Category: cryptography

Data Integrity in Cryptography ”; Previous Next Until now, we discussed the use of symmetric and public key schemes to achieve the confidentiality of information. With this chapter, we begin our discussion on different cryptographic techniques designed to provide other security services. The focus of this chapter is on data integrity and cryptographic tools used to achieve the same. Threats to Data Integrity When sensitive information is exchanged, the receiver must have the assurance that the message has come intact from the intended sender and is not modified inadvertently or otherwise. There are two different types of data integrity threats, namely passive and active. Passive Threats This type of threats exists due to accidental changes in data. These data errors are likely to occur due to noise in a communication channel. Also, the data may get corrupted while the file is stored on a disk. Error-correcting codes and simple checksums like Cyclic Redundancy Checks (CRCs) are used to detect the loss of data integrity. In these techniques, a digest of data is computed mathematically and appended to the data. Active Threats In this type of threats, an attacker can manipulate the data with malicious intent. At simplest level, if data is without digest, it can be modified without detection. The system can use techniques of appending CRC to data for detecting any active modification. At higher level of threat, attacker may modify data and try to derive new digest for modified data from exiting digest. This is possible if the digest is computed using simple mechanisms such as CRC. Security mechanism such as Hash functions are used to tackle the active modification threats. Print Page Previous Next Advertisements ”;

Cryptography – AddRoundKey Transformation ”; Previous Next Data is encrypted and decrypted using a number of different transformations by the Advanced Encryption Standard, or AES. One of these transformations is AddRoundKey. AddRoundKey requires rotating between a chunk of the data and a different encryption key during the encryption process. Like a secret code, this key is used to purposely to scramble the data. How it Works? The AddRoundKey transformation is a step in the Advanced Encryption Standard (AES) cryptography technology. Data has to be encrypted and decrypted using this process. It works as follows − Key Addition − Each byte of the data is combined with a corresponding byte of the encryption key using a simple bitwise XOR operation in the AddRoundKey transformation. It means that if the bit in the data and the corresponding bit in the key disagree, the resulting bit in the encrypted data will be set to 1; otherwise, it will be set to 0. Key Expansion − This process encrypts the encryption key before applying the AddRoundKey transformation. This process creates a unique set of round keys for each encryption round. Round Keys − Each round key is created from the original encryption key and is used to encrypt a particular round of data. The AddRoundKey transformation combines each byte of the input with the matching byte of the round key to produce the encrypted output. Features Each cycle of AES encryption has a unique key. With the AddRoundKey transformation, every data byte is XORed with its corresponding round key byte. Unauthorised entities will find it difficult to decode the encrypted transmission when the data is XORed. By using different keys for each round, AES improves the encryption, enhancing its complexity and security. Implementation using Python Using list comprehension and Python”s built-in zip function, this Python code iterates over corresponding bytes of the data and the round key, applying the XOR operator () to each pair of bytes for implementing AddRound Key. Example def addRoundKey(data, round_key): return bytes(a ^ b for a, b in zip(data, round_key)) # function execution data = b”x12x34x56x78” round_key = b”xABxCDxEFx01” encrypted_data = addRoundKey(data, round_key) print(“The Encrypted Data:”, encrypted_data.hex()) Following is the output of the above example − Input/Output The Encrypted Data: b9f9b979 Implementation using Java Now we will use Java to implement the Add Round key Transformation. Java uses a simple loop to iterate over each byte of the data and the round key in order to perform the XOR operation (^). Java”s primitive array type, byte[] is used to store the data and round key. So the code is given below − Example public class AddRoundKey { public static byte[] addRoundKey(byte[] data, byte[] roundKey) { byte[] encryptedData = new byte[data.length]; for (int i = 0; i < data.length; i++) { encryptedData[i] = (byte) (data[i] ^ roundKey[i]); } return encryptedData; } public static void main(String[] args) { byte[] data = {(byte) 0x12, (byte) 0x34, (byte) 0x56, (byte) 0x78}; byte[] roundKey = {(byte) 0xAB, (byte) 0xCD, (byte) 0xEF, (byte) 0x01}; byte[] encryptedData = addRoundKey(data, roundKey); System.out.print(“Encrypted Data: “); for (byte b : encryptedData) { System.out.printf(“%02X “, b); } } } Following is the output of the above example − Input/Output Encrypted Data: B9F9B979 Implementation using C++ This C++ implementation uses a std::vector to store both the data and the round key. A simple for loop is used to iterate over each byte of the data and round key in order to do the XOR operation (^). The encrypted data is then stored in an extra std::vector after that. The code is following − Example #include <iostream> #include <vector> std::vector<unsigned char> addRoundKey(const std::vector<unsigned char>& data, const std::vector<unsigned char>& roundKey) { std::vector<unsigned char> encryptedData; for (size_t i = 0; i < data.size(); ++i) { encryptedData.push_back(data[i] ^ roundKey[i]); } return encryptedData; } int main() { std::vector<unsigned char> data = {0x12, 0x34, 0x56, 0x78}; std::vector<unsigned char> roundKey = {0xAB, 0xCD, 0xEF, 0x01}; std::vector<unsigned char> encryptedData = addRoundKey(data, roundKey); std::cout << “Encrypted Data: “; for (auto byte : encryptedData) { printf(“%02X “, byte); } return 0; } Following is the output of the above example − Input/Output Encrypted Data: B9 F9 B9 79 Summary The AddRoundKey transformation is the essential component of the Advanced Encryption Standard (AES) cryptographic technique. Each byte of the data is combined with a corresponding byte of the encryption key using a bitwise XOR method. There are AddRoundKey implementations in Python, Java, and C++. The process is the same for all implementations: iterating over the round key and related data bytes, XORing the result, and finally returning the encrypted data. Print Page Previous Next Advertisements ”;

