1 modern cryptography
1.1 symmetric-key cryptography
1.2 public-key cryptography
1.3 cryptanalysis
1.4 cryptographic primitives
1.5 cryptosystems
modern cryptography
the modern field of cryptography can divided several areas of study. chief ones discussed here; see topics in cryptography more.
symmetric-key cryptography
symmetric-key cryptography, single key used encryption , decryption
symmetric-key cryptography refers encryption methods in both sender , receiver share same key (or, less commonly, in keys different, related in computable way). kind of encryption publicly known until june 1976.
one round (out of 8.5) of idea cipher, used in versions of pgp high-speed encryption of, instance, e-mail
symmetric key ciphers implemented either block ciphers or stream ciphers. block cipher enciphers input in blocks of plaintext opposed individual characters, input form used stream cipher.
the data encryption standard (des) , advanced encryption standard (aes) block cipher designs have been designated cryptography standards government (though des s designation withdrawn after aes adopted). despite deprecation official standard, des (especially still-approved , more secure triple-des variant) remains quite popular; used across wide range of applications, atm encryption e-mail privacy , secure remote access. many other block ciphers have been designed , released, considerable variation in quality. many have been thoroughly broken, such feal.
stream ciphers, in contrast block type, create arbitrarily long stream of key material, combined plaintext bit-by-bit or character-by-character, one-time pad. in stream cipher, output stream created based on hidden internal state changes cipher operates. internal state set using secret key material. rc4 used stream cipher; see category:stream ciphers. block ciphers can used stream ciphers; see block cipher modes of operation.
cryptographic hash functions third type of cryptographic algorithm. take message of length input, , output short, fixed length hash, can used in (for example) digital signature. hash functions, attacker cannot find 2 messages produce same hash. md4 long-used hash function broken; md5, strengthened variant of md4, used broken in practice. national security agency developed secure hash algorithm series of md5-like hash functions: sha-0 flawed algorithm agency withdrew; sha-1 deployed , more secure md5, cryptanalysts have identified attacks against it; sha-2 family improves on sha-1, isn t yet deployed; , standards authority thought prudent security perspective develop new standard improve robustness of nist s overall hash algorithm toolkit. thus, hash function design competition meant select new u.s. national standard, called sha-3, 2012. competition ended on october 2, 2012 when nist announced keccak new sha-3 hash algorithm. unlike block , stream ciphers invertible, cryptographic hash functions produce hashed output cannot used retrieve original input data. cryptographic hash functions used verify authenticity of data retrieved untrusted source or add layer of security.
message authentication codes (macs) cryptographic hash functions, except secret key can used authenticate hash value upon receipt; additional complication blocks attack scheme against bare digest algorithms, , has been thought worth effort.
public-key cryptography
public-key cryptography, different keys used encryption , decryption
symmetric-key cryptosystems use same key encryption , decryption of message, though message or group of messages may have different key others. significant disadvantage of symmetric ciphers key management necessary use them securely. each distinct pair of communicating parties must, ideally, share different key, , perhaps each ciphertext exchanged well. number of keys required increases square of number of network members, requires complex key management schemes keep them consistent , secret. difficulty of securely establishing secret key between 2 communicating parties, when secure channel not exist between them, presents chicken-and-egg problem considerable practical obstacle cryptography users in real world.
whitfield diffie , martin hellman, authors of first published paper on public-key cryptography
in groundbreaking 1976 paper, whitfield diffie , martin hellman proposed notion of public-key (also, more generally, called asymmetric key) cryptography in 2 different mathematically related keys used—a public key , private key. public key system constructed calculation of 1 key (the private key ) computationally infeasible other (the public key ), though related. instead, both keys generated secretly, interrelated pair. historian david kahn described public-key cryptography revolutionary new concept in field since polyalphabetic substitution emerged in renaissance .
in public-key cryptosystems, public key may freely distributed, while paired private key must remain secret. in public-key encryption system, public key used encryption, while private or secret key used decryption. while diffie , hellman not find such system, showed public-key cryptography indeed possible presenting diffie–hellman key exchange protocol, solution used in secure communications allow 2 parties secretly agree on shared encryption key.
