WEBSITE - http://www.asecuritysite.com/encryption
Randomness and pseudo randomness
substitution/permutation networks
Modes of Operation ECB, CBC, CFB, OFB
Hybrid encryption is a mode of encryption that merges two or more encryption systems. It incorporates a combination of asymmetric and symmetric encryption to benefit from the strengths of each form of encryption. These strengths are respectively defined as speed and security.
Hybrid encryption is considered a highly secure type of encryption as long as the public and private keys are fully secure.
You enter your credit card numbers online, click “OK” and wait with bated breath for your CD to arrive the next day … but what about that lingering question of how secure you really are?
Cryptography, the process of encoding information, has been around since Julius Caesar’s day. In fact, the technology is so solid, a method that was revolutionary 30 years ago is still used today. It’s called public key cryptography, and despite being decades old, it makes secure Internet commerce easier.
Public key cryptography allows anyone to scramble a message (like credit card information) to an intended party, but it lets only that party unscramble it. It also plays a role in authentication (Is that really Amazon I’m ordering from?).
In cryptography, a Lamport signature or Lamport one-time signature scheme is a method for constructing a digital signature. Lamport signatures can be built from any cryptographically secure one-way function; usually a cryptographic hash function is used.
Although the potential development of quantum computers threatens the security of many common forms of cryptography such as RSA, it is believed that Lamport signatures with large hash functions would still be secure in that event. Unfortunately, each Lamport key can only be used to sign a single message. However, combined with hash trees, a single key could be used for many messages, making this a fairly efficient digital signature scheme.
In Quantum Cryptography, keys are exchanged through quantum signals if you see the below image!
If eve tries to extract the signals then Quantum Bubbles will be destroyed. Quantum signals will be destroyed like bubbles.
Eves dropping is almost impossible with Quantum Cryptography.
New keys are generated in less than a minute here.
Quantum cryptography is the science of exploiting quantum mechanical properties to perform cryptographic tasks. The best known example of quantum cryptography is quantum key distribution which offers an information-theoretically secure solution to the key exchange problem. Currently used popular public-key encryption and signature schemes (e.g., RSA and ElGamal) can be broken by quantum adversaries. The advantage of quantum cryptography lies in the fact that it allows the completion of various cryptographic tasks that are proven or conjectured to be impossible using only classical (i.e. non-quantum) communication (see below for examples). For example, It is impossible to copy data encoded in a quantum state and the very act of reading data encoded in a quantum state changes the state.
HMAC stands for Keyed-Hash Message Authentication Code
Why we need HMAC? Because we want to know the integrity of the information transferred. HMAC ensures that the integrity of the message is not broken.
Generating HMAC is super easy!
From the SENDER SIDE
From the RECEIVER SIDE
Why we use HMACnot MAC?
Advantage of HMAC over MAC
HMAC SPECIFICATION
Whole Algorithm
PKI is a two key Asymmetric Cryptosystem. Its the same asymmetric algorithm but here confidentiality integrity and authenticity are extremely important.
In PKI, it is important to know whether the party sending us the public key is a genuine or not? Because anyone can send his/her public key, but how do you verify the party is real!
For verifying your identity you have digital signatures, that can be initially shared to ensure the person is real not some intruder.
Public Key is associated with each digital signature
You need to first share the digital signature and then send messages.
Hash algorithms are often used for computing digital signatures. The signer of a message runs the original message through a hash algorithm to produce a digest value, then encrypts the digest to produce a signature. Someone verifying the signature will run the message through the same hash algorithm, and will decrypt the attached signature value to ensure the digest it contains matches the one they computed.
If collisions are easy to find, they allow an attacker to take an authentic digitally signed message, find a different message that produces the same digest (the collision), then substitute the fake message for the real one while keeping the same signature value. Someone trying to validate the signature won't be able to tell the difference. This destroys the value of digital signatures.
Testing is difficult. You can apply chi-squared tests and look for uneven digest bit distributions over a wide number of single- and multi- bit changes, but that's not proof. Most of the strength relies on the algorithm's resulting digest size being large enough to mask any undiscovered weaknesses.
there is no such thing as collision-free hash function
Easy to calculate one way but extremely difficult to do the reverse
Here my modulus operator is a small prime number(17). If the number is extremely large then it is almost impossible to calculate the reverse!
3^17 mpd 33979348237924720430274729462704702794729705824927408232324342323232
Now the reverse calculation is now impossible!
Again this is very similar to Diffie Hellman
Watch this 2 min video Merkle Hellman
Similar to Diffie Hellman method,
The below image describes everything:
Check out this link for more Link
Homomorphic encryption is a form of encryption that allows computations to be carried out on ciphertext, thus generating an encrypted result which, when decrypted, matches the result of operations performed on the plaintext.
