Digital signing is a mechanism for certifying the origin and the integrity of electronically transmitted information. In the process of digitally signing, additional information - called a digital signature - is added to the given document, calculated using the contents of the document and some private key. At a later stage, this information can be used to check the origin of the signed document. The mathematical base of the digital signing of documents is public key cryptography.

This work presents the theory behind digital signatures, signature schemes and attacks on signatures and provides a survey of application areas of the digital signing technology. Moreover, there are lab exercises developed in Mathlab, to reinforce the understanding of this technology.

1. Introduction

The Concise Oxford Dictionary (2006) defines cryptography as the art of writing or solving codes, however modern cryptography does not met this definition. Therefore, this work starts with a literature review defining some key concepts, like what cryptography and cryptographic system are and the different types of cryptographic system are presented. The other interesting and preliminary concept is the notion of cryptosystem functions which are also discussed in the introductory section. Furthermore, it is stated that public-key encryption represents a revolution in the field of cryptography, and this work poses some basic definitions on this topic trying to explain the theory behind. The rest of the literature review is concentrated on public key cryptography and it focuses on the theory behind digital signatures, signature schemes and attacks on signatures. And finally, the literature review presents a survey of application areas on digital signatures.

One part of the contribution of this work, is an overview of the secure hash standard (SHS) and implementation of the secure hash algorithm (SHA-1), required for use with digital signature algorithms. The main part though, is the implementation of AES and RSA by utilizing Mathlab. The code of all these implementations is thoroughly discussed and explained in this work. Moreover, a comparison is also presented subsequently.

2. Cryptography

The Greek words “krypt´os” standing for “hidden” and the word “l´ogos” that means “word”, are in essence the base from where the word cryptology was derived. As these words denote, cryptology can be best explained by the meaning “hidden word”. In this context, the original purpose behind cryptology is hiding the meaning of some specific combination of words which in turn would insure secrecy and confidentiality. This is a very limited viewpoint in today’s perspective and a wide range of security applications and issues now come under the term of cryptology (rest of the portion of this section will clarify this point of view). As field of mathematical science, Cryptology includes the study of both cryptanalysis as well as cryptography. On one hand, cryptography is a very broad term and represents any process used for data protection. On the other hand, the study of security related issues and the probabilities of breaking the cryptographic systems and a technique is known as cryptanalysis. By making reference to (Shirey, 2000), the field cryptanalysis can be best described as the “mathematical science that deals with analysis of a cryptographic system in order to gain knowledge needed to break or circumvent the protection that the system is designed to provide.” In simple words, cryptanalyst can be regarded as the opponent of the cryptographer i.e. he/she has to get around the security which cryptographer devised on his/her part.

(Buchmann, 2004) claims that a cryptographic system (or in short a cryptosystem) describes “a set of cryptographic algorithms together with the key management processes that support use of the algorithms in some application context.” This is a diverse explanation that includes all sorts of cryptographic algorithms as well as protocols. However, hidden parameters like cryptographic keys may or may not be used by a cryptographic system (Delfs, 2007). Similarly, participants of the undergoing communication may or may not share those secret parameters. Thus, cryptographic can be classified into following three types: a cryptographic system in which no secret parameters are employed (called an un-keyed cryptosystem); a cryptosystem which makes use of secret parameters and at the same time shares the parameters between the participants (known as a secret key cryptographic system); and a system that utilizes the secret parameters, but not sharing them with the participants (called a public key cryptographic system) (Shirey, 2000; Buchmann, 2004).

Cryptography aims at designing and implementing cryptographic systems and utilizing such systems which are secure effectively. The first a formal definition about the term cryptography dates from relatively past time. Back then, the approach known by the name “security through obscurity” was being used (Dent, 2004). There are a lot of examples based on this approach by which security of the system was improved by keeping internal working and design secret. Majority of those systems do not serve the purpose and security may well be violated. The Kerckhoffs’ principle is a very famous cryptographic principle which states that (Kerckhoffs, 1883):

“Except for parameters clearly defined to be secret, like the cryptographic keys, a cryptosystem must be designed in such a way as to be secure even with the case that the antagonist knows all details about the system”.

However, it might be noted that one important aspect is that a cryptosystem is perfectly securing theoretically grounds, but it may not remain the same when implemented practically. Different possibilities of generating attacks on security of such systems can arise while having the practical implementation (Anderson, 1994). Attacks which make use of exploitation of side channel information are the examples of such attacks. If a cryptosystem is executed, it can result in the retrieval of side channel information with unspecified inputs and outputs (Anderson, 1994). In encryption systems, the input is plaintext message plus the key, while the specific output is the cipher text. Thus, there are chances on information leakage. Power consumption, timing characteristics along with the radiation of all types are some examples in this regard. On the other hand, side channel attacks are the types of network attacks which extract side channel information. Since the mid 1990s there were many different possibilities have been found by the researchers in order to build up side channel attacks. A few examples in this regard are the differential power analysis (Bonehl, 1997), and fault analysis (Biham, 1997; Kocher, 1999) as well as the timing attacks (Kocher, 1996). It is a very practical statement that any computation performed on real computer systems represents some physical phenomena which can be examined and analyzed to provide information regarding the keying material being employed. Cryptography does not help to cope with this situation because of the inherent nature of this problem.

2.1 Cryptosystem functions

Other than the usual random bit generators as well as the hash functions, there are no secret parameters that are used in cryptosystem functions. These are the junketed functions that characterize the cryptographic system functions. In cryptographic functions, the elements used are usually one-way and it is difficult or almost impossible to invert them. This follows that it is easy to compute a cryptographic function whereas it is hard to invert the functions and also to compute the results of the relationships (Kerckhoffs, 1883). It is difficult to apply any mathematical method for inverting the cryptographic system functions in a way that will be coherent and meaningful. For example, a cryptographic system functions such as F: X → Y is easy to comfortably use mathematical knowledge to compute while it is hard to use the same to invert (Buchmann, 2004; Shirey, 2000).

There are many examples of one-way functions that we can use to demonstrate the meaning of the cryptosystems. In a situation where one has stored numbers on the cell phone, computation of the same is possible and easy due to the fact that the names are stored in an alphabetical manner (Garrett, 2001). If one inverts the relationship of these functions, it will be impossible to compute because the numbers are not arranged numerically in the storage phonebook. It is notable that a lot of other things that we do in daily life are comparable to cryptosystem function in the sense that you cannot invert or undo them. For example, if one breaks a glass, the process is one way because it is not possible for these pieces to be restored together again (Goldreich, 2004). Similarly, when one drops something into water, it is not practically possible to reverse the action of dropping this item (Mao, 2003). The English corresponding action would be to un-drop the item as opposed to picking it. Cryptosystem functions cannot be demonstrated as purely one-way and this is the branching point between cryptosystem functions and the real world of things and circumstances. The only one-way functions in mathematics can be exemplified by discrete exponentiation, modular power and modular square functions. Public key cryptography uses these functions in its operations but it has not been well documented whether they are really one-way or not. There has been debate in practice whether one-way functions really exist in the first place or not (Garrett, 2001). In the recent day cryptographic discussions a lot of care should be applied when referring to the one-way functions so as not to interfere or make false claims to the functional attributes of these parameters. There is a need to look for extra information and knowledge concerning one-way functions so that efficient and meaningful inversions are possible and mathematically coherent.

