CNS Unit-3
CNS Unit-3
CNS Unit-3
We have mentioned that DES uses a 56-bit key. Actually, the initial key consists
of 64 bits. However, before the DES process even starts, every 8th bit of the key
is discarded to produce a 56-bit key. That is bit position 8, 16, 24, 32, 40, 48, 56,
and 64 are discarded.
Thus, the discarding of every 8th bit of the key produces a 56-bit key from the
original 64-bit key.
DES is based on the two fundamental attributes of cryptography: substitution
(also called as confusion) and transposition (also called diffusion). DES consists
of 16 steps, each of which is called as a round. Each round performs the steps of
substitution and transposition. Let us now discuss the broad-level steps in DES.
1. In the first step, the 64-bit plain text block is handed over to an initial
Permutation (IP) function.
2. The initial permutation is performed on plain text.
3. Next, the initial permutation (IP) produces two halves of the permuted
block; says Left Plain Text (LPT) and Right Plain Text (RPT).
4. Now each LPT and RPT the go through 16 rounds of encryption
process.
5. In the end, LPT and RPT are rejoined and a Final Permutation (FP) is
performed on the combined block
6. The result of this process produces 64 bit cipher text.
Initial Permutation (IP) –
As we have noted, the initial permutation (IP) happens only once and it happens
before the first round. It suggests how the transposition in IP should proceed, as
shown in the figure.
For example, it says that the IP replaces the first bit of the original plain text
block with the 58th bit of the original plain text, the second bit with the 50th bit
of the original plain text block, and so on.
This is nothing but jugglery of bit positions of the original plain text block. the
same rule applies to all the other bit positions which shows in the figure.
As we have noted after IP is done, the resulting 64-bit permuted text block is
divided into two half blocks. Each half-block consists of 32 bits, and each of the
16 rounds, in turn, consists of the broad level steps outlined in the figure.
Double and Tripple DES:
Double DES:
Double DES is a encryption technique which uses two instance of DES on same
plain text. In both instances it uses different keys to encrypt the plain text. Both
keys are required at the time of decryption. The 64 bit plain text goes into first
DES instance which than converted into a 64 bit middle text using the first key
and then it goes to second DES instance which gives 64 bit cipher text by using
second key.
However double DES uses 112 bit key but gives security level of 2^56 not 2^112
and this is because of meet-in-the middle attack which can be used to break
through double DES.
Triple DES:
Triple DES is a encryption technique which uses three instance of DES on same
plain text. It uses there different types of key choosing technique in first all used
keys are different and in second two keys are same and one is different and in third
all keys are same.
Triple DES is also vulnerable to meet-in-the middle attack because of which it give
total security level of 2^112 instead of using 168 bit of key. The block collision
attack can also be done because of short block size and using same key to encrypt
large size of text. It is also vulnerable to sweet32 attack.
AES DES
AES stands for Advanced Encryption DES stands for Data Encryption
Standard Standard
Byte-Oriented. Bit-Oriented.
The selection process for this is secret but The selection process for this is
accepted open public comment. secret.
Encryption:
The process of changing the plaintext into the ciphertext is referred to
as encryption.
The encryption process consists of an algorithm and a key. The key is a value
independent of the plaintext.
Decryption:
The process of changing the ciphertext to the plaintext that process is known
as decryption.
• One algorithm is
used for encryption
and a related
• Same algorithm with algorithm decryption
the same key is used for with pair of keys,
encryption and one for encryption
decryption. and other for
• The sender and receiver decryption.
Required
must share the • Receiver and Sender
for Work:
algorithm and key. must each
RSA Techniques:
RSA Algorithm in Cryptography
RSA algorithm is asymmetric cryptography algorithm. Asymmetric actually means
that it works on two different keys i.e. Public Key and Private Key. As the name
describes that the Public Key is given to everyone and Private key is kept private.
An example of asymmetric cryptography :
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory
concepts for SDE interviews with the CS Theory Course at a student-friendly
price and become industry ready.
1. A client (for example browser) sends its public key to the server and
requests for some data.
2. The server encrypts the data using client’s public key and sends the
encrypted data.
