Unit II: Blockchain Working with Cryptography
Laying the Blockchain Foundation, Cryptography, Symmetric Key Cryptography, DES cryptography, Advanced Encryption Standard, Cryptographic Hash Functions, MAC and HMAC, Asymmetric Key Cryptography, DiffieHellman Key Exchange, Symmetric vs. Asymmetric Key Cryptography
Unit II: Blockchain Working with Cryptography
Que 1. What is Cryptography and Explain Symmetric Key Cryptography OR Explain the difference between Symmetric and Asymmetric Key Cryptography.
Cryptography:
- Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it.
- It is a field of study that involves techniques and methods for encrypting and decrypting data, ensuring confidentiality, integrity, and authenticity.
- Modern cryptography concerns itself with the following four objectives:
- Confidentiality. The information cannot be understood by anyone for whom it was unintended.
- Integrity.The information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected.
- Non-repudiation. The creator/sender of the information cannot deny at a later stage their intentions in the creation or transmission of the information.
- Authentication. The sender and receiver can confirm each other’s identity and the origin/destination of the information.
Symmetric Key Cryptography
- Symmetric cryptography is a type of encryption where the same secret key is used for both encryption and decryption of messages.
- The sender of the message uses a secret key to convert the original message into an unreadable format called ciphertext, which can only be read by someone who has the same secret key.
- The receiver of the message uses the same secret key to decrypt the ciphertext and recover the original message.
- Symmetric cryptography is often used in situations where there is a need for secure communication between two parties.
- The advantages of symmetric cryptography include its speed and efficiency in encrypting large amounts of data, while its main disadvantage is the need for secure key management.
- The sender and receiver must agree on a secure way to exchange the secret key before any communication can take place.
- Additionally, symmetric cryptography is not suitable for applications where there are multiple senders and receivers, as each pair of sender and receiver needs a separate key.
Asymmetric Cryptography
- Asymmetric cryptography, also known as public-key cryptography, is a type of encryption where a pair of mathematically related keys are used for encryption and decryption of messages.
- One key is a public key that can be shared with anyone, while the other key is a private key that should be kept secret by the owner.
- When someone wants to send a message to the owner of the public key, they encrypt the message using the public key.
- Once the message is encrypted, it can only be decrypted using the corresponding private key.
- The owner of the private key can then decrypt the message and read its contents.
- Asymmetric cryptography is often used in situations where there is a need for secure communication between multiple parties.
- It allows for secure communication without the need for a pre-shared secret key.
- The advantages of asymmetric cryptography include its ability to securely exchange the public keys without compromising the security of the system.
Symmetric Key Cryptography | Asymmetric Key Cryptography |
---|---|
There is only one key (symmetric key) is used, and the similar key can be used to encrypt and decrypt the message. | There are two different cryptographic keys (asymmetric keys), known as the public and the private keys, are used for encryption and decryption. |
It is effective as this technique is recommended for high amounts of text. | It is inefficient as this approach is used only for short messages. |
Symmetric encryption is generally used to transmit bulk information. | It is generally used in smaller transactions. It is used for making a secure connection channel before transferring the actual information. |
Symmetric key cryptography is also known as secret-key cryptography or private key cryptography. | Asymmetric key cryptography is also known as public-key cryptography or a conventional cryptographic system. |
Symmetric key cryptography uses fewer resources as compared to asymmetric key cryptography. | Asymmetric key cryptography uses more resources as compared to symmetric key cryptography. |
The length of the keys used is frequently 128 or 256 bits, based on the security need. | The length of the keys is much higher, such as the recommended RSA key size is 2048 bits or higher. |
Also Read: Introduction to Block Chain
Que 2. Explain difference between Stream Ciphers and Block Ciphers.
Stream Cipher
- A stream cipher is an encryption method that combines a pseudorandom cipher digit stream with plain text digits.
- This pseudorandom encryption digit stream is applied one bit at a time to each binary digit.
- This encryption method employs an endless amount of pseudorandom cipher digits for each key.
- Stream ciphers encrypt data on a bit-by-bit or byte-by-byte basis, typically operating on a continuous stream of data.
