e

ir
es
D

Cryptography
u
Ed

&
Network Security
This pdf is only designed for B.Tech students of all Engineering Colleges affiliated
with Dr APJ Abdul Kalam Technical University.
This pdf provides help in the exam time for a quick revision in sorting the time.

Compiled by

Sanjeev Yadav

Edu Desire
Computer & Technology

The More You Practice, The Better You Get.

Follow me

EduDesire 1
 e
ir
es
D
Security Attack:
u
Ed

● A security attack is any attempt to gain unauthorised access,

disrupt, damage, or steal data from a computer system or
network.
● Attackers can be motivated by a variety of factors, such as
financial gain, revenge, or political activism.

Types of security attacks: There are many different types of security

attacks, but some of the most common include:
1. Malware: This is malicious software that can be installed on a
computer system without the user's knowledge or consent.
Malware can steal data, disrupt operations, or even take control
of the system.

2. Phishing: This is a type of social engineering attack that tries to

trick the victim into revealing personal information, such as
passwords or credit card numbers. Phishing attacks often use
emails or text messages that appear to be from a legitimate
source, such as a bank or credit card company.

3. Man-in-the-middle attacks: This type of attack occurs when

an attacker intercepts communication between two parties. The
attacker can then eavesdrop on the conversation or even modify
the data being exchanged.

4. Denial-of-service attacks: This type of attack attempts to

make a computer system or network unavailable to legitimate
users. Denial-of-service attacks can be launched by flooding the
system with traffic or by exploiting vulnerabilities in the
system's software.

How to protect yourself from security attacks: There are a number

of things you can do to protect yourself from security attacks, such as:
● Use strong passwords and change them regularly.
● Be careful about what information you share online.

EduDesire 2
 e
ir
es
D
● Only download software from trusted sources.
u
Ed

● Be wary of emails and text messages from unknown senders.

● Install and keep up-to-date antivirus and anti-malware
software.
● Use a firewall to protect your computer from unauthorised
access.
● Back up your data regularly.

Security Services:
These are essentially the desired security outcomes you seek to
achieve. They define the objectives and what needs to be protected.
Think of them as the "what" in cybersecurity.

Here are some common security services:

● Confidentiality: Ensuring that only authorised individuals have
access to sensitive information. Imagine a locked treasure chest
– only those with the key can access the valuables inside.

● Integrity: Maintaining the accuracy and completeness of data.

This is like having a tamper-proof document that guarantees the
information hasn't been meddled with.

● Availability: Guaranteeing that authorised users have timely

and reliable access to systems and data. It's like having a reliable
bridge that's always open for authorised users to cross.

EduDesire 3
 e
ir
es
D
● Non-repudiation: Proving that a specific action was taken by a
u
Ed

particular entity. Think of a digital signature that verifies the

origin and authenticity of a document.

● Authentication: Verifying the identity of a user or device before

granting access. It's like having a secure checkpoint where only
authorised individuals can pass through.

● Authorization: Defining and enforcing access control rules,

specifying who can do what with the system and data. Imagine a
well-defined set of permissions that determines who gets to
open specific drawers in the treasure chest.

Security Mechanisms:
These are the tools and techniques used to implement the desired
security services. They're the "how" in cybersecurity. Think of them as
the specific locks, alarms, and security personnel that safeguard the
treasure chest.

Here are some common security mechanisms:

● Cryptography: Encrypting data to render it unreadable to
unauthorised individuals. It's like using a secret code to
scramble the information in the treasure chest.

● Firewalls: Filtering incoming and outgoing network traffic to

block unauthorised access and malicious activity. Imagine a
fortified wall with guards who scrutinise everyone entering and
leaving.

EduDesire 4
 e
ir
es
D
● Intrusion Detection/Prevention Systems (IDS/IPS):
u
Ed

Monitoring systems and networks for suspicious activity and

taking corrective actions to prevent attacks. Think of them as
security cameras and alarms that detect and deter intruders.

● Access Control Lists (ACLs): Defining who has access to

specific resources and what actions they can perform. Imagine a
detailed list specifying who has the keys to which drawers in the
treasure chest.

● Multi-factor Authentication (MFA): Requiring multiple factors

for authentication, such as a password and a one-time code, to
make it more difficult for attackers to gain access. Imagine
needing both a key and a fingerprint scan to open the treasure
chest.

What is Encryption?
Encryption is a process of cryptography. It is used to keep the user's data
secret. This is a method that is used to convert data and information into
secret codes called ciphertext. Cipher text is a text that no one can
understand and the original data that we have is called plain text that
everyone can read and understand.
1. The main purpose of encryption is to keep the data secure.
2. To read encrypted data you must have a public key.

What is Decryption?
Decryption is a process of cryptography. It is used to decrypt encrypted
data. Decrypted data or original data is called plain text. That is,
converting Ciphertext to plain text is called Decryption. To convert
Cipher text to plain text we need a key so that we can convert the data
into readable form.

EduDesire 5
 e
ir
es
D
Types of Encryption
u
Ed

● Symmetric Encryption
● Asymmetric Encryption

What is Asymmetric Cryptography?

● Asymmetric Cryptography is also known as Public-key
cryptography or Asymmetric Encryption.
● It uses a key pair to encrypt or decrypt the data. In a key pair, one
is a public key and the other one is a private key.
● The public key is shared with anyone interested in communication
and a private key is kept secret.

What is Symmetric Cryptography?

● Symmetric Cryptography uses only one key which is used for
encryption and decryption at both sender and receiver ends.
● Both sender and receiver should have this key, which should only
be known to them.

EduDesire 6
 e
ir
es
D
Public key: Key which is known to everyone. Ex-public key of A is 7, this
u
Ed

information is known to everyone.

Private key: Key which is only known to the person who’s private key it
is.
Authentication: Authentication is any process by which a system verifies
the identity of a user who wishes to access it.
Non- repudiation: Non-repudiation means to ensure that a transferred
message has been sent and received by the parties claiming to have sent
and received the message. Non-repudiation is a way to guarantee that the
sender of a message cannot later deny having sent the message and that
the recipient cannot deny having received the message.
Integrity– to ensure that the message was not altered during the
transmission.
Message digest: The representation of text in the form of a single string
of digits, created using a formula called a one way hash function.
Encrypting a message digest with a private key creates a digital signature
which is an electronic means of authentication..

Cryptography and Network Security Attacks:

In cryptography, attacks are of two types such as Passive attacks and
Active attacks.

1. Active Attacks:
● Active attacks are the type of attacks in which, The attacker makes
efforts to change or modify the content of messages.
● Active Attack is dangerous to Integrity as well as availability.
● Due to active attack systems are always damaged and System
resources can be changed.
● The most important thing is that, In an active attack, Victim gets
informed about the attack.

EduDesire 7
 e
ir
es
D
u
Ed

2. Passive Attacks:
● Passive Attacks are the type of attacks in which, The attacker
observes the content of messages or copies the content of
messages.
● Passive Attack is a danger to Confidentiality.
● Due to passive attack, there is no harm to the system.
● The most important thing is that In a passive attack, Victim does
not get informed about the attack.

Difference between Active Attack and Passive Attack:

Active Attack Passive Attack

While in a passive attack,

In an active attack, Modification
Modification in the information
in information takes place.
does not take place.

EduDesire 8
 e
ir
es
D
u

Active Attack is a danger to Passive Attack is a danger to

Ed

Integrity as well as availability. Confidentiality.

In an active attack, attention is While in passive attack attention

on prevention. is on detection.

Due to active attacks, the

While due to passive attack,
execution system is always
there is no harm to the system.
damaged.

While in a passive attack, Victim

In an active attack, Victim gets
does not get informed about the
informed about the attack.
attack.

In an active attack, System While in passive attack, System

resources can be changed. resources are not changing.

While passive attacks are

In an active attack, information
performed by collecting
collected through passive
information such as passwords,
attacks is used during execution.
and messages by themselves.

Can be easily detected. Very difficult to detect.

The purpose of an active attack The purpose of a passive attack

is to harm the ecosystem. is to learn about the ecosystem.

In an active attack, the original In passive attack original

information is modified. information is Unaffected.

The duration of an active attack The duration of a passive attack

is short. is long.

EduDesire 9
 e
ir
es
D
u
The prevention possibility of The prevention possibility of
Ed

active attack is High passive attack is low.

Complexity is High Complexity is low.

Steganography:
● Steganography is like hiding a secret message in plain sight.
● Instead of encrypting the message, you hide it within another
seemingly innocent file, like an image, audio file, or even a text
document.
● The goal is to conceal the existence of the message, making it
difficult for others to detect.

Here's a simple explanation:

1. Concealing Information: Imagine you want to send a secret
message. Instead of making it look like a secret code, you hide it
within something normal, like a picture of a cat.

2. Using a Cover File: This normal file (like the cat picture) is called
the "cover file." You then embed your secret message into this file
without changing how it looks or sounds much.

EduDesire 10
 e
ir
es
D
3. Steganographic Tools: Special tools or techniques are used to
u
Ed

embed the secret message and later extract it. These tools make tiny,
subtle changes to the cover file that are hard to notice.

4. Types of Steganography: There are different types of

steganography. In image steganography, the colour of certain pixels
might be adjusted slightly to hide the message. In audio
steganography, it might involve changing the volume of certain
frequencies.

5. Decoding the Message: The person who knows the technique or

has the right tools can then retrieve the hidden message from the
cover file without anyone else knowing.

6. Applications: Steganography has various uses. It's not always about

hiding secret spy messages; it can also be used to protect digital
watermarks, verify file integrity, or ensure the authenticity of images.

