Wuolah Free Resumen Crypto Final

resumen-crypto-final.
pdf
sandrauc3m2
Criptografía y Seguridad Informática
3º Grado en Ingeniería Informática
Escuela Politécnica Superior

Universidad Carlos III de Madrid
Reservados todos los derechos.

No se permite la explotación económica ni la transformación de esta obra. Queda permitida la impresión en su totalidad.
CRYPTOGRAPHY FINAL
1.INTRODUTION
THREATS (TYPES OF ATTACKS)
• INTERCEPTION: unauthorized user access data
• INTERRUPTION: assets become unusable
• MODIFICATION: modifies data
• GENERATION: generates something malicious
SECURITY GOALS
• CONFIDENTIALITY: avoid interception of data with a secret way of sharing data
(ALGORITHMS & KEYS)
• INTEGRITY: avoid modification of data (HASH)
• AVAILABILITY: avoid interruption (there is no cryptographic mechanism)
• AUTHENTICATION: check the identification to avoid generation (verify the
identity)
• NON-REPUDIATION: sender is provided with proof of delivery and receiver is
provided with proof of sender’s identity (DIGITAL SIGNATURES)
SECURITY MEASURES
• DEPENDING ON ACTION • TYPES
o Prevention o Physical (alarm)
o Detection o Technical (encryption)
o Response o Administrative (policies)
o Legal (Law of Personal
Data Protection)
Reservados todos los derechos. No se permite la explotación económica ni la transformación de esta obra. Queda permitida la impresión en su totalidad.
a64b0469ff35958ef4ab887a898bd50bdfbbe91a-5178413
2.MATHEMATICAL FOUNDATIONS
MODULAR ARITHMETIC
Zn set. For n>1, Zn is the set {0, 1, …, n-1}
INVERSE COMPUTATION
If a and n are coprime (gdc=1) there is a unique x such that:
a * x = 1 mod n => x = a-1 mod n
EULER’S THM
a ( n ) mod. n = 1 => a-1 = a( n ) - 1 mod n
E ULER T OTIENT F UNCTION  ( N )

Number of elements in Zn* (set of elements relatively prime to n: any
coprime number to n and smaller than n).
• ( p ) = p-1, p prime
• ( pk ) = pk-1 (p-1), p prime and k positive integer
• (pq) =  (p)  (q)
• ( n ) =  pi ki-1 (pi - 1), n=  pi ki
EXTENDED EUCLIDEAN ALGORITHM

By decomposing a and n until we obtain a formula of the form: 1 = A * a + B * n
Where A = a-1
CONGRUENCE EQUATIONS
POWERS OF AN INTEGER
All the results (remainders of n) of ai mod n for a given a and n and i∈{0, …, n-1}
GAUSSIAN W
The smallest exponent i that gives us the power of n 1.
If a w = 1 (mod n), w is the order of a w.r.t n
! The Gaussian can only be divisors of ( n ).
PRIMITIVE ROOTS
The primitive roots of a number are those numbers a (ai mod n) that can generate
the hole set of remainders of n. The gaussian is a generator if it is a primitive
root.
• Then the last power will be the gaussian
• The primitive roots must be < n
• The remainders generate the set Zn*
• A primitive root guarantees better security
DISCRETE LOGS
b = ax mod n => x = loga b mod n
If a is a primitive root x always exists.
GALOIS FIELD CG(2N)

