Cryptography – Shiftrows Transformation ”; Previous Next One linear unit of symmetric encryption methods in AES is the ShiftRows transformation. It is a transposition operation in which the state”s rows are shifted repeatedly multiple times. The purpose of this function is to provide diffusion of bits across multiple rounds by randomly arranging the bits within each 128-bit block. The state rows are shifted as follows as a result of this transformation: the first row remains unchanged, the second row is shifted to the left by one byte, the third row is shifted to the left by two bytes, and the last row is shifted to the left by three bytes. AES without ShiftRows stage are greater than AES; they hardly change in value during rounds. This is attributed to poor encryption quality. The most difficult part of the AES algorithm is linear and differential cryptanalysis, where common approaches for both can be used to solve Rijndael. The arbitrary unknown and key-dependent substitution and permutation transformations are thought to be a good factor in enhancing the resistance of the block cipher against the differential and linear attacks, since the attacks require known transformations, according to the analysis of resistance against differential and linear cryptanalysis. How it Works? One of the components of the AES (Advanced Encryption Standard) algorithm is the ShiftRows transformation. It is a step in the data encryption process. The AES state is a grid of bytes, and in this stage, the rows are cyclically shifted. Let us simplify it − State Matrix − Data is arranged by the AES algorithm into a state matrix, which is a grid of bytes. Usually, there are four rows and four columns in this matrix. ShiftRows Step − The bytes in each row of the state matrix are moved to the left in this phase. There is no shift in the first row. One position has been relocated to the left in the second row, two positions have been moved to the left in the third row, and three locations have been moved to the left in the fourth row. The bytes that are moved out of one end of the row are placed back in at the other end since this shifting is done cyclically. Example − Let”s use the following state matrix as an example − 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 0x09 0x0A 0x0B 0x0C 0x0D 0x0E 0x0F 0x10 After the ShiftRows stage, it becomes − 0x01 0x02 0x03 0x04 0x06 0x07 0x08 0x05 0x0B 0x0C 0x09 0x0A 0x10 0x0D 0x0E 0x0F Each row, as you can see, has been moved a specific number of positions to the left. Purpose − The ShiftRows stage increases the difficulty of identifying patterns in the data by including diffusion into the encryption process. Implementation using Python The shift_rows function defined in code is used to implement the ShiftRows transformation within the context of the AES (Advanced Encryption Standard) algorithm. The shift_rows function takes a state matrix as input, performs the ShiftRows transformation, and outputs the changed state matrix. Example def shift_rows(state): for i in range(1, 4): state[i] = state[i][i:] + state[i][:i] return state # function execution state_matrix = [ [0x01, 0x02, 0x03, 0x04], [0x05, 0x06, 0x07, 0x08], [0x09, 0x0A, 0x0B, 0x0C], [0x0D, 0x0E, 0x0F, 0x10] ] shifted_state = shift_rows(state_matrix) for row in shifted_state: print(” ”.join(format(x, ”02X”) for x in row)) Following is the output of the above example − Input/Output 01 02 03 04 06 07 08 05 0B 0C 09 0A 10 0D 0E 0F Implementation using Java This Java code shows how to apply the ShiftRows transformation in the context of the AES encryption algorithm by changing the state matrix. It also provides an effective implementation of the change. See the code below − Example // AES Class for shiftrows transformation public class AES { public static byte[][] shiftRows(byte[][] state) { for (int i = 1; i < 4; i++) { byte[] temp = new byte[4]; for (int j = 0; j < 4; j++) { temp[j] = state[i][(j – i + 4) % 4]; } state[i] = temp; } return state; } // Main function public static void main(String[] args) { byte[][] stateMatrix = { {0x01, 0x02, 0x03, 0x04}, {0x05, 0x06, 0x07, 0x08}, {0x09, 0x0A, 0x0B, 0x0C}, {0x0D, 0x0E, 0x0F, 0x10} }; byte[][] shiftedState = shiftRows(stateMatrix); for (byte[] row : shiftedState) { for (byte b : row) { System.out.print(String.format(“%02X “, b)); } System.out.println(); } } } Following is the output of the above example − Input/Output 01 02 03 04 08 05 06 07 0B 0C 09 0A 0E 0F 10 0D Implementation using C++ The ShiftRows transformation, an important phase in the AES encryption process, is demonstrated in this C++ code. C++ vectors and the std::rotate function are used to perform the cyclic left shifts. Below is the implementation using C++ − Example #include <iostream> #include <vector> #include <algorithm> // Include the algorithm header std::vector<std::vector<int>> shiftRows(std::vector<std::vector<int>> state) { for (int i = 1; i < 4; i++) { std::rotate(state[i].begin(), state[i].begin() + i, state[i].end()); } return state; } int main() { std::vector<std::vector<int>> stateMatrix = { {0x01, 0x02, 0x03, 0x04}, {0x05, 0x06, 0x07, 0x08}, {0x09, 0x0A, 0x0B, 0x0C}, {0x0D, 0x0E, 0x0F, 0x10} }; auto shiftedState = shiftRows(stateMatrix); for (const auto& row : shiftedState) { for (int val : row) { std::cout << std::hex << val << ” “; } std::cout << std::endl; } return 0; } Following is the output of the above example − Input/Output 1 2 3 4 6 7 8 5 b c 9 a 10 d e f Summary This chapter provides a description of the ShiftRows transformation, an important phase in the symmetric encryption process known as AES (Advanced Encryption Standard). The ShiftRows transformation in AES encryption requires cyclically shifting the state matrix”s rows. The chapter also includes implementations of the ShiftRows transformation in Python, Java, and C++, demonstrating how to apply it in the context of AES encryption using a
