0
891views
IT Cryptography & Network Security Module 2.2
0
5views

Blowfish Algorithm

• Blowfish was developed by Bruce Schneier. It is very strong symmetric key cryptographic algorithm.

Features of Blowfish:

• Fast: Blowfish encryption state on 32 bit microprocessors is 26 clock cycles per byte

• Compact: Blowfish can execute is less than 5KB memory

• Simple: Blowfish uses only primitive operations such as addition, XOR and table look up making its design and manipulation simple

• Secure: Blowfish has a variable key length up to a maximum of 448 long, making it both flexible and secure

Operations: (Blowfish encrypts 64-bit block with a variable length key)

1) Subkey Generation:

$\hspace{1.5cm}$This process covert the key up to 448 bit long to subkeys totaling 4168 bits

2) Data Encryption :

$\hspace{1.5cm}$This process involves the iteration of a simple function 16 times. Each round contains a key dependent permutation and key and data substitution

• Blowfish is a very fast algorithm which takes 64 bit input as plaintext and generates 64 bit output cipher text

• It uses the concept of P-array which use of 21 bit and there are 18 P-arrays $P_1 \ to \ P_{18}$

• Blowfish Algorithm runs 16 times i.e. 16 rounds

Processes:

A. Subkey Generation:

• Key Size is variable but blowfish algorithm generates very large sub-keys .The key size is in the range of 32 bits to 448 bits or 14 words.

• Concept of P-array consists of 18, 32 bit sub-keys

• There are 4 S-boxes containing 256 entries of 32 bits

• P-array is initialized first then four s boxes with fixed string

• Then P-arryas are XORed with subkeys ie from $P_1 \ to \ P_{18}$ . Once the sub keys are generated the encryption process begins.

B. Data encryption and decryption:

• We use the P arrays and S boxes during this process

Algorithm for encryption of 64 bit block

1. Divide X into two blocks CL and XR of equal sizes. Thus both XL and XR will consist of 32 bit each

2. For P=1 to 16

$\hspace{1.5cm}$XL = XL XOR $P_i$

$\hspace{1.5cm}$XR = f(XL) XORXR

$\hspace{1.5cm}$Swap XL ,XR

$\hspace{1.5cm}$Next i

1. Swap XL, XR XOR $P_{18}$

2. XL = XL XOR $P_{18}$

3. XR = XR XOR $P_{17}$

4. Continue XL and XR back into X to get cipher text CT

![enter image description here]

• Function f is as follows $\hspace{1.5cm}$a. Divide the 32 bit XL block into four 8 bit sub blocks named a, b, c, d

$\hspace{1.5cm}$b. Compute f(a,b,c,d) = ((S1, a + S2, b) XOR S3, c) XORSc , d

• Function f in blowfish • Blowfish Decryption RC-5 Algorithm

• In RC-5, the word size (i.e. input plaintext block size), number of rounds and number of keys are not fixed i.e. all can be of variable length.

• Once w, r, k (word size, number of rounds, number of keys) are finalized then they remain same for all the rounds.

• Plain text can be 16 bits, 32 bits or 64 bits

• No rounds can be between 0-255

• No keys can be between 0-255 Encryption using RC5

• In RC5 we first decide the plaintext into two parts ‘A’ and ‘B’

• Then they are XOR with two sub keys S{O} and S{1}

• We initialize the counter to 1 and perform some permutation and combination using addition and XOR

• The algorithm works into two phases

$\hspace{1.5cm}$a. First it starts with phase one

$\hspace{1.5cm}$b. Output of phase one become input of phase two

• Once both the phases are completed the counter is incriminated and we check if it is greater than the number of rounds, if yes then the algorithm terminals and if no then the algorithm iterates.

