IDEA – International Data Encryption Algorithm ”; Previous Next IDEA stands for International Data Encryption Algorithm. IDEA is a block cipher developed by James Massey and Xuejia Lai and initially specified in 1991. It has a 128-bit key length and works with 64-bit blocks. It consists of a set of eight identical transformations based on bitwise exclusiveor, addition, and multiplication modules. It is based on a symmetric cipher and uses a relatively weak key design technique, hence the algorithm”s security is considerably less than that of DES. IDEA failed to gain much popularity because of its complicated development. It is an IDEA that, unlike other block cipher algorithms, is being studied by the Swiss corporation Ascom. However, they are unique in that they grant permission for free non-commercial usage of their method, which has resulted in IDEA becoming known as the block cipher algorithm used within the famous encryption for the message character. How IDEA Works? IDEA is a block cipher that operates on 64-bit plaintext and a 128-bit key. IDEA, like DES, is reversible, which means that the comparable technique can be used for both encryption and decryption. IDEA requires both diffusion and confusion for encryption. The 64-bit plaintext is broken into four 16-bit sections (P1-P4). These are inputs for the first round. There are eight such rounds. The key contains 128 bits. In each cycle, six sub-keys are generated from the original key, each of which contains 16 bits. The first round can use keys K1 through K6, the second round can use keys K7 through K12, and the final round can use keys K13 through K18. The last step requires an output modification that requires four subkeys (K49 to K52). The final output is the result of the output transformation stage. The blocks C1-C4 are joined to generate the final result. Rounds in IDEA There are eight rounds in the IDEA. Each round consists of a series of operations on the four data blocks with six keys. The first round can include keys K1 to K6, the second round can have keys K7 to K12, and the last round can have keys K13 to K18. The final stage involves an output modification that requires four subkeys (K49 to K52). The final output is the result of the output transformation stage. The final output is formed by linking the blocks C1-C4. Each round has 14 steps, as follows − Details of one round in IDEA Step1 : Multiply * P1 and K1 Step2 : Add * P2and K2 Step3 : Add * P3and K3 Step4 : Multiply * P4 and K4 Step5 : XOR the results of step1 and step3 Step6 : XOR the results of step2 and step4 Step7 : Multiply * the results of step5 with K5 Step8 : Add * the results of step6 and step7 Step9 : Multiply * the results of step8 with K6 Step10 : Add * the results of step7 and step9 Step11 : XOR the results of step1 and step9 Step12 : XOR the results of step3 and step9 Step13 : XOR the results of step2 and step10 Step14 : XOR the results of step4 and step10 The Add * and Multiply * in the next step in each cycle are not elementary addition and multiplication, but rather addition module 216, i.e., 65536, and multiplication module 216 + 1, i.e., 65537. The common addition gives a number of 17 bits. It can only use 16 bit places for the round2 output. As a result, it can reduce this number (which is 130753 in decimal) to a 16-bit value. It can take modulo 65536 of this. 130753 modulo 65536 gives 65217, which is 11111111011000001 in binary and is a 16-bit integer that fits well within the system. The input blocks are P1-P4, the subkeys are K1-K6, and the output of this step is R1-R4 (rather than C1-C4 because this is not the final cipher text). It is an intermediate output that will be handled in the following steps, as well as during the output transformation stage. Operations used in IDEA IDEA”s operations include − IDEA uses bit-by-bit exclusive-OR, denoted as v Add integers modulo 216 (modulo 65536), using unsigned 16-bit integers for input and output. This operation is referred to as ⊕. Integer multiplication modulo 216+1 (modulo 65537), where inputs and outputs are unsigned 16-bit integers. A block of all zeros represents 216. This operation is referred to as ⊗. Sub-key Generation for a Round In the first round, bit positions 1-96 of the key are used. Bits 97-128 remain not used. They are assigned to round two. In the second cycle, bits 97-128 are used first, resulting in a 25-bit circular left shift, followed by new bits from 26-89. Bits 90-128 and 1-25 remain unused. In the third round, unused bits 90-128 and 1-25 are initially used again, followed by a circular leftshift of 25 bits and the use of bits 51-82. Bit positions 83-128 and 1-50 remain unused. In the fourth round, bits 83-128 and 1-50 are used. In the fifth round, a circular left-shift of 25 bits arises, with bit positions 76-128 and 1-43 being used. Bits 44-75 remain unused. In the sixth round, the unused bit from the fifth round is used, and a left circular shift of 25 bits occurs, leaving bit positions 37-100 empty. In the seventh round, the unused bits from the sixth round, 37-100, are used first, followed by a 25-bit circular left shift to bits 126-128 and 1-29. Bits 30-125 remain unused. The unused bit location 30-125 from round seven is being used, and the key is deactivated. Output Transformation This is a one-time operation. It takes place at the end of the eighth round. As a result, a 64-bit value is separated into four sub-blocks (say R1 through R4), each with its own subkey. Decryption Decryption is similar to encryption, but it reverses the order of the round keys and the subkeys for odd rounds.
