{"id":499,"date":"2017-04-10T13:42:40","date_gmt":"2017-04-10T20:42:40","guid":{"rendered":"http:\/\/konukoii.com\/blog\/?p=499"},"modified":"2018-02-25T00:22:25","modified_gmt":"2018-02-25T08:22:25","slug":"demystifying-cryptography","status":"publish","type":"post","link":"https:\/\/konukoii.com\/blog\/2017\/04\/10\/demystifying-cryptography\/","title":{"rendered":"Demystifying Cryptography"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time: <\/span> <span class=\"rt-time\"> 6<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span><p>To those not on the field, the word '<em>Cryptography<\/em>' seems to be surrounded by some intangible mysticism. Media references, whether it is on the news, TV shows, movies, or videogames, use it as a hacker-related term when talking about cyber-attacks. I'm willing to bet that most people are aware that they use cryptography on their day to day life, however it is often perceived as this strange mathematical veil that protects us from spies and hackers when we are trying to buy some stuff or log in to see our bank account online.\u00a0Yet who actually understands Cryptography? Well, clearly only geniuses in laboratories, hackers in dark basements, and '<em>James Bon<\/em>d'-style spies that are far more smarter than us mortals....<\/p>\n<p><strong><em>* Pause for Dramatic Fanfare *<\/em><\/strong><\/p>\n<p>However, the dirty little secret of Cryptography is that 99% of it is dead simple algebra. In fact, a cryptographic scheme that uses really complicated math will often be looked down upon because:<\/p>\n<ul>\n<li>Complex calculations take time and make for inefficient implementations on computer software\/hardware.<\/li>\n<li>Complex calculations can obscure the scheme to a point where it is mathematically hard to prove it's security.<\/li>\n<\/ul>\n<p>So at the end of the day, the schemes that end up working are actually dead simple. That isn't to say that coming up with the scheme is easy (That requires a lot of mathematical studies), however understanding the actual schemes tends to be easier than you would think.<\/p>\n<p>So allow me, as an enthusiastic student of the field, to take you through an interesting tour of Cryptography. In this Crypto 101, I'm going to quickly give you a\u00a0general overview of the field, and teach you the intuition behind the actual schemes you use on a day to day basis.<\/p>\n<p style=\"text-align: right;\"><em>* Follow me for more crypto\/hacking content!<\/em><br \/>\n<a class=\"twitter-follow-button\" href=\"http:\/\/twitter.com\/konukoii\" target=\"_blank\" rel=\"noopener\" data-show-count=\"false\">Follow @konukoii<\/a><\/p>\n<p><script src=\"http:\/\/platform.twitter.com\/widgets.js\" type=\"text\/javascript\"><\/script><\/p>\n<p>&nbsp;<\/p>\n<h5><span style=\"text-decoration: underline;\">What is Cryptography?<\/span><\/h5>\n<p>Cryptography is the study of secure communication on insecure channels. In other words, how do I transmit a message meant to be secret on a channel that has been compromised. A silly example\u00a0would be when parents, who in an attempt to hide the secret message from their young child, start to spell words: \"Honey, when is it that he has his D-E-N-T-I-S-T appointment?\". The young child is perhaps unable to decipher that code, but as he grows older, parent's need to come up with better or more complicated schemes. In fact, that's a neat representation of how Cryptography works, first we create a cipher, then someone breaks it, then we create a new one, someone breaks it again, and so on and so forth. The history of cryptography is filled with this tug of war between creating and breaking ciphers. I heavily recommend reading Singh's <a href=\"https:\/\/www.amazon.com\/Code-Book-Science-Secrecy-Cryptography-ebook\/dp\/B004IK8PLE\/ref=sr_1_1?ie=UTF8&amp;qid=1490066925&amp;sr=8-1&amp;keywords=code+book\">The Code Book<\/a>\u00a0for a thrilling read as you see the effects of cryptography hiding behind very important moments in history. But I digress...<\/p>\n<h5><span style=\"text-decoration: underline;\">What are the goals of Cryptography?<\/span><\/h5>\n<p>Cryptographic schemes\/protocols tend to focus on achieving different goals:<\/p>\n<ul>\n<li><span style=\"text-decoration: underline;\">Message Confidentiality:<\/span> Assuring that only the authorized recipient is the only one able to extract the contents of the message from it's encrypted (hidden) form.<\/li>\n<li><span style=\"text-decoration: underline;\">Message Integrity:<\/span>\u00a0The recipient should be able to determine whether the message was tampered with.