Chapter 1 Introduction to Cryptographyshodhganga.inflibnet.ac.in/bitstream/10603/36964/9/09...1.1...
Transcript of Chapter 1 Introduction to Cryptographyshodhganga.inflibnet.ac.in/bitstream/10603/36964/9/09...1.1...
1
Chapter 1 Introduction to Cryptography
[A]Communication and Information Security
Human beings have started communicating long before they actually started
speaking. In biological world, communication need not be intentional or
cooperative. It comprises of physical or behavioral characteristics that influence
the behavior of others. Intentional communication is one in which the
communicator controls the use of signals. In case of the cooperative
communication, communicator’s goal is to help or share information with the
recipient. The information is some facts about emotions, knowledge or sense of
understanding. Humans have been using gestures, drawings, scripts and verbal
techniques for communication. Communication may done by directing the
attention of recipient spatially to something in immediate perceptual environment
or by directing imagination of recipient to something that is not in immediate
perceptual environment by simulating an action, relation, or object [72]. In tribes,
messages were used to be sent through smoke, drum beating etc. Use of verbal
and non-verbal, symbolic language to communicate was used much later and there
is no clear idea of the time with evidence, when written communication started. It
is believed that communication started with graphical symbols or drawings. There
have been proofs of use of writing about 7000 B.C. in the Indus valley civilization
that have been uncovered in Mehrgarh and other sites of the Harappan period of
2600-1900 B.C. called the Indus writing or the Sarasvati writing [104]. In fact,
Indian history enlists incidents of kings using birds like pigeons to send messages.
Some kings used the system of sending messages using foot messengers or horse
messengers. The senders have always desired to communicate information to be
available to its intended recipient only. Humans always were interested in
protecting their message information for various reasons – Trade secrets, personal
INTRODUCTION TO CRYPTOGRAPHY
2
information, business logic, secret recipe, private communications, art, religion,
military and diplomatic information etc were supposed to be communicated
securely. This intention has catalyzed the inventions of secure methods of
information transmission using some methods. There can be three approaches to
securely send the information:
1. Establish a secure communication line between users. This is never
possible, as there can be no such technology possible.
2. Use a public communication link to transmit information but in hidden in
some physical or non-physical material and one has to re-discover it. When
information is hidden in a picture, it is called steganography.
3. Transform information such that only an authorized receiver would get it
for reconstruction of original message. This is done by use of encryption
methods that transform the original information (plaintext) using some
operations and rules to ciphertext. At the receiver end, a decryption method
using operations and rules corresponding to the encryption is to be
performed to obtain back the plaintext.
Option 2 and 3 for information security have been in use for securing information
as secure communication line between each pair of users is not cost effective. In
Ramayana period, secure communication used by Sri Ram to send message to
mata Sita was by using his signatures (in form of ring) was carried along with the
message passed by Hanumaan Ji. “Pache Pawan tanay sir nawa, jaani kaaj
Prabhu Nikat Bolawa
Parsa sheesh saoruh paani, karmudrika deen jan jaani”. When Hanuman
presented the ring of Lord Ram to Sita ji, she recognized that the messenger
Hanumaan is genuine and was overjoyed. It presents a practical example that used
ring signature for authentication of message [53]. Kings used skulls of slaves for
writing the message that the sender kings wants to communicate to the recipient
SOME CRYPTOGRAPHIC ALGORITHMS FOR SECURE NETWORK COMMUNICATION
3
king. After the hair grew back to the skull, the slave travels to the recipient
carrying the secret message covered under his hairs. The recipient at other end
could receive the information by shaving the slave’s hairs from the skull [113]. In
the novel ‘Romeo and Juliet’ written by Shakespeare there are instances when
Juliet sent encrypted message to her beloved so that no villain can read the
message.
1.1 Communication Technologies
Means of mass communication used by humans have changed from time to time.
Ordinary mails needed time to deliver due to slower transportation facilities (both
water and surface) for taking the physical mails to their delivery points. The
scenario was changed to faster telegraph in 1835 when Samuel Morse, a professor
of arts and design at New York University, proved that signals could be
transmitted by wire. It used pulses of current to deflect an electromagnet that
moved a marker to produce written codes using dots and dashes on a strip of paper.
Until 1877, all long-distance communications that needs to be done faster
depended upon the telegraph. In 1879, the official arrival of another technique of
communication came into existence, the telephone system. With the invention of
telephone and now the telecommunication technologies, all brought a way to
communicate faster [70]. The use of telephone and telecommunication
technologies has been greater than its earlier means as it involved direct voice
connection between the persons involved. It was in 1962 that JCR Licklider
proposed the idea of a galactic network of computers that could talk to one another.