We’ll Discuss Two Cryptographic Encryption Techniques:

● Stream Ciphers
● Block Ciphers:

Introduction to Ciphers
● Cryptography generally protects a system from cyber attackers by
securing communication between two systems.
● A cryptographic process starts with a given plaintext.
● We generate an encrypted ciphertext from the given plaintext
using an encryption algorithm.
● In order to get back the original plaintext message, we utilise a
decryption algorithm:

EduDesire 11
 e
ir
es
D
u
Ed

The encryption and decryption algorithms are known as ciphers in

cryptography. Ciphers use keys in order to encrypt and decrypt
messages. Based on the usage of the key, we can divide ciphers into two
broad categories: symmetric and asymmetric.

1. Stream Cipher
● Stream cipher comes under the category of the symmetric cipher. It
encrypts a given plain text to a cipher text using a secret key.
● It utilises a key (128/256 bits) and a nonce digit (64-128 bits) to
convert the plaintext to ciphertext. Both the key and nonce digit
creates a keystream of pseudorandom bits. Additionally, it uses
time-varying transformations on the given plaintext and works
bit-by-bit basics.
● Finally, we perform the XOR operation between each bit of
keystream and plaintext in order to generate the ciphertext:

We repeat this whole process for all the bits of the plaintext.
Additionally, it’s essential not to use the same key and nonce
combination throughout the process. Using the same combination can
result in a duplicate keystream.

EduDesire 12
 e
ir
es
D
u
Ed

Examples of stream cipher include ChaCha20, Salsa20, A5/1, and RC4.

● Let’s assume the first alphabet of the plaintext is D.
● The binary equivalent of the letter D based on the ASCII table is
01000100.
● Additionally, the given keystream for encryption and decryption is
11001100.
● Now in order to produce the ciphertext, we need to perform an
XOR operation between plaintext and keystream.
● Hence, the ciphertext for this particular example will be 10001000.
● We can regenerate the original plaintext by performing an XOR
operation between ciphertext and keystream.

2. Block Cipher:
● Like a stream cipher, a block cipher encrypts a block of given
plaintext using a key and a cryptographic algorithm.
● In contrast to a stream cipher, a block cipher takes fixed-size
blocks of plaintext and produces fixed-size blocks of ciphertext.
● Generally, the size of the plaintext blocks is either 64 or 128 bits:

A block cipher utilises a symmetric algorithm and key during the

encryption-decryption process. Additionally, it uses an initialization
vector generated with a random number generator. The initialization
vector and the symmetric secret key are added in the first plaintext
block. Adding the initialization vector ensures we can’t regenerate the
secret key with a brute force process. Additionally, it provides no
duplication among the subsequent ciphertext blocks.

Differences between stream and block ciphers:

EduDesire 13
 e
ir
es
D
u
Ed

Stream Cipher Block Cipher

Takes one byte of Plaintext at a Takes one block of Plaintext at a

time. time.

Need less time hence simple. Need more time hence complex.

Uses exactly 8 bits. Uses 64 or more bits.

Utilise substitution methods. Utilise transposition methods.

No probability of redundency. Redundancy might occur.

Required less code for Requires more code for

implementation. implementation.

Use one key for one time. One key can be used multiple
times.

Suitable for implementation in Suitable for implementation in

hardware. Software.

Faster than block cipher. Slower than stream cipher.

Easy to reverse encryption text. Difficult to reverse encryption

text.

Some Example: RC4, A5/1 Some Example: DES, AES

Block Cipher modes of Operation: There are several modes of

operations for a block cipher.
1. Electronic Code Book (ECB):
● Electronic code books are the easiest block cipher mode of
functioning.
● It is easier because of direct encryption of each block of input
plaintext and output is in the form of blocks of encrypted
ciphertext.
● Generally, if a message is larger than b bits in size, it can be broken
down into a bunch of blocks and the procedure is repeated.

EduDesire 14
 e
ir
es
D
u
Ed

2. Cipher Block Chaining:

● Cipher block chaining or CBC is an advancement made on ECB
since ECB compromises some security requirements.
● In CBC, the previous cipher block is given as input to the next
encryption algorithm after XOR with the original plaintext block.
● In a nutshell here, a cipher block is produced by encrypting an XOR
output of the previous cipher block and present plaintext block.

EduDesire 15
 e
ir
es
D
u
Ed

3. Cipher Feedback Mode (CFB):

● In this mode the cipher is given as feedback to the next block of
encryption with some new specifications: first, an initial vector IV
is used for first encryption and output bits are divided as a set of s
and b-s bits.
● The left-hand side s bits are selected along with plaintext bits to
which an XOR operation is applied.
● The result is given as input to a shift register having b-s bits to lhs,s
bits to rhs and the process continues.

EduDesire 16
 e
ir
es
D
u
Ed

4. Output Feedback Mode

● The output feedback mode follows nearly the same process as the
Cipher Feedback mode except that it sends the encrypted output
as feedback instead of the actual cipher which is XOR output.
● In this output feedback mode, all bits of the block are sent instead
of sending selected s bits.
● The Output Feedback mode of block cipher holds great resistance
towards bit transmission errors. It also decreases the dependency
or relationship of the cipher on the plaintext.

EduDesire 17
 e
ir
es
D
u
Ed

5. Counter Mode:
● The Counter Mode or CTR is a simple counter-based block cipher
implementation.
● Every time a counter-initiated value is encrypted and given as
input to XOR with plaintext which results in a ciphertext block.
● The CTR mode is independent of feedback use and thus can be
implemented in parallel.

EduDesire 18
 e
ir
es
D
u
Ed

Shannon’s Theory of Confusion and Diffusion:

Confusion and diffusion are both properties for creating a secure cipher.

What is Confusion?
● Confusion is a cryptographic mechanism that is utilised to increase
the obscurity of the ciphertext.
● In simple words, the technique assures that the ciphertext has no
information about the plaintext.
● The confusion technique keeps the relationship between the
encrypted text's statistics and the encryption key's value as
complex as possible.

EduDesire 19
 e
ir
es
D
● Even if the attacker gains some control over the ciphertext's
u
Ed

statistics, he will be unable to determine the secret because the

method by which the key was used to generate the ciphertext is so
complex.
● Confusion may be created by employing substitution and a
complicated scrambling algorithm that is dependent on the key
and the input (plaintext).

What is Diffusion?
● Diffusion may be used to define the property that the repetition in
the plaintext statistics "dissipates" in the ciphertext statistics.
● In diffusion, the output bits must be challengingly dependent on
the input bits so that if the plaintext is modified by only one bit,
the ciphertext must change in an unanticipated or unreliable way.
● The statistical technique of the plaintext is utilized up into
high-range data of the ciphertext during diffusion.
● It is achieved by influencing the value of some ciphertext digits
with each plaintext digit, and it is frequently similar to having
certain plaintext digits impact each ciphertext digit.

Differences between Confusion and Diffusion:

Features Confusion Diffusion

Definition It is a cryptography It is employed to generate

technique utilised to cryptic plain texts.
create vague ciphertext.

Achieved It is achieved via the It is achieved via the

through substitution technique. transposition technique.

Seeks to The relationship between The plain text's statistical

the ciphertext statistics structure is dispersed into
and the encryption key the ciphertext's
value is complicated. long-range statistics.

Used by It utilises only block It utilises both stream and

ciphers. block cipher.

EduDesire 20
 e
ir
es
D
u
Modifications If one bit in secret is If one image within the
Ed

changed, most bits in the plain text changes, most

cipher text will be images within the cipher
changed. text will also change.

Resultant Vagueness is increased Redundancy is increased

Relations It conceals the relation It conceals the relation

between the key and the between the plaintext and
ciphertext. the ciphertext.

What is DES Algorithm?

● At the start of the 1970s, the IBM team created a symmetric-key
cipher block algorithm known as DES (Data Encryption Standard)
Algorithm.
● The term symmetric key means that the same key is used for
encryption & decryption of plain text or message.
● The National Institute of Standards and Technology (NIST) later
adopted this algorithm.

The DES algorithm takes the plain text of 64-bit as input & produces a
ciphertext of 64-bit using a key of 56 bits. Initially, a 64-bit key length is
used but an 8-bit is discarded.

The Data Encryption Standard (DES) was discovered vulnerable to

powerful attacks and hence DES has slightly declined in use. The 56-bit
key length used in DES makes it unsafe against cyber attacks like brute
force because the 56-bit key length requires 2^56 attempts for an attacker
to find the correct key, which is not enough to protect sensitive data
against brute-force attacks with modern computers. So, in May 2005, the
Data Encryption Standards (FIPS 46-3) was officially withdrawn.

How does the DES Algorithm work?

EduDesire 21
 e
ir
es
D
DES is a Feistel Block Cipher implementation, known as LUCIFER. It uses
u
Ed

a Feistel structure with 16 rounds, where a different key is used for each
round.

The DES algorithm steps are given below:

1. The process begins by giving 64-bit plain text as input to an initial
permutation function (IP).
2. The initial permutation (IP) is then carried out on plain text.
3. The initial permutation (IP) generates two halves of the permuted
block, known as RPT (Right Plain Text) and LPT (Left Plain Text).
4. Each Left Plain Text (LPT) and Right Plain Text (RPT) is encrypted
through 16 rounds.
5. This encryption process consists of five stages:
a. Key Transformation
b. Expansion permutation
c. S-box permutation
d. P-box permutation
e. XOR & Swap

EduDesire 22
 e
ir
es
D
6. Finally Left Plain Text (LPT) is combined with Right Plain Text
u
Ed

(RPT). After that, on the newly combined block generated, a final

permutation is performed.
7. The output of this process will produce a 64-bit ciphertext.

The method of encryption uses the same algorithm, but it is done in

reverse order of the same key as the DES algorithm is the symmetric key
algorithm.

AES Algorithm (Advanced Encryption Standard):

● AES stands for Advanced Encryption Standard and is a majorly
used symmetric encryption algorithm.
● It is mainly used for encryption and protection of electronic data.
● It was used as the replacement of DES(Data encryption standard)
as it is much faster and better than DES.
● AES consists of three block ciphers and these ciphers are used to
provide encryption of data.