Cryptography – Diffie-Hellman Algorithm ”; Previous Next Diffie-Hellman key exchange is a type of digital encryption in which two different parties securely exchange cryptographic keys over a public channel without their communication being sent over the internet. Both parties use symmetric cryptography to encrypt and decrypt their messages. Whitfield Diffie and Martin Hellman published it in 1976 as one of the earliest practical cases of public key cryptography. The Diffie-Hellman key exchange raises numbers to a specific power to generate decryption keys. The components of the keys are never directly transferred, making the task of a potential code breaker mathematically impossible. The approach does not share any information during the key exchange. Despite having no prior knowledge of each other, the two parties collaborate to produce a key. History of Diffie-Hellman Whitfield Diffie and Martin Hellman developed the Diffie-Hellman algorithm in 1976, which opened the path for public-key cryptography and greatly improved digital security. It was developed as a solution for secure key exchange over insecure channels, substituting symmetric key distribution methods and providing the groundwork for secure communication protocols such as SSL/TLS. The algorithm has had a considerable impact on world geopolitics, with one example being its usage to secure top-secret communications between NATO countries during the late Cold War era. How Diffie-Hellman Works? To use Diffie-Hellman, two end users, Alice and Bob, must agree on positive whole integers p and q, where p is a prime number and q is a generator of p. The generator q is a number that, when raised to positive whole-number powers smaller than p, never gives the same outcome for any two such whole numbers. The value of p can be big, while the value of q is typically small. After Alice and Bob have decided on p and q in secret, they select positive whole-number personal keys a and b. Both are less than the prime number modulus, p. Neither user shares their personal key with anybody; ideally, they remember these numbers and do not write them down or save them anywhere. After that, Alice and Bob compute public keys a* and b* based on their personal keys using the algorithms below − a* = qa mod p b* = qb mod p It is possible for the two users to exchange their public keys, a* and b*, throughout an insecure communications channel, like the internet or a company”s wide area network. Using their individual personal keys, each user can generate a number x from these public keys. Alice uses the following formula to compute x − x = (b*) mod p Bob uses the following formula to compute x: x = (a*) mod p Either of the two formulas above gives the same result for the value of x. But the private keys a and b, which are necessary for calculating x, have not been sent via a public channel. Even with the help of an efficient system capable of doing millions of attempts, a potential hacker has nearly no chance of properly determine x due to its huge size and seemingly random nature. So, using the decryption key x, the two users can theoretically have private conversations over a public channel using any encryption technique they choose. Step by Step Guide Let us use the simple case of Alice and Bob, two friends, to describe Diffie-Hellman − Selecting the Prime Number and Generator Bob and Alice have decided on a prime number, p = 23. Also, they are also agree on a generator number, g = 5. Selecting Private Keys Alice selects a secret number, for example, a = 6. Bob selects a secret number, for example, b = 15. Determine the public keys Alice first computes A = ga mod p, which gives A = 56 mod 23, or 8. Bob uses the formula B = gb mod p to get B = 515 mod 23, or 19. Exchange of Public Keys Alice provides Bob her computed public key, A = 8. Bob sends Alice his calculated public key, B = 19. Compute Shared Key Alice uses Bob”s public key to compute the shared key − KA = Ba mod p − KA = 196 mod 23, which is 2. Bob uses Alice”s public key to calculate the shared key − KB = Ab mod p − KB = 815 mod 23, which is 2. As a result, Alice and Bob can now encrypt their messages using the same shared key, K = 2. It is very difficult for someone to figure out the shared key even if they manage to eavesdrop and know the prime number p=23 and the generator g=5. This is because they do not know either Alice”s or Bob”s secret number. Implementation of Diffie-Hellman We will implement the Diffie-Hellman algorithm using Python, Java and C++. Implement using Python The Diffie-Hellman key exchange algorithm is demonstrated in the below Python code, providing secure communication between Alice and Bob. In order to avoid overflow errors, the calculate_power function effectively computes ab mod P, where a, b, and P are large numbers. Important parameters that are agreed upon by both sides are initialised, like the prime number (prime) and generator value (generator). Each side selects their private key (private_key_bob and private_key_alice), and then uses modular exponentiation to calculate their public key. In the end, secure communication is made possible when Alice and Bob separately compute the shared secret key (secret_key_alice and secret_key_bob) following the exchange of public keys. Following is the Diffie-Hellman implementation using Python − Example def calculate_power(base, exponent, modulus): “””Power function to return value of (base ^ exponent) mod modulus.””” if exponent == 1: return base else: return pow(base, exponent) % modulus # Driver code if __name__ == “__main__”: prime = 23 generator = 5 private_key_alice = 6 private_key_bob = 15 # Generating public keys x = calculate_power(generator, private_key_alice, prime) y = calculate_power(generator, private_key_bob, prime) # Generating secret keys after the exchange of keys secret_key_alice = calculate_power(y,

