This is a thorough introduction to cryptography and its application. It is an extensive document explaining not only the background to cryptography, but how to implement it successfully, what pitfalls to avoid, etc. . The following samples help to illustrate the depth and quality of this offering:

### Table of Contents

- 1. INTRODUCTION
- 1.1 Cryptography
- 1.2 Standard Cryptographic Techniques
- 1.3 Applied Cryptography
- 1.3.1 Secure Communications
- 1.3.2 Secure Data Storage
- 1.3.3 Identification and Authentication
- 1.3.4 Electronic Commerce
- 1.3.5 Certification
- 1.3.6 Key and Password Recovery
- 1.3.7 Secure Computer Access
- 1.4 Cryptography Standanis
- 2. BASIC CONCEPTS
- 2.1 Traditional Secret-Key Cryptography
- 2.1.1 Block Ciphers
- 2.1.1.1 Electronic Code Book
- 2.1.1.2 Cipher Block Chaining
- 2.1.1.3 Cipher Feedback
- 2.1.1.4 Output Feedback
- 2.1.2 Stream Ciphers
- 2.2 Publio-Key Cryptography
- 2.2.1. Encryption
- 2.2.2 Digital Signatures
- 2.3 Publio-Key Compared with Secret-Key Cryptography
- 2.4 Hash Functions
- 2.5 Message Authentication Codes
- 3. APPLICATIONS OF CRYPTOGRAPHY
- 3.1 Privacy
- 3.2 Password Encryption
- 3.3 Authentication
- 3.4 Key Agreement
- 3.5 Digital Envelopes

- 4. HARD PROBLEMS
- 4.1 One-Way Functions
- 4.2 The Factorization Problem
- 4.3 The Discrete Logarithm Problem
- 5. CRYPTANALY SIS
- 6. THE RSA
- 6.1 Generating a Key Pair
- 6.2 Encryption
- 6.3 Cecyption
- 6.4 Digital Signature
- 6.5 Speed of RSA
- 6.6 Breaking RSA
- 6.7 Simple Exarple
- 6.8 Key Size
- 6.9 Creating a Digital Signature
- Choose two large prime numbers p and q.
- Compute N, the product of p and q. Nis known as the modufus.
- Choose a number e, relatively prime to (p-1}(q-1} and less than N.
- Compute a number d such thated =1 mod {p-1Hq-1}.
- Registration Authority (RA)

Register the details of a new user of the PKI. - Certification Authority (CA)

Issue andor cancel certificates for user public keys. - Verification Authority (VA)

Determine whether a certificate is valid and if so for what purpose.

Typical Pages:

In ECB mode, each block of data is encrypted independently.

If we take eK(D) to mean “encrypt block D with key K”, then the plaintext D1,D2,D3,……Dn is

encrypted as eK(D1),eK(D2),….eK{Dn).

The trouble with ECS mode is that plaintext patterns show up in the dphertext, because each identical block of plaintext gives an identical block of ciphertext. This can lead to attacks based on rearranging, deleting or repeating Gphertext blocks.

ECB mode should only be used for encrypting very small blods of data such as keys.

#### 2.1.1.2 Cipher Block Chaining

In CBC mode each plaintext block is XOR’d with the previous ciphertext block before it is encrypted. Because there is no previous ciphertext for the first block, an 8-byte block known as the Initial Chaining Value (ICV) is used to start the process.

Patterns in the plaintext are hidden by the exdusive-OR. The ICV should be different for any messages encrypted with the same key, but it does not have to be kept secret and aan be transmitted with the encrypted text.

If the total length of the plaintext is not a multiple of 8, itis necessary to deal with the final short block. The obvious way to do this is to pad out the last block to 8 bytes, but the final block must contain a count of the number of filler bytes, so the message length is always increased by a maximum of 8 bytes. If this increase in length is not acceptable, a solution is to XOR the short block by re-encphering the last complete Gphertext block (or, if there isn’t one, the ICV).

#### 2.1.1.3 Cipher Feedback

In CFB mode the previous ciphertext block is encrypted and is XOR’d with the plaintext to givethe current dphertext block. As with CBC mode, an ICV is needed to start the process.

