Lecture 3,4,5 - Cryptography Flashcards
What is Encryption?
Encoding a message so that only authorized user may read it. Plaintext —key—> Ciphertext
Two encryption types
Symmetric Encryption : Same Key
Asymmetric Encryption : Seperate Key
Symmetric Encryption
One Key 128,256 Bits Very Fast For Long term communication Based on Subtitutes and Permutation Eg: AES (Advanced Encryption Standard
Asymmetric Encryption
Two Key 1024,2048 Bits Slower than Symmetric For Key Exchange,Verification & Authentication Verify sender of message Non-Repudiation Based on Mathematical Principles Eg: Diffie-Hellman Key Exchange
Primitive Types
1) Steam Cipher : Stream of input to stream of cipher
2) Block Cipher : Takes blocks to blocks of cipher
3) Hash Function : Any size input to block of fixed size
The One-Time Pad
Idea of Perfect Secrecy
- Use a key that is the same length as the message
- Can’t be brute forced
- Can’t reuse keys
- Lacks portability and Convinience
Stream Cipher
Ceaser Cipher :
Add No. to every letter.
Vulnerable to frequency analysis
Modern Stream Cipher : Uses XOR -> Reverse Process Random function must be good. Message stream in unknown length Good for limited hardware resources Used in GSM mobile, bluetooth
Kerckhoff Principle
A cryptographic system must be secure even if everything is known about the system except the key.
Block Cipher
Fixed size plaintext -> Fixed size ciphertext
Used on Internet
Vulnerable to known and chosen plaintext attacks
SP Network ( Substitution & Permutation)
Repeated until secure.
Sub Box - Add confusion.Look at table then output bits
Permutation Box - Jumble it up, Adds Diffusion.
Feistel Cipher Chain multiple rounds together using any round function. Basis of many modern Ciphers. L0 -> XOR -> R1 R0 -> F,L1 K -> F
DES & AES
Data Encryption Standard (DES)
64-bit, 16 round Fiestel Cipher, 56-bit Key
Advanced Encryption Standard (AES) Rijndael Algorithm 128-bit block size 128,256 Bit key size 10,12,14 Cycles Standard algorithm for symmetric encryption
Block Cipher Modes
Messages don’t come in convenient 128-bit length
- Electronic Code Book (ECB)
Encrypt each block after another.
Weak to redundant data making patterns.
- Cipher Block Chaining (CBC)
XOR output of each block to next input
Not totally immune to insertion of malicious blocks
-Counter Mode (CTR)
Encrypt a count to produce a stream cipher
Can be parallelized.
-Galois Counter Mode (GCM)
Extends counter mode to add authenticity
Parallelisable but robust to alteration
Modulo Arithmetic
Arithmetic based around cycles of numbers.
Congruence Relation : a (mod n) = b (mod n)
Congruent mod n
Diffie-Helman Key Exchange
- Uses public-key protocol to exchange a symmetric key in private.
- Relies on the difficulty on finding discrete logs
- Can be exposed if discrete logs is solved
Perfect Forward Secrecy : generate new keys for each session
Ephemeral Mode : run DH forces new key exchange every time.
Steps to DH KEX
Steps
1) Alice & Bob agrees on a large Prime P and generator G that is a primitive root of P (public P&G)
2) Alice chooses a private value a at random, then sends B, A = G^a mod P. ( private A )
3) Bob chooses a private value b at random, then sends B. B - G^b mod P. (private B)
4) Alice computes B^a mod P = G^ab
5) Bob computes A^b mod P = G^ba
Shared secret key is G^ab.
DH KEX Vulnerability
Man-in-the-middle
- Third party intercept then create 2 separate key exchange with both Alive and Bob
- Prevented by combining DH with RSA/DSA
Logjam
- Attack protocol that uses common prime and generator eg. Oakley group 2
- downgrade attack, Force to use 512-bit DH
- Pre-compute the matrix for a 512-bit DH prime and then use MinM attack.
Elliptic Curve Cryptography
Can be used in place of mod arithmetic in DH KEX.
Instead of discrete logarithm, uses elliptic curve discrete logarithm.
y2 = x3 + ax + b
+ stronger than traditional public-key scheme for the same key length
+ Can’t be logjam
Integer Factorization
any integer can be expressed as a multiplication of a list of prime no.
Product of two primes. n = pq
Euler Totient function : int a & b are relatively prime if they don’t share a divisor except 1.
RSA (Rivest, Shamir, Adleman)
Based on Integer Factorization
Provides both encryption and authentication
Most common public key encryption in the world
RSA steps
1) Choose two large prime, P&Q calculate n = pq. (P&Q private, n public)
2) Select value e that is relatively prime with the totient of n. (e public)
3) Calculate a multiplicative inverse to e,d
4) Easily acheived if we know o/(n)
Why RSA is secure
C = ?^e (mod n) M = Cd (mod n)
Factoring n is hard, calculating d only if o/ of n is known.
Hash Function (SHA 256, SHA512)
- Cryptographic primitive
- Takes a message of any length and returns a pseudo random hash of fixed length.
- Used in authentication,password
Strong hash function properties
1) One-way
2) Weak Collision Resistance
3) Strong Collision Resistance
Birthday Paradox
- Higher no of people higher likeliness that 2 people has the same birthday.
- Output of hash must be long enough to avoid a birthday attack(brute force)
- Collision after 2^n/2
- 516-bit at least
Message Authentication
- Provides integrity and authenticity, not confidentially
- Protect system files, ensure message is not altered.
- Calculate has of a message then append this to the end of message
HMAC Hashed Message Authentication Code
If we include a shared key inside the hash, we can guarantee authenticity and integrity
Digital Signatures
Signing document to provide authentication using public-key encryption
Document -> hash -> sign with private key. Verify with public key.
DSA Digital Signature Algorithm & RSA signing
DSA : Based on Modulus Arithmetic
RSA : Like RSA, based on problem of factoring large composite primes.
Digital Certificates
3rd party verifier. Part of TLS
1) Server produces a certificate containing their public key which they want people to trust.
2) They go to CA, who then sign using their private key/