100%(1)100% au considerat acest document util (1 vot)

310 vizualizări137 paginiOct 19, 2008

© Attribution Non-Commercial (BY-NC)

PPT, PDF, TXT sau citiți online pe Scribd

Attribution Non-Commercial (BY-NC)

100%(1)100% au considerat acest document util (1 vot)

310 vizualizări137 paginiAttribution Non-Commercial (BY-NC)

Sunteți pe pagina 1din 137

Divisional Engineer(C-III)

Computer Faculty

BRBRAITT, Jabalpur

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 2

Introduction to Cryptosystems

Cryptosystem converts the original

message into unintelligible

The Cryptosystem can be broadly

classified into:

Cryptography

Cryptanalysis

Cryptography is dedicted to

encrypting/decrypting the messages

Cryptanalysis is used to break the

encrypted codes without the known

key

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 3

Elements of Cryptography

Original message, called the

plain-text

For example orders to attack, Bank

A/c No., Credit card details etc., that

we want hide

An algorithm, commonly known

as the cipher

the process that makes the original

message un-readable

The information that has been

altered, which we call the cipher-

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 4

Elements of Cryptography

Encryption and Decryption

Parts of Cryptography

Private-key encryption

A Private-key cryptosystem is used

among a small group of people

Also known as Symmetric-key

encryption

Public-key encryption

A public-key cryptosystem is

encryption at a much larger scale

Also known as Asymmetric-key

encryption

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 7

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 8

Symmetric-Key Cryptography

The sender uses the shared key for

encryption

The receiver uses the same key for

decryption

Symmetric-key cryptography is often used

for long messages

Cryptanalysis

The focus of Cryptanalysis is the

break those encrypted codes.

This discipline is the study of

decoding information without the

use of a known key

The various algorithms to

decipher encrypted messages are

ExhaustiveKey Search

Frequency Analysis

Traditional Ciphers

Inthe earliest and simplest ciphers, a

character was the unit of data to be

encrypted.

Suitable for the general public

These traditional ciphers

Substitution Ciphers

Transposition Ciphers

Permutation/Matrix Ciphers

Schemes of Private-key

Encryption

Substitutional Ciphers

Caesar Cipher

Vigenere Cipher

Affine Cipher

Random Cipher

TranspositionCiphers

Permutation/Matrix Ciphers

Substitution Cipher

Substitution Cipher substitutes one

symbol with another

Alphabeticcharacters are replaced with

another character

Numbers are replaced with another

number

Substitution Ciphers can be

categorized as:

Mono-alphabetic

Poly-alphabetic

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 13

Mono-alphabetic Substitution

In monoalphabetic substitution, the

relationship between a character in

the plain-text to the character in the

cipher-text is always one-to-one

Mono-alphabetic Substitution

In this substitution, a character in the

plain-text is always changed to the

same character in the cipher-text

regardless of its position in the text

Example: If character ‘A’ in the plain-

text must be changed to character

‘D’, every character ‘A’ is changed to

character ‘D’, regardless of its

position in the text

The first recorded cipher-text was

used by Julius Caesar called “Caesar

cipher”

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 15

Caesar Cipher

Caesar Cipher an example

ABCDEFGHIJKLMNOPQRSTUVWXYZ

rotate 13 positions

NOPQRSTUVWXYZABCDEFGHIJKLM

13 Key

Encryption Practice

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0 1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5

Let the key be K= +9

Encrypt: CAPTURE TBEEBN

Procedure:

Convert plain-text into numbers as shown in the table

Add the key

If the total is more than 25 deduct 26 (mod 26)

Convert the numbers into characters as shown in the

table

This is cipher-text, which can be transmitted

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 18

Encryption Practice (contd.)

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0 1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5

Plain-text C A P T U R E T B E E B N

Covert to number

2 0 15 19 20 17 4 19 1 4 4 2 13

11 9 24 28 29 26 13 28 10 13 13 10 22

Deduct 26 if > 25

11 9 24 2 3 0 13 2 10 13 13 10 22

Re-convert to

letters

Cipher-text L J Y C D A N C K N N K W

Decryption Practice

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0 1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5

Let the key be K= -9

Decrypt: LJYCDAN CKNNKW

Procedure:

Convert cipher-text into numbers as shown in the table

Deduct the key

If the result is less than 0 add 26 (mod 26)

Convert the numbers into characters as shown in the

table

This is plain-text, which can be understood

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 20

Decryption Practice (contd.)