Polynomials represented by {0,1}: x2+1 -> 101
• ADDITION c = a ± b mod 2 = a  b
• MULTIPLICATION polynomial/binary operation
• DIVISION polynomial/binary operation
• IMPORTANT 2 * xi mod 2 = 0
• IMPORTANT the solution is always positive
• INVERSES easier computation
o EULER THM: a -1 = aΦ(p(x)) – 1 mod (p(x))
o • Φ(p(x)) = 2n -1 ( # elements of GF(2n ) that are coprime with p(x))
o EXTENDED EUCLIDEAN ALG decompose until you get to 1 = A(x) a(x) + B(x)
p(x) where a -1 = A(x)
3.1.CLASSIC CRYPTOGRAPHY
BASIC TECHNIQUES
SUBSTITUTION
Each character is modified or substituted by another element. Numerical representation
of the alphabets
M ONOALPHABETIC
• MONOGRAPHIC
Substitution of 1 character by 1 of cipher E(m) = (am+b) mod n
a = decimation, b = shift, n = # letters in the alphabet
key = (a,b) and gdc(n,a) =1
▪ Caesar E(mi )=(mi+3) mod n
▪ Affine E(mi )=(ami+b) mod n
▪ Shift E(mi )=(mi+b) mod n
▪ Decimation E(mi )=(ami) mod n
• POLIGRAPHIC: different element are changed together (n>=2)

Ek(M) = Ek(m1·m2) · Ek(m3·m4) · ... · Ek(mN-1·mN)
P OLYALPHABETIC
• PERIODIC
▪ Vigenère: 16 alphabets and key length m
E(mj ) = (mj + k(j mod m)) mod. 26
The key defines the shift used

for each letter in the text
(periodic key)
W ITH AUTOKEY
The key is used once and then
we use fragments of the
message.
M = ESVERANO, KEY = ALAESVER
E(M) = EDVIJVRF
• NON-PERIODIC
o Vernam: XOR between message and key. Key has same length (or larger)
as m. Random and not useful in the real world, can only be used once.
Perfect secrecy.
TRANSPOSITION OR PERMUTATION
All characters a reallocated according to some rule: GRUPS, SERIES, COLUMNS/ROWS.
3.2.SYMMETRIC ENCRYPTION: BLOCK CIPHERS
• secret key
• one set of symbols at a time
• message divide in blocks of equal length (reversible mapping)
• AVANTAGES: diff and conf, simple, symmetry, efficient
• DISADVANTAGES: secure channel required, key management, slower than

stream, padding gives clues
AES, ADVANCED ENCRYPTION STANDARD (RIJNDAEL ALGORITHM)

• variable key length (128, 192, 256)
• secure, efficient, memory, flexible and simple
O PERATIONS (GALOIS FIELD) FOR MOD P ( X )

Encryption: Initial round (4), 9 main rounds (1,2,3,4) and final round (1,2,4)
1. SubBytes: 00 changes by 63 (CONFUSSION)
2. ShiftRows: shift ith row i bytes counterclockwise (n first bits to end) (Row 0 shifts
0) (total of 4 rows 0,1,2,3) (DIFUSSION)
3. MixColumns: multiply all coulms by the following matrix and
substitute vector result by the corresponding column
4. AddRoundKey: XOR of columns with key matrix
OPERATION MODES
Techniques that adapt a cryptographic algorithm for sth specific or to enhance some
part of the algorithm. They are intended to be used with any symmetric block cypher.
• ELECTRONIC CODE BOOK (ECB): normal parallelized

o independent performance
o same block gives same result
o no error propagation
o padding
• CIPHER BLOCK CHAINING (CBC): first block xor with initializing vector, the xor
with prev
o each block depends on the previous one (xor)
o same block different result (for diff key and IV)
o error propagation
o padding
• CIPHER FEEDBACK (CFB): uses xor of previous ciphertext and current plaintext
(concatenated), first xor of ciphered IV and plaintext (same as OFB but using
the output of the xor)
o shift register
o segments instead of blocks (smaller)
o stream-like, keystream depends on the plaintext
o some error propagation
o no padding
o different result for the same block
• OUTPUT FEEDBACK (OFB): uses previous cypher output and computes xor with
the plaintext to get the ciphered text (same as CFB but using the input of the
xor)
o IV must be a nonce (number only used once)
o stream-like cypher, keystream does not depend on the plaintext
o some error propagation
o no padding
o different result for the same block
3.3. SYMMETRIC ENCRYPTION: STREAM CIPHERS

