SlideShare a Scribd company logo

Cryptography for everyone

ArcBlock
ArcBlock

ArcBlock's Technical Learning Series presents: Cryptography for everyone. Cryptography is a foundational piece in BlockChain technology. The reason BlockChain is secured is based on the promise of the underlying cryptographic primitives. In this talk, we will give an introduction to cryptography, from symmetric encryption to public key encryption. We will see how it makes blockchain technology possible. Also, we will talk about the crypto primitives behind cryptocurrency wallet. So you will know how important is your private key. 区块链是集多种高大上技术为大成的应用,密码学占其中最重要的一环。事实上,平日我们在互联网上做的任何事情都有密码学的身影在里面。区块链所用到的的sha256, secp256k1, ed25519都是些什么鬼?本次讲座将从一个最简单的问题开始——如何隐藏不能说的秘密——一直讲到现代密码学在区块链以及钱包中的应用,为您揭开密码学娇羞的面纱。 听完您会明白,为什么我不该在云上备份钱包里的私钥。 https://www.arcblock.io

Software
1 of 39
Download to read offline
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 1/39 Cryptography for Everyone Brought to you by Boshan Sun 1
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 2/39 How to hide a secret? 2
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 3/39 ATTACK AT DAWN 3
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 4/39 DWWDFN DW GDZQ 4
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 5/39 Bits & Bytes # bits 0 1 # bytes 0010 1111 1100 0001 5
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 6/39 ASCII ------------US-ASCII------------- 0 1 2 3 4 5 6 7 8 9 a b c d e f 2 ! " # $ % & ' ( ) * + , - . / 3 0 1 2 3 4 5 6 7 8 9 : ; < = > ? 4 @ A B C D E F G H I J K L M N O 5 P Q R S T U V W X Y Z [ ] ^ _ 6 ` a b c d e f g h i j k l m n o 7 p q r s t u v w x y z { | } ~ --------------------------------- A 41 0100 0001 T 54 0101 0100 T 54 0101 0100 A 41 0100 0001 C 43 0100 0011 K 4b 0100 1011 20 0010 0000 A 41 0100 0001 T 54 0101 0100 20 0010 0000 D 44 0100 0100 A 41 0100 0001 W 57 0101 0111 N 4e 0100 1110 6
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 7/39 Coin toss - head 0 - tail 1 0101 0011 1110 0100000101010100010101000100000101000011010010110010000001000001010101000010000001000100010000010101011101001110 ATTACK AT DAWN 0001000001001011001001111100001001011110001010110101011000010000010111110000010011110100011100101011010000110100 random coin toss 0101000100011111011100111000001100011101011000000111011001010001000010110010010010110000001100111110001101111010 ciphertext 7
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 8/39 One-time Pad • perfect secrecy • as long as the plaintext • not practical in real life • can we do better? 8
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 9/39 Block Cipher . plaintext ↓ +--------------+ key -> | Block Cipher | +--------------+ ↓ ciphertext 9
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 10/39 DES • Data Encryption Standard • 1970s • IBM • block size: 8 bytes • key size: 8 bytes 10
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 11/39 3DES • 1998 • DES -> DES -> DES • key size: 8 * 3 = 24 bytes • also 3 times slower than DES 11
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 12/39 AES • Advanced Encryption Standard • 1997 - 2000 • NIST • Finalists • Rijndael/Serpent/Twofish/RC6/MARS • Rijndael become AES 12
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 13/39 AES • 2001 • block size: 16 bytes • key size: 16/24/32 bytes 13
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 14/39 Block Cipher . plaintext ↓ +--------------+ key -> | Block Cipher | (DES/3DES/AES) +--------------+ ↓ ciphertext 14
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 15/39 Block Cipher Encryption ATTACK A T DAWN00 -------- -------- 8 bytes 8 bytes ATTACK A T DAWN00 ↓ ↓ +--------------+ +--------------+ password -> | DES Encrypt | password -> | DES Encrypt | +--------------+ +--------------+ ↓ ↓ 1a2dd25ec47c36fd 03fbff11a9a8e0f0 15
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 16/39 Block Cipher Decryption . ATTACK A T DAWN00 ↓ ↓ +--------------+ +--------------+ password -> | DES Encrypt | password -> | DES Encrypt | +--------------+ +--------------+ ↓ ↓ 1a2dd25ec47c36fd 03fbff11a9a8e0f0 ↓ ↓ +--------------+ +--------------+ password -> | DES Decrypt | password -> | DES Decrypt | +--------------+ +--------------+ ↓ ↓ ATTACK A T DAWN00 16
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 17/39 Block Cipher Mode • ECB • CBC • CFB/OFB • CTR 17
