Cryptography

Symmetric cipher modes fall into two categories: block mode and stream mode. For block mode ciphers, the plaintext or ciphertext can only be processed one block at a time. This means that a "padding scheme" is needed to specify how to handle the last block of a message. For stream mode ciphers, the plaintext or ciphertext is processed one byte at a time, and padding is not required.

Block ciphers can operate in Electronic Code Book (ECB) mode or Cipher Block Chaining (CBC) mode. In ECB mode, the same block of plaintext will encrypt, with the same key, into the same block of ciphertext. This makes it possible to build a code book of all possible ciphertexts for a known plaintext. To prevent this problem, CBC mode takes the previous block of ciphertext and XORs it with the next block of plaintext prior to encryption.

Block Ciphers include:

* AES
* Blowfish
* DES / 3DES
* IDEA

Stream Ciphers include:

* RC4

Asymmetric ciphers uses a public key and a private key. A message encrypted with the public key can only be decrypted with the private key and vice versa.

The most well known asymmetric ciphers are:

* RSA
* El-Gamal
* Diffie-Hellman

RSA is normally used for encryption/decryption with the public/private key pairs. Diffie-Hellman provides a way to generate a shared secret with two peers' public/private key pairs. El-Gamal is very similar to Diffie-Hellman.

Below is how Diffie-Hellman works:

1) First the hosts must agree on the "Diffie-Hellman parameters". A prime number, p (larger than 2) and "base", g, an integer that is smaller than p.

2) The hosts each secretly generate a private number called x, which is less than p - 1.

3) The hosts next generate the public keys, y. They are created with the function:

y = g^x mod p

4) The two host now exchange the public keys y and the exchanged numbers are converted into a secret key, z.

z = y^x' mod p

z can now be used as the key for whatever encryption method is used to transfer information between the two hosts. Mathematically, the two hosts should have generated the same value for z.

z = (g^x mod p)^x' mod p = (g^x' mod p)^x mod p

And here is an example:

1) Alice and Bob agree to use a prime number p=23 and base g=3.
2) Alice chooses a secret integer x=6, then sends Bob g^x mod p = 3^6 mod 23 = 16.
3) Bob chooses a secret integer x'=15, then sends Alice g^x' mod p = 3^15 mod 23 = 12.
4) Alice computes (g^x' mod p)^x mod p = 12^6 mod 23 = 9.
5) Bob computes (g^x mode p)^x' mod p = 16^15 mod 23 = 9.

Symmetric ciphers are much faster than the asymmetric ciphers, but they require a secure key exchange mechanism.

Asymmetric ciphers are rarely used for encrypting messages. They are normally used to generate digital signatures or to provide secure key exchange for symmetric ciphers.

# posted by - H - @ 11:41 PM