information encryption by zigzag rule with dynamic …
TRANSCRIPT
INFORMATION ENCRYPTION BY ZIGZAG RULE
WITH DYNAMIC BLOCK AND KEY
by
SAIFUL ISLAM
Student No. 052217P
MASTER OF SCIENCE IN ENGINEERING
IN
ELECTRICAL & ELECTRONIC ENGINEERING
Dhaka University of Engineering & Technology, Gazipur
Gazipur-1700, Bangladesh
May 2011
ii
The thesis titled INFORMATION ENCRYPTION BY ZIGZAG RULE WITH DYNAMIC
BLOCK AND KEY Submitted by SAIFUL ISLAM Student No: 052217P, Registration No:
04072, Session: 2010-2011 has been accepted as satisfactory in partial fulfillment for the
requirement for the degree of MASTER OF SCIENCE IN ENGINEERING In
ELECTRICAL & ELECTRONIC ENGINEERING on 11th May 2011.
BOARD OF EXAMINERS
1.
…………………………………
(Dr. Md. Bashir Uddin) Chairman & Supervisor
Professor and Head
Department of Electrical & Electronic Engineering
Dhaka University of Engineering & Technology (DUET), Gazipur
Bangladesh
2.
………………………………………
(Engr. Mohammad Abdul Mannan) Member
Professor
Department of Electrical & Electronic Engineering
Dhaka University of Engineering & Technology (DUET), Gazipur
Bangladesh
3.
…………………………..
(Dr. Md. Anwarul Abedin) Member Associate Professor
Department of Electrical & Electronic Engineering
Dhaka University of Engineering & Technology (DUET), Gazipur
Bangladesh
4.
……………………………
(Palash Kumar Banerjee) Member Assistant Professor
Department of Electrical & Electronic Engineering
Dhaka University of Engineering & Technology (DUET), Gazipur
Bangladesh
5.
………………………….
(Dr. Md. Ibrahim Khan) External Member Associate Professor
Department of Computer Science & Engineering
Chittagong University of Engineering & Technology (CUET)
Bangladesh
iv
Abstract
Data or information encryption is one of the most important applications in transferring
information through the internet and cellular phones, as well as being important in
encryption of the satellite. Here introduced a new algorithm of “Information Encryption
by Zigzag Rule with Dynamic Block and Key (IEZRDBK)”. Four images and one
document files have been encrypted to test using this method. In this method M bit key is
used. Each N bit of M is used to select block size (in byte) to encrypt. After selecting
block, zigzag rule is applied for encryption. In zigzag rule first bit of selected block is
placed at right position, second bit at left position, third bit at right position and so on.
Successive key is generated from previous key and encrypted data. Size of the encrypted
files remains same as input files and required time is very less. Decryption process
follows the reverse procedure of encryption. If anyone try for cryptanalysis and fail to
select key properly, then file format with information will be changed and not possible to
get original file i.e. file will be corrupted. So this encryption method may be considered
as a highly secured algorithm.
v
Author’s Declaration
I hereby declare that this thesis work submitted to the Department of Electrical &
Electronic Engineering, Dhaka University of Engineering and Technology (DUET),
Gazipur in partial fulfillment of the requirements for the degree of Master of Science in
Engineering in Electrical & Electronic Engineering has not been submitted elsewhere
(Universities or Institutions) for the any other degree.
Saiful Islam
Date: May, 2011
vi
Acknowledgement
At first all Praise belongs to “The Almighty ALLAH”, the most merciful, munificent to
men and His exploit.
I would like to express heartiest gratitude to my supervisor Dr. Md. Bashir Uddin,
Professor, Department of Electrical & Electronic Engineering, DUET, Gazipur for his
good guidance, support, valuable suggestions, constant inspiration and supervision during
the research work of the M. Sc. in Engineering Program.
I express my deep regards to Md. Shazzat Hossain, Assistant Professor, Department of
Electrical & Electronic Engineering, DUET, Gazipur for his wise and liberal co-operation
in providing me all necessary help from the Department during my course of M. Sc. in
Engineering Program. I would also like to extend my thanks to all my respectable
teachers, Department of Electrical & Electronic Engineering, DUET, Gazipur for their
constant encouragement.
I am very grateful to my family members who guided me through the entire studies and
helped me morally and spiritually. I express my heartfelt gratitude and thanks to my
beloved wife for her constant encouragement during this work. Special thanks to my
friends and colleagues specially Mr. A.T.M. Mahbubur Rahman, Associate Professor,
Department of Computer Science and Engineering, Dhaka International Univeristy who
had tremendously and positively inspired me.
vii
`
Contents
Abstract iv
Author’s Declaration v
Acknowledgement vi
List of Tables xii
List of Figures xii
CHAPTER 1 DATA SECURITY
1.1. Introduction 1
1.2. Threats to Data Security
1.2.1 Application Server Threats 1
1.2.2 Data Server Threats 1
1.2.3 Storage Threats 2
1.3. Identifying, Classifying, and Charting Access to Sensitive Data 2
1.4. Define Security Policy Around Identified Data 3
1.5. Authentication’s and Authorization 3
1.6. Essential Building Blocks of Data Privacy
1.6.1 Secure Key Management 4
1.6.2 Cryptographic Operation 4
1.6.3 Authentication and Authorization 5
1.6.4 Logging, Auditing and Management 5
1.6.5 Backup and Recovery 5
1.6.6 Hardware 6
1.7 Objective of the Thesis 6
1.8 Organization 6
viii
CHAPTER 2 DATA ENCRYPTION AND DECRYPTION
2.1 Data Encryption 7
2.2 Conventional Encryption 8
2.3 Requirements for Data Secure Use of Conventional Encryption 8
2.4 Attacking on Conventional Encryption 8
2.5 Various Level of Data Encryption
2.5.1 Application Level Encryption 9
2.5.2 Database –Level Encryption 9
2.5.3 Storage-Level Encryption 10
2.6 Data Encryption Standard (DES)
2.6.1 Introduction 10
2.6.1 Enciphering 11
2.6.2 Deciphering 12
CHAPTER 3 COMPONENTS OF CRYPTOGRAMPHY
3.1 Introduction 14
3.1.1 Public Key Encryption 14
3.1.2 Public-Key Management 14
3.1.3 Advances of Public Key Management 15
3.1.4 Disadvantages of Public Key Encryption 15
3.2 Advantages of Symmetric-Key Encryption 16
3.3 Disadvantages of Symmetric-Key Encryption 16
3.4 Descriptions About Various Ciphers
3.4.1 Substitution Cipher 16
3.4.2 Transposition Cipher 18
3.5 Caesar Cipher 20
3.6 Beauford Cipher 20
3.6.1 Varient-Beauford Cipher 21
3.7 Modular Arithmetic Mono-alphabetic Cipher 21
3.8 Language Redundancy & Linicity Distance 21
3.9 Kasiski Method 22
ix
3.10 Index of Coincident 22
CHAPTER 4 LITERATURE REVIWE
4.1 Introduction 23
4.2 RSA Algorithm 23
4.2.1 Introduction 23
4.2.2 Description 23
4.2.3 Example of RSA Algorithm 25
4.2.4 Drawbacks of RSA Algorithm 25
4.3 The Blowfish Algorithm 25
4.3.1 Introduction 25
4.3.2 Areas of Application 26
4.3.3 Platforms 26
4.3.4 Additional Requirements 26
4.3.5 Design Decisions 27
4.3.6 Building Blocks 28
4.3.7 Blowfish 28
4.3.8 Description of The Algorithm 28
4.3.9 Mini-Blowfish 30
4.3.10 Design Decisions 30
4.4 Hoffman Code 33
4.5 RC2 (r) Encryption 40
4.5.1 Algorithm Description 41
4.5.2 Key Expansion 41
4.5.3 Mixing Round 43
4.5.4 Mash R(i) 43
4.5.5 Mashing Round 43
4.5.6 Encryption Operation 43
4.5.7 Decryption Algorithm 44
4.5.7.1 R-Mix Up R[i] 44
4.5.7.2 R-Mixing Round 44
x
4.5.7.3 R-Mash R [i] 44
4.5.7.4 R-Mashing Round 45
4.5.7.5 Decryption Operation 45
4.5.8 Test Vectors 45
4.5.9 RC2 Algorithm Object Identifier 47
CHAPTER 5 PRESENT WORKS
5.1 Introduction 49
5.2 Enhanced 1-D Chaotic Key-Based Algorithm for Image Encryption 49
5.2.1 Introduction 49
5.2.2 Procedure 50
5.2.3 Security Analysis 51
5.3 RSA 51
5.3.1 Introduction 51
5.3.2 RSA Security 52
5.3.3 RSA Problem 52
5.3.4 RSA Algorithm 52
CHAPTER 6 PROPOSED ALGORITHM
6.1 Introduction 53
6.2 Zigzag Rule 53
6.3 Example of Zigzag Rule 53
6.4 Key Example 54
6.5 Generating Successive Key 54
6.6 Flow Chart 55
6.7 Algorithm for Encryption 55
6.8 Algorithm for Decryption 57
6.9 Performance Analysis 57
6.10 Compare IEZRDBK over ECKBA and RSA 57
6.11 Testing various files 57
6.12 Depth of Encryption 59
xi
6.13 Time Calculation of Encryption or Decryption 59
6.14 Limitations 59
CHAPTER 7 DISCUSSION AND COLCLUSION
7.1 Discussion 60
7.2 Conclusion 60
7.3 Suggestion for further development 60
REFERENCES 61
xii
List of Tables
Table-2.1 Initial permutation (IP) 11
Table-2.2 E bit selection table 13
Table-6.1 Time analysis among ECKBA, IEZRDBK and RSA 57
Table 6.2 Comparison among IEZRDBk, ECKBA and RSA 57
List of Figures
Fig 2.1 The Encryption Model 7
Fig 2.2 Inverse of the Initial Permutation 11
Fig 3.1 A transposition Cipher 19
Fig 4.1 Example of RSA Algorithm 25
Fig 6.1 Flow Chart 55
Fig 6.3(a) Testing JPG Files 58
Fig 6.3(b) Testing Document File 58
1
CHAPTER 1
Data Security
1.1 Introduction
Security is a broad topic and covers a multitude of sins. In its simplest form. it is concerned
with making with sure that people cannot read. Or worse yet, modify messages intended for
other recipients. It is concerned with people trying to access remote services that they are not
authorized to use. Security also deals with the problems of legitimate message being captured
and replayed, and with, people trying to deny that they sent certain messages.
Data security problems can be divided roughly in to four intertwined are secrecy,
authentication, none repudiation, and integrity control. Secrecy has to do with keeping
information out of the hands of unauthorized users, Authentication deals with determining
whom you are talking to before revealing information or entering into a business deal [1].
1.2 Threats to Data Security
The effects of a security breach that compromises sensitive enterprise data can be devastating
with the broadening number of internal breaches and the increasingly sophisticated attacks
from outside the network measuring data privacy is vital. To achieve data privacy, it is
important to first understand the points of vulnerability within a corporate net work [2].
1.2.1 Application Server Threats
Servers compromised by malicious network administrators.
Compromised servers can be used to extract data from databases and devices on the
network.
Authentication credentials used to communicate with other devices on the network can
be stolen and used from a remote location.
Malicious software can be installed onto the server.
1.2.2 Data Server Threats
Server compromised by malicious database administrator.
Authentication credentials are not properly managed.
Authorization policies within a database are not properly defined database security is a
moving target with no real standard.
2
1.2.3 Storage Threats
Storage management interfaces can be compromised
Compromising storage subsystems zoning and LAN masking are ineffective security
mechanisms.
Physical medium threats.
Theft of servers, desktops, and laptops.
Theft of hard drives.
Theft and security of tape backups-onsite and offsite.
1.3 Identifying, Classifying, and Charting Access to Sensitive Data
Data classify is an important element of achieving data privacy. One of the first steps is to
adequately classify data by taking the following actions [2]:
Identifying, classifying, and charring access to sensitive data
Develop sachem for classifying data to help identify which information within the enterprise
will need to be addressed with a data privacy solution. Encryption credit card data, as an
examples a relatively simple process that requires minimal charges to an existing
environment, whereas encrypting customer ID numbers, which are often used as primary keys
n databases m may pose some technical challenges, This process will include identifying data
such as “customer information” and then further listing the specified data elements such as
“customer credit card numbers PIN numbers, etc”. We will discuss the details if encrypting
various data in the section below entitled “considerations for data privacy”.
Determine where all identified sensitive data is located
Developing a security policy focused in data privacy is difficult unless the location of data is
clearly understood. For each type of data, organizations need to determine which applications,
database, storage subsystems, and backup media manipulate and store the information. Once
the location of the data has been identified, one will need to determine specified, details of
each location such as application Database version, storage size and OS version. This process
will also help illustrate issues around assessing the impact of data privacy implementations on
business logic in applications and databases, which will be discussed in more in the sections
below.
Determine data access models
This process includes identifying which applications, users, and processes access the data. In
addition, the mode of access needs to be defined. For example, if an application accesses a
database, access, or some other mode. The ultimate goal is to identify different points of
3
integration for a data privacy solution that provides the highest level of security with the most
ease of integration. This will help to ensure that all applications and users that currently
access data will continue to function as originally designed.
1.4 Define Security Policy Around Identified Data
Once the data identification and classification process is complete you are now to develop a
security policy around the appropriate data. Most security minded organizations have a
recommended process for developing security policies and while we strongly encourage
companies to leverage existing policies and guidelines, it is important to, at a minimum;
achieve the following objectives when defining a security around data privacy.
Acceptable Threat Level
Most organizations want maximum security for their sensitive data, it is important to realize
that deploying a data privacy solution can range from simple to complex depending on such
factors as data to be encrypted and access methods. While an organization can deploy security
technologies and adhere to all well known procedures, there will always be some level of
vulnerability to data. As result, organizations considering a data privacy solution must put a
stake in the ground and determine an acceptable of threat. Keep in mind that the sooner in the
data processing lifecycle that the data is encrypted, the more the overall environment. in
reality, determine the acceptable levels of threat within an enterprise is a function of security
policy, resources for implementation, and the inherent reality that there will be people and
processes that ultimately must access sensitive data in the clear.
Authentication and Authorization Policies
Develop an authentication and authorization policy that coverage best practices and historical
information to help determine which users, processes, and applications have to sensitive
information. For example, a lead architect of a data privacy solution may know that the
person who will deploy the solution will ultimately have access to sensitive data in the clear
and be willing to accept that risk. This will help not only ensure a more secure solution but
will also create a user or application based policy for the access of critical information.
1.5 Authentication’s and Authorization
Authentication and authorization is a critical component of any data privacy solution
deployed within an enterprise .An authentication component will allow the enterprise to
restrict which users are allow to see access data in the clear. If deployed correctly and coupled
with an authorization component, this can provide a strong layer of security which encryption
is being deployed at the application or database level, and that leverages standard application
4
or database security measures to access controls for both data and the keys used to unlock that
data. Once a user is authenticated, it is important to incorporate a solution that restricts user
access to only designated keys and specific cryptographic.