Cryptography – Hacking RSA Cipher ”; Previous Next Hacking the RSA cipher is possible with small prime numbers, but impossible with big numbers. The following aspects explain why it is difficult to break the RSA cipher − A brute force approach will fail because there are too many possible keys to sort over. Additionally, this takes a significant amount of time. The dictionary attack will not work with the RSA algorithm since the keys are numeric and include no characters. The frequency analysis of the characters is difficult to follow because a single encrypted block represents many characters. There are no unique mathematical strategies for hacking the RSA cipher. The RSA decryption equation is − M = C^d mod n We can try hacking the RSA cipher using small prime numbers, and the sample code for doing so is provided below − Hacking using Python Example def find_factors(n): factors = [] for i in range(2, n): if n % i == 0: factors.append(i) return tuple(factors) def calculate_euler_function(p, q): return (p – 1) * (q – 1) def calculate_private_key(e, euler_value): for i in range(2, euler_value): if i * e % euler_value == 1: return i def decrypt_message(private_key, modulus, ciphertext): return ciphertext ** private_key % modulus def main(): e = int(input(“Enter value of e: “)) n = int(input(“Enter value of n: “)) c = int(input(“Enter ciphertext: “)) factors = find_factors(n) euler_value = calculate_euler_function(factors[0], factors[1]) d = calculate_private_key(e, euler_value) plain_text = decrypt_message(d, n, c) print(“Decrypted plaintext: “, plain_text) if __name__ == “__main__”: main() Run the Code Save your Python program. Open a terminal or command prompt. Navigate to the directory where your code is saved. Run the script by typing − python rsa_hacking.py When you run the program, you will have to enter some values of e, n and ciphertext so after that you will get the plaintext. Following is the output of the above example − Input/Output Enter value of e: 7 Enter value of n: 143 Enter ciphertext: 7 Decrypted plaintext: 123 Hacking using Java So the above code can be written in java also. See the below code for hacking RSA with the help of Java − Example import java.util.Scanner; public class RSAHacking { public static int[] findFactors(int n) { int[] factors = new int[2]; for (int i = 2; i < n; i++) { if (n % i == 0) { factors[0] = i; factors[1] = n / i; break; } } return factors; } public static int calculateEulerFunction(int p, int q) { return (p – 1) * (q – 1); } public static int calculatePrivateKey(int e, int eulerValue) { for (int i = 2; i < eulerValue; i++) { if ((i * e) % eulerValue == 1) { return i; } } return -1; // No private key found } public static int modPow(int base, int exponent, int modulus) { int result = 1; base = base % modulus; while (exponent > 0) { if (exponent % 2 == 1) { result = (result * base) % modulus; } exponent = exponent >> 1; base = (base * base) % modulus; } return result; } public static void main(String[] args) { Scanner scanner = new Scanner(System.in); System.out.print(“Enter value of e: “); int e = scanner.nextInt(); System.out.print(“Enter value of n: “); int n = scanner.nextInt(); System.out.print(“Enter ciphertext: “); int c = scanner.nextInt(); scanner.close(); int[] factors = findFactors(n); int eulerValue = calculateEulerFunction(factors[0], factors[1]); int d = calculatePrivateKey(e, eulerValue); int plainText = modPow(c, d, n); System.out.println(“Decrypted plaintext: ” + plainText); } } Following is the output of the above example − Input/Output Enter value of e: 7 Enter value of n: 143 Enter ciphertext: 7 Decrypted plaintext: 123 Hacking Methods Brute Force − Trying every possible key until you find the correct one. However, RSA keys are very big, making brute force impractical. Factoring − Attempting to divide the modulus (N) into prime factors in order to get the private key. This is challenging with large prime numbers. Timing Attacks − Using alterations to the time spent by encryption or decryption processes to access sensitive data. Side-channel attacks − These attacks target information leaked by the encryption algorithm”s physical implementation, like power consumption or electromagnetic emissions. Quantum Computing − In principle, quantum computers can crack RSA encryption more efficiently using algorithms like Shor”s algorithm. However, practical quantum computers able to break RSA are currently unavailable. Summary Overall, breaking RSA encryption is difficult due to the complexities of factoring large integers. However, researchers are always developing new strategies and technologies to improve encryption systems and secure against attacks in the future. Print Page Previous Next Advertisements ”;

Cryptography – Encryption Algorithms ”; Previous Next Encryption algorithms change information into ciphertext. The algorithm uses an encryption key to convert data as predicted, and encrypted data that seems random, but can be converted back to plain text using a decryption key so in the previous chapter we saw what Data Encryption is and then in this chapter we will look on what Encryption algorithms are. Encryption Algorithms Classification Encryption algorithms can be grouped into different categories based on their operation, key length, and usage. The main classifications are as follows − Symmetric Encryption − In this kind of encryption, one key is used for both encryption and decryption. It is used when a zip file is encrypted and subsequently decrypted using the same key. Because the key needs to be kept private from outsiders, symmetric encryption is sometimes known as “secret key” encryption. Popular