This is sometimes a desirable feature in modern communication system architectures. Homomorphic encryption would allow the chaining together of different services without exposing the data to each of those services. For example, a chain of different services from different companies could calculate 1) the tax 2) the currency exchange rate 3) shipping, on a transaction without exposing the unencrypted data to each of those services.[1] Homomorphic encryption schemes are malleable by design. This enables their use in cloud computing environment for ensuring the confidentiality of processed data. In addition the homomorphic property of various cryptosystems can be used to create many other secure systems, for example secure voting systems,[2] collision-resistant hash functions, private information retrieval schemes, and many more.
Partially homomorphic cryptosystems - ElGamal, Paillier
fully homomorphic encryption - The examples listed above allow homomorphic computation of some operations on ciphertexts (e.g., additions, multiplications, quadratic functions, etc.). A cryptosystem that supports arbitrary computation on ciphertexts is known as fully homomorphic encryption (FHE) and is far more powerful.
Such a scheme enables the construction of programs for any desirable functionality, which can be run on encrypted inputs to produce an encryption of the result. Since such a program need never decrypt its inputs, it can be run by an untrusted party without revealing its inputs and internal state. The existence of an efficient and fully homomorphic cryptosystem would have great practical implications in the outsourcing of private computations, for instance, in the context of cloud computing.
What is the difference between ECB, CBC, OFB?
How many different modes of operation?
What all different hashing and cryptographic techniques?
How digital signatures work?
Digital signatures captures both the public and private key!
ECB
This technique is very weak since the same cipher text appears for same block
For example if your input is repeating like the example below:
CBC
Blocks of chaining are used!
OFB Output Feedback
Feedback of first block goes into the other block!
CFB Cipher Feedback
Cipher feedback goes into the other block!
In cryptography, a Feistel cipher is a symmetric structure used in the construction of block ciphers.
For each round i =0,1,\dots,n, compute
L_{i+1} = R_i\,
R_{i+1}= L_i \oplus {\rm F}(R_i, K_i).
Then the ciphertext is (R_{n+1}, L_{n+1}).
Decryption of a ciphertext (R_{n+1}, L_{n+1}) is accomplished by computing for i=n,n-1,\ldots,0
R_{i} = L_{i+1}\,
L_{i} = R_{i+1} \oplus {\rm F}(L_{i+1}, K_{i}).
Then (L_0,R_0) is the plaintext again.
One advantage of the Feistel model compared to a substitution-permutation network is that the round function {\rm F} does not have to be invertible.
Some more properties of Block Cipher
Encryption in Feistel Model
Decryption in Feistel Model
Block Cipher is made of up two algorithms: Encryption and Decryption
Can we use any function as block cipher function ? NO there are certain rules for function.
Some of the properties of block ciphers:
Block Ciphers should be defined in such a way that it is reversible
In block cipher, you have a plaintext key and ciphertext
Two rules of Block Ciphers
In cryptography, an SP-network, or substitution-permutation network (SPN), is a series of linked mathematical operations used in block cipher algorithms such as AES (Rijndael). Other ciphers that use SPNs are 3-Way, SAFER, SHARK, and Square.
Such a network takes a block of the plaintext and the key as inputs, and applies several alternating "rounds" or "layers" of substitution boxes (S-boxes) and permutation boxes (P-boxes) to produce the ciphertext block. The S-boxes and P-boxes transform (sub-)blocks of input bits into output bits. It is common for these transformations to be operations that are efficient to perform in hardware, such as exclusive or (XOR) and bitwise rotation. The key is introduced in each round, usually in the form of "round keys" derived from it. (In some designs, the S-boxes themselves depend on the key.)
Decryption is done by simply reversing the process (using the inverses of the S-boxes and P-boxes and applying the round keys in reversed order).
Typically XOR operation is performed here.
This is how the substitution cipher works like:
Here we are using the same key to encrypt and decrypt data. Even though it is very fast, but the key must be stored securely.
Every number can be imagined like a lock and keys are the prime numbers(Factors)
Each number can be represented as a multiplication of prime numbers
15 = 5*3
20 = 5*2*2
21 = 7*3
22 = 2*11
You can't find any other prime numbers whose multiplication will give you the same result, and thats why the factors are also known as key. Think of each number as a LOCK now
Keys are the prime numbers whose addition and multiplication will give you the number
Pseudo random generator must repeat themselves. If the size of the seed is small, then after 1000 numbers it will start to repeat. Depending on the size of seed the repeating interval is decided.
What is possible, What is possible in reasonable amount of time is all about Crytography.
With pseudo random generators the security increases as the length of the seed increases.
The blue parts show pseudo random generator which is repeating. The white part shows random generator which is truly random
Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC requires smaller keys compared to non-ECC cryptography (based on plain Galois fields) to provide equivalent security.
Elliptic curves are applicable for encryption, digital signatures, pseudo-random generators and other tasks. They are also used in several integer factorization algorithms that have applications in cryptography.
Public-key cryptography is based on the intractability of certain mathematical problems. Early public-key systems are secure assuming that it is difficult to factor a large integer composed of two or more large prime factors. For elliptic-curve-based protocols, it is assumed that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible: this is the "elliptic curve discrete logarithm problem"
Elliptic curves are generally in the form:
Addition in Elliptic Curves:
The way addition and multiplication are performed for Elliptic Curves is shown here:
The reason for Elliptic Curves will work for finite field is because we need to make sure that if there are two points on the curve, and there is a infinite line drawn to connect two points should also cut a third point.
