Cryptography

From BC$ MobileTV Wiki
(Redirected from Encryption)
Jump to: navigation, search

Cryptography is a field of Computer Science focused on the use of mathematical and logical algorithms for protecting information.


Ancient origins of "message hiding"

Many years ago, more rudimentary techniques of concealing a message's contents or even its existence, were employed to ensure privacy, integrity and/or secrecy. For example, in ancient China (among other places certainly) shaving a messenger's head and writing a message, then letting them grow their hair to cover the message up, was common practice.

In Feudal Europe, one technique involved passing trivial messages using many different messengers over a period of time, but where each message contained only a small piece of another more important hidden message. After the final messenger arrived the other party would be able to build up the "clues" and form the actual significant message (for example, relating to battle plans, positions, conspirator meeting dates/times, etc). In this way, if a single one of the messengers were captured there would be no way for the captor to use the information they had to decypher the more important hidden message. One would have to capture many messengers at once and be clever enough to understand or discover the smaller pieces of the hidden message in order to compromise the communication.

The concept of Cyphering and Decyphering a message is at the core of Encryption.


Specifications

[1] [2] [3]


Approaches

Encryption

Encryption is the cyphering (process of rendering unreadable via mathematical models/functions) any form of information, and is most commonly used to conceal the contents of a message.

In electronic form, the practice gained widespread use during World Wars I & II by each side to protect their radio, telephone and other communications, but physical forms of encryption have been around almost as long as humans have been communicating.


Decryption

Decryption is the opposite of Encryption and is the mathematical or logical algorithm applied to retrieve the original information in its previous form, before the Encryption process.


Algorithms

Caesar Cyphers

Ceasar Cyphers were one of the earliest and most common ways to "scramble" a message. It is based on a simple concept creating an index in the alphabet rendering For example, using an index of "8" in the most basic form of a Caeasar Cypher, we add 8 to the beginning index of the alphabet, meaning we shift the whole alphabet left by 8 spots.

THE ENGLISH ALPHABET

a   b   c   d   e   f   g   h   i   j   k   l   m   n  o   p   q   r   s   t   u   v   w   x   y   z  

BECOMES:

i   j   k   l   m   n  o   p   q   r   s   t   u   v   w   x   y   z   a   b   c   d   e   f   g   h
^

Then the word:

s p o o n

Becomes:

a x w w v
         

If you don't know the index value it can be difficult to realize the scrambled word "axwwv" really meant "spoon", however, trained mathematicians and encryption engineers could easily recognize a Caesar Cypher and decypher the word spoon in a few seconds or less.

Thus, more complicated versions of Caesar Cyphers were created which vary both the starting index and middle index, for example, or perhaps, varies both the middle, end and start indexes while also reversing all letters in between.

These mechanisms can confuse a basic decyphering attempt, but again, specialists and professionals would be capable of decyphering such a message quite easily.

The real world applications of a Caesar Cypher was thus often combined with other tried and true methods of concealing a message, for example the previously mentioned methods for hiding it on a messenger, or, mixing it inside of many irrelevant messages which had to be re-assembled in order to decypher the full hidden message.

An example of this is shown below.


Sample Input

THIS
DAWN
THAT
THE
ZORRO
OTHER
AT
THING
#
BUUBDLA PSSPABUAEBXO


Sample Output

ATTACK ZORRO AT DAWN

[4] [5] [6]


Diffie-Hellman

Diffie-Hellman Key Exchange is a method for securely exchanging public keys, without necessarily broadcasting their existence to the entire web.

[7] [8]


RSA

In the digital world, eventually Caesar Cypher types of techniques for scrambling message contents simply became insufficient or impractical for maintaining the security of critical information.

For this reason, the US Department of Defense (among many other nations') began investing heavily in Encryption and information security. One of the major innovations of this research came from Ron Rivest, Adi Shamir, and Leonard Adleman (or RSA).

RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key. The keys for the RSA algorithm are generated the following way:

  1. Choose two distinct prime numbers p and q.
    • For security purposes, the integers p and q should be chosen uniformly at random and should be of similar bit-length. Prime integers can be efficiently found using a primality test.
  2. Compute n = pq.
    • n is used as the Modular arithmetic|modulus for both the public and private keys
  3. Compute the totient: φ(pq) = (p − 1)(q − 1).
  4. Choose an integer e such that 1 < e < φ(pq), and e and φ(pq) share no divisors other than 1 (i.e. e and φ(pq) are coprime).
    • e is released as the public key exponent.
    • Choosing e having a short addition chain results in more efficient encryption. Small public exponents (such as e = 3) could potentially lead to greater security risks.[9]
  5. Determine d (using modular arithmetic) which satisfies the Modular arithmetic RSA.png.
    • Stated differently, ed − 1 can be evenly divided by the totient (p − 1)(q − 1).
    • This is often computed using the extended Euclidean algorithm.
    • d is kept as the private key exponent.

The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the modulus n and the private (or decryption) exponent d which must be kept secret. [10]


SHA256


AES

Advanced Encryption Standard (AES).

[11]


ECDSA

[12]




Tools


Resources


Tutorials

[13] [14] [15]

[16]


External Links

[19] [20] [21] [22] [23] [24]


References

  1. Update on Web Cryptography: https://webkit.org/blog/7790/update-on-web-cryptography/
  2. The Web Crypto API: http://slides.com/katharinemoe/web-crypto
  3. The History and Status of Web Crypto API (SLIDES, 2012): https://www.slideshare.net/Channy/the-history-and-status-of-web-crypto-api
  4. Caesar Cypher: http://acm.uva.es/p/v5/554.html
  5. wikipedia: Cesar cipher
  6. wikipedia: Scytale
  7. wikipedia: Diffie-Hellman
  8. A Review of the Diffie-Hellman Algorithm: http://www.diffiehellman.com/
  9. Twenty Years of attacks on the RSA Cryptosystem: http://crypto.stanford.edu/~dabo/abstracts/RSAattack-survey.html
  10. wikipedia: RSA
  11. AES Is Great... but wenNeed a fallback - meet ChaCha & Poly1305: https://medium.com/asecuritysite-when-bob-met-alice/aes-is-great-but-we-need-a-fall-back-meet-chacha-and-poly1305-76ee0ee61895
  12. An Illustrated Guide to Elliptic Curve Cryptography Validation: https://research.nccgroup.com/2021/11/18/an-illustrated-guide-to-elliptic-curve-cryptography-validation/
  13. Java - How to use PKCS#1 encoding for files: https://stackoverflow.com/questions/40352835/java-how-to-use-pkcs1-encoding-for-files
  14. Breaking down RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING in Java: https://stackoverflow.com/questions/32161720/breaking-down-rsa-ecb-oaepwithsha-256andmgf1padding
  15. Converting RSA keys into SubjectPublicKeyInfo Form from BigIntegers: https://stackoverflow.com/questions/18995687/converting-rsa-keys-into-subjectpublickeyinfo-form-from-bigintegers
  16. Punycode.JS example: https://github.com/nodejs/node-v0.x-archive/blob/426298c8c1c0d5b5224ac3658c41e7c2a3fe9377/lib/punycode.js
  17. SHA-256 & SHA3-256 Hashing in Java: https://www.baeldung.com/sha-256-hashing-java
  18. Storing Passwords in MySQL: https://mysqldatabaseadministration.blogspot.com/2006/08/storing-passwords-in-mysql.html
  19. NSA Paid RSA $10 Million to Use Flawed Security Standard: https://www.tomsguide.com/us/nsa-rsa-secret-deal,news-18020.html
  20. Should I use RSA encryption since RSA is said to be broken by NSA?: https://crypto.stackexchange.com/questions/31904/should-i-use-rsa-encryption-since-rsa-is-said-to-be-broken-by-nsa
  21. RSA attempts (and fails) to refute claims it helped NSA weaken encryption: https://grahamcluley.com/rsa-nsa-weaken-encryption/
  22. No, RSA Is Not Broken: https://www.schneier.com/blog/archives/2021/03/no-rsa-is-not-broken.html
  23. Did the NSA just crack RSA encryption?: https://www.dailydot.com/debug/nsa-rsa-encryption-crack-prime-numbers/
  24. NSA Arranged Secret Contract With RSA, Security Industry Pioneer: https://www.huffpost.com/entry/nsa-rsa-contract_n_4482227

See Also

Security | Encryption | Decryption | Digital Signature | PGP | Cryptocurrency