NUTS sessing. = (SUE dey x in Question-An ¥ = iste uestions (2 Marks lh 2014-15 = 2015-16 » 2016-17 » 2017-18 » 2018-19 + 2019-20 + 2020-21QUANTUM SERIES AE TEE A For [Link] Students of Fourth Year of All Engineering Colleges Affiliated to Dr. A.P.J. Abdul Kalam Technical University, Uttar Pradesh, Lucknow (Formerly Uttar Pradesh Technical University) Cryptography \&\ Network Security By Kanika Dhama , , uantum Seana QUANTUM PAGE PVT. LTD. Ghaziabad m New DelhiPUBLISHED BY: Apram Singh Quantum Publications® (A Unit of Quantum Page Pvt. Lia) Plot No. 59/2/7, Site - 4, Industrial Arg Sahibabad, Ghaziabad-201 010 ’ Phone : 01204160479 Email: pagequantum@ [Link] Website: [Link] Delhi Office : 1/6590, East Rohtas Nagar, Shahdara, Delhi-110039 © Au Ricuts Reserved No part of this publiation may be reproduced or transmitted, in any form or by any moans, without permission. | Information contained in this work is derived from sources | believed to be reliable. Every effort has been made to ensure | accuracy, however neither the publisher nor the authors | [guarantee the accuracy. dricommpleteness of ahy information | published herein, and neither the publisher nor the authors | shall be responsible for any errors, omissions, or damages | arising out of use of this information. Cryptography & Network Security (IT : Sem-7) 1* Edition : 2011-12 10" Edition : 2020-21 2” Edition : 2012-13 11" Edition : 2027-22 3" Edition ; 2013-14 4® Edition : 2014-15 5% Edition : 2015-16 6% Edition : 2016-17 7* Edition : 2017-18 £* Edition : 2018-19 9 Edition : 2019-20 (Thoroughly Revised Edition) Price: Rs, 110/- only Printed at : Parashar Printers, Delhi.KCS 074 : Cryptography & Network Security UNIT-1 : INTRODUCTION (1-1 D to 1-24 D) Introduction to security attacks, services and mechanism, Classical encryption techniques-substitution ciphers and transposition ciphers, cryptanalysis, steganography, Stream and block ciphers Modern Block Ciphers: Block ciphers principles, Shannon's theory of confusion and diffusion, fiestal structure, Data encryption standard (DES), Strength of DES, Idea of differential cryptanalysis, block cipher modes of operations, Triple DES. UNIT-2: ADVANCED ENCRYPTION STANDARD —_(2-1 D to 2-23 D) Introduction to group, field, finite field of the form GF(p), modular arithmetic, prime and relative prime numbers, Extended Euclidean Algorithm, Advanced Encryption Standard (AES) encryption and decryption, Fermat’sand Euler's theorem, Primarily testing, Chinese Remainder theorem, Discrete Logarithmic Problem,Principals of public key crypto systems, RSA algorithm, security of RSA. UNIT-3 : MESSAGE AUTHENTICATION CODES (3-1 Dto3-21D) ‘Message Authehtication Codes: Authentication requirements, authentication functions, message authentication code, hash functions, birthday attacks, security of hash functions, Secure hash algorithm (SHA) Digital Signatures: Digital Signatures, Elgamal Digital Signature Techniques, Digital signature standards (DSS), proof of digital signature algorithm. UNIT-4 : KEY MANAGEMENT & DISTRIBUTION (4-1Dto4-19 D) Symmetric key distribution, Diffie-Hellman Key Exchange, Public key distribution, X.509 Certificates, Public key Infrastructure. Authentication Applications: Kerberos, Electronic mail securit pretty good privacy (PGP), S/MIME. UNIT-5 : IP SECURITY (5-1 Dto 5-24 D) Architecture, Authentication header, Encapsulating security payloads, combining security associations, key management. Introduction to Secure Socket Layer, Secure electronic transaction (SET). System Security: Introductory idea of Intrusion, Intrusion detection, Viruses and related threats, firewalls. SHORT QUESTIONS (SQ-1 DtoSQ-15 D) SOLVED PAPER (2014-15 TO 2020-21) (SP.1 D to SP-35 D)Introduction Part-1 Part-3 Part-2 : Part-4 : CONTENTS Introduction to Security. Attacks, Services and ‘Mechanism Classical Encryption ‘Techniques : Substitution Ciphers and Transposition Ciphers, Cryptanalysis, Steganography, Stream and Block Ciphers, Modern Block Ciphers : Block Cipher Principles 1-5D to 1-11D Shannon’s Theory of 1-11D to 1-14D Confusion and Diffusion, Fiestel Structure Data Encryption .. 1-14D to 1-28D Standard (DES), Strength of DES, Idea of Differential Cryptanalysis, Block Cipher Modes of Operations, Triple DES 1-1D (IT-Sem-7)1-2D (IT-Sem-7) Introduction Explain network security attacks on the basis of security goals. ‘Answer | Security attacks : Security attack is defined as an attempt to gain unauthorized access to information system. [Security attacks Snoopinis Modification [Denial df service Traffic analysis] Masquerading || Threat to availability Threat to Replaying confidentiality Repudiation Threat to integrity Fig. 11.1. Classification of attacks with relat ecurity goals. Security attacks on the basis of security goals are of three types t 1. Attacks threatening confidentiality : Attacks threatening the confidentiality of information are : a, Snooping : Snooping refers to unauthorized access of data. To prevent snooping, data is made unreadable to the unauthorized entities by using encryption techniques. b. Traffic analysis : Traffic analysis is an attempt of analyzing (encoded) messages to come up with likely patterns. 2. Attacks threatening integrity : Attacks threatening integrity of information are : a. Modification : After accessing information, the attacker modifies the information to make it beneficial to himself.Cryptography & Network Security 1-8 D(IT-Sem-7) b, Masquerading : Masquerading or spoofing happens when one entity pretends tobe a different entity. ce. Replaying: In replaying, attacker obtains a copy of the message sent by) auser and later retransmits it to produce an unauthorized effect. 4. Repudiation : This attack is performed by one of the two parties in the communication. The sender of the message may deny that he has sent the message or the receiver of the message might later deny that he has received the message. 3. Attacks threatening availability : Attacks threatening availability of information is : a. Denial of Service (DoS) : This attack may slow down or totally interrupt the service of a system. "| Describe in brief the following security services: 1. Confidentiality 2 Non-repudiation 3 Access control 4. Authentication 5. Data integrity Oaeren Gs 1. Confidentiality : The principle of confidentiality specifies that only the sender and the intended recipient should be able to access the content of the message. It protects the transmitted data from passive attack. 2. Non-repudiation : It is a condition when a user sends message and later refuses that he had not sent the message. The principle of non- repudiation does not allow the sender of a message to deny that he had not send the message. 3 Access control: The principle of access control determines who should be able to access data or system via communication link. It provides the prevention of unauthorized use of a resource. 4. Authentication : Authentication is concerned with assuring that a ‘communication is authentic. In authentication, there is an assurance that the communicating entity is the one that it claims to be. 5. Data integrity : Data integrity is designed to protect data from modification, insertion, deletion and replaying by any entity. Data integrity can be applied to a stream of message, a single message or a selected portion within a message. 1B. [Discuss security mechanisms. Security mechanisms : It is mechanism that is designed to detect, prevent, or recover from a security attack.1-4D (IT-Sem-7) Introduction Security [oy mechanism fr Encipherment Data integrity | | | Digital signature y Traffic padding Routing control |Notarization Access control goes Fig isi) Encipherment : Hiding or covering data can provide confidentiality. 1 2. Data integrity : Refer Q. 1.2, Page 1-3D, Unit-1. 3. Digital signature :It is a way by which the sender can electronically sign the data and the receiver can electronically verify the signature. 4. Traffic padding : It is the way of inserting of bits into gaps ina data stream to confuse traffic analysis attempts. 5. Routing control : It enables selection of particular physically secure routes for certain data and allows routing changes, especially when a branch of security is suspected. 6. | \Notarization : It means selecting a third trusted party, to control the ‘communication between two entities. 