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 18/39 ECB Mode . plaintext plaintext ↓ ↓ +--------------+ +--------------+ key -> | BC Encrypt | key -> | BC Encrypt | +--------------+ +--------------+ ↓ ↓ ciphertext ciphertext ↓ ↓ +--------------+ +--------------+ key -> | BC Decrypt | key -> | BC Decrypt | +--------------+ +--------------+ ↓ ↓ plaintext plaintext 18
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 19/39 ECB Penguin 19
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 20/39 CBC Mode . plaintext plaintext ↓ ↓ iv -> ⊕ +-----------------> ⊕ ↓ | ↓ +--------------+ | +--------------+ key -> | BC Encrypt | | key -> | BC Encrypt | +--------------+ | +--------------+ ↓ | ↓ ciphertext -------+ ciphertext ↓ | ↓ +--------------+ | +--------------+ key -> | BC Decrypt | | key -> | BC Decrypt | +--------------+ | +--------------+ ↓ | ↓ iv -> ⊕ +-----------------> ⊕ ↓ ↓ plaintext plaintext 20
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 21/39 Stream Cipher • RC4 • Salsa20/ChaCha20 21
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 22/39 How to securely send my message to others? 22
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 23/39 Alice, Bob & Eve . secret Alice ----------------------------------> Bob key key secret secret' Alice ------------ Eve -------------> Bob key key 23
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 24/39 Cryptographic Hash Functions • data integrity . secret digest Alice ----------------------------------> Bob key key 24
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 25/39 Ideal Hash Function • deterministic, same input always generate same output • quick to compute for any input • one-way function • avalanche effect, samell change in input cause huge change in output • collision resistance, infeasible to find two different inputs generate same output 25
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 26/39 Common hash functions • MD5 (1992) • SHA-1 (1995) • SHA-224/256/384/512 (2001) • SHA-3 (2015) • RIPEMD-160 (1996) 26
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 27/39 SHA3 • NIST, 2007 • Finalists, 2012 • BLAKE • Grøstl • JH • Keccak <- this guy wins • Skein • SHA-3, 2015 • Ethereum uses original 2012 keccak256 27
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 28/39 Is data integrity enough? . secret digest Alice ----------------------------------> Bob key key secret secret' digest digest' Alice ------------ Eve -------------> Bob key key 28
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 29/39 MAC • Message Autehntication Code • data integrity & authentication • CMAC/CBC-MAC/VMAC/UMAC • HMAC • Poly1305 hmac sha sha msg + key -------> f023a7d109f1 + key -------> b15c701d5e63 29
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 30/39 MAC . secret digest Alice ----------------------------------> Bob key key secret tag Alice ----------------------------------> Bob {k1,k2} {k1,k2} secret secret' tag ?????? Alice ------------ Eve -------------> Bob {k1,k2} {k1,k2} 30
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 31/39 How do Alice and Bob swap keys at the rst place? 31
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 32/39 Is key exchange possible? . secret secret' tag ?????? Alice ------------ Eve -------------> Bob {k1,k2} {k1,k2} {k1,k2} Alice ------------ Eve -------------> Bob ??? 32
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 33/39 Di e-Hellman-Merkle key exchange • 1976 33
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 34/39 RSA • 1977 34
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 35/39 Public Key Encryption • private key (sk) • public key (pk) . plaintext plaintext ↓ ↓ +--------------+ +--------------+ pk -> | RSA | sk -> | RSA | +--------------+ +--------------+ ↓ ↓ ciphertext ciphertext ↓ ↓ +--------------+ +--------------+ sk -> | RSA | pk -> | RSA | +--------------+ +--------------+ ↓ ↓ plaintext plaintext 35
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 36/39 DSA • Digital Signature Algorithm • NIST, 1991 36
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 37/39 ECDSA • Elliptic Curve DSA • secp256k1, Bitcoin, Ethereum 37
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 38/39 EdDSA • Edwards-curve DSA • Curve25519 • Ed25519, HD key 38
1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 39/39 39

Recommended

OOW19 - Flashback, not just for DBAs
OOW19 - Flashback, not just for DBAsOOW19 - Flashback, not just for DBAs
OOW19 - Flashback, not just for DBAsConnor McDonald
 