Category: cryptography
Cryptography – RSA Algorithm
Cryptography RSA Algorithm ”; Previous Next RSA (Rivest-Shamir-Adleman) is a famous encryption scheme that makes use of a combination of public and private keys. This means you have a non-public key and one that can be shared publicly. Each key can be used to encrypt data, but only the opposite can be decrypted. RSA was evolved in 1977 via MIT researchers Ron Rivest, Adi Shamir and Leonard Adleman, whose name bears the set of rules’s call. Despite its popularity as a robust encryption method, RSA”s high computing demands makes it inefficient and resource-intensive. As a result, it may not be the best choice for encrypting large messages or files because it may drain the system”s resources. How does RSA work? RSA is based on the problem of breaking down large numbers into their top factors. To create an RSA key pair, you need to pick very big prime numbers, p and q. It is crucial to pick those primes randomly and ensure they are simply unique from each different. The product of p and q, represented as n, becomes the modulus for the public and private keys. While n is publicly known, the values of p and q remain confidential. The carmecheals” totient function of the product of two primes, p and q, is computed. An integer, e, is chosen as the public exponent. The final step involves calculating d, which serves as the private exponent. Example Let”s say we choose p = 61 and q = 53. n = p * q = 61 * 53 = 3233 φ(n) = (p-1)(q-1) = 60 * 52 = 3120 Let”s choose e = 17 (a common choice). d = 2753 (computed such that (17 * d) mod 3120 = 1) So, the public key is (3233, 17), and the private key is (3233, 2753). Encryption To encrypt a message, the sender Uses the public key (n, e) provided by the recipient. Converts the plaintext message (m) into a ciphertext (c) using the formula − c = m^e mod n. Suppose we want to encrypt the message “HELLO”. We convert it to ASCII: H(72) E(69) L(76) L(76) O(79). We will encrypt each ASCII value separately − H: C = 72^17 mod 3233 = 2103 E: C = 69^17 mod 3233 = 2464 L: C = 76^17 mod 3233 = 2190 L: C = 76^17 mod 3233 = 2190 O: C = 79^17 mod 3233 = 875 Decryption Once the ciphertext (c) is received, the recipient uses their private key (n, d) to decrypt the message. Computes the plaintext message (m) using the formula − m = c^d mod n. The recipient receives the ciphertext (2103, 2464, 2190, 2190, 875). They use their private key to decrypt each value − M = 2103^2753 mod 3233 = 72 (H) M = 2464^2753 mod 3233 = 69 (E) M = 2190^2753 mod 3233 = 76 (L) M = 2190^2753 mod 3233 = 76 (L) M = 875^2753 mod 3233 = 79 (O) So, the decrypted message is “HELLO”. Applications and Use Cases RSA is used for a variety of information security and cryptography applications. Some of the most popular applications include − Digital Signatures A digital signature is a technology that allows the recipient of a message to confirm its authenticity, integrity, and non-repudiation. It verifies that the message was not altered in transit. When creating virtual signatures, the sender first generates a hash cost for the message the usage of a cryptographic hash function. Then you signal it with the help of running the RSA method with the personal key, which produces the digital signature as an output.The recipient can then apply the RSA method to the digital signature with the sender”s public key. You can also verify the signature by comparing it to the hash value created for the message. Digital Certificates RSA is commonly used in digital certificates, including SSL certificates. These certificates can be used to authenticate the identification of the people or organizations who run websites. Digital certificates use RSA to encrypt the certificate issuer”s digital signature, which is then confirmed using his public key. The digital certificate contains information like the domain name and the organization that owns the website, which helps establish the website”s authenticity to clients. Secure Key Exchange Another application of RSA is a secure key exchange between two individuals who have never before shared a secret key. The two parties use the RSA approach to generate a public-private key pair. The sender creates a symmetric key, encrypts it using the recipient”s public key, and transmits the encrypted key to the recipient. The recipient decrypts it with the private key. Both the sender and the recipient share the same symmetric key, that they can utilize for secure communication. Secure Communication Protocols RSA encrypts messages among two parties throughout a community that is not always secure, such as the internet. For example, RSA works with Transport Layer Security (TLS) to installation secure connections among net servers and browsers. Also, RSA allows secure email communication by enabling message encryption and decryption. It is also utilized in Virtual Private Networks (VPNs). VPNs use TLS to enable a handshake between two parties sharing information. The TLS handshake uses the RSA method to verify the real identities of both parties who participated in the transaction. How is RSA secure? RSA”s security relies on the difficulty for computers to find the prime numbers in the encryption keys. Longer keys increase the difficulty of code-breaking. While 1024-bit keys were once considered secure, the increasing computing power has led to a shift towards 2048-bit keys. Elliptic curve cryptography (ECC), an alternative approach to key generation, offers faster speeds and reduced battery usage, making it preferred for mobile devices. A research feat involved creating an RSA key using sound waves, but this method remains impractical for most hackers. Remember, no matter what, every encryption method can be hacked it is just a matter of time and effort. Advantages of RSA There
Cryptography – Double DES
Cryptography – Double DES ”; Previous Next In the previous chapter we saw what is data encrytption standard in this chapter we will see detailed information about Double DES. Double DES is a type of encryption where the same plaintext is encrypted using a pair of DES. Different keys are provided in both cases to encrypt the plaintext. Learning double DES is easy. Double DES uses two keys, k1 and k2. For it to obtain the encrypted text, it can apply DES to the original plaintext using k1. With a different key, k2, it can apply DES to the encrypted text this time. The encrypted text that is displayed is the final output. How does Double DES Work? To create the singly encrypted ciphertext, first use the key K2 to decrypt the double encrypted cipher-text block. The original plaintext block can be retrieved by decrypting this ciphertext block with key K1. If it is capable of using a single-bit key, then 0 and 1 are the two available keys. There are four possible key values, like (00, 01, 10 and 11), if it can use a two-bit key. In most cases, the cryptanalyst must implement 2n operations in order to try out every possible key if it can use an n-bit key. The cryptanalyst will have to make 22nn attempts to crack the key if it is possible to use two distinct keys, each with n bits. Think about a message”s P (plain-text block) and C (corresponding final cipher-text block) as the two basic elements of information that the cryptanalyst is aware of. Double DES stated numerically, as seen in the figure. The result of the first encryption is known as T and is indicated as T = Ek1(P) [i.e., encrypt the block P