Therefore, functions such as F: X → Y is considered to be a one-way function (Koblitz, 1994; Schneier, 1996). This follows that if F can successfully and coherently inverted, the need for extra information is needed. This will hence bring the notion of the meaning of the other parameters in relation to F. Computer science uses the hash functions in its operations. This is because these functions are computable and generates output dependent on the input that was used (Katz, 2007; Koblitz, 1994).

3. Digital signatures

The public-key encryption presents a revolution in the field of cryptography and until its invention the cryptographers had relied completely on common, secret keys in order to achieve confidential communication (Smart, 2003). On the contrary, the public-key techniques, allow for the parties to communicate privately without the requirement to decide on a secret key in advance. While the concept of private-key cryptography is presented as two parties agree on a secret keyk which can be used (by either party) for both encryption and decryption; public-key encryption is asymmetric in both these respects (Stinson, 2005). Namely, in public-key encryption:

  • One party (the receiver) generates a pair of keys (pk, sk), where pk is called the public key and ps is the private key,
  • The public key is used by a sender to encrypt a message for the receiver, and
  • The receiver uses the private key to decrypt that message.

There three parts of information form part of public key certificate:

  • Some naming information
  • A Public key
  • Digital signatures (this can be one or more)

Encryptions and digital signatures were introduced to make the web transactions secure and manageable. The use of cryptographic techniques was applied to enhance and provide security layer such that the encrypted information and files would remain secure and confidential. Very frequently, a digital signature is mistaken with the inverse of a public-key encryption, but this is not entirely true. In the history, a digital signature could be obtained by reversing, but today in the majority of the situations this process would be impossible to be performed.

Basically, a digital signature is a form of a mathematical scheme for signifying the genuineness of a digital message. A valid digital signature would provide a proof to the person that receives the message or the document that these information is indeed created by a specified sender. Moreover, it would prove that message or the document was not altered during the transportation. Digital signatures are usually used for software distribution or mainly money transactions, where it is very important to detect the possibility of forgery.

As a part of the field in asymmetric cryptography, it might be noted that a digital signature is somehow equivalent of the traditional handwritten signatures. On the other hand, in order to be effective, a digital signature should be correctly implemented. Another very important concept is the notion of non-repudiation. This means that if somebody signs a document by using a digital signature, they can not say that it was not signed by them, even though their private key remains as a secret. On the other hand, there is a time stamp, so that even if the private key of a sender is compromised in future, the digital signature will remain valid. Examples of such messages are:

  • electronic mail
  • contracts
  • messages sent via some cryptographic protocol

A digital signature usually is comprised of:

  • An algorithm for producing a key. This algorithm would find a private key by chance from all the possible private keys available. Then it will output that private key with a matching public key.
  • A signing algorithm that, given a message and a private key, produces a signature.
  • A signature authenticating algorithm that, given a message, public key and a signature, it will accept or reject the message.

Primary, a signature produced from a fixed message and a private key verifies that the genuineness of that message is ok, by means of the matching public key. Then, it has to be computationally infeasible to make an appropriate signature for a party that doesn’t have the private key

4. Algorithms

4.1. Introduction to SHS

This section provides an overview of the secure hash standard (SHS) and implementation of the secure hash algorithm (SHA-1), required for use with digital signature algorithms.

SHA-1 is used for computing a compressed version of a message or a data file. If that data has a length smaller than 264 buts, then the output will be 160-bit and is called a message digest. The message digest used for an input to the Digital Signature Algorithm (DSA). This algorithm will verify the signature for the message. Signing the message digest instead of the originall message itself, might advance the effectiveness of the procedure. This is since the message digest is usually much slighter in size than the original message. Very important is that the same hash algorithm should be used by both the verifier and the digital signature creator.

The usage of the SHA-1 with the DSA can be presented as follows:

Interesting for SHA-1 is that it is computationally impossible to discover a message which matchs to a given digest. Moreover, it is also impossible to find two dissimilar messages which create an identical message digest.

4.2. Implementation of SHA-1

The following functions were implemented for the SHA-1 algorithm:

Name of source file: secure_hash_algorithm.m. Function in the source file: secure_hash_algorithm (message). This function takes an input a string of characters.

Example: "Hello, How are you? How is it going on?" - Output is the message digest, the hash value of the message. Thus, the hash value of the above message is "F418F52AE6DC208599F91191E6C40FA876F33754".

Name of source file: arithematic_shift_operations.m. Function in the source file: arithematic_shift_operations (number, position, op). The inputs are:

  • number: it is a hexadecimal large number of any size. The number is represented in base 16 and is stored as a string. Ex: ‘FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF’

  • position: the number of positions to be shifted by. It is a decimal number in base 10.

  • Op: it is the type of operation done. Inputs are ‘SRA’ -> shift right arithematic and ‘SLA’ -> shift left arithematic.

For example, the function:

  • Name of source file: bi2hex.m. Function in the source file: bi2hex (number). The input to this function is a vector of ones and zeros and the result is a hexadecimal output represented in string. For example, for the input “Number = [1 1 1 1]” bi2hex (Number) returns ‘F’ and for “Number = [1 1 1 1 0 0 0 1 ]” bi2hex (Number) returns ‘F1’.
  • Name of source file: hex2bi.m. Function in the source file: hex2bi (number). The input to this function is a number stored in form of a string in base 16 and the result is a vector containing the binary representation of input string. For example, for the input “Number = ‘F’ ”, hex2bi (Number) returns “[1 1 1 1]” and for “Number = ‘F1’ “, bi2hex (Number) returns “[1 1 1 1 0 0 0 1]”.
  • Name of source file: hexadecimal_big_number_adder.m. Function in the source file: hexadecimal_big_number_adder (number_one, number_two). The inputs to this function are numbers stored in hexadecimal string format. Output is the result, a hexadecimal string and carry, a decimal number. After using this function, it has to be checked if the carry is generated, Incase if it is generated then the carry has to be appended in the beginning to the result. For example:

Number_one = ‘FFFFFFFF’

Number_two = ‘EEEEEEEE’

[result, carry] = hexadecimal_big_number_adder (Number_one, Number_two)

Result = ‘EEEEEEED’ , carry = 1;

Hence the real sum is Result = strcat(dec2hex(0), Result); this results to ‘1EEEEEEED’

Name of source file: hexadecimal_big_number_subtractor.m. Function in the source file: hexadecimal_big_number_subtractor(number_one, number_two). The inputs to this function are numbers stored in hexadecimal string format. Output is the result, a hexadecimal string and sign, a decimal number. If sign is -1, then the result generated is a negative number else is a positive number. . For example:

Number_one= ‘EEEEEEEE’

Number_two= ‘FFFFFFFF’

[result, sign] = hexadecimal_big_number_subtractor(Number_one, Number_two)

Result = ‘11111111’

Sign = -1.