BBC Programmes and Music on the Linking Open Data Cloud
BBC Programmes and Music on the Linking Open Data CloudBBC Programmes and Music on the Linking Open Data Cloud
BBC Programmes and Music on the Linking Open Data CloudPatrick Sinclair
 
OOW19 - Killing database sessions
OOW19 - Killing database sessionsOOW19 - Killing database sessions
OOW19 - Killing database sessionsConnor McDonald
 
APAC Groundbreakers 2019 - Perth/Melbourne
APAC Groundbreakers 2019 - Perth/Melbourne APAC Groundbreakers 2019 - Perth/Melbourne
APAC Groundbreakers 2019 - Perth/Melbourne Connor McDonald
 
DCSF19 Tips and Tricks of the Docker Captains
DCSF19 Tips and Tricks of the Docker Captains DCSF19 Tips and Tricks of the Docker Captains
DCSF19 Tips and Tricks of the Docker Captains Docker, Inc.
 
Background noise of the Internet
Background noise of the InternetBackground noise of the Internet
Background noise of the InternetBangladesh Network Operators Group
 
Chapter 9 cryptography- symetric encryption
Chapter 9 cryptography- symetric encryptionChapter 9 cryptography- symetric encryption
Chapter 9 cryptography- symetric encryptionSyaiful Ahdan
 
65
6565
65guestceba47
 

Recommended

OOW19 - Flashback, not just for DBAs
OOW19 - Flashback, not just for DBAsOOW19 - Flashback, not just for DBAs
OOW19 - Flashback, not just for DBAsConnor McDonald
 
BBC Programmes and Music on the Linking Open Data Cloud
BBC Programmes and Music on the Linking Open Data CloudBBC Programmes and Music on the Linking Open Data Cloud
BBC Programmes and Music on the Linking Open Data CloudPatrick Sinclair
 
OOW19 - Killing database sessions
OOW19 - Killing database sessionsOOW19 - Killing database sessions
OOW19 - Killing database sessionsConnor McDonald
 
APAC Groundbreakers 2019 - Perth/Melbourne
APAC Groundbreakers 2019 - Perth/Melbourne APAC Groundbreakers 2019 - Perth/Melbourne
APAC Groundbreakers 2019 - Perth/Melbourne Connor McDonald
 
DCSF19 Tips and Tricks of the Docker Captains
DCSF19 Tips and Tricks of the Docker Captains DCSF19 Tips and Tricks of the Docker Captains
DCSF19 Tips and Tricks of the Docker Captains Docker, Inc.
 
Background noise of the Internet
Background noise of the InternetBackground noise of the Internet
Background noise of the InternetBangladesh Network Operators Group
 
Chapter 9 cryptography- symetric encryption
Chapter 9 cryptography- symetric encryptionChapter 9 cryptography- symetric encryption
Chapter 9 cryptography- symetric encryptionSyaiful Ahdan
 
65
6565
65guestceba47
 
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.ppt
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.pptTrg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.ppt
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.pptSAROORNAGARCMCORE
 
TASBot - the perfectionist
TASBot - the perfectionistTASBot - the perfectionist
TASBot - the perfectionistAnge Albertini
 
Running k3s on raspberry pi
Running k3s on raspberry piRunning k3s on raspberry pi
Running k3s on raspberry piKyohei Mizumoto
 
OG Yatra - Flashback, not just for developers
OG Yatra - Flashback, not just for developersOG Yatra - Flashback, not just for developers
OG Yatra - Flashback, not just for developersConnor McDonald
 
WiFi practical hacking "Show me the passwords!"
WiFi practical hacking "Show me the passwords!"WiFi practical hacking "Show me the passwords!"
WiFi practical hacking "Show me the passwords!"DefCamp
 
Fine grained monitoring
Fine grained monitoringFine grained monitoring
Fine grained monitoringIben Rodriguez
 
Continuously Integrating Distributed Code at Netflix
Continuously Integrating Distributed Code at NetflixContinuously Integrating Distributed Code at Netflix
Continuously Integrating Distributed Code at NetflixAtlassian
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talkkieranjacobsen
 
Introduction to HTTP/2 and How To Use It
Introduction to HTTP/2 and How To Use ItIntroduction to HTTP/2 and How To Use It
Introduction to HTTP/2 and How To Use ItArcBlock
 
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASAОсновные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASACisco Russia
 
