Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of Oxford
1. Public Key Cryptography and
potential attacks on PK
Dr Petar Radanliev, PhD Thesis
Department of Computer
Sciences, University of Oxford
2. Slide 1.1:
Introduction to
Cryptography
• Cryptography from Ancient Greek: kryptós
"hidden, secret"; and γράφειν "to write", or -
λογία -logia, "study"
• Cryptography translated from its original
meaning in Greek is ‘secret writing’
3. Cryptography
vs
Cybersecurity
– 3 key points
First: good cryptography depends on the hardness of the
mathematical problem, in other words, the encryption is only
as strong as the mathematical problem of the specific
cryptographic algorithm
Second: the quality of implementation, because correct
implementation is fundamental in how secure the algorithm is
Third: the key secrecy, because secret keys need to be stored
somehow somewhere, usually by a centralised trusted
authority
If you are a hacker and you are trying to hack a crypto system,
you will start with one of these three things, a hacker would try
to solve the math problem, look for vulnerabilities in the
implementation, or try to get access to the secret keys
4. Slide 1.2:
Cryptography and
Romance
• Cryptography- the art of writing or solving
codes
• During the French revolution, the Queen of
France sent encrypted letter to her lover, and
encryption has been linked to love ever since
• Alice & Bob - The World’s Most Famous
Cryptographic Couple
• Alice and Bob are fictional characters
originally invented to make research in
cryptology easier to understand
• Eve, the passive and submissive
eavesdropper
5. Slide 1.3:
Romantic
Cryptography
• We show how Alice and Bob can establish
whether they love each other, but without the
embarrassement of revealing that they do if
the other party does not share their feelings
• This is a “secure multiparty computation” of
the AND function, where the participants
cooperate in producing the result of the AND,
but without learning the input bit contributed
by the other party unless the result implies it
6. Slide 1.3: Cultural
Interpretations of
Alice and Bob
• In 2012, the computer scientist Srini Parthasarathy
wrote a document entitled “Alice and Bob can go
on a holiday!
• Parthasarathy proposed that Alice and Bob might
be usefully replaced by Sita and Rama, characters
central to Hindu mythology.
8. Ancient Egypt
• The oldest encryption attempt known to
mankind dates back to the kingdom of Egypt,
around two thousand years before Christ -
1900 BC
• The first known evidence of cryptography
can be traced to the use of 'hieroglyph' - a
character of the ancient Egyptian writing
system
9. Ancient Greece
• The ancient Greeks used a scytale, in which the
person sending a message wound a strip of cloth
around a stick
10. Ancient
Rome
Julius Caesar used encryption in the days of the
Roman Empire to cipher letters and messages
Caesar Cipher: Named after Julius Caesar, who
used this method for secret military communications
Also known as a shift cipher, Caesar’s Code, or
Caesar Shift
Encipher- to convert a message or a piece of text
into coded form; encrypt
Decipher- To convert a text written in code, or a
coded signal, into normal language
12. Enigma
• Enigma was a cipher device used by Nazi Germany's military command to
encode strategic messages before and during World War II
• The most important codebreaking event of the war was the successful
decryption by the Allies of the German "Enigma" Cipher
• Alan Turing credited as the father of computer science
• He was a British scientist and a pioneer in computer science
• During World War II, he developed a machine that helped break the
German Enigma code
• He also laid the groundwork for modern computing and theorised about
artificial intelligence
• After World War II, many of the first computers were created to make or
break codes
13. Cryptography
&
Cybersecurity
It is not true, as some books say, that NSA was a
“secret” organisation when it was established in
1952; however, there was little public awareness
of its work, and some people joked that the
initials stood for “No Such Agency
Cryptography + Cyber Security
Encryption Became Popular Long before the
Inception of the Internet
14. Symmetric
• Symmetric key cryptography is when one key is
used to encrypt and decrypt information and the
most well-known standard in this category is the
Advanced Encryption Standard , selected by the
U.S
15. Asymmetric
• Asymmetric cryptography is also known as public-key cryptography,
uses two different keys, one is public key that is used for encryption and
is known to all, and second is the private key that is used for decryption