This was implemented in 1965 at MIT, America and there took the birth of
ARPAnet. In the year 1970, Vinton Cerf gave the Transmission Control Protocol
and the Internet Protocol to transfer packets over the network. Later, in 1991, Tim
Berners Lee introduced the World Wide Web: an internet that can be used to
access information by anyone apart from sending and receiving files using modern
INTRODUCTION TO CRYPTOGRAPHY
4
day Internet [109]. In the year 1992, when a group of researchers at University of
Illinois developed a browser that can be used to see words and pictures on the
same page and navigate using clickable links, Internet was used for commercial
purpose. It was this time that the Internet became a popular, powerful way of
communication.
1.2 Internet and Information
With invent of Internet and its means, the growth rate of volume of
communication has increased manifolds. Internet is not only cheaper means of
communication but also is faster than most of other modes. The rise in quality and
fall in price of communication has been a crucial factor in deciding the usage of
the medium of communication [9].
Two forces that have influenced use of means like cryptography in business and
establishment of Internet as a communication channel [46]. Internet technological
boom has made the society changed its way it create, collect, process, manipulate
and share the information. Present Internet savvy society shares the information
using various networks at the rate of millions of private messages per day [42].
Moreover, using Internet for business purpose is also on rise and this has further
promoted message communication, business, e-payments and online transactions.
Governments all over the world have also realized that the use of networks to
perform operations swiftly and have rightly promoted e-Governance. It deals
with application of Information and Communication Technology (ICT) for
delivering services, information exchange, integration of various systems and
services between Government to Citizens, Business, and Government. India and
many countries in the world have realized the importance of ICT in office
processes and interactions within the entire government framework [41, 49].
Planning Commission of India had proposed unique identification project that
provides identification for each resident across the country. It uses information
network of various organizations to link information about its citizens and aims to
SOME CRYPTOGRAPHIC ALGORITHMS FOR SECURE NETWORK COMMUNICATION
5
keep track of all academic and financial activities. Even this project faced
criticism due to issues related to security and privacy of information related to
persons that poses a danger to our sovereignty [2, 96, 108]. During electronic
transactions, people are missing the digital equivalents of traditional hand written
signatures, face-to-face recognition and thus do not like to share the information
with one and all. It is noteworthy that irrespective of which communication
technology was used by the humans, there has been a serious concern about the
security and privacy of the information being shared over these communication
technologies.
1.3 Security Attacks
People are always interested in knowing what is happening in other person’s life.
They try to peek into other’s lives and try to know what others are doing. Same is
true for messages that are communicated between two persons. There are people
who wish to either know ‘what was communicated’ or will ‘try to alter the
message that was communicated’. Any action that compromises the security of
information owned by a person/organization is a security attack. These may be
broadly categorized as:
Passive attack
In such attacks information is seen but not altered by the intruder. There are no
changes in the ciphertext and thus it is difficult to detect if someone has seen the
information.
Active attack
In such attack, information is seen and used/altered by the intruder. These types of
attacks create more problems as there is alteration/loss of information.
INTRODUCTION TO CRYPTOGRAPHY
6
Passive Attack Active Attack
Fig. 1.1: Types of Attacks
1.4 Security of Information
The situations that pose serious threat to information, call for its security. But it
doesn’t mean to lock the information in a locker and hide the locker so that one
cannot read it. In fact, it exists if the locked information, the locker along with its
design specifications are available so that one can study the mechanism and still
not able to open the safe and read the information. As per the definition given by
Wikipedia, ‘Information security means protecting information and information
systems from unauthorized access, use, disclosure, disruption, modification,
perusal, inspection, recording or destruction.’ Its goal is to provide confidentiality,
integrity and availability of information at all times [118].
Computers have become an integral part of businesses but can no longer run
without information and a reliable communication medium. High cost of setting
up own private network of communication has resulted in use of Internet for
business communication. Similar expenditure is to be borne for any other type of
organization involved in national defense, research and development, scientific
SOME CRYPTOGRAPHIC ALGORITHMS FOR SECURE NETWORK COMMUNICATION
7
explorations, banking, financial transactions, medical, engineering, copyrights &
patents etc. So organizations are forced to go for using the unsafe but cheaper
medium of communication, the Internet. When the information is transferred over
Internet, there may be many threats to the information like phishing, virus, Trojan
horse etc which aim for breaching the security of the information. In all the above
cases, one would require a variety of countermeasures to safeguard the
information [72].
The countermeasures include: Securing the information: Physically, at Hardware
level and using Security Password, using Cryptography, Database Security,
Intrusion Detection System etc. Use of encryption/decryption is a primary method
of protecting valuable electronic information on a computer system or when
communicated over the Internet.
However, it is important to note that:
1. No form of security is automatic.
2. No form of security can do it all alone. Even most advanced techniques may
not work in isolation; it can do only some part of the complete job.