Category: cryptography
Cryptography – Substitute Bytes Transformation ”; Previous Next One of the key components of the popular symmetric encryption technique known as the Advanced Encryption Standard (AES) is the substitution of bytes transformation. AES uses data blocks that are normally 128 bits (16 bytes) in size. It works in rounds, with each round involving a number of modifications to guarantee the security of the encrypted data. With the exception of the first round, the Substitute Bytes transformation is used in all following rounds. A nonlinear substitution operation known as the Substitute Bytes transformation−also referred to as the “SubBytes” or “S−Box” operation−replaces each byte in the input data with a corresponding byte from a fixed substitution table known as the “S−Box.” The S−Box is a pre−established, constant table with 256 entries, each of which is eight bits long. Because of its deliberate design, the S−Box prevents a variety of cryptographic attacks, including differential and linear cryptanalysis, by introducing non−linearity and confusion into the data. How it Works? Input − Data input is a 4×4 matrix (16 bytes). The SubBytes operation is applied to every byte in the matrix. Substitution − A byte from the S−Box is used to replace each byte in the matrix. Byte by byte, the substitution is carried out, with the matching replacement byte being found using the S−Box. Output − The 4×4 matrix is changed, and each byte is swapped out for its corresponding S−Box value. The AES algorithm”s fixed, well−known S−Box function obscures the relationship between the input and the output, making it more difficult for attackers to deduce patterns or details about the encrypted data. The SubBytes transformation helps in obtaining the features of diffusion and confusion needed for a robust encryption system. Diffusion guarantees that changes in one area of the plaintext affect a significant portion of the ciphertext, whereas confusion ensures that the relationship between the key and the ciphertext is complex and challenging to analyse. The Substitute Bytes transformation in AES is a key component that strengthens the encryption and adds non−linearity by substituting a value from the S−Box for each byte of data, increasing thesecurity of the encryption process and resistance to cryptographic attacks. Substitution Box (S−Box) A “Substitution Box,” or S−Box for short, is an essential feature of several cryptographic methods, including block ciphers, symmetric−key encryption, and the Advanced Encryption Standard (AES). A fixed substitution table called an S−Box is used to substitute output values with input values, which are usually binary digits or bytes. It functions as a nonlinear transformation that strengthens the cryptographic algorithm”s security by adding confusion and complexity to the encryption process. Features Important features of an S−Box consist of − Non−linearity − The relationship between the input and output values is not a straightforward mathematical function since S−Boxes are made to be nonlinear. The non−linearity of this system helps in preventing multiple cryptographic attacks, including asymmetric and linear cryptanalysis. Confusion − S−Boxes are necessary to achieve the encryption property of confusion. They make sure that there is a complex connection between the ciphertext and the plaintext, which makes it difficult for attackers to work out patterns and details about the encrypted data. Fixed and Predefined − A cryptographic algorithm”s S−Box is a fixed and well−known part. Transparency and confidence in the encryption process are ensured by its public awareness and standard design. Substitution − S−Boxes carry out the substitution process, substituting the corresponding output value from the S−Box for each input value. This replacement takes place either bit by bit or byte by byte, dependent upon how the algorithm is constructed. The S−Box is a particular substitution table that is utilised in the Substitute Bytes transformation in the context of AES throughout each encryption round. The AES S−Box is a key element of the AES algorithm”s security because it is made to withstand a variety of cryptographic attacks. To sum up, an S−Box is a fixed, predetermined substitution table that, by complexly and nonlinearly substituting input values with corresponding output values, adds nonlinearity and improves security to cryptographic methods. Implementation using Python This code implements the transformation of substitute bytes using the AES S−box. It takes a 4×4 matrix of bytes as input, uses the S−box to each byte, and then generates a new matrix with the substituted bytes. Example # S-box substitution table for Advance Encryption Standard S_BOX = ( 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 ) def sbt(input_matrix): # Substitute bytes in the input matrix using the AES S-box.
