Cryptography - Modern Symmetric Encryption and Hashing

Modern Symmetric-Key Cryptography Introduction Symmetric-key cryptography is the foundation of secure communication in modern systems. In symmetric cryptography, both the sender and receiver share the same secret key, which is used for both encryption and decryption. This course covers the main categories of symmetric-key algorithms, techniques for analyzing their security, and how cryptographic hash functions provide data integrity. Block Ciphers A block cipher encrypts data by processing fixed-size chunks (called blocks) of plaintext at a time, typically 128 bits or more. Each block is encrypted independently using the shared secret key to produce a corresponding block of ciphertext. The most important block cipher today is the Advanced Encryption Standard (AES), which became the U.S. government standard in 2001. AES replaced the older Data Encryption Standard (DES), which had become insecure due to its small key size (only 56 bits). AES uses key sizes of 128, 192, or 256 bits, making it resistant to brute-force attacks. Stream Ciphers While block ciphers process data in fixed chunks, stream ciphers take a different approach. A stream cipher generates an arbitrarily long stream of key material from the shared secret key. This key stream is combined with plaintext bit-by-bit, similar to how a one-time pad works. The advantage of stream ciphers is that they can encrypt data of any length without needing to know the length in advance. However, they require careful implementation—reusing the same key stream twice can expose the plaintext, which is why they must never use the same key-plaintext combination twice. Message Authentication Codes Beyond encryption, we also need to verify that a message hasn't been tampered with. A message authentication code (MAC) is a cryptographic tag computed using a shared secret key and the message itself. Both the sender and receiver can verify the MAC using their shared key, which authenticates both the message's integrity and its origin. Think of a MAC as similar to a signature, except both parties use the same secret key to create and verify it. If an attacker modifies the message, the MAC will no longer match, revealing the tampering. Cryptographic Hash Functions A cryptographic hash function takes variable-length input and produces a fixed-length output called a hash digest (typically 256 bits or more). A crucial property: it's computationally infeasible to reverse the process—you cannot recover the original input from the hash output. Three main families of standardized hash functions are in use: SHA-1 (Secure Hash Algorithm-1): Produces 160-bit hashes; now considered deprecated SHA-2: A family including SHA-256, SHA-384, and SHA-512; widely used and still secure SHA-3 (Keccak): The newest standard, providing increased diversity and security assurance Hash functions are used for various purposes: verifying file integrity, storing passwords, and constructing digital signatures. Understanding Cryptographic Hash Function Security For a cryptographic hash function to be truly secure, it must satisfy two critical properties: collision resistance and preimage resistance. These properties ensure that the hash function cannot be exploited in common attacks. Collision Resistance A hash function is collision-resistant when it is computationally infeasible to find two different inputs that produce the same hash output (a "collision"). For example, if you have a collision-resistant hash function $H$, you should not be able to find two different messages $M1$ and $M2$ such that $H(M1) = H(M2)$, even with access to unlimited computing power (in practical terms). Why does this matter? Imagine a hash function is used to verify software authenticity. If someone could create two different programs with the same hash, they could substitute malware for legitimate software without detection. Preimage Resistance A hash function is preimage-resistant when it is computationally infeasible to find an input that hashes to a given output. In other words, if you're given a hash value $H(M) = X$, you cannot feasibly find the original message $M$. This property is essential for password storage: even if an attacker obtains the hash of a password, they cannot directly recover the password. Note the distinction: collision resistance means you can't find any two inputs that match, while preimage resistance means you can't find one specific input that produces a given hash. Both are necessary for security. Commonly Broken Hash Functions Several hash functions have been cryptographically broken, meaning collisions have been actually discovered (not just theoretically predicted): MD4 and MD5: Both completely broken; practical collisions are trivial to compute SHA-1: Collision attacks have been demonstrated; it is no longer recommended for security-critical applications These functions should never be used for security purposes anymore. When you see legacy systems using MD5 or SHA-1, it's a security vulnerability that needs remediation. Modern applications should use SHA-256 or SHA-3 instead. Cryptanalysis: Attacking Cryptographic Systems Cryptanalysis is the study of breaking cryptographic systems. Understanding different types of attacks helps explain why certain cryptographic designs are necessary and how security is evaluated. Ciphertext-Only Attack In a ciphertext-only attack, the attacker has access only to ciphertext and no other information. This is the weakest possible attack scenario because the attacker must recover the plaintext (or key) from the ciphertext alone. Modern block ciphers like AES are designed to resist this attack even when the attacker has many ciphertexts encrypted with the same key. Without additional information, computational effort required to recover the plaintext remains infeasible. Known-Plaintext Attack In a known-plaintext attack, the attacker possesses multiple pairs of ciphertext and their corresponding plaintext. This might occur when: Part of the plaintext is known (like file headers or standard formats) The attacker observes the same message encrypted multiple times with the same key An earlier, decrypted communication is discovered With known plaintext-ciphertext pairs, an attacker can test their guesses about the encryption key much more efficiently than with ciphertext alone. A secure cipher must still withstand this stronger attack. Chosen-Plaintext Attack In a chosen-plaintext attack, the attacker can select arbitrary plaintext and obtain the corresponding ciphertext (using someone else's encryption key without knowing it). This might seem unrealistic, but practical scenarios include: Encrypting services where an attacker can submit data to be encrypted Testing the security of a decryption system by feeding it encrypted data A secure cipher must remain secure even when the attacker can choose plaintexts and observe their ciphertexts, because they might design their chosen plaintexts specifically to reveal the key or find weaknesses. Chosen-Ciphertext Attack In a chosen-ciphertext attack, the attacker can select arbitrary ciphertext and obtain the corresponding plaintext (without knowing the key). This is the strongest attack in the basic attack models. This might occur when: An attacker submits requests to a decryption service and observes the results A system reveals partial information about plaintext (like "decryption succeeded" vs. "decryption failed") Modern encryption systems must be designed to resist chosen-ciphertext attacks, which is why proper encryption modes (like authenticated encryption) are important. Man-in-the-Middle Attack A man-in-the-middle (MITM) attack is different from the previous attacks because it targets the communication channel itself, not the cryptographic algorithm. In this attack, the attacker positions themselves between sender and receiver, where they can: Intercept messages Modify messages before forwarding them Send fake messages impersonating either party For example, in an MITM attack on a symmetric-key system, an attacker could intercept a communication attempt, pretend to be the intended receiver, and establish a separate encrypted session with the attacker as an intermediary. The two legitimate parties would be unknowingly communicating through the attacker. MITM attacks are prevented not by the cipher itself, but by proper key exchange protocols and authentication mechanisms (like digital signatures or certificates). The encryption may be mathematically sound, but if the key itself is compromised during exchange, all security is lost. Summary Modern symmetric-key cryptography relies on three main components: Block and stream ciphers for confidentiality (encryption) Message authentication codes for integrity and origin verification Cryptographic hash functions providing one-way transformations for passwords, digital signatures, and integrity checks Understanding cryptanalysis techniques—the various ways attackers might approach a system—is essential for appreciating why modern cryptographic designs include specific protections and why using broken algorithms is dangerous. The field of cryptography continues to evolve as new attack techniques are discovered and new standards like SHA-3 and AES are adopted to stay ahead of threats.