+ All Categories
Home > Documents > B.tech CS S8 Security in Computing Notes Module 3

B.tech CS S8 Security in Computing Notes Module 3

Date post: 14-Apr-2018
Upload: jisha-shaji
View: 221 times
Download: 0 times
Share this document with a friend
Embed Size (px)

of 36

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3




    1. Cryptography.12. Fiestel Networks...103. Data Encryption Standard..124. Modes of operation of DES.....205.

    Public key Cryptography26

    6. RSA Algorithm.....287. Diffie Hellman Key Exchange.318. MAC and HASH function..339. Digital Signature.3510.Questions..37

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    1. Cryptography


    Plaintext "The original message before it is encoded."

    Encoding/Encryption "The process of disguising the plaintext."

    Ciphertext "The enciphered version of the plaintext."

    Decoding/Decryption "The process of reverting the cipher text back to the plaintext."

    Cryptography "The science of keeping messages secret and of ensuring


    Cryptanalysis "The science (and art) of deciphering encoded messages

    without the knowledge of the used key."

    Cryptology Greek: krypts = hidden, lgos=science. "The combination ofcryptography and cryptanalysis "The science of hidden,

    disguised information."

    1.2 Types of Cryptography

    1.2.1 Conventional Encryption/Private-key Cryptography

    In a "One-Key-Encryption" or "Conventional Encryption", the sender and the recipient

    share the same key as their common secret

    (source: www.PGPi.com):

    At some earlier point in time the two correspondents, the sender and the recipient, musthave agreed on that key. If they are in different locations, they must trust a courier or a

    phone system to transmit the secret key in a secure manner. Surely, this is not very

    practical, particularly when many (new) parties are involved.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    However, the major problem is the total number of keys involved. 2 correspondents use 1

    key, 3 use 3 keys, 4 use 6 keys, 5 use 10 keys, 100 use 4950 keys, 1000 use 499500 keys,etc. And each key must be stored in a secure manner. Key management is enough of a

    difficult task that a name was invented for it: The Key Distribution Problem. It is the

    reason why One-Key-Cryptography is not appropriate for today's secure electronic data

    transfers between many parties involved.Every Cipher is made up of two ingredients: an encryption method (the "algorithm") and

    the set of all possible keys (the "key space"). The sender may now choose from the

    number of possible keys to encode his secret message. The security of the cryptosystemshall not be based on keeping the algorithm secret, but solely keeping the key secret.

    Private Key Cryptography means that the knowledge of the encoding key yields the

    decoding key. Such Ciphers are therefore also called "Symmetric Ciphers". If a Cipher

    only offers a small number of keys (i.e. the Caesar Cipher) it can be broken by simplytesting the possible keys. A huge number of keys assures the security of a cipher

    Private Key Cryptography provides "high-security" ciphers, however, their usage is not

    practical because of the key distribution problem. It describes the difficulty of

    exchanging and handling a large number of keys. I.e. 1000 correspondents have to handlea total of 499500 keys. The number of keys increases with the square of the number of


    1.2.2 Two-key/Public-key Cryptography

    The "Two-Key Cryptography" or "Public-Key Cryptography" was a majorbreakthrough in 1976. It makes the inconceivable reality: A Public Key is used to encode

    the plain text, its corresponding Private Key is used to decode the cipher text. The clue:

    Although the encoding key available to the whole world, nobody is capable of figuringout the decoding key. The figure below shows the how "Two-Key Cryptography" is


    (source: www.PGPi.com):

    The primary benefit of public key cryptography is that it allows people who have nopreexisting security arrangement to exchange messages securely. The need for sender and

    receiver to share secret keys via some secure channel is eliminated; all communications

    involve only public keys, and no private key is ever transmitted or shared.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    1.2.3 Transposition and Substitution Ciphers

    Substitution and Transposition Ciphers are two categories of ciphers used in classicalcryptography. Substitution and Transposition differ in how chunks of the message are

    handled by the encryption process. Substitution ciphers encrypt plaintext by changing the

    plaintext one piece at a time.

    The Ceasar Cipher was an early substitution cipher. In the Caesar Cipher, each characteris shifted three places up. Therefore, A becomes D and B becomes E, etc...

    This table shows "VOYAGER" being encrypted with the Caesar substution cipher:

    Plaintext V O Y A G E R

    Key +3 +3 +3 +3 +3 +3 +3

    Ciphertext Y R B D J H U

    Transposition ciphers encrypt plaintext by moving small pieces of the message around.

    This table shows "VOYAGER" being encrypted with a primitive transposition cipher

    where every two letters are switched with each other:

    V O Y A G E R

    O V A Y E G R

    1.2.4 Stream and Block Ciphers

    Block and Stream Ciphers are two categories of ciphers used in classical cryptography.

    Block and Stream Ciphers differ in how large a piece of the message is processed in each

    encryption operation. Block ciphers encrypt plaintext in chunks. Common block sizes are64 and 128 bits. Stream ciphers encrypt plaintext one byte or one bit at a time. A stream

    cipher can be thought of as a block cipher with a really small block size. Generally

    speaking, block ciphers are more efficient for computers and stream ciphers are easier forhumans to do by hand.

