Sunday, January 11, 2009

Cryptosystems intro.

I've been study at cryptography recently so I'm going to jot down a few notes from my course.

Why do we need cryptography?

  1. To keep information secret (confidentiality)
  2. To ensure that the message is the correct and has not been altered (integrity)
  3. To verify that the sender of the message is who he says he is. (authentication)
  4. To prevent the sender denying it was he who sent the message and the receiver claiming she had not received the message (non-repudiation)
So there's a fairly broad range of requirements. However it seems we can achieve these goals though just 2 classes of encryption algorithm.

Types of Encryption Algorithm

Symmetrical

This type of algorithm works because both the sender and receiver both share the secret key.

Sender
M(Plain text) --> Encrypt(K) = C (Cipher Text)

Receiver
C --> Decrypt(K) = M

It doesn't matter if the algorithm is public knowledge as the key is er.. the key.

Asymmetrical

Sender encrypts with receivers public key receiver decrypts with private key.

Sender
M(Plain Text) --> Encrypt(Ke) --> Cipher Text (C)

Receiver
C --> Decrypt(Kd) --> Plain text.

{Ke,Kd} are a pair

More on Symmetrical Cryptosystems

Examples of single key algorithms include:
  • DES
  • Triple DES
  • AES
  • IDEA
  • RC5,RC6
  • Blowfish


My very simple symmetrical key cryptosystem.

The concept of symmetrical key algorithm isn't hat hard to get you head around lets take a very simple (contrived) example.

My plain text message

|J|O|H|N| can be translated to its order in the alphabet |10|15|8|14

Then we can encrypt them with our secret key. Lets xor them with the secret key 7.

|13|8|15|9 --> |M|H|O|I|

So this provides us with some protection.

MHOI does not look like JOHN and even if the hacker knows we XOR the message and convert into numbers he will have to guess our secret key.

Of course this example is terrible.

There are several reasons why.

To design a Symmetric Cryptosystem we should follow these criteria.
  • Cipher text should depend on the plain text and key in a complex manner (confusion)
  • Each part of the cipher text should depend on all of the plain text and all of the key (diffusion)
  • Small changes to input data should cause many changes in output. (Avalanche effect)
So my encryption algorithm fails on the last two (and arguably the first).


We can look at a better example with DES (Which I will continue in another post.