SRI VIDYA COLLEGE OF ENGINEERING & TECHNOLOGY - VIRUDHUNAGAR. Sri Vidya College of Engineering and Technology Department of Information Technology

Transcription

1 Sri Vidya College of Engineering and Technology Department of Information Technology Class III IT Subject Code IT2352 Subject Cryptography network security Prepared By Vanaja B Lesson Plan for Introduction to computer security- Attacks and services Time: 50 Minutes Lesson. No Unit1 1/10 1. Content List : Introduction to computer security- Attacks and services 2. Skills Addressed: Description of computer security and Description of security attacks and service Objectives of this Lesson Plan: 1. To enable students to understand the what is meant by computer security. 2. To enable students to learn the need for computer security. 3. To enable students to understand the basics of network security and learn different types of attacks and services 4. To enable students to learn different types of attacks and services 4. Outcome (s): Understanding the need for computer security. Understanding the different types of attacks and services 5 Link Sheet: 1. Define computer security. 2. What are the three main objectives of computer security? 3. List out some of the challenges of computer security. 1. Define an attack. 2. What are the two types of attacks? 3. List the various passive attacks 4. List the various passive attacks 5. List the various active attacks 6. Define security services. 7. Define security services. IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 1

2 6 Evocation: (5 Minutes) 7. Lecture Notes: The Security Requirements Traid Topics: What is mean by computer security? Need for network security Challenges of computer security Define an attack. Define security services. Define security mechanisms. Types of attacks in the network Description of the two types of attacks COMPUTER SECURITY The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources Confidentiality: This term covers two related concepts: Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals. Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. Integrity: This term covers two related concepts: Data integrity: Assures that information and programs are changed only in a specified and authorized manner. System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 2

3 Availability: Assures that systems work promptly and service is not denied to authorize users. The Challenges of Computer Security Computer and network security is both fascinating and complex. Some of the reasons follow: 1. Security is not as simple as it might first appear to the novice. The requirements seem to be straightforward; indeed, most of the major requirements for security services can be given selfexplanatory, one-word labels: confidentiality, authentication, nonrepudiation, or integrity. But the mechanisms used to meet those requirements can be quite complex, and understanding them may involve rather subtle reasoning. 2. In developing a particular security mechanism or algorithm, one must always consider potential attacks on those security features. In many cases, successful attacks are designed by looking at the problem in a completely different way, therefore exploiting an unexpected weakness in the mechanism. 3.Because of point 2, the procedures used to provide particular services are often counterintuitive. Typically, a security mechanism is complex, and it is not obvious from the statement of a particular requirement that such elaborate measures areneeded. It is only when the various aspects of the threat are considered that elaborate security mechanisms make sense. 4. Having designed various security mechanisms, it is necessary to decide where to use them. This is true both in terms of physical placement (e.g., at what points in a network are certain security mechanisms needed) and in a logical sense [e.g., at what layer or layers of an architecture such as TCP/IP. 5. Security mechanisms typically involve more than a particular algorithm or protocol. They also require that participants be in possession of some secret information (e.g., an encryption key), which raises questions about the creation, distribution, and protection of that secret information. There also may be a reliance on communications protocols whose behavior may complicate the task of developing the security mechanism. For example, if the proper functioning of the security mechanism requires setting time limits on the transit time of a message from sender to receiver, then any protocol or network that introduces variable, unpredictable delays may render such time limits meaningless. 6. Computer and network security is essentially a battle of wits between a perpetrator who tries to find holes and the designer or administrator who tries to close them. The great advantage that the attacker has is that he or she need only find a single weakness, while the designer must find and eliminate all weaknesses to achieve perfect security. 7. There is a natural tendency on the part of users and system managers to perceive little benefit from security investment until a security failure occurs. 8. Security requires regular, even constant, monitoring, and this is difficult in today s short-term, overloaded environment. IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 3

4 9. Security is still too often an afterthought to be incorporated into a system after the design is complete rather than being an integral part of the design process. 10. Many users and even security administrators view strong security as an impediment to efficient and user-friendly operation of an information system or use of information. ATTACKS AND SERVICES ATTACKS A useful means of classifying security attacks, used both in X.800 and RFC 2828, is in terms of 1. passive attacks A passive attack attempts to learn or make use of information from the system but does not affect system resources. 2. active attacks. An active attack attempts to alter system resources or affect their operation. Passive Attacks Two types of passive attacks are The release of message contents A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information. We would like to prevent an opponent from learning the contents of these transmissions. Traffic analysis The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place. IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 4

