2 - Cryptography"It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics."
Bruce Schneier
Cryptography, Crypto for short, is the science or study of techniques used to secure communications from third parties,
that is done encrypting the messages in such a way that only those who have the right key will be able to decrypt them.
To encrypt a message some kind of mathematical operation, known as ‘cipher’, is applied that will turn it into something
unintelligible until it’s decrypted using the right key.
In the past those ciphers were replacing certain characters by others using a pre established displacement, for instance
‘ROT13’ added 13 to each letter, or the ‘Caesarian Shift’ that allowed to add any value. You can see more of these simple
methods
HEREThe problem with those simple methods is that third parties could very easily discover the key and thus the message
analysing the structure, length and character distribution of it.
The science and study of the techniques to understand and decipher encrypted messages without the corresponding key is
called ‘Cryptanalysis’.
The strength of a cipher is due the underlying math and the use of extremely big numbers, the best mathematicians in the
world work creating new algorithms and analysing existing ones looking for weaknesses, so forget about creating new
ciphers, just use the ones that have demonstrated to be secure during years of use.
Symmetric and Public-key ciphersSymmetric ciphersA symmetric cipher is one that uses the same key both for encrypting and decrypting a message. Some examples are DES,
AES or Blowfish.
Sometime you’ll see the algorithm accompanied by a number, for instance AES-192 or AES-256 the number specifies the
length of the key in bits, so AES-256 would use keys of 256 bits in length.
A bit is the minimal unit of information you can store in a digital device, it represents a 1 or a 0. A computer can represent a
character using 8 bits, so using 256 bits would be like having a 32 characters key. This is an oversimplification, but just to give
you an idea of the key sizes.
Increasing the key sizes makes the possible combinations grow exponentially, each extra bit duplicates the amount of
possible combinations.
Public-Key ciphersThe problem with symmetric ciphers is that you need a secure way to exchange the key used to encrypt the messages, and
that key should be changed often to avoid it being compromised.
Public key cryptography works using two different keys, in reality two parts of the same one. One is the “private key”, that
key is never shared with anyone, and will be used by its owner to decrypt the messages received and sign messages.
The other is the “public key” that should be widely distributed and it will be used to encrypt messages that just the owner of
the private key will be able to decipher, it also can be used to validate a digital signature.
Public key ciphers are also known as asymmetric ciphers.
In 1978 Ron Rivest, Adi Shamir and Leonard Adleman from the MIT published the first publicly available asymmetric cipher,
called RSA.
RSA is based on factoring extremely big prime numbers, problem that is extremely time consuming and impossible to solve in a
reasonable time lapse with current technology, quick calculations suggest that brute forcing it would take more time than the
age of the universe.
Since 2004 asymmetric ciphers started using Elliptic curve mathematical problems instead of prime factorization, the
advantage is that they provide the same level of security but using way smaller key sizes, reducing the computational cost
required when the right key is available but still being impossible to solve without it.
Hybrid ciphersPublic key ciphers computational cost is very high so working with big messages would take a lot of time or be prohibitive,
that’s why hybrid cyphers were created.
In an hybrid cipher the message is encrypted using a symmetric cipher and the key used is then encrypted with a public key
cipher.
Hash functionsA Hash is function that given an input of any size will generate a fixed length output, called digest. They are not ciphers
because they are only one way, there is no reverse operation that given a hash will give the original input.
A hash also has as characteristic that a minimal change in the input will produce substantial changes in the output, they have
an even distribution and is almost impossible to have collisions, that is that two different inputs will generate the same
output, so if two inputs have the same digest you can be sure they are equals.
Examples of hash functions can be MD5, SHA-1 or SHA-256.
Cryptographic signatures rely on hashes to be sure that the message isn’t modified, we will talk about this with more detail
later.
There are many other uses of hash functions, one key use is to store passwords, so even if some attacker can read it, he
won’t be able to know it without having to brute-force all the possible combinations, task that could be extremely time
consuming and if the password is strong impossible with current technology.
Cryptography practiceCrypto relies heavily on math, you don’t really need to understand it very well, I don’t, but is nice to have an idea of the
principles behind it.
The practice for this week is to take a “Journey into cryptography” by the Khan Academy, they have many short videos where
they will explain in more depth and better than I would what is cryptography and the principles behind it.
It would be nice if you finish at least until the “Modern Cryptography” section. If you complete the journey until that point
you’ll learn about ancient cryptosystems, how the enigma machine worked, what is a prime number, how RSA works and a lot
more.
If you’re feeling really motivated and decide to continue past that point you’ll start delving into more details of the
mathematical principles that make crypto possible.
Some lessons include programming problems, if you want to try them better, if you don’t don’t worry, just watch the lessons
and that will be more than enough for our goals.
Next Friday we will learn about PGP/GPG and start using it to encrypt our messages.
To start the journey into cryptography follow this link:
https://en.khanacademy.org/math/applied-math/cryptography