Public key cryptography (Asymmetric)

• Symmetric key cryptography is fast and efficient but it suffers from a disadvantage of problem of key exchange

• The sender and the receiver of an encrypted message use the same key in symmetric key cryptography and it is not easy to again upon a common key without letting anyone else know about it

• Asymmetric key cryptography solves this problem

• Here, the communicating party uses two keys to form a pair

$\hspace{1.5cm}$a. One key (the private key) remains with the party

$\hspace{1.5cm}$b. Other key (public key) is shared with everybody Working of Asymmetric key cryptography:

• When A wants to send a message to B , A encrypts the message using B’s public key. This is possible because A knows B’s public key

• A sends this message (which was encrypted with B’s public key to B

• B decrypts A’s message using B’s private key. Every B knows his private key and the message can be decrypted only by B’s private key and nobody else. Thus non one else can make out any sense out of the message. This is because the intruder does not know about B’s private key. It is only B’s private key that can decrypt the message. Similarly, when B wants to send a message to A, exactly reverse steps take place. Ie B encrypts the message using A’s public key therefore, only A can decrypts the message back to its original forms, using his Private Key

RSA algorithm

• RSA alogorithm is the most popular asymmetric key cryptographic algorithm

• It is based on the mathematical fact that it is easy to find and multiply large prime numbers together but it is extremely difficult to factor their productor

• The private and public keys in RSA are based on very large prime numbers (made up of 100 or more digits)

• The real challenge in case of RSA is selection and generation of the public and private keys

• Now let us know how public and private keys are generated and using them how we can perform encryption and decryption in RSA

Algorithm

$\hspace{1.5cm}$1. Choose two large prime numbers P and Q

$\hspace{1.5cm}$2. Calculate N = P * Q

$\hspace{1.5cm}$3. Select the public key (ie the encryption key) E such that it is not a factor of (P-!) (Q-1)

$\hspace{1.5cm}$4. Select the private key (ie the decryption key) D such that the following equation is true:

$\hspace{1.5cm}$(D * E) mod (P – 1) (Q – 1) = 1

$\hspace{1.5cm}$5. For encryption, calculate the cipher text C.T from the plaintext P.T as follws CT = PT(E) mod N

$\hspace{1.5cm}$6. Send CT as the cipher text to the receiver

$\hspace{1.5cm}$7. For decryption, calculate the plaintext PT from the cipher text CT as follows PT = CT(D) mod N

$\hspace{1.5cm}$Example:

$\hspace{1.5cm}$1. Choose two large prime number P and Q, P =7 and Q = 17

$\hspace{1.5cm}$2. N = PQ ie 717 = 119

$\hspace{1.5cm}$3. Select public key ‘E’ such that it is not a factor of (P-1)*(Q-1)

$\hspace{2cm}$Ie E = (7-1) (17-1)

$\hspace{2cm}$E = 6*16 =96

Thus encryption should not be a factor of 96 because factors of 96 are 2 and 3. Thus we have to choose E such that none of the factors of E is 2 and 3. So let us choose E as % (it could be any other number than its factor of 2 and 3)

$\hspace{1.5cm}$4. Select private key ‘D’ such that (DE) mod (P-1)(Q-1) = 1

$\hspace{1.5cm}$Substitute E, P and Q in allow eq

$\hspace{1.5cm}$(D*5) mod (7-1) (17-1) =1

$\hspace{1.5cm}$(D*5) mod (6) (16) =1

$\hspace{1.5cm}$(D*5) mod (96) =1

$\hspace{1.5cm}$Let us take D= 77

$\hspace{1.5cm}$(77*5) mod (96) =1 for D = 77

$\hspace{1.5cm}$5. For encryption, calculate the cipher text CT from the P.T as

$\hspace{1.5cm}CT = PT^{(E)} mod N$

$\hspace{1.5cm}$Let plaint text Pt be 10

$\hspace{1.5cm}$CT = 105 mod 119 = 40

$\hspace{1.5cm}$6. Send CT as cipher text to the receiver. Send 40 as cipher text to the receiver.

$\hspace{1.5cm}$7. For decryption, calculate the plain text PT from the CT as

$\hspace{1.5cm}PT = CT^{(D)} mod N$

$\hspace{1.5cm}$PT = 4077 mod 119 = 10, which was the original plaintext in step %

Eg:

Consider, A is the sender and B is the receiver.