As well as full 64-bit feedback, itis possible to define 1-bit, 2-bit, and up to 63-bit Gpher feedback. In software implementations there is no advantage over CBC mode, though CFE is often used in link encryption devices.

#### 2.1.1.4 Output Feedback

OFB is similar to CFB mode except that the Gphertext XOR’d with each plaintext block is independent of the plaintext and Gphertext and is produced by mepeatedly encrypting the ICV. The advantage of OFB mode is that transmission errors are not propagated and do not affect

decryption of blods that follow. It is therefore a useful method for encryption of satellite links. Where re-transmission of a corrupted message would be inconvenient.

#### 2.1.2 Stream Ciphers

Stream dphers are typically much faster than block ciphers. A stream dpher generates a fey stream {a sequence of bits or bytes used as a key). The plaintext is combined with the key stream, usually with the XOR operation.

#### CHAPTER 6: THE RSA ALGORITHM

RSA is a publiokey algorithm offering both encryption and digital signatures. The algorithm is named after its inventors, Rivest, Shamir, and Adleman.

RSA uses two different but related keys for encryption and decryption.

#### 6.1 Generating a Key Pair

The algorithm to generate a key pair is as follows:

The number e is called the public exponent and the number d is called the privete exponent.

The public key is the pair (N,e) and the private trey is the pair {N,d).

Given the publickey itis possible to derive the private key, but to do this we need to factorize N to find p and q, and this is believed to be an intractable problem for sufficiently large N. A quick method of factorizing large numbers would undermine the security of RSA.

#### 6.2 Encryption

To encrypt a message M we simply perform a modular exponentiation to give the Gphertext C

thus:

C=M*mod N

Notice that M must be less than N. Also notice that this procedure is pretty useless if M* turns out to be less than N. For that reason itis usual to ensure that M contains suffident padding to ensure that M? is greater than N. Choose padding some of which is fixed and some random.

#### 6.3 Decryption

The plaintext M is recovered from the dphertext C by using d instead of e in the modular

exponentiation:

M=C* mod N

Note that if padding is used as recommended for encryption, this can be checked to determine

whether the decryption has worked properly.

Anyone with the public key can encrypt, but only the owner of the private key can decrypt

#### CHAPTER 11: PUBLIC KEY INFRASTRUCTURE

There is no single accepted definition of a PK) (public key infrastructure), but loosely speaking itis a collection of services, standards and protoapls for supporting publickey applications.

Among the services a PKI aan be expected to provide is the management of public keys, via the use of the following components:

It is unlikely that there will ever be a single global PKI. Itis much more likely that there will be multiple independent PKls and that these will inter-operate according to agreed standards. At present the standards allow a wide scope for interpretation, so the problem of achieving full inter-operability is severe and is unlikely to be solved in the near future.

#### 11.1 Shared Private Keys

Users who share a private key can impersonate one another so in general, private keys should Not be shared among users. However, some large organizations need to share private keys among several secure modules (for resilience or performance), so in some ciraumstances it is necessary to get the private key out of a tamper-+esistant environment and load it into another. By definition, this can be problematical.

In RSA, each person should have a unique private key, but publicexponent can be common to a group of users without loss of security. An example of this is in EMV (Europay, Mastercard and Visa) where the public exponent has been fixed as 3 (there was some argument over this because one of the members wanted to use 2, which is theoretically possible but practically not a very good idea).

#### 11.2 Key Expiry

The longer a key is in use, the more chance there is of it being compromised. Therefore every key should have an expiry date after which it is no longer valid. The time to expiration must be shorter than the likely time for cryptanalysis. The key must be long enough to make the chance of cryptanalysis before the expiry date negligible. The expiry date may also depend on the key usage and the value of the infomation it protects.

On expiry a new key should be chosen and the old key destroyed (after re-enciphering the information if appropriate). In general the new key should be longer than the old key to keep up with technological advances.

Return To Main Cryptography Page

#### PURCHASE PAGE

The Cryptography Management Kit can now be purchased online and downloaded directly to your PC. It couldn’t be easier.

To purchase the product and download for a special price of just $199, simply visit our Crypto Purchase Page.