Cryptography Study Guide

📖 Core Concepts Cryptography – study & practice of techniques for secure communication despite adversaries. Confidentiality, Integrity, Authentication, Non‑repudiation – four pillars a cryptosystem must protect. Plaintext ↔ Ciphertext – readable data before/after encryption. Encryption / Decryption – reversible transformation using a key (secret value). Cipher – pair of algorithms (encrypt & decrypt). Cryptosystem – set of possible plaintexts, ciphertexts, keys, and the associated algorithms. Symmetric‑key – same secret key for both encryption & decryption; fast, used for bulk data. Asymmetric‑key – public key encrypts, private key decrypts; enables secure key exchange without prior secret. Hybrid Cryptosystem – use asymmetric key exchange to share a symmetric key, then encrypt data symmetrically. Kerckhoffs’s Principle – security must rely only on secret key; algorithm may be public. Hash Function – deterministic, fixed‑length output, infeasible to invert (preimage resistant) or find collisions (collision resistant). Digital Signature – private‑key signs (usually a hash); public‑key verifies, giving authenticity & non‑repudiation. 📌 Must Remember Symmetric vs Asymmetric – same key vs public/private pair; speed vs key‑distribution advantage. Kerckhoffs’s Principle – algorithm can be public; only key must stay secret. Hard Problems: RSA → integer factorization of a semiprime $n = p \times q$. Diffie–Hellman & DSA → discrete logarithm in a finite group. ECC → elliptic‑curve discrete logarithm (harder per bit). Hash properties: Preimage resistance: cannot find $m$ such that $H(m)=h$. Collision resistance: cannot find $m1 \neq m2$ with $H(m1)=H(m2)$. Common broken hashes: MD4, MD5, SHA‑1 (and early SHA‑2 versions). Attack models (in increasing power): Ciphertext‑only → Known‑plaintext → Chosen‑plaintext → Chosen‑ciphertext. Side‑channel: timing, power, EM leakage can reveal keys even if algorithm is strong. Public‑key usage: encrypt a symmetric key (or a hash) once, then switch to fast symmetric encryption. 🔄 Key Processes Diffie–Hellman Key Exchange Agree on large prime $p$ and generator $g$. Alice picks secret $a$, sends $A = g^{a}\!\!\mod p$. Bob picks secret $b$, sends $B = g^{b}\!\!\mod p$. Shared secret $s = A^{b} = B^{a} = g^{ab}\!\!\mod p$. RSA Encryption/Decryption Generate $n = p q$, $\phi = (p-1)(q-1)$. Choose $e$ coprime to $\phi$, compute $d$ such that $e d \equiv 1 \pmod{\phi}$. Ciphertext $c = m^{e}\!\!\mod n$; plaintext $m = c^{d}\!\!\mod n$. Message Authentication Code (MAC) Generation Input: secret key $K$, message $M$. Compute $T = \text{MAC}K(M)$ (e.g., HMAC‑SHA‑256). Receiver recomputes $T'$; if $T'=T$, authenticity & integrity are verified. Digital Signature (RSA‑DSA style) Compute hash $h = H(M)$. Sign: $s = h^{d}\!\!\mod n$ (RSA) or $s = (k^{-1}(h + xr))\!\!\mod q$ (DSA). Verify with public key; successful verification ⇒ authentic, non‑repudiable. 🔍 Key Comparisons Symmetric‑key vs Asymmetric‑key Speed: Symmetric (fast) vs Asymmetric (slow). Key distribution: Symmetric needs secure channel; Asymmetric does not. Use case: Bulk data encryption → symmetric; key exchange / signatures → asymmetric. Block Cipher vs Stream Cipher Block: encrypt fixed‑size blocks (e.g., AES 128‑bit). Stream: generate keystream, XOR with plaintext bit‑by‑bit (e.g., ChaCha20). Hash vs MAC Hash: public, no secret, only integrity check (no authentication). MAC: secret key included, provides both integrity and authentication. Ciphertext‑Only vs Chosen‑Plaintext Attack Ciphertext‑Only: attacker only sees ciphertexts. Chosen‑Plaintext: attacker can request encryption of arbitrary