1.6 Essential Building Blocks of Data Privacy
As we seen above, there are clear choices regarding the modes of implementation when
considering a data privacy solution. Clearly all of this option varies in term of security model,
yet each provides of a level of protection aligned with the potential requirements of
enterprises. While this model may vary, there are also strong commonalties shared across all
model of implementation that representation of foundation of data privacy implementation.
This component are key to deploying a data privacy solution, regardless of the model chosen
and ensure security, scalability and the able to deploy in production environments. When
choosing a data privacy solution, it is essential understand each component and obtain a
solution that encompasses all of these elements.
1.6.1 Secure Key Management
One of the essential components of encryption that is often overlooked as management, which
referred to the way cryptographic keys as generated and managed throughput their life. When
evaluating a data privacy solution, it is essential to include the ability to secure to secure
generated and managed keys. This can often may be achieved by centralizing all of the takes
of key management on a single management and effectively automotive administrative key
management takes, which will lead the both operation efficient and reduce cost of
management. Data privacy solution should also include an automated and secure mechanism
for key rotation, replication and backup
1.6.2 Cryptographic Operation
Enterprise evaluation data privacy solution should fully understand the capabilities of
cryptographic operations. This includes when to use certain algorithm to secure data, hashing
function and keyed hashes for data elements such as passwords and digital signatures to
ensure no repudiation. Additionally data privacy solution should be designed and deployed to
leverage both symmetric and asymmetric algorithms and both have an important role in the
over all design of a proper solution.
5
1.6.3 Authentication and Authorization
Authentic and authorization are critical components of any data privacy solution deployed
within an enterprise. An authorization component will allow the enterprise to restricts which
users are allow to see access data in the clear. If deployed correctly and coupled with an
authorization components, this can provide a strong layer of security which encryption is
being deployed at the application of database level and that leverages standard application or
database security measure of access controls for both data and the keys use to unlocks that
data. Once a user authentication, it is important to incorporate a solution that restricts user
access to only designed keys and specified cryptographic function. This type of feature will
allow an enterprise to further restrict users and segment data security functionality.
1.6.4 Logging, Auditing and Management
When encryption data within an enterprise, one has to consider the fact that data, keys and
logs will be accessed, encrypted, managed and generated on multiple devices and in multiple
locations. When considering an enterprise an enterprise wide solution, it is essential to
consider one that will enable the administrator to centrally log and audit access to data keys.
Doing so will address three fundamental necessities of deploying a data privacy solution.
- First, I will reduce the cost management by leveraging a single and centralized interface.
-Second, it will ensure a more secure solution by providing a centralized mechanism with
which to view information as attacks occur.
-Third, it will allow an enterprise to ensure compliance with logging and auditing
requirements as set forth by several vertical and state driven legislative measures.
1.6.5 Backup and Recovery
There are two essential components to consider whet evaluation backup and recovery within
the context of a data privacy solution. First, one must design a mechanism to backup all
cryptographic keys and configuration information this must include mechanism that can
appropriately and relevantly restore all the information after an unplanned outage and it must
include a mechanism which the keys are secured once they have bee backed up from a secure
device. Failure to design a secure mechanism foe backing up cryptographic keys in a location
will significantly affect the overall security of the solution.
Secondly, as the enterprise considers key rotation as part of a proper security strategy, they
must also design a mechanism with which to associate cryptographic keys to periods of time
during which the keys used. Doing so will enterprise to restore encryption data and decrypt it
with the appropriate cryptographic keys.
6
1.6.6 Hardware
Today’s complex and performance sensitive environment require the use of specialized
cryptographic chipsets whose sole purpose and design are build around handling high volume
cryptographic operations. Doing so will help restore application, database, and storage system
to optimal performance levels. Furthermore today’s hardware can also be leveraged to
enhance overall security by storing sensitive cryptographic secret keys in hardware to
minimize the threat to key theft.
1.7 Objective of the Thesis
The main objective of thesis is to design a new algorithm for transferring secure files from
one place to another. For this perpose new algorithm “Information Encryption By Zigzag
Rules with Dynamic Block and Key” is used. By this process files can be encrypted in very
less amount of time but very lerge amount of time is needed for cryptanalysis.
1.8 Organization
In Chapter-2 Data Encryption and Decryption, Chapter-3 Various Components of
cryptography, Chapter-4 Literature Review, Chapter-5 Present Works and in Chapter-6
Proposed Algorithm is discussed.
7
CHAPTER 2
Data Encryption and Decryption
2.1 Data Encryption
Data encryption is simplest terms; it is translation of data into a secret code. The messages to
be encrypted, known as the plaintext, are transformed by a function that is parameterized by a
key. The output of the encryption process known as chipertrext is then transmitted, often by
messenger or though computer networks. However, unlike the intended recipient, he does not
know what the decryption key is and so cannot decrypt the chipertext easily. Sometimes the
intruder can listen to the communication channel (positive intruder). The process of data
encryption is illustrated in fig.-2.1.
But can also record messages and play then back latter inject his own messages, or modify
legitimate messages before they get to the receiver (active intruder). The art of breaking
ciphers is called cryptanalysis. The art of devising ciphers (cryptography). And breaking then
(cryptography) is collectively known as cryptology.
It will often be useful to have a notation for relation plaintext, and keys. We will use C = Ek
(p) to mean that the encryption of the plaintext P using key k gives the cipher text C.
Similarly , P=Dk(c) represents of decryption of C to get the plaintext again. It then follows
that [3]. Dk (Ek(c))
Encryptio
n method
Decryption
method
Passive
intruder
just listens
Intruder
Active
intruder can
alter
Enryption Key,
K
Ciphertext,
C=EK(P) Decryption
Key, K
Fig 2.1: The Encryption Model
8
2.2 Conventional Encryption
Conventional encryption, also referred to as symmetric encryption or single key encryption,
was the only type of encryption in use prior to introduction of public key encryption in the
late 1970s. Countless individuals and groups, from Julius Caesar to the German U-boat force
to present diplomatic, military, and commercial users, have used conventional encryption for
secret communication. It remains by far the more widely used of the two types of encryption.
A Conventional encryption scheme has five ingredients:
Plaintext: This is the original message or data that is fed into the algorithm as input.
Encryption Algorithm: The Encryption Algorithm performs varies substitutions and
transformations on the plaintext.
Secret key: The secret key is also input to the encryption Algorithm. The exact
substations and transformations performed by the algorithm depend on the key.
Cipher text: this is the scrambled message produced as output. IT depends on the
plaintext and the secret key. For a given message, two different keys will produce two
different cipher texts.
Decryption Algorithm: this is essentially the encryption Algorithm run in reverse. It
takes the cipher text and the secret key and produces the original plaintext.
2.3 Requirements for Data Secure Use of Conventional Encryption
There are two requirements for secure use of conventional encryption:
Need a strong Encryption Algorithm. At a minimum, we would like the algorithm to be
such an opponent who knows the algorithm, and has access to one or more cipher texts would
be unable to decipher the cipher text or figure out the key. This requirement is usually stated
in a stronger form. The opponent should be unable to decrypt cipher text or discover the key
even if he or she in possession of a number of cipher texts together with the plaintext that
produced each cipher text.
Sender and receiver must have obtained copied of the secret key in a secure fashion and
must keep the key secure. If someone can discover the key in a secure and knows the all
communication using this key is readable.
2.4 Attacking on Conventional Encryption
There are two general approaches to attacking a conventional scheme. The first attack is
known as cryptanalysis. Cryptanalytic attacks rely in the nature of the algorithm plus perhaps
some knowledge of the general characteristics of the plaintext or even some sample plaintext
9
pairs. This type of attack exploits the characteristics of the algorithm to deduce a specific plan
text or to deduce the key being used
The second method, known as the brute force attack, is to try every possible key on a piece of
cipher text until an intelligible translation into plaintext is obtained. On average, half of all
possible keys must be tried to achieve success.
2.5 Various Level of Data Encryption
2.5.1 Application Level Encryption
Application level encryption allows enterprises to selectively encrypt granular data within
application logic. This solution also provides a strong security framework and, if designed
correctly, will standard application cryptographic Apls such as JCE, MS-CAPI, and other
interfaces, because this solution interface with the application, it provides a flexible frame
work that allows an enterprise to decide where in the business logic the encryption decryption
should occur. Some of these applications include CRM, ERP Internet –based applications.
This type of solution is well-suited foe data elements that are processed, authorizes, and
manipulated at the application tier. If deployed correctly, application level, encryption
protects data against attacks, theft of storage media, and application levels compromises, and
database attacks, for example form malicious DBAs. Although it is secure application
encryption also poses challenges. If data is encryption at the application, then all application
that access the encrypted data must be changed to support the encryption / decryption model.
Clearly, during the planning phase, an enterprise must determine which applications will need
to access the data that is being encrypted. Additionally, if an enterprise leverages business
logic in the database in the form of stored procedures and triggers, then the encrypted data can
break a stored procedure. As a result application level encryption may sometimes need to be
deployed in conjunction with database encryption so that the DBMS can decrypt the data to
run a specific function [4] .
2.5.2 Database –Level Encryption
Database –Level encryption allows enterprises to secure data as it is written to and read form
a database. This type of deployment is typically done at the column level within a database
table and, if coupled with database security and access controls, can prevent theft of critical
data. Database –level encryption protects the data within the DBMS and also protects against
a wide range of threats, including storage media theft, well known storage attacks, database
level attacks, and malicious DBAs. Database level model and also addresses a growing trend
towards embedding business logic within a DBMS through the use of stored procedures and
triggers. Since the encryption /decryption only occurs within the database. This solution does
not require some integration work at the database level, including modification of existing
10
database schemas and the use of triggers and stored procedures to undertake encrypt and
decrypt functions, Additionally, careful consideration has to the performance impact of
implementing a database encryption solution. First, enterprises must adopt an approach to
encrypting only sensitive fields. Second, this level of encryption must leverage hardware to
increase the level of security and to offload the cryptographic process in order to minimize
any performance impact. The primary vulnerability of this type of encryption is that it does
not protect against application attacks as the encryption function is strictly implemented
within the DBMS [4].
2.5.3 Storage-Level Encryption
Storage-level Encryption enables enterprises to encrypt data the storage subsystem, either at
the level or at the block level SAN. This type of encryption is well suited for encryption files,
directories, storage blocks, and tape media. In today’s large storage environments, storage
level encryption addresses a requirement to secure data without using LUN masking or
zoning. While this solution does provide the ability to segment workgroups and provides
some security, it presents a couple limitations:
First it only protects against a narrow range of threats, namely media theft and storage
system attacks. However, storage level encryption does not protect against most application
or database-level attacks, which tend to be the most prominent type of threats to sensitive
data.
Second, current storage security mechanisms only provide block-level encryption.
They do not give enterprise the ability to encrypt data within an application at the field level.
Consequently, one can encrypt an entire database, but not specific information housed within
the database [4].
2.6 Data Encryption Standard (DES)
2.6.1 Introduction
The algorithm is designed to encipher and decipher blocks of data consisting of 64 bits under
control of a 64-bit key. Deciphering must be accomplished by using the same key as for
enciphering process is the reverse of the enciphering process. A block to be enciphered is
subjected to an initial permutation IP, then to a complex key dependent computation I and
finally to a permutation which is the inverse of the initial permutation IP. The key dependent
computation can be simply defined in terms of a function f, called the cipher function, and a
function HS, called the schedule. A description of computation is given first, along with
details as to how the algorithm is used for encipherment. Next, the use of the algorithm for
decipherment is described. Finally, a definition of the cipher function f is given in terms of
primitive function which are called the selection function Si and the permutation function.
11
The following notation is convenient: given two blocks K and R of bits , LR denotes the
block consisting of the bits of L followed by of R . Since concatenation is associative, B1B2
……..B8 for example, denotes the block consisting of the bits of B2….. Followed by the bits
of B8 [5].
2.6.1 Enciphering
The bits of the input of be enciphered and first subjected to the following permutation, called
the initial permutation IP.
Table-2.1: Initial permutation (IP)
58 50 42 34 26 18 10 2
60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8
57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7
That is the permuted input has 58 of the input as first bit, bit 50 as its second bit, and so on
with bit 7 as its last bit, The permuted input block is then the input to a complex key
dependent computation described below. The output of that computation, called the
preoutput, is then subjected to the following permutation, which is the inverse of the initial
permutation:
Ip1
40 8 48 16 56 24 64 32
39 7 47 5 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 34 3 11 51 19 59 27
33 4 2 42 10 50 18 58
33 1 41 9 49 17 57 25
Fig 2.2: Inverse of the initial permutation
That is out put of the algorithm has bit 40 of the preoutput block as its first bit, bit 8 as its
second bit, and so in until bit 25 of 40 the preoutput block is the last bit of the output.
The computation which uses the permuted input block as its input to produce the pre out
block consists m but for a final interchange of blocks, of 16 iterations of a calculation that is
12
described below in terms of the cipher function f which operates on blocks, one of 32 bits and
one of 48 bits , and produces a blocks of 32 bits.
Let the 64 bits of the input block to iteration consist of a 32-bit block L followed by a 32 bits
blocks R, Using of notation defined in the introduction, the input blocks are then LR. Let KK
be a block of 48 Bits chosen from the 64-bit key. Then the output L’P’; of an iteration with
input LR is defined by:
(1) L’=R
R’ = L (+) f(R, K)
Where (+) denotes bit – by addition modulo 2.
As remarked before, the input of the first iteration of the calculation is the permuted input
block .If L’R’is the output of the 16 Th iteration then R’L’ is the pre out put block. At each
iteration a different block K of key bits is chosen from the 64 –bits key designated by Key.
With more notations we can describe the iteration of the computation in more detail. Let KS
be a function which takes an in the range from 1 to 16 and a 64 bits block Key as input and
yields as out put a 48 bit lick Kn which is a permuted selections of bits from Key., that is (2)
Kn = KS (n,Key).
With Kn determines by the bits in 48 distinct bit position of Key. KS is called the key
schedule because the block K used in the nth iteration of (1) is the block) Kn determined by
(2) As before, let the permuted input block be LR. Finally, let and L0
and R0 be respectively L and R and let Ln and Rn be respective and R’ of (1) when Land R are
respectively Ln-1 and R n-1 and k is kn that , when n is the range from 1 to 16,
(3) Ln=Rn-1
Rnn=Ln-1(+)f(Rn-1,Kn)
The preoutput block is then R16L16
The key schedules KS if the algorithm is described in detail in the Appendix. The key
schedule produces 16 Kn, which are required for the algorithm.
2.6.2 Deciphering
The permutation IP-1
applied to the preoutput block is the inverse of the permutation IP
applied to the input. Further, form (1) it follows that:
(4) R=L
L = R (+) f (L, K)
Consequently, to decipher it is only necessary to apply the very same algorithm to an
enciphered message block, taking care that at each iteration of computation the same block of
key bits K is used during decipherment as was use d during the encipherment of the block.