7. Access control : Refer Q. 1.2, Page 1-8D, Unit-1. Que 1.4. | Differentiate between active attack and passive attack. ‘Answer [Link]. ‘Aetiveattack [Passive attack 1. | Access and modify ‘Access information. information. System is harmed. No harm to system. Easy to detect than prevent. | Difficult to detect than prevent. Threat to integrity, ‘Threat to confidentiality. availability. 5, [Affect system resources. |Does not affect system resources. 6. [Involve some modification of | Involve Eavesdropping and the data stream or the | monitoring of data. creation of a false stream.Cryptography & Network Security Goal of attacker is to damage | Goal of attacker is to obtain any system, information that is boing transmitted. Four types : Two types Replay i. Release of message Masquerade contents Modification of messages | ii, Traffic analysis, Denial of service PART-2 3 Classical Encryption Techniques : Substitution Ciphers and. Transposition Ciphers, Cryptanalysis, Steganography, Stream and Block Ciphers, Modern Block Ciphers : Block Cipher Principles. “Questions-Answers ‘Long Answer Type and Medium Answer Type Questions. Que 15. Compare and contrast substitution techniques with trarisposition techniques under ‘classical encryptios AKTU 2014-15, Marks 05 Answer [Link].| Basis for Substitution ‘Transposition comparison| techniques techniques i | Basie Replaces the plaintext] Rearranges the position characters with other| of the characters of the characters, numbers and| plaintext symbols. 2. | Forms Monoalphabetic and| Keyless and keyed polyalphabetic transpositional cipher. substitution cipher. 3, [Iterations |The identity of the|The position of the aracter is changed| character is changed ts position remains| instead of its identity. ged 4. |Demerit The letter with the low| Keys near to the correct frequency ean detect the| key can disclose the plaintexd. plaintext, 5. [Example | Caesar Cipher. Rail Fence Cipher:1-6.D (IT-Sem-7) Introduction What is cryptanalysis ? Explain the types of cryptanalysis attack. + Cryptanalysis is the decryption and analysis of codes, ciphers or encrypted text, ‘Types of cryptanalysis attack : 1. Ciphertext only attack : a. A Ciphertext Only Attack (COA) is an attack in which only the encrypted message is available for attack, but because the language is known a frequency analysis could be attempted. b. In this situation, the attacker does not know anything about the contents of the message, and must work from cipher text only. 2 Known plaintext attack : a. Ina Known Plaintext Attack (KPA) both the plaintext and matching cipher text are available for use in discovering the key. b. The attacker knows or can guess the plaintext for some parts of the cipher text, 3. Chosen plaintext attack : a. A Chosen Plaintext Attack (CPA) occurs when the attacker gains access to the target encryption. b. Inan Adaptive Chosen Plaintext Attack (ACPA), the attacker not only has access to the plaintext and its encryption, but can adapt or modify the chosen plaintext as needed based on results of the previous encryptions. 4. Chosen ciphertext attack : a, Ina Chosen Cipher text Attack (CCA), the eryptanalyst can choose different cipher texts to be decrypted and has access to the decrypted plaintext, b. This type of attack is generally applicable to attacks against public key cryptosystems, Que 1.7. | Explain the term steganography in brief. Answer Steganography is a technique to implement security mechanisms. Itis the technique of writing a message in such a way that apart from the sendor and the receiver, no one will suspect the existence of the message. It enables the sender to hide a message inside another message, peCryptography & Network Security 1-7D (I'T-Bem-7) 2 Cryptography conceals the contents of a message by eneiphering, and steganography conceals the message itself by covering it with comething. Traditional techniques of steganography include : a. Marking selected letters of a printed document with a peneil such that the marks are visible only when the document is exposed at aspecific angle to bright light. b. Use of some invisible ink to write a secret message such that the contents of a message are not visible until heated or some other chemical is applied. © Use of interodots or pin punchers on selected letters such that these dots are not visible until the paper is exposed in front of a light. 4 Some modern techniques of steganography include hiding of a secret message within an image, audio or video file by inserting secret binary message information during the digitization process, Que 18. ] The hill cipher uses the following key for enciphering the message. wep Qtly Obtain the decryption key to be used for deciphering the cipher text, AKTU 2014-15, Marks 05 3 2 5 7 On “| ad My Ann 1, fe ey ae we Di” (% a D = yy yy Cyp yy “2 Therefore, 3 -2/11 3/111-8 D (IT-Sem-7) Introduction Playfair Cipher with key = DOLLARS. OR Explain Playfair Cipher with example. Playfair cipher: 1. The playfair cipher is used for creating a key table. 2. The key table is a 5 x 5 grid of letters that will act as the key for encrypting our plaintext. Each of the 25 letters must be unique and one letter of the alphabet (any) is omitted from the table. 3. Inaplayfair cipher, the message is split into digraphs, pairs of two letters. |. If there is an odd number of letters, Z is added to the last letter. 5. The playfair cipher uses following rules for encrypting process : a, Ifboth letters are in the same column, take the letter below each one (going back to the top if at the bottom). b. If both letters are in the same row, take the letter to the right of each one (going back to the left if at the farthest right). c.(.) Ifneither of the preceding two rules ate true, form a rectangle with the two letters and take the letters on the horizontal opposite corner of the rectangle. = DOLLARS and Message = THIS IS AN EXERCISE Ke p}|o}|Lt]alR s|B]c]E] F G}/H}]w]K]™M n{/P]e@]Tr]u viw]xiy]a First we break the original text (message) into pairs of two alphabets each as: THISTS AN EX ER CISE Now, replacing the text with the text diagonally opposite to it : TH PK Is GC IS GC AN > DT EX > CYCryptography & Network Security 1-9 D ('T-8em-7) ER= FA CcIis+IQq SE BF ‘Thus, plaintext becomes PK GC GC DT CY FA IQ BF ‘Que't.i0; 1 Write as short note on block cipher and stream cipher. Block cipher 1 A block cipher is defined as a symmetric key cipher where a group of plaintext symbols are encrypted together to create a group of ciphertext ofsame size. 2. Asingle key is used to encrypt the whole block even if the key is made of multiple values. 3. During decryption, each ciphertextblock is converted to plaintext block, one block at a time. Stream cipher: 1. Astream cipher is defined asa symmetric key cipher where encryption and decryption are done on one symbol at-a time, 2. Aplaintext symbol is given as a input to the encryption algorithm one at a time and on the basis of key applied ciphertext characters are also created one at a time. 8)//"(The values depend on the plaintext, ciphertext characters and previous key values. 4. Stream ciphers are designed to approximate an idealized cipher, known as the One-Time Pad. ‘Que LiL. | Differentiate between block cipher and stream cipher. Answer [Link]. Block cipher - Stream cipher i In block cipher, keys and |In stream cipher, keys and algorithm are applied to block | algorithms are applied to each of data. binary digit one bit at a time. 2. | Block cipher is more time |Stream cipher is less time consuming. consuming. 3. | Block cipher is slower than | Stream cipher is faster than block stream cipher. cipher. 4, | Block cipher is used in | Stream cipher is not used in chaining modesof operation, | chaining modes of oper 5. | Software implementation is | Hardware imple easy using block cipher. _| using stream cipher.1+10D (1T-Sem-7) Introduction Re Ideal block cipher is a block cipher in which the relationship between the input blocks and the output block is completely random but it must be invertible for decryption to work. 2. In ideal block cipher, each input block is mapped to a unique output block. Problems with ideal block cipher : 1. Ifasmall block size, such as n =4, is used, then the system is equivalent to a classical substitution cipher. Such systems are vulnerable to a statistical analysis of the plaintext. 