Cryptography Exploration

With A Graphical User Interface

A teal background with screenshots from the GUI application developed as part of the Cryptography Exploration. The left half shows the RSA screen which allows the user to generate keys, as well as encrypt and decrypt. The right side shows the SHA tab which allows the user to generate appropriate hash digests.

About the Project

Basics

Description

An exploration of cryptography and the algorithms that are used.

Programs are created following the relevant standards, such as NIST FIPS 186-5 and IETF RFC 8017 for RSA.

The algorithms have been coded in Python / C++, and the GUI application is written in C++ with QT.

The GUI currently has four main tabs, "RSA", "SHA", "AES" and "ECDSA".

Technology Used

  • Python
  • C++
  • QT
  • unittest
  • GTest

GUI Application

RSA

Rivest Shamir Adelman

The RSA tab allows the user to generate a pair of RSA keys and then use them to encrypt or decrypt hexadecimal strings.

A screenshot of the RSA tab on the C++ GUI Application

SHA

Secure Hash Algorithm

The SHA tab allows the user to enter a string of text and then generate the hash digests using SHA1, SHA2 and SHA3.

A screenshot of the SHA tab on the C++ GUI Application.

AES

Advanced Encryption Standard

The AES tab allows the user to enrypt and decrypt hexadecimal strings using various AES Modes selected using the dropdowns.

A screenshot of the AES tab on the C++ GUI Application.

ECDSA

Elliptic Curve Digital Signature Algorithm

The ECDSA tab allows the user to enter a string of text and generate or verify the corresponding signature using the public and private keys.

A screenshot of the ECDSA tab on the C++ GUI Application.

Code Repository

Cryptography Algorithms

Hashing Algorithms

SHA 1

SHA 2

  • Implemented in Python and C++
  • Based off of NIST FIPS 180-4, Secure Hash Standard (SHS)
  • Originally published in 2001
  • Developed by the United States National Security Agency (NSA)
  • Shorter digest length variants use 32 bit words, while longer ones operate on 64bit words.
  • Implemented SHA-224, SHA-256, SHA-384 and SHA-256.
  • Developed unit tests based on NIST Cryptographic Standards and Guidelines

SHA 3

Symmetric Encryption

AES

Advanced Encryption Standard
  • I implemented it in both Python and C++
  • Implemented based on NIST FIPS 197
  • Multiple modes of operation including GCM (Galois-Counter Mode)
  • GCM was implemented based on NIST SP 800-38D with test vectors from The Galois/Counter Mode of Operation (GCM)
  • The other modes of operation implemented were Electronic Cookbook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB) and Counter (CTR)
  • They were implemented following NIST SP 800-38A which includes test vectors
A sequence diagram showing the use of AES in Galois counter mode using elliptic curve Diffie Hellman key exchange

TDES

Triple Data Encryption Standard
  • Implemented in Python
  • Operates on 64 bit blocks
  • Both encyption and decryption rely on running the DES algorithm three times on each block of data
  • Based on NIST SP 800 67 Rev. 2 which was withdrawn in January 2024
  • The modes of operation implemented were Electronic Cookbook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB) and Counter (CTR)
  • They were implemented following NIST SP 800-38A which includes test vectors

DES

Data Encryption Standard
  • Implemented in Python
  • It was developed by IBM in the 1970s following a request by the National Bureau of Standards (today known as NIST)
  • Operates on 64 bit blocks
  • It is no longer considered secure
  • As laid out in NIST FIPS 46-3 which has since been withdrawn
  • Test vectors are from page 28 of "Validating the correctness of hardware implementations of the NBS data encryption standard" by Jason Gait in 1977

Elliptic Curve Cryptography

ECDSA

Elliptic Curve Digital Signature Algorithm

EdDSA

Edwards Curve Digital Signature Algorithm
  • Implemented in Python
  • As laid out in NIST FIPS 186-5 and RFC 8032
  • Implemented curve Ed25519 with SHA-512 and curve Ed448 with Shake-256
  • Developed unit tests using test vectors from RFC 8032

ECDH

Elliptic Curve Diffie Hillman
  • Implemented in Python
  • A way of exchanging public keys to allow for communications to be established which relies of elliptic curve math
  • The scheme was originally published by Whitfield Diffie and Martin E. Hellman in their paper "New Directions in Cryptography" from 1976
  • Curves that I have implemented at this time follow the Weirstrass Form of y2 = x3 +ax +b

Message Authentication Codes

HMAC

Keyed-Hash Message Authentication Code

CMAC

Cipher-Based Message Authentication Code

RSA (Rivest-Shamir-Adleman)

Asymetric Encryption Scheme

  • I implemented it in both Python and C++
  • RSA was named after R.L. Rivest, A. Shamir, and L. Adleman who laid out the system in their paper "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems" from 1977
  • Relies on the difficulty in factoring large primes in order to prevnt people from breaking the security
  • No longer particularly secure due to advances in computing
  • Each participant generates a private key and a public key
  • The message is sent using the recipient's public key and can then be decrypted using their private key
  • RSA keys are generated by first generating two large prime numbers, 'p' and 'q'
  • The prime numbers can be used to derive the components of the public and private keys
A sequence diagram showing the use of RSA

Key Generation Methods

  • NIST FIPS 186-5 "Digital Signature Standard (DSS)" lays out multiple methods by which these prime numbers may be generated.
  • Implemented methods described in Appendix A.1.2 "Generation of Random Primes that are Provably Prime", Appendix A.1.3 "Generation of Random Primes that are Probably Prime", Appendix A.1.4 "Generation of Provable Primes with Conditions Based on Auxiliary Provable Primes", A.1.5 "Generation of Probable Primes with Conditions Based on Auxiliary Provable Primes" and Appendix A.1.6 "Generation of Probable Primes with Conditions Based on Auxiliary Probable Primes"
  • The bit lengths for the keys are also specified in NIST SP 800-57 Part 1 "Recommendation for Key Management: Part 1 – General" Table 2: "Comparable security strengths of symmetric block cipher and asymmetric-key algorithms"
  • For a security strength of 112 (equivalent to TDES), "k" must be 2048, for a security strength of 128 (equivalent to AES 128) "k" must be 3072, for a security strength of 192 (equivalent to AES 192) "k" must be 7680, and for a security strength of 256 (equivalent to AES 256) "k" must be 15360.
  • A network diagram showing a corporate network, split accross two physical locations. The network also connects to the cloud and utilizes zero trust architecture.
    Figure 1: RSA Key Generation Duration by Method in Python
  • A network diagram showing a corporate network, split accross two physical locations. The network also connects to the cloud and utilizes zero trust architecture.
    Figure 2: RSA Key Generation Duration by Method in C++

C++ and Python Runtime Comparisons

  • The following graphs show the difference in run times depending on language
  • None of my implementations are optomized for efficiency, however the time differences are still interesting
  • A network diagram showing a corporate network, split accross two physical locations. The network also connects to the cloud and utilizes zero trust architecture.
    Figure 3: RSA Run Time Duration Comparison Between C++ and Python
  • A network diagram showing a corporate network, split accross two physical locations. The network also connects to the cloud and utilizes zero trust architecture.
    Figure 4: RSA Run Time Durations by Method in Python
  • A network diagram showing a corporate network, split accross two physical locations. The network also connects to the cloud and utilizes zero trust architecture.
    Figure 5: RSA Run Time Durations by Method in C++