October 18, 2021 | By devevon
Modern cryptography is one of the most important aspect of computer and communications security. It is based on mainly mathematics concepts like number theory, computational-complexity theory and probability.
Unlike classical cryptography which manipulates traditional characters, modern cryptography operates on binary bit-string. It could also be proven, under given assumption, to be computationally secure.
The primary goals that modern cryptography is trying to achieve are:
There are 2 main types of cryptographic methods that are adopted today:
Some key terms to know:
All cryptography algorithms can be broken down into 3 parts:
For any algorithm to work as intended, if the key is correct, the following must hold:
i.e. I must get back to the same message if my key(s) is(are) correct.
Symmetric encryption is a type of encryption where only one shared secret key is used to both encrypt and decrypt data (bit-string).
Topic Description/Background Info
One Time Pad works by taking a key that is as long as the text you want to encrypt and then performing the XOR operation to get the encrypted text. The same key used to encrypt the text is also used in decrypting, by performing the XOR operation with the encrypted text and the key.
Xor property:
For one time pad, the 3 parts:
To summarize and XORing is a cheap operation so it is easy to encrypt and decrypt messages which is an advantage of the One Time Pad.
Note: OTP is proven mathematically to satisfy perfect secrecy
To understand the following extra readings, some understanding in statistics is needed
OTP Challenge 1: Proper Encryption and Decryption (Stage 1 and Stage 2)
Background Info
The main disadvantage of this encryption algorithm is that it requires a key of the same length as the message to be encrypted. Every time when a message is sent, a key of the same length must be shared as well. (Why not reuse the same key?).
Suppose we have a message of length 2048, we need to send securely a key of length 2048 together with the encrypted message.
In other word, if we are sending a file of size 1GB, in total, we will need to send 2GB worth of load.
OTP Challenge 2: Attack OTP when the same key is used.
Background Info:
Block Cipher is another symmetric encryption algorithm, it works by take a block of the plaintext and then using a key to pick a permutation of the possible outputs.
For example, for a 3-bits block and 2-bits key
Plaintext | Cipher (Key = 00) | Cipher (Key = 01) | Cipher (Key = 10) | Cipher (Key = 11) |
000 | 100 | 110 | 010 | 010 |
001 | 011 | 001 | 011 | 100 |
010 | 111 | 000 | 101 | 110 |
011 | 101 | 101 | 000 | 011 |
100 | 000 | 010 | 100 | 101 |
101 | 010 | 100 | 111 | 001 |
110 | 110 | 111 | 001 | 000 |
111 | 001 | 011 | 110 | 111 |
Suppose our key = 01, message = 101, then the ciphertext = 100.
Note: not all possible permutations are used here.
For a block that has N-bit inputs there are 2^N! possible permutations and for a key that has k-bits there are 2^k possible keys. Each key will map to a unique permutation. It is very likely that not every permutation will be used.
One of the nice things about Block Cipher is that it is extremely hard to break that is it is very expensive to try since there is no known efficient algorithm that can break Block Cipher without having to brute-force it.
In real life where key size is as long as 256 bits, there will not be a key-plaintext-ciphertext table. Instead, an interesting pseudo-random permutation algorithm will be used to make the encryption algorithm efficient.
e.g.
DES: https://www.geeksforgeeks.org/data-encryption-standard-des-set-1/
Block Cipher Challenge 1: Based on a key table, encrypt and decrypt
Background Info:
Currently there is not a known efficient way to break a block cipher other than trying out all possible keys.
Block Cipher Challenge 2: breaking using brute force
Background Info
As computer powers becoming stronger, DES that uses 56-bit key could be broken within a few hours.
A possible way to make it harder to break, apart from using a longer key or changing to AES, is using 3 DES.
3 DES (needs 2 56-bits keys)
2 DES (?)
Proposed encryption algorithm:
Challenge: Attacking 2DES without knowing the key
Background Info
The Electronic Code Block works by breaking the message into equal size blocks and then performing block cipher on each block with the same key then concatenating the result of each of the block ciphers.
Electronic Code Book Challenge 1: Encryption and Decryption
Background Info
Electronic Code Book Challenge 2: Attacking the algorithm
Background Info
Unlike ECB, counter mode adds in randomness to the ciphertext.
Given key K and message M,
Or visually,
Src: https://courses.cs.washington.edu/courses/cse484/21sp/slides/cse484-lecture10-sp21.pdf
Given key K and ciphertext C,
Advantage:
We do not need to inverse the block cipher.
Counter Mode Encryption Challenge 1: Encrypting a long message using CTR mode encryption
Background Info
There are a few things that we need to know before talking about reusing IV:
What would happen if we reused an IV? Here assume we do not change the key
CTR Mode Challenge 2: attacking a flawed CTR mode encryption algorithm
Background Info
https://courses.cs.washington.edu/courses/cse484/21sp/slides/cse484-lecture10-sp21.pdf
To Encrypt
https://courses.cs.washington.edu/courses/cse484/21sp/slides/cse484-lecture10-sp21.pdf
To Decrypt:
Background Info
Since we need to pass Temp through a block cipher using the same key, K, all the Temps must have the same length. This means that length of the plaintext must be a multiple of N, where N is the length of a block.
What we are passing to the block cipher in CTR is the randomly generated IV + i. It is guaranteed to have the same length as the initial IV. If the last block of the plaintext has a length < N, we can simply remove the first/last few bits of InterI to make them to have the same length.
Qn: How can we distinguish the padded 0 from the actual value 0?
PKCS#5 and PKCS#7:
Instead of using 0, we pad each byte with the value of total number of bytes added.
e.g.
If we only need to pad 1 byte, we will pad 01 at the end
2 byte: 02 02
3 byte: 03 03 03
Suppose the message is
… | AB 12 19 9C 11 05 F3 D4 | 5E 06
Block size = 8 bytes
The last block has a size of only 2 bytes
Therefore, the padded message will be:
… | AB 12 19 9C 11 05 F3 D4 | 5E 06 06 06 06 06 06 06
Note: there are 7 06’s at the end of the last block, the first one is part of the message.
If the original message’s length is a multiple of N, where N is the block size, an extra block filled with N with be added to the end of the message
e.g. For message like
… | AB 12 19 9C 11 05 F3 D4 | 5E 06 12 51 0E AF BB 9D
Which has all blocks filled. The padded message will be
… | AB 12 19 9C 11 05 F3 D4 | 5E 06 12 51 0E AF BB 9D|08 08 08 08 08 08 08 08
This is to make the last block to always be a padded block. Why is this needed?
We will then encrypt this padded message using CBC.
Challenge: Determine if a padding is valid
Background Info
There are a few things to keep in mind before going deeper into the topic:
Without other protection, padding could possibly leak the entire message’s content.
Notation wise:
Let’s see how we can get the last byte:
How can we extend this to get all other bits?
Note: we already found out the last byte. We need to find the second last byte. What are the values that the last 2 bytes can take such that they will not cause an invalid padding error?
Challenge: Padding Oracle Attack to find out the entire block
Bonus Challenge: Padding Oracle Attack to find out the entire message
Leave a Reply