Public Key or Asymmetric Encryption
RSA
Rivest, Shamir, & Adleman (the initials of the people who invented it) This crypto system was patented in 1983 and was released to the public domain by RSA Security in the year 2000.
Example of a using a MAC:
The MAC is sent alongside the message that's being checked. The Mac is verified by the receiver by performing the same operation on the received message, then comparing the computed MAC with the one received with the message. If the MACs are the same, then the message is authenticated.
Benefits of asymmetric encryption over symmetric encryption
allows secure communication over an untrusted channel, but with symmetric encryption, we need some way to securely communicate the shared secret or key with the other party.
In DSA if the seed value is leaked or if it can be inferred if the prime number isn't truly random, then it's possible for
an attacker to recover the private key.
key generation process of RSA system depends on
choosing two unique, random, and usually very large prime numbers.
symmetric ciphers
the same key is used to encrypt as to decrypt.
MAC sounds similar to digital signatures using public key cryptography. It differs slightly since...
the secret key that's used to generate the MAC is the same one that's used to verify it. it's similar to symmetric encryption system and the secret key must be agreed upon by all communicating parties beforehand or shared in some secure way.
the strength or security of the MAC is dependent upon
the underlying security of the cryptographic hash function used. examples are: Shahwan or MD5
HMAC or a Keyed-Hash Message Authentication Code
uses a cryptographic hash function along with a secret key to generate a MAC.
The US NEST recommends the use of EC encryption, and the NSA allows its use to protect up the top secret data with
384 bit EC keys
many secure communications schemes do is take advantage of the relative benefits of both encryption types by using both, for different purposes. What is an example of this?
An asymmetric encryption algorithm is chosen as a key exchange mechanism or cipher. the symmetric encryption key or shared secret is transmitted securely to the other party using asymmetric encryption to keep the shared secret secure in transit. Once the shared secret is received, data can be sent quickly, and efficiently, and securely using a symmetric encryption cipher.
There are also MACs based on symmetric encryption ciphers, either block or stream like DES or AES, which are called
CMACs or Cipher-Based Message Authentication Codes.
CBC mode
Cipher block chaining mode is an operating mode for block ciphers that incorporates a previously encrypted block cipher text into the next block's plain text it builds a chain of encrypted blocks that require the full, unmodified chain to decrypt.
Another popular key exchange method besides asymmetric systems is
DH or Diffie-Hellman named for the co-inventors.
MAC
Message Authentication Code
An elliptic curve is composed of a set of coordinates that fit in equation, similar to something like Y to the second equals X to the third, plus A X plus B. Elliptic curves have a couple of interesting and unique properties. How does the graph work?
One is horizontal symmetry, which means that at any point in the curve can be mirrored along the x axis and still make up the same curve. On top of this, any non-vertical line will intersect the curve in three places at most. Its this last property that allows elliptic curves to be used in encryption.
DH has also been used as part of the ______________ system
PKI system or Public Key Infrastructure system.
One of the first practical asymmetric cryptography systems to be developed is
RSA
example of a key signature: Let's say, Suzanne wants to send a message to Darryll and she wants to make sure that Daryll knows the message came from her and no one else, and that the message was not modified or tampered with. How does this happen?
She could do this by composing the message and combining it with her private key to generate a digital signature. She then sends this message along with the associated digital signature to Daryll. We're assuming Suzanne and Daryll have already exchanged public keys previously in this scenario. Daryll can now verify the message's origin and authenticity by combining the message, the digital signature, and Suzanne's public key. If the message was actually signed using Susanne's private key and not someone else's and the message wasn't modified at all, then the digital signature should validate.
How Does DSA work?
Similar to RSA, the specification covers the key generation process along with the signing and verifying data using the key pairs. the security of this system is dependent on choosing a random seed value that's incorporated into the signing process.
Example of DH
Suzanne and Daryl agree on the starting number that would be random and will be very large integer. This number should be different for every session and doesn't need to be secret. Then, they combine their shared number with their respective secret number and send the resulting mix to each other. Next, each person combines their secret number with the combined value they received from the previous step. The result is a new value that's the same on both sides without disclosing enough information to any potential eavesdroppers to figure out the shared secret.
What is the process of using CMAC?