1.5 Cryptography
Cryptography is a key technology used for electronic data security. Cryptography
(or cryptology) has its roots in Greek language. It has been derived from Greek
word ‘kryptós’ which means ‘hidden,’ and the verb ‘gráfo’ means ‘write’ and
‘legein’ means ‘to speak’. Thus Cryptography means the study of message
secrecy. The concise Oxford Dictionary (2006) defines cryptography as the art of
writing or solving codes. Earlier, cryptography was treated as an art of
disguising/scrambling the information so that the secret writing is not
understandable to all except the actual recipient, who is aware of the technique of
knowing the actual message passed. Anything in the world can be hidden from
INTRODUCTION TO CRYPTOGRAPHY
8
the sight and revealed again. The magician David Copperfield has made his living
from hiding enormous things like elephants and the Statue of Liberty – and then
magically revealing them again. To make things disappear and reveal again, one
should have ‘a plan of action – a formula or recipe – to make the magic work’ [25].
Similarly, cryptography needs to have a formula or logic for scrambling and then
re-order the data from time to time. This recipe for hiding data is called a
cryptographic algorithm. Prior to 1970s, cryptography was a black art, understood
and practiced by only a few government and military personnel. However, it is
now that people have practice cryptography in daily life. There are well-
established universities that teach it as a subject [46]. The cryptographic
algorithm is a precise set of instructions that tells how to scramble and unscramble
data. The designing and breaking of such algorithms relied on the creativity and
personal skills of the cryptographers. In the late half of the 20th century, the
scenario changed with invent of computers. Security of message using digital
signatures, protocols for key exchange, message authentication all required hard
mathematical operations and computationally hard problems. Cryptography is
now termed as an art and science of information security. Earlier, cryptographic
algorithms were used by the military and intelligence services. Now it is used by
almost everyone in their day to day internet communications [63].
1.5.1 Basics of Cryptography
The basic idea of any cryptographic cipher is to disguise the confidential
information in such a way that its meaning is not understandable to any
unauthorized person. There can be two possible scenarios one may require
disguising information is to save a file on a local machine or to save the
information to be transferred over an insecure medium of communication, the
Internet. The information to be concealed is called the plaintext (m) and the
operation of disguising the information is called encryption. The encrypted
plaintext is called the ciphertext or the cryptogram (c) and the set of rules used to
SOME CRYPTOGRAPHIC ALGORITHMS FOR SECURE NETWORK COMMUNICATION
9
encrypt the information is called the encryption algorithm (E). Normally the
operation of this algorithm depends on some input used other than the message.
This input is called encryption key (k). The receiver of the ciphertext or
cryptogram has the decryption algorithm (D) which when used with the decryption
key, produces the plaintext from the ciphertext or cryptogram. Any person who
intercepts the message being communicated over the communication channel is
called an interceptor/adversary/eavesdropper [46].
Fig. 1.2: Basics of Cryptography
1.5.2 Objective of Cryptography
In a computer, the data is normally protected due to physical access control and
logical access control policies. During communication of information, data is no
longer in the control of originator, and originator’s access control mechanisms
cannot secure the data. In such cases, cryptography provides sufficient security of
data. It is useful in protecting data inside and outside the boundaries of a
computer system. Cryptography can be used to provide all the security services
like:
1. Data integrity. The receiver may check that the communicated message
was not modified during transmission. Using cryptography, one can add a
message authentication code (MAC) on the message using his key and
some code.
2. Authentication. The receiver should be able to verify the original sender.
m=D(c,k)
Communication
k
Decryption algorithm
m
Receiver Sender
c=E(m,k)
m
k
Encryption algorithm
INTRODUCTION TO CRYPTOGRAPHY
10
3. Non-repudiation. The sender should not be able to deny that he has not
sent the message. Whitfield Diffie and Martin Hellman produced the
electronic equivalent to the hand-written signatures in the paper New
Directions in Cryptography, used as digital signatures that the sender
attaches with the message. The message along with the digital signatures
can be used to authenticate sender as well as to use for non-repudiation.
Moreover, sender can be identified by the receiver by checking the
combination of key and message [54].
4. Confidentiality. Transmitted message should not be visible to all. It should
only be viewed by its intended receiver. Using encryption algorithms, one
can transform the original message into some non-readable form that is
only understandable by the receiver after applying decryption algorithm.
1.5.3 Use of Cryptographic algorithms
Cryptographic encryption algorithms may be used statically and dynamically.
Encryption of data before sending it to the storage servers is generally carried out
by special cryptographic Network Interface Cards (NICs) called static encryption.
It is a fast process done offline by the desktop or intermediate server also known
as store and forward servers that are in the networks. In this case, the encryption
key is stored with the encrypted data while it is on the intermediate machine doing
encryption. If someone gains unauthorized access to that intermediate server,
entire data can be decrypted.
The newer versions of Windows (2000, XP etc) have cryptographic capabilities
built into the operating system. The Encrypted File System (EFS) works with the
drives that use New Technology File System (NTFS) format for storage of data.
Any file or folder can be encrypted where everything dropped into the folder is
SOME CRYPTOGRAPHIC ALGORITHMS FOR SECURE NETWORK COMMUNICATION
11
encrypted. Data can also be encrypted on Ethernet connection known as dynamic
encryption. Data is encrypted as it is transported from the desktop to some storage
server. The interesting thing is that it is difficult to find the key used for
encryption as there would be different kind of data travelling on the connection.
