P. 1
Cryptography

# Cryptography

|Views: 40|Likes:

See more
See less

11/14/2010

pdf

text

original

# Cryptography

Cryptography is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and engineering. The most general term is cryptology and not cryptography.

Cryptology

Cryptography

Cryptanalysis

Symmetric Ciphers

Asymmetric Ciphers

Protocols

Figure 1: Overview of fields of Cryptology Cryptology splits into two main branches: Cryptography is the science of secret writing with the goal of hiding the meaning of a message. Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key. In non-technical language, this is the practice of code-breaking or cracking the code. Cryptanalysis is the study of taking encrypted data, and trying to decrypt it without use of the key. The other side of cryptography, cryptanalysis is used to break codes by finding weaknesses within it. Cryptology prior to the modern age was almost synonymous with encryption, the conversion of information from a readable state to nonsense. The sender retained the ability to decrypt the information and therefore avoid unwanted persons being able to read it.

Classic cryptography
The earliest forms of secret writing required little more than local pen and paper analogs, as most people could not read. More literacy, or literate opponents, required actual cryptography. The main classical cipher types are transposition ciphers, which rearrange the order of letters in a message (e.g., 'hello world' becomes 'ehlol owrdl' in a trivially simple rearrangement scheme), and substitution ciphers, which systematically replace letters or groups of letters with other letters or groups of letters. Cipher-texts produced by a classical cipher (and some modern ciphers) always reveal statistical information about the plaintext, which can often be used to break them. After the discovery of frequency analysis perhaps by the Arab mathematician and polymath, Al-Kindi (also known as Alkindus), in the 9th century, nearly all such ciphers

became more or less readily breakable by any informed attacker. Such classical ciphers still enjoy popularity today, though mostly as puzzles.

Modern cryptography
Modern cryptography is a remarkable discipline. It is a cornerstone of computer and communications security, with end products that are imminently practical. The modern field of cryptography can be divided into several areas of study: symmetric cryptography and asymmetric cryptography.

Symmetric Cryptography
Symmetric Algorithms are what many people assume cryptography is about: two parties have an encryption and decryption method for which they share a secret key. All cryptography from ancient times until 1976 was exclusively based on symmetric methods. Symmetric ciphers are still in widespread use, especially for data encryption and integrity check of messages. Symmetric cryptographic schemes are also referred to as symmetric-key, secret-key, and single-key schemes or algorithms. Symmetric cryptography is best introduced with an easy to understand problem: There are two users, Alice and Bob, who want to communicate over an insecure channel (Figure 2). The term channel might sound a bit abstract but it is just a general term for the communication link: This can be the Internet, a stretch of air in the case of mobile phones or wireless LAN communication, or any other communication media you can think of. The actual problem starts with the bad guy, Oscar, who has access to the channel, for instance, by hacking into an Internet router or by listening to the radio signals of a Wi-Fi communication. This type of unauthorized listening is called eavesdropping. Obviously, this situation can be more problematic for Alice and Bob if instead of simple communication they are exchanging some important document of business.

Alice (good)

X

Insecure channel (e.g. internet)

X

Bob (good)

Figure 2: Communication over insecure channel

In this situation, symmetric cryptography offers a powerful solution: Alice encrypts her message x using a symmetric algorithm, yielding the ciphertext y. Bob receives the ciphertext and decrypts the message. Decryption is, thus, the inverse process of encryption (Figure 3).What is the advantage? If we have a strong encryption algorithm, the ciphertext will look like random bits to Oscar and will contain no information whatsoever that is useful to him.

Alice (good)

X

encryption e() K

Y

Insecure channel (e.g. internet)

Y

decryption e() K

X

Bob (good)

Secure Channel

Figure 3: Symmetric-Key Cryptosystem The variables x, y and k in Figure 3 are important in cryptography and have special names: • • • • x is called plaintext or clear-text, y is called ciphertext, k is called the key, the set of all possible keys is called the key space.

