Cryptography

What is Cryptography?

the art of writing/solving codes

1. it defines what it means to be secure in a precise, mathematical way

2. it involves designing systems to achieve these precise definitions

3. and proving that they do so

How does a Crypto System Work?

• the plaintext is processed by an encryption algorithm to produce the ciphertext

• the receiver then uses a matching decryption algorithm to recover the plaintext from the ciphertext

• there would be no security if these algorithms were known to everyone

  • hence, there is an additional piece of input data called a key

  • the key is secret, even though many people may know the algorithms

What are the Types of Crypto Systems?

• Encryption Systems

• Systems for Data Integrity

  • Message Authentication Codes (MACs)

  • Digital signatures

• Hash Functions

What is a Cryptographic Key?

the length, measured in bits, determines security by defining the number of possible keys, with longer keys generally offering more security against brute-force attacks

What are the Types of Cryptography?

• secret-key/symmetric

• public-key/asymmetric

What are Security Services?

the specific security goals that we may want to achieve

• confidentiality

• data integrity

• data origin authentication

• non-repudiation - an entity can’t deny a previous action

What is Kerckhoff’s Principle?

a cryptographic system should be secure even if everything about the system, except for the key, is public knowledge

What is a Passive Attack?

the attacker doesn’t change any data/processes

unauthorised access to data

What is an Active Attack?

usually involve change to the data or to a process carried out on the data

What is Encryption?

process of transforming information in a way that, ideally, only authorised parties can decode

What is the Notation for an Encryption System?

What is a Ciphertext-Only Attack?

passive attacker that knows only ciphertexts

What is a Known-Plaintext Attack?

active attacker that knows some plaintext and ciphertext pairs

What is a Chosen-Plaintext Attack?

active attacker that knows plaintexts and ciphertext pairs, where the plaintext is chosen by the attacker

modern encryption systems are usually designed to withstand (at least) this attack

What is a Chosen-Ciphertext Attack?

active attacker that knows plaintext and ciphertext pairs, where the plaintext and ciphertexts can be chosen by the attacker

What is the difference between a Chosen-Plaintext Attack and a Chosen-Ciphertext Attack?

CCA is stronger

• has the ability to see how modified or constructed ciphertexts are decrypted

• often reveals secret key info

What is a Digital Signature?

mathematical scheme for verifying the authenticity of digital messages or documents

What is a Cryptographic Hash Function?

must:

• be a compression function:

  • h: (0,1)* → (0,1)ⁿ

• be easy to compute

What Properties should a Cryptographic Hash Function provide?

• preimage resistance - given a hash , it should be computationally difficult to find a message m such that h(m) = y

• second preimage resistance - given a message m and hash h(m), it should be computationally difficult to find a message m' such that m ≠ m' and h(m) = h(m')

• collision resistance - it should be difficult to find two messages m and m' such that m ≠m’ and h(m) = h(m')

What is the difference between Second Pre-Image Resistance and Collision Resistance?

collision resistance is a stronger property because it allows finding any pair, whereas second preimage requires breaking a specific, given input