The process is similar to HMAC, but instead of using a hashing function to produce a digest, a symmetric cipher with a shared keys used to encrypt the message and the resulting output is used as the MAC.
How does CBC-MAC work?
This works by taking a message and encrypting it using a block cipher operating in CBC mode.
example of using asymmetric encryption
When Suzanne wants to send Daryll an encrypted message, she uses Daryll's public key to encrypt the message and then send the ciphertext. Daryll can then use his private key to decrypt the message and read it, because of the relationship between private and public keys, only Daryll's private key can decrypt messages encrypted using Daryll's public key. So when Daryll is ready to reply to Suzanne's message, he'll use Suzanne's public key to encode his message and Suzanne will use her private key to decrypt the message.
What is the drawback of asymmetric encryption
While asymmetric encryption works really well in untrusted environments, it's also computationally more expensive and complex.
An example of smaller key size using elliptic curve encryption
a 256 bit elliptic curve key, would be comparable to a 3,072 bit RSA key.
MAC (Message Authentication Code)
a bit of information that allows authentication of a received message, ensuring that the message came from the alleged sender and not a third party masquerading as them. It also ensures that the message wasn't modified in some way in order to provide data integrity.
Using CBC, This chain of interdependently encrypted blocks means that any modification to the plain text will result in
a different final output at the end of the chain, ensuring message integrity.
The benefit of elliptic curve based encryption systems is that they are able to
achieve security similar to traditional public key systems with smaller key sizes.
DSA or Digital Signature Algorithm is another example of
an asymmetric encryption system, though its used for signing and verifying data. It was patented in 1991 and is part of the US government's Federal Information Processing Standard.
CBC-MAC or Cipher Block Chaining Message Authentication Codes.
cipher block chaining message authentication code is a technique for constructing a message authentication code from a block cipher is a mechanism for building MACs using block ciphers.
The three concepts that an asymmetric cryptosystem grants us are
confidentiality, authenticity, and non-repudiation.
asymmetric encryption
different keys are used to encrypt and decrypt.
If the message with a digital signature was modified, even by one whitespace character, the validation will
fail and Daryll shouldn't trust the message.
CMACs or Cipher-Based Message Authentication Codes.
is a block cipher-based message authentication code algorithm. It may be used to provide assurance of the authenticity and, hence, the integrity of binary data.
Elliptic curve cryptography or ECC
is a public key encryption system that uses the algebraic structure of elliptic curves over finite fields to generate secure keys.
Authenticity
is granted by the digital signature mechanism, as the message can be authenticated or verified that it wasn't tampered with.
confidentiality
is granted through the encryption-decryption mechanism. Since our encrypted data is kept confidential and secret from unauthorized third parties.
public key
is public and can be shared with anyone, while the private key must be kept secret.
What is the benefit of the smaller key size in elliptic curve encryption
it reduces the amount of data needed to be stored and transmitted when dealing with keys.
DH or Diffie-Hellman
key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher
The DH algorithm was designed solely for
key exchange, though there have been efforts to adapt it for encryption purposes.
Non-repudiation
means that the author of the message isn't able to dispute the origin of the message. In other words, this allows us to ensure that the message came from the person claiming to be the author.
RSA system specifies
mechanisms for generation and distribution of keys along with encryption and decryption operation using these keys.
Without message verification, anyone could use Daryll's
public key and send him an encrypted message claiming to be from Suzanne.
NSA has expressed concern about EC encryption being potentially vulnerable to
quantum computing attacks, as quantum computing technology continues to evolve and mature.
The benefits of symmetric encryption over asymmetric encryption
symmetric encryption algorithms are faster, and more efficient, and encrypting large amounts of data.
The strength of asymmetric encryption comes from...
the computational difficulty of figuring out the corresponding private key given a public key.
What is the difference with ECC from other public key encryption systems?
traditional public key systems, make use of factoring large prime numbers whereas ECC makes use of elliptic curves.
example of setting up asymmetric encryption
two people who would like to communicate securely, we'll call them Suzanne and Daryll. first thing they each must do is generate a private key, then using this private key, a public key is derived. Once Suzanne and Daryll have generated private and public key pairs, they exchange public keys. they're ready to begin exchanging secure messages.
public key signatures
when a signature is verified by the public key, it decrypts to a hash matching the message. That hash can only be decrypted using the public key if it were encrypted with the private signing key.