2. This weakness is not inherent in the use of a substitution cipher but rather results from the use of a small block size. 3. Ifnissufficiently large and an arbitrary reversible substitution between plaintext and ciphertext is allowed, then the statistical characteristics of the source plaintext are masked to such an extent that this type of cryptanalysisis infeasible, 4, However, an arbitrary reversible substitution cipher for a large block size is not practical from an implementation and performance point of view! (Que 1.13. | Explain modern block cipher with its components. ‘Answer 1. Asymmetric-key modern block cipher encrypts an n-bit block of plaintext or decrypts an n-bit block of ciphertext. 2. The encryption or decryption algorithm uses a k-bit key. Sonder Reci n-bit plaintext a-bit plaintext i ao Eneryption }+—k-bit key—e| Decryption ¥ f n-bit ciphertext abit ciphertext LA Fig. 148.1) 3, Following are the components of modern block cipher :Cryptography & Network Security 1-11D (IT-Sem.7) Fe i, S-boxes: a. Thisisa substitution box where substitution of several bits is performed in parallel. b. It takes 7 bits of plaintext at a time as input and produces m bits of ciphertext as output, where the value ofn and m. maybe the same or different. ii, P-boxes: a. Thisis a permutation box that performs transposition at the bit-level, and transposition of several bits is performed at the same time. b. The input bits are permuted to produce the output bits : 1. Straight P-box : This P-box takes n bits as input, permutes them and produces n bits as output. As the number of inputs and outputs is the same, there are a total of n! ways to map n inputs ton outputs. 2 Compression P-box : This P-box takes n bits as input and permutes them to produce an output of m bits where men. 3. Expansion P-box: This P-box takes n bits as input and permutes them to produce-an output of m bits where m>n. iii, Circular shift : In circular shift operation, bits can be shifted either in the left or in the right direction. PART-3 [eshanton's Pheory of Confusion and Diffusion, Feistel Structure. _ Questions-Answers Lous ewer Type and Medien Maa wer Type Questions Que 1.14. | Explain Shannon principle of confusion and diffusion. AKTU 2016-17, Marks 10 OR What is the Shannon's theory of confusion and diffusion in terms of information security ? AKTU 2018-19, Marks 11-12. (IT-Sem-7) Introduction Shannon's theory uses diffusion and confusion for transposition and substitution operation as : Confusion : 1, The property of confusion hides the relationship between the ciphertext and the key, 2. This property makes it difficult to find the key from the ciphertext. 3. Ifasingle bit ina key is changed, most or all the bits in the ciphertext will be changed. 4, Confusion increases ambiguity of ciphertext. 5. It isachieved through substitution algorithm. 6. It is used by stream cipher and block cipher. Diffusion : 1. The idea of diffusion is to hide the relationship between the ciphertext and the plaintext. 2. This will frustrate the attacker who tries to find out the plaintext from. the statistical analysis of ciphertext. 3. Diffusion is implemented such as if single symbol in the plaintext is ‘changed, several or [Link] the ciphertext will also be changed. Diffusion increases the redundancy of the plaintext by spreading it 4. across rows and columns. 5. It is achieved through transposition algorithm. 6. It is used by block cipher only. Que 1.15. ] Explain Feistel encryption and decryption algorithms. What is the difference between diffusion and confusion ? | AKTU 2014-15, Marks 05 | Answer Feistel encryption algorithm : Feistel encryption algorithm takes a block of plaintext as input. The plaintext block is divided into two halves i.e., left (LE) and right (REy) a, Input: The plaintext (LEy, RE,) b. Round i (1 to 16) perform on input (LE,_,, RE,_,) the operations : = LE. @ ARE, K) ¢, This is the input to next round. | The key of round i is K,. ©. Output: The ciphertext (REjg, LE.) :Cryptography & Network Security 1-18 D (IT-Sem-7) Feistel decryption algorithm : In Feistel decryption algorithm, we take the output of encryption algorithm as input i.e, (LD), RDg) = (REyg, LE,,) and perform the operations in reverse order. a. Input: The ciphertext (LD,, RD,) = (REjg, LE.) b. Round i (1, to 16) perform on input (LD, , RE) the operations : LD, = RD, , RD, =LD,_, © (RD; ,, Kye.) ©. Thisis the input to next round. 4d. The key ofroundiis Ky, ,. e. This algorithm is CORRECT - after round i we have LD, = RE, RD, = LE yg. Difference: ‘Diffusion 1. | Diffusion hides the relation between the ciphertext and the plaintext. Confusion hides the relation between the ciphertext and key. 2. | Ifasingle symbol in the plaintext is changed, several or all symbols in the ciphertext will Ifa single bit in the key is| changed, most or all bits in the| ciphertext will also be changed. also be changed. 3. | Diffusion is used to create | Confusions used to create faint cryptic plain texts. cipher texts. 4. |It is possible through| It is possible through transposition algorithm. substitution algorithm. ‘Que 1.16. | What do you understand by Feistel cipher structure ‘ Explain with suitable block diagram. AKTU 2017-18, Marks 05 1. Feistel ciphers a symmetric structure used in the construction of bloc! ciphers. 2. It is commonly known as a Feistel network. 3. The Feistel structure has the advantage that encryption and decryptio operations are very similar, even identical in some cases, requiring onl areversal of the key schedule. 4. Therefore, the size of the code or circuitry required to implement suc acipher is nearly halved. 5, A Feistel network is an iterated cipher with an internal function calle around function.1-14D (IT-Sem-7) Introduction 6. Let Fbe the round function and let Ky, K,, K,, be the sub-keys for the rounds 0, | n respectively. Then, the basic operation is as follows : a, Split the plaintext block into two equal pieces (Lo, R,) 1 b. For each round i= 0, 1,..., n compute Li, 15h, R.,,=L, FR, K). ‘Then the ciphertext is (R, nat Enya) c Decryption ofaciphertext ,,. 1) is accomplished by computing fori=n,n—1, =F, OFL, Lj iar Kj i a ‘Then Dy Ry)inthe stent agin © | Encryption Decryption Plaintext Ciphertext a CR Tne Ro] Ciphertext Plaintext Fig, 1.16.1. Encryption’ and deeryption ia Feisial PART-4 ae Data Eneryption Standard (DES), Strength of DES, Idea 1 of 3 Dilan 1 [Link], Block ( ‘Cipher Modes of © Operations:Triple DES. LE DES TS,Cryptography & Network Security 1-15 D (IT-Sem-7) [ARTO BOLO Ty Marke 10] OR Discuss DES in detail with suitable block diagram. OR Draw the block diagram of DES algorithm. Also explain its functionality. rr “The DEShas a 64-bit block size and uses a 56-bit key during execution (6 parity bits are stripped off from full 64-bit key). DES is a symmetric cryptosystem, specifically a 16-round Feistel cipher. ‘A block to be enciphered is subjected to an initial permutation IP and then to a complex key-dependent computation and finally to a permutation which is the inverse of the initial permutation Ip, Permutation is an operation performed by a function, which moves an element at place j to the place ke ‘The key-dependent computation can function f, called the cipher function, an schedule. Explanation : be simply defined in terms of a \d.a function KS, called the key Plain text (64 bits) Tnitial Permutation} ap) 1 t ; iPr [RPP ¥ ¥ 16 16 Key —*] sounds | rounds [*— “°% ¥ Final Permutation (FP) [Cipher text (64 bits)1-16 D (IT-Sem-7) Introduction Step 1 : The 64-bit plain text block is passed to an Initial Permutation (IP) function. Step 2 : The initial permutation is performed on plain text. Step 3 : The initial permutation (IP) produces two halves of the permitted block; Left Plain Text (LPT) and Right Plain Text (RPT). Step 4 : Each of LPT and RPT go through 16 rounds of encryption process. Step 5: In the end, LPT and RPT are rejoined and a Final Permutation (FP) is performed on the combined block. Step 6: The result of this process produces 64-bit cipher text. Functionality of DES : DES is generally used for encrypting plain text messages in various algorithm modes such as Electronic Code Book (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB) and Output Feedback (OFB). (Que 1.18. | Draw block diagram of DES encryption. Also, discuss the strengths of DES. AKTU 2015-16, Answer Block diagram of DES encryption : G4-bit plaintext 4 Ti tral permutation Permuted choice 1] stomp | Round 1 |+——}Permuted choice J Left cireular shift He sn Round 2 |—*Permuted choice 2}¢—— Left circular shift a T | ¥ K ¥ Round 16 |-«+—©{Permuted choice 2|- Left circular shift 32-bit swap y Taverse Tnitial permutationCryptography & Network Security 1-17D (IT-Sem-7) 1. InDESeneryption, there are two inputs to the encryption fumetion : the plaintext to be encrypted and the key. ‘The plaintext must be 64 bits in length and the key is 56 bits in length, 3. The G4-bit plaintext passes through an initial permutation (IP) that rearranges the bits to produce the permuted input, 4. The output of the last (sixteenth) round consists of 64 bits that are a function of the input plaintext and the key. 5. The left and right halves of the output are swapped to produce the preoutput. 