飞书用户1263OV的组织用户8279
Principle of Cybersecurity
输入“/”快速插入内容
Principle of Cybersecurity
Principle of Cybersecurity
用户8279用户82792025年12月11日修改
Classic Crypto
Symmetric Key Cryptography
Kerckhoff's Principle: The key(s) of a cryptosystem should be hidden, but the mechanisms should be public.
•
Experience has shown that secret algorithms tend to be weak when exposed
•
Secret algorithms never remain secret
•
Better to find weakness beforehand
Symmetric Key Cryptography: a single key (k) is used for E and D
Simple Substitution
•
shift by n (n is the key)
Caesar's cipher: shift by 3
Attack I: Exhaustive key search-try them all. Only 25 keys possible.
•
General case: any permutation of letters, 26! variations in total 每个letter都可能对应一个不一样的letter
Attack II: Cannot try 26! combinations, we can use the frequency of English letters
Again, Principle: Cryptosystem is secure if the best-known attack is to try all keys (exhaustive key search). Cryptosystem is insecure if any shortcut attack is known.
One-Time Pad (OTP)
XOR: 相同为0,不同为1(0和任何数异或都是那个数自己)
•
Encryption: plaintext XOR key = ciphertext
•
Decryption: ciphertext XOR key = plaintext
Requirements:
•
Pad (key) must be random, used only once
•
Pad must be the same size as message
OTP is provably secure: ciphertext gives no information about plaintext. Assume value of each bit is equally likely, then all ciphertexts are also equally likely.
假设pad被使用两次:C1=M1 XOR K C2=M2 XOR k,那么攻击者可以得到C1 XOR C2=M1 XOR M2,也就得到了M1和M2之间的关系,也就有了破译密文的可能。
Codebook Cipher
A book filled with codewords, with everyword in this book has a code
Additive:在普通的codebook cipher中,同一个词会被映射为同一个code,容易被攻击者按照频率pattern破译。配合一个additive book,每次encrypt的时候,选出一页(一个additive position),将code与这一页的数字逐位相加。每次发送时,发送cyphertext和additive position。additive position本身不是secret,其内容是需要保密的。收件人收到内容后用减法还原原始code。这样,attacker看到的同一个词的cyphertext都不一样(same word encodes into different representations),因此难以破译。
Symmetric Key Crypto
Modern Symmetric Key Crypto
Stream cipher:
•
generalize one-time pad
•
Key is relatively short, it works on one bit/byte a time 一次加密一个bit/byte,连续加密
•
Key is stretched into a long key stream
•
Keystream is used just like a one-time pad
Block cipher:
•
works on large chunks of data (block) at a time 一次加密一个数据块
•
can combine blocks for additional security
Stream Cipher
A5/1: Shift Registers