Introduction to Cryptography – C839 notes to share PDF

Preview

Summary

Introduction to Cryptography...

Description

Introduction to Cryptography – C839 notes to share Symmetric algorithm. Designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. Uses a block size of 128 bits and key sizes of 128, 192, or 256 bits. It is a Feistel cipher. Twofish Symmetric algorithm. Designed by James Massey and Xuejia Lai. Operates on 64 bit blocks and has a 128 bit key. Consists of 8 identical transformations each round and an output transformation. IDEA Symmetric algorithm. Created in 1996 by Carlisle Adams and Stafford Tavares. Operates on 64 bit blocks and has a key size of 40-128 bits. Typically used in GPG and PGP. Encryption is either 12 or 16 rounds. CAST-128

Designed by Carlisle Adams, Stafford Tavares, Howard Heys, and Michael Wiener. Operates on 128 bit blocks and has a key size of 128, 160, 192, 224 or 256 bits. Encryption has 48 rounds. CAST-256

Symmetric algorithm. Designed by NSA for the clipper chip - a chip with built in encryption. The decryption key was kept in key escrow in case law enforcement needed to decrypt data without the owner's cooperation, making it highly controversial. Uses an 80 bit key to encrypt/decrypt 64 bit data blocks. It is an unbalanced Feistel network with 32 rounds. Skipjack

Hash. Created by Ronald Rivest. 128 bit output size, 512 bit block size, 32 bit word size, 3 rounds. Considered very insecure. MD4

Hash. Created by Ronald Rivest. Replaced MD4. 128 bit output size, 512 bit block size, 32 bit word size, 64 rounds. Infamously compromised by Flame malware in 2012.

MD5

Secure Hashing Algorithm. Designed by NSA. 160 bit output size, 512 bit block size, 40 bit word size, 80 rounds. SHA-1

Secure Hashing Algorithm. Designed by NSA. 224/256 bit output size, 512 bit block size, 56 bit word size, 64 rounds. SHA-224/SHA-256

Secure Hashing Algorithm. Designed by NSA. 384/512/224/256 bit output size, 1024 bit block size, 64 bit word size, 80 rounds. SHA-384, SHA-512, SHA-512/224, SHA-512/256

Secure Hashing Algorithm. Designed by NSA. 224/256/384/512 bit output size, up to 1600 bit block size, 64 bit word size, 24 rounds. SHA-3

Hash. Created by Ross Anderson and Eli Baham. 192/160/128 bit output size, 512 bit block size, 53 bit word size, 24 rounds. TIGER

Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 128 bit output size, 512 bit block size, 32 bit word size, 48 rounds. In 2004, a collision was discovered. RIPEMD

Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 128/256 bit output size, 512 bit block size, 32 bit word size, 64 rounds. RIPEMD-128/256

Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 160 bit output size, 512 bit block size, 32 bit word size, 80 rounds. RIPEMD-160 Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 320 bit output size, 512 bit block size, 32 bit word size, 80 rounds. RIPEMD-320 Developed in 1977 by three mathematicians, Ron Rivest, Adi Shamir, and Len Adleman. Based on the practical difficulty of factoring the product of two large prime numbers. Key sizes are typically 1024 4096 bits. RSA Based on Diffie-Helmann and was invented in 1984 by Taher Elgamal. It is used in PGP implementations and GNU Privacy Guard software. The algorithm is comprised of 3 parts: the key generator, the encryption algorithm, and the decryption algorithm. This was made publicly available. ElGamal

Created by Philip Zimmermann in the 1990s. Sold to Symantec. PGP is a piece of software to allow the average person to encrypt and decrypt easily. It uses certificates. Typically used to encrypt e-mail. PGP

Invented by the Hebrew. Single substitution monoalphabetic cipher that substitutes each letter with it's reverse (a and z, b and y, etc). Atbash Cipher

Explanation Correct answer: Asymmetric Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, which may be disseminated widely, and private keys, which are known only to the owner. The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. Effective security only requires keeping the private key private; the public key can be openly distributed without compromising security. Incorrect answers: Symmetric - Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. Block cipher - A block cipher is a deterministic algorithm operating on fixed-length groups of bits, called blocks. It uses an unvarying transformation, that is, it uses a symmetric key. Stream cipher - A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream.

AES is a subset of the Rijndael block cipher developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen, who submitted a proposal to NIST during the AES selection process. Rijndael is a family of ciphers with different key and block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.