One cannot identify which data is to be picked. However, this scheme requires a
lot of processing and can make large traffic flow over the networks [25].
1.5.4 Effectiveness of Cryptographic algorithms
Cryptographic algorithms use key and algorithm that is used to convert the
message to ciphertext using a key. The ciphertext is then converted back to the
original message using decryption algorithm and a key at the receivers’ end.
Hence, encryption-decryption is the procedure that is used to apply the science of
cryptography to ensure the confidentiality of messages being communicated.
Generally, the algorithm is large, usually a combination of mechanical or
electronic device(s), or based on some complex mathematical procedure. But the
algorithm cannot be kept secret. Thus the overall security of any cryptographic
system is dependent on the secrecy of the key. Moreover, one cannot be sure
about the breaking of any of the cryptosystems even after providing some
mathematical proof that the system cannot be cracked. A cryptographic system
may be secure for one purpose but not for other depending on the demand of
keeping the information secure for certain period of time. A cryptosystem that
cannot be broken at present may succumb to cryptanalysts in the near future [79].
[B] Mathematics of Cryptography
Every cryptographic algorithm uses certain mathematical background. The
working of most of the cryptographic algorithms and the basis of their strength
reside in the mathematical operations used in the cryptographic algorithms.
Generally these are some operations that are reversible and fast to decrypt, if
INTRODUCTION TO CRYPTOGRAPHY
12
known. If one is not aware of it and tries to make a guess, it would be difficult to
decrypt. This section deals with the mathematical structures and operations that
are used by cryptographic algorithms. It aims at identifying structures and
operations used in some popular algorithms.
1.6 Data Structures
Data Structures are the mathematical structures that can be used for data storage,
access and manipulation of data and it also involves analysis of structures with
respect to their time and space requirements during operation(s) on it. According
to Chris Okasaki, data structures has at least four distinct but related features: an
abstract data type (abstraction), a concrete realization (implementation), an
instance of a data type (object or version) and a unique identity that is invariant
under updates (persistent identity) [26]. The choice of structure affects the way
and speed of access, and manipulation time on data stored in the structures. The
strength and limitations can be analyzed on the basis of ease of
insert/delete/update operations, the use of extra memory space while applying
operations and complexity of writing their code.
1.6.1 Arrays
Arrays are set of homogeneous elements that are stored at contiguous locations in
the memory and are accessed using index values and a common name. A series of
memory locations that use the same name to access the elements using index value
containing a particular type of information is an array. By ‘type’, it means some
basic data type like char, int, float or pointer etc [61]. This structure makes
working with larger amounts of data very easy. The arrays can be one
dimensional, two dimensional or multi-dimensional depending on the number of
index values used to access an individual element of it. Consider the C statement
int a[5];
SOME CRYPTOGRAPHIC ALGORITHMS FOR SECURE NETWORK COMMUNICATION
13
It defines a one dimensional array of integers that can store 5 elements. Elements
can be accessed using common array name ‘a’ and index number between 0 and 4
(included). Mostly two-dimensional arrays have been used in the encryption
algorithms.
Use in Security
Most of the substitution ciphers and block ciphers like Data Encryption Standard
(DES), triple DES, Advance Encryption Standard (AES), Caesar cipher use basic
array structure [37]. DES originally published by National Bureau of Standards
(NBS) – a branch of the Department of Commerce in USA, now called NIST, used
64-bit block plaintexts. This plaintext and the corresponding S-box used in the
algorithm is a one dimensional array [55]. Rijndael algorithm designed by Joan
Daemen (Proton World International, Belgium) and Vincent Rijmen used a two
dimensional square of 128 bits message block. It was a 4X4 square matrix of
bytes on which some operations of byte-wise substitution, circular shift of rows,
Mix columns and bitwise XOR operations were applied [103]. Arrays, one
dimensional/two dimensional/multi-dimensional, have been the most popular
choice amongst cryptographers due to storage in contiguous memory locations and
direct access using proper choice of index value. Generally, algorithms use arrays
to manipulate information at various index values randomly. The operation of
insert/delete that requires some re-arrangement of data is not used in generation of
cryptographic algorithms frequently. It requires single cluster of memory but that
has not been an issue now-a-days with larger RAM and other memory devices.
1.6.2 Trees
Trees are non-linear hierarchical structures whose performance is good while
searching an element from the information. It is an acyclic connected graph where
each node has zero or more child nodes and at most one parent node. The quest
for reaching the minimal time of O(log2 n) has resulted in formulation of various
INTRODUCTION TO CRYPTOGRAPHY
14
types of trees. However, trees suffer from accessibility problems due to searching
from a fixed ‘root’ node and traversing various branches for an item. It is also
important to note that the tree is implemented using linked list or arrays only.
Thus, the advantages and limitations of tree depend upon the type of internal
structure used for implementation of various forms of tree.