Name of source file: hexadecimal_big_number_multiprecision_multiplication.m. Function in the source file: hexadecimal_big_number_multiprecision_multiplication(multiplicand, multiplier). The input is a multiplicand stored in string format is a hexadecimal number. And so is multiplier. The output is a result and is stored in form of a string. For example:

multiplicand= ‘EEEEEEEE’

multiplier= ‘FFFFFFFF’

hexadecimal_big_number_multiprecision_multiplication(multiplicand, multiplier)

result is ‘EEEEEEED11111112’

Name of source file: comparision_of.m. Function in the source file: comparision_of(number_one, number_two, index). This function compares two numbers in hexadecimal format stored in form of strings. Always input index as decimal 1. Therefore, it:

Returns 1 if Number_one > Number_two,

Returns 0 if Number_one = Number_two, and

Returns -1 if Number_one < Number_two.

For example, if

Number_one= ‘EEEEEEEE’

Number_two= ‘FFFFFFFF’, the result would be:

comparision_of(Number_one, Number_two, 1) returns -1.

Name of source file: hexadecimal_big_number_modular_exponentiation.m. Function in the source file: hexadecimal_big_number_modular_exponentiation (base, exponent, modulus). This function calculates (power(base, exponent) % modulus). Here the input base, exponent and modulus are hexadecimal strings of any size. For example:

Base = ‘FFF’

Exponent = ‘EEE’

Modulus = ‘AAAA’

hexadecimal_big_number_modular_exponentiation (Base, Exponent, Modulus) returns ‘8BAB’

Name of source file: hexadecimal_big_number_multiplicative_inverse.m. Function in the source file: Z = hexadecimal_big_number_multiplicative_inverse(number_one, number_two). This function returns multiplicative inverse of number_two modulo number_one. If az = 1 (mod m) then z is the multiplicative inverse of a mod m. Here “number_one = m”, “number_two = a”, “number_one = ‘FFFF’ ”, “number_two = ‘1235’ “ andresult is ‘634D’, which in turn is the multiplicative inverse of number_two.Hence :

(result * number_two) mod number_one = 1

  • Name of source file: hexadecimal_big_number_test_for_primality.m. Function in the source file: hexadecimal_big_number_test_for_primality(number). The input to this function is an ODD number stored in hexadecimal format as a string. This function returns 1 if the input is a prime and returns -1 if input is composite.
  • Name of source file: power_of_two_conversion_to_hexadecimal.m. Function in the source file: power_of_two_conversion_to_hexadecimal(power). The input is the number, the power to which two has to be raised to. It is a decimal number and the output is a hexadecimal number in form of string. For example, power_of_two_conversion_to_hexadecimal(4) returns ‘10’ i.e 16 in decimal system.
  • Name of source file: hexadecimal_big_number_division.m. Function in the source file: hexadecimal_big_number_division (dividend, divisor). This function returns quotient and remainder both in hexadecimal string format. The inputs to this function are strings of hexadecimal format. This function uses other two functions in turn which are defined in source file Get_multiplier.m, multiplication_by_single_digit_multiplier.m.
  • Name of source file: remove_leading_zeros.m. Function in the source file: remove_leading_zeros (number). This function takes number in hexadecimal string format as input and removes the leading zeros in the string and returns it. For example, if “Number = ‘000000012345’ “, then the function returns ‘12345’.

Some of the most prominent functions are presented in Appendix A.

4.3. Introduction to MD5

The MD5 Message-Digest Algorithm is a extensively utilised in cryptographic hash functions. Basically this is the case for cryptographic hash functions with a 128-bit (16-byte) hash value. MD5 is used in many security applications, and in addition it is frequently used to check data integrity. An MD5 hash is typically expressed as a 32-digit hexadecimal number.

The following figure represents a schematic view of the MD5 Message-Digest Algorithm.

4.4. Implementation of MD5

This algorithm would compute MD5 hash function for files. For example, if as input is given the d = md5(FileName), then the function md5() will computes the MD5 hash function of the file specified in the string FileName. This function will returns it as a 64-character array dwhere d is the digest. The following methodology that the MD5 algorithm was implemented:

  • Initially, the function Digestis called.
  • This function would read the whole file, and will make it uint32 vector

FileName = 'C:\\md5InputFile.txt'

[Message,nBits] = readmessagefromfile(FileName);

Then, it would append a bit in the last one that was read from that file:

BytesInLastInt = mod(nBits,32)/8;

if BytesInLastInt

Message(end) = bitset(Message(end),BytesInLastInt*8+8);


Message = [Message; uint32(128)];


Consequetly, it will append the zeros:

nZeros = 16 - mod(numel(Message)+2,16);

Message = [Message; zeros(nZeros,1,'uint32')];

And a bit length of the original message as uint64, such as the lower significant uint32 first:

Lower32 = uint32(nBits);

Upper32 = uint32(bitshift(uint64(nBits),-32));

Message = [Message; Lower32; Upper32];

The 64-element transformation array is:

T = uint32(fix(4294967296*abs(sin(1:64))));

The 64-element array of number of bits for circular left shift:

S = repmat([7 12 17 22; 5 9 14 20; 4 11 16 23; 6 10 15 21].',4,1);

S = S(:).';

Finally, the 64-element array of indices into X can be presented as:

idxX = [0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ...

1 6 11 0 5 10 15 4 9 14 3 8 13 2 7 12 ...

5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2 ...

0 7 14 5 12 3 10 1 8 15 6 13 4 11 2 9] + 1;

The initial state of the buffer is consisting of A, B, C and D. such as:

A = uint32(hex2dec('67452301'));

B = uint32(hex2dec('efcdab89'));

C = uint32(hex2dec('98badcfe'));

D = uint32(hex2dec('10325476'));

The message is reshaped, such as:

Message = reshape(Message,16,[]);

The look between the blocks, such that X is an extraction of the next block:

for iBlock = 1:size(Message,2)

X = Message(:,iBlock);

The buffer states are stored as:

AA = A;

BB = B;

CC = C;

DD = D;

The buffer is transformed by utilizing the X block from above, and the parameters from S, T and idxX

k = 0;

for iRound = 1:4

for q = 1:4

A = Fun(iRound,A,B,C,D,X(idxX(k+1)),S(k+1),T(k+1));

D = Fun(iRound,D,A,B,C,X(idxX(k+2)),S(k+2),T(k+2));

C = Fun(iRound,C,D,A,B,X(idxX(k+3)),S(k+3),T(k+3));

B = Fun(iRound,B,C,D,A,X(idxX(k+4)),S(k+4),T(k+4));

k = k + 4;



The old buffer state is also being added:

A = bitadd32(A,AA);

B = bitadd32(B,BB);

C = bitadd32(C,CC);

D = bitadd32(D,DD);


The message digest is being formed the following way:

Str = lower(dec2hex([A;B;C;D]));

Str = Str(:,[7 8 5 6 3 4 1 2]).';

Digest = Str(:).';

The subsequent functionality is performed by the following operations:

function y = Fun(iRound,a,b,c,d,x,s,t)

switch iRound

case 1

q = bitor(bitand(b,c),bitand(bitcmp(b),d));

case 2

q = bitor(bitand(b,d),bitand(c,bitcmp(d)));

case 3

q = bitxor(bitxor(b,c),d);

case 4

q = bitxor(c,bitor(b,bitcmp(d)));


y = bitadd32(b,rotateleft32(bitadd32(a,q,x,t),s));