and is only known by one party
• The most famous algorithm for public-key cryptography is the RSA
cryptosystem developed in 1977
• the Digital Signature Algorithm
• Diffie–Hellman key exchange over public channels
• the Elliptic-curve cryptography
16. Quantum
Cryptography
• Unlike cryptography, which relies on mathematical
algorithms and computational complexity to secure
information, quantum cryptography is based on the laws
of physics and the behaviour of quantum particles
• When we have a large-scale quantum computer built, it
would break all public-key cryptography that is widely
used today
• The most well-known quantum cryptography protocol
"quantum key distribution" , involves the transmission
of a random sequence of quantum bits or "qubits"
between two parties
• The best known "quantum key distribution" is the BB84
protocol published by Bennett and Brassard in 1984
• Quantum cryptography is unhackable
17. Importance of PK
cryptography in
secure
communications
• Secure communication, secure key exchange,
digital signatures, and encryption of data
• Use cases include secure email, secure web
browsing , secure file transfer , and secure
messaging platforms
18. Mathematical
relationship between
the two keys
• The relationship between the two keys is typically
based on mathematical operations that are
computationally easy in one direction but
computationally difficult in the reverse direction
• This property ensures that while the public key
can be easily derived from the private key, it is
practically impossible to calculate the private
key from the public key
19. How encryption
with the public key
works
• The sender prepares the message they want
to send to the recipient
• Using the recipient's public key, the sender
applies an encryption algorithm to the
message
20. How
decryption
with the
private key
works
Upon receiving the encrypted
message, the recipient uses their
private key, which is kept secret,
to perform the decryption process
The result of the decryption
process is the original message,
restored to its original form
21. Use of PK
cryptography
for digital
signatures
Document Hashing
Hash Encryption
Digital Signature Creation
Signature Verification
Document Hash Calculation
Comparing Hashes
23. RSA
In RSA, the mathematical relationship
is based on the difficulty of factoring
large numbers into their prime factors
The public key consists of a modulus
and an exponent
The decryption process, on the other
hand, involves raising the ciphertext
to the power of the private exponent
and taking the modulus
24. ECC
Elliptic Curve Cryptography uses the
mathematical properties of elliptic
curves to establish the relationship
between the public and private keys
The public key is derived from a point
on the elliptic curve, while the private
key is a randomly chosen scalar value
The operations involved in ECC
ensure that it is extremely difficult to
calculate the private key from the
public key
25. Brute-force attack
on PK
cryptography
• In a brute-force attack, an attacker
systematically tries all possible private keys
to decrypt an encrypted message
• The strength of the PK cryptography lies in
the large key space, which makes this attack
computationally infeasible for sufficiently
long key sizes
26. Man-in-the-
middle attack
on PK
cryptography
In a man-in-the-middle attack, an
attacker intercepts the communication
between two parties and poses as
each party to the other
The attacker can intercept the public
keys exchanged during the key
exchange process and replace them
with their own
MITM attacks can be mitigated by
using trusted public key infrastructure
and digital certificates
27. Side-channel
attacks and their
impact on PK
cryptography
• Side-channel attacks exploit information
leaked during the execution of a
cryptographic algorithm, such as timing
information, power consumption, or
electromagnetic radiation
• By analysing these side-channel information,
an attacker can potentially extract the private
key
• Countermeasures like constant-time
implementations and hardware protections
can be employed to mitigate side-channel
attacks
28. Certificate authority attack: This attack targets the certificate authority
(CA) that is used to issue digital certificates. If the CA is compromised, then
the attacker can issue fraudulent certificates that can be used to
impersonate legitimate websites or users.
Key compromise attack: This attack occurs when an attacker is able to
steal or compromise the private key of a user or organisation. This allows
the attacker to decrypt any messages that were encrypted with the private
key, and they can also impersonate the user or organisation.