6. The preoutput is passed through a permutation (IP~1) that is the inverse of the initial permutation function, to produce the 64-bit ciphertext. Strength of DES: 1. The inner workings of the DES algorithm are completely known. The strength of DES lies only in key, which must be secret. 2 It uses56 bit key in encryption and there are 2° possible Keys. A brute force attack on such number of keys is impractical, Que 1.19. | What is the most security-critical component of DES round function ? Give a brief description of this function. AKTU 2014-15, Marks 05 Answer | ‘The most security-critical components of the DES round function are the S- boxes. S-hox: 1. An S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution, 2. Inblock ciphers, S-box is use to hide the relationship between the key and the cipher text. 3, An S-boxis an m*n substitution unit, where m and n are not necessarily same. 4. The substitution consists of a set of eight S-boxes, each of which accepts 6-bits as input and produces 4-bits as output. 5. The first and last bits of the input to box S form a 2-bit binary number to select one of four substitutions defined by the four rows in the table for S,. i1-18 D (IT-Sem-7) Introduction 6. ‘The middle four bits select one of the sixteen columns. 7. The decimal value in the cell selected by the row and column is then converted to its 4-bit representation to produce the output. 48-bit input block JU y 7 6-bit sub-block] [ 6-bit sub-block ] 6-bit sub-block S-box 1 S-box 2 abit output] [4bit output ] S-box 8 ‘4-bit output y Fig. 1.19.1. 32-bit output block Que 1.20, | List the’strength of DES in brief. Also explain the triple DES. Answer AKTU 2018-19, Marks 10 Strength of DES : Refer Q. 1.18, Page 1-16D, Unit-1. ‘Triple DES: 1. In triple DES, three stages of DES are used for encryption and decryption of messages. 2. This increases the security of DES. Two versions of triple DES are : a. Triple DES with two keys: In triple DES with two keys, there are only two keys K, and K,. ‘The first and the third stages use the key K, and the 1 second stage uses ‘The middle stage of triple DES uses decryption (reverse cipher) in the encryption site and eneryption cipher in the decryption site.Eneryption H = . r aa ' 1 DES cipher <—% TP] DES reverse cipher} | 1 ¥ \ ' i 1 7 ' -bit middle text | 1 G4-bit middle 1 ‘ 1 1 ‘ Decryption t ' DESepber | — Ko—Te] DES revere sn] ' 1 ' i ¢ ‘GET ciphertext C[_ GF bitciphertest (Big. 120.1. Triple DES with two keys, ‘Triple DES with three keys: 1. This cipher uses three DBS cipher stages at the enemy site and three reverse cipher at the decryption site, Pia) 2 ‘The plaintext is first encrypted with akey K,, then o with a second key K, and finally with a third key K,, where! Kyend Ky are all different. 4 ‘Triple DES with three keys is used in PGP and Samp. Plaintext can be obtained by first decrypting the ciphertext with the key K,, then with K, and finally with K, P= Dy, Duy (Dg, (C)). plaintext t I t DES cipher |< — K, +} DES reverse cipher| 1 ¥ I | t ¥ t t DEScipher — |-<— bol DES reverse cipher ' t 1 \ ' i 1g ig i ' DES reverse cipher |<¢— K,—t»| DES cipher pa : 1 ' i t i 7 64-bit ciphertext c[G&bit aphertext_] can be avoided in 3 DES? ABTU 2014: JES with three keys.1-20D (IT-Sem-7) Introduction e 4-eneryption into two ‘The main idea behind the algorithm is to dissect th iddle attack to each of 2-encryption schemes, and to apply the meet-in-mi them separately. Mect-in-middle attack can be avoided as: 1. Triple DES can use three key scenarios : two keys are identical an is independent. 2. While no eneryption method is totally uncrackable, method used (including the number of keys) increases effort needed to break the encryption. 3, Now each encryption level in triple DES is only 56-bits, using three identical keys means once the key is uncovered, a meet-in-middle attack is possible because one key allows across to all the envelopes and the data payload. 4, Using two keys provided 112-bits encryption (56-bits x 2) and s considered a safe way to prevent meet-in-middle attacks: This is how meet-in-middle attack is avoided in triple DES—~ ‘Que 1.22. | Write a short note on IDEA. Answer 1. The International Data Encryption Algorithm (IDEA) is a block cipher and cryptographic algorithm that uses a 128-bit long key and both diffusion and confusion for encryption. 2. This makes it more secure than the widely known DES, which is based on the use of a 56-bit key. 3. IDEA also operates on 64-bit plaintext blocks, and uses the same algorithm for encryption and decryption. 4, E-mail privacy technique called Pretty Good Privacy (PGP) is based on IDEA. 5, Following are the strength of IDEA : a. The IDEA algorithm is resistant to all known cryptanalysis attack. b, It uses a 128-bit long key. To attempt a cryptanalysis attack on IDEA, the attacker needs to perform 2228 encryption operations, which is practically infeasible. d one the encryption the time and © € 1.28, | Describe IDEA encryption and decryption in brief. Also explain, how can we generate cryptographically secure pseudo- AKTU 2017-18, Marks 10 random numbers ?Cryptography & Network Securit Answer WDEAencryption: 1-21 D ('P-Sem-7) 1. IDEA Unternational Data Encryption Algorithm) is a block cipher that, works on 64-bit plaintext and 128-bit key. The 64-bit plaintext block is divided into four portion of 16-bit plaintext (P, to P.). These arc input to the first round There are eight such rounds, The key consists of 128-bits. 4. Incach round, six sub-ke; of these sub-key consist 2 are generated from the original key; each s of 16-bits. 5. For the first round we have key K, to K,, for second round we have keys K, te K,, and finally the last round. The final step consists of an output transformation, which uses four sub-keys (Ky to Kya). The final output is produced by the output transformation step. The blocks C, to C, are combined to form the final output. P, (16 bite) Py (16 bit) Py (16 bite) Py (16 bits Round, a hic MAREE. SCA IAMS | Ke Round 2 is iI ig = 7 pf Pe Kas ound 8 Ee x yy 4 at Ky Output Transformation |S 3 i, 7 YY C, (6 bitsiC, (16 bits)C, (26 bite) Cy AG bits) Fig. 1.28.1, Steps in IDEA. IDEA decryption : The decryption proce: ss is exactly the same as the encryption process with some alterations in the generation and pattern of sub-keys. The decryption sub-keys are actually inverses of the eneryption sub-keys. Cryptographically Secure Pseudo-Random Numbers Generator (CSPRNG) :A Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) is a Pseudo-Random Number Generator (PRNG) with properties that make it suitable for use in cryptography.1-22D (I'T-Sem-7) Introduction Generating pscudo-random numbers eryptographically : 1. The generation of random number in CSPRNGs uses entropy obtained from a high-quality. 2 Wecan generate pseudo-random number using counter mode. 3, Asecure block cipher can be converted into a CSPRNG by running it in counter mode, 4, Incounter mode, secure block cipher is converted in eryptographically secure pseudo-random number generator. Que 1.24. | Explain the sub-key generation in the IDEA algorithm. mee Asub-key generation process is used to generates the sub-keys as follows : 1. In the first round, six sub-keys of 16 bits each, that is, 96 bits are required. Therefore, the first 96 bits at 128-bit key (say, K) are used for the first round. The rest of the key bits (97-128) remain unused and, thus, are kept for the second round. 2, The second round also requires six sub-keys of 16 bits each; that is, a total of 96 bits. However, we have only 32 unused bits of the key K and, therefore, we need 64 bits more, To generate the rest of the bits, the IDEA algorithm] uses the key shifting technique. 3, Inthe third round, we have 64 unused bits of key K’ generated in the second round, and 32 bits are still required. Thus, the key shifting technique is again applied, and the key K’ is left shifted by 25 bits. This process continues to obtain 96 bits in each round. 