Â

## Goals Of Cryptography

Â

**Confidentiality â†’**Authorised party can access the information

**Integrity â†’**Correctness and completeness of information

**Authenticity â†’**Source of information can be verified by the receiving party

**Non-Repudiation â†’**Source of information can be verified by any third party

Â

Â

Â

Â

Â

## Tools For Concepts

Â

Concept | Tool |

Encryption [Confidentiality] | AES | RSA |

Cryptographic Hash Functions [Integrity] | SHA-2 | SHA-3 |

Message Authentication Codes | Authenticated Encryption [Authenticity] | HMAC and GCM block cipher mode of operation |

Digital signatures [Non-Repudiation] | RSA-PSS and Ed25519 |

* Many more not mentioned here, this is just an example

Â

## Cryptography Goal: Confidentiality

Â

### Symmetric Encryption

Â

Â

Â

**Property:**- Single key K for both Encryption And Decryption

**Constraint:**- DEC(ENC(P,K),K)=P

**In Practice:**- ENC and DEC are very often the Advanced Encryption Standard (AES) block cipher
- AES keys can be of length 128, 192, 256 bits
- Each pair of sender and receiver needs a key and its the same key

- Doesnâ€™t scale well with the number of participants in the system

- Can be used to encrypt large amount of data

Â

**NIST â†’**

Â

Â

### Asymmetric Encryption

Â

**Properties:**- Public Key KE to encrypt
- Private Key KD to derypt

**Constraint:**- DEC(ENC(P,KE),KD) = P

**In Practice:**- Often RSA with keys â‰¥ 2048 bits
- Requires 1 key-pair for each participant

- Scales well

- Size of data that can be encrypted is almost equal to the size of the key.

Â

**WIKI â†’**

Â

Â

### Hybrid Encryption (Using AES and RSA)

Â

**Sender:**- Create new random symmetric key K
- Send data encrypted using key K
- Send key K encrypted with Receiverâ€™s public key KE

**Receiver:**- Obtain symmetric key K by using Decrypting Symmetric Key using Receiverâ€™s Private Key KD
- Obtain data by decrypting data using Symmetric Key K

**Main Problem:**- Once KD is known all symmetric keys K can be obtained and all data can be decrypted
- Can be prevented by using the ephemeral Diffie-Hellman key exchange EDH or ECDHE

Â