algorithms for symmetric encryption are DES, AES, and Blowfish. Asymmetric Encryption (Public−Key Encryption) − Public key encryption, or asymmetric encryption, uses a public key−private key pairing in which data encrypted with the public key can only be unlocked with the private key. Asymmetric encryption is used in part by the TLS (or SSL) protocol, which enables HTTPS. Common asymmetric encryption algorithms are RSA and ECC. Hash Functions − Hash functions are tools that generate a specific set of characters (hash) from given data. These cannot be reversed, making it impossible to recover the original information from the hash. Hash functions are frequently utilized to confirm data integrity. Popular examples are SHA−256 and MD5. Block and Stram Ciphers − Symmetric key methods offer two primary forms: block and stream ciphers. Both ciphers use the same cryptographic key to encrypt and decrypt data. The Stream cipher processes data bit by bit, whereas the Block cipher works with fixed−size blocks. Key Length − Usually, the key length is given as a logarithm form in bits. So, eight different keys can be used with a 3 bit key length, for example (2 x 2 x 2 = 8). Data can be seen with more secure if the key length is large. The key length is an encryption security standard that varies depending on the protocol and algorithm. Purpose − The purpose of encryption algorithms can be classified as per their specific applications, like securing data transmission on the internet (SSL/TLS), protecting stored data (disk encryption), and securing communication in various programs (like PGP for encrypting emails). Types of Ecnryption Algorithms In the below image there are some names of the types of encryption algorithms as per their classification − Symmetric Encryption Algorithms As you can see in the illustration above, popular names for symmetric encryption algorithms are Data Encryption Standard (DES), Advanced Encryption Standard (AES), Triple DES (3DES), Blowfish, Twofish, IDEA (International Data Encryption Algorithm), and RC4 (Rivest Cypher 4). So let us discuss all these encryption techniques in brief one by one in the below section. Data Encryption Standard (DES) − Data Encryption Standard (DES) is a type of encryption that secures digital data with the help of a single key. Though it might not offer as much security as current methods due to its short key length of 56 bits, it has played a vital role in the evolution of cryptography. Advanced Encryption Standard (AES) − Advanced Encryption Standard (AES), this symmetric block cipher is used by the US government to secure classified data. AES is widely utilized in both software and hardware globally for encrypting valuable information. It plays a vital role in government computer security, cybersecurity, and the protection of electronic data. Triple DES (3DES) − Triple Data Encryption Standard (Triple DES) is a standard in cryptography that uses fixed length keys and involves three passes of the DES algorithm. It is a symmetric block cipher−based encryption method, which means that both the sender and the recipient share the same secret keys for encryption and decryption. Blowfish − Blowfish is a cryptographic method with the goal to replace DES. It divides messages into 64−bit blocks and encrypts them accordingly. Blowfish is noted for its speed, flexibility, and excellent security, making it a popular choice for protecting e−commerce sites, banking transactions, and password management applications. Blowfish”s powerful popularity among developers is because of part to its public domain status and free use. Twofish − Twofish, the successor to Blowfish, also uses symmetric encryption to decrypt 128−bit data blocks without requiring a license. Unlike other algorithms, Twofish always encrypts data in 16 rounds regardless of the key size. This makes it suitable for both software and hardware environments and is known for its fast performance. Many organizations use Twofish for secure data communication and protection. Rc4 − RC4 is a stream cipher with a variable length key algorithm. This algorithm encrypts a single byte at a time (or larger units of data). A key input is a pseudorandom bit generator that creates a stream of 8−bit numbers that are unpredictable without the knowledge of input key. The generator”s output, called as the key−stream, is mixed one byte at a time with the plaintext stream cipher using the X−OR operation. IDEA − The International Data Encryption Algorithm (IDEA) is an example of symmetric key block cipher encryption. IDEA uses a 128−bit key and works on 64−bit blocks. Basically, it converts a 64−bit block of plaintext to a 64−bit block of ciphertext. Asymmetric Encryption Algorithm Examples of asymmetric encryption techniques are RSA, Elliptic Curve Cryptography (ECC), Diffie−Hellman Key Exchange, ElGamal and Digital Signature Algorithm (DSA). Asymmetric encryption, frequently referred to as public−key cryptography, has two different keys for encryption and decoding. So let us discuss all of the popular Asymmetric ecnryption algorithms − Rivest−Shamir−Adleman (RSA) − RSA is an asymmetric public−key encryption system that works as the internet”s encryption standard. RSA encryption is reliable as well as safe . It is a type of encryption which uses a pair of keys: a public key and a private key for encryption and decryption respectively. Elliptic Curve

