Introduction to

Cryptography

Carmelyn M. Villamor
CCE Faculty
 Learning Objectives
 Historical Background
 Cryptography
 Symmetric/ Asymmetric Crypto Primitives
 Modes of Operation
 Hash Function

Principles of Information Security, Fourth Edition 2

 Speak like a Crypto Geek
Cryptography Code designing
Cryptology
Cryptanalysis Code breaking

Cryptographer
Cryptologist
Cryptanalyst

Encryption/ Scrambling data into unintelligible to

Encipherment unauthorised parties

Principles of Information Security, Fourth Edition 3

 Decryption/
Un-scrambling
Decipherment

Message altered to be unreadable by

Cipher Text anyone except the intended recipients

Sequence that controls the operation and

Key behaviour of the cryptographic algorithm

Total number of possible values of keys

Keyspace
in a crypto algorithm

Principles of Information Security, Fourth Edition 4

 Random values used with ciphers to
Initialization
ensure no patterns are created during
Vector
encryption

The combination of algorithm, key, and key

Cryptosystem management functions used to perform
cryptographic operations

Principles of Information Security, Fourth Edition 5

 Why Study Cryptology?

A B

Intruder

Communications security

Principles of Information Security, Fourth Edition 6

Why Study Cryptology?
Confidentiality Access Control

Integrity Non-repudation

Authenticity

Principles of Information Security, Fourth Edition 7

What is Cryptography?
 Greek for hidden and writing

 means of transforming data in a way that

renders it unreadable by anyone except the
intended recipient.

 is the science and art of transforming

messages to make them secure and immune
to attack.

Principles of Information Security, Fourth Edition 8

 Basic Problem
 We consider the confidentiality goal:

 Alice and Bob are Friends

 Marvin is a rival

 Alice wants to send secret messages (M1,M2,…) to

Bob over the Internet

 Rival Marvin wants to read the messages (M1,M2,…)

- Alice and Bob want to prevent this!

Principles of Information Security, Fourth Edition 9

 Basic Problem
 Assumption: The network is OPEN: Marvin is
able to eavesdrop and read all data sent from
Alice to Bob.

 Consequence: Alice must not send messages

(M1,M2,…) directly – they must be “scrambled”
or encrypted using a ‘secret code’ unknown to
Marvin but known to Bob.

Principles of Information Security, Fourth Edition 10

 Cryptography

(data file or Stored or Original

messages) transmitted data or
safely messages

Principles of Information Security, Fourth Edition 11

 Types of ciphers
 Private key cryptosystems/ciphers
o The secret key is shared between two parties

 Public key cryptosystems/ciphers

o The secret key is not shared and two parties
can still communicate using their public keys

Principles of Information Security, Fourth Edition 12

 Examples of “Messages”
 Types of secret “Messages” Alice might
want to send Bob (in increasing length):
 Decision (yes/no), eg. as answer to the
question “Are we meeting tomorrow?”
 Numerical Value, eg. as answer to the
question “at what hour are we meeting?”
 Document
 Software,
 Images

Principles of Information Security, Fourth Edition 13

 Types of Cryptography
 Stream-based Ciphers
 One at a time
 Mixes plaintext with key stream
 Good for real-time services
 Block Ciphers
 Amusement Park Ride
 Substitution and transposition

Principles of Information Security, Fourth Edition 14

 Types of Cryptography
Substitution
Cipher
Convert one letter to another

Ex. Cryptoquip

Transposition
Cipher
Change in position of letter in text

Ex. Word Jumble

Monoalphabetic Substitutes one letter in the ciphertext

Cipher alphabet for one in the plaintext alphabet

Ex. Caesar

Principles of Information Security, Fourth Edition 15

 Types of Cryptography
Polyalphabetic substitutes a letter from two or more ciphertext alphabets
Cipher for each plaintext alphabet letter based on position in the
message.

Ex. Vigenere

Modular computes operations over a given range of

Mathematics values from 0 to N.

Ex. Running Key Cipher

Offer perfect secrecy if a true source of

One-time Pads
randomness is used

Ex. Randomly Generated Keys

Principles of Information Security, Fourth Edition 16
 Steganography
 Hiding a message within another medium, such
as an image
 No key is required
 Example
 Modify color map of JPEG image

Principles of Information Security, Fourth Edition 17

 Cryptographic Methods

SYMMETRIC KEY ASYMMETRIC KEY

CRYPTOGRAPHY
CRYPTOGRAPHY

Principles of Information Security, Fourth Edition 18

 Key used in Cryptography

SYMMETRIC KEY ASYMMETRIC KEY

CRYPTOGRAPHY
CRYPTOGRAPHY

Principles of Information Security, Fourth Edition 19

 Cryptographic Methods
 Symmetric
 Same key for encryption and decryption
 Also known as secret key. Sender & receiver
uses same key & an encryption/decryption
algorithm to encrypt/decrypt data. i.e. the
key is shared.

Principles of Information Security, Fourth Edition 20

Principles of Information Security, Fourth Edition 21
 Cryptographic Methods
 Asymmetric
 Mathematically related key pairs for
encryption and decryption
 Also known as public key cryptography.
Sender & receiver uses different keys for
encryption & decryption namely PUBLIC &
PRIVATE respectively

Principles of Information Security, Fourth Edition 22

Principles of Information Security, Fourth Edition 23
 Comparison
SYMMETRIC KEY CRYPTOGRAPHY ASYMMETRIC KEY CRYPTOGRAPHY
1) The same algorithm with the same 1) One algorithm is used for
key is used for encryption and encryption and decryption with a pair
decryption. of keys, one for encryption and one
for decryption.
2) The key must be kept secret.  
2) One of the two keys must be kept
  secret.
 