5 Active Attacks Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: Masquerade A masquerade takes place when one entity pretends to be a different entity Replay A Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 5

6 Modification of messages Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect Denial of service The denial of service prevents or inhibits the normal use or management of communications facilities (Figure 1.3d). This attack may have a specific target; IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 6

7 Active attacks present the opposite characteristics of passive attacks.whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is quite difficult to prevent active attacks absolutely SECURITY SERVICES A processing or communication service that is provided by a system to give a specific kind of protection to system resources; security services implement security policies and are implemented by security mechanisms. X.800 divides these services into five categories and fourteen specific services IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 7

8 Security Mechanisms The security mechanisms are divided into those that are implemented in a specific protocol layer, such as TCP or an application-layer protocol, and those that are not specific to any particular protocol layer or security service IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 8

9 8 Textbook : William Stallings, Cryptography and Network security Principles and Practices, Pearson/PHI, 4th ed, Application Network Security IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 9

10 Sri Vidya College of Engineering and Technology Department of Information Technology Class III IT Subject Code IT2352 Subject Cryptography network security Prepared By Vanaja B Lesson Plan for Classical cryptosystems- Different types of ciphers Time: 50 Minutes Lesson. No Unit 1 2-3/10 1. Content List : Classical cryptosystems- Different types of ciphers 2. Skills Addressed: Description of classical cryptosystem Description of different types of ciphers 3. Objectives of this Lesson Plan: To enable students to understand the cryptosystem. To enable students to various ciphers 4. Outcome (s): Understanding the classical cryptosystem Understanding various types of ciphers 5. Link Sheet: 1. Define crypto system 2. What the five ingredients of classical cryptosystem 3. Define encryption 4. Define decryption 5. List the various types of ciphers 6. Define substitution. 7. Define transposition. 8. Describe the various types of ciphers IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 10

11 6 Evocation: (5 Minutes) 7. Lecture Notes: Topics: 8. Description of classical cryptosystem 9. Model symmetric cryptosystem 10. Description of various types of ciphers IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 11

12 A symmetric encryption scheme has five ingredients Plaintext: This is the original intelligible message or data that is fed into the algorithm as input. Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the plaintext. Secret key: The secret key is also input to the encryption algorithm. The key is a value independent of the plaintext and of the algorithm. The algorithm will produce a different output depending on the specific key being used at the time. The exact substitutions and transformations performed by the algorithm depend on the key. Cipher text: This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different cipher texts. The cipher text is an apparently random stream of data and, as it stands, is unintelligible. Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the cipher text and the secret key and produces the original plaintext. There are two requirements for secure use of conventional encryption: 1. We need a strong encryption algorithm. At a minimum, we would like the algorithm to be such that an opponent who knows the algorithm and has access to one or more cipher texts would be unable to decipher the cipher text or figure out the key. This requirement is usually stated in a stronger form: The opponent should be unable to decrypt cipher text or discover the key even if he or she is in possession of a number of cipher texts together with the plaintext that produced each cipher text. 2. Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure. If someone can discover the key and knows the algorithm, all communication using this key is readable With the message X and the encryption key K as input, the encryption IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 12

13 algorithm forms the cipher text Y=[Y 1,Y 2..Y n ].We can write this as Y = E (K, X) This notation indicates that Y is produced by using encryption algorithm E as a function of the plaintext X, with the specific function determined by the value of the key.k The intended receiver, in possession of the key, is able to invert the transformation: X = D (K, Y) An opponent, observing y but not having access to K or X, may attempt to recover X or Y or both X and Y. It is assumed that the opponent knows the encryption (E) and decryption (D) algorithms. If the opponent is interested in only this particular message, then the focus of the effort is to recover X by generating a plaintext estimate X. Often, however, the opponent is interested in being able to read future messages as well, in which case an attempt is made to recover K by generating An estimate K. DESCRIPTION OF VARIOUS TYPES OF CIPHERS The two basic building blocks of all encryption techniques are Substitution Transposition Substitution A substitution technique is one in which the letters of plaintext are replaced by other letters or by numbers or symbols.1 If the plaintext is viewed as a sequence of bits, then substitution involves replacing plaintext bit patterns with cipher text bit patterns. Caesar Cipher The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar.The Caesar cipher involves replacing each letter of the alphabet with the letter standing three places further down the alphabet. For example, plain: meet me after the toga party cipher: PHHW PH DIWHU WKH WRJD SDUWB Note that the alphabet is wrapped around, so that the letter following Z is A. We can define the transformation by listing all possibilities, as follows: plain: a b c d e f g h i j k l m n o p q r s t u v w x y z IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 13

