NETWORK SECURITY & MANAGEMENT

UNIT-2
CRYPTOGRAPHY IN NETWORK
2.1 INTRODUCTION TO SYMMETRIC ENCRYPTION & ASYMMETRIC ENCRYPTION
2.1.1 Symmetric Encryption
Symmetric Encryption is a type of encryption where only one key (a secret key) is used to encrypt and decrypt
electronic data. The entities communicating via symmetric encryption must exchange the key so that it can be
used in the decryption process.
By using symmetric encryption algorithms, data is "scrambled" so that it can't be understood by anyone who
does not possess the secret key to decrypt it. Once the intended recipient who possesses the key has the
message, the algorithm reverses its action so that the message is returned to its original readable form. The
secret key that the sender and recipient both use could be a specific password/code or it can be a random string
of letters or numbers that have been generated by a secure Random Number Generator (RNG).

There are two types of Symmetric Encryption Algorithms:

1) Block Algorithms: Set lengths of bits are encrypted in blocks of electronic data with the use of a
specific secret key. As the data is being encrypted, the system holds the data in its memory as it waits
for complete blocks.
2) Stream Algorithms: Data is encrypted as it streams instead of being retained in the system’s memory.
Some examples of symmetric encryption algorithms include:
1) AES (Advanced Encryption Standard)
2) DES (Data Encryption Standard)
3) IDEA (International Data Encryption Algorithm)
4) Blowfish (Drop-in replacement for DES or IDEA)
5) RC4 (Rivest Cipher 4)
6) RC5 (Rivest Cipher 5)
7) RC6 (Rivest Cipher 6)
AES, DES, IDEA, Blowfish, RC5 and RC6 are block ciphers. RC4 is a stream cipher.
 NETWORK SECURITY & MANAGEMENT

2.1.2 Asymmetric Encryption

Asymmetric encryption, also known as public-key cryptography, is a type of encryption that uses a pair of
keys to encrypt and decrypt data. The pair of keys includes a public key, which can be shared with anyone,
and a private key, which is kept secret by the owner. In asymmetric encryption, the sender uses the recipient’s
public key to encrypt the data. The recipient then uses their private key to decrypt the data. This approach
allows secure communication between two parties without the need for both parties to have the same secret
key. Asymmetric encryption is commonly used in various applications like secure online communication
including email encryption, e-commerce, online banking, digital and secure data transfer. Examples of
asymmetric encryption algorithms include RSA, Diffie-Hellman and Elliptic Curve Cryptography (ECC).
Digital Signature which is used to confirm the legitimacy of digital documents and messages is another
application of it.

Advantages:
1) Enhanced Security: Asymmetric encryption provides a higher level of security compared to symmetric
encryption where only one key is used for both encryption and decryption with asymmetric encryption a
different key is used for each process and the private key is used for decryption is kept secret by the
receiver making, it harder for an attacker to intercept and decrypt the data.
2) Authentication: Asymmetric encryption can be used for authentication purposes which means that the
receiver can verify the sender’s identity.
3) Non-repudiation: Asymmetric encryption also provides non-repudiation which means that the sender
cannot deny sending a message or altering its contents this is because the message is encrypted with the
sender’s private key and only their public key can decrypt it. Therefore, the receiver can be sure that the
message was sent by the sender and has not been tampered with.
4) Key Distribution: Asymmetric encryption eliminates the need for a secure key distribution system that
is required in symmetric encryption with symmetric encryption, the same key is used for both encryption
and decryption and the key needs to be securely shared between the sender and the receiver asymmetric
 NETWORK SECURITY & MANAGEMENT

encryption, on the other hand, allows the public key to be shared openly and the private key is kept secret
by the receiver.
5) Versatility: Asymmetric encryption can be used for a wide range of applications including secure email
communication online banking transactions and e-commerce it is also used to secure SSL/TSL
connections which are commonly used to secure internet traffic.

2.1.3 Difference between Symmetric Encryption and Asymmetric Encryption

Parameters Symmetric Encryption Asymmetric Encryption

It uses a single shared key (secret key) to It uses two different keys for encryption
Keys used
encrypt and decrypt the message. and decryption.
The size of ciphertext in symmetric The size of ciphertext in asymmetric
Size encryption could be the same or smaller encryption could be the same or larger than
than the plain text. the plain text.

