UNIT II: Communication Security –

Introduction to cryptography, cryptosystems, Encryption & Decryption Techniques -

classical encryption techniques, communication channel used in cryptographic system,
various types of ciphers, Cryptanalysis, Hash function and Data integrity, Security of Hashing
function.

Communication Security:
Communication Security is a critical aspect of cybersecurity that focuses on ensuring the
protection of data while it is transmitted between systems, devices, or networks. Its main goal
is to maintain confidentiality, integrity, authenticity, and availability during the
communication process. Here’s a detailed explanation:

1. Purpose of Communication Security

• Confidentiality: Ensures that transmitted data is accessible only to authorized
individuals or systems.

• Integrity: Protects data from being tampered with or altered during transmission.
• Authenticity: Confirms that the parties involved in communication are who they
claim to be.

• Availability: Ensures that data and communication channels remain accessible to

authorized users when needed.

2. Components of Communication Security

• Encryption:

o Converts plaintext into ciphertext to secure data during transmission.

o Examples: Symmetric encryption (AES), asymmetric encryption (RSA).

• Authentication:

o Verifies the identity of communicating parties using digital certificates,

passwords, or biometrics.

• Protocols:
o SSL/TLS: Secures web communication.

o IPSec: Protects data packets during transmission at the network layer.

o HTTPS: Provides secure communication for websites.

• Hash Functions:
 o Ensures data integrity by generating unique hash values for the transmitted
data (e.g., SHA-256).

3. Threats Addressed by Communication Security

• Eavesdropping: Prevents unauthorized interception of data during transmission.

• Man-in-the-Middle (MITM) Attacks: Protects against attackers who may try to alter
or steal data during communication.
• Replay Attacks: Ensures data cannot be duplicated maliciously by using time-
sensitive authentication mechanisms.
• Data Tampering: Prevents unauthorized modification of data during its journey
between sender and receiver.
4. Types of Cryptographic Techniques in Communication Security

• Symmetric Key Encryption: Uses the same key for encryption and decryption (e.g.,
AES).

• Asymmetric Key Encryption: Uses a public key for encryption and a private key for
decryption (e.g., RSA).

• Hash Functions: Generates fixed-size hash values to verify data integrity.

5. Emerging Trends
• Quantum Cryptography: Advanced techniques to ensure secure communication in
the face of future quantum computing threats.
• Securing IoT Communication: Protecting data exchanged between interconnected
smart devices.

Introduction to cryptography:
Cryptography is the method of protecting information so that only the right people can see it,
even if others (called adversaries) try to steal it. It creates special rules (called protocols) to
keep messages safe between two people. Secure communication means no one else can read
the message except the sender and the receiver. An adversary is someone who tries to steal or
change the information.

There are four important ideas in cryptography:

• Confidentiality: Keeping information private and only allowing certain people to see
it.

• Data Integrity: Making sure the information stays correct and is not changed.

• Authentication: Checking that the information really comes from the right person.
• Non-repudiation: Making sure that a person cannot deny that they sent a message or
signed a document.
 EX:
Imagine two friends, Alice and Bob.
Alice wants to send a secret message m to Bob so that no one else can understand it.
Here’s how it works:
• First, Alice takes her message (called Plaintext) and hides it by turning it into a secret
code using a special key (k).

• The hidden message is called Ciphertext.

• This process of hiding the message is called Encryption.

When Bob gets the Ciphertext:

• He uses the same key (k) to change it back into the original message (Plaintext) so he
can read it.

• This process is called Decryption.

It can be shown like this:

Alice (Sender) Bob (Receiver)

C = E(m, k) ---> m = D(C, k)

Where:

• C = Ciphertext

• E = Encryption

• D = Decryption

• m = Message

• k = Key
Example: Caesar Cipher (Shift Cipher)

In the Caesar Cipher, each letter in the word is shifted by 3 positions.

For example:

• A becomes D

• B becomes E
• C becomes F, and so on.
If the original word is:

Plaintext: Geeksforgeeks

After shifting each letter by 3:

Ciphertext: Jhhnvirujhhnv
 Types of Cryptography:

There are different kinds of cryptography, and each one is used for different purposes:
1. Symmetric-key cryptography:

o Here, the same key is used to lock (encrypt) and unlock (decrypt) the
message.

o Both Alice (sender) and Bob (receiver) must keep the key secret to stay safe.