Public Key Infrastructure ”; Previous Next The most distinct feature of Public Key Infrastructure (PKI) is that it uses a pair of keys to achieve the underlying security service. The key pair comprises of private key and public key. Since the public keys are in open domain, they are likely to be abused. It is, thus, necessary to establish and maintain some kind of trusted infrastructure to manage these keys. Key Management It goes without saying that the security of any cryptosystem depends upon how securely its keys are managed. Without secure procedures for the handling of cryptographic keys, the benefits of the use of strong cryptographic schemes are potentially lost. It is observed that cryptographic schemes are rarely compromised through weaknesses in their design. However, they are often compromised through poor key management. There are some important aspects of key management which are as follows − Cryptographic keys are nothing but special pieces of data. Key management refers to the secure administration of cryptographic keys. Key management deals with entire key lifecycle as depicted in the following illustration − There are two specific requirements of key management for public key cryptography. Secrecy of private keys. Throughout the key lifecycle, secret keys must remain secret from all parties except those who are owner and are authorized to use them. Assurance of public keys. In public key cryptography, the public keys are in open domain and seen as public pieces of data. By default there are no assurances of whether a public key is correct, with whom it can be associated, or what it can be used for. Thus key management of public keys needs to focus much more explicitly on assurance of purpose of public keys. The most crucial requirement of ‘assurance of public key’ can be achieved through the public-key infrastructure (PKI), a key management systems for supporting public-key cryptography. Public Key Infrastructure (PKI) PKI provides assurance of public key. It provides the identification of public keys and their distribution. An anatomy of PKI comprises of the following components. Public Key Certificate, commonly referred to as ‘digital certificate’. Private Key tokens. Certification Authority. Registration Authority. Certificate Management System. Digital Certificate For analogy, a certificate can be considered as the ID card issued to the person. People use ID cards such as a driver”s license, passport to prove their identity. A digital certificate does the same basic thing in the electronic world, but with one difference. Digital Certificates are not only issued to people but they can be issued to computers, software packages or anything else that need to prove the identity in the electronic world. Digital certificates are based on the ITU standard X.509 which defines a standard certificate format for public key certificates and certification validation. Hence digital certificates are sometimes also referred to as X.509 certificates. Public key pertaining to the user client is stored in digital certificates by The Certification Authority (CA) along with other relevant information such as client information, expiration date, usage, issuer etc. CA digitally signs this entire information and includes digital signature in the certificate. Anyone who needs the assurance about the public key and associated information of client, he carries out the signature validation process using CA’s public key. Successful validation assures that the public key given in the certificate belongs to the person whose details are given in the certificate. The process of obtaining Digital Certificate by a person/entity is depicted in the following illustration. As shown in the illustration, the CA accepts the application from a client to certify his public key. The CA, after duly verifying identity of client, issues a digital certificate to that client. Certifying Authority (CA) As discussed above, the CA issues certificate to a client and assist other users to verify the certificate. The CA takes responsibility for identifying correctly the identity of the client asking for a certificate to be issued, and ensures that the information contained within the certificate is correct and digitally signs it. Key Functions of CA The key functions of a CA are as follows − Generating key pairs − The CA may generate a key pair independently or jointly with the client. Issuing digital certificates − The CA could be thought of as the PKI equivalent of a passport agency − the CA issues a certificate after client provides the credentials to confirm his identity. The CA then signs the certificate to prevent modification of the details contained in the certificate. Publishing Certificates − The CA need to publish certificates so that users can find them. There are two ways of achieving this. One is to publish certificates in the equivalent of an electronic telephone directory. The other is to send your certificate out to those people you think might need it by one means or another. Verifying Certificates − The CA makes its public key available in environment to assist verification of his signature on clients’ digital certificate. Revocation of Certificates − At times, CA revokes the certificate issued due to some reason such as compromise of private key by user or loss of trust in the client. After revocation, CA maintains the list of all revoked certificate that is available to the environment. Classes of Certificates There are four typical classes of certificate − Class 1 − These certificates can be easily acquired by supplying an email address. Class 2 − These certificates require additional personal information to be supplied. Class 3 − These certificates can only be purchased after checks have been made about the requestor’s identity. Class 4 − They may be used by governments and financial organizations needing very high levels of trust. Registration Authority (RA) CA may use a third-party Registration Authority (RA) to perform the necessary checks on the person or company requesting the certificate to confirm their identity. The RA may appear to the client as a CA, but they do not actually sign the certificate that is issued. Certificate Management System (CMS) It is the

Discuss Cryptography ”; Previous Next This tutorial covers the basics of the science of cryptography. It explains how programmers and network professionals can use cryptography to maintain the privacy of computer data. Starting with the origins of cryptography, it moves on to explain cryptosystems, various traditional and modern ciphers, public key encryption, data integration, message authentication, and digital signatures. Print Page Previous Next Advertisements ”;

