Introduction to Cryptography

Cryptography is the science and practice of securing communication and data through encryption and decryption techniques. It ensures confidentiality, integrity, authentication, and non-repudiation of information.

Historical Background

  • Ancient Cryptography: Caesar cipher, Scytale, Substitution ciphers
  • World War Era: Enigma machine, Lorenz cipher
  • Modern Cryptography: DES, AES, RSA, Elliptic Curve Cryptography

Objectives of Cryptography

  • Confidentiality: Preventing unauthorized access to information
  • Integrity: Ensuring data hasn't been altered
  • Authentication: Verifying identity of communicating parties
  • Non-repudiation: Preventing denial of previous actions

Basic Cryptography Concepts

Understanding fundamental terminology is essential for studying cryptography.

Key Terminology

  • Plaintext: Original readable message or data
  • Ciphertext: Encrypted unreadable message
  • Encryption: Process of converting plaintext to ciphertext
  • Decryption: Process of converting ciphertext to plaintext
  • Key: Secret value used for encryption and decryption
  • Algorithm: Mathematical procedure for encryption/decryption
  • Cryptanalysis: Study of breaking cryptographic systems

Basic Encryption Process

Plaintext → [Encryption Algorithm + Key] → Ciphertext

Ciphertext → [Decryption Algorithm + Key] → Plaintext

Note: The security of a cryptographic system should depend only on the secrecy of the key, not the secrecy of the algorithm (Kerckhoffs's Principle).

Symmetric Key Encryption

Symmetric encryption uses the same key for both encryption and decryption.

Characteristics

  • Single shared secret key
  • Faster than asymmetric encryption
  • Suitable for bulk data encryption
  • Key distribution problem

Types of Symmetric Ciphers

Stream Ciphers

Encrypt data one bit or byte at a time

  • RC4: Fast but vulnerable to attacks
  • A5/1: Used in GSM mobile phones

Block Ciphers

Encrypt data in fixed-size blocks

  • DES: 56-bit key, now considered insecure
  • 3DES: Triple DES with 168-bit effective key
  • AES: Current standard with 128, 192, or 256-bit keys
  • Blowfish: Fast, unpatented algorithm

Block Cipher Modes of Operation

  • ECB (Electronic Codebook): Simple but insecure
  • CBC (Cipher Block Chaining): Each block XORed with previous ciphertext
  • CFB (Cipher Feedback): Turns block cipher into stream cipher
  • OFB (Output Feedback): Similar to CFB but different feedback
  • CTR (Counter): Uses counter for encryption

Asymmetric Key Encryption

Asymmetric encryption uses different keys for encryption and decryption (public and private keys).

Key Concepts

  • Public Key: Freely distributed, used for encryption
  • Private Key: Kept secret, used for decryption
  • Key Pair: Mathematically related public and private keys

Common Asymmetric Algorithms

RSA (Rivest-Shamir-Adleman)

Based on the difficulty of factoring large numbers

  • Most widely used asymmetric algorithm
  • Used for encryption and digital signatures
  • Key sizes: 1024, 2048, 4096 bits

Diffie-Hellman

Key exchange protocol, not encryption algorithm

  • Allows secure key exchange over insecure channel
  • Based on discrete logarithm problem

Elliptic Curve Cryptography (ECC)

Based on algebraic structure of elliptic curves

  • Smaller key sizes for same security level
  • Faster computation with less power
  • Ideal for mobile devices
Exam Tip: Remember that RSA is used for both encryption and digital signatures, while Diffie-Hellman is only for key exchange.

Symmetric vs Asymmetric Encryption

Understanding the differences between symmetric and asymmetric encryption is crucial.

Parameter Symmetric Encryption Asymmetric Encryption
Number of Keys Single key Key pair (public and private)
Key Distribution Difficult Easy (public key)
Speed Fast Slow
Resource Usage Low High
Use Cases Bulk data encryption Key exchange, digital signatures
Algorithms AES, DES, 3DES RSA, ECC, Diffie-Hellman
Important: In practice, hybrid cryptosystems are used where asymmetric encryption secures the exchange of a symmetric key, which is then used for bulk data encryption.

Cryptographic Hash Functions

Hash functions convert input data of any size to a fixed-size output (hash value).

Properties of Cryptographic Hash Functions

  • Deterministic: Same input always produces same output
  • Fast Computation: Hash value quick to compute
  • Pre-image Resistance: Hard to find input from output
  • Second Pre-image Resistance: Hard to find different input with same output
  • Collision Resistance: Hard to find two inputs with same output
  • Avalanche Effect: Small change in input causes significant change in output

Common Hash Algorithms

  • MD5: 128-bit hash, now considered broken
  • SHA-1: 160-bit hash, deprecated due to vulnerabilities
  • SHA-2: Family including SHA-256, SHA-512
  • SHA-3: Latest SHA standard

Applications of Hash Functions

  • Digital signatures
  • Password storage
  • Data integrity verification
  • Blockchain technology
  • Message authentication codes (MAC)

Digital Signatures

Digital signatures provide authentication, integrity, and non-repudiation for digital messages.