- They generate a keystream, which is a sequence of random or pseudo-random bits or bytes, and then combine it with the plaintext using a bitwise XOR operation to produce the ciphertext.
- Stream ciphers are generally faster and more efficient for encrypting large amounts of data, especially in real-time applications like network communication or audio/video streaming.
- The RC4 stream cipher is widely used in the software
Block Cipher
- A block cipher is a symmetric cryptographic technique that uses a shared, secret key to encrypt a fixed-size data block.
- During encryption, plaintext is used, and ciphertext is the resultant encrypted text.
- The plaintext and ciphertext are both encrypted using the same key.
- Block ciphers encrypt data in fixed-size blocks, typically 64 or 128 bits in length. The input plaintext is divided into blocks, and each block is encrypted separately.
- They use a cryptographic key and a series of rounds of encryption operations, such as substitution, permutation, and XOR, to transform the plaintext block into a corresponding ciphertext block.
- Block ciphers are more suitable for securing stored data, like files or databases, as they operate on fixed-size chunks of data.
- They can be used in various modes of operation, such as Electronic Codebook (ECB), Cipher Block Chaining (CBC), Counter (CTR), or Galois/Counter Mode (GCM), to provide different levels of security and support additional features like integrity and authentication.
S.NO | Block Cipher | Stream Cipher |
---|---|---|
1. | Block Cipher Converts the plain text into cipher text by taking plain text’s block at a time. | Stream Cipher Converts the plain text into cipher text by taking 1 byte of plain text at a time. |
2. | Block cipher uses either 64 bits or more than 64 bits. | While stream cipher uses 8 bits. |
3. | The complexity of block cipher is simple. | While stream cipher is more complex. |
4. | Block cipher Uses confusion as well as diffusion. | While stream cipher uses only confusion. |
5. | In block cipher, reverse encrypted text is hard. | While in-stream cipher, reverse encrypted text is easy. |
6. | The algorithm modes which are used in block cipher are ECB (Electronic Code Book) and CBC (Cipher Block Chaining). | The algorithm modes which are used in stream cipher are CFB (Cipher Feedback) and OFB (Output Feedback). |
7. | Block cipher works on transposition techniques like rail-fence technique, columnar transposition technique, etc. | While stream cipher works on substitution techniques like Caesar cipher, polygram substitution cipher, etc. |
8. | Block cipher is slow as compared to a stream cipher. | While stream cipher is fast in comparison to block cipher. |
9. | Suitable for applications that require strong encryption, such as file storage and internet communications | Suitable for applications that require strong encryption, such as file storage and internet communications |
10. | More secure than stream ciphers when the same key is used multiple times | Less secure than block ciphers when the same key is used multiple times |
11. | key length is Typically 128 or 256 bits | key length is Typically 128 or 256 bits |
12. | Operates on fixed-length blocks of data | Encrypts data one bit or byte at a time |
Que 3. Explain DES.
- The Data Encryption Standard (DES) is a symmetric block cipher technique.
- It uses 64-bit block size with a 64-bit key for encryption and decryption.
- Out of the 64-bit key, 8 bits are reserved for parity checks and technically 56 bits is the key length.
- It has been proven that it is vulnerable to brute force attack and could be broken in less than a day.
- Given Moore’s law, it could be broken a lot quicker in the future, so its usage has been deprecated quite a bit because of the key length.
- It was very popular and was being used in banking applications, ATMs, and other commercial applications, and more so in hardware
implementations than software. - In symmetric cryptography, a large number of block ciphers use a design scheme known as a “Feistel cipher” or “Feistel network.”
- A Feistel cipher consists of multiple rounds to process the plaintext with the key, and every round consists of a substitution step followed by a permutation step.
- The more the number of rounds, the more secure it could be but encryption/decryption gets slower.
- The DES is based on a Feistel cipher with 16 rounds. A general sequence of steps in the DES algorithm is shown in Figure
Que 4. Explain in detail the AES cryptography.
- Like DES, the AES algorithm is also a symmetric block cipher but is not based on a Feistel network.