    1.3 Caesar Substitution

    The simplest of all substitution ciphers is the one in which the cipher letters results from

    shifting plain letters by the same distance. Among those, the best known is called "Caesar

    Cipher", used by Julius Caesar, in which each A is encrypted as D, B as E, C as F,... etc.Here key is 3

    Mathematically, the encryption and decryption functions can be described as follows:

    The sender encodes each plain text letter P using the key b as follows:

    C= (P+b) mod 26The recipient decodes each cipher text letter C using the key b as follows:

    P=(C-b) mod 26

    1.4 Playfair Cipher

    The best known substitution cipher that encrypts pairs of letters is the Playfair Cipher

    invented by Sir Charles Wheatstone but championed at the British Foreign Office by

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    Lyon Playfair, the first Baron Playfair of St. Andrews, whose name the cipher bears.

    Here, a 5 x 5-square matrix containing the 26 letters of the alphabet (I and J are treated asthe same letter) is used to carry out the encryption. A key word, MONARCHY in this

    example, is filled in first, and the remaining unused letters of the alphabet are entered in

    their lexicographic order.

    Pairs of plaintext letters are encrypted with the matrix by first locating the two plaintext

    letters in the matrix. They are(1) in different rows and columns or

    (2) in the same row or(3) in the same column or(4) alike.

    The corresponding encryption (replacement) rules are the following:1. If the pair of letters are in different rows and columns, each letter is replaced by the

    letter that is in the same row but in the other column; i.e., to encrypt WE, W is replaced

    by U and E by G.

    2. If two letters are in the same row simply shift both one position to the right. I.e. A andR are in the same row. A is encrypted as R and R (reading the row cyclically) as M.

    3. Similarly, if two letters are in the same column shift both one position down. I.e. I and

    S are in the same column. I is encrypted as S and S as X.

    4. If a double letter occurs, a spurious symbol, say Q, is introduced so that the MM in

    SUMMER would encrypt into NL for MQ and CL for ME.

    5. An X is appended to the end of the plaintext if necessary to cause the plaintext to have

    an even number of letters.

    1.5 Monoalphabetic substitution

    The Caesar Cipher, the Multiplication Cipher and the Linear Cipher have one property in

    common. They all fall in the category of Monoalphabetic Ciphers: "Same plain letters areencoded to the same cipher letter." i.e. in the Caesar Cipher each "a" turned into "d", each

    "b" turned into "e", etc.

    The reason why such Ciphers can be broken is the following: Although letters are

    changed the underlying letter frequencies are not! If the plain letter "a" occurs 10 times

    its cipher letter will do so 10 times. Therefore, any monoalphabetic Cipher can be brokenwith the aid of letter frequency analysis.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    1.6 Polyalphabetic Substitution

    Polyalphabetic substitution cipher is simply a substitution cipher with an alphabet thatchanges. For example one could have two alphabets:

    Plain Alphabet: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

    Cipher Alphabet #1: B D F H J L N P R T V X Z A C E G I K M O Q S U W YCipher Alphabet #2: Z Y X W V U T S R Q P O N M L K J I H G F E D C B A

    Now to encrypt the message ``The quick brown fox jumped over the lazy dog" we would

    alternate between the two cipher alphabets, using #1 for every first letter and #2 for everysecond, to get: ``Msj joxfp dicda ucu tfzkjw ceji msj xzyb hln". Polyalphabetic

    substitution ciphers are useful because they cannot be broken using frequency

    analysis.The number of letters encrypted before a polyalphabetic substitution cipherreturns to its first cipher alphabet is called its period. The larger the period, the stronger

    the cipher.

    Vigenere Cipher

    The polyalphabetic substitution cipher involves the use of two or more cipher alphabets.Instead of there being a one-to-one relationship between each letter and its substitute,

    there is a one-to-many relationship between each letter and its substitutes.

    The Vigenere Cipher , proposed by Blaise de Vigenere is a polyalphabetic substitution

    based on the following tableau:

    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

    A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

    B B C D E F G H I J K L M N O P Q R S T U V W X Y Z A

    C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B

    D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

    E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D

    F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E

    G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F

    H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G

    I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H

    J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I

    K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J

    L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K

    M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L

    N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

    O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N

    P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O

    Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P

    R R S T U V W X Y Z A B C D E F G H I J K L M N O P QS S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

    T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S

    U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T

    V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U

    W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V

    X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

    Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X

    Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    Note that each row of the table corresponds to a Caesar Cipher. The first row is a shift of

    0; the second is a shift of 1; and the last is a shift of 25.

    The Vigenere cipher uses this table together with a keyword to encipher a message. For

    example, enciphering the plaintext message:


    using the keyword RELATIONS. We begin by writing the keyword, repeated as manytimes as necessary, above the plaintext message. To derive the ciphertext using the

    tableau, for each letter in the plaintext, one finds the intersection of the row given by the

    corresponding keyword letter and the column given by the plaintext letter itself to pickout the ciphertext letter.




    Decipherment of an encrypted message is equally straightforward. One writes the

    keyword repeatedly above the message:Keyword: RELAT IONSR ELATI ONSRE LATIO NSREL



    This time one uses the keyword letter to pick a column of the table and then traces down

    the column to the row containing the ciphertext letter. The index of that row is theplaintext letter.

    The strength of the Vigenere cipher against frequency analysis can be seen by examiningthe above ciphertext. Note that there are 7 'T's in the plaintext message and that they have

    been encrypted by 'H,' 'L,' 'K,' 'M,' 'G,' 'X,' and 'L' respectively. This successfully masksthe frequency characteristics of the English 'T.' One way of looking at this is to notice

    that each letter of our keyword RELATIONS picks out 1 of the 26 possible substitution

    alphabets given in the Vigenere tableau. Thus, any message encrypted by a Vigenere

    cipher is a collection of as many simple substitution ciphers as there are letters in thekeyword.