<\/li>\n<li><span style=\"text-decoration: underline;\">Sender Authentication:<\/span> The recipient should be able to determine the identity of the sender.<\/li>\n<li><span style=\"text-decoration: underline;\">Sender Non-Repudiation:<\/span> The sender should not be able to deny sending the message.<\/li>\n<\/ul>\n<p>It's worth noting that different schemes will fulfill different goals, and in some cases different schemes\/protocols can be merged to satisfy more of these goals.<\/p>\n<p>As we venture into the world of cryptography it is easy to get lost in the vast amount of schemes, protocols, and mechanism that you can find in the wild: Digital Signature schemes, Hash functions, Encryption schemes, Random Number generators, among many others. However, I want to focus on two very commonly used tools in our cryptographic arsenal:<\/p>\n<ol>\n<li>Symmetric Key Encryption (SKE) schemes<\/li>\n<li>Key Exchange Protocols (KEX) schemes<\/li>\n<\/ol>\n<h5><span style=\"text-decoration: underline;\">Anatomy of a Secure Online Connection<\/span><\/h5>\n<p>Before we dig deep into these types of schemes, I want to motivate their importance. There is no better way than to explain this, than by explaining what happens when you securely connect to an online website.<\/p>\n<p>Let's start with a simple analogy. Imagine you wish to securely communicate with your good friend \"Bob\" who happens to live on a different city. Lets assume you have at your disposal a box with a combination lock. To securely communicate you will first need to agree with Bob on a key\/password\/combination for the lock. Then you can just write your secret message, shove it inside the box and lock it. Then all Bob has to do is unlock the combo lock with the combination you guys previously agreed on and take out the message. This can go back and forth however many times.<\/p>\n<p>That's kinda what happens in real life, first we choose a key using a Key Exchange Protocol and then you encrypt (\"lock\") the message using a\u00a0Symmetric Key Encryption Scheme.<\/p>\n<figure id=\"attachment_515\" aria-describedby=\"caption-attachment-515\" style=\"width: 1024px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-515\" src=\"http:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/connection_struct-1024x623.png\" alt=\"Basic Structure of a Secure Connection\" width=\"1024\" height=\"623\" srcset=\"https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/connection_struct-1024x623.png 1024w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/connection_struct-300x182.png 300w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/connection_struct-768x467.png 768w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/connection_struct.png 1817w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption id=\"caption-attachment-515\" class=\"wp-caption-text\">Basic Structure of a Secure Connection<\/figcaption><\/figure>\n<h5><span style=\"text-decoration: underline;\">Key Exchange Protocol<\/span><\/h5>\n<p>The very first thing you have to do when initiating a secret communication is to agree upon a 'secret key' \u00a0(the combination for the lock in the previous example).\u00a0This process is a bit tricky since it is happening through an insecure channel, so you just can't say \"Hey Bob, lets use 12345 as our secret key\", cause everyone will hear you.<\/p>\n<p>In reality we use something called Diffie-Hellman (or variations of DH). It essentially works by doing the following:<\/p>\n<ol>\n<li>Each user has a \"Secret Key\" number (<span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_0cc175b9c0f1b6a831c399e269772661.gif' style='vertical-align: middle; border: none; padding-bottom:2px;' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script> &amp; <span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_92eb5ffee6ae2fec3ad71c777531578f.gif' style='vertical-align: middle; border: none; padding-bottom:1px;' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script>) that they decided before hand (and no one except them knows).<\/li>\n<li>There is a \"Public\" number (<span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_b2f5ff47436671b6e533d8dc3614845d.gif' style='vertical-align: middle; border: none; padding-bottom:1px;' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script>) that is shared by everyone.<\/li>\n<li>When Alice and Bob want to connect, Alice calculates \u00a0<span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_002d8bf2cc05365d52bb8799276047ec.gif' style='vertical-align: middle; border: none; ' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script> and Bob calculates <span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_8e953ea99158bd57be38b27efb55546c.gif' style='vertical-align: middle; border: none; ' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script>.