4, The output transformation stage also needs four sub-keys of 16 bits each. Que What is the difference between block cipher and stream cipher ? What are the different modes of block cipher operation ? Explain any one of them. AKTU 2014-15, Marks 05 OR Explain different block cipher mode of operation. AKTU 2016-17, Marks 10 OR What is block cipher ? Discuss block cipher mode of operations. AKTU 2017-18, Marks 05 Answer Block cipher : Refer Q. 1.10, Page 1-9D, Unit-1. Modes of operation of block cipher: 1. Cipher Feedback Mode (CFB) : CFB mode is used where block size are smaller in size.2. Electronic Codebook Mode (ECB): a. This is the simplest mode, The plaintext is divided into N blocks. ‘The block size is n-bits, If plaintext size is less than multiple of n then extra padding is used in last block. b. ‘Thesame key'is used to encrypt and decrypt each block. For lengthy messages, the ECB mode may not be secure. ¢ Thorelationship between plaintext and ciphertext block is shown below : Encryption: C, = B,(P)) Decryption: P,=D,(C) where E: Eneryption D: Decryption P, ; Plaintext block i ,: Ciphertext block i 3. Ciphertext Block Chaining (CBC) mod a. In CBC mode, each plaintext block is Exclusive-ORed with the previous ciphertext block before being encrypted. b. For the first block a Initialization Vector (IV) is used for EX-ORing the sender, and the receiver agrees upon the predefined initialization vector. ¢ Therelationship between plaintext ‘and ciphertext block is shown below : 4. Output Feedback (OFB) mode: a. Itisvery similar to CFB mode, with one difference. Each bit of the ciphertext is independent of the previous bit. This avoids flow of error from one block to another. b. One advantage of this method is that bit errors in transmission do not propagate, One disadvantage of this method is that it is more vulnerable to a message stream modification attack than is CFB. 5, Counter mode + a. Incounter mode, a counter equal to the plaintext block size is used. For encryption, -he counter is encrypted and then XORed with the plaintext block to produce the ciphertext block. b. Fordeeryption, same sequence of counter values is used, with each encrypted counter XORed with ciphertext block, ¢ Counter mode is used in hardware and software efficiency, preprocessing, security and simplicity, Difference : Refer Q. 1.11, Page 1-10D, Unit-1QL Ane Q2 ABE Q3. ane Qa ABs Q5. NBS: Q.6. aie Qn Introduction peapamsem 124 Compare and contrast substitution techniques with transposition techniques under classical encryption. Refer Q. 1.5. What is the difference between block cipher and stream cipher ? What are the different modes of block cipher operation ? Explain any one of them. Refer Q. 1.25. What is the Shannon's theory of confusion and diffusion in terms of information security ? Refer Q. 1.14. Explain Feistel eneryption and decryption algorithms. What js the difference between diffusion and confusion ? Refer Q. 1.16. Discuss DES in detail with suitable block diagram. Refer Q. 1.17. List the strength of DES in brief. Also explain the triple DES. Refer Q. 1.20. Deseribe IDEA encryption and decryption in brief: Also explain, how can we generate cryptographically secure pseudo-random numbers ? Refer Q. 1.23. @OO! Advanced Encryption Standard UNIT CONTENTS Part-I : Introduction to Group,.. semen 22D to 2-6D Field, Finite Field of the form GF(p), Modular Arithmetic, Prime and Relative Prime Numbers, Extended Buclidean Algorithm Part2 : ‘Advanced Eneryption Standard (AES) Eneryption and Decryption, Fermat's and Euler's Theorem, Primality Testing | $2-6D to) 2-11) Part-3 : Chinese Remainder Theorem 2-11D to 2-15D Part-4 : Discrete Logarithmic ...coccsonnennnn 215D Lo 2-22D Problem, Principals of Public Key CryptoSystems, RSA Algorithm, Security of RSA Le ae 24 DUT2-2,D (I'T-Sem-7) Advanced Encryption Standard PART-1 Introduction to Group,Field, Finite Field of the form GF(p), Modular Arithmetic, Prime and Relative Prime Numbers, Extended Euclidean Algorithm. Questions-Answers ‘Long Answer Type and Medium Answer Type Questions Que 2.1. | Define group field and finite field of the form GF(p). AKTU 2015-16, Marks 10 Quezt. | Group : A group G, denoted by (G, #}, is a set of elements with a binary operation ‘* that satisfies following four properties : 1. Closure :c=aeb 2 aehecsaetbec) 4. Inverse rasa’ Js: A field P, denoted by (F, +, x}, is a set of elements with two binary’ operations, called addition and multiplication, such that for alla, 6, ¢ in F the lnllowing axioms are oboyed + 1 Fi vintegral demain, 2 Multiplicative inverse : For each a in FP, except 0, there is an element ‘in Psuchthatad '=(a Ya=1 Bip) fields : When 1 = 1, we have Gk¢p) field, This field can be the set Z,. (0. 1... p— 1), with two arithmetic operations (addition and multiplication! In this set each clement has an additive inverse and that nonzero clements have # multiplicative inverse (no multiplicative inverse for ov For example : A field GF(2) with the set (0, 1) and two operations, addition and multiplication, is shown as Grey 7 (apo 1 xfo 7 wn Go fs v ooo —> Lo [:Lo 1 Addition Multiplication if. 2.1. GP(2) Held.Cryptography & Network Seeurity Quez2, | Explain finite field of the for GFW) & Gren With | AKTU 207 le. 18, suitable example. Manag Answer GF(p) fields : Refer @. 2.1, Page 2-2D, Unit-2, GF(@p") fields: 1. The order ofa finite field must be of the form p", where p is a niga positive integer. Prime ang 2 Usingmaular arithmetic in all ofthe axioms or fil at sath For polynomials over p*, with n > 1, operations modulo pr qe . produce a field. lot For example : Consider the two polynomials in GE(28) fix) =x8txteat ere Land g(x) =x7 4444, GSaxtetert D+GT tet DeaTe x8 gat y yt (polynomial notation) (01010111 © (10000011) = (11010100) (binary notation) (57) (83) = {D4} (hexadecimal notation) Que 23. | Define ring and field. Give an example of ring which ig PU 201 not a field. AKTU 2014-15, Marks 05 Answer \ Ring: A ring R, denoted by (R, +, «|, is a set of elements with two binary operations, called addition and multiplication, such that for alla, b,c in R the following axioms are obeyed : 1. Closure under multiplication : Ifa and h belong to R, then ab is also ink. 2 Associativity of multiplication : a(be) = (ab) for all a,b,c in R, 3. Distributive laws : alb +c) = ab +ac for alla, bein Rk (a+b)e=ac+be foralla,b, 4 Commutative of multiplicatio 5. Multiplicative identity : There is al= laforallainR. sors : Ifa, b belong to and ab = 0, then either a =0 or ink ba for alla, bin R. element J in R such that 2DA, Unit-2. (2, +, * is an example of'a ring, which is nol a field because element of the set Z i.c., integer haya multiplicative inverse. Que 2, Explain the term modular arithmetic. orSem-1) Advanced Encryption Standard 2-4 DT What are the properties of modular arithmetic operation ? AKTU 2015-16, Marks 10 Answer 1, Modular arithmetic is a system of arithmetic for integers, where numbers reduces to a certain value i.e., the modulus. 2, Modular arithmetic is used in number theory to calculate checksums and identifiers to spot error 3. Modular arithmetic is used to limit the size of integer coefficients in intermediate calculation and data. [Link]. Property Expression 1. | Commutative laws | (w +x) mod n= (x +w) mod n (w x x) mod (x x w) mod n 2, | Associative laws [(w + x) +y] mod n= [w +(e +y)] mod nl [(w x x) x y] mod n = [w x (x x y)] mod n 3. _ | Distributive law lw x (x +y)] mod n= [(w x x) + (w xy] mod n 4. | Identities (0 + w) mod n = w mod n (1x w) mod n = w mod n 5. Additiveinverse(—w)| For each we Z,, there exists zsuch that w +z=0 mod n Que 2.5. | What is prime and relative prime numbers in yplography and network security? [AKTU 2018-19, Marks 10 fc Answer Prime numbe 1. Aprime number is an integer that can only be divided without remainder by positive and negative values of itself and 1. Any integer u > 1 can be factored in a unique way as : = pT DE BP son B ure prime numbers and each a, is a positive the fundamental theorem of arithmetic. 3. Ifp is the set of all prime numbers then any positive integer @ can be written uniquely in the form : where p, 0Cryptography & Network Security Q Relatively prime numbers ‘Two integers a and b are relatively prime if gedl (a, 5) = 1 The integers a). 