    1.7 Cryptanalysis

    Cryptanalysis (from the Greek krypts, "hidden", and analein, "to loosen" or "to untie")is the study of methods for obtaining the meaning of encrypted information, withoutaccess to the secret information which is normally required to do so. Typically, this

    involves finding the secret key. In non-technical language, this is the practice of code

    breaking or cracking the code, although these phrases also have a specialized technicalmeaning

    Types of Cryptanalytic attacks

    1 Brute force Attacks: It is a method of defeating a cryptographic scheme bytrying a large number of possibilities; for example, exhaustively working throughall possible keys in order to decrypt a message. In most schemes, the theoreticalpossibility of a brute force attack is recognized, but it is set up in such a way that

    it would be computationally infeasible to carry out.

    2 Ciphertext-only: the cryptanalyst has access only to a collection of ciphertexts orcodetexts.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    3 Known-plaintext: the attacker has a set of ciphertexts to which he knows thecorresponding plaintext.

    4 Chosen-plaintext (chosen-ciphertext): the attacker can obtain the ciphertexts(plaintexts) corresponding to an arbitrary set of plaintexts (ciphertexts) of his own


    5 Adaptive chosen-plaintext: like a chosen-plaintext attack, except the attackercan choose subsequent plaintexts based on information learned from previous

    encryptions. Similarly Adaptive chosen ciphertext attack.

    6 Related-key attack: Like a chosen-plaintext attack, except the attacker canobtain ciphertexts encrypted under two different keys. The keys are unknown, butthe relationship between them is known; for example, two keys that differ in the

    one bit.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    2. Fiestel Networks

    In cryptography, a Feistel cipher is a block cipher with a particular structure, named afterIBM cryptographer Horst Feistel; it is also commonly known as a Feistel network. A

    large proportion of block ciphers use the scheme, including the Data EncryptionStandard(DES). The Feistel structure has the advantage that encryption and decryptionoperations are very similar, even identical in some cases, requiring only a reversal of the

    key schedule. Therefore the size of the code or circuitry required to implement such a

    cipher is nearly halved.

    Feistel networks and similar constructions are product ciphers, and so combine multiple

    rounds of repeated operations, such as:

    Bit-shuffling (often called permutation boxes or P-boxes)

    Simple non-linear functions (often called substitution boxes or S-boxes)

    Linear mixing (in the sense of modular algebra) using XOR

    to produce a function with large amounts of what Claude Shannon described as"confusion and diffusion". Bit shuffling creates the diffusion effect, while substitution is

    used for confusion. In Shannon's original definitions, confusion refers to making the

    relationship between the key and the ciphertext as complex and involved as possible;diffusion refers to the property that redundancy in the statistics of the plaintext is

    "dissipated" in the statistics of the ciphertext.

    The basic operation is as follows:

    Split the plaintext block into two equal pieces, (L0,R0)

    For each round , compute

    Li = Ri 1

    wherefis the round function and Ki is the sub-key.

    Then the ciphertext is (Ln,Rn).

    Regardless of the functionf, decryption is accomplished via

    Ri 1 =Li

    One advantage of this model is that the function used does not have to be invertible, andcan be very complex. This diagram illustrates both encryption and decryption. Note the

    reversal of the subkey order for decryption; this is the only difference between encryptionand decryption:

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    3. Data Encryption Standard

    DES encrypts and decrypts data in 64-bit blocks, using a 64-bit key (although the

    effective key strength is only 56 bits, as explained below). It takes a 64-bit block of

    plaintext as input and outputs a 64-bit block of ciphertext. Since it always operates on

    blocks of equal size and it uses both permutations and substitutions in the algorithm, DES

    is both a block cipher and a product cipher.

    DES has 16 rounds, meaning the main algorithm is repeated 16 times to produce the

    ciphertext. It has been found that the number of rounds is exponentially proportional to

    the amount of time required to find a key using a brute-force attack. So as the number ofrounds increases, the security of the algorithm increases exponentially.

    The block diagram of DES is depicted below.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    3.1 Key Scheduling

    Although the input key for DES is 64 bits long, the actual key used by DES is only 56

    bits in length. The bits at positions of multiples of eight are ignored, thus resulting in akey length of 56 bits.

    The first step is to pass the 64-bit key through a permutation called Permuted Choice 1,

    or PC-1 for short. The table for this is given below. Note that in all subsequent

    descriptions of bit numbers, 1 is the left-most bit in the number, and n is the rightmost bit.

    PC-1: Permuted Choice 1

    Bit 0 1 2 3 4 5 6

    1 57 49 41 33 25 17 9

    8 1 58 50 42 34 26 18

    15 10 2 59 51 43 35 27

    22 19 11 3 60 52 44 36

    29 63 55 47 39 31 23 15

    36 7 62 54 46 38 30 22

    43 14 6 61 53 45 37 2950 21 13 5 28 20 12 4

    Now that we have the 56-bit key, the next step is to use this key to generate 16 48-bit

    subkeys, called K[1]-K[16], which are used in the 16 rounds of DES for encryption and

    decryption. The procedure for generating the subkeys - known as key scheduling - isfairly simple:

    1. Set the round number R to 1.

    2. Split the current 56-bit key, K, up into two 28-bit blocks, L (the left-hand half) and R

    (the right-hand half).3. Rotate L left by the number of bits specified in the table below, and rotate R left by the

    same number of bits as well.

    4. Join L and R together to get the new K.

    5. Apply Permuted Choice 2 (PC-2) to K to get the final K[R], where R is the round

    number we are on.