2. Asymmetric-key cryptography (also called Public-key cryptography):

o This uses two keys — one public key and one private key.

o The public key is shared with everyone, but the private key is kept secret.
o Anyone can encrypt a message using the public key, but only the person with
the private key can read it.
3. Hash functions:

o A hash function takes any data and converts it into a fixed-size code (like a
fingerprint).

o It helps check if the data has been changed.

o Even a tiny change in the data will make a totally different hash!

Applications of Cryptography:

Cryptography is used in many real-life places, like:

• Secure online transactions:

o It protects your bank passwords, credit card numbers, and other important
details while shopping or banking online.

• Digital signatures:
o They help prove that a digital document is authentic and hasn’t been
changed.

• Password protection:
o Passwords are often encrypted so that even if hackers steal them, they can’t
read them easily.

• Military and Intelligence:

o Governments use cryptography to protect secret communications and
information from enemies.
 Challenges of Cryptography:
Even though cryptography is powerful, there are some problems:

• Key management:
o Keeping keys safe is very important. If someone steals the key, they can read
all the secret messages.

• Quantum computing:
o In the future, quantum computers might become so powerful that they can
break today’s cryptographic algorithms.
• Human error:

o Sometimes mistakes by people (like sharing passwords or misconfiguring

systems) can break the whole security.

Cryptosystems:
A cryptosystem is when we put cryptographic techniques and supporting tools together to
provide security for information.
It is also called a cipher system.
Components of a Cryptosystem:
• Plaintext:
The real message that needs protection.

• Encryption Algorithm:
A mathematical method that changes the plaintext into a secret message (ciphertext)
using an encryption key.

• Ciphertext:
The jumbled message that is sent across public channels.
Anyone can see it, but without the correct key, they can't understand it.
• Decryption Algorithm:
A method to turn the ciphertext back into the original plaintext using a decryption key.
• Encryption Key:
A secret value known to the sender, used to encrypt the plaintext.
• Decryption Key:
A secret value known to the receiver, used to decrypt the ciphertext.
(It is related to the encryption key, but may not always be the same.)
• Key Space:
All the possible decryption keys that could be used.
• Interceptor (Attacker):
A bad person who can see the ciphertext and might even know the decryption method,
but should never know the secret key!

Types of Cryptosystems

Cryptosystems mainly fall into two types:

1. Symmetric Key Encryption

2. Asymmetric Key Encryption

The difference is about the relationship between the encryption and decryption keys.

Symmetric Key Encryption

• The same key is used for both encrypting and decrypting the message.

• Both people must share the same secret key before they communicate.
 •

Important Points:

• Key must be shared securely before sending the message.

• Keys should be changed often for better security.

• Managing keys between many people becomes complicated.

• Fast because the key is smaller.

• Less computer power needed compared to asymmetric encryption.

Examples:

• DES (Data Encryption Standard)

• 3DES (Triple DES)

• IDEA

• Blowfish
Challenges:

• Key Sharing: How to safely share the secret key?

• Trust: What if someone loses the key or gives it to someone bad?

Because of these problems, especially for communication with unknown or untrusted people
(like online shopping), Asymmetric Key Encryption was developed.

Asymmetric Key Encryption

• Two different keys are used:

o A public key (known to everyone)

o A private key (kept secret)

 • Even though the keys are connected mathematically, it’s impossible to guess the
private key from the public key.

How it Works:

• Sender uses the receiver’s public key to encrypt the message.

• Receiver uses their private key to decrypt it.

Important Points:
• Every user in this system needs to have a pair of dissimilar keys, private
key and public key. These keys are mathematically related − when one key is used
for encryption, the other can decrypt the ciphertext back to the original plaintext.
• It requires to put the public key in public repository and the private key as a well-
guarded secret. Hence, this scheme of encryption is also called Public Key
Encryption.
• Though public and private keys of the user are related, it is computationally not
feasible to find one from another. This is a strength of this scheme.
• When Host1 needs to send data to Host2, he obtains the public key of Host2 from
repository, encrypts the data, and transmits.

• Host2 uses his private key to extract the plaintext.

• Length of Keys (number of bits) in this encryption is large and hence, the process of
encryption-decryption is slower than symmetric key encryption.

• Processing power of computer system required to run asymmetric algorithm is higher.

 Encryption & Decryption Techniques :
Encryption is the process of converting a normal message (plain text) into a
meaningless message (ciphertext). Decryption is the process of converting a
meaningless message (ciphertext) into its original form (plaintext). The major
distinction between secret writing and associated secret writing is the conversion of a
message into an unintelligible kind that’s undecipherable unless decrypted. whereas
secret writing is the recovery of the first message from the encrypted information.

