In the final discussion posting please describe what components of cryptography impacted you the most.? PFA few Cryptography course pdf chapters.? 500 words

21 Apr In the final discussion posting please describe what components of cryptography impacted you the most.? PFA few Cryptography course pdf chapters.? 500 words

Posted at 13:11h in Information Systems by

In the final discussion posting please describe what components of cryptography impacted you the most.

PFA few Cryptography course pdf chapters.

500 words. APA forma

Cryptography and Network Security:

Principles and Practice Eighth Edition

Chapter 13

Digital Signatures

Figure 13.1 Simplified Depiction of

Essential Elements of Digital

Signature Process

Digital Signature Properties

• It must verify the author and the date and time of the

signature

• It must authenticate the contents at the time of the

signature

• It must be verifiable by third parties to resolve disputes

Attacks

• Key-only attack

– C only knows A’s public key

• Known message attack

– C is given access to a set of messages and their signatures

• Generic chosen message attack

– C chooses a list of messages before attempting to break A’s signature scheme, independent of A’s public key; C then obtains from A valid signatures for the chosen messages

• Directed chosen message attack

– Similar to the generic attack, except that the list of messages to be signed is chosen after C knows A’s public key but before any signatures are seen

• Adaptive chosen message attack

– C may request from A signatures of messages that depend on previously obtained message-signature pairs

Forgeries

• Total break

– C determines A’s private key

• Universal forgery

– C finds an efficient signing algorithm that provides an

equivalent way of constructing signatures on arbitrary

messages

• Selective forgery

– C forges a signature for a particular message chosen

by C

• Existential forgery

– C forges a signature for at least one message; C has

no control over the message

Digital Signature Requirements

• The signature must be a bit pattern that depends on the

message being signed

• The signature must use some information unique to the sender

to prevent both forgery and denial

• It must be relatively easy to produce the digital signature

• It must be relatively easy to recognize and verify the digital

signature

• It must be computationally infeasible to forge a digital signature,

either by constructing a new message for an existing digital

signature or by constructing a fraudulent digital signature for a

given message

• It must be practical to retain a copy of the digital signature in

storage

Direct Digital Signature

• Refers to a digital signature scheme that involves only the communicating

parties

– It is assumed that the destination knows the public key of the source

• Confidentiality can be provided by encrypting the entire message plus

signature with a shared secret key

– It is important to perform the signature function first and then an outer

confidentiality function

– In case of dispute some third party must view the message and its

signature

• The validity of the scheme depends on the security of the sender’s private key

– If a sender later wishes to deny sending a particular message, the sender

can claim that the private key was lost or stolen and that someone else

forged his or her signature

– One way to thwart or at least weaken this ploy is to require every signed

message to include a timestamp and to require prompt reporting of

compromised keys to a central authority

ElGamal Digital Signature

• Scheme involves the use of the private key for encryption

and the public key for decryption

• Global elements are a prime number q and a, which is a

primitive root of q

• Use private key for encryption (signing)

• Uses public key for decryption (verification)

• Each user generates their key

– Chooses a secret key (number): 1 < xA < q-1

– Compute their public key: yA = a xA mod q

Schnorr Digital Signature

• Scheme is based on discrete logarithms

• Minimizes the message-dependent amount of computation

required to generate a signature

– Multiplying a 2n-bit integer with an n-bit integer

• Main work can be done during the idle time of the

processor

• Based on using a prime modulus p, with p – 1 having a

prime factor q of appropriate size

– Typically p is a 1024-bit number, and q is a 160-bit

number

N I S T Digital Signature Algorithm

• Published by N I S T as Federal Information Processing

Standard F I P S 186

• Makes use of the Secure Hash Algorithm (S H A)

• The latest version, F I P S 186-3, also incorporates digital

signature algorithms based on R S A and on elliptic curve

cryptography

Figure 13.2 Two Approaches to

Digital Signatures

Figure 13.3 The Digital Signature

Algorithm (D S A)

Figure 13.4 D S A Signing and Verifying

Elliptic Curve Digital Signature

Algorithm (E C D S A)