messages → far more powerful. ⚠️ Common Misunderstandings “Encryption = Hashing” – Encryption is reversible with a key; hashing is one‑way and cannot be decrypted. “Public key can decrypt” – Only the private key can decrypt; public key is for encryption/verification only. “Longer keys are always better” – Beyond recommended sizes, performance suffers; also, key length must match algorithm (ECC 256‑bit ≈ RSA 3072‑bit). “One‑time pad is impractical” – True only if keys are truly random, never reused, and at least as long as the message. “Side‑channel attacks break the math” – They exploit implementation leakage, not the underlying hard problem. 🧠 Mental Models / Intuition Lock‑and‑Key Analogy: Symmetric key = a single key that both locks (encrypts) and unlocks (decrypts). Asymmetric = a public lock (anyone can lock) and a private key (only owner can unlock). Hybrid Sandwich: Think of asymmetric as the bread that safely passes the filling (symmetric key) to the interior where bulk encryption happens. Hash as Fingerprint: Fixed‑size “fingerprint” of any data; two different fingerprints → collision (rare if function is good). Kerckhoffs’s Principle = “Open‑source security” – The system should stay safe even if everyone knows the algorithm, like a lock that’s secure because the key is secret, not because the lock design is hidden. 🚩 Exceptions & Edge Cases Weak Keys: Certain keys (e.g., all‑zero, all‑one) can create degenerate ciphertexts; many algorithms reject them. Deterministic RSA without padding → vulnerable to chosen‑plaintext attacks; always use OAEP or PKCS#1 padding. Stream cipher reuse: Re‑using the same keystream with two messages leaks XOR of plaintexts; never reuse keystreams (one‑time pad principle). Hash collisions in practice: MD5 and SHA‑1 collisions have been demonstrated; never use for digital signatures or certificate verification. 📍 When to Use Which Key exchange → Use Diffie–Hellman (or Elliptic‑Curve DH) when you need a fresh symmetric key without prior secret. Bulk data encryption → Prefer AES‑GCM (block cipher with built‑in authentication) or ChaCha20‑Poly1305 on devices lacking AES hardware. Message authentication only → HMAC‑SHA‑256 (MAC) if both parties share a secret key. Digital signatures → RSA‑PSS for compatibility; ECDSA or Ed25519 for smaller keys & faster verification. Password storage → Store salted hash (e.g., bcrypt, scrypt, Argon2) – never plaintext or reversible encryption. 👀 Patterns to Recognize “Fast symmetric + slow asymmetric” pattern → indicates a hybrid protocol (e.g., TLS handshake). Presence of a “nonce” or “IV” → signals a need for randomness to prevent replay or deterministic encryption attacks. Algorithm name ending in “‑20” (e.g., ChaCha20) → stream cipher; look for XOR‑based construction. Terms “preimage” vs “collision” – preimage attacks target a given hash output; collision attacks target any two inputs. 🗂️ Exam Traps Choosing “RSA” for key exchange – RSA can encrypt small data but is not efficient for bulk key exchange; DH/ECDH is the typical answer. Confusing “public key” with “secret key” – Remember only the private key can decrypt or sign. Assuming “hash functions provide confidentiality” – They do not; they only provide integrity/checksums. Selecting “MD5” as a secure hash – MD5 is broken; exam will likely flag it as insecure. “Longer symmetric key always stronger than longer asymmetric key” – Security strength must be compared using bits of security; 256‑bit AES ≈ 3072‑bit RSA, not 128‑bit RSA. --- Use this guide for a rapid “last‑minute” review – focus on the bolded keywords and the decision rules in the “When to Use Which” section.