    6. Increment R by 1 and repeat the procedure until we have all 16 subkeys K[1]-K[16].

    Here are the tables involved in these operations:

    Subkey Rotation TableRound Number 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

    Number of bits to


    1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1

    PC-2: Permuted Choice 2

    Bit 0 1 2 3 4 5

    1 14 17 11 24 1 5

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    7 3 28 15 6 21 10

    13 23 19 12 4 26 8

    19 16 7 27 20 13 2

    25 41 52 31 37 47 55

    31 30 40 51 45 33 48

    37 44 49 39 56 34 5343 46 42 50 36 29 32

    3.2 Plaintext Preparation

    Once the key scheduling has been performed, the next step is to prepare the plaintext for

    the actual encryption. This is done by passing the plaintext through a permutation called

    the Initial Permutation, or IP for short. This table also has an inverse, called the InverseInitial Permutation, or IP^(-1). Sometimes IP^(-1) is also called the Final Permutation.

    Both of these tables are shown below.

    IP: Initial Permutation

    Bit 0 1 2 3 4 5 6 7

    1 58 50 42 34 26 18 10 2

    9 60 52 44 36 28 20 12 4

    17 62 54 46 38 30 22 14 6

    25 64 56 48 40 32 24 16 8

    33 57 49 41 33 25 17 9 1

    41 59 51 43 35 27 19 11 3

    49 61 53 45 37 29 21 13 5

    57 63 55 47 39 31 23 15 7

    IP^(-1): Inverse Initial Permutation

    Bit 0 1 2 3 4 5 6 71 40 8 48 16 56 24 64 32

    9 39 7 47 15 55 23 63 31

    17 38 6 46 14 54 22 62 30

    25 37 5 45 13 53 21 61 29

    33 36 4 44 12 52 20 60 28

    41 35 3 43 11 51 19 59 27

    49 34 2 42 10 50 18 58 26

    57 33 1 41 9 49 17 57 25

    These tables are used just like PC-1 and PC-2 were for the key scheduling. By looking at

    the table is becomes apparent why one permutation is called the inverse of the other. Forexample, let's examine how bit 32 is transformed under IP. In the table, bit 32 is located

    at the intersection of the column labeled 4 and the row labeled 25. So this bit becomes bit29 of the 64-bit block after the permutation. Now let's apply IP^(-1). In IP^(-1), bit 29 is

    located at the intersection of the column labeled 7 and the row labeled 25. So this bit

    becomes bit 32 after the permutation. And this is the bit position that we started withbefore the first permutation. So IP^(-1) really is the inverse of IP. It does the exact

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    opposite of IP. If you run a block of plaintext through IP and then pass the resulting block

    through IP^(-1), you'll end up with the original block.

    3.3 DES Core Function

    Once the key scheduling and plaintext preparation have been completed, the actualencryption or decryption is performed by the main DES algorithm. The 64-bit block of

    input data is first split into two halves, L and R. L is the left-most 32 bits, and R is the

    right-most 32 bits. The following process is repeated 16 times, making up the 16 roundsof standard DES. We call the 16 sets of halves L[0]-L[15] and R[0]-R[15].

    1. R[I-1] - where I is the round number, starting at 1 - is taken and fed into the E-Bit

    Selection Table, which is like a permutation, except that some of the bits are used more

    than once. This expands the number R[I-1] from 32 to 48 bits to prepare for the next step.

    2. The 48-bit R[I-1] is XORed with K[I] and stored in a temporary buffer so that R[I-1] isnot modified.

    3. The result from the previous step is now split into 8 segments of 6 bits each. The left-

    most 6 bits are B[1], and the right-most 6 bits are B[8]. These blocks form the index intothe S-boxes, which are used in the next step. The Substitution boxes, known as S-boxes,

    are a set of 8 two-dimensional arrays, each with 4 rows and 16 columns. The numbers in

    the boxes are always 4 bits in length, so their values range from 0-15. The S-boxes are

    numbered S[1]-S[8].

    4. Starting with B[1], the first and last bits of the 6-bit block are taken and used as anindex into the row number of S[1], which can range from 0 to 3, and the middle four bits

    are used as an index into the column number, which can range from 0 to 15. The number

    from this position in the S-box is retrieved and stored away. This is repeated with B[2]and S[2], B[3] and S[3], and the others up to B[8] and S[8]. At this point, we now have 8

    4-bit numbers, which when strung together one after the other in the order of retrieval,

    give a 32-bit result.5. The result from the previous stage is now passed into the P Permutation.

    6. This number is now XORed with L[I-1], and moved into R[I]. R[I-1] is moved into


    7. At this point we have a new L[I] and R[I]. Here, we increment I and repeat the core

    function until I = 17, which means that 16 rounds have been executed and keys K[1]-K[16] have all been used.

    When L[16] and R[16] have been obtained, they are joined back together in the same

    fashion they were split apart (L[16] is the left-hand half, R[16] is the right-hand half),

    then the two halves are swapped, R[16] becomes the left-most 32 bits and L[16] becomes

    the right-most 32 bits of the pre-output block and the resultant 64-bit number is called thepre-output.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    Tables used in the DES Core Function