Cryptography – Steganography
Cryptography – Steganography ”; Previous Next Steganography is the term for data that is hidden within other data. An additional layer of security for data protection can be achieved by combining steganography, an encryption technique, with cryptography. Steganography techniques are useful for audio, video, and image files. While it is often used in visuals, steganography is usually written in characters with hash marks. In any case, steganography makes it easier for unauthorized viewers to see copyrighted content while simultaneously protecting it from misuse. Steganography is intended to be concealed from third parties, in comparison with cryptography, which is intended to be incomprehensible to an unauthorised third party. The secret information has to be encrypted, which can be challenging, in addition to being identified, which is a difficult attempt in and of itself. In general, the information hiding procedure extracts redundant bits from coverobject. The process includes two steps which are as follows − Recognition of redundant bits in a cover-object. Redundant bits are those bits that can be changed without corrupting the feature or failure the principle of the cover-object. The embedding procedure choose the subset of the redundant bits to be restored with data from a secret message. The stego-object is produced by restoring the selected redundant bits with message bits. Types of Steganography Steganography is a way of hiding not just information but also the transmission element of secret information. Steganography hides confidential data in a different file so that only the intended receiver knows of its availability. Data security in the past involved hiding information on the scalps of slaves, writing tables, rabbit stomachs, and the backs of wax. However, some people these days use the medium to send information in the form of text, photos, videos, and audio. Confidential information can be securely transmitted, and multimedia elements like music, video, and photos can be used as cover sources for hiding information. There are different types of steganography present − Text Steganography It involves encrypting text files with hidden data. Using this method, the secret information is hidden behind every nth character in a text message. There are numerous methods for concealing data in text files. Approaches of Text Steganography There are various approaches of text steganography which are as follows − Line Shift − In this method, secret message is private by vertically changing the text lines to some degree. A line decided has two clear control lines one on side of it for identifying the direction of movement of the marked line. It can hide bit 0, a line is changed up and to hide bit 1, the line is changed down. Determination of whether the line has been changed up or down is completed by computing the distance of the centroid of apparent line and its control lines. If the text is retyped or if a character recognition program (OCR) is utilized, the hidden data can get destroyed. White Steg − This technique uses white spaces for concealing a secret message. There are three methods of hiding information utilizing white spaces. In Inter Sentence Spacing, it can place individual space to hide bit 0 and two spaces to hide bit 1 at the end of each removing character. In End of Line Spaces, fixed number of spaces is added at the end of each line. For instance, two spaces to encrypt one bit per line, four spaces to encrypt two bits and so on. In Inter Word Spacing approach, one space after a word defines bit 0 and two spaces after a word define bit 1. But, uncertain use of white space is not clear. Spam Text − HTML and XML files can also be used to protect bits. If there are different starting and closing tags, bit 0 is interpreted and if an individual tag can be used for starting and closing it, therefore bit 1 is interpreted. In another approach, bit 0 is defined by a lack of space in a tag and bit 1 is defined by locating a space within a tag. Word Shift − In this approach, private message is hidden by changing the words horizontally, such as left or right to define bit 0 or 1 respectively. Words shift are identified using correlation method that consider a profile as a waveform and determines whether it originated from a waveform whose central block has been changed left or right. This approach can be recognized less, because change of distance among words to fill a line is completely frequent. But if someone understands the algorithm of distances, it can compare the stego text with the algorithm and acquire the hidden content by utilizing the difference. It can also, retyping or using OCR programs destroys the hidden data. SMS-Texting − SMS-Texting language is a set of abbreviated words used in SMS. It can hide binary information by utilizing full form of word or its abbreviated form. A codebook is create which includes words and their correlating abbreviated forms. Image Steganography It is defined as the process of concealing information by using a picture as a cover object. Pixel intensities are used in image steganography to hide data. Images are a commonly used cover source in digital steganography because a computer description of an image contains multiple bits. The following are some of the terms used in image steganography − Cover-Image − The original image that serves as an entry point for information that is hidden. Message − Real data that can be hidden behind pictures. The message can be sent as an image or as plaintext. Stego-image − IT is created when a message is embedded into a cover image. Stego-Key − A key used to embed or extract messages from stego-images and cover-images. Audio Steganography The technology for information embedding in an audio channel is called audio steganography. Digital copyright protection is one application for it. One method of hiding a piece of information [message] within another piece of information [carrier] is watermarking. Usually, it is
Cryptography – Data Encryption ”; Previous Next A data encryption technique converts data into a code, or ciphertext, that is only readable by those who have a secret key or password. Plaintext is the term for the unencrypted data. Information encryption and decryption technology is called cryptography. Data encryption protects information from being lost, altered, or compromised. The decryption key, however, needs to be kept private and protected from unwanted access in order to guarantee that data is kept secure. Every type of data, both that which is in transit (like being exchanged over a network) and at rest (such being saved on a hard drive) can be encrypted. There are two methods of encryption that are widely used − Symmetric Encryption − The same key is used for both encryption and decryption in symmetric encryption. Asymmetric Encryption − It uses a public key that is given to the data recipient and a private key that is owned by the data owner. Because asymmetric encryption avoids the need for exchanging the private key, it is believed to be more secure. How Data Encryption Works? Let”s explore how data encryption protects hackers and thieves from accessing and intercepting your information