**Post: #1**

new trends in cryptography full report.DOC (Size: 76.5 KB / Downloads: 759)

ABSTRACT

Many organizations are working hard to secure themselves from the

growing threats of message hacking through various trends in

cryptography.Yet the headlines are dominated with the latest news of

message passing disaster more frequently than any time before.This

document intends to review this problem and propose several possible

solutions.The cryptographic industry has been responding to these

threats with ever-quicker responses to the rapid onslaught of malicious

techniques,while corporations establish strict cryptographic

techniques.

Placing an organizations cryptographic techniques at the

desktop level is like closing all the doors in a houseÂ¦..while leaving

windows and other entry points open.The present document discusses

various cryptographic techniques of all times such as the three basic

algorithms namely private key algorithm,,public key algorithm and the

hash functions.The need for having three encryption techniques has

also been encrypted .A detailed discussion has been done on the

classical cryptography and the drawbacks of the classical cryptography

to ensure the need for going to new trends in cryptography like quantum

cryptography,elliptic curve cryptography.These new techniques that has

emerged out of various exploitations in the field of cryptography rises

a fair amount of hope that we can over come the problems we are facing

in a headhoc way.These proven technologies can meet the needs of the

most demanding of environments while their respective focus on

manageability has automated many tasks and simplified administrative

functions through easy-to-use interfaces developed through years of

customer feedback..And at the end of the document we can conclude that

soon we can save secrecy involved in message passing from the dangerous

clutches of message hackers.

1.INTRODUCTION

The Internet or the global Internet is the internationally connected

network of computer networks with addresses that are administrated by

IANA (Internet address and Naming Authority). It grew dramatically

because anyone can connect to it and any one connected to it can

connect others to it as well. Each site that connected to it, can

become an Internet Service provider to other sites Does increased

security provide comfort to paranoid people? Or does security provide

some very basic protections that we are naive to believe that we don't

need? During this time when the Internet provides essential

communication between tens of millions of people and is being

increasingly used as a tool for commerce, security becomes a

tremendously important issue to deal with.

There are many aspects to security and many applications, ranging from

secure commerce and payments to private communications and protecting

passwords. One essential aspect for secure communications is that of

cryptography.This paper has two major purposes. The first is to define

some of

the terms and concepts behind basic cryptographic methods, and to offer

a way to compare the myriad cryptographic schemes in use today. The

second is to provide some real examples of cryptography and new trends

in use today.

I would like to say at the outset that this paper is very focused on

terms, concepts, and schemes in current use and is not a treatise of

the whole field.

2.THE PURPOSE OF CRYPTOGRAPHY

Cryptography is the science of writing in secret code

and is an ancient art; the first documented use of cryptography is

writing dates back to circa 1900 B.C. when an Egyptian scribe used non

-standard hieroglyphs in an inscription. Some experts argue that

cryptography appeared spontaneously sometime after writing was

invented, with applications ranging from diplomatic missives to war-

time battle plans. It is no surprise, then, that new forms of

cryptography came soon after the widespread development of computer

communications. In data and telecommunications, cryptography is

necessary when communicating over any untrusted medium, which includes

just about any network, particularly the Internet.

Within the context of any application-to-application communication,

there are some specific security requirements, including:

Â¢ Authentication: The process of proving one's identity. (The

primary forms of host-to-host authentication on the Internet today are

name-based or address-based, both of which are notoriously weak.)

Â¢ Privacy/confidentiality: Ensuring that no one can read the

message except the intended receiver.

Â¢ Integrity: Assuring the receiver that the received message has

not been altered in any way from the original.

Â¢ Non-repudiation: A mechanism to prove that the sender really

sent this message.

Cryptography, then, not only protects data from theft or alteration,

but can also be used for user authentication. There are, in general,

three types of cryptographic schemes typically used to accomplish these

goals: secret key (or symmetric) cryptography, public-key (or

asymmetric) cryptography, and hash functions, each of which is

described below. In all cases, the initial unencrypted data is referred

to as plaintext. It is encrypted into ciphertext, which will in turn

(usually) be decrypted into usable plaintext.

In many of the descriptions below, two communicating parties will be

referred to as Alice and Bob; this is the common nomenclature in the

crypto field and literature to make it easier to identify the

communicating parties. If there is a third or fourth party to the

communication, they will be referred to as Carol and Dave. Mallory is a

malicious party, Eve is an eavesdropper, and Trent is a trusted third

party.

