Some
Cryptography Definitions:
1) Cryptosystem: A method of disguising messages so that only certain people can see through the disguise.
There are two kinds of cryptosystems, symmetric and asymmetric:
Symmetric cryptosystems: use the same key (the secret key) to encrypt and decrypt a message. Symmetric cryptosystems have a problem: how do you transport the secret key from the sender to the recipient securely and in a tamperproof fashion?
Asymmetric cryptosystems: use one key (the public key) to encrypt a message and a different key (the private key) to decrypt it. Assymetric cryptosystems are also called public key cryptosystems.
2) Cryptography: the art of creating and using a cryptosystem.
3) Cryptanalysis: the art of breaking cryptosystems—seeing through the disguise even when you’re not supposed to be able to.
4) Cryptology: the study of both cryptography and cryptanalysis.
5) Plaintext: The original content.
6) Ciphertext: the disguised content.
7) Encryption: any procedure to convert plaintext into ciphertext.
8) Decryption: any procedure to convert ciphertext into plaintext.
9) Recipients: people who are supposed to be able to see through the disguises.
10) Third Parties: people who are not supposed to be able to see through the disguises.
11) Attacker: someone who attempts to decrypt a cryptosystem.
Encryption is believed to have been started by Julius Caesar. Although he trusted his recipients of messages, he did not trust the messengers, and so decided to disguise the message. To this end, he replaced every A by a D, every B by an E , and so on through the alphabet. Only someone who knew the “shift by 3” rule could decipher the message.
A cryptosystem is usually a whole collection of algorithms in which the algorithms are labeled. These labels are referred to as “keys”. The simple case of Julius Caesar, the “shift by n” encryption algorithm might have been used for several values of n. Here, the value n would be considered the key.
Some
properties that a strong cryptosystem will satisfy:
¬ The security of a strong system resides with the secrecy of the key rather than with the supposed secrecy of the algorithm.
¬ A strong cryptosystem has a large keyspace, as mentioned above. It has a reasonably large unicity distance.
¬ A strong cryptosystem will certainly produce ciphertext which appears random to all standard statistical tests.
¬ A strong cryptosystem will resist all known previous attacks. A system which has never been subjected to scrutiny is suspect.
¬ A strong encryption algorithm will be unbreakable not only under known plaintext (assuming the enemy knows all the plaintext for a given ciphertext) but also under "adaptive chosen plaintext" (see below).
If a system passes all the tests mentioned above, it is still not necessarily strong? Many weak cryptosystems looked good at first. However, sometimes it is possible to show that a cryptosystem is strong by mathematical proof.
Some basic
types of cryptanalytic attacks:
A standard cryptanalytic attack is to know some plaintext matching a given piece of ciphertext and try to determine the key which maps one to the other. This plaintext can be known because it is standard (a standard greeting, a known header or trailer, ...) or because it is guessed. If content is guessed, its position is probably not known, but the cryptanalyst can assume the known plaintext is in each possible position and do attacks for each case in parallel. However, a cryptanalyst may not always have a bit of know plaintext and must proceed with just the ciphertext..
To summarize, the basic types of cryptanalytic attacks in order of difficulty for the attacker, hardest first, are:
1) ciphertext only: the attacker has only the encoded message from which to determine the plaintext, with no knowledge whatsoever of the latter. A ciphertext only attack is usually presumed to be possible, and a code's resistance to it is considered the basis of its cryptographic security.