symmetric cryptography Flashcards
symmetric encryption system
the same key is used to encrypt and decrypt
stream cipher
takes a short key as input (often combined with the initialisation vector)
the key is converted into a continuous key stream
one bit at a time the plaintext is mixed with the keystream
what are 3 positives of stream ciphers
no error propagation
on the fly encryption so good for realtime services
fast and easy to implement esp in hardware
what is a negative of stream ciphers
require sender and receiver synchronisation
what is a block cipher
takes a key and block of plaintext as input and outputs a block of cipher text
what are two things that a good cipher text should do
confusion and diffusion
block cipher confusion
hides the relationship between the plaintext and ciphertext
block cipher diffusion
spreads the statistics of the plaintext through the ciphertext
e.g. should have the avalanche effect; obscuring the statistical structure of the plaintext
why is it good that block ciphers have diffusion
prevents frequency analysis attacks
pseudorandom permutation
a function that shuffles data in a way that looks random but is actually done deterministically via a computer algorithm and secret key
in which case can a block cipher provide protection against chosen plaintext attacks
if it behaves like a pseudorandom permutation
even if an attacker encrypts many plaintexts the ciphers will still look random and unpredictable
what are some examples of block ciphers
data encryption standard (des) + triple des (3des)
advanced encryption standard (aes)
camellia
international data encryption algorithm (idea)
how does the advanced encryption standard work
it is a round function that operates on 16 bytes of inputs
for each round, a round key is derived from the secret key and applied for that round which increases security
how do you decrypt the aes (advanced encryption standard)
perform the encryption steps in reverse
what are two benefits of the aes
v fast
supports key sizes of 128 192 256
initialisation vector
a random or unique value used to add randomness to encryption
what are modes of operation in block ciphers
define how encryption is applied to multiple blocks of plaintext to handle messages larger than a single block
what are the 4 modes of operation
electronic code book (ebc)
cipher block chaining (cbc)
cipher feedback (cfb)
counter (ctr)
electronic code book (ebc)
each plaintext block is encrypted independently using the same key
what are negatives of electronic code book (ebc)
not secure for structured data
identical plaintext blocks will produce the same cipher making patterns visible
cipher block chaining (cbc)
each plaintext block is XORed with the previous cipher text block before encryption using the initialisation vector for the first block
what are positives of cipher block chaining (cbc)
identical plaintext blocks will produce different ciphertexts if a unique iv is used
stronger security than ebc
what are negatives of cipher block chaining (cbc)
requires padding for messages that arent a multiple of the block size
encryption must be done in order therefore it isnt parallelizable
cipher feedback (cfb)
converts a block cipher into a stream cipher
instead of encryption the plaintext directly the prev cipher is encrypted then XORed with the plaintext
what are positives of cipher feedback (cfb)
doesnt require padding
benefits from chaining therefore errors dont propogate too much
what are negatives of cipher feedback (cfb)
errors in transmission affect multiple blocks
counter (ctr)
instead of chaining a counter value is XORed with the plaintext then encrypted together
what are positives of counter (ctr)
highly parallelisable as each block is independent
no padding needed
fast encryption and decryption
what are negatives of counter (ctr)
if the same counter and key are reused then the encryption is broken
padding
extends the plaintext to be a multiple of the block sizes as many block ciphers require this
what are the three positives of block ciphers
versatility
adaptability
compatibility
negatives of block ciphers (3)
error propagation
need for padding
speed in hardware
what do message authentication codes (mac) do and how
provide data integrity and origin authentication
secret symmetric keys means the mac cannot be changed if the dta changes therefore any changes are detectable
what do macs NOT provide
non-repudiation
encrypt-then-mac
encrypt the plaintext then compute the mac for the cipher
what does encrypt-then-mac provide
protection against chosen ciphertext attacks
how do macs get developed
creates a fixed length tag by applying the secret key to the message via a cryptographic function which is then attached to the message
only someone with the same secret key can generate the correct mac thus verifying that the message hasnt been tampered with
what are two examples of macs
hmac and cbc-mac
how does hmac work
can be constructed from any hash function
needs two keys
the tag is created by hashing a concatenation of the second key and the message
that is then concatenated with the first key and hashed again
𝑡𝑎𝑔 = 𝐻(𝑘1 ∥ 𝐻(𝑘2 ∥ 𝑚))
in hmac what happens if the keys are longer than the block size of the hash function
hash them first
in hmac what happens if the keys are shorter than the block size of the hash function
pad with 0s
why does hmac use double hashing
more secure
cbc-mac
uses counter block chaining mode of operation
the cipher is set to the initiation vector
for each block in the message you compute the xor of the cipher with the message block
encrypt this with the block cipher to create the tag