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

0 1 2 3 4 5 6 7 8 9 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5

cipher-text L J Y C D A N C K N N K W

Covert to number

11 9 24 2 3 0 13 2 10 13 13 10 22

2 0 15 -7 -6 -9 4 -7 1 4 4 1 13

Add 26 if < 0

2 0 15 19 20 17 4 19 1 4 4 1 13

Re-convert to

letters

Cipher-text C A P T U R E T B E E B N

Caesar Cipher, Good ?

No, Not Secure.

Key-space is very small, only 25

possible keys.

Can easily be deciphered by an

exhaustive key search.

Try K=1…25, until get a text that

makes sense.

Mono-alphabetic substitution

problems

Mon-alphabetic substitution is very

simple and the code can be attacked

easily

This method cannot hide the natural

frequencies of characters in the

language being used

Example: In English the most

frequently used characters are E, T, O,

A.

An attacker can easily break the code

by finding which character is used the

most and replace that one with the

letter E

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 23

Poly-alphabetic substitution

In this substitution, each occurrence of

a character can have a different

substitute.

The relationship between a character

in the plaintext to a character in the

ciphertext is one-to-many.

For e.g.: Character ‘A’ can be changed to

‘D’ in the beginning of the text, but it

could be changed to ‘N’ at the middle

“Vigenere Cipher” is an example of

Poly-alphabetic substitution.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 24

Vigenere Cipher

The Vigenere cipher has been

widely used to develop

cryptosystems dating back to the

16th century.

Its basic construction is a

combination of a Caesar shift

combined with a keyword.

To construct the Vigenere cipher,

first a keyword must be chosen.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 25

Vigenere Cipher

In the Vigenere cipher, the cipher-text is

chosen from a two-dimensional table

Not all rows are shown

Each row is a permutation of 26 letters

A key is to be chosen of length ‘m’

(m>0)

Therefore Key-space= 26m

If the key is longer code-breaking

becomes difficult

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 26

Vigenere Cipher – Encryption

Plain-text A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

C Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

D X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Key E W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

F V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

G U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

H T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

I S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

Let today’s key = HIDE

Plain-text : CAPTURE TBEEBN

Key : HIDEHID EHIDEH Cipher-text

Cipher-text : VSMPNJB PUWBXG

Watch: for same letters ‘B’ & ‘E’ differenet

substitutions. This is the power of vigenere cipher

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 27

Vigenere Cipher – Decyption

Plain-text A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

C Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

D X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

Key E W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

F V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

G U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

H T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

I S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

Today’s key = HIDE

Cipher-text : VSMPNJB PUWBXG

Key : HIDEHID EHIDEH Cipher-text

Plain-text : CAPTURE TBEEBN

Watch : Without key decyption is difficult

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 28

Vigenere Cipher, Good ?

Better than Shift Cipher

Key-space is (26)m

If m=5, then key-space size is

(26)5 approx 1.1x107

So, exhaustive key search not

feasible by hand

That is why Vigenere Cipher was

famous in 16th century.

Affine Transformations

“Affine transformation” is more

secure than Shift cipher

It is mono-alphabetic transformation

An Affine transformation is a function

of the form

C = f (P) (aP + b) mod N, where

P is the numerical value assigned to the

plaintext character (0 .. 25)

C is the result of each letter (cipher-text)

a and b are integers

N=26 is the number of characters in the

plaintext alphabet

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 30

Affine Cipher functions

To make affine transformation to

be a one-to-one function

the integer ‘a’ and the number N

should be co-prime.

i.e. the numbers ‘a’ & ‘N’ both

should not have any common

divisors other than ‘1’

Affine Cipher encryption-

Example

Consider the function defined as

C=f(P) = [3P + 8] mod 26

mod 26 means

divide by 26

ignore the quotient &

take the reminder as the result

Convert each letter to a number (0..25)

The message FIRE AT NOON is converted

into its numerical equivalent

5 8 17 4 0 19 13 14 14 13

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 32

Affine Cipher encryption-

Example

Applying the function to the number 5

f(5)=[3(5) + 8] mod 26= 23 mod 26

Similarly, the number 8 is encoded as

f(8)=[3(8) + 8] mod 26=6 mod 26

Continuing in this method yields the

code

23 6 7 20 8 13 21 24 24 21

Converting each number back into

letters the cipher-text is

XGHU IN VYYV

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 33

Affine Cipher decryption-

Example

To decode the message, we use

the inverse of the function f,

which is

P=f-1(C) = [a-1(C) – a-1(b)] mod N

The mathematics of finding inverse

is skipped here

P= f -1(C)= (9(C) + 6) mod 26

With the above decoding function

decrypt: XGHU IN VYYV

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 34

Affine Cipher decryption-

Example

Decrypt: XGHU IN VYYV

Convert each letter to a number (0..25)

