Cryptography and Network Security B. Voc.

SY
Cryptography & Network Security
UNIT II
2.1 What is Cryptography?
- Cryptography is the study of secure communications techniques that allow only the
sender and intended recipient of a message to view its contents.
- The term is derived from the Greek word kryptos, which means hidden.
- "Crypto" indicates "hidden," and "graphy" indicates "writing," respectively.
- Cryptography is a process that’s designed to protect networks and devices from external
threats.”
- The world of Cyber Security revolves around the industry standard of –
1) Confidentiality / Privacy - means data can be accessed only by authorized parties.
2) Integrity - means information can be added, altered, or removed only by authorized users;
and
3) Availability - means systems, functions, and data must be available on-demand according
to agreed-upon parameters.
- The techniques used in cryptography to secure data are based on mathematical principles
and a set of rule-based calculations known as algorithms to modify signals in a way that
makes them challenging to decode.
- The main element of Cryptography is the use of authentication mechanisms.

2.2 What is Plain Text and Cipher Text?

1. Plaintext :-
- Plain Text or clear-text, is any data or message written “normally” by a sender meant to
be interpreted by a receiver.
- Normal, meaning it can be understood by a human in plain language or as a line of
computer code. It’s called plaintext because it refers to the information in its “plain” state.

2. Cipher text:-
- Consequently, is any data/message in its scrambled state, unreadable by humans.
- A scrambled message is called an encrypted message in cryptography, the study of writing
and solving encoded messages.

Difference between Plain Text vs Cipher Text.

Category Plain Text Cipher Text

Original readable data in its natural Encrypted form of data, not easily
Definition
form. readable.
It can be understood and used Requires decryption to be
Accessibility
without decryption. understood.
Represents the actual content of the Represents an encrypted version
Representation
message. of the message
Prone to unauthorized access and Offers greater security against
Security
disclosure. breaches.
Input to encryption; output from Output of encryption; input for
Conversion
decryption. decryption.
Easily read and understood by Secure transmission and storage of
Purpose
humans. data.

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY

2.3 What is Encryption and Decryption?

Encryption is the process of converting normal message (plaintext) into meaningless message
(Ciphertext).
Decryption is the process of converting meaningless message (Ciphertext) into its original form
(Plaintext).
Secret writing is that the recovery of the first message from the encrypted information.

Diff. between encryption & Decryption

Parameter Encryption Decryption

It is a process of converting normal
It is a method of converting the
data into an unreadable form. It helps
What is unreadable/coded data into its
you to avoid any unauthorized access
original form.
to data
Whenever the data is sent between The receiver of the data automatically
Process two separate machines, it is encrypted allows you to convert the data from
automatically using a secret key. the codes into its original form.
Location of The person who is sending the data to The receiver receives the data and
Conversion the destination. converts it.
The manager is receiving the
An employee is sending essential
Example essential documents from his/her
documents to his/her manager.
employee.
The only single algorithm is used for
The same algorithm with the same
encryption and decryption with a pair
Use of Algorithm key is used for the encryption-
of keys where each use for encryption
decryption process.
and decryption.
Transforming humanly It is a conversion of an obscure
understandable messages into an message into an understandable form
Major function incomprehensible and obscure form which is easy to understand by a
that can not be interpreted. human.

2.4 Types of Cryptography?

There are three main types of cryptography:

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY

1. Symmetric Cryptography :
- Symmetric Encryption is the most basic and old method of encryption. It uses only one
key for the process of both the encryption and decryption of data. Thus, it is also
known as Single-Key Encryption.
- A few basic terms in Cryptography are as follows:

Plain Text: original message to be communicated between sender and receiver

Cipher Text: encoded format of the original message that cannot be understood by humans
Encryption (or Enciphering): the conversion of plain text to cipher text
Decryption (or Deciphering): the conversion of cipher text to plain text, i.e., reverse of encryption.