with key K1]. After this encrypted block is encrypted with another key K2, it indicate the result as − C = Ek2(Ek1(P)) [i.e., encrypt the already encrypted block T, with a different key K2, and call the final ciphertext as C]. Meet in Middle Attack In the double DES can be destroyed by known plaintext attack known as meet-in-themiddle attack. Given a plaintext P and two encryption keys K1 and K2, ciphertext C is produced as C = Ek2(Ek1, (m)) decryption needed that the keys be used in reverse order − P = Dk1(Dk2, (C)) A Meet-in-the-Middle (MitM) Attack is a type of cryptanalytic attack where the attacker need some type of space or time tradeoff to support the attack. MITM attempt can decrease the amount of difficulty needed to perform the assault in its original state. Merkle and Hellman introduced the terms of meet-in-the-middle attack. This attack contains encryption from one end and decryption from another and connecting the result in the middle, therefore is the name meet-in-the-middle. MITM can create the form of dividing the target connection into two so that each element can be addressed independently. It can mean changing an attack requiring X amount of time into one requiring Y time and Z space. The goal is to significantly decrease the effort required to implement a brute-force attack. Meet-in-the-Middle attackers try to reconcile the difficulty contained in a high cryptanalytic attack by meeting in the middle, or halving the area of what they are analyzing to create the effort applicable or reasonable in their view. The main aim of an attack is to steal personal information, including login credentials, account details and credit card numbers. Targets are frequently the users of monetary applications, SaaS businesses, e-commerce sites and other websites where logging in is needed. Data acquired at the time of an attack can be used for several goals, such as identity theft, unapproved fund transfers or an illicit password change. There are two keys including K1 and K2 are used for encrypt plaintext P into ciphertext C and the similar K1 and K2 are used for decryption. The intermediate text produced by first encryption and of first decryption, M should be the similar i.e., the two relationship must hold. Let us say a cryptanalyst have a previous pair of P and C then it can use all possible values (256) of K1 and record all values of M. Similarly for all values of K2 access all M and thus compare these M”s of K1 and K2 and discover a pair of K1 and K2 for which M is same. If only one such pair occur then K1 and K2 are the desired keys. If more than one pair exists for which K1 and K2 are equal, another intercepted plaintext/ciphertext pair is utilized. Advantages The Double DES (Data Encryption Standard) method of data encryption involves quickly performing the DES algorithm twice. The following are Double DES”s advantages − Enhanced Security − By doubling the length of the key, Double DES improves the security of DES and makes it more difficult for attackers to decrypt encrypted data via brute-force attacks. Compatibility with Current Systems − Double DES can be implemented with current DES hardware and software, making it a simple option for businesses who currently use DES. Widely Studied − Due to the in-depth study and analysis that DES has received over the years, double DES can be applied and understood with the help of a variety of information and resources. Disadvantages Vulnerable to Meet-in-the-Middle Attack − Double DES is vulnerable to a meet-in-the-middle attack, which involves an attacker intercepting the ciphertext and trying every key for the first encryption and decryption phases while storing the intermediate results. They then try each key for the second encryption stage until they find one that corresponds with the previously saved results. Therefore, the effective key length decreases to 112 bits, significantly weakening the theoretical 168-bit key length. Performance Overhead − Because double DES encryption takes more time and computing power than single DES encryption, it may have a performance overhead. Limited Key Length − While double DES has doubled the key length compared to single DES, it has a
Cryptography – SEED Encryption Algorithm ”; Previous Next SEED encryption is a symmetric key encryption technique created by the Korean Information Security Agency. It is a block cipher encryption technique which works with 16-byte data blocks and a 128-bit key length. The SEED encryption algorithm encrypts plain text data into cipher text by combining substitution and permutation techniques. To generate the final cipher text, the process uses a Feistel network structure that goes through several rounds of encryption. Encryption of SEED SEED encryption uses a key schedule to create round keys, which are used in each round of encryption. The key schedule is created by performing a series of bitwise operations on the original key, like XOR, AND, and left and right shifts. The encryption procedure requires dividing the plain text into 16-byte blocks and executing the encryption algorithm to each block separately. The algorithm encrypts the data using a combination of substitution and permutation algorithms, and then applies numerous rounds of encryption to each block to produce the final cipher text. Decryption of SEED The decryption procedure reverses the encryption process. The cipher text is divided into 16-byte blocks, and the decryption technique is executed to each block individually, using the identical round keys created during the encryption procedure. Structure of SEED SEED”s input/output block size and key length are both 128 bits. SEED features a 16-round Feistel structure. A 128-bit input is separated into two 64-bit blocks (L, R). The right 64-bit block is used to input the round function F, which generates a 64-bit subkey Ki based on the key schedule. A pseudo code for SEED”s structure is as follows − for (i = 1; i <= 16; i++) { L = R; R = L ^ F(Ki, R); } Round Function F SEED makes use of two 8×8 S-boxes, permutations, rotations, and fundamental modular operations like exclusive OR (XOR) and adds to ensure huge security, speed, and simplicity in implementation. The round function F divides a 64-bit input block into two 32-bit blocks (R0, R1) and uses four phases − A mixing phase for two 32-bit subkey blocks (Ki0, Ki1). Function G has three layers and allows for the mixing of two 32-bit blocks. Function F produces the following outputs (R0” and R1”) − R0” = G[G[G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] + G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + G[G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)] R1” = G[G[G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + (R0 ^ Ki0)]. + G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] + G[G[(R0 ^ Ki0) ^ (R1 ^ Ki1)] Function G The function G consists of two layers: two 8×8 S-boxes and block permutation with sixteen 8-bit sub-blocks. The function G with four 8-bit inputs (X0, X1, X2, and X3) gives the following outputs − Z0 equals {S1(X0) & m0} ^ {S2(X1) & m1} ^ {S1(X2) & m2} ^ {S2(X3) & m3} Z1 equals {S1(X0) & m1} ^ {S2(X1) & m2} ^ {S1(X2) & m3} ^ {S2(X3) & m0} Z2 equals {S1(X0) & m2} ^ {S2(X1) & m3} ^ {S1(X2) & m0} ^ {S2(X3) & m1} Z3 equals {S1(X0) & m3} ^ {S2(X1) & m0} ^ {S1(X2) & m1} ^ {S2(X3) & m2} where m0 = 0xfc; m1 = 0xf3; m2 = 0xcf; and m3 = 0x3f. To improve G function efficiency, four ”SS-box” are defined as follows − SS0(X) = {S1(X)& m3} || {S1(X) & m2} || {S1(X) & m1} || {S1(X) & m0} SS1(X) = {S2(X) & m0} || {S2(X) & m3} || {S2(X) & m2} || {S2(X) & m1} SS2(X) = {S1(X) & m1} || {S1(X) & m0} || {S1(X) & m3} || {S1(X) & m2} SS3(X) = {S2(X) & m2} || {S2(X) & m1} || {S2(X) & m0} || {S2(X) & m3} Applications of SEED SEED encryption is used to secure network communication, which includes VPNs, SSL/TLS, and IPsec. SEED encryption secures data saved on discs, USB drives, and other storage media. This encryption technique is used to protect data on mobile devices like smartphones and tablets. Government agencies and military organisations utilise SEED encryption to secure confidential material. Advantages Below are some advantages and benifits of using SEED encryption technique − SEED encryption has a 128-bit key length, making it highly resistant to brute force attacks. SEED encryption is a rapid method that can encrypt and decrypt data easily, making it ideal for real-time applications. SEED encryption is widely used and supported by various security products and services. SEED encryption can be utilised in a wide range of applications, like network security, data storage, and mobile devices. SEED encryption has undergone substantial research and is resistant to several known cryptanalysis attacks. Disadvantages Besides the advantages of SEED algorithm it also has some disadvantages of using it. SEED encryption needs good key management because the encryption”s security is dependent on the key”s strength and confidentiality. SEED encryption has a key length of 128 bits, which can be insufficient for some applications that demand stronger encryption. SEED encryption is subject to side-channel attacks such as timing and power analysis. Print Page Previous Next Advertisements ”;
Cryptography Digital signatures ”; Previous Next Digital signatures are the public-key primitives of message authentication. In the physical world, it is common to use handwritten signatures on handwritten or typed messages. They are used to bind signatory to the message. Similarly, a digital signature is a technique that binds a person/entity to the digital data. This binding can be independently verified by receiver as well as any third party. Digital signature is a cryptographic value that is calculated from the data and a secret key known only by the signer. In real world, the receiver of message needs assurance that the message belongs to the sender and he should not be able to repudiate the origination of that message. This requirement is very crucial in business applications, since likelihood of a dispute over exchanged data is very high. Model of Digital Signature As mentioned earlier, the digital signature scheme is based on public key cryptography. The model of digital signature scheme is depicted in the following illustration − The following points explain the entire process in detail − Each person adopting this scheme has a public-private key pair. Generally, the key pairs used for encryption/decryption and signing/verifying are different. The private key used for signing is referred to as the signature key and the public key as the verification key. Signer feeds data to the hash function and generates hash of data. Hash value and signature key are then fed to the signature algorithm which produces the digital signature on given hash. Signature is appended to the data and then both are sent to the verifier. Verifier feeds the digital signature and the verification key into the verification algorithm. The verification algorithm gives some value as output. Verifier also runs same hash function on received data to generate hash value. For verification, this hash value and output of verification algorithm are compared. Based on the comparison result, verifier decides whether the digital signature is valid. Since digital signature is created by ‘private’ key of signer and no one else can have this key; the signer cannot repudiate signing the data in future. It should be noticed that instead of signing data directly by signing algorithm, usually a hash of data is created. Since the hash of data is a unique representation of data, it is sufficient to sign the hash in place of data. The most important reason of using hash instead of data directly for signing is efficiency of the scheme. Let us assume RSA is used as the signing algorithm. As discussed in public key encryption chapter, the encryption/signing process using RSA involves modular exponentiation. Signing large data through modular exponentiation is computationally expensive and time consuming. The hash of the data is a relatively small digest of the data, hence signing a hash is more efficient than signing the entire data. Importance of Digital Signature Out of all cryptographic primitives, the digital signature using public key cryptography is considered as very important and useful tool to achieve information security. Apart from ability to provide non-repudiation of message, the digital signature also provides message authentication and data integrity. Let us briefly see how this is achieved by the digital signature − Message authentication − When the verifier validates the digital signature using public key of a sender, he is assured that signature has been created only by sender who possess the corresponding secret private key and no one else. Data Integrity − In case an attacker has access to the data and modifies it, the digital signature verification at receiver end fails. The hash of modified data and the output provided by the verification algorithm will not match. Hence, receiver can safely deny the message assuming that data integrity has been breached. Non-repudiation − Since it is assumed that only the signer has the knowledge of the signature key, he can only create unique signature on a given data. Thus the receiver can present data and the digital signature to a third party as evidence if any dispute arises in the future. By adding public-key encryption to digital signature scheme, we can create a cryptosystem that can provide the four essential elements of security namely − Privacy, Authentication, Integrity, and Non-repudiation. Encryption with Digital Signature In many digital communications, it is desirable to exchange an encrypted messages than plaintext to achieve confidentiality. In public key encryption scheme, a public (encryption) key of sender is available in open domain, and hence anyone can spoof his identity and send any encrypted message to the receiver. This makes it essential for users employing PKC for encryption to seek digital signatures along with encrypted data to be assured of message authentication and non-repudiation. This can archived by combining digital signatures with encryption scheme. Let us briefly discuss how to achieve this requirement. There are two possibilities, sign-then-encrypt and encrypt-then-sign. However, the crypto system based on sign-then-encrypt can be exploited by receiver to spoof identity of sender and sent that data to third party. Hence, this method is not preferred. The process of encrypt-then-sign is more reliable and widely adopted. This is depicted in the following illustration − The receiver after receiving the encrypted data and signature on it, first verifies the signature using sender’s public key. After ensuring the validity of the signature, he then retrieves the data through decryption using his private key. Print Page Previous Next Advertisements ”;
