Cryptography Essentials
Shared 11/29/2025•110 views
Book Cipher / Running Key Cipher Idea: Simple, similar to Vernam cipher. Uses text from a book as a one-time pad. Encryption: Encoding plaintext messages into ciphertext. Decryption: Reversing the process, converting ciphertext back to plaintext. Encryption and Decryption Process Every encryption/decryption process has two aspects: The algorithm used. The key used for encryption and decryption. Symmetric Key Cryptography Definition: The same key is used for both encryption and decryption. Mechanism: We call this symmetric key cryptography. Asymmetric Key Cryptography Definition: Two different keys are used: One key for encryption (public key). Another key for decryption (private key). Mechanism: This is called asymmetric key cryptography. Diffie-Hellman Key Exchange / Agreement Algorithm Devised by Whitfield Diffie and Martin Hellman in 1976. Solves the problem of key agreement. Process: Alice and Bob agree on two large prime numbers, $n$ and $g$. These integers need not be kept secret and can be exchanged over an insecure channel. Alice chooses a large random number $x$ and calculates $A = g^x \pmod{n}$. Alice sends $A$ to Bob. Bob independently chooses another large random integer $y$ and calculates $B = g^y \pmod{n}$. Bob sends $B$ to Alice. Alice computes the secret key $K_1 = B^x \pmod{n}$. Bob computes the secret key $K_2 = A^y \pmod{n}$. Result: $K_1 = (g^y)^x \pmod{n} = g^{xy} \pmod{n}$ and $K_2 = (g^x)^y \pmod{n} = g^{xy} \pmod{n}$. Thus, $K_1 = K_2$, and Alice and Bob now share a common secret key. Example: Given $n=11, g=7, x=3, y=6$. Alice calculates $A = 7^3 \pmod{11} = 343 \pmod{11} = 2$. Alice sends $2$ to Bob. Bob calculates $B = 7^6 \pmod{11} = 117649 \pmod{11} = 4$. Bob sends $4$ to Alice. Alice computes $K_1 = B^x \pmod{n} = 4^3 \pmod{11} = 64 \pmod{11} = 9$. Bob computes $K_2 = A^y \pmod{n} = 2^6 \pmod{11} = 64 \pmod{11} = 9$. The shared secret key is $9$. Bucket Brigade Attack (DAKEAA) A conceptual attack where fire fighters form a line to pass buckets of water to a fire and empty buckets back. Illustrates a relay or chain-based attack. Symmetric vs. Asymmetric Key Cryptography Comparison Characteristics Symmetric Key Cryptography Asymmetric Key Cryptography Key used for encryption/decryption Same key is used for encryption & decryption. One key for encryption (public), another for decryption (private). Speed of encryption/decryption Very fast. Slower. Size of resulting encrypted text Usually same or less than original plaintext size. More than the original plaintext size. Key agreement/exchange A big problem (requires secure channel for key exchange). No problem at all (keys can be exchanged publicly). Number of keys required Equals about the square of the number of participants, so scalability is an issue. Same as the number of participants, so scales quite well. Usage Mainly for encryption & decryption, but cannot be used for digital signatures. Can be used for encryption, decryption, and digital signatures. Confusion & Diffusion Introduced by Claude Shannon. Confusion: A technique to ensure that a ciphertext gives no clue about the original plaintext. Achieved by substitution techniques. Diffusion: Increases the redundancy of the plaintext by spreading it across rows and columns. Achieved by transposition/permutation techniques. Block Ciphers use confusion & diffusion. Algorithm Modes: Electronic Codebook (ECB) Mode Description: Simplest mode of operation. Plaintext message is divided into 64-bit blocks. Each block is encrypted independently with the same key. Encryption Process: Plaintext block 1 is encrypted with the key to produce Ciphertext block 1. Plaintext block 2 is encrypted with the key to produce Ciphertext block 2. ... and so on for all blocks. Decryption Process: The receiver divides incoming data into blocks, and each block is decrypted independently using the same key to produce the plaintext blocks. Usage: Transmitting a single value in a secure fashion. Algorithm Modes: Cipher Block Chaining (CBC) Mode Description: Ensures that even if plaintext blocks repeat, the resulting ciphertext blocks are totally different. Uses a feedback mechanism. Process: An Initialization Vector (IV) is XORed with the first plaintext block. The result is encrypted with the key to produce the first ciphertext block. The first ciphertext block is then XORed with the second plaintext block. The result is encrypted with the key to produce the second ciphertext block. This process continues for all blocks. Purpose: Makes each message unique, utilizing a randomly generated IV. Each block modifies the encryption of the next block. Algorithm Modes: Cipher Feedback (CFB) Mode Description: Used for applications that are character-oriented (e.g., typing keys). Process (for a J-bit CFB): A 64-bit Input Block (IB) is used, initialized with an IV. The IB is encrypted. The leftmost $J$ bits of the encrypted IB are XORed with the first $J$ bits of the plaintext. This produces the first $J$ bits of ciphertext. The IB is shifted left by $J$ positions. The rightmost $J$ positions of the shifted IB are filled with the newly generated ciphertext $C$. This process continues until all plaintext is encrypted. Usage: Authentication and transmitting encrypted streams of data. Algorithm Modes: Output Feedback (OFB) Mode Description: Similar to CFB, but the output of the IB encryption process is fed into the next step, not the ciphertext. Advantage: Errors in individual bits do not corrupt the entire message. Drawback: An attacker can make necessary changes to the ciphertext and the checksums in a controlled fashion. Data Encryption Standard (DES) Description: A symmetric-key algorithm for the encryption of digital data. Conceptual Working: 64-bit plaintext blocks are encrypted with a 56-bit key. This produces 64-bit ciphertext blocks. The process repeats for multiple blocks.