- The AES uses a substitution- permutation network in a more general sense.
- It not only offers greater security, but also offers greater speed! As per the AES standards, the block size is fixed at 128 bits and allows a choice of three keys: 128 bits, 192 bits, and 256 bits.
- Depending on the choice of the key, AES is named as AES-128, AES-192, and AES-256.
- In AES, the number of encryption rounds depend on the key length.
- For AES-128, there are ten rounds; for AES-192, there are 12 rounds; and for AES-256, there are 14 rounds. The only thing that changes is the “key schedule”.
Que 5. What are Cryptographic Hash Functions? Explain its properties and applications.
- Hash functions are extremely useful and appear in almost all information security applications.
- A hash function is a mathematical function that converts a numerical input value into another compressed numerical value. The input to the hash function is of arbitrary length but output is always of fixed length.
- Values returned by a hash function are called message digest or simply hash values. The following picture illustrated hash function −
Features of Hash Functions
- Hash function coverts data of arbitrary length to a fixed length. This process is often referred to as hashing the data.
- In general, the hash is much smaller than the input data, hence hash functions are sometimes called compression functions.
- Since a hash is a smaller representation of a larger data, it is also referred to as a digest.
- Hash function with n bit output is referred to as an n-bit hash function. Popular hash functions generate values between 160 and 512 bits.
Properties of Hash Functions
- Deterministic: A hash function always produces the same hash value for the same input. This property ensures that the output is consistent and predictable.
- Fixed Output Size: Hash functions produce a fixed-size output, regardless of the input size. For example, the SHA-256 hash function always generates a 256-bit hash value.
- Preimage Resistance: It should be computationally infeasible to determine the input message from the hash value alone. Given a hash value, finding a corresponding input message should be extremely difficult.
- Second Preimage Resistance: Given an input message, it should be computationally infeasible to find another input message that produces the same hash value (collision). In other words, finding a different message with the same hash should be highly improbable.
- Collision Resistance: It should be computationally infeasible to find any two different input messages that produce the same hash value. A good hash function minimizes the likelihood of collisions, making it highly improbable for two different inputs to have the same hash.
Applications of Hash Functions
- Data Integrity Verification:
- Hash functions are widely used to ensure the integrity of data.
- By generating a hash value for a piece of data, such as a file or message, one can later verify if the data has been tampered with by comparing the computed hash with the original hash value.
- If the hashes match, it indicates that the data has not been altered.
- Password Storage:
- Storing passwords in plaintext is insecure, so hash functions are used to securely store passwords.
- Instead of storing the actual passwords, the hash values of passwords are stored. During login attempts, the entered password is hashed and compared with the stored hash value.
- This way, even if the stored hashes are compromised, the original passwords remain protected.
- Digital Signatures:
- Hash functions play a crucial role in digital signature algorithms.
- The input message is hashed, and the resulting hash value is encrypted using the sender’s private key.
- The recipient can verify the signature by decrypting the encrypted hash value using the sender’s public key and comparing it with the computed hash of the received message.
- Message Authentication Codes (MAC):
- Hash functions are used to generate MACs, which provide message integrity and authentication.
- The hash function combines the input message with a secret key to produce a MAC.
Que 6. Explain MAC and HMAC with important MAC strategies that are widely used.
MAC (Message Authentication Code) and HMAC (Hash-based Message Authentication Code) are both cryptographic functions used for message integrity and authentication. While they serve a similar purpose, there are some key differences between them:
MAC (Message Authentication Code)
- A MAC is a cryptographic tag or checksum generated from a message and a secret key.
- It provides message integrity and authentication by allowing the receiver to verify that the message has not been tampered with and was generated by an entity possessing the secret key.
- MAC algorithms use symmetric key cryptography, where the same secret key is used for both generating and verifying the MAC.
- Commonly used MAC algorithms include HMAC, CBC-MAC, and CMAC.
- MACs are vulnerable to certain types of attacks, such as length extension attacks, if not properly implemented.
HMAC (Hash-based Message Authentication Code)
- HMAC is a specific type of MAC that uses a cryptographic hash function along with a secret key to provide message integrity and authentication.