And the bits are rotated such as:

function y = rotateleft32(x,s)

y = bitor(bitshift(x,s),bitshift(x,s-32));

The sum function is presented as:

function sum = bitadd32(varargin)

sum = varargin{1};

for k = 2:nargin

add = varargin{k};

carry = bitand(sum,add);

sum = bitxor(sum,add);

for q = 1:32

shift = bitshift(carry,1);

carry = bitand(shift,sum);

sum = bitxor(shift,sum);



A message is being read frm a file, such as:

function [Message,nBits] = readmessagefromfile(FileName)

[hFile,ErrMsg] = fopen(FileName,'r');


Message = fread(hFile,inf,'ubit32=>uint32');


d = dir(FileName);

nBits = d.bytes*8;

Lastly, the auto test function is the following:

function md5autotest

disp('Running md5 autotest...');

Messages{1} = '';

Messages{2} = 'a';

Messages{3} = 'abc';

Messages{4} = 'message digest';

Messages{5} = 'abcdefghijklmnopqrstuvwxyz';

Messages{6} = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';

Messages{7} = char(128:255);

CorrectDigests{1} = 'd41d8cd98f00b204e9800998ecf8427e';

CorrectDigests{2} = '0cc175b9c0f1b6a831c399e269772661';

CorrectDigests{3} = '900150983cd24fb0d6963f7d28e17f72';

CorrectDigests{4} = 'f96b697d7cb7938d525a2f31aaf161d0';

CorrectDigests{5} = 'c3fcd3d76192e4007dfb496cca67e13b';

CorrectDigests{6} = 'd174ab98d277d9f5a5611c2c9f419d9f';

CorrectDigests{7} = '16f404156c0500ac48efa2d3abc5fbcf';

TmpFile = tempname;

for k=1:numel(Messages)

[h,ErrMsg] = fopen(TmpFile,'w');




Digest = md5(TmpFile);

fprintf('%d: %s\n',k,Digest);

if ~strcmp(Digest,CorrectDigests{k})

error('md5 autotest failed on the following string: %s',Messages{k});




disp('md5 autotest passed!');

4.4.1 Results

This algorithm is tested with the input: university of Portsmouth department of electronic and computer engineering. This was written on the file: “C://md5InputFile.txt”. The outpus results are as in the following fugures:

Textual description of the output results follows:


FileName = C:\\md5InputFile.txt Running md5 autotest... FileName =


1986621045 1769173605 1864399220 1867522150 1836282994 1752462703 1885692960 1836348001 544501349 1696622191 1952671084 1768845170 1851859043 1868767332 1953853549 1696625253 1852401518 1769104741 26478

1: 3129b41fa9e7159c2a03ad8c161a7424

FileName =


1986621045 1769173605 1864399220 1867522150 1836282994 1752462703 1885692960 1836348001 544501349 1696622191 1952671084 1768845170 1851859043 1868767332 1953853549 1696625253 1852401518 1769104741 26478

2: 3129b41fa9e7159c2a03ad8c161a7424

FileName =


1986621045 1769173605 1864399220 1867522150 1836282994 1752462703 1885692960 1836348001 544501349 1696622191 1952671084 1768845170 1851859043 1868767332 1953853549 1696625253 1852401518 1769104741 26478

3: 3129b41fa9e7159c2a03ad8c161a7424

FileName =


1986621045 1769173605 1864399220 1867522150 1836282994 1752462703 1885692960 1836348001 544501349 1696622191 1952671084 1768845170 1851859043 1868767332 1953853549 1696625253 1852401518 1769104741 26478

4: 3129b41fa9e7159c2a03ad8c161a7424

FileName =


1986621045 1769173605 1864399220 1867522150 1836282994 1752462703 1885692960 1836348001 544501349 1696622191 1952671084 1768845170 1851859043 1868767332 1953853549 1696625253 1852401518 1769104741 26478

5: 3129b41fa9e7159c2a03ad8c161a7424

FileName =


1986621045 1769173605 1864399220 1867522150 1836282994 1752462703 1885692960 1836348001 544501349 1696622191 1952671084 1768845170 1851859043 1868767332 1953853549 1696625253 1852401518 1769104741 26478

6: 3129b41fa9e7159c2a03ad8c161a7424

FileName =


1986621045 1769173605 1864399220 1867522150 1836282994 1752462703 1885692960 1836348001 544501349 1696622191 1952671084 1768845170 1851859043 1868767332 1953853549 1696625253 1852401518 1769104741 26478

7: 3129b41fa9e7159c2a03ad8c161a7424 md5 autotest passed!

4.5. Introduction to Caesar cipher

The Caesar cipher in cryptography, is in essence a shift cipher. It represents as one of the simplest and most widely known encryption methodologies. The Caesar cipher is a kind of substitution cipher. It means that each letter in a given plaintext is replaced by another letter. This is done due shifting by some fixed number of positions down the alphabet. Julius Caesar was the first to use this cipher to communicate with his generals, therefore it was named after him.

Nowadays, the encryption step performed by a Caesar cipher is frequently included as part of more compound schemes. One example is the Vigenère cipher, with modern purpose in the ROT13 system. Like with all sole alphabet substitution ciphers, also the Caesar cipher is easily broken without sufficient amount of security involved.

4.6. Implementation of Caesar cipher

The implementation of the Caesar cipher is basically composed of encryption and decryption methods.

The decryption is formed in the following way:










disp(' ')

disp('Cipher Text C =')


disp(' ')

disp('Plain Text')

The encryption can be presented as:

if k>26

error('Key must be in rang from 1 to 26')











disp(' ')

disp('Plain Text P=')


disp(' ')

disp('Cipher Text ')

4.6.1. Results

INPUT FOR caesar_E.m:

P=University of Portsmouth k=3 OUTPUT FOR caesar_E.m:

Plain Text P=University of Portsmouth Cipher Text ans =Xqlyhuvlwb ri Sruwvprxwk

INPUT FOR caesar_D.m:

C=Xqlyhuvlwb ri Sruwvprxwk k=3 OUTPUT FOR caesar_D.m:

Cipher Text C =Xqlyhuvlwb ri Sruwvprxwk Plain Text ans = University of Portsmouth

4.7. Introduction to DSA

The digital signature algorithm (DSA) is considered to be a United States Federal Government standard. Moreover, it is usually referred to as the FIPS for digital signatures. Initially in August 1991, it was projected by the National Institute of Standards and Technology (NIST). It was intended for use in the Digital Signature Standard (DSS). This algorithm has a key generation process composed of two phases. The first phase is a selection of algorithm factors. These can be united linking dissimilar consumers of a system (Buchmann, 2004):

“Choose an approved SHA-2 hash functions are approved for use in the current DSS. The hash output may be truncated to the size of a key pair.

Decide on a key length L and N. This is the primary measure of the cryptographic strength of the key. The original DSS constrained L to be a multiple of 64 between 512 and 1024 (inclusive). NIST 800-57 recommends lengths of 2048 (or 3072) for keys with security lifetimes extending beyond 2010 (or 2030), using correspondingly longer N. FIPS 186-3 specifies L and N length pairs of (1024,160), (2048,224), (2048,256), and (3072,256).