14 cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Then the algorithm can be expressed as follows. For each plaintext letter, substitute the ciphertext letter C: 2 C = E(3, p) = (p + 3) mod 26 A shift may be of any amount, so that the general Caesar algorithm is C = E(k, p) = (p + k) mod 26 where takes on a value in the range 1 to 25.The decryption algorithm is simply Monoalphabetic Ciphers p = D(k, C) = (C - k) mod 26 With only 25 possible keys, the Caesar cipher is far from secure.a dramatic increase in the key space can be achieved by allowing an arbitrary substitution. Before proceeding, we define the term permutation.a permutation of a finite set of elements S is an ordered sequence of all the elements of, with each element appearing exactly once. For example, if S={a,b,c}, there are six permutations of S: abc, acb, bac, bca, cab, cba If, instead, the cipher line can be any permutation of the 26 alphabetic characters, then there are 26! or greater than possible keys.this is 10 orders of magnitude greater than 4 X the key space for DES and would seem to eliminate brute-force techniques for cryptanalysis. Such an approach is referred to as a monoalphabetic substitution cipher, Playfair Cipher The best-known multiple-letter encryption cipher is the Playfair, which treats digrams in the plaintext as single units and translates these units into ciphertext digrams. The Playfair algorithm is based on the use of a 5 5 matrix of letters constructed using a keyword. Here is an example, solved by Lord Peter Wimsey in Dorothy Sayers s Have His Carcase In this case, the keyword is monarchy. The matrix is constructed by filling in the letters of the keyword (minus duplicates) from left to right and from top to bottom, and then filling in the remainder of IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 14

15 the matrix with the remaining letters in alphabetic order. The letters I and J count as one letter. Plaintext is encrypted two letters at a time, according to the following rules: 1. Repeating plaintext letters that are in the same pair are separated with a filler letter, such as x, so that balloon would be treated as ba lx lo on. 2. Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to the right, with the first element of the row circularly following the last. For example, ar is encrypted as RM. 3. Two plaintext letters that fall in the same column are each replaced by the letter beneath, with the top element of the column circularly following the last. For example, mu is encrypted as CM. 4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its own row and the column occupied by the other plaintext letter. Thus, hs becomes BP and ea becomes IM (or JM, as the encipherer wishes). Hill Cipher6 Another interesting multiletter cipher is the Hill cipher, developed by the mathematician Lester Hill in THE HILLALGORITHM This encryption algorithm takes m successive plaintext letters and substitutes for them m ciphertext letters. The substitution is determined by m linear equations in which each character is assigned a numerical value (a = 0, b = 1, Á, z = 25) For m the system can be described as This can be expressed in terms of row vectors and matrices or where C and P are row vectors of length 3 representing the plaintext and ciphertext, and K is a 3X 3 matrix representing the encryption key. Operations are performed mod 26 Key For example, consider the plaintext paymoremoney and use the encryption IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 15