Cipher Feedback (CFB) Mode
Cryptography – Cipher Feedback (CFB) Mode ”; Previous Next The Cipher Feedback (CFB) mode is quite similar to CBC; the main difference is that CFB is a stream mode. It eliminates patterns by using feedback (also known as chaining in stream modes). CFB, like CBC, uses an initialization vector to destroy patterns while propagating errors. The CFB mode is a typical block cipher mode of operation that uses the block cipher algorithm. In this version, we support Data Encryption Standard (DES) and Advanced Encryption Standard (AES) processing; the cipherkey length for DES should be 64 bits, and 128/192/256 bits for AES. Another constraint is that our working mode operates on fixed-size units (64 or 128 bits per block), while text in the actual world varies in length. As a result, the final block of text given to this primitive must be padded to 128 bits before it can be encrypted or decrypted. While CFB1 and CFB8 modes use the same interface as CFB128 mode, CFB1 and CFB8 modes process plaintext and ciphertext bit-by-bit or byte-by-byte rather than block-by-block. Operation The operation of the CFB mode is shown in the above image. In the current system, a message block has a size of ”s” bits, where 1 < s < n. The initial random n-bit input block in the CFB mode needs to have an initialization vector (IV). The Initialization Vector does not need to be kept secret. Steps for operation are − Load the IV into the top register. Encrypt the data value in the top register with the underlying block cipher and key K. To construct the ciphertext block, take only ”s” number of most important bits (left bits) from the encryption process”s output and XOR them with ”s” bit plaintext message block. Feed the ciphertext block into the top register by moving the existing data to the left, and repeat the operation until all plaintext blocks are processed. Basically, the previous ciphertext block is encrypted with the help of the key, and the result is XORed with the current plaintext block. Decryption follows similar methods. A predetermined IV is loaded at the start of decryption. Analysis of CFB Mode CFB mode differs considerably from ECB mode in that the ciphertext linked to a given plaintext block is determined not only by that plaintext block and the key, but also by the previous ciphertext block. In other words, the ciphertext block is dependent on the message. CFB has a highly unusual property. In this mode, the user decrypts the ciphertext using the block cipher”s encryption method. The decryption algorithm for the underlying block cipher is never used. Apparently, CFB mode converts a block cipher into a stream cipher. The encryption algorithm functions as a key-stream generator, producing a key-stream that is stored in the bottom register. This key stream is then XORed with the plaintext, as is the case with stream ciphers. CFB mode converts a block cipher into a stream cipher, giving it some of the advantages of a stream cipher while preserving the benefits of a block cipher. On the other hand, transmission errors proliferate as a result of block changes. Formula for CFB Mode CFB (cipher feedback) is an AES block cipher mode similar to CBC in that it needs the previous block”s cipher, Ci-1, to encrypt a block, Bi. Similar to CBC, CFB uses an initialization vector. The main difference is that in CFB, the previous block”s ciphertext block is encrypted first before being XOR-ed with the block in focus. To better understand this, consider CFB in the form of a formula − Ci = EK(Ci-1) ⊕ Bi where EK represents the block encryption algorithm with key K, and Ci-1 is the cipher for Bi-1. Note that the calculation above assumes C0 to be the initialization vector. Similarly, decryption using the CFB can be represented as follows − Bi = EK(Ci-1)⊕(Ci) It is important to understand that the decryption algorithm is not used here. Bit-Width of CFB Mode The below table show the bit-width of the interfaces that CFB mode offer − plaintext ciphertext cipherkey IV CFB1-DES 64 64 64 64 CFB1-AES128 128 128 128 128 CFB1-AES192 128 128 192 128 CFB1-AES256 128 128 256 128 CFB8-DES 64 64 64 64 CFB8-AES128 128 128 128 128 CFB8-AES192 128 128 192 128 CFB8-AES256 128 128 256 128 CFB128-DES 64 64 64 64 CFB128-AES128 128 128 128 128 CFB128-AES192 128 128 192 128 CFB128-AES256 128 128 256 128 Advantages of CFB Mode CFB (Cipher Feedback) mode can sometimes be faster than CBC (Cipher Block Chaining) mode because it does not need an additional decryption technique. This can improve performance, particularly in situations when encryption speed is essential. CFB mode uses non-deterministic encryption, which means it cannot see patterns in the plaintext. This provides an additional layer of security by making it more challenging for attackers to determine information about the plaintext from the ciphertext. Disadvantages of CFB Mode Just like CBC mode, CFB mode cannot handle the loss of encrypted blocks. If even a single block is lost or corrupted throughout transmission, it might cause the decryption process to fail and leaving the entire message inaccessible. Like CBC mode, CFB mode does not allow for concurrent encryption of many blocks. Each block”s encryption is dependent on the previous ciphertext block, which limits the efficiency of parallel encryption techniques and may affect overall encryption speed. While CFB mode can offer
Cryptography – Data Encryption Standard ”; Previous Next The DES which stands for Data Encryption Standard algorithm, is a symmetric key block cipher created by an IBM team in the early 1970s and some time later it is adopted by the National Institute of Standards and Technology. In this method we divides plaintext into 64-bit blocks and transforms it to ciphertext with the help of 48-bit keys. As you may know, it is a symmetric-key method, it uses the same key to encrypt and decrypt the data which we have already discussed in the previous chapter. If it were an asymmetrical algorithm, it will require different keys for encryption and decryption. Some systems can break the DES algorithm. This algorithm uses a 56-bit key. DES uses this key to convert a block of 64-bit plaintext into a block of 64-bit ciphertext. The DES process has several steps, each of which is referred to as a “round.” The number of rounds vary depending on to the size of the key we have used. For example, a 128-bit key takes 10 rounds, a 192-bit key takes 12 rounds, and so on. History of DES Algorithm DES is based on the LUCIFER Feistel block cipher, which was invented in 1971 by IBM cryptography researcher Horst Feistel. DES uses 16 rounds of the Feistel structure, with each round using a unique key. In November 1976, DES was approved as the government encryption standard, which was later reaffirmed in the years 1983, 1988, and 1999. After a public competition to develop a replacement, the Advanced Encryption Standard (AES) took over as the acknowledged standard in 2002, ending DES”s monopoly. In May 2005, the NIST officially revoked FIPS 46-3 (the 1999 reaffirmation), however Triple DES (3DES) is still allowed for sensitive government information until 2030. Types/Variations of DES There are two main variations of Data Encryption Standard are as follows − Double DES Double DES is a type of encryption in which two instances of DES must be present in the same plaintext. In both scenarios, the plaintext is encrypted with the help of a number of keys. For the