 So, the first thing I would like is a disclaimer, I am not claiming that cryptography is the answer to every problem on earth. Whoever thinks this problem can be solved using cryptography does not understand this problem and then does not understand cryptography. So, be very careful any security problem you say let us deploy cryptography that makes no sense understand clearly what is the problem before you say that it should have a cryptographic solution there are many non cryptographic solutions to security. So, be careful ok. So, cryptography is dealt with in many chapters of this book in particular 4, 5, 6, 8 and 9 and also in chapter 7 which deals with the cryptographic hash. So, let us look at some of these things because they are really important they are the sort of building blocks of many security system, but not all of them. Cryptography is a science of disguising messages. So, that only the intended recipient can decipher the received message. The sender transforms the message of plain text into ciphertext a process referred to as encryption and the reverse process of converting the ciphertext back to the plain text is referred to as decryption. So, you can think of encryption as being a function the encryption function this p is the plain text. So, you apply the encryption function on the plain text with a key little e and you get the ciphertext and at the receiver side you take the ciphertext and you apply the decryption function with little d the decryption key and you get back the plain text. So, these are the this is the notation. So, this is the plain text, this is the ciphertext, this is the encryption function and the little e is the encryption key. Again this d is the decryption function and the little d is the decryption key. Now, there are two types of cryptography as you probably already know one is symmetric key cryptography. So, called symmetric because e is the same thing as d the same value. So, both the sender and the receiver must know this value to encrypt and decrypt. Also called secret key cryptography and there are many well known algorithms for this including data encryption standard DES, AES, advanced encryption standard, RC4, IDEA, Blowfish and so on and so forth. So, many things that are in use even today. A user wishes to communicate with n other persons who have to maintain a total of n separate secret keys one per user he wishes to communicate with. So, this is the feature of secret key cryptography. So, if I am over here and there are n other people then for each person for communicating with each of those individuals I need to have a separate secret key. So, that only he and I share that key and nobody else can encrypt or decrypt messages that go between us. So, now this is a hassle because I have to maintain n such keys can we think of a better scheme and the answer is yes and that is public key cryptography. So, the encryption key e is public. So, whoever wants to encrypt a message to send to me must know my public key e and then I and only I can decrypt the message because I have the corresponding I have knowledge of the corresponding private key d the decryption key which is mathematically related to this e. So, examples of public key cryptography are RSA and ECC. So, this is covered in chapter 6 and this is covered in chapter 9. Now obviously, there are these two things secret key cryptography and public key cryptography a sensible question is what is the advantage of one over the other. So, as I mentioned before in the case of secret key cryptography or symmetric key cryptography the problem is that every person has to maintain n secrets one per entity he wishes to communicate with. So, there is this problem of key management on the other hand in the case of public key cryptography all I need is my public key private key pair in particular I only need to maintain this thing very safely and very securely. So, this is in the case of public key cryptography, but obviously something tells us there must be some disadvantage of public key cryptography and that disadvantage is that it is much slower compared to secret key cryptography orders of magnitude perhaps about a thousand times slower than secret key cryptography. So, the obvious question is can we combine these two public key and secret key cryptography to get the advantages of both. So, how do we actually do that. So, what is the problem the problem is a is got a message m and he wants to send that to b. So, that only b can read it. So, what does a do a takes the message. So, before even takes this message he generates a random key k which is just a session key he just uses this k for the duration of a session. So, he chooses this random number k encrypts the message m using that key k and this encryption is secret key encryption. Once again generates a random number k which is used as the key to encrypt m using secret key cryptography and this thing is then send together with this. So, the key k is encrypted with b is public key. So, I am assuming that a wants to send a message to b and that a knows b is public key. So, a will take b is public key and encrypt the key itself with b is public key. So, now you have this thing done and this uses public key crypto. So, what is the advantage of this? One thing that I could have done is I could have taken the message m and I could have encrypted the entire thing using b is public key. So, this is one alternative. So, this versus this let us see the advantage of this over this. If I took the message and encrypted it with b is public key then to decrypt this message it can be decrypted only by b, b would have to use b is private key. The problem is that this message might be say hundreds of kilobytes and that would take a long time because this uses exclusively public key cryptography. So, it will take a long time. So, look at the idea the idea is instead of using this use this. Now over here I have generated this session key k, I have encrypted the message with