• divide message in symbols
• key = keystream of given length
• ADVANTAGES: high encryption rates (bit by bit), error resistance (no
propagation)
• DISADVANTAGES: poor diffusion, keys never totally random, key reuse issue (can
be obtained)
• VERNAM: xor of message and keystream
TYPES
• SYNCRONOUS: external, keystream independent of message and ciphered
• SELF-SYNCHRONYZED: automatically, keystream depends on prev encrypted

symbols
KEYSTREAM
• PRNG: pseudorandom number
• BASE KEY: avoid brute force , secret and unpredictable
• DESIRABLE: very long, uniform distribution and unpredictable
GOLOM POSTULATES (RANDOMNESS OF A SEQUENCE)(FOR A DESIRABLE KEY)

• G1: in every period number of zeros and ones is almost equal
• G2: 1/2 of runs (consecutive equal values) length 1, ¼ length 2, 1/8 length 3…
• G3: AC(k) = (H-F)/P, should remain constant for any k<=p-1
o H: equal values
o P: number of bits
o F: different bits
o AC: autocorrelation functions
o k: shift in bits
LSFR
seed, associate polynomial and T (period), key of period length
Tmax = 2n -1, n = degree of polynomial
• long periods and low linear complexity: using several LSFR
SALSA 20/ CHACHA 20

• Differences between both: Initial state
• Inputs to Salsa20 hash function: Key (16/32B), Nonce (8B), Counter (8B) and Constants (16B)
• Output: xor of Hash and Plaintext
• QUARTER-ROUND FUNCTION QR(a, b, c, d)
o Operations (ARX): Add, Rotate and XOR
o Four words of 32 bits
3.4. ASSYMETRIC ENCRYPTION
• each user has two keys
o public: know by everybody
▪ sender uses this key (public key of receiver) to encrypt
o private: know only by the user
▪ receiver uses this key (receiver private key) to decrypt
o private inverse of public, unfeasible to compute private from public
• brute force possible
• large keys
• slower than symmetric
KEY EXCHANGE PROTOCOL : DIFFIE HELLMAN

COMMON: p (large prime), g (generator of GF(p)), both public
USER A:, and chooses a: 1<a<p-1 (private)
USER B: chooses b: 1<b<p-1 (private)
1. A SENDS B: k1 = g a mod p
2. B SENDS A: k2 = g b mod p
3. A COMPUTES SHARED KEY K: K = k2 a mod p
4. B COMPUTES SHARED KEY K: K = k1 b mod p
• very hard to compute a and b (logarithm problem)

• compute K knowing k1 and k2 very hard
• third party attacks (Person in the middle)
RSA (E = MPUB MOD N)

• hard (integer factorization problem)
• encrypt in parts if bigger than n
• modulo bit-length (2048 bits, 3072 bits)
3.5. KEY DISTRIBUTION
SYMMETRIC USING SYMMETRIC
sender and receiver have a priori a secret key (key wrapping) or in person or secure
channel with third party (Key Distribution Center, users shares a master key with KDC)
SYMMETRIC USING ASYMMETRIC (HYBRID CYPHER)

Asymmetric to distribute symmetric keys (KEM: Key Encapsulation Mechanism)
Symmetric to encrypt data (DEM: Data Encapsulation Mechanism)
PUBLIC KEYS
• announcement
• directory
• public key authority
• certificates
10
3.6. HASH FUNCTIONS
They take an input of variable key length and produce a fixed size value (irreversible)
There are infinite possible inputs, but finite possible outputs bounded by the hash length => collision: two
messages with the same hash value
• DIFFUSION: 1 bit changes half hash changes

• ONE-WAY PROPERTY: for any given hash is computationally unfeasible to find the massage
• WEAK COLLISION RESISTANT: for any message is computationally unfeasible to find another
message with the same hash
• STRONG COLLISION RESISTANT: is computationally unfeasible to find collisions
• VULNERABLE TO BRUTE FORCE ATTACKS: MD5, SHA-1, SHA-224
• GOOD ONES: SHA-2 (except SHA-224) and SHA-3, HMAC: hash with a key (authentication)
3.7. DIGITAL SIGNATURES

