CRYPTOGRAPHY NOTES

SEMESTER – VII
Course Code 18CS744
Module 1

The key concepts related to cryptography and cryptanalysis:

1. Plaintext: This is the original message or data that you want to keep secure. It is the input
to the encryption process.
2. Ciphertext: This is the result of encrypting the plaintext. It's the coded or scrambled version
of plaintext, which is not easily readable without the proper decryption key.
3. Encryption: The process of converting plaintext into ciphertext is called encryption or
enciphering. This is done to protect the confidentiality and integrity of the information.
4. Decryption: The reverse process of converting ciphertext back into plaintext is called
decryption or deciphering. Decryption is performed with a specific decryption key to reveal
the original message.
5. Cryptography: This is the field of study that deals with secure communication techniques,
including encryption and decryption methods. It focuses on protecting information from
unauthorized access or tampering.
6. Cryptographic System or Cipher: A cryptographic system, often referred to as a cipher, is a
specific set of algorithms, keys, and protocols used for encryption and decryption. Different
ciphers have varying levels of complexity and security.
7. Cryptanalysis: Cryptanalysis is the study of analyzing and breaking cryptographic systems
or ciphers without knowledge of the decryption key. It involves attempting to find
vulnerabilities in the encryption method to recover the plaintext without the proper key.
8. Cryptology: Cryptology is the broader field that encompasses both cryptography and
cryptanalysis. It deals with the study of secure communication and includes both the design
of secure systems (cryptography) and the efforts to break or compromise them
(cryptanalysis).

Symmetric Cipher Model:

• Plaintext: The original, understandable message or data fed into the algorithm as input.
• Encryption Algorithm: This algorithm applies various substitutions and transformations to
the plaintext.
• Secret Key: An input independent of both the plaintext and algorithm, influencing the
algorithm's output. The exact transformations depend on the key.

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 1

 • Ciphertext: The scrambled output message, dependent on both the plaintext and the
secret key. Different keys yield different ciphertexts, which appear as seemingly random
data and are unintelligible.
• Decryption Algorithm: Essentially the reverse of the encryption algorithm. It takes the
ciphertext and secret key to produce the original plaintext.

The two key requirements for secure use of conventional encryption:

1. Strong Encryption Algorithm: The encryption algorithm should be robust enough that even
if an adversary knows the algorithm and has access to ciphertexts, they should not be able
to decipher the ciphertext or uncover the encryption key. This requirement is often stated
more rigorously: the adversary should not be able to decrypt ciphertexts or discover the
key, even if they possess multiple ciphertexts along with the corresponding plaintexts.
2. Secure Key Management: Both the sender and receiver must securely obtain and protect
copies of the secret key. If an unauthorized party can obtain the key and knows the
algorithm, all communications encrypted with that key become readable to them.

Model of Symmetric Cryptosystem:

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 2

 1. Secure Symmetric Encryption: Symmetric encryption assumes that it's impractical to
decrypt a message solely based on the ciphertext and knowledge of the
encryption/decryption algorithm. The algorithm doesn't need to be kept secret; only the
key must remain confidential. This characteristic makes symmetric encryption practical for
widespread use, and manufacturers have developed low-cost encryption chip
implementations because of it. The primary security concern with symmetric encryption is
safeguarding the secrecy of the key.
2. Essential Elements of Symmetric Encryption: In a symmetric encryption scheme, a plaintext
message, typically represented as X = [X1, X2, ..., XM], is produced. This message is
composed of finite alphabet characters, often represented in a binary alphabet. An
encryption key, K = [K1, K2, ..., KJ], is generated and must be securely transmitted to the
recipient via a secure channel or a third party. With the message X and encryption key K as
inputs, the encryption algorithm produces ciphertext Y = [Y1, Y2, ..., YN], which can be
represented as Y = E(K, X), signifying that Y is created using encryption algorithm E, taking
plaintext X as input and using the specific function determined by key K.
3. Decryption by the Receiver: The intended receiver, possessing the key, can invert the
transformation by using decryption algorithm D, which results in the retrieval of the original
plaintext: X = D(K, Y).
4. Adversary's Perspective: An adversary, having observed ciphertext Y but lacking access to
key K or plaintext X, may attempt to recover X, K, or both X and K. It is assumed that the
adversary knows the encryption (E) and decryption (D) algorithms. If the adversary is only
interested in the current message, the focus is on recovering X by generating a plaintext
estimate Xn. However, in cases where the adversary seeks to read future messages, the aim
is to recover the key K by generating an estimate Kn.