BGP Prime
BGP Prime BGP Prime
BGP Prime KHNOG
 
Buggi (2).pdf
Buggi (2).pdfBuggi (2).pdf
Buggi (2).pdfAngelaAzaYauri
 
Grincon U.S. 2019 Layperson's Intro to Grin, Grin Value Prop & Governance
Grincon U.S. 2019 Layperson's Intro to Grin, Grin Value Prop & GovernanceGrincon U.S. 2019 Layperson's Intro to Grin, Grin Value Prop & Governance
Grincon U.S. 2019 Layperson's Intro to Grin, Grin Value Prop & GovernanceKaren Hsu
 
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsAutomating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsZack Smith
 
Deploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceDeploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceAlexandre Gouaillard
 
Building scalable web socket backend
Building scalable web socket backendBuilding scalable web socket backend
Building scalable web socket backendConstantine Slisenka
 
Reducing Pager Fatigue Using a Serverless ML Bot
Reducing Pager Fatigue Using a Serverless ML BotReducing Pager Fatigue Using a Serverless ML Bot
Reducing Pager Fatigue Using a Serverless ML BotMike Fowler
 
NYT > Technology
NYT > TechnologyNYT > Technology
NYT > Technologymagentadancer2636
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsSunil Paudel
 
1606015 m1 yamamoto
1606015 m1 yamamoto1606015 m1 yamamoto
1606015 m1 yamamotorobo_lab
 
ArcBlock Introduction to Blockchain
ArcBlock Introduction to BlockchainArcBlock Introduction to Blockchain
ArcBlock Introduction to BlockchainArcBlock
 
Forge blockchain deployment made easy
Forge blockchain deployment made easyForge blockchain deployment made easy
Forge blockchain deployment made easyArcBlock
 

More Related Content

Similar to Cryptography for everyone

Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.ppt
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.pptTrg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.ppt
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.pptSAROORNAGARCMCORE
 
TASBot - the perfectionist
TASBot - the perfectionistTASBot - the perfectionist
TASBot - the perfectionistAnge Albertini
 
Running k3s on raspberry pi
Running k3s on raspberry piRunning k3s on raspberry pi
Running k3s on raspberry piKyohei Mizumoto
 
OG Yatra - Flashback, not just for developers
OG Yatra - Flashback, not just for developersOG Yatra - Flashback, not just for developers
OG Yatra - Flashback, not just for developersConnor McDonald
 
WiFi practical hacking "Show me the passwords!"
WiFi practical hacking "Show me the passwords!"WiFi practical hacking "Show me the passwords!"
WiFi practical hacking "Show me the passwords!"DefCamp
 
Fine grained monitoring
Fine grained monitoringFine grained monitoring
Fine grained monitoringIben Rodriguez
 
Continuously Integrating Distributed Code at Netflix
Continuously Integrating Distributed Code at NetflixContinuously Integrating Distributed Code at Netflix
Continuously Integrating Distributed Code at NetflixAtlassian
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talkkieranjacobsen
 
Introduction to HTTP/2 and How To Use It
Introduction to HTTP/2 and How To Use ItIntroduction to HTTP/2 and How To Use It
Introduction to HTTP/2 and How To Use ItArcBlock
 
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASAОсновные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASACisco Russia
 
BGP Prime
BGP Prime BGP Prime
BGP Prime KHNOG
 
Grincon U.S. 2019 Layperson's Intro to Grin, Grin Value Prop & Governance
Grincon U.S. 2019 Layperson's Intro to Grin, Grin Value Prop & GovernanceGrincon U.S. 2019 Layperson's Intro to Grin, Grin Value Prop & Governance
Grincon U.S. 2019 Layperson's Intro to Grin, Grin Value Prop & GovernanceKaren Hsu
 
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsAutomating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsZack Smith
 
Deploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceDeploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceAlexandre Gouaillard
 
Building scalable web socket backend
Building scalable web socket backendBuilding scalable web socket backend
Building scalable web socket backendConstantine Slisenka
 
Reducing Pager Fatigue Using a Serverless ML Bot
Reducing Pager Fatigue Using a Serverless ML BotReducing Pager Fatigue Using a Serverless ML Bot
Reducing Pager Fatigue Using a Serverless ML BotMike Fowler
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsSunil Paudel
 
1606015 m1 yamamoto
1606015 m1 yamamoto1606015 m1 yamamoto
1606015 m1 yamamotorobo_lab
 

Similar to Cryptography for everyone (20)

Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.ppt
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.pptTrg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.ppt
Trg138042019_2_annex_MAXNG3.0_GEN-PROCEDURE.ppt
 
TASBot - the perfectionist
TASBot - the perfectionistTASBot - the perfectionist
TASBot - the perfectionist
 
Running k3s on raspberry pi
Running k3s on raspberry piRunning k3s on raspberry pi
Running k3s on raspberry pi
 
OG Yatra - Flashback, not just for developers
OG Yatra - Flashback, not just for developersOG Yatra - Flashback, not just for developers
OG Yatra - Flashback, not just for developers
 
WiFi practical hacking "Show me the passwords!"
WiFi practical hacking "Show me the passwords!"WiFi practical hacking "Show me the passwords!"
WiFi practical hacking "Show me the passwords!"
 