Result for addition we get by drawing a vertical line as shown below:
Multiplication is n * addition addition is calculated in a really different way in Elliptic Curves which means multiplication so powerful!! "elliptic curve discrete logarithm problem"
Now the ECC is applied for Diffie Hellman Crytography. They agree on certain parameters, and share a public key just like normal Diffie Hellman!
What each parameters mean here
Alice and Bob calculate their private key by multiplying with G which is also known as Generator Sequence
Result of Diffie Hellman! Algorithm
There is a problem with symmetric key cryptography
There are lots of computer on internet which wants to send messages but don't have the shared key, then how will they send the messages?
1- First they choose the blue color
2- The alice will choose orange color, and Bob will choose green colors. Not send this over the network
3- Mix the color
4- See the other images for more clarity
Using colors to understand how diffie hellman algorithm works
Now they will exchange their colors
The final result after mixing should be also be same, as you can see in the above image.
Mathematics Behind D-H
Step 1:
Step 2:
Step 3:
Alice and Bob both will compute the final value of s which should be equal
Step 4:
This is a Discrete Logarithm Problem
It is also known as Asymmetric Scheme since you are using two keys Public and Private
A cryptographic system that uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it.
An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key.
Public-key systems, such as Pretty Good Privacy (PGP), are becoming popular for transmitting information via the Internet. They are extremely secure and relatively simple to use. The only difficulty with public-key systems is that you need to know the recipient's public key to encrypt a message for him or her. What's needed, therefore, is a global registry of public keys, which is one of the promises of the new LDAP technology. Public key cryptography was invented in 1976 by Whitfield Diffie and Martin Hellman. For this reason, it is sometime called Diffie-Hellman encryption. It is also called asymmetric encryption because it uses two keys instead of one key (symmetric encryption).
Both ways we can achieve this. Either using private keys to first encrypt, and then decrypt or vice versa.
In cryptography, the one-time pad (OTP) is an encryption technique that cannot be cracked if used correctly. In this technique, a plaintext is paired with a random secret key (also referred to as a one-time pad). Then, each bit or character of the plaintext is encrypted by combining it with the corresponding bit or character from the pad using modular addition. If the key is truly random, is at least as long as the plaintext, is never reused in whole or in part, and is kept completely secret, then the resulting ciphertext will be impossible to decrypt or break.It has also been proven that any cipher with the perfect secrecy property must use keys with effectively the same requirements as OTP keys.
Gilbert S. Vernam for the XOR operation used for the encryption of a one-time pad.
Some of the properties of one time pad
How one time pad works
Since the letters cannot be added we first need to convert into decimal or binary. Here we converting into decimal and then adding them. If the keys are of same size as of plaintext, and it is truly random then it is almost impossible to decrypt it.
In mathematics, the Euclidean algorithm[a], or Euclid's algorithm, is an efficient method for computing the greatest common divisor (GCD) of two numbers, the largest number that divides both of them without leaving a remainder
Application of Euclid Algorithm
The Euclidean algorithm has many theoretical and practical applications. It is used for reducing fractions to their simplest form and for performing division in modular arithmetic. Computations using this algorithm form part of the cryptographic protocols that are used to secure internet communications, and in methods for breaking these cryptosystems by factoring large composite numbers. The Euclidean algorithm may be used to solve Diophantine equations, such as finding numbers that satisfy multiple congruences according to the Chinese remainder theorem, to construct continued fractions, and to find accurate rational approximations to real numbers. Finally, it is a basic tool for proving theorems in number theory such as Lagrange's four-square theorem and the uniqueness of prime factorizations. The original algorithm was described only for natural numbers and geometric lengths (real numbers), but the algorithm was generalized in the 19th century to other types of numbers, such as Gaussian integers and polynomials of one variable. This led to modern abstract algebraic notions such as Euclidean domains.
In cryptography, a hard-core predicate of a one-way function f is a predicate b (i.e., a function whose output is a single bit) which is easy to compute given x but is hard to compute given f(x). In formal terms, there is no probabilistic polynomial-time algorithm that computes b(x) from f(x) with probability significantly greater than one half over random choice of x.
RSA is implemented on the same principal
RSA is also known as one way TRAP door function which means that there is no way to undue the encryption unless there you have the private key.
private key is represented by d in the below images
n is the trap door here. Because of prime factorization it is extremely difficult to find n
number which is greater than 1 can be represented exactly one way as the product of two prime numbers
15 = 3*5
255 = 3*5*17
n knowing the factors of n is the trapdoor function
So hard core predicate is basically a boolean value which can tell whether the inverse of any function can be done or not in True or False
There is a difference between One way function and Trap Door Function. RSA is basically a Trap Door Function
Hard Core Bit Predict easy to compute given x but hard to guess given f(x)