23 6 7 20 8 13 21 24 24 21

f-1(23)=[9(23) + 6] mod 26=5 mod 26

Similarly all cipher-text is converted to

5 8 17 4 0 19 13 14 14 13

Converting each number into plain-text:

FIRE AT NOON

This is plain-text

Uhh ! Full of Mathematics

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 35

Random Substitution Ciphers

A random substitution cipher

randomly maps each letter A,B, .., Z

to some other letter in the same set

{ A,B,..,Z}

This method differs from the affine

transformations that there is no

mathematics in this.

Ah ! Great relief ! (feel-good factor

increased?)

As there is no predictable pattern

involved in this encryption, the

encoded message is much harder to

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 36

break

Random Substitution Ciphers

In Random Substitution Cipher,

there are 26 choices of letters to substitute

for a,

then 25 remaining letters that can be

substituted for b,

then 24 remaining letters that can be

substituted for c, etc.

This results in 26 x 25 x 24 x…..x 2 x 1

possible random keys ( 26! Keys)

In fact, there are

403,291,461,126,605,635,584,000,000

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006

37

Random Substitution Ciphers

Key Distribution (Problem & head

ache)

Traditionally this has been done by

means of a trusted courier.

Key distribution is always a problem.

The large number of possible keys makes

life difficult for the cryptanalyst

Key security (Problem & head ache)

Sender/Receiver cannot memorize, the

plaintext-ciphertext relation (key) must

be written

Unauthorized may steal the key and

break all messages enciphered by it. 38

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006

The Enigma Machine

Germans developed the Enigma

Cipher machine & used during

World War-II

The machine was based on a

system of three rotors that

substituted cipher-text letters for

plain-text letters.

Substitutions much like the

Caesar Shift.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 39

The Enigma Machine - front panel

The Enigma Machine

This cipher is the basic idea behind the

Enigma machine, which used three rotors to

encode.

When a letter was typed, the first rotor

substitues the letter according to its present

setting

The Enigma Machine- a closer

look

The Enigma Machine (contd.)

Then the second rotor substitutes the

letter according to the present setting

on it

The third rotor also substitutes the

letter according to the present setting

on it

Now, this new letter would be

bounced off of a reflector, and back

through the three rotors in reverse

order.

This cipher-text is transmitted

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 43

The Enigma Machine- the trick

The trick of Enigma is the spinning of the

rotors which made it so powerful, until

Polish broke it.

When one letter is typed, the first rotor would

rotate one position

The other two rotors would remain stationary

Then the second rotor would rotate one position

for every 26 letters

The third rotor would rotate one position for

every 26x26 letters

The original combination returns after

26X26X26 = 17576 letter inputs.

German had Initial key setting every day

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 44

Transposition Cipher

The transpostition cipher is very

simple

The order of the characters are

changed Instead of replacing the

characters

Since no substitution is done, this

cipher is not affected by a frequency

analysis.

The key for this cipher is also not

standard.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 45

Transposition Cipher-Example

For example break the message

“WORLD IS SMALLEST”into 5

letter blocks

WORLD ISSMA LLEST (plain-text)

Transposition key is such as:

(1,2,3,4,5)=(3,4,5,2,1)

means that the 3rd element is put in

place of the first, followed by the 4th,

5th, 2nd, and finally 1st element.

RLDOW SMASI ESTLL (cipher-text)

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 46

Permutations/Matrix Ciphers

Permutations of this cipher run in

blocked matrices.

The message is spread out into a

matrix.

The message is:"FOOD IS GOOD FOR YOU"

In a matrix form this becomes:

F O O D R Y O U

I S G O Let the key is F O O D

ROW (1,2,3,4)=ROW (4,1,3,2)

O D F O O D F O

R Y O U I S G O

Permutations/Matrix Ciphers

Now transmit the message left to

right in a row and top to bottom as

RYOU FOOD ODFO ISGO

Or it can be transmitted top to bottom

in a column and left to right as:

RFOI YODS OOFG UDOO

Isthis sounds good for you?