purpose of decryption, both keys are required. Triple DES There are two types of Triple DES which are as follows − Triple DES with Two Keys − In triple DES with two keys there are only two keys K1 used by the first and third process and K2 used in the second process. Triple DES with Three Key − In Triple DES, the plaintext block P is first encrypted with a key K1 then encrypts with a second key K2 and finally with a third key K3 where K1, K2, and K3 are distinct from each other. Structure of DES DES uses 16 round Feistel structure. The block size is 64-bit. Though, key length is 64-bit, DES has an effective key length of 56 bits, since 8 of the 64 bits of the key are not used by the encryption algorithm (function as check bits only). General Structure of DES is depicted in the following illustration − As DES is based on the Feistel Cipher, all that is required to specify DES is − Round function Key schedule Any additional processing – Initial and final permutation Initial and Final Permutation The initial and final permutations are straight Permutation boxes (P-boxes) that are inverses of each other. They have no cryptography significance in DES. The initial and final permutations are shown as follows − Round Function The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the rightmost 32 bits to produce a 32-bit output. Now let us discuss the above image and its terminologies − Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we first need to expand right input to 48 bits. Permutation logic is graphically depicted in the following illustration − The graphically depicted permutation logic is generally described as table in DES specification illustrated as shown − XOR (Whitener) − After the expansion permutation, DES does XOR operation on the expanded right section and the round key. This is the only type of operation that uses the round key. Substitution Boxes − The S-boxes carry out the real mixing (confusion). Eight S-boxes, each with a 6-bit input and a 4-bit output, are used in DES. Refer the following illustration − The S-box rule is illustrated below − There are a total of eight S-box tables. The output of all eight s-boxes is then combined in to 32 bit section. Straight Permutation − The 32 bit output of S-boxes is then subjected to the straight permutation with rule shown in the following illustration − Algorithm of DES The following steps define the algorithm process − Step 1 − The 64-bit plaintext block is initially provided to an initial permutation (IP) function to start the process. Step 2 − After that, the plaintext undergoes to the initial permutation (IP). Step 3 − The first permutation (IP) then generates Left Plain Text (LPT) and Right Plain Text (RPT), which are the two sides of the permuted block. Step 4 − The encryption procedure consists of sixteen cycles for each LPT and RPT. Step 5 − Lastly, the LPT and RPT become one, and the newly combined block is subjected to a Final Permutation (FP). Step 6 − This procedure yields the intended 64-bit ciphertext. Step 4 of the encryption process can be further divided into five stages − Key transformation, Expansion permutation, S-Box permutation, P-Box permutation, XOR and swap. We apply the same process for decryption, with the exception we reverse the of 16 round keys. Next, we will explore the several DES modes of operation to get a better understanding of what DES is. Key Generation The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The process of key generation
Cryptography – Quick Guide
Cryptography – Quick Guide ”; Previous Next Origin of Cryptography Human being from ages had two inherent needs − (a) to communicate and share information and (b) to communicate selectively. These two needs gave rise to the art of coding the messages in such a way that only the intended people could have access to the information. Unauthorized people could not extract any information, even if the scrambled messages fell in their hand. The art and science of concealing the messages to introduce secrecy in information security is recognized as cryptography. The word ‘cryptography’ was coined by combining two Greek words, ‘Krypto’ meaning hidden and ‘graphene’ meaning writing. History of Cryptography The art of cryptography is considered to be born along with the art of writing. As civilizations evolved, human beings got organized in tribes, groups, and kingdoms. This led to the emergence of ideas such as power, battles, supremacy, and politics. These ideas further fueled the natural need of people to communicate secretly with selective recipient which in turn ensured the continuous evolution of cryptography as well. The roots of cryptography are found in Roman and Egyptian civilizations. Hieroglyph − The Oldest Cryptographic Technique The first known evidence of cryptography can be traced to the use of ‘hieroglyph’. Some 4000 years ago, the Egyptians used to communicate by messages written in hieroglyph. This code was the secret known only to the scribes who used to transmit messages on behalf of the kings. One such hieroglyph is shown below. Later, the scholars moved on to using simple mono-alphabetic substitution ciphers during 500 to 600 BC. This involved replacing alphabets of message with other alphabets with some secret rule. This rule became a key to retrieve the message back from the garbled message. The earlier Roman method of cryptography, popularly known as the Caesar Shift Cipher, relies on shifting the letters of a message by an agreed number (three was a common choice), the recipient of this message would then shift the letters back by the same number and obtain the original message. Steganography Steganography is similar but adds another dimension to Cryptography. In this method, people not only want to protect the secrecy of an information by concealing it, but they also want to make sure any unauthorized person gets no evidence that the information even exists. For example, invisible watermarking. In steganography, an unintended recipient or an intruder is unaware of the fact that observed data contains hidden information. In cryptography, an intruder is normally aware that data is being communicated, because they can see the coded/scrambled message. Evolution of Cryptography It is during and after the European Renaissance, various Italian and Papal states led the rapid proliferation of cryptographic techniques. Various analysis and attack techniques were researched in this era to break the secret codes. Improved coding techniques such as Vigenere Coding came into existence in the 15th century, which offered moving letters in the message with a number of variable places instead of moving them the same number of places. Only after the 19th century, cryptography evolved from the ad hoc approaches to encryption to the more sophisticated art and science of information security. In the early 20th century, the invention of mechanical and electromechanical machines, such as the Enigma rotor machine, provided more advanced and efficient means of coding the information. During the period of World War II, both cryptography and cryptanalysis became excessively mathematical. With the advances taking place in this field, government organizations, military units, and some corporate houses started adopting the applications of cryptography. They used cryptography to guard their secrets from others. Now, the arrival of computers and the Internet has brought effective cryptography