AES was developed by NIST(National Institute of Standards and

Technology) in 1997. It was developed to replace DES which was slow and
vulnerable to various attacks. So, therefore, a new encryption algorithm
was made to overcome the shortcomings of DES. AES was then published
on 26th November 2001.

Characteristics
● AES has keys of three lengths which are of 128, 192, 256 bits.
● It is flexible and has implementations for software and hardware.

EduDesire 23
 e
ir
es
D
● It provides high security and can prevent many attacks.
u
Ed

● It doesn’t have any copyright so it can be easily used globally.

● It consists of 10 rounds of processing for 128 bit keys.

Advantages
● It can be implemented on both hardware and software.
● It provides high security to the users.
● It provides one of the best open source solutions for encryption.
● It is a very robust algorithm.

Disadvantages
● It requires many rounds for encryption.
● It is hard to implement software.
● It needs much processing at different stages.
● It is difficult to implement when performance has to be considered.

Working of the cipher : AES performs operations on bytes of data rather

than in bits. Since the block size is 128 bits, the cipher processes 128 bits
(or 16 bytes) of the input data at a time.

The number of rounds depends on the key length as follows :

● 128 bit key – 10 rounds
● 192 bit key – 12 rounds
● 256 bit key – 14 rounds

Creation of Round keys: A Key Schedule algorithm is used to calculate

all the round keys from the key. So the initial key is used to create many
different round keys which will be used in the corresponding round of
the encryption.

EduDesire 24
 e
ir
es
D
u
Ed

Encryption : AES considers each block as a 16 byte (4 byte x 4 byte = 128 )

grid in a column major arrangement.

[ b0 | b4 | b8 | b12 |
| b1 | b5 | b9 | b13 |
| b2 | b6 | b10| b14 |
| b3 | b7 | b11| b15 ]

Each round comprises of 4 steps :

● SubBytes
● ShiftRows
● MixColumns
● Add Round Key
The last round doesn’t have the MixColumns round.

The SubBytes does the substitution and ShiftRows and MixColumns

performs the permutation in the algorithm.

EduDesire 25
 e
ir
es
D
SubBytes : This step implements the substitution.
u
Ed

In this step each byte is substituted by another byte. Its performed using
a lookup table also called the S-box. This substitution is done in a way
that a byte is never substituted by itself and also not substituted by
another byte which is a complement of the current byte. The result of
this step is a 16 byte (4 x 4 ) matrix like before.
The next two steps implement the permutation.

ShiftRows:
This step is just as it sounds. Each row is shifted a particular number of
times.
● The first row is not shifted
● The second row is shifted once to the left.
● The third row is shifted twice to the left.
● The fourth row is shifted thrice to the left.
(A left circular shift is performed.)

[ b0 | b1 | b2 | b3 ] [ b0 | b1 | b2 | b3 ]
| b4 | b5 | b6 | b7 | -> | b5 | b6 | b7 | b4 |
| b8 | b9 | b10 | b11 | | b10 | b11 | b8 | b9 |
[ b12 | b13 | b14 | b15 ] [ b15 | b12 | b13 | b14 ]

MixColumns:
This step is basically a matrix multiplication. Each column is multiplied
with a specific matrix and thus the position of each byte in the column is
changed as a result.

This step is skipped in the last round.

[ c0 ] [ 2 3 1 1 ] [ b0 ]
| c1 | = |1 2 3 1| | b1 |
| c2 | |1 1 2 3| | b2 |
[ c3 ] [3 1 1 2] [ b3 ]

EduDesire 26
 e
ir
es
D
Add Round Keys : Now the resultant output of the previous stage is
u
Ed

XOR-ed with the corresponding round key. Here, the 16 bytes is not
considered as a grid but just as 128 bits of data.

After all these rounds 128 bits of encrypted data is given back as output.
This process is repeated until all the data to be encrypted undergoes this
process.

Decryption :
The stages in the rounds can be easily undone as these stages have an
opposite to it which when performed reverts the changes.Each 128
blocks goes through the 10,12 or 14 rounds depending on the key size.

The stages of each round in decryption is as follows :

● Add round key
● Inverse MixColumns
● ShiftRows
● Inverse SubByte

EduDesire 27
 e
ir
es
D
The decryption process is the encryption process done in reverse so i will
u
Ed

explain the steps with notable differences.

Inverse MixColumns :
This step is similar to the MixColumns step in encryption, but differs in
the matrix used to carry out the operation.
[ b0 ] [ 14 11 13 9 ] [ c0 ]
| b1 | = | 9 14 11 13 | | c1 |
| b2 | | 13 9 14 11 | | c2 |
[ b3 ] [ 11 13 9 14 ] [ c3 ]

Inverse SubBytes :
Inverse S-box is used as a lookup table and using which the bytes are
substituted during decryption.

Applications:
AES is widely used in many applications which require secure data
storage and transmission. Some common use cases include:

● Wireless security: AES is used in securing wireless networks, such

as Wi-Fi networks, to ensure data confidentiality and prevent
unauthorised access.
● Database Encryption: AES can be applied to encrypt sensitive
data stored in databases. This helps protect personal information,

EduDesire 28
 e
ir
es
D
financial records, and other confidential data from unauthorised
u
Ed

access in case of a data breach.

● Secure communications: AES is widely used in protocols such as
internet communications, email, instant messaging, and
voice/video calls.It ensures that the data remains confidential.
● Data storage: AES is used to encrypt sensitive data stored on hard
drives, USB drives, and other storage media, protecting it from
unauthorised access in case of loss or theft.
● Virtual Private Networks (VPNs): AES is commonly used in VPN
protocols to secure the communication between a user’s device and
a remote server. It ensures that data sent and received through the
VPN remains private and cannot be deciphered by eavesdroppers.
● Secure Storage of Passwords: AES encryption is commonly
employed to store passwords securely. Instead of storing plaintext
passwords, the encrypted version is stored. This adds an extra
layer of security and protects user credentials in case of
unauthorised access to the storage.
● File and Disk Encryption: AES is used to encrypt files and folders
on computers, external storage devices, and cloud storage. It
protects sensitive data stored on devices or during data transfer to
prevent unauthorised access.

Difference Between AES vs DES:

Basis For DES (Data Encryption AES (Advanced

Comparison Standard) Encryption Standard)

Basic The data block in DES is The entire block in AES is

split into two halves. processed as a single
matrix.

Principle It works on Feistel Cipher The substitution and

structure. permutation principles are
used in AES.

Year of DES (Data Encryption The AES (Advanced

Creation Standard) creation year is Encryption Standard)
1976. creation year is 1999.

EduDesire 29
 e
ir
es
D
u
Designed By DES (Data Encryption AES (Advanced
Ed

Standard) was designed by Encryption Standard) was

IBM. designed by Vincent
Rijmen and Joan Daeman.

Rounds 16 rounds 10 rounds for 128-bit algo

12 rounds for 192-bit algo
14 rounds for 256-bit algo

Speed DES is slower than AES. AES is faster than DES.

Security Because DES uses a Because AES uses a large

smaller key, it is less secret key, it is more
secure. secure.

Key size In comparison to AES, the In comparison to DES, AES

key size of DES is lower. has a larger key size,

Rounds Expansion Permutation, Subbytes, Shiftrow, Mix

Names Xor, S-box, P-box, Xor and columns, Add round keys.
Swap.

Plaintext Plaintext is 64 bits. Plaintext can be of 128,192,

or 256 bits.

Identified Linear crypt-analysis, There is no identified

Attacks Differential attack.
crypt-analysis, and
Brute-force.

Block Size 128 bits 64 bits

Originate DES originates from the AES originates from the

From Lucifer cipher. square cipher.

EduDesire 30
 e
ir
es
D
Double DES:
u
Ed

● Double DES is an encryption approach which uses two examples of

DES on the same plain text. In both examples it provides different
keys to encode the plain text. Double DES is easy to learn.
● Double DES uses two keys, such as k1 and k2.
● It can implement DES on the original plain text using k1 to get the
encrypted text.
● It can implement DES on the encrypted text, but this time with the
different key k2.
● The final output is the encryption of encrypted text as shown in
the figure.

The double encrypted cipher-text block is first decrypted using the key
K2 to make the single encrypted cipher text. This ciphertext block is
then decrypted using the key K1 to acquire the original plaintext block.

Triple DES:
● Triple DES is also called a TDES.
● It is a symmetric key block cipher, defining that the same key can
be used to encrypt and decrypt information in fixed-length set of
bits known as blocks.
● It is known as "Triple DES" because it uses the DES cipher three
times when encrypting data.

When DES was originally invented in 1976, it needed a key size of 56 bits,
which was an adequate level of security to oppose brute-force attacks.
Because then, computers have become economical and more strong,

EduDesire 31
 e
ir
es
D
allowing the 3DES algorithm to use DES three times successively,
u
Ed

essentially stopping brute-force on modern computers.

Triple Data Encryption Algorithm (3DES) is an upgrade of the famous

DES standard. 3DES uses a symmetric key block cipher. By using three
unrelated 64 bit keys, 3DES was produced to encrypt 64 bit blocks of
information.

Authentication Requirements:
● Authentication is a crucial aspect of information security, ensuring
that individuals, systems, or entities are who they claim to be
before granting access to resources or services.
● Authentication requirements vary depending on the context, the
level of security needed, and the specific system or application.

Here are common authentication requirements:

EduDesire 32
 e
ir
es
D
u
Ed

1. Identification:
● Users must provide a unique identifier, such as a username or email
address, to distinguish themselves from others.
● This identification is the first step in the authentication process.

