CST 428

BLOCKCHAIN
TECHNOLOGIES

MODULE 1
MODULE – 1 (FUNDAMENTALS OF CRYPTOGRAPHY)

Introduction to Cryptography, Symmetric cryptography – AES. Asymmetric cryptography – RSA. Elliptic

curve cryptography, Digital signatures – RSA digital signature algorithms. Secure Hash Algorithms –

SHA-256. Applications of cryptographic hash functions – Merkle trees, Distributed hash tables.
 INTRODUCTION TO
CRYPTOGRAPHY

 Cryptography is the study of secure communications techniques

that allow only the sender and intended recipient of a message

to view its contents.
 Basically 2 methods:

1. Symmetric encryption/Conventional encryption/single-key

encryption

2. Asymmetric encryption
 TERMINOLOGIES IN CRYPTOGRAPHY (SYMMETRIC)

 Plaintext: original intelligible message or data that is fed into the algorithm as input.

 Encryption algorithm: performs various substitutions and transformations on the plaintext

 Secret key: given as input into the encryption algorithm that has a value independent of the plaintext and

of the algorithm and produce a different output depending on the specific key being used at the time.

 Ciphertext: is the scrambled message produced as output that depends on the plaintext and the secret

key.

 Decryption algorithm: This is the encryption algorithm run in reverse that takes the ciphertext and the

secret key and produces the original plaintext.

TERMINOLOGIES IN CRYPTOGRAPHY (SYMMETRIC)
 Examples for
Symmetric encryption:

1. SUBSTITUTION CIPHERS

2. TRANSPOSITION CIPHERS
CAESAR CIPHER
CAESAR CIPHER
 SIMILAR EXAMPLES FOR SUBSTITUTION CIPHERS (ASSIGNMENT 1)

 Monoalphabetic cipher: Hill cipher

 Polyalphabetic cipher : Playfair cipher, Vigenere cipher

EXAMPLES FOR TRANSPOSITION CIPHERS

1. rail fence technique

EXAMPLES FOR TRANSPOSITION CIPHERS

2. columnar transposition
cipher
 STREAM CIPHERS AND BLOCK CIPHERS

 A stream cipher is one that encrypts a digital data stream one bit or one

byte at a time.

Eg: Caeser cipher, Vigenere cipher

 A block cipher is one in which a block of plaintext is treated as a whole

and used to produce a ciphertext block of equal length

Eg: DES (Data Encryption Standard), AES (Advanced Encryption Standard)

 BLOCK CIPHERS : (DES, AES)

 Data Encryption Standard (DES)

 Symmetric key algorithm

 There are two inputs to the encryption function: the plaintext to be

encrypted and the key.

 Plaintext must be 64 bits in length

 Ciphertext 64 bits in length

 Key is 56 bits in length

 DATA ENCRYPTION STANDARD (DES)

 First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges the bits to produce the
permuted input.

 This is followed by a phase consisting of sixteen rounds of the same function, which involves both
permutation and substitution functions.

 The output of the last (sixteenth) round consists of 64 bits that are a function of the input plaintext and the
key.

 The left and right halves of the output are swapped to produce the preoutput.

 Finally, the preoutput is passed through a permutation that is the inverse of the initial permutation
function, to produce the 64-bit ciphertext
 DATA ENCRYPTION STANDARD (DES)

 Initially, the key is passed through a permutation function.

 Then, for each of the sixteen rounds, a subkey (Ki ) is produced by the combination of a left

circular shift and a permutation.

 The permutation function is the same for each round, but a different subkey is produced because

of the repeated shifts of the key bits.

 The Initial permutation and its inverse are defined by below tables

 The input to a table consists of 64 bits numbered from 1 to 64.

 The 64 entries in the permutation table contain a permutation of the numbers from 1 to 64.
DATA ENCRYPTION STANDARD (DES)
DETAILS OF SINGLE ROUND
ADVANCED ENCRYPTION STANDARD (AES)
 ASYMMETRIC CRYPTOGRAPHY – RSA

RSA encryption algorithm is a type of public-key encryption algorithm.

