NETWORK SECURITY Unit 2

Mathematical background for cryptography: modulo arithmetic, GCD (Euclids

algorithm), algebraic structures (Groups, Rings, Fields, Polynomial Field). Role of
random numbers in security, Importance of prime numbers Data Encryption
Standard: Block cipher, Stream cipher, Feistel structure, round function, block cipher
modes of operation, S-DES, Attacks on DES, S-AES, AES. Chinese remainder
theorem, Elementary Ciphers (Substitution, Transposition and their Properties),
Frequency analysis. 279
INTRODUCTION
Encyption Methods
There are many different techniques and strategies used for encrypting messages to
maintain their safety and security. In symmetric encryption, the same key is used to
encrypt and decrypt the message or file. Asymmetric encryption uses two different
keys. Public Key Encryption is a popular example of asymmetric encryption. There
is a public key that encrypts a message or file and a separate private key that
decrypts it.
KEY EXCHANGE

For both symmetric and asymmetric encryption, there has to be a secure way to share
keys between the sender and the receiver. This is called a key exchange. A key
exchange is a method in cryptography by which keys (public or private) are
exchanged between two parties.
Since the same key is used to encrypt and decrypt data in symmetric encryption, the
key must be shared with the receiver to be able to decrypt the message. Sharing this
key between parties must be done in a very secure manner since anyone who
intercepts it can now decrypt the message as well! Asymmetric encryption utilizes
two different keys, one to encrypt data and the other to decrypt the data. One key is
shared publicly, and the other is kept private.
MODULO ARITHMETIC
Ensuring good encryption and key exchange techniques relies on understanding
some math. One calculation that is very helpful in creating strong encryption
functions is the use of modulo math.
It is very important in cryptography because modulo math can act as a one-way
function where the output hides the input really, really well. It allows for the ability
to write really strong encryption functions.
An Introduction to Modular Math
When we divide two integers we will have an equation that looks like the following:

is the dividend
is the divisor
is the quotient
is the remainder
Sometimes, we are only interested in what the remainder is when we divide by .
For these cases there is an operator called the modulo operator (abbreviated as mod).
Example 1:
10 mod 3 =
How many times does 3 divide evenly into 10?
3 times (3 x 3 = 9)
What is the remainder?
10 - (3 x 3) = 1
Answer: 10 mod 3 = 1
Example 2:
19 mod 8 =
How many times does 8 divide evenly into 19?
2 times (8 x 2 = 16)
What is the remainder?
19 - (8 x 2) = 3
Answer: 19 mod 8 = 3
GCD (EUCLIDS ALGORITHM)
Recall that the Greatest Common Divisor (GCD) of two integers A and B is
the largest integer that divides both A and B.
The Euclidean Algorithm is a technique for quickly finding the GCD of two
integers.
THE ALGORITHM

The Euclidean Algorithm for finding GCD(A,B) is as follows:

If A = 0 then GCD(A,B)=B, since the GCD(0,B)=B, and we can stop.
If B = 0 then GCD(A,B)=A, since the GCD(A,0)=A, and we can stop.
Write A in quotient remainder form (A = B⋅Q + R)
Find GCD(B,R) using the Euclidean Algorithm since GCD(A,B) = GCD(B,R)
Example:
Find the GCD of 270 and 192
A=270, B=192
A ≠0
B ≠0
Use long division to find that 270/192 = 1 with a remainder of 78. We can write this
as: 270 = 192 * 1 +78
Find GCD(192,78), since GCD(270,192)=GCD(192,78)
A=192, B=78
A ≠0
B ≠0
Use long division to find that 192/78 = 2 with a remainder of 36. We can write this
as:
192 = 78 * 2 + 36
Find GCD(78,36), since GCD(192,78)=GCD(78,36)
A=78, B=36
A ≠0
B ≠0
Use long division to find that 78/36 = 2 with a remainder of 6. We can write this as:
78 = 36 * 2 + 6
Find GCD(36,6), since GCD(78,36)=GCD(36,6)
A=36, B=6
A ≠0
B ≠0
Use long division to find that 36/6 = 6 with a remainder of 0. We can write this as:
36 = 6 * 6 + 0
Find GCD(6,0), since GCD(36,6)=GCD(6,0)
A=6, B=0
A ≠0
B =0, GCD(6,0)=6
So we have shown:
GCD(270,192) = GCD(192,78) = GCD(78,36) = GCD(36,6) = GCD(6,0) = 6
GCD(270,192) = 6
ALGEBRAIC STRUCTURES
(GROUPS, RINGS, FIELDS,
POLYNOMIAL FIELD)
Groups: A group is a set equipped with a binary operation (usually denoted
as multiplication, addition, or composition) that satisfies four properties:
 Closure: The result of the operation applied to any two elements of the set is
also in the set.
 Associativity: The operation is associative.
 Identity element: There exists an element in the set such that when
combined with any other element, it leaves the other element unchanged.
 Inverse element: Every element has an inverse with respect to the operation,
such that combining an element with its inverse yields the identity element.
 Group
a set S of elements or “numbers”
 may be finite or infinite
 withsome operation ‘.’ so G=(S,.)
 properties
 Closure: a,b in S, then a.b in S
 Associative law: (a.b).c = a.(b.c)
 has Identity e: e.a = a.e = a
 has Inverses a-1: a.a-1 = e
 if commutative a.b = b.a
 then forms an abelian group
Rings: A ring is a set equipped with two binary
operations, usually addition and multiplication, satisfying
the following properties:
The set forms an abelian group under addition.
Multiplication is associative.
Multiplication is distributive over addition.
It may or may not have a multiplicative identity.
 Ring
 a set of “numbers”
 with two operations (addition and multiplication)
which form:
 an abelian group with addition operation
 and multiplication:
 has closure
 is associative
 distributive over addition: a(b+c) = ab + ac
 if multiplication operation is commutative, it
forms a commutative ring
 if multiplication operation has an identity and no
zero divisors, it forms an integral domain
Fields: A field is a set equipped with two binary operations,
addition and multiplication, satisfying the following properties:
Addition forms an abelian group.
Multiplication forms an abelian group, except for the additive
identity.
Multiplication is distributive over addition.
It has multiplicative identity.
Every nonzero element has a multiplicative inverse.
 Field
a set of numbers
 with two operations which form:
 abelian group for addition
 abelian group for multiplication (ignoring 0)
 ring
 have hierarchy with more axioms/laws
 group -> ring -> field
Polynomial Fields: A polynomial field is a field constructed from
polynomials with coefficients from another field. For instance, the
field of real numbers can be used to form polynomial fields like
the field of real polynomials.
This field consists of all polynomials with real coefficients, and
the operations (addition, multiplication, etc.) are defined in a way
that preserves the field properties.
ROLE OF RANDOM NUMBERS
IN SECURITY,
In cryptography, random numbers are used to generate
cryptographic keys. These keys are essential for encrypting and
decrypting sensitive data.
For instance, in asymmetric encryption algorithms like RSA,
random numbers are used to generate key pairs consisting of a
public key and a private key. Similarly, in symmetric encryption
algorithms like AES, random numbers are used to generate the
session keys used for encrypting and decrypting data during a
communication session.
USES
Key distribution and reciprocal authentication schemes. In such schemes, two communicating
parties cooperate by exchanging messages to distribute keys and/or authenticate each other.

In many cases, nonces are used for handshaking to prevent replay attacks. The use of random
numbers for the nonces frustrates an opponent’s efforts to determine or guess the nonce.

There are number of protocols where a secret key for symmetric encryption is generated for
use for a short period of time.This key is generally called a session key.

Generation of keys for the RSA public-key encryption algorithm Generation of a bit stream for
symmetric stream encryption
IMPORTANCE OF PRIME
NUMBERS
A prime number is divisible only by 1 and itself
For example: {2, 3, 5, 7, 11, 13, 17, …}
1 could also be considered prime, but it’s not very useful.
To factor a number n is to write it as a product of other numbers.
n=a*b*c
Or, 100 = 5 * 5 * 2 * 2
Prime factorization of a number n is writing it as a product of prime numbers.
143 = 11 * 13
IMPORTANCE
Security through Complexity:The use of prime numbers in cryptography is
grounded in the complexity of mathematical problems associated with primes
Random Number Generation:Cryptographic applications demand the generation
of random numbers for various purposes, such as key generation and initialization
vectors.
Primality Testing:
 Cryptographic protocols often require the generation of large prime numbers.
 Efficient primality testing algorithms, like the Miller-Rabin algorithm, are employed to ensure the
generated numbers are prime with high probability.