2. Authentication Factors:
● Knowledge Factors: Something the user knows, such as a password,
PIN, or passphrase.
● Possession Factors: Something the user possesses, such as a
security token, smart card, or mobile device.
● Biometric Factors: Something inherent to the user, such as
fingerprints, retina scans, or facial recognition.

3. Multi-Factor Authentication (MFA):

EduDesire 33
 e
ir
es
D
● The use of two or more authentication factors for increased
u
Ed

security.
● For example, a combination of a password (knowledge factor) and a
one-time code from a mobile app (possession factor).

4. Password Policies:
● Complexity Requirements: Mandating the use of strong passwords
with a mix of uppercase and lowercase letters, numbers, and
special characters.
● Password Length: Specifying a minimum password length to
enhance security.
● Password Expiry: Requiring users to change their passwords
regularly.

5. Biometric Accuracy and Reliability:

● Ensuring that biometric systems are accurate and reliable in
identifying individuals.
● Biometric factors must have a low false positive rate and a low false
negative rate.

6. Session Management:
● Implementing mechanisms to manage user sessions securely,
including timeout periods, automatic logouts, and the ability to
revoke sessions remotely.

7. Secure Transmission:
Protecting authentication credentials during transmission by using
secure protocols (e.g., HTTPS) to prevent interception or tampering.

8. Account Lockout Policies:

● Implementing account lockout mechanisms to mitigate the risk of
brute-force attacks.
● After a certain number of failed login attempts, the account is
temporarily locked.

EduDesire 34
 e
ir
es
D
u
Ed

9. Monitoring and Logging:

● Implementing monitoring and logging mechanisms to track
authentication attempts, detect suspicious activities, and generate
alerts for potential security incidents.

10. Account Recovery Mechanisms:

Providing secure and reliable methods for users to recover their accounts
in case of forgotten passwords or compromised credentials. This may
involve additional verification steps.

11. Risk-Based Authentication:

● Adapting authentication requirements based on risk assessments.
● For example, requiring additional authentication steps for
high-risk transactions or unusual login locations.

12. Compliance with Standards:

Ensuring compliance with industry or regulatory standards that govern
authentication practices, such as PCI DSS for payment card transactions
or HIPAA for healthcare data.

13. User Education and Awareness:

Educating users about best practices for password management,
recognizing phishing attempts, and understanding the importance of
secure authentication.

Message Authentication Code:

● A message authentication code or MAC is a security code or tag that
is appended to the message sent by the sender to the receiver for
providing message authentication and integrity (no alteration in
message).
● It is similar to Message Digest (MD) except that it uses the
symmetric key cryptography process to authenticate a message i.e
The same key is shared between sender and receiver.

EduDesire 35
 e
ir
es
D
● The keyed hash function is another name for the message
u
Ed

authentication code. MAC is also referred to as Cryptographic

Checksum.

MAC = C (K, M), where K is a shared secret key and M is a message to be

authenticated.

● A message authentication code (MAC) algorithm takes a message to

be authenticated & a secret key that is known only to the sender of
the message and the receiver of the message & produces a MAC as
an output.
● By using MAC, a receiver can check the integrity of the message &
authenticity of the message i.e., whether it is coming from the
correct sender or not. MAC does not provide Non-Repudiation.

Types of Message Authentication Codes (MACs):

1. Unconditionally secure
2. Hash-function based
3. Stream Cipher-based
4. Block Cipher-based

How message authentication code (MAC) works?

There are four important components used for generating a Message
Authentication Code (MAC):
1. The message of arbitrary length
2. Key
3. MAC algorithm
4. MAC value

EduDesire 36
 e
ir
es
D
u
Ed

The sender and receiver share the same secret key to produce a Message
Authentication Code or Cryptographic Checksum. This generated MAC is
appended to the message and sent to the receiver. At the receiving end,
the receiver also generates the Message Authentication Code (MAC) with
the same shared key which is compared with the MAC generated by the
sender. If both the MACs are equal, then the message is valid and coming
from the correct sender, otherwise, the message is invalid.

A message’s hash value would be different if a sender didn’t know the

secret key, indicating to a receiver that it wasn’t from the original sender.

Hash Function:
● Cryptographic Hash is a Hash function that takes random size
input and yields a fixed-size output.
● It is easy to calculate but challenging to retrieve the original data.
● It is strong and difficult to duplicate the same hash with unique
inputs and is a one-way function so revert is not possible.
● Hashing is also known by different names such as Digest, Message
Digest, Checksum, etc.

EduDesire 37
 e
ir
es
D
Properties Of Cryptography Hash Function:
u
Ed

1. Deterministic: This means that the same message always results in

the same hash.
2. Quick: It is quick to compute the hash value for any given message.
3. Avalanche Effect: This means that every minor change in the
message results in a major change in the hash value.
4. One-Way Function: You cannot reverse the cryptographic hash
function to get to the data.
5. Collision Resistance: It is infeasible to find two different messages
that produce the same hash value.
6. Pre-Image Resistance: The hash value shouldn’t be predictable
from the given string and vice versa.
7. Second Pre-Image Resistance: Given an input, it should be
difficult to find another input that has the same hash value.

What Does a Hash Function Do?

One purpose of a hash function in cryptography is to take a plaintext
input and generate a hashed value output of a specific size in a way that
can’t be reversed. But they do more than that from a 10,000-foot
perspective. You see, hash functions tend to wear a few hats in the world
of cryptography. In a nutshell, strong hash functions:
● Ensure data integrity,
● Secure against unauthorised modifications,
● Protect stored passwords, and
● Operate at different speeds to suit different purposes.

Secure Hash Algorithm(SHA):

● The Secure Hash Algorithm (SHA) is a family of cryptographic hash
functions designed to produce fixed-size hash values.
● The SHA family was developed by the National Security Agency
(NSA) and published by the National Institute of Standards and
Technology (NIST) in the United States.
● The primary purpose of SHA is to provide a secure and efficient
method for creating unique representations of data, commonly
used for integrity verification, digital signatures, and password
storage.

EduDesire 38
 e
ir
es
D
u
Ed

Secure Hash Algorithm(SHA):

● There are two families of hash functions, SHA-1 and SHA-2.
● The SHA 256 belongs to the SHA-2 family of hashes.
● SHA-1 is a cryptographic hash function that was designed around
1995 and was disapproved for cryptographic usage after 2010.
Note: SHA-1 was disapproved after a collision attack was discovered by
Google and CWI Amsterdam in 2017.

What is SHA 256?

● SHA 256 is a hashing algorithm that was published in 2001 when the
SHA-1 was losing its strength against brute force attacks.
● The hashing algorithm was a joint effort between the National
Security Agency and NIST.
● The number 256 has a unique significance in its functionality. The
number signifies the length of the final hash value or digest. It
means that no matter how big the plain text is, the hash algorithm
will always produce a 256-bit hash value.

Characteristics of the SHA 256 Algorithm:

● The length of the message, cleartext, or plaintext should be less
than 264 bits. Yes, the message can be of any length, but for random
hash values, it should be in the comparison area.
● The digest length or the final hashed value should be 256 bits.
● All the 256-bit hash algorithms should be irreversible. It means that
the plaintext should not be retrievable if the digest is available or
vice versa.

EduDesire 39
 e
ir
es
D
u
Ed

What is SHA 512?

● Just like SHA 256, SHA 512 also belongs to the family of the SHA-2
family of hashes.
● Though it is not as widely used as SHA 256, it is also a powerful
hashing algorithm.

The characteristics of SHA 512 are almost similar to SHA 256, with the
difference of the following!
● The length of the produced hash or digest is 512 bits.
● The input message is broken down into block sizes that will be in
multiples of 1024 bits.
● The message should be irreversible. The plaintext should not be
retrievable if the digest is available or vice versa.

What are the Various Versions of SHA?

We have highlighted only SHA-1 and SHA-2 so far. However, there are
SHA-0, SHA-3, and many other sub-versions of them. Let’s discuss all of
them!

SHA Description
Versions

SHA-0 Block size: 512 bits, Hash digest: 128 bits, Collision
level: High, Rounds of operations: 64, Weaknesses:
Vulnerable to collisions, Security level: Low
Applications: It is used to verify the integrity of files.

SHA-1 Block size: 512 bits, Hash digest: 160 bits, Collision
level: Medium, Rounds of operations: 80, Weaknesses:
Vulnerable to collisions, Security level: Low,
Applications: It is used for HMAC.

SHA-2 Block size: 512/1024, Hash digest: 256/512 bits, Collision

level: Low, Rounds of operations: 64/80 Weaknesses:
Prone to preimage attacks, Security level: High,
Applications: Security apps, blockchain,
cryptocurrencies, and protocols.

EduDesire 40
 e
ir
es
D
SHA-3 Block size: 1152/1088/8, Hash digest: 224/256/384/512
u
Ed

bits, Collision level: Low, Rounds of operations: 24,

Weaknesses: Prone to Practical collision and Near
collision attacks, Security level: High, Applications:
Ready to replace SHA-2 whenever required.

Note: Among the explained versions, the SHA-2 and SHA-3 are the safest
SHA algorithm versions.

Differences Between SHA 256 and SHA 512:

Factor SHA 256 SHA 512

Security SHA-256 is a secure SHA-512 offers better

algorithm and is the most security than SHA-256, but
widely used. It is it is not widely used as of
computed with 32-bit now. It is computed with
words. 64-bit words.

Compatibility SHA 256 is compatible SHA 512 is supported by

with Apple, Android, the Windows operating
Blackberry, Chrome, and system when TLS 1.2 is not
Windows OS. It is also in use.
supported by Chrome,
Firefox, Internet Explorer,
Mozilla, Opera, and Safari
Browsers.

Applications SHA 256 is used in SHA 512 is used in email

authentication protocols. address hashing and
It comes in handy in digital record verification.
password hashing in Unix Just like SHA 256, it is also
and Linux. useful for password
Cryptocurrencies can use hashing and in the
SHA-256 to verify blockchain.
transactions.