that thing. So, the message is kilobytes long and because secret key is much more efficient compared to public key cryptography it does not take me that much time to do this. On the other hand I also have to use public key cryptography, but I am only encrypting the key. So, what is the key size? So, typically the key size would be something like 128 bits if I am using secret key crypto. So, this thing does not take me much time neither does this because I am using secret key cryptography over here. So, notice what I am doing I am sending this thing together with this thing and I am using both secret key cryptography and public key cryptography. When the receiver receives this message that contains this part of the message and this part what should he do? He should take this thing and decrypt it using his private key to get the secret key k and then use the secret key to decrypt this psychotext. So, here I get the advantages of both key management as well as speed ok. So, with that brief introduction let us now go to these two terms that are used very commonly and that are the building blocks of elementary ciphers. So, the elementary ciphers that we are talking about the building blocks of most secret key ciphers substitution boxes and transposition boxes let us see what these things mean. So, the best examples of the simplest examples are the so called Caesar cipher and the beginner and hill cipher. So, for simplicity we will talk about the Caesar cipher here and differ this to some other time the beginner and the hill cipher. So, what is the Caesar cipher most of you have already seen this and it is basically a substitution cipher. So, very simple example replaces each alphabet in plain text by an alphabet k positions away in the modulo 26 sense. So, for example, if k is equal to 3 the substitutions are substitute the cipher text D for A. So, this is the plain text A and you substitute for D substitute E for B and so on and so forth. So, what is your name becomes you take W and you you take 3 alphabets ahead of W which is Z H 3 alphabets ahead is k and so on and so forth. So, this is the cipher text corresponding to the plain text what is your name. Now, it is very obvious what you do to decrypt it to decrypt it you just go 3 alphabets behind. So, what is the key in this case the key is the number 3 it tells me that to encrypt I use the alphabet 3 units ahead and to decrypt I use the alphabet 3 units behind a very simple cipher. The reason I brought this up is because this is the simplest example of a substitution cipher. Now, obviously, whenever we talk about some mechanism in security the next question is can we attack this. So, is it possible to attack this of course, I am sure you will all see this by observing large amounts of cipher text we may be able to guess the plain text. Now, the reason for that is because I can look at some statistical properties of say the English language typically have certain properties for example, in English the alphabet that is most common you expect the vowels to be most common. So, in English the E is the most common followed by T A O I N N. So, if I look at the cipher text and I find a large number of occurrences of the character say X I suspect that the X came from one of these. Then I look and see which is the next most prominent character say the next most prominent is P then again I suspect that P is one of these and I put all these facts together and then I am able to decrypt it. So, the key over here is to use the statistical properties of human language reducing plain text from only knowledge of the corresponding cipher text. So, notice that I only looked at the cipher text to be able to try to decipher it. So, reducing plain text from only knowledge of the corresponding cipher text is referred to as a known cipher text attack. So, we will skip these they are all in the slides which you have the other building block is the transposition cipher. So, what is this thing? It is basically a rearrangement of characters or bits. So, for example, just as a very good way of doing this imagine that the characters in text are arranged in a matrix and then you shuffle the rows and the columns of this matrix in a predictable fashion and predictable means it is known to the decryption software. Let us take this as plain text begin operation at noon. So, all these characters can be arranged in a matrix like this. So, 5 by 4 matrix and I want to transpose this thing. So, there are different ways in which you can transpose basically you can shuffle the rows followed by shuffling of the columns again you can shuffle the rows and again the columns and so on and so forth. The only thing is that the guy on the other side who receives the shuffle thing should know how you did the shuffling. So, the key basically is the order in which you shuffle the rows and the columns. So, for example, consider this the first kind of transposition is I substitute row 1 for row 3. So, row 1 now goes to row 3 then row 2 goes to row 5. So, this is row 2 is gone to row 5, row 3 is gone to row 2 and so on and so forth. So, I rearrange the rows let us not stop at that let us rearrange the columns. So, column 1 goes to column 4. So, 1 this column has now gone there 2 has gone to 3 and so on and so forth. So, let us suppose I just did one pass of shuffling of the rows and one pass of shuffling of the columns then what I get is I just read out this matrix A T N O and so on and so forth. So, this is the cipher text for the plain text which was 2 slides before begin operation at noon now appears like this and it is very hard for me to tell that this thing came from begin operation at noon unless I have the key. But of course, I can be smarter than that and try to figure out certain bits of certain characters in this by using a known cipher text attack the statistical properties of the English language. I will just end this particular session with the difference between block ciphers and stream