diffie , hellman s publication sparked widespread academic efforts in finding practical public-key encryption system. race won in 1978 ronald rivest, adi shamir, , len adleman, solution has since become known rsa algorithm.
the diffie–hellman , rsa algorithms, in addition being first publicly known examples of high quality public-key algorithms, have been among used. others include cramer–shoup cryptosystem, elgamal encryption, , various elliptic curve techniques. see category:asymmetric-key algorithms.
to surprise, document published in 1997 government communications headquarters (gchq), british intelligence organization, revealed cryptographers @ gchq had anticipated several academic developments. reportedly, around 1970, james h. ellis had conceived principles of asymmetric key cryptography. in 1973, clifford cocks invented solution resembles rsa algorithm. , in 1974, malcolm j. williamson claimed have developed diffie–hellman key exchange.
padlock icon firefox web browser, indicates tls, public-key cryptography system, in use.
public-key cryptography can used implementing digital signature schemes. digital signature reminiscent of ordinary signature; both have characteristic of being easy user produce, difficult else forge. digital signatures can permanently tied content of message being signed; cannot moved 1 document another, attempt detectable. in digital signature schemes, there 2 algorithms: 1 signing, in secret key used process message (or hash of message, or both), , 1 verification, in matching public key used message check validity of signature. rsa , dsa 2 of popular digital signature schemes. digital signatures central operation of public key infrastructures , many network security schemes (e.g., ssl/tls, many vpns, etc.).
public-key algorithms based on computational complexity of hard problems, number theory. example, hardness of rsa related integer factorization problem, while diffie–hellman , dsa related discrete logarithm problem. more recently, elliptic curve cryptography has developed, system in security based on number theoretic problems involving elliptic curves. because of difficulty of underlying problems, public-key algorithms involve operations such modular multiplication , exponentiation, more computationally expensive techniques used in block ciphers, typical key sizes. result, public-key cryptosystems commonly hybrid cryptosystems, in fast high-quality symmetric-key encryption algorithm used message itself, while relevant symmetric key sent message, encrypted using public-key algorithm. similarly, hybrid signature schemes used, in cryptographic hash function computed, , resulting hash digitally signed.
cryptanalysis
variants of enigma machine, used germany s military , civil authorities late 1920s through world war ii, implemented complex electro-mechanical polyalphabetic cipher. breaking , reading of enigma cipher @ poland s cipher bureau, 7 years before war, , subsequent decryption @ bletchley park, important allied victory.
the goal of cryptanalysis find weakness or insecurity in cryptographic scheme, permitting subversion or evasion.
it common misconception every encryption method can broken. in connection wwii work @ bell labs, claude shannon proved one-time pad cipher unbreakable, provided key material random, never reused, kept secret possible attackers, , of equal or greater length message. ciphers, apart one-time pad, can broken enough computational effort brute force attack, amount of effort needed may exponentially dependent on key size, compared effort needed make use of cipher. in such cases, effective security achieved if proven effort required (i.e., work factor , in shannon s terms) beyond ability of adversary. means must shown no efficient method (as opposed time-consuming brute force method) can found break cipher. since no such proof has been found date, one-time-pad remains theoretically unbreakable cipher.
there wide variety of cryptanalytic attacks, , can classified in of several ways. common distinction turns on eve (an attacker) knows , capabilities available. in ciphertext-only attack, eve has access ciphertext (good modern cryptosystems immune ciphertext-only attacks). in known-plaintext attack, eve has access ciphertext , corresponding plaintext (or many such pairs). in chosen-plaintext attack, eve may choose plaintext , learn corresponding ciphertext (perhaps many times); example gardening, used british during wwii. in chosen-ciphertext attack, eve may able choose ciphertexts , learn corresponding plaintexts. in man-in-the-middle attack eve gets in between alice (the sender) , bob (the recipient), accesses , modifies traffic , forwards recipient. important, overwhelmingly so, mistakes (generally in design or use of 1 of protocols involved; see cryptanalysis of enigma historical examples of this).