<\/li>\n<li>They both exchange these <span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_7fc56270e7a70fa81a5935b72eacbe29.gif' style='vertical-align: middle; border: none; ' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script> and <span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_9d5ed678fe57bcca610140957afab571.gif' style='vertical-align: middle; border: none; padding-bottom:1px;' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script> they just calculated<\/li>\n<li>Finally, Alice obtains the Shared Key by calculating <span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_7f8d543a40b7c63ac37610b899e0bd02.gif' style='vertical-align: middle; border: none; ' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script> and Bob does the same with <span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_6d949753733de31290fcce63a9bdb427.gif' style='vertical-align: middle; border: none; ' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script> to retrieve the same key (number).<\/li>\n<\/ol>\n<p>This works because <span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_0b73a8db9cb460268c13df9290232125.gif' style='vertical-align: middle; border: none; ' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script>. Furthermore, it is hard to figure out <span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_0cc175b9c0f1b6a831c399e269772661.gif' style='vertical-align: middle; border: none; padding-bottom:2px;' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script> and <span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_92eb5ffee6ae2fec3ad71c777531578f.gif' style='vertical-align: middle; border: none; padding-bottom:1px;' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script>, because calculating <span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_0cc175b9c0f1b6a831c399e269772661.gif' style='vertical-align: middle; border: none; padding-bottom:2px;' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script> given <span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_72974a8b3ff4261878a9ec106886e0da.gif' style='vertical-align: middle; border: none; ' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script> is\u00a0computationally hard. (Aka. if <span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_c0d397792e1b4ebf3a33c953c5fd714f.gif' style='vertical-align: middle; border: none; padding-bottom:1px;' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script> and <span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_92eb5ffee6ae2fec3ad71c777531578f.gif' style='vertical-align: middle; border: none; padding-bottom:1px;' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script> are really big numbers, it takes ages to factorize <span class='MathJax_Preview'><img src='https:\/\/konukoii.com\/blog\/wp-content\/plugins\/latex\/cache\/tex_72974a8b3ff4261878a9ec106886e0da.gif' style='vertical-align: middle; border: none; ' class='tex' alt=\"\" \/><\/span><script type='math\/tex'><\/script>). If you still have doubts, check out the example below (with simple numbers) or check out <a href=\"https:\/\/www.youtube.com\/watch?v=YEBfamv-_do\">this amazing explanation from Khan Academy<\/a>.<\/p>\n<figure id=\"attachment_517\" aria-describedby=\"caption-attachment-517\" style=\"width: 1024px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-517 size-large\" src=\"http:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/diff_hellman-1024x656.png\" alt=\"Simple Diffie Hellman Example\" width=\"1024\" height=\"656\" srcset=\"https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/diff_hellman-1024x656.png 1024w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/diff_hellman-300x192.png 300w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/diff_hellman-768x492.png 768w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/diff_hellman.png 1824w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption id=\"caption-attachment-517\" class=\"wp-caption-text\">Simple Diffie Hellman Example<\/figcaption><\/figure>\n<h5><span style=\"text-decoration: underline;\">Symmetric Key Encryption Scheme<\/span><\/h5>\n<p>Symmetric Key Encryption schemes are simply schemes that given a message and a key allow to encrypt and decrypt the message. Although there are\u00a0a ton of different SKE schemes. Instead of going through some of the hardcore ones we use on the internet now a days, let's take a really simple one; The Caesar cipher.