SOS End Term Report

CRYPTOGRAPHY
July 26, 2024
Mentee: Pyla Ramya (22b1305)
Mentor: Siddhant Chourasia
CONTENTS:
• What is Cryptography?
• Block Cipher
• Stream Cipher
• RSA Cryptosystems
• Hash Functions
• Message Authentication
• Diffie-Hellman Key exchange
• Elliptic Curve Cryptography
• ElGamal Signature Scheme:
• Shannon’s Theory
• One-Time Pad
• Post Quantum Cryptography
• Lattice Based Cryptography
• Key distribution and agreement schemes
What is Cryptography?
Cryptography is all about keeping information safe by changing it into a code
that only someone with the right key can read. It uses different tricks and
methods to protect data from being accessed by anyone who shouldn't see it.
This ensures the information stays private, accurate, genuine, and can't be
denied or tampered with. Encryption, Decryption, authentication, certificates,
keys, signatures, hash functions are some terms associated with cryptography.
Cryptography is widely used in various applications, including secure
communication, secure storage of data, authentication systems, digital
signatures, and more. It is a critical component in ensuring the security and
privacy of digital information in today's interconnected world.

Encryption: The process of converting readable data (plaintext) into an

unreadable format (ciphertext) using an algorithm and a key.

Decryption: Converting the ciphertext back to the plaintext.

Keys:
Secret Key: Used in symmetric encryption, must be kept secret between the
communicating parties.

Public and Private Keys: Used in asymmetric encryption. The public key can
be shared openly, while the private key must be kept secure.

Hash Functions: A function that takes an input and produces a fixed-size

string of characters, which appears random. The output is unique to the input

Challenges in Cryptography
1. Key Management: Securely generating, distributing, and storing
cryptographic keys.

2. Cryptanalysis: The study of analysing and breaking cryptographic

algorithms. Constantly evolving threats require ongoing updates and
improvements to cryptographic methods.

3. Performance: Balancing security with performance, especially in

resource-constrained environments like mobile devices.
Private key cryptosystem:

BLOCK CIPHER:
A block cipher is a method of encrypting data in fixed-size blocks using a
symmetric key. It is a fundamental component of modern cryptographic
algorithms and is widely used for securing data.
The data to be encrypted is divided into blocks of a fixed size (e.g: 128 bits). If
the data does not perfectly fit into these blocks, padding is added to fill the last
block.
Each block is encrypted separately using the same secret key and a
cryptographic algorithm. The process transforms plaintext blocks into
ciphertext blocks.
The ciphertext blocks are decrypted using the same key and algorithm to
retrieve the original plaintext blocks.
A secret key is used for both encryption and decryption. The security of the
encrypted data depends on the secrecy of this key.
Popular Block Ciphers include AES (Advanced Encryption Standard), DES (Data
Encryption Standard).
Applications:
Encrypting data in communication, such as emails and secure web traffic
(HTTPS).
Encrypting files,
disks, and
databases to
protect sensitive
information at
rest.
Protecting
digital content
from
unauthorized
access and
copying.

STREAM CIPHER:
A stream cipher is a method of encrypting data where each bit or byte of the
plaintext is encrypted one at a time, using a corresponding bit or byte from a
pseudorandom keystream. Stream ciphers are typically faster and more
suitable for encrypting data of arbitrary length compared to block ciphers.
A stream cipher generates a keystream, a sequence of bits or bytes that appear
random. Each bit or byte of the plaintext is XORed with the corresponding bit
or byte of the keystream to produce the ciphertext. The ciphertext is XORed
with the same keystream to retrieve the original plaintext.
Stream ciphers are typically faster than block ciphers because they operate on
smaller units of data and can start encrypting before all the data is available.
Stream ciphers generally have limited error propagation. A single bit error in
the ciphertext affects only the corresponding bit in the plaintext.

RSA Cryptosystem:
The RSA cryptosystem is one of the most widely used public-key cryptographic
systems. It is named after its inventors, Ron Rivest, Adi Shamir, and Leonard
Adleman, who introduced it in 1977. RSA is used for secure data transmission,
particularly in situations where secure key exchange and digital signatures are
required.
Key Generation:
1: Select two large prime numbers, p and q.
2: Compute their product, n=pq. The number n is used as the modulus for both
the public and private keys
3: Compute the totient function, ϕ(n)=(p−1) (q−1)
4: Choose an integer e such that 1<e<ϕ(n) and gcd (e,ϕ(n))=1. The integer e is
the public exponent.
5: Compute the private exponent d such that ed≡1 (mod ϕ(n)). This means that
d is the modular multiplicative inverse of e modulo ϕ(n).
Public Key: The public key is the pair (e, n)
Private Key: The private key is the pair (d, n).
Encryption:
• To encrypt a message m, first ensure m is an integer such that 0≤m<n.
If the message is too long, it should be divided into smaller blocks.
• Compute the ciphertext c using the public key (e, n):c =𝑚𝑒 (mod n)
Decryption:
• To decrypt the ciphertext c, compute the plaintext message m using the
private key (d, n): m=𝑐 𝑑 (mod n).