- It combines the properties of a hash function and a MAC to produce a secure authentication code.
- HMAC uses an underlying hash function, such as MD5, SHA-1, SHA-256, or SHA-3, and incorporates additional key mixing operations.
- The extra key mixing step enhances the security of the MAC and protects against certain cryptographic weaknesses of the underlying hash function.
- HMAC is resistant to known cryptographic attacks and provides a strong level of security when implemented correctly.
Important MAC strategies that are widely used:
MAC-then-Encrypt:
- This technique requires the computation of MAC on the cleartext, appending it to the data, and then encrypting all of that together.
- This scheme does not provide integrity of the ciphertext.
- At the receiving end, the message decryption has to happen first to be able to check the integrity of the message.
Encrypt-and-MAC:
- This technique requires the encryption and MAC computation of the message or the cleartext, and then appending the MAC at the end of the encrypted message or ciphertext.
Encrypt-then-MAC:
- This technique requires that the cleartext needs to be encrypted first, and then compute the MAC on the ciphertext.
- This MAC of the ciphertext is then appended to the ciphertext itself.
Que 7. Explain Diffie-Hellman Key Exchange Algorithm.
Diffie Hellman key exchange: The Diffie-Hellman key exchange is a cryptographic protocol that allows two parties to establish a shared secret key over an insecure communication channel without prior knowledge of each other’s secret keys.
The Diffie-Hellman key exchange works by allowing two parties (Alice and Bob) to agree on a shared secret key over an insecure channel, without any other party being able to intercept the key or learn anything about it. The key exchange involves the following steps −
- Alice and Bob agree on two large prime numbers, p and g, and a public key exchange algorithm.
- Alice chooses a secret integer, a, and computes A = g^a mod p. She sends A to Bob.
- Bob chooses a secret integer, b, and computes B = g^b mod p. He sends B to Alice.
- Alice computes s = B^a mod p. Bob computes s = A^b mod p.
- Alice and Bob now both have shared secret keys, which they can use to establish a secure communication channel.
The security of the Diffie-Hellman key exchange relies on the fact that it is computationally infeasible for an attacker to determine the shared secret keys from the public values of p, g, A, and B. This allows Alice and Bob to exchange the key securely, even over an insecure channel.
How it Works ?
It works by allowing two parties (Alice and Bob) to agree on a shared secret key without any other party being able to intercept the key or learn anything about it. The key exchange involves the following steps −
- Alice and Bob agree on two large prime numbers, p and g, and a public key exchange algorithm.
- Alice chooses a secret integer, a, and computes A = g^a mod p. She sends A to Bob.
- Bob chooses a secret integer, b, and computes B = g^b mod p. He sends B to Alice.
- Alice computes s = B^a mod p. Bob computes s = A^b mod p.
- Alice and Bob now both have the shared secret key s, which they can use to establish a secure communication channel.
The security of the Diffie-Hellman key exchange relies on the fact that it is computationally infeasible for an attacker to determine the shared secret key s from the public values of p, g, A, and B. This allows Alice and Bob to exchange the key securely, even over an insecure channel.
Some examples of the use of the Diffie-Hellman key exchange include −
- SSL/TLS − The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols use the Diffie-Hellman key exchange to establish a secure channel between a client and a server. This allows the client and server to exchange encrypted messages over an insecure network, such as the Internet.
- SSH − The Secure Shell (SSH) protocol uses the Diffie-Hellman key exchange to establish a secure channel between a client and a server. This allows users to securely log in to a remote server and execute commands, transfer files, and perform other tasks over an insecure network.
- VPNs − Many VPN protocols, such as IPSec and OpenVPN, use the Diffie-Hellman key exchange to establish a secure connection between a client and a server. This allows the client and server to exchange encrypted traffic over an insecure network, such as the Internet.
- SFTP − The Secure File Transfer Protocol (SFTP) uses the Diffie-Hellman key exchange to establish a secure channel between a client and a server. This allows users to securely transfer files between two systems over an insecure network.