1 09-ModernSymmetric

Previous: 08-AsymmetricEncryption.html

Cryptography [without end-system integrity] is like investing in an armored car,
to carry money between a customer living in a cardboard box,
and a person doing business on a park bench.
- Gene Spafford

This is basically the situation with most smart-phones currently…
Side-channel attacks, backdoors, and hardware compromises,
can negate the good cryptography in your secure open-source apps.
There is hope, and some degree of security, though!

1.1 Screencasts

1.2 Reading

Part II Building Blocks is a quick read:

1.3 Video

An easy watch, high level overview:

1.4 Symmetric Encryption

1.4.1 Definitions

1.4.2 Overview

1.4.3 Simplified model


What kind of encryption is the Caesar cipher?

1.4.4 Attacking Symmetric Encryption Cryptanalytic Attacks Brute-Force Attack

1.4.5 Modern (or sort-of modern) symmetric algorithms Data Encryption Standard (DES)

DES is the archetypal block cipher, an algorithm that takes a fixed-length string of plaintext bits and repeatedly transforms it through a series of complicated operations into another ciphertext bitstring of the same length.

09-ModernSymmetric/des.png Time to brute force

How much time is required for a brute-force attack for various key sizes?
Right column is supercomputer, second from right is a personal computer. Triple DES


The whole 3DES key space can be searched thoroughly by affordable consumer hardware since 2015 or so. Advanced Encryption Standard (AES)

The most widely trusted scheme out there.

AES operates on a 4 x 4 column-major order matrix of bytes

AES is based on a design principle known as a substitution-permutation network, a combination of both substitution and permutation, and is both fast in software, and can be implemented quickly in application-specific hardware.

How big is 256 bits?

1.4.6 Practical Security Issues: Modes of operation ECB mode


image, ECB mode, ECB Randomized mode
09-ModernSymmetric/Tux.png 09-ModernSymmetric/Tux_ecb.png 09-ModernSymmetric/Tux_secure.png Cipher Block Chaining (CBC) mode

* Kick-start with an initialization vector (IV), which is just another number that has to be really random!
* Each block of plaintext is XOR’ed with the previous ciphertext block before being encrypted.
* This way, each ciphertext block depends on all plaintext blocks processed up to that point.
* To make each message unique, an initialization vector must be used in the first block.
* Can we decrypt in parallel for speed and efficiency?

1.4.7 Block versus Stream Ciphers Block Cipher (top image below)

09-ModernSymmetric/f2-crop.png Stream Cipher (bottom image above)


Next: 10a-SymmetricBlock.html