 Public key encryption algorithm:
 Public Key encryption algorithm is also called the Asymmetric algorithm. Asymmetric algorithms are those
algorithms in which sender and receiver use different keys for encryption and decryption. Each sender is assigned a
pair of keys:
 Public key
 Private key
 The Public key is used for encryption, and the Private Key is used for decryption. Decryption cannot be done using a
public key. The two keys are linked, but the private key cannot be derived from the public key.
 The public key is well known, but the private key is secret and it is known only to the user who owns the key. It
means that everybody can send a message to the user using user's public key. But only the user can decrypt the
message using his private key.
ASYMMETRIC CRYPTOGRAPHY – RSA
EXAMPLE
ELLIPTIC CURVE CRYPTOGRAPHY

 ECC, as the name implies, is an asymmetric encryption algorithm that employs the algebraic

architecture of elliptic curves with finite fields.

• Elliptic Curve Cryptography (ECC) is an encryption technology comparable to RSA that enables

public-key encryption.

• While RSA’s security is dependent on huge prime numbers, ECC leverages the mathematical theory of
elliptic curves to achieve the same level of security with considerably smaller keys.

• Victor Miller and Neal Koblitz separately proposed elliptic curve ciphers in the mid-1980s
COMPONENTS OF ELLIPTIC CURVE CRYPTOGRAPHY

 ECC keys:
 Generator Point:
ELLIPTIC CURVE CRYPTOGRAPHY ALGORITHMS

1. Digital signature algorithms:

 Elliptic Curve Digital Signature Algorithm. (ECDSA):
 Edwards-curve Digital Signature Algorithm (EdDSA)

2. Encryption algorithms:
 Elliptic Curve Integrated Encryption Scheme (ECIES):
 EC-based ElGamal Elliptic Curve Cryptography:

3. Key Agreement algorithm:

 Elliptic-curve Diffie–Hellman (ECDH):
 Fully Hashed Menezes-Qu-Vanstone(FHMQV):
 APPLICATION OF ELLIPTIC CURVE CRYPTOGRAPHY

• Diffie-Hellman: The basic public-key cryptosystem suggested for secret key sharing is the Diffie-
Hellman protocol.
• Elliptic Curve Digital Signature Algorithm (ECDSA): ECC is one of the most widely utilized
digital signature implementation approaches in cryptocurrencies.
• Online application: Moreover, ECC is not limited to cryptocurrencies. It is an encryption standard
that will be utilized by most online apps in the future due to its reduced key size and efficiency.
• Blockchain application: The cryptocurrency Bitcoin employs elliptic curve cryptography
 ECC VS RSA

Parameters ECC RSA

ECC is a cryptography technique that works RSA cryptography algorithm is primarily

Working algorithm
just on a mathematical model of elliptic curves. based on the prime factorization approach.

ECC gives significant bandwidth savings over RSA provides much lesser bandwidth
Bandwidth savings
RSA. saving than ECC.
The encryption process takes more time in
Encryption process The encryption process takes less time in ECC.
RSA.

Decryption process The decryption process takes more time. Decryption is faster than ECC.

ECC is much safer than RSA and is currently in RSA is heading toward the end of its
Security
the process of adapting. tenure.
BENEFITS OF ELLIPTIC CURVE CRYPTOGRAPHY

• Fast key generation

• Smaller key size
• Less computation power
• High security
LIMITATIONS OF ELLIPTIC CURVE CRYPTOGRAPHY

• Large encryption size

• A more complex: The ECC algorithm is more complete and more difficult to
implement than RSA.
• Complex security: Complicated and tricky to implement securely, mainly the
standard curves.
• Binary curves: Processing of binary curves is costly.
DIGITAL SIGNATURES – RSA DIGITAL SIGNATURE
ALGORITHMS.

 Assume that there is a sender (A) and a receiver (B). A wants to send a message (M) to B along
with the digital signature (DS) calculated over the message.
 Step-1 : Sender A uses SHA-1 Message Digest Algorithm to calculate the message digest (MD1)
over the original message M. Message digest calculation
 Step-2 : A now encrypts the message digest with its private key. The output of this process is called
Digital Signature (DS) of A.

Digital signature creation

 Step-3 : Now sender A sends the digital signature (DS) along with the original message
(M) to B.

Transmission of original message and digital signature simultaneously

 Step-4 : When B receives the Original Message(M) and the Digital Signature(DS) from A, it
first uses the same message-digest algorithm as was used by A and calculates its own
Message Digest (MD2) for M.