Cryptography – ChaCha20 Encryption Algorithm ”; Previous Next Encryption is one of the most effective ways to secure data, and ChaCha20 is one of the most widely utilised encryption algorithms available today. ChaCha20 is a secure and fast encryption method that can be implemented in a variety of applications. This chapter will discuss the ChaCha20 encryption algorithm, how it works, and how it differs from other encryption algorithms. History of ChaCha20 Daniel J. Bernstein developed two algorithms: Poly1305 and ChaCha20, between 2005 and 2008. Between 2013 and 2014, variations of these algorithms were included into an IETF proposal for use in TLS and DTLS, which Google favoured for security and performance. They were ultimately accepted by OpenSSH. RFCs for protocols such as TLS, DTLS, and IPsec adopted the combined method in 2015. Cloudflare has also adopted it. In June 2018, RFC 7539 was replaced by RFC 8439. What is the ChaCha20 Encryption? ChaCha20 is a symmetric encryption approach that encrypts and decrypts data with the same 256-bit key. Daniel J. Bernstein, a well-known cryptographer, created it as a stream cipher back in 2008. The ChaCha20 encryption algorithm is intended to offer a balance of speed and security. It is designed to handle known attacks like differential cryptanalysis and linear cryptanalysis. Furthermore, it is highly parallelizable, making it easily transferable to multi-core CPUs and other high-performance computing platforms. How does it Work? ChaCha20 is a stream cipher, which encrypts data in continuous streams rather than fixed-size blocks. It produces a continuous keystream of pseudo-random bits, which are subsequently XORed with the plaintext data to form the ciphertext. Algorithm Here are the basic steps in the ChaCha20 encryption algorithm − The first step is key generation. In this, the ChaCha20 algorithm creates a 256-bit key using a user-supplied key and a randomly produced 96-bit nonce. The second step if Initialization in which the algorithm uses the key and nonce to set up the cipher”s state. Third step is data encryption in which ChaCha20 encrypts each data block with the current cipher state, which is changed after each block is processed. And the last step is Output in which the ciphertext is generated by XORing the plaintext with the output of the data encryption step. Key Generation Private keys for ChaCha do not have to take a specific shape; they simply need to be (crypto-secure) random bits of the needed size. Other methods, like RSA or EC, need the values to meet certain mathematical conditions, but ChaCha keys do not. However, it is critical to ensure that the key is generated correctly, as otherwise it can be a means of attack – and possibly a very easy one to attack if the key creation is not “random enough”. Here are a few rules that you should consider while implementing ChaCha key generation − If possible, use a CSPRNG (Cryptographically Secured Pseudo Random Number Generator) or an HSM (Hardware Security Module). Otherwise, make sure to correctly seed your random number generator. Always source a key generator with new randomness; don”t produce numerous keys using the same random number seed. Produce keys where they are going to be needed and kept; for example, don”t produce keys on the server to use on the client; instead, generate them on the client side. Keep private keys secure. Avoid transferring private keys. It is strongly advised to renegotiate or rotate keys as frequently as possible. Don”t see a Private Key as something “permanently” connected to a person or a node, but rather something temporary that can change on a regular basis. How to use passwords to encrypt and decrypt? ChaCha is typically used in a way that generates the key from the password that a user must enter to encrypt/decrypt data. Because the key is of set length (256 bits, or 32 bytes), you cannot use the password as the key directly, as this would result in insecure and impractical limits on the password that the user must choose. Instead, a key derivation algorithm generates a ChaCha-compatible key from a password. PBKDF2 (Password Based Key Derivation Function 2) is an advanced key derivation function. Advantages of ChaCha20 Below are some advantages of ChaCha20 which we need to consider while using this technique − ChaCha20 is one of the faster encryption algorithms available, making it ideal for use on a wide range of devices, specially mobile and low-power IoT devices. ChaCha20 is designed to be highly secure and resilient to known attacks. It is built on principles similar to the Salsa20 encryption method, which has been extensively tested and considered as highly secure. ChaCha20 is very parallelizable, which makes it ideal for multi-core processors and high-performance computing systems. Compared to other encryption algorithms, ChaCha20 is very easy to implement, making it a convincing option for developers. Applications of ChaCha20 ChaCha20 encryption is used in a variety of applications, such as − Secure Communications: ChaCha20 encrypts communications between individuals, as seen in secure messaging apps or VPN. File Encryption: It encrypts files that are saved on a device or transmitted over a network. IoT Security: ChaCha20 protects IoT devices, which typically have limited computing power and require lightweight encryption techniques. Web Security: It can protect web traffic, like HTTPS connections. What is XChaCha20? A cryptographic nonce is an arbitrary value that is used once to ensure that an operation (like encryption or hashing) is unique. eXtended-nonce ChaCa20 (XChaCha20) is a variation of ChaCha20 that uses a 192-bit nonce rather than a 96-bit nonce. This makes selecting a random nonce much more secure, as there is virtually no chance that it will be reused. (“Bits” represents the size or length of cryptographic keys. To put it simply, the higher the bit length, it will more secure the key.) However, there is no formally recognised standard for XChaCha20, and the most recent attempt to establish one failed in 2020. This has resulted in a sluggish acceptance of the somewhat more secure form. Alternatives of ChaCa20 AES (Advanced Encryption

