Cryptography
Symmetric
Symmetric Cryptography
- Encryption gives us confidentiality
- Symmetric encryption
- Same key to encrypt and to decrypt
Used for general communication as its quick and easy
- Implemented using block ciphers or stream ciphers
- No "proof" of security
Stream Ciphers
- Use an initial seed key to generate an infinite keystream of random looking bits
- Message and keystream are usually combined using XOR which is reversible if applied twice
Advantages
- Encrypting long continuous streams, possibly of unknown length
- Extremely fast with a low memory footprint, ideal for low-power devices
- If designed well, can seek to any location in the stream
Disadvantages
- Keystream must appear statistically random
- Steam ciphers do not protect the ciphertext
Block Ciphers
- Use a key to encrypt a fixed-size block of plaintext into a fixed-size block of ciphertext
- Different lengths of messages can be handled by splitting the message up, and padding
Key Mixing - Mixing in the key prevents attacks from reversing the process
Symmetric Algorithms
- DES was used from 1970s to 2000
- 3DES (using DES 3 times) is sometimes used in legacy systems
- AES and ChaCha2- are the only two ciphers used in TLS 1.3
Key Sizes
- Symmetric encryption (if secure) is only susceptible to brute force
- 128 bits key means 2^128 required to brute-force
Asymmetric
Public-key Cryptography
- Two keys: a private and a public one
- Used key exchange and signatures
- It is much more expensive
- Key management easier
It is computationally infeasible to calculate a private from a public key
In practice this is achieved through reduction to intractable (NP) mathematical problems
Key Exchange
- Diffie-Hellman Key exchange allows two parties to mathematically agree a shared secret over an insecure channel
Digital Signatures
- The authenticity of signatures generated by the private key can be verified by the public key
Public Key Certificates
Protocols
TLS
- TLS is a handshake and record protocol that provides end-to-end encryption. It is used in HTTPs
- Provides - Confidentiality, Integrity, Sever Auth