Crypto 839: Intro to Notes C1-2

How do Alice/Bob communicate without Eve eavesdropping?
Agree on a secret key Ke and have to do this through the same chan

When Alice wants to send a msg:
1. Encrypts its using function E(Ke, m) then calls result of cipher text c
2. Alice sends ciphertext c=E(Ke,m)
3. When Bob receives c, he can decrypt it using the function D(Ke, c) to get plaintext m Alice wanted to send
4. Eve doesn't know key Ke, so when she gets c, she can't decrypt it

Kerkhoff's Principle: 1883:
Bob needs 2 things to decrypt the ciphertext:
1. The decryption algorithm
2. Key Ke

"...The security of the encryption scheme must depend only on the secrecy of the key Ke1, and not the secrecy of the algorithm..."

Why? Because algs are hard to change and built into new hw/sw

Security by Obscurity: Attempting to maintain sec by keeping the alg secret

Modern cryptography falls into 2 categories:
1. symmetric: Uses the same key to encrypt/decrypt msg w/same key
- Symmetric is always faster than asymmetric
2. asymmetric: uses 2 keys (1 to encrypt 1 to decrypt)
Sender/receiver have 2 diff keys

Symmetric:
Encryption: c=E(k,p) [cipher text =Encryption func (key, plaintext)]
Decryption: p = D(k,c) [plain text =Decryption func (key, ciphertext)]

Public Key Encryption (asymmetric):
Alice/Bob no longer use the same key but diff ones

Bob first generates a pair of keys (Sbob, Pbob) using a special alg
1. Secret key Sbob
2. Public key Pbob
Bob publishes Pbob and when Alice encrypts msg m w/public key Pbob to get ciphertext c, then sends c to Bob. Bob uses his key Sbob and decryption alg to decrypt msg and get m.

For this to work:
1. key pair generation alg
2. encryption alg
3. decryption alg

D(Sbob, E(Pbob, m))=m
This must hold for all possible msgs m

Digital Signatures: Public key equivalent of msg authentication codes
1. Alice, gens key pair (Salice, Palice) and publishes public key Palice
2. When she wants to send a msg to Bob: she computes a signature:
s:=o(Salice,m) and sends s,m to Bob
3. Bob uses verification alg: v(Pbob, m,s) and Alice's sig to verify

PKI: Public Key Infrastructure:

"How can Alice be sure it's Bob's key and no one else's?"

CA: Certificate Authority is the idea behind PKI:
Each user takes his/her public key to the CA and ID's themselves to it
The CA signs the user's public key using a digital signature

Attacks:
1. Ciphertext only model
2. Known plaintext model
3. Chosen plaintext model
4. Chosen ciphertext model
5. Information leaking/side channels

Ciphertext only:
Alice/Bob are encrypting data: You can see the ciphertext
a. Trying to decrypt msg if you only know the ciphertext
b. You have the least amount of info
Known plaintext: You know both plaintext/ciphertext
a. Sometimes msgs are easy to predict
Chosen plaintext:
a. You get to select prepared plaintexts/get corresponding ciphertexts
b. 2 variations:
1. Offline: You prepare a list you want to have encrypted before you get the ciphertexts
2. Online: You can choose new plaintexts depending on ciphertexts you've received
Chosen ciphertext:  You get to choose BOTH plaintext/ciphertext
Distinguishing attack:
- Any method that detects diff bet. ideal encryption scheme +actual one
Information leakage/Side Channels: Attacks that make use of additional info

Birthday Attacks: Named after the Birthday Paradox:
"If you have 23 people in a room, the chance that 2 of them will have the same birthday exceeds 50%"

Attack that depends on the fact that duplicate values (collisions) appear much faster than you would expect

Meet-in-the-Middle: Instead of waiting for a key to repeat, you can build a table of keys you choose

Exhaustive search attack: Tries all possible values for target, like the key