It's my memo on reading Applied Cryptography by Bruce Schneier.
Modern cryptography make fundamental advances after the First World War, many papers have been published. Before 1970s, crypotology did not have any disciplines and was very complex that industry and companies in general did not know where to start, and exposing many flaws in design.
Everything changed when Martin Hellman and Whitfield Diffie propose public-key cryptography algorithm call Diffie Hellman. Their contribution was to introduce a problem that does not even appear easy to solve. A good (or-clever) Cryptosystem is more than something that turn meaningful text into nonsense.
When public interest in cryptography was just emerging, America NSA (National Security Agency) made several attempts to stop it. Their viewpoint is that cryptographic is related to national benefit, and basically researchers were requested to ask NSA's opinion on whether disclosure of results would adversely affect the national interest. However, they soon realized that all the great cryptographic papers would not protect any individual traffic, but to make all traffic in the world safer. They then shift strategy from attempting to control cryptographic research to tightening its grip on the development and deployment of cryptography products.
To understand cryptography, we first need to agree on some common terminologies:
- Sender and Receiver : sender want to send some message to receiver
- Message and Encryption
- A message is plain text. The process of disguising a message in such a way as to hide its substance is encryption
- Plain text is denoted by M, and cipher text is denoted by C.
Authentication, Integrity and Norepudiation
- Authentication: It should be possible for the receiver of a message to ascertain its origin
- Integrity: It should be possible for the receiver of a message to verify that it has not been modified
- Norepudiation: A sender should not be able to falsely deny after that he sent a message
Algorithm and Keys:
- A cryptographic algorithm (also called a cipher) is the mathematical function used for encryption and decryption
- Symmetric algorithm: which use same keys to encrypt and decrypt
- Public key algorithm: which use different keys (public and private) to encrypt and decrypt.
- Cryptanalysis: science of recovering the plaintext of a message without access to the key. An attempt to do cryptanalysis called attack. There are many types of cryptanalysis:
- Ciphertext-only attack: attacker has ciphertext of serveral messages, which encrypted using same algorithm
- Known-plaintext attack: attacker has not only ciphertext but also plaintext. His job is to deduce the key
- Chosen-plaintext attack: known-plaintext + ability to choose plaintext that gets encrypted
- Adaptive-chosen-plaintext attack: special case of chosen plaintext attack, attacker has ability to modify his choice
- Chosen-cipher-text attack: attacker can choose different cipherrtext to be decrypted and has access to decrypted plaintext.
- Chosen-key attack: attacker has some knowledge about the relationship between different keys
- Rubber-hose cryptanalysis: attack threatens, blackmails or tortures someone (this attack sounds very funny)