while it is most vulnerable-during Internet transmission. You may be wondering “Why is data encryption essential?” “It seems a bit of trouble to be dealing with.” Encryption is essential for protecting confidential data as we transport it over the Internet and transact a lot of it through computer systems. Without it, anyone provided with the required tools and knowledge could − Determine all of your passwords, including those for your health insurance, online banking, and other vital accounts. Access and gain control of your SSN, credit card information, tax returns, medical records, and a host of other details that an attacker can use against you for identity theft or other illegal activities. Identify where you are exact in real time and monitor all of your movements, whether online and offline; Examine all of your communications, like emails and messages you exchange on social media, and edit the content by, for example, adding links to malicious websites. The good news is that you are already using encryption on a daily basis, whether you send sensitive data to someone, share photographs via private messages, or shop online. Since previously we have learned what encryption is, here are a few more helpful words for you to know − Cryptography − The study and application of secure communication techniques to protect information from unwanted access and malicious interference is known as cryptography. Plaintext − It is the information in its original, unencrypted form. Ciphertext − It is the encrypted version of the same data. Encryption Key − The piece of data (a random string of letters, numbers, and symbols) that an encryption algorithm uses to encrypt and decrypt data is known as the encryption key. The strongest encryption keys are unique, unpredictable, and only possible while technology is still in place. Encryption algorithm − The encryption algorithm is the process that converts plaintext into ciphertext with the help of the encryption key, making it look like random to unauthorised users but decipherable to the intended recipient, the encrypted data can then be read again by using the decryption key. Why Data Encryption is Important? Attackers can now more easily access and request data, which makes protection more important than ever. In addition, a lot of firms have to comply with data protection regulations, many of which specifically require the use of encryption. Promotes Data integrity and Prevents Theft of Data Data encryption secures from data loss, modification, and attack. Ensuring the validity of data is one of the main advantages of data encryption. You can make sure that the data you are accessing has not been altered or tampered by unauthorised individuals. Additionally, data encryption helps in preventing data loss, which is possible when information is transferred or stored across several systems. Data encryption provides an extra degree of security by preventing intentional or accidental manipulation of data. Encourages Compliance Sensitive data protection is governed by strict guidelines in several businesses. For example, banks are required to comply with by the Payment Card Industry Data Security Standard (PCI DSS), whereas the healthcare sector is subject to the Health Insurance Portability and Accountability Act (HIPAA). Businesses can make sure they are complying with these regulations and avoiding possible fines or penalties for non-compliance by putting data encryption into place. Protects Data While at Rest “Data at rest” refers to data that is kept in a fixed location, like a device, server, or database. Unauthorised people might be able to access the stored data remotely or physically. When data is encrypted while it is at rest, malicious hackers cannot decrypt it without the proper decryption key, even if they manage to get their hands on the storage medium. Encryption during rest helps guarantee that private information, corporate secrets, and other sensitive documents stay unreadable and worthless by unauthorised parties. Protects Data in Transit Data is more vulnerable to illegal access and manipulation when it is moved between systems or devices, for example, over a network. By ensuring that only authorised parties possessing the proper decryption keys can see the information, data encryption helps protect data while it is being transmitted. Data breaches become more likely as more workers access company data via mobile devices. Both the sensitive data kept on these devices and the data sent between mobile devices and business networks can be protected with the use of data encryption. Protecting Data stored in the Cloud If cloud storage has several advantages, like better accessibility and lower infrastructure costs, it also has special security risks. The security of data at rest, or data kept on cloud servers, is one of the main concerns for companies using cloud storage. An extra layer of security is added to this data via data encryption, which makes sure that even if unauthorised parties manage to access
Cryptography – Camellia Encryption Algorithm ”; Previous Next Camellia is a symmetric key block cipher that uses a block size of 128 bits and key sizes of 128, 192, and 256 bits. Mitsubishi Electric and Japan”s NTT collaborated on its development. The cipher provides security and processing capabilities comparable to the Advanced Encryption Standard. The cipher was designed to work with both software and hardware, ranging from low-cost smart cards to high-speed network systems. It is part of the Transport Layer Security (TLS) cryptographic protocol, which is used to secure communications over a computer network like the Internet. Design of Camellia Camellia is a Feistel cipher with 18 rounds (128-bit keys) or 24 rounds (192- or 256-bit keys). Every six rounds, a logical transformation layer is applied, known as the “FL-function” or its inverse. Camellia uses four 8×8-bit S-boxes for input and output affine transformations and logical operations. The cipher additionally uses input and output key whitening. The diffusion layer applies a linear transformation based on a matrix with a branch number of five. Algorithm Camellia is a symmetric block cipher with a secret key length of 128, 192, or 256 bits. The length of plaintext and ciphertext blocks is always 128 bits. The following description uses the original names of variables and functions from the Camellia documentation to describe its algorithm. The algorithm”s most important elements are F-functions. They are used during key encryption and decryption, as well as the creation of helper variables. The F-function accepts 128 input bits, combines them with bits from subkeys ki, and produces 128 new bits. The modification of bits in the F-function is commonly referred to as one round in the algorithm. F-function calls are grouped into blocks. Each block has six rounds. Six-round blocks (blocks of six calls to the F-function) are separated by calls to FL-functions and FL-1 functions. They manipulate 64-bit chunks of data and combine them using subkeys kli. Both encryption and decryption algorithms are about to repeat the six-round blocks outlined above. The number of repeats is determined by the length of the current secret key. For