SB 8: Public Key Cryptography Flashcards
What is asymmetrical cryptography?
There are two keys, one for encryption and one for decryption. Public and private key.
Explain RSA
A public key cryptosystem. Key sizes range from 2048 - 4096 bits. Deterministic (i.e no randomness). Usually includes some random padding before encrypting to avoid some common problems like the no randomness.
It is an exponentiation cipher. It can provide both data and origin authentication, which is used in digital signatures.
As the data is encrypted it must be transformed into an integer, therefore that puts a limit on what can be encrypted.
The security of RSA relies on the practical difficulty of factoring the product of two large prime numbers, the “factoring problem”. Breaking RSA encryption is known as the RSA problem. Whether it is as difficult as the factoring problem is an open question. There are no published methods to defeat the system if a large enough key is used.
Some implementation issues:
- computation of the modular exponentiation
- finding two large primes
What conditions must a public key cryptography system meet?
It must be computationally:
1. easy to encipher/decipher a message given the right key.
2. infeasible to derive the private key from the public key
3. infeasible to determine the private key using a chosen plaintext attack.
How can an asymmetrical and a symmetrical encryption method work together?
An asymmetrical key is more computationally demanding to create than a symmetrical key. For large pieces of data that need to be encrypted it is not feasible to use asymmetrical encryption. The large data is instead encrypted using symmetrical encryption methods. The symmetric key that is created thus is then encrypted using an asymmetrical method. Making both the data and the key benefit from the more secure asymmetrical encryption.
Talk about functions in relation to cryptography
In order for a hash function to be secure the function cannot have an inverse function, it has to be a one-way function. Then given a one-way function there is no way to reverse engineer it.
What is a cryptographic checksum?
Strong one-way function
- A function that is easy to compute.
- It is infeasible to find the original value by computing the inverse function (there is no inverse function)
- It is infeasible to find two values (x and x’) that produce the same hash
What is a digital signature? Compare it to a classical signature
Digital signature is constructed by applying a hash algorithm to the data being sent. The result of the hash is encrypted with the data. The receiver passes the data through the same algorithm and compares the result with the (now decrypted) hash that followed the data. A digital signature is used to authenticate the origin and the contents of a message (or data) in a way that is provable to a 3rd party. It provides non-repudiation.
Classic signature is when the sender and receiver send their keys to a 3rd party. The sender encrypts their file and sends it, the recipient forward the encrypted data to the 3rd party, where it is then decrypted with the senders key and encrypted with the receivers key, the data is then sent back to the receiver who can then decrypt the data using their own key. A classical signature uses a 3rd party to verify the integrity of the data.
What is a RSA digital signature?
The data (plaintext) is passed through a hash algorithm, padding is then added to the data (plaintext) and then it is encrypted. The recipient decrypts the data, removes the padding and passes the data through the hash algorithm and compares the hash with the one sent with the data.
What is a session key?
A key that is generated for a specific session and then discarded once the session ends or a set time has passed.
What is the difference between a keyed checksum and a keyless checksum?
cryptographic checksum/strong one-way function
Keyed requires a cryptographic key as part of the computation a keyless does not.
What is HMAC?
A generic term for an algorithm that uses a keyless hash function and a cryptographic key to produce a keyed hash function.