Fine grained monitoring
Fine grained monitoringFine grained monitoring
Fine grained monitoring
 
Continuously Integrating Distributed Code at Netflix
Continuously Integrating Distributed Code at NetflixContinuously Integrating Distributed Code at Netflix
Continuously Integrating Distributed Code at Netflix
 
The Boring Security Talk
The Boring Security TalkThe Boring Security Talk
The Boring Security Talk
 
Introduction to HTTP/2 and How To Use It
Introduction to HTTP/2 and How To Use ItIntroduction to HTTP/2 and How To Use It
Introduction to HTTP/2 and How To Use It
 
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASAОсновные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
 
BGP Prime
BGP Prime BGP Prime
BGP Prime
 
Buggi (2).pdf
Buggi (2).pdfBuggi (2).pdf
Buggi (2).pdf
 
Grincon U.S. 2019 Layperson's Intro to Grin, Grin Value Prop & Governance
Grincon U.S. 2019 Layperson's Intro to Grin, Grin Value Prop & GovernanceGrincon U.S. 2019 Layperson's Intro to Grin, Grin Value Prop & Governance
Grincon U.S. 2019 Layperson's Intro to Grin, Grin Value Prop & Governance
 
Automating Enterprise Wireless Deployments
Automating Enterprise Wireless DeploymentsAutomating Enterprise Wireless Deployments
Automating Enterprise Wireless Deployments
 
Deploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceDeploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming service
 
Building scalable web socket backend
Building scalable web socket backendBuilding scalable web socket backend
Building scalable web socket backend
 
Reducing Pager Fatigue Using a Serverless ML Bot
Reducing Pager Fatigue Using a Serverless ML BotReducing Pager Fatigue Using a Serverless ML Bot
Reducing Pager Fatigue Using a Serverless ML Bot
 
NYT > Technology
NYT > TechnologyNYT > Technology
NYT > Technology
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by Steps
 
1606015 m1 yamamoto
1606015 m1 yamamoto1606015 m1 yamamoto
1606015 m1 yamamoto
 

More from ArcBlock

ArcBlock Introduction to Blockchain
ArcBlock Introduction to BlockchainArcBlock Introduction to Blockchain
ArcBlock Introduction to BlockchainArcBlock
 
Forge blockchain deployment made easy
Forge blockchain deployment made easyForge blockchain deployment made easy
Forge blockchain deployment made easyArcBlock
 
Designing Decentralized Apps: Programmable Tokens
Designing Decentralized Apps: Programmable TokensDesigning Decentralized Apps: Programmable Tokens
Designing Decentralized Apps: Programmable TokensArcBlock
 
Build a Decentralized, public verifiable Database with ex_abci and Tendermint
Build a Decentralized, public verifiable Database with ex_abci and TendermintBuild a Decentralized, public verifiable Database with ex_abci and Tendermint
Build a Decentralized, public verifiable Database with ex_abci and TendermintArcBlock
 
ArcBlock Presents 5 Winning Factors to Building a Successful DApp
ArcBlock Presents 5 Winning Factors to Building a Successful DAppArcBlock Presents 5 Winning Factors to Building a Successful DApp
ArcBlock Presents 5 Winning Factors to Building a Successful DAppArcBlock
 
QRCodes are Fun, Easy, and Useful for Links, Payments and Identity Verification
QRCodes are Fun, Easy, and Useful for Links, Payments and Identity VerificationQRCodes are Fun, Easy, and Useful for Links, Payments and Identity Verification
QRCodes are Fun, Easy, and Useful for Links, Payments and Identity VerificationArcBlock
 
Designing Decentralized Applications (DApps)
Designing Decentralized Applications (DApps) Designing Decentralized Applications (DApps)
Designing Decentralized Applications (DApps) ArcBlock
 
IPFS: A Whole New World
IPFS: A Whole New WorldIPFS: A Whole New World
IPFS: A Whole New WorldArcBlock
 
