Encryption - Algorithm (called a Cipher)

> Software Security > Cryptography - Key

1 - About

A cipher is an algorithm that encrypt a plain text message into a ciphertext. Normally, a hash function

There is two big class of cipher algoritm:

During the negotiation between client and server, they will indicate to each other a list of algorithms that can be understood ranked by order of preference. The common preferred algorithm is then chosen.

Advertising

3 - List

4 - Properties

4.1 - Commutative

A commutative cipher is one in which the order of encryption and decryption is interchangeable, just as the order of multiplication is interchangeable (i.e., A*B*C = A*C*B = C*B*A).

4.2 - Symmetry

Often a cryptosystem will use both type of algorithms. For example, a symmetric key to exchange keys and an asymmetric cipher to encrypt the messages.

4.2.1 - Symmetric

Encryption algorithms which use the same and single key for both encryption and decryption are known as:

  • symmetric key algorithms.
  • or secret-key encryption

Symmetric postal analogy

  • Alice would puts the secret message in a box
  • Alice would lock the box using a padlock to which she has a key.
  • Alice would send the box to Bob through regular mail.
  • Bob would use an identical copy of Alice's key to open the box
  • Bob would reads the message.
  • Bob would use the same padlock to send his secret reply.

Symmetric Concept

The single secret key must be shared and kept private by both:

  • the sender (for encryption)
  • and the receiver (for decryption).

To use a symmetric encryption scheme, the sender and receiver must securely share the key in advance. This is normally done after a connection is secured with an asymmetric cipher (because a symmetric cipher is less expensive in computational power). See section below asymmetric cipher.

See Symmetric_key_algorithms

Advertising

4.2.2 - Asymmetric

Asymmetric key algorithms (also known as public key cryptographic algorithms) was invented in the 1970s.

They used two keys (one public and one private. It is asymmetric because you need the other key pair to decrypt.

4.2.2.1 - Public Key

They use a pair of keys —or keypair— a public key and a private one.

= Public key Postal Analogy =

  • Bob and Alice have separate padlocks.
  • Alice asks Bob to send his open padlock to her through regular mail, keeping his key to himself.
  • Bob send it to her
  • She uses it to lock a box containing her message
  • She sends the locked box to Bob.
  • Bob can then unlock the box with his key
  • Bob can read the message from Alice.
  • To reply, Bob must similarly get Alice's open padlock to lock the box before sending it back to her.

The critical advantage in an asymmetric key system is that Bob and Alice never need to:

  • send a copy of their keys to each other.
  • trust the postal service.

In addition, if Bob were careless and allowed someone else to copy his key, Alice's messages to Bob would be compromised, but Alice's messages to other people would remain secret, since the other people would be providing different padlocks for Alice to use.

= Public key Concept =

When a message is encrypted with:

  • the private key, only his public key will successfully decrypt it, authenticating the authorship of the message (ie the owner of the private key)
  • the public key, only the private key can decrypt it.

In this scheme, secret messages can be exchanged with no prior secret agreement, each person using:

  • the other's public key to encrypt,
  • his own private key to decrypt.

In a secure asymmetric key encryption scheme, the private key should not be deducible from the public key. The design is such that finding out the private key is extremely difficult, even if the corresponding public key is known.

Because of the computational complexity of asymmetric encryption, it is usually used to exchange an on-the-fly symmetric key (e.g. a session key), which will only be used for the current session. This symmetric key is then used to encrypt the rest of the potentially long message sequence. The symmetric encryption/decryption is based on simpler algorithms and is much faster.

Advertising
4.2.2.2 - Three-pass protocol

Three-pass_protocol

It requires neither party to even touch the other party's padlock (or key to get access);

Bob and Alice have separate padlocks.

  • Alice puts the secret message in a box,
  • Alice locks the box using a padlock to which only she has a key.
  • Alice sends the box to Bob through regular mail.
  • Bob receives the box
  • Bob adds his own padlock to the box,
  • Bob sends it back to Alice.
  • Alice receives the box with the two padlocks,
  • Alice removes her padlock
  • Alice sends it back to Bob.
  • Bob receives the box with only his padlock on it,
  • Bob unlock the box with his key
  • Bob read the message from Alice.

This scheme is only possible with commutative cipher.

5 - Documentation / Reference