ciphers. So, this is a very important differentiation between the two these are both secret key schemes, but some of them for example, extreme ciphers are widely used in wireless communications. Now, with block ciphers the plain text is split into fixed size chunks called blocks and each block is encrypted separately. Typically all the blocks in the plain text are encrypted using the same key. So, that is the feature you have a message say this longer message and then you split the message into blocks. The question is how large should that block be or is it a variable size kind of thing. So, typically it is a fixed size block in the case of AES you can have a block size of 128 or you can have a block size of 192 or 256 you decide on one and then stick with it. So, let us say 128 in the case of RSA the block size is the number of bits used to represent the modulus for example, 1024 or 2048. So, you take the entire message and you split it up the first block of size 128, the next block 128, next block 128 and you encrypt each of those things separately that is the basic idea of a block cipher. And a stream cipher another important kind of cipher over here what happens is these things stream ciphers operate on bits. So, practical stream ciphers typically generate a pseudo random key stream. So, a random stream arbitrary size key stream which is a function of a fixed length key and a per message bit string. So, there are two things that go into creating this arbitrary size bit stream. So, I just generate a very large bit stream that bit stream is a function of two things a per message bit string and a fixed length key that is known to this sender and the receiver. So, the key remains fixed, but this thing keeps varying. So, as a function of both these two things the key stream will be different for each different message. This thing remains fixed from message to message, but this thing varies from message to message. And as a function of both of these things you generate a key stream and what you do once you obtain the key stream you exclusive or the key stream with the original plain text. So, the cipher text is obtained by performing an XOR operation between the plain text and the key stream. So, good example of a stream cipher is RC4 which is used in wireless communications in a wireless LAN for example. The as I mentioned before the building blocks of a secret key cipher are the S box and the P box. What Shannon had shown several decades ago was that you can alternate S boxes and P boxes and you can construct a very powerful cipher as a result of that. Now, the question is what exactly is an S box and what is a P box? S box is basically a substitution box that substitutes that performs a substitution function like the ones that shown you before and a P box is basically a permutation box which performs a transposition. So, transposition or permutation by shuffling around the bits inside the plain text. So, you use an S box then use a P box and then you use a box that performs a simple operation involving a round key. So, there are multiple rounds and you repeat this thing. So, one round is basically something like an S box function P box function and this exclusive or of the resulting bits bit stream and the round key and then you repeat this say 10 times in the case of AES or 16 times in the case of DES and you get a very powerful cipher. So, pictorially a P box looks like this basically you are just shuffling the bits this is the original plain text and you are shuffling it first bit goes over here the second bit goes there and so on and so forth and S box is a little bit more complicated you have a encoder and a decoder. So, the decoder first over here will take 3 bits and split it up into 8 bits and then these 8 bits are shuffled around and then they are finally encoded. So, this is really an S box which is much more complicated than a simple P box. So, here is the cipher the first stage would be P 1 followed by little little substitution boxes and then a P 2 the second stage followed by little little substitution boxes and so on and so forth. So, once again as far as the S box is concerned an S box of substitution box is a device that takes as input a binary string of length m and returns a binary string of length n any kind of substitution for these m bits by n bits would be a substitution function implemented need not be a permutation because after all m and n need not be the same implemented using a table or array of 2 raise to m rows with each row returning an n bit value the input to the S box is used to index the table. So, you have got m inputs and these m inputs function as an index into the table. So, there are 2 raise to m entries into the table and each entry each of those entries is really an n bit entry. So, if you take m bits as input you get as output n bits. So, this is a very simple example where m is equal to n is equal to 3. So, 3 bit input and 3 bit output and 0 0 0 is substituted for itself 0 0 1 for this and so on and so forth. So, this is a very simple substitution box a p box performs a permutation or rearrangement of the bits in the input. So, this is for example, the bits of the plain text and these are the bits of the cipher text then for example, you could implement a simple shift kind of function O 0 this thing is equal to I 3. So, you take this bit and you put it in this position of least significant bit position and I 3 is equal to O 0 O 1 is equal to I 4 and so on and so forth. So, you somehow permute these bits to get the output and the permutation is specified over here. So, this is the example of a permutation or a transposition where you are just shuffling around the bits. Another term that is used very often is a round key each stage around involves a round key operation the round key is obtained as a function of the original key. So, notice once again that every round has at least 3 operation those 3 operations are a substitution a transposition and a round key