3.TYPES OF CRYPTOGRAPHIC ALGORITHMS

There are several ways of classifying cryptographic algorithms. For

purposes of this paper, they will be categorized based on the number of

keys that are employed for encryption and decryption, and further

defined by their application and use. The three types of algorithms

that will be discussed are (Figure 1):

Â¢ Secret Key Cryptography (SKC): Uses a single key for both

encryption and decryption

Â¢ Public Key Cryptography (PKC): Uses one key for encryption and

another for decryption

Â¢ Hash Functions: Uses a mathematical transformation to

irreversibly "encrypt" information

A modern crypto device has several essential elements that determine

how it works. First is a crypto algorithm, which specifies the

mathematical transform action that is performed on data to encrypt (or)

decrypt it. Some algorithms are for stream ciphers, which encrypt a

digital data stream a bit at a time, and block ciphers which transform

data in fixed-size blocks, one block at a time the cipher mode defines

how the algorithm is applied block to datastream.

Crypto algorithm is a procedure that takes the plain text data and

transforms it into ciphertext in a reversible way. A good algorithm

produce ciphertext that yields as few clues as possible about either

the key (or) the plain text that produced it.

An important distinction between crypto algorithms is whether they are

secret key (or) public key algorithms.

A secret key algorithm is symmetric, (or) it uses same key for

encryption and also for decryption. The security of secret key

algorithm rests with keeping key itself. Completely secret from others.

Public key algorithm use different keys for encryption an decryption

one key caused private key, must kept secret by its owner and in

general is never shared with anyone else. The other key called public

key will be shared with anyone else. The two will be mathematically

related.

3.1.PRIVATE KEY CRYPTOGRAPHY

A private-key cryptosystem consists of an encryption system E and a

decryption system D. The encryption system E is a collection of

functions E_K, indexed by keys K, mapping some set of plaintexts P

to some set of ciphertexts C. Similarly the decryption system D is a

collection of functions D_K such that D_K(E_K(P)) = P for every

plaintext P. That is, successful decryption of ciphertext into

plaintext is accomplished using the same key (index) as was used for

the corresponding encryption of plaintext into ciphertext. Such

systems, where the same key value is used to encrypt and decrypt, are

also known as symmetric cryptoystems.

3.2.PUBLIC KEY CRYPTOGRAPHY

In a classic cryptosystem, we have encryption functions E_K and

decryption functions D_K such that D_K(E_K(P)) = P for any plaintext

P. In a public-key cryptosystem, E_K can be easily computed from some

public key X which in turn is computed from K. X is published, so

that anyone can encrypt messages. If decryption D_K cannot be easily

computed from public key X without knowledge of private key K, but

readily with knowledge of K, then only the person who generated K can

decrypt messages. That's the essence of public-key cryptography,

introduced by Diffie and Hellman in1976.

3.3. HASH FUNCTIONS

Hash functions, also called message digests and one-way

encryption, are algorithms that, in some sense, use no key (Figure 1C).

Instead, a fixed-length hash value is computed based upon the plaintext

that makes it impossible for either the contents or length of the

plaintext to be recovered. Hash algorithms are typically used to

provide a digital fingerprint of a file's contents, often used to

ensure that the file has not been altered by an intruder or virus. Hash

functions are also commonly employed by many operating systems to

encrypt passwords. Hash functions, then, provide a measure of the

integrity of a file.

4. Why Three Encryption Techniques?

So, why are there so many different types of cryptographic schemes? Why

can't we do everything we need with just one?

The answer is that each scheme is optimized for some specific

application(s). Hash functions, for example, are well-suited for

ensuring data integrity because any change made to the contents of a

message will result in the receiver calculating a different hash value

than the one placed in the transmission by the sender. Since it is

highly unlikely that two different messages will yield the same hash

value, data integrity is ensured to a high degree of confidence.

Secret key cryptography, on the other hand, is ideally suited to

encrypting messages. The sender can generate a session key on a per-

message basis to encrypt the message; the receiver, of course, needs

the same session key to decrypt the message.

