
C = 98badcfe
D = 10325476
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 116
E = c3d2e1f0
Basic Steps...
Step 4: the 80-step processing of
512-bit blocks (4 rounds x 20
steps each)
Each step t (0 <= t <= 79):
 Input:
 Wt – a 32-bit word from the message
 Kt – a constant.
 ABCDE: current MD (160 bits)
 Output:
 ABCDE: new MD (160 bits)
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 117
Constant (Kt ) for each round
 Distinctive additive constants
Round 1:
0 <=t<= 19 Kt = 5A827999
Round 2:
20<=t<=39 Kt = 6ED9EBA1
Round 3:
40<=t<=59 Kt = 8F1BBCDC
Round 4:
60<=t<=79 Kt = CA62C1D6
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 118
Basic Logic Functions
 Only 3 different functions

Round Function
ft(B,C,D)
0 <=t<= 19 (B∧C)∨(~B ∧D)
20<=t<=39 B⊕C⊕D
40<=t<=59 (B∧C)∨(B∧D)∨(C∧D)
60<=t<=79 B⊕C⊕D
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 119
Mixing of Wt’s
 Additional mixing used with input
message 512-bit block
 For 15 < t <80:
Wt = Wt-16 ⊕Wt-14 ⊕Wt-8 ⊕Wt-3
 XOR is a very efficient operation
(with multilevel shifting it
produces very extensive and
random mixing)
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 120
MD5 (Actual Sample)
The MD4, MD5 and SHA-1 algorithms are secure hash functions.
They take a string input, and produce a fixed size number - 128
bits for MD4 and MD5; 160 bits for SHA-1. This number is a hash
of the input - a small change in the input results in a substantial
change in the output. The functions are thought to be secure, in
the sense that it would require an enormous amount of
computing power to find a string which hashes to a chosen value.
In others words, there's no way to decrypt a secure hash. The
uses of secure hashes include digital signatures and challenge
Input hash authentication

MD5 Box

c530bc8598173467fafa354dce9048bb
Output

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 121


SHA-1 (Actual sample)
The MD4, MD5 and SHA-1 algorithms are secure hash
functions. They take a string input, and produce a fixed
size number - 128 bits for MD4 and MD5; 160 bits for SHA-
1. This number is a hash of the input - a small change in
the input results in a substantial change in the output. The
functions are thought to be secure, in the sense that it
would require an enormous amount of computing power to
find a string which hashes to a chosen value. In others
words, there's no way to decrypt a secure hash. The uses
Input of secure hashes include digital signatures and challenge
hash authentication

SHA-1 Box

b4078946a42c9cabf175ebc2d41d9171a804c91b

Output

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 122


SHA-1 vs MD5
 Not vulnerable to any known
attacks (compared to MD4 and
MD5)
 A little slower than MD5 (80 vs 64
steps)
 Optimised for big-endian CPU’s
(vs MD5 which is optimised for
little-endian CPU’s)
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 123
Revised Secure Hash Standard
 NIST issued a revision FIPS 180-2
in 2002
 Add 3 additional hash algorithms
(SHA-256, SHA-384, SHA-512)
 Structure and details are similar
to SHA-1
 Hence analysis should be similar

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 124


RIPEMD-160
 Developed by RIPE
 Réseaux IP Européens (RIPE)
 Originally
a 128-bit RIPEMD
 Now 160-bit RIPEMD
 INPUT: a message of arbitrary
length
 Overall processing: Similar to MD5
with a block length of 512 bits and a
hash length of 160 bits
 Output: 160-bit message digest
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 125
RIPEMD-160 (Processing)
 Initialize MD buffer
 160-bit buffer
 5 32-bit registers (A, B, C, D, E)
 Initial Vector:
 {A=67452301,B=EFCDAB89,C=98B
ADCFE,D=10325476,E=C3D2E1F0}
 Stored in little-endian format as
MD5
 SHA-1 stores and processes the
data in big-endian format
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 126
RIPEMD-160 (Processing)
 Process message in 512bit blocks
 Module that consists of 10 rounds of
processing of 16 steps each
 10 rounds are arranged as 2 parallel lines
of 5 rounds
 4 rounds have a similar structure, but each
uses a different primitive logical
function(f1,f2,f3,f4,f5)
 INPUT: 512-bit block Yq, 160-bit CVq
ABCDE(L), A’B’C’D’E’(R)
 Each round uses an additive 9 constants
 OUTPUT: CV
BRBRAITT/Basics of Cryptography q+1 (addition is
& Hash Functions/ Sept 2006 mod 232
) 127
RIPEMD-160 (2x5=10 Rounds)

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 128


RIPEMD-160 (Compression)
 Each round consists of a sequence of 16
steps
 The processing algorithm of one round
A:=CVq(0);B:=CVq(1);C:=CVq(2);D:=CVq(3);E:= CVq(4)
A’:=CVq(0);B’:=CVq(1);C’:=CVq(2);D’:=CVq(3);E’:= CVq(4)
for j=0 to 79 do
T:=rols(j)(A+f(j,B,C,D)+Xr(j)+K(j))+E;
A:=E;E:=D;D:= rol10(C);C:=B;B:=T;
T:=rols’(j)(A’+f(79-j,B’,C’,D’)+Xr’(j)+K’(j))+E’;
A’:=E’;E’:=D’;D’:= rol10(C’);C’:=B’;B’:=T’;
enddo
CVq+1(0)=CVq(1)+C+D’; CVq+1(1)=CVq(2)+D+E’;
CVq+1(2)=CVq(3)+E+A’; CVq+1(3)=CVq(4)+A+B’;
CVq+1(4)=CV
BRBRAITT/Basics q(0)+B+C’;
of Cryptography & Hash Functions/ Sept 2006 129
RIPEMD-160 Single step

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 130


Performance Comparison

Name Bit Rounds x Maximu Relative


Length Steps per m Speed
Round Messag
MD4 128 3 x 16 e size
Infinity 1.00
MD5 128 4 x 16 Infinity 0.68
RIPEMD- 128 4 x 16 twice Infinity 0.39
128 (in
SHA-1 160 parallel)
4 x 20 264-1 0.28
RIPEMD- 160 5 x 16 twice Infinity 0.24
160 (in
parallel)
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 131
Message Authentication Code -
MAC
 Message is hashed and sent along
with the message for
authentication
 Since it was also vulnerable to
attack “keyed hash functions as
MAC” are developed
 “Keyed hash functions as MAC” is
designed to provide high level
security for Authentication
services
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 132
HMAC – Keyed Hash Functions as
MAC
 Desirable to create a MAC using a
hash function rather than a block
cipher
 hash functions are generally faster
 Hash includes a key along with
the message
 Original proposal:
 KeyedHash = Hash(Key|Message)
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 133
HMAC
 Specified as Internet standard RFC
2104
 Use hash function on the message:
 HMACK =
Hash[(K+ XOR opad) ||Hash[(K+ XOR pad)||
M)]]
 K+ is the key padded out to size
 opad, ipad are specified padding
constants
 Any of MD5, SHA-1, RIPEMD-160 can
be used
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 134
HMAC Structure

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 135


HMAC Algorithm
 Append zeros to the left end of K to
create a b-bit string K+
 XOR K+ with ipad to produce the b-bit
block Si
 Append M to Si
 Apply H to the stream generated in step
3
 XOR K+ with opad to produce the b-bit
block So
 Append the hash result from step 4 to So
 Apply H to the stream generated in step
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 136
BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 137