within the reach of common people. Modern Cryptography Modern cryptography is the cornerstone of computer and communications security. Its foundation is based on various concepts of mathematics such as number theory, computational-complexity theory, and probability theory. Characteristics of Modern Cryptography There are three major characteristics that separate modern cryptography from the classical approach. Classic Cryptography Modern Cryptography It manipulates traditional characters, i.e., letters and digits directly. It operates on binary bit sequences. It is mainly based on ‘security through obscurity’. The techniques employed for coding were kept secret and only the parties involved in communication knew about them. It relies on publicly known mathematical algorithms for coding the information. Secrecy is obtained through a secrete key which is used as the seed for the algorithms. The computational difficulty of algorithms, absence of secret key, etc., make it impossible for an attacker to obtain the original information even if he knows the algorithm used for coding. It requires the entire cryptosystem for communicating confidentially. Modern cryptography requires parties interested in secure communication to possess the secret key only. Context of Cryptography Cryptology, the study of cryptosystems, can be subdivided into two branches − Cryptography Cryptanalysis What is Cryptography? Cryptography is the art and science of making a cryptosystem that is capable of providing information security. Cryptography deals with the actual securing of digital data. It refers to the design of mechanisms based on mathematical algorithms that provide fundamental information security services. You can think of cryptography as the establishment of a large toolkit containing different techniques in security applications. What is Cryptanalysis? The art and science of breaking the cipher text is known as cryptanalysis. Cryptanalysis is the sister branch of cryptography and they both co-exist. The cryptographic process results in the cipher text for transmission or storage. It involves the study of cryptographic mechanism with the intention to break them. Cryptanalysis is also used during the design of the new cryptographic techniques to test their security strengths. Note − Cryptography concerns with the design of cryptosystems, while cryptanalysis studies the breaking of cryptosystems. Security Services of Cryptography The primary objective of using cryptography is to provide the following four fundamental information security services. Let us now see the possible goals intended to be fulfilled by cryptography. Confidentiality Confidentiality is the fundamental security service provided
Cryptography – Data Encryption ”; Previous Next A data encryption technique converts data into a code, or ciphertext, that is only readable by those who have a secret key or password. Plaintext is the term for the unencrypted data. Information encryption and decryption technology is called cryptography. Data encryption protects information from being lost, altered, or compromised. The decryption key, however, needs to be kept private and protected from unwanted access in order to guarantee that data is kept secure. Every type of data, both that which is in transit (like being exchanged over a network) and at rest (such being saved on a hard drive) can be encrypted. There are two methods of encryption that are widely used − Symmetric Encryption − The same key is used for both encryption and decryption in symmetric encryption. Asymmetric Encryption − It uses a public key that is given to the data recipient and a private key that is owned by the data owner. Because asymmetric encryption avoids the need for exchanging the private key, it is believed to be more secure. How Data Encryption Works? Let”s explore how data encryption protects hackers and thieves from accessing and intercepting your information while it is most vulnerable-during Internet transmission. You may be wondering “Why is data encryption essential?” “It seems a bit of trouble to be dealing with.” Encryption is essential for protecting confidential data as we transport it over the Internet and transact a lot of it through computer systems. Without it, anyone provided with the required tools and knowledge could − Determine all of your passwords, including those for your health insurance, online banking, and other vital accounts. Access and gain control of your SSN, credit card information, tax returns, medical records, and a host of other details that an attacker can use against you for identity theft or other illegal activities. Identify where you are exact in real time and monitor all of your movements, whether online and offline; Examine all of your communications, like emails and messages you exchange on social media, and edit the content by, for example, adding links to malicious websites. The good news is that you are already using encryption on a daily basis, whether you send sensitive data to someone, share photographs via private messages, or shop online. Since previously we have learned what encryption is, here are a few more helpful words for you to know − Cryptography − The study and application of secure communication techniques to protect information from unwanted access and malicious interference is known as cryptography. Plaintext − It is the information in its original, unencrypted form. Ciphertext − It is the encrypted version of the same data. Encryption Key − The piece of data (a random string of letters, numbers, and symbols) that an encryption algorithm uses to encrypt and decrypt data is known as the encryption key. The strongest encryption keys are unique, unpredictable, and only possible while technology is still in place. Encryption algorithm − The encryption algorithm is the process that converts plaintext into ciphertext with the help of the encryption key, making it look like random to unauthorised users but decipherable to the intended recipient, the encrypted data can then be read again by using the decryption key. Why Data Encryption is Important? Attackers can now more easily access and request data, which makes protection more important than ever. In addition, a lot of firms have to comply with data protection regulations, many of which specifically require the use of encryption. Promotes Data integrity and Prevents Theft of Data Data encryption secures from data loss, modification, and attack. Ensuring the validity of data is one of the main advantages of data encryption. You can make sure that the data you are accessing has not been altered or tampered by unauthorised individuals. Additionally, data encryption helps in preventing data loss, which is possible when information is transferred or stored across several systems. Data encryption provides an extra degree of security by preventing intentional or accidental manipulation of data. Encourages Compliance Sensitive data protection is governed by strict guidelines in several businesses. For example, banks are required to comply with by the Payment Card Industry Data Security Standard (PCI DSS), whereas the healthcare sector is subject to the Health Insurance Portability and Accountability Act (HIPAA). Businesses can make sure they are complying with these regulations and avoiding possible fines or penalties for non-compliance by putting data encryption into place. Protects Data While at Rest “Data at rest” refers to data