• Four elements are involved:

– All those participating in the digital signature scheme use

the same global domain parameters, which define an elliptic

curve and a point of origin on the curve

– A signer must first generate a public, private key pair

– A hash value is generated for the message to be signed;

using the private key, the domain parameters, and the hash

value, a signature is generated

– To verify the signature, the verifier uses as input the signer’s

public key, the domain parameters, and the integer s; the

output is a value v that is compared to r ; the signature is

verified if the v = r

Figure 13.5 E C D S A Signing and

Verifying

R S A-P S S

• R S A Probabilistic Signature Scheme

• Included in the 2009 version of F I P S 186

• Latest of the R S A schemes and the one that R S A Laboratories

recommends as the most secure of the R S A schemes

• For all schemes developed prior to P S S it has not been possible

to develop a mathematical proof that the signature scheme is as

secure as the underlying R S A encryption/decryption primitive

• The PSS approach was first proposed by Bellare and Rogaway

• This approach, unlike the other R S A-based schemes,

introduces a randomization process that enables the security of

the method to be shown to be closely related to the security of

the R S A algorithm itself

Mask Generation Function (M G F)

• Typically based on a secure cryptographic hash function

such as S H A-1

– Is intended to be a cryptographically secure way of

generating a message digest, or hash, of variable

length based on an underlying cryptographic hash

function that produces a fixed-length output

Figure 13.6 R S A-P S S Encoding

Figure 13.7 R S A-P S S E M Verification

Summary

• Present an overview of the digital signature process

• Understand the ElGamal digital signature scheme

• Understand the Schnorr digital signature scheme

• Understand the N I S T digital signature scheme

• Compare and contrast the N I S T digital signature scheme

with the ElGamal and Schnorr digital signature schemes

• Understand the elliptic curve digital signature scheme

• Understand the R S A-P S S digital signature scheme

This work is protected by United States copyright laws and is

provided solely for the use of instructors in teaching their

courses and assessing student learning. Dissemination or sale of

any part of this work (including on the World Wide Web) will

destroy the integrity of the work and is not permitted. The work

and materials from it should never be made available to students

except by instructors using the accompanying text in their

classes. All recipients of this work are expected to abide by these

restrictions and to honor the intended pedagogical purposes and

the needs of other instructors who rely on these materials.

Cryptography and Network Security:

Principles and Practice Eighth Edition

Chapter 10

Other Public-Key Cryptosystems

Diffie-Hellman Key Exchange

• First published public-key algorithm

• A number of commercial products employ this key

exchange technique

• Purpose is to enable two users to securely exchange a key

that can then be used for subsequent symmetric

encryption of messages

• The algorithm itself is limited to the exchange of secret

values

• Its effectiveness depends on the difficulty of computing

discrete logarithms

Figure 10.1 The Diffie–Hellman Key

Exchange

Figure 10.2 Man-in-the-Middle Attack

ElGamal Cryptography

• Announced in 1984 by T. Elgamal

• Public-key scheme based on discrete logarithms closely

related to the Diffie-Hellman technique

• Used in the digital signature standard (DSS) and the

S/MIME e-mail standard

• Global elements are a prime number q and a which is a

primitive root of q

• Security is based on the difficulty of computing discrete

logarithms

Figure 10.3 The ElGamal

Cryptosystem

Elliptic Curve Arithmetic

• Most of the products and standards that use public-key

cryptography for encryption and digital signatures use RSA

– The key length for secure RSA use has increased over

recent years and this has put a heavier processing load

on applications using RSA

• Elliptic curve cryptography (ECC) is showing up in

standardization efforts including the IEEE P1363 Standard

for Public-Key Cryptography

• Principal attraction of ECC is that it appears to offer equal

security for a far smaller key size

Abelian Group

• A set of elements with a binary operation, denoted by •,

that associates to each ordered pair (a, b) of elements in G

an element (a • b) in G, such that the following axioms are

obeyed:

(A1) Closure: If a and b belong to G, then a • b is

also in G

(A2) Associative: a • (b • c) = (a • b) • c for all a, b, c

in G

(A3) Identity element: There is an element e in G such

that a • e = e • a = a for all a in G

(A4) Inverse element: For each a in G there is an element

a′ in G such that a • a′ = a′ • a = e

(A5) Commutative: a • b = b • a for all a, b in G

Figure 10.4 Example of Elliptic

Curves

Elliptic Curves Over Zp

• Elliptic curve cryptography uses curves whose variables and

coefficients are finite

• Two families of elliptic curves are used in cryptographic

applications:

• Prime curves over Zp

– Use a cubic equation in which the variables and coefficients

all take on values in the set of integers from 0 through p-1

and in which calculations are performed modulo p

– Best for software applications

• Binary curves over GF(2m)

– Variables and coefficients all take on values in GF(2m) and

in calculations are performed over GF(2m)

– Best for hardware applications

Table 10.1 Points (other than O) on the

Elliptic Curve E23(1, 1)

(0, 1) (6, 4) (12, 19)

(0, 22) (6, 19) (13, 7)

(1, 7) (7, 11) (13, 16)

(1, 16) (7, 12) (17, 3)

(3, 10) (9, 7) (17, 20)

(3, 13) (9, 16) (18, 3)

(4, 0) (11, 3) (18, 20)

(5, 4) (11, 20) (19, 5)

(5, 19) (12, 4) (19, 18)

Figure 10.5 The Elliptic Curve

E23(1, 1)

Elliptic Curves Over GF(2m)

• Use a cubic equation in which the variables and

coefficients all take on values in GF(2m) for some number

• Calculations are performed using the rules of arithmetic in

GF(2m)

• The form of cubic equation appropriate for cryptographic

applications for elliptic curves is somewhat different for

GF(2m) than for Zp

– It is understood that the variables x and y and the

coefficients a and b are elements of GF(2m) and that

calculations are performed in GF(2m)

Table 10.2 Points (other than O) on

the Elliptic Curve E2 4(g4, 1)

(0, 1) (g5, g3) (g9, g13)

(1, g6) (g5, g11) (g10, g)

(1, g13) (g6, g8) (g10, g8)

(g3, g8) (g6, g14) (g12, 0)

(g3, g13) (g9, g10) (g12, g12)

Figure 10.6 The Elliptic Curve

E2 4(g4, 1)

Elliptic Curve Cryptography (ECC)

• Addition operation in ECC is the counterpart of modular

multiplication in RSA

• Multiple addition is the counterpart of modular

exponentiation

• To form a cryptographic system using elliptic curves, we

need to find a “hard problem” corresponding to factoring

the product of two primes or taking the discrete logarithm

– Q=kP, where Q, P belong to a prime curve

– Is “easy” to compute Q given k and P

– But “hard” to find k given Q, and P

– Known as the elliptic curve logarithm problem

Figure 10.7 ECC Diffie–Hellman Key

Exchange

Security of Elliptic Curve

Cryptography

• Depends on the difficulty of the elliptic curve logarithm

problem

• Fastest known technique is “Pollard rho method”

• Compared to factoring, can use much smaller key sizes

than with RSA

• For equivalent key lengths computations are roughly

equivalent

• Hence, for similar security ECC offers significant

computational advantages

Table 10.3 Comparable Key Sizes in

Terms of Computational Effort for

Cryptanalysis (NIST SP-800-57)

Symmetric Key

Algorithms

Diffie–Hellman, Digital

Signature Algorithm

RSA

(size of n in bits)

ECC (modulus size

in bits)

80 L = 1024

N = 160 1024 160–223

112 L = 2048

N = 224 2048 224–255

128 L = 3072

N = 256 3072 256–383

192 L = 7680

N = 384 7680 384–511

256 L = 15,360

N = 512 15,360 512 +

Note: L = size of public key, N = size of private key.