What is Encryption?
Data can be secured with encryption by being changed into an unintelligible format
that can only be interpreted by a person with the proper decryption key. Sensitive
data, including financial and personal information as well as communications over the
internet, is frequently protected with it.
Application of Encryption

Many different fields employ encryption, including:

• Online Banking: To secure transactions, use online banking.

• Email security: To safeguard the contents of emails.

• Secure Messaging: To protect the privacy of discussions.

• Data Storage: To prevent unwanted access to data that has been stored.

What is Decryption?
To make encrypted data comprehensible again, it must first be decrypted and then put
back into its original format. To access and utilize the protected information,
authorized parties must follow this procedure.

Real-Life Examples of Encryption and Decryption

• WhatsApp Messaging: It encrypts It encrypts communications from beginning to

end so that only the sender and recipient can read them.

• HTTPS websites: Encrypt user data to prevent third parties from intercepting it.
• Encrypted Email Services: Email services that use encryption, like ProtonMail,
protect email contents.

Types of Encryption Techniques

1. Symmetric Encryption: This method uses the same key for both encryption and
decryption. It is fast and efficient for processing large volumes of data. However, the
challenge lies in securely sharing the key. Common symmetric algorithms include:
• AES (Advanced Encryption Standard): Considered one of the most secure
encryption methods, widely used in secure communications and data storage.

• DES (Data Encryption Standard): Now largely outdated and considered

insecure due to its short key length.

• 3DES (Triple DES): Applies the DES algorithm three times for enhanced
security but is being phased out due to performance issues

2. Asymmetric Encryption: Also known as public-key cryptography, this technique

uses a pair of keys—a public key for encryption and a private key for decryption. This
approach enhances security by allowing anyone to encrypt data using the public key,
while only the holder of the private key can decrypt it. Examples include:
• RSA (Rivest-Shamir-Adleman): A widely used asymmetric algorithm for
secure data transmission and digital signatures.
• ECC (Elliptic Curve Cryptography): Provides similar security to RSA but
with shorter key lengths, making it more efficient .
3. Hashing: Although not encryption per se, hashing transforms data into a fixed-length
string (hash) that uniquely represents the original data. Hashing is primarily used for
data integrity checks, confirming that data has not been altered. Common hashing
algorithms include SHA-256 and MD5

4. Hybrid Encryption: Many systems use both symmetric and asymmetric encryption
to leverage the strengths of each. For example, during a secure transaction,
asymmetric encryption can be used to establish a secure connection, while symmetric
encryption is utilized for the actual data transfer due to its speed
 Importance of Encryption in Cybersecurity
• Data Confidentiality: Encryption ensures that sensitive information remains private
and unreadable to unauthorized users, protecting it from data breaches and
cyberattacks

• Data Integrity: It helps verify that data has not been tampered with during
transmission, maintaining the accuracy and authenticity of information

• User Authentication: Encryption supports authentication protocols, ensuring secure

communication between parties and reducing the risk of impersonation attacks

• Regulatory Compliance: Many regulations, such as GDPR, HIPAA, and PCI-DSS,

require the use of encryption to protect personal and sensitive data, enforcing strict
data security standards

Challenges and Considerations

While encryption techniques significantly enhance data security, several challenges
remain:
• Key Management: The secure storage, sharing, and lifecycle management of
encryption keys are vital; losing a key can render data inaccessible

• Performance Overhead: Encryption can impact system performance, especially with

higher computational requirements, potentially slowing down data processing

• Emerging Threats: Advancements in technology, particularly quantum computing,

pose risks to current encryption methods, necessitating the development of quantum-
resistant algorithms

classical encryption techniques:

Overview of Classical Encryption Techniques

Classical encryption involves various methods to encrypt readable messages, making

them unintelligible to unauthorized parties. The techniques primarily fall into two
categories: substitution and transposition.