Using the notation of the previous section, this can be expressed by the equations:
13
(5) Rn-1 =Ln
Ln-1 = Rn (+) f (Ln, Kn)
Where now R16 L16 is the permuted input block for the deciphering calculation and L0 and
R0 is the preoutput block. That is, for the decipherment calculation with R16 L16 as the
permuted input, K16 is used in first iteration, K15 in the second, and so on, the cipher Function
f.
Let E denote a function which takes a blocks of 322 bits as input and yields a block of 48 bits
as out put, written as 8 blocks of 6 bits each, are obtained by selecting the in its input in order
according to the following table:
Table-2.2 E Bit-Selection
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 27 29
28 29 30 31 32 1
Thus the first three bits of E(R) are the bits in positions 32, land 2 of R while the last the 2
bits of E(R) are the bits in positions 32and 1. Each of the unique selection functions
S1S2….S8 ,takes a 6 bits block as input and yields and yields a 4 bits block as out put as and
is illustrated by using a table containing the recommended S1.
Row Column Number
No 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 14 4 13 1 2 11 8 3 10 6 12 5 9 0 8 1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
If S1 is the function defined ion this table and B is a block of 6 bits, then S1 (B) is determined
ass follows: The and last bits of B represent in a number in the range 0 to 3. . Let that number
be i. the middle 4 bits represent in base 2 numbers in the range 0 to 15.
14
CHAPTER 3
Components of Cryptography
3.1 Introduction
Encryption key is the most important factor for data encryption, various key uses in
encryption:
Public- key
Symmetric-key
Private-key
3.1.1 Public Key Encryption
In 1976, two researchers at Stanford university define and hellman (1976) proposed a
radically new kind of cryptosystem, one in which the encryption and decryption keys were
differ, and decryption key could not feasible be derived from the encryption key. In their
proposals the (keyed) encryption algorithm, E, and the (keyed) decryption algorithm D had to
meet requirements [6]. These requirements can be started simply as follows:
1. D (E (P)) =P
2. It is exceedingly difficult to deduce D from E.
3. E can not be broken by a chosen plaintext attack.
The first requirement says that if we apply to D to and encrypted message, E (P) ,we get the
original plaintext message P back. Without this property the legitimate receiver could not
decrypt the cipher text. the second requirement speaks for itself the third requirement is
needed because as we shall see in a moment ,intruders may experiment with the algorithm to
their hearts content ,under these conditions there is no reason that the encryption key cannot
be made public. The method works likes this, a person says Alice wanting to receive secret
messages, first devices two algorithms meeting the above requirements. The encryption
algorithm and Alice’s d key are them made public, hence the name public key cryptography.
3.1.2 Public-Key Management
Public-key cryptography makes it possible for people who do not share a common key to
communicate security .It also makes signing message possible with out the presence of a
trusted third part, finally signed message digests makes it possible to verify the integrity of
receive message easily.
15
Securely, however there is one problem that we have glossed over a bit too quickly, if alice
and bob do not know each other problem how do they get each others public keys to start
communication process? The obvious solution put your public key on our web sides do not
work for the following reason. Suppose that alice wants to look u p bobs p public key on his
web site. How does she do it? She starts b typing in Bob’s URL .her browser then look up the
DNS address of bobs home page and send it to get a get request. Unfortunately Trudy
intercepts the request and replies with a fake home page probably a copy of bobs home page
excepts for the replacement of bobs publics with Trudy public key. When Alice now encrypts
her first’s message with Er. Trudy decrypts it reads re encrypts with bobs public key, and send
it to bob, who is none wiser that Trudy is reading h is incoming message. Worse ET Trudy
modifies the message before re encrypting them for bob. Clearly, some mechanism is needed
to make sure that public keys can be exchanged [7].
3.1.3 Advances of Public Key Management
1. Only the private key must kept secret (authenticity of public keys must, however, be
guaranteed).
2. The administration of keys on a network requires the pretences of only a functionally
trusted TTP as oppose to an unconditionally trusted TTP. Depending on the mode of
usage the TTP might only be required in an off line manner, as opposed to in real time.
3. Depending on the mode of usage a private key /public key pair may remain.
4. Unchanged for considerable periods of time, e,g, ,any session (even several years).
5. Many public key schemes yield relatively efficient digital signature mechanisms .the
key used to described the public verification function is typically much smaller them for the
symmetric-key counterpart.
6. In s large network the number of keys necessary may be considerably smaller then in the
symmetric-key scenario.
3.1.4 Disadvantages of Public Key Encryption
1. Throughput rates for the most popular public encryption methods are several order of
magnitude slower then the best known symmetric schemes key.
2. Keys sizes are typically much larger than this required for symmetric keys encryption,
the size of public key signature is larger then of tags providing data origin authentication from
symmetric-key- techniques.
3. No public key scheme has been proven to be secure (the dame can be said for block
ciphers). This most effective public key encryption schemes found to date have their security
based on the presumed difficult of small set of number theoretic problems.
16
3.2 Advantages of Symmetric Key Encryption:
1. Symmetric key ciphers can be designed to have high rates of data throughput.
2. Keys for symmetric key cipher are relatively short.
3. Symmetric key ciphers can be employed as primitives as to construct various
cryptographic mechanism including pseudorandom number generators, hash functions, and
computationally efficient digital signature schemes, to name just a few.
4. Symmetric keys ciphers can be compressed to produce strong cipher, simple
transformations which are east to analyze, but on there on week, can be used to contract
strong product ciphers.
3.3 Disadvantages of Symmetric-Key Encryption
1. In a two party communication the key must remain secret at both ends.
2. In s large network there are many key must remain secret at both ends, effective key
management require the use of an unconditionally trusted TTP.
3. In two party communications between entities A and B send cryptographic practice
dictates that the key be changed frequently, And perhaps for each communication session.
4. Digital signature mechanism arising from symmetric encryption typically requires either
large keys for the public verification function or the use of a TTP.
3.4 Descriptions About Various Ciphers
3.4.1 Substitution Cipher
In a substitution cipher each letter or group of letters is replaced by another know letter or
group of letter to disguise it. One of the oldest known ciphers is the Caesar cipher. Attributed
to Julies caser. In this method a becomes D, b becomes E, c becomes F…. And Z becomes C.
for example, attack becomes DWWDFN. In examples, plaintext will be given in lower case
letters, and cipher text in upper case letter [8].
A slight generalization of the caser cipher allows the cipher text alphabet to be shifted by k
letters, instead of always 3; in this case k becomes a keys to the general. Method of circularly
shifted alphabets. The caser cipher may have fooled the Carthaginians, but it has fooled
anyone since.
The text improved is to have each of the symbols in the plaintext, say, the 26 letter for
simplicity, map onto some other letter for example,
Plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z
Cipher text: Q W E R T Y U I O P A S D F G H J K L Z C V B N M
17
The general system of symbol for symbol substitutions called a mono alphabetic substation,
with the key being the 26 letter string corresponding to the full alphabet .for the key above the
plaintext attack world is transformed into the cipher text QZZQEA.
At first glance this might appear to be a safe system because although the cryptanalyst knows
the general system (letter for letter substitution), he does not know which of the 26! ~4x1026
possible keys is in use .in contract with the Caesar cipher, typing all of them is not a
promising approach, even at 1mcro per solution a computer world take 10 years to try all the
keys.
Nevertheless, given a surprisingly small amount of cipher of text, the cipher can be broken
easily. The basic attack takes advantages of the statistical properties of natural languages .In
English for example e is the most common letter followed by t,o,a,n,I etc. the most common
two-letter combinations, or trigrams are the, ing, and, and ion.
A cryptanalyst trying to break a monoalphabetic cipher would start out by counting the
relative frequencies of all letters in the cipher text. Then he might tentatively assign the most
common one to e ad the text most common one to t.h4. Symmetric keys ciphers can be
compressed to produce strong cipher, simple transformations which are east to analyze, but on
there on week, can be used to contract strong product ciphers.
In general use more than one substitution alphabet.
Makes cryptanalysis harder since has more alphabets to guess.
And because flattens frequency distribution (since same plaintext letter gets replaced
by several cipher text letter, depending on which alphabet is used)
Vigenere cipher:
• Basically multiple Caesar ciphers
• Key is multiple letters long k = k( 1 )k(2)... k(d)
• ith letter specifies ith alphabet to use
• Use each alphabet in turn, repeating from start after d letters in message
Plaintext: THISPROCESSCANALSOBEEXPRESSED
Keyword: CIPHERCIPHERCIPHPRCIPHERCIPHE
Cipher text: VPX ZTIQKTZWTCVPSWFDMTET1GAHLH
Can use a Saint-Cry Slide for easier encryption
Based on a vigenere Tableau
18
ABCDEFGHIJKLMNOPQRSTUVWXY
A ABCDEFGHIJKLMNOPQRSTUVWXYZ
B BCDEFGHIJKLMNOPQRSTUVWXYZA
C CDEFGHIJKLMNOPQRSTUVWXYZAB
D DEFGHIJKLMNOPQRSTUVWXYZABC
E EFGHIJKLMNOPQRSTUVWXYZABCD
F FGHIJKLMNOPQRSYUVWXYZABCDE
G GHIJKLMNOPQRSTUVWXYZABCDEF
H HIJKLMNOPQRSTUVWXYZABCDEFG
I LIKLMNOPQRSTUVWXYZABCDEFGH
J JKLMNQPQRSTUVWXYZABCDEFGHI
K KLMNOPQRSTUVWXYZABCDEFGHIJ
L LMNOPQRSTUVWXYZABCDEFGHIJK
M MNOPQRSTUVWXYZABCDEFGHIJKL
NNOPQRSTUVWXYZABCDEFGHIJKLM
OPQRSTUVWXYZABCDEFGHIJKLMN
QRSTUVWXYZABCDEFGHIJKLMNO
QRSTUVWXYZABCDEFGHIJKLMNOP
RSTUVWXYZABCDEFGHIJKLMNOPQ
STUVWXYZABCDEFGHIJKLMNOPQR
TUVWXYZABCDEFGHIJKLMNOPQRS
UVWXYZABCDEFGHIJKLMNOPQRST
V VWXYZABCDEFGHIJKLMNOPQRSTU
WWXYZABCDEFGHIJKLMNOPQRSTUV
X XYZABCDEFGHIJKLMNOPQRSTUVW
Y YZABCDEFGHIJKLMNOPQRSTUVWX
Z ZABCDEFGHUKLMNOPQRSTUVWXY
Can describe this cipher as: given k = k (1) k (2)... k (d)
Then f(iXa) = a + k(i) (mod n)
3.4.2 Transposition Cipher
Substitution ciphers preserve the order of the plaintext symbols but disguise them.
Transposition Ciphers, in contrast, reorder the letters but do not disguise them. Figure 8-3
depicts a common transposition cipher, the columnar transposition. A word or phrase not
19
containing any repeated letters keys the cipher. In this example, MEGABUCK is the
key. The purpose of the key is to number the columns, column 1 being under the key
letter closest to the start of the alphabet, and so on The plaintext is written
horizontally, in row padded to fill the matrix if need be. The cipher text is read out by
columns, starring with the column whose key letter is the lowest [8].
M R G A B U C K
7 4 5 1 2 8 3 6
P 1 E a s e T R
A N S f e r O n
E M 1 1 1 i O N
D O 1 1 a r S t
O M Y s w i S S
B A N k a c C 0
U N T s i X T w
O T W o a b C d
Figure 3.1 A transposition cipher
Plaintext
please transferonemilliondollarsto
myswissbankaccountsixtworwo
chipertext
AFLLSKSOSELAWAIATOOSSCTCLNMOMANT
ESILYNTWRNNTSOWDPAEDOBUOERIR1CXB
To break a transposition cipher, the cryptanalyst must first be aware that he is dealing
with a transposition cipher. By looking at the frequency of E, T, A, O, I, N, etc. It is easy
to see if they fit the normal pattern for plaintext, if so, the cipher is clearly a transposition
cipher, because in such a cipher every letter represents itself, keeping the frequency
distribution intact.
The next step is to make a guess at the number of columns, in many cases a
probable word or phrase may be guessed at from the context. For example suppose that
our cryptanalyst suspect that the plaintext phrase may be guessed at from the context. For
example, suppose that our cryptanalyst suspects that the plaintext phrases million dollars
occur somewhere in the message. Observe that diagrams K4OJL, LL, IA, IR and OS occur
in the cipher text as a result of this phrase wrapping around. The cipher text letter O
follows the cipher text letter M (i.e., they are vertically adjacent in column 4) because they
20
are separated in the probable phrase by a distance equal to the key length. If a key of length
seven had been used, the diagrams Ml), IO, LL, LL, IA, OR, and NS would have occurred
instead. In fact, for each key length, a different set
Of diagrams is produced in the cipher text. By hunting for the various possibilities, the
cryptanalyst can often easily determine the key length.
The remaining step is to order the columns. When the number of columns, k, is small,
each of the k (k-l) columns pairs can be examined to see if its diagram frequencies
match those for English plaintext. The pair with the best match is assumed to be
correctly positioned. Now each remaining column is tentatively tried as the successor to this
pair. The column whose diagram and trigram frequencies give the best match is
tentatively assumed to be correct. The predecessor column is found in the same way. The
entire process is continued until a potential ordering is found. Chances are that the plaintext
will be recognizable at this point (e.g., if million occurs, it is clear what the error is).
Some transposition ciphers accept a fixed-length block of input and produce a fixed-length
block of output. These ciphers can be completely described by giving a list telling the
order in which the characters are to be output. For example, the cipher of the fig. 8-3 can
be seen as a 64-character block cipher. Its output is 4, 12, 20, 28, 36, 44, 52, 60, 5, 13, . . .
62. In other words, the fourth input character, a, is the first to be output, followed by
twelfth,/ and so on.
3.5 Caesar Cipher
• Replace each letter of message by a letter a fixed distance away.
• Reputedly used by Julius Caesar
Example:
L FDPH L VDZ L FRQTXHUGHG I CAME I SAW I CONQUERED
I.e., mapping is
ABCDEFGHIJKLMNOPQRSTUVWXYZ DEFGHIJKLMNOPQRSTUVWXYZABC
3.6 Beauford Cipher
• Similar to vigenere but with alphabet has written backwards.
• can be described by
given K=k(l)k(2)...k(d)
then f(i) (a)=(k(i)-a)(mod n)
and its inverse is
f](ir(-l)(a)=(k(i)-c)(nK>dn)
key = d
21
Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher:
DCBAZYXWVUTSRQPONMLKJIHGFE
3.6.1 Varient-Beauford Cipher
Just the inverse of the vigenere (decrypts it) given K=k(l) k(2)....k(d) then f(Ii)(a)- a-
k(iXmodn)
3.7 Modular Arithmetic Mono-alphabetic Cipher
More generally could use a more complex equation to calculate the ciphetext letter for
each plaintext letter
E (a,b): i ->a.i + b mod 26
A must not divide 26 (i.e., gad (a,26) = 1)
Otherwise cipher is not reversible, e.g.,
a=2 and a=0, b=l, c=2, y=24, z=25
e.g. E(5 7): i->5.i + 7 mod 26
Cryptanalysis
Use letter frequency counts two guess couple of possible letter mappings (frequency
pattern not produced just by shift) Use these mapping to solve 2 simultaneous
equations to derive aboveParameters.
