Introduction to Cryptography

Christopher Martin

What is Cryptography?
There are two kinds of cryptography in the world: the
kind that will keep your kid sister from reading your
files, and the kind that will keep major governments
from reading your files
- Bruce Schneier, preface to Applied Cryptography
Cryptography is the science of keeping things secret,
this is known formally as confidentiality.

Cryptography can be asked to do other things as well.

But what can crypto do for me?

Authentication
Proof of identity

Integrity
Proof of content

Nonrepudiation
Proof of transmission

Terminology
1. Plaintext or Cleartext

The message

2. Ciphertext

The encrypted message

3. Encryption or Enciphering

The process of turning plaintext into ciphertext

E(M) = C

4. Decryption or Deciphering

The opposite of the above

D(C) = M or D(E(M)) = M

Son of Terminology
1. Cryptography

Art and science of keeping secrets secret

Practitioners are called Cryptographers

2. Cryptanalysis

The art and science of making secrets not.

Breaking Cryptography
Practitioners are called Cryptanalysts

3. Cryptology

The branch of mathematics that encompasses

both of the above.
Practitioners are called Cryptologists

Return of Son of Terminology

1. Key

The shared secret used to keep the message

secret.
Can be one value from any sized range, called the
keyspace

2. Cryptographic Algorithm

The series of steps applied to the message and

the key
Also called a cipher

3. Cryptosystem

A single algorithm, plus all possible plaintexts,

ciphertexts, and keys

A brief digression on secrecy

All secrecy resides in the key
Kerchoffs Law

Restricted Algorithms

Types of encryption algorithms

Asymmetric
Also known as public key
Uses two keys, public and private

Symmetric
Uses one key that is shared between parties

Historical/Classical
Substitution ciphers, polyalphabetic cipers, codes

Hash
Not technically encryption algorithms but are part
of cryptography

Symmetric Encryption
Ek(M) = C, Dk(C) = M, Dk(Ek(M)) = M
The encryption key can be calculated from the
decryption key, and vice versa
Usually, however, there is only one key

The primary Achilles heel is that the key must be

shared between n parties
DES, 3DES, Blowfish, Twofish, Serpent, IDEA, AES
(Rijndael)
Can operate in two modes: stream and block, and
most modern algorithms have variable key size

One Time Pads

Subset of Symmetric ciphers
Offers theoretically perfect security
Key is comprised of a large sheet of truly
random letters.
Each key is used only once
Encryption is the addition modulo 26 of the
key letter, and the plaintext letter

Asymmetric Encryption
Ek-pub(M) = C, Dk-priv(C) = M,
Dk-priv(Ek-pub(M)) = M
Given the public key, it is computationally
infeasible to calculate the private key
Can also be used for digital signatures
Examples: RSA, DSA, ElGamal,Diffe-Hellman

Hashing Algorithms
Hashing is about integrity
There is no key involved in hashing
Takes an arbitrary sized input, and produces a
unique fixed size output
The smallest change in the input should produce a
totally different output

The process is non reversible

Examples: MD4, MD5, SHA-1, SHA-128,
SHA-256

Attacking Cryptography
Cryptanalysis
Ciphertext Only Attack
Known Plaintext Attack
Chosen Plaintext Attack
Adaptive chosen plaintext

Chosen Ciphertext Attack

Chosen Key Attack
Rubber Hose Cryptanalysis

Where to use cryptography?

Anywhere you want to have something remain
secret
SSL, TLS, IPv6, SSH, IPSec all keep information
secure in transit
Any Symmetric Algorithm can keep your files safe
in storage
There are file systems available that will encrypt your
data on the fly. EncFS and Loop-AES for unix, EFS for
windows, FileVault for Mac OS X
You can add encryption at the application level, or at the
server level for storing database information securely

Where can I get cryptography?

Your best bet it to have it bundled with the
Operating System, or to buy supported add-on
hardware that does what you want.
OpenBSD is the de facto standard for operating
system supported cryptography.

Add on libraries like OpenSSL and

libTomCrypt are also available for most unix
like platforms.
Roll Your Own
Not really recommended unless you are an expert

Conclusions
Cryptography is only one part of a multi
layered security system
Its not a magic bullet
Its fun

Sources
1. Applied Cryptography, Bruce Schneier
1996, Wiley and Sons
2. Practical Cryptography, Bruce Schneier
and Niels Ferguson
2003, Wiley Publishing
3. Silence on the Wire, Michael Zalewski
2005, No Starch Press