Intro to Cryptography (Part 1 of 3)

This is the quick-hit version of the first of three parts of Introduction to Cryptography training I gave.  As with all of the formal training, you can use the below for a quick reference, or view the full presentation here.

Why Does Cryptography Matter?

  • Cryptography is about protecting information. A better question is why does information matter? Are any of the following sensitive to you?
    • Financial details and transactions
    • Medical records
    • Private “adult” communications
    • Gender identity
    • Discussions with lawyers
    • Regime change
    • Freedom of expression

Key Terms and Concepts

  • Alice
    • In cryptography, Alice is the name often given to one of the two communicating parties.
  • Bob
    • The name of the other communicating party.
  • Eve
    • In cryptography, the eavesdropper/attacker of a communication.
  • Plaintext
    • Something that can be read or understood.
  • Ciphertext
    • Something that has been rendered so it cannot be read or understood, e.g.:
      U29tZXRoaW5nIHRoYXQgY2FuIGJlIHJlYWQgb3IgdW5kZXJzdG9vZC4K
  • Nonce
    • Something that is designed to be used once. Normally used to prevent replay attacks.
  • Signal to Noise Ratio (SNR)
    • How apparent an item of interest (a signal) is relative to the rest of the environment (the noise).
  • Non-Repudiation
    • How we prove that it was really Bob who said Alice is mean, and not Eve just being all Eve.
  • Avalanche Effect
    • A desirable feature in cryptography, in which small changes cause large variations in output.
  • Key Space
    • The number of potential inputs or outputs.
  • Collision
    • When two different inputs create the same output.
  • Attack Cost
    • How much it costs in either time, processing power, or money to defeat a system’s intended purpose.
  • Entropy
    • How random something appears to be. Higher entropy makes cryptanalysis and signal detection more difficult.
  • XOR
    • An “eXclusive OR” operation, in which two binary inputs return a binary “1” output if and only if they are different. In other words:
      XOR(0,0) = 0
      XOR(0,1) = 1
      XOR(1,0) = 1
      XOR(1,1) = 0
    • This varies from a traditional ”OR” operation, in which either input containing a “1” would give a “1” result, e.g.:
      OR(0,0) = 0
      OR(0,1) = 1
      OR(1,0) = 1
      OR(1,1) = 1
  • Function
    • A defined algorithm which specifies how data is calculated or transformed.
  • Operation
    • A single mathematical computation based upon an input and a function.
  • Round
    • A series of operations joined together which encompasses a complete set of data calculations or processing. Algorithms often use multiple rounds to increase entropy or the avalanche effect.
  • Block
    • A unit of data with a fixed size. For example dividing a 1024 byte file into 128 bit blocks would yield 64 blocks (1024 bytes = 8192 bits / 128 bits = 64 blocks).
  • Padding
    • The process of adding data (random or otherwise) to a block to fill it to the required size. Used when the data doesn’t perfectly fit. For example, dividing a 1027 byte file into 128 bit blocks would yield 65 blocks, but only 24 of the final 128 bits would be populated; the remainder would need to be padded.
  • Seed
    • The process of pre-filling or selecting values for a cryptographic algorithm. For example, the initial state of a hash result is often seeded to a NUMS number.
  • Nothing Up My Sleeve (NUMS) Numbers
    • My all-time favorite cryptographic term. J
    • Numbers that are selected to set an initial state, seed a process, or pad something which are intuitively not trying to subvert the system, e.g.:
      • 1010101010101010
      • 0000000000000000
      • 1111111111111111
      • 1111000011110000
      • 000001010011100 (etc)
  • Steganography
    • Hiding data within otherwise usable/observable content, such that extracting the hidden data requires knowledge of the method and source of the data.
  • Salt
    • A bit of random data that is appended to a plaintext to prevent rainbow table attacks. Salts are typically stored in cleartext along with the resultant hash.
  • Pepper
    • A bit of non-random data this is appended to a password before the salting, e.g.:

      AUTHENTICATOR = ${SALT}:${VERIFIER}
      VERIFIER = hash(${PEPPER} + ${PASSWORD})

    • This further complicates password recovery by making the credentials system/service-specific.

Integrity vs Confidentiality

  • Confidentiality is ensuring that only the intended recipients of a message can receive it.
  • Integrity is ensuring that the message which is received by a party has not been modified in any way, and that any modification is apparent.

Ceasar Cipher

  • Define a number of alphabetical characters to rotate, then wrap from A-Z for any overlap. Reverse for decryption.
  • The number (e.g. ROT-13) specifies the number of characters to rotate. For example, ROT-1 would turn this:
    I can hax stuff goodly.
    Into this:
    J dbo iby tuvgg hppemz.

Substitution Ciphers

  • Each character has a different character mapping. It’s the basic concept of a magic decoder ring. For example, if we did a reverse mapping, e.g.:
    ABCDEFGHIJKLMNOPQRSTUVWXZY
    to
    ZYXWVUTSRQPONMLKJIHGFEDCBA
  • Then the phrase
    I can hax stuff goodly
    turns to:
    S xzm rzc hgfuu tllwob

Vernam/Vignere Ciphers

  • A rotational cipher where the amount of rotation changes with each character. In theory, the only 100% non-breakable form of encryption when the encrypting key material is lost. The key must be as long as or longer than then the plaintext to achieve this attribute (non-breakable)!
  • Assume that A=1, B=2, C=3, etc.
  • Encrypting this:
    I can hax goodly
    with this:
    No you can’t you idiot
    Yields this:
    V qyb bcx thmrfg

Base64

  • A method of transmitting binary data using only ASCII printable characters.
  • Each set of three bytes (24 bits) is broken down to a set of four 6 bit values, then remapped to a printable ASCII set.
  • Decryption goes the opposite way.
  • Example:
    “ABC” in binary is 01000001 01000010 01000011
    Broken into 6 bits: 010000   010100    001001    000011
    Mapped to Base64: “QUJD”
  • Three characters make the block, so it’s bit position dependent:
    base64encode(“ABCDEFGHI”) = QUJDREVGR0hJ
    base64encode(“ABCDEFABC”) = QUJDREVGQUJD

Hashing vs. Encrypting

  • Encrypting is taking information from one form and converting it into a second form, such that the process is reversible (e.g. it’s possible to take the second form and revert back to the first).
  • Hashing is similar to fingerprinting, where the objective is to make any given input give a unique output, but in a consistent format. The challenge lies in having a small enough identifier to be useful while reducing the probability of collision.

Asymmetric vs. Symmetric Encryption

  • Symmetric encryption requires that all parties have the same magic decoder ring. Non-repudiation doesn’t exist, because everyone uses the same material to encrypt and decrypt. It’s simple to manage, however.
  • Asymmetric encryption uses mathematically related keys, meaning that a different key is used to decrypt than was used to encrypt. This makes non-repudiation possible (we’ll discuss this in more detail next week). In short, you can give away a copy of one key to everyone in the world, but only you can decrypt the result.  It’s more difficult to manage, however, because you have to encrypt to each recipient (and thus by extension have to have a key for each of them).

XX