- Mastering Blockchain
- Imran Bashir
- 2003字
- 2021-07-09 19:17:08
Cryptographic primitives
Cryptographic primitives are the basic building blocks of a security protocol or system. In the following section, you are introduced to cryptographic algorithms that are essential for the building of secure protocols and systems. A security protocol is a set of steps taken in order to achieve required security goals by utilizing appropriate security mechanisms.
Various types of security protocols are in use, such as authentication protocols, non-repudiation protocols, and key management protocols.
A generic cryptography model is shown in the following diagram:
A model showing the generic encryption and decryption model
In the preceding diagram, P, E, C, and D represents Plain text, Encryption, Cipher text, and Decryption, respectively. Also, based on the model shown earlier, it is worth explaining various concepts such as entity, sender, receiver, adversary, key, and a channel.
- Entity: It is either a person or a system that sends, receives, or performs operations on data
- Sender: Sender is an entity that transmits the data
- Receiver: Receiver is an entity that takes delivery of the data
- Adversary: This is an entity that tries to circumvent the security service
- Key: A key is some data that is used to encrypt or decrypt data
- Channel: Channel provides a medium of communication between entities
Cryptography is mainly pided into two categories, namely symmetric and asymmetric cryptography.
Symmetric cryptography
Symmetric cryptography refers to a type of cryptography whereby the key that is used to encrypt the data is the same for decrypting the data, and thus it is also known as a shared key cryptography. The key must be established or agreed on before the data exchange between the communicating parties. This is the reason it is also called secret key cryptography.
There are two types of symmetric ciphers, stream ciphers and block ciphers. Data Encryption Standard (DES) and Advanced Encryption Standard (AES) are common examples of block ciphers, whereas RC4 and A5 are commonly used stream ciphers.
Stream ciphers
These ciphers are encryption algorithms that apply encryption algorithms on a bit-by-bit basis to plain text using a key stream. There are two types of stream ciphers: synchronous and asynchronous. Synchronous stream ciphers are ones where key stream is dependent only on the key, whereas asynchronous stream ciphers have a key stream that is also dependent on the encrypted data.
In stream ciphers, encryption and decryption are basically the same function because they are simple modulo 2 additions or XOR operation. The key requirement in stream ciphers is the security and randomness of key streams. Various techniques have been developed to generate random numbers, and it's vital that all key generators be cryptographically secure:
Operation of a stream cipher
Block ciphers
These are encryption algorithms that break up a text to be encrypted (plain text) into blocks of fixed length and apply encryption block by block. Block ciphers are usually built using a design strategy known as Fiestel cipher. Recent block ciphers, such as AES (Rijndael) have been built using a combination of substitution and permutation called substitution-permutation network (SPN).
Fiestel ciphers are based on the Fiestel network, which is a structure developed by Horst Fiestel. This structure is based on the idea of combining multiple rounds of repeated operations to achieve desirable cryptographic properties knows as confusion and diffusion. Fiestel networks operate by piding data into two blocks (left and right) and process these blocks via keyed round functions.
Confusion makes the relationship between the encrypted text and plaintext complex. This is achieved by substitution in practice. For example, 'A' in plain text is replaced by 'X' in encrypted text. In modern cryptographic algorithms, substitution is performed using lookup tables called S-boxes. The diffusion property spreads the plain text statistically over the encrypted data, which ensures that even if a single bit is changed in the input text, it results in changing at least half (on average) of the bits in the cipher text. Confusion is required to make finding the encryption key very difficult even if many encrypted and decrypted data pairs are created using the same key. In practice, this is achieved by transposition or permutation.
A key advantage of using Fiestel cipher is that encryption and decryption operations are almost identical and only require a reversal of the encryption process in order to achieve decryption. DES is a prime example of Fiestel-based ciphers:
Simplified operation of a block cipher
Various modes of operation for block ciphers are Electronic Code Book (ECB), Cipher block chaining (CBC), Output Feedback Mode (OFB), or Counter mode (CTR). These modes are used to specify the way in which an encryption function would be applied to the plain text. These modes will be explained later in this section, but the first four categories of block cipher encryption modes are introduced here.
Block encryption mode
In this mode, plaintext is pided into blocks of fixed length depending on the type of cipher used and then the encryption function is applied on each block.
Keystream generation modes
In this mode, the encryption function generates a keystream that is then XORed with the plaintext stream in order to achieve encryption.
Message authentication modes
In this mode, a message authentication code is computed as a result of an encryption function. MAC is basically a cryptographic checksum that provides an integrity service. The most common method to generate MAC using block ciphers is CBC-MAC, where some part of the last block of the chain is used as a MAC.
Cryptographic hashes
Hash functions are basically used to compress a message to a fixed length digest. In this mode, block ciphers are used as a compression function to produce a hash of plain text.
The most common block encryption modes are discussed briefly.
Electronic code book
This is a basic mode of operation in which the encrypted data is produced as a result of applying the encryption algorithm one by one separately to each block of plain text. This is the simplest mode but should not be used in practice as it is insecure and can reveal information:
Electronic code book mode for block ciphers
Cipher block chaining
In this mode, each block of plain text is XORed with the previous encrypted block. The CBC mode uses initialization vector IV to encrypt the first block. It is recommended that IV be randomly chosen:
Cipher block chaining mode
Counter mode
The CTR mode effectively uses a block cipher as a stream cipher. In this case, a unique nonce is supplied that is concatenated with the counter value in order to produce a key stream:
Counter mode
There are other modes, such as Cipher Feedback mode (CFB), Galois Counter mode (GCM), and Output Feedback mode, which are also used in various scenarios.