It is efficient as this technique is It is inefficient as this technique is used

Efficiency
recommended for large amounts of text. only for short messages.

The encryption process in asymmetric

The encryption process of symmetric encryption is slower as it uses two different
Speed encryption is faster as it uses a single key keys; both keys are related to each other
for encryption and decryption. through a complicated mathematical
process.
It is mainly used in smaller transactions. It
Symmetric encryption is mainly used to
Purpose is used for establishing a secure connection
transmit bulk data.
channel before transferring the actual data.
It is less secure as there is a use of a It is safer as there are two keys used for
Security
single key for encryption. encryption and decryption.
The algorithms used in symmetric
Algorithms encryption are 3DES, AES, DES and RSA, DSA, Diffie-Hellman, ECC.
RC4.
Existence It is an old technique. It is a new technique.
 NETWORK SECURITY & MANAGEMENT

2.2 SUBSTITUTION TECHNIQUES FOR ENCRYPTION AND DECRYPTION

2.2.1 Introduction
The two basic building blocks of all encryption techniques are substitution and transposition. A substitution
technique is one in which the letters of plaintext are replaced by other letters or by numbers or symbols. In
simple terms, the plaintext characters are substituted and additional substitute letters, numerals and symbols
are implemented in their place. If the plaintext is viewed as a sequence of bits, then substitution involves
replacing plaintext bit patterns with ciphertext bit patterns. A character's identity is changed, but its place
remains constant in the substitution technique. There are various methods for substitution techniques such as
Caesar Cipher, Shift Cipher, Monoalphabetic Cipher, Playfair Cipher, Polyalphabetic Cipher (Vigenere
Cipher), One Time Pad (Vernam Cipher), Hill Cipher.

2.2.2 Caesar Cipher Substitution Technique

It is the earliest known use of a substitution cipher and the simplest method. It was invented by Julius Caesar.
The Caesar Cipher involves replacing each letter of the alphabet with the letter standing three places further
down the alphabet. The encryption can be represented using modular arithmetic by first transforming the
letters into numbers.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

The formula of Encryption is:

CT = E (K, PT) = (PT + K) mod 26
The formula of Decryption is:
PT = D (K, CT) = (CT - K) mod 26
Where
PT = Plain Text,
CT = Cipher Text,
K = Key,
E = Encryption,
D = Decryption
In any case, during decryption, if the value becomes negative (-ve), then in that case, 26 will be added to that
particular negative value and then decryption will be carried out.
 NETWORK SECURITY & MANAGEMENT

EXAMPLE:
Plain Text: SECURITY, Key: 3
ENCRYPTION:
Encryption
Plain Text Cipher Text
CT = (PT+3) Mod 26
S (18) (18 + 3) mod 26 = 21 mod 26 = 21 V
E (04) (04 + 3) mod 26 = 07 mod 26 = 07 H
C (02) (02 + 3) mod 26 = 05 mod 26 = 05 F
U (20) (20 + 3) mod 26 = 23 mod 26 = 23 X
R (17) (17 + 3) mod 26 = 20 mod 26 = 20 U
I (08) (08 + 3) mod 26 = 11 mod 26 = 11 L
T (19) (19 + 3) mod 26 = 22 mod 26 = 22 W
Y (24) (24 + 3) mod 26 = 27 mod 26 = 01 B
Cipher Text: VHFXULWB

DECRYPTION:
Decryption
Cipher Text Plain Text
PT = (CT-3) Mod 26
V (21) (21 - 3) mod 26 = 18 mod 26 = 18 S
H (07) (07 - 3) mod 26 = 04 mod 26 = 04 E
F (05) (05 - 3) mod 26 = 02 mod 26 = 02 C
X (23) (23 - 3) mod 26 = 20 mod 26 = 20 U
U (20) (20 - 3) mod 26 = 17 mod 26 = 17 R
L (11) (11 - 3) mod 26 = 08 mod 26 = 08 I
W (22) (22 - 3) mod 26 = 19 mod 26 = 19 T
B (01) (01 - 3) mod 26 = 24 mod 26 = 24 Y
Plain Text: SECURITY

*Calculation for (1-3) mod26:

Here 1 – 3 = -2. Modulo division of negative numbers is not possible. So firstly, we will add 26 to the
negative number i.e. -2+26 = 24. After that modulo division is carried out i.e. 24 mod 26 =24.
 NETWORK SECURITY & MANAGEMENT

