Thilan Dissanayaka Cryptography May 03

Basic concepts of Cryptography

Cryptography is the practice of securing communication in the presence of third parties. It's a cornerstone of digital security, allowing us to protect sensitive information even when it's sent across insecure channels.

Whether you're sending an email, making an online payment, or accessing a secured server, cryptographic principles are silently working behind the scenes to protect your data.

This tutorial will walk you through the fundamental concepts and techniques in cryptography.

Why Cryptography Matters

At its core, cryptography ensures:

  • Confidentiality: Information is only accessible to those authorized.
  • Integrity: Data has not been altered or tampered with.
  • Authentication: Verifies the identity of the sender or receiver.
  • Non-repudiation: Prevents someone from denying their involvement in a communication or transaction.

Meet Alice, Bob, and Trudy

Cryptography scenarios often involve three fictional characters:

mi6lu0rzlmbmq9k21kgz.png

  • Alice: The sender of a message.

  • Bob: The intended recipient.

  • Trudy (the intruder): The malicious third party trying to intercept, modify, or impersonate communications between Alice and Bob.

These characters help us visualize the roles and threats in a cryptographic system.

Basic Cryptographic Terminology

Here are some key terms you'll encounter:

Term Description
Plaintext The original readable message (e.g., "Hello, Bob!").
Ciphertext The encrypted message that appears unreadable (e.g., "5A2B1C...").
Encryption The process of converting plaintext into ciphertext.
Decryption Converting ciphertext back into plaintext.
Key A piece of information used in encryption/decryption.
Keyspace The total number of possible keys that can be used with a particular encryption algorithm
Algorithm The procedure used for encryption and decryption.
Key Exchange The method by which cryptographic keys are securely shared.
Digital Signature A cryptographic code that verifies the authenticity and integrity of a message.
Certificate A digital document used to prove ownership of a public key.

Symmetric Key Cryptography (Secret Key Cryptography)

Symmetric encryption uses the same key for both encryption and decryption. How it Works

  • Alice and Bob agree on a secret key
  • Alice encrypts her message using this key
  • Alice sends the ciphertext to Bob
  • Bob decrypts the ciphertext using the same key

i8ofnajonsosto5yl3wc.png

Lets consider an example

Alice wants to send the message "Hi Bob, I'm Alice" to Bob. Therefore the plain text is,

Item Value
Plain text Hi Bob, I'm Alice
Symmetric Key SecretK3Y
Cipher text 3c6e0b8a9c1522
  • They share a secret key: "SecretK3Y"
  • Alice uses the key to encrypt: "Hi Bob, I'm Alice" → "3c6e0b8a9c1522"
  • Alice sends "3c6e0b8a9c1522" to Bob
  • Bob uses "SecretK3Y" to decrypt "3c6e0b8a9c1522" → "Hi Bob, I'm Alice"

If Trudy intercepts the message, she sees only "3c6e0b8a9c1522" which is meaningless without the key.

Advantages

  • Fast and efficient for large amounts of data
  • Relatively simple implementation

Disadvantages

  • Key distribution problem: How do Alice and Bob securely share the initial key?
  • Scalability issues: Need a unique key for each pair of communicating parties

Common Algorithms

  • AES (Advanced Encryption Standard)
  • DES (Data Encryption Standard) and 3DES
  • Blowfish and Twofish

Asymmetric Key Cryptography (Public Key Cryptography)

Asymmetric encryption uses two mathematically related keys: a public key and a private key. How it Works