operation. So, this is the third of these 3 the round key operation and this is a simple example of an SPN network S stands for substitution P is permutation a 3 round substitution permutation network. This first round over here this is a round key operation now here you have a substitution box. So, there are 3 substitution boxes and then you have. So, you take the outputs of all of them and then you shuffle them around. So, this basically implements a transposition then once again you have a round key operation substitution and transposition and so on and so forth you can do this 3 times 4 times 10 times etcetera. So, this is the building block this is a template for a secret key cipher and the building blocks are these S boxes and these permutation boxes. We will now straight away go to this discussion of different operating modes which you will require in the lab. So, when we talk about a secret key cipher there are different modes in which this can be used the most basic is an electronic code book mode then there is a CBC mode the cipher feedback mode output feedback mode and the counter mode. So, we will at least look at 2 or 3 of these the most basic and easy to understand is the electronic code book mode. So, the message is split into fixed length consecutive chunks called blocks and each block is independently encrypted into its corresponding block of cipher text using the same key. So, for a given message as mentioned before you take the message and you chunk it up into fixed length chunks called blocks. So, there is a block P 1 block P 2 which could be for example, 128 bits 128 bits year 128 bits there and so on until the end of the message and then you encrypt it using the same key k this encryption box this could be for example, the AES function and you encrypt it and you get the corresponding blocks of cipher text C 1 C 2 etcetera. So, this is the simple electronic code book mode of operation. Now, as we will see in the lab also for an example the there are some drawbacks of the ECB mode identical blocks of plain text will be encrypt is identical blocks of cipher text. So, this is one problem suppose for example, Eavesdropper notices that blocks 23 and 95 are equal in addition if he knows or can guess the value of block 23 of plain text he can then deduce the content of block 95. So, let us see what this means in terms of a picture suppose for example, I find that this block of cipher text is the same as this block of cipher text and let us suppose that I happen to know that this plain text was something say an HTTP message you have get and so on which is simple ASCII. So, I happen to know the plain text for this which I will know in the case of you know things like the HTTP header which is in simple text. So, the HTTP header for example, some of those characters are in this. So, I happen to know this I can of course, see this the cipher text and I happen to notice that this block of cipher text is the same as this block then I can conclude that this block of plain text is the same as this block. So, likewise they might be sensitive information in this block over here which I happen to know, but because this block of cipher text is the same as this I can conclude that this block of plain text is the same as this. So, this is one of the key drawbacks of the ECB mode for which purpose people came up with another mode which is cipher block chaining. So, in pictures what is this look like. So, here are the blocks of plain text and what you do is before you pass it through the encryption box you have an exclusive award gate. So, this is gated with what in the first block it is gated with the initialization vector IV stands for initialization vector and then you pass it through the encryption function and you get the cipher text. And then this block of cipher text the output over here which is the same as this this block of cipher text is then exclusive award with the next block of plain text to give you the input of the next e box and again this thing is encrypted with the same key k to get the next block of cipher text and so on and so forth. Now, the advantage of this scheme is that suppose I see that this is the same as this suppose I see that this is the same as this and if I know this then there is no way for me to conclude that this is the same as this because this thing takes as input this exclusive award gates takes as input this as well as this and this is an all likelihood something that is very random. So, some random thing gets input over here some random thing gets input over here. So, this becomes random and this becomes random. So, even if I know this block of plain text and if I know that this block of cipher text is the same as this block of cipher text I cannot conclude that this block of plain text is the same as this block. So, this is the advantage of CBC mode of operation as far as decryption is concerned I just look at it from the reverse side I get this block of cipher text I decrypt it. So, I get this value I know the IV at the receiver side and I exclusive award this and this and I get the first block of plain text then to get the next block of plain text I got this block of cipher text I decrypt it I get this value I know this value from here and I exclusive award this and this to get the next block of cipher text and so on. So, this is how encryption and decryption is done using the CBC mode. The other mode that I would like to touch upon is the counter mode. So, the counter mode what you do is you initialize the count to some arbitrary values has to be random and then you encrypt it and then you exclusive award the output with some with the plain text to get the cipher text. So, this is a random number you encrypt that counter value and then you exclusive award that value with this plain text to give you the corresponding cipher text. Then the next one is x plus 1 for the next block of plain text. So, this block of plain text the next block of plain text you simply take the