The main advantage the permutation

method is the a cryptanalysts will

become mad

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 48

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 49

Asymmetric-Key Encryption

Asymmetric-key encryption schemes are

more difficult to implemen

Also known as Public-key cryptography

Public-key algorithms are more efficient for

short messages.

Mathematically-sophisticated

More secure than the Symmetric-key encryption

schemes

The popular Asymmetric-key encryption

schemes are:

Rivest, Shamir, Adelman (RSA)

Pretty Good Privacy (PGP)

Public-Key Cryptography

InPublic-key cryptography there exists

two keys:

Public key

The public key is announced to the public.

Example: Alice sends a message to Bob

Alice uses the “public key” to encrypt the

message

Private key

The private key is kept by the receiver

Bob uses the “private key” to decrypt the

message

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 51

Public-Key Cryptography

Public-Key (Advantages)

Public key encryption has two

advantages:

The First advantage is:

It removes the restriction of a shared

symmetric key between two entities

In a shared symmetric key the key is

shared by two parties and cannot be

used when one wants to communicate

with a third party

In public key each entity creates a pair

of keys, private one is kept and the

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 53

public one is distributed

Public-Key (Advantages)

The number of keys needed is reduced

greatly

In this system for 1 million users to

communicate only 2 million keys are

needed.

Whereas in symmetric key encryption

500 billion would be needed

Public-Key (Disadvantages)

The two disadvantages are:

The complexity of the algorithm, to

be effective algorithm needs large

numbers

Takes a lot of time for large amount of

text

The association between an entity

and its public key must be verified.

In other words if Alice sends her public

key to Bob in an email, Bob must be

sure it really is Alice’s key.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 55

RSA algorithm

The most common public-key algorithm

is:

RSA (Rivest, Shamir, and Adleman) method.

The private key is a pair of numbers (N, d)

The public key is also a pair of numbers (N,

e)

The sender uses the following algorithm

to encrypt:

C = P e mod N

P is the plain-text, C is the number that

represents the cipher-text.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 56

RSA algorithm

The receiver uses the following

algorithm to decrypt:

P = C d mod N

d and N are components of the

private key

P is the plain-text, C is the number

that represents the cipher-text

RSA algorithm – an Example

Private key is the pair (119, 77) public key

is the pair (119, 5).

The sender sends the character ‘F’.

Encryption calculates 65 mod 119 = 41

This number is sent to the receiver as the

cipher text.

The receiver calculates P = 4177 mod 119 =

6.

The number 6 is then interpreted as ‘F’.

For security reasons large numbers are

used for ‘d’ and ‘e’.

Uses number theory to choose ‘N’ , ‘d’, and

‘e’.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 58

RSA algorithm

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 60

Message Security

Privacy: achieved using shared-key or

public-key

Authentication: verifying sender’s identity.

Integrity: data must arrive exactly as it was

sent.

Non-repudiation: receiver must be able to

prove that a message

Message came from a specific

sender. Security

Privacy with Shared-key

encryption

Privacy with Public-key

encryption

Use of Digital Signature

Digital signatures provides each of

the following services.

Message Authentication: means a

receiver has to be sure of the sender’s

identity.

Integrity: means that data must arrive

exactly as it was sent.

Non-repudiation: means a receiver

must be able to prove that a message

came from a specific sender.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 64

What is Digital Signature?

Similarto the signing of a

document.

Have two choices:

entiredocument can be signed or

a digest of the document can be

signed

Public-key encryption can be used

to sign a document or the digest

the private key is used for encryption

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 65

and

Signing the whole document

privacy

If there is a need for privacy, another

layer of encryption & decryption must be

applied with Bob’s Public & Bob’s

private-key

What is Digest?

Public-key encryption is inefficient

if the message is long

The solution is to let the sender

sign a digest instead of the whole

document

To create a digest a “hash

function” is used

The hash function creates a fixed

length digest from a variable-

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 67

Hash function & Message

Digest

Hash Functions

Hash is also called message digest

One-way function: Cannot find the

message given a digest

Arbitrary-length message to fixed-

length digest

Most common hash functions are:

MD5 ( Message Digest 5)

MD5 produces a 128-bit digest

SHA-1 (Secure Hash Algorithm-1)

SHA-1 produces a 160-bit digest

Hash Functions

Most common hash functions are:

MD5 ( Message Digest 5)

MD5 produces a 128-bit digest

SHA-1 (Secure Hash Algorithm-1)

SHA-1 produces a 160-bit digest

After the digest has been created,

it is encrypted using the sender’s

private key

Signing the Digest at Sender’s

site

Verifying the signed Digest at Receiver’s

site

Pretty Good Privacy – a

History

PGP is a personal high-security

cryptographic software application that

allows people to exchange messages or

files with privacy, authentication, and

convenience.