Use encoding scheme of encoding alphabets as A = 1, B=2, …..Z= 26.

Let us assume we want to encrypt a single alphabet F using this scheme and with B’s public key as 77 (known to A and B) and B’s private key(known only to B)

Now A wants send a single character ‘F’ to the receiver B.

$\hspace{1.5cm}$1. Using alphabetic encoding scheme F= 6

$\hspace{1.5cm}2. CT = CT^{(D)} mod N$

$\hspace{2.3cm}= E^{(E)} mod N$

$\hspace{2.3cm}= 6^5 mod 119 = 41$

This is the encrypted information to the sent across the network.

At the receiver end, the number 41 is decrypted.

1. $PT = CT^{(D)} mod N$
2. $PT = 41^{77} mod 119 = 6$
3. Decode 6 back to F from our alphabet numbering scheme thus original plaintext obtained.

EI- Gamal Cryptography

• EI gamal cryptography works in 3 steps/stages

$\hspace{1.5cm}$a. Key generation

$\hspace{1.5cm}$b. EI gamal encryption

$\hspace{1.5cm}$c. EI gamal decryption

A. EI gamal key generation:

1. Select a large prime number ‘P’

2. Select encryption key $‘E_1’$

3. Select decryption key ‘D’

4. Select encryption key $‘E_2’$ such that

$\hspace{1.5cm}E_2 = E_1 mod P$

1. Form the set $(E_1, E_2, P) and D$

B. EI gamal key encryption:

1. Select a random number ‘r’

2. Compute the first part of ciphertext $‘C_1’ , C_1 = E_1^r mod P$

3. Compute the second part of ciphertext $‘C_2’ , C_2 = (E_1^r * PT) mod P$

C. EI gamal key decryption:

1. Calculate the PT

$\hspace{1.5cm}PT = (C_2 * (C_1^{D-1} )) mod P$

$\hspace{1.5cm}$Eg let PT = &

$\hspace{1.5cm}E_1 = 2$

$\hspace{1.5cm}$D = 3

$\hspace{1.5cm}$Random no = 4

1. Key generation:

$\hspace{1.5cm}$P= 11. E = 2. D =3

$\hspace{1.5cm}E_2 = E_1^D mod P$

$\hspace{1.5cm}= 2^3 mod 11$

$\hspace{1.5cm}$= 8 mod 11

$\hspace{1.5cm}$= 8

1. Encryption:

$\hspace{1.5cm}$Random no r = 4

$\hspace{1.5cm}C_1 = E_1^r mod P$

$\hspace{1.5cm}= 2^4 mod 11$

$\hspace{1.5cm}$= 16 mod 11

$\hspace{1.5cm}$= 5

1. $C_2 =Pt * E_2^r mod P$

$\hspace{1.5cm}= 7 * 8^4 mod 11$

$\hspace{1.5cm}$= 28672 mod 11

$\hspace{1.5cm}$= 6

2. Decryption:

$\hspace{1.5cm}PT = (C_2 * (C_1^{D-1} )) mod P$

$\hspace{1.5cm}= (6*5^{3-1}) mod 11$

$\hspace{1.5cm}$= 15- mod 11

$\hspace{1.5cm}$= 7

Knapsack Algorithm

• It is based on public key encryption algorithms and knapsack

• Given a note of items, each with different weights, it is possible to put some of the items in a bag in such a way that it should not be greater than the weight of the knapsack

• If $V_1, V_2, V_3…..V_4$ are the values, we have to find b? Such that

$\hspace{1.5cm}$$\hspace{1.5cm}S = b_1v_1 + b_2v_2 + b_3v_3 ……..+ b_nv_n$ When S is the sum. • Each bit can be 0 or 1 • ‘1’ indicates that the item is in the knapsack and a ‘0’ indicates it is not • A block of plaintext equal in length to the number of items in the pile would select the items in the knapsack. The ciphertext is the resulting sum . e.g : 1,7,8,12,14 and 20 are the knapsack then the plaintext and the resulting ciphertext is as given below $\hspace{1.5cm}$ 