UNIT-2

• Laying the Blockchain Foundation, Cryptography, Symmetric Key Cryptography,

• DES cryptography, Advanced Encryption Standard,
• Cryptographic Hash Functions, MAC and HMAC,
• Asymmetric Key Cryptography, Diffie-Hellman Key Exchange, RAS
• Symmetric vs. Asymmetric Key Cryptography
 How Blockchain Works

Laying the Blockchain Foundation

It is the computer science engineering techniques that incorporate cryptography and game
theoretic concepts into an application, enabling decentralized and distributed computing among the
nodes with data structure and network communication components

Game theory
game theory, branch of applied mathematics that provides tools for analyzing situations in which
parties, called players, make decisions that are interdependent. This interdependence causes each
player to consider the other player's possible decisions, or strategies, in formulating strategy.
Cryptography
Confidentiality, Data Integrity, Authentication, Non-repudiation
• Symmetric key cryptography, Private-key cryptography
If the same key is used for both encryption and decryption, it is called symmetric key cryptography.
This means that both Alice and Bob have to agree on a key (k) called “shared secret” before they
exchange the ciphertext.
• asymmetric cryptography, Public-key cryptography
is a cryptographic system that uses pairs of keys. Each pair consists of a public key and a private
key. The generation of such key pairs depends on cryptographic algorithms which are based on
mathematical problems termed one-way functions. (RSA, Deffie Hellman key exchange etc)
Stream Ciphers vs. Block Cipher
Stream cipher and block cipher algorithms differ in the way the plaintext is
encoded and decoded.
Stream ciphers convert one symbol of plaintext into one symbol of ciphertext. This
means that the encryption is carried out one bit or byte of plaintext at a time.

Block cipher on the other hand is based on the idea of partitioning the plaintext
into relatively larger blocks of fixed-length groups of bits, and further encoding
each of the blocks separately using the same key.
Parameters Block Cipher Stream Cipher

Definition Block Cipher is the kind of encryption Stream cipher is the kind of
that converts plaintext by taking each encryption that converts plaintext by
block individually. taking one byte of the plaintext at a
time.

Principle It uses both diffusion and confusion Only the confusion principle is used
principles for the conversion (used by Stream Cipher for the conversion.
later in encryption).

Decryption In Block cipher, reverse encryption or In a stream cipher, XOR is used for
decryption is more difficult than encryption that can quickly converted
stream cipher since more bits are back to plain text.
combined to be encrypted in this
scenario.

Implementation Feistel Cipher is the most popular Vernam Cipher is the main
block cipher implementation. implementation of Stream Cipher.
Parameters Block Cipher Stream Cipher

Conversion of Bits Since a block cipher converts However, in stream cipher, only 8
blocks at once, it converts more bits can be transformed
significant bits than a stream simultaneously.
cipher, which can convert 64 bits
or more.

Reversibility It is difficult to reverse encrypted It uses XOR encryption, which is

text. easily reversed to the plain text.

Complexity Simple design Complex comparatively

No of bits used 64 Bits or more 8 Bits

The Data Encryption Standard (DES block cipher
technique)
• The Data Encryption Standard (DES) is a symmetric block cipher technique. It uses 64-bit
block size with a 64-bit key for encryption and decryption. Out of the 64-bit key, 8 bits
are reserved for parity checks and technically 56 bits is the key length.

• In symmetric cryptography, a large number of block ciphers use a design scheme known
as a “Feistel cipher” or “Feistel network.” A Feistel cipher consists of multiple rounds to
process the plaintext with the key, and every round consists of a substitution step
followed by a permutation step.