Cryptographic systems can be categorized based on three key aspects:

1. Transformation Methods: Cryptographic systems employ operations like substitution and

transposition to convert plaintext into ciphertext. These operations are reversible, ensuring
that no information is lost. Many systems involve multiple stages of these operations.
2. Number of Keys: The use of keys distinguishes systems. In symmetric encryption, both
sender and receiver share the same key, while asymmetric encryption involves different
keys for each. Symmetric is also known as single-key or secret-key encryption, while
asymmetric is termed two-key or public-key encryption.
3. Plaintext Processing: Cryptographic systems can process plaintext in two ways: block cipher
processes it block by block, producing an output block for each input block, while a stream
cipher processes elements continuously, generating output one element at a time as it
goes.

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 3

Types of Attacks on Encrypted Messages:

• Cryptanalytic Attacks: There are two main approaches to attacking encryption systems:
• Cryptanalysis: Utilizes knowledge of the algorithm and characteristics of plaintext
to deduce specific plaintext or the encryption key.
• Brute-Force Attack: Tries every possible key on ciphertext until a readable
translation into plaintext is obtained. On average, half of all possible keys must be
tried for success.
• Attack Types Based on Information Known to Cryptanalyst:
• Ciphertext-Only Attack: Most challenging, only ciphertext is known.
• Known-Plaintext Attack: Analyst has knowledge of some plaintext and
corresponding ciphertext.
• Probable-Word Attack: Focuses on specific information in the message, aiding
decryption.
• Chosen-Plaintext Attack: Analyst can choose messages to encrypt, potentially
revealing the key structure.

• Security of Encryption Schemes:

• Encryption schemes aim for computational security, making breaking the cipher
impractical or time-consuming.
• There's no unconditionally secure encryption algorithm, except the one-time pad.
• Cryptanalysis Approach for Symmetric Encryption:

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 4

 • Relies on recognizing traces of structure or patterns in the plaintext, discernible
even after encryption.
• Public-key schemes have a different basis for cryptanalysis, deducing one key from
the other based on mathematical properties.
• Brute-Force Attack Details:
• Involves trying all possible keys to achieve success.
• Requires recognition of plaintext without known plaintext, which can be challenging
depending on the type of data being encrypted. Recognizing the expected plaintext
is essential.

Substitution Techniques:
Classical encryption methods demonstrate key principles in symmetric encryption and potential
cryptanalytic attacks. The fundamental elements in all encryption techniques are substitution and
transposition.
Substitution techniques involve replacing letters, numbers, or symbols in the plaintext with other
characters, or in the case of binary data, substituting bit patterns in the plaintext with
corresponding bit patterns in the ciphertext.

The Caesar Cipher:

The Caesar Cipher, attributed to Julius Caesar, is one of the earliest and simplest substitution
ciphers. In this cipher, each letter of the alphabet is replaced with the letter located three positions
further down the alphabet.
For example:
• Plain: "meet me after the toga party"
• Cipher: "PHHW PH DIWHU WKH WRJD SDUWB"
The alphabet wraps around, so after 'Z,' it goes back to 'A.' The transformation can be represented
as follows:
• Plain : a b c d e f g h i j k l m n o p q r s t u v w x y z
• Cipher: d e f g h i j k l m n o p q r s T u v w x y z a b c
Each letter is assigned a numerical equivalent for the transformation.

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 5

The Caesar Cipher is a simple example of a substitution cipher where each letter is shifted by a
fixed number of positions.
Encryption Algorithm:
• For each plaintext letter 'p,' substitute the ciphertext letter 'C' using the formula:
C = E(k, p) = (p + k) mod 26,
where 'k' is the shift value.
Decryption Algorithm:
• To decrypt, you use the reverse process with the same shift value 'k':
p = D(k, C) = (C - k) mod 26.
The shift value 'k' can be any value in the range from 1 to 25, as it determines how much the letters
are shifted in the alphabet. This simple algorithm is at the core of the Caesar Cipher, and different
shift values result in different encrypted messages. However, with only 25 possible keys, the Caesar
Cipher is not very secure and can be easily cracked through brute-force attacks.
Brute-force cryptanalysis of a Caesar cipher is straightforward when certain conditions are met:
1. Known Algorithms: Both the encryption and decryption algorithms are well-known, making
it easy to apply these processes.
2. Limited Keys: The Caesar Cipher has a fixed key space of 25 possible keys, as there are 25
possible shift values to try.
3. Recognizable Language: The language of the plaintext is known and easily recognizable,
which aids in deciphering the message.
When these conditions are satisfied, as in the case of a Caesar cipher, a brute-force attack becomes
practical, as demonstrated in Figure 2.3, where trying all possible keys reveals the plaintext.
However, it's important to note that this level of security is quite weak for modern encryption
needs.
Monoalphabetic Ciphers
The Caesar cipher, with only 25 possible keys, lacks security. To enhance security, a more robust
approach is to allow arbitrary substitutions, which dramatically increases the key space. This is
achieved through permutations, which represent all possible orderings of elements in a set. For
example,
if the set is {a, b, c}, there are six permutations: abc, acb, bac, bca, cab, and cba.
In general, there are n! permutations for a set of n elements. This approach significantly improves
security compared to the Caesar cipher.