Public Key Cryptography:Public key cryptography, exemplified by the RSA

algorithm, utilizes the mathematical rel
DATA ENCRYPTION
STANDARD: BLOCK CIPHER,
STREAM CIPHER, FEISTEL
STRUCTURE,
 DATA ENCRYPTION
STANDARD
The most widely used encryption scheme is based on the Data Encryption Standard (DES)
adopted in 1977 by the National Bureau of Standards, now the National Institute of
Standards and Technology (NIST), as Federal Information Processing Standard 46 (FIPS
PUB 46).

The algorithm itself is referred to as the Data Encryption Algorithm (DEA). For DES, data
are encrypted in 64-bit blocks using a 56-bit key.

The algorithm transforms 64-bit input in a series of steps into a 64-bit output. The same
steps, with the same key, are used to reverse the encryption.
 DATA ENCRYPTION
As with any encryption scheme, there are two inputs to the encryption function: the
plaintext to be encrypted and the key.

The plaintext must be 64 bits in length and the key is 56 bits in length.

First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges the bits
to produce the permuted input.

This is followed by a phase consisting of sixteen rounds of the same function, which
involves both permutation and substitution functions. The output of the last (sixteenth)
round consists of 64 bits that are a function of the input plaintext and the key.
 DATA ENCRYPTION
Finally, the preoutput is passed through a permutation that is the inverse of the initial
permutation function, to produce the 64-bit ciphertext.

Initially, the key is passed through a permutation function. Then, for each of the sixteen
rounds, a subkey (Ki ) is produced by the combination of a left circular shift and a
permutation.

The permutation function is the same for each round, but a different subkey is produced
because of the repeated shifts of the key bits.
 DATA ENCRYPTION
Finally, the preoutput is passed through a permutation that is the inverse of the initial
permutation function, to produce the 64-bit ciphertext.

Initially, the key is passed through a permutation function. Then, for each of the sixteen
rounds, a subkey (Ki ) is produced by the combination of a left circular shift and a
permutation.

The permutation function is the same for each round, but a different subkey is produced
because of the repeated shifts of the key bits.
DES
 STREAM CIPHERS AND BLOCK
CIPHERS
A stream cipher is one that encrypts a digital data stream one bit or one byte at a time.

A block cipher is one in which a block of plaintext is treated as a whole and used to
produce a ciphertext block of equal length.