    E-Bit Selection Table

    Bit 0 1 2 3 4 5

    1 32 1 2 3 4 5

    7 4 5 6 7 8 9

    13 8 9 10 11 12 13

    19 12 13 14 15 16 17

    25 16 17 18 19 20 21

    31 20 21 22 23 24 25

    37 24 25 26 27 28 29

    43 28 29 30 31 32 1

    P Permutation

    Bit 0 1 2 3

    1 16 7 20 21

    5 29 12 28 17

    9 1 15 23 2613 5 18 31 10

    17 2 8 24 14

    21 32 27 3 9

    25 19 13 30 6

    29 22 11 4 25

    S-Box 1: Substitution Box 1

    Row /

    Column0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

    0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7

    1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8

    2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0

    3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13

    S-Box 2: Substitution Box 2

    Row /

    Column0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

    0 15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10

    1 3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5

    2 0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15

    3 13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9

    S-Box 3: Substitution Box 3

    Row /Column

    0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

    0 10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8

    1 13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1

    2 13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7

    3 1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12

    S-Box 4: Substitution Box 4

    Row / Column 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    0 7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15

    1 13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9

    2 10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4

    3 3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14

    S-Box 5: Substitution Box 5

    Row /Column

    0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

    0 2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9

    1 14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6

    2 4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14

    3 11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3

    S-Box 6: Substitution Box 6

    Row /

    Column0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

    0 12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11

    1 10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8

    2 9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6

    3 4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13

    S-Box 7: Substitution Box 7

    Row /


    0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

    0 4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1

    1 13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6

    2 1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2

    3 6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12

    S-Box 8: Substitution Box 8

    Row /Column

    0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

    0 13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7

    1 1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2

    2 7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8

    3 2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11

    3.4 How to use the S-Boxes

    The purpose of this example is to clarify how the S-boxes work. Suppose we have thefollowing 48-bit binary number:


    In order to pass this through steps 3 and 4 of the Core Function as outlined above, the

    number is split up into 8 6-bit blocks, labeled B[1] to B[8] from left to right:

    011101 000101 110101 000111 101000 011100 101101 011101

    Now, eight numbers are extracted from the S-boxes - one from each box:

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    B[1] = S[1](01, 1110) = S[1][1][14] = 3 = 0011

    B[2] = S[2](01, 0010) = S[2][1][2 ] = 4 = 0100

    B[3] = S[3](11, 1010) = S[3][3][10] = 14 = 1110

    B[4] = S[4](01, 0011) = S[4][1][3 ] = 5 = 0101

    B[5] = S[5](10, 0100) = S[5][2][4 ] = 10 = 1010

    B[6] = S[6](00, 1110) = S[6][0][14] = 5 = 0101

    B[7] = S[7](11, 0110) = S[7][3][6 ] = 10 = 1010

    B[8] = S[8](01, 1110) = S[8][1][14] = 9 = 1001

    In each case of S[n][row][column], the first and last bits of the current B[n] are used as

    the row index, and the middle four bits as the column index.

    The results are now joined together to form a 32-bit number which serves as the input tostage 5 of the Core Function (the P Permutation):


    3.5 Ciphertext Preparation

    The final step is to apply the permutation IP^(-1) to the pre-output. The result is the

    completely encrypted ciphertext.

    3.6 Encryption and Decryption

    The same algorithm can be used for encryption or decryption. The method described

    above will encrypt a block of plaintext and return a block of ciphertext. In order to

    decrypt the ciphertext and get the original plaintext again, the procedure is simplyrepeated but the subkeys are applied in reverse order, from K[16]-K[1]. That is, stage 2 of

    the Core Function as outlined above changes from R[I-1] XOR K[I] to R[I-1] XOR K[17-

    I]. Other than that, decryption is performed exactly the same as encryption.

    3.7 Strength of DES

    1 With a key length of 56 bits, a brute force attack becomes impractical2 Design algorithm of S-boxes is kept a secret3 DES is also resistant to timing attacks

    3.8 Comparison of modern symmetric key algorithms

    Algorithm Plaintext Ciphertext Key size Rounds Advantages

    DES 64 bits 64 bits 56 bits 16 Simple and fast

    Less mathematicalcalculations

    Cryptanalysis isdifficult

    3DES 64 bits 64 bits 168 bits 48 DES

    rounds More reliable

    Easy to upgrade the

    software to 3DES

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    Longer keylength,

    difficult to crytanalyse

    AES 128 bits 128 bits 128/192/

    256 bits


    resp.Longer keylengths


    More flexible

    Blowfish 64 bits 64 bits 32-448bits

    16 Fast and secureCompact

    RC5 32/64/128






    variable Simple and fast

    Adaptable to

    processors of different

    word length

    Data dependentrotations

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3




    4.1 ECB (Electronic Code Book)

    This is the regular DES algorithm. Data is divided into 64-bit blocks and each

    block is encrypted one at a time. Separate encryptions with different blocks aretotally independent of each other. This means that if data is transmitted over a

    network or phone line, transmission errors will only affect the block containingthe error. It also means, however, that the blocks can be rearranged, thus

    scrambling a file beyond recognition, and this action would go undetected. ECB is

    the weakest of the various modes because no additional security measures areimplemented besides the basic DES algorithm. However, ECB is the fastest and

    easiest to implement, making it the most common mode of DES.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    4.2 CBC (Cipher Block Chaining).