Use in Security
Various forms of trees are used in information security. Trees can be used to
monitor verification of the file structure. Trees are also used in identification of
the security level to be provided as per the type of information. While building
software systems, security testing approach uses threat trees to build secure and
dependable systems [1]. Attack trees are used to comprehensively evaluate
security breaches that are possible in a system and make a strategy of attack [17].
Most recent use of advance form of trees, the Merkle Hash Trees has been in the
verification of online data in the cloud servers using Merkle Signature Scheme a
reasonable alternative to conventional signature schemes [50].
1.6.3 Preferred Structures
Due to the contiguous storage, ease of direct access & manipulation of elements
and non requirement of sorted data, arrays have been the first choice of almost all
the cryptographers. Generally, one dimensional array has been used in most of the
block ciphers like AES, DES, and Blowfish etc [55, 18]. Some cryptographic
algorithms have used two dimensional arrays for manipulation of the information
like Rijndael algorithm. Moreover, tree and its forms have been in use for
verification of sender/receiver or information placed in some other data structures
[37].
SOME CRYPTOGRAPHIC ALGORITHMS FOR SECURE NETWORK COMMUNICATION
15
1.7 Mathematical Operations
The art of disguising the information involves the use of some mathematical
operations that are reversible in nature and can be applied with ease.
Cryptography is based on number theory, linear algebra, and algebraic structures.
In this section, we try to understand integer arithmetic, concentrating on modular
arithmetic, emphasize and review matrices for use in cryptographic algorithms
[72]. Until 1970s, cryptographic algorithms were based on private key. It means
that someone who has enough information to encrypt the message has enough
information to decipher it. These are based on the invertible functions. Later a
different class of cryptographic algorithms was suggested by Diffie and Hellman
that initiated the use of different key for encryption and decryption and
revolutionized the world of information security. A brief introduction to some of
the mathematics used in cryptography is given in the coming section.
1.7.1 Functions
A set consists of distinct objects which are called elements of the set. For example,
a set X might consist of the elements a, b, c, and this is denoted X = {a, b, c}.
A function is defined by two sets X and Y and a rule ‘f’ that assigns to each
element in X precisely one element in Y. The set X is called the domain of the
function and Y the co-domain. If x is an element of X (usually written x ε X) the
image of x is the element in Y which the rule f associates with x; the image y of x
is denoted by y = f(x). Standard notation for a function f from set X to set Y is f :
X -> Y . If y ε Y , then a pre-image of y is an element x ε X for which f(x) = y.
The set of all elements in Y which have at least one pre-image is called the image
of f, denoted Im(f).
INTRODUCTION TO CRYPTOGRAPHY
16
Fig. 1.3: A function
One-way functions
A function f from a set X to a set Y is called a one-way function if f(x) is ‘easy’ to
compute for all x ε X but for ‘essentially all’ elements y ε Im(f) it is
‘computationally infeasible’ to find any x ε X such that f(x) = y.
Take X = {1, 2, 3,…, 16} and define f(x) = rx for all x ε X where rx is the
remainder when 3x is divided by 17. Explicitly,
Table 1.1: One-way function of f(x) = rx
x 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
f(x) 3 9 10 13 5 15 11 16 14 8 7 4 12 2 6 1
Given a number between 1 and 16, it is relatively easy to find the image of it under
f. However, given a number such as 7, without having the table in front of you, it
is harder to find x given that f(x) = 7. Of course, if the number you are given is 3
then it is clear that x = 1 is what you need; but for most of the elements in the co-
domain it is not that easy.
Diffie-Hellman key exchange is based on the one-way function, an arithmetic
operation that is easy to do or perform but extremely difficult to undo or reverse.
Gx mod P function is used given the values of G and P it is straightforward.
However, given the result of calculation, it is extremely difficult to determine the
value of x [60].
SOME CRYPTOGRAPHIC ALGORITHMS FOR SECURE NETWORK COMMUNICATION
17
Trapdoor one-way functions
A trapdoor one-way function is a one-way function f: X -> Y with the additional
property that given some extra information (called the trapdoor information) it
becomes feasible to find for any given y ε Im(f), an x ε X such that f(x) = y. Most
of the functions based on the above type are deterministic in nature that plaintext
will always be converted to the same ciphertext. The art of cryptography was
radically altered when Diffie and Hellman invented an entirely new type of
cryptography called public key cryptography that has its base in use of trapdoor
function [79].
Permutations
Let S be a finite set of elements. A permutation p on S is a bijection from S to
itself (i.e., p: S ->S).
Example
Let S = {1, 2, 3, 4, 5}. A permutation p: S ->S is defined as follows:
p(1) = 3, p(2) = 5, p(3) = 4, p(4) = 2, p(5) = 1
A permutation can be described in various ways. It can be displayed as above or as
an array:
1 2 3 4 5
3 5 4 2 1p
=
Most of the cryptographic algorithms have been using the permutations during the
key shuffling process or the scrambling of the data. In DES algorithm, there are
eight secret fixed tables S- boxes used to perform substitution operation of the
different blocks [11]. However, in some ciphers the tables are generated
dynamically from the key; e.g. Blowfish, a 128-bit block cipher that accepts a
INTRODUCTION TO CRYPTOGRAPHY
18
variable-length key up to 256 bits and is a 16-round Feistel network with a
bijective F function made up of four key-dependent 8-by-8-bit S-boxes and
Twofish encryption algorithms.