Substitution Techniques
1. Caesar Cipher: This is the simplest known substitution cipher where each letter in
the plaintext is shifted by a fixed number. For example, with a shift of three, 'A'
 becomes 'D', 'B' becomes 'E', and so on. The encryption can be expressed
mathematically as C=E(P)=(P+k)mod 26C=E(P)=(P+k)mod26

2. Playfair Cipher: This multiple letter cipher encrypts pairs of letters (digrams) instead
of single letters. It uses a 5x5 matrix constructed from a keyword. For example, if the
keyword is "MONARCHY", it fills in the matrix and then applies specific rules based
on letter positions

3. Vigenère Cipher: Involves using a keyword to apply different shifts to letters in the
plaintext. Each letter of the keyword represents a different Caesar cipher, providing
more complexity and making it resistant to frequency analysis
4. Kasiski Examination: A method to break the Vigenère cipher that looks for repeated
sequences in the ciphertext, which suggests a periodicity in the cipher, allowing for
the deduction of the key length

Transposition Techniques
Transposition ciphers rearrange the letters of the plaintext to create ciphertext without
altering the actual letters used. Here are two notable examples:
1. Rail Fence Cipher: This technique writes the plaintext in a zigzag pattern and then
reads off the lines horizontally. For instance, "MEET ME AT THE PARK" could be
encrypted as "METTEAHMTTPERK" by rearranging based on a designated depth

2. Columnar Transposition: This method writes the message in rows and then
permutes the columns based on a key. The output is a rearranged sequence of letters,
which can significantly enhance security

Strengths and Weaknesses

• Strengths: Classical methods were foundational for the development of modern
cryptography and provide educational value in understanding key cryptographic
principles. Basic ciphers like the Caesar cipher help introduce core concepts of
encryption.

• Weaknesses: Despite their historical significance, classical encryption methods are

susceptible to various attacks such as frequency analysis and brute-force attacks,
making them insecure for modern applications.

•
Conclusion
While classical encryption techniques may appear simplistic and insecure compared to
modern cryptography, they represent a crucial historical foundation. Understanding
methods such as substitution and transposition ciphers enhances knowledge of how
secure communication evolved and informs the use of contemporary encryption practices.
These techniques not only shaped cryptographic history but also provide a valuable
educational resource for understanding the intricate field of cryptography today.

communication channel used in cryptographic system:

Cryptographic systems utilize secure communication channels, primarily focusing
on symmetric and asymmetric encryption methods to ensure data integrity,
confidentiality, and authenticity during transmission.

A communication channel refers to the medium used for transmitting information

between two or more parties. In a cryptographic context, this means ensuring that
data sent over the channel remains confidential and secure from unauthorized
access.

Types of Communication Channels in Cryptographic Systems

1. Symmetric Key Encryption Channels:

• In symmetric key cryptography, the same key is used for both encryption and
decryption of data. This method allows for efficient data transmission, as it
requires less computational power compared to asymmetric methods.
However, secure distribution of the key poses a major challenge since both
parties must securely share the key before communication begins

2. Asymmetric Key Encryption Channels:

• Asymmetric encryption, also known as public-key cryptography, uses two
keys: a public key for encryption and a private key for decryption. This
method enhances security, allowing users to communicate without needing to
share a private key, thus solving key distribution issues inherent in symmetric
systems. This is essential for establishing secure channels over insecure
networks, such as the Internet

3. Covert Channels:
• Covert channels are used in cryptographic systems to convey information
indirectly. These channels operate in a hidden manner, often combining
encryption with other techniques to ensure secure communication.
 Authentication and encryption are essential for establishing reliable covert
channels, minimizing detectability while transmitting sensitive data

4. Hybrid Approaches:
• Many cryptographic systems implement hybrid approaches that combine both
symmetric and asymmetric methods. For instance, they might use asymmetric
encryption to exchange a symmetric key securely, which is then used for fast
data encryption during the session. This balances security with efficiency in
transmitting large volumes of data

Types of Channels in Cryptographic Systems

1. Secure Channels: These are designed to be resistant to both eavesdropping and

tampering. They often employ encryption to protect the data as it travels across
potentially insecure networks

2. Confidential Channels: While they protect against unauthorized reading of the

content, they may not necessarily shield against all forms of data manipulation

3. Authentic Channels: These prevent tampering but may not guarantee that the data
cannot be overheard. They secure the integrity of the information being transferred
while possibly leaving some aspects of the confidentiality vulnerable

4. Covert Channels: A more advanced concept, covert channels enable hidden

communication through legitimate pathways. They are often used in more clandestine
operations and require both parties to have a shared knowledge of how the data is
being encoded

Practical Applications of Cryptographic Communication Channels

• Email Security: Utilizing protocols like PGP (Pretty Good Privacy) to secure email
communication via asymmetric encryption ensures that only the intended recipient
can decrypt and read messages.
• SSL/TLS: These protocols employ both symmetric and asymmetric encryption to
secure communications over the Internet, such as in online banking or e-commerce
 transactions, by encrypting the data during transmission and also ensuring the
authenticity of the communicating parties
• VPNs (Virtual Private Networks): Cryptographic methods are used in VPNs to
establish secure tunnels for data transmission over public networks, protecting the
data from eavesdropping and unauthorized access

various types of ciphers :

Overview of Ciphers

Ciphers are algorithms used to perform encryption or decryption in cryptography,

transforming readable data (plaintext) into an unreadable format (ciphertext) to
protect information from unauthorized access. They are categorized by their
methods of operation and key usage, primarily falling into two
categories: symmetric and asymmetric ciphers.