The Symmetric Cipher Model:

A symmetric cipher model is composed of five essential parts:

1. Plain Text (x): This is the original data/message that is to be communicated to the receiver by the
sender. It is one of the inputs to the encryption algorithm.
2. Secret Key (k): It is a value/string/textfile used by the encryption and decryption algorithm to
encode and decode the plain text to cipher text and vice-versa respectively. It is independent of the
encryption algorithm. It governs all the conversions in plain text. All the substitutions and
transformations done depend on the secret key.
3. Encryption Algorithm (E): It takes the plain text and the secret key as inputs and produces Cipher
Text as output. It implies several techniques such as substitutions and transformations on the plain text
using the secret key.
4. Cipher Text (y): It is the formatted form of the plain text (x) which is unreadable for humans, hence
providing encryption during the transmission. It is completely dependent upon the secret key provided
to the encryption algorithm. Each unique secret key produces a unique cipher text.
5. Decryption Algorithm (D): It performs reversal of the encryption algorithm at the recipient’s side.
It also takes the secret key as input and decodes the cipher text received from the sender based on the
secret key. It produces plain text as output.

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY

2. Asymmetric Cryptography:
“Asymmetric encryption algorithms use two different keys for encryption and decryption.
The key used for encryption is the public key, and the key used for decryption is the private key.”

- As you can see in the above image, using different keys for encryption and decryption has helped
avoid the problem of key exchange, as seen in the case of symmetric encryption.
- For example, if Alice wants to send a message to Bob, both keys must belong to private and public.

The process for the above image is as follows:

Step 1: Alice uses Bob’s public key to encrypt the message
Step 2: The encrypted message is sent to Bob
Step 3: Bob uses his private key to decrypt the message

Difference between Substitution Cipher Technique and Transposition

Cipher Technique:

S.NO Substitution Cipher Technique Transposition Cipher Technique

In substitution Cipher Technique, plain In transposition Cipher Technique, plain

1. text characters are replaced with other text characters are rearranged with
characters, numbers and symbols. respect to the position.

Substitution Cipher’s forms are: Transposition Cipher’s forms are: Key-

2. Mono alphabetic substitution cipher less transposition cipher and keyed
and poly alphabetic substitution transposition cipher.
cipher.

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY

S.NO Substitution Cipher Technique Transposition Cipher Technique

While in transposition Cipher

In substitution Cipher Technique,
Technique, The position of the
3. character’s identity is changed while
character is changed but character’s
its position remains unchanged.
identity is not changed.

In substitution Cipher Technique, The While in transposition Cipher

4. letter with low frequency can detect Technique, The Keys which are nearer
plain text. to correct key can disclose plain text.

The example of substitution Cipher is The example of transposition Cipher is

5. Caesar Cipher, monoalphabetic Rail Fence Cipher, columnar
cipher, and polyalphabetic cipher. transposition cipher, and route cipher.

Involves replacing plaintext letters or

Involves rearranging the order of the
groups of letters with ciphertext letters
6. plaintext letters or groups of letters
or groups of letters according to a
according to a specific algorithm or
specific algorithm or key.
key.

The frequency distribution of the

The frequency distribution of the
plaintext letters remains the same, but
plaintext letters is typically obscured,
7. the order is scrambled, making it
but patterns can still be detected with
difficult to detect patterns with
statistical analysis.
statistical analysis.

Vulnerable to frequency analysis attacks, Less vulnerable to frequency analysis

where the most commonly used letters or attacks, but still susceptible to attacks
8.
letter combinations in the language can such as brute force and known
be identified and used to deduce the key. plaintext attacks.

Relatively easy to understand and Can be more difficult to implement and

implement, making it suitable for simple understand, but can be more secure
9.
applications. than substitution ciphers for certain
applications.

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY

2.5 Substitution techniques

- Firstly, Substitution Techniques is a way of encrypting the message where characters or
symbols replaces the original plaintext.
- Substitution technique is a classical encryption approach where the characters present in
the initial message are restored by the other characters or numbers or by symbols.
- If the plain text (original message) is treated as the string of bits, thus the substitution
technique would restore bit pattern of plain text with the bit pattern of cipher text.

Plain Text: meet me tomorrow (Readable)

Cipher Text: phhw ph wrpruurz (Unreadable)

- Let us study in detail about these techniques.

1. Caesar Cipher
2. Monoalphabetic Cipher
3. Polyalphabetic Cipher

1) Caesar Cipher:
- Firstly, Caesar Cipher is the simplest substitution technique.
- Secondly, In this method to encrypt plaintext, each letter replaces itself by three places
further it.
- And to decrypt the cipher text each alphabet of cipher text is replaced by the alphabet
three places before it.