Involutions
Let S be a finite set and let f be a bijection from S to S (i.e., f: S -> S).
The function f is called an involution if f = f-1. An equivalent way of stating this is
f(f(x)) = x for all x ε S.
Fig. 1.4: An involution on a set S of 5 elements
The number of involutions, including the identity involution, on a set with n = 0, 1,
2, …and so on, elements is given by a recurrence relation found by Heinrich
August Rothe in 1800:
a0 = a1 = 1;
an = an−1 + (n − 1)an−2, for n > 1
The first few terms of this sequence are 1, 1, 2, 4, 10, 26, 76, 232 and so on [4].
This gives a clear idea about the number of involutions. 232 involutions are
possible for set containing 7 elements. If one uses some number of involutions in
series for creating an encryption/decryption algorithm, the complexity of actually
finding out the correct involutions used turns out to be a very difficult job for the
intruders.
SOME CRYPTOGRAPHIC ALGORITHMS FOR SECURE NETWORK COMMUNICATION
19
1.7.2 Prime Numbers
A prime number (or prime integer, often simply called a ‘prime’ for short) is a
positive integer p > 1 that has no positive integer divisors other than 1 and p itself.
There are infinite numbers of prime numbers and Cryptography, especially public-
key cryptography, uses large primes. Cryptography uses ‘strong primes’ that make
the product of two primes say, n, hard to factor by specific factoring methods. It is
difficult to find the existence of a large prime factor of p-1 and a large prime factor
of p+1. In fact, the large prime numbers are used in defining key combination in
Public Key Cryptography.
The key idea behind the Public Key Cryptography is based on the complexity of
calculating the factorization of large numbers is very difficult. In RSA algorithm,
prime numbers p and q (of 200-300 digits in base 10) are taken and N = p.q is
computed. Then we take a function ϕ(N) = (p-1)(q-1) is calculated. Now, a
natural number that is co-prime with ϕ(N) is taken say e < ϕ(N) and calculate
another natural number d<ϕ(N) such that d.e≡(mod ϕ(N)). The numbers N, p, q, d
and e are used in encryption algorithms such that no one can read the actual text
being communicated without computing the numbers mentioned, which is very
difficult job [5].
1.7.3 Greatest Common Divisor (GCD)
GCD of two non-zero integers, is the largest positive integer that divides both
numbers without remainder. The greatest common divisor of a and b is written as
gcd(a, b), or sometimes simply as (a, b).
e.g. gcd(12, 18) = 6, gcd(−4, 14) = 2 and gcd(5, 0) = 5. Two numbers are called
co-prime or relatively prime if their greatest common divisor equals 1. For
example, 9 and 28 are relatively prime.
INTRODUCTION TO CRYPTOGRAPHY
20
1.7.4 Exclusive-OR (XOR) Operation
Exclusive OR (XOR) is one of the fundamental mathematical operations used in
cryptography (and many other applications). George Boole, a mathematician in the
late 1800s, invented a new form of ‘algebra’ later named Boolean algebra that
provides the basis for building electronic computers and microprocessor chips.
George Boole defined a set of primitive logical operations where there are one or
two inputs and a single output depending upon the operation. The Input and
Output are either TRUE or FALSE. The most elemental Boolean operations are:
1. NOT: The output value is the inverse of the input value (i.e., the output is
TRUE if the input is false, FALSE if the input is true)
2. AND: The output is TRUE if all inputs are true, otherwise FALSE. (e.g.,
“the sky is blue AND the world is flat” is FALSE while “the sky is blue
AND security is a process” is TRUE.)
3. OR: The output is TRUE if either or both inputs are true, otherwise FALSE.
(e.g., “the sky is blue OR the world is flat” is TRUE and “the sky is blue
OR security is a process” is TRUE.)
4. XOR (Exclusive OR): The output is TRUE if exactly one of the inputs is
TRUE, otherwise FALSE. (e.g., “the sky is blue XOR the world is flat” is
TRUE while “the sky is blue XOR security is a process” is FALSE.)