Features:
1) Ease of Implementation
2) Speed
3) Symmetric Encryption
4) Weak Security
5) Limited Applicability

2.2.3 Playfair Cipher Technique

The Playfair cipher was invented by Sir Charles Wheatstone, but it was popularized by his friend Lyon
Playfair, hence the name "Playfair Cipher." The Playfair cipher is a digraphic substitution cipher, meaning it
operates on pairs of letters (digraphs) rather than individual letters, which adds an extra layer of complexity
compared to simpler substitution ciphers like the Caesar Cipher. The best-known multiple-letter encryption
cipher is the Playfair. The Playfair algorithm is based on the use of a 5 x 5 matrix of letters constructed using
a keyword. The matrix is constructed by filling in the letters of the keyword (minus duplicates) from left to
right and from top to bottom, and then filling in the remainder of the matrix with the remaining letters in
alphabetic order. The letters I and J count as one letter. Plaintext is encrypted two letters at a time, according
to the following rules:
1) Firstly, break down plain text in the pair of 2. For example, playfair would be pl ay fa ir.
2) While making a pair from plain text, if the last letter is single then add a filler letter such as x. For example,
the technique would be te ch ni qu ex.
3) Repeating plain text letters that are in the same pair are separated with a filler letter such as x. For example,
the balloon would be treated as ba lx lo on.
4) If repeating plain text letters that are in a different pair then there is no need to separate it with any other
filler letter.
5) Two plain text letters that fall in the same row of the matrix are each replaced by the letter to the right, with
the first element of the row circularly following the last.
6) Two plain text letters that fall in the same column are each replaced by the letter beneath, with the top
element of the column circularly following the last.
7) Otherwise, each plain text letter in a pair is replaced by the letter that lies in its own row and the column
occupied by the other plain text letter.
8) For decryption, if two cipher text letters that fall in the same row of the matrix are each replaced by the
letter to the left, with the last element of the row circularly following the first.
9) For decryption, if two ciphertext letters that fall in the same column are each replaced by the letter above,
with the bottom element of the column circularly following the first.
10) Otherwise, each cipher text letter in a pair is replaced by the letter that lies in its own row and the
column occupied by the other cipher text letter.
 NETWORK SECURITY & MANAGEMENT

EXAMPLE:
1) Plain Text: COMPUTER, Key: NETWORK

N E T W O
R K A B C
D F G H I/J
L M P Q S
U V X Y Z

Solution (for encryption):

• First, break plain text into pairs of 2. i.e. CO MP UT ER
• Here CO is in the same column. So, replace it with the below letter in that column. So, CO will be IC.
• Here MP is in the same row. So, replace it with the next letter in that row. So, MP will be PQ.
• Here UT is neither in the same row nor in the same column. Then as per rule 7, UT will be replaced by
XN.
• Here ER is neither in the same row nor in the same column. Then as per rule 7, ER will be replaced by
NK.
• Therefore, the cipher text will be ICPQXNNK.
Solution (for decryption):
• First, break cipher text into a pair of 2. i.e. IC PQ XN NK.
• Here IC is in the same column. So, replace it with the above letter in that column. So, IC will be CO.
• Here PQ is in the same row. So, replace it with the previous letter in that row. So, PQ will be MP.
• Here XN is neither in the same row nor in the same column. Then as per rule 10, XN will be replaced by
UT.
• Here NK is neither in the same row nor in the same column. Then as per rule 10, NK will be replaced by
ER.
2) Plain Text: INSTRUMENTS
Key: MONARCHY

M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
 NETWORK SECURITY & MANAGEMENT

Solution (for encryption):

