Introduction to Cryptography

(with focus on Stream Ciphers)

Made By
Akshay Gautam
14315002711
Cse 1 VII Sem
Definition
Cryptography is the study of mathematical
techniques related to aspects of information
security such as confidentiality, data integrity,
entity authentication, and data origin
authentication.
Cryptography is not the only means of
providing information security, but rather one
set of techniques.

Cryptographic Goals
The following four cryptographic goals form a framework
upon which the others will be derived

1. Confidentiality is a service used to keep the content of
information from all but those authorized to have it.
2. Data integrity is a service which addresses the
unauthorized alteration of data. To assure data integrity,
one must have the ability to detect data manipulation by
unauthorized parties.
3. Authentication is a service related to identification. This
function applies to both entities and information itself.
4. Non-repudiation is a service which prevents an entity
from denying previous commitments or actions.
Conventional Cyrptosystem
Cryptology, the study of cryptosystems, can be subdivided
into two disciplines. Cryptography concerns itself with the
design of cryptosystems, while cryptanalysis studies the
breaking of cryptosystems. These two aspects are closely
related; when setting up a cryptosystem the analysis of its
security plays an important role.

The formal definition of a conventional cryptosystem as
well as the mathematical foundation of the underlying
theory is due to C.E. Shannon. The figure is attached in
the next slide.

Basic Terminology
An entity or party is someone or something which sends, receives,
or manipulates information. Alice and Bob are entities. An entity
may be a person, a computer terminal, etc.
A sender is an entity in a two-party communication which is the
legitimate transmitter of information. In Figure 1.1, the sender is
Alice.
A receiver is an entity in a two-party communication which is the
intended recipient of information. In Figure 1.1, the receiver is Bob.
An adversary is an entity in a two-party communication which is
neither the sender nor receiver, and which tries to defeat the
information security service being provided between the sender
and receiver. Various other names are synonymous with adversary
such as enemy, attacker, opponent, tapper, eavesdropper, intruder,
and interloper.
Cryptographic Techniques
Cryptographic techniques are typically divided
into two generic types:

Symmetric-key Encryption
Public-key Encryption
Symmetric Key Cryptography
Symmetric-key algorithms are a class of algorithms for
cryptography that use the same cryptographic keys for both
encryption of plaintext and decryption of ciphertext. The
keys may be identical or there may be a simple
transformation to go between the two keys. The keys, in
practice, represent a shared secret between two or more
parties that can be used to maintain a private information
link.
One of the major issues with symmetric-key systems is to
find an efficient method to agree upon and exchange keys
securely. This problem is referred to as the key distribution
problem. It is assumed that all parties know the set of
encryption/decryption transformations (i.e they all know
the encryption scheme).
Types of Symmetric Key Cryptography

There are two classes of symmetric-key encryption schemes which are
commonly distinguished: Block ciphers and Stream ciphers.

Block Cipher
A block cipher is an encryption scheme which breaks up the plaintext
messages to be transmitted into strings (called blocks) of fixed length
over an alphabet A, and encrypts one block at a time.
Stream Cipher
Stream ciphers form an important class of symmetric-key encryption
schemes. They are, in one sense, very simple block ciphers having
block length equal to one. What makes them useful is the fact that the
encryption transformation can change for each symbol of plaintext
being encrypted.
Public Key Cryptography
Public-key cryptography, also known as asymmetric
cryptography, is a class of cryptographic algorithms which
requires two separate keys, one of which is secret (or
private) and one of which is public. Although different, the
two parts of this key pair are mathematically linked.
The public key is used to encrypt plaintext or to verify a
digital signature; whereas the private key is used to decrypt
ciphertext or to create a digital signature.
The term "asymmetric" stems from the use of different
keys to perform these opposite functions, each the inverse
of the other as contrasted with conventional
("symmetric") cryptography which relies on the same key to
perform both.
Symmetric-key vs. Public-key
cryptography

Advantages of symmetric-key cryptography

1. Symmetric-key ciphers can be designed to have high rates of data
throughput. Some hardware implementations achieve encrypt rates of
hundreds of megabytes per second, while software implementations may
attain throughput rates in the megabytes per second range.
2. Keys for symmetric-key ciphers are relatively short.
3. Symmetric-key ciphers can be employed as primitives to construct various
cryptographic mechanisms including pseudorandom number generators hash
functions and computationally efficient digital signature schemes to name
just a few.
4. Symmetric-key ciphers can be composed to produce stronger ciphers.
Simple transformations which are easy to analyze, but on their own weak, can
be used to construct strong product ciphers.


Advantages of public-key cryptography

1. Only the private key must be kept secret (authenticity
of public keys must, however, be guaranteed).
2. The administration of keys on a network requires the
presence of only a functionally trusted TTP as opposed to
an unconditionally trusted TTP. Depending on the mode
of usage, the TTP might only be required in an off-line
manner, as opposed to in real time.
3. Depending on the mode of usage, a private key/public
key pair may remain unchanged for considerable periods
of time, e.g., many sessions (even several years).
4. Many public-key schemes yield relatively efficient
digital signature mechanisms. The key used to describe
the public verification function is typically much smaller
than for the symmetric-key counterpart.
Stream Cipher
We consider 3 real stream ciphers
ORYX weak cipher, uses shift registers,
generates 1 byte/step
RC4 strong cipher, widely used but used
poorly in WEP, generates 1 byte/step
PKZIP intermediate strength, unusual
mathematical design, generates 1 byte/step

Pseudo Random Generators
A pseudorandom generator (PRG) for a class of statistical tests is a
deterministic procedure that maps a random seed to a longer
pseudorandom string such that no statistical test in the class can
distinguish between the output of the generator and the uniform
distribution. The random seed is typically a short binary string
drawn from the uniform distribution.
Pseudorandom generators have numerous applications in
cryptography. For instance, pseudorandom generators provide an
efficient analog of one-time pads. It is well known that in order to
encrypt a message m in a way that the cipher text provides no
information on the plaintext, the key k used must be random over
strings of length |m|. Perfectly secure encryption is very costly in
terms of key length. Key length can be significantly reduced using a
pseudorandom generator if perfect security is replaced by semantic
security. Common constructions of stream ciphers are based on
pseudorandom generators.
Linear Feedback Shift Register
In computing, a linear-feedback shift register (LFSR) is a shift
register whose input bit is a linear function of its previous state.
The most commonly used linear function of single bits is exclusive-
or (XOR). Thus, an LFSR is most often a shift register whose input bit
is driven by the XOR of some bits of the overall shift register value.
Applications of LFSRs include generating pseudo-random numbers,
pseudo-noise sequences, fast digital counters, and whitening
sequences.
LFSRs have long been used as pseudo-random number generators
for use in stream ciphers (especially in military cryptography), due
to the ease of construction from simple electromechanical or
electronic circuits, long periods, and very uniformly distributed
output streams. However, an LFSR is a linear system, leading to
fairly easy cryptanalysis.
A 4-bit Fibonacci LFSR with its state diagram. The XOR
gate provides feedback to the register that shifts bits
from left to right. The maximal sequence consists of
every possible state except the "0000" state.
Thank You for Staying Awake
XXXx