3) It may be impossible or at least 3) It may be impossible or at least
impractical to decipher a message impractical to decipher a message if
if no other information is no other information is available.
available.  
 

Principles of Information Security, Fourth Edition 24

 Cryptographic Methods
(cont.)
 Hybrid
 Combines strengths of both methods
 Asymmetric distributes symmetric key
(A.K.A. session key)
 Symmetric provides bulk encryption

Principles of Information Security, Fourth Edition 25

 How do we know that we
used a strong encryption
method in our messages?

? ?
Principles of Information Security, Fourth Edition
? 26
 Attributes of Strong
Encryption
 Confusion
 Change key values each round
 Performed through substitution
 Complicates plaintext/key relationship
 Diffusion
 Change location of plaintext in ciphertext
 Done through transposition

Principles of Information Security, Fourth Edition 27

 Concepts
 A private key cipher is composed of two
algorithms
 encryption algorithm E
 decryption algorithm D
 The same key K is used for encryption &
decryption
 K has to be distributed beforehand

Principles of Information Security, Fourth Edition 28

 Notations
 Encrypt a plaintext P using a key K & an
encryption algorithm E
C = E(K,P)
 Decrypt a ciphertext C using the same key K
and the matching decryption algorithm D
P = D(K,C)

 Note: P = D(K,C) = D(K, E(K,P))

Principles of Information Security, Fourth Edition 29

 Caesar Cipher
 substitution cipher, named after Julius Caesar.
 Operation principle:
- each letter is translated into the letter
a fixed number of positions after it in the
alphabet table.
 The fixed number of positions is a key both for
encryption and decryption.

Principles of Information Security, Fourth Edition 30

 Caesar Cipher
K=3

Inner: ciphertext
Outer: plaintext

Principles of Information Security, Fourth Edition 31

31
 Example
 For a key K=3,
plaintext letter: ABCDEF...UVWXYZ
ciphtertext letter: DEF...UVWXYZABC
 Hence
TREATY IMPOSSIBLE
is translated into
WUHDWB LPSRVVLEOH

Principles of Information Security, Fourth Edition 32

 Breaking Classic Ciphers
 With the help of fast computers, 99.99%
ciphers used before 1976 are breakable by
using one of the 4 types of attacks

Principles of Information Security, Fourth Edition 33

 Breaking Classic Ciphers
 By trial-and error
 By using statistics on letters
 frequency distributions of letters
letter percent
A 7.49%
B 1.29%
C 3.54%
D 3.62%
E 14.00%
..................................
Principles of Information Security, Fourth Edition 34
 Modern Cryptography
Applications
 Not just about confidentiality!
 Integrity
 Digitalsignatures
 Hash functions
 Fair exchange
 Contract signing
 Anonymity
 Electronic cash
 Electronic voting

Principles of Information Security, Fourth Edition 35

 Design of Private Key
Ciphers
 A Cryptographic algorithm should be efficient
for good use
 It should be fast and key length should be of the
right length – e.g.; not too short

 Cryptographic algorithms are not impossible to

break without a key
 If we try all the combinations, we can get the
original message

Principles of Information Security, Fourth Edition 36

 Design of Private Key
Ciphers (Cont.)
 The security of a cryptographic algorithm
depends on how much work it takes for
someone to break it

 E.g If it takes 10 mil. years to break a cryptographic algorithm

X using all the computers of a state, X can be thought of as a
secure one – reason: cluster computers and quantum
computers are powerful enough to crack many current
cryptographic algorithms.

Principles of Information Security, Fourth Edition 37

 4 Types of attacks
 Ciphertext only attack
 the only data available is a target ciphertext

 Known plaintext attack

a target ciphertext
 pairs of other ciphertext and plaintext (say,
previously broken or guessing)

Principles of Information Security, Fourth Edition 38

 4 Types of attacks
 Chosen plaintext attacks
a target ciphertext
 can feed encryption algorithm with plaintexts and
obtain the matching ciphertexts
 Chosen ciphertext attack
a target ciphertext
 can feed decryption algorithm with ciphertexts and
obtain the matching plaintexts

Principles of Information Security, Fourth Edition 39

 Conclusion
 By using of encryption techniques a fair
unit of confidentiality, authentication,
integrity, access control and availability
of data is maintained.

Principles of Information Security, Fourth Edition 40

 Hash Functions
 is any function that can be used to map
data of arbitrary size to data of fixed
size. The values returned by a hash
function are called hash values, hash
codes, hash sums, or simply hashes.

Principles of Information Security, Fourth Edition 41

 Cryptographic Hash
Functions
 takes an input (or 'message') and returns
a fixed-size alphanumeric string, which
is called the hash value (sometimes
called a message digest, a digital
fingerprint, a digest or a checksum).

Principles of Information Security, Fourth Edition 42

 Purpose
 Practical applications include
message integrity checks,
digital signatures, authentication, and
various information security
applications.

Principles of Information Security, Fourth Edition 43

 Cryptographic Hash Function

Principles of Information Security, Fourth Edition 44