In computers, Boolean logic is implemented in logic gates; for design purposes,
XOR has two inputs and a single output, and its logic diagram looks like this:
XOR 0 1
0 0 1
1 1 0
Fig. 1.4: XOR Table
SOME CRYPTOGRAPHIC ALGORITHMS FOR SECURE NETWORK COMMUNICATION
21
So, in an XOR operation, the output will be a 1 if exactly one input is a 1;
otherwise, the output is 0. The real significance of this is to look at the ‘identity
properties’ of XOR. In particular, any value XORed with itself is 0 and any value
XORed with 0 is just itself. Also, if X and Y are two binary values then
X XOR Y = Z (say) and
Z XOR Y = X
This is the most widely used operation in the cryptographic algorithms due to self
–inverse property like involution. Most of the stream ciphers, SEAL, WAKE,
RC4, A5/1, A5/2 etc and block ciphers, Vernam cipher, SAFER K-64 cipher, DES,
GOST, IDEA etc use XOR operation to encrypt the data. Even the cipher E0, a
stream cipher used in Bluetooth standard used this operation like the Vernam
cipher [71, 103]. This is due to the fact that the effect of this operation can be
reverted back by applying the same operation again on the resultant value.
1.7.5 Modulo Operation
Modulo operation is the remainder function. To calculate X modulo Y (usually
written X mod Y), we determine the remainder after removing all multiples of Y
from X. Clearly, the value X mod Y will be in the range from 0 to Y-1. e.g.:
15 mod 7 = 1
25 mod 5 = 0
33 mod 12 = 9
203 mod 256 = 203
Modulo arithmetic is useful in cryptography because it allows us to set the size of
an operation and be sure that we will never get numbers that are too large. Caesar
Cipher, simplest cipher based on number theory is based on shift register using
modulus operation. E(m) = (m + shifts) (mod 26) = s and D(s) = (s − shifts) (mod
INTRODUCTION TO CRYPTOGRAPHY
22
26) = m, for some letter m. Notice that the message m is encrypted to s, and get m
when decrypted. It’s important that our encryption function E and our decryption
function D have this relationship. In the popular RSA algorithm also called full-
fledged public- key algorithm, the security relies on the difficulty of factoring
large numbers. The public and private keys are functions of a pair of large (100 to
200 digits or even larger) prime numbers. Recovering the plaintext from the
public key and the ciphertext is conjectured to be equivalent to factoring the
product of the two primes. The process need to use modulo functions as discussed
in the coming Chapters [93]. SAFER K, a 64 block cipher also uses modulo
operations for encryption [103]. Diffie-Hellman key exchange is also based on
the modular arithmetic. It was the combined use of exponential and modular
arithmetic that provided the breakthrough needed to arrive at the scheme.
1.7.6 Swapping
It was observed that the operation of swapping value of two variables is explained
while discussing programming to students. Generally, it is performed with or
without using the third variable. It was identified that if the same operation is
carried out again on the same variables, the variables will have their original
values. It means the swap operation also has involution property.
X=10; Y=20 X=20; Y=10 X=10; Y=20
Original values values after swap operation values after two times swapping
Fig. 1.6: Swap operation
1.7.7 Random Numbers
Random numbers are a set of numbers arranged in a random order. These are
numbers arranged in order such that the occurrence of one digit in a series of
random numbers bears no relationship to the occurrence of any other digit. The
SOME CRYPTOGRAPHIC ALGORITHMS FOR SECURE NETWORK COMMUNICATION
23
numbers abide by the following two conditions: (1) the values are uniformly
distributed over a defined interval or set, and (2) it is impossible to predict future
values based on past or present ones.
Generation of Random Numbers
Random numbers can be obtained from a sack of numbered beads as in bingo; or
from rotations of roulette wheel; or from any other randomizing device. However,
such physical generators of random numbers are not suitable for security aspects
due to (i) Excessive laborious and time consuming process (ii) a sequence of
numbers generated should not be reproduced at a later time or by another person
for repeating a security process in general. People around the world have been
working on producing random numbers using some alternate techniques other than
using physical generators [64, 114]. Many events were simulated on computer
programs to produce such numbers in the past [117, 110, 39].
Pseudorandom Numbers
A pseudo-random variable is a variable which is created by some deterministic
procedure. A computer program or subroutine that which takes some input and
produces some number sequence that may be categorized as random are called
pseudo-random number generators. The prefix ‘pseudo’ is used to distinguish this
type of number from a ‘true’ random numbers generated by a random physical
process such as radioactive decay and roulette wheel selection [75].
A Sequence generator is pseudo-random if it has the property:
1. It looks random. This means that it passes all the statistical tests of
randomness.
2. The distribution of the numbers should be even in the respective classes.
INTRODUCTION TO CRYPTOGRAPHY
24
1.8 Organization of the thesis
Chapter 1: Introduction to Cryptography
This Chapter explains the conception of communication and technologies from
ancient to present perspectives. The reasons of using these approaches are cited
using examples taken from the history. The introduction of computers and then
the internet made the transfer of information possible at lightening fast pace.
However, the need of securely transferring the data gave birth to new domains that
intend to develop some techniques for secure communication. One such domain,
Cryptography, the art of secret writing, became popular for secure transfer of
information to the intended receiver. Mathematics of the subject has also been
included in this Chapter to provide an understanding of its basics.
Chapter 2: Survey of Literature
This Chapter focuses on some present the cryptographic algorithms on the basis of
their categorization. It studies the structures and operations used in development
of cryptographic algorithms and techniques. Categorization of the operations has
been done on the basis of their nature. The basic mathematical structures,
operations and evaluations from the literature have been cited in this Chapter. The
existing techniques of using the key(s) for encryption and decryption have also
been elucidated.