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 6

Relative Frequency of Letters in English Text

A monoalphabetic substitution cipher uses a single fixed substitution for each letter, providing
limited security. The security can be significantly improved by using a monoalphabetic substitution
cipher with homophones. In this method, a single letter can be replaced with multiple substitutes
known as homophones. These homophones can be assigned to each letter in rotation or randomly,
and the number of substitutes for each letter can be proportional to the relative frequency of that
letter. This approach effectively obliterates single-letter frequency information.
However, even with homophones, monoalphabetic ciphers are relatively easy to break because
they don't fully eliminate multiple-letter patterns in the ciphertext, such as diagram frequencies.
To further enhance security, two principal methods are used in substitution ciphers:
1. Encrypting Multiple Letters: Instead of encrypting one letter at a time, multiple letters of
plaintext can be encrypted together to obscure the structure further.
2. Using Multiple Cipher Alphabets: Employing multiple cipher alphabets provides additional
security. Each alphabet can be used in rotation or based on specific criteria, such as key
positions.
These methods help reduce the likelihood of patterns and regularities from the plaintext surviving
in the ciphertext, making cryptanalysis more challenging.

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 7

Playfair Cipher
The Playfair Cipher is a symmetric-key encryption technique that operates on pairs of letters
(digraphs) within the plaintext, making it a digraph substitution cipher. It was invented by Charles
Wheatstone in 1854 and later promoted by Lord Playfair. The Playfair Cipher offers an improvement
over monoalphabetic substitution ciphers like the Caesar Cipher by providing better security
through digraph substitutions.
I. Key Preparation:
1. Start with a secret keyword or key phrase (e.g., "monarchy").
2. Remove duplicate letters from the key and write down the unique letters.
3. Add the remaining letters of the alphabet (excluding the letters in the key) in order to form
a 5x5 key matrix (often called a Playfair Square).
Key Matrix (Playfair Square):
For the key "monarchy," the key matrix would look like this:

Encryption Process:
1. Divide the plaintext into pairs of letters (digraphs). If there is an odd number of letters/both
letters are same, add a filler letter (commonly "X") at the end.
2. For each digraph: a. Determine the positions (row and column) of the two letters in the key
matrix. b. Apply the following rules to each pair of letters:
Step 1: If the two letters are in the same row, replace them with the letters to their right,
wrapping around if necessary.
Step 2: If the two letters are in the same column, replace them with the letters below them,
wrapping around if necessary.
Step 3: If the two letters form a rectangle in the grid (neither in the same row nor the same
column), replace them with the letters at the opposite corners of the rectangle.
Step 4: If none of the above cases apply, replace the first letter with the letter in the same
row as the first letter but in the column of the second letter, and vice versa. c. Record the
new digraph in the ciphertext.

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 8

Decryption: Decryption is the reverse of encryption. Given the same key matrix, you apply the
reverse of the above rules to each digraph in the ciphertext to obtain the plaintext.
Example:
key "Playfair example" and the message "hide the gold in the tree stump."

Using the Playfair Cipher with the key "playfairexample" and the message "hide the gold in the
tree stump" yields the ciphertext: "BMODZBXDNABEKUDMUIXMMOUVIF."