16 Polyalphabetic Ciphers Another way to improve on the simple monoalphabetic technique is to use different monoalphabetic substitutions as one proceeds through the plaintext message. The general name for this approach is polyalphabetic substitution cipher. All these techniques have the following features in common: 1. A set of related monoalphabetic substitution rules is used. 2. A key determines which particular rule is chosen for a given transformation. VIGENERE CIPHER The best known, and one of the simplest, polyalphabetic ciphers is the Vigenère cipher. In this scheme, the set of related monoalphabetic substitution rules consists of the 26 Caesar ciphers with shifts of 0 through 25. Each cipher is denoted by a key letter, which is the ciphertext letter that substitutes for the plaintext letter a. Thus, a Caesar cipher with a shift of 3 is denoted by the key value. We can express the Vigenère cipher in the following manner. Assume a sequence of plaintext letters P = p0, p1, p2, Á, pn-1 and a key consisting of the sequence of letters K = k0, k1, k2, Á, km-1 where typically m <n.the sequence of ciphertext letters C = C0, C1, C2, Á, Cn-1 is calculated as follows Thus, the first letter of the key is added to the first letter of the plaintext, mod 26, the second letters are added, and so on through the first m letters of the plaintext. For the next m letters of the plaintext, the key letters are repeated.this process continues until all of the plaintext sequence is encrypted. A general equation of the encryption process is Ci = (pi + kimod m)mod 26 Compare this with Equation (2.1) for the Caesar cipher. In essence, each plaintext character is encrypted with a different Caesar cipher, depending on the corresponding key character. Similarly, decryption is a generalization of Equation (2.2): To encrypt a message, a key is needed that is as long as the message. Usually, the key is a repeating keyword. For example, if the keyword is deceptive, the message we are discovered save yourself is encrypted as IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 16

17 VERNAM CIPHER The ultimate defense against such a cryptanalysis is to choose a keyword that is as long as the plaintext and has no statistical relationship to it. Such a system was introduced by an AT&T engineer named Gilbert Vernam in His system works on binary data (bits) rather than letters.the system can be expressed succinctly as follows Thus, the ciphertext is generated by performing the bitwise XOR of the plaintext and the key. Because of the properties of the XOR, decryption simply involves the same bitwise operation Transposition techniques All the techniques examined so far involve the substitution of a ciphertext symbol for a plaintext symbol. A very different kind of mapping is achieved by performing some sort of permutation on the plaintext letters. This technique is referred to as a transposition cipher. The simplest such cipher is the rail fence technique, in which the plaintext is written down as a sequence of diagonals and then read off as a sequence of rows. For example, to encipher the message meet me after the toga party with a rail fence of depth 2, we write the following: The encrypted message is m e m a t r h t g p r y e t e f e t e o a a t MEMATRHTGPRYETEFETEOAAT This sort of thing would be trivial to cryptanalyze.a more complex scheme is to write the message in a rectangle, row by row, and read the message off, column by column, but permute the order of the columns. The order of the columns then becomes the key to the algorithm. For example, Key: Plaintext: a t t a c k p o s t p o n e d u n t i l t w o a m x y z Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 17

18 Thus, in this example, the key is To encrypt, start with the column that is labeled 1, in this case column 3.Write down all the letters in that column. Proceed to column 4, which is labeled 2, then column 2, then column 1, then columns 5, 6, and 7. A pure transposition cipher is easily recognized because it has the same letter frequencies as the original plaintext. For the type of columnar transposition just shown, cryptanalysis is fairly straightforward and involves laying out the ciphertext in a matrix and playing around with column positions. Digram and trigram frequency tables can be useful. The transposition cipher can be made significantly more secure by performing more than one stage of transposition.the result is a more complex permutation that is not easily reconstructed. Thus, if the foregoing message is reencrypted using the same algorithm, Key: Input: t t n a a p t m t s u o a o d w c o i x k n l y p e t z Output: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ To visualize the result of this double transposition, designate the letters in the original plaintext message by the numbers designating their position. Thus, with 28 letters in the message, the original sequence of letters is After the first transposition, we have This is a much less structured permutation and is much more difficult to cryptanalyze. 8. Textbook : William Stallings, Cryptography and Network security Principles and Practices, Pearson/PHI, 4th ed, Application Network Security IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 18

19 Sri Vidya College of Engineering and Technology Department of Information Technology Class III IT Subject Code IT2352 Subject Cryptography network security Prepared By Vanaja B Lesson Plan for LFSR Sequence - Introduction to Number theory Time: 50 Minutes Lesson. No Unit /10 1. Content List : LFSR Sequence - Introduction to Number theory 2. Skills Addressed: Description of LFSR Sequence 3. Objectives of this Lesson Plan: 4. Outcome (s): 11. To enable students to understand LFSR Sequence Understanding the LFSR Sequence 5. Link Sheet: 1.What is meant LFSR Sequence 6. Evocation: (5 Minutes) IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 19