Cryptography – Implementing Vigenere Cipher ”; Previous Next In the last chapter we saw Vigenere Cipher, its methods, strengths weeknesses. Now we will implement vigenere cipher using different programming langugages like Python, Java, and C++. Implementation using Python The Vigenere cipher, a technique for encrypting and decrypting text messages, is implemented in this Python code. The generate_key() function takes a keyword as input, creates a key based on that keyword, then repeats the words as needed to make sure the key fits the text length. The Vigenere cipher algorithm, which shifts each character according to its matching character in the key, is used by the encrypt_text() function to encrypt the text. In the same way, by reversing the encryption process, the decrypt_text() method decrypts the ciphertext and shows the original text. Example Following is the implementation of Vigenere Cipher with the help of Python − def generate_key(text, keyword): key = list(keyword) if len(text) == len(keyword): return key else: for i in range(len(text) – len(keyword)): key.append(key[i % len(keyword)]) return “”.join(key) def encrypt_text(text, key): cipher_text = [] for i in range(len(text)): x = (ord(text[i]) + ord(key[i])) % 26 x += ord(”A”) cipher_text.append(chr(x)) return “”.join(cipher_text) def decrypt_text(cipher_text, key): original_text = [] for i in range(len(cipher_text)): x = (ord(cipher_text[i]) – ord(key[i]) + 26) % 26 x += ord(”A”) original_text.append(chr(x)) return “”.join(original_text) # Driver code text = “TUTORIALSPOINT” keyword = “KEY” key = generate_key(text, keyword) cipher_text = encrypt_text(text, key) print(“The Encrypted text:”, cipher_text) print(“The Original/Decrypted Text:”, decrypt_text(cipher_text, key)) Following is the output of the above example − Input/Output The Encrypted text: DYRYVGKPQZSGXX The Original/Decrypted Text: TUTORIALSPOINT Implementation using Java A method used for encrypting and decrypting messages is the Vigenere Cipher. The length of the text message and a keyword are used in the code to generate a key. The text message is then encrypted with the help of this key by shifting each character in the alphabet to match its proper location in the key. The same key is used to reverse the encryption process and return each character to its original alphabetic position in order to decrypt the message. With the original message as the result, the parties that have the key can communicate privately with one another. Example See the Java implementation below for vigenere cipher − public class VigenereCipher { static String generateKey(String text, String keyword) { int textLength = text.length(); for (int i = 0; ; i++) { if (textLength == i) i = 0; if (keyword.length() == textLength) break; keyword += (keyword.charAt(i)); } return keyword; } static String encryptText(String text, String keyword) { String ciphertext = “”; for (int i = 0; i < text.length(); i++) { // converting in range 0-25 int x = (text.charAt(i) + keyword.charAt(i)) % 26; // convert into alphabets(ASCII) x += ”A”; ciphertext += (char)(x); } return ciphertext; } // Decrypt the encrypted text and return the original text static String decryptText(String ciphertext, String keyword) { String originalText = “”; for (int i = 0 ; i < ciphertext.length() && i < keyword.length(); i++) { // converting in range 0-25 int x = (ciphertext.charAt(i) – keyword.charAt(i) + 26) % 26; // convert into alphabets(ASCII) x += ”A”; originalText += (char)(x); } return originalText; } // Driver code public static void main(String[] args) { String message = “Hello everyone”; String keyword = “Best”; String text = message.toUpperCase(); String key = keyword.toUpperCase(); String generatedKey = generateKey(text, key); String encryptedText = encryptText(text, generatedKey); System.out.println(“The Encrypted Text : ” + encryptedText); System.out.println(“The Original/Decrypted Text : ” + decryptText(encryptedText, generatedKey)); } } Following is the output of the above example − Input/Output The Encrypted Text : IIDEPXWOFVQHOI The Original/Decrypted Text : HELLOTEVERYONE Implementation using C++ We will use the C++ programming language to implement the Vigenere Cypher in this code. We will apply a set of Caesar shifts to the plaintext message”s characters in this cipher using a key. Each letter in the key relates to a distinct shift value, and the key defines the amount of shift applied to each character. Every character in the plaintext is shifted forward in the alphabet in encryption by the matching number given by the key. In a similar way, the original plaintext becomes visible in decryption by shifting the ciphertext”s characters backward by the same amount shown in the key. Example Below is the simple implementation for vigenere cipher using C++ programming language − #include <iostream> #include <string> using namespace std; class VigenereCipher { public: string key; VigenereCipher(string key) { for (int i = 0; i < key.size(); ++i) { if (key[i] >= ”A” && key[i] <= ”Z”) this -> key += key[i]; else if (key[i] >= ”a” && key[i] <= ”z”) this -> key += key[i] + ”A” – ”a”; } } string encryptFunc(string text) { string out; for (int i = 0, j = 0; i < text.length(); ++i) { char c = text[i]; if (c >= ”a” && c <= ”z”) c += ”A” – ”a”; else if (c < ”A” || c > ”Z”) continue; out += (c + key[j] – 2 * ”A”) % 26 + ”A”; j = (j + 1) % key.length(); } return out; } string decryptFunc(string text) { string out; for (int i = 0, j = 0; i < text.length(); ++i) { char c = text[i]; if (c >= ”a” && c <= ”z”) c += ”A” – ”a”; else if (c < ”A” || c > ”Z”) continue; out += (c – key[j] + 26) % 26 + ”A”; j = (j + 1) % key.length(); } return out; } }; int main() { VigenereCipher cipher(“VigenereCipher”); string plaintext = “Cyber Security”; string et = cipher.encryptFunc(plaintext); string dt = cipher.decryptFunc(et); cout << “The Plaintext: ” << plaintext << endl; cout << “The Encrypted Text: ” << et << endl; cout << “The Decrypted Text: ” << dt << endl; } Following is the output of the above example − Input/Output The Plaintext: Cyber Security The Encrypted Text: XGHIEWVGWZXAC The Decrypted Text: CYBERSECURITY

