Appendix A
Cryptography Assumptions and Principles
File: crypto/secassume.tex, r1697
Cryptography is a large, complex topic. However even if the details are not understood, we can still apply concepts from cryptography to design secure
systems. This chapter lists some common assumptions that are made about cryptographic techniques as well as some principles that are used in designing secure
systems. Although in theory the assumptions do not always hold, they are true in many practical situations (and when they are not true, it will be made
clear).
A.1 Assumptions
A.1.1 Encryption
- Symmetric key cryptography is also called conventional or secret-key cryptography.
- Public key cryptography is also called asymmetric key cryptography.
- In symmetric key crypto, the same secret key, ,
is used for encryption, E(), and decryption, D(). The secret is shared between two entities, i.e. .
- In public key crypto, there is a pair of keys, public (PU) and private (PR). One key from the pair is used for encryption, the other is used for
decryption. Each entity has their own pair, e.g. ().
- Encrypting plaintext (or a message),
or ,
with a key, produces ciphertext ,
e.g.
or .
- Decrypting ciphertext with the correct key will produce the original plaintext. The decrypter will be able to recognise that the plaintext is correct
(and therefore the key is correct). E.g.
or .
- Decrypting ciphertext using the incorrect key will not produce the original plaintext. The decrypter will be able to recognise that the key is
wrong, i.e. the decryption will produce unrecognisable output.
A.1.2 Knowledge of Attacker
- All algorithms used in cryptography, e.g. encryption/decryption algorithms, hash functions, are public.
- An attacker knows which algorithm is being used, and any public parameters of the algorithm.
- An attacker can intercept any message sent across a network.
- An attacker does not know secret values (e.g. symmetric secret key
or private key ).
- Brute force attacks requiring greater than
operations are impossible.
A.1.3 Authentication with Symmetric Key and MACs
- An entity receiving ciphertext that successfully decrypts with symmetric secret key
knows that the original message has not been modified and that it originated at one of the owners of the secret key (i.e.
or ).
- An entity receiving a message with attached MAC that successfully verifies, knows that the message has not been modified and originated at
one of the owners of the MAC secret key.
A.1.4 Hash Functions
- A cryptographic hash function, H(), takes a variable sized input message, ,
and produces a fixed size, small output hash, ,
i.e. .
- Given a hash value, ,
it is impossible to find the original message .
- Given a hash value, ,
it is impossible to find another message
that also has a hash value of .
- It is impossible to find two messages,
and ,
that have the same hash value.
A.1.5 Digital Signatures
- A digital signature of a message
is the hash of that message encrypted with the signers private key, i.e.
- An entity receiving a message with an attached digital signature knows that that message originated by the signer of the message.
A.1.6 Key Management and Random Numbers
- A secret key can be exchanged between two entities without other entities learning its value.
- Any entity can obtain the correct public key of any other entity.
- Pseudo-random number generators (PRNG) can generate effectively true random numbers.
A.2 Principles
- Experience: Algorithms that have been used over a long period are less likely to have security flaws than newer algorithms.
- Performance: Symmetric key algorithms are significantly faster than public key algorithms.
- Performance: The time to complete a cryptographic operation is linearly proportional with the input data size.
- Key Distribution: Keys should be distributed using automatic means.
- Key Re-use: The more times a key is used, the greater the chance of an attacker discovering that key.
- Multi-layer Security: Using multiple overlapping security mechanisms can increase the security of a system.