The system needs a secure channel for distribution of the key between Alice and Bob. The secure channel shown in Figure 3 can, for instance, be a human who is transporting the key in a wallet between Alice and Bob. This is, of course, a somewhat cumbersome method. An example where this method works nicely is the preshared keys used in Wi-Fi Protected Access (WPA) encryption in wireless LANs.
Types of symmetric-key algorithms

Symmetric-key algorithms can be divided into stream ciphers and block ciphers. Stream ciphers encrypt the bits of the message one at a time, and block ciphers take a number of bits and encrypt them as a single unit. Blocks of 64 bits have been commonly used. The Advanced Encryption Standard (AES) algorithm approved by NrIST in December 2001 uses 128-bit blocks. Some examples of popular and well-respected symmetric algorithms include Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, RC4, TDES, and IDEA.

Asymmetric (or Public-Key) Algorithms
In 1976 an entirely different type of cipher was introduced by Whitfield Diffie, Martin Hellman and Ralph Merkle. In public-key cryptography, a user possesses a secret key as in symmetric cryptography but also a public key. Asymmetric algorithms can be used for applications such as digital signatures and key establishment, and also for classical data encryption. Unlike symmetric key algorithms, it does not require a secure initial exchange of one or more secret keys to both sender and receiver. The asymmetric key algorithms are used to create a mathematically related key pair: a secret private key, this key must be known only by its owner; and a published public key, this key is known to everyone (it is public). What one key encrypts, the other one decrypts, and vice versa. That means that if

you encrypt something with my public key (which you would know, because it's public :-), I would need my private key to decrypt the message.

Use of these keys allows protection of the authenticity of a message by creating a digital signature of a message using the private key, which can be verified using the public key. It also allows protection of the confidentiality and integrity of a message, by public key encryption, encrypting the message using the public key, which can only be decrypted using the private key.

Figure 4: Public-key Cryptography. The two main branches of public key cryptography are: Public key encryption: a message encrypted with a recipient's public key cannot be decrypted by anyone except a possessor of the matching private key—presumably, this will be the owner of that key and the person associated with the public key used. This is used for confidentiality.
Digital signatures: A message signed with a sender's private key can be verified by anyone who has access

to the sender's public key, thereby proving that the sender had access to the private key (and therefore is likely to be the person associated with the public key used), and the part of the message that has not been tampered with.

A central problem for use of public-key cryptography is confidence (ideally proof) that a public key is correct, belongs to the person or entity claimed (i.e., is 'authentic'), and has not been tampered with or replaced by a malicious third party. The usual approach to this problem is to use a public-key infrastructure (PKI), in which one or more third parties, known as certificate authorities, certify ownership of key pairs.

Digital Signature
A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. Authentic means that you know who created the document and you know that it has not been altered in any way since that person created it. Digital signatures employ a type of asymmetric cryptography. For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. A digital signature scheme typically consists of three algorithms: A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key. A signing algorithm that, given a message and a private key, produces a signature (or a digest). A signature verifying algorithm that, given a message, public key and a signature, either accepts or rejects the message's claim to authenticity. The digital signature for a message is generated in two steps: 1. A message digest is generated. A message digest is a 'summary' of the message we are going to transmit, and has two important properties: (1) It is always smaller than the message itself and (2) Even the slightest change in the message produces a different digest. The message digest is generated using a set of hashing algorithms. 2. The message digest is encrypted using the sender's private key. The resulting encrypted message digest is the digital signature. The digital signature is attached to the message, and sent to the receiver. The receiver then does the following: 1. Using the sender's public key, decrypts the digital signature to obtain the message digest generated by the sender. 2. Uses the same message digest algorithm used by the sender to generate a message digest of the received message. 3. Compares both message digests (the one sent by the sender as a digital signature, and the one generated by the receiver). If they are not exactly the same, the message has been tampered with by a third party.

Figure 5: How a simple digital signature is applied and then verified. gnature The Digital Signature Standard (DSS) is based on a type of public key encryption method that uses the Digital Signature Algorithm (DSA). DSS is the format for digital signatures that has been endorsed by the US . government. The DSA algorithm consists of a private key that only the originator of the document (signer) knows and a public key.

scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->