Basics and History

  • Cryptography is the foundation for security and privacy protection in modern computer systems and networks

  • Never try to create your crypto algorithms without professional training

  • Do not implement your own version of well-known cryptographic algoriths   

  • Cryptography is not a panacea to all security problems

    • Human errors, shoulder surfing, signal jamming, DDoS, phishing

  • Authentication

    • Ensures the user is legitimate

  • Authorization

    • Determines the operational rights of a legitmate user in the system   

  • Secure key sharing

    • Manyally pre-share the key

    • Use public key cryptography (PKC)

  • Secure communication

    • Confidentiality

    • Integrity

    • Non-repudiation

      • Digital signature

    • Anonymity

  • Common operations in cryptography

    • Two operations are constantly being used

      • Excluse-OR (XOR): bit-wise addition

      • Modulo operations: b = a mod n, which means b is the remainder of a divided by n

  • Encryption

    • A process of generating and adding noises

    • Noise: uniformly random bits

    • A key metric to evaluate an encryption algorithm

  • Secret-key/symmetric-key encryption

    • Pseudorandom generators/function/permutation

  • Public-key/asymmetric-key encryption

    • Randomness generation relies on mathematically-hard problems

  • Shift cipher

    • Caesar’s sipher (shift cipher)

    • Not secure

  • Vigenere Cipher

    • Can generate a huge key space

    • Computationally very expensive for the brute-force attack

  • Cryptoanalysis

    • Frequency attack

      • The longer the ciphertext is, the more accurate hte guess will be

      • Facilitate the decryption by knowing more frequency information of the target writing

  • In general, deterministic encryption is not secure

    • Small key space: vulnerable to brute-force

    • Large key space: cryptoanalysis, frequency analysis

  • If confidentiality is the primary concern, avoid using deterministic encryption

    • Follow the standard (a randmoized encryption scheme)

    • Deterministic encryption can be useful in specific applications

  • Kerckhoff’s principle

    • Key is the ONLY SECRET

    • Key should be CHOSEN RANDOMLY

    • Easier to protect the key than the encryption algorithm

    • Easier to change the key once it is leaked

    • Facilitate standardization and wide adoption through public review/scrutiny

  • Three steps to define and prove the security of the proposed cryptographic design

    • Have a clear and realistic system/threat models

    • Propose a scheme with detail

    • Prove that it is difficult to break the scheme under the defined threat model

      • Security guarantee is always conditional