a 128-bit secret key, repeat the 6-round blocks three times. For 192-bit or 256-bit secret keys, repeat the blocks four times. In addition, at the start and end of both encryption and decryption methods, data bits are added to bits of subkeys kwi. Subkeys, which are used to encrypt or decrypt each data block, are generated in another method. Each block”s secret key generates tens of subkeys. They are used in a various operations throughout the main algorithm. Key schedule The secret key used in the Camellia cipher can be 128, 192, or 256 bits. Encrypting data blocks needs the creation of a few helper variables, followed by subkeys based on secret key bits. Each subkey is 64 bits long. To start, calculate two 128-bit variables (KL and KR ) and four 64-bit variables (KLL, KLR, KRL, and KRR). The following equations describe the relationships between those variables − KLL equals 64 left bits of KL KLR equals 64 right bits of KL KRL equals 64 left bits of KR KRR equals 64 right bits of KR The remainder of the connections should be identified using the length of the secret key K. for the 128 bit long key: KL equals K and KR equals 0 for the 192-bit long key: KL equals 128 left bits of K, KRL equals 64 right bits of K and KRR equals ~KRL negation of bits. for the 256-bit long key: KL equals 128 left bits of K and KR equals 128 right bits of K Next, using the preceding helper variables as a basis, two new ones can be calculated: KA and KB. They both have a length of 128 bits. If and only if the secret key has 192 or 256 bits, KB is nonzero. The six help constant values, known as ∑i, should be used while constructing KA and KB. Finally, one should compute all 64-bit secret subkeys, ki, kwi, and kli, based on four 128-bit long recently created variables, KL, KR, KA, and KB. The Camellia algorithm uses subkeys at every stage of encryption and decryption. Security of Camellia Encryption Camellia is known as a cutting-edge, secure cipher. As of now, it is believed hard to break it using a brute-force attack on the keys, not even with the smaller key size option (128 bits). No known successful attacks that significantly break down the cipher have been reported. Comparable to the AES/Rijndael cipher in terms of processing power and security levels is the Japanese cipher. A block cipher known as Camellia is fully characterised by minimum systems of multivariate polynomials − The Camellia (and AES) S-boxes can be defined using a system of 23 quadratic equations in 80 terms. The basic schedule can be expressed by 1,120 equations in 768 variables, with 3,328 linear and quadratic terms. The full block cipher can be described by 5,104 equations in 2,816 variables, with 14,592 linear and quadratic terms. A total of 6,224 equations in 3,584 variables with 17,920 linear and quadratic terms are required. The number of free terms is 11,696, which is roughly the same as for AES. These features will make it possible to break Camellia (and AES) in the future using an algebraic attack, like extended sparse linearisation, if the attack is possible. Advantages Here are the advantages of Camellia encryption − Camellia encryption is very secure and resistant to a wide range of cryptographic attacks. It has a large key size and a complex circular design, which makes it highly resistant to brute-force attacks. Camellia is adaptable and can be used for a variety of cryptographic tasks, like data encryption, digital signatures, and key exchange protocols. Its versatility makes it suitable for a variety of security requirements. Despite its excellent security features, Camellia uses relatively few computational resources. It can be efficiently implemented on both software and hardware platforms, making it suitable for a
Cryptography – Block Cipher
Cryptography – Block Cipher ”; Previous Next Block ciphers and stream ciphers are the two categories into which encryption techniques divide according to the way the input is handled. A block cipher creates a ciphertext the same size by operating on fixed-size input blocks made up of b bits. When the input exceeds b bits, it is broken down into smaller blocks. Block ciphers use a variety of operating modes to deal with different use cases. Block Size While choosing a block size, keep the following factors in mind even if any size block is possible − Avoid extremely small block sizes − Let”s say a block size is m bits. There are then 2m possible combinations of plaintext bits. By creating a dictionary of plaintext/ciphertext pairings sent with that encryption key, the attacker can launch a sort of “dictionary attack” if they find the plain text blocks that match certain previously delivered ciphertext blocks. Because a larger dictionary is required, attacks become more difficult with increasing block sizes. Avoid using a very big block size − An extremely large block size makes the cipher difficult to use. These plaintexts will need padding before encryption. Multiples of 8 bits − Since most computer processors handle data in multiples of 8, a multiple of 8 is a preferred block size due to its ease of implementation. Padding in Block Cipher Block ciphers operate on fixed-size blocks, such as 64 bits. Most of the time, the length of a plaintext does not multiply by the block size. A 150-bit plaintext, for example, has two blocks of 64 bits each and a third block of 22 bits for balance. To make the final block”s length equal to the scheme”s block size, additional data must be appended to the last block of bits. In our case, 42 more redundant bits must be added to the remaining 22 bits in order to create a complete block. Padding is the process of adding bits to the final block. The process is inefficient when there is too much padding. Also, if padding is done regularly with the same bits, it can sometimes leave the system vulnerable. Modes of Operation Block cipher modes refer to various techniques for using secret codes for encryption and decryption. Consider a message encrypted into scrambled letter blocks. Modes of operation provide methods to ensure the message”s security during transfer or storage. Here are some common approaches − ECB (Electronic Code Book) − Think of it as using the same lock for each safe you encounter. Each safe (message block) is secured with the same key, resulting in identical blocks in your message remaining identical after encryption. CBC (Cipher Block Chaining) − Here, imagine safes linked together with chains. The lock for each safe depends on the lock of the previous safe. This creates a strong chain where even knowing parts of the message won”t reveal the original message, as the encryption is interconnected. Cipher Feedback (CFB) − Unlike encrypting an entire message at once, CFB encrypts smaller parts of it. This allows flexibility for messages of various lengths. Output Feedback (OFB) − Similar to CFB, but instead of using the encrypted message parts, OFB generates a continuous stream of random data (keystream). This keystream is mixed with the plaintext to create the ciphertext, resembling a constant flow of secret codes. CTR (Counter) − This mode transforms a block cipher into a stream cipher. It utilizes a counter that continuously increments, generating a unique key for every