20 7. Lecture Notes Topics: Description of LFSR Sequence LINEAR FEEDBACK SHIFT REGISTER (LFSR) Linear-feedback shift register (LFSR) is a shift register whose input bit is a linear function of its previous state. The most commonly used linear function of single bits is XOR. Thus, an LFSR is most often a shift register whose input bit is driven by the exclusive-or (XOR) of some bits of the overall shift register value. The initial value of the LFSR is called the seed, and because the operation of the register is deterministic, the stream of values produced by the register is completely determined by its current (or previous) state. Likewise, because the register has a finite number of possible states, it must eventually enter a repeating cycle. However, an LFSR with a well-chosen feedback function can produce a sequence of bits which appears random and which has a very long cycle. Applications of LFSRs include generating pseudo-random numbers, pseudo-noise sequences, fast digital counters, and whitening sequences. Both hardware and software implementations of LFSRs are common. The mathematics of a cyclic redundancy check, used to provide a quick check against transmission errors, are closely related to those of an LFSR. 8. Textbook : William Stallings, Cryptography and Network security Principles and Practices, Pearson/PHI, 4th ed, Application Network Security IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 20

21 Sri Vidya College of Engineering and Technology Department of Information Technology Class III IT Subject Code IT2352 Subject Cryptography network security Prepared By Vanaja B Lesson Plan for Congruences - Chinese remainder theorem Time: 50 Minutes Lesson. No Unit 1 6 /10 1. Content List : Congruences - Chinese remainder theorem 2. Skills Addressed: Description of Congruences Description of Chinese remainder theorem 3. Objectives of this Lesson Plan: To enable students to understand Congruences To enable students to understand Chinese remainder theorem 4. Outcome (s): Understanding the Congruences Understanding the Chinese remainder theorem 5. Link Sheet: Define Congruences Describe the various congruences theorem Define Chinese remainder theorem Explain in detail remainder theorem IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 21

22 6. Evocation: 7. Lecture Notes Topics: Description of Congruences theorem Description of Chinese remainder theorem CONGRUENCES EXAMPLE IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 22

23 IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 23

24 CHINESE REMAINDER THEOREM One of the most useful results of number theory is the Chinese remainder theorem (CRT).8 In essence, the CRT says it is possible to reconstruct integers in a certain range from their residues modulo a set of pairwise relatively prime moduli. The CRT can be stated in several ways.we present here a formulation that is most useful from the point of view of this text. An alternative formulation is explored in Problem Let where the mare pairwise relatively prime; that is, gcd(mi, mj) = 1 for1<=i,j<=k, and i!=j and.we can represent any integer A in Zm by a K -tuple whose elements are in Zm using the IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 24

25 following correspondence: IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 25

26 IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 26

27 8. Textbook : William Stallings, Cryptography and Network security Principles and Practices, Pearson/PHI, 4th ed, Application Network Security IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 27

28 Sri Vidya College of Engineering and Technology Department of Information Technology Class III IT Subject Code IT2352 Subject Cryptography network security Prepared By Vanaja B Lesson Plan for Modular Exponentiation- Fermat theorem- Euler s theorem Time: 50 Minutes Lesson. No Unit 1 7 /10 1. Content List : Modular Exponentiation Fermat theorem Euler s theorem 2. Skills Addressed: Description of Modular Exponentiation Description of Fermat theorem Description of Euler s theorem 3. Objectives of this Lesson Plan: To enable students to understand Modular Exponentiation To enable students to understand Fermat theorem To enable students to understand Euler s theorem 4. Outcome (s): Understanding the Modular Exponentiation Understanding the Fermat theorem and Euler s theorem 5. Link Sheet: What is meant by Modular Exponentiation Give the various methods of Modular Exponentiation IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 28