Summary

• Define Diffie-Hellman Key Exchange

• Understand the Man-in-the-middle attack

• Present an overview of the Elgamal cryptographic system

• Understand Elliptic curve arithmetic

• Present an overview of elliptic curve cryptography

• Present two techniques for generating pseudorandom numbers using an asymmetric cipher

This work is protected by United States copyright laws and is

provided solely for the use of instructors in teaching their

courses and assessing student learning. Dissemination or sale of

any part of this work (including on the World Wide Web) will

destroy the integrity of the work and is not permitted. The work

and materials from it should never be made available to students

except by instructors using the accompanying text in their

classes. All recipients of this work are expected to abide by these

restrictions and to honor the intended pedagogical purposes and

the needs of other instructors who rely on these materials.

Cryptography and Network Security:

Principles and Practice Eighth Edition

Chapter 4

Block Ciphers and the Data

Encryption Standard

Stream Cipher (1 of 2)

• Encrypts a digital data stream one bit or one byte at a time

– Examples:

▪ Autokeyed Vigenère cipher

▪ Vernam cipher

• In the ideal case, a one-time pad version of the Vernam cipher

would be used, in which the keystream is as long as the

plaintext bit stream

– If the cryptographic keystream is random, then this cipher is

unbreakable by any means other than acquiring the

keystream

▪ Keystream must be provided to both users in advance

via some independent and secure channel

▪ This introduces insurmountable logistical problems if the

intended data traffic is very large

Stream Cipher (2 of 2)

• For practical reasons the bit-stream generator must be

implemented as an algorithmic procedure so that the

cryptographic bit stream can be produced by both users

– It must be computationally impractical to predict future

portions of the bit stream based on previous portions of

the bit stream

– The two users need only share the generating key and

each can produce the keystream

Block Cipher

• A block of plaintext is treated as a whole and used to

produce a ciphertext block of equal length

• Typically a block size of 64 or 128 bits is used

• As with a stream cipher, the two users share a symmetric

encryption key

• The majority of network-based symmetric cryptographic

applications make use of block ciphers

Figure 4.1 Stream Cipher and Block Cipher

Figure 4.2 General n-bit-n-bit Block

Substitution (shown with n = 4)

Table 4.1 Encryption and Decryption Tables for

Substitution Cipher of Figure 4.2

Plaintext Ciphertext

0000 1110

0001 0100

0010 1101

0011 0001

0100 0010

0101 1111

0110 1011

0111 1000

1000 0011

1001 1010

1010 0110

1011 1100

1100 0101

1101 1001

1110 0000

1111 0111

Ciphertext Plaintext

0000 1110

0001 0011

0010 0100

0011 1000

0100 0001

0101 1100

0110 1010

0111 1111

1000 0111

1001 1101

1010 1001

1011 0110

1100 1011

1101 0010

1110 0000

1111 0101

Feistel Cipher

• Feistel proposed the use of a cipher that alternates substitutions and

permutations

• Substitutions

– Each plaintext element or group of elements is uniquely replaced

by a corresponding ciphertext element or group of elements

• Permutation

– No elements are added or deleted or replaced in the sequence,

rather the order in which the elements appear in the sequence is

changed

• Is a practical application of a proposal by Claude Shannon to develop

a product cipher that alternates confusion and diffusion functions

• Is the structure used by many significant symmetric block ciphers

currently in use

Diffusion and Confusion • Terms introduced by Claude Shannon to capture the two basic building blocks

for any cryptographic system

– Shannon’s concern was to thwart cryptanalysis based on statistical

analysis

• Diffusion

– The statistical structure of the plaintext is dissipated into long-range

statistics of the ciphertext

– This is achieved by having each plaintext digit affect the value of many

ciphertext digits

• Confusion

– Seeks to make the relationship between the statistics of the ciphertext

and the value of the encryption key as complex as possible

– Even if the attacker can get some handle on the statistics of the

ciphertext, the way in which the key was used to produce that ciphertext is so complex as to make it difficult to deduce the key

Figure 4.3 Feistel Encryption and

Decryption (16 rounds)

Feistel Cipher Design Features (1 of 2)