Choose an N-bit prime q. N must be less than or equal to the hash output length.

Choose an L-bit prime modulus p such that p–1 is a multiple of q.

Choose g, a number whose multiplicative order modulo p is q. This may be done by setting g = h(p–1)/q mod p for some arbitrary h (1 < h < p-1), and trying again with a different h if the result comes out as 1. Most choices of h will lead to a usable g; commonly h=2 is used.”

In important observation at this point is that the algorithm parameters (p, q, g) may be shared.

The second phase computes private and public keys for a single user (Buchmann, 2004):

“Choose x by some random method, where 0 < x<q.

Calculate y = gx mod p.

Public key is (p, q, g, y). Private key is x.”

There exist well-organized algorithms for calculating the modular exponentiations:

  • ha mod p, and
  • gx mod p,

One of them is exponentiation by squaring.

The signing process of this algorithm occurs in the following way (Buchmann, 2004):

“Let H be the hashing function and m the message:

  • Generate a random per-message value k where 0 < k < q
  • Calculate r = (gk mod p) mod q
  • Calculate s = (k−1(H(m) + x*r)) mod q
  • Recalculate the signature in the unlikely case that r=0 or s=0
  • The signature is (r,s)”

And finally, the verifying process of this algorithm happens in the following way (Buchmann, 2004):

“Reject the signature if 0 < r < q or 0 < s < q is not satisfied.

Calculate w = (s)−1 mod q

Calculate u1 = (H(m)*w) mod q

Calculate u2 = (r*w) mod q

Calculate v = ((gu1*yu2) mod p) mod q

The signature is valid if v = r”

4.8. Implementation of DSA

The implementation of this algorithm is presented as follows:


for i=1:16









for i=1:16








IP=[58,50,42,34,26,18,10,2,60,52,44,36,28,20,12,4,62,54,46,38,30,22,14,6,64,56,48,40,32,24,16,8, 57,49,41,33,25,17,9,1,59,51,43,35,27,19,11,3,61,53,45,37,29,21,13,5,63,55,47,39,31,23,15,7];

E=[32, 1, 2, 3, 4, 5;

4, 5, 6, 7, 8, 9;

8, 9,10,11,12,13;






S1=[14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7;

0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8;

4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0;

15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13];

S2=[15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 5, 13, 12, 0, 5, 10;

3, 13, 4, 7, 15, 2, 8, 15, 12, 0, 1, 10, 6, 9, 11, 5;

0, 14, 8, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15;

13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14,9];

S3=[10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8;

13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1;

13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7;

1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12];

S4=[7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15;

13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9;

10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4;

3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 4, 2, 14];

S5=[2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9;

14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6;

4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14;

11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3];

S6=[12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 4, 7, 5, 11;

10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8;

9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6;

4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13];

S7=[4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1;

13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6;

1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2;

6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12];

S8=[13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7;

1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2;

7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8;

2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11];





%%----------------µÚþ²½ ³õʼÖû»IP--------------------------------




%% -----------------µÚÈý²½£º²úÉú×ÓÃÜÔ¿------------------------------





for i=1:16

if i==1||i==2||i==9||i==16%µÚ1¡¢2¡¢9¡¢16ÂÖÑ­»·×óÒÆ1λ










%% -----------------µÚÈý²½£º16ÂÖÑ­»·¼ÓÃÜ----------------------------


for i=1:16













































































pos=find(C_IIP~=' ');


for i=1:4:61





4.9. Introduction to RSA

In the field of cryptography, the RSA algorithm is an algorithm for public-key cryptography. It Rivest, Shamir and Adleman, that were the persons who first publicly described it.

It is assumed that the RSA algorithm is in essence the first algorithm recognized to be appropriate for signing as well as encryption. This is the one of the primary vast progresses in public key cryptography. RSA is used in many application domains, extensively used in electronic commerce protocols as well. It is believed to be adequately protected known for its satisfactorily long keys.

It is composed of the following stages: Key generation, Encryption and decryption.

In the key generation, RSA involves a public key and a private key.

The public key can be exposed to everybody and is used for encrypting messages. Messages encrypted with the public key. But they can only be decrypted using the private key. The keys for the RSA algorithm are generated the following way (Buchmann, 2004):

  1. “Choose two distinct prime numbers p and q.
    • For security purposes, the integers p and q should be chosen at random, and should be of similar bit-length. Prime integers can be efficiently found using a primality test.
  2. Compute n = pq.
    • n is used as the modulus for both the public and private keys
  3. Compute φ(n) = (p–1)(q–1), where φ is Euler's totient function.
  4. Choose an integer e such that 1 < e < φ(n) and gcd(e,φ(n)) = 1, i.e. e and φ(n) are coprime.
    • e is released as the public key exponent.
    • e having a short bit-length and small Hamming weight results in more efficient encryption - most commonly 0x10001 = 65537. However, small values of e (such as 3) have been shown to be less secure in some settings.
  5. Determine d = e–1 mod φ(n); i.e. d is the multiplicative inverse of e mod φ(n).
    • This is often computed using the extended Euclidean algorithm.
    • d is kept as the private key exponent.”

The public key consists of:

  • the modulus n and
  • the public (or encryption) exponent e.

The private key consists of:

the private (or decryption) exponent d.

This component must be kept secret.

The encryption can be explained as follows(Buchmann, 2004):

“Alice transmits her public key (n,e) to Bob and keeps the private key secret. Bob then wishes to send message M to Alice.

He first turns M into an integer m, such that 0 < m < n by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext c corresponding to

c = me (mod n).

This can be done quickly using the method of exponentiation by squaring. Bob then transmits c to Alice.”

The decryption can be explained as follows(Buchmann, 2004):

“Alice can recover m from c by using her private key exponent d via computing

m = cd (mod n).

Given m, she can recover the original message M by reversing the padding scheme.”

4.10. Implementation of RSA

The computation core of the RSA algorithm can be presented as follows:

function [c,out,p,q,n,e,d] = rsacore(val)








format long g

The chunk of characters to be transmitted in one time

cut_length = 50;

The number of bit for RSA modulus n and thenumber of bit for e are presented as:

bit = 1024;

e_bit = 64;

The initial computation can be presented as:

X = bit/2;

X = num2str(X);





The generation of p and q is:

temp = randint(1,1,3000);

for j = 1:temp





on and e are computed, such as:



TEMP = 0;

while TEMP ~= '1'

XX = num2str(e_bit);





TEMP = maple('gcd(e,temp)');


d is computed, such as:

maple('d:=e&^(-1) mod temp');

p = maple('p');

q = maple('q');

n = maple('n');

e = maple('e');

d = maple('d');

p> In order to make n and e public and to encrypt m using available n and e:

m = val;

[m_int2 padd] = mesgcut(m,cut_length);

m_int2 = double(m_int2);

m_char = intconcat(m_int2);

[s1 s2] = size(m_char);

The computation of the Cipher is done in the following way:

c = [];

out = [];

for j = 1:s1


maple('c:=((m&^e) mod n)');

c_temp = maple('c');

c = [c c_temp];

And the decryption:

maple('m:=((c&^d) mod n)');

m_out = maple('m');

if length(m_out) == ((cut_length*3)-1)

m_out = ['0' m_out];

elseif length(m_out) == ((cut_length*3)-2)

m_out = ['0' '0' m_out];


l = 1;

m_out_int = [];

for k = 1:length(m_out)/3

m_out_temp = [m_out(l) m_out(l+1) m_out(l+2)];

m_out_int_temp = str2num(m_out_temp);

m_out_int = [m_out_int m_out_int_temp];

l = l+3;


out = [out char(m_out_int)];


out = out(1:((s1*cut_length)-padd));

4.9. Introduction to AES

In the field of cryptography, the Advanced Encryption Standard (AES) is a symmetric-key encryption. This standard was initially adopted by the U.S. government. The standard contains three block ciphers:

  • AES-128,
  • AES-192, and
  • AES-256.