• First, break plain text into pairs of 2. i.e. IN ST RU ME NT S
• Here, the last letter is single. So as per rule no. 2, add filler letter X.
• Therefore, it would be now IN ST RU ME NT SX.
• Here IN is neither in the same row nor in the same column. Then as per rule 7, IN will be replaced by
GA.
• Here ST is in the same row. So, replace it with the next letter in that row. So, ST will be TL. (Here, T is
the last letter in that particular row. So, it is replaced with the very first letter of that particular row).
• Here RU is neither in the same row nor in the same column. Then as per rule 7, RU will be replaced by
MZ.
• Here ME is in the same column. So, replace it with the below letter in that column. So, ME will be CL.
• Here NT is neither in the same row nor in the same column. Then as per rule 7, NT will be replaced by
RQ.
• Here SX is in the same column. So, replace it with the below letter in that column. So, SX will be XA.
(Here, X is the last letter in that particular column. So, it is replaced with the very first letter of that
particular column).
• Therefore, the cipher text will be GATLMZCLRQXA.
Solution (for decryption):
• First, break cipher text into a pair of 2. i.e. GA TL MZ CL RQ XA.
• Here GA is neither in the same row nor in the same column. Then as per rule 10, GA will be replaced by
IN.
• Here TL is in the same row. So, replace it with the next letter in that row. So, TL will be ST. (Here, L is
the first letter in that particular row. So, it is replaced with the very last letter of that particular row).
• Here MZ is neither in the same row nor in the same column. Then as per rule 10, MZ will be replaced by
RU.
• Here CL is in the same column. So, replace it with the below letter in that column. So, CL will be ME.
• Here RQ is neither in the same row nor in the same column. Then as per rule 10, RQ will be replaced by
NT.
• Here XA is in the same column. So, replace it with the below letter in that column. So, XA will be SX.
(Here, A is the first letter in that particular column. So, it is replaced with the very last letter of that
particular column).
• Therefore, plain text will be INSTRUMENTSX.
 NETWORK SECURITY & MANAGEMENT

Features:
1) Digraphic Substitution
2) Polygraphic Nature
3) Key-Based Encryption
4) Key Table
5) Handling of Odd Letters
6) Letter Pairs
7) Handling Repeated Letters
8) Security

2.2.4 Shift Cipher Technique

Shift Cipher Technique is one of the earliest and simplest known substitution techniques. It is similar to the
Caesar Cipher Technique. The only difference is that in the Caesar cipher, the key value is fixed i.e. 3 whereas
in the shift cipher, the key value ranges from 0 to 25. A given plain text is encrypted into cipher text by shifting
each letter of the plain text by n positions.
The encryption/decryption can be represented using modular arithmetic by first transforming the letters into
numbers.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

The formula of Encryption is:

CT = E (K, PT) = (PT + K) mod 26
The formula of Decryption is:
PT = D (K, CT) = (CT - K) mod 26
In any case, during decryption, if the value becomes negative (-ve), then in that case, 26 will be added to that
particular negative value and then decryption will be carried out.
 NETWORK SECURITY & MANAGEMENT

EXAMPLE:
1)Plain Text: HELLO
Key: 6

ENCRYPTION:
Encryption
Plain Text Cipher Text
CT = (PT+3) Mod 26
H (07) (07 + 06) mod 26 = 13 mod 26 = 13 N
E (04) (04 + 06) mod 26 = 10 mod 26 = 10 K
L (11) (11 + 06) mod 26 = 17 mod 26 = 17 R
L (11) (11 + 06) mod 26 = 17 mod 26 = 17 R
O (14) (14 + 06) mod 26 = 20 mod 26 = 20 U
Cipher Text: NKRRU

DECRYPTION:
Decryption
Cipher Text Plain Text
PT = (CT-3) Mod 26
N (13) (13 - 06) mod 26 = 07 mod 26 = 07 H
K (10) (10 - 06) mod 26 = 04 mod 26 = 04 E
R (17) (17 - 06) mod 26 = 11 mod 26 = 11 L
R (17) (17 - 06) mod 26 = 11 mod 26 = 11 L
U (20) (20 - 06) mod 26 = 14 mod 26 = 14 O
Plain Text: HELLO
 NETWORK SECURITY & MANAGEMENT

2) Plain Text: LAYOUT

Key: 15

ENCRYPTION:
Encryption
Plain Text Cipher Text
CT = (PT+3) Mod 26
L (11) (11 + 15) mod 26 = 26 mod 26 = 00 A
A (0) (00 + 15) mod 26 = 15 mod 26 = 15 P
Y (24) (24 + 15) mod 26 = 39 mod 26 = 13 N
O (14) (14 + 15) mod 26 = 29 mod 26 = 03 C
U (20) (20 + 15) mod 26 = 35 mod 26 = 09 J
T (19) (19 + 15) mod 26 = 34 mod 26 = 08 I
Cipher Text: APNCJI