block. This key is combined with the plaintext to create the ciphertext. Think of it as a ticking counter that produces new secret codes for each portion of the message. Components of Block Cipher The Modern Block Cipher consists of the following components − D−boxes − A D−box is a type of permutation box that shares characteristics with conventional transposition ciphers. D-boxes switch around bits. D-boxes come in three different varieties, which are as follows − Straight D-box − It generates, permutes, and supports n outputs from n inputs. Here, the first input to be output is the second input following permutation. The input”s first letter is changed to second, the third to fourth, and the fourth to third. There are n! possible ways to map D-box. Compression D-box − A compression D-box is one that has m outputs and n inputs, where m<n. Many inputs are blocked and are not sent to the output. When permuting bits and reducing the number of bits needed for the following step are required, compression D-boxes are used. Expansion D-box − This is a D-box that has n inputs and m outputs, where m>n, or multiple inputs connected to multiple outputs, is utilized when bit transposition is needed and the number of bits increased for the subsequent step. S−boxes − These are substitute boxes that are identical to the cipher for substitution. An S−box accepts n−bit words as inputs, but it can also output m-bit words, where m and n are not exactly the same. Circular Shift − Modern block ciphers also include circular shift, which can be either left- or right-shifted. Each bit in an n-bit word with m positions is shifted to the left in a cyclical left shift, deleting the leftmost m-bits to become the rightmost bits. Encryption and Decryption of Block Cipher Block cipher for encryption and decryption is just like to convert a message into an encrypted message or code. Here is how it works − First, the message is broken into fixed-sized blocks. Each block has a set amount of characters, often 64 or 128 bits. The message”s blocks are then jumbled using the block cipher technique. This algorithm randomizes the characters in the block using a secret key. The key functions as a customized recipe, determining exactly how the characters are jumbled. Depending on the mode of operation selected, additional actions may be taken to improve security or meet
Cryptography – Key Revocation ”; Previous Next The process of discarding a compromised, expired, or now not required public key certificate or symmetric encryption secret is referred to as key revocation. The act of making and distributing a new key to update the only that was revoked is known as key renewal. A wide variety of factors can motive a key to be revoked or renewed, along with a person request, a coverage alternate, a safety breach, or the secret”s expiration date. Importance of Key Revocation The security and integrity of PKI and encryption depend on key revocation and renewal. An attacker can make use of a compromised key to access private data, fake or decode messages, or mimic the identity of someone else. An expired key can result in errors or failures when attempting to access data or communicate. A key that is no longer required may block the system and raise the possibility of misuse. Revocation and renewal of keys can avoid these issues and ensure that only valid, current keys are utilised. How to revoke a key? A key can be removed in loads of approaches, relying on its type and size. Using a Certificate Revocation List (CRL) or a list of revoked certificates posted with the aid of a Certificate Authority (CA) is the maximum famous way to achieve public key certificates. Users or apps that rely on certificates can test the CRL to verify the validity of the certificates. Implementing the Online Certificate Status Protocol (OCSP), which lets in customers or apps to question the CA immediately about the certificate reputation, is a new era. The use of a key control system (KMS), which is a system that manages the technology, distribution, garage, and revocation of symmetric encryption keys, is the maximum common technique KMS can revoke the important thing with the aid of announcing invalid or get rid of from the system. How to renew a key? Depending on the type and size of the key, there are many ways to renew it. Using a certificate renewal process, which enables the certificate holder to seek a new certificate from the CA before the current one expires, is the most popular technique for obtaining public key certificates. With the same or updated information and a new expiration date, the CA can issue a fresh certificate. Creating a new public-private key pair and requesting a new certificate from the CA with the updated public key is another way to approach things. This is known as the certificate reset process. The most popular technique for symmetric encryption keys is to use a key rotation process, which involves creating and distributing a new key on a regular basis or in response to specified requirements. For backward compatibility reasons, the previous key can either be removed or kept for a brief period of time. Challenges of Key Revocation PKI and encryption can have a number of problems with key revocation and renewal. One reason is that problems with scalability come when the amount and size of keys and certificates grow, adding to the complexity and overhead of handling them. Also, delays or irregularities brought on by human mistake, caching, synchronisation, or network latency can affect timeliness and risk the security and accessibility of data and communication. Lastly, when revoked or renewed, compatibility problems across various protocols, standards, platforms, or apps may surface, which could compromise data interoperability and communication functioning. Best Practices of Key Revocation By implementing best practices like automation, regulation, and monitoring, key revocation and renewal can be improved easier. Automation can increase productivity and decrease human error, while a policy can give stakeholders direction and accountability. Also, keeping an eye on the key revocation and renewal procedures can give insight into the functionality and condition of keys and certificates. Tools, logs, or alerts that monitor, record, or notify of any problems or irregularities related to key revocation and renewal can be used to accomplish this. Print Page Previous Next Advertisements ”;
Cryptography – AES Structure