Chapter 3: A 3D Parity Bit Structure
This Chapter details about three dimensional array that can be used for error
detection/correction using parity bits. The results of the proposed scheme are also
presented by identifying the number of errors that can be corrected and/or detected
using this technique. It details the entire process of using the parity bits for such a
SOME CRYPTOGRAPHIC ALGORITHMS FOR SECURE NETWORK COMMUNICATION
25
structure along with categorization of errors and their detection/correction, if
possible.
This Chapter is based on the paper:
“3D Parity Bit Structure: A novel technique to correct maximal number of bits in a
simpler way”, International Journal of Computer Science and Information Security,
Vol. 9 No. 8, August 2011, pp. 182-186, Published from Pittsburgh, PA 15213, USA,
ISSN: 1947-5500.
Chapter 4: A 3D Array Block Rotation Cipher
This Chapter elaborates a new approach of encrypting data using three
dimensional (3D) arrays. It uses a key of specified length that may be either
transferred with the ciphertext or can be obtained by an agreed upon Random
Number Generator (RNG). It uses circular shifts and entire 2D block rotations
through some axis of rotation to produce diffusion of information bits. It explains
the proposed algorithm by describing structure and operations used, key, its length
dependencies along with policy of rotational operations along with information on
its number of rounds. It gives the analysis of resulted ciphertext for the simulated
run using some test of randomness.
This Chapter is based on the papers:
“A Cipher based on 3D Array Block Rotation”, International Journal of Computer
Science and Network Security, Vol. 10 No. 2, February 2011, pp. 186-191, Published
from Korea, ISSN: 1738-7906.
“3D Array Block Rotation Cipher: an Improvement using lateral shift”, Global
Journal of Computer Science and Technology, Vol. 11, Issue 19, Version 1.0,
October/November 2011, pp. 17-23, Published from Cambridge (Massachusetts), USA,
SSN Numbers: Online: 0975-4172, Print:0975-4350, Print Estd.: 2001
INTRODUCTION TO CRYPTOGRAPHY
26
Chapter 5: Modified Rijndael algorithm
The Chapter is devoted to modifications done in Rijndael algorithm that was
selected as Advanced Encryption Standard (AES) in June 2000 by NIST. The
algorithm was accepted for commercial use due to its symmetric and parallel
structure well adapted to modern processors and its suitability towards modern
technologies. It explains a use of two dimensional rotational step of the original
array block without increasing key length of the algorithm. The proposed scheme
increases the complexity of algorithm for a 128 and 256 bits block length. The
suggested alteration is capable to provide backward compatibility in the scenarios
wherever required.
This Chapter is based on the paper:
“Design of a modified Rijndael algorithm using 2D Rotations”, International Journal
of Computer Science and Network Security, Vol. 11 No. 9, September 2011, pp. 141-
145, Published from Korea, ISSN: 1738-7906.
Chapter 6: A cipher based on Multiple Circular Arrays
The Chapter emphasizes on a novel a novel symmetric key algorithm is proposed
that uses Multiple Circular Array (MCA) structure. It uses a swap-merge
operation that has been designed to be used in conjunction with the multiple array
structure along with some more basic operations. The details like structure,
operations, key and proposed algorithm. Data collected after the test runs of the
cipher has been put to test of randomness to ensure the diffusion of plaintext bits.
The result analysis of proposed scheme has provided at the end of the Chapter.
This Chapter is based on the paper:
“A cipher based on Multiple Circular Arrays”, International Journal of Computer
Science Issues, Vol. 10, Issue 5, September 2013, Accepted for Publication, Published
from Mauritus, ISSN (Online): 1694-0784, ISSN (Print): 1694-0814.
SOME CRYPTOGRAPHIC ALGORITHMS FOR SECURE NETWORK COMMUNICATION
27
Chapter 7: Conclusion, Suggestions & Future Scope
The thesis was aimed at finding new dimensions in the area of security and
cryptography. It had explored and found use of some higher dimensional
structures in development of cryptographic algorithms. The study also reveals
some new operations on structures like the entire block rotation on matrices and
older swap operations used on elements of array for mixing of the data values of
plaintext in a new manner.
In nutshell, this thesis is an effort in designing some cryptographic algorithms for
secure network communication. Important observations regarding structures and
operations of some available algorithms were used to develop block ciphers. The
analysis of proposed and modified algorithms is provided by putting to
randomness tests that verify that diffusion of data. The proposed algorithms have
been implemented in C language. The results were collected and put to tests of
randomness. The analysis of tests is provided at the end of each Chapter. It also
elaborates use of parity bits in a novel manner for error detection and correction.
The future scope of research in the same direction is also provided so that
researchers working in this domain may develop the subject line. There have
already been some efforts made in this regard by some researchers before the
present work was presented as this thesis.
28