counter value incremented by 1 and encrypt it and then exclusive award with the plain text to get the cipher text and so on and so forth. So, one of the advantages of this mode is you can parallel process you can do this at the same time as you do this because there is no feedback between all these stages. So, at the same time as you are processing this you can process this and all of these for example, or even you do not have to wait for this to be completed before you start something else. What if this block has not come, but this block has come you can still process this block even though this one has not come. So, there is no dependency between these between the processing of all these blocks. So, in words in the counter mode a b bit counter is initialized to a random value this value is encrypted with a secret key and then x o r with the first block of plain text. The counter is then incremented the incremented value is encrypted and x o r with the next block of plain text to create the next block of cipher text and so on. So, the advantages I mentioned before you can encrypt a block 10 before you encrypt block 1 and also you can perform this these operations in parallel. So, now that we have talked about secret key ciphers how they are constructed the template for constructing them using a p box and s box and the round key operation. The next thing is what is the application of a secret key cipher. So, obviously the first thing is to take a message and encrypt it. So, that you so that you ensure confidentiality now as I mentioned before you can do this also using public key cryptography, but the advantage of using secret key cryptography in encryption is that it is much much faster about 3 orders of magnitude better. It is also used to protect the privacy of stored documents by encrypting it. So, besides messages you can also encrypt documents before you store them in on disk for example. Besides confidentiality the next big thing is authentication. So, secret key cryptography is also used for both entity authentication and message authentication. So, entity authentication involves making sure as mentioned before that the party you are establishing connection with is indeed the party you intend to communicate with. So, we will discuss authentication protocols in some detail later. Let us look at it. So, entity authentication and message authentication from the perspective of message authentication how can we use secret key cryptography. Message authentication involves making sure that each and every message that has been exchanged is indeed from the party that participated in the establishment of that connection or session and it is handled on a per message basis. So, you want to guarantee both authentication and also integrity and both of these can be provided by using something called a message authentication code which basically uses at least one of the ways in which you can implement it is using secret key cryptography. So, what is the message authentication code? It is a fixed length one-way function of two things. There are two things that are needed to generate the MAC. So, the MAC is a function of the message and also a secret that is shared between the sender and the receiver. So, for each message to be send the sender computes a MAC which is appended to the message. On receiver the message in the MAC the recipient computes the same function on the message and the secret shared with the sender and checks for a match with the received MAC. So, let us see if we can try to make some sense of this. So, one way in which you can do this is through using the CBC mode of the secret key operation. Another way in which you can do this is using the cryptographic hash. So, there is some very powerful properties of the MAC. If even a single bit of the message is corrupted the MAC for the new message should be quite different from the MAC computed on the original message. So, this is a very important property even if one bit of the MAC is corrupted if of the message is corrupted the new MAC will be completely different from the original MAC. Another thing is knowing one or more message MAC pairs it should be computationally infeasible to deduce the secret. It should be computationally infeasible to generate a MAC for any fresh message without knowledge of the secret. So, let us see what are some of these different properties. So, here is a message I want to compute the MAC on this message. So, typically what I will do is I will send the message together with the MAC to the receiver. What is this supposed to guarantee two things integrity and also message authentication. So, basically the MAC is a one way function of two things of the message and the secret key. Now, suppose I have a message m 1 and the MAC is m MAC 1 over here. Now, suppose I corrupt this message and I create a message m 1 prime with just one bit difference between this and this then this value is going to be completely different from this value there will be no relationship between these two values. So, the attacker cannot try to figure out suppose I change this thing. So, here is what the attacker is saying he saying I change this thing this message contains a salary field and I change it from 20,000 to 90,000. Then can I change the MAC. So, the receiver will not know that I have changed the salary the answer is no because this MAC bears no resemblance whatsoever to this MAC. So, this is a very interesting property of the MAC. So, that is the first thing one important property. The next question is how do I verify the MAC at the receiver end. So, at the receiver end I have got this value and I have got this value, but I also know this value because this is the secret that both sides share to compute the MAC and to verify the MAC. So, at the receiver side I have got this value and I have got this value and I also know this value only these sender and receiver know this value. So, what I do is I take the message and I know the secret