Module 2- Applications of Cryptography Flashcards
The same key is used to encrypt and decrypt the message, faster than asymmetric but have an issue with key exchange
Symmetric Key Cryptography
Modern cryptography began in 1949 when Claude Shannon published a paper about the Mathematical Theory of Communication. This idea improved cryptography.
Information Theory
Changes to one character in the plain text affect multiple characters in the cipher text, unlike in historical algorithms where each plain text character only affect one cipher text character.
Diffusion
Occurs by using a complex substitution algorithm. Attempts to make the relationship between the statistical frequencies of the cipher text and the key as complex as possible.
Confusion
A desirable effect where a change to one bit leads to large change in output. This is Fiestel’s take on Claude Shannon’s concept of diffusion. Fiestel’s ideas are important when discussing block ciphers.
Avalanche
A cryptosystem should be secure, even if everything about the system is publicly known.
Kerckhoff’s Principle
How symmetric algorithm encryption is expressed mathematically
C=E(k,p)
Cipher Text (C) is equal to the encryption function (E) with the key (k) and plain text (p) being passed as parameters to that function.
Changing some part of the plain text for some matching part of cipher text. Historical algorithms typically use this.
Substitution
Two things all modern block cipher algorithms use
Substitution and Transposition
Asks if there is a one in both the first and second number. Numbers are compared one digit at a time.
Example: Number A 1101 Number B 0110 returns a result of Number C 0100
Binary AND
Asks if there is a one in the first number, or the second, or in both numbers. Each place is compared one at a time.
Example: Number A 1101 Number B 1001 returns a result of Number C 1101
Binary OR
Important because it reversible. Asks if there is a 1 in one of the numbers but not both. Each place is compared one at a time. To reverse your result back with your second number and you will get the first number.
Example: Number A 1101 Number B 0110 returns a result of Number C 1011
Binary XOR (exclusive OR)
Two types of symmetric algorithms
Block Ciphers and Stream Ciphers
This is how the substitution portion of symmetric key cryptography is accomplished
XORing the plain text message with the key
This is how transposition is done in symmetric key cryptography
Swapping blocks of text
The same key is used to both encrypt and decrypt a message
single-key encryption
List of popular symmetric block cipher algorithms
The Feistel Network, DES, 3DES, AES, Blowfish, Serpent, Twofish, Skipjack, IDEA, CAST, TEA, SHARK
Larger Block sizes increase security, Larger key size increases security, if the round function is secure then more rounds increase security
Feistel Function
The algorithm(s) needed to encrypt and decrypt a message
Cipher
Random bits used to encrypt a message
Key
The mathematical process used to alter a message and make it unintelligible to any but the intended party
Algorithm
Named after a German physicist named Horst ***. Forms the basis for most block ciphers. Splits a block of plain text data into two parts (L0 and R0). Round function is applied to one half. Output of each round function is XORed with the other half.
The Feistel Function
Uses a modified structure where L0 and R0 are not equal lengths. This variation is used with the Skipjack algorithm.
Unbalanced Feistel Cipher
Was the premier block cipher for many years but is now considered outdated.
Data Encryption Standard (DES)
Was selected as the Federal Information Processing Standard (FIPS) for the U.S. in 1976
Data Encryption Standard (DES)
This is a Feistel Cipher with 16 rounds and a 48bit key for each round. To generate round keys a 56bit key is slit into two 28bit halves. This Feistel Cipher uses 8 s-boxes.
Data Encryption Standard (DES)
Interim replacement for DES. Performs DES three times with three different 56bit keys.
3DES
Variation of DES that uses a technique called Key Whitening. XORs a key with text before or after the round function or both.
DESx
Also known as Rijndael block cipher.
Advanced Encryption Standard (AES)
Chosen as a replacement for DES in 2001.
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES) key sizes and block size
128, 192, and 256. All three operate on a block size of 128 bits
Operates on a 4x4 column-major order matrix of bytes called the state.
Advanced Encryption Standard (AES)
Blowfish- who+when created/intended replacement for
1993 by Bruce Schneier/intended replacement for DES
Blowfish type/block size/bit sizes
a 16 round Feistel working on 64bit blocks. Can have bit sizes 32bits to 448bits.
BCrypt, CryptoDisk, DriveCrypt, Password Safe, Password Wallet, Backup for Workgroups, Crashplan
Some products Blowfish are used
Serpent- type and created by
Symmetric key block cipher, created by Ross Anderson, Eli Biham, and Lars Knudsen
Serpent- block size/key sizes/rounds
Block size of 128bits. Can have key sizes 128, 192, or 256bits. Uses 32 rounds working with a block of four 32bit words.
Finalist to replace DES
Twofish
Twofish designed by
Designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson.
Twofish block and key sizes/type
Block size of 128bits and key sizes up to 256bits, it’s a Feistel cipher
Developed by the NSA and was designed for the clipper chip, a chip with built in encryption.
Skipjack
Decryption key was kept in escrow for law enforcement to decrypt the data without the owner’s cooperation, made this algorithm highly controversial.
Skipjack
Skipjack block/key size/type
Uses an 80bit key to encrypt and decrypt 64bit data blocks. An unbalanced Feistel network with 32 rounds.
International Data Encryption Algorithm (IDEA) block and key size/ type
A block cipher designed as a replacement for DES. 64bit blocks and a 128bit key. Uses a series of eight identical transformations.