Key exchange, of course, is a key application of public-key

cryptography (no pun intended). Asymmetric schemes can also be used for

non-repudiation; if the receiver can obtain the session key encrypted

with the sender's private key, then only this sender could have sent

the message. Public-key cryptography could, theoretically, also be used

to encrypt messages although this is rarely done because secret-key

cryptography operates about 1000 times faster than public-key

cryptography.

5.WHATS WRONG WITH CLASSICAL CRYPTOGRAPHY

The purpose of cryptography is to transmit information in such a way

that access to it is restricted entirely to the intended recipient.

Originally the security of a cryptotext depended on the secrecy of the

entire encrypting and decrypting procedures; however, today we use

ciphers for which the algorithm for encrypting and decrypting could be

revealed to anybody without compromising the security of a particular

cryptogram. In such ciphers a set of specific parameters, called a key,

is supplied together with the plaintext as an input to the encrypting

algorithm, and together with the cryptogram as an input to the

decrypting algorithm.The encrypting and decrypting algorithms are

publicly announced; the security of the cryptogram depends entirely on

the secrecy of the key, and this key must consist of any randomly

chosen, sufficiently long string of bits. Once the key is established,

subsequent communication involves sending cryptograms over a public

channel which is vulnerable to total passive eavesdropping (e.g. public

announcement in mass-media). However in order to establish the key, two

users, who share no secret information initially, must at a certain

stage of communication use a reliable and a very secure channel. Since

the interception is a set of measurements performed by the eavesdropper

on this channel, however difficult this might be from a technological

point of view, in principle any classical key distribution can always

be passively monitored, without the legitimate users being aware that

any eavesdropping has taken place.

Mathematicians have tried hard to solve the key distribution problem.

The 1970s brought a clever mathematical discovery in the shape of

``public key" systems [1,2]. In these systems users do not need to

agree on a secret key before they send the message. They work on the

principle of a safe with two keys, one public key to lock it, and

another private one to open it. Everyone has a key to lock the safe but

only one person has a key that will open it again, so anyone can put a

message in the safe but only one person can take it out. These systems

exploit the fact that certain mathematical operations are easier to do

in one direction than the other. The systems avoid the key distribution

problem but unfortunately their security depends on unproven

mathematical assumptions, such as the difficulty of factoring large

integers (RSA - the most popular public key cryptosystem gets its

security from the difficulty of factoring large numbers. This means

that if and when mathematicians or computer scientists come up with

fast and clever procedures for factoring large integers the whole

privacy and discretion of public-key cryptosystems could vanish

overnight. Indeed, recent work in quantum computation shows that

quantum computers can factorize much faster than classical computers .

6.NEW TRENDS IN CRYPTOGRAPHY

6.1. Elliptic Curve Cryptography

In general, public-key cryptography systems use hard-to-solve problems

as the basis of the algorithm. The most predominant algorithm today for

public-key cryptography is RSA, based on the prime factors of very

large integers. While RSA can be successfully attacked, the mathematics

of the algorithm have not been comprised, per se; instead,

computational brute-force has broken the keys. The defense is "simple"

â€ keep the size of the integer to be factored ahead of the

computational curve! In 1985, Elliptic Curve Cryptography (ECC) was

proposed independently by cryptographers Victor Miller (IBM) and Neal

Koblitz (University of Washington). ECC is based on the difficulty of

solving the Elliptic Curve Discrete Logarithm Problem (ECDLP). Like the

prime factorization problem, ECDLP is another "hard" problem that is

deceptively simple to state: Given two points, P and Q, on an elliptic

curve, find the integer n, if it exists, such that p= nQ. Elliptic

curves combine number theory and algebraic geometry. These curves can

be defined over any field of numbers (i.e., real, integer, complex)

although we generally see them used over finite fields for applications

in cryptography. An elliptic curve consists of the set of real numbers

(x, y) that satisfies the equation:

y2 = x3 + ax + b

The set of all of the solutions to the equation forms the elliptic

curve. Changing a and b changes the shape of the curve, and small

changes in these parameters can result in major changes in the set of

(x,y) solutions.

Figure shows the addition of two points on an elliptic curve. Elliptic

curves have the interesting property that adding two points on the

elliptic curve yields a third point on the curve. Therefore, adding two

points, P1 and P2, gets us to point P3, also on thecurve. Small changes

in P1 or P2 can cause a large change in the position of P3.So let's go

back to the original problem statement from above. The point Q is

calculated as a multiple of the starting point,

P, or, Q = nP. An attacker might know P and Q but finding the integer,

n, is a difficult problem to solve. Q is the public key, then, and n is

the private key.