at the receiver side this is what I do I know the secret k I compute this and I verify whether this gives me the same thing as this. I have received this I have received this and I know this if I receive this and I know this I can compute this. And since I have received this I compare whether this output is the same thing as this value and if they are I conclude that the message has been transmitted without loss of integrity and the message has been created and sent by the authentic user. So, these are some of the properties of the MAC how do I verify the MAC what happens if I change even a single bit over here. Now, the next question is a hacker might try for example, to obtain different MAC pairs. So, he is observing on the line that MAC 2 is equal to f of m 2 comma k. He takes 10,000 such pairs MAC 3 is equal to f of m 3 comma k. The question is after all this knowledge of m 2. So, he knows m 2 and the corresponding MAC 2 he knows m 3 and the corresponding MAC 3. The question is can he find out what is the value of k and the answer is no if the MAC is designed properly. So, if the MAC is designed properly even though he might have 10,000 or 10 million of such pairs he will not be able to figure out the value of k. Now, the question is how do we construct such a such a great kind of thing the MAC. So, there are two ways in which you can construct the MAC one is using secret key cryptography in CBC mode. So, we just showed you what is CBC mode out there and the second thing is using the crypto hash. So, to construct. So, one way to construct the MAC using secret key cryptography is this thing. So, now here I have the original message. So, I just put the blocks to the message over here I have an initialization vector that is known to sender and receiver and I know the key that is also known to sender and receiver. So, what do I do is I apply the exclusive OR function and the encryption function on the first block and I get this value I keep repeating this thing I just ignore all these other things because I am only interested in computing the MAC. So, I only consider the last output. So, this was the original message split up into blocks and I do this computation and then I only consider this last block of ciphertext and that is my MAC. So, this MAC then as you can obviously see is a function of this entire message together with the initialization vector and the key k. So, what is done in the receiver side the receiver does exactly this computation and verifies whether what he is computed over here the MAC is what he has been received by him. So, he does exactly the same computation to verify the MAC he takes the message I am not talking about encryption now I am not interested in encryption I am only interested in integrity protection and authentication. So, he takes the original message in plain text. So, he sees the original message he knows this key value because it is shared between sender and receiver and he knows the IV. So, he computes the MAC and he verifies whether what he is computed is the same thing as what he has received. So, this is basically the MAC construction which I just showed in the picture imagine encrypting each message block using this in CBC mode with the encryption key being the secret shared by sender and receiver all blocks of the ciphertext except for the last block are discarded. The last block is used as the MAC for that particular message and of course, this MAC is also a function of not only the message and the key, but also the IV. So, the IV is supposed to be known by both sides now a little bit of RSA. So, public key cryptography one of the best known scheme is RSA another very well known scheme is ECC and we will cover ECC towards the end of this workshop. So, RSA is been around for quite a while since 1977 and it originated with Rivest, Shamir and Adelman one of the most widely used public key algorithms even today and the security of this scheme is based on the difficulty of factorizing a large number that is itself the product of two very large prime numbers. The operations that we are responsible for are three things key generation encryption and decryption. What is the use of RSA for confidentiality encrypt using receivers public key. So, as we have said before to encrypt something using RSA use the receivers public key only the receiver can decrypt this and for that purpose he needs to use his private key. Again as mentioned before RSA operations are much more computationally intensive compared to secret key operations and a solution is what I described on the paper use a combination of secret key and private key crypto. So, for that purpose we come up with a session key we encrypt the session key with the recipients public key and then encrypt the entire message with the random secret that we have just chosen as the session key. So, this is basically in words what I described before. So, before we go to the cryptographic hash a very brief background of RSA how that is done the mathematical operations. So, key generation first I choose two very large primes p and q each of these is about at least 1024 bits. If you want more security the next key size would be something like say 2048. So, I choose two large primes p and q I compute the modulus which is p times q then I choose a encryption key and encryption key e which is relatively prime to phi of n. So, phi of n or phi of n is the number of integers that is relatively prime to n the number of integers between 1 and n minus 1 that is relatively prime to n. So, this number in the case of n being the product of two primes turns out to be this. Now, I choose an e that is relatively prime to phi of n. So, the GCD of e and phi of n is equal to 1 and then I compute d as the inverse of e mod phi of n. So, all of this is explained in the book on the chapter on RSA. So, e d is 1 mod phi of n. So, this is basically key generation now encryption if I have got a message m then to encrypt it. So, this is a cipher text the