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-520 size-large\" src=\"http:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/ske-1-1024x458.png\" alt=\"\" width=\"1024\" height=\"458\" srcset=\"https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/ske-1-1024x458.png 1024w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/ske-1-300x134.png 300w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/ske-1-768x344.png 768w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2017\/04\/ske-1.png 1796w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<h6><span style=\"text-decoration: underline;\"><strong>SKE Example: Ceasar Cipher<\/strong><\/span><\/h6>\n<p>This is an encryption scheme said to be used by Julius Caesar to communicate top secret messages (ergo the name). The scheme attempts to achieve Message Confidentiality (although it was long broken). Like all SKE, it is comprised of 2 algorithms that allow to Encrypt and Decrypt.<\/p>\n<p><strong><span style=\"text-decoration: underline;\">Encrypt:<\/span> <\/strong>We will take a password\u00a0<strong>p\u00a0<\/strong>(such that p is between 0 and 26) and a message that we want to decrypt. We will then encrypt by substituting each letter on the message by a letter that is\u00a0<strong>p\u00a0<\/strong>positions to the <strong>right<\/strong> of it on the alphabet (refer to picture below).\u00a0So if we want to encrypt '<strong>abc<\/strong>' with password p=1, we would get '<strong>bcd<\/strong>'.<\/p>\n<figure style=\"width: 856px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-large\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/4\/4a\/Caesar_cipher_left_shift_of_3.svg\" alt=\"Caesar Shift - Source: Matt_Crypto - Wikipedia\" width=\"856\" height=\"361\" \/><figcaption class=\"wp-caption-text\">Caesar Shift - Source: Matt_Crypto - Wikipedia<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<p><strong><span style=\"text-decoration: underline;\">Decrypt:<\/span><\/strong> To decrypt we do the exact opposite calculation, so instead we will subsitute\u00a0each letter on the message by a letter that is\u00a0<strong>p\u00a0<\/strong>positions to the\u00a0<strong>left<\/strong>. So if we want to decrypt '<strong>bcd<\/strong>' we with password <strong>p=1<\/strong>, we would get '<strong>abc<\/strong>'<\/p>\n<p>Not that hard, eh? Looking at this you might think its pretty silly, but amazingly, this was used time and time again to send sensitive messages during the times of the Roman Empire. Of course, someone along the line saw that you only needed to test for 26 keys (which you can test pretty fast) and the scheme was done for.<\/p>\n<h5><span style=\"text-decoration: underline;\">Conclusion<\/span><\/h5>\n<p>Hopefully, this small <em>Crypto<\/em> crash course has been useful to peek into the fascinating world of Cryptography.\u00a0I'm not going to claim that Crypto is a breeze, but I don't think it is complex to the point of being un-understandable by the general public. Furthermore, since your life is surrounded by it, it is certainly useful to at least have a brief overview of what it is and how you are using it. If you have any questions or suggestions feel free to comment or contact me. Cheers!<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>To those not on the field, the word 'Cryptography' seems to be surrounded by some&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/konukoii.com\/blog\/2017\/04\/10\/demystifying-cryptography\/\">Read the post<span class=\"screen-reader-text\">Demystifying Cryptography<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":526,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,4],"tags":[97,39,96,26],"class_list":["post-499","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-compsec","category-cryptography","tag-caesar-cipher","tag-cryptography","tag-key-exchange","tag-tutorial","excerpt","zoom","full-without-featured","even","excerpt-0"],"_links":{"self":[{"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/posts\/499","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/comments?post=499"}],"version-history":[{"count":14,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/posts\/499\/revisions"}],"predecessor-version":[{"id":736,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/posts\/499\/revisions\/736"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/media\/526"}],"wp:attachment":[{"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/media?parent=499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/categories?post=499"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/tags?post=499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}