Goals Of Cryptography
- Confidentiality → Authorised party can access the information
- Integrity → Correctness and completeness of information
- Authenticity → Source of information can be verified by the receiving party
- Non-Repudiation → Source of information can be verified by any third party
Tools For Concepts
Concept | Tool |
Encryption [Confidentiality] | AES | RSA |
Cryptographic Hash Functions [Integrity] | SHA-2 | SHA-3 |
Message Authentication Codes | Authenticated Encryption [Authenticity] | HMAC and GCM block cipher mode of operation |
Digital signatures [Non-Repudiation] | RSA-PSS and Ed25519 |
* Many more not mentioned here, this is just an example
Cryptography Goal: Confidentiality
Symmetric Encryption
- Property:
- Single key K for both Encryption And Decryption
- Constraint:
- DEC(ENC(P,K),K)=P
- In Practice:
- ENC and DEC are very often the Advanced Encryption Standard (AES) block cipher
- AES keys can be of length 128, 192, 256 bits
- Each pair of sender and receiver needs a key and its the same key
- Doesn’t scale well with the number of participants in the system
- Can be used to encrypt large amount of data
NIST →
Asymmetric Encryption
- Properties:
- Public Key KE to encrypt
- Private Key KD to derypt
- Constraint:
- DEC(ENC(P,KE),KD) = P
- In Practice:
- Often RSA with keys ≥ 2048 bits
- Requires 1 key-pair for each participant
- Scales well
- Size of data that can be encrypted is almost equal to the size of the key.
WIKI →
Hybrid Encryption (Using AES and RSA)
- Sender:
- Create new random symmetric key K
- Send data encrypted using key K
- Send key K encrypted with Receiver’s public key KE
- Receiver:
- Obtain symmetric key K by using Decrypting Symmetric Key using Receiver’s Private Key KD
- Obtain data by decrypting data using Symmetric Key K
- Main Problem:
- Once KD is known all symmetric keys K can be obtained and all data can be decrypted
- Can be prevented by using the ephemeral Diffie-Hellman key exchange EDH or ECDHE