EduDesire 41
 e
ir
es
D
Hash Size The hash size of SHA 256 is The hash size of SHA 512 is
u
Ed

256 bits. 512 bits.

What is a Birthday Attack?

● Birthday attack is a type of cryptographic attack that belongs to a
class of brute force attacks.
● It exploits the mathematics behind the birthday problem in
probability theory.
● The success of this attack largely depends upon the higher
likelihood of collisions found between random attack attempts and
a fixed degree of permutations, as described in the birthday
paradox problem.

Birthday paradox problem:

Let us consider the example of a classroom of 30 students and a teacher.
The teacher wishes to find pairs of students that have the same birthday.
Hence the teacher asks for everyone’s birthday to find such pairs.
Intuitively this value may seem small. For example, if the teacher fixes a
particular date, say October 10, then the probability that at least one
student is born on that day is 1 – (364/365)30 which is about 7.9%.
However, the probability that at least one student has the same birthday
as any other student is around 70% using the following formula:

1 - 365!/((365 - n!) * (365n)) (substituting n = 30 here)

Derivation of the above term:

Assumptions:
● Assuming a non leap year(hence 365 days).
● Assuming that a person has an equally likely chance of being born
on any day of the year.

Let us consider n = 2.
P(Two people have the same birthday) = 1 – P(Two people having
different birthday)

EduDesire 42
 e
ir
es
D
= 1 – (365/365)*(364/365)
u
Ed

= 1 – 1*(364/365)
= 1 – 364/365
= 1/365.

So for n people, the probability that all of them have different birthdays
is:

P(N people having different birthdays) =

(365/365)*(365-1/365)*(365-2/365)*….(365-n+1)/365.
= 365!/((365-n)! * 365n)

What is the Digital Signature Standard(DSS):

● Digital Signature is a way to validate the authenticity and integrity
of the message or digital or electronic documents.
● Authenticity means to check whether the data is coming from a
valid source or not to the receiver i.e. to verify the identity of the
sender and integrity means to check that the data or message
should not be altered during the transmission.

DSS or Digital Signature Standard was introduced by the National

Institute of Standards and Technology (NIST) in 1994. It has become the
United States government standard for electronic document
authentication. It was first proposed in 1991 and revised in 1993 as a
result of public concerns about the scheme’s security.

DSS employs SHA (Secure Hash Algorithm) to create digital signatures

and offers a new digital signature mechanism known as the Digital
Signature Algorithm.

Digital Signature
A digital signature is a mathematical technique used to validate the
authenticity and integrity of a message, software, or digital document.
1. Key Generation Algorithms:

EduDesire 43
 e
ir
es
D
● Ensure authenticity and integrity of digital signatures in electronic
u
Ed

transactions.
● Essential for verifying the sender's identity in digital transactions.
● Protect against data alteration and impersonation.

2. Signing Algorithms:
● Create a digital signature by generating a one-way hash of the
electronic data.
● Encrypt the hash value using the private key to form the digital
signature.
● Append the digital signature, along with other information, to the
data.
● Efficiently use hashing to sign shorter hash values instead of entire
messages.

3. Signature Verification Algorithms:

● Verifier processes the digital signature and public key using a
verification algorithm.
● Generates a hash value from the received data using the same hash
function.
● Compares the generated hash value with the output of the
verification algorithm.
● If they match, the digital signature is valid; otherwise, it is
considered invalid.

The steps followed in creating digital signature are :

1. Message Digest Computation:
● Apply a hash function to the message to compute the message
digest.
● Utilize a message digest algorithm (e.g., SHA-256) to generate the
message digest from the message content.

2. Digital Signature Formation:

● Encrypt the computed message digest using the private key of the
sender.

EduDesire 44
 e
ir
es
D
● Form the digital signature as the result of the encryption process:
u
Ed

digital signature = encryption(private key of sender, message

digest).

3. Transmission of Message and Digital Signature:

● Transmit the original message along with the digital signature to
the recipient: message + digital signature.

4. Digital Signature Verification:

● Receiver decrypts the digital signature using the public key of the
sender.
● This decryption ensures authenticity, as only the sender possesses
the private key to create the corresponding digital signature.

5. Message Digest Retrieval:

● Upon decryption, the receiver obtains the message digest
originally computed by the sender.

6. Integrity Check:
● The receiver independently computes the message digest from the
received message.
● Ensure that the computed message digest matches the one
obtained through decryption on the digital signature.
● Matching message digests confirm the integrity of the transmitted
message.

Message digest is computed using a one-way hash function, i.e. a hash

function in which computation of hash value of a message is easy but
computation of the message from hash value of the message is very
difficult.

EduDesire 45
 e
ir
es
D
u
Ed

Benefits of Digital Signatures

1. Legal Documents and Contracts:

● Digital signatures are legally binding, ideal for authenticated
signatures on legal documents.
● Ensures the integrity of records by guaranteeing no alterations
have occurred.

2. Sales Contracts:
● Authentication of seller and buyer identities through digital
signing of contracts.
● Legally binding signatures provide assurance that agreement terms
remain unchanged.

3. Financial Documents:
● Finance departments use digital signatures on invoices for
trustworthy payment requests.
● Prevents fraudulent attempts, ensuring payment requests come
from legitimate sources.

4. Health Data:
● In healthcare, digital signatures safeguard patient records and
research data.

EduDesire 46
 e
ir
es
D
● Ensures confidentiality by verifying data integrity during
u
Ed

transmission.

5. Government Agencies:
● Digital signatures optimise productivity in government processes,
adhering to strict policies.
● From permits to timesheets, ensures the right person is involved
with proper approvals.

Digital Certificate
● Digital certificate is issued by a trusted third party which proves
sender’s identity to the receiver and receiver’s identity to the
sender.
● A digital certificate is a certificate issued by a Certificate Authority
(CA) to verify the identity of the certificate holder.
● The CA issues an encrypted digital certificate containing the
applicant’s public key and a variety of other identification
information.
● Digital certificate is used to attach a public key with a particular
individual or an entity.

Digital certificate contains:- The authenticity

1. Name of certificate holder.
2. Serial number which is used to uniquely identify a certificate, the
individual or the entity identified by the certificate
3. Expiration dates.
4. Copy of certificate holder’s public key.(used for decrypting
messages and digital signatures)
5. Digital Signature of the certificate issuing authority.

Digital certificate is also sent with the digital signature and the message.

X.509 Certificate Format:

EduDesire 47
 e
ir
es
D
u
Ed

An X.509 certificate, a widely used standard for digital certificates,

consists of several key elements:
● Version Number: Specifies the format version of the certificate.
● Serial Number: A unique identifier assigned by the CA to
distinguish the certificate.
● Issuer Name: Identifies the entity (CA) issuing the certificate.
● Validity Period: Indicates the start and end dates of the certificate's
validity.
● Subject Name: Identifies the entity (individual, organisation) to
whom the certificate is issued.
● Subject Public Key Information: Contains the public key of the
certificate holder.
● Issuer Unique Identifier (Optional): Additional identification
information assigned by the CA.
● Subject Unique Identifier (Optional): Additional identification
information for the certificate holder.
● Extensions (Optional): Additional attributes or constraints
specified by the CA.
● Signature Algorithm Identifier: Specifies the algorithm used by
the CA to sign the certificate.
● Signature Value: The digital signature created by the CA, verifying
the authenticity of the certificate.

EduDesire 48
 e
ir
es
D
Digital certificate vs digital signature:
u
Ed

Feature Digital Signature Digital Certificate

Digital signature is like a

Digital certificate is a file
fingerprint or an
Basics / that ensures the holder's
attachment to a digital
Definition identity and provides
document that ensures its
security.
authenticity and integrity.

Hashed value of the

It is generated by CA
original message is
(Certifying Authority) that
Process / encrypted with the
involves four steps: Key
Steps sender's secret key to
Generation, Registration,
generate the digital
Verification, Creation.
signature.

Authenticity of Sender, It provides security and

Security
integrity of the document authenticity of certificate
Services
and non-repudiation. holders.

It follows the Digital It follows X.509 Standard

Standard
Signature Standard (DSS). Format

What is Secure Electronic Transaction(SET):

Secure Electronic Transaction (SET) is a security protocol designed to
ensure the security and integrity of electronic credit card transactions.
Developed with support from major organisations such as Visa,
Mastercard, Microsoft (providing Secure Transaction Technology - STT),
and Netscape (providing Secure Socket Layer - SSL), SET employs
advanced encryption and hashing techniques for securing online credit
card payments. Not a payment system itself, SET focuses on enhancing
security in transactions.

EduDesire 49
 e
ir
es
D
u
Ed

Key Points:
● SET safeguards electronic credit card transactions using
encryption and hashing.
● Developed with support from major entities like Visa, Mastercard,
Microsoft, and Netscape.
● Focuses on securing payments made over the internet through
credit cards.
● Prevents the exposure of credit card details to merchants,
enhancing protection against hackers.
● Incorporates Certification Authorities for standard Digital
Certificates (e.g., X.509 Certificate).
● A collaborative effort to restrict unauthorised access to sensitive
credit card information.
● General electronic transaction scenario involves client, payment
gateway, client financial institution, merchant, and merchant
financial institution.

Requirements in SET: The SET protocol has some requirements to meet,

some of the important requirements are:
● Mutual Authentication: Verify customer and merchant identities
for intended usage.
● Confidentiality: Encrypt Payment Information (PI) and Order
Information (OI) securely.

EduDesire 50
 e
ir
es
D
● Message Integrity: Resist unauthorised modifications to
u
Ed

transmitted content.
● Interoperability: Ensure compatibility for seamless
communication across systems.
● Optimal Security Mechanisms: Employ the best-available security
measures for robust protection.