These were adopted from a larger assortment, originally published as Rijndael. Each of them has a 128-bit block size. Their key sizes are of 128, 192 and 256 bits correspondingly. The AES ciphers have been analyzed at length and at the present are used internationally. This also happened the AES’s ancestor, namely the Data Encryption Standard (DES).

On November 26, 2001, AES was proclaimed by National Institute of Standards and Technology (NIST). This happened after a 5-year regularity process in which 15 rival designs were presented. They were all assessed before Rijndael was selected as the most suitable. It became effective as a “Federal government standard” on May 26, 2002. It is obtainable in many dissimilar encryption packages.

Interesting information is that AES is the first openly available and open cipher accepted by the NSA for top secret information.

There are basically 4 steps employed in this algorithm (Buchmann, 2004):

  • “KeyExpansion—round keys are derived from the cipher key using Rijndael's key schedule
  • Initial Round
  • AddRoundKey—each byte of the state is combined with the round key using bitwise xor Rounds
  • SubBytes—a non-linear substitution step where each byte is replaced with another according to a lookup table.
  • ShiftRows—a transposition step where each row of the state is shifted cyclically a certain number of steps.
  • MixColumns—a mixing operation which operates on the columns of the state, combining the four bytes in each column.
  • AddRoundKey

Final Round (no MixColumns)

  • SubBytes

  • ShiftRows

  • AddRoundKey”

The schematic view of the SubBytes step, is presented as follows:

In the ShiftRows step, the bytes in each row of the position are shifted cyclically to the left. It differs for each row how the number of places each byte is shifted.

In the MixColumns step, each column of the state is multiplied with a fixed polynomial c(x).

Using the XOR operation (⊕), in the AddRoundKey step, each byte of the state is joint with a byte of the round sub key

4.10. Implementation of AES

The following is the most prominent implementation, devised for the cipher text. The rest of the code is provided in the source files.

function plaintext = inv_cipher (ciphertext, w, inv_s_box, inv_poly_mat, vargin)

% If there is an optional "verbose mode" argument

if nargin > 0

% Switch the verbose mode flag on

verbose_mode = 1;

% If there is no optional "verbose mode" argument


% Switch the verbose mode flag off

verbose_mode = 0;


% If the input vector is a cell array or does not have 16 elements

if iscell (ciphertext) | prod (size (ciphertext)) ~= 16

% Inform user and abort

error ('Ciphertext has to be a vector (not a cell array) with 16 elements.')


% If any element of the input vector cannot be represented by 8 bits

if any (ciphertext < 0 | ciphertext > 255)

% Inform user and abort

error ('Elements of ciphertext vector have to be bytes (0 = ciphertext(i) = 255).')


% If the expanded key array is a cell arrray or does not have the correct size

if iscell (w) | any (size (w) ~= [44, 4])

% Inform user and abort

error ('w has to be an array (not a cell array) with [44 x 4] elements.')


% If any element of the expanded key array can not be represented by 8 bits

if any (w < 0 | w > 255)

% Inform user and abort

error ('Elements of key array w have to be bytes (0 = w(i,j) = 255).')


% Copy the 16 elements of the input vector column-wise into the 4 x 4 state matrix

state = reshape (ciphertext, 4, 4);

% Display intermediate result if requested

if verbose_mode

disp_hex ('Initial state : ', state)


% Copy the last 4 rows (4 x 4 elements) of the expanded key

% into the current round key.

% Transpose to make this column-wise

round_key = (w(41:44, :))';

% Display intermediate result if requested

if verbose_mode

disp_hex ('Initial round key : ', round_key)


% Add (xor) the current round key (matrix) to the state (matrix)

state = add_round_key (state, round_key);

% Loop over 9 rounds backwards

for i_round = 9 : -1 : 1

% Display intermediate result if requested

if verbose_mode

disp_hex (['State at start of round ', num2str(i_round),' : '], state)


% Cyclically shift the last three rows of the state matrix

state = inv_shift_rows (state);

% Display intermediate result if requested

if verbose_mode

disp_hex ('After inv_shift_rows : ', state)


% Substitute all 16 elements of the state matrix

% by shoving them through the S-box

state = sub_bytes (state, inv_s_box);

% Display intermediate result if requested

if verbose_mode

disp_hex ('After inv_sub_bytes : ', state)


% Extract the current round key (4 x 4 matrix) from the expanded key

round_key = (w((1:4) + 4*i_round, :))';

% Display intermediate result if requested

if verbose_mode

disp_hex ('Round key : ', round_key)


% Add (XOR) the current round key (matrix) to the state (matrix)

state = add_round_key (state, round_key);

% Display intermediate result if requested

if verbose_mode

disp_hex ('After add_round_key : ', state)


% Transform the columns of the state matrix via a four-term polynomial.

% Use the same function (mix_columns) as in cipher,

% but with the inverse polynomial matrix

state = mix_columns (state, inv_poly_mat);


% Display intermediate result if requested

if verbose_mode

disp_hex ('State at start of final round : ', state)


% Cyclically shift the last three rows of the state matrix

state = inv_shift_rows (state);

% Display intermediate result if requested

if verbose_mode

disp_hex ('After inv_shift_rows : ', state)


% Substitute all 16 elements of the state matrix

% by shoving them through the inverse S-box

state = sub_bytes (state, inv_s_box);

% Display intermediate result if requested

if verbose_mode

disp_hex ('After inv_sub_bytes : ', state)


% Extract the "first" (final) round key (4 x 4 matrix) from the expanded key

round_key = (w(1:4, :))';

% Display intermediate result if requested

if verbose_mode

disp_hex ('Round key : ', round_key)


% Add (xor) the current round key (matrix) to the state (matrix)

state = add_round_key (state, round_key);

% Display intermediate result if requested

if verbose_mode

disp_hex ('Final state : ', state)


% reshape the 4 x 4 state matrix into a 16 element row vector

plaintext = reshape (state, 1, 16);

5. Advantages and Disadvantages

Advantages and Disadvantages in RSA

One of the disadvantages found in the implementation of RSA, is that it always involves the need to find a way how to represent and compute multi precision integers. It was already discussed that the recent sizes for RSA parameters are 1024 bits and above.