Types of Ciphers

1. Substitution Ciphers: In these ciphers, each letter or block of plaintext is

replaced by another letter or block. Common types include:
1. Caesar Cipher
In Caesar cipher, the set of plain text characters is replaced by any other character, symbols, or

numbers. It is a very weak technique for hiding text. In Caesar’s cipher, each alphabet in the message

is replaced by three places down. Let’s see one example. The plain text is EDUCBA. As a Caesar

cipher, each alphabet is replaced by three places down. So that E will be replaced by H, D will be

replaced by G, U will be replaced by X, C will be replaced by F, B will be replaced by E, and A will

be replaced by D. So here, the plain text is EDUCBA and ciphertext Is HGXFED.

Caesar cipher algorithm is as follows:

2. Read each alphabet of plain text.

3. Replace each alphabet with 3 places down.

4. Repeat the process for all alphabet in plain text.

2. Monoalphabetic Cipher
As Caesar cipher and a modified version of Caesar cipher is easy to break, monoalphabetic

cipher comes into the picture. In monoalphabetic, each alphabet in plain text can be

replaced by any other alphabet except the original alphabet. That is, A can be replaced by

any other alphabet from B to Z. B can be replaced by A or C to Z. C can be replaced by A, B,

and D to Z, etc. Mono alphabetic cipher causes difficulty in cracking the message as there are

random substitutions and a large number of permutations and combinations are available.

3. Homophonic Substitution Cipher

A homophonic substitution cipher is similar to a monoalphabetic cipher; the only difference

is in a monoalphabetic, we replace the alphabet with any other random alphabet except the

original alphabet, wherein in a homophonic substitution cipher, the alphabet is replaced by a

fixed alphabet or set of alphabets. The substitution alphabet is replaced with the fixed one.

For example, replace A with x, E with B, S with A, etc., or replace A with E, x or L, B with T, A,

Z, etc.

4. Polygram Substitution Cipher

In Polygram Substitution cipher, rather than replacing each alphabet with another, the

alphabet’s Block is replaced with another block of alphabets. Replace EDUCBA with XYQLAB.

In this case, EDUCBA will replace with XYQLAB, but EDU can be replaced with another set of

block. Let’s assume EDU will replace with LOD. In this type of cipher, plain text replacement is

done block by block rather than character by character.

5. Polyalphabetic Substitution Cipher

Polyalphabetic Cipher is also known as Vigenere Cipher, which Leon Battista Alberti invents.

In Polyalphabetic Substitution, Cipher is a method of encrypting alphabetic texts. It uses

multiple substitution alphabets for encryption. Vigener square or Vigenere table is useful to

encrypt the text. The table contains 26 alphabets written in different rows; each alphabet is

cyclically shifted to the left according to the previous alphabet, equivalent to the 26 possible

Caesar Ciphers. The cipher uses a different alphabet from one of the rows at various points in

the encryption process.

Let’s consider Original text is Educba, and the keyword is Apple. For the encryption process,

E is paired with A, the first letter of the original text, and E, is paired with A, the first letter of

the key. So use row E and column A of the Vigenère square, which is E. Similarly, for the

second letter of the original text, the second letter of the key is useful, and the letter at row d

and column p is s. The rest of the original text is enciphered in the same way. The final

encryption of Educba is Esjnfa.

6. Playfair Cipher

Playfair cipher is also called Playfair square. It is a cryptographic technique that is used o
encrypt the data. The Playfair cipher process is as follows:

• Creation and population of the matrix.

• Encryption process.

Let’s discuss the above-mentioned steps in detail manner the creation and population of the
matrix. It uses a 5 * 5 matrix to store the keyword or the key, which is used for
the encryption and decryption process.

This step is working as follows.