The strength of RSA increases with the size of the keys. Common key sizes are
2048 bits and 4096 bits. Larger keys provide more security but require more
computational resources.

HASH FUNCTIONS:
They take an input (or "message") and return a fixed-size string of bytes. The
output, (or "digest") appears random and unique to each unique input. The same
input will always produce the same hash output. Regardless of the input size,
the hash output is always of a fixed size.
Applications:
Hash functions are used to create digital signatures, which verify the
authenticity and integrity of a message, software, or digital document.

Instead of storing passwords in plaintext, systems store the hash of passwords.

When a user logs in, the system hashes the inputted password and compares it
to the stored hash.

MESSAGE AUTHENTICATION:
Message authentication ensures the integrity and authenticity of a message in
communication systems. It involves verifying that a message has not been
altered during transmission and that it originates from a legitimate sender.

Integrity: Ensures that the message has not been tampered with or altered during
transmission.

Authenticity: Confirms that the message comes from the claimed sender,
preventing impersonation.

A secret key shared between the sender and the receiver is used. The sender
generates a MAC from the message using the secret key and sends both the
message and the MAC. The receiver generates a MAC from the received
message using the same secret key and compares it to the received MAC. If
they match, the message is authenticated.
Diffie-Hellman Key exchange:
The Diffie-Hellman key exchange enables two parties to securely share a
common secret key over an insecure communication channel. This shared key
can then be used for symmetric encryption. The protocol was proposed by
Whitfield Diffie and Martin Hellman in 1976.

How Diffie-Hellman Key Exchange Works:

1. Selection of Public Parameters:

Both parties agree on two large prime numbers: g (a generator) and p (a

prime modulus). These values can be public.

2. Private Keys:

Each party selects a private key:

▪ Alice selects a private key a.

▪ Bob selects a private key b.
3. Calculation of Public Keys:

Each party computes a public key using the shared public parameters and
their private key:

▪ Alice computes A= 𝑔𝑎 mod p and sends A to Bob.

𝑏
▪ Bob computes B= 𝑔 mod p and sends B to Alice.
4. Shared Secret Calculation: Each party uses their own private key and
the other party’s public key to compute the shared secret:
𝑎
▪ Alice computes the shared secret as s=𝐵 mod p
𝑏
▪ Bob computes the shared secret as s=𝐴 mod p

Due to the properties of modular arithmetic, both Alice and Bob will arrive at
the same shared secret, s.
Elliptic Curve Cryptography:
Elliptic Curve Cryptography (ECC) is a form of public key cryptography that is
based on the mathematical structure of elliptic curves over finite fields. ECC
provides similar levels of security to traditional public key cryptosystems like
RSA but with much smaller key sizes, leading to faster computations and
reduced storage requirements. This makes ECC particularly well-suited for use
in resource-constrained environments such as mobile devices and smart cards.

ECC is based on the elliptic curve discrete logarithm problem (ECDLP), which
is considered hard to solve. This provides a strong security foundation.

ElGamal Signature Scheme:

The ElGamal signature scheme is a cryptographic protocol used for digital
signatures. Named after its creator, Taher ElGamal, it is based on the ElGamal
encryption scheme, which itself relies on the difficulty of solving the discrete
logarithm problem in a finite field. The ElGamal signature scheme provides
authenticity, integrity, and non-repudiation for messages.
Discrete Logarithm Problem:
The security of the ElGamal signature scheme is based on the difficulty of
solving the discrete logarithm problem, which is finding x given g, p, and y
such that y=𝑔 𝑥 mod p.

Finite Fields: The operations are performed in a finite field defined by a large
prime number p.

Key Generation:

1. Choose a large prime number p.

2. Select a generator g such that g is a primitive root modulo p.
3. Choose a private key x such that 1<x<p−1.
4. Compute the public key y as y= 𝑔 𝑥 mod p.

Public Key: (p, g, y)

Private Key: x

To sign a message mmm:

1. Select a random integer k such that 1<k<p−1 and gcd(k, p-1) = 1.
2. Compute r=𝑔𝑘 mod p
3. Compute s=𝑘 −1 (m−xr) mod (p−1) where 𝑘 −1 is the modular inverse of k
modulo (p−1)

The signature of the message m is the pair (r, s).

SHANNON’S THEORY:
Concept of Perfect Secrecy: In his seminal 1949 paper "Communication
Theory of Secrecy Systems," Shannon introduced the concept of perfect
secrecy. A cryptographic system achieves perfect secrecy if the ciphertext
reveals no information about the plaintext, even if the adversary knows the
encryption algorithm and has infinite computational resources.

Mathematical Definition: A cipher has perfect secrecy if, for every plaintext
P and ciphertext C, P(C∣P)=P(C)
This implies that the probability distribution of the ciphertext C is independent
of the plaintext P.

Shannon's notion of entropy, a measure of uncertainty or randomness, is crucial

in cryptography. High entropy in keys and messages ensures greater security.

Entropy quantifies the amount of unpredictability or information content. For a

cryptographic key, high entropy means the key is difficult to guess or brute-
force.