4) + @, are pair-wise rel (a,a)=1 whenever 1 $i 0) 1 qisah ath2-6) (IT-Sem-7) Advanced Encryption Standard 8 10. n PART-2 Advanced Encryption Standard (AES) Encryption and Decryption, Fermat's and Buler’s Theorem, Primality Testing. Questions-Answers Long Answer Type and Medium Answer Type Questions Que 2.7. | State the Advanced Encryption Standard (AES). Also provide the functioning of AES. AKTU 2018-19, Marks 10 OR a Write a short note on Al AKTU 2017-18, Marks 05 Answer 1. AES is a block cipher intended to replace DES for commercial applications. It uses a 128-bit block size and a key size of 128, 192, or 256 bits. 2 AES does not use a Feistel structure. Instead, each full round consists of four separate functions ; byte substitution, permutation, arithmetic operations over a finite field, and NOR with a key. 3 AES isa non I cipher that encrypts and decrypts a data block of 128 bits. AES us asymmetric key algorithm. Functioning of A 1 Encryption pro four sub-processe ach round comprise of shown as In encryption proe Vhe first round process is| Cryptography & Network Security 2-1D OT Sey, Cipher key Plaintext K (128 bits) ‘AddRoundKey SubBytes ShiftRows n 3 g 5 MixColumns a K, (128 bits) ‘AddRoundKey a. Byte substitution (SubBytes) : It uses an S-box to perform g byte-by-byte substitution of the block. The result is stored in a matrix of four rows and four columns. . Bb. ShiftRows ! Bach of the four tows of the matrix is Shifted in the left. Any entries that ‘fall off are re-inserted on the right side of row. c MixColumns : Each column of four bytes is transformed using a special mathematical function. This funetion takes four bytes of one column as input and generates outputs of four completely new bytes, which replace the original column. The result is another new matrix consisting of 16 new bytes. This step is not performedin the Jast round. &. AddRoundKey : The 16 bytes (128 bits) of the matrix are XORed to the 128 bits of the round key. If this is the Jast round then the output is the ciphertext. Otherwise, the resulting 128 bits are interpreted as 16 bytes and other similar round starts again. 2. Deeryption process : The process of decryption of an AES ciphertext is similar to the encryption process in the reverse order. Each round consists of the four processes conducted in the given order : i. AddRoundKey fi MixColumns iii ShiftRows iv. Byte substitution : Since sub-processes in each round are in reverse manner the encryption and decryption algorithns needs to be separately implemented. Que 2, What are the advantages and disadvantages of ‘AES?2-8D (IT-Bem-7) Advanced Eneryption Standard [iswer Advantages ! 1 Tcis most robust security protocol asitis implemented in both hardware and software. Ttusos higher length key sizes such as 128, 192 and 256 bits for encryption. Hence it makes AES algorithm more robust against hacking. 3. Ttis most common security protocol used for various applications such as wireless communication, financial transactions, e-business, encrypted data storage, ete. For 128 bit, about 2128 attempts are needed to break. This makes it very 4, difficult to hack it as a result it is very: ‘safe protocol. Disadvantages : 1, Ituses simple algebraic structure. Every block is always encrypted in the same way. Hard to implement with software. AES in counter mode is complex to implement in software taking both performance and security into considerations. the Fermat's little theorem. Using Fermat’s ARTO 201415) Marks 05] Ae ‘Que2.9."| Deserib theorem, find the value of 3201 mod 11. Fermat’s little theorem : 1. Format’s thoorem also known as Fermat's little theorem states that if Pis prime and ‘a’isa positive integer not divisible by Pthen : a?t= 1 mod P 2, Second condition says that if, Pisa prime and q isan integer, then a? =a mod P. Proof : Z, is the set of integer (0, 1... P= 1) when multiplied by a modulo P, the result consists of all the element of Z, in some sequence, furthermore, a x 0 = 0 mod P. Therefore, the (P- 1) numbers (a mod P, 2a mod P, ..., ((P—1)a mod P)} are just the number (1, 2... (P= 1)} in some order. Multiplying the numbers in both sets and taking the result mod P gives ax2ax...x (P= 1) a) = [(a mod P) x (2a mod P) x... x((P- Da mod P)] mod P = [1x2x...x(P-D] mod P = (P-1)! mod P But, ax 2ax,..x(P=Da)= (P-1) la? (P-1!aP-! = (P~1)!mod PCryptography & Network Security 29D OTe. 1s 1mod P Numerical: 310s 1 (mod 11) ‘Therefore, 9201 = (g10)20 x 3 3 (mod 11) WaeTAO] state and prove Buler theorem. Euler's theorem : This theorem states that for every a and n that ay, relatively prime : e aM) = 1 (mod n) (2.10.1) Proof: a Equation (2.10.1)is true ifn is prime, because in that ease én) =(n_) | and Fermat's theorem holds. b. Weknow that on) isthe numberof positive integers less than n that are relatively prime ton. Consider the set of such integers : ype. each element x of isa unique positive integer ith ged (x, n) = 1. 4. /-Now multiply each element by a and:nadulo ns $= ((ax, mod n), (ax, mod n), ..., (ay, mod n)) e. Because a is relatively prime ton and xis relatively prime to n, az; must. also be relatively prime ton. Thus, all the members of § are integers that are less than n and that are relatively prime ton. There are no duplicates in S. £ fax, mod n = ax, mod n then x, wo yn) Therefore, | [(ax, mod n) = [J x, = il 4) ay TT ax, T% cmod n) ray 1%: (mod n) at” x x= a” = (mod n) ‘Que 2:11, | Explain Euler's totient function. 1, Euler's totient function, (Buler’s phi function) denoted as 4(n), is the function contains number of positive integers that are smaller than and relatively prime ton. The set of these numbers is represented by 2.2-10D (IT-Sem-7) Advanced Encryption Standard 2. Asset of rules used for calculating the value of $(n) : Rule 1: 4(1)=1 Rule 2: ((p) =p ~1, if pis a prime number Rule 3: 4(m * n) = 6(m) * (n), if m and n are relatively prime Rule 4: (p®) = p*— p°~}, if p is prime 3. To compute 4(n), suppose that we have two prime numbers p and q, such that p #q and n = pq. Then : on) = $9) = oP) * 4) =>(p-)*@-D What is primality testing ? What are its categories ? is used to check whether a given large number is prime or composite. 2. Thealgorithms for checking the primality are divided into two categories : a. Deterministic algorithm : This algorithm accepts anumber (say, p) as input and output the result, either that p is prime or that pis ‘composite. There are two types of deterministic algorithms Basic algorithm : This algorithm check whether a number p is prime or not is to divide p by all values m (from 2top—1) and check whether p is fully divisible by any value of m. ii, Divisibility algorithm : In this algorithm, instead of testing upto p —1, testing upto only \p is sufficient. The reason behind this is that if p is composite, then it can be factored into two values, and atleast one of the values must be less than or equal to \p. b. Probabilistic algorithm : This algorithm is use to check the probability of a number being prime. These algorithms accept an integer p and output the probability of p being prime. There are two types of probabilistic algorithm tests : i, Fermat's primality test : This is a probabilistic test that checks whether a number is prime or not. Miller-Rabin test : It is also a probabilistic test to check whether a number taken at random is prime or not. This test returns the result as composite if p is not prime, or as inconclusive if p may or may not be a prime number. Ques Give the Miller-Rabin algorithm for testing primality.Cryptography & Network Security 21D UT-Sem.7, ial i sa eee eters Eas ea] ‘The Miller-Rabin algorithm (Rabin-Miller test) is used to test 0 large number for primalit 2 It is a polynomial: O(og n)). 3. InMiller-Rabin algorithm, we take into account two basic properties of prime numbers: * a Ifpisaprime number and xis positive integer (1<2 0 and q is odd, then.x? mod p = 1 or x? = 1 (mod p). (Que 8.14] Write the pseudocode for Miller-Rabin primality testing, ‘Test whether 61 is prime or not using the same Miller-Rabin tes me algorithm with a run-time complexity of nae Pseudocode for Miller-Rabin primality testing: Miller-Rabin(Biglateger n,int s) //return “true” or “false” H/test whether nis prime } Wf tt returns “false”, then n is not prime ; fit returns “true”, then n is prime ; with probability atleast 1-2 ** (-s). 11s is number of tests we want to perform on'n. BigInteger a; for (int i = 1 i <=; +44) a= Random (2, n— 1); if Witness (a, n) return false ; ) return true: ) Numerical ; We know that ifn is a prime, a’-1=1modn We use base (b) 2, 61-1= 15x 2?-4n=15,8=2,a=2 Initialization : b = 2 mod 6: 1 mod 61 sel, b= 11? mod 61 = - 1 mod 61 (prime) Hence, 61 is a prime number.2-12D (1T-8em-7) Advanced Encryption Standard imultaneous i Chinese remainder theorem : : 1. The Chinese Remainder Theorem (CRT) is used to solve a set of congruent equations with one variable but different moduli, which are relatively prime. 