PGP can be used to encrypt and digitally

sign files and e-mail.

Developed by Phil Zimmerman in the mid

‘80s.

First version released on the Internet in

1991;

Encountered legal issues on its use of RSA

and Merkle-Hellman cryptography patents.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 73

Pretty Good Privacy

PGP stores each public key in a key

certificate which contains:

The public key itself.

The ID of the key’s creator (usually

name & email address).

The date the key was created &

expiration date.

A list of digital signatures provided

by people who attest to the key’s

authenticity.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 74

PGP – at sender’s site

PGP – at receiver’s site

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 77

Block Ciphers

Modern ciphers use a block of bits

as the unit of

encryption/decryption.

It can be implemented in hardware

or software.

Hardware implementation is

faster.

Block Ciphers

Data Encryption Standard

(DES)

One example of a complex block

cipher is the Data Encryption

Standard (DES).

DES was designed by IBM

Adopted by the U.S. government

as the standard encryption

method for non-military use.

DES Procedure

DES Algorithm

The alogrithim for it is complex

however very straight-forward

There are two basic steps:

Confusion and Diffusion

After each of the these steps are

down, a permutation or shift is

performed

This process is known as a round

To complete the algorithim, this

process is repeated 16 times

Hence DES is a 16 round algorithim

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 82

Data Encryption Standard

(DES)

The algorithm encrypts a 64-bit

plaintext using a 56-bit key.

The text is put through 19 different

complex procedures to create a 64-bit

cipher text.

DES has 2 transposition blocks, one

swapping and 16 complex blocks

called “Iteration blocks”.

Each “Iteration block” uses a different

key derived from the original key.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 83

DES Procedure

DES Algorithm (contd.)

Permutation-Box (P-box) performs a

transposition at the bit level

(Confusion)

During each round, the 64-bit block is

split

Each half is expanded to 48 bits

(Diffusion), then substituted with 48

bits of the key

As with most ciphers, the heart of the

algorithim is in the key

The key for the DES is a 56-bit number in

a hexidecimal format.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 85

P- Box

Input bits

Output bits

DES - Confusion & Diffusion

P-Box creates confusion in each 64 bit

block

Iteration block divides this into two 32

bit blocks

2nd 32 bits block is swapped and put in

the beginning of the block

Also 2nd 32 bits block diffused to 48 bits

by adding additional bits before X-OR

ing with 48 bit key

1st 32 bits block is diffused the to 48

bits and X-OR ed with the result of

previous step

The result of the previous steps is

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 87

reduced to 32 bits and stored as 2 32 nd

Iteration Block

Data Encryption Standard

(DES)

DES takes the data and chops

them into 8-byte segments.

The encryption and the key are

the same for each segment.

Critics of DES contend the key is

too short.

Therefore, “Triple DES” was

designed to lengthen the key and

keep the new block compatible

with the original.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 89

Triple DES

DES/Triple DES

TripleDES uses three DES blocks and

two 56-bit keys

DES / triple DES are long cipher

substitutes that operate on 8-

character messages.

The DES/Triple DES uses the same

concept as the Caesar cipher

The encryption/decryption algorithm is

more complex due to the sixteen 48-bit

keys derived from a 56-bit key.

Electronic Code Block Mode

(ECB)

In ECB the message is divided into

64-bit blocks, and encrypt each block

separately.

Encryption is independent for each

block.

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 93

Hash Functions

Hash is also called message digest

One-way function: Cannot find the

message given a digest

Arbitrary-length message to fixed-

length digest

Most common hash functions are:

MD5 ( Message Digest 5)

MD5 produces a 128-bit digest

SHA-1 (Secure Hash Algorithm-1)

SHA-1 produces a 160-bit digest

MD5 algorithm

Message digest algorithm

developed by Ron Rivest

RFC 1321 describes MD5

algorithm

MD5 algorithm takes a message

of arbitrary length and produces a

128-bit digest

The resulting digest is the unique

“fingerprint” of the original

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 95

MD5 Box

Initial F: (x∧y)∨(~x ∧ z)

128-bit vector G:(x ∧ z) ∨(y ∧~ z)

H:x⊕y⊕ z

I: y⊕(x ∧ ~z)

