First presentation of a Cryptography series, it aims to provide a high level overview of cryptography, clarify its objectives, define the terminology and explain the basics of how digital security systems, like Bitcoin, are built.
Mike Dance is a web developer and Bitcoin advocate.
----------
Presented at the BitcoinSYD Meetup on 11 February 2015
2. Presentation Goals
• Provide a high level overview of cryptography
• Clarify the objectives of cryptography
• Define the terminology
• Explain the basic concepts to build an
understanding of how digital security systems,
like Bitcoin, are built
16. Secure Channel
A secure communication medium which can be trusted, used to exchange
secret key information, for example, face to face communication.
21. Secret Key
The data used to encrypt and decrypt in a symmetric algorithm. For example, a password.
This must be communicated over a secure channel and kept secret.
29. PRNG
Pseudo Random Number Generator is a RNG that is not truly random,
used when security is not a concern, for example with video games.
30. CSPRNG
A cryptographically secure pseudo-random number generator. Used for
cryptography applications, for example generating a bitcoin private key.
33. Kerckhoffs’ Principle
A crypto system should be secure even if the attacker knows all
the details about the system, with the exception of the secret key.
35. Analogy
A safe with one lock where each person with access has
a copy of the same key
36. DES
• Data Encryption Standard
• The most popular and best studied block cipher of the last 30
years
• Proposed in 1974 in response to a NIST (National Institute of
Standards and Technology) request for a standardised cipher
to secure government and national security communications
• Proposed by IBM cryptographers, with input from the NSA
with no public discourse
• Insecure due to small key space
37. 3DES
• Triple DES
• Performs DES encryption 3 times, which yields a
more secure cipher
• Still widely used primarily due to legacy
implementations and hardware
• Software implementations are not very efficient
38. AES
• Advanced Encryption Standard
• The most widely used symmetric cipher today
• In 1997, an open worldwide competition was held where cryptography algorithms
were submitted and reviewed by the international scientific community
• In 2001, the Rinjdael cipher, created by two young Belgian cryptographers was
selected for AES over submissions from IBM, RSA, and several famous
cryptographers
• In 2003, the NSA announced it will allow AES encryption to be used for classified
top secret documents
• Used in Blockchain.info wallets, Mac FileVault, Skype, WIFI encryption, IPSec, TLS,
SSH, etc.
• No known attacks have been found
39. Symmetric Pitfalls
• Key Distribution Problem
• A copy of the key must be exchanged over a
secure channel, problematic to do over the
internet!
• The number of keys required can get very large
• Non repudiation is not possible because several
people may use the same key
41. Analogy
A mailbox on the street, everyone can put a letter in (encrypt), but only
a person with a private (secret) key can retrieve the letters (decrypt).
42. Background
• Symmetric cryptography has been around for as
long as written language, public key
cryptography is very new
• Public key cryptography was publicly introduced
in 1976 by Whitfield Diffie, Martin Hellman, and
Ralph Merkle
43. Overview
• Solves the key exchange problem because the encryption key
can be public (hence the name, public key)
• Can be used to prove the authenticity and integrity of a message
using digital signatures, and a digital signature algorithm (non
repudiation)
• Can be used to identify entities using challenge and response
protocols together with digital signatures, for example, electronic
car keys, passports, or bank cards
• Relies on one way functions, which is easy to compute in one
direction, but the inverse computation is computationally
infeasible
44. RSA
• Published in 1977 by Ron Rivest, Adi Shamir and
Leonard Adleman
• Security is provided by the integer factorisation
problem
• Given two large primes, it is easy to compute the
product, but difficult to factor the resulting product
• Requires large key sizes to be secure with modern
day computers, which is problematic for smaller
devices like mobile phones, smart cards, etc.
45. Elliptic Curve Cryptography
• Introduced in 1985 by Neal Koblitz and Victor S. Miller,
algorithms entered wide use in 2004, and 2005
• Uses elliptic curve over finite field mathematics to generate
public and private keys
• Security is provided by the elliptic curve discrete logarithm
problem
• Provides roughly the same security of RSA with large key sizes,
with much smaller key sizes, which is leading to adoption in
mobile phones, and smart cards
• Bitcoin uses private and public key pairs based on ECC
47. In reality
A hybrid approach is used by using a public key algorithm (which is slower) to
encrypt and exchange a symmetric key (which is small), a symmetric algorithm
(which is fast) can then be used to encrypt the message (which is big).
51. Further Reading
• Understanding Cryptography by Christof Paar and
Jan Pelzl (http://www.crypto-textbook.com/)
• Cryptography Lectures
• https://www.youtube.com/playlist?
list=PLoJC20gNfC2gAB-eg7oaUTheB_JgQY4-q
• Public Key Cryptography: Diffie-Hellman Key
Exchange
• https://www.youtube.com/watch?v=3QnD2c4Xovk