• The more the number of rounds, the more secure it could be but encryption/decryption
gets slower. The DES is based on a Feistel cipher with 16 rounds.
Data Encryption Standard
• As mentioned before, the key is also 64 bits long. Since 8 bits are used as parity
bits only 56 bits are used for encryption and decryption
• After parity removal, the 56-bit key is divided into two blocks, each of 28 bits.
• They are then bit-wise left shifted in every round.
• We know that the DES uses 16 rounds of Feistel network.
• Similarly, in every round, the two 28-bit blocks from the previous round get left
shifted again by one bit and then clubbed and compressed to the 48-bit key.
• This key is then fed to the encryption function of the same round.
Data Encryption Standard
• First, the plaintext input is divided into 64 bit blocks. If the number of bits in the
message is not evenly divisible by 64, then the last block is padded to make it a 64-
bit block.
• Every 64-bit input data block goes through an initial permutation (IP) round. It
simply permutes, i.e., rearranges all the 64-bit inputs in a specific pattern by
transposing the input blocks.
• After the IP round, the 64-bit block gets divided into two 32-bit blocks, a left block
(L) and a right block (R).

Now the Feistel rounds start. The first round takes L and R as input and follows the
following steps:
• The right side 32-bit block (R) comes as is to the left side and the left side 32-bit
block (L) goes through an operation with the key k of that round and the right side
32-bit block (R):
• Permutation Substitution and XOR operation are performed
• The decryption also works a similar way in the reverse order. (explore decryption)
Advanced Encryption Standard

• Like DES, the AES algorithm is also a symmetric block cipher but is not based on a
Feistel network.
• The AES uses a substitution-permutation network in a more general sense. It not
only offers greater security, but also offers greater speed!
• AES allows a choice of three keys: 128 bits, 192 bits, and 256 bits (Depending on the
choice of the key, AES is named as AES-128, AES-192, and AES-256)

• In AES, the number of encryption rounds depend on the key length. For AES-128,
there are ten rounds; for AES-192, there are 12 rounds; and for AES-256, there are
14 rounds
Advanced Encryption Standard
Complete overview diagram:
Block Diagram of AES Algorithm

SubBytes: This is a substitution step

ShiftRows: This is the transformation
step and is based upon the matrix
representation of the state array
MixColumns: It is also a
transformation step where all the
four columns of the state are
multiplied with a fixed polynomial
and get transformed to new columns.
AddRoundKey: This is again a
transformation step where the 128-
bit round key is bitwise XORed with
128 bits of state in a column major
order.
Challenges/Limitations in Symmetric Key
Cryptography
There are some limitations in symmetric key cryptography. A few of them are listed
as follows:

• The key must be shared by the sender and receiver before any communication.
• It requires a secured key establishment mechanism in place.
• The sender and receiver must trust each other, as they use the same symmetric
key.
• If a receiver is hacked by an attacker or the receiver deliberately shared the key
with someone else, the system gets compromised.
• It is advisable to keep changing the key for each communication session.
• Often a trusted third party is needed for effective key management, which itself is a
big issue.
CRYPTOGRAPHIC HASH FUNCTIONS
• a cryptographic hash function is a one-way function that converts input data of
arbitrary length and produces a fixed-length output. The output is usually termed
“hash value” or “message digest.”
• They are widely used in many cryptographic protocols, information security
applications such as Digital Signatures and message authentication codes (MACs)
For the hash functions to serve their design purpose and be usable, they should have
the following core properties:

• Input can be any string of any size, but the output is of fixed length, say, a 256-bit
output or a 512-bit output as examples.
• The hash value should be efficiently computable for any given message.
• It is deterministic, in the sense that the same input when provided to the same hash
function produces the same hash value every time.
• It is infeasible to invert and generate the message from its hash value
• Any small change in the message should greatly influence the output hash, just so no
one can correlate the new hash value with the old one after a small change
A Heads-up on Different Hash Functions