3.8 Language Redundancy & linicity Distance
•Claude Shannon derived several important results about the information
content of languages in 1949.
• Entropy of a message H (X) is related to the number of bits of information
needed to encode a message X.
Cannot exceed log(2) in bits for n messages
• The rate of language for messages of length k denotes the average number of
bits in each character.
D= F (H (M), k)
• Rate of English is about 3.2 bits/letter.
• Distinguish information context and redundancy.
• Shannon defined the unicity distance of a cipher to give a quantitative measure
of: the security of a cipher (must not be too small)
• the amount of cipher text N needed to break it N= F(H(K),D)
22
Where H(K) is entropy (amount of info) of the key, and is D the rate of the language used
for polynomial based mono-alphabetic substitution ciphers have: N= F(H(K),D)=
F(log_(2)26,3.2)=1.5
Hence only need 2 letters to break. For general mono-alphabetic substitution ciphers have
N= F(H(K),D)= F(log_(2)n!,D)= F(log_(2)26!,3.2)- F(26 log_(2)F(26,e),3.2)=27.6 hence
only, need 27 or 28 letters to break. For poly-alphabetic substitution ciphers, if have a
possible keys for each simple subs, and d keys used, then N= F(H(K),D)=
F(log_(2)sA(d),D)= F(d log_(2)26,3.2)= 1.5d
hence need 1.5 times the number of separate substitutions used letters to break the
cipher but first need to determine just how many alphabets were used :
• Kasiski method
• Index of coincidence
3.9 Kasiski Method
Use repetitions in cipher text to give clues as to period, looking for same plaintext an exact
period apart, leading to same cipher text
Plaintext: TOBEORNOTTOBE
Key: NOWNOWNOWNOWN
Cipher text: GCXRCNACPGCXR
Since repeats are 9 characters apart, guess period is 3 or 9 times.
3.10 Index of Coincident
William Friedman introduced Index of coincidence (IC) in 1920s
Measures variation of frequencies of letters in cipher text o period = 1=> simple subs =>
variation is high, IC high o period = 1=> ploy subs => variation is reduced, IC low o first
define a measure of roughness (MR) giving variation of frequencies of individual characters
relative to a uniform distribution.
23
CHAPTER 4
Literature Review
4.1 Introduction Several encryption algorithms exist in present. Each algorithm has its own feature. Following
several existing algorithm are described.
4.2 RSA Algorithm
4.2.1 Introduction
The RSA algorithm is named after Ron Rivest, Adi Shamir and Len Adleman, who invented
it in 1977. The basic technique was first discovered in 1973 by Clifford Cocks of CESG (part
of the British GCHQ) but this was a secret until 1997. The patent taken out by RSA Labs has
expired.
The RSA algorithm can be used for both public key encryption and digital signatures. Its
security is based on the difficulty of factoring large integers.
4.2.2 Description
The only catch that we needed to find algorithms that satisfy all there requirements. Due to
the potential advantaged of public key cryptography, many researchers are hard at work, and
some algorithms have already been published. In a good method was discovered by a group at
M.L.T [9]. It is known by the initials of the three discoverers (Rivest, Shamir, Ademan);
RSA. It has survived all attempts to break it for more than quarter of a century and is
considered very strong. Much practical security is based on it .its major disadvantages is that
it require keys of at least 1024bits for good security (versus 128 bits for symmetric key
algorithms), which makes it quite slow.
The RSA method is based on same principals from number theory. We will now summarize
how to use the method for detail consults the paper.
1.Choose two large primes, and q (typically 1024 bits),
2.Compute n = p q = (p-1) (q-1).
3.Choose a number relatively prime to z and call it d.
4. Find e such that e d = I mod z.
With this parameters computed in advance we are ready to being encryption divide the plain
text (regarded as a bit strong) into blocks so that each plain text message. P, falls in the
24
interval 0<p<n.do that by grouping the plain text into blocks of k bits, which k is large the
integer for which 2k<n is true.
To encrypt a message, p, compute C = Pe (mod n. To decrypt C, compute P = C
d (mod n). It
can be proven that for all P in the specified range, the encryption and decryption functions ate
inverse, to performs the encryption, you need e and e and n. To perform the decryption, you
need d and n, therefore, the public key consist of the pair (e, n), and the private key consists of
(d, n). The security of the method is based on the difficulty of factoring large numbers. If the
cryptanalyst could factor (public known) n, he could then find p and q, and from this z.
Equipped with knowledge of z and e, d can be found using Euclid’s algorithm. Fortunately,
mathematicians have been trying to factor large number for at least 300 years, and the
accumulated evidence suggests that it is an exceeding difficult problem.
Accordingly to Rivest and Colleagues, factoring a 500-digit number requires 1025
years using
brutes force. In both cases, they assume the best-known algorithm and a computer with a 1-
sec instruction time. Even if computers continues to get faster by an orders of magnitude per
decade, it will be centuries before factoring a 500–digit number becomes feasible, at which
time our descendants can simply choose p and q still larger.
A trivial pedagogical example of how the RSA algorithm works. For this example we have
chosen p = 3 and q = 11,givingg n=33 d=20. A suitable value for d is d=7. Since 7 20 have no
common factors with thee choices. e can be found by solving the equation 7e= 1(mod 20) ,
which yields e=3 . The chipper text. C. For a plain text massage. P, is giving by C=P3 (mod
33). The cipher text is decrypted by the receiver by making use of the rule P=c7 (mod 33). The
figure shows the encryption of the plain text “SOZANNE” as an example 4.1.2.
Because the primes chosen for this example are so small. P must be less than 33. So each
plain text block can contain only single character. The result is a monoalphabatic substitution
cipher, not very impressive. If instead we had chosen P and q = 2 215, we should have n = 21024,
so each block could be up to 1024 bits or 128 eight-bit character, versus 8 characters for DES
and 16 characters for AES.
25
4.2.3 Example of RSA Algorithm
Symbolic Numeric p3 p3 (mod 33) c7 c7(mod ) Symbolic
S 19 6859 28 1349298512 19 S
U 21 9261 21 1801088541 21 U
Z 26 17576 20 128000000 26 Z
A 01 1 1 1 1 A
N 14 2744 5 78125 14 N
N 14 2744 5 78125 14 N
E 05 125 26 8031810176 5 E
4.2.4 Drawbacks of RSA Algorithm
RSA algorithm is static Encryption system, For all alphabets all time use their sequence
number. For hacker, may be not difficult to convert original data from encrypted file.
4.3 The Blowfish Algorithm
4.3.1 Introduction
The Blowfish algorithm describes Description of a New Variable-Length Key, 64-Bit Block
Cipher (Blowfish).
Blowfish, a new secret-key block cipher, is proposed. It is a Festal network, iterating a simple
encryption function 16 times. The block size is 64 bits, and the key can be any length up to
448 bits. Although there is a complex initialization phase required before any encryption can
take place, the actual encryption of data is very efficient on large microprocessors.
The cryptographic community needs to provide the world with a new encryption standard.
DES [10], the workhorse encryption algorithm for the past fifteen years, is nearing the end of
its useful life. Its 56-bit key size is vulnerable to a brute-force attack [11], and recent
advances in differential cryptanalysis [12] and linear cryptanalysis [13] indicate that DES is
vulnerable to other attacks as well.
If the world is to have a secure, unpatented, and freely- available encryption algorithm by the
turn of the century, we need to develop several candidate encryption algorithms now. These
algorithms can then be subjected to years of public scrutiny and cryptanalysis. Then, the hope
is that one or more candidate algorithms will survive this process, and can eventually become
a new standard.
Fig. 4.1 Example of RSA Algorithm
26
This paper discusses the requirements for a standard encryption algorithm. While it may not
be possible to satisfy all requirements with a single algorithm, it may be possible to satisfy
them with a family of algorithms based on the same cryptographic principles.
4.3.2 Areas of Application
A standard encryption algorithm must be suitable for many different applications:
Bulk encryption. The algorithm should be efficient in encrypting data files or a continuous
data stream.
Random bit generation. The algorithm should be efficient in producing single random bits.
Packet encryption. The algorithm should be efficient in encrypting packet-sized data. (An
ATM packet has a 48- byte data field.) It should implementable in an application where
successive packets may be encrypted or decrypted with different keys.
Hashing. The algorithm should be efficient in being converted to a one-way hash function.
4.3.3 Platforms
A standard encryption algorithm must be implementable on a variety of different platforms,
each with their own requirements. These include:
Special hardware: The algorithm should be efficiently implementable in custom VLSI
hardware.
Large processors: While dedicated hardware will always be used for the fastest applications,
software implementations are more common. The algorithm should be efficient on 32-bit
microprocessors with 4 Kbytes program and data caches.
Medium-size processors. The algorithm should run on microcontrollers and other medium-
size processors, such as the 68HC11.
Small processors. It should be possible to implement the algorithm on smart cards, even
inefficiently.
The requirements for small processors are the most difficult. RAM and ROM limitations are
severe for this platform. Also, efficiency is more important on these small machines.
Workstations double their capacity almost annually. Small-embedded systems are the same
year after year, and there is little capacity to spare. If there is a choice, the extra computation
burden should be on large processors rather than small processors.
4.3.4 Additional Requirements
These additional requirements should, if possible, be levied on a standard encryption
algorithm.
27
The algorithm should be simple to code. Experiences with DES [13] show that programmers
will often make implementation mistakes if the algorithm is complicated. If possible, the
algorithm should be robust against these mistakes.
The algorithm should have a flat keyspace, allowing any random bit string of the required
length to be a possible key. There should be no weak keys.
The algorithm should facilitate easy key-management for software implementations. Software
implementations of DES generally use poor key management techniques. In particular, the
password that the user types in becomes the key. This means that although DES has a
theoretical keyspace of 256, the actual keyspace is limited to keys constructed with the 95
characters of printable ASCII. Additionally, keys corresponding to words and near words are
much more likely.
The algorithm should be easily modifiable for different levels of security, both minimum and
maximum requirements.
All operations should manipulate data in byte-sized blocks. Where possible, operations should
manipulate data in 32-bit blocks.
4.3.5 Design Decisions
Based on the above parameters, we have made these design decisions. The algorithm should
manipulate data in large blocks, preferably 32 bits in size (and not in single bits, such as
DES). Have either a 64-bit or a 128-bit block size. Have a scalable key, from 32 bits to at
least 256 bits. Use simple operations that are efficient on microprocessors: e.g., exclusive-or,
addition, table lookup, and modular- multiplication. It should not use variable-length shifts or
bit-wise permutations, or conditional jumps.
Be implementable on an 8-bit processor with a minimum of 24 bytes of RAM (in addition to
the RAM required to store the key) and 1 kilobyte of ROM.
Employ precomputable subkeys. On large-memory systems, these subkeys can be
precomputed for faster operation. Not precomputing the subkeys will result in slower
operation, but it should still be possible to encrypt data without any precomputations.
Consist of a variable number of iterations. For applications with a small key size, the trade-off
between the complexity of a brute-force attack and a differential attack make a large number
of iterations superfluous. Hence, it should be possible to reduce the number of iterations with
no loss of security (beyond that of the reduced key size).
If possible, have no weak keys. If not possible, the proportion of weak keys should be small
enough to make it unlikely to choose one at random. Also, any weak keys should be explicitly
known so they can be weeded out during the key generation process.
Use subkeys that are a one-way hash of the key. This would allow the use of long passphrases
for the key without compromising security.
28
Have no linear structures (e.g., the complementation property of DES) that reduce the
complexity of exhaustive search [13].
Use a design that is simple to understand. This will facilitate analysis and increase the
confidence in the algorithm. In practice, this means that the algorithm will be a Feistel iterated
block cipher [14].
4.3.6 Building Blocks
There are a number of building blocks that have been demonstrated to produce strong ciphers.
Many of these can be efficiently implemented on 32-bit microprocessors.
Large S-boxes. Larger S-boxes are more resistant to differential cryptanalysis. Key-dependent
S-boxes. While fixed S-boxes must be designed to be resistant to differential and linear
cryptanalysis, key-dependent S-boxes are much more resistant to these attacks.
Combining operations from different algebraic groups. The IDEA cipher introduced this
concept, combining XOR mod 216
, addition mod 216
, and multiplication mod 216
+1. The
MMB cipher uses a 32-bit word, and combines XOR mod 232 with multiplication mod 232-1 .
Key-dependent permutations. The fixed initial and final permutations of DES have been long
regarded as cryptographically worthless. Khufu XORs the text block with key material at the
beginning and the end of the algorithm [13].
4.3.7 Blowfish
Blowfish is a variable-length key block cipher. It does not meet all the requirements for a new
cryptographic standard discussed above: it is only suitable for applications where the key does
not change often, like a communications link or an automatic file encryptor. It is significantly
faster than DES when implemented on 32-bit microprocessors with large data caches, such as
the Pentium and the PowerPC.
4.3.8 Description of The Algorithm
Blowfish is a variable-length key, 64-bit block cipher. The algorithm consists of two parts: a
key-expansion part and a data- encryption part. Key expansion converts a key of at most 448
bits into several subkey arrays totaling 4168 bytes.
Data encryption occurs via a 16-round Feistel network. Each round consists of a key-
dependent permutation, and a key- and data-dependent substitution. All operations are XORs
and additions on 32-bit words. The only additional operations are four indexed array data
lookups per round.
Subkeys:
Blowfish uses a large number of subkeys. These keys must be precomputed before any data
encryption or decryption.
29
1. The P-array consists of 18 32-bit subkeys:
P1, P2,..., P18.
2. There are four 32-bit S-boxes with 256 entries each:
S1,0, S1,1,..., S1,255;
S2,0, S2,1,..,, S2,255;
S3,0, S3,1,..., S3,255;
S4,0, S4,1,..,, S4,255.
The exact method used to calculate these subkeys will be described later.
Encryption:
Blowfish is a Feistel network consisting of 16 rounds (see Figure 1). The input is a 64-bit data
element, x.
Divide x into two 32-bit halves: xL, xR
For i = 1 to 16:
xL = xL XOR Pi
xR = F(xL) XOR xR
Swap xL and xR
Next i
Swap xL and xR (Undo the last swap.)
xR = xR XOR P17
xL = xL XOR P18
Recombine xL and xR
Function F (see Figure 2):
Divide xL into four eight-bit quarters: a, b, c, and d
F(xL) = ((S1,a + S2,b mod 232
) XOR S3,c) + S4,d mod 232
Decryption is exactly the same as encryption, except that P1, P2,..., P18 are used in the
reverse order.