CAST-128 and CAST-256 type rounds/size/keysize
block cipher. There are two popular versions. The 128 version can use 12 or 16 rounds working on a 64bit block with key sizes ranging from 40bits to 128bits in 8 bit increments. This version is also used in some versions of PGP.
A simple algorithm that is easy to implement in code, a Feistel Cipher that uses 64 rounds.
Tiny Encryption Algorithm (TEA)
SHARK- block and size/rounds/type
Uses a 64bit block with a 128bit key in six rounds. Shares similarities with the Rijndael cipher such as the use of S-boxes.
This is the most basic encryption mode. The message is divided into blocks and each block is encrypted separately.
Electronic Codebook (ECB)
A weakness of this is that the same plain text always equals the same cipher text which gives the attacker a way to begin analyzing the cipher to derive the key.
Electronic Codebook (ECB)
Each block of plaintext is XORed with the previous cipher text block before being encrypted. This creates significantly more randomness in the final cipher text.
Cipher-Block Chaining (CBC)- More secure than electronic codebook mode
Designed to cause small changes in the cipher text to propagate indefinitely when decrypting, as well as encrypting, a variation of the CBC mode of operation, has not been published as a federal standard.
Propagating Cipher-Block Chaining (PCBC)
In this mode the previous cipher text block is encrypted, the cipher text is XORed back with the plain text to produce the current cipher text block, essentially it loops back on itself increasing the randomness of the cipher text.
Cipher Feedback (CFB)
Makes a block cipher into a synchronous stream cipher, generates keystream blocks, which are then XORed with the plain text blocks to get the cipher text.
Output Feedback (OFB)
Used to turn a block cipher into a stream cipher, much like OFB mode. Generates the next keystream block by encrypting successive values of a “counter”. The counter can be any simple function that does not repeat for a long time.
Counter (CTR)
Fixed size input to a cryptographic primitive that is random or pseudorandom. Called a ‘nonce’ if it is non-repeating and not truly random. Used along with a secret key for encryption.
Initialization Vector (IV)
Encryption of the same plain text with the same key results in the same cipher text. Use of an IV that is XORed with the first block of plain text solves this problem.
ECB Mode
Sometimes called a state cipher. Random key is XORed with stream of plain text.
Symmetric Stream Ciphers
A stream of pseudorandom digits is generated independently. That stream is then combined with the plain text (encrypt) or the cipher text (decrypt).
Synchronous Stream Cipher
Uses several of the previous N cipher text digits to compute the key stream.
Self-synchronizing Stream Cipher
A Symmetric Stream Cipher created by Ron Rivest in 1987. Most widely used software stream cipher. Identically used for encryption and decryption, the data stream is simply XORed with the key.
RC4
Uses a variable length key from 1 to 256 bytes.
RC4
A symmetric Stream Cipher published by the German engineering firm Seimans in 1993. A software based stream cipher that uses a Lagged Fibonacci generator along with concepts borrowed from shrinking generator ciphers.
FISH
Uses an H function that takes a variable size input (m) and returns a fixed size string.
Hash Function
Can be expressed mathematically as h=H(m)
hash function
You can’t undo it. It is also collision resistant
Hash Function
Random bits that are used as one of the inputs to a hash. Complicates dictionary attacks.
Salt
128bit hash specified by RFC1321.
MD5
This hash is also not collision resistant. Recommended to use SHA-1 instead.
Breaks down message into 512 byte chunks, padded with 0s if needed to reach 512.
Length of the message is appended as the last 64bits.
Operates on a 128bit state, divided into 4 32bit words.
Four nonlinear function (F) rounds.
MD5
This hash uses a Merkle Tree like structure to allow for immense parallel computation of hashes for very long inputs. Was submitted to the NIST SHA-3 competition. In 2009 Rivest stated that this hash is not ready to be a candidate for SHA-3 because of speed issues and other concerns.
MD6
Most widely used hash algorithm.
Secure Hash Algorithm (SHA)
A 160bit hash function that resembles earlier MD5 algorithm. Designed by the NSA to be part of the Digital Signature Algorithm.
SHA-1
Two similar hash functions with different block sizes, known as SHA-256 and SHA-512. Uses 64 byte (512bit) words.
SHA-2
A proposed hash function still in development. Will be given name in 2012 by NIST.
SHA-3
This hash is in analysis phase and not in widespread use. Uses 512bit blocks and implements preset constants that change after each repetition. Each block is hashed into a 256bit block through four branches that divides each 512 block into sixteen 32bit words that are further encrypted and rearranged. Branches are used in parallel making it hard to analyze.
FORK-256
RACE Integrity Primitives Evaluation Message Digest is a 160bit hash algorithm created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. Also has 128, 256, and 320bit versions which replace the original version because of collision issues. Doesn’t follow any standard security policies or guidelines.
RIPEMD-160
Hash algortihm created by the Russians.
GOST
Produces a fixed length output of 256bits. Input message is broken up into 256 bit blocks. If block is less than 256 bits then it is padded with 0s.
GOST
192bit hash function created by Ross Anderson and Eli Biham in 1995.
Tiger
Designed using the Merkle-Damgard construction (collision resistant hash functions). One way compression function operates on 64bit words, maintaining 3 words of state and processing 8 words of data. 24 rounds and 8 input words.
Tiger
One uses a block cipher in in CBC mode to improve integrity. The other adds a key to a hash to improve integrity.
MAC and HMAC (Message Authentication Mode) and (Hash Message Authentication Mode)