poznań monument (center) polish cryptologists breaking of germany s enigma machine ciphers, beginning in 1932, altered course of world war ii
cryptanalysis of symmetric-key ciphers typically involves looking attacks against block ciphers or stream ciphers more efficient attack against perfect cipher. example, simple brute force attack against des requires 1 known plaintext , 2 decryptions, trying approximately half of possible keys, reach point @ chances better key sought have been found. may not enough assurance; linear cryptanalysis attack against des requires 2 known plaintexts , approximately 2 des operations. considerable improvement on brute force attacks.
public-key algorithms based on computational difficulty of various problems. famous of these integer factorization (e.g., rsa algorithm based on problem related integer factoring), discrete logarithm problem important. public-key cryptanalysis concerns numerical algorithms solving these computational problems, or of them, efficiently (i.e., in practical time). instance, best known algorithms solving elliptic curve-based version of discrete logarithm more time-consuming best known algorithms factoring, @ least problems of more or less equivalent size. thus, other things being equal, achieve equivalent strength of attack resistance, factoring-based encryption techniques must use larger keys elliptic curve techniques. reason, public-key cryptosystems based on elliptic curves have become popular since invention in mid-1990s.
while pure cryptanalysis uses weaknesses in algorithms themselves, other attacks on cryptosystems based on actual use of algorithms in real devices, , called side-channel attacks. if cryptanalyst has access to, example, amount of time device took encrypt number of plaintexts or report error in password or pin character, may able use timing attack break cipher otherwise resistant analysis. attacker might study pattern , length of messages derive valuable information; known traffic analysis , can quite useful alert adversary. poor administration of cryptosystem, such permitting short keys, make system vulnerable, regardless of other virtues. and, of course, social engineering, , other attacks against personnel work cryptosystems or messages handle (e.g., bribery, extortion, blackmail, espionage, torture, ...) may productive attacks of all.
cryptographic primitives
much of theoretical work in cryptography concerns cryptographic primitives—algorithms basic cryptographic properties—and relationship other cryptographic problems. more complicated cryptographic tools built these basic primitives. these primitives provide fundamental properties, used develop more complex tools called cryptosystems or cryptographic protocols, guarantee 1 or more high-level security properties. note however, distinction between cryptographic primitives , cryptosystems, quite arbitrary; example, rsa algorithm considered cryptosystem, , primitive. typical examples of cryptographic primitives include pseudorandom functions, one-way functions, etc.
cryptosystems
one or more cryptographic primitives used develop more complex algorithm, called cryptographic system, or cryptosystem. cryptosystems (e.g., el-gamal encryption) designed provide particular functionality (e.g., public key encryption) while guaranteeing security properties (e.g., chosen-plaintext attack (cpa) security in random oracle model). cryptosystems use properties of underlying cryptographic primitives support system s security properties. of course, distinction between primitives , cryptosystems arbitrary, sophisticated cryptosystem can derived combination of several more primitive cryptosystems. in many cases, cryptosystem s structure involves , forth communication among 2 or more parties in space (e.g., between sender of secure message , receiver) or across time (e.g., cryptographically protected backup data). such cryptosystems called cryptographic protocols.
some known cryptosystems include rsa encryption, schnorr signature, el-gamal encryption, pgp, etc. more complex cryptosystems include electronic cash systems, signcryption systems, etc. more theoretical cryptosystems include interactive proof systems, (like zero-knowledge proofs), systems secret sharing, etc.
until recently, security properties of cryptosystems demonstrated using empirical techniques or using ad hoc reasoning. recently, there has been considerable effort develop formal techniques establishing security of cryptosystems; has been called provable security. general idea of provable security give arguments computational difficulty needed compromise security aspect of cryptosystem (i.e., adversary).
the study of how best implement , integrate cryptography in software applications distinct field (see cryptographic engineering , security engineering).
Comments
Post a Comment