Ethereum virtual machine for Developers Part 1
Ethereum virtual machine for Developers Part 1Ethereum virtual machine for Developers Part 1
Ethereum virtual machine for Developers Part 1ArcBlock
 
Understanding hd wallets design and implementation
Understanding hd wallets design and implementationUnderstanding hd wallets design and implementation
Understanding hd wallets design and implementationArcBlock
 
Technical Learning Series - Elixir ExUnit
Technical Learning Series - Elixir ExUnitTechnical Learning Series - Elixir ExUnit
Technical Learning Series - Elixir ExUnitArcBlock
 
Tendermint in a nutshell
Tendermint in a nutshellTendermint in a nutshell
Tendermint in a nutshellArcBlock
 
Introduction to CQRS & Commended
Introduction to CQRS & CommendedIntroduction to CQRS & Commended
Introduction to CQRS & CommendedArcBlock
 
Decipher Multi-Factor Authentication - A Developers Introduction
Decipher Multi-Factor Authentication - A Developers IntroductionDecipher Multi-Factor Authentication - A Developers Introduction
Decipher Multi-Factor Authentication - A Developers IntroductionArcBlock
 
Introduction to aws data pipeline services
Introduction to aws data pipeline servicesIntroduction to aws data pipeline services
Introduction to aws data pipeline servicesArcBlock
 
Introduction to Ethereum Smart Contracts
Introduction to Ethereum Smart Contracts Introduction to Ethereum Smart Contracts
Introduction to Ethereum Smart Contracts ArcBlock
 
ArcBlock Presents An Introduction to Blockchain
ArcBlock Presents An Introduction to BlockchainArcBlock Presents An Introduction to Blockchain
ArcBlock Presents An Introduction to BlockchainArcBlock
 

More from ArcBlock (17)

ArcBlock Introduction to Blockchain
ArcBlock Introduction to BlockchainArcBlock Introduction to Blockchain
ArcBlock Introduction to Blockchain
 
Forge blockchain deployment made easy
Forge blockchain deployment made easyForge blockchain deployment made easy
Forge blockchain deployment made easy
 
Designing Decentralized Apps: Programmable Tokens
Designing Decentralized Apps: Programmable TokensDesigning Decentralized Apps: Programmable Tokens
Designing Decentralized Apps: Programmable Tokens
 
Build a Decentralized, public verifiable Database with ex_abci and Tendermint
Build a Decentralized, public verifiable Database with ex_abci and TendermintBuild a Decentralized, public verifiable Database with ex_abci and Tendermint
Build a Decentralized, public verifiable Database with ex_abci and Tendermint
 
ArcBlock Presents 5 Winning Factors to Building a Successful DApp
ArcBlock Presents 5 Winning Factors to Building a Successful DAppArcBlock Presents 5 Winning Factors to Building a Successful DApp
ArcBlock Presents 5 Winning Factors to Building a Successful DApp
 
QRCodes are Fun, Easy, and Useful for Links, Payments and Identity Verification
QRCodes are Fun, Easy, and Useful for Links, Payments and Identity VerificationQRCodes are Fun, Easy, and Useful for Links, Payments and Identity Verification
QRCodes are Fun, Easy, and Useful for Links, Payments and Identity Verification
 
Designing Decentralized Applications (DApps)
Designing Decentralized Applications (DApps) Designing Decentralized Applications (DApps)
Designing Decentralized Applications (DApps)
 
IPFS: A Whole New World
IPFS: A Whole New WorldIPFS: A Whole New World
IPFS: A Whole New World
 
Ethereum virtual machine for Developers Part 1
Ethereum virtual machine for Developers Part 1Ethereum virtual machine for Developers Part 1
Ethereum virtual machine for Developers Part 1
 
Understanding hd wallets design and implementation
Understanding hd wallets design and implementationUnderstanding hd wallets design and implementation
Understanding hd wallets design and implementation
 
Technical Learning Series - Elixir ExUnit
Technical Learning Series - Elixir ExUnitTechnical Learning Series - Elixir ExUnit
Technical Learning Series - Elixir ExUnit
 
Tendermint in a nutshell
Tendermint in a nutshellTendermint in a nutshell
Tendermint in a nutshell
 
Introduction to CQRS & Commended
Introduction to CQRS & CommendedIntroduction to CQRS & Commended
Introduction to CQRS & Commended
 
