Chapter 1.

Overview of Cryptography
Jeong H. Yi jhyi@ics.uci.edu

Information security and cryptography

Cryptography is the study of mathematical techniques related to aspects of information security Cryptographic goals

Confidentiality Data integrity Authentication Non-repudiation

Taxonomy of cryptographic primitives.

Arbitrary length hash functions Unkeyed Primitives One-way permutations

Random sequences
Symmetric-key ciphers
Arbitrary length hash functions(MACs)

Block ciphers Stream ciphers

Security Primitives

Symmetric-key Primitives

Signatures Pseudorandom sequences Identification primitives Public-key ciphers

Public-key Primitives

Signatures Identification primitives

Background on Functions
Function

f : X Y is called a function f from set X to set Y.

X: domain Y: codomain.

for y = f(x) where x X and y Y

y: image of x x: preimage of y

Im(f), image of f
the set that all y Y have at least one preimage

1 1 function if

each element in Y is the image of at most one element in X.

onto function if

Im(f) =Y
f is 11 and onto.

bijection function if

Background on Functions (ctd)

one-way function if

f(x) is easy to compute for all x X, but it is computationally infeasible to find any x X such that f(x) =y.

trapdoor one-way function if

given trapdoor information, it becomes feasible to find an x X such that f(x) =y.

Symmetric-key ciphers
Block cipher

breaks up the plaintext into blocks of a fixed length, and then encrypts one block at a time.

Stream cipher

takes the plaintext string and produces a ciphertext string using keystream specific case of block cipher with the size of 1

Digital signatures
Nomenclature

M: messages S: signatures SA: signing transformation for A VA: verification transformation for A

Definition

SA and VA provide a digital signature scheme (or mechanism) for A.

Authentication
Entity authentication (Identification)

corroboration of the identity of an entity (e.g., a person, a computer terminal, a credit card, etc.).

Message authentication (Data origin authentication)

corroborating the source of information

Symmetric-key cryptography
Advantages

high data throughput relatively short size primitives to construct various cryptographic mechanisms

Disadvantages

the key must remain secret at both ends. O(n2) keys to be managed. relatively short lifetime of the key

Public-key cryptography
Advantages

Only the private key must be kept secret relatively long life time of the key relatively efficient digital signature mechanisms smaller verification key O(n) keys to be managed

Disadvantages

low data throughput much larger key sizes

Summary of comparison
public-key cryptography

signatures (particularly, non-repudiation) and key management

symmetric-key cryptography

encryption and some data integrity applications

Key sizes

Private keys must be larger (e.g., 1024 bits for RSA) than secret keys (e.g., 64 or 128 bits)
most attack on symmetric-key systems is an exhaustive key search

public-key systems are subject to short-cut attacks (e.g., factoring)

Protocols and mechanisms

Cryptographic protocol

distributed algorithm defined by a sequence of steps precisely specifying the actions required of two or more entities

Cryptographic mechanism

more general term encompassing protocols, algorithms, and noncryptographic techniques

Key establishment and management

Key establishment

process to establish a shared secret key available to two or more parties subdivided into key agreement and key transport.

Key management

the set of processes and mechanisms which support key establishment and the maintenance of ongoing keying relationships between parties

Key management through symmetric-key tech.

Advantages

easy to add and remove entities needs to store only one long-term secret key.

Disadvantages

initial interaction with the TTP. n long-term secret keys maintained by TTP TTP can read all messages. If TTP is compromised, all communications are insecure

Key management through public-key tech.

Advantages

No TTP is required. Only n public keys need to be stored

Disadvantages

Active adversary can compromise the key management scheme (e.g. man-in-the-middle attack)

Need TTP (e.g., CA) to certify the public key of each entity.

Public-key certification
Advantages

prevents an active adversary from impersonation TTP cannot monitor communications.

Disadvantages

If the signing key of the TTP is compromised, all communications become insecure.

Attacks on encryption schemes

Ciphertext-only attack

deduce the decryption key or plaintext by only observing ciphertext. using a quantity of plaintext and corresponding ciphertext. chooses plaintext and is then given corresponding ciphertext.

Known-plaintext attack

Chosen-plaintext attack

Adaptive chosen-plaintext attack

chosen-plaintext attack where the choice of plaintext may depend on the ciphertext received from previous requests.
selects the ciphertext and is then given the corresponding plaintext. chosen-ciphertext attack where the choice of ciphertext may depend on the plaintext received from previous requests.

Chosen-ciphertext attack

Adaptive chosen-ciphertext attack

Attacks on protocols
known-key attack

uses previously used keys to determine new keys records a communication session and replays that session deceives the identity of one of the legitimate parties using code book if message space is small or predictable impersonation or other deception involving selective combination of information from parallel sessions

replay attack

impersonation attack

dictionary attack

forward search attack

interleaving attack

Models for evaluating security

Unconditional security (perfect secrecy)

Adversaries have unlimited computational resources Observation of the ciphertext provides no information to an adversary

Complexity-theoretic security

Adversaries have polynomial computational power. Asymptotic analysis and usually also worst-case analysis is used

Provable security

provably secure if the difficulty of defeating crypto system can be shown to be as difficult as solving a well-known number-theoretic problem

Models for evaluating security (ctd)

Computational security (Practical security)

computationally secure if the level of computation to defeat crypto system exceeds the computational resources of the adversary Most of the known public-key and symmetric-key schemes

Ad hoc security (heuristic security)

any variety of convincing computational security unforeseen attacks may remain