+: binary sum

x↵y: x left rotate y bits

128-bit result

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 96

MD5 Blocks

512: B1

512: B2

MD5

Initial Vector

512: B3

(128 bits) MD5

512: BL

MD5

MD5

MD5 algorithm

Pad message so its length is 448 mod

512

Append a 64-bit length value to message

Initialize 4-word (128-bit) MD buffer

(A,B,C,D)

Process message in 16-word (512-bit)

blocks:

Use 4 rounds of 16 bit operations on

message block & buffer

Add output to buffer input to form new

buffer value

Output hash value is the final buffer

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 98

value

MD5 algorithm

Append PAD (1- 512 bits) Append message

upto 448 mod 512 Length(64 bits)

Message 100…0

L X 512 bits

Block0 Block1 ... Blockn ... BlockL-1

128

... ...

HMD5 HMD5 HMD5 HMD5

MD MD MD

MD

buffer0 buffern bufferL-1

buffer1

128-bit

digest

Note: HMD5 = 4-round compression function

Padding

Message is padded so that its length

in bits is equal to 448 modulo 512

means Length of padded message is 64

bits less than an integer multiple of 512

bits

Padding is always added even if the

message is the desired length(min 1

to max 512 bits)

Padding consists of a single 1 bit

followed by 0 bits (1000~000*)

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 100

Append Length

A 64 bit length field containing

the length in bits of the original

message (before padding) is

appended to the result of

previous step

If the original length is greater

than 264, only the low-order 64

bits of the length are used

The outcome of the adding PAD &

length makes the message a

multiple of 512 bits

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 101

Initialize MD buffer

A 128-bit buffer is used to hold

intermediate and final results of the

hash function

Buffer can be represented as Four 32-

bit registers (A,B,C,D)

As 32 bit strings the init values (in

hex):

word A: 01 23 45 67

word B: 89 AB CD EF

word C: FE DC BA 98

word D: 76 54 32 10

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 102

Message Processing

Message is processed in 512-bit

blocks

Each block goes through a 4

round compression function

After all 512-bit blocks have been

processed, the output from the

compression function is the 128-

bit digest

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 103

MD5 Processing of 512-bit Block

Buffer q 128

Block q

512 A B C D

Round 1

Round 2

Round 3

Round 4

+ + + +

Buffer q +1 128

Round 1 & 2 (F & G)

g = primitive function

X[k] = kth 32-bit word in one of the 512 bit

blocks

T[i] = 232 x abs(sin(i))

Round 1 (F)

g(b,c,d) = (b AND c) OR (NOT b AND d)

k = 0...15

i = 1...16

Round 2 (G)

g(b,c,d) = (b AND d) OR (c AND NOT d)

k = (1 + 5j)mod 16 where j = 1…16

i = 17..32

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 105

Round 3 & 4 (H& I)

Round 3 (H)

g(b,c,d)

= b XOR c XOR d

k = (5 + 3j)mod 16 where j = 1…16

i = 33…48

Round 4 (I)

g(b,c,d) = c XOR (b OR NOT d)

k = 7j mod 16 where j = 1…16

i = 49…64

MD5 Compression Function

Each round (F,G,H & I) has 16 steps of the

form:

a <- b+((a+g(b,c,d)+X[k]+T[i])<<<s)

a,b,c,d refer to the 4 words of the buffer, but

used in varying permutations

note each step updates only 1 word of the buffer

‘s’ is left shift (for more details see RFC 1321)

after 16 steps each word is updated 4 times

g(b,c,d) is a non-linear function in each round

(F,G,H,I)

X[k] is one of the 16 words (32 bits) of the 512

bits block

T[i] is a constant value derived from sine(i)

T[i] =

BRBRAITT/Basics 264 x abs(sin

of Cryptography & Hash Functions/ (take

(i)) Sept 2006 the Integer107

MD5 Compression Function (one

step)

A B C D

+ g

X[k] +

T[i] +

CLSs

A B C D

Security of MD5

MD5 hash is dependent on all message bits

However known attacks include

Berson in 1992 attacked any 1 round using

differential cryptanalysis (but can’t extend)

Boer & Bosselaers in 1993 found a pseudo

collision (again unable to extend)

Dobbertin in 1996 created collisions on MD

compression function (but initial constants

prevent exploit)

Wang et al announced cracking MD5 on Aug 17,

2004 (paper available on Useful Links)

Thus MD5 looks vulnerable soon

Secure Hash Algorithm (SHA)