Shannon introduced the concept of unicity distance U, the minimum amount of

ciphertext required to uniquely determine the encryption key.

Formula:

The unicity distance U can be approximated as:

U≈H(K)/((H(P)−H(C))

where H(K) is the entropy of the key,

H(P) is the entropy of the plaintext, and

H(C) is the entropy of the ciphertext.

A higher unicity distance indicates stronger cryptographic security.

Shannon proposed two principles for designing secure cryptographic systems:

Confusion:

Ensuring that the relationship between the ciphertext and the key is as complex
as possible. This makes it difficult for attackers to find patterns.

Diffusion:

Spreading out the influence of each plaintext symbol over many ciphertext
symbols to hide statistical properties of the plaintext.

ONE-TIME PAD:
The one-time pad (OTP) is a cryptographic technique that provides theoretically
unbreakable encryption. It was first described by Gilbert Vernam in 1917 and
later proved to be perfectly secure by Claude Shannon.
A one-time pad achieves perfect secrecy, meaning that the ciphertext produced
using OTP does not reveal any information about the plaintext. This is because
every possible plaintext is equally likely given a particular ciphertext.

Key Requirements:
• The key must be as long as the message.
• The key must be truly random.
• The key must be used only once.

• Both the sender and the receiver must securely share the key and keep it
secret.

Encryption

1. Plaintext and Key:

1. Let the plaintext be a sequence of characters: P=P1,P2,...,Pn
2. Let the key be a sequence of random characters of the same length:
K=K1,K2,...,Kn
2. XOR Operation:
1. Convert each character to its binary representation.
2. Perform a bitwise XOR operation between the plaintext and the
key to produce the ciphertext: Ci=Pi⊕Ki
3. Ciphertext:
The resulting ciphertext is C=C1,C2,...,Cn
Decryption

1. XOR Operation:
The receiver, who has the key, performs the same bitwise XOR
operation between the ciphertext and the key to retrieve the
plaintext: Pi=Ci⊕Ki

2. Plaintext:

The resulting plaintext is P=P1,P2,...,Pn

POST QUANTUM CRYPTOGRAPHY:

Post-quantum cryptography (PQC) refers to cryptographic algorithms that are
designed to be secure against the potential threats posed by quantum computers.
Quantum computers, leveraging principles of quantum mechanics, have the
potential to solve certain mathematical problems much more efficiently than
classical computers. This capability poses a significant risk to many of the
cryptographic systems currently in use.

Quantum computers can tackle problems that are really hard for regular
computers. For example, Shor's algorithm lets quantum computers quickly
factor large numbers and solve discrete logarithms, which would break common
encryption methods like RSA and ECC (Elliptic Curve Cryptography).

A lot of our current encryption relies on the difficulty of certain math problems,
like factoring big numbers and solving discrete logarithms. Quantum computers
can solve these problems easily, making today’s public-key cryptosystems
insecure.

Creating and rolling out new encryption standards isn't a quick process. To get
ready for the quantum age, we need to start researching, standardizing, and
switching to quantum-resistant algorithms well before powerful quantum
computers become available.
LATTICE BASED CRYPTOGRAPHY:
Lattice-based cryptography is a type of cryptographic system that uses the
mathematical structure of lattices to build secure cryptographic protocols.

A lattice in mathematics is a grid-like structure in an n-dimensional space

formed by linear combinations of basis vectors.

Common Lattice-Based Cryptographic Schemes:

Learning With Errors (LWE):

LWE is a key concept in lattice-based cryptography, known for its difficulty.

Many encryption systems rely on it for security.

Encryption: Public-key encryption methods, like the Regev scheme, are based
on the LWE problem's complexity.

Ring-Learning With Errors (Ring-LWE):

This is a version of LWE that uses polynomial rings, making it more efficient.

NTRU Encrypt:

It uses polynomial rings for its operations, making it computationally efficient.

KEY DISTRIBUTION AND AGREEMENT SCHEMES:
These schemes enable the safe exchange and management of cryptographic
keys, which are crucial for encrypting and decrypting messages.
Manual Key Distribution:
Keys are physically exchanged between parties. This method is secure
but impractical for large-scale communication.
Trusted Third Party (TTP):
A trusted entity (such as a Key Distribution Center (KDC)) generates and
distributes keys to communicating parties.
Public Key Infrastructure (PKI):
• Uses a hierarchical structure of Certificate Authorities (CAs) to issue
digital certificates that verify the ownership of public keys.
• Example: SSL/TLS certificates used in HTTPS to secure web
communications.
Key agreement schemes allow two parties to securely establish a shared secret
key over an insecure communication channel.
Some common key agreement schemes include:
• Diffie-Hellman Key Exchange (DH)
• Elliptic Curve Diffie-Hellman (ECDH)
• RSA key exchange

References:
1. Cryptography : Theory and Practice Fourth Edition
[Douglas R. Stinson and Maura B. Paterson]
2. Cryptography: An introduction Third Edition [Nigel Smart]
THANK YOU