If you encrypt the plaintext “Hello” with a key of 3, then:

· The “H” becomes “K”.
· The letter “e” becomes “h”.
· The letter “l” becomes “o”.
· The letter “l” becomes “o”.
· The letter “o” becomes “r”.
Result – plain Text :- Hello  Cipher Text :- Khoor

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY

2 ) Mono-alphabetic Cipher
- A mono-alphabetic cipher (aka simple substitution cipher) is a substitution cipher where
each letter of the plain text is replaced with another letter of the alphabet.
- ones which were encoded using only one fixed alphabet.
- You can create the alphabets pattern as per your own way.
- It uses a fixed key which consist of the 26 letters of a “shuffled alphabet”.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Q W E R T Y U I O P A S D F G H J K L Z X C V B N M

- With the above key, all “A” letters in the plain text will be encoded to an “Q”.
- This type of cipher is a form of symmetric encryption as the same key can be used to
both encrypt and decrypt a message.
Plain Text
It is a dark time for the Rebellion.
Cipher Text
OZ OL Q RQKA ZODT YGK ZIT KTWTSSOGF.
3) Polyalphabetic Substitution Cipher
- Polyalphabetic Substitution cipher Algorithm was introduced by Giovan Battista Bellaso in
the year 1553, and its prominent examples are Vigenère cipher.
- We use multiple one-character keys, each key encrypts one plain-text character.
- It uses a Vigenere table or Vigenere square for encryption and decryption of the text.
- This first key encrypts the first plain-text character, the second the key encrypt the second
plain-text character and so on, after all, keys are used then they are recycled.
- When the vigenere table is given, the encryption and decryption are done using the
vigenere table (26 * 26 matrix) in this method.
- Example:
The plaintext is
"JAVATPOINT", key
is "BEST".
To generate a new key, the given key is repeated in a circular manner, as long as the length of
the plain text does not equal to the new key.

- The plaintext is "JAVATPOINT“ key is "BEST“ Keystream is “BESTBESTBE”

Encryption
- The first letter of the plaintext is combined with the first letter of the key.
- The column of plain text "J" and row of key "B" intersects the alphabet of "K" in the
vigenere table, so the first letter of ciphertext is "K".
- Similarly, the second letter of the plaintext is combined with the second letter of the key.
- Similarly, the second letter of the plaintext is combined with the second letter of the key. The
column of plain text "A" and row of key "E" intersects the alphabet of "E" in the vigenere
table, so the second letter of ciphertext is "E".
- This process continues continuously until the plaintext is finished.

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY

Plain text Keystream Vigenere Table (Cipher Text)

J B K
A E E
V S N
A T T
T B U
P E T
O S G
I T B
N B O
T E X
Decryption
- Decryption is done by the row of keys in the vigenere table.
- First, select the row of the key letter, find the ciphertext letter's position in that row, and
then select the column label of the corresponding ciphertext as the plaintext.
Plain Text : JAVATPOINT
Cipher Text : KENTUTGBOX

- For example, in the row of the key is "B" and the ciphertext is "K" and this ciphertext letter
appears in the column "J", that means the first plaintext letter is "J".
- Next, in the row of the key is "E" and the ciphertext is "E" and this ciphertext letter appears in
the column "A", that means the second plaintext letter is "A".
- This process continues continuously until the ciphertext is finished.

Cipher Text : KENTUTGBOX

Plain Text : JAVATPOINT

Cipher Text Keystream Plain Text

K B J
E E A
N S V
T T A
U B T
T E P
G S O
B T I
O B N
X E T

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY

2.6 Transposition Techniques:

- Transposition technique is an encryption method which is achieved by
performing permutation over the plain text.
- In cryptography, a transposition cipher (also known as a permutation cipher) is a method
of encryption which scrambles the positions of characters (transposition) without
changing the characters themselves
- Transposition technique executes permutation on the plain text to obtain the cipher text.
- Transposition Techniques
1. Rail Fence Transposition
2. Columnar Transposition
1) Rail Fence Cipher:
-The Rail Fence cipher is a form of transposition cipher that gets its name from the way in which
it is encoded.
- In the rail fence cipher, the plaintext is written downwards and diagonally on successive
"rails" of an imaginary fence, then moving up when we get to the bottom.
- The message is then read off in rows.
- The rail fence cipher is the simplest transposition cipher.
- The steps to obtain cipher text using this technique are as follow:
Step 1: The plain text is written as a sequence of diagonals.
Step 2: Then, to obtain the cipher text the text is read as a sequence of rows.
Plain Text: meet me Tomorrow
Now, we will write this plain text sequence wise in a diagonal form as you can see below:

Looking at the image, you would get it why it got named rail fence because it appears like the rail
fence.
Once you have written the message as a sequence of diagonals, to obtain the cipher text out of it you
have to read it as a sequence of rows.
So, reading the first row the first half of cipher text will be:

memtmro
Reading the second row of the rail fence, we will get the second half of the cipher text:

eteoorw
Now, to obtain the complete cipher text combine both the halves of cipher text and the complete
cipher text will be:
Cipher Text: M E M T M R O E T E O O R W
Rail fence cipher is easy to implement and even easy for a cryptanalyst to break this technique. So,
there was a need for a more complex technique.
Plain Text: meet me Tomorrow
Cipher Text: M E M T M R O E T E O O R W

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY

2) Columnar transposition:
In the middle of the 17th century, Samuel Morland introduced an early form of columnar transposition.
It was further development much later, becoming very popular in the later 19th century and 20th
century, with French military, Japanese diplomats and Soviet spies all using the principle.
In a columnar transposition, the message is written out in rows of a fixed length, and then read out
again column by column, and the columns are chosen in some scrambled order. Both the width
of the rows and the permutation of the columns are usually defined by a keyword.
For example, the keyword ”ZEBRAS” is of length 6 (so the rows are of length 6), and the
permutation is defined by the alphabetical order of the letters in the keyword.
In this case, the order would be "6 3 2 4 1 5".
Keyword : ZEBRAS
Plain Text : 'WE ARE DISCOVERED FLEE AT ONCE‘

Z E B R A S
1 2 3 4 5 6

Keyword : ZEBRAS
Plain Text : 'WE ARE DISCOVERED FLEE AT ONCE'
6 3 2 4 1 5
W E A R E D
I S C O V E
R E D F L E
E A T O N C
E

Cipher Text: EVLNA CDTES EAROF ODEEC WIREE

2.7 What is steganography?

Steganography is the technique of hiding data within an ordinary, nonsecret file or message to avoid
detection; the hidden data is then extracted at its destination. Steganography use can be combined with
encryption as an extra step for hiding or protecting data. The word steganography is derived from the
Greek word steganos, meaning "hidden or covered," and the Greek root graph, meaning "to write."
What are some examples of steganography?
Forms of steganography have been used for centuries and include almost any technique for hiding a
secret message in an otherwise harmless container. For example, using invisible ink to hide secret
messages in otherwise inoffensive messages; hiding documents recorded on microdot, which can be
as small as 1 millimeter in diameter; hiding messages on or inside legitimate-seeming correspondence;
and even using multiplayer gaming environments to share information.
How is steganography used today?
In modern digital steganography, data is first encrypted or obfuscated, and then inserted using a
special algorithm into data that is part of a particular file format, such as a JPEG image, audio or video
file. The secret message can be embedded into ordinary data files in many ways. One technique is to
hide data in bits that represent the same color pixels repeated in a row in an image file. By applying
the encrypted data to this redundant data in an inconspicuous way, the result is an image file that
appears identical to the original image, but has noise patterns of regular, unencrypted data.

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY
While there are many different uses of steganography, including embedding sensitive information into
file types, one of the most common techniques is to embed a text file into an image file. When done
correctly, anyone viewing the image file should not see a difference between the original image file
and the altered file; this is accomplished by storing the message with less significant bites in the data
file. This process can be completed manually or by using a steganography tool.

What are the advantages of steganography over cryptography?

Steganography is distinct from cryptography. Using both together can help improve the security of the
protected information and prevent detection of the secret communication. If steganographically hidden
data is also encrypted, the data might still be safe from detection -- though the channel will no longer
be safe from detection. There are advantages to using steganography combined with encryption over
encryption-only communication.
The primary advantage of using steganography to hide data over cryptography is that it helps obscure
the fact that sensitive data is hidden in the file or other content carrying the hidden text. Whereas an
encrypted file, message or network packet payload is clearly marked and identifiable as such, using
steganographic techniques helps to obscure the presence of a secure channel.