    In this mode of operation, each block of ECB encrypted ciphertext is XORed with

    the next plaintext block to be encrypted, thus making all the blocks dependent on

    all the previous blocks. This means that in order to find the plaintext of a

    particular block, you need to know the ciphertext, the key, and the ciphertext forthe previous block. The first block to be encrypted has no previous ciphertext, so

    the plaintext is XORed with a 64-bit number called the Initialization Vector, or IVfor short. So if data is transmitted over a network or phone line and there is a

    transmission error, the error will be carried forward to all subsequent blocks since

    each block is dependent upon the last. This mode of operation is more secure thanECB because the extra XOR step adds one more layer to the encryption process.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    4.3 CFB (Cipher Feed Back)

    In this mode, blocks of plaintext that are less than 64 bits long can be

    encrypted. Normally, special processing has to be used to handle files whose size is

    not a perfect multiple of 8 bytes, but this mode removes that necessity (Stealthhandles this case by adding several dummy bytes to the end of a file before

    encrypting it). The plaintext itself is not actually passed through the DES algorithm,but merely XORed with an output block from it, in the following manner: A 64-bit

    block called the Shift Register is used as the input plaintext to DES. This is initially

    set to some arbitrary value, and encrypted with the DES algorithm. The ciphertext isthen passed through an extra component called the M-box, which simply selects the

    left-most M bits of the ciphertext, where M is the number of bits in the block we wish

    to encrypt. This value is XORed with the real plaintext, and the output of that is the

    final ciphertext. Finally, the ciphertext is fed back into the Shift Register, and used asthe plaintext seed for the next block to be encrypted. As with CBC mode, an error in

    one block affects all subsequent blocks during data transmission. This mode ofoperation is similar to CBC and is very secure, but it is slower than ECB due to theadded complexity.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    4.4 OFB (Output Feed Back)

    This is similar to CFB mode, except that the ciphertext output of DES is

    fed back into the Shift Register, rather than the actual final ciphertext. The ShiftRegister is set to an arbitrary initial value, and passed through the DES algorithm.The output from DES is passed through the M-box and then fed back into the

    Shift Register to prepare for the next block. This value is then XORed with the

    real plaintext (which may be less than 64 bits in length, like CFB mode), and theresult is the final ciphertext. Note that unlike CFB and CBC, a transmission error

    in one block will not affect subsequent blocks because once the recipient has the

    initial Shift Register value, it will continue to generate new Shift Register

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    plaintext inputs without any further data input. However, this mode of operation is

    less secure than CFB mode because only the real ciphertext and DES ciphertextoutput is needed to find the plaintext of the most recent block. Knowledge of the

    key is not required.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    4.5 CTR (Counter)

    A counter, equal to the plaintext block size is used. The counter value must be

    different for each plaintext block that is encrypted. The counter is initialized to somevalue and then incremented by 1 for each substitution. For encryption, the counter is

    encrypted and then XORed with the plaintext block to produce the ciphertext block.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3




    5.1 Comparison of Symmetric Key and Public Key Cryptography

    With symmetric-key encryption, the encryption key can be calculated from the

    decryption key and vice versa. With most symmetric algorithms, the same key is used forboth encryption and decryption, as shown in Figure

    Implementations of symmetric-key encryption can be highly efficient, so that users do

    not experience any significant time delay as a result of the encryption and decryption.Symmetric-key encryption is effective only if the symmetric key is kept secret by the two

    parties involved. If anyone else discovers the key, it affects both confidentiality andauthentication. A person with an unauthorized symmetric key not only can decrypt

    messages sent with that key, but can encrypt new messages and send them as if they

    came from one of the two parties who were originally using the key.

    Public-key encryption (also called asymmetric encryption) involves a pair of keys--a

    public key and a private key--associated with an entity that needs to authenticate its

    identity electronically or to sign or encrypt data. Each public key is published, and thecorresponding private key is kept secret. Data encrypted with the public key can be

    decrypted only with the private key. The figure shows a simplified view of the waypublic-key encryption works.

    The scheme lets us freely distribute a public key, and only you will be able to read data

    encrypted using this key. In general, to send encrypted data to someone, we encrypt the

    data with that person's public key, and the person receiving the encrypted data decrypts itwith the corresponding private key. Compared with symmetric-key encryption, public-

    key encryption requires more computation and is therefore not always appropriate for

    large amounts of data. However, it's possible to use public-key encryption to send asymmetric key, which can then be used to encrypt additional data.

    As it happens, the reverse of the scheme shown in Figure also works: data encrypted withyour private key can be decrypted only with your public key. This would not be a

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    desirable way to encrypt sensitive data, however, because it means that anyone with your

    public key, which is by definition published, could decrypt the data. Nevertheless,private-key encryption is useful, because it means you can use your private key to sign

    data with your digital signature--an important requirement for electronic commerce and

    other commercial applications of cryptography.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    6. RSA Algorithm

    The algorithm was described in 1977 by Ron Rivest, Adi Shamir and Len Adleman at

    MIT; the letters RSA are the initials of their surnames. This is the most commonly usedalgorithm in public key cryptography

    6.1 Key Generation

    Suppose a user X wishes to allow Y to send a private message over an insecure

    transmission medium. X takes the following steps to generate a public key and a private


    1. Choose two large prime numbers and such that , randomly andindependently of each other.

    2. Compute .

    3. Compute the totient .

    4. Choose an integer e such that which is coprime to .

    5. Compute dsuch that

    The public key consists of

    n, the modulus, and

    e, the public exponent (sometimes encryption exponent).

    The private key consists of

    n, the modulus, which is public and appears in the public key, and d, the private exponent (sometimes decryption exponent), which must be kept


    6.2 Encrypting messages

    Suppose Bob wishes to send a messageMto Alice. He turnsMinto a number m < n,

    using some previously agreed-upon reversible protocol known as a padding scheme.