DECRYPTION:
Decryption
Cipher Text Plain Text
PT = (CT-3) Mod 26
A (0) (00 - 15) mod 26 = 18 mod 26 = 11 L
P (15) (15 - 15) mod 26 = 04 mod 26 = 00 A
N (13) (13 - 15) mod 26 = 02 mod 26 = 24 Y
C (03) (03 - 15) mod 26 = 20 mod 26 = 14 O
J (09) (09 - 15) mod 26 = 17 mod 26 = 20 U
I (08) (08 - 15) mod 26 = 08 mod 26 = 19 T
Plain Text: LAYOUT

*Calculation for (0-15) mod26:

Here 0 – 15 = -15. Modulo division of negative numbers is not possible. So firstly, we will add 26 to the
negative number i.e. -15+26 = 11. After that modulo division is carried out i.e. 11 mod 26 =11.
* The same rule is applicable whenever we get negative value while subtracting key values from cipher
text during decryption.
.
 NETWORK SECURITY & MANAGEMENT

2.2.5 Vigenere Cipher Technique

Vigenere Cipher is a method of encrypting alphabetic text. It uses a simple form of polyalphabetic substitution.
A polyalphabetic cipher is any cipher based on substitution, using multiple substitution alphabets. This
algorithm was first described in 1553 by Giovan Battista Bellaso. It uses a Vigenere Table or Vigenere Square
for encryption and decryption of the text. The Vigenere table is also called the Tabula Recta. There are two
methods to perform the Vigenere cipher.

Method 1:
When the Vigenere table is given, the encryption and decryption are done using the Vigenere table (26 * 26
matrix) in this method.

For generating the key, the given keyword is repeated circularly until it matches the length of
the plain text.
EXAMPLE: The plaintext is "CYBERSECURITY", and the key is "BEST".
C Y B E R S E C U R I T Y
B E S T B E S T B E S T B

ENCRYPTION:
The first letter of the plaintext is combined with the first letter of the key. The column of plain text "C" and
the row of key "B" intersects the alphabet of "D" in the Vigenere table, so the first letter of ciphertext is "D".
 NETWORK SECURITY & MANAGEMENT

Similarly, the second letter of the plaintext is combined with the second letter of the key. The column of plain
text "Y" and the row of key "E" intersect the alphabet of "C" in the Vigenere table, so the second letter of
ciphertext is "C".
This process continues continuously until the plaintext is finished.
Ciphertext = D C T X S W W V V V A M Z

DECRYPTION:
Decryption is done by the row of keys in the Vigenere table. First, select the row of the key letter, find the
ciphertext letter's position in that row, and then select the column label of the corresponding ciphertext as the
plaintext.
D C T X S W W V V V A M Z
B E S T B E S T B E S T B

For example, in the row of the key is "B" and the ciphertext is "D" and this ciphertext letter appears in the
column "C", which means the first plaintext letter is "C".
Next, in the row of the key is "E" and the ciphertext is "C" and this ciphertext letter appears in the column
"Y", which means the second plaintext letter is "Y".
This process continues continuously until the ciphertext is finished.
Plaintext = CYBER SECURITY

Method 2:
When the Vigenere table is not given, the encryption and decryption are done by the algebraic formula in this
method (convert the letters (A-Z) into the numbers (0-25)).

The formula of Encryption is:

Ei = (Pi + Ki) mod 26
The formula of Decryption is:
Di = (Ei - Ki) mod 26

*If any case (Di) value becomes negative (-ve), in this case, we will add 26 to the negative value.
Where,
E denotes the encryption, D denotes the decryption, P denotes the plaintext, K denotes the key.
Note: "i" denotes the offset of the ith number of the letters, as shown in the table below.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
 NETWORK SECURITY & MANAGEMENT

EXAMPLE:
Plaintext: CYBER SECURITY
Key: BEST
ENCRYPTION:
Ei = (Pi + Ki) mod 26

Plaintext C Y B E R S E C U R I T Y

Plaintext value (P) 02 24 01 04 17 18 04 02 20 17 08 19 24

Key B E S T B E S T B E S T B

Key value (K) 01 04 18 19 01 04 18 19 01 04 18 19 01

Ciphertext value (E) 03 02 19 23 18 22 22 21 21 21 00 12 25

Ciphertext D C T X S W W V V V A M Z

Cipher Text: D C T X S W W V V V A M Z

DECRYPTION:
Di = (Ei - Ki) mod 26
If any case (Di) value becomes negative (-ve), in this case, we will add 26 to the negative value.
Like, the second letter of the ciphertext;
C = 02 and E = 04
D1 = (02 - 04) mod 26 = -2 mod 26 = (-2 + 26) mod 26 = 24 mod 26 = 24