On a software level implementation, one advantage of RSA is that the exchange of the size of parameters engages only small alterations to the code. Sometimes, it is possible though, for a change during implementation phase in a way that the size of operands can be distorted easily.

Another advantage on a software level implementation again, is simply the piece of information that it is very easy to change RSA parameters. This would only involve editing a few lines of code. The requirement for this advantage is usually caused by a revealed decryption key. For example, when the RSA is implemented, there is always the risk of disclosure of important information. This holds especially for the decryption key, assuming that the software will not be run in particularly protected environments (this is the case in general).

Therefore, reading the memory of the system the implementation is running on is one approach to gather valuable information. Another advance is to decompile the RSA program file (written in binary). Then if this code is read, the decryption key can be determined out of the source code. There are some approaches to offset these attempts. This would be achieved from safe software environments, in such a way as to access controlled and safe computer centres.

The main disadvantage of a RSA implementation can be considered the continuous repeated use of the expensive modular decrease process. After each multiplication while performing a modular exponentiation that in turn can be actually considered as the main RSA operation – will lead to a blockage.

General Advantages and Disadvantages

The greatest asset of using a Digital Signature is that the writing or communication cannot be revised or sunbaked with during its journeying. Tho' the credit or the substance itself is not encrypted, the Digital Tune contains grievous content around the properties of the document, which if changed in anyway would fail the assemblage unity test.

Moreover, Digital Signatures are also used to declare the identity of the transmitter and recipient. The content or writing that is transferred over a exoteric mesh is subscribed and verified using particular broadcast of lottery which are only notable to the sender or acquirer. Thence, digitally signing a writing would collateral the memory of set as healed as ameliorate in exactly directive the content to the faction entity. Additionally, Digital Signatures also acquaint the idea of non-repudiation which implementation that neither the set nor the earpiece can keep sending or receiving a peculiar writing or message. Moreover Digital Signatures can also comprise automatic familiar and reading stamps, which score a censorious let security concerns, subject sympathy issues as healthy as money. Though the use of Digital Signatures is rattling regent way to unafraid and authenticate a content or document, its advantages are hampered by unsaved or thievery of keys and the use of unguarded hardware facilities. Furthermore, a name of Digital Manner reference exist which are incompatible with apiece opposite and there is a severe impoverishment of a canonical finished which these they can interact. Also the use of Digital Tune required further money to be spent by the playing in order to obtain Digital Strain (Bennett, 2009)

6. Comparison of Results and CrypTool

CrypTool is a free software that comes with a buit-in graphical interface. With this tool, crypto functions and algorithms can be analysed. This tool contains all of the cryptography functions.

CrypTool was used to derive comparison between the MatLab code and the one generated with this tool. Here follow some images of this investigation.

The usage of CrypTool is rather simple. Here is how it can be used for the Ceasars cypher:

Visualization of DES:

Some other way of examining algorithms and comparing them with Matlab is the ANIMAL framework. Here it can be noticed that after the permutation input block, by using vector IV, K is permutes with PC1 and PC2.

Here the the main function f of DES is being presented.

Here are some methods for the RSA algorithm:

This is a way with which the floating frequency can be detected:

Automatic analysis was also used:


Regarding DES, here is how a weak key was determined:

When it comes to comparison with other files, here is what was performed:

Using all these analysis and Cryptool, it can be noted that the Mathlab algorithms were behaving in a correct manner.

7. Security issues and attacks on DS algorithms

Some of the most prominent attacks come from the notion of having two messages that in essence have same hash value. Then, there are these types of attacks that are targeting ASCII text derived from hash collision exploration. This is done in a way as the ASCII texts can be customized/edited if non-printable characters are replaced or amended. Now, this activity will not change the visible content. Then, what else can be done is to change some texts meanwhile searching for a hash collision. Other types are the birthday attacks, or the general attack that can be performed on any kind of a hash function. Then one might have a side channel attack – and for this RSA encryption with 128-Bit session keys might be sufficint example, given that the secter key is stored on a server and uses 128-Bit decryption and does not check for zero padding. Some examples are given as follows:

MD5, this are results from attack:

Here is an attack for RSA:

7.1 RSA attacks

Some other notions basically related to RSA, are presented below:

Message SpaceSearch

This issue comes with the possibility to encrypt every possible message, since the encryption algorithms are publically available and known. However, this does nto happen in real life because the sizes of the blocks are usually very large.

Guessing d

Other feasible commencement is a glorious ciphertext criticism. This case the attacker knows both the plaintext and ciphertext (they but has to encrypt something). They then try to get the key to name the private exponent, d. This power relate trying every fermentable key in the system on the ciphertext until it returns to the example plaintext. Formerly d has been observed it is unchaste to make the factors of n (for representative use the algorithm in chapter 8 of The Handbook of Applied Writing). Then the system has been broken completely and all further with this onset is that it is lento. There are an large signaling of workable ds to try. This method is a factorizing algorithm as it allows us to factor n. Since factorizing is an stubborn difficulty we know this is real fractious. This method is not the fastest way to resolve n. Thus one is advisable to focus sweat into using a many competent algorithm specifically designed to figure n. This advice was surrendered in the new report.

Round Snipe

This flak is really akin to the ending. The intention is that we encrypt the ciphertext repeatedly, numeration the iterations, until the creative book appears. This wares of re-cycles module decrypt any ciphertext. Again this method is very largo and for a broad key it is not a practicable criticize. A idea of the commencement allows the modulus to be factored and it complex faster the figure of the example. But steady this give allay mortal effort when a astronom

{used. Also the use of p-- vehement primes aids the security.

The underside lie is that the unspecialised spring of the figure assault is another factoring formula. It is not economic, and thence the beginning is not unspoilt enough compared with moderne factoring algorithms (e.g. Confine Field Strain).

I detected an melioration on this rule. The advisable way is to use the unexclusive power of the national key to re-encrypt the schoolbook. Still any exponent should occupation so semipermanent as it is coprime to (p-1).(q-1) (where p, q are factors of the modulus). So I evince using an exponent specified as 216 + 1. This determine has only two 1s in its star agency. Using star andantino exponentiation, we use only 16 modular squarings and 1 modular procreation. This is belike to be faster than the real semipublic exponent. The affect is that we cannot be certain that it is coprime to (p-1).(q-1). In recitation, numerous RSA systems use 216 + 1 as the encrypting power for its modify.

Usual Modulus

One of the earlier weaknesses institute was in a system of RSA where the users within an activity would apportion the semipublic modulus. That is to say, the tenure would decide the national modulus securely and make pairs of encryption and coding exponents (unrestricted and offstage keys) and deal them all the employees/users. The justification for doing this is to neaten it expedient to handle and to correspond software for.

However, Simmons shows how this would yield any eavesdropper to vista any messages encrypted with two keys; for example when a note is dispatched to several employees. DeLaurentis went boost to demonstrate how the grouping was at steady writer risk from insiders, who could outdo the system completely, allowing them to canvass all messages and opposition with anybody's key.