Receiver calculates its own message digest

 Step-5 : Now B uses A’s public key to decrypt the digital signature because it was
encrypted by A’s private key. The result of this process is the original Message Digest
(MD1) which was calculated by A.

Receiver retrieves sender’s message digest

 Step-6 : If MD1==MD2, the following facts are established as follows.
• B accepts the original message M as the correct, unaltered message from A.
• It also ensures that the message came from A and not someone posing as A.

Digital signature
verification
 What is Hashing?
 Hashing is the process of scrambling raw information to the extent that it cannot
reproduce it back to its original form. It takes a piece of information and passes it
through a function that performs mathematical operations on the plaintext. This
function is called the hash function, and the output is called the hash value/digest.
SECURE HASH ALGORITHMS – SHA-256

 SHA 256 is a part of the SHA 2 family of algorithms, where SHA stands for Secure

Hash Algorithm. Published in 2001, it was a joint effort between the NSA and NIST
to introduce a successor to the SHA 1 family, which was slowly losing strength
against brute force attacks.

 The significance of the 256 in the name stands for the final hash digest value, i.e.

irrespective of the size of plaintext/cleartext, the hash value will always be 256 bits.
FEATURES OF THE SHA ALGORITHM ARE AS FOLLOWS:

 Message Length: The length of the cleartext should be less than 264 bits. The size

needs to be in the comparison area to keep the digest as random as possible.

 Digest Length: The length of the hash digest should be 256 bits in SHA 256

algorithm, 512 bits in SHA-512, and so on.

 Irreversible: By design, all hash functions such as the SHA 256 are irreversible. You

should neither get a plaintext when you have the digest beforehand nor should the

digest provide its original value when you pass it through the hash function again.
STEPS IN SHA-256 ALGORITHM

1. Padding Bits

 It adds some extra bits to the message, such that the length is exactly 64 bits short of a

multiple of 512. During the addition, the first bit should be one, and the rest of it
should be filled with zeroes.
2. Padding Length

 You can add 64 bits of data now to make the final plaintext a multiple of 512. You can

calculate these 64 bits of characters by applying the modulus to your original

cleartext without the padding.
3. Initialising the Buffers:
 You need to initialize the default values for eight buffers to be used in the rounds as follows:
4. Compression Functions

 The entire message gets broken down into multiple blocks of 512 bits each. It puts each block

through 64 rounds of operation, with the output of each block serving as the input for the
following block.
 While the value of K[i] in all those rounds is pre-initialized, W[i] is another input that

is calculated individually for each block, depending on the number of iterations being
processed at the moment.
5. Output

 With each iteration, the final output of the block serves as the input for the next block.

The entire cycle keeps repeating until you reach the last 512-bit block, and you then
consider its output the final hash digest. This digest will be of the length 256-bit, as
per the name of this algorithm.
APPLICATIONS

 Digital Signature Verification: Digital signatures follow asymmetric encryption methodology to verify the authenticity

of a document/file. Hash algorithms like SHA 256 go a long way in ensuring the verification of the signature.

 Password Hashing: Websites store user passwords in a hashed format for two benefits. It helps foster a sense of privacy,

and it lessens the load on the central database since all the digests are of similar size.

 SSL Handshake: The SSL handshake is a crucial segment of the web browsing sessions, and it’s done using SHA

functions. It consists of your web browsers and the web servers agreeing on encryption keys and hashing authentication

to prepare a secure connection.

 Integrity Checks: To verifying file integrity has been using variants like SHA 256 algorithm and the MD5 algorithm. It

helps maintain the full value functionality of files and makes sure they were not altered in transit.
APPLICATIONS OF CRYPTOGRAPHIC HASH FUNCTIONS

 Merkle trees

 Distributed hash tables.

MERKLE TREES

 Merkle tree is a fundamental part of blockchain technology. It is a mathematical data

structure composed of hashes of different blocks of data, and which serves as a
summary of all the transactions in a block.
 It also allows for efficient and secure verification of content in a large body of data. It
also helps to verify the consistency and content of the data. Both Bitcoin and
Ethereum use Merkle Trees structure. Merkle Tree is also known as Hash Tree.
 The concept of Merkle Tree is named after Ralph Merkle, who patented the idea in
1979.
HOW DO MERKLE TREES WORK?