They transform something to prove who the author is and its integrity. Faster sign the
hash
• DETERMINISTIC (same message same result) or RANDOMIZED
• APPENDIX (independent of message) or MESSAGE RECOVERY (signature included

in the message)
RSA (S=MPRIV MOD N)

N = P*Q (large primes)
Sign with author’s private key. Deterministic and with message recovery. Based on
problem of factorizing large integers.
EL GAMAL
Based on problem of computing discrete logarithms. Randomized and with appendix.
• Parameters of A:
o p: large prime, public o x∈(1,p-1): private key
o g: generator, public o y=gx mod p: public key
1. A chooses temporal key K∈(0,p) 2. A sends signed message : (M,r,s)

and computes:
3. B computes and check if they are
a. r = gK mod p equal:
b. s = (M - x * r) * K-1 mod a. a = yr * rs mod p

(p-1)
b. b = gM mod p
11
3.8. ADVANCED MECHANISMS AND PROTOCOLS
ELLIPTIC CURVES (EC)
An elliptic curve over real numbers is a cubic curve defined over the infinite plane X-Y ,
and it cannot cross itself or others.
Defined by equation: y2 = x3+ ax + b
By adding two points you get a 3rd one belonging to the curve.
Faster and shorter keys than asymmetric but more error-prone due to complexity.
• Uses: Public key point on the curve and private an integer.
o With finite fields (FF)
o Addition of points (Given P and Q such that Q=n*P, n cannot be gotten)
o Based in discrete logarithm problem
• Addition of points, to compute R=(xR, yR) such that R=2P given a curve y2 = x3 +
ax + b:
o compute s = 3xP + a / 2yP
o xR = s2 - 2xP
o yR = (xP - xR) - yP
D IFFIE H ELLMAN - ECDH

• Parameters (public):
o p (module)
o a, b: curve parameters
o G: point of the curve (generator)
o n: order of G (n*G is a point at the infinity?? (no lo tengo muy claro))
1. A chooses xA ∈ (1, n-1) and B xB ∈ (1, n-1)
2. A sends yA = xA * G and B yB = xB * G
3. Common key is P = xA * xB * G
D IGITAL S IGNATURE A LGORITHM - ECDSA

I NTEGRATED E NCRYPTION S CHEME - ECIES
12
ZERO KNOWLEDGE PROOFS
Zero-knowledge proofs consist of proving you know some information with some
actions, without revealing that information to the other party.
• Interactive: The prover proofs the verifier its knowledge, if there are several
verifiers, repeats the process for each one (online votes)
• Non-interactive: There is an intermediary, the dealer (cryptocurrency, verify ok
without revealing addresses or content)
ATTRIBUTE BASED ENCRYPTION

• Key Policy (KP-ABE): keys are linked to an access structure, the access is only
granted if the attributes match, attributes are linked to data and the key’s
attributes are unknown
• Ciphertext Policy (KP-ABE): keys are linked to attributes (known), the cypher
defines the access structure (the access policy is linked to the cypher)
Slow and needs a reliable entity. Third party may get access to keys (key escrow)
MULTIPARTY ENCRYPTION
Compute data between different parties without revealing.
A DI SH AMIR – S HAMIR S ECRET S HARING

Having a set of K points we can find the polynomial equation of order K-1
K = required simultaneous users to get the secret code
N = total parts of the key N>=K
S = secret code
1. y = S + bx(k-1) (b random) 2. Generate N points
HOMOMORPHIC ENCRYPTION
Allows mathematical operations over encrypted data, without revealing the data.
Paillier: one operation, multiple under development
13
4.1. USER AUTHENTICATION
WHAT THE USER KNOWS (PIN, PASSWORD, CHALLENGE-RESPONSE…)
• MANAGEMENT:
o Quality: Weak/Strong
o Storage by the user and in systems
▪ SALT: random data that is used as an additional input to a one-

way function that hashes data, a password or passphrase
o Expiration criteria
o Blocking/cancellations/forget
• THREATS:
o Brute force and dictionary
o Interception/Databases
o Social engineering: psychological manipulation to achieve confidential

information through human interaction
WHAT THE USER HAS (TOKENS, SMART CARDS…)

