Week 3 notes.docx
Document Details
Uploaded by PatientSanAntonio
Full Transcript
**Caesar Cipher** Each letter is shifted three letters down in the alphabet. E.g. A becomes D, F becomes I. **Vigenère Cipher** - Takes plaintext (your message) and a keyword and uses both to create the ciphertext. - The letter in the plaintext is used as the Row Key and the letter in...
**Caesar Cipher** Each letter is shifted three letters down in the alphabet. E.g. A becomes D, F becomes I. **Vigenère Cipher** - Takes plaintext (your message) and a keyword and uses both to create the ciphertext. - The letter in the plaintext is used as the Row Key and the letter in the keyword is used as the Column key. - The corresponding letter is the cipher letter. **Stream Ciphers** Encryption and decryption performed on a stream of data e.g. bitwise XOR with a key. **Padding** A Cryptographic Message Syntax (CMS) from RFC 5656. Pad at trailing end with k-(l mod k) octets with all with the value k-(l mod k). E.g. key of 8 bytes, message of 12 bytes has 4 padding bytes of value 4. - **S-boxes** substitute data blocks using a lookup table. - S-boxes replace blocks of data using a lookup table, a key feature in encryption. They take an input, often breaking it down into bits, and substitute this with another value based on the table. The process obscures the relationship between the key and the ciphertext, contributing to **confusion**, where each ciphertext bit relies on multiple key parts. - **P-boxes** permute bits, potentially rearranging, repeating, or discarding them. - P-boxes rearrange bits without altering their values. They might reorder, expand, or compress the bits. This supports **diffusion**, ensuring a change in one plaintext bit affects many ciphertext bits. - **\ Key schedules** generate multiple round keys from an initial key to add complexity. - A key schedule generates **subkeys** from the original key for each round of encryption, enhancing complexity. This process helps break the plaintext-ciphertext relationship by using different subkeys for each round, akin to having multiple cipher alphabets in traditional methods like the Vigenère cipher. These elements ensure **confusion** (obscuring key-cipher relationships) and **diffusion** (changing one plaintext bit affects many ciphertext bits), key properties of secure ciphers. **Modes of Operation** - **Modes of Operation** refer to how block ciphers process data. - **Electronic Codebook (ECB)**: Encrypts each block individually, leading to patterns and reduced security. - **Cipher Block Chaining (CBC)**: Links blocks using an **exclusive OR (XOR)** operation on the output of the previous block and the next plaintext block, increasing security. - The first block in CBC uses an **Initialization Vector (IV)**, a pseudo-random value, to ensure proper encryption without previous output, further enhancing confusion between plaintext and ciphertext. #### **Advanced Encryption Standard (AES)** The Advance Encryption Standard is a modern symmetric key cipher standard which uses a combination of substitutions and permutations (commonly referred to as a substitution permutation network). It can use different key sizes 128, 192 or 256 and can also vary the number of rounds of encryption (10, 12 or 14). Data is structured in matrices (can be thought of as tables of data). Within each round, there are four steps: - SubBytes which performs substitutions - ShiftRows which performs permutations on the rows by shifting them - MixColumns which performs permutations which mix the columns of data - AddRoundKey involves a bitwise exclusive OR operation with the round key and the data - The output of each round is the ciphertext for the current block. - The final round differs in that it does not include the mix columns step. - **Refer to 3.11: Lab: OpenSSL for AES to see example on encrypting text.** - **Public Key Encryption** solves the key distribution problem by using a key pair: a **private key** (kept secret) and a **public key** (shared). **Public Key Cryptography** - The key distribution problem is the **issue** of **trying to agree a shared key over an insecure channe**l. One solution to this is to make use of **key exchange algorithms** such as Diffie-Hellman. Alternatively, we can use **public key cryptography**, sometimes known as asymmetric cryptography. - Data encrypted with a public key can only be decrypted by the corresponding private key and vice versa. - Ensures **confidentiality** (encrypt with the recipient's public key) and **authenticity** (encrypt with sender's private key). - **Layered encryption** can ensure both confidentiality and authenticity. - Multiple key pairs can exist per entity, and keys may need revocation if compromised. **Digital Signatures** - **Digital signatures** provide integrity and authentication for messages. - A **private key** signs the message, while the **public key** verifies it. - They ensure that the message wasn\'t altered and is from the claimed sender. - **Hash functions** (fixed-length output) are used to manage large/small message sizes. - **Collision resistance** prevents multiple messages from producing the same hash. - **Public key verification** ties the sender to the message. - Real-world usage involves protocols like **RSA**, but newer methods like **EdDSA** are preferred due to stronger security and standards. Questions: 1.
