## Cryptosystem Functions

• Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.
• Authentication: The process of proving one's identity.
• Integrity: Assuring the receiver that the received message has not been altered in any way from the original.
• Non-repudiation: A mechanism to prove that the sender really sent this message.
• Key exchange: The method by which crypto keys are shared between sender and receiver.

## Cryptosystem Algorithms

Each cryptosystem defines three algorithms:
• key(s) generation
• key size (length)
• expiration date
• encryption
• decryption

Deterministic algorithm
• given a particular input it will always produce the same output
• the underlying machine will always be passing through the same sequence of states

Block cipher
• deterministic algorithm operating on fixed-length groups of bits, called blocks
• consists of two paired algorithms, one for encryption, E, and the other for decryption, D.
• Both algorithms accept two inputs: an input block of size n bits and a key of size k bits; and both yield an n-bit output block.
• The decryption algorithm D is defined to be the inverse function of encryption

## Cryptosystem types

• Symmetric Encryption (Secret Key Cryptography)
• Uses a single key for both encryption and decryption
• Sender uses the key to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key to decrypt the message and recover the plaintext.
• Key must be known to both the sender and the receiver; key is the secret
• Applications which use this type of encryption to securely store data can use user-supplied password as a key (or key gets generated from a password)
• Same key/password is used to encrypt and decrypt content, which is helpful from a usability standpoint.
• The biggest difficulty with this approach is the distribution of the key
• Used for:
• privacy/confidentiality
• Types:
• stream ciphers
• block ciphers
• Algorithms:
• Advanced Encryption Standard (AES, Rijndael; NIST 2001)
• variant of the Rijndael block cipher
• Rijndael is a family of ciphers with different key and block sizes.
• For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 (AES256) bits.
• Examples: Ansible Vault uses AES256

• ...
• Asymmetric Encryption (Public Key Cryptography)
• Uses one key for encryption and another for decryption
• Used for:
• authentication
• non-repudiation
• key exchange
• Algorithms:
• RSA (Rivest, Shamir and Adleman) (PKCS#1)
• Diffie–Hellman key exchange protocol
• PGP
• GPG (GnuPG)
• SSL/TLS
• SSH
• ...
• Hash Functions (Message Digests, One-way Encryption)
• Use a mathematical transformation to irreversibly "encrypt" information, providing a digital fingerprint
• Use no key
• Fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered
• Used for:
• message integrity. Examples:
• ensure the integrity of a file; provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus
• Algorithms:
• Message Digest (MD) algorithms
• byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message
• Algorithms:
• MD2
• MD4
• MD5
• weaknesses in the algorithm were demonstrated
• Secure Hash Algorithm (SHA)
• SHA-1
• produces a 160-bit hash value
• deprecated by NIST
• SHA-2
• SHA-1 plus
• SHA-224
• SHA-256
• produces a 256-bit (32-byte) hash value, typically rendered as a hexadecimal number, 64 digits long
• SHA-384
• SHA-512
• SHA-3
•  Keccak

## Resources:

http://www.keylength.com/