2.8 possible types of attacks

Terminology
Let's begin with a little bit of new terminology.
1) plaintext - text that has not been encrypted or simple text.
2) ciphertext - text that has been encrypted or secrete writing
3) cryptanalyst - person knowledgeable in breaking encryption without the key
4) cipher - a way of hiding the content and message of plaintext

1) Passive Attacks:
- Passive Attacks are the type of attacks in which, the attacker observes the content of messages or
copies the content of messages.
- Passive Attack is a danger to Confidentiality.
- Due to passive attack, there is no harm to the system.
- The most important thing is that in a passive attack, Victim does not get informed about the attack.

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY

2) Active Attacks:
- Active attacks are the type of attacks in which, the attacker efforts to change or modify the
content of messages.
- Active Attack is dangerous to Integrity as well as availability.
- Due to active attack system is always damaged and System resources can be changed.
- The most important thing is that, In an active attack, Victim gets informed about the attack.
-

1) Brute force attack

- Public and private keys play a significant role in encrypting and decrypting the data in a
cryptographic system.
- In a brute force attack, the cybercriminal tries various private keys to decipher an encrypted
message or data.
- Brute-force attacks involve trying every possible character combination to find the ‘key’ to
decrypt an encrypted message.
- While brute-force attacks may take a smaller amount of time for smaller keyspaces, it will
take an immeasurable amount of time for larger keyspaces.

Types of Attacks
Depending on the type of cryptographic system in place and the information available to the attacker,
these attacks can be broadly classified into types:
1) Passive Attacks
1) Ciphertext – Only Attack
2) Known Plain Text Attacks
2) Active Attacks
1) Chosen – Plaintext Attack
2) Chosen - Ciphertext Attacks

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY

1) Ciphertext-Only Attack (COA)

- The cryptanalysts doesn't have any of the plaintexts that went into the encryption algorithm,
they have no idea what plaintexts created the ciphertexts, and they are totally passive.
- In the ‘cipher-only’ attack, the attacker knows the ciphertext of various messages which have
been encrypted using the same encryption algorithm.
- The attacker’s challenge is to figure the ‘key’ which can then be used to decrypt all messages.
- The ‘cipher-only’ attack is probably one of the easiest attacks to commit since it is easy to
capture the ciphertext (by sniffing) but difficult to implement since the knowledge about the
encryption process is limited.

2) Known – Plaintext Attack (KPA)

- In this attack, the attacker/cryptanalysts know the plaintext that generates the ciphertext.
- They can't select the plaintext, but they can observe plaintext-ciphertext pairs.
- This attack has a significantly better chance of success than COA.
- In this attack technique, the cybercriminal finds or knows the plaintext of some portions of the
ciphertext using information gathering techniques.

3) Chosen - Plaintext Attack (CPA)

- In this attack, the attacker/cryptanalyst can select or choose the plaintext that is sent through
the encryption algorithm and observe the ciphertext that it generates.
- This is an active model where the attacker actually gets to chose the plaintext and do the
encryption.

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY
- The ‘chosen-plaintext’ attack is similar to the ‘known-plaintext’ attack, but here the attacker
experiments by choosing his own plaintext for a ‘Vignere cipher’ and with the generated
ciphertext he can figure the ‘key’.
- Once he figures the ‘key’ he can learn more about the whole encryption process and understand
how the ‘key’ is being used.
- With this information, he can decrypt other messages.

4) Chosen – Ciphertext Attack (CCA)

- In this attack, the attacker can both encrypt and decrypt.
- This means that they can select plaintext, encrypt it, observe the ciphertext and then reverse the
entire process.
- In this attack model, the cybercriminal analyzes a chosen ciphertext corresponding to its
plaintext.
- The attacker tries to obtain a secret key or the details about the system.
- By analyzing the chosen ciphertext and relating it to the plaintext, the attacker attempts to
guess the key.

Preventing cryptography attacks

To prevent cryptography attacks, it is essential to have a strong cryptographic system in place.
Some of the ways to achieve this are:
1. Regularly update the cryptographic algorithms and protocols to ensure they are not obsolete.
2. Ensure that the data is appropriately encrypted so that even if it falls into the wrong hands, it
will be unreadable.
3. Use strong and unique keys for encryption.
4. Store the keys in a secure location.
5. Ensure that the cryptographic system is implemented correctly.
6. Regularly test the system for vulnerabilities.
7. Educate employees about cryptography attacks and how to prevent them.