Developed by NIST(National

Institute of Standards &

Technology), specified in the

Secure Hash Standard (SHS, FIPS

Pub 180), 1993

SHA is specified as the hash

algorithm in the Digital Signature

Standard (DSS) & NIST

Secure Hash Algorithm (SHA-1)

Internet standard is RFC 3174

Produce hash values of 160 bits

Now the generally preferred hash

algorithm

Based on design of MD4 with key

differences

SHA-General Logic

Input message must be < 264 bits

not really a problem

Message is processed in 512-bit

blocks sequentially

Message digest is 160 bits

SHA design is similar to MD5, but

a lot stronger

SHA-1 Algorithm

Buffer q 160

Block q

512 A B C D E

Round 1

Round 2

Round 3

Round 4

+ + + + +

Buffer q +1 160

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 113

SHA-1 Compression Function

Each round has 20 steps which

replaces the 5 buffer words thus:

(A,B,C,D,E) <-

(E+f(t,B,C,D)+(A<<5)+Wt+Kt),A,(B<<30),C,D)

buffer

t is the step number

f(t,B,C,D) is nonlinear function for

round

Wt is derived from the message block

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 114

SHA-1 Compression Function

A B C D E

ft +

S5 +

+ Wt

S30 + Kt

A B C D A

Basic Steps

Step1: Padding

Step2: Appending length as 64 bit

unsigned

Step3: Initialize MD buffer five 32-bit

words

A|B|C|D|E

A = 67452301

B = efcdab89

C = 98badcfe

D = 10325476

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 116

E = c3d2e1f0

Basic Steps...

Step 4: the 80-step processing of

512-bit blocks (4 rounds x 20

steps each)

Each step t (0 <= t <= 79):

Input:

Wt – a 32-bit word from the message

Kt – a constant.

ABCDE: current MD (160 bits)

Output:

ABCDE: new MD (160 bits)

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 117

Constant (Kt ) for each round

Distinctive additive constants

Round 1:

0 <=t<= 19 Kt = 5A827999

Round 2:

20<=t<=39 Kt = 6ED9EBA1

Round 3:

40<=t<=59 Kt = 8F1BBCDC

Round 4:

60<=t<=79 Kt = CA62C1D6

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 118

Basic Logic Functions

Only 3 different functions

Round Function

ft(B,C,D)

0 <=t<= 19 (B∧C)∨(~B ∧D)

20<=t<=39 B⊕C⊕D

40<=t<=59 (B∧C)∨(B∧D)∨(C∧D)

60<=t<=79 B⊕C⊕D

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 119

Mixing of Wt’s

Additional mixing used with input

message 512-bit block

For 15 < t <80:

Wt = Wt-16 ⊕Wt-14 ⊕Wt-8 ⊕Wt-3

XOR is a very efficient operation

(with multilevel shifting it

produces very extensive and

random mixing)

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 120

MD5 (Actual Sample)

The MD4, MD5 and SHA-1 algorithms are secure hash functions.

They take a string input, and produce a fixed size number - 128

bits for MD4 and MD5; 160 bits for SHA-1. This number is a hash

of the input - a small change in the input results in a substantial

change in the output. The functions are thought to be secure, in

the sense that it would require an enormous amount of

computing power to find a string which hashes to a chosen value.

In others words, there's no way to decrypt a secure hash. The

uses of secure hashes include digital signatures and challenge

Input hash authentication

MD5 Box

c530bc8598173467fafa354dce9048bb

Output

SHA-1 (Actual sample)

The MD4, MD5 and SHA-1 algorithms are secure hash

functions. They take a string input, and produce a fixed

size number - 128 bits for MD4 and MD5; 160 bits for SHA-

1. This number is a hash of the input - a small change in

the input results in a substantial change in the output. The

functions are thought to be secure, in the sense that it

would require an enormous amount of computing power to

find a string which hashes to a chosen value. In others

words, there's no way to decrypt a secure hash. The uses

Input of secure hashes include digital signatures and challenge

hash authentication

SHA-1 Box

b4078946a42c9cabf175ebc2d41d9171a804c91b

Output

SHA-1 vs MD5

Not vulnerable to any known

attacks (compared to MD4 and

MD5)

A little slower than MD5 (80 vs 64

steps)

Optimised for big-endian CPU’s

(vs MD5 which is optimised for

little-endian CPU’s)

