Written by 3.6.2 Key agreement From a security perspective, key transport has a fundamental downside compared to key agreement. If Alice generates the key and sends it to Bob (key transport), Bob can never be sure whether that key is sufficiently random. This might seem quite paranoid at first (which is true for the cryptography mindset, but […]
3.7 Randomness and entropy In cryptography, the security of most protocols and mechanisms depends on the generation of random sequences of bits or numbers. These sequences must have a sufficient length and be random in a very specific sense: we do not want an attacker to be able to guess part of or the whole […]
3.7.2 Entropy in cryptography So, why is entropy so fundamental to cryptography? If the source used to generate secrets (or unique values used in cryptographic protocols) has a poor entropy, the number of values that can be possibly drawn from that source will be limited, and some values will be (much) more likely than others. […]
Frequently changing keys also limits the exposure time of a key compromised by Mallory. If the extracted key is used only for a single communication session, Mallory cannot decrypt previous sessions and needs to repeat the extraction (and hope that her malware won’t be detected by Alice’s virus scanners, firewalls, and intrusion detection systems) to […]
3.7.3 True randomness and pseudo-randomness Modern algorithms such as Yarrow [99] or Fortuna (see chapter 10 of [65]) generate secret keys for use in cryptographic algorithms and protocols by accumulating entropy from several True Random Number Generators (TRNGs) and combining it using hash functions (see Chapter 11, Hash Functions and Message Authentication Codes) and block […]
3.3 Key space The security of an encryption algorithm is subtly related to the notion of key space. Simply put, a key space refers to encryption/decryption key pairs. The size of a key space determines how many of these pairs are available in a cryptographic algorithm (recall that in a symmetric algorithm, the encryption and […]
4.1 Preliminaries In this chapter, we are going to talk about how to achieve confidentiality, the first of the three security goals in the CIA triad. For this, we need encryption (and also decryption) functions. In order to be able to describe these functions precisely and to put them into the right context, we need […]
4.2 Symmetric cryptosystems To recap from Chapter 2, Secure Channel and the CIA Triad, confidentiality is achieved using functions fK : ℳ→𝒞 that transform the private information m, also referred to as plaintext, into a scrambled message c = fK(m), referred to as ciphertext. Here, fK is an encryption function. It maps a plaintext m […]
4.3 Information-theoretical security (perfect secrecy) The historical roots of encryption are in military and diplomatic communications. The first encryption schemes were perhaps invented by the ancient Greeks and Romans. These encryption schemes have survived until today in the form of examples for easily breakable ciphers and can be found in virtually any textbook on cryptography. […]