some topics some topics
DESCRIPTION
Some TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsSome TopicsTRANSCRIPT
Symmetric vs. Asymmetric Encryption – Which is best?
Asymmetric encryption
Asymmetric encryption, also known as public-key encryption, utilizes a pair of keys – a
public key and a private key. If you encrypt data with the public key, only the holder of
the corresponding private key can decrypt the data, hence ensuring confidentiality.An asymmetric encryption scheme AE = (K, E, D) consists of three algorithms, as
follows:
• The randomized key generation algorithm
• The encryption algorithm
• The deterministic decryption algorithm
An asymmetric encryption algorithm typically involve exponential operations, they are
not lightweight in terms of performance. For that reason, asymmetric algorithms are often
used to secure key exchanges rather than used for bulk data encryption.
Symmetric encryption
Symmetric encryption, as the name suggests, means that the encryption and decryption
operations utilize the same key. For two communicating parties using symmetric
encryption for secure communication, the key represents a shared secret between the two.
There exist many symmetric encryption algorithms. A few of the well-known ones
include AES, DES, Blowfish, and Skipjack.
Symmetric encryption is typically more efficient than asymmetric encryption, and is
often used for bulk data encryption.
Attack a cryptosystem
Given enough computing resources, both symmetric and asymmetric encryption can be
broken. The most basic way to attack a symmetric cryptosystem is brute-force attacks,
where you essentially try every combination of a key. For a 128-bit key, there are 2^128
combinations to attempt, which requires extensive computing resources. Other
cryptanalysis attacks, including chosen-ciphertext and chosen-plaintext attacks, can be
more efficient than brute-force, but they require a priori knowledge to work.
To guard against brute-force attacks, the key length of a symmetric cryptosystem needs to
be sufficiently long. The Advanced Encryption Standard (AES) algorithm with 256-bit
key is considered secure enough for most purposes. And the implementation can be made
relatively efficient.The best way to attack a well-designed RSA implementation is
through factoring of RSA’s public modulus, which is a large number. Factoring largenumbers, with today’s best known factoring techniques, is a compute-intensive problem.
RSA (the company), ran a factoring challenge from 1991 to 2007, during which an RSA
768-bit modulus was factored successfully. In 2010, a 1024-bit RSA modulus was
factored with relatively low cost.Today, RSA implementations typically require a 2048-
bit key to be secure. For ultra sensitive operations, you would want 4096-bit keys. Of
course the longer the key length, the more expensive it is to run the encryption and
decryption operations.
Which Method Is Right For You?
How to choose symmetric vs. asymmetric cryptosystems? Here are a few tips:
The case for symmetric-key cryptography
Symmetric key cryptosystems have been shown to be more efficient and can
handle high rates of data throughput
Keys for symmetric-key cryptosystems are shorter, compared to public key
algorithms
Symmetric key ciphers can be composed together to produce a stronger
cryptosystem.
The case for asymmetric-key cryptography
In a large network, asymmetric key cryptography yields a more efficient system
for key management, as you don’t have to manage pair-wise keys for every
communicating pair.
Asymmetric key cryptosystems are good for digital signatures and key exchange
use cases
In many cases, the public and private key pairs in an asymmetric-key
cryptosystem can remain intact for many years without compromising the security of
the system. SSL certificates are one such example.
One of the most interesting facts about asymmetric key cryptosystems is that the security
of these systems is based on a small set of number-theory problems that are presumed
difficult but were never mathematically proven to be difficult. Factoring, for instance, is
one such problem. Advances in number theory could one day render factoring a much
easier problem hence diminishing security of many asymmetric key cryptosystems.
For CipherCloud, as we routinely protect customer data migrating to the cloud. We chose
AES, a symmetric cipher, with a strong 256-bit implementation. With this choice, not
only our implementation remains efficient, it also lends itself to a model where our
customers retain exclusive control of the key.
SHA-512SHA-512 is the version of SHA with a 512-bit message digest. This version, like the
others in the SHA family of algorithms, is based on the Merkle-Damgard scheme.
Messages digest creation SHA-512
Message Preparation
SHA-512 insists that the length of the original message be less than 2128 bits.
SHA-512 creates a 512-bit message digest out of a message less than 2128.
Padding and length field in SHA-512:
What is the number of padding bits if the length of the original message is2590 bits?
Solution
The padding consists of one 1 followed by 353 0’s.
1 . Do we need padding if the length of the original message is already a multiple
of 1024 bits?
SolutionYes we do, because we need to add the length field. So padding is needed to make
the new block a multiple of 1024 bits.
What is the minimum and maximum number of padding bits that can be addedto a message?
Solutiona. The minimum length of padding is 0 and it happens when
(−M − 128) mod 1024 is 0. This means that |M| = −128 mod 1024 = 896 mod
1024 bits. In other words, the last block in the original message is 896 bits. We
add a 128-bit length field to make the block complete.
b. The maximum length of padding is 1023 and it happens when (−|M| −128) = 1023
mod 1024. This means that the length of the original message is |M| = (−128
−1023) mod 1024 or the length is |M| = 897 mod 1024. In this case, we cannot just
add the length field because the length of the last block exceeds one bit more than
1024. So we need to add 897 bits to complete this block and create a second block
of 896 bits. Now the length can be added to make this block complete.
Words:
A message block and the digest as words
Compression Function
Compression function in SHA-512
WHIRLPOOLWhirlpool is an iterated cryptographic hash function, based on the Miyaguchi-Preneelscheme, that uses a symmetric-key block cipher in place of the compression function.The block cipher is a modified AES cipher that has been tailored for this purpose.
Whirlpool hash function
General idea of the Whirlpool cipher
Block and state in the Whirlpool cipher
Structure of Each Round
Each round uses four transformations.
SubBytes transformations in the Whirlpool cipher
SubBytes in the Whirlpool cipher
ShiftColumns transformation in the Whirlpool cipher
MixRows transformation in the Whirlpool cipher
AddRoundKey transformation in the Whirlpool cipher
Key expansion in the Whirlpool cipher
Diffie-Hellman Method For Key Agreement
The "Diffie-Hellman Method For Key Agreement" allows two hosts to create and share asecret key.
1) First the hosts must get the "Diffie-Hellman parameters". A prime number, 'p' (largerthan 2) and "base", 'g', an integer that is smaller than 'p'. They can either be hard coded orfetched from a server.
2) The hosts each secretly generate a private number called 'x', which is less than
"p 1".
3) The hosts next generate the public keys, 'y'. They are created with the function:
y = g^x % p
4) The two host now exchange the public keys ('y') and the exchanged numbers areconverted into a secret key, 'z'.
z = y^x % p
'z' can now be used as the key for whatever encryption method is used to transferinformation between the two hosts. Mathematically, the two hosts should have generatedthe same value for 'z'.
z = (g^x % p)^x' % p = (g^x' % p)^x % p
All of these numbers are positve integers
x^y means: x is raised to the y powerx%y means: x is divided by y and the remainder is
returned