# Kendall's Online blog

## Monday, March 13, 2006

### Cryptography primer part I

This post and other related posting later this week are part of a series of blog entries that I would use to provide an introduction to cryptography which is my area of research at the University of Victoria. I am also a member of the Working group on the IEEE standard P1363 (Specifications for Public-Key Cryptography) and a student member of the Information Systems Audit and Control Association (I.S.A.C.A).
If you happen to be close to Napa Valley on the 26th - 29th April 2006 you can come to my stand where my poster abstract on the"Design of an elliptic curve cryptographic processor" at FCCM 2006

Terminologies in Cryptography
These are some of the terminologies used to describe cryptographic algorithms
· Type: Private Key or Symmetric and Public Key or Asymmetric
· Key Size: the length of the key used in encrypting information.
· Attack: The attacks which the cryptographic algorithms is vulnerable to.
· Strength: An assessment of the strength of the algorithm based on its key length, no of rounds, complexity and resistance to attacks
· Rounds: No of repeated sequence of operations on plaintext to produce the ciphertext.

Private or Symmetric Key Algorithm
Private Key algorithms are algorithm where the encryption key is known to both the sender and receiver of data or where the decryption key can easily be obtained from the encryption key. They are mainly used for the encryption of data at high speed. Their strength greatly depends on the privacy of the key since anyone who has the key can decrypt or alter the transmitted data. There are two types of Private Key algorithms: block cipher and stream cipher. When the data is fed into the algorithm in bits and pieces and the output is produced in bits it is referred to as a stream cipher in the other hand if the data is passed at once to the algorithm it is referred to as a block cipher e.g. DES. Stream ciphers are preferred in situations where transmission errors are probable because they do not have error propagation.

Public or Asymmetric Key Algorithm
Public Key algorithm was developed out of the difficulty in finding a secure method of exchanging the private key between both parties. Encryption of data using Public Key algorithm involves generating two different keys a private key and a public key (derived from the private key). The public key is made available to everyone. Public keys generated by these algorithms cannot be used to derive the private key hence the Public Key can be publicized. Public Key method performs complex operation on very large numbers and this comes at a high computational cost usually much larger than that of Private Key algorithm thus public Key algorithm should be used for encrypting small amount of data or transmission of Private Key used in Private Key algorithm because of their large computational requirements.

Strength of algorithm
Both categories of cryptographic algorithms mentioned above use keys of variable length. The size of the key is a very important metric when implementing cryptographic algorithms because it determines the number of different keys that exist and the strength of the cryptographic algorithm. In order to break a cryptographic algorithm the simplest method would be to try all the different combinations of keys so a large key length is preferred to make the cryptographic algorithm less vulnerable to this type of attack called brute force attack. The choice of key length is dependent on a combination of the level of security required, processor ability and word length of the chip used in your application.
Cryptographic algorithms are subject to attacks of various forms, below is an overview of such attacks:
· Brute-force Attack: Brute-force attack is the attack where the attacker tries all possible combination of keys until the actual key is found. Brute force attack cannot be prevented but most cryptographic algorithm makes it almost infeasible.
· Codebook Attack: A block of plaintext when encrypted always returns the same block of ciphertext as long as the same key is used. Codebook attack exploits this property of encrypted data.
· Differential Cryptanalysis: Differential cryptanalysis is the finding of similarities between various cipher-texts derived from similar plaintexts. This similarity assists in obtaining the key
· Known Plaintext Attacks: This type of attack involves retrieving the key from analyzing a known plaintext and its ciphertext.
· Linear Cryptanalysis; This attacks involves finding linear dependency between plaintext, ciphertext and key which helps in retrieval of the key.
· Man-in-the-middle: This attack is only possible if the attacker can eavesdrop on conversation of two parties and change the contents of their conversation. The attacker achieves this by pretending to be one of the parties in the conversation.
· Related Key Cryptanalysis: This refers to attack based on encrypting plaintexts with similar keys and analyzing the difference in output.
· Timing Attack: This attacks the algorithm by measuring the computation time for a series of decryption.

References:
P. C. van Oorschot, A J. Menezes, S.A. Vanstone, “Handbook of Applied Cryptography,” CRC Press Inc., Florida , 1996.

W. Trappe, L.C. Washington, “Introduction to Cryptography with Coding Theory,” Prentice Hall, New Jersey, 2002

Strength Assessment of Encryption Algorithm (http://www.discretix.com/wp.shtml).

D. Boneh, “Twenty years of Attack on the RSA Cryptosystem”, Notices of the AMS, Vol. 46 No. 2, February 1999.