Implementations of Blowfish that require the fastest speeds should unroll the loop and ensure
that all subkeys are stored in cache.
Generating the Subkeys:
The subkeys are calculated using the Blowfish algorithm. The exact method is as follows:
1. Initialize first the P-array and then the four S-boxes, in order, with a fixed string. This
string consists of the hexadecimal digits of pi (less the initial 3). For example:
P1 = 0x243f6a88
P2 = 0x85a308d3
P3 = 0x13198a2e
P4 = 0x03707344
30
2. XOR P1 with the first 32 bits of the key, XOR P2 with the second 32-bits of the key, and
so on for all bits of the key (possibly up to P14). Repeatedly cycle through the key bits until
the entire P-array has been XORed with key bits. (For every short key, there is at least one
equivalent longer key; for example, if A is a 64-bit key, then AA, AAA, etc., are equivalent
keys.)
3. Encrypt the all-zero string with the Blowfish algorithm, using the subkeys described in
steps (1) and (2).
4. Replace P1 and P2 with the output of step (3).
5. Encrypt the output of step (3) using the Blowfish algorithm with the modified subkeys.
6. Replace P3 and P4 with the output of step (5).
7. Continue the process, replacing all entries of the P- array, and then all four S-boxes in
order, with the output of the continuously changing Blowfish algorithm.
In total, 521 iterations are required to generate all required subkeys. Applications can store
the subkeys rather than execute this derivation process multiple times.
4.3.9 Mini-Blowfish
The following mini versions of Blowfish are defined solely for cryptanalysis. They are not
suggested for actual implementation. Blowfish-32 has a 32-bit block size and subkey arrays
of 16-bit entries (each S-box has 16 entries). Blowfish-16 has a 16-bit block size and subkey
arrays of 8-bit entries (each S-box has 4 entries).
4.3.10 Design Decisions
The underlying philosophy behind Blowfish is that simplicity of design yields an algorithm
that is both easier to understand and easier to implement. Through the use of a streamlined
Feistel network--a simple S-box substitution and a simple P-box substitution--I hope that the
design will not contain any flaws.
A 64-bit block size yields a 32-bit word size, and maintains block-size compatibility with
existing algorithms. Blowfish is easy to scale up to a 128-bit block, and down to smaller
block sizes. Cryptanalysis of the mini-Blowfish variants may be significantly easier than
cryptanalysis of the full version.
The fundamental operations were chosen with speed in mind. XOR, ADD, and MOV from a
cache are efficient on both Intel and Motorola architectures. All subkeys fit in the cache of a
80486, 68040, Pentium, and PowerPC.
The Feistel network that makes up the body of Blowfish is designed to be as simple as
possible, while still retaining the desirable cryptographic properties of the structure. Figure 3
is round i of a general Feistel network: Rn,i are reversible functions of text and key, and Ni is
31
a non-reversible function of text and key. For speed and simplicity, I chose XOR as my
reversible function. This let me collapse the four XORs into a single XOR, since:
R--1,i+1 = R1,i+1 XOR R2,i-1 XOR R3,i XOR R4,i
This is the P-array substitution in Blowfish. The XOR can also be considered to be part of the
non-reversible function, Ni, occurring at the end of the function. (Although equivalent, I
chose not to illustrate them in this way because it simplifies description of the subkey-
generation process.) There are two XORs that remain after this reduction: R1 in the first
round and R2 in the last round. I chose not to eliminate these in order to hide the input to the
first non-reversible function.
I considered a more complicated reversible function, one with modular multiplication and
rotations. However, these operations would greatly increase the algorithm's execution time.
Since function F is the primary source of the algorithm's security, I decided to save time-
consuming complications for that function.
Function F, the non-reversible function, gives Blowfish the best possible avalanche effect for
a Feistel network: every text bit on the left half of the round affects every text bit on the right
half. Additionally, since every key bit affects every subkey bit, the function also has a perfect
avalanche effect between the key and the right half of the text after every round. Hence, the
algorithm exhibits a perfect avalanche effect after three rounds and again every two rounds
after that.
I considered adding a reversible mixing function, more complicated than XOR, before the
first and after the last round. This would further confuse the entry values into the Feistel
network and ensure a complete avalanche effect after the first two rounds. I eventually
discarded the addition as a time- consuming complication with no clear cryptographic
benefits.
The non-reversible function is designed for strength, speed, and simplicity. Ideally, I wanted a
single S-box with 232
32-bit words, but that was impractical. My eventual choice of 256-entry
S-boxes was a compromise between my three design goals. The small-number of bits to large-
number of bits may have weaknesses with respect to linear cryptanalysis, but these
weaknesses are hidden both by combining the output of four S-boxes and making them
dependent on the key.
I used four different S-boxes instead of one S-box primarily to avoid symmetries when
different bytes of the input are equal, or when the 32-bit input to function F is a bytewise
permutation of another 32-bit input. I could have used one S-box and made each of the four
different outputs a non-trivial permutation of the single output, but the four S-box design is
faster, easier to program, and seems more secure.
The function that combines the four S-box outputs is as fast as possible. A simpler function
would be to XOR the four values, but mixing addition mod 232
and XOR combines two
32
different algebraic groups with no additional instructions. The alternation of addition and
XOR ends with an addition operation because an XOR combines the final result with xR.
If the four indexes chose values out of the same S-box, a more complex combining function
would be required to eliminate symmetries. I considered using a more complex combining
function in Blowfish (using modular multiplication, rotations, etc.), but chose not to because
the added complication seemed unnecessary.
The key-dependent S-boxes protect against differential and linear cryptanalysis. Since the
structure of the S-boxes is completely hidden from the cryptanalyst, these attacks have a more
difficult time exploiting that structure. While it would be possible to replace these variable S-
boxes with four fixed S-boxes that were designed to be resistant to these attacks, key-
dependent S-boxes are easier to implement and less susceptible to arguments of "hidden"
properties. Additionally, these S-boxes can be created on demand, reducing the need for large
data structures stored with the algorithm.
Each bit of xL is only used as the input to one S-box. In DES many bits are used as inputs to
two S-boxes, which strengthens the algorithm considerably against differential attacks. I feel
that this added complication is not as necessary with key- dependent S-boxes. Additionally,
larger S-boxes would take up considerably more memory space.
Function F does not depend on the iteration. I considered adding this dependency, but did not
feel that it had any cryptographic merit. The P-array substitution can be considered to be part
of this function, and that is already iteration-dependent.
The number of rounds is set at 16 primarily out of desire to be conservative. However, this
number affects the size of the P- array and therefore the subkey-generation process; 16
iteration permits key lengths up to 448 bits. I expect to be able to reduce this number, and
greatly speed up the algorithm in the process, as I accumulate more cryptanalysis data.
In algorithm design, there are two basic ways to ensure that the key is long enough to ensure a
particular security level. One is to carefully design the algorithm so that the entire entropy of
the key is preserved, so there is no better way to cryptanalyze the algorithm other than brute
force. The other is to design the algorithm with so many key bits that attacks that reduce the
effective key length by several bits are irrelevant. Since Blowfish is designed for large
microprocessors with large amounts of memory, I chose the latter.
The subkey generation process is designed to preserve the entire entropy of the key and to
distribute that entropy uniformly throughout the subkeys. It is also designed to distribute the
set of allowed subkeys randomly throughout the domain of possible subkeys. I chose the
digits of pi as the initial subkey table for two reasons: because it is a random sequence not
related to the algorithm, and because it could either be stored as part of the algorithm or
derived when needed. There is nothing sacred about pi; any string of random bits--digits of e,
RAND tables, output of a random number generator--will suffice. However, if the initial
33
string is non-random in any way (for example, ASCII text with the high bit of every byte a 0),
this non-randomness will propagate throughout the algorithm.
In the subkey generation process, the subkeys change slightly with every pair of subkeys
generated. This is primarily to protect against any attacked of the subkey generation process
that exploit the fixed and known subkeys. It also reduces storage requirements. The 448 limit
on the key size ensures that the every bit of every subkey depends on every bit of the key.
(Note that every bit of P15, P16, P17, and P18 does not affect every bit of the ciphertext, and
that any S-box entry only has a .06 probability of affecting any single ciphertext block.)
The key bits are repeatedly XORed with the digits of pi in the initial P-array to prevent the
following potential attack: Assume that the key bits are not repeated, but instead padded with
zeros to extend it to the length of the P-array. An attacker might find two keys that differ only
in the 64-bit value XORed with P1 and P2 that, using the initial known subkeys, produce the
same encrypted value. If so, he can find two keys that produce all the same subkeys. This is a
highly tempting attack for a malicious key generator.
To prevent this same type of attack, I fixed the initial plaintext value in the subkey-generation
process. There is nothing special about the all-zeros string, but it is important that this value
be fixed.
The subkey-generation algorithm does not assume that the key bits are random. Even highly
correlated key bits, such as an alphanumeric ASCII string with the bit of every byte set to 0,
will produce random subkeys. However, to produce subkeys with the same entropy, a longer
alphanumeric key is required.
The time-consuming subkey-generation process adds considerable complexity for a brute-
force attack. The subkeys are too long to be stored on a massive tape, so they would have to
be generated by a brute-force-cracking machine as required. A total of 522 iterations of the
encryption algorithm are required to test a single key, effectively adding 29 steps to any
brute-force attack.
4.4 Hoffman Code
Cryptology policy deals not only with various technological encryption methods but also
with thorny political and administrative problems. It is a challenge to address these in a timely
and open manner. The problems arise in law enforcement, civil liberties, and export
control policy. They must be confronted if a rational cryptographic policy is to provide
a framework in which technological solutions can operate. 1.0 Introduction the
announcement of the Clipper chip by the U.S. Government in April 1993 set off a
frenzy of discussions about cryptography policy in the computer community. The shock
waves from it ultimately produced front-page treatment in The New York Times, repeated
34
questions to the Vice President of the United States, and a new newsgroup on the Internet
[15].
They also produced a great deal of public discussion about striking the balance between
national security, law enforcement, and civil liberties. As the Global Information
Infrastructure develops, more governments are becoming concerned with communications
privacy and security. This is not a new phenomenon; even before the French revolution
governments were worried about accountability of authors and publication of seditious
materials. In 1993, the scepter of effectively unbreakable cryptography available to
any individual pushed the United States government into launching three interrelated
initiatives: the digital telephony improvement initiative, the Clipper chip key escrow
encryption initiative, and export control reform. The first effectively makes the public
switched telephone network "wiretap - friendly”; the second promotes encryption that
can be broken, under certain conditions, by the government; the third is supposed to
expedite licensing of encryption product exports. We attempt here to present a survey of
the policy issues in a non-ethnocentric manner. However, since the United States has been
the forefront of framing the debate, and since the author has been close to that debate, this
account necessarily will reflect his knowledge. It would be welcome if similar accounts
from other countries were made available. This paper does not examine the technology of
cryptography; readers interested in those issues are referred to. Here, we present a Cook's
Tour of encryption policy, sketching out the general. Landscape and providing pointers
on where to go to get information that is more detailed.
A. The Digital Telephony Initiative was a successful effort by the U.S. Government
to maintain some capability to wiretap in cases where advances in
telecommunications technology could (or had already) outrun law enforcement's
ability to intercept communications in order to enforce laws and protect national
security. Recent legislation passed by the U.S. Congress requires.
Telecommunications carries to ensure that they possess the capability and capacity
toenable the government to isolate and intercept pursuant to authorization by a
court, call dentifying information and the contents of a communication. The
requirements apply only to carries that engage in “the transmission of switching of
wire or electronic communications as a common carrier for hire” They do not
apply to information service providers (the Internet, America Online, Prodigy,
etc.) to private networks, or to PBX. The requirements for obtaining a warrant
prior to the interception have not been changed. Law enforcement cannot
require a carrier to install a port, which can be remotely activated by a law
35
enforcement officer. All taps must be conducted with the intervention of the
carrier (as is the case under current law). The new law authorizes US$ 500 million
to be paid by the government for this retrofitting of the telephone system.
B. The Clipper /Chip Key Escrow Encryption Initiative the key escrow encryption
initiative (popularly known as the “ Clipper plan”’ or just “Clipper”) is a US
Government attempt to protect communications against industrial espionage and
other compromises while at the same time maintaining the existing capability of
law enforcement and national security agencies to eavesdrop, with a court order,
on suspect communications against industrial espionage and other compromises
while at the same time maintaining the existing capability of law enforcement and
national security agencies to eavesdrop, with a court order, on suspect
communications . When law enforcement or national security agencies are
interested in a person’s communication, they obtain a warrant from the appropriate
issuing authority. They then fax a notification that they have this to two
independent government agencies (currently the Nation; Institute of Standards and
Technology and the Automated Systems Division of the Department of the
Treasury), that then each give up half of the digital key necessary to decrypt the
conversation. When the two half – keys are joined to form the entire key, law
enforcement officials, an then obtain the unit key for the giver chip used in the
communicating telephone and use it to decrypt the conversation (assuming that
telephone has used the Clipper chip in the first place. This so-called “ escrowed
encryption standard “ is encouraged but voluntary in the federal government. Th e
Administration, after looking into potential violations o f the federal government.,
The Administration, after looking into potential violation’s of the US. Constitution
decided not to make it mandatory for private persons. Nevertheless, it clearly
hopes that almost everybody will use this system. Some civil libertarians and out
side observers are concerned that it will become mandatory in the future. Indeed,
FBI director
Louis Freeh has been quoted as stating that he will have to seriously consider
proposing this if public acceptance of Clipper does not increase. No one has
seriously suggested that the algorithm is insecure ( although a method of using it
which negates any value to law enforcement because of a minor design flaw (now
being corrected) made the front page of The New York Times on June 2, 1994) .
But many do not completely trust the key escrow agents. Many suggestions have
been made such as adding a third escrow agent from the private sector, or one
36
from the judicial branch of government, or letting users pick whichever escrow
agents they want or having software manufacturers serve as the escrow agent,
etc. Only recently has the government started seriously looking at some of these
alternatives, possibly due to the cold reception generally accorded Clipper.
Clipper's encryption algorithm, "Skipjack" fits into Capstone, the U.S.
government's long-term project to develop a set of standards for publicly
available cryptography for use in voice and data communications. In one
scenario, the government itself and all private companies doing electronic
business with the government would be required to use capstone, which could all,
are contain on a single computer chip. This would provide economies of scale but
would also force users who wanted "government proof communications to super
encrypt using other commercially available algorithms.
C. Export control reform there is a large and growing collection of encryption
software and hardware available around the world. Software publisher’s
association foreign availability study turned up 870 products in 24 countries.
394 of which are manufactured outside the United States roughly, half of this use
DES. Since with export controls, sales may be (and have been) lost to non U.S.
competitors with stronger encryption packages, one U.S. vendor has actually set
up a completely independent cryptographic development lab overseas from which
crypto products can be exported almost any where, including the United States.