29 Define Fermat theorem Define Euler s theorom 6. Evocation: 7. Lecture Notes Topics: Description of Modular Exponentiation Description of Fermat theorem and Euler s theorem MODULAR EXPONENTIATION Modular exponentiation is a type of exponentiation performed over a modulus. It is particularly useful in computer science, especially in the field of cryptography. A "modular exponentiation" calculates the remainder when a positive integer b (the base) raised to the e-th power (the exponent), b^e, is divided by a positive integer m, called the modulus. In symbols, this is, given base b, exponent e, and modulus m, the modular exponentiation c is: For example, given b = 5, e = 3, and m = 13, the solution, c = 8, is the remainder of dividing by 13. If b, e, and m are non-negative, and b < m, then a unique solution c exists with the property 0 c < m. Modular exponentiation can be performed with a negative exponent e by finding the modular multiplicative inverse d of b modulo m using the extended Euclidean algorithm. That is: where e < 0 and IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 29

30 Modular exponentiation problems similar to the one described above are considered easy to do, even when the numbers involved are enormous. On the other hand, computing the discrete logarithm - that is, the task of finding the exponent e if given b, c, and m - is believed to be difficult. This one way function behavior makes modular exponentiation a candidate for use in cryptographic algorithms. STRAIGHTFORWARD METHOD The most straightforward method of calculating a modular exponent is to calculate b e directly, then to take this number modulo m. Consider trying to compute c, given b = 4, e = 13, and m = 497: One could use a calculator to compute 4 13 ; this comes out to 67,108,864. Taking this value modulo 497, the answer c is determined to be 445. Note that b is only one digit in length and that e is only two digits in length, but the value b e is 8 digits in length. In strong cryptography, b is often at least 256 binary digits (77 decimal digits). Consider b = and e = 17, both of which are perfectly reasonable values. In this example, b is 77 digits in length and e is 2 digits in length, but the value b e is 1,304 decimal digits in length. Such calculations are possible on modern computers, but the sheer magnitude of such numbers causes the speed of calculations to slow considerably. As b and e increase even further to provide better security, the value b e becomes unwieldy. The time required to perform the exponentiation depends on the operating environment and the processor. The method described above requires O(e) multiplications to complete MEMORY-EFFICIENT METHOD A second method to compute modular exponentiation requires more operations than the first method. Because the required memory is substantially less, however, operations take less time than before. The end result is that the algorithm is faster. This algorithm makes use of the fact that, given two integers a and b, the following two equations are equivalent: IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 30

31 The algorithm is as follows: 1. Set c = 1, e = Increase e by Set. 4. If e < e, goto step 2. Else, c contains the correct solution to. Note that in every pass through step 3, the equation holds true. When step 3 has been executed e times, then, c contains the answer that was sought. In summary, this algorithm basically counts up e by ones until e reaches e, doing a multiply by b and the modulo operation each time it adds one (to ensure the results stay small). Fermat theorem and Euler s theorem Two theorems that play important roles in public-key cryptography are Fermat s theorem and Euler s theorem. Fermat s Theorem Fermat s theorem states the following: If P is prime and is a positive integer not divisible by, then IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 31

32 An alternative form of Fermat s theorem is also useful: If is prime and is a positive integer, then Note that the first form of the theorem [Equation (8.2)] requires that be relatively prime to p, but this form does not. EULER S Theorem Euler s theorem states that for every and that are relatively prime: IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 32

33 Which completes the proof? This is the same line of reasoning applied to the proof of Fermat s theorem. IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 33

34 8. Textbook : William Stallings, Cryptography and Network security Principles and Practices, Pearson/PHI, 4th ed, PP no Application Network Security IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 34

35 Sri Vidya College of Engineering and Technology Department of Information Technology Class III IT Subject Code IT2352 Subject Cryptography network security Prepared By Vanaja B Lesson Plan for Time: 50 Minutes Lesson. No Unit 1 8 /10 1. Content List : Legendre and Jacobi Symbol 2. Skills Addressed: Description of Legendre and Jacobi Symbol 3. Objectives of this Lesson Plan: To enable students to understand Legendre and Jacobi Symbol 4. Outcome (s): Understanding the Legendre and Jacobi Symbol 5. Link Sheet: Define Jacobi Symbol Define Legendre symbol 6. Evocation: IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 35

