Techniques of cryptography |
A one-way function is a mathematical function that is easier to perform in one direction than the opposite direction. In other words there are some mathematical problems which are really hard to resolve - almost impossible - and their solution takes really a lot of time. Some examples are the 'factoring problem' and the 'discrete logarithm problem'. Notice that there aren't demonstrations about the difficulty in finding a solution about these problems. In fact better and better factoring methods have been developed since now, but however these always remain difficult problems to solve. If you split an integer, say 21, into a set of smaller integers (factors), say 3 and 7, such that when multiplied together they form the original integer (21) again, you are factoring. The factoring problem is to find 3 and 7 when given 21. If you want to split an integer into factors which are prime numbers, well, there is an unique prime factorization possible for every integers. Multiplying 3 and 7 together is very easy. But finding them starting by 21 is a bit more difficult. Of course, it's still easy to find 3 and 7 starting by 21, but this problem become more difficult with larger numbers. In other words, factoring large numbers takes more time than factoring smaller numbers. Why I'm talking about the factoring problem here? Because several public-key cryptosystem are based on the factoring problem. In fact it takes really a lot of time factoring very large numbers. If an attacker succeed with factoring a very large number, it can find out the secret-key. The problem is that, as far as we know, it's almost impossible factoring very large numbers, in an acceptable lapse of time (see RSA-129). However no theoretical demonstration has ever given about that, so maybe that tomorrow someone could discover a new algorithm to make this problem easier... Like the factoring problem, the discrete logarithm problem seems a difficult problem to resolve, and therefore, some public-key systems are based on this problem. The discrete logarithm problem applies to groups. A block cipher transform a fixed-length block of plaintext into a block of ciphertext data of the same length. This fixed-length is called 'block size' (usually the block size is 64 bits). A secret-key is used in order to transform the plaintext block into a ciphertext block. The same secret-key is used for decryption of the block. When a block cipher encrypt the same block of plaintext more times, it is called iterative block cipher. Block ciphers use some techniques to encrypt a block of plaintext. There are 4 standard modes: ECB - Electronic Code Book, CBC - Cipher Block Chaining, CFB - Cipher Feedback Block and OFB - Output Feedback Block. ECB: every single block of plaintext gives an identical block of ciphertext. CBC: each plaintext block is XORed (OR exclusive bit by bit) with previous ciphertext block, then encrypted. CFB: the previous ciphertext is encrypted and the output is XORed with the plaintext to produce the current ciphertext block. OFB: similar to CFB. While block ciphers operate on blocks of data, stream ciphers operate on smaller units of plaintext, usually bits. The output of a stream cipher is called keystream which is encrypted usually XORing it with the plaintext. A hash function is a transformation from a variable-size input (the plaintext) into a fixed-length output (this output is a string, called hash value). What's the importance of hash functions? Well, the hash value represent concisely the message from which it was computed. In other words, the hash value is a a sort of message digest which is a 'digital fingerprint' of the larger message from which it was computed. Hash functions are helpful to provide digital signatures. In addition a digest can be made public, because it doesn't reveal the contents of the original document. This issue is important in digital timestamping. MAC stands for Message Authentication Code. This code (also called a checksum) is the output provided by an authentication scheme (together with a secret-key) applied to a message. MACs are computed and verified with the same key, so only the intended recipient can verify it (unlike digital signatures). |
Index Home Back About Contact us!
Copyright (c) 1998-2006 Wowarea