Cryptography – AES Structure ”; Previous Next AES comprises of a series of linked operations, some of which involve replacing inputs by specific outputs (substitutions) and others involve shuffling bits around (permutations). Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four rows for processing as a matrix. Unlike DES, the number of rounds in AES is variable and depends on the length of the key. AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each of these rounds uses a different 128-bit round key, which is calculated from the original AES key. The schematic of AES structure is given in the following illustration − A plaintext block size of 128 bits, or 16 bytes, is required by the cipher. 16, 24, or 32 bytes (128, 192, or 256 bits) can make up the key length. AES-128, AES-192, or AES-256 are the names of the algorithm, depending on the key length. A single 128-bit block serves as the input for both the encryption and decryption procedures. This block is represented as a 4 * 4 square matrix of bytes in FIPS PUB 197. At each step of encryption or decryption, this block is copied into the State array, which is updated. Following the final phase, an output matrix contains a copy of the current state. Encryption Process Here, we restrict to description of a typical round of AES encryption. Each round comprise of four sub-processes. The first round process is depicted below − Key Expansion The round keys are calculated from the cipher key using Rijndael”s block cipher schedule. Pre−Transformation This comprises of only 1 process namely Add_Round_Key. Here, XOR operation is performed on each data byte with a byte of the round key. Byte Substitution (SubBytes) The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result is in a matrix of four rows and four columns. Shiftrows Each of the four rows of the matrix is shifted to the left. Any entries that ”fall off” are re-inserted on the right side of row. Shift is carried out as follows − First row is not shifted. Second row is shifted one (byte) position to the left. Third row is shifted two positions to the left. Fourth row is shifted three positions to the left. The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other. MixColumns Each column of four bytes is now transformed using a special mathematical function. This function takes as input the four bytes of one column and outputs four completely new bytes, which replace the original column. The result is another new matrix consisting of 16 new bytes. It should be noted that this step is not performed in the last round. Addroundkey The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the round key. If this is the last round then the output is the ciphertext. Otherwise, the resulting 128 bits are interpreted as 16 bytes and we begin another similar round. Decryption Process The process of decryption of an AES ciphertext is similar to the encryption process in the reverse order. Each round consists of the four processes conducted in the reverse order − Add round key Mix columns Shift rows Byte substitution Since sub-processes in each round are in reverse manner, unlike for a Feistel Cipher, the encryption and decryption algorithms needs to be separately implemented, although they are very closely related. Print Page Previous Next Advertisements ”;
Cryptography – Hill Cipher
Cryptography – Hill Cipher ”; Previous Next In the context of classical cryptography, the Hill Cipher uses a polygraphic substitution cipher, which means homogeneous substitution over many levels of blocks. This polygraphic substitution cipher allows Hill Cipher to function easily with digraphs (two-letter blocks), trigraphs (three-letter blocks), or any other multiple-sized blocks to create a uniform cipher. Hill Cipher is based on linear algebra, advanced matrices (matrix multiplication and matrix inverses), and modulo arithmetic principles. Obviously, it is a more mathematical cipher than others. Hill Cipher is also a block cipher. A block cipher uses a deterministic algorithm and a symmetric key to encrypt a block of text. Unlike stream ciphers, it does not require encrypting one bit at a time. Hill Cipher is a block cipher, which means it can function with any block size. While Hill Cipher is digraphic in nature, it can grow to multiply any letter size, adding complexity and reliability for improved usage. Because most of Hill Ciphers” problems and solutions are mathematical in nature, it is simple to hide letters with precision. Since the Hill cipher is fairly difficult, let”s encrypt the text “CODE” and then decipher the resulting ciphertext to learn how it works. To keep the example basic, we will use a simple substitution method in which the letter A is mapped to 0, B is mapped to 1, and so on to adhere to a 2×2 key matrix. The Hill cipher becomes more complicated as the key matrix size grows. History By using unique methods and techniques, cryptography-the study and practice of secure communication-prevents unauthorised people or teams from obtaining confidential data. Concepts like secrecy, data integrity, authentication, etc. are important in modern cryptography. The famous American mathematician Lester S. Hill developed and improved the Hill Cipher technique in 1929. The Hill Cipher uses a number of mathematical techniques, which correlate to many key techniques in traditional cryptography. Encryption Encrypting using the Hill cipher depends on the following operations − E(K, P) = (K*P) mod 26 Here K is our key matrix, and P is the vectorized plaintext. Matrix multiplying these two terms gives the encrypted ciphertext. Let”s get started this step by step − Choose a keyword for encrypting your plaintext message. Let us use the random keyword “DCDF”. Using the substitution technique, change this term into a numerical 2×2 key matrix. Then we will convert our plaintext message to vector format. Because our key matrix is 2×2, matrix multiplication needs a vector of size 2×1. In our example, our message is four letters long, so we can break it into two-letter blocks and then substitute to get our plaintext vectors. The final ciphertext, “WWVA,” can be generated by matrix multiplying the key matrix with each 2×1 plaintext vector, taking the moduli of the resulting 2×1 vectors by 26, and concatenating the results. So for 22 22 21 0 will be WWVA. Decryption The Hill cipher decryption process is based on the following operation − D(K, C) = (K-1 *C) mod 26 Here C is the vectorized ciphertext and K is our key matrix. The decrypted plaintext is obtained by matrix multiplying the reverse of the key matrix with the ciphertext. Let us proceed step-by-step using “WWVA” as our ciphertext − We first calculate the key matrix”s inverse. To do this, we must use modulo 26 to maintain the result between 0 and 25. For this reason, the modular multiplicative inverse of the key matrix determinant is found using the Extended Euclidean method. Following that, we will multiply the ciphertext”s 2×1 blocks by the key matrix”s inverse in order to recover our original plaintext message, “CODE.” Implementation using Python This Python code builds the Hill Cipher encryption algorithm with the help of NumPy for matrix operations. It creates functions to define the key matrix from a given key, encrypt a message with the help of the generated key matrix, and do the Hill Cipher encryption. The hill_cipher function accepts a message and a key as input, creates the key matrix, also encrypts the message with the key matrix, and prints the output as ciphertext. Example Following is the Python implementation of Hill Cipher using numpy library of Python − import numpy as np key_matrix = np.zeros((3, 3), dtype=int) message_vector = np.zeros((3, 1), dtype=int) cipher_matrix = np.zeros((3, 1), dtype=int) def get_key_matrix(key): k = 0 for i in range(3): for j in range(3): key_matrix[i][j] = ord(key[k]) % 65 k += 1 def encrypt(message_vector): for i in range(3): cipher_matrix[i][0] = 0 for x in