Typically, a block size of 64 or 128 bits is used. As with a stream cipher, the two users share
a symmetric encryption key
STREAM CIPHERS AND BLOCK
CIPHERS
FEISTEL STRUCTURE,,
Feistel Cipher is not a specific scheme of block cipher. It is a design model from
which many different block ciphers are derived. DES is just one example of a Feistel
Cipher. A cryptographic system based on Feistel cipher structure uses the same
algorithm for both encryption and decryption.
Encryption Process
The encryption process uses the Feistel structure consisting multiple rounds of
processing of the plaintext, each round consisting of a “substitution” step followed
by a permutation step.
Feistel Structure is shown in the following illustration
The input block to each round is divided into two halves that can be denoted as L
and R for the left half and the right half.
In each round, the right half of the block, R, goes through unchanged. But the left
half, L, goes through an operation that depends on R and the encryption key. First,
we apply an encrypting function ‘f’ that takes two input − the key K and R. The
function produces the output f(R,K). Then, we XOR the output of the mathematical
function with L.
In real implementation of the Feistel Cipher, such as DES, instead of using the whole
encryption key during each round, a round-dependent key (a subkey) is derived from
the encryption key. This means that each round uses a different key, although all
these subkeys are related to the original key.
The permutation step at the end of each round swaps the modified L and unmodified
R. Therefore, the L for the next round would be R of the current round. And R for
the next round be the output L of the current round.
Above substitution and permutation steps form a ‘round’. The number of rounds are
specified by the algorithm design.
Once the last round is completed then the two sub blocks, ‘R’ and ‘L’ are
concatenated in this order to form the ciphertext block.
Decryption Process
The process of decryption in Feistel cipher is almost similar. Instead of starting with
a block of plaintext, the ciphertext block is fed into the start of the Feistel structure
and then the process thereafter is exactly the same as described in the given
illustration.
The process is said to be almost similar and not exactly same. In the case of
decryption, the only difference is that the subkeys used in encryption are used in the
reverse order.
The final swapping of ‘L’ and ‘R’ in last step of the Feistel Cipher is essential. If
these are not swapped then the resulting ciphertext could not be decrypted using the
same algorithm.
ROUND FUNCTION
In cryptography, the "round function" typically refers to a component within a block
cipher algorithm, such as AES (Advanced Encryption Standard), DES (Data
Encryption Standard), or others.
In a block cipher, data is encrypted and decrypted in fixed-size blocks, typically 64
or 128 bits. The round function is a fundamental part of the cipher's operation, and
it's applied iteratively to each block of plaintext or ciphertext during encryption and
decryption.
The round function usually consists of several operations, including substitution
(such as S-box substitution in AES), permutation (rearranging the bits), key mixing
(combining the block data with a portion of the encryption key), and sometimes
other operations like mixing columns (in AES). These operations are designed to
introduce confusion and diffusion, making it difficult for an attacker to discern
patterns or extract information from the ciphertext without the proper key.
BLOCK CIPHER MODES OF
OPERATION
Encryption algorithms are divided into two categories based on the input type, as a
block cipher and stream cipher. Block cipher is an encryption algorithm that takes a
fixed size of input say b bits and produces a ciphertext of b bits again.
If the input is larger than b bits it can be divided further. For different applications
and uses, there are several modes of operations for a block cipher.
Electronic Code Book (ECB) –
Electronic code book is the easiest block cipher mode of functioning. It is easier
because of direct encryption of each block of input plaintext and output is in form of
blocks of encrypted ciphertext. Generally, if a message is larger than b bits in size, it
can be broken down into a bunch of blocks and the procedure is repeated
Cipher Block Chaining –
Cipher block chaining or CBC is an advancement made on ECB since ECB
compromises some security requirements. In CBC, the previous cipher block is
given as input to the next encryption algorithm after XOR with the original plaintext
block. In a nutshell here, a cipher block is produced by encrypting an XOR output of
the previous cipher block and present plaintext block.
S-DES
Simplified Data Encryption Standard (S-DES) is a simple version of the
DES Algorithm. It is similar to the DES algorithm but is a smaller algorithm and has
fewer parameters than DES. It was made for educational purposes so that
understanding DES would become simpler. It is a block cipher that takes a block of
plain text and converts it into ciphertext. It takes a block of 8 bit.
It is a symmetric key cipher i.e. they use the same key for both encryption and
decryption. In this article, we are going to demonstrate key generation for s-des
encryption and decryption algorithm. We take a random 10-bit key and produce two
8-bit keys which will be used for encryption and decryption.
Key Generation Concept: In the key generation algorithm, we accept the 10-bit key
and convert it into two 8 bit keys. This key is shared between both sender and
receiver.
ATTACKS ON DES,
Differential Cryptanalysis − The main objective of differential cryptanalysis is to
view for statistical distributions and patterns in ciphertext to provide deduce element
about the key used in the cipher.
Differential cryptanalysis is a section of study in cryptography that compares the
method differences in input associated to the differences in encrypted output. It can
be used basically in the study of block ciphers to decide if changes in plaintext result
in any non-random outcomes in the encrypted ciphertext.
Linear Cryptanalysis − Linear cryptanalysis is a general form of cryptanalysis
depend on discovering affine approximations to the element of a cipher. Attacks have
been produced for block ciphers and stream ciphers. Linear cryptanalysis is one of
the two most generally used attacks on block ciphers and the other being differential
cryptanalysis.
Brute Force Attack − In cryptanalysis, a brute force attack is an approach of
defeating a cryptographic scheme by attempting a huge number of possibilities.
For example, it can be exhaustively working through all possible keys in order to
decode a message. The selection of an appropriate key length based on the practical
feasibility of implementing a brute force attack.
ATTACKS ON S-AES, AES
Related-key attacks: These attacks are fast and easy to execute. They target the
encryption key.
Side-channel attacks: These exploit data leaks and may succeed in case of poor
AES implementation.
Known-key distinguishing attacks: These attacks may only work if the attacker
knows the key, which is a remote possibility.
Key-recovery attacks: In key-recovery attacks, the hacker must have access to a
minimum of one pair of encrypted/decrypted messages
CHINESE REMAINDER
THEOREM,
We are given two arrays num[0..k-1] and rem[0..k-1]. In num[0..k-1], every pair is
coprime (gcd for every pair is 1, they have no common factors). We need to find
minimum positive number x such that:
Basically, we are given k numbers which are pairwise coprime, and given remainders
of these numbers when an unknown number x is divided by them. We need to find
the minimum possible value of x that produces given remainders.
 CAESAR CIPHER
(SUBSTITUTION TECHNIQUE)
The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar. The
Caesar cipher involves replacing each letter of th alphabet with the letter standing three places
further down the alphabet.