1. Enter the keyword in the matrix in a row-wise manner, i.e., from left to right and top
to bottom.

2. Skip the duplicate words in the keyword.

3. Fill the remaining spaces with the rest of the alphabet (A – Z) that were not a part of
the keyword.
Note: while doing so, combine I and J in the same cell of the table. i.e., If I or J is present in
the keyword, discard both I and J while filling the remaining space encryption process.

The encryption process works as follows:

• Break the alphabet into groups (each group must contain two values). The encryption
processes will be on these groups.

• If both alphabets in the group are the same, add x after the first alphabet.

• If both the alphabets in the group are present in the same row of the matrix, replace
them with the alphabets to their immediate right, respectively. If the original group is
on the right side of the row, then wrapping around the row’s left side happens.

• If both the alphabets in the group are present in the same column, replace them with
the next immediate alphabets respectively. If the original group is on the bottom side
of the row, then wrapping around to the row’s top side happens.

• If both the alphabets in the group are not in the same row or column, replace them
with the alphabet in the same row immediately but at the other pair of corners of the
rectangle, which the original group defines.

7. Hill Cipher

Hill cipher works on multiple alphabets at the same time. Hill cipher works as follows:

1. Assign the number to each alphabet in plain text. A = 0, B= 1….z = 25

2. Organize the plain text message as a matrix of numbers based on the above step in
number format. The resultant matrix is a plain text matrix.

3. Multiply the plain text matrix with a randomly chosen key. Note that the key matrix
must be the size of n*n, where n stands for the number of rows in a plain text matrix.

4. Multiply both the matrix, i.e., step 2 and step 3.

5. Calculate the mod 26 value of the above matrix, i.e., matrix results in step 4.

6. Now translate the numbers to alphabets, i.e., 0 =A, 1 =B, etc.

7. The result of step 6 becomes our ciphertext.

5. Transposition Ciphers: Instead of substituting letters, these ciphers rearrange
the positions of letters in the plaintext to produce the ciphertext. Examples
include:
• Rail Fence Cipher: The plaintext is written diagonally over multiple
levels, and then read linearly to create ciphertext.
• Columnar Transposition: Characters are written into a grid and then
read out in a specified order based on a keyword.
6. Block Ciphers: These ciphers encrypt data in fixed-size blocks. Examples
include:
• Advanced Encryption Standard (AES): A widely used symmetric
encryption standard that encrypts data in blocks of 128 bits using key
sizes of 128, 192, or 256 bits.

• Data Encryption Standard (DES): An older standard that operates on 64-

bit blocks and was widely used before AES.

Cryptanalysis :
Cryptology has two parts namely, Cryptography which focuses on creating secret codes
and Cryptanalysis which is the study of the cryptographic algorithm and the breaking of
those secret codes. The person practicing Cryptanalysis is called a Cryptanalyst. It helps
us to better understand the cryptosystems and also helps us improve the system by finding
any weak point and thus work on the algorithm to create a more secure secret code. For
example, a Cryptanalyst might try to decipher a ciphertext to derive the plaintext. It can
help us to deduce the plaintext or the encryption key.
Types of attacks include ciphertext-only attacks, where only encrypted messages are
available, known-plaintext attacks, where both plaintext and ciphertext are known,
and chosen-plaintext/ciphertext attacks, where the attacker can encrypt or decrypt
specific data to expose the encryption scheme.

Parts Of Cryptology
To determine the weak points of a cryptographic system, it is important to attack the
system. This attacks are called Cryptanalytic attacks. The attacks rely on nature of the
algorithm and also knowledge of the general characteristics of the plaintext, i.e., plaintext
can be a regular document written in English or it can be a code written in Java.
Therefore, nature of the plaintext should be known before trying to use the attacks.

Types of Cryptanalytic attacks :

The Five Types of Cryptanalytic Attacks

• Known-Plaintext Analysis (KPA) : In this type of attack, some plaintext-ciphertext

pairs are already known. Attacker maps them in order to find the encryption key. This
attack is easier to use as a lot of information is already available.

• Chosen-Plaintext Analysis (CPA) : In this type of attack, the attacker chooses

random plaintexts and obtains the corresponding ciphertexts and tries to find the
encryption key. Its very simple to implement like KPA but the success rate is quite
low.
• Ciphertext-Only Analysis (COA) : In this type of attack, only some cipher-text is
known and the attacker tries to find the corresponding encryption key and plaintext.
Its the hardest to implement but is the most probable attack as only ciphertext is
required.