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY

2.9 Key Size and Key Length

Symmetric, or secret key encryption, uses a single key for both encryption and decryption. Symmetric
key encryption is used to encrypt large amounts of data efficiently.
Advanced Encryption Standard (AES) keys are symmetric keys that can be three different key lengths
(128, 192, or 256 bits). AES is the encryption standard that is recognized and recommended by the US
government. The 256-bit keys are the longest allowed by AES. By default, IBM Security Key
Lifecycle Manager generates 256-bit AES keys.
Asymmetric, or public/private encryption, uses a pair of keys. Data encrypted using one key can only
be decrypted by using the other key in the public/private key pair. When an asymmetric key pair is
generated, the public key is typically used to encrypt, and the private key is typically used to decrypt.
Key length (a.k.a. key size) is the number of bits of a key used to encrypt a message. The length on its
own is not a measure of how secure the ciphertext is. However, for secure ciphers, the longer the key
the stronger the encryption.

Why does the key size matter in cryptography?

The security of a cipher does not depend on the attacker not knowing the algorithm that was used for
encryption. The security depends on how hard it is, mathematically, to break the code.
There are two main types of attacks to a cipher: brute force and cryptanalysis.
Let’s analyse the impact of the key size on a brute force attack.
Key size impact in a brute force attack
In a brute force attack, the attacker will generate all possible keys and try each of them until one is
successful. Therefore, the more possible keys, the better.
For instance, the Caesar cipher, is a substitution/shift cipher that substitutes each letter in the plain
message for the letter that is n positions after. n is known as the shift or the key. For instance, if the
key is 3, ‘a’ is substituted by ‘d’ because ‘d’ is three positions after ‘a’ in the alphabet.
Because the alphabet has 26 letters, there are only 26 possible keys to use with this cipher. So, it is
very easy to try all the keys and break the code if you know how to read the text that was encrypted.
Other ciphers use a key of a specific length, for instance, 128 bits. A bit is a basic unit used in
computers and can have only two values, 1 or 0.
So, how many keys we can have if we use 128 bits, and each bit can have two values? This is a classic
counting problem.
We can choose the first bit in 2 ways, the second also in two ways, and so on until the last one. Here,
we apply the multiplication rule to calculate the total number of ways.
2 x 2 x 2 x … x 2 = 2^128 = 340282366920938463463374607431768211456L
This is quite a long number.
Because it is computationally infeasible to calculate the previous number of keys in our current
computers, a brute force attack that must try all the possible keys is not practical.

Keys in symmetric cryptography

The current standard for symmetric cryptography is the Advanced Encryption Standard (AES)
algorithm.
AES is a block cipher.
The key sizes approved as secure for AES are 128, 192, and 512 bits.

Keys in asymmetric cryptography

Asymmetric cryptography key strength is based on the complexity of integer factorization. This
problem is hard to solve (it needs a lot of time) but it takes less time than a brute force attack. For this
reason, asymmetric cryptographic algorithms need a longer key size to have a similar level of security
than symmetric cryptographic algorithms.
The key sizes approved for the use of AES are 128, 192, and 256.
In the case of RSA, the key size recommended by NIST is a minimum of 2048 bits.

Asst. Prof. S.B. Munde COCSIT Latur

Cryptography and Network Security B. Voc. SY
The family of elliptic curve cryptography (ECC) algorithms has been proved to achieve a similar level
of security with smaller key sizes.

How long is a public key?

The length of a public key depends on the algorithm that is being used. Find below a table with
possible key lengths for public keys.

Algorithm Key size

1024, 2048,
RSA
4096

Elliptic Curve 256, 384, 512

Diffie-Hellman 2048

Elgamal 1024
Length of a public key according to the chosen algorithm
There are recommendations of what key size to use depending on the level of security that you need.
For instance, NIST recommends the use of 2048 bit key size when using RSA since 2015. Before that,
1024 was the recommended key size.

Recommended algorithms and key lengths

Find below a table with the recommended key size for different algorithms.

Algorithm Recommended key size

AES 128

RSA 2048, 3072, 7680

Elliptic Curve 256, 384

DSA 2048, 3072, 6770

Diffie-Hellman 2048, 3072, 6770

Recommended key size for the most used cryptographic algorithms

In certain cases, it is recommended to use AES with a key size equal to or greater than 192. Therefore,
it is important to see the regulations related to certain information security policies.
All the algorithms in the table above are secure. So, the higher the key size the strongest the security.

Asst. Prof. S.B. Munde COCSIT Latur