2. x =a, (mod m,) x =a, (mod m,) x=a, (mod m,) ‘The Chinese Remainder Theorem states that the above equations have a unique solution if the moduli are relatively prime. 3. The solution to the set of equations follow these steps = a. Find M=m, x my x..... x my. This is the common modulus. vb. FindM,=M/m,M,=Mimy,. M,=Mim,. c. Find the multiplicative inverse of M,, M, . . . My. Using the corresponding moduli (m,, mg, .-» ™m,). Call these inverses as M,7, Mz)... Mp. The solution to the simultaneous equations is : x= (a,xM,xM,1 +a, xM,xMz*+.. +a, xM, x M1) mod M Numerical : Solving simultaneous congruence for X = 2 mod P for all P < (3,5, 7) X= 2mod P for all P ¢ (3,5, 7) X=2mod3 X=2mod5 X=2mod7 Step 1: M=3x5x7=105 Step2: M, = 105/83 = 35 Mg = 108/ Mg= 105/7=15 Step3: My1= (85 xx) mod 2=1My (21 xx) mod 2=1 uy ans nls al = (2x35 x1 of x for the following sets 0 remainder theorem. X=2mod7andX= 3 Chinese remainder theorem : Refer ‘Numerical: X=2mod7 X=3mod9 = (10 + 42.+ 30) mod 105 = (142) mod 195. mod 9. 4+2x21x1+2% 15 x 1) mg ct “| pefine the Chinese remainder theorem. Find the ¢ Congruence using the an Nea Q. 2.15, Page 2-12D, Unit.2 =H ‘mod 7 = 9?-? mod 7=9mod7=2 77} mod 9 a = 700)-1 mod 9 =P! mod 9 = 7mod9 = 49 mod 9 =4 X= (ay xMyxMy* +0, x M, x My") mod 63 Xa (2x9x2 43x 7x 4)mod 63 X= 120mod 63 X=67 What do you understand by C hinese Remainder Theorem ? Solve the following congruent equations by Chinese Remainder Theorem : i Xz2mod3 ii, X=3mod52-14D (IT-Sem-7) Advanced Encryption Standard Anewer | Chinese remainder theorem : Refer Q. 2.15, Page 2-12D, Unit-2. Numerical: Step 1: Given ‘Thus, common modulus M = m, x my = 3x5=15 Step 2: Compute M,,M, M,= 15 25 m= 18 =3 Step 3: Compute the multiplicative inverse of M, and M, in modulo ™m, nd m, respectively M,-1= (6 x x) mod ‘i F M,-1= (8 xx) mod Step 4: The solution to the simultaneous equation is as follows : = (ay XM, x My} 43% My xM,~1)mod 15 = (2x 5x 243x3x 3) mod 15-47 mod 15=2 the Chinese Remainder Theorem with example. Explain How Chinese remainder theorem provide the security to online information sharing transactions. _ [/AKTU(2018-19, Marks 10 oR Explain Chinese remainder theorem with example. (AR TUBOIETT, Man Chinese remainder theorem : Refer Q. 2.15, Page 2-12D, Unit-2. Security to online information sharing transaction : 1. Chinese remainder theorem enables end-to-end transport layer security between WAP clients and servers located across the wired internet. 2. Ituses secret sharing, which consist of distributing a set of shares in the form of congruence, among the group of people who all together can recover that secret share. Find the values of x for the following sets of Congruence using the Chinese remainder theorem. X= 2(mod 3)Cryptography & Network Socurity X=1(mod4) X= 3(mod5) X= 2(mod 3) 15>? mod 4 = 154)-T mod 4 = 15'-!mod 4 12-* mod 5 = 1245-1 mod 5 12% mod 5 = 1728 mod 5 =3 X= (ay x My Z,, (where Z,, denotes the ring of integers modulo n) by assigning to g the congruence class of f modulo n. 6. This function is agroup isomorphism, called the discrete logarithm to base b. For example, consider (Z,,)". To compute 34 in this group, we first compute 3¢=81, and then we divide 81 by 17, obtaining a remainder of 13. ‘Thus 3¢ = 13 in the group (2,,)". What is the principle of public-key eryptosystems ? Discuss the applications for public-key cryptosystems. [ARTO 2015-16 MAI] p-vD ngruence classes (1, Jement g of Gcan be written in ting g will be congruent I | Principle of public-key cryptosystem : The concept of public-key cryptography evolved from an attempt to solve the most difficult problems associated with symmetric encryption i.e., (1) two communicants already share a key, which has been distributed to them and (2) the use of a key distribution center. The second problem negates the very essence of cryptography: the ability to maintain total seerecy over the communication. ‘Applications for public-key cryptosystem : The use of public key eryptosystems is classified into three categories : a, Eneryption/decryption : The sender encrypts a message with the recipient's public key.Cryptography & Network Security b 4 21TD AT-Gem, 5 Digital signature : The sender signs a message with its private ke Signing is achieved by a cryptographic algorithm applied to the message or toa small block of data that is a function of the message, Key exchange : Two sides cooperate to exchange a session key, Severs, different approaches are possible, involving the Private key(s) both parties. fone of ‘QEEEA] Describe RSA algorithm, encryption and decryptigg function. In RSA, given e = 07 andn =3, Encrypt the messa, using 00 to 25 for letters A to Z. ‘ge “ME” 1. BSAisa public key encryption algorithm, named for its inventors Rivest, Shamir and Adleman). 2. The RSA algorithms is based on the mathematical part that itis easy to find and multiply large prime numbers together, but it is extremely difficult to factor their product. Key Generation: 1... Select two prime numbers p and such that\p 2 @ 2° Caleulaten =p xq 3. Caleulate &(n) = (p = 1q—1) 4. Select integer e such that ged ($(n),e)= 1; 1 <+— Destination B —> K | Compare ig: 3.1 2 Message authentication and confidentiality (Authentication tied to plaintext) : It uses two separate key each of which is shared by,q 3-8 D (T-Sem-7) Message Authentication Code, input and is then concatenated to the message. The entire block is then encrypted. M . compels BK, (MICK, MDE & Ky cK, M) | | the sender and the receiver, The MACis calculated with the message ns 3. Message authentication and, confidentiality (Authentication tied to ciphertext) : The message is encrypted and then MAC is calculated using the resulting ciphertext and is concatenated to the ciphertext to form transmitted block. Elk, ML+€ ~ pe 1 & C 1" t CK, EK, 30), 7 PRig'853.) | What are the properties of modular arithmetic _ operation ? What are the requirements of Message Authentication Code (MAC) ? List andexplain them. [[AKTU 2015-16) Marks110] SNe] | Expression 1 Commutative laws | (w +x) mod n= (x +w) mod n (w x x) mod n = (x x w) mod n w +(x +y)] mod nl » x(x xy)) mod n 2. | Associative laws {(w +x) + y] mod n (iw x x) xy] mod n 3. | Distributive law fw x (e+ y)} mod n= [(w x x) + (w x y)] mod n 4, | Identities (0 + w) mod n = w mod n (1 x w) mod n= w mod n Additive inverse (-w)| For each w Z,, there oxists z such that w +z=0 mod n aCryptography & Network Security 3-9D (IT-Sem-7) Requiremonts for MACs : Refer Q. 3.4, Page 3-6D, Unit-3. Tin] write the objectives of HMAC. Describe the HMAC Objective of HMAC are: she ot use available hash functions without modifications. we 2. Toallow for easy replaccability of the embedded hash function in case * faster or more secure hash functions are found or required. 3, To preserve the original performance of the hash function without _ ” ncurring a significant degradation. 4, Touse and handle keys in a simple way. HMAC algorithm : oe ‘Append zeros to the left end of K to create a b-bit string K*. XOR K* with ipad to produce the b-bit block S, ‘Append M to S,, , ‘Apply H to the stream generated in step 3. XOR K* with opad to produce the b-bit block S,,. ‘Appends the hash result from step 4 to S,, ‘Apply H to the stream generated in step 6 and output the result. Where, ... K = Secret key. ; K° + K padded with zeros on the left so that thé result is bbits in length ipad = 00110110 repeated b/8 times opad = 01011100 repeated 6/8 times M= Message input... H = Embedded hash function’ ‘Que 3.8. | Discuss the security of HMAC. ‘Answer © 1. The security of HMAC depends on the cryptographic strength of the embedded hash function, the size of secret key used and the length of the message digest produced. 2, The probability of attacking HMAC successfully is equal to either of the following attacks on the embedded hash function : a. The intruder can calculate the output of compression function without having the knowledge of IV (Initalization Vector), which is selected at random and kept secret. b, The intruder determines the collisions in the hash function even ifthe IV is secret and random. 3. ‘The intruder selects a random value of n bits (i.e. the length of the message digest produced) and uses it in place of IV. Ae eewyTE: AR A Rae q $-10D ('T-Sem-7) Message Authentication Codeg Se eee 4. Theintruder needs to determine two messages, Mf, nnd M,, such that when the hash function H is applied on them, they yield the same | output, thatis, H(M,) =H (M,). 