6.2.QUANTUM CRYPTOGRAPHY

The Heisenberg uncertainty principle and quantum entanglement can be

exploited in a system of secure communication, often referred to as

"quantum cryptography". Quantum cryptography provides means for two

parties to exchange a enciphering key over a private channel with

complete security of communication. There are at least three main types

of quantum cryptosystems for the key distribution, these are:

(A)

Cryptosystems with encoding based on two non-commuting observables

proposed by S.Wiesner (1970), and by C.H.Bennett and G.Brassard (1984)

(B) Cryptosystems with encoding built upon quantum entanglement and the

Bell Theorem proposed by A.K.Ekert (1990)

© Cryptosystems with encoding based on two non-orthogonal state

vectors proposed by C.H.Bennett (1992)

Quantum cryptosystem (A) can be explained with the following simple

example. The system includes a transmitter and a receiver. A sender may

use the transmitter to send photons in one of four polarisations: 0,

45, 90, or 135 degrees. A recipient at the other end uses the receiver

to measure the polarisation. According to the laws of quantum

mechanics, the receiver can distinguish between rectilinear

polarisations (0 and 90), or it can quickly be reconfigured to

discriminate between diagonal polarisations (45 and 135); it can never,

however, distinguish both types. The key distribution requires several

steps. The sender sends photons with one of the four polarisations

which are chosen at random. For each incoming photon, the receiver

chooses at random the type of measurement: either the rectilinear type

or the diagonal type. The receiver records the results of the

measurements but keeps them secret. Subsequently the receiver publicly

announces the type of measurement (but not the results) and the sender

tells the receiver which measurements were of the correct type. The two

parties (the sender and the receiver) keep all cases in which the

receiver measurements were of the correct type. These cases are then

translated into bits (1's and 0's) and thereby become the key. An

eavesdropper is bound to introduce errors to this transmission because

he/she does not know in advance the type of polarisation of each photon

and quantum mechanics does not allow him/her to acquire sharp values of

two non-commuting observables (here rectilinear and diagonal

polarisations). The two legitimate users of the quantum channel test

for eavesdropping by revealing a random subset of the key bits and

checking (in public) the error rate. Although they cannot prevent

eavesdropping, they will never be fooled by an eavesdropper because

any, however subtle and sophisticated, effort to tap the channel will

be detected. Whenever they are not happy with the security of the

channel they can try to set up the key distribution again.

The basic idea of cryptosystems (B) is as follows. A sequence of

correlated particle pairs is generated, with one member of each pair

being detected by each party (for example, a pair of so-called

Einstein-

Podolsky-Rosen photons, whose polarisations are measured by the

parties).

An eavesdropper on this communication would have to detect a particle

to read the signal, and retransmit it in order for his presence to

remain unknown. However, the act of detection of one particle of a pair

destroys its quantum correlation with the other, and the two parties

can easily verify whether this has been done, without revealing the

results of their own measurements, by communication over an open

channel.

CONCLUSION

We use different types of algorithms to establish

security services in different service mechanisms.We use either private

key cryptography or public key cryptography according to requirement.If

we want to send message quickly we use private key algorithm and if we

want to send messages secretely we use public key algorithm.

Hence let us hope that the NEW TRENDS of cryptography saves the

messages from the DANGEROUS CLUTCHES OF MESSAGE HACKERS.

I N D E X

1. INTRODUCTION

2. CRYPTOGRAPHY-PURPOSE

3. TYPES OF CRYPTOGRAPHIC ALGORITHMS

3.1 PRIVATE KEY ALGORITHM

3.2 PUBLIC KEY ALGORITHM

3.3 HASH FUNCTIONS

4. WHY THREE ENCRYPTION TECHNIQUES?

5. CLASSICAL CRYPTOGRAPHY-DRAWBACKS

6. NEW TRENDS IN CRYPTOGRAPHY

6.1 ELLIPTIC CURVE CRYPTOGRAPHY

6.2QUANTUM CRYPTOGRAPHY

7. CONCLUSION

BIBILIOGRAPHY