36 7. Lecture Notes: Topics: Description of Legendre and Jacobi symbols Legendre and Jacobi Symbol The Jacobi symbol is a generalization of the Legendre symbol. Introduced by Jacobi in 1837, [1] it is of theoretical interest in modular arithmetic and other branches of number theory, but its main use is in computational number theory, especially primality testing and integer factorization; these in turn are important in cryptography. DEFINITION For any integer and any positive odd integer the Jacobi symbol is defined as the product of the Legendre symbols corresponding to the prime factors of : represents the Legendre symbol, defined for all integers and all odd primes by Following the normal convention for the empty product, The Legendre and Jacobi symbols are indistinguishable exactly when the lower argument is an odd prime, in which case they have the same value. PROPERTIES The following facts, even the reciprocity laws, are straightforward deductions from the definition of the Jacobi symbol and the corresponding properties of the Legendre symbol. [2] It should be noted that the Jacobi symbol is only defined when the upper argument ("numerator") is an integer and the lower argument ("denominator") is a positive odd integer. IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 36

37 1) If is (an odd) prime, then the Jacobi symbol is equal to (and written the same as) the corresponding Legendre symbol. 2) If then 3) If either the top or bottom argument is fixed, the Jacobi symbol is a completely multiplicative function in the remaining argument: 4), so 5), so The law of quadratic reciprocity: if m and n are odd positive coprime integers, then 6) and its supplements 7) 8) Like the Legendre symbol, If then is a quadratic nonresidue If is a quadratic residue and, then IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 37

38 But, unlike the Legendre symbol If then may or may not be a quadratic residue. This is because for a to be a residue (mod n) it has to be a residue modulo every prime that divides n, but the Jacobi symbol will equal one if for example a is a non-residue for exactly two of the primes which divide n. Although the Jacobi symbol can't be uniformly interpreted in terms of squares and nonsquares, it can be uniformly interpreted as the sign of a permutation by Zolotarev's lemma. The Jacobi symbol is a Dirichlet character to the modulus n 8. Textbook : William Stallings, Cryptography and Network security Principles and Practices, Pearson/PHI, 4th ed, Application Network Security IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 38

39 Sri Vidya College of Engineering and Technology Department of Information Technology Class III IT Subject Code IT2352 Subject Cryptography network security Prepared By Vanaja B Lesson Plan for Time: 50 Minutes Lesson. No Unit 1 9 /10 1. Content List : Finite fields continued fractions 2. Skills Addressed: Description of Finite fields and continued fractions 3. Objectives of this Lesson Plan: To enable students to understand Finite fields and continued fractions 4. Outcome (s): Understanding the Finite fields and continued fractions 5. Link Sheet: Define Finite fields Define continued fractions 6. Evocation: IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 39

40 7. Lecture Notes: Topics: Description of Finite fields and continued fractions A finite field or Galois field is a field that contains a finite number of elements. Finite fields are important in number theory,, cryptography,. The finite fields are classified by size; there is exactly one finite field up to isomorphism of size pk for each prime p and positive integer k. Each finite field of size q is the splitting field of the polynomial xq x, and thus the fixed field of the Frobenius endomorphism which takes x to xq. Similarly, the multiplicative group of the field is a cyclic group. Wedderburn's little theorem states that the Brauer group of a finite field is trivial, so that every finite division ring is a finite field. Finite fields have applications in many areas of mathematics and computer science, including coding theory, linear feedback shift registers (LFSRs), modular representation theory, and the groups of Lie type. Finite fields are an active area of research, including recent results on the Kakeya conjecture and open problems on the size of the smallest primitive root. The finite fields are classified as follows The order or number of elements, of a finite field is of the form pn, where p is a prime number called the characteristic of the field, and n is a positive integer. For every prime number p and positive integer n, there exists a finite field with pn elements. Any two finite fields with the same number of elements are isomorphic. That is, under some renaming of the elements of one of these, both its addition and multiplication tables become identical to the corresponding tables of the other one. This classification justifies using a naming scheme for finite fields that specifies only the order of the field. One notation for a finite field is Fp n. Another notation is GF(pn), where the letters "GF" stand for "Galois field". 8. Textbook : William Stallings, Cryptography and Network security Principles and Practices, Pearson/PHI, 4th ed, Application Network Security IT2352 CRYPTOGRAPHY AND NETWORK SECURITY Page 40