3. Client receives this data and decrypts it.
Since this is asymmetric, nobody else except browser can decrypt the data even if a
third party has public key of browser.
The idea! The idea of RSA is based on the fact that it is difficult to factorize a
large integer. The public key consists of two numbers where one number is
multiplication of two large prime numbers. And private key is also derived from
the same two prime numbers. So if somebody can factorize the large number, the
private key is compromised. Therefore encryption strength totally lies on the key
size and if we double or triple the key size, the strength of encryption increases
exponentially. RSA keys can be typically 1024 or 2048 bits long, but experts
believe that 1024 bit keys could be broken in the near future. But till now it seems
to be an infeasible task.
Let us learn the mechanism behind RSA algorithm :
>> Generating Public Key :
• Select two prime no's. Suppose P = 53 and Q = 59.
• Now First part of the Public key : n = P*Q = 3127.
•
• We also need a small exponent say e :
• But e Must be
•
• An integer.
•
• Not be a factor of n.
•
• 1 < e < Φ(n) [Φ(n) is discussed below],
• Let us now consider it to be equal to 3.
•
Key Exchange:
Internet Key Exchange (IKE) is a key management protocol standard used in
conjunction with the Internet Protocol Security (IPSec) standard protocol. It
provides security for virtual private networks' (VPNs) negotiations and network
access to random hosts.
Diffie Hellman Scheme
The Diffie Hellman Algorithm is being used to establish a shared secret that can
be used for secret communications while exchanging data over a public network.
In the below program, the client will share the value of , , and public key .
Whereas, the server will accept the values and calculate its public key and send it
to the client.
Diffie-Hellman algorithm
The Diffie-Hellman algorithm is being used to establish a shared secret that can
be used for secret communications while exchanging data over a public network
using the elliptic curve to generate points and get the secret key using the
parameters.
• For the sake of simplicity and practical implementation of the
algorithm, we will consider only 4 variables, one prime P and G (a
primitive root of P) and two private values a and b.
• P and G are both publicly available numbers. Users (say Alice and Bob)
pick private values a and b and they generate a key and exchange it
publicly. The opposite person receives the key and that generates a
secret key, after which they have the same secret key to encrypt.
Alice Bob
Digital Signature
A digital signature is a mathematical technique used to validate the
authenticity and integrity of a message, software, or digital document.
1. Key Generation Algorithms: Digital signature is electronic signatures,
which assure that the message was sent by a particular sender. While
performing digital transactions authenticity and integrity should be
assured, otherwise, the data can be altered or someone can also act as if
he was the sender and expect a reply.
2. Signing Algorithms: To create a digital signature, signing algorithms
like email programs create a one-way hash of the electronic data which
is to be signed. The signing algorithm then encrypts the hash value
using the private key (signature key). This encrypted hash along with
other information like the hashing algorithm is the digital signature.
This digital signature is appended with the data and sent to the verifier.
The reason for encrypting the hash instead of the entire message or
document is that a hash function converts any arbitrary input into a
much shorter fixed-length value. This saves time as now instead of
signing a long message a shorter hash value has to be signed and
moreover hashing is much faster than signing.
3. Signature Verification Algorithms : Verifier receives Digital
Signature along with the data. It then uses Verification algorithm to
process on the digital signature and the public key (verification key) and
generates some value. It also applies the same hash function on the
received data and generates a hash value. Then the hash value and the
output of the verification algorithm are compared. If they both are
equal, then the digital signature is valid else it is invalid.
Digital Certificate
Certificate Authorities:
Registration authority act as a intermediate between end user and the
certificate authority. It also assist in day to day task of certificate authority.
Accepting and verifying the details of new user’s registration. User key generation.
Backups and recovery of key. Certificate cancellation.
Let’s Encrypt has become one of the most important organizations for
creating a secure Internet. Let’s Encrypt is a free, automated, and open certificate
authority (CA), run for the public’s benefit, a service provided by the Internet
Security Research Group (ISRG).
The end user request for a digital certificate and the request goes to the
registration authority (R+A) which then assist the certificate authority (CA) to
create the digital certificate. Registration authority act as a intermediate between
end user and the certificate authority.