5. The intruder can attack MDS by selecting some set of messages and | generating the corresponding hash codes to determine the collisions, 6, Fora 128-bit hash code in MDS, this requires observing 264 blocks generated using the same key. The use of MDBiis acceptable to HMAC as far as speed is concerned. PAR’ Que 3. What is hash function ? Discuss SHA-512 with all required steps, round function and block diagram. JAKTU 2017-18) Marks 10 Hash function : 1. Acryptographic hash function is a transformation that takes an input and returns a fixed-size string, which is called the hash value. 2. Abash value h is generated by a function H of the form : h=HO) where M is the variable length message and H(M) is the fixed length hash value 3. The hash value is appended to the message at the source at a time when message is assumed or known to be correct. 4, The receiver authenticates the message by recomputing the hash value. ‘The ideal hash function has three main properties : a. Itis extremely easy to calculate a hash for any given data. b. Itis extremely difficult to calculate a text that has given hash. | ¢. It is extremely unlikely that two different messages, however close, will have the same hash. Working of Secure Hash Algorithm (SHA) : The | input a message with maximum length of less than 2" bits and produces as output a 512-bit message digest. ‘The input is processed in 1024-bit blocks. | ‘The processing consists of following steps : | a Igorithm takes as |Cryptography & Network Security 3-11 D (IT-Sem-7) Step 1 : Padding: The first step in SHLA is to add padding to the end of the original message in such a way thatthe length of the message is 64-bits short ofa multiple of 512. pend length : The length of the message excluding the length of 3 Step 2: g 2 the padding ‘is calculated and appended to the end of the padding as a 64-bit block. Step 3: Divide the input into 512-bit blocks : The input message is divided into blocks, each of length 512-bits. These blocks become the input to the message digest processing logic. Step 41 Initialize chaining variables : Five chaining variables A through F are initialized. In SHA, we want to produce a message digest of length 160-bits. Therefore, we need to have five chaining variables. Step 5 : Process blocks : Main algorithm is executed in process block. Round Functions : 1, The round function computes a new value for variable A and shifts all working variable once per round. 2, The computation for variable A is a five operand addition modulo 2% where the operands depend on all input words, the round-dependent constant K,, and the current message word W,. Block diagram of SHA-512: Message Registers Length counter fy & A ¢ a é z 2 2 s Lyl-»| SHA1 Round e = é 3 Operations e = = | ||Padding| z 4 g 3 Unit 2 2 a Input SHA 1 Engine Fig. 8.9.1. 1. The core is composed of two main units, the SHA1 Engine and the padding unit. 2. The SHA1 Engine applies the SHA1 loops ona single 512-bit message block, while the padding unit splits the input message into 512-bit blocks and performs the message padding on the last block of the message. 3. The processing of one 512-bit block is performed in 82 clock cycles and the bit-rate achieved is 6.24 Mbps / MHz on the input of the SHA1 core.oN 3-12 (1T-Sem-7) Message Authentication Cea, " es secure Characteristics (requirements) of secure hash function ; 1. The hash function should be applicable on a block of data of 2 The output produced by the hash function should always length. 3.__ For any given message or block of data, it should be easier to Benerate the hash code. 4. Given a hash code, it should be nearly impossible to determine the corresponding message or block of data, 5. Given a message or block of data, it should not be computational}, feasible to determine another message or block of date generating thy, ‘same hash code as that of the given message or block of ‘data. & No two messages or blocks af data, even being almost similar, should be likely to have the same hash code. Fay size, be of fixeg B.11.| Differentiate between the following : a. Hash code and Message Authentication Code (MAC) b. ‘Weak collision resistance and Strong collision resistance TARTU SNS ae AKTU 2014-15; Marke 10. [Link]. Hash code Message Authentication Codel 1. | Hash code is a function that | A message authentication code is takes message of variable | a cryptographic checksum on data length and returns a fixed | that uses a session key to detect length code. modification of the data. 2, | Hash code can have many | MAC requires two input ie, a numbers of inputs i.e., (i,, | message and a secret key. My My.) 3, | Hash code is us indexing and retrieving items in hashing, for | MAC is used for authentication and verification of received message,GryptograP! hy & Network Security 3-18 D (T-Sem-7) at eon i ak Seliaton voslatant i that, it is is the property that, for a |It is the property that, vie nes of fh, it is | infeasible to find any pair (x, y) S fonsible to find y =x with | such that H(z) =H). Hy) = He). It is bound to a particular | It can be applied to any two input. arbitrary inputs. Brute foree attack takes 2" | Brute force attack takes 2”? ways way to break weak collision {to break strong collision resistance. resistance. ‘Ques: Give the mathematical basis of the attack. Describe birthday attack against any hash function. AKTU 2014-15, Marks 10 | lAnswer’ | Birthday attack against hash function : 1 2 ‘Suppose that a 64-bit hash code is used, If an encrypted hash code C is transmitted with the corresponding unenerypted message M, then an opponent would find an M’ such that H(M’) = H(M) to substitute another message. ‘The source, A, is prepared to sign a message by appending the appropriate m-bit hash code and encrypting that hash code with A’s private key. ‘The opponent generates 2”? variations on the message, which convey some meaning, He prepares an equal number of messages, all of which are variations on the fraudulent message to be substituted for the real one. The two sets of messages are compared to find a pair of messages that produces the same hash code. The probability of success is greater than 0.5. If no match is found, additional messages are generated until a match is found. ‘The opponent offers the valid variation to A for signature. This signature can then be attached to message for transmission to the intended recipient. As the two variations have the same hash code, they will produce the same signature, Mathematical basis of the attack t Given a hash function H, with » possible outputs and a speeifi¢ value H(), if H is applied to & random inputs. Hence, the probability that atleast one input y satisfies Hy) = H(x) is 0.5.a | aS A AS 3-14D (IT-Sem-7) For a single value of, the probability that ly) = Hig ust Conversely, the probability that (y)° Hts) is 1 yap S88 Un, Ifwe generate & random values of y, then the probability tha thom match sjustthe product ofthe probabilities thet ce ingyeteot value does not match, or [1 - (1/n)}*, ida) Thus, the probability that there is atleast one ‘miter d 1-1 ama ch ig ‘The binomial theorem can be stated as follows : (1-a¥=1-ka+ Moat MED og | For very small values of, this can be spproximatedas (1 hn), Thy the probability of atleast one mateh is approximated as 1[1 Cink? 1- U1 ~ (hin) = hin. For a probability of 0.5, we have kona, t= jue $.13. | Write a short note on the properties of cryptographig hash function that impact the security of password storage, BP re a Non-reversibility (one-way funetion) : A good hash function should make it very hard to reconstruct the original password from the output, Diffusion (avalanche effect) : A change in, one bit, of the original Password should result im change to half the bits of its hash, Peterminisin A given password must always generate the same hash value or enciphered text. Collision resistance : It should be hard to find two different passwords that hash to the same enciphered text. Non-predictable : The hash value should not be predictable from the password. Secure Hash Algorithm (SHA) Digital Signatures : Digital Signatures, Elgamal Digital Techniques, Digital Signature i Standard (DSS), Proof of Digital Signature. Algorithm. : Questions-Answers Long Answer ‘Type and Medium Answer ‘Type Quest Que 3.14. | What do you understand from hash functions ? Discuss the working of Secure Hash Algorithm (SHA) in message authentication. AKTU 2018-19, Marks 10