Digital Signature Process

  1. Sender creates hash of the message
  2. Sender encrypts the hash with their private key
  3. Encrypted hash is attached to the message as signature
  4. Receiver decrypts signature with sender's public key
  5. Receiver computes hash of received message
  6. If hashes match, signature is valid

Digital Signature Creation

Message → Hash Function → Hash → [Encrypt with Private Key] → Digital Signature

Digital Signature Verification

Message + Digital Signature → [Decrypt with Public Key] → Original Hash → Compare with Computed Hash

Note: Digital signatures don't provide confidentiality. If confidentiality is needed, the message must be encrypted separately.

Cryptographic Algorithms in Detail

Detailed understanding of major cryptographic algorithms.

DES (Data Encryption Standard)

  • Developed by IBM in 1970s
  • 64-bit block size, 56-bit key
  • 16 rounds of Feistel network
  • Broken by brute force attacks

AES (Advanced Encryption Standard)

  • Selected by NIST in 2001
  • 128-bit block size
  • Key sizes: 128, 192, 256 bits
  • Rounds: 10, 12, or 14 based on key size
  • Uses substitution-permutation network

RSA Algorithm

  • Key generation based on large prime numbers
  • Encryption: C = Me mod n
  • Decryption: M = Cd mod n
  • Security relies on difficulty of factoring n
Exam Tip: Be familiar with the key sizes, block sizes, and number of rounds for major algorithms like DES, 3DES, and AES.

Cryptographic Attacks

Various methods used to break cryptographic systems.

Types of Cryptographic Attacks

Attack Type Description Prevention
Brute Force Trying all possible keys Use longer keys
Man-in-the-Middle Intercepting and altering communication Authentication, digital certificates
Birthday Attack Finding hash collisions Use stronger hash functions
Side-channel Attack Exploiting physical implementation Secure implementation
Replay Attack Repeating valid transmission Timestamps, sequence numbers
Dictionary Attack Trying common passwords Strong password policies
Important: The security of a cryptographic system should be measured by the time and resources required to break it, not by the complexity of the algorithm.

Public Key Infrastructure (PKI)

PKI provides a framework for managing digital certificates and public-key encryption.

PKI Components

  • Certificate Authority (CA): Issues and verifies digital certificates
  • Registration Authority (RA): Verifies identity before CA issues certificate
  • Digital Certificate: Electronic document binding public key to identity
  • Certificate Repository: Database of certificates
  • Certificate Revocation List (CRL): List of revoked certificates

Digital Certificate Contents

  • Version number
  • Serial number
  • Signature algorithm
  • Issuer name
  • Validity period
  • Subject name
  • Subject public key
  • Extensions
  • Digital signature

X.509 Standard

Most common format for digital certificates, defining the structure and content.

SSL/TLS Protocols

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) provide secure communication over networks.

TLS Handshake Process

  1. Client hello: Supported cipher suites, random number
  2. Server hello: Selected cipher suite, random number, certificate
  3. Authentication: Client verifies server certificate
  4. Key exchange: Pre-master secret exchange
  5. Key generation: Master secret derived from pre-master secret
  6. Finished: Encryption begins with session keys

TLS Versions

  • SSL 1.0: Never released publicly
  • SSL 2.0: Released 1995, deprecated
  • SSL 3.0: Released 1996, deprecated
  • TLS 1.0: SSL 3.1, deprecated
  • TLS 1.1: Added protection against CBC attacks
  • TLS 1.2: Current widely used version
  • TLS 1.3: Latest version with improved security
Exam Tip: Understand that TLS is the successor to SSL and that SSL is now considered insecure and deprecated.

Applications of Cryptography

Cryptography is used in various real-world applications to ensure security.

Common Applications

  • Secure Web Browsing: HTTPS using SSL/TLS
  • Email Security: PGP, S/MIME
  • Virtual Private Networks (VPN): IPsec, SSL VPN
  • Digital Currency: Blockchain, Bitcoin
  • Password Storage: Hashed passwords with salt
  • Digital Rights Management (DRM): Content protection
  • Secure File Transfer: SFTP, SCP

Emerging Applications

  • Homomorphic encryption: Computation on encrypted data
  • Quantum cryptography: Quantum key distribution
  • Post-quantum cryptography: Resistant to quantum computer attacks
  • Zero-knowledge proofs: Prove knowledge without revealing information