  • Bob generates a key pair: public key and private key
  • Bob shares his public key openly (even Trudy can have it)
  • Bob keeps his private key secret
  • Alice encrypts her message using Bob's public key
  • Alice sends the ciphertext to Bob
  • Only Bob's private key can decrypt the message

m8xkhltxurtnyqfccey3.png

Example

Item Value
Plain text Hi Bob, I'm Alice
Aice Pvt. Key AlicePvtK3Y
Alice Pub. Key AlicePubK3Y
Bob Pvt. Key BobPvtK3Y
Bob Pub. Key BobPubK3Y
Cipher text caf8e34be07426ae7127c1b4829983c1
  • Bob generates key pair: Public key "BobPubK3y" and Private key "BobPvtK3y"
  • Bob shares "BobPubK3y" with everyone, including Alice and Trudy
  • Alice encrypts "Hi Bob, I'm Alice" using "BobPubK3y" → "caf8e34be07426ae7127c1b4829983c1"
  • Alice sends "caf8e34be07426ae7127c1b4829983c1" to Bob
  • Bob decrypts using his private key "BobPvtK3y" → "Hi Bob, I'm Alice"

Even if Trudy has Bob's public key, she cannot decrypt the message without Bob's private key. Advantages

Solves the key distribution problem Enables secure communication without prior secret sharing Enables digital signatures (discussed later)

Disadvantages

  • Much slower than symmetric encryption
  • Requires more computational resources

Common Algorithms

  • RSA (Rivest–Shamir–Adleman)
  • ECC (Elliptic Curve Cryptography)
  • Diffie-Hellman key exchange

Hash Functions

Hashing is a one-way function that converts data of any size to a fixed-size string. Properties of Secure Hash Functions

  • One-way function: Easy to compute the hash, but impossible to derive the original input from the hash
  • Deterministic: The same input always produces the same hash
  • Avalanche effect: Small changes in input create large changes in the hash
  • Collision resistance: Difficult to find two different inputs that produce the same hash

sgxps5jh7adgnqdqiizz.png

Uses of Hashing

  • Data integrity: Verify that data hasn't been altered
  • Password storage: Store hash of passwords rather than actual passwords
  • Digital signatures: Sign hash of a document rather than the entire document

Example Alice wants to ensure the integrity of a document she's sending to Bob:

  • Alice calculates the hash of her document: "Important contract" → "5f4dcc3b5aa765d61d8327deb882cf99"
  • Alice sends both the document and the hash to Bob
  • Bob calculates the hash of the received document
  • If Bob's calculated hash matches the hash Alice sent, the document is intact

If Trudy intercepts and modifies the document, the hash Bob calculates won't match the hash Alice sent.

Common Hash Algorithms

  • SHA-256 (Secure Hash Algorithm)
  • MD5 (Message Digest Algorithm) - now considered insecure
  • BLAKE2
  • Argon2 (designed for password hashing)

Public Key Infrastructure (PKI)

PKI addresses the trust problem: How does Alice know that the public key really belongs to Bob? Certificate Authorities (CAs) Trusted third parties that issue digital certificates verifying the ownership of public keys. How it Works

  • Bob requests a certificate from a CA
  • CA verifies Bob's identity
  • CA issues a certificate binding Bob's identity to his public key
  • CA signs the certificate with its private key
  • When Alice receives Bob's certificate, she verifies it using the CA's public key
  • If valid, Alice can trust that the public key belongs to Bob
ALSO READ
GDB reverse engineering tutorial
Mar 23 Low level Development

hiii, I selected an interesting topic to discuss. Here, we are going to disassemble a binary file and take a look at what it does. This process is called reverse engineering. Let's run the program....

Proxy Pattern explained simply
Apr 26 Software Architecture

Sometimes you don't want or can't allow direct access to an object. Maybe it's expensive to create, needs special permissions, or you want to control access in some way. This is where the **Proxy....

Introduction to Edge Computing
Mar 23 Computing Concepts

Edge computing is a distributed computing paradigm where computation and data storage are performed closer to the location where it is needed. Instead of relying solely on a centralized data center,....

How stack works in function call
Mar 23 Application Security

## The Stack in Computer Science The stack is an important concept in computer science. If you are planning to learn reverse engineering, malware analyzing, exploitation, etc., this concept is a....

Exploiting a Stack Buffer Overflow on Windows
May 17 Exploit development

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut....

Template Pattern explained simply
Apr 26 Software Architecture

Ever found yourself writing similar logic over and over, only to change a few steps each time? That’s exactly what the **Template Pattern** helps you solve. The **Template Pattern** is a....