Cryptography

• Cryptanalysis
  • The cryptanalyst's job is to break encryption.
  • Ie given the encrypted text, recover the plaintext.
    • Find the encryption algorithm and potentially the key.
  • This would allow the decryption of future messages.
  • A cryptanalyst must know
    • Encryption and decryption algorithms.
    • Mathematical and statistical tools
    • Languages
    • Other items as well.
• Work Factor
  • An encryption algorithm is breakable if when given enough time and data, an analyst can determine the algorithm.
  • While it might be theoretically possible to break a message it might be practically impossible.
    • As we saw with passwords.
  • The difficulty in breaking the encryption of a message is called the work factor
  • The goal is to have the work factor higher than value of the encrypted message.
  • They point out that there are shortcuts around breaking messages
    • Flaws in implementation
    • Misuse by operators
    • Theft or discovery of keys
    • Advances in technology
    • "In cryptanalysis there are no rules: Any action is fair play"
• Problems with symmetric encryption systems
  • Symmetric key systems are sometimes called private key systems.
    • P = D(K, E(K, P))
    • Both parties must know the keys to encrypt and decrypt the message.
    • Thus the key must be private/secret.
  • Authenticity, secrecy, are only maintained as long as the key is private.
  • A major problem comes in the exchange of the key.
    • How do I secretly communicate the key without a key?
  • But also in key management.
    • I need one unique key for everyone with whom I wish to communicate.
• In asymmetric systems
  • Typically there is a public key and a private key.
  • If I wish to send you a message, I use your public key to encrypt it.
    • You publish this so it is available to everyone.
    • Messages encrypted with this key must be decrypted with the private key.
    • Thus no one but you can read the message I sent,
  • If you wish to prove who you are, you send a message encrypted with your private key.
    • Your public key can be used to decrypt this.
    • So any message decrypted with your public key must have been encrypted with your private key.
• In general, key management is a major issue in cybersecurity.
  • The creation, exchange, and maintenance of keys.
• Stream vs Block Cipher
  • If a cipher can process data one letter at a time, it is a stream cipher.
  • Some ciphers require larger chunks of data.
    • These are called block ciphers
• Block ciphers are in general harder to break.
  • They tend to work in block sizes that are a power of two.
  • They mix data inside the block.
  • And they can change from block to block.
• On page 95 there is a comparison of stream and block ciphers.