Ciphertext D C T X S W W V V V A M Z

Ciphertext value (E) 03 02 19 23 18 22 22 21 21 21 00 12 25

Key B E S T B E S T B E S T B

Key value (K) 01 04 18 19 01 04 18 19 01 04 18 19 01

Plaintext value (P) 02 24 01 04 17 18 04 02 20 17 08 19 24

Plaintext C Y B E R S E C U R I T Y

Plain Text: CYBER SECURITY

 NETWORK SECURITY & MANAGEMENT

2.2.6 One-Time Pad (Vernam Cipher) Technique

One Time Pad algorithm is the improvement of the Vernam Cipher, proposed by an Army Signal Corp officer,
Joseph Mauborgne. It is the only available algorithm that is unbreakable (completely secure). It is a method
of encrypting alphabetic plain text. In this mechanism, we assign a number to each character of the Plain-Text.
Method to take key:
In the Vernam cipher algorithm, we take a key to encrypt the plain text whose length should be equal to the
length of the plain text.

ENCRYPTION:
Treat each plaintext character as a number in an increasing sequence from a = 0, b= 1 … z = 25. Do the same
for each character of the Key/ OTP. Add each number corresponding to the plain text character to the
corresponding character of the key. If the produced cipher text is greater than 25; then subtract 26 from it.
Convert each number of the cipher text into corresponding alphabet characters.

EXAMPLE:
Plaintext: COMPUTER
Key: SECURITY

Plain C O M P U T E R
Text (02) (14) (12) (15) (20) (19) (04) (17)
Key/ S E C U R I T Y
OTP (18) (04) (02) (20) (17) (08) (19) (24)
PT + 35 37 27 41
20 18 14 23
Key 35-26=09 37-26=11 27-26=01 41-26=15
Cipher U S O J L B X P
Text (20) (18) (14) (09) (11) (01) (23) (15)
Cipher Text: USOJLBXP

DECRYPTION:
Treat each cipher text character as a number in an increasing sequence from a = 0, b= 1 … z = 25. Do the
same for each character of the key/ OTP. Subtract each number corresponding to the cipher text character to
the corresponding key character number. If the produced cipher text is a negative number; then add 26 to it.
Convert each number of the plain text into the corresponding alphabet character.
 NETWORK SECURITY & MANAGEMENT

Cipher U S O J L B X P
Text (20) (18) (14) (09) (11) (01) (23) (15)
Key/ S E C U R I T Y
OTP (18) (04) (02) (20) (17) (08) (19) (24)
-11 -06 -07 -09
CT - Key 02 14 12 -11+26 -06+26 -07+26 04 -09+26
= 15 = 20 =19 =17
Plain
C O M P U T E R
Text
Plain Text: COMPUTER

2.2.7 Hill Cipher Technique

The Hill Cipher was invented by Lester S. Hill in 1929 and like the other digraphic ciphers, it acts on groups
of letters. Unlike the others though it is extendable to work on different-sized blocks of letters. So, technically
it is a polygraphic substitution cipher, as it can work on digraphs, trigraphs (3 letter blocks) or theoretically
any sized blocks.
The Hill Cipher uses an area of mathematics called linear algebra and in particular, requires the user to have
an elementary understanding of matrices. It also makes use of modulo arithmetic. Because of this, the cipher
has a significantly more mathematical nature than some of the others. However, it is this nature that allows it
to act (relatively) easily on larger blocks of letters.

ENCRYPTION:
To encrypt the text using a hill cipher, we need to perform the following operation.
E (K, P) = (K * P) mod 26
Where K is the key matrix and P is plain text in vector form. Matrix multiplication of K and P generates the
encrypted ciphertext.
Step 1: Convert the key using a substitution scheme into a n * n key matrix.
Step 2: Now, we will convert our plain text into vector form. Since the key matrix is n * n, the vector must be
n * 1 for matrix multiplication. (Suppose the key matrix is 2x2, a vector will be a 2x1 matrix.)
Step 3: Multiply the key matrix with each n * 1 plain text vector, and take the modulo of the result by 26.