For example, plain:

meet me after the toga party
cipher: PHHW PH DIWHU WKH WRJD SDUWB

Note that the alphabet is wrapped around, so that the letter following Z is A. We can define the
transformation by listing all possibilities, as follows:

plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
 CAESAR CIPHER
(SUBSTITUTION TECHNIQUE)
Three important characteristics of this problem enabled us to use a bruteforce cryptanalysis:

1. The encryption and decryption algorithms are known.

2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.
FEATURES OF SUBSTITUTION
TECHNIQUE
There are various features of the substitution technique. Some features of substitution
techniques are as follows:
•In the substitution cipher technique, the letters in plain text are substituted by other
letters, numbers, or symbols.
•A character's identity is changed, but its place remains constant in the substitution
technique.
•Some algorithms that use the substitution technique are monoalphabetic substitution
cipher, Playfair cipher, and polyalphabetic substitution cipher.
•The substitution cipher approach allows for the detection of plain text by low-frequency
letters.
Caesar Cipher is an example of the substitution cipher technique.
TRANSPOSITION
In the transposition technique, the characters' identities are kept the same, but their
positions are altered to produce the ciphertext. A transposition cipher in
cryptography is a type of encryption that scrambles the locations of characters
without altering the characters themselves.
Transposition ciphers produce a ciphertext that is a permutation of the plaintext by
rearranging the components of the plaintext in accordance with a regular method. It
is distinct from substitution ciphers, which don't replace the unit's positions of
plaintext but instead substitute the units themselves.
A bijective function is utilized to the character locations to encrypt data, and an
inverse function is employed to decode data. It is not a very secure technique.
Rail Fence encryption is a sort of transposition cipher that acquires its name from
how it is encrypted the data. The plaintext is written down and diagonally on
successive "rail" of an artificial fence in the rail fence and then pushed up when you
get to the bottom. After that, the message is read aloud in a row-by-row fashion.
TRANSPOSITION TECHNIQUES
In rail fence technique the plaintext is written down as a sequence of diagonals and
then read off as a sequence of rows. For example, to encipher the message “meet me
after the toga party” with a rail fence of depth 2, we write the following:

mematrhtgpry
etefeteoaat
RAIL FENCE
More complex scheme is to write the message in a rectangle, row by row, and read the message off,
column by column, but permute the order of the columns. The order of the columns then becomes
the key to the algorithm.
Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
ostpone
duntilt
woamxyz

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
Thus, in this example, the key is 4312567.
FEATURES
The keys that are closer to the proper key in the transposition cipher technique can
reveal plain text.
The transposition cipher approach does not exchange one sign for another but
rather moves the symbol.
The two most common types of transposition cipher are keyless and keyed
transpositional cipher.
The Reil Fence Cipher is an excellent instance of a transposition tehnique.
The position of the character is modified in the transposition cipher technique, but
the character's identity remains unchanged
FREQUENCY ANALYSIS.
In cryptography, frequency analysis is a technique used to break substitution ciphers,
particularly monoalphabetic substitution ciphers, where each letter in the plaintext is
consistently replaced by a corresponding letter in the ciphertext. Frequency analysis
exploits the fact that in any given language, certain letters or combinations of letters
occur with different frequencies. For example, in English, the letter 'E' is the most
commonly used letter, followed by 'T', 'A', and so on.
Collecting Frequency Data: The first step is to analyze a sufficiently large sample of
the ciphertext to determine the frequency of each letter or symbol.
Comparison with Expected Frequencies: Next, the observed frequencies are
compared with the expected frequencies of letters in the plaintext language. For
English, these frequencies are well-known and can be found in frequency tables.
Identifying Common Letters: Letters in the ciphertext that occur most frequently are
likely to represent the most common letters in the plaintext. For example, if 'X' appears
most often in the ciphertext, it might represent 'E' in the plaintext.
Guessing and Iteration: Based on the analysis, guesses are made about the mapping
of ciphertext letters to plaintext letters. This process is often iterative, refining the
guesses as more letters are deciphered.
Validation and Adjustment: As more plaintext letters are revealed, the accuracy of
the mappings can be verified. If a guessed mapping is incorrect, it can be adjusted
based on the context of the surrounding letters.
Completion and Decryption: Eventually, with enough iterations and guesses, the
entire ciphertext can be decrypted into plaintext.