Participants in SET: In the general scenario of online transactions, SET

includes similar participants:
1. Cardholder – customer
2. Issuer – customer financial institution
3. Merchant
4. Acquirer – Merchant financial
5. Certificate authority – Authority that follows certain standards and
issues certificates(like X.509V3) to all other participants.

Dual Signature: The dual signature is a concept introduced with SET,

which aims at connecting two information pieces meant for two different
receivers :
● Order Information (OI) for merchant
● Payment Information (PI) for bank

Generation of dual signature:

Where
● PI stands for payment information
● OI stands for order information
● PIMD stands for Payment Information Message Digest
● OIMD stands for Order Information Message Digest

EduDesire 51
 e
ir
es
D
● POMD stands for Payment Order Message Digest
u
Ed

● H stands for Hashing

● E stands for public key encryption
● KPc is customer's private key
● || stands for append operation
● Dual signature, DS= E(KPc, [H(H(PI)||H(OI))])

Purchase Request Generation: The process of purchase request

generation requires three inputs:
● Payment Information (PI)
● Dual Signature
● Order Information Message Digest (OIMD)

The purchase request is generated as follows:

Here
● PI, OIMD, OI all have the same meanings as before.
● The new things are :
● EP which is symmetric key encryption
● Ks is a temporary symmetric key
● KUbank is public key of bank
● CA is Cardholder or customer Certificate
● Digital Envelope = E(KUbank, Ks)

EduDesire 52
 e
ir
es
D
u
Ed

Purchase Request Validation on Merchant Side: The Merchant verified

by comparing POMD generated through PIMD hashing with POMD
generated through decryption of Dual Signature as follows:

Since we used Customer’s private key in encryption here we use KUC

which is the public key of the customer or cardholder for decryption ‘D’.

Payment Authorization and Capture:

Payment Authorization:
● Merchant verifies and authorises payment information.
● Ensures assurance of forthcoming payment to the merchant.

2. Payment Capture:
● Process where the merchant receives payment.
● Involves generating request blocks to the gateway, and the
payment gateway issues payment to the merchant.

Kerberos:
● Kerberos provides a centralised authentication server whose
function is to authenticate users to servers and servers to users.

EduDesire 53
 e
ir
es
D
● In Kerberos Authentication server and database is used for client
u
Ed

authentication.
● Kerberos runs as a third-party trusted server known as the Key
Distribution Center (KDC). Each user and service on the network is
a principal.

The main components of Kerberos are:

● Authentication Server (AS): The Authentication Server performs
the initial authentication and ticket for Ticket Granting Service.
● Database: The Authentication Server verifies the access rights of
users in the database.
● Ticket Granting Server (TGS): The Ticket Granting Server issues
the ticket for the Server

Kerberos Overview:

1. User Login and Service Request:

● User logs in and requests services on the host, specifically asking
for the ticket-granting service.

EduDesire 54
 e
ir
es
D
2. Authentication Server Verification:
u
Ed

● Authentication Server verifies user access rights using the

database.
● Provides the user with a ticket-granting-ticket (TGT) and session
key.
● Encrypts the results using the user's password.

3. Transmission to Ticket Granting Server (TGS):

● Decrypts the message using the user's password.
● Sends the ticket to the Ticket Granting Server (TGS), including
authenticators like usernames and network addresses.

4. Ticket Granting Server Processing:

● TGS decrypts the received ticket and verifies the authenticator.
● Creates a ticket for the user to request services from the server.

5. User Sends Ticket and Authenticator to Server:

● User transmits the generated ticket and authenticator to the server.

6. Server Verification and Service Access:

● Server verifies the ticket and authenticators.
● Generates access to the requested services, allowing the user to
access them.

Advantages to using Kerberos as an authentication service:

1. Effective Access Control:
● Kerberos authentication protocol facilitates centralised access
control.
● Users manage logins and security policies from a single point.

2. Mutual Authentication:
● Enables mutual authentication between service systems and users.

EduDesire 55
 e
ir
es
D
● Throughout the process, both parties are assured of each other's
u
Ed

authenticity.

3. Limited Ticket Lifetime:

● Kerberos tickets include timestamps and lifetime data.
● Admins control the authentication duration, enhancing security.

4. Reusable Authentication:
● Authentication in Kerberos is durable and reusable.
● Users authenticate once, and throughout the ticket's lifetime,
reauthentication doesn't require personal information reentry.

5. Security Measures:
● Multiple secret keys, third-party authorization, and cryptography
enhance security.
● Passwords aren't transmitted over networks, and encrypted secret
keys make impersonation challenging for attackers.

Difference between Kerberos v4 and Kerberos v5:

Kerberos Version 5
Features Kerberos Version 4

The version 5 was

Kerberos v4 was
published in 1993, years
Chronology released prior to version
after the appearance of
5 in the late 1980’s.
version 5.

Key salt Uses the principal name Uses the entire principal
algorithm partially. name.

Uses the
Uses the ASN.1 coding
Encoding “receiver-makes-right”
system.
encoding system.

EduDesire 56
 e
ir
es
D
u
Well extended.
Ed

Facilitates forwarding,
Ticket support Satisfactory
renewing and
postdating tickets.

Contains only a few IP Contains multiple IP

Network addresses and other addresses and other
addresses addresses for types of addresses for types of
network protocols. network protocols.

Transitive
Reasonable support
cross-realm No present support for
present for such
authentication the cause.
authentication.
support

What is PGP Encryption?

● PGP encryption also known as Pretty Good Privacy encryption
came into existence in 1991, and since then it has become the
standard fact for email security.
● It is a system that is used for both sending encrypted emails as well
as sending encrypted sensitive files.
● It is a type of program that gives cryptographic authentication and
privacy for online communications.
● It uses a mix of hashing, data compression, and public-key
cryptography.
● Apart from these, it also uses symmetric and asymmetric keys to
encrypt the data which is transferred across the networks. The
public key and private key features are combined in this.

How does PGP encryption work?

We know that PGP encryption works by using the combination of two
forms of encryption that is public-key encryption and symmetric-key
encryption. Let’s see how PGP works.

EduDesire 57
 e
ir
es
D
● Firstly, the PGP encryption generates a random session key by
u
Ed

using one of two main algorithms. This key is only used once and
this key is a huge number that cannot be guessed.
● Now, the next step is to encrypt the session key. This can be
achieved by using the public key of the intended recipient of the
message. The public key is tied to a particular person’s identity,
which can be used by anyone to send them a message.
● Now the encrypted PGP session key is sent to the recipient by the
sender, and they can decrypt the same by using their private key.
The recipient can decrypt the actual message using this session
key.

The above figure demonstrates the working of PGP, and that is.
● User A wants to send the message via email to User B.
● Therefore, User B generates the Two keys which are public and
private.
● User B sends the public key to User A.
● Then, User A encrypts the message with that public key and sends
that message to user B.
● User B then decrypts the message by using the private key.

What is SSL (Secure Socket Layer)?

● SSL or Secured Socket Layer is an internet security protocol with
an encryption-based technique.

EduDesire 58
 e
ir
es
D
● It was first developed by Netscape in the mid-1990s, the main
u
Ed

purpose of this was to ensure privacy, data integrity, and

authentication in communications through the Internet.

TLS or Transport Layer Security, the descendent of the SSL, has provided
security and encryption, because of which all modern internet commerce
and communications are possible. It provides continuous updates to
keep pace or an eye on the sophisticated attacker.
Why do we need SSL?
SSL follows these types of security information.
● Data Integrity: It checks for the safety of data, its consistency,
accuracy, and completeness.
● Encryption: It is used to protect the transmission of data for
example server to server, browser to the server, application to the
server, etc.
● Authentication: It checks whether you are connected to the
correct server or not.

Where can we use SSL?

SSL is used to secure many things and is used widely. Some of them are
mentioned below.
● It is used to secure Intranet-based traffic, such as file sharing,
database connections, internal networks, and extranets.
● Online payments or online credit card transactions.
● Various Webmail servers like Outlook web access, exchange, and
office communications server.
● It helps to secure the transfer of files over FTP(s) and HTTPS
services, such as transferring large files or website owners
uploading or updating a new page to their websites.
● System login to control panels and applications such as cPanel,
Parallels, and others.

How does SSL Work?

As we have already seen, the SSL protocol is used to make the connection
secure. So, now let’s see how SSL works.

EduDesire 59
 e
ir
es
D
SSL works with the following two concepts and that is:
u
Ed

1. Asymmetric Cryptography
2. Symmetric Cryptography

What is an SSL handshake?

● All the communications that are done through SSL begin with the
handshake.
● It allows the browser to verify the web server, establish a secure
connection and get the public key before the beginning of the data
transfer.
● The SSL handshake is asymmetric cryptography.

Let us understand what is actually done in the above figure.

● Client initiates communication with a "Hello Server" message,
including SSL version, session-specific data, and more.
● Server responds with a "Hello Client" message, reciprocating
communication details.
● Client verifies the server's SSL certificate from the certificate
authority (CA).
● If authentication fails, the client rejects the SSL connection; if
successful, proceeds to the next step.
● Client creates a session key, encrypts it with the server's public
key, and sends it to the server.
● Client may send its certificate to the server if client authentication
is requested.
● Server decrypts the session key with its private key and sends
acknowledgment encrypted with the session key back to the client.

EduDesire 60
 e
ir
es
D
Now, in the end, both the client and the server have a valid session key
u
Ed

that they can use for further communication and encrypt and decrypt
the actual data.

What is Firewall?
● A firewall is a system or software that provides security to the
network.
● It monitors the internal security by filtering the outgoing and
ingoing network traffic i.e., both in and out based on several rules
implemented by the user.
● They eliminate or in some cases reduce the existence of waste or
unwanted communication, and will only give permission to the
useful information and communications that are taking place in the
network.