 A Merkle tree stores all the transactions in a block by producing a digital fingerprint

of the entire set of transactions. It allows the user to verify whether a transaction can
be included in a block or not.

 Merkle trees are created by repeatedly calculating hashing pairs of nodes until there is

only one hash left. This hash is called the Merkle Root, or the Root Hash. The Merkle
Trees are constructed in a bottom-up approach.
 Merkle Root is stored in the block header. The block header is the part of the bitcoin

block which gets hash in the process of mining. It contains the hash of the last block,
a Nonce, and the Root Hash of all the transactions in the current block in a Merkle
Tree. So having the Merkle root in block header makes the transaction tamper-proof.
As this Root Hash includes the hashes of all the transactions within the block, these
transactions may result in saving the disk space.
 The Merkle Tree maintains the integrity of the data. If any single detail of

transactions or order of the transaction's changes, then these changes reflected in the
hash of that transaction. This change would cascade up the Merkle Tree to the Merkle
Root, changing the value of the Merkle root and thus invalidating the block. So
everyone can see that Merkle tree allows for a quick and simple test of whether a
specific transaction is included in the set or not.
Merkle trees have three benefits:

•It provides a means to maintain the integrity and validity of data.

•It helps in saving the memory or disk space as the proofs, computationally easy and

fast.

•Their proofs and management require tiny amounts of information to be transmitted

across networks.
DISTRIBUTED HASH TABLES

 A distributed hash table (DHT) is a type of distributed system that provides a lookup

service similar to a hash table.

 In a hash table, data is stored and retrieved using keys, and the keys are used to

determine the location of the data in the table.

 A distributed hash table is similar, but the data is distributed across multiple nodes in

a network rather than being stored in a single table.

 In a DHT, each node is responsible for storing and managing a portion of the data.

 When a client wants to retrieve or store data, it sends a request to the network.

 The request is then forwarded to the appropriate node based on the key of the data

being requested.

 The node then responds to the request and either retrieves or stores the data.
DHTS ARE USED FOR A VARIETY OF PURPOSES, INCLUDING

 Peer-to-peer (P2P) networks − DHTs are often used in P2P networks to facilitate the sharing of resources, such as files or data,

between peers. DHTs allow peers to locate resources on the network and download them directly from one another.

 Distributed databases − DHTs can be used to store and retrieve data in a distributed database. Because the data is distributed

across multiple nodes in the network, DHTs can provide a scalable and efficient way to store and retrieve large amounts of data.

 Distributed file systems − DHTs can be used to store and manage files in a distributed file system. By distributing the files across

multiple nodes, DHTs can provide a scalable and fault-tolerant way to store and access large amounts of data.

 Content delivery networks − DHTs can be used to store and distribute content, such as videos or images, across a network of

servers. This can help to reduce the load on a single server and improve the performance of the network.
ADVANTAGE OF DISTRIBUTED HASH TABLE

 Scalability- DHTs are highly scalable, as they can store and retrieve large amounts of data without requiring a
central authority or server to manage the system.
 Efficiency - DHTs provide a efficient way to store and retrieve data, as they use keys to determine the location of
the data in the network.
 Fault tolerance - DHTs are highly fault-tolerant, as they can handle node failures without requiring a central
authority to manage the system.
 Decentralization − DHTs are decentralized, as there is no central authority or server that controls the network.
This makes DHTs more resilient and less vulnerable to downtime or attack.
 Security − DHTs can provide a secure way to store and retrieve data, as the data is distributed across multiple
nodes in the network rather than being stored in a single location. This makes it more difficult for attackers to
access or modify the data.
DISADVANTAGE OF DISTRIBUTED HASH TABLE

• Complexity − DHTs can be complex to implement and maintain, as they require a large number of nodes to
function properly. This can make DHTs more challenging to manage and maintain than other types of distributed
systems.
• Performance − In some cases, DHTs may not perform as well as other types of distributed systems, particularly
when the system is under heavy load or when the network is large and complex.
• Security − While DHTs can provide a secure way to store and retrieve data, they can also be vulnerable to certain
types of attacks, such as distributed denial of service (DDoS) attacks or Sybil attacks.
• Compatibility − DHTs may not be compatible with all types of data or applications, as they may require specific
data structures or formats in order to function properly.
• Limited functionality − DHTs are primarily designed for storing and retrieving data, and may not provide
additional functionality beyond these basic capabilities.