Written by 1.1 Evolution of cryptography Over the past four decades or so, cryptography has evolved from an exotic field known to a select few into a fundamental skill for the design and operation of modern IT systems. Today, nearly every modern product, from the bank card in your pocket to the server farm running your favorite […]
1.3.3 Connectivity versus scaling attacks To summarize, connectivity exposes devices and IT systems to remote attacks that target network-facing software (and, thus, directly benefit from the continuously increasing software complexity), are very cheap to launch, can be launched by a large number of threat actors, and have zero marginal cost. In addition, there exists a […]
2.3 Confidentiality A fundamental need in secure communication is to ensure the privacy of the information transmitted between the communicating parties. In cryptography, this is referred to as confidentiality of data. More precisely, confidentiality is the ability to keep the content of information from all but those authorized to have it [117]. Confidentiality therefore guarantees […]
2.5.2 Entity authentication Entity authentication is the ability to assure one communicating party – using corroborative evidence – of both the identity of a second communicating party involved, and that the second party was actually active at the time the evidence was created or acquired [117]. This authentication type is also referred to as identification. […]
3.1 Secret keys and Kerckhoffs’s principle Let’s assume a plaintext m is mapped onto a ciphertext c. Earlier, we formalized this situation in the equation c = fK(m). You may have wondered why there is a parameter K. In cryptography, we distinguish between the encryption algorithm f and the key K. We can think of […]
3.2 Cryptographic keys We saw in the last section that keys are extremely important because they are the only things that are supposed to be secret in a cryptosystem. But what exactly is a key? A cryptographic key K comes from a large (but finite) set 𝒦. This large set is called the key space. […]
2.5 Authentication Authentication is the ability to identify the source of the communication, both for the communicating parties and for the information itself. In other words, authentication refers to a cryptographic mechanism ensuring that the identity of communicating entities can be verified and that the source of a received message can be verified. Any two […]
3.6 Key establishment To communicate securely, Alice and Bob need to share the secret key in advance. According to [117], Def. 1.63, ”key establishment is any process whereby a shared secret key becomes available to two or more parties for subsequent cryptographic use”. In principle, Alice and Bob might meet in person in a cafe […]
3.6.2 Key agreement From a security perspective, key transport has a fundamental downside compared to key agreement. If Alice generates the key and sends it to Bob (key transport), Bob can never be sure whether that key is sufficiently random. This might seem quite paranoid at first (which is true for the cryptography mindset, but […]
3.7.2 Entropy in cryptography So, why is entropy so fundamental to cryptography? If the source used to generate secrets (or unique values used in cryptographic protocols) has a poor entropy, the number of values that can be possibly drawn from that source will be limited, and some values will be (much) more likely than others. […]