The firewall provides a very simple way to involve or add security in the
system which can prevent our system from malicious attacks. It provides
security by involving an Intrusion Detection System or Intrusion
Prevention System, and many other security providers within the
network.
The firewall has become essential to be installed in our system and also
many businesses are using the same so that all their data and files should
be safe and not interrupt by the attacker because security is something
that is a very essential part of the business.

How do firewalls work?

● A firewall acts as the security guard which monitors each and every
packet and file which are moving in and out of the network and
allows it to travel only that file or packet which does not contain or
include any malicious activities in it. It becomes a barrier to
malicious activities and threats.

The below diagram clearly shows the work of the firewall.

EduDesire 61
 e
ir
es
D
u
Ed

Types of Firewalls: There are mainly 3 types of firewalls available and

that is hardware firewall, software firewall, and both (hardware +
software), they all have the same goal but their functionalities are
different.
1. Software Firewalls
2. Hardware Firewalls
3. Packet Filtering Firewalls
4. Circuit Level gateways
5. Stateful Inspection Firewalls
6. Proxy Firewalls
7. Next-Generation Firewalls

Software Firewalls
● Software firewalls are used in local devices or host devices.
● They work by creating an in-depth defence path.
● These are also called host firewalls.
● They can access any type of resource for their work from the
device in which they are installed.

Hardware Firewalls
● Hardware firewalls are a type of physical device that can be found
between a gateway and a computer network.
● It is also known as an Appliance firewall.
● They act as traffic routers.

EduDesire 62
 e
ir
es
D
● These are basically security guards that are assigned for the
u
Ed

separate hardware.
● They have their own resources, they don’t need any types of
resources from the system just like the software firewalls.

Packet Filtering Firewalls

● Packet Filtering firewall is the most basic and general type of
firewall, based on the method of operation.
● The ideas of this are based on data filtering. It is the oldest firewall
available.
● This does not create so much impact on the performance of the
network.

Circuit Level gateways

● Circuit Level gateways are the firewalls that first observe the TCP
(i.e., transmission control protocol) sessions and connections and
work at the session layer of the OSI model.
● It is quite similar to the Packet filtering firewalls, but they inspect
the information and transaction.
● These are practical and very simple to set. The main functions are
to see whether all the connections are safe or not.

Stateful Inspection Firewalls

● Stateful inspection firewalls are the systems that monitor both the
incoming packets and TCP connections or session-level state
information to determine how these data are transmitted.
● It provides a higher level of security.
● It takes more resources for their work which sometimes slows
down the system.

Proxy Firewalls
● Proxy firewalls are also known as cloud firewalls and
Application-level gateways.
● These firewalls operate with no filter traffic in the application layer.
● They make the traffic and examine all types of data that are passing
through.

EduDesire 63
 e
ir
es
D
● These have the special power to check the packet connections in
u
Ed

more depth.

Next-Generation Firewalls
● Next-generation firewalls, by the name, only suggest that all the
newly originated firewalls are considered in this category.
● These come with all the above-combined features and provide
better security.
● These firewalls monitor the full transactions of data, including all
the contents of the packet and header and many other resources
included.
● These firewalls provide higher security than the firewall above
mentioned.

What is an Intrusion Detection System?

● When working with something over the network or while working
with the system, we know that many suspicious activities may be
taking place parallel in our system, so to detect that activity and
inform about the same is what this intrusion detection system
does.
● The intrusion detection system is a type of software that detects
suspicious activities that are taking place in our system and if any
are found, then it gives us an alert so that someone from the
security operation team can investigate the issue and may fix this
issue or may take right action there based on that alerts.
● It scans the whole network and generates or monitors the network
traffic to detect these suspicious activities.
● Sometimes intrusion detection systems come up with false alarms,
therefore they should be properly installed in your system so that it
can easily differentiate what normal traffic looks like and what a
network of suspicious activities looks like.

What is the classification of Intrusion Detection System?

EduDesire 64
 e
ir
es
D
Intrusion detection systems can be deployed in any network and hence
u
Ed

are mainly classified into two types. So, let’s see what they are.

Host Intrusion Detection System (HIDS)

● The host Intrusion detection system is responsible for looking at
the incoming and outgoing packages and detects that if any threat
is found then it immediately gives us the alert.
● They are deployed at the endpoint. These IDS monitor the traffic of
the network to and from the machine.
● These are visible to the host machines. A typical example of these
can be seen on mission-critical machines.

Network Intrusion Detection System (NIDS)

● Network intrusion detection systems are responsible for
monitoring or analysing the entire incoming traffic or the entire
protected network.
● It is visible to all the traffic flowing through that network.
● These systems can detect various types of threats. The internal
endpoints can’t access these.

EduDesire 65
 e
ir
es
D
u
Ed

1.Signature-based detection
● Signature-based detection is designed for detecting special designs
or patterns or we can say that they use a fingerprint of the
malicious virus or threats to identify them i.e., if any virus or threat
has been acknowledged then it will store the signature of that
threat so that in future it can identify easily about that threat and
comes up with full accuracy.

The main thing in this is it can easily detect the known threat but it
becomes difficult or almost impossible to detect the new threat, which
was not detected previously, i.e., they are limited to detect only known
threats.

2. Anomaly-based detection
● Anomaly-based detection is a new technology based on a Machine
learning algorithm, that is usually made for normal behaviour of

EduDesire 66
 e
ir
es
D
the system, and now all other behaviour is compared to this tech
u
Ed

model and generates the alert if any types of threat are detected.
● This model can suffer from false positives (i.e., incorrect alerts) and
false negatives (i.e., missed detection).

3. Hybrid detection
● In a hybrid detection system, a hybrid itself means it is a mixture or
combination.
● So, here it is the combination of signature-based detection and
anomaly-based detection.
● The motive of this attack is to lower the error rate and to detect
more potential attacks.

Monoalphabetic Cipher
● The monoalphabetic cipher, also known as the simple substitution
cipher, is one of the earliest and most straightforward encryption
techniques.
● In a monoalphabetic cipher, each letter in the plaintext will always
be replaced by the same letter in the ciphertext.

Explanation:
To illustrate, let’s create a simple monoalphabetic cipher. Suppose we
assign each letter of the alphabet a corresponding letter three positions
ahead:
● Plain: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
● Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Example:

EduDesire 67
 e
ir
es
D
● Plain: HELLO
u
Ed

● Cipher: KHOOR
Monoalphabetic ciphers are easy to understand and implement, making
them suitable for beginners.

Polyalphabetic Cipher:
● In contrast to monoalphabetic ciphers, polyalphabetic ciphers
introduce an element of complexity by using multiple substitution
alphabets.
● Instead of each letter being replaced by a single, fixed letter,
different letters within the same message may be substituted with
different letters. This complexity adds a layer of security, making
polyalphabetic ciphers more resistant to traditional cryptanalysis
techniques.

Explanation:
One of the most famous polyalphabetic ciphers is the Vigenère cipher. In
the Vigenère cipher, a keyword is used to determine the shift value for
each letter. For example, if we want to encrypt the word “ENCRYPT” with
the keyword “KEY,” the process would look like this:
● Plain: E N C R Y P T
● Keyword: K E Y K E Y K
● Cipher: R I J X P W X

Example:
● Plain: ENCRYPT
● Keyword: KEYKEYK
● Cipher: RIJXPWX

Differences between Monoalphabetic Cipher and Polyalphabetic

Cipher:

Monoalphabetic Cipher Polyalphabetic Cipher

EduDesire 68
 e
ir
es
D
u
Less secure More secure than a
Ed

Monoalphabetic cipher.

Contains frequency of letters It does not contain the same

same as the message. frequency of letters as in the
message.

The space between words is left The space between the words are
blank. also mapped to some letters.

Brute force algorithm can decrypt Brute force algorithm cannot

it. decrypt it.

It is not used nowadays. It is used more frequently than

Monoalphabetic cipher.

The same alphabet in the message The same alphabet in the code may
will be made up of similar code or may not be made of similar code
letters. letters.

RSA algorithm:
● The RSA algorithm in Cryptography was developed by 3 founders:
Ron Rivest, Adi Shamir, and Leonard Adleman in 1978, and hence,
this algorithm was named RSA (Rivest, Shamir, and Adleman)
algorithm.
● The RSA algorithm in Cryptography is a public key cryptography
algorithm used for converting plaintext into ciphertext.
● It is also known as asymmetric-key cryptography because two
different keys i.e., a public key and a private key are used for
encrypting and decrypting the message or data.
● As the name implies, the Public Key is made available to anyone,
while the Private Key remains secret or private i.e., not shared with
anyone.
● The public key is used by the sender to encrypt the message or
plain text and a private key is used by the receiver to decrypt the
encrypted message or ciphertext.

EduDesire 69
 e
ir
es
D
u
Ed

RSA algorithm in Cryptography works in 3 steps:

● Generation of public and private keys.
● Encryption of message by the sender using the public key.
● The decryption of the message by the receiver using the private
key.

Generation of public and private keys

● Choose a and b as two large prime numbers, where a cannot be
equal to b.
● Compute, n= a * b, where n is referred to as the modulus for
encryption and decryption.
● Compute the totient function, ϕ(n) = (a – 1) * (b – 1).
● Select e such that 1 < e < ϕ(n) is relatively prime to ϕ(n), i.e., gcd(e,
ϕ(n)) = 1. In other words, e and (n) don’t have any factors except for
one.
● Compute, d in such a way that e.d = 1 mod ϕ(n) or d=e-1 mod ϕ(n).
You can find out d by using the Extended Euclidean Algorithm.
Or
d can be calculated using the given formula below:
d = (ϕ(n) * k + 1) / e, for some integer k.
● Finding the public key
The public key consists of two numbers n & e, i.e., (n, e).

EduDesire 70
 e
ir
es
D
● Finding a Private key
u
Ed

The private key consists of two numbers n & d, i.e., (n, d).

