Cryptography

What are the two types of key-based encryptions that exist?

The two main types of key-based encryptions are symmetric encryption and asymmetric encryption.

Symmetric Encryption

• Key Usage: Uses a single key for both encryption and decryption.
• Speed: Generally faster and more efficient.
• Security: The main challenge is securely sharing the key between parties.
• Examples: AES (Advanced Encryption Standard), DES (Data Encryption Standard).

Asymmetric Encryption

• Key Usage: Uses a pair of keys – a public key for encryption and a private key for decryption.
• Speed: Slower compared to symmetric encryption due to more complex computations.
• Security: More secure for key distribution since the private key is never shared.
• Examples: RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curve Cryptography).

Which type of encryption is considered more secure?

Both schemes are considered secure in the sense that if you are using a modern algorithm with a sufficient key length, no current computer can break the cipher.

Which type of encryption is better depends on the use case, but many use cases require asymmetric encryption, because it uses a pair of keys – a public key for encryption and a private key for decryption. The private key is kept secret, which enhances security since it never needs to be shared.

Which type of encryption is better for Bulk Data?

Symmetric Encryption, because it is faster.

What is the general process for Hybrid encryption?

1. Key Generation: The sender generates a fresh symmetric key (also known as a session key) for encrypting the actual message.
2. Message Encryption: The sender uses the symmetric key to encrypt the plaintext message, producing a ciphertext.
3. Key Encryption: The sender then encrypts the symmetric key using the recipient’s public key (asymmetric encryption).
4. Transmission: The sender sends both the encrypted message (ciphertext) and the encrypted symmetric key to the recipient.
5. Key Decryption: The recipient uses their private key to decrypt the symmetric key.
6. Message Decryption: Finally, the recipient uses the decrypted symmetric key to decrypt the ciphertext and retrieve the original plaintext.

Hashing Algorithms

A hashing algorithm is a mathematical function that converts input data of any size into a fixed-length string of characters, which is typically a sequence of letters and numbers. This output is known as a hash value or digest.

What is a Collision?

A collision in hashing occurs when two distinct pieces of data produce the same hash value using a hashing algorithm12. This can be problematic because the primary goal of a hashing algorithm is to uniquely represent different data inputs.

What is a MAC?

Message Authentication Code (MAC): In cryptography, a MAC is a short piece of information used to authenticate a message and ensure its integrity. It verifies that the message has not been altered and confirms the sender’s identity.

How is a MAC different from an HMAC?

MAC: A general term for a code that verifies message integrity and authenticity, using either block ciphers or hash functions.

HMAC: A specific type of MAC that uses a cryptographic hash function and a secret key, offering stronger security properties.

Asymmetric Cryptography

What is the general process for message signing?

Message signing is a cryptographic process used to verify the authenticity and integrity of a message.

1. Hash creation: The sender generates a unique digital fingerprint (hash) of the message using a cryptographic hash function (e.g., SHA-256). This hash uniquely represents the message’s content.
2. Signing: The sender encrypts this hash with their private key, creating the digital signature. This ensures that the signature can only be generated by someone with access to the sender’s private key.
3. Sending: The digital signature is attached to the message, and both are sent to the recipient. The sender’s public key is also provided for verification.
4. Verification: The recipient uses the sender’s public key to decrypt the digital signature, retrieving the original hash.The recipient then generates a new hash from the received message and compares it with the decrypted hash. If they match, it confirms that the message has not been altered and verifies the sender’s identity.

What are the three functions of asymmetric encryption?

Asymmetric encryption, also known as public-key cryptography, serves several important functions in securing communications and data.

1. Encryption and decryption
2. Digital signatures
3. Key exchange

RSA

RSA, short for Rivest-Shamir-Adleman, is a widely used public-key cryptosystem for secure data transmission. It was named after its inventors, Ronald Rivest, Adi Shamir, and Leonard Adleman, who introduced it in 1977.

Diffie-Hellman

The Diffie-Hellman key exchange is a method used in cryptography to securely exchange cryptographic keys over a public channel. It was developed by Whitfield Diffie and Martin Hellman in 1976. The main purpose of the Diffie-Hellman key exchange is to enable two parties to securely develop a shared secret key that can be used for encrypting subsequent communications.

Digital Signature Algorithm (DSA)

The Digital Signature Algorithm (DSA) is a public-key cryptographic algorithm used to generate and verify digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in 1991 as part of the Digital Signature Standard (DSS).

How it Works

1. Key Generation: DSA generates a pair of keys: a private key for signing and a public key for verification.
2. Signing: The sender uses their private key to create a digital signature on a message. This signature is unique to both the message and the private key.
3. Verification: The recipient uses the sender’s public key to verify the authenticity of the signature and, consequently, the integrity and origin of the message.