29. Importance of
protecting
private keys
PK cryptography relies on the secrecy of
the private key
If the private key is compromised, either
through theft or unauthorized access, an
attacker can decrypt any messages
encrypted with the corresponding public
key
It is crucial to protect private keys with
strong encryption and proper access
controls
30. Quantum
computing on
PK
cryptography
Quantum computers have the potential to
break many of the currently used public
key algorithms, such as RSA and ECC
Shor's algorithm, for example, can
efficiently factor large numbers, which
breaks RSA
To mitigate quantum computing attacks,
post-quantum cryptography algorithms
are being developed and standardised,
which are resistant to attacks by quantum
computers
31. Shor's algorithm and
its impact on RSA
and ECC
• Shor's algorithm is a quantum algorithm developed
by mathematician Peter Shor in 1994
• ECC is also vulnerable to attacks using Shor's
algorithm
33. Smart contracts
and their
applications
• Smart contracts are self-executing contracts
with the terms of the agreement directly
written into code
• They run on blockchain platforms, such as
Ethereum, and automatically execute actions
based on predefined conditions without the
need for intermediaries
34. Blockchain in
supply chain
management
Smart contracts can enhance supply
chain management by automating and
streamlining processes
They enable transparent and efficient
tracking of goods, automatic verification
of transactions, and secure transfer of
ownership or payments based on
predefined conditions
Smart contracts can increase
transparency, reduce fraud, and improve
overall supply chain efficiency
35. Blockchain's
potential for
transparent
governance
and voting
systems
The examples listed are just a few
examples of how smart contracts are
being applied across various industries
The versatility and automation
capabilities of smart contracts make
them a powerful tool for creating trust,
efficiency, and transparency in a wide
range of applications
36. Quantum-safe
cryptography and
its importance in
cybersecurity
• Quantum Computers' Threat to Classical
Cryptography
• Long-Term Security
• Transition Period
• Protecting Sensitive Data
• Infrastructure and Systems Security
• Future-Proofing
37. Quantum-
resistant
algorithms
and post-
quantum
cryptography
The development and standardisation of
quantum-resistant algorithms are ongoing
Organisations such as the National
Institute of Standards and Technology in
the United States have initiated efforts to
evaluate and standardise post-quantum
cryptographic algorithms
This process involves rigorous analysis,
testing, and evaluation of various
candidate algorithms to determine their
security, efficiency, and suitability for
different applications
39. Awareness of
potential attacks
and the need for
secure practices
• Evolving Threat Landscape
• Protection of Sensitive Information
• Mitigation of Financial Losses
• Safeguarding Privacy
• Prevention of Identity Theft
• Compliance with Regulations and Standards
• Promoting a Culture of Security
• Proactive Risk Management
40. Slide 18: Additional Resources
[1] NIST, “Advanced Encryption Standard (AES) ,” Nov. 2001. Accessed: Mar. 19, 2023. [Online]. Available:
https://web.archive.org/web/20170312045558/http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf
[2] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Commun ACM,
vol. 21, no. 2, pp. 120–126, Feb. 1978, doi: 10.1145/359340.359342.
[3] C. Cocks, “A Note on Non-Secret Encryption ,” 1973. Accessed: Mar. 19, 2023. [Online]. Available:
https://web.archive.org/web/20180928121748/https://www.gchq.gov.uk/sites/default/files/document_files/Cliff%20Cocks%20pap
er%2019731120.pdf
[4] P. W. Shor, “Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer,” SIAM Journal
on Computing, vol. 26, no. 5, pp. 1484–1509, Oct. 1997, doi: 10.1137/S0097539795293172.
[5] C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,” in Proceedings of IEEE
International Conference on Computers, Systems and Signal Processing, 1984, pp. 1–8. Accessed: Mar. 17, 2023. [Online]. Available:
https://web.archive.org/web/20200130165639/http://researcher.watson.ibm.com/researcher/files/us-bennetc/BB84highest.pdf
Slide 20: Questions and Discussion
42. Sources of
information used
in the presentation
• National Institute of Standards and
Technology : Post-Quantum Cryptography:
Matt Scholl:
https://www.nist.gov/blogs/taking-
measure/post-quantum-cryptography-qa-
nists-matt-scholl NIST Announces First Four
Quantum-Resistant Cryptographic
Algorithms: https://www.nist.gov/news-
events/news/2022/07/nist-announces-first-
four-quantum-resistant-cryptographic-
algorithms Post-Quantum Cryptography:
https://csrc.nist.gov/Projects/post-quantum-
cryptography/selected-algorithms-2022