In the following section, you will be introduced to the design and mechanism of a currently dominant block cipher know as AES. First, some history will be presented with regard to Data Encryption Standard (DES) that led to the development of a new AES standard.
Data Encryption Standard (DES)
DES was introduced by the US National Institute of Standards and Technology (NIST) as a standard algorithm for encryption and was in main use during 1980s and 1990s, but it has been not proven to be very resistant against brute force attacks, due to advances in technology and cryptography research. Especially in July 1998, Electronic Frontier Foundation (EFF) broke DES using a special purpose machine. DES uses a key of only 56 bits, which has raised some concerns. This problem was addressed with the introduction of Triple DES (3DES), which proposed the usage of a 168-bit key using three 56-bit keys and the same number of executions of the DES algorithm, thus making brute force attacks almost impossible. But other limitations, such as slow performance and 64-bit block size, are not desirable.
Advanced Encryption Standard (AES)
In 2001, after an open competition, an encryption algorithm named Rijndael that was invented by cryptographers Joan Daemen and Vincent Rijmen was standardized as AES with minor modifications by NIST in 2001. So far, no attack has been found against AES that is better than the brute force method. Original Rijndael allows different key and block sizes of 128-bit, 192-bit, and 256-bits, but in the AES standard, only a 128-bit block size is allowed. However, key sizes of 128-bit, 192-bit, and 256-bit are allowed.
AES steps
During the AES Algorithm processing, a 4 by 4 array of bytes knows as state is modified using multiple rounds. Full encryption requires 10 to 14 rounds depending on the size of the key. The following table shows the key sizes and the required number of rounds:
Once the state is initialized with the input to the cipher, four operations are performed in four stages in order to encrypt the input. These stages are AddRoundKey
, SubBytes
, ShiftRows
, and MixColumns
:
- In the
AddRoundKey
step, the state array is XORed with a subkey, which is derived from the master key. - This is the substitution step where a lookup table (S-box) is used to replace all bytes of the state array.
- This step is used to shift each row except the first one in the state array to the left in a cyclic and incremental manner.
- Finally, all bytes are mixed in this step in a linear fashion column-wise.
The preceding steps describe one round of AES. In the final round (either 10, 12, or 14 depending on the key size), stage 4 is replaced with Addroundkey
to ensure that the first three steps cannot be simply inverted back:
AES block diagram, showing 1st round, in last round mixing step is not performed
Various cryptocurrency wallets use AES encryption to encrypt locally stored data. Especially in bitcoin wallet, AES 256 in the CBC mode is used.
An OpenSSL example of how to encrypt and decrypt using AES
:~/Crypt$ openssl enc -aes-256-cbc -in message.txt -out message.bin enter aes-256-cbc encryption password: Verifying - enter aes-256-cbc encryption password: :~/Crypt$ ls -ltr total 12 -rw-rw-r-- 1 drequinox drequinox 14 Sep 21 05:54 message.txt -rw-rw-r-- 1 drequinox drequinox 32 Sep 21 05:57 message.bin :~/Crypt$ cat message.bin
Note that message.bin
is a binary file; sometimes, it is desirable to encode this binary file into a text format for compatibility/interoperability reasons. The following command can be used to do that:
:~/Crypt$ openssl enc -base64 -in message.bin -out message.b64 :~/Crypt$ ls -ltr -rw-rw-r-- 1 drequinox drequinox 14 Sep 21 05:54 message.txt -rw-rw-r-- 1 drequinox drequinox 32 Sep 21 05:57 message.bin -rw-rw-r-- 1 drequinox drequinox 45 Sep 21 06:00 message.b64 :~/Crypt$ cat message.b64 U2FsdGVkX193uByIcwZf0Z7J1at+4L+Fj8/uzeDAtJE= :~/Crypt$
In order to decrypt an AES-encrypted file, the following commands can be used. An example of message.bin
from a previous example is taken:
:~/Crypt$ openssl enc -d -aes-256-cbc -in message.bin -out message.dec enter aes-256-cbc decryption password: :~/Crypt$ ls -ltr -rw-rw-r-- 1 drequinox drequinox 14 Sep 21 05:54 message.txt -rw-rw-r-- 1 drequinox drequinox 32 Sep 21 05:57 message.bin -rw-rw-r-- 1 drequinox drequinox 45 Sep 21 06:00 message.b64 -rw-rw-r-- 1 drequinox drequinox 14 Sep 21 06:06 message.dec :~/Crypt$ cat message.dec datatoencrypt :~/Crypt$
Astute readers would have noticed that no initialization vector has been provided even though it's required in all block encryption modes of operation except ECB. The reason is that OpenSSL automatically derives the initialization vector from the given password. Users can specify the initialization vector using the switch:
-K/-iv , (Initialization Vector) should be provided in Hex.
In order to decode from base64, the following commands are used. Take the message.b64
file from the previous example:
:~/Crypt$ openssl enc -d -base64 -in message.b64 -out message.ptx :~/Crypt$ ls -ltr -rw-rw-r-- 1 drequinox drequinox 14 Sep 21 05:54 message.txt -rw-rw-r-- 1 drequinox drequinox 32 Sep 21 05:57 message.bin -rw-rw-r-- 1 drequinox drequinox 45 Sep 21 06:00 message.b64 -rw-rw-r-- 1 drequinox drequinox 14 Sep 21 06:06 message.dec -rw-rw-r-- 1 drequinox drequinox 32 Sep 21 06:16 message.ptx
There are many types of ciphers that are supported in OpenSSL; you can explore these options based on the examples provided earlier. A list of supported cipher types is shown in the following screenshot:
Screenshot displaying rich library options available in OpenSSL.