message to the power of e mod of n and then to decrypt it hopefully if I do the this operation I will decrypt it c raise to d and only I can decrypt it because I know the decryption key or the private key. So, in the lab this afternoon we are going to use open SSL to look at what are the values possible values of p q n e d and if I take some plain text and I put in a file I would like to see the corresponding cipher text etcetera. So, this is encryption and this is decryption. So, three operations key generation encryption decryption in a nutshell. The next important element in cryptography is the cryptographic hash which is used to for example, obtain digital signatures. So, what is the cryptographic hash its purpose is to produce a fingerprint or a digest of a block of data. So, just like your fingerprint is unique to most individuals. So, this cryptographic hash applied on a message will be unique for different messages more or less almost certainly it will be unique for each message. The block of data can be a message a document etcetera. So, I can apply the cryptographic hash on a message on a document etcetera. For a given hash function the size of the digest is fixed though the input can be of arbitrary size. So, I can take a message of size 1 kilobyte or 1 or 100 megabytes, but the digest size will always be something small number like say 128 bits in the case of m d 5 or 160 bits in the case of shower. There are some extremely important properties upon which the security of signature schemes rests and also the mac rests. So, one such property is the one way property. So, basically the cryptographic hash is the function. So, given an x it is easy to compute h of x the hash of x, but given a y it is computationally infeasible to find x such that y is equal to h of x. So, it is impossible almost to invert something. So, let us see we have a slide that shows this the one way property it is very easy for me to go from here to here given any value x is very easy for me to compute h of x, but if I am given a value over here it is virtually impossible for me to find any one value in this set that maps to this value. So, it is not really invertible that is why it is called the one way function it is easy to go from here to here, but almost impossible to go in the reverse direction. There are for example. So, these are the this is set of messages which is infinite. So, as I said before messages can be arbitrary size. So, these are just basically bit strings and they can be of any length, but all of these things are of length for example, 128 bits. So, there are only 2 raise to 128 things on this side and an infinite number of things on this side. So, something tells you that there are many things over here on this side that map to the same thing on this side. Nevertheless if I give you anything on this side it is virtually impossible for the attacker to say where it came from. So, that is why it is a it is called this one way property it is an inherent property of the cryptographic hash. Besides this property there are also properties of collision resistance. The first is weak collision resistance given an x it is computationally infeasible to find a z such that h of x is equal to h of z. So, you are given an x and you have to find a z such that h of x is equal to h of z. And the third property of strong collision resistance it is computationally infeasible to find any 2. So, I give you the liberty I do not say I am giving you the x you find the y. I am saying you yourself choose any 2 things you want which have the same hash value and even that is almost impossible. So, illustrating weak collision resistance for example, if you have one value that is given to you x 1 or x can you find a y such that they both map to the same value. Now, there are infinite number of these guys that map to this and yet it is virtually impossible for you to find even one of those guys. So, I am giving you this I am asking you can you find one of these guys both of whom map to the same value in this set. So, this is the property of weak collision resistance and strong collision resistance is I do not say this I do not come and say I specify I am giving you this I just say just find any 2 things in this set I am happy if you find any 2 things in this set that both map to the same value. And even that problem of strong collision resistance is impossible. So, these are the properties of the cryptographic hash and the book has a discussion of how you can actually generate a cryptographic hash and example of the MD 5 for example. So, what are the uses of the cryptographic hash? So, here are some of them to create a digest of a message for integrity purposes to create a Mac. So, before we showed an example of generating a Mac using the secret key cryptography in CBC mode, but you can equally well use a Mac you use a cryptographic hash to create a Mac. And then another important property is to create a digital signature. So, how do we create a Mac using the cryptographic hash? Very simple you just take the message you concatenate it with the secret k and take the hash of that and that is the Mac. This is why the Mac is also referred to as a keyed hash a keyed hash because you are actually using the key over here and concatenating it with the message then taking hash function to obtain the Mac. So, you convince yourselves that if I know this value the Mac value if I know the message and if I have many such pairs that I know M 1 and Mac 1 M 2 and Mac 2 etcetera you will not be able to still find the value of k. If you see something like this the Mac value and the corresponding message and if I want to tamper with this message there is no way for me to compute the new Mac on the tampered message even if I change the message by 1 bit it is impossible for me to compute the new Mac. So, it is these very strong cryptographic properties that make it so very useful useful in what? In message integrity and message authentication for example, but