    Bob now has m, and knows n and e, which Alice has announced. He then computes the

    ciphertext c corresponding to m:

    Bob then transmits c to Alice

    6.3 Decrypting messages

    Alice receives c from Bob, and knows her private key d. She can recover m from c by thefollowing procedure:

    The proof is given in Appendix

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    6.4 A working example

    Here is an example of RSA encryption and decryption. The parameters used here are

    artificially smallWe let

    p = 61 - first prime number (to be kept secret or deleted securely)q = 53 - second prime number (to be kept secret or deleted securely)n =pq =


    - modulus (to be made public)

    e = 17 - public exponent (to be made public)d= 2753 - private exponent (to be kept secret)

    The public key is (e, n). The private key is d. The encryption function is:

    encrypt(m) = me mod n = m17 mod 3233

    where m is the plaintext. The decryption function is:

    decrypt(c) = cdmod n = c2753 mod 3233

    where c is the ciphertext.

    To encrypt the plaintext value 123, we calculate

    encrypt(123) = 12317 mod 3233 = 855

    To decrypt the ciphertext value 855, we calculate

    decrypt(855) = 8552753 mod 3233 = 123

    6.5 Security of RSA

    The security of the RSA cryptosystem is based on two mathematical problems: theproblem of factoring very large numbers, and the RSA problem. Full decryption of an

    RSA ciphertext is thought to be infeasible on the assumption that both of these problemsare hard, i.e., no efficient algorithm exists for solving them.

    The RSA problem is defined as the task of taking eth roots modulo a composite n:

    recovering a value m such that me=c mod n, where (e, n) is an RSA public key and c is anRSA ciphertext. Currently the most promising approach to solving the RSA problem is to

    factor the modulus n. With the ability to recover prime factors, an attacker can compute

    the secret exponent d from a public key (e, n), then decrypt c using the standardprocedure. To accomplish this, an attacker factors n intop and q, and computes (p-1)(q-1)

    which allows the determination of d from e. No polynomial-time method for factoringlarge integers on a classical computer has yet been found, but it has not been proven thatnone exists.

    6.6 Practical Considerations


    RSA is much slower than DES and other symmetric cryptosystems.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    Key distribution

    As with all ciphers, how RSA public keys are distributed is important to security. Keydistribution must be secured against a man-in-the-middle attack. In principle, neither

    sender nor receiver would be able to detect an outsiders presence. Defenses against such

    attacks are often based on digital certificates.

    Timing attacks

    6.7 Comparison of RSA and DES

    Feature DES RSA

    speed high low

    data block length 64 bits minimum 512 bits

    key length 56 bits minimum 512 bits

    use of data space full, 64 bits (264), 8


    variable, limited, not

    defined,ciphering & deciphering


    same different

    ciphering & decipheringalgorithm

    different same

    algorithm contains only

    XOR and branching

    no no

    cryptanalysis method differential method product factorization

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    7. Diffie Hellman Key Exchange

    Diffie-Hellman key agreement was invented in 1976 during a collaboration between

    Whitfield Diffie and Martin Hellman and was the first practical method for establishing a

    shared secret over an unprotected communications channel.7.1 Description

    The simplest, and original, implementation of the protocol uses the multiplicative group

    of integers modulo p, where p is prime and g is primitive mod p. Modulo (or mod) simply

    means that the integers between 1 and p 1 are used with normal multiplication,

    exponentiation and division, except that after each operation the result keeps only theremainder after dividing by p. Here is an example of the protocol:

    1. Alice and Bob agree to use a prime numberp=23 and base g=5.

    2. Alice chooses a secret integer a=6, then sends Bob (ga modp)

    o 56 mod 23 = 8.

    3. Bob chooses a secret integer b=15, then sends Alice (gb mod p)

    o 515 mod 23 = 19.

    4. Alice computes (gb modp)a modp

    o 196 mod 23 = 2.

    5. Bob computes (ga modp)b modp

    815 mod 23 = 2.

    Both Alice and Bob have arrived at the same value, because g ab and gba are equal. Note

    that only a, b, gab and gba are kept secret. All the other values are sent in the clear. Once

    Alice and Bob compute the shared secret they can use it as an encryption key, knownonly to them, for sending messages across the same open communications channel. Of

    course, much larger values of a,b, and p would be needed to make this example secure,since it is easy to try all the possible values of gab mod 23 (there will be, at most, 22 such

    values, even if a and b are large). If p was a prime of more than 300 digits, and a and b

    were at least 100 digits long, then even the best known algorithms for finding a given

    only g, p, and ga mod p (known as the discrete logarithm problem) would take longerthan the lifetime of the universe to run. g need not be large at all, and in practice is

    usually either 2 or 5.

    Here's a more general description of the protocol:

    1. Alice and Bob agree on a finite cyclic group G and a generating element g in G.(This is usually done long before the rest of the protocol; g is assumed to be known by all

    attackers.) We will write the group G multiplicatively.

    2. Alice picks a random natural number a and sends ga to Bob.

    3. Bob picks a random natural number b and sends gb to Alice.

    4. Alice computes (gb)a.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    5. Bob computes (ga)b. Both Alice and Bob are now in possession of the group

    element gab which can serve as the shared secret key.

    7.2 Security

    The protocol is considered secure against eavesdroppers if G and g are chosen properly.

    The eavesdropper must solve the Diffie-Hellman problem to obtain gab. This is currently

    considered difficult. An efficient algorithm to solve the discrete logarithm problem wouldmake it easy to compute a or b and solve the Diffie-Hellman problem, making this

    protocol insecure.

    The order of G should be prime or have a large prime factor to prevent obtaining a or b.

    The secret integers a and b are discarded at the end of the session. Therefore, Diffie-Hellman key exchange by itself trivially achieves perfect forward secrecy because no

    long-term private keying material exists to be disclosed.