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 9

Hill Cipher:
The Hill Cipher offers the advantage of concealing single-letter frequency patterns entirely.
Increasing the size of the matrix used in the cipher enhances this concealment by masking more
frequency information. For instance, a 3 x 3 Hill cipher not only hides single-letter but also two-
letter frequency patterns. As a result, it exhibits strength against ciphertext-only attacks, where the
attacker lacks any knowledge of the plaintext. However, it is vulnerable to known plaintext attacks,
where the adversary possesses information about the original message, making it easier to break.
Encryption:
• Ciphertext (C) is obtained by multiplying the plaintext (P) with the encryption key (K) and
taking the result modulo 26.
• Mathematically, 𝐶 = 𝐸(𝐾, 𝑃) = (𝑃 ∗ 𝐾) 𝑚𝑜𝑑26.
Decryption:

• Plaintext (P) is obtained by multiplying the ciphertext (C) with the decryption key (𝐾 −1 ) and
taking the result modulo 26.

• Mathematically, 𝑃 = 𝐷(𝐾, 𝐶) = (𝐶 ∗ 𝐾 −1 ) 𝑚𝑜𝑑26.

Example:
Encryption

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 10

Decryption:

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 11

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 12
Polyalphabetic substitution cipher
An alternative method to enhance the basic monoalphabetic encryption technique involves
employing diverse monoalphabetic substitution rules while processing the plaintext message.
This approach is collectively referred to as the polyalphabetic substitution cipher. All of these
methods share the following characteristics:
1. A set of related monoalphabetic substitution rules is used.
2. A key determines which particular rule is chosen for a given transformation.
Example :
Vigenère cipher

• Key: You have a keyword or key phrase, which you repeat as needed to match the length
of the plaintext. For example, if your keyword is "KEY," and your plaintext is "HELLO,"
you'd repeat the keyword as "KEYKE" to match the length of "HELLO."
• Encryption: Each letter in the plaintext is shifted according to the corresponding letter in
the key. The shift is typically done using a Caesar cipher-like method. In a Caesar cipher,

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 13

 each letter is shifted a fixed number of positions in the alphabet, but in the Vigenère
cipher, the shift varies according to the key.

• Decryption: To decrypt the ciphertext, you use the same key and shift each letter in the
ciphertext backward by the corresponding letter in the key.

Problem -1:
Key: deceptive
Message: “we are discovered save yourself
Key : deceptivedeceptivedeceptive
Plaintext : wearediscoveredsaveyourself
Ciphertext : zIcvTWqngRzgvTWavzHcqyglmgJ

In Vigenère cipher analysis, determining the keyword length is crucial. If identical sequences in the
plaintext occur at multiples of the keyword length, they generate identical ciphertext sequences.
Detecting such repeated sequences in the ciphertext, an analyst can guess the keyword length by
finding common factors in the displacements.
Once the keyword length (let's call it 'm') is known, the cipher essentially consists of 'm'
monoalphabetic substitution ciphers. Each group of 'm' positions in the message is encrypted using
the same monoalphabetic cipher. This allows the analyst to apply known frequency characteristics
of the language to attack each monoalphabetic cipher separately.
To eliminate the periodic nature of the keyword, an alternative approach involves using a
nonrepeating keyword that matches the message's length. Vigenère introduced the concept of an
autokey system, where the keyword is combined with the plaintext to create a running key for
encryption.
Vernam Cipher
The Vernam Cipher, also known as the one-time pad, is a type of encryption technique that offers
perfect secrecy when used correctly. It was invented by Gilbert Vernam in 1917 and is based on
the principle of using a random and secret key that is as long as the message itself.

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 14

One-Time Pad:
The one-time pad is a cryptographic technique that achieves the highest level of security. It was
proposed as an improvement to the Vernam cipher by Joseph Mauborgne, an Army Signal Corps
officer. The key idea behind the one-time pad is to use a random key that is as long as the message
itself, eliminating the need for key repetition. The key is used once for encryption and decryption,
and then it is discarded. For each new message, a new key of the same length as the message is
generated.
Key features of the one-time pad:
1. Perfect Secrecy: The one-time pad is unbreakable because it produces ciphertext with no
statistical relationship to the plaintext. This means that the ciphertext reveals no
information about the original message.
2. Random Output: The one-time pad generates completely random and unpredictable
ciphertext, making it highly secure.
3. One-Time Use: The key is used only once for a single message and is never reused. This
one-time use ensures that even if an attacker intercepts the ciphertext and knows the
algorithm, they cannot decrypt the message without the specific key.
4. Key Length: The key must be as long as the message, and it should be truly random.
Generating and securely distributing such keys can be a significant logistical challenge.