The RSA encryption algorithm is one of the most widely used public key encryption algorithms that have ever been invented. It was created by the three scientists Ronald Rivest, Adi Shamir, and Leonard Adleman in 1977, and today it is increasingly being used in the network area. Incorrect answers: Caesar Cipher - Monoalphabetic cipher where letters are shifted one or more letters in either direction. The method is named after Julius Caesar, who used it in his private correspondence. Vigenere - Multi alphabet cipher Invented by Giovan Battista Bellaso in middle 1553. Vigenere created a stronger version of the cipher. Combining/Weaving Caesar cipher. Not cracked until late 1800s. Widely used from 16th century to early 20th century. It is a cipher square with A to Z across all the columns and rows. You then use a keyword to encrypt the message

DES - The Data Encryption Standard is a symmetric-key algorithm for the encryption of digital data.

Explanation Correct answer: Rijndael https://en.wikipedia.org/wiki/Advanced_Encryption_Standard The Advanced Encryption Standard (AES), also known by its original name Rijndael. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. Incorrect answers: ECC - Elliptic-curve cryptography is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide equivalent security. Diffie–Hellman - key exchange is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as conceived by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. RSA - Rivest–Shamir–Adleman is a public-key cryptosystem that is widely used for secure data transmission. It is also one of the oldest. The acronym RSA comes from the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who publicly described the algorithm in 1977.

DES has a key space of what? 2^56

The Vigenère cipher is a method of encrypting alphabetic text by using a series of interwoven Caesar ciphers, based on the letters of a keyword. It employs a form of polyalphabetic substitution. First described by Giovan Battista Bellaso in 1553, the cipher is easy to understand and implement, but it resisted all attempts to break it until 1863, three centuries later. This earned it the description le chiffre indéchiffrable (French for 'the indecipherable cipher'). Many people have tried to implement encryption schemes that are essentially Vigenère ciphers. In 1863, Friedrich Kasiski was the first to publish a general method of deciphering Vigenère ciphers.

The Vigenère cipher is a method of encrypting alphabetic text by using a series of interwoven Caesar ciphers, based on the letters of a keyword. It employs a form of polyalphabetic substitution.

First described by Giovan Battista Bellaso in 1553, the cipher is easy to understand and implement, but it resisted all attempts to break it until 1863, three centuries later. This earned it the description le chiffre indéchiffrable (French for 'the indecipherable cipher'). Many people have tried to implement encryption schemes that are essentially Vigenère ciphers. In 1863, Friedrich Kasiski was the first to publish a general method of deciphering Vigenère ciphers. Incorrect answers: Caesar - Monoalphabetic cipher where letters are shifted one or more letters in either direction. The method is named after Julius Caesar, who used it in his private correspondence. Atbash - Single substitution monoalphabetic cipher that substitutes each letter with its reverse (a and z, b and y, etc). Scytale - Transposition cipher. A staff with papyrus or letter wrapped around it so edges would line up. There would be a stream of characters which would show you your message. When unwound it would be a random string of characters. Would need an identical size staff on other end for other individuals to decode message. Global deduction — the attacker discovers a functionally equivalent algorithm for encryption and decryption, but without learning the key.

Incorrect answers: Instance (local) deduction — the attacker discovers additional plaintexts (or ciphertexts) not previously known. Information deduction — the attacker gains some Shannon information about plaintexts (or ciphertexts) not previously known. Total break — the attacker deduces the secret key.

Explanation Correct answer: Online Certificate Status Protocol (OCSP) https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track. It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI).

Incorrect answers: Public Key Infrastructure (PKI) - set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred. Registration Authority (RA) - сomponent of PKI that validates the identity of an entity requesting a digital certificate. Server-based Certificate Validation Protocol (SCVP) - Internet protocol for determining the path between an X.509 digital certificate and a trusted root (Delegated Path Discovery) and the validation of that path (Delegated Path Validation) according to a particular validation policy.

https://en.wikipedia.org/wiki/RSA_(cryptosystem) RSA Encrypting a message m (number) with the public key (n, e) is calculated: M' := m^e %n

Incorrect answers: Decrypting with RSA: M'' := m^d %n

Generation Mersenne primes: Mn = 2^n - 1

Encrypting with Elliptic Curve (EC): y^2 = x^3 + ax + b

Explanation

Correct answer: Chosen Plaintext Attack https://en.wikipedia.org/wiki/Chosen-plaintext_attack A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which presumes that the attacker can obtain the ciphertexts for arbitrary plaintexts. The goal of the attack is to gain information that reduces the security of the encryption scheme. Incorrect answers: Rainbow Tables - precomputed table for caching the output of cryptographic hash functions, usually for cracking password hashes. Transposition - swapping blocks of text. Steganography - the practice of concealing a file, message, image, or video within another file, message, image, or video.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, emails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as a hexadecimal number, 40 digits long. It was designed by the United States National Security Agency, and is a U.S. Federal Information Processing Standard.

