Plaintext (aka cleartext) => encryption => ciphertext => decryption => plaintext
Some words, idioms etc
AES
AES = Advanced Encryption Standard
AES is a symmetric-key algorithm.
AES has both excellent confusion and diffusion
AES is also known by its original name Rijndael (but is a variant of it).
AES supersedes DES.
Avalanche effect
Changing (only) one bit in the input creates a significant large difference in the output.
Birthday attack
Block cipher
The cipher text of an n-bit text contains n bits.
Mode of operation
A block cipher by itself is only suitable for the secure cryptographic encryption or decryption of one fixed-length group of bits called a block.
A
block cipher mode of operation describes how to repeatedly apply such a single-block operation to securely transform amounts of
data larger than a block
Different modes can have significantly different performance and efficiency characteristics (even if performed with the same block cipher).
Most modes require an initialization vector (IV) in order to make sure that distinct ciphertexts are produced from the same plaintext and key.
CBC | Cipher block chaining | see also CBC-MAC |
CFB | Cipher feedback | |
CTR | Counter | |
ECB | Electronic codebook | The simplest mode: each block is encrypted separately (which entails a lack of diffiusion) and should therefore not be used! |
GCM | Galois/counter | Key feature: parallel computation of the Galois field multiplication used for authentication which allows higher throughputs. |
OFB | Output feedback | |
PCBC | Propagating CBC | |
XTS | | |
Blowfish
Blowfish is a symmetric cipher. It should not be used on files larger than 4GB in size.
Break
A «break» is anything that is faster than a brute-force attack.:q
Confusion and diffusion
Confusion
Confusion means that each bit of the ciphertext should depend on several parts of the key which obscures the relationship between the two.
Confusion makes it difficult to find the key from the ciphertext.
Diffusion
Diffusion means that changing one bit in the plaintext changes about half of the bits in the ciphertext (and vice versa).
This is equivalent to the expectation that encryption schemes exhibit an avalanche effect.
Substitution-permutation networks
In substitution–permutation networks, confusion is provided by substitution boxes, diffusion by permutation boxes.
AES
AES has both excellent confusion and diffusion.
Diffie Hellman (DH)
An anonymous, non-authenticated key-agreement protocol.
In GPG, Diffie Hellman is called the Elgamal encryption algorithm.
Elliptic curve cryptography (ECC)
Before ECC become popular, almost all public-key algorithms were based on
RSA, DSA, and
DH.
RSA etc still used, though.
Encryption algorithms
Some encryption algorithms include
- DES (Data Encryption Standard)
- Triple DES
- TRIPLE_DES_3KEY
- RC2
- RC4 (Rivest Cipher 4, generally considered insecure)
- 128-bit RC4
- DES-X
- AES (128, 192 and 256 bit)
ElGamal
A public key encryption scheme with security based on the discrete logarithm problem.
Format preserving encryption
Output format = Input format.
So, an encrypted german word is a german word. An encrypted credit card is a credit card.
Hash function
A general hash function has the following three properties
- Input can be any size
- Output size is fixed
- Output can be calculated efficiently: it takes O(n) time (n = length of input). However, it's difficult to compute the input given the output only.
A hash value is called digest and can be used to identify a (longer) message or document.
In order to be useful for
Bitcoin, it additionally needs these three properties:
- Collision resistance: nobody can find an input for a given output.
- Hiding: The hash doesn't allow to guess the input
- Puzzle friendly
Apparently, no hash functions are proven to be collision resistant.
Examples of well-known hash function are SHA-256 or MD2.
Key exchange
Key exchange protocols allow two parties to produce a secret session key over a public channel.
Keyring
A keyring stores encryption keys and sometimes also passwords.
Message authentication code (MAC)
HMAC, for example, is a MAC algorithm.
Malleability
A malleable encryption algorithm allows (potentially an attacker) to transform a cipher text into a different ciphertext which decrypts into a plain text that is similar or related to the original plain text.
When the attacker does that, he is not necessarily able to read the original or new message.
Some algorithms are malleable by design, for example: homomorphic encryption schemes.
Nonce
An arbitrary (usually random) number that may be used only once.
In
authentication, a nonce ensures that old communication cannot be reused in a reply attack.
Salts are related to the concept of nonces.
One time pad (OTP)
A OTP encrypts a message with a key that is at least as long as the message. The key is used only once (hence one-time pad).
PGP
PKI - Public Key Infrastructure
Public-private key encryption
m
= message
c
= cipher text
n
= arbitrarily chosen value
a
= private key
b
= public key
c=m^a mod n
m=c^b mod n
m=(m^a)^b mod n = (m^b)^a mod n
Reply attack
RSA
RSA is an asymmetric cipher and is named after its inventors: Rivest, Shamir and Adleman.
Secure socket layer (SSL)
Secure electronic standard (SET)
SET was a communications protocol standard for securing credit card transactions over insecure network.
Transport layer security (TLS)
SSL is the predecessor of TLS