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 15

Stream Ciphers and Block Ciphers
• Stream Ciphers: These encrypt digital data bit by bit or byte by byte. Examples include the
Vigenère cipher and the Vernam cipher (one-time pad for ultimate security). In practical
use, the keystream is generated algorithmically based on a shared key, avoiding logistical
challenges. Both users need this key to produce the same keystream.
• Block Ciphers: These treat a block of plaintext as a whole and produce a ciphertext block
of equal length, often using block sizes of 64 or 128 bits. Block ciphers can emulate the
effect of stream ciphers when coupled with specific modes of operation. They have been
widely analyzed and are suitable for various applications, making them the focus of this
chapter and many symmetric encryption methods in practice.

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 16

The Feistel Cipher
Feistel's idea, to create a robust block cipher through a product cipher, which involves running two
or more simpler ciphers in a specific sequence, creating a cryptographically stronger result. This
approach develops a block cipher with a key length of 'k' bits and a block length of 'n' bits, enabling
a total of 𝟐𝒌 transformations, instead of the ideal block cipher's 𝟐𝒏! transformations.

Feistel's concept involves alternating substitutions and permutations:

• Substitution: Replaces plaintext elements with corresponding ciphertext elements.
• Permutation: Rearranges the sequence of plaintext elements without adding, deleting, or
replacing elements.
Diffusion and Confusion, introduced by Shannon, are fundamental cryptographic concepts to
hinder statistical cryptanalysis:
• Diffusion: Disperses the statistical structure of plaintext into long-range statistics in
ciphertext, making the relationship between plaintext and ciphertext complex.
• Confusion: Obscures the relationship between ciphertext statistics and the encryption key's
value, making it difficult to deduce the key. Complex substitution algorithms are used to
add confusion.
The Feistel Cipher structure:
The Feistel Cipher structure, depicted in Figure below, operates on a plaintext block of 2w bits
and a key K. The plaintext block is divided into two halves, L and R, which undergo n rounds of
processing before combining to form the ciphertext block. Each round i uses the previous
round's outputs, L_i-1 and R_i-1, along with a subkey K_i derived from the overall K. The rounds
involve a substitution on the left half using a round function F applied to the right half, followed
by an XOR operation with the left half. After this, a permutation is performed by swapping the
two halves—a specific form of substitution-permutation network (SPN) proposed by Shannon.
Key considerations in the design of a Feistel Cipher include:
• Block Size: Larger block sizes enhance security but reduce encryption/decryption speed.
Traditionally, 64 bits was common, but AES now uses a 128-bit block size.
• Key Size: Larger key sizes enhance security but may slow encryption/decryption. Key sizes
of 64 bits or less are now seen as inadequate, with 128 bits being common.
• Number of Rounds: Multiple rounds significantly enhance security in the Feistel cipher. A
typical size is 16 rounds.

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 17

 • Subkey Generation Algorithm: Greater complexity in generating subkeys can enhance
resistance to cryptanalysis.
• Round Function F: Increased complexity in the round function generally enhances
resistance to cryptanalysis.
Feistel Encryption and Decryption (16 rounds)

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 18

Feistel Example:

Data Encryption Standard (DES)

Until the introduction of the Advanced Encryption Standard (AES) in 2001, the widely used
encryption scheme was the Data Encryption Standard (DES). Data Encryption Algorithm (DEA).
DES encrypts data in 64-bit blocks using a 56-bit key and transforms the input into a 64-bit
output using a series of steps. It is suitable for symmetric encryption.
The processing of plaintext in DES involves three main phases:
1. Initial Permutation (IP): The 64-bit plaintext undergoes an initial permutation, rearranging
the bits to create the permuted input.
2. Sixteen Rounds: Sixteen rounds of the same function follow, each consisting of both
permutation and substitution functions. The output of the sixteenth round, 64 bits in
total, depends on the input plaintext and the key.
3. Final Permutation: The left and right halves of the output are swapped to create the
preoutput, which is then processed through an inverse of the initial permutation function
to produce the 64-bit ciphertext.
DES Decryption:
As with any Feistel cipher, decryption uses the same algorithm as encryption, except that the
application of the subkeys is reversed. Additionally, the initial and final permutations are reversed.

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 19

The Avalanche Effect is a crucial property of encryption algorithms where a small change in either
the plaintext or the key results in a significant change in the ciphertext. Specifically, changing a
single bit in the plaintext or the key should cause many bits in the ciphertext to change. This effect
is essential for enhancing security and making it challenging to reduce the search space for
potential plaintext or keys.

Prof. Devaraju B M, Dept. of CSE, RNSIT Page | 20