• One of the oldest hash functions or compression function is the MD4 hash
function. It belongs to the message digest (MD) family
• other variants of MD4 such as MD5, RIPEMD etc
• Another such hash function family is the Secure Hash Algorithm (SHA) family.
There are basically four algorithms in this family, such as SHA-0, SHA-1, SHA-2,
and SHA-3.
Applications and Use cases of Hash Functions
• Hash functions are used in verifying the integrity and authenticity of information
• Hash functions can also be used to index data in hash tables. This can speed up the
process of searching. Instead of the whole data, if we search based on the hashes,
then it should obviously be faster.
• They can be used to securely authenticate the users without storing the passwords
locally. Imagine a situation where you do not want to store passwords on the server,
obviously because if an adversary hacks on to the server, they cannot get the
password from their stored hashes. Every time a user tries to log in, hash of the
punched in password is calculated and matched against the stored hash. Secured,
isn’t it?
• Bitcoin uses hash functions as a proof of work (PoW) algorithm.(later chapter)
• The two most important applications are digital signatures and in MACs such as hash-
based message authentication codes (HMACs).
• The main difference between MAC
and HMAC is that MAC is a tag or a
piece of information that helps to
authenticate a message,
• while HMAC is a special type of MAC
with a cryptographic hash function
and a secret cryptographic key
 Important MAC strategies

• MAC-then-Encrypt: This technique requires the computation of MAC on the cleartext, appending it
to the data, and then encrypting all of that together. This scheme does not provide integrity of the
ciphertext. At the receiving end, the message decryption has to happen first to be able to check the
integrity of the message.

• Encrypt-and-MAC: This technique requires the encryption and MAC computation of the message or
the cleartext, and then appending the MAC at the end of the encrypted message or ciphertext.
Notice that MAC is computed on the cleartext, so integrity of the cleartext can be assured but not of
the ciphertext, which leaves scope for some attacks.

• Encrypt-then-MAC: This technique requires that the cleartext needs to be encrypted first, and then
compute the MAC on the ciphertext. This MAC of the ciphertext is then appended to the ciphertext
itself. This scheme ensures integrity of the ciphertext, so it is possible to first check the integrity and
if valid then decrypt it.
Asymmetric key cryptography, also known
as “public key cryptography,”
• Asymmetric key cryptography, also known as “public key cryptography,” is a revolutionary concept
introduced by Diffie and Hellman.
• With this technique, they solved the problem of key distribution in a symmetric cryptography
system by introducing digital signatures. Note that asymmetric key cryptography does not
eliminate the need for symmetric key cryptography. They usually complement each other; the
advantages of one can compensate for the disadvantages of the other.
Public-Key Cryptography Principles
Public-Key Cryptography Principles

Fig :Encryption with private key Authentication

Public key encryption ingredients
• With this approach, all participants have access to public keys.

• Private keys are generated locally by each participant and therefore need never
be distributed.

• Incoming communication is secure as long as user protects his/her private keys.

• User can change its private key anytime.

 Key used by conventional encryption is referred as Secret key.

 Keys used by public key encryption are referred as Public key and Private key.
 Symmetric Key Encryption Asymmetric Key Encryption

It only requires a single key for both encryption and decryption. It requires two keys, a public key and a private key, one to encrypt
and the other one to decrypt.

The size of cipher text is the same or smaller than the original plain The size of cipher text is the same or larger than the original plain
text text.

The encryption process is very fast. The encryption process is slow.

It is used when a large amount of data is required to transfer. It is used to transfer small amounts of data.

It only provides confidentiality. It provides confidentiality, authenticity, and non-repudiation.

The length of key used is 128 or 256 bits The length of key used is 2048 or higher

In symmetric key encryption, resource utilization is low as compared In asymmetric key encryption, resource utilization is high.
to asymmetric key encryption.

It is efficient as it is used for handling large amount of data. It is comparatively less efficient as it can handle a small amount of
data.

Security is less as only one key is used for both encryption and It is more secure as two keys are used here- one for encryption and
decryption purpose. the other for decryption.