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 123

Revised Secure Hash Standard

NIST issued a revision FIPS 180-2

in 2002

Add 3 additional hash algorithms

(SHA-256, SHA-384, SHA-512)

Structure and details are similar

to SHA-1

Hence analysis should be similar

RIPEMD-160

Developed by RIPE

Réseaux IP Européens (RIPE)

Originally

a 128-bit RIPEMD

Now 160-bit RIPEMD

INPUT: a message of arbitrary

length

Overall processing: Similar to MD5

with a block length of 512 bits and a

hash length of 160 bits

Output: 160-bit message digest

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 125

RIPEMD-160 (Processing)

Initialize MD buffer

160-bit buffer

5 32-bit registers (A, B, C, D, E)

Initial Vector:

{A=67452301,B=EFCDAB89,C=98B

ADCFE,D=10325476,E=C3D2E1F0}

Stored in little-endian format as

MD5

SHA-1 stores and processes the

data in big-endian format

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 126

RIPEMD-160 (Processing)

Process message in 512bit blocks

Module that consists of 10 rounds of

processing of 16 steps each

10 rounds are arranged as 2 parallel lines

of 5 rounds

4 rounds have a similar structure, but each

uses a different primitive logical

function(f1,f2,f3,f4,f5)

INPUT: 512-bit block Yq, 160-bit CVq

ABCDE(L), A’B’C’D’E’(R)

Each round uses an additive 9 constants

OUTPUT: CV

BRBRAITT/Basics of Cryptography q+1 (addition is

& Hash Functions/ Sept 2006 mod 232

) 127

RIPEMD-160 (2x5=10 Rounds)

RIPEMD-160 (Compression)

Each round consists of a sequence of 16

steps

The processing algorithm of one round

A:=CVq(0);B:=CVq(1);C:=CVq(2);D:=CVq(3);E:= CVq(4)

A’:=CVq(0);B’:=CVq(1);C’:=CVq(2);D’:=CVq(3);E’:= CVq(4)

for j=0 to 79 do

T:=rols(j)(A+f(j,B,C,D)+Xr(j)+K(j))+E;

A:=E;E:=D;D:= rol10(C);C:=B;B:=T;

T:=rols’(j)(A’+f(79-j,B’,C’,D’)+Xr’(j)+K’(j))+E’;

A’:=E’;E’:=D’;D’:= rol10(C’);C’:=B’;B’:=T’;

enddo

CVq+1(0)=CVq(1)+C+D’; CVq+1(1)=CVq(2)+D+E’;

CVq+1(2)=CVq(3)+E+A’; CVq+1(3)=CVq(4)+A+B’;

CVq+1(4)=CV

BRBRAITT/Basics q(0)+B+C’;

of Cryptography & Hash Functions/ Sept 2006 129

RIPEMD-160 Single step

Performance Comparison

Length Steps per m Speed

Round Messag

MD4 128 3 x 16 e size

Infinity 1.00

MD5 128 4 x 16 Infinity 0.68

RIPEMD- 128 4 x 16 twice Infinity 0.39

128 (in

SHA-1 160 parallel)

4 x 20 264-1 0.28

RIPEMD- 160 5 x 16 twice Infinity 0.24

160 (in

parallel)

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 131

Message Authentication Code -

MAC

Message is hashed and sent along

with the message for

authentication

Since it was also vulnerable to

attack “keyed hash functions as

MAC” are developed

“Keyed hash functions as MAC” is

designed to provide high level

security for Authentication

services

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 132

HMAC – Keyed Hash Functions as

MAC

Desirable to create a MAC using a

hash function rather than a block

cipher

hash functions are generally faster

Hash includes a key along with

the message

Original proposal:

KeyedHash = Hash(Key|Message)

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 133

HMAC

Specified as Internet standard RFC

2104

Use hash function on the message:

HMACK =

Hash[(K+ XOR opad) ||Hash[(K+ XOR pad)||

M)]]

K+ is the key padded out to size

opad, ipad are specified padding

constants

Any of MD5, SHA-1, RIPEMD-160 can

be used

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 134

HMAC Structure

HMAC Algorithm

Append zeros to the left end of K to

create a b-bit string K+

XOR K+ with ipad to produce the b-bit

block Si

Append M to Si

Apply H to the stream generated in step

3

XOR K+ with opad to produce the b-bit

block So

Append the hash result from step 4 to So

Apply H to the stream generated in step

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 136

BRBRAITT/Basics of Cryptography & Hash Functions/ Sept 2006 137