• ONE TIME PASSWORD (OTP):
o single use, generated by token/software, random
o SYNCHRONOUS: between token a server clocks
o CHAIN: the OTP depends on a previous OTP, generated by one-way

function (hash), applied sequentially (used in reverse order of
generation)
▪ Generation: token generates seed and computes fn(seed), being

n the number of authentications
▪ Authentication: token send identification and fn-1(seed)
o CHALLENGE: depends on a challenge in the server
WHAT THE USER IS (BIOMETRIC PATTERNS)

• unique, with different accuracy
• requires previous enrollment
14
4.2.PUBLIC KEY INFRASTRUCTURE (PKI)
problems w/ Public Key Authorities and Directories: require online access, not scalable
CERTIFICATES
when there is a communication process, to check the other party can be trusted (by
checking theirs certificate validity (key usages, validity period, signed by trusted CA…))
• identity of subject
• public key
• Certification Authority’s identity (AC or CA)
• validity
• serial number
• digital signature of previous information (signed with CA private key)
• EXTRAS: allowed usages
• STATE: valid, suspended, revoked
PKI
set of roles, policies, hardware, software, and procedures needed to create, manage,
distribute, use, store and revoke digital certificates and manage public-key encryption
• defines a hierarchical model of Certification Authorities (Root and

Subordinates), and related (Registration Authority)
o the root CA is self signed and it signs level 1 subordinates, level 1 sign
level 2, …, level n sign user certificates
o CERTIFICATE CHAIN: verify all the certificates’ validity starting from the
user up to the root CA
▪ when sending a message concatenate the public key certificate
and the certificate chain
X.509
Natural person ,Legal person, TLS, code…
• Version (currently 3)
• Serial number (identifies the certificate in the CA)
• Issuer CA
• Validity period (smaller than the validity of the CA)
• Subject (Distinguished Name DN)
• Public key
• Extensions (key usage)
• Signature Algorithm
• Signature
15
VALIDATION
• CERTIFICATE REVOCATION LISTS – CRL: list with revoked certificate, published by
CA or related entity
o Version - Issuer CA – thisUpdate – nextUpdate – List – Extensions - Sign
Alg -Signature
o nextUpdate period (short)
o bandwidth problem (sol: over-issue, segmentation, indirect)
• ONLINE CERTIFICATE STATUS PROTOCOL – OCSP: queries about the state of a
certificate
KEY GENERATION AND STORAGE

• Registration Authority: if verification of identity is required
• Key Authority: may keep a copy of the generated pair
• STORAGE:
o Software: web database, PKCS#12 (key file)
o Hardware: smart card, token, TPM chip, HSM
CERTIFICATION PRACTICE STATEMENT – CPS

A document that describes the CA’s practice (policy) on issuing and managing
certificates
CERTIFICATE PINNING AND TRANSPARENCY

• PINNING: a host is associated to a certain certificate (the client “pins” it to them and won’t trust
a key different from the “pinned”)
o misconfiguration or attacks
• TRANSPARENCY: public register of each issued certificate along with the verified certification
chain (any host can consult and report fake ones)
DECENTRALIZED MODEL
No CA, each user certificates what they trust, trust chains (of n nodes)
• ADV: easier and cheaper

• DIS: not scalable, secure channel before certification
• Pretty Good Privacy (PGP)
16
5. LEGAL ISSUES
ISO 19790
set of requirements for a cryptographic module utilized within a security system
protecting sensitive information
• LEVELS:
o 1: minimum
o 2: + physical security and access control
o 3: + active physical, authentication, and protection against overload
o 4: + complete physical and multi-factor authentication
• OPERATION MODE: normal/degraded
• trusted communications required for 3 and 4
• ROLES: Crypto Officer, User, Maintenance (bypass only by the authorized roles)
• secure boot
• non-invasive attacks
EIDAS REGULATION
For digital signatures in the EU. ID systems and validity of their digital signatures
• digital signatures, timestamps, and seals
• electronic documents
• certified delivery services
• website authentication
LAW 6/2020
Regulates how to check the identity and attributes of the requester of a qualified
certificate and adds additional requirements in Spain for qualified certificates
• lifetime max 5 years

• identity checking by physical attendance + DNI/passport (unless notary)
• SERVICE PROVIDERS:
o don’t copy or store signature creation data
o fully liable against third parties
o notify ministry for integrity problems or data breaches
17

Wuolah Free Resumen Crypto Final

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Wuolah Free Resumen Crypto Final

Uploaded by

Copyright:

Available Formats

resumen-crypto-final.

