## Cryptosystem Functions

• Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.
• Authentication: The process of proving one's identity.
• Integrity: Assuring the receiver that the received message has not been altered in any way from the original.
• Non-repudiation: A mechanism to prove that the sender really sent this message.
• Key exchange: The method by which crypto keys are shared between sender and receiver.

## Cryptosystem Algorithms

Each cryptosystem defines three algorithms:
• key(s) generation
• key size (length)
• expiration date
• encryption
• decryption

## Cryptosystem types

• Symmetric Encryption (Secret Key Cryptography)
• Uses a single key for both encryption and decryption
• Sender uses the key to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key to decrypt the message and recover the plaintext.
• Key must be known to both the sender and the receiver; that, in fact, is the secret
• The biggest difficulty with this approach, of course, is the distribution of the key
• Used for:
• privacy/confidentiality
• Types:
• stream ciphers
• block ciphers
• Algorithms:
• AES (Rijndael)
• ...
• Asymmetric Encryption (Public Key Cryptography)
• Uses one key for encryption and another for decryption
• Used for:
• authentication
• non-repudiation
• key exchange
• Algorithms:
• RSA (Rivest, Shamir and Adleman) (PKCS#1)
• Diffie–Hellman key exchange protocol
• PGP
• GPG (GnuPG)
• SSL/TLS
• SSH
• ...
• Hash Functions (Message Digests, One-way Encryption)
• Use a mathematical transformation to irreversibly "encrypt" information, providing a digital fingerprint
• Use no key
• Fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered
• Used for:
• message integrity. Examples:
• ensure the integrity of a file; provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus
• Algorithms:
• Message Digest (MD) algorithms
• byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message
• Algorithms:
• MD2
• MD4
• MD5
• weaknesses in the algorithm were demonstrated
• Secure Hash Algorithm (SHA)
• SHA-1
• produces a 160-bit hash value
• deprecated by NIST
• SHA-2
• SHA-1 plus
• SHA-224
• SHA-256
• produces a 256-bit (32-byte) hash value, typically rendered as a hexadecimal number, 64 digits long
• SHA-384
• SHA-512
• SHA-3
•  Keccak

## Resources:

http://www.keylength.com/