range(3): cipher_matrix[i][0] += (key_matrix[i][x] * message_vector[x][0]) cipher_matrix[i][0] = cipher_matrix[i][0] % 26 def hill_cipher(message, key): get_key_matrix(key) for i in range(3): message_vector[i][0] = ord(message[i]) % 65 encrypt(message_vector) ciphertext = [chr(cipher_matrix[i][0] + 65) for i in range(3)] print(“The Ciphertext:”, “”.join(ciphertext)) message = “DOG” key = “YHGINUKER” hill_cipher(message, key) Following is the output of the above example − Input/Output The Ciphertext: YOG Implementation using Java This Java code performs both encryption and decryption using the Hill Cipher algorithm. Encryption function takes plaintext and a key matrix. Returns encrypted ciphertext. And decryption function takes ciphertext and a key matrix. Returns original plaintext. And determinant calculates the determinant of a matrix. And computes the adjoint (cofactor matrix) of a matrix. Converts a matrix along its diagonal to transpose a matrix. Example See the below code for Java implementation of Hill Cipher − import java.util.Arrays; public class HillCipher { private static final int MOD = 26; public static String encryptText(String plaintext, int[][] key) { plaintext = plaintext.toUpperCase().replaceAll(” “, “”); int n = key.length; int padding = n – plaintext.length() % n; if (padding != n) { plaintext += “X”.repeat(padding); } StringBuilder ciphertext = new StringBuilder(); for (int i = 0; i < plaintext.length(); i += n) { int[] block = new int[n]; for (int j = 0; j < n; j++) { block[j] = plaintext.charAt(i + j) – ”A”; } int[] encryptedBlock = multiplyMatrix(key, block); for (int value : encryptedBlock) { ciphertext.append((char) (value
Cryptography – Rail Fence Cipher ”; Previous Next A basic type of transposition cipher is the rail fence method. It is a kind of cryptographic process where the letters in a message are rearranged to form a new, seemingly unrelated message. The name of the approach comes from the message we write. When a text is created using the rail fence approach, the outcome is a zigzag pattern where each letter is spelled out before going on to the next row. The message has to be written in the first row of a table in order to be encrypted using the rail fence approach. In addition, the second letter of the message needs to be written in the second row. This procedure must be continued until all of the message”s letters have been written. Finally, we read the database row-wise to create the encrypted message. Let us get started now discuss how to decode a message. Finding the number of rows in the table depending on the encrypted message”s length is the first step in decrypting it. In addition, we have to write the encrypted message”s initial letter in the first row, its second letter in the second row, and so on. This process has to be followed until all of the message”s letters have been written. All things considered, the rail fence method of encryption is really straightforward. It does not offer very strong security. Even someone with a basic understanding of cryptography can easily break it. However, at times when a high level of security is not necessary, it can continue to be useful for simple communication. How Rail Fence Cipher Work? This section will give a detailed explanation of the encryption and decryption processes used by the rail fence cipher. Encryption In order to decrypt a message using the rail fence cipher, we should first choose the number of rails, write the message diagonally in a zigzag pattern using that number, and then combine the letters along each rail from left to right. We will walk through each step with an example below. Let us start by considering “RAILFENCE” as a plaintext. Let us now assume that there are three rails or fences, which is also known as a key. The zigzag pattern”s height will be determined by the key. The message can then be written diagonally, from left to right, in a zigzag pattern − In order to create the ciphertext we will merge distinct rows, which in this case is “RFEALECIN.” Decryption The number of rows and columns in the cipher text needs to be determined before we can start the decryption process. The length of the ciphertext is equal to the number of columns. After that, we need to determine how many rows-which function as the key-were encrypted. Now that we know how many rows and columns there are, we can build the table and figure out where the letters should go because the rail fence cipher zigzags to encrypt the text diagonally from left to right − The points where letters from the ciphertext are inserted to create the plaintext are indicated by the *(asterisk). Beginning from the top row, which is the first “rail,” we fill in the letters going left to right. Up until all of the asterisk spots are filled with letters from the ciphertext, we then carry on with this pattern on the following rail and so on − Let us finish the table above − Finally, we are able to combine the characters from left to right and top to bottom to get the Plaintext, “RAILFENCE.” Implementation Now we are going to implement the Rail Fence Cipher using Python, Java, C++ and Javascript. Implement using Python So first we will create a code suing Python and implement Rail Fence Cipher. We will create two different functions one for encryption and other one for decryption. So see the code below − Example # Function to encrypt a message def encrypt_rail_fence(plaintext, rails): # Create the matrix for cipher rail_matrix = [[”n” for i in range(len(plaintext))] for j in range(rails)] # Find the direction down_direction = False row, col = 0, 0 for i in range(len(plaintext)): # Check the direction of flow # Reverse the direction if just filled the top or bottom rail if (row == 0) or (row == rails – 1): down_direction = not down_direction # Fill the corresponding alphabet rail_matrix[row][col] = plaintext[i] col += 1 # Find the next row using direction flag if down_direction: row += 1 else: row -= 1 # Construct the cipher using the rail matrix cipher_text = [] for i in range(rails): for j in range(len(plaintext)): if rail_matrix[i][j] != ”n”: cipher_text.append(rail_matrix[i][j]) return(“” . join(cipher_text)) # Function to decrypt the cipher-text # Function to decrypt the cipher-text def decrypt_rail_fence(cipher, rails): # Create the matrix to cipher # plaintext – rows, length(cipher) – columns # Fill the rail matrix to distinguish filled spaces from blank ones rail_matrix = [[”n” for i in range(len(cipher))] for j in range(rails)] # Find the direction down_direction = None row, col = 0, 0 for i in range(len(cipher)): # Check the direction of flow if row == 0: down_direction = True if row == rails – 1: down_direction = False # Place the cipher text in the rail matrix rail_matrix[row][col] = ”*” col += 1 # Find the next row using direction flag if down_direction: row += 1 else: row -= 1 # Reconstruct the rail matrix with cipher text index = 0 for i in range(rails): for j in range(len(cipher)): if rail_matrix[i][j] == ”*” and index < len(cipher): rail_matrix[i][j] = cipher[index] index += 1 # Read the rail matrix in zig-zag manner to construct the resultant text result = [] row, col = 0, 0 for i in range(len(cipher)): # Check the direction of flow if row == 0: down_direction = True if row == rails