[Insert exhibit 1: countries which encryption products were obtained from,
ART- 34 only recently have export controls been loosened a bit so traveling
business executives can at least take their laptops overseas and encrypt
information using the Data Encryption Standard without violating the export laws
There is some
Congressional interest in abandoning much export controls on encryption,
arguing that the economic needs outweigh the national security needs. The U.S.
Commerce Department is currently studying this issue. They appear to be
convinced of the foreign availability harms U.S. firms 2.0. Key Escrow
Cryptosystems Key escrow systems are those where part or all of the cryptographic
keys are kept "in escrow" by third parties. The keys are released only upon proper
authority to allow some person other than the original sender or receiver to read the
message. The U.S. government is strongly supporting key escrow as a way to
balance the needs for secrecy between communicating persons against the needs of
law enforcement and national security agencies to sometimes read these encrypted
communications (with proper legal authority). U.S. Government key Escrow
37
As of this writing the U.S. Government's initial and only key escrowing
suggestion is the Escrowed Encryption Standard which defines a family of
processors popularly known as Clipper chips. It uses the Skipjack algorithm,
which is classified but has been examined by a non-Government review team;
this team had only a limited time to consider brute force attacks by exhaustive
search, susceptibility to shortcut attacks, and the National Security Agency's
design and evaluation process. Their interim report, the closest thing to technical
evaluation publicity available, concluded that:
1. Under an assumption that the cost of processing power is halved every
eighteen months, it will be 36 years before the cost of breaking SKIPJACK by
exhaustive search will be equal to the cost of breaking the Data Encryption
Standard today. Thus there is no significant risk that SKIPJACK will be
broken by exhaustive search in the next 30-40 years.
2. There is no significant risk that SKIPJACK can be broken through a shortcut
method of attack.
3. While the internal structure of SKIPJACK must be classified in order to
protect law enforcement and national security objective, the strength of
SKIPJACK against a cryptanalytic attack does not depend on the secrecy of
the algorithm. After this report was issued, Blaze described potential
problems with Clipper that this review team failed to mention
including two methods to avoid message interception by the Government
While there are more effective ways of "beating the system " ( like super
encryption ) which are well-know , this paper made front page news in the
New
York times, sending shock waves across some policymakers' radar screens .The
U.S. Government hopes that the Capstone chip, which incorporates several
Government standards including SKIPJACK, will be widely used in both public and
private sectors. It is being installed in "Fortezza" PCMCIA electronic boards and
used for the pre message security protocol (PMSP) program for the security of the
Defense Messaging System. It implements the skipjack algorithm (for bulk data
encryption), the digital signature algorithm as specified in the digital signature
standard, a key exchange algorithm based on a public key exchange, and the
secure hashing algorithm. On July 20.1994 , vice president Gore acknowledged
some of the problems with Clipper and stated that " The clipper chip is an
approved federal standard for telephone communication ands not for computer
network and video networks" that he would like a more versatile, less expensive
system" with key escrow implement able in softer , firmware or hardware, or any
38
combination thereof 'which "would not rely on a classified algorithm" , and that
"there are many severe challenges to developing such system " which " must
permit the use of private-sector key escrows agent as one option. He promised to
reassess the current relatively strict export control licensing regime based on the
results of two government studies to be carried out in 1994 and 1995 .2.2.
Alternatives there are alternatives to Government key Escrow. Micali has patented
a process for building a "fair" cryptosystem that balances the needs of the
Government and those of the public and private sectors (U.S. patent no. 5,27,737
issued 4 January 1994). It appears to cover the Escrowed Encryption Standard
(Clipper) and the U.S. Government has negotiated with him a limited use license for
state and federal law enforcement. Banker's Trust International has proposed a
common key escrow system for government and commerce using unclassified
algorithms, with users having public-private. Trusted I information Systems has
proposed two software-only designs for key escrow systems, one paralleling Clipper
and one an improvement which is likely to be much more palatable to private
organizations The latter is really more properly called a (near-) real-time
emergency access system, since there is noting in escrow and no escrow agent.
The U.S. Government itself is escrow" as opposed to "government key escrow",
and soon, the opportunity will be lost to limit the expansion of incompatible
product-by product solutions. He thinks that if governments continue to "study the
problem", a plethora of cryptographic mechanisms will be put into computing
software , and that this will seriously damage law enforcement and national
security interests [Walker 1995 ]. Should anyone be able to develop and
disseminate encryption technology or should it be "bom classified"? Daffier is
concerned about the effect of a secret cryptographic standard on individual rights
and technology development and on innovation in the computer and
communications industries. He state that the public (not government)
cryptographic community has been the principal source of innovation in
cryptography; he does not want to hobble this innovation. He has urged that all
aspects of Clipper be made public; not only to expose them to public scrutiny but
also to guarantee that once made available as standards they will not be prematurely
withdrawn by an all-powerful agency. He observes that "law, technology, and
economics...must all be kept in harmony if freedom is to be secure" and wants
rights (such as that to have a private conversation) recognized by law to be
supported rather than undermined by technology. The American Civil Liberties
Union (ACLU), reacting to the announcement of the Clipper Chip proposal,
expressed a concern that the rights protected under the First, Fourth, and Fifth
39
Amendments of the L'.S. Constitution (freedom of speech; no unreasonable search
and seizure, warrants with particulars; no self -incrimination or private property
taking) may be violated. They also assert that the present system of export controls
on cryptography is unconstitutional, a point apparently agreed with by an assistant
attorney general in a 1978 government memo. Froomkin sees the issue as less
clear, however. As he points out, the rights of private noncommercial users appear
to be a distressingly close question given the current state of civil rights doctrine
and the great importance that the courts give to law enforcement and national
security". To show that public welfare may indeed be threatened by too much and
too good cryptography available to the general public, we present an example of
the criminal sophistication that is possible with today's technology: the
undetectable electronic crime. This is provided in a mathematical formulation in
about a page by. The reader, and the populace, will have to judge whether the
scepter of enough of these is so likely and so threatening that diminution of some
other civil liberties is warranted. Because of these concerns, a bill was introduced in
the 1994 U.S. Congress to regulate "voluntary encryption standards" for privacy,
security, and authenticity of domestic and international electronic
communications. Its key features include:- the Secretary of Commerce will establish
an Encryption Standards and Procedures Program conducted by the director of the
National Institute of Standards and Technology. The Secretary will be authorized
to conduct research, make grants, and enter into agreements. • Any encryption
standard put forward by the Secretary shall meet the following requirements: ensure
confidentiality, integrity, or authenticity of electronic communications; advance
the development of the National Information Infrastructure (Nil); contribute to
public safety and national security; preserve existing privacy rights: preserve the
functional ability of government to interpret electronic information lawfully
obtained; be implement able in software, firmware, or hardware.
Standards shall be developed in consultation with the Attorney General, the
Federal Bureau of Investigation, the National Security Agency, and other federal
agencies. The Computer System Security and Privacy Advisory Board shall
review any standard before issuance.
Nothing in [this act] shall be construed to require the use of such standards.
Key escrow agents may be established by the president. Each escrow agent will
be a
federal agency that is competent to the administer the program and is not a federal
agency authorized by law to conduct electronic surveillance.
The key escrow agent may only disclose the keys to an authorized
40
government entity and that entity may only use the keys for the purpose
expressly provided for in the court order. Foreign entities may have access to the
keys if the President determines that it would be in the national security interests
of the United States.
The Secretary of Commerce shall conduct a public hearing every three years on
the
program and the submit a report to Congress. The Electronic Privacy Information
Center of Washington welcomed his first attempt to "bring encryption standards
setting under the rule of law", but proposed several changes including improving
citizen privacy by either creating a privacy agency or by taking away the special
status for pre-issuance review of proposed encryption standards the FBI, NSA,
and the Attorney General have under this draft; providing a proper and public risk
assessment of the government's key escrow policy; and transferring key escrow
responsibility from the executive branch to the judicial branch of government so
that the regulators report to different persons than the regulated. 4.0 Export
policy: Prudent Controls in a Risky World? The United States Government
continues to impose rigid controls on the export of encryption software and
hardware products, despite evidence that the policies governing the issuing of
export licenses inhibit U.S. businesses' ability to compete in the foreign
marketplace - a marketplace that already offers encryption software and hardware
the incorporates the vary standards the U.S. businesses cannot export because of
export controls. Exports of cryptographic software and hardware are controlled by
the U.S. Department of State and the U.S. Department of Commerce. The State
Department uses the International Traffic in Arms Regulations (ITAR) which
include the "Munitions List"; this list enumerates munitions material for which
export licensing is required; encryption materials are included in Category XIII.
4.5 RC2 (r) Encryption
This memo is an RSA Laboratories Technical Note. It is meant for informational use by the
Internet community. This memo describes a conventional (secret-key) block encryption
algorithm, called RC2, which may be considered as a proposal for a DES replacement. The
input and output block sizes are 64 bits each. The key size is variable, from one byte up to
128 bytes, although the current implementation uses eight bytes. The algorithm is
designed to be implement on 16-bit microprocessors. On an IBM AT, the encryption runs
about twice as fast as DES (assuming that key expansion has been done).
41
4.5.1 Algorithm Description
We use the term "word "to denote a 16 -bit quantity. The symbol + will denote twos-
complement addition. The symbol & will denote the bitwise "and" operation. The term
XOR will denote the bitwise "exclusive-or operation .The symbol ~ will denote bitwise
complement. The symbol A will denote the exponentiation operation. The term MOD will
denote the modulo operation there are three separate algorithms involved Key expansion.
This takes a (variable - length) input key and produces and expanded key consisting of 64
words k[0], ... k [63 ].
Encryption. This takes a 64 bit input quantity stored in words R [o], ..., R[3] and
encrypts it "in Place" (the result is left in R[0],....,R[3]. Decryption. The inverse
operation to encryption.
4.5.2 Key Expansion
Since we will be dealing with eight-bit byte operations well as 16 -bit word
operations. We will use two alternative notations for referring to the key buffer: For word
operations, We will refer to the positions of the buffer as k [o]...k [63]; each k[I] is a 16
-bit word . For byte operations, we will refer to the buffer as L[0], ....L[127] ;each L[I]
is an eight-bit byte. These are alternative views of the same data buffer, at all times it will
be true that k[I]= L[2*I] +256*L[2*I+1] . (Note that the low-order byte of each k word is
given before the high-order byte.) We will assume that exactly T bytes of key are
supplied, for some T in the range l<=T<=128.(Our current implementation uses T = 8.)
regardless of T , the algorithm has a maximum effective key length in bits, denoted Tl.
That is ,the search space is 2A (8*T), OR 2AT1 , whichever is smaller The purpose of the
key-expansion algorithm is to modify the key buffer so that each bit of the expanded key
depends in a complicated way on every bit of the supplied input key .The key expansion
algorithm being by placing the supplied T -byte key into bytes L[0],..., L[T-l]of the key
buffer . The key expansion algorithm then computes the effective key length in bytes T8
and a mask TM based on the effective key length in bits T1. It uses the following
operations.
T8=(Tl+7)/8;
TM =255 MOD2A(8^TI-8*T8);
Thus TM has its 8-(8*T8-T1) least significant bits set. For example, with an effective key
length of 64 bits, Tl=64, T8 =8 AND TM=Oxff.With an effective key length of 63 bits,
Tl=63, T8=8 AND TM=0x7f. Here PITABLE [O],...PITABLE[255] is an array of
"random" bytes based on the digits of PI=3.141599... More precisely, the array PITABLE
is a random permutation of the values 0... 255. Here is the PITABLE in hexadecimal
notation:
42
0 1 2 3 4 5 6 7 8 9 a b c d e f
00: d9 78 f9 c4 19 dd b5 ed 28 e9 fd 79 4a a0 d8 9d
10:c6 7e 37 83 2b 76 53 8e 62 4c 64 88 44 8b fb a2
20:17 9a 59 f5 87 b3 4f 13 61 45 6d 8d 09 81 7d 32
30:bd 8f 40 eb 86 b7 7b 0b fl) 95 21 22 5c 6b 4e 82
40: 54 d6 65 93 ce 60 b2 lc 73 56 c014 a7 8c fl dc
50:12 75 ca If 3b be e4 dl 42 3d d4 30 a3 3c b6 26
60: 6f bf 0e da 46 69 07 57 27 f2 Id 9b be 94 43 03
70: f8 11 c7 f6 90 ef 3e e7 06 c3 d5 2f c8 66 le d7
80:08 e8 ea de 80 52 ee f7 84 aa 72 ac 35 4d 6a 2a
90: 96 la d2 71 5a 15 49 74 4b 9f d0 5e 04 18 a4 ec
a0:c2e04l 6e0f51 cbcc24 91 af50alf4 70 39
b0:99 7c 3a 85 23 b8 b4 7a fc 02 36 5b 2555 97 31
c0 :2d 5d fa 98 e3 8a 92 ae 05 df 29 10 67 6c ba c9
d0: d3 00 ec cf el 9e a8 2c 63 1601 3f 58 e2 89 a9
e0:0d 38 34 1b ab 33 ff b0 bb 48 0c 5f b9 bl cd 2e
f0: c5 f3 db 47 e5 a5 9c 77 0a a6 20 68 fe 7f cl ad
The key expansion operation consists of the following two loops and intermediate
step :
For i=T.T+l... 127 do
L[i]=PILABLE [L[i-1 ]+L[i-T]] ;
L[128-T8] =PITABLE [L[128-T8]&TM];
Foei=127-T8, ...Odo
L [i]=PITABLE [L[i+1]XOR L[i+T8]];
(In this first loop, the addition of L[i-1] and L[i-T]is performed modulo 256.) The
"effective key" consists of the values L[128-T8],..., L[127]. The intermediate step's
bitwise" and" operation reduces the search space for L[128-T8] so that the effective
number of key bits is Tl. The expanded key depends only on the effective key bits,
regardless of the supplied key k. Since the expanded key is not it self modified during
encryption or decryption, as a pragmatic matter one can expand the key just once when
encrypting or decrypting a large block of data 3. Encryption algorithm the encryption
operation is defined in terms of primitive "mix" and "mash" operations. Here the expression
"x rol k" denotes the 16 -bit word x rotated left by k bits, with the bits shifted out the top
end entering the bottom end. Mix up R[i]
The primitive "Mix up R[i]"operation is defined as follows, where s[0] is 1 , s[l] is 2 ,s[3]
is 3 and s[3] is 5, and where the indices of the array R are always to be considered
43
"modulo 4", so that R[i-I] refers to R[3] if i is 0 ( these values are "wrapped around" so
that R always has a subscript in the range o to 3 inclusive ):
R[i] = R[I]+K[j]+(R[i-1]&R[I-2])+((~R[I-1]&R[I-3]
j =j+1
R[I]=R[I]rol s[I];
In words: the next key word k(j] is added to R[i] ,and j is advanced. Then R[i-1] is used to
create a "composite" word which is added to R[i].The composite word is identical with
R[i-2] in those positions where R[i-1] is one, and identical to R[i-3] in those positions
where R[i-1] is zero . Then R[i] is rotated left by s[i] bits (bits rotated out the left end of
R[i] are brought back in at the right). Here j is a "global" variable so that k[j] is always
the first key word in the expanded key which has not yet been used in a "mix" operation.