    7.3 Authentication

    In the original description, the Diffie-Hellman exchange by itself does not provide

    authentication of the parties, and is thus vulnerable to man in the middle attack. The man-in-the-middle may establish two distinct Diffie-Hellman keys, one with Alice and the

    other with Bob, and then try to masquerade as Alice to Bob and/or vice-versa, perhaps by

    decrypting and re-encrypting messages passed between them. Some method toauthenticate these parties to each other is generally needed

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    8. Message Authentication Code (MAC) and Hash Functions

    Message authentication is concerned with

    a) Protecting integrity of the message

    b) Validating identity of the originator

    c) Non-repudiation of origin

    There are three different ways to achieve message authentication

    1 Message Encryption2 MAC3 Hash functions

    Message encryption can be either a symmetric key encryption or public key encryption. Ifsymmetric key encryption is used receiver and sender should communicate the secret

    key, which is a hazardous task. If public key encryption is used and public key is used for

    encryption, there is no confidence of sender. However if sender uses private key for

    encryption, both confidentiality and authentication is provided. But still we need torecognize corrupted messages

    8.1 MAC

    A cryptographic message authentication code (MAC) is a short piece of information usedto authenticate a message. A MAC algorithm accepts as input a secret key and an

    arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a

    tag). The MAC value protects both a message's integrity as well as its authenticity, by

    allowing verifiers (who also possess the secret key) to detect any changes to the messagecontent.

    A MAC is a cryptographic checksum

    MAC = CK(M)

    MAC is a many-to-one function. Potentially many messages have same MAC. But

    finding these needs to be very difficult

    Requirements for MAC

    1. Knowing a message and MAC, is infeasible to find another message with

    same MAC

    2. MACs should be uniformly distributed

    3. MAC should depend equally on all bits of the message

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    8.2 HASH Functions

    A hash function H is a transformation that takes a variable-size input m and returns a

    fixed-size string, which is called the hash value h (that is, h = H(m)). Hash functions with

    just this property have a variety of general computational uses, but when employed incryptography the hash functions are usually chosen to have some additional properties.

    The basic requirements for a cryptographic hash function are:

    o the input can be of any length,o the output has a fixed length,o H(x) is relatively easy to compute for any given x ,o H(x) is one-way,o H(x) is collision-free.

    A hash function H is said to be one-way if it is hard to invert, where "hard to invert"

    means that given a hash value h, it is computationally infeasible to find some input x such

    that H(x) = h.

    If, given a message x, it is computationally infeasible to find a message y not equal to x

    such that H(x) = H(y) then H is said to be a weakly collision-free hash function.

    A strongly collision-free hash function H is one for which it is computationally infeasible

    to find any two messages x and y such that H(x) = H(y).

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    9. Digital Signature

    Digital signature (or public-key digital signature) is a type of method for authenticating

    digital information analogous to ordinary physical signatures on paper, but implemented

    using techniques from the field of public-key cryptography. A digital signature methodgenerally defines two complementary algorithms, one for signing and the other forverification, and the output of the signing process is also called a digital signature. Digital

    signature has also been used as a broader term encompassing both public-key digital

    signature techniques and message authentication codes.

    Instead of encrypting the data itself, the signing software creates a one-way hash of the

    data, then uses the private key to encrypt the hash. The encrypted hash, along with other

    information, such as the hashing algorithm, is known as a digital signature. The figure

    shows a simplified view of the way a digital signature can be used to validate theintegrity of signed data.

    Using a digital signature to validate data integrity

    The figure shows two items transferred to the recipient of some signed data: the originaldata and the digital signature, which is basically a one-way hash (of the original data) that

    has been encrypted with the signer's private key. To validate the integrity of the data, the

    receiving software first uses the signer's public key to decrypt the hash. It then uses thesame hashing algorithm that generated the original hash to generate a new one-way hash

    of the same data. (Information about the hashing algorithm used is sent with the digital

    signature, although this isn't shown in the figure.) Finally, the receiving softwarecompares the new hash against the original hash. If the two hashes match, the data has

    not changed since it was signed. If they don't match, the data may have been tampered

    with since it was signed, or the signature may have been created with a private key thatdoesn't correspond to the public key presented by the signer. If the two hashes match, the

    recipient can be certain that the public key used to decrypt the digital signature

    corresponds to the private key used to create the digital signature. Confirming the identity

    of the signer, however, also requires some way of confirming that the public key reallybelongs to a particular person or other entity

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    The significance of a digital signature is comparable to the significance of a handwritten

    signature. Once you have signed some data, it is difficult to deny doing so later--assuming that the private key has not been compromised or out of the owner's control.

    This quality of digital signatures provides a high degree of non repudiation--that is,

    digital signatures make it difficult for the signer to deny having signed the data. In some

    situations, a digital signature may be as legally binding as a handwritten signature.

  • 7/30/2019 B.tech CS S8 Security in Computing Notes Module 3



    1. What is cryptography?2. What is a block cipher?3. What is a Fiestel cipher?4. What are weak keys?5. What is DES?6. What is triple DES?7. What are ECB and CBC modes?8. What is Blowfish?9. What is multiple encryption?10.What is stream cipher?11.What is public key cryptography?12.What are the key management issues involved in public key cryptography?13.What are certificates?14.What are the advantages of public key cryptography over symmetric keycryptography?15.What is a one-way function?16.What is the significance of one way function in cryptography?17.What is RSA?18.What are the different types of attacks on RSA?19.What is the RSA factoring challenge?20.How is RSA used for authentication in practice?21.What is Diffie Hellman key exchange?22.What is the significance of factoring in cryptography?23.What is the discrete logarithm problem?24.What are MACs?25.What is a hash function?