Decipher Multi-Factor Authentication - A Developers Introduction
Decipher Multi-Factor Authentication - A Developers IntroductionDecipher Multi-Factor Authentication - A Developers Introduction
Decipher Multi-Factor Authentication - A Developers Introduction
 
Introduction to aws data pipeline services
Introduction to aws data pipeline servicesIntroduction to aws data pipeline services
Introduction to aws data pipeline services
 
Introduction to Ethereum Smart Contracts
Introduction to Ethereum Smart Contracts Introduction to Ethereum Smart Contracts
Introduction to Ethereum Smart Contracts
 
ArcBlock Presents An Introduction to Blockchain
ArcBlock Presents An Introduction to BlockchainArcBlock Presents An Introduction to Blockchain
ArcBlock Presents An Introduction to Blockchain
 

Recently uploaded

KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 

Cryptography for everyone

  • 1. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 1/39 Cryptography for Everyone Brought to you by Boshan Sun 1
  • 2. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 2/39 How to hide a secret? 2
  • 3. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 3/39 ATTACK AT DAWN 3
  • 4. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 4/39 DWWDFN DW GDZQ 4
  • 5. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 5/39 Bits & Bytes # bits 0 1 # bytes 0010 1111 1100 0001 5
  • 6. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 6/39 ASCII ------------US-ASCII------------- 0 1 2 3 4 5 6 7 8 9 a b c d e f 2 ! " # $ % & ' ( ) * + , - . / 3 0 1 2 3 4 5 6 7 8 9 : ; < = > ? 4 @ A B C D E F G H I J K L M N O 5 P Q R S T U V W X Y Z [ ] ^ _ 6 ` a b c d e f g h i j k l m n o 7 p q r s t u v w x y z { | } ~ --------------------------------- A 41 0100 0001 T 54 0101 0100 T 54 0101 0100 A 41 0100 0001 C 43 0100 0011 K 4b 0100 1011 20 0010 0000 A 41 0100 0001 T 54 0101 0100 20 0010 0000 D 44 0100 0100 A 41 0100 0001 W 57 0101 0111 N 4e 0100 1110 6
  • 7. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 7/39 Coin toss - head 0 - tail 1 0101 0011 1110 0100000101010100010101000100000101000011010010110010000001000001010101000010000001000100010000010101011101001110 ATTACK AT DAWN 0001000001001011001001111100001001011110001010110101011000010000010111110000010011110100011100101011010000110100 random coin toss 0101000100011111011100111000001100011101011000000111011001010001000010110010010010110000001100111110001101111010 ciphertext 7
  • 8. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 8/39 One-time Pad • perfect secrecy • as long as the plaintext • not practical in real life • can we do better? 8
  • 9. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 9/39 Block Cipher . plaintext ↓ +--------------+ key -> | Block Cipher | +--------------+ ↓ ciphertext 9
  • 10. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 10/39 DES • Data Encryption Standard • 1970s • IBM • block size: 8 bytes • key size: 8 bytes 10
  • 11. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 11/39 3DES • 1998 • DES -> DES -> DES • key size: 8 * 3 = 24 bytes • also 3 times slower than DES 11
  • 12. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 12/39 AES • Advanced Encryption Standard • 1997 - 2000 • NIST • Finalists • Rijndael/Serpent/Twofish/RC6/MARS • Rijndael become AES 12
  • 13. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 13/39 AES • 2001 • block size: 16 bytes • key size: 16/24/32 bytes 13
  • 14. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 14/39 Block Cipher . plaintext ↓ +--------------+ key -> | Block Cipher | (DES/3DES/AES) +--------------+ ↓ ciphertext 14
  • 15. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 15/39 Block Cipher Encryption ATTACK A T DAWN00 -------- -------- 8 bytes 8 bytes ATTACK A T DAWN00 ↓ ↓ +--------------+ +--------------+ password -> | DES Encrypt | password -> | DES Encrypt | +--------------+ +--------------+ ↓ ↓ 1a2dd25ec47c36fd 03fbff11a9a8e0f0 15
  • 16. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 16/39 Block Cipher Decryption . ATTACK A T DAWN00 ↓ ↓ +--------------+ +--------------+ password -> | DES Encrypt | password -> | DES Encrypt | +--------------+ +--------------+ ↓ ↓ 1a2dd25ec47c36fd 03fbff11a9a8e0f0 ↓ ↓ +--------------+ +--------------+ password -> | DES Decrypt | password -> | DES Decrypt | +--------------+ +--------------+ ↓ ↓ ATTACK A T DAWN00 16
  • 17. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 17/39 Block Cipher Mode • ECB • CBC • CFB/OFB • CTR 17