4.5.3 Mixing Round
A" mixing round" consists of the following operations:
Mix up R[0]
MixupR[l]
Mix up R[2]
Mix up R[3]
4.5.4 Mash R(i)
The primitive "Mash R[i]" operation is defined as follows the previous conventions
regarding subscripts for R):
R[i]=R[i]+k[R[i-l]&63];
In words: R[i] is "mashed " by adding to it one of the words of the expanded key.
The key word.Io be used is deter mined by looking at the low- order six bits of R[i-1],
and using that as an index into the key array k .
4.5.5 Mashing Round
A "mashing round" consists of ;
Mash R[0]
Mash R[l]
Mash R[2]
Mash R[3]
4.5.6 Encryption Operation
The inter encryption operation can now be described as follows. Here j is a global
integer variable which affected by the mixing operation.
44
1. Initialize words R[0], ...R[3] to contain the 64 bit input value .
2. Expand the key, so that words k[0],...k[63] become defined
3. Initialize j to zero
4. Perform five mixing rounds.
5. Perform one mashing round.
6. Perform six mixing rounds
7. Perform one mashing round.
8. Perform five mixing rounds.
Note that each mixing round uses four key words, and that there are 16 mixing rounds
altogether, so that each key word is used exactly once in a mixing round . The mashing
rounds will refer to up to eight of the key words in a data- dependent manner. There may
be repetitions and the actual set of words referred to will vary from encryption to
encryption.
4.5.7 Decryption Algorithm
The decryption operation is defined in terms of primitive operations that undo the "mix"
and "mash" operations of the encryption algorithm. They are named "r-mix" and "r-
mash"(r-denotes the reverse operation). Here the expression "x ror k" denotes the 16 -bit
word x rotated right by k bits, with the bits shifted out the bottom end entering the top
end.
4.5.7.1 R-Mix Up R[i]
The primitive "r-Mix up R[i]" operation is defined as follows, where s[o]is 1 .s[l] is 2.
S[2] is 3, and s[3]is 5 , and where the indices of the array Rare always to be
considered "modulo 4",so that R[i-l]refers to R[3]if I is 0 these values are "wrapped
around" so that R always has a subscript in the range 0 to 3 inclusive):
R[i] = R[i] ror s[i];
R[i] =R[i] – k[j] –(R[i-1]&R[i-2])- ((~R[i-1])&R[i-3]);
J= j-1;
In words R[i ] is rotated right by s[i] bits (bits rotated out the right end of R[i] are brought
back in at the left). Here is a "global" variable so that K [j] is always the key word with
greatest index in the expanded key, which has not yet been used in a "r-mix" operation.
The key word K [j] is subtracted from R[i], and j is decremented. R[i-1] is used to create a
"composite" word which is subtracted from R[i]. The composite word is identical with R [i-
2] in those positions where R [i-1] is one, and identical to R[i-3] in those positions where
R[i-1] is zero.
45
4.5.7.2 R-Mixing Round
An "r-mixing round" consists of the following operations:
Mix up R[3]
Mix up R[2]
MixupR[l]
Mix up R [0]
4.5.7.3 R-Mash R [i]
The primitive "R-Mash R [i]" operation is defined as follows (using the previous
Conventions regarding subscripts for R):
R [i]=R [i]-k[R [i-l]&63];
In words: R [i] is "r-mashed" subtracting from to it one of the words of the expanded
Key. The key word to be used is determined by looking at the low-order six bits of
R [i-1], and using that as an index into the key array k .
4.5.7.4 R-Mashing Round
An "r-mashing round" consists of:
R-mash R [3]
R-mash R [2]
R-mash R [1]
R-mash R [0]
4.5.7.5 Decryption Operation
The inter decryption operation can now be described as follows. Here j is a
global integer variable, which affected by the mixing operation.
I. Initialize words R [0], ...R [3] to contain the 64-bit cipher text value.
2. Expand the key, so that words k [0],...k[63] become defined
3. Initialize j to 63
4. Perform five r-mixing rounds
5. Perform one r- mashing round.
6. Perform six r-mixing rounds
7. Perform one r- mashing round.
8. Perform five mixing r-rounds
4.5.8 Test Vectors
Test vectors for encryption with RC2 provided below.
All quantities are given in hexadecimal notation.
Key length (bytes) =8
46
Effective key length (bits)=63
Key =00000000 00000000
Plain text 00000000 00000000
Ciphertext =ebb773f993278eff
Key length (bytes) =8
Effective key length (bits)=64
Key =ffffffifff ffiffffff
Plain text = ffffffff fffffffff
Ciphertext =278b27e42e2fod49
Key length (bytes) =8
Effective key length (bits)=64
Key =30000000 00000000
Plain text = 10000000 00000001
Ciphertext =30649edf9be7d2c2
Key length (bytes) = 1
Effective key length (bits)=64
Key = 88
Plain text = 00000000 00000000
Ciphertext =61 a8a244adaccfo
Key length (bytes) =7
Effective key length(bits)=64
Key -88bca90e90875a
Plain text = 00000000 00000000
Ciphertext -6ccf4308974c267f
Key length (bytes) = 16
Effective key length(bits)=64
Key=88bca90e90875a7f9c384627baft>2
Plain text= 00000000 00000000
Ciphertext-1a807d272bbe5db1
Key length (bytes) =16
Effective key length(bits)=128
47
Key=88bca90e90875a7f9c384627bafb2
Plain text="00000000 00000000
Ciphertext =2269552ab0f85ca6
Key length (bytes) =33
Effective key length (bits)=l 29
Key=88bca90e90875a7f9c384627baib27bafb216f80a6fi85920584 C42fcebobe255dafle
Plain text = 00000000 00000000
Ciphertext =5b78d3a43dffflfl
4.5.9 RC2 Algorithm Object Identifier
The Object identifier for RC2 in cipher block chaining mode is re
2CBE OBJECT IDENTIFIER
!!={ISO (1) member-body (2) US (840) rsadsi (113549)
Encryption Algorithm (3) (2)}
RC2-CBC takes parameters
RC2-CBC Parameter!!=CHOICE {
Iv Iv,
params SEQUENCE {
Version RC
}
}
Where
IV::=OCTETSTRING—8 Octets
RC2Version::=INTEGER—1-1024
RC2 in CBC mode has two Parameters, an 8-byte initialization vector (IV) and a
Version number in the range 1-1024 which specifies in a roundabout manner the
Number of effective key bits to be used for the RC2 encryption/decryption The
Correspondence between effective key bits and version number is as follows.
1. If the number EKB of effective key bits is in the range
1-255, then the version number is given by Table[EKB],Where the 256-byte
translation table [] is specified below. TableQspecifies a permutation on the
numbers 0-255; note that it is not the same table that appears in the key
expansion phase of RC2.
2. If the number EKB of effective key bits is in the range 25-1124 then the
version number is simply EKB.
48
The default number of effective key bits for RC2 is 32.If RC2-CBC is being
performed with 32 effective key bits ,the parameters should be supplied as a simple
IV, rather than as a SEQUENCE containing a version and an IV.
0 12 3 4 5 6 7 8 9 a b c d e f
0 0: b d 5 6 e a f 2 a 2 f l a c 2 a b 0 9 3 d l 9 c I b 3 3 f d d 0
10:30 04b6dc7ddf 32 4 b f 7cb459b31 bb21 5a
2 0 : 4 1 9 f e l d 9 4 a 9 e d a a 0 6 8 2 c c 3 3 2 7 5 f 8 0 3 6
3 0 : 3 e e e f b 9 5 l a f e c e a 8 3 a 9 1 3 f 0 a 6 3 f d 8 0 c
4 0 : 7 8 2 4 a f 2 3 5 2 c l 6 7 1 7 £ 5 6 6 9 0 e 7 e 8 0 7 b 8 6 0
5 0 . 4 8 e 6 l e 5 3 £ 3 9 2 a 4 7 2 8 c 0 8 1 5 6 e 8 6 0 0 8 4 f a
6 0 : f 4 7 f 8 a 4 2 1 9 f t d b c d 1 4 8 d 5 0 1 2 b a 3 c 0 6 4 e
7 0 : e c b 3 3 5 1 1 a l 8 8 8 e 2 b 9 4 9 9 b 7 7 1 7 4 d 3 e 4 b f
8 0 : 3 a d e 9 6 0 e b e 0 a e d 7 7 f c 3 7 6 b 0 3 7 9 8 9 6 2 c 6
9 0 : d 7 c 0 d 2 7 c 6 a 8 b 2 2 a 3 5 b 0 5 5 d 0 2 7 5 d 5 6 1 e 3
A 0 : 1 8 8 f 5 5 5 1 a d I f 0 b 5 e 8 5 e 5 c 2 5 7 6 3 c a 3 d 6 c
B 0 : b 4 c 5 c c 7 0 b 2 9 1 5 9 0 d 4 7 2 0 c 8 4 f 5 8 e 0 0 1 e 2
C 0 : 1 6 3 8 c 4 6 f 3 b 0 f 6 5 4 6 b e 7 e 2 d 7 b 8 2 f 9 4 0 b 5
D 0 : I d 7 3 f 8 e b 2 6 c 7 8 7 9 7 2 5 5 4 b l 2 8 a a 9 8 9 d a 5
e 0 : 6 4 6 d 7 a d 4 1 0 8 1 4 4 e f 4 9 d 6 a e 2 e d d 7 6 5 c 2 f
f l :: a 7 1 c c 9 0 9 6 9 9 a 8 3 c f 2 9 3 9 b 9 e 9 4 c f f a b
49
CHAPTER 5
Present Works
5.1 Introduction
The amount of visual information available in digital format has grown exponentially in
recent years. Retrieving particular images in a way that is both effective and efficient remains
an open problem [16]. With the further development of multimedia technologies and the rapid
spread of computer networks [17,18], the rapid development of computer communication and
the Internet makes it very easy to loose exchange data via networks [19].
It is described image encryption by cipher block [20] and ECKBA [21].
Internet and wireless networks offer powerful channels to deliver and exchange images. The
increase popularity of image exchange places a great demand on efficient image storage and
transmission techniques. Sensitive and confidential information is vulnerable to various kinds
of misuse when data in or transmitted to/from computer system, then the development of
secure management usage of digital images becomes one of the important applications in
image processing.
The wide use of digital images and videos in various applications brings serious attention to
the security and privacy issues today. Many different encryption algorithms have been issues
today. Many different encryption algorithms have been proposed in recent years as possible
solutions to the production of digital images and videos. Security of digital imagery is gaining
in importance and is necessary to enable the e-commerce of digital imagery [22,23].
Today, there are many powerful cryptographic algorithms in the marketplace for text data.
These algorithms be be not suitable for image [24], due to the relatively huge size of the
image data and the relationships between the pixels, the value of any given pixel can be
reasonably predicted from the value its neighbors [25]. The proposed method will overcome
the size problem. It will be same size of input image and encrypted image.
5.2 Enhanced 1-D Chaotic Key-Based Algorithm for Image Encryption
5.2.1 Introduction
In the past few years, a number of image encryption algorithms based on chaotic maps have
been proposed. A recently proposed Chaotic-Key Based Algorithm (CKBA) is based on a
one-dimensional Logistic map. However, it has been shown that the current CKBA model is
50
unavoidably susceptible to chosen/known-plaintext attacks, and that the high security claims
against ciphertext-only attack were overestimated by the authors. In addition, the chaotic
Logistic map yields unbalanced output. In this paper we enhance the CKBA algorithm three-
fold: (1) In this article change the 1-D chaotic Logistic map to a piecewise linear chaotic map
(PWLCM) to improve the balance property, (2) Increase the key size to 128 bits, and (3) Add
two more cryptographic primitives and extend the scheme to operate on multiple rounds so
that the chosen/known-plaintext attacks are no longer possible. The new cipher has much
stronger security and its performance characteristics remain very good. A security analysis for
the proposed system is performed and presented.
5.2.2 Procedure
Let I be an M_N image with b-byte pixel values, where a pixel value is denoted by I(i), 0 < i
< M*N*b, scanned in the raster order. Let Cµ be a one-dimensional chaotic map with a real
coefficient obtained by normalizing a 32-bit integer µI32 to a chaotic interval. Let x(0) be the
initial condition for Cµ obtained by normalizing a 32-bit integer x(0)I32 to a point range
de_ned for Cµ. For a given n-bit segment x, let l(x) denote its low significant half and h(x) its
high significant half. In addition, we define an S-box transformation σr and its inverse σr -1
as
follows:
where u and v are two bytes. Finally, let πi, 0 <= i<= < 8! be a permutation of degree 8 whose
index in the full symmetric group S8 sorted in lexicographical cartesian order is i. Without
loss of generality assume that 4|r and r|MNb, where r species the number of rounds. The
proposed encryption scheme is realized by algorithm. In the algorithm we make use of the
following notation: if xI32 denotes a 32-bit integer variable, then x automatically denotes its
normalized floating-point representation that corresponds to the relevant real interval, and
vice versa. Algorithm 1 transforms an image I using an SP-network generated by a one-
dimensional chaotic map and a 128-bit secret key. The algorithm performs r rounds of an SP-
network
Algorithm transforms an image I using an SP-network generated by a one-dimensional
chaotic map and a 128-bit secret key. The algorithm performs r rounds of an SP-network on
each pixel. Lines 10-30 are used to generate two pseudo random (chaotic) sequences {x} and
51
{y} that are respectively used in the substitution step in line 33 and a permutation step in line
34. In lines 11-14 the next iteration of the chaotic map is controlled using the previous cipher-
block, which improves the resistance against both linear and differential cryptanalysis. In
addition to this, line 31 of the algorithm implements a cipherblock chaining (CBC) encryption
mode. To decrypt an encrypted image, one has to perform the sequence of inverse
transformations. The decryption algorithm differs very little from the encryption algorithm.
5.2.3 Security Analysis
A. The Key Space: In ECKBA, the key space is vastly increased. Namely, the Algorithm
works with a 128-bit secret key, as opposed to the original CKBA which works with a limited
32-bit secret key. By today's standards, a key of at least 64 bits, and preferably of 128 bits or
256 bits is required for symmetric-key cryptosystems. The white-box analysis of CKBA from
reveals that its actual key-size is log2(224
*70) bits, which enumerates to about 30 bits. Since
the ECKBA scheme does not have any limitations on the secret key, the key space is 128 bits.
Therefore, a ciphertext-only attack based on exhaustive key search (brute-force attack) is not
feasible.
B. Logistic map vs. PWLCM: Since the pseudo-random output of a one-dimensional chaotic
map is used for both confusion and diffusion, we need a map with better statistical properties.