Cryptography – Blowfish Algorithm ”; Previous Next A symmetric-key block cipher called blowfish encryption is frequently used for password hashing, VPNs, and file encryption. Since its introduction in 1993, this encryption method has gained popularity due to its effective encryption and decryption operations. However, more recent, more secure algorithms like AES are gradually taking the place of Blowfish. Blowfish is a 64-bit block cipher that uses symmetric encryption and a key that can be up to 448 bits long. It was created in 1993 by Bruce Schneier to replace the outdated Data Encryption Standard (DES) and International Data Encryption Algorithm (IDEA) encryption methods. Though its popularity has decreased recently, blowfish is well known for its ease of use and efficiency. It is being replaced by more recent, stronger encryption methods like the Advanced Encryption Standard (AES). Features of Blowfish Some of the main features of the Blowfish algorithm are as follows − Block Cipher − Data in Blowfish is encrypted using a block cipher technique using symmetric keys, resulting in 64-bit blocks of encryption. Symmetric key algorithm − The Blowfish approach encrypts and decrypts data with the same symmetric encryption key. Different length keys − Blowfish offers key lengths ranging from 32 bits to 448 bits. The longer the key, more secure the data. However, processing longer keys usually requires more resources and time. Feistel Code − The Feistel cipher development divides the plaintext in half and jumbles each half independently using a sequence of mathematical operations. Working of Blowfish An SP network is used by Blowfish; the substitution box (S-box) and permutation box (P-box) must be started first. There are four 32-bit S-boxes with 256 entries each and eight P-arrays with 32-bit subkeys. Step 1 − First, we divided the 64-bit plaintext into two equal blocks, L and R, each containing 32 bits. Step 2 − The following actions are taken in each of the 16 encryption cycles that we begin in the following step − Now, the L and the first member of the P-array (P1) are XORed. Then XOR R with F, where F is a function of L and uses the four blocks that make up the S-box. Below is a summary of function F in entirety. The next iteration of the loop starts once L and R are switched. Step 3 − L and R are switched again after the loop is completed. Step 4 − XOR R with P17 and L with P18 to get the final two unused P-box entries (P17 & P18). Step 5: The cipher text is obtained by combining L and R in the final step. Encryption of Blowfish A symmetric key block cipher called Blowfish uses the same key for both encryption and decryption of data. Blowfish is quick and efficient mainly because it is simpler than other cryptography methods. While there are a few possible risks involved in achieving the highest level of data security, these risks cannot be ignored. Here is an in-depth description of the Blowfish encryption technique − Key expansion − The initial component that Blowfish uses is a secret key, which can be anything between 32 and 448 bits long. The encryption key is then generated and extended using the P-array and S-boxes precomputation to generate several subkeys. Subkeys Generation − The 64-bit blocks that define the stretched-out key are divided into two 32-bit chunks. These components are joined with a few predetermined values to create a new set of subkeys. Data Encryption − This is when the exciting part starts. These two 32-bit segments are sixteen times encrypted. Every round involves a challenging set of transpositions and replacements (XOR operations, additions, and lookups in the S-boxes). After processing − The 32-bit scrambled bits are reconstructed to form 64-bit ciphertext blocks after 16 rounds. Decryption of Blowfish In Blowfish, decryption is carried out by reversing the encryption process. Therefore, everything reverses until the ciphertext is converted back into plaintext. This Blowfish encryption method uses your private key to protect your data. The best thing about Blowfish is that, if the material is encrypted, it can be challenging to decrypt it without the original key. These technologies from the 1990s are getting a little out of date, however, as more complex and secure encryption methods like AES or Twofish-a substitute for Blowfish-are replacing them. Example Suppose that the words “Hi world” will be encrypted using Blowfish. The following are the steps involved − The input “Hi world” is initially made up of 64 bits, or 8 bytes, consisting of seven letters plus one space. The input consists of 32 bits. The left 32 bits, or “Hi w,” are XORed with P1 to produce P1, the product of key expansion. Following that, P1 separates the 32 bits into 4 bytes and sends them to each of the four S-boxes using a transformative F-function (F In). The third value from the third S-box is XORed with the first two values from the first two S-boxes added to each other. 32 bits are produced as the output when this result is added to the fourth S-box”s output. To create output F1”, the output of F In is XORed with the correct 32 bits of the input message, “orld”. The left half of the message is then replaced with F1”, and the right half with P1”. For a total of 16 rounds, the same process will be carried out for each of the P-array members that follow. The final two elements of the P-array, P17 and P18, are XORed with the outputs P16” and F16” following 16 rounds. After that, they are once again combined to create the input message”s 64-bit ciphertext. Advantages of Blowfish Blowfish is one of the fastest block ciphers currently in use. It encrypts data using a symmetric encryption key to create ciphertext. Blowfish is still in high demand over thirty years after it was created because it provides the following benefits − Considerably less time-consuming and more effective than the