Lecture 3,4,5 - Cryptography Flashcards
What is Encryption?
Encoding a message so that only authorized user may read it. Plaintext —key—> Ciphertext
Two encryption types
Symmetric Encryption : Same Key
Asymmetric Encryption : Seperate Key
Symmetric Encryption
One Key 128,256 Bits Very Fast For Long term communication Based on Subtitutes and Permutation Eg: AES (Advanced Encryption Standard
Asymmetric Encryption
Two Key 1024,2048 Bits Slower than Symmetric For Key Exchange,Verification & Authentication Verify sender of message Non-Repudiation Based on Mathematical Principles Eg: Diffie-Hellman Key Exchange
Primitive Types
1) Steam Cipher : Stream of input to stream of cipher
2) Block Cipher : Takes blocks to blocks of cipher
3) Hash Function : Any size input to block of fixed size
The One-Time Pad
Idea of Perfect Secrecy
- Use a key that is the same length as the message
- Can’t be brute forced
- Can’t reuse keys
- Lacks portability and Convinience
Stream Cipher
Ceaser Cipher :
Add No. to every letter.
Vulnerable to frequency analysis
Modern Stream Cipher : Uses XOR -> Reverse Process Random function must be good. Message stream in unknown length Good for limited hardware resources Used in GSM mobile, bluetooth
Kerckhoff Principle
A cryptographic system must be secure even if everything is known about the system except the key.
Block Cipher
Fixed size plaintext -> Fixed size ciphertext
Used on Internet
Vulnerable to known and chosen plaintext attacks
SP Network ( Substitution & Permutation)
Repeated until secure.
Sub Box - Add confusion.Look at table then output bits
Permutation Box - Jumble it up, Adds Diffusion.
Feistel Cipher Chain multiple rounds together using any round function. Basis of many modern Ciphers. L0 -> XOR -> R1 R0 -> F,L1 K -> F
DES & AES
Data Encryption Standard (DES)
64-bit, 16 round Fiestel Cipher, 56-bit Key
Advanced Encryption Standard (AES) Rijndael Algorithm 128-bit block size 128,256 Bit key size 10,12,14 Cycles Standard algorithm for symmetric encryption
Block Cipher Modes
Messages don’t come in convenient 128-bit length
- Electronic Code Book (ECB)
Encrypt each block after another.
Weak to redundant data making patterns.
- Cipher Block Chaining (CBC)
XOR output of each block to next input
Not totally immune to insertion of malicious blocks
-Counter Mode (CTR)
Encrypt a count to produce a stream cipher
Can be parallelized.
-Galois Counter Mode (GCM)
Extends counter mode to add authenticity
Parallelisable but robust to alteration
Modulo Arithmetic
Arithmetic based around cycles of numbers.
Congruence Relation : a (mod n) = b (mod n)
Congruent mod n
Diffie-Helman Key Exchange
- Uses public-key protocol to exchange a symmetric key in private.
- Relies on the difficulty on finding discrete logs
- Can be exposed if discrete logs is solved
Perfect Forward Secrecy : generate new keys for each session
Ephemeral Mode : run DH forces new key exchange every time.
Steps to DH KEX
Steps
1) Alice & Bob agrees on a large Prime P and generator G that is a primitive root of P (public P&G)
2) Alice chooses a private value a at random, then sends B, A = G^a mod P. ( private A )
3) Bob chooses a private value b at random, then sends B. B - G^b mod P. (private B)
4) Alice computes B^a mod P = G^ab
5) Bob computes A^b mod P = G^ba
Shared secret key is G^ab.
DH KEX Vulnerability
Man-in-the-middle
- Third party intercept then create 2 separate key exchange with both Alive and Bob
- Prevented by combining DH with RSA/DSA
Logjam
- Attack protocol that uses common prime and generator eg. Oakley group 2
- downgrade attack, Force to use 512-bit DH
- Pre-compute the matrix for a 512-bit DH prime and then use MinM attack.
