Appendix C
Cryptography Assumptions and Principles
File: nsl/secassume.tex, r1669
Cryptography is a large, complex topic. However even if the details are not understood, we
can still apply concepts from cryptography to design secure systems. This chapter lists some
common assumptions that are made about cryptographic techniques as well as some principles
that are used in designing secure systems. Although in theory the assumptions do not always
hold, they are true in many practical situations (and when they are not true, it will be made
clear).
C.1 Assumptions
C.1.1 Encryption
- Symmetric key cryptography is also called conventional or secret-key cryptography.
- Public key cryptography is also called asymmetric key cryptography.
- In symmetric key crypto, the same secret key, ,
is used for encryption, E(), and decryption, D(). The secret is shared between two
entities, i.e. .
- In public key crypto, there is a pair of keys, public (PU) and private (PR). One key
from the pair is used for encryption, the other is used for decryption. Each entity has
their own pair, e.g. ().
- Encrypting plaintext (or a message),
or ,
with a key, produces ciphertext ,
e.g.
or .
- Decrypting ciphertext with the correct key will produce the original plaintext. The
decrypter will be able to recognise that the plaintext is correct (and therefore the key
is correct). E.g.
or .
- Decrypting ciphertext using the incorrect key will not produce the original
plaintext. The decrypter will be able to recognise that the key is wrong, i.e. the
decryption will produce unrecognisable output.
C.1.2 Knowledge of Attacker
- All algorithms used in cryptography, e.g. encryption/decryption algorithms, hash
functions, are public.
- An attacker knows which algorithm is being used, and any public parameters of the
algorithm.
- An attacker can intercept any message sent across a network.
- An attacker does not know secret values (e.g. symmetric secret key
or private key ).
- Brute force attacks requiring greater than
operations are impossible.
C.1.3 Authentication with Symmetric Key and MACs
- An entity receiving ciphertext that successfully decrypts with symmetric secret key
knows that the original message has not been modified and that it originated at one
of the owners of the secret key (i.e.
or ).
- An entity receiving a message with attached MAC that successfully verifies, knows
that the message has not been modified and originated at one of the owners of the
MAC secret key.
C.1.4 Hash Functions
- A cryptographic hash function, H(), takes a variable sized input message, ,
and produces a fixed size, small output hash, ,
i.e. .
- Given a hash value, ,
it is impossible to find the original message .
- Given a hash value, ,
it is impossible to find another message
that also has a hash value of .
- It is impossible to find two messages,
and ,
that have the same hash value.
C.1.5 Digital Signatures
- A digital signature of a message
is the hash of that message encrypted with the signers private key, i.e.
- An entity receiving a message with an attached digital signature knows that that
message originated by the signer of the message.
C.1.6 Key Management and Random Numbers
- A secret key can be exchanged between two entities without other entities learning
its value.
- Any entity can obtain the correct public key of any other entity.
- Pseudo-random number generators (PRNG) can generate effectively true random
numbers.
C.2 Principles
- Experience: Algorithms that have been used over a long period are less likely to
have security flaws than newer algorithms.
- Performance: Symmetric key algorithms are significantly faster than public key
algorithms.
- Performance: The time to complete a cryptographic operation is linearly
proportional with the input data size.
- Key Distribution: Keys should be distributed using automatic means.
- Key Re-use: The more times a key is used, the greater the chance of an attacker
discovering that key.
- Multi-layer Security: Using multiple overlapping security mechanisms can increase
the security of a system.