Cryptography(basics)
"Ancient Crypto": Substitution ciphers
Caesar cipher shifts letter with a constant of K
RSA Encryption/Decryption
0. Given (n,e) and (n,d) as computed as RSA scheme. 1. To encrypt bit pattern, m, compute c =m ^ e mod n 2. To decrypt received bit pattern, c , compute m = c ^ d mod n
RSA Scheme
1. Choose two large prime numbers p,q. 2. Compute n=pq, z=(p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. 4. Choose d such that ed-1 is exactly divisible by z. (ez mod z =1). 4. Public key is (n,e), Private key is (n,d).
S-box
4 bit substitution boxes that provide the encryption of the bits... they each contain lookup tables used by the algorithm as instructions on how the bits should be encrypted
Electronic Code Book (ECB)
A mode of operation for a block cipher, with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value, and vice versa
Initialization Vector (IV)
A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment.
Parity check
A process used to detect errors in memory or data communication.
Advanced Encryption Standard (AES)
A symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES.
Elliptic Curve Cryptography (ECC)
A type of public key cryptosystem that requires a shorter key length than many other cryptography systems (including the de facto industry standard, RSA).
padding
Additional data that is added to a hash to make it the correct number of bytes.
PKI (Public Key Infrastructure)
An encryption system that is composed of a CA, certificates, software, services, and other cryptographic components, for the purpose of verifying authenticity and enabling validation of data and entities.
Block ciphers
Blocks ciphers perform encryption by breaking a message into fixed-length units, called blocks. Advantages of block ciphers include the following: -Implementation of block ciphers is easier than stream-based cipher implementation. -Block ciphers are generally less susceptible to security issues. -They are generally used more in software implementations. -Block ciphers employ both confusion and diffusion. Block ciphers often use different modes: ECB, CBC, CFB, and CTR.
Conditions of cryptanalysis
Cipher-text only Known-plaintext(known both plaintext and ciphertext) Chosen-plaintext(can select prepared plaintext and see ciphertext) Chosen-ciphertext(chosen-plaintext & select ciphertext and see plaintext)
How to construct random seed?
Coin Flips Human behavior Atomic decay Thermal noise Electromagnetic noise
Confusion and Diffusion
Confusion: algorithm to reduce the predictability of ciphertext when changing one character in plaintext. Diffusion: spread the information from the plaintext over the entire ciphertext.
ECB weakness
Data patterns may remain visible Susceptible to replay attacks, block insertion/deletion.
Pros of Substitution ciphers
Easy to remember and use
Encrypt-then-MAC
Encrypt cleartext, MAC ciphertext, append MAC to ciphertext Provides integrity of ciphertext and plaintext Recommended by most researchers.
Chaining
Encryption of each block depends on previous blocks. Problem: first block has no prior block? Plaintext of first block can be inferred Solution : initialization vector
Symmetric Key Encryption
Encryption system in which a single key is used for both encryption and decryption.
Asymmetric Key Encryption
Encryption system in which two keys are used: a public key used only to encrypt data, and a private key used only to decrypt it.
Cryptographic Checksum
Ensures data integrity. Its value can only be evaluated by computers that know the cryptographic key.
Modes of Operation
Five standard modes: ECB: Electronic Code Book CBC: Cipher Block Chaining CFB: Cipher Feedback OFB: Output Feedback CTR: Counter
HMAC
Hash-based Message Authentication Code. An HMAC is a fixed length string of bits similar to other hashing algorithms such as MD5 and SHA-1, but it also uses a secret key to add some randomness to the result.
MAC-then-Encrypt
MAC cleartext, append the MAC to cleartext, encrypt whole Similar properties as Encrypt-and-MAC
Encrypt-and-MAC
MAC cleartext, encrypt cleartext, append MAC to ciphertext Protect plaintext integrity but not ciphertext
cryptographic primitives
Modular mathematical functions that perform one task reliably. They form the basic building blocks of modern cryptography.
Cons of Substitution ciphers
Obvious patters in ciphertext
Pseudorandom Generator (PRG)
PRG takes one number and produces a sequence of bits.
OTP drawbacks
Perfectly secure but impractical
Stream ciphers using PRG
Problem: OTP key is as long as the message. Solution: Pseudo random key -- stream ciphers
RSA Encryption
RSA (Rivest-Shamir-Adleman) is the most common internet encryption and authentication system. The system used an algorithm that involves multiplying two large prime numbers to generate a public key, used to encrypt data and decrypt an authentication, and a private key, used to decrypt the data and encrypt an authentication.
Stream Cipher: One Time Pad(OTP)
Stream ciphers encrypt one bit or one byte at a time Key is only used to encrypt one message.
Substitution and transposition
Substitution: one set of bits is exchanged for another Transposition: rearranging cyphertext order to break any repeating patterns in the underlying plaintext.
Message Integrity
The ability to be certain that the message being sent arrives at the proper destination without being copied or changed
Cryptoanalysis
Trying to break an encrypted message.
Encryption Substitution ciphers
ci := (pi + k) mod 26
Decryption Substitution ciphers
pi := (ci-k) mod 26
stream vs block
transmit byte by byte, vs in groups
encryption algorithm
uses a secret key to encrypt messages
Modern cryptography
uses secure mathematical processes and cryptographic keys