• Man-In-The-Middle (MITM) attack : In this type of attack, attacker intercepts the

message/key between two communicating parties through a secured channel.
• Adaptive Chosen-Plaintext Analysis (ACPA) : This attack is similar CPA. Here, the
attacker requests the cipher texts of additional plaintexts after they have ciphertexts
for some texts.
• Birthday attack: This attack exploits the probability of two or more individuals
sharing the same birthday in a group of people. In cryptography, this attack is used to
find collisions in a hash function.
• Side-channel attack: This type of attack is based on information obtained from the
physical implementation of the cryptographic system, rather than on weaknesses in
the algorithm itself. Side-channel attacks include timing attacks, power analysis
attacks, electromagnetic attacks, and others.
 • Brute-force attack: This attack involves trying every possible key until the correct
one is found. While this attack is simple to implement, it can be time-consuming and
computationally expensive, especially for longer keys.
• Differential cryptanalysis: This type of attack involves comparing pairs of plaintexts
and their corresponding ciphertexts to find patterns in the encryption algorithm. It can
be effective against block ciphers with certain properties.

Hash function and Data integrity:

A hash function is a mathematical function that transforms input data of arbitrary size into a fixed-size
string, commonly used for data integrity, security, and efficient data retrieval.

What is a Hash Function?

A hash function takes an input (or "message") and produces a fixed-size string of characters, which is typically
a sequence of numbers and letters. This output is known as the hash value or digest. Hash functions are
essential in several fields, especially in cryptography, where they help ensure data integrity and security.

Properties of Hash Functions

1. Deterministic: The same input will always produce the same output hash value.

2. Fixed Output Size: Regardless of the input size, the output length remains constant.

3. Speed: Hash functions are designed to be fast to compute.

4. Collision Resistance: It should be challenging to find two different inputs that produce the same hash
output, which is crucial for maintaining integrity.

5. Non-reversibility: It should not be feasible to regenerate the input from its hash value.

Types of Hash Functions

There are many hash functions that use numeric or alphanumeric keys. This article focuses on discussing
different hash functions:

1. Division Method.

2. Multiplication Method

3. Mid-Square Method

4. Folding Method

5. Cryptographic Hash Functions

6. Universal Hashing

7. Perfect Hashing

1. Division Method

The division method involves dividing the key by a prime number and using the remainder as the hash value.

h(k)=k mod m

Where k is the key and ?m is a prime number.

2. Multiplication Method

In the multiplication method, a constant ?A (0 < A < 1) is used to multiply the key. The fractional part of the
product is then multiplied by ?m to get the hash value.

h(k)=⌊m(kAmod1)⌋

Where ⌊ ⌋ denotes the floor function.

3. Mid-Square Method

In the mid-square method, the key is squared, and the middle digits of the result are taken as the hash value.

Steps:

1. Square the key.

2. Extract the middle digits of the squared value.

4. Folding Method

The folding method involves dividing the key into equal parts, summing the parts, and then taking the modulo
with respect to ?m.

Steps:

1. Divide the key into parts.

2. Sum the parts.

3. Take the modulo ?m of the sum.

5. Cryptographic Hash Functions

Cryptographic hash functions are designed to be secure and are used in cryptography. Examples include MD5,
SHA-1, and SHA-256.

Characteristics:

• Pre-image resistance.

• Second pre-image resistance.

• Collision resistance.

6. Universal Hashing

Universal hashing uses a family of hash functions to minimize the chance of collision for any given set of
inputs.

h(k)=((a⋅k+b)modp)modm

Where a and b are randomly chosen constants, p is a prime number greater than m, and k is the key.

7. Perfect Hashing

Perfect hashing aims to create a collision-free hash function for a static set of keys. It guarantees that no two
keys will hash to the same value.

Types:

• Minimal Perfect Hashing: Ensures that the range of the hash function is equal to the number of keys.
 • Non-minimal Perfect Hashing: The range may be larger than the number of keys.

Applications of Hash Functions

• Data Integrity: Used to verify that data has not been altered during transfer or storage by comparing
hash values before and after the data transmission.

• Password Storage: Instead of storing plaintext passwords, systems store their hash values for security
reasons. When a user inputs their password, it is hashed and compared with the stored hash.

• Digital Signatures: Hash functions create a unique hash for messages, which can be encrypted with a
private key to ensure their authenticity.

• Cryptographic Protocols: Hash functions are integral to many security protocols, including SSL/TLS
for secure data transmission over networks.