Criptografía y Seguridad Informática

3º Grado en Ingeniería Informática

Escuela Politécnica Superior

Reservados todos los derechos.

a * x = 1 mod n => x = a-1 mod n

E ULER T OTIENT F UNCTION  ( N )

EXTENDED EUCLIDEAN ALGORITHM

If a w = 1 (mod n), w is the order of a w.r.t n

! The Gaussian can only be divisors of ( n ).

• The primitive roots must be < n

• The remainders generate the set Zn*

• A primitive root guarantees better security

If a is a primitive root x always exists.

GALOIS FIELD CG(2N)

• MULTIPLICATION polynomial/binary operation

• DIVISION polynomial/binary operation

• IMPORTANT the solution is always positive

• INVERSES easier computation

o EULER THM: a -1 = aΦ(p(x)) – 1 mod (p(x))

o • Φ(p(x)) = 2n -1 ( # elements of GF(2n ) that are coprime with p(x))

Substitution of 1 character by 1 of cipher E(m) = (am+b) mod n

a = decimation, b = shift, n = # letters in the alphabet

key = (a,b) and gdc(n,a) =1

▪ Caesar E(mi )=(mi+3) mod n

▪ Affine E(mi )=(ami+b) mod n

▪ Shift E(mi )=(mi+b) mod n

▪ Decimation E(mi )=(ami) mod n

• POLIGRAPHIC: different element are changed together (n>=2)

The key defines the shift used

M = ESVERANO, KEY = ALAESVER

• one set of symbols at a time

• message divide in blocks of equal length (reversible mapping)

• AVANTAGES: diff and conf, simple, symmetry, efficient

• DISADVANTAGES: secure channel required, key management, slower than

AES, ADVANCED ENCRYPTION STANDARD (RIJNDAEL ALGORITHM)

• secure, efficient, memory, flexible and simple

O PERATIONS (GALOIS FIELD) FOR MOD P ( X )

1. SubBytes: 00 changes by 63 (CONFUSSION)

4. AddRoundKey: XOR of columns with key matrix

• ELECTRONIC CODE BOOK (ECB): normal parallelized

3.3. SYMMETRIC ENCRYPTION: STREAM CIPHERS

• key = keystream of given length

• VERNAM: xor of message and keystream

• SELF-SYNCHRONYZED: automatically, keystream depends on prev encrypted

• BASE KEY: avoid brute force , secret and unpredictable

• DESIRABLE: very long, uniform distribution and unpredictable

GOLOM POSTULATES (RANDOMNESS OF A SEQUENCE)(FOR A DESIRABLE KEY)

Tmax = 2n -1, n = degree of polynomial

• long periods and low linear complexity: using several LSFR

SALSA 20/ CHACHA 20

KEY EXCHANGE PROTOCOL : DIFFIE HELLMAN

USER A:, and chooses a: 1<a<p-1 (private)

USER B: chooses b: 1<b<p-1 (private)

• very hard to compute a and b (logarithm problem)

RSA (E = MPUB MOD N)

SYMMETRIC USING ASYMMETRIC (HYBRID CYPHER)

Symmetric to encrypt data (DEM: Data Encapsulation Mechanism)

• DIFFUSION: 1 bit changes half hash changes

3.7. DIGITAL SIGNATURES

• DETERMINISTIC (same message same result) or RANDOMIZED

• APPENDIX (independent of message) or MESSAGE RECOVERY (signature included

RSA (S=MPRIV MOD N)