it is also got other uses the next important use is in signatures. So, verifying the Mac I think you can all figure that out on receipt of the message and the Mac the receiver derives the Mac using the common secret and the receive message. How does he do that? The Mac is equal to the hash function of the message concatenate of the common secret. So, he computes this and then he verifies whether this is the same thing that he obtained from the sender. A change of even a single bit in the message of the Mac will result in a mismatch between the computed Mac and the received Mac and then he will know if the computed Mac does not match the received Mac he will know that the message has been tampered with on the way. So, that is a summary of what the Mac provides a combination of integrity and message authentication. Now, all of these things you will be seeing in the lab today using open SSL there are certain command line statements that you can use to generate the Mac on a message to generate to encrypt to decrypt to generate keys and all sorts of things and then finally, the signature. So, the normal human signature the manual signature has certain properties or you would like it to have certain properties it should be authentic. So, when I see a signature I know that it is Rajesh's signature. So, this is Rajesh's signature I look at the signature if I know Rajesh and signature I have seen it many times I will see the a new signature and I will say it is his that is what happens at the bank in a machine you go see a tell a machine he will look at the check and he will look at the signature if or if you are trying to withdraw money from the bank you will just fill up a form and you will sign and then the guy at the counter will verify the signature with the signature in the database and you will say yes this is the authentic signature of Rajesh. So, the signature should be authentic that means it is indeed Rajesh's signature. Now, this is different from this it should not be forgeable just because it looks like Rajesh's signature does not mean that Rajesh actually signed it. It could be some guy who is very good at forging people's signature. So, he can sign just like Rajesh still you want to detect that. So, it is not enough for me to just say that this is Rajesh's signature I also need to say that it is actually been signed by Rajesh. Now, it is not very easy for me to do that in the real world with manual signatures, but with digital signatures it is indeed possible. It should not be possible to repudiate a signature. So, Rajesh signs this check that he gives me and then 10 days later he says no it was not I who signed this check. It should not be reusable. If I am a bad guy Rajesh gives me a check for 10,000 rupees and then I steal his checkbook I write another check and I reuse that same signature on this other check. So, he is giving me a check for 10,000. Now, I write another check with his name and somehow I reuse that signature I pluck it out from the original check and I make another check from Rajesh to me of 1 lakh. It should not be reusable and it should not be possible to alter a signed document. So, I sign this check 10,000 rupees and then very nicely I make it 10,000-20,000. So, Rajesh has given me a check to be credited to my account 10,000 rupees check and I very nicely change that 10 to 20 and the bank accepts this even though it is a fraud. Now, all of this thing needs to be checked if we are going to use digital signatures. Of course, with manual signatures they can also check it, but how do we check it with digital signatures. So, the first thing is what is an RSA signature what is a digital signature. There are many kinds of digital signatures RSA is just one there is another one called DSA there is another one called ECDSA which stands for elliptic curve DSA and so on and so forth. So, the signature really looks very nice and elegant. You take the message you perform the cryptographic hash on the message. So, this message is a huge message let us say 20 kilobytes. You take the message and you perform the cryptographic hash. So, this entire thing reduces to the size of a fingerprint of that message which is about 128 bits and then you go ahead and encrypt it with the signers private key a is signing it she will encrypt it with her private key. So, senders digital signature guarantees not just integrity and authentication, but also non repudiation nobody else has your private key. So, you cannot go to the court and say it was signed by somebody else unless of course, your key was compromised and it is your responsibility to keep your private key safe. So, if I can verify your signature it is your responsibility you have signed it for all practical purposes. So, senders digital signature guarantees not just integrity and authentication, but also the property of non repudiation that is a signer of a document cannot later deny having signed it since she alone has knowledge or access to a signing key. So, if I take if I have a message and if I find this quantity. So, a message and this quantity I have to conclude that it must have been signed using this person's private key and must have been signed by this person unless she has compromised her private key and if she has compromised her private key it is her responsibility to go and complain to the certification authority that indeed it was lost and to disregard all signatures that will be signed hence forth. So, that is the role of the PKI the public key infrastructure which we will talk about it tomorrow. And then some common cryptographic hashes the MD 5 the SHA 1 if you want more security the SHA 256 with those many bits and so on. So, the next part of this session is going to be a presentation which closely mirrors what you will be doing in the lab. So, we will try to answer all doubts we will anticipate doubts and try to answer them. So, please tune in and pay attention very carefully as the present as the demo is in progress.