For a better understanding, let’s see one example:

1. Let the two prime numbers be a=11 and b=7.
2. Compute, n = a * b = 11 * 7 = 77.
3. Compute: ϕ(n) = (a – 1) * (b – 1) = (11 – 1) * (7 – 1) = 10 * 6 = 60.
4. Selecting a number e such that gcd(e, ϕ(n))=1 and 1 < e < ϕ(n).
Let e = 7.
Gcd(7,60)=1
5. Calculating d.
ed = 1 mod ϕ(n)
Or
d = (ϕ(n) * k + 1) / e
d = (60 * k + 1) / 7
When k=1, d = (60 * 1 + 1) / 7 = 61/7 = 8.17.
When k=2, d = (60 * 2 + 1) / 7 = 121/7 = 17.28.
When k=3, d = (60 * 3 + 1) / 7 = 181/7 = 25.86.
When k=4, d = (60 * 4 + 1) / 7 = 241/7 = 34.43.
When k=5, d = (60 * 5 + 1) / 7 = 301/7 = 43.
Therefore, d = 43.
6. The public key is (n, e) = (77, 7).
The private key is (n, d) = (77, 43).

Example 1: In an RSA cryptosystem, a particular A uses two prime

numbers, 13 and 17, to generate the public and private keys. If the public
of A is 35. Then the private key of A is ……………?.

Explanation:
Step 1: in the first step, select two large prime numbers, p and q.
p = 13
q = 17

EduDesire 71
 e
ir
es
D
Step 2: Multiply these numbers to find n = p x q, where n is called the
u
Ed

modulus for encryption and decryption.

First, we calculate
n=pxq
n = 13 x 17
n = 221

Step 3: Choose a number e less than n, such that n is relatively prime to

(p - 1) x (q -1). It means that e and (p - 1) x (q - 1) have no common factor
except 1. Choose "e" such that 1<e < φ (n), e is prime to φ (n), gcd (e, d (n))
=1.

Second, we calculate
φ (n) = (p - 1) x (q-1)
φ (n) = (13 - 1) x (17 - 1)
φ (n) = 12 x 16
φ (n) = 192
g.c.d (35, 192) = 1

Step 3: To determine the private key, we use the following formula to

calculate the d such that:
Calculate d = de mod φ (n) = 1
d = d x 35 mod 192 = 1
d = (1 + k.φ (n))/e [let k =0, 1, 2, 3………………]
Put k = 0
d = (1 + 0 x 192)/35
d = 1/35
Put k = 1
d = (1 + 1 x 192)/35
d = 193/35
Put k = 2
d = (1 + 2 x 192)/35
d = 385/35

EduDesire 72
 e
ir
es
D
d = 11
u
Ed

The private key is <d, n> = (11, 221)

Hence, private key i.e. d = 11

Chinese Remainder Theorem

● This theorem is named after the Chinese mathematician Sun Zi,
who first described this principle in the third century AD.
● It is a mathematical tool that helps you solve a system of equations
where each equation has a different modulus.
● A modulus is just a fancy term for the remainder you get when you
divide a number by another number.

According to the Chinese Remainder Theorem, if you have two equations,

x ≅ a (mod m) and x ≅ b (mod n), where m and n are different moduli.
You can combine them into a single equation, x ≅ c (mod mn), where x is
the unique solution to the system. Provided, m and n are relatively prime.

Algorithm of CRT
● We will use the following algorithm to code the CRT.
● Calculate M as the product of all moduli, i.e., M = m[0] * m[1] * ... *
m[k-1].
● Calculate the array Mi, where each Mi[i] is equal to M divided by
m[i].
● Calculate the array Zi, where each Zi[i] is the inverse modulo m[i] of
Mi[i]. This can be done using a simple loop that increments a
counter until (Zi[i] * Mi[i]) mod m[i] equals 1.
● Compute the solution X as the sum of (y[i] * Mi[i] * Zi[i]) for all i,
modulo M.
Return X as the final answer.

Working of Chinese Remainder Theorem

Suppose we have a system of congruences:

EduDesire 73
 e
ir
es
D
u
Ed

where m1, m2, ..., mn are co-prime (pairwise relatively prime) integers, and
y1, y2, ..., yn are arbitrary integers.

Note: The equation X ≅ Yi(mod mi) means that X leaves a remainder of Yi

when divided by mi. The ≅ symbol is used to indicate "congruence
modulo." It means that the two values on either side of the symbol are
equivalent when they are divided by the modulus (here, mi).

The Chinese Remainder Theorem states that this system of congruences

has a unique solution x modulo ‘M’ (the product of the moduli m1, m2, ...,
mn.)

To find this unique solution:

We first compute the product M = m1 * m2 * … * mn.

For each i from 1 to n, we then compute “Mi = M / mi” For example,

M1 = M/m1
= (m1 * m2 * m3 … * mn)/ m1
= m2 * m3 … * mn

Similarly,
M2 = m1 * m3 … * mn
M3 = m1 * m2 * … * mn
And so on.

For each i from 1 to n, find the modular inverse Zi of Mi modulo mi. To

calculate Zi, we will use the congruence Mi Zi ≅ 1 (mod mi). For example,

M1Z1 ≅ 1(mod m1)

EduDesire 74
 e
ir
es
D
Similarly,
u
Ed

M2Z2 ≅ 1(mod m2)

M3Z3 ≅ 1(mod m3)
And so on.

We can then compute the solution X as follows:

X = (y1 * Z1 * M1 + y2 * Z2 * M2 + ... + yn * Zn * Mn) mod M

where Mi * Zi ≅ 1 (mod mi) for each i.
This formula is known as the Chinese Remainder Theorem formula.

Example 1
Consider the following system of congruences
X ≅ 1 (mod 5)
X ≅ 1 (mod 7)
X ≅ 3 (mod 11)

Here,
y1 = 1, y2 = 1, y3 = 3,
m1 = 5, m2 = 7, m3 = 11

Since 5, 7, and 11 are relatively prime numbers to one another. So, we can
find X. We can use CRT to find the unique solution to this system of
congruences. The steps to do so are:

First, we compute the product M.

M = m1 * m2 * m3
= 5 * 7 * 11
= 385

Next, we compute Mi
M₁ = M / m1
= m2*m3 (here, M = m1*m2*m3 / m1)

EduDesire 75
 e
ir
es
D
= 7 * 11
u
Ed

= 77

M₂ = M / m2
= m1*m3 (here, M = m1*m2*m3 / m2)
= 5 * 11
= 55

M₃ = M / m3
= m1*m2 (here, M = m1*m2*m3/m3)
= 5*7
= 35

Find the modular inverses (Zi) of M₁, M₂, and M₃ modulo 5, 7, and 11,
respectively.
M1Z1 ≅ 1(mod m1)
M1Z1(mod m1) = 1
77*Z1(mod 5) = 1

Now think what value of Z1 should be multiplied by 77 such that when

you divide 77*Z1 with 5, you get 1 as a remainder.

77 * 3(mod 5) = 1
So, Z1 = 3

M2Z2 ≅ 1(mod m2)

M2Z2(mod m2) = 1
55*Z2(mod 7) = 1

Now think what value of Z1 should be multiplied by 55 such that when

you divide 55*Z2 with 7, you get 1 as the remainder.

55*6(mod 7) = 1
So, Z2 = 6

EduDesire 76
 e
ir
es
D
u
Ed

M3Z3 ≅ 1(mod m3)

M3Z3(mod m3) = 1
35*Z3(mod 11) = 1

Now think what value of Z3 should be multiplied by 35 such that when

you divide 35*Z1 with 11, you get 1 as a remainder.

35*6(mod 11) = 1
So, Z3 = 6

Now we calculate X as:

X = (y1 * Z1 * M1 + y2 * Z2 * M2 + y3 * Z3 * M3) mod M
= (1 * 3 * 77 + 1 * 6 * 55 + 3 * 6 * 35) mod 385
= (231 + 330 + 630) mod 385
= (1191) mod 385
= 36

Therefore, X = 36.
Now let us look at a real-life example to see where we can use this
theorem.

Example 2
Ninja has a friend, Alice, who has a secret number she wants to share
with him. But instead of giving the number directly, she decided to give
him the remainder of the number when divided by two different factors,
say 5 and 7. Let's say her number has a remainder of 1 when divided by 5
and a remainder of 2 when divided by 7
To find the number, Ninja can use the Chinese Remainder Theorem to
combine the remainders in a certain way to get a unique solution that
satisfies both equations.
The equation that he can form from this will be:
X ≅ 1 (mod 5)
X ≅ 2 (mod 7)

EduDesire 77
 e
ir
es
D
X is Alice’s secret number.
u
Ed

Before moving to the solution, try to find X yourself so the concept of the
Chinese Remainder Theorem will be clear to you.

Here,
y1 = 1, y2 = 2
m1 = 5, m2 = 7
Calculating M:
M = m1*m2
=5*7
= 35

Finding Mi:
M₁ = M / m1
= m2 (here, M = m1*m2 / m1)
=7

M₂ = M / m2
= m1 (here, M = m1*m2 / m2)
=5

Finding Zi for Mi:

M1Z1 ≅ 1(mod m1)
M1Z1(mod m1) = 1
7*Z1(mod 5) = 1
Z1 = 3

M2Z2 ≅ 1(mod m2)

M2Z2(mod m2) = 1
5*Z2(mod 7) = 1
Z2 = 3

Calculating X:

X = (y1 * Z1 * M1 + y2 * Z2 * M2) mod M

EduDesire 78
 e
ir
es
D
= (1 * 3 * 7 + 2 * 3 * 5) mod 35
u
Ed

= (21 + 30) mod 35

= (51) mod 35
= 16

So, Alice’s number was 16.

Edu Desire
Computer And Technology

The More You Practice, The Better You Get.

Thank You!
Follow me

EduDesire 79