In the ECKBA framework, it is particularly desired that the chosen chaotic map satisfy the
balance property (or uniformity). That is, the number of zeros and ones in both of the output
sequences {x} and {y} must be roughly equal for large sample sizes. In addition, the map
must also have sufficiently large periodicity. In chaos literature, it is well known that the
Logistic map has a non-uniform invariant density function, that is, it has a poor balance
property. On the other hand, the PWLCM map has a uniform invariant density function and
resembles a much better uniformity. The experiments further confirm that PWLCM have
much better balance property in comparison tothe Logistic map.
C. SP-Network of ECKBA: By introducing the multi-round iteration, an S-box with two
primitives, and the variable permutation component in the encryption process.
5.3 RSA
5.3.1 Introduction
RSA is a Public key algorithm invented in 1977 by Ron Rivest, Adi Shamir and Leonard
Adleman. It Supports Encryption and Digital Signatures. It is most widely used public key
algorithm. It gets its security from integer factorization problem. This algorithm is relatively
easy to understand and implement.
52
5.3.2 RSA Security
a) RSA gets its security from factorization problem. Difficulty of factoring large numbers is
the basis of security of RSA. Over 1000 bits long numbers are used.
b) Integer factorization problem (finding number's prime factors):
I Positive integer n, find its prime factors: n = p1 p2 ... pi where pi is positive
distinct prime number
I Example: 257603 = 41 * 61 * 103
I Factorization algorithms can be used (attempted at least) to factor faster than brute
forcing: Trial division, Pollard's rho, Pollard's p-1, Quadratic sieve, elliptic curve
factorization, Random square factoring, Number field sieve, etc.
5.3.3 RSA Problem
* RSA Problem (RSAP) is also the basis of security of RSA, in addition of factorization
problem. The RSA problem assures the security of the RSA encryption and RSA digital
signatures.
* RSAP: positive integer n, product of two distinct odd primes p and q, a positive relatively
prime integer e of where _
= (p - 1)(q - 1), and an integer c; find an integer msuch that me _
c (mod n).
* The condition of RSA problem assures that there is exactly one unique m in the field.
* RSA problem is believed to be computationally equivalent to integer factorization problem.
5.3.4 RSA Algorithm
Key generation:
Select random prime numbers p and q, and check that p != q
Compute modulus n = pq
Compute phi, Ф= (p - 1) (q - 1)
Select public exponent e, 1 < e < Ф such that gcd(e, Ф) = 1
Compute private exponent d = e - 1 mod
Public key is {n, e}, private key is d
Encryption: c = me mod n, decryption: m = cd mod n
Digital signature: s = H(m)d mod n, verification: m' = se mod n,
if m' = H(m) signature is correct. H is a publicly known hash function.
53
CHAPTER 6
Proposed Algorithm
6.1 Introduction Data or information encryption is one of the most important applications in transferring
information through the internet and cellular phones, as well as being important in encryption
of the satellite. Here introduced a new algorithm “Information Encryption Zigzag Rule with
Dynamic Block and Key (IEZRDBK)”. Four images and one document files have been
encrypted to test by this method. In this method M bit key is used. Each N bit of M is used to
select block size (in byte) to encrypt. After selecting block, zigzag rule is applied for
encryption. In zigzag rule first bit of selected block is placed at right position, second bit at
left position, third bit at right position another bit at left and so on. Successive key is
generated from previous key and encrypted data. Size of the encrypted files remain same as
input files and required time is very less. Decryption process follows the reverse procedure of
encryption. . If anyone try for cryptanalysis and fail to select key properly, then file format
with information will be changed and not possible to get original file i.e. file will be
corrupted. So this encryption method may be considered to be based on a highly secured
algorithm.
6.2 Zigzag Rule
A line or course that proceeds by sharp turns in alternating directions is known as zigzag rule.
By this rule first bit of selected bytes will be placed in right position. Again second bit will
place in left and third bit will be placed in right position and so on.
6.3 Example of Zigzag Rule Let us select two byte BS= “1010010100101011”
BYTEZigzag=””
First bit of BS=1
It will be placed in BYTEZigzag right position. So BYTEZigzag=”1”
Second bit of BS=0
It will be placed in BYTEZigzag left position. So BYTEZigzag=”01”
Third bit of BS=1
It will be placed in BYTEZigzag right position. So BYTEZigzag=”011”
Forth bit of BS=0
54
It will be placed in BYTEZigzag left position. So BYTEZigzag=”0011”
After placing all bits
BYTEZigzag=”1000110011000111”
BS= “1010010100101011”
By this procedure all bytes of selected image will be converted.
6.4 Key Example
Let KEY=
”10110001010101010101010101010110101011001100100101011010010101010101010101
010101101010110011001001010110100101010101010101010101011010101100110010010
101101001010101010101010101010110101011001100100101011010010101010101010101
0101011010101100110010010101011”
Let byte selector is 3 bit long. So from key first slelect 1012 =510. So 5 bytes will be selected
to encrypt. These bytes will be encrypted by zigzag rule. Then byte selector will select
1002=410. So next 4 bytes will be selected to encrypt By this method whole key will used to
encrypted image.
6.5 Generating successive key
By X-ORing previous M bit of encrypted data to present key, successive key will be
generated.
55
6.6 Flow Chart The flow chart of proposed algorithm is shown in Fig-6.1.
Fig-6.1 Flow Chart
6.7 Algorithm for Encryption
//Input: Image file(IF), Key (K)
//Output: Image file(IF)
Algorithm Encryption(IF,K)
{
Let TF is any temporary image file Name;
While(Not End-Of-File(IF))
Read K-bits From KEY
Convert Equivalent Decimal Number of K-bits as BLOCKSIZE
Read BLOCKSIZE Bytes From Input File As BLOCK
Apply Zigzag Rule to BLOCK
Is Used all
Bits of KEY?
Write BLOCK to Its Original Location
Yes Generate Successive Key
End of File?
Yes
No
End
Start
No
Read Next
K-bits From KEY
56
{
Kb= N bit from K //N=1,2,3…………,M
Convert Kb to decimal equivalent Kd
Read Kd consecutive bytes in BS
BYTEZigzag =ZigzagWrite(BS);
write BYTEZigzag To FF
if all bit of K is read
{
Ki=First 256 bit of IF
K=K X-OR Ki
}
}
Copy TF to Original File
Delete TF
}
Function ZigzagWrite(BS)
{
LeftRight=1;
BYTEZigzag=””;
for(i=0;i<strlen(BS);i++)
{
if(LeftRight==-1)
{
strrev((BYTEZigzag);
strcat(BYTEZigzag, BS[i]);
strrev((BYTEZigzag);
LeftRight= LeftRight*-1;
}
else
strcat(BYTEZigzag, BS[i]);
}
return BYTEZigzag;
57
6.8 Algorithm for Decryption
Decryption algorithm will get by inversing the encryption algorithm.
6.9 Performance Analysis
We analyze by 5 jpg images by this method, Enhanced 1-D Chaotic Key-Based Algorithm for Image Encryption (ECKBA) and RSA. We used Intel(R) Core(TM)2 Dou CPU, E 4600 @2.40 GHz, 2MB of RAM machine. After running the software build in C we get following data shown in Table 6.1..
Table-6.1: Time analysis among ECKBA, IEZRDBK and RSA
Name Size Time in ECKBA (in
second)
Time in IEZRDBK Time in RSA
a.jpg 128*96 0.02 0.000001 0.023
b.jpg 176*144 0.04 0.000003 0.05
c.jpg 256*256 0.12 0.000008 0.20
d.jpg 512*512 0.49 0.000012 0.61
6.10 Compare IEZRDBK over ECKBA and RSA We have analzed and compared proposed algorithm (IEZRDBK) over ECKBA and RSA. The comparison is shown in table 6.2
Table 6.2 Comparison among IEZRDBk, ECKBA and RSA
SL No. Observation IEZRDBK ECKBA RSA
1 Time Very Less Larger than IEZRDBK
Larger than ECKBA
2 Permutation Needed No Needed Needed
3 Key Dynamic Dynamic Dynamic
4 Key Size Dynamic Static Static
5 Security Very High Lower than IEZRDBK
High
6 Digital signature Not Needed Not Needed Needed
7 Time for Cryptanalysis Near Infinity Less More
6.11 Testing various files We have tested 4 JPG and one doc files by our created software. The view after running software is shown in Fig-6.2(a) and 6.3(b)
58
File Name (JPG)
Original File (JPG)
Encrypted File Decrypted File (JPG)
Blue hills
Not viewed
Water lilies
Not viewed
Winter
Not viewed
Sunset
Not viewed
Fig-6.2(a) Testing JPG Files
If we want to encrypt doc file then
Original File: DUET.doc Encrypted file Decrypted file
Fig-6.2(b): Testing Document File
59
6.12 Depth of Encryption
In this algorithm lower level encryption is used and any file can able to encrypt. Its key
length is M and if any one tried to get it i.e. cryptanalysis, 2M operations is required, 2N
operations is required to select N bit, if input image file is S bit then 2S operation is needed.
To select N bit from M, MCN operation is needed. So total 2M*2N*2S*MCN operation is needed.
If computer operates 1012 operations/Second, then 2M*2N*2S*MCN /( 1012 * 60*60*24*356)
years is needed for cryptanalysis which is a very large time. If anyone try for cryptanalysis
and fail to select key properly, then file format with information will be changed and never
not possible to get original file i.e. file will be corrupted. So it is a highly secured algorithm.
6.13 Time Calculation to Encrypt or Decrypt
If R second is needed to read and W second to write and Z second to process, then total R+W+Z seconds is needed to complete encryption or decryption process.
6.14 Limitations
Also this algorithm is simple but very effective, it has some limitations. 1. Developed software most have to available to both sender and receiver. 2. Key has to send to receiver by any other secure channel.
60
CHAPTER 7
Discussion and Conclusion
7.1 Discussion
We have analyzed ECKBA, RSA with this method.RSA is a very nice encryption technique.
But it suffers from static value of position of characters. Moreover it needs a permutation that
makes this method comparatively very hard respect to the proposed method. It takes more
time to encrypt than proposed method. ECKBA covers some problems of RSA. But it steel
needs more time than proposed method to encryption. Key size in ECKBA and RSA is fixed.
But user can select any size of key in proposed method. Security is also very high in proposed
method comparative to ECKBA and RSA. If anyone trys for cryptanalysis and he fails to
select key properly, then the file will be damaged and never can back to the original file.
7.1 Conclusion
In this method it is used a simple but effective technique to encrypt image file. By testing
with software, It is proved that very small amount of time is require to encrypt but very large
amount of time is needed for cryptanalysis. So it is a high performance encryption method.
Decryption algorithm can be made by inversing of encryption.
7.3 Suggestion for further development
For transferring secure files this method is very effective. In future partitioning method can be
developed with this. By changing minor, it method can be upgrade to encrypt sound and
moving picture. Key management is another problem in cryptography. Key management can
be improved in future.
61
References [1] Islam Shariful and Islam Md. Saiful. , “Network Security: A glbal imperative in the new
milinium, Procedings of Annual Paper Meet and International Conferenc”e, The Insitution
of Engineers Bangladesh, Electrical Engineering Division, pp. 46-52, 2002.
[2] http://www.infosec.co.uk/ExhibitorLibrary/88/Data_Privacy_in_the_Enterprise_WP_20.pdf
pp. 3-4.
[3] Tanenbaum , S. Andrew, “Computer Networks”, 4th Edition, Pearson, Netherlands, pp. 725
[4] http://www.infosec.co.uk/ExhibitorLibrary/88/Data_Privacy_in_the_Enterprise_WP_20.pdf
pp. 7-8.
[5] Tanenbaum, S. Andrew, “Computer Networks”, 4th Edition, Pearson, Netherlands, pp. 738.
[6] Tanenbaum, S. Andrew, “Computer Networks”, 4th Edition, Pearson, Netherlands, pp. 752.
[7] Tanenbaum, S. Andrew, “Computer Networks”, 4th Edition, Pearson, Netherlands, pp. 764.
[8] Tanenbaum, S. Andrew, “Computer Networks”, 4th Edition, Pearson, Netherlands, pp. 727-729.
[9] RSA Laboratories, Answers to Frequently Asked questions About today's cryptography, Revision 2.0, RSA Data security inc., 5 Oct 1993.
[10] National Bureau of Standards, Data Encryption Standard, U.s Department of commerce, FIPS publication 46 jun 1977.
[11] X.Lai Massey, And s.Murphy, "markov ciphers and Differential cryptanalysis,"Advances in
cryptology- EUROCRYPT 91 proceeding, Springer-Verlag, pp 17-
38, 1991
[12] Biham, and a.shamir , “SSH communications security: Introduction to cryptography”,
Differential cryptanalysis of the Data Encryption standard, mSpringer- Verlag, 1993.
[13] M.Matsui, "Linear cryptanalysis Method for Des Cipher," Advances in cryptology-
CRYPTO 93 proceedinge, Springer-Verlag, pp476-501, 1991.
[13] M.j Weiner, "Efficient DES key Search.", Advances in cryptology—CRYPTO 93 RC
3326, White plains: IBM research.
62
[14] Bruce Schneier, Kahn, David ”The Twofish Encryption AlgorithnrA 128 -Bit block
cipher”.
[15] Lance J. Hoffman “Encryption Policy for the Global Information Infrastructure” 11th
International Conference on Information Security (IFIP/Sec 95), Capetown, South Africa,
9-12 May 1995.
[16] Qiao, Y. L. M. Lu, J. S. Pan and S. H. Sun, “Spline wavelets based texture features for
image”, International Journal of Innovative, Computing, Information & Control, Vol.2,
no.3 pp.653-659, 2006.
[17] Lu, Z. M. and X. W. Liao, “Counterfeiting attacks on two robust watermarking schemes”,
International Journal of Innovative, Computing, Information & Control, Vol.2, no.4 pp.841-
849, 2006.
[18] Zheng, W. M., Z. M. Lu and H. Burkhardt, “Color image retrieval schemes using index
histograms based on various spatial-domain vctor quantizers”, International Journal of
Innovative, Computing, Information & Control, Vol.2, no.6 pp.1317-1327, 2006.
[19] Niu, X., C. Y. Shao and X. T. “Wang, A survey of digital vector map watermarking”,
International Journal of Innovative, Computing, Information & Control, Vol.2, no.6
pp.1301-1317, 2006.
[20] Schneier, B., “Applied Cryptography: Protocols, Algorithms. And Source Code in C”, 2nd
edition, John Wilen & Sons, Inc., 1996.
[21] Daniel Socek, Shujan Li, Spyros S. Magliveras, “Borko Furht”. Center for Cryptograpy and
information security.
[22] Li, S., . Chen, A. Cheung, B. Bhargava and K. T. Lo, “On the design of perceptual MPEG-
video encryption algorithms”, IEEE Trans. Cls., vol.2, no-31, pp.1014-1023,2006.
[23] Apostolopoulos, J., S. Wee, F. Dufaux, T. Ebrahimi, Q. Sun and Z. Zhang, “The emerging
JPEG-2000 security (JPEGC) standard Proc. Of the IEEE ISCAS”, International
Symposium on Circuits and Systems, Greece, 2006.