• Block size

– Larger block sizes mean greater security but reduced

encryption/decryption speed for a given algorithm

• Key size

– Larger key size means greater security but may

decrease encryption/decryption speeds

• Number of rounds

– The essence of the Feistel cipher is that a single round

offers inadequate security but that multiple rounds offer

increasing security

• Subkey generation algorithm

– Greater complexity in this algorithm should lead to

greater difficulty of cryptanalysis

Feistel Cipher Design Features (2 of 2)

• Round function F

– Greater complexity generally means greater resistance

to cryptanalysis

• Fast software encryption/decryption

– In many cases, encrypting is embedded in applications

or utility functions in such a way as to preclude a

hardware implementation; accordingly, the speed of

execution of the algorithm becomes a concern

• Ease of analysis

– If the algorithm can be concisely and clearly explained,

it is easier to analyze that algorithm for cryptanalytic

vulnerabilities and therefore develop a higher level of

assurance as to its strength

Feistel Example

Data Encryption Standard (DES)

• Issued in 1977 by the National Bureau of Standards (now

NIST) as Federal Information Processing Standard 46

• Was the most widely used encryption scheme until the

introduction of the Advanced Encryption Standard (AES) in

2001

• Algorithm itself is referred to as the Data Encryption

Algorithm (DEA)

– Data are encrypted in 64-bit blocks using a 56-bit key

– The algorithm transforms 64-bit input in a series of

steps into a 64-bit output

– The same steps, with the same key, are used to

reverse the encryption

Figure 4.5 General Depiction of DES

Encryption Algorithm

Table 4.2 DES Example

Note: DES subkeys are shown as eight 6-bit values in hex format

Table 4.3 Avalanche Effect in DES: Change in Plaintext

Table 4.4 Avalanche Effect in DES: Change in Key

Table 4.5 Average Time Required for Exhaustive

Key Search

Key Size

(bits) Cipher

Number of

Alternative Keys

Time Required at 109

Decryptions/s

Time Required

at 1013

Decryptions/s

56 DES 256 ≈ 7.2 × 1016 255 ns = 1.125 years 1 hour

128 AES 2128 ≈ 3.4 × 1038 2127 ns = 5.3 × 1021 years 5.3 × 1017 years

168 Triple DES 2168 ≈ 3.7 × 1050 2167 ns = 5.8 × 1033 years 5.8 × 1029 years

192 AES 2192 ≈ 6.3 × 1057 2191 ns = 9.8 × 1040 years 9.8 × 1036 years

256 AES 2256 ≈ 1.2 × 1077 2255 ns = 1.8 × 1060 years 1.8 × 1056 years

26 characters

(permutation)

Monoalphabetic 2! = 4 × 1026 2 × 1026 ns = 6.3 × 109

years

6.3 × 106 years

Strength of DES

• Timing attacks

– One in which information about the key or the plaintext is

obtained by observing how long it takes a given

implementation to perform decryptions on various

ciphertexts

– Exploits the fact that an encryption or decryption algorithm

often takes slightly different amounts of time on different

inputs

– So far it appears unlikely that this technique will ever be

successful against DES or more powerful symmetric ciphers

such as triple DES and AES

Block Cipher Design Principles:

Number of Rounds • The greater the number of rounds, the more difficult it is to

perform cryptanalysis

• In general, the criterion should be that the number of

rounds is chosen so that known cryptanalytic efforts

require greater effort than a simple brute-force key search

attack

• If DES had 15 or fewer rounds, differential cryptanalysis

would require less effort than a brute-force key search

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteEdu. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

Do you need an answer to this or any other questions?

Do you need help with this question?

Get assignment help from WriteEdu.com Paper Writing Website and forget about your problems.

WriteEdu provides custom & cheap essay writing 100% original, plagiarism free essays, assignments & dissertations.

With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Chat with us today! We are always waiting to answer all your questions.

Click here to Place your Order Now

21 Apr In the final discussion posting please describe what components of cryptography impacted you the most.? PFA few Cryptography course pdf chapters.? 500 words

About Us

Quick Links

Recent Posts