Examples: 3DES, AES, DES and RC4 Examples: Diffie-Hellman, ECC, DSA and RSA
Diffie-Hellman key exchange

It is the first published public-key cryptography. Diffie-Hellman is an key agreement protocol use for

• Exponential key agreement

• Allows two users to exchange a secret key

• Requires no prior secrets

• Real-time over an un-trusted network

• Algorithm is limited to the exchange of key

Applications: Diffie-Hellman is currently used in many protocols, namely:

• Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

• Secure Shell (SSH)

• Internet Protocol Security (IPSec)

• Public Key Infrastructure (PKI)

Diffie-Hellman key exchange illustration
Algorithm:

Step 1: Requires two large numbers, one prime (P), and (G), g should be primitive root of P

Step 2: P and G are both publicly available numbers

Step 3: Users pick private values a and b

Step 4: Compute public values

• x = ga mod p

• y = gb mod p

Step 5: Public values x and y are exchanged

Step 6: Compute shared, private key

• ka = ya mod p

• kb = xb mod p
RSA
• RSA is the best known, and most widely used general public key encryption algorithm, published by Ron Rivest, Adi
Shamir & Len Adleman of MIT in 1978

• For signature verification and can be used for encryption and decryption of standard data

• When using RSA for encryption and decryption of general data, it reverses the key set usage. Unlike signature
verification, it uses the receiver’s public key to encrypt the data, and it uses the receiver’s private key in decrypting
the data. Thus, there is no need to exchange any keys in this scenario.

There are two broad components when it comes to RSA cryptography, they are:

• Key Generation: Generating the keys to be used for encrypting and decrypting the data to be exchanged.

• Encryption/Decryption Function: The steps that need to be run when scrambling and recovering the data.
• Steps in RSA Algorithm
Keeping the image above in mind, go ahead and see how the entire process works, starting from
creating the key pair, to encrypting and decrypting the information.
Key Generation : You need to generate public and private keys before running the functions to
generate your ciphertext and plaintext. They use certain variables and parameters, all of which are
explained below:

• Choose two large prime numbers (p and q)

• Calculate n = p*q and z = (p-1)(q-1)
• Choose a number e where 1 < e < z
• Calculate d = e-1mod(p-1)(q-1)
• You can bundle private key pair as (n,d)
• You can bundle public key pair as (n,e)

Encryption/Decryption Function: Once you generate the keys, you pass the parameters to the
functions that calculate your ciphertext and plaintext using the respective key.
• If the plaintext is m, ciphertext = me mod n.
RSA Algorithm

1. Select p,q p and q both prime

2. Calculate n=pxq
 (n) ( p  1)( q  1)
3. Calculate
gcd( (n), e) 1; 1  e   (n)
4. Choose value of e
1
d e mod  (n)
5. Calculate d

6. Public Key KU = {e,n}

7. Private key KR = {d,n}

 Digital Signature Algorithm
• Here the message is first hashed and then signed.
• After the message is signed, the signed hash is tagged with the message and sent to the receiver. Also, hash the
message to get the hash again and check if the two hashes match.

• RSA is for both key management and authentication whereas DSA is only for authentication.
• unlike RSA, which is based on large-number factorization, DSA is based on discrete logarithms

DSA provides the following security properties:

• Authenticity: Signed by private key and verified by public key Data Integrity: Hashes will not match if the data is altered.
• Data integrity: Hashes will not match if the data is altered.
• Non-repudiation: Since the sender signed it, they cannot deny later that they did not send the message
A typical DSA scheme consists of three algorithms: (1) key
generation, (3) signature generation, and (3) signature verification
 Question Bank Unit 2
1. What is Cryptography and Explain Symmetric Key Cryptography.
2. Explain difference between Stream Ciphers and Block Ciphers.
3. Explain DES symmetric block chiper technique.
4. Explain in detail the AES cryptography.
5. What are Cryptographic Hash Functions? Explain its properties and applications
6. Explain MAC and HMAC with important MAC strategies that are widely used.
7. Explain Diffie-Hellman Key Exchange Algorithm.
8. Explain the difference between Symmetric and Asymmetric Key Cryptography.
9. State and explain the different hash functions.
10. How is Blockchain at its core? Explain with Laying the Blockchain Foundation.
11. List and explain core properties and security properties of hash function as cryptographic protocol.
12. State and explain: a) Digital Signature Algorithm b) Elliptic Curve Digital Signature Algorithm d) Diffie-Hellman Key
Exchange
13.State and explain RSA algorithm.