that is kept in a fixed location, like a device, server, or database. Unauthorised people might be able to access the stored data remotely or physically. When data is encrypted while it is at rest, malicious hackers cannot decrypt it without the proper decryption key, even if they manage to get their hands on the storage medium. Encryption during rest helps guarantee that private information, corporate secrets, and other sensitive documents stay unreadable and worthless by unauthorised parties. Protects Data in Transit Data is more vulnerable to illegal access and manipulation when it is moved between systems or devices, for example, over a network. By ensuring that only authorised parties possessing the proper decryption keys can see the information, data encryption helps protect data while it is being transmitted. Data breaches become more likely as more workers access company data via mobile devices. Both the sensitive data kept on these devices and the data sent between mobile devices and business networks can be protected with the use of data encryption. Protecting Data stored in the Cloud If cloud storage has several advantages, like better accessibility and lower infrastructure costs, it also has special security risks. The security of data at rest, or data kept on cloud servers, is one of the main concerns for companies using cloud storage. An extra layer of security is added to this data via data encryption, which makes sure that even if unauthorised parties manage to access
Cryptography – Camellia Encryption Algorithm ”; Previous Next Camellia is a symmetric key block cipher that uses a block size of 128 bits and key sizes of 128, 192, and 256 bits. Mitsubishi Electric and Japan”s NTT collaborated on its development. The cipher provides security and processing capabilities comparable to the Advanced Encryption Standard. The cipher was designed to work with both software and hardware, ranging from low-cost smart cards to high-speed network systems. It is part of the Transport Layer Security (TLS) cryptographic protocol, which is used to secure communications over a computer network like the Internet. Design of Camellia Camellia is a Feistel cipher with 18 rounds (128-bit keys) or 24 rounds (192- or 256-bit keys). Every six rounds, a logical transformation layer is applied, known as the “FL-function” or its inverse. Camellia uses four 8×8-bit S-boxes for input and output affine transformations and logical operations. The cipher additionally uses input and output key whitening. The diffusion layer applies a linear transformation based on a matrix with a branch number of five. Algorithm Camellia is a symmetric block cipher with a secret key length of 128, 192, or 256 bits. The length of plaintext and ciphertext blocks is always 128 bits. The following description uses the original names of variables and functions from the Camellia documentation to describe its algorithm. The algorithm”s most important elements are F-functions. They are used during key encryption and decryption, as well as the creation of helper variables. The F-function accepts 128 input bits, combines them with bits from subkeys ki, and produces 128 new bits. The modification of bits in the F-function is commonly referred to as one round in the algorithm. F-function calls are grouped into blocks. Each block has six rounds. Six-round blocks (blocks of six calls to the F-function) are separated by calls to FL-functions and FL-1 functions. They manipulate 64-bit chunks of data and combine them using subkeys kli. Both encryption and decryption algorithms are about to repeat the six-round blocks outlined above. The number of repeats is determined by the length of the current secret key. For a 128-bit secret key, repeat the 6-round blocks three times. For 192-bit or 256-bit secret keys, repeat the blocks four times. In addition, at the start and end of both encryption and decryption methods, data bits are added to bits of subkeys kwi. Subkeys, which are used to encrypt or decrypt each data block, are generated in another method. Each block”s secret key generates tens of subkeys. They are used in a various operations throughout the main algorithm. Key schedule The secret key used in the Camellia cipher can be 128, 192, or 256 bits. Encrypting data blocks needs the creation of a few helper variables, followed by subkeys based on secret key bits. Each subkey is 64 bits long. To start, calculate two 128-bit variables (KL and KR ) and four 64-bit variables (KLL, KLR, KRL, and KRR). The following equations describe the relationships between those variables − KLL equals 64 left bits of KL KLR equals 64 right bits of KL KRL equals 64 left bits of KR KRR equals 64 right bits of KR The remainder of the connections should be identified using the length of the secret key K. for the 128 bit long key: KL equals K and KR equals 0 for the 192-bit long key: KL equals 128 left bits of K, KRL equals 64 right bits of K and KRR equals ~KRL negation of bits. for the 256-bit long key: KL equals 128 left bits of K and KR equals 128 right bits of K Next, using the preceding helper variables as a basis, two new ones can be calculated: KA and KB. They both have a length of 128 bits. If and only if the secret key has 192 or 256 bits, KB is nonzero. The six help constant values, known as ∑i, should be used while constructing KA and KB. Finally, one should compute all 64-bit secret subkeys, ki, kwi, and kli, based on four 128-bit long recently created variables, KL, KR, KA, and KB. The Camellia algorithm uses subkeys at every stage of encryption and decryption. Security of Camellia Encryption Camellia is known as a cutting-edge, secure cipher. As of now, it is believed hard to break it using a brute-force attack on the keys, not even with the smaller key size option (128 bits). No known successful attacks that significantly break down the cipher have been reported. Comparable to the AES/Rijndael cipher in terms of processing power and security levels is the Japanese cipher. A block cipher known as Camellia is fully characterised by minimum systems of multivariate polynomials − The Camellia (and AES) S-boxes can be defined using a system of 23 quadratic equations in 80 terms. The basic schedule can be expressed by 1,120 equations in 768 variables, with 3,328 linear and quadratic terms. The full block cipher can be described by 5,104 equations in 2,816 variables, with 14,592 linear and quadratic terms. A total of 6,224 equations in 3,584 variables with 17,920 linear and quadratic terms are required. The number of free terms is 11,696, which is roughly the same as for AES. These features will make it possible to break Camellia (and AES) in the future using an algebraic attack, like extended sparse linearisation, if the attack is possible. Advantages Here are the advantages of Camellia encryption − Camellia encryption is very secure and resistant to a wide range of cryptographic attacks. It has a large key size and a complex circular design, which makes it highly resistant to brute-force attacks. Camellia is adaptable and can be used for a variety of cryptographic tasks, like data encryption, digital signatures, and key exchange protocols. Its versatility makes it suitable for a variety of security requirements. Despite its excellent security features, Camellia uses relatively few computational resources. It can be efficiently implemented on both software and hardware platforms, making it suitable for a