Foundations of Cryptography
- Cryptography
- The science of secure communication.
- Cryptanalysis
- The study of breaking or analyzing cryptographic systems.
- Plaintext
- The original, readable message.
- Ciphertext
- The encrypted, scrambled output.
- Cipher
- An algorithm that transforms plaintext to ciphertext and back.
- Encryption
- The process of converting plaintext into ciphertext.
- Decryption
- The process of converting ciphertext back into plaintext.
- Key
- A secret value that controls a cipher’s transformations.
- Secret algorithm
- An insecure design that assumes safety through obscurity.
- Kerckhoffs's Principle
- A system must remain secure even if the algorithm is public.
- Properties of a good cryptosystem
- Public design, strong keys, random-looking ciphertext, resistance to known attacks.
- Symmetric key cipher
- Uses the same key for both encryption and decryption.
Classical Ciphers
- Substitution cipher
- Replaces symbols with other symbols.
- Monoalphabetic substitution cipher
- One fixed mapping between plaintext and ciphertext letters.
- Caesar cipher
- A shift cipher moving letters by a fixed number.
- Frequency analysis
- Breaking ciphers by exploiting letter frequency patterns.
- Polyalphabetic substitution cipher
- Uses multiple substitution alphabets to obscure frequencies.
- Alberti cipher
- Early polyalphabetic cipher using a cipher disk.
- Vigenère cipher
- Polyalphabetic cipher using a repeated keyword.
- Repeating key
- A keyword that cycles across the plaintext in Vigenère-like systems.
- Coincidences
- Repeated ciphertext segments hinting at repeating keys.
- Exclusive-or operation (XOR)
- A bitwise operation used in many ciphers.
- Transposition cipher
- Encrypts by rearranging plaintext symbols.
- Scytale
- Spartan transposition cipher using a staff to align text.
- Columnar transposition
- Rearrangement of text by writing in rows and reading columns in key order.
- Combined cipher
- Uses both substitution and transposition.
Mechanized Cryptography
- Rotor machine
- Mechanical device implementing polyalphabetic substitution with rotating wheels.
Theoretical Breakthroughs
- Shannon entropy
- A measure of uncertainty or randomness in data.
- One-time pad
- Unbreakable cipher using a random, single-use key as long as the message.
- Perfect secrecy
- Ciphertext reveals no information about the plaintext.
Modern Symmetric Cryptography
- Block cipher
- Encrypts fixed-size blocks of data under a key.
- Stream cipher
- Encrypts data by XORing it with a pseudorandom keystream.
- Keystream
- The pseudorandom sequence combined with plaintext in stream ciphers.
- Keystream generator
- Algorithm that produces the pseudorandom sequence for a stream cipher.
- Iterative cipher
- Applies the same round transformation repeatedly (in rounds).
- Round (in an iterative cipher)
- One cycle of substitution, permutation, and key mixing.
- Subkey
- A per-round key derived from the main key, typically used as a round key in iterative ciphers.
- Round key
- A per-round key value derived from the master key by the key schedule and mixed into the cipher’s state at each round. Sometimes also called a subkey.
- Feistel network
- Cipher structure that splits data into halves and mixes them round by round.
- SP-Network
- Substitution–permutation structure used in AES and similar designs.
- S-box
- Nonlinear substitution table in block ciphers.
- Permutation (P-box)
- Rearrangement of bits or bytes for diffusion.
- Confusion
- Obscures relationships between key and ciphertext.
- Diffusion
- Spreads each plaintext bit’s influence across many ciphertext bits.
- Avalanche effect
- Changing one input bit flips about half the output bits.
- Key length
- Size of the key, which determines resistance to brute force.
- DES (Data Encryption Standard)
- Legacy 64-bit block cipher with a 56-bit key.
- 3DES (Triple DES)
- DES applied three times with two or three keys for stronger security.
- AES (Advanced Encryption Standard)
- Widely used 128-bit block cipher with 128/192/256-bit keys.
- ChaCha20
- Modern stream cipher based on ARX (add–rotate–XOR) operations.
- AEAD (Authenticated Encryption with Associated Data)
- A term for an encryption process that provides both confidentiality and integrity.
- Authentication tag
- Short value output to verify ciphertext integrity.
- Block cipher modes
- Ways to apply block ciphers to longer messages.
- Electronic Codebook (ECB) mode
- Encrypts each block independently, leaking patterns.
- Cipher Block Chaining (CBC) mode
- Each block XORed with previous ciphertext; uses an IV.
- Counter (CTR) mode
- Turns block cipher into a keystream generator using counters.
- Galois/Counter Mode (GCM)
- CTR mode with built-in authentication tag.
- Initialization Vector (IV)
- Random or unpredictable block used to randomize encryption.
- Nonce
- Unique value per encryption under a given key.
- Padding (pad)
- Extra data added so plaintext fits block boundaries.
- CSPRNG (Cryptographically Secure PRNG)
- A pseudorandom generator suitable for cryptography.
Cryptanalysis
- Chosen plaintext attack (CPA)
- Attacker can encrypt chosen messages to study outputs.
- Known plaintext attack (KPA)
- Attacker has plaintext–ciphertext pairs to analyze.
- Ciphertext-only attack (COA)
- Attacker only has ciphertext to work with.
- Chosen ciphertext attack (CCA)
- Attacker can submit chosen ciphertexts for decryption.
- Side-channel attack
- Exploits leaks like timing, power, or EM emissions.
- Goal of differential cryptanalysis
- Studies input–output differences to reveal key information.
- Goal of linear cryptanalysis
- Uses linear equations relating plaintext, ciphertext, and key bits.