DECRYPTION:
To encrypt the text using a hill cipher, we need to perform the following operation.
D (K, C) = (K-1 * C) mod 26
Where K is the key matrix and C is the ciphertext in vector form. Matrix multiplication of the inverse of key
matrix K and ciphertext C generates the decrypted plain text.
 NETWORK SECURITY & MANAGEMENT

Step 1: Calculate the inverse of the key matrix. First, we need to find the determinant of the key matrix (must
be between 0-25). Here the Extended Euclidean algorithm is used to get the modulo multiplicative inverse of
the key matrix determinant
Step 2: Now, we multiply the n * 1 blocks of ciphertext and the inverse of the key matrix. The resultant block
after concatenation is the plain text that we have encrypted.

EXAMPLE:
1) Plain Text: HI
Key: BEAT

Solution (Encryption):
Convert key into 2*2 matrix and then convert it into numeric form (A = 0, B = 1 ……. Z = 25)
𝐵 𝐸 1 4
[ ]=[ ]
𝐴 𝑇 0 19
𝐻 7
Convert plain text into a 2*1 matrix and then convert it into numeric form. P = [ ] = [ ]
𝐼 8
E = KP mod 26
1 4 7
=[ ] [ ] mod 26
0 19 8
1∗7+4∗8
=[ ] mod 26
0 ∗ 7 + 19 ∗ 8
7 + 32
=[ ] mod 26
0 + 152
39
=[ ] mod 26
152
13
=[ ]
22
𝑁
=[ ]
𝑊
Cipher Text = NW

2) Plain Text: CIPHER

Key: HILL
Solution:
Convert key into 2*2 matrix and then convert it into numeric form (A = 0, B = 1 ……. Z = 25)
𝐻 𝐼 7 8
K=[ ]=[ ]
𝐿 𝐿 11 11
Here, plain text of 2*1 is only possible. So, break the given plain text into 3 parts of a 2*1 matrix and then
convert it into numeric form.
𝐶 2
P1 = [ ] = [ ]
𝐼 8
 NETWORK SECURITY & MANAGEMENT

𝑃 15
P2 = [ ] = [ ]
𝐻 7
𝐸 4
P3 = [ ] = [ ]
𝑅 17
E = E1 + E2 + E3
= K P1 mod 26 + K P2 mod 26 + K P3 mod 26
7 8 2 7 8 15 7 8 4
=[ ] [ ] mod 26 + [ ] [ ] mod 26 + [ ] [ ] mod 26
11 11 8 11 11 7 11 11 17
78 161 164
=[ ] mod 26 + [ ] mod 26 + [ ] mod 26
110 242 231
0 5 8
=[ ]+[ ]+[ ]
6 8 23
𝐴 𝐹 𝐼
=[ ]+[ ]+[ ]
𝐺 𝐼 𝑋
Cipher Text = AGFIIX

Features:
1) Matrix-Based Encryption
2) Key Matrix
3) Modular Arithmetic
4) Block Processing
5) Key Generation
6) Padding

2.3 TRANSPOSITION TECHNIQUE: RAIL FENCE CIPHER

2.3.1 Introduction
Transposition Technique rearranges the position of the plain text’s characters. In the transposition technique,
the position of the character is changed but the character’s identity is not changed. Transposition is a type of
encryption technique where the positions of the letters in the plaintext message are rearranged to form a
ciphertext message. This technique does not alter the letters themselves but rather the order in which they
appear. Rail Fence Technique and Columnar Transposition are the most commonly used transposition
techniques.

2.3.2 Rail Fence Cipher Technique

The rail fence cipher (also called a zigzag cipher) is a form of transposition cipher. It derives its name from
how it is encoded.
 NETWORK SECURITY & MANAGEMENT

ENCRYPTION:
In the rail fence cipher, the plain text is written downwards and diagonally on successive rails of an imaginary
fence. When we reach the bottom rail, we traverse upwards moving diagonally, after reaching the top rail, the
direction is changed again. Thus, the alphabets of the message are written in a zig-zag manner. After each
alphabet has been written, the individual rows are combined to obtain the cipher text.
For example, if the message is THIS IS SECRET MESSAGE” and the number of rails (key) = 3 then the
cipher is prepared as:

T I C M A
H S S E R T E S G
I S E S E

Its encryption will be done row-wise. Therefore, the cipher text will be: TICMAHSSERTESGISESE

DECRYPTION:
Let cipher-text = “TICMAHSSERTESGISESE”, and Key = 3
Number of columns in matrix = length of cipher-text = 13
Number of rows = key = 3
Hence original matrix will be of 3*19, now marking places with text as ‘*’ or any other symbol ( - ).
The decryption process for the Rail Fence Cipher involves reconstructing the diagonal grid used to encrypt
the message. We start writing the message, but leaving a dash in place of the spaces yet to be occupied.
Gradually, you can replace all the dashes with the corresponding letters and read off the plaintext from the
table.
We start by making a grid with as many rows as the key is and as many columns as the length of the ciphertext.
We then place the first letter in the top left square and dash diagonally downwards where the letters will be.
When we get back to the top row, we place the next letter in the ciphertext. Continue like this across the row,
and start the next row when you reach the end
Here the ciphertext received is " TICMAHSSERTESGISESE ", encrypted with a key of 3, you start by placing
the "T" in the first square. You then dash the diagonal down spaces until you get back to the top row and place
the "I" here.

- - - - -
- - - - - - - - -
- - - - -
 NETWORK SECURITY & MANAGEMENT

T I C M A
- - - - - - - - -
- - - - -

Continuing to fill the rows you get the pattern below

T I C M A
H S S E R T E S G
- - - -

T I C M A
H S S E R T E S G
I S E S E

2.4 ASYMMETRIC ENCRYPTION: DIGITAL SIGNATURE

A digital signature is an electronic, encrypted stamp of authentication on digital information such as messages.
The digital signature confirms the integrity of the message. This signature ensures that the information
originated from the signer and was not altered, which proves the identity of the organization that created the
digital signature. Any change made to the signed data invalidates the whole signature.
The use of digital signatures is important because they can ensure end-to-end message integrity and can also
provide authentication information about the originator of a message.

To be the most effective, the digital signature must be part of the application data so that it is generated at the
time the message is created.
Then, the signature is verified at the time the message is received and processed.
You can choose to sign the entire message or sign parts of the message (even overlapping parts of a message
can be signed).
You can choose to sign only parts of a message if a part of the message must be modified before it reaches the
consumer.
In this scenario, if the entire message was signed, the whole signature is invalidated if even one part of the
message is modified.
 NETWORK SECURITY & MANAGEMENT

A digital signature for an electronic message is created by using a form of cryptography and is equivalent to a
personal signature on a written document. A digital certificate owner combines the data to be signed with their
private key and then transforms the data with an algorithm. The recipient of the message uses the
corresponding certificate public key to decrypt the signature. The public key decryption also verifies the
integrity of the signed message and verifies the sender as the source. Only the organization with the private
key can create the digital signature. However, anyone who has access to the corresponding public key can
verify the digital signature.

The steps of the digital signature process are as follows:

1) The sender computes a message digest (with an algorithm such as RSA or SHA1) and then encrypts
the digest with their private key, which forms the digital signature. Multiple signatures and signature
formats can be attached to a message, each referencing different (or even overlapping) parts of the
message.
2) The sender transmits the digital signature with the message.
3) The receiver decrypts the digital signature with the public key of the sender, thus regenerating the
message digest.
4) The receiver computes a message digest from the message data that was received and verifies that the
two digests are the same. If these digests match, the message is both intact and authentic.

When a content creator digitally signs a message, the signature must meet the following criteria to be
valid:
1) The certificate that is associated with the digital signature is current (not expired).
2) The certificate that is associated with the digital signature is issued to the signing publisher by a
reputable certificate authority (CA). The CA signs certificates that it issues. The signature consists of
a data string that is encrypted with the private key of the CA. Any user can then verify the signature
on the certificate by using the CA public key to decrypt the signature.
3) The publisher (the signing organization), is trusted.
 NETWORK SECURITY & MANAGEMENT

A Digital Signature is used to assure:

1) Authenticity:
The identity of the organization that sent the message (the message signer) is confirmed.
2) Integrity:
The message content was not changed or tampered with since it was digitally signed.
3) Nonrepudiation:
The origin of the signed content is verified to all parties so the message signer cannot deny association
with the signed content.