Common Hash Functions

• MD5: Once widely used, this hash function outputs a 128-bit hash value. Due to vulnerabilities, its use
is discouraged in favor of stronger functions.

• SHA-1: A 160-bit function that has known vulnerabilities and is also being phased out for more secure
algorithms.

• SHA-256: Part of the SHA-2 family, it generates a 256-bit hash and is regarded as secure for
contemporary applications.

Hash functions are essential for ensuring data integrity by generating unique hash values that
verify data authenticity and detect alterations.

Role of Hash Functions in Data Integrity

1. Data Authenticity: Hash functions create a fixed-size output, known as a hash value or digest, from
input data. This output serves as a unique representation of the data, allowing systems to confirm that
the data has not been changed. If the hash values match at different points (e.g., before and after
transmission), it indicates that the data remains intact and unaltered

2. Verification Mechanism: Hash functions enable the verification of data integrity through a process
wherein the original data is hashed, and its hash value is stored or transmitted alongside the data. Upon
retrieving or receiving the data, the hash is recalculated and compared to the original hash value. If
both hashes are equal, data integrity is confirmed

3. Collision Resistance: A strong hash function aims to minimize the chances of collision—where two
different inputs produce the same hash value. This property is critical in preventing attackers from
substituting legitimate data with malicious data while maintaining the same hash. Thus, collision
resistance ensures that each unique data input corresponds to a distinct hash value, further securing data
integrity

4. Practical Applications: Hash functions are widely utilized in various scenarios for ensuring data
integrity, including:
 • Digital Signatures: Hash functions are utilized alongside encryption to create digital
signatures, which provide proof of data integrity and authenticity

• File Integrity Checks: During file transfers or storage, hash values can be used to detect any
alterations or corruption, ensuring the file's integrity remains intact

• Check Summation: They are used in checksums, where hash values help verify data
transmission correctness, making it easier to detect errors in data

Security of Hashing function:

The security of hashing functions is primarily based on properties like pre-image resistance, collision
resistance, and second pre-image resistance, making them essential for tasks such as password storage
and data integrity verification

Overview of Hashing Functions

Hashing functions transform data into a fixed-length string of characters, known as a hash value or hash code.
This process ensures that even a small change in the input data results in a completely different hash value, a
property known as the avalanche effect. Hash functions are widely used for various security applications,
particularly in cryptography.

Security Properties of Hashing Functions

1. Pre-image Resistance: It should be computationally infeasible to retrieve the original input from its
hash. This means that given a hash value hh, finding a message mm such
that h=hash(m)h=hash(m) should be extremely difficult

2. Second Pre-image Resistance: Given an input m1m1 and its hash h1h1, it should be hard to find
another input (m_2
eq m_1) such that hash(m1)=hash(m2)hash(m1)=hash(m2). This feature ensures that no other input can
produce the same hash value, protecting against certain types of attacks

3. Collision Resistance: It should be difficult to find any two distinct inputs that produce the same hash
value. A collision occurs when hash(m1)=hash(m2)hash(m1)=hash(m2) for (m_1
eq m_2). Strong collision resistance is crucial for the integrity of data and digital messages

Applications of Hashing Functions in Security

• Password Storage: Hashing is essential in securely storing passwords. Instead of saving user
passwords in plain text, systems store the hash of the password. During authentication, the entered
password is hashed, and the hash is compared to the stored value. If they match, access is granted
 • Digital Signatures: Hashing functions are used to create digital signatures, ensuring the authenticity
and integrity of messages or documents. A hash of the message is created and then encrypted with the
sender's private key, allowing the recipient to verify the signature using the corresponding public key

• Data Integrity Checks: Hash functions help ensure that data has not been altered. By generating
checksums or hash values for files, users can verify that the content remains unchanged during transfer
or storage

Limitations and Vulnerabilities

Despite their security advantages, hashing functions are not without drawbacks. Some common vulnerabilities
include:

• Collision Attacks: If a hashing function is susceptible to finding collisions (i.e., two different inputs
yield the same output), its reliability is compromised. For example, older hashing algorithms like MD5
and SHA-1 have known vulnerabilities and are no longer recommended for secure applications

• Brute Force Attacks: When a hash is generated from a weak or short password, attackers can use
brute-force methods to guess the original password by trying all possible combinations

Conclusion

Hashing functions play a crucial role in digital security by providing mechanisms for data integrity, password
protection, and authenticity. While advancements in cryptographic hash functions have improved security, it
remains essential to choose robust algorithms and implement proper practices to counter evolving threats.