Challenge-Handshake Authentication Protocol (CHAP) is an identity verification protocol that does not rely on sending a shared secret between the access-requesting party and the identity-verifying party (the authenticator). CHAP is based on a shared secret, but in order to authenticate, the authenticator sends a “challenge” message to the access-requesting party, which responds with a value calculated using a “one-way hash” function that takes as inputs the challenge and the shared secret. The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication succeeds, otherwise it fails. Following the establishment of an authenticated connection, the authenticator may send a challenge to the access-requesting party at random intervals, to which the access-requesting party will have to produce the correct response. Incorrect answers:

EAP - A framework that allows for creation of different ways to provide authentication, such as smart cards SPAP - Shiva Password Authentication Protocol, PAP with encryption for the usernames/passwords that are transmitted. PAP - Password Authentication Protocol. Used to authenticate users, but is no longer used because the information was sent in cleartext. Explanation Correct answer: TLS https://en.wikipedia.org/wiki/Mutual_authentication Mutual authentication or two-way authentication refers to two parties authenticating each other at the same time, being a default mode of authentication in some protocols (IKE, SSH) and optional in others (TLS). By default the TLS protocol only proves the identity of the server to the client using X.509 certificate and the authentication of the client to the server is left to the application layer. TLS also offers client-toserver authentication using client-side X.509 authentication. As it requires provisioning of the certificates to the clients and involves less user-friendly experience, it's rarely used in end-user applications. Explanation Correct answer: Random bits intermixed with a hash to increase randomness and reduce collisions https://en.wikipedia.org/wiki/Salt_(cryptography) Salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase. Salts are used to safeguard passwords in storage. Historically a password was stored in plaintext on a system, but over time additional safeguards were developed to protect a user's password against being read from the system. A salt is one of those methods. Incorrect answers: Key whitening - a technique used to increase the security of block ciphers. It consists of steps that combine the data with portions of the key (most commonly using a simple XOR) before the first round and after the last round of encryption. Key rotation - is when you retire an encryption key and replace that old key by generating a new cryptographic key. Rotating keys on a regular basis help meet industry standards and cryptographic best practices. Explanation

Correct answer: 512 https://en.wikipedia.org/wiki/FORK-256 FORK-256 was introduced at the 2005 NIST Hash workshop and published the following year.[6] FORK256 uses 512-bit blocks and implements preset constants that change after each repetition. Each block is hashed into a 256-bit block through four branches that divides each 512 block into sixteen 32-bit words that are further encrypted and rearranged

Explanation Correct answer: Digital Certificate https://en.wikipedia.org/wiki/Public_key_certificate A public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the ownership of a public key. The certificate includes information about the key, information about the identity of its owner (called the subject), and the digital signature of an entity that has verified the certificate's contents (called the issuer). Incorrect answers: OCSP - Provides certificate validation in real time and will let you know if it is valid or has been revoked. Registration Authority (RA) - сomponent of PKI that validates the identity of an entity requesting a digital certificate. Payload - In computing and telecommunications, the payload is the part of transmitted data that is the actual intended message. Headers and metadata are sent only to enable payload delivery. In the steganography - information to be concealed and sent secretly, or the data covertly communicated;

Explanation Correct answer: Skipjack https://en.wikipedia.org/wiki/Clipper_chip The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured “voice and data messages" with a built-in backdoor that was intended to “allow Federal, State, and local law enforcement officials the ability to decode

intercepted voice and data transmissions.". It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996. he Clipper chip used a data encryption algorithm called Skipjack to transmit information and the Diffie– Hellman key exchange-algorithm to distribute the cryptokeys between the peers. Skipjack was invented by the National Security Agency of the U.S. Government; this algorithm was initially classified SECRET, which prevented it from being subjected to peer review from the encryption research community. The government did state that it used an 80-bit key, that the algorithm was symmetric, and that it was similar to the DES algorithm. The Skipjack algorithm was declassified and published by the NSA on June 24, 1998. The initial cost of the chips was said to be $16 (unprogrammed) or $26 (programmed), with its logic designed by Mykotronx, and fabricated by VLSI Technology, Inc (see the VLSI logo on the image on this page).

Explanation Correct answer: A pseudo random number generator https://en.wikipedia.org/wiki/Linear_congruential_generator A linear congruential generator (LCG) is an algorithm that yields a sequence of pseudo-randomized numbers calculated with a discontinuous piecewise linear equation. The method represents one of the oldest and best-known pseudorandom number generator algorithms. The theory behind them is relatively easy to understand, and they are easily implemented and fast, especially on computer hardware which can provide modular arithmetic by storage-bit truncation. Explanation Correct answer: A pseudo random number generator https://en.wikipedia.org/wiki/Linear_congruential_generator A linear congruential generator (LCG) is an algorithm that yields a sequence of pseudo-randomized numbers calculated with a discontinuous piecewise linear equation. The method represents one of the oldest and best-known pseudorandom number generator algorithms. The theory behind them is relatively easy to...