  • 18. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 18/39 ECB Mode . plaintext plaintext ↓ ↓ +--------------+ +--------------+ key -> | BC Encrypt | key -> | BC Encrypt | +--------------+ +--------------+ ↓ ↓ ciphertext ciphertext ↓ ↓ +--------------+ +--------------+ key -> | BC Decrypt | key -> | BC Decrypt | +--------------+ +--------------+ ↓ ↓ plaintext plaintext 18
  • 19. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 19/39 ECB Penguin 19
  • 20. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 20/39 CBC Mode . plaintext plaintext ↓ ↓ iv -> ⊕ +-----------------> ⊕ ↓ | ↓ +--------------+ | +--------------+ key -> | BC Encrypt | | key -> | BC Encrypt | +--------------+ | +--------------+ ↓ | ↓ ciphertext -------+ ciphertext ↓ | ↓ +--------------+ | +--------------+ key -> | BC Decrypt | | key -> | BC Decrypt | +--------------+ | +--------------+ ↓ | ↓ iv -> ⊕ +-----------------> ⊕ ↓ ↓ plaintext plaintext 20
  • 21. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 21/39 Stream Cipher • RC4 • Salsa20/ChaCha20 21
  • 22. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 22/39 How to securely send my message to others? 22
  • 23. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 23/39 Alice, Bob & Eve . secret Alice ----------------------------------> Bob key key secret secret' Alice ------------ Eve -------------> Bob key key 23
  • 24. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 24/39 Cryptographic Hash Functions • data integrity . secret digest Alice ----------------------------------> Bob key key 24
  • 25. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 25/39 Ideal Hash Function • deterministic, same input always generate same output • quick to compute for any input • one-way function • avalanche effect, samell change in input cause huge change in output • collision resistance, infeasible to find two different inputs generate same output 25
  • 26. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 26/39 Common hash functions • MD5 (1992) • SHA-1 (1995) • SHA-224/256/384/512 (2001) • SHA-3 (2015) • RIPEMD-160 (1996) 26
  • 27. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 27/39 SHA3 • NIST, 2007 • Finalists, 2012 • BLAKE • Grøstl • JH • Keccak <- this guy wins • Skein • SHA-3, 2015 • Ethereum uses original 2012 keccak256 27
  • 28. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 28/39 Is data integrity enough? . secret digest Alice ----------------------------------> Bob key key secret secret' digest digest' Alice ------------ Eve -------------> Bob key key 28
  • 29. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 29/39 MAC • Message Autehntication Code • data integrity & authentication • CMAC/CBC-MAC/VMAC/UMAC • HMAC • Poly1305 hmac sha sha msg + key -------> f023a7d109f1 + key -------> b15c701d5e63 29
  • 30. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 30/39 MAC . secret digest Alice ----------------------------------> Bob key key secret tag Alice ----------------------------------> Bob {k1,k2} {k1,k2} secret secret' tag ?????? Alice ------------ Eve -------------> Bob {k1,k2} {k1,k2} 30
  • 31. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 31/39 How do Alice and Bob swap keys at the rst place? 31
  • 32. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 32/39 Is key exchange possible? . secret secret' tag ?????? Alice ------------ Eve -------------> Bob {k1,k2} {k1,k2} {k1,k2} Alice ------------ Eve -------------> Bob ??? 32
  • 33. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 33/39 Di e-Hellman-Merkle key exchange • 1976 33
  • 34. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 34/39 RSA • 1977 34
  • 35. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 35/39 Public Key Encryption • private key (sk) • public key (pk) . plaintext plaintext ↓ ↓ +--------------+ +--------------+ pk -> | RSA | sk -> | RSA | +--------------+ +--------------+ ↓ ↓ ciphertext ciphertext ↓ ↓ +--------------+ +--------------+ sk -> | RSA | pk -> | RSA | +--------------+ +--------------+ ↓ ↓ plaintext plaintext 35
  • 36. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 36/39 DSA • Digital Signature Algorithm • NIST, 1991 36
  • 37. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 37/39 ECDSA • Elliptic Curve DSA • secp256k1, Bitcoin, Ethereum 37
  • 38. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 38/39 EdDSA • Edwards-curve DSA • Curve25519 • Ed25519, HD key 38
  • 39. 1/15/2019 Cryptography for Everyone http://10.0.1.12:8888/bbl/bbl23-crypto.html 39/39 39