Imperfect Encryption

Joye and Quisquater showed how to provide on the general modulus impuissance due to a transient misstatement when transmitting the unrestricted key. Moot the state where an attacker, Writer, has admittance to the act communicating utilised by Alice and Bob. In otherwise words, Author can listen to anything that is transmitted, and can also commute what is transmitted. Alice wishes to speak privately to Bob, but does not know his world key. She requests by sending an net mail, to which Bob replies. But during sending, Malory is able to see the semi-public key and decides to sky a solitary bit in the national index of Bob, dynamical (e,n) to (e',n).

When Alice receives the imperfect key, she encrypts the embattled communication and sends it to Bob (Writer also gets it). But of pedagogy, Bob cannot decipher it because the criminal key was victimized. So he lets Alice mate and they concord to try again, play with Bob re-sending his semi-public key. This example Author does not interfere. Alice sends the communication again, this minute encrypted with the penalize open7 key.

Writer now has two cipher texts, one encrypted with the imperfect exponent and one with the right one. She also knows both these exponents and the unexclusive modulus. Thence she can now touch the average modulus knock to recollect Alice's communication, forward that Alice was preposterous sufficiency to encrypt just the one communication the 2nd instance.

A demonstration of the Unwashed Modulus assault and the Imperfect Coding round can be found in the Mathematica notebook.

Low Exponent

In the commencement cutting above, umpteen RSA systems use e=3 to kind encrypting faster. Nonetheless, there is vulnerability with this crime. If the assonant message is encrypted 3 nowadays with incompatible keys (that is synoptically index, dissimilar module) then we can recollect the message. The assail is based on the Asiatic Residue Theorem. The Enchiridion of Applied Coding contains an explanation and formula.

Factoring the National Key

Factoring the unexclusive key is seen as the mortal way to go about cracking RSA.

7.2 AES attacks

Some known AES attacks can be summarized as follows:

For cryptographers, a cryptological "outgo" is anything faster than a brute strength onslaught - disagreeable every workable key. Thus, an flak against a 256-bit-key AES requiring 2200 transaction (compared to 2256 viable keys) would be reasoned a occurrence, even though 2200 operations would soothe deal far thirster than the age of the aggregation to realised. The largest booming publicly-known brute f


AES has a fair linear algebraic description. In 2002, a hypothetical assault, termed the "XSL criticism", was announced by Nicolas Courtois and Josef Pieprzyk, purporting to convey a weakness in the AES rule due to its obtuse description. Since then, remaining writing mortal shown that the flak as originally presented is unworkable; see XSL struggle on obstruction ciphers.

During the AES enation, developers of competing algorithms wrote of Rijndael, "...we are haunted some [its] use...in security-critical applications." Yet, at the end of the AES affect, Bacteriologist Schneier, a developer of the competing formula Twofish, wrote that spell he intellection made educator attacks on Rijndael would be formulated someday, "I do not believe that anyone present ever learn an onrush that faculty forecast someone to record Rijndael interchange."

On July 1, 2009, Bacteriologist Schneier blogged about a related-key move on the 192-bit and 256-bit versions of AES, unconcealed by Alex Biryukov and Dmitry Khovratovich, which exploits AES's somewhat oblanceolate key schedule and has a quality of 2119. In December 2009 it was restored to 299.5. This is a follow-up to an formulation determined originally in 2009 by Alex Biryukov, Dmitry Khovratovich, and Ivica Nikolic, with a complexity of 296 for one out of every 235 keys. Added flack was blogged by Bacteriologist Schneier on July 30, 2009 and released as a preprint on Honourable 3, 2009. This new onrush, by Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir, is against AES-256 that uses exclusive two collateral keys and 239 measure to return the good 256-bit key of a 9-round edition, or 245 moment for a 10-round variant with a stronger typewrite of impressive against pregnant AES.

In Nov 2009, the no. known-key identifying assault against a reduced 8-round type of AES-128 was free as a preprint. This known-key distinguishing act is an status of the recover or the start-from-the-middle attacks for AES-like permutations, which study two uninterrupted rounds of variation as the coating of a so-called Super-Sbox. It works on the 8-round variant of AES-128, with a example complexity of 248, and a remembering complexness of 232.

In July 2010 Vincent Rijmen published an ironic paper on "chosen-key-relations-in-the-middle" attacks on AES-128.

7.3 DES attacks

Some known DES attacks can be summarized as follows:

There are troika attacks noted that can holdup the grumbling 16 rounds of DES with little complexity than a brute-force search: calculation science (DC), lengthwise cryptanalysis (LC), and Davies' criticism. Still, the attacks are abstract and are unfeasible to bed in drill[acknowledgment necessary]; these types of flak are sometimes termed certificational weaknesses.

Reckoning cryptography was rediscovered in the tardily 1980s by Eli Biham and Adi Shamir; it was legendary originally to both IBM and the NSA and kept inward. To gap the swarming 16 rounds, calculation cryptology requires 247 korea plaintexts.[award required] DES was intentional to be unsusceptible to DC.

Rectilineal cryptography was discovered by Mitsuru Matsui, and needs 243 notable plaintexts (Matsui, 1993); the method was implemented (Matsui, 1994), and was the early experimental cryptology of DES to be rumored. There is no information that DES was plain to be unsusceptible to this identify of knock. A idea of LC - manifold additive science - was suggested in 1994 (Kaliski and Robshaw), and was far pure by Biryukov and others. (2004); their analysis suggests that multiplex bilinear approximations could be utilised to bound the aggregation requirements of the assault by at smallest a bourgeois of 4 (that is, 241 instead of 243). A akin reduction in collection complexness can be obtained in a chosen-plaintext variant of additive, and reportable that it was somewhat faster than predicted, requiring term equal to 239-241 DES evaluations.

Reinforced Davies' criticism: time lineal and reckoning cryptology are gross techniques and can be practical to a sort of schemes, Davies' assault is a technical framework for DES, initial advisable by Donald Davies in the decennium, and restored by Biham and Biryukov (1997). The most strong appearance of the crime requires 250 famous plaintexts, has a computational quality of 250, and has a 51% success grade.

There change also been attacks planned against reduced-round versions of the nobody, that is, versions of DES with less than 16 rounds. Specified analysis gives an apprehension into how some rounds are needed for device, and how much of a "security boundary" the pregnant version retains. Differential-linear science was planned by Langford and Hellman in 1994, and combines calculation and additive cryptology into a undivided flak. An enhanced version of the crime can gaolbreak 9-round DES with 215.8 glorious plaintexts and has a 229.2 term complexity (Biham and others., 2002).

9. Conclusion

Starting with a general introduction on the topic of digital signing, this work exhausts its literature review in the area of cryptography. It explains the general ideas and topics related to private and public key crypto and discussed about cryptosystem functions. Likewise, the digital signatures concept is well presented and examined in details.

Special focus is given on the MD5 and SHA-1 hash functions, and the following algorithms: Caesar cipher, DSA, RSA and AES. All of these are implemented in Matlab, as this work provides explanation of these algorithms and ways of implementation. Afterwards, CrypTool is used for critical comparison of the results. Finally, this work presents their advantages and disadvantages and talks about possible attacks of digital signatures in general, with a focus on RSA, AES and DES.

The critical work in this paper is consisted of the Matlab implementations which were concluded to be very successful by comparing them with CrypTool.Moreover, the theory behind digital signatures, signature schemes and attacks on signatures was presented by using CrypTool.