update
This commit is contained in:
eneller
@@ -59,3 +59,10 @@
|
||||
url = "https://en.wikipedia.org/w/index.php?title=Man-in-the-middle_attack&oldid=1347824570",
|
||||
note = "[Online; accessed 10-April-2026]"
|
||||
}
|
||||
@misc{ enwiki:galoismode,
|
||||
author = "{Wikipedia contributors}",
|
||||
title = "Galois/Counter Mode --- {Wikipedia}{,} The Free Encyclopedia",
|
||||
year = "2026",
|
||||
url = "https://en.wikipedia.org/w/index.php?title=Galois/Counter_Mode&oldid=1352962810",
|
||||
note = "[Online; accessed 10-May-2026]"
|
||||
}
|
||||
29
crypto.tex
29
crypto.tex
@@ -17,6 +17,8 @@
|
||||
\usepackage[style=ieee, backend=biber, maxnames=1, minnames=1]{biblatex}
|
||||
\addbibresource{crypto.bib}
|
||||
\usepackage{glossaries}
|
||||
|
||||
\newcommand{\ub}[2]{\underbrace{\text{#1}}_{\text{#2}}}
|
||||
\makeglossaries
|
||||
\newacronym{DES}{DES}{Data Encryption Standard}
|
||||
\newacronym{AES}{AES}{Advanced Encryption Standard}
|
||||
@@ -170,20 +172,20 @@ Extended versions of \acrshort{DES} such as Triple-DES (or 3DES) are still in us
|
||||
|
||||
In \acrshort{DES}, the message is encrypted in 16 rounds, as well as an initial and final permutation (IP and FP),
|
||||
which are inverses. IP and FP were included to facilitate hardware loading of blocks.
|
||||
Each round consists of several parts:
|
||||
After splitting the 64-Bit message into two 32-Bit blocks left (L) and right (R), the two halves are processed in the
|
||||
16-round feistel network in a criss-cross pattern as follows:
|
||||
\begin{itemize}
|
||||
\item split the 64-Bit message into two 32-Bit blocks left (L) and right (R).
|
||||
\item derive a 48-Bit \textit{round key} from the original 64-Bit \textit{main key} using a fixed \textit{key schedule}.
|
||||
\item apply the \textit{Feistel function} to the R-block, which also applies the \textit{round key}.
|
||||
\item XOR the right block to the left block.
|
||||
\end{itemize}
|
||||
A round key is then applied to the \textbf{R-Block} in a \textit{Feistel function}
|
||||
Modern encryptions are commonly based on feistel networks as they make it easy to ensure bijection,
|
||||
thus providing the necessary criterion for a cipher.
|
||||
Further, due to the decryption process using the same algorithm with a reversed \textit{key schedule}
|
||||
as well as the iterative nature of a feistel network,
|
||||
they naturally lend themselves to hardware implementations.
|
||||
|
||||
|
||||
The decryption process uses the same algorithm with a reversed \textit{key schedule}.
|
||||
|
||||
|
||||
\subsection{AES}
|
||||
\subsection{AES} %TODO
|
||||
The \acrfull{AES} superseded \acrshort{DES} in 2001 after an official selection process.
|
||||
Unlike its predecessor, it does not use a Feistel network.
|
||||
|
||||
@@ -194,12 +196,12 @@ Unlike its predecessor, it does not use a Feistel network.
|
||||
\section{Asymmetric Encryption}
|
||||
Symmetric encryption however historically suffered from a key exchange problem;
|
||||
because the same key is used for encryption and decryption, a secure channel is required to agree on a common key.
|
||||
This chicken-and-egg problem can be solved in two ways.
|
||||
This chicken-and-egg problem can be solved in two major ways, both typically relying on the mathematical theory of
|
||||
\textbf{galois fields}, employing either \textit{modular arithmetic} or \textit{elliptic curves}.
|
||||
|
||||
\paragraph{The Difie-Hellman Key Exchange} is an algorithm allowing the communication parties to establish a shared secret using
|
||||
properties of the discrete logarithm.
|
||||
|
||||
\paragraph{Asymmetric} Cryptography
|
||||
Both methods however are still vulnerable to a \acrfull{mitm}, thus also requiring a trusted \acrfull{CA} for authentication. \cite{enwiki:mitm}
|
||||
|
||||
\subsection{RSA}
|
||||
@@ -222,8 +224,11 @@ The algorithm they came up with relies on modular arithmetic, which remains the
|
||||
\clearpage
|
||||
|
||||
\section{Conclusion}
|
||||
Complementary,
|
||||
typical cipher suite: ECDHE-ECDSA-AES128-GCM-SHA256 \citetitle{enwiki:ciphersuite}
|
||||
Trust on the web with untrusted channels fundamentally remains an unsolved issue,
|
||||
though depending on the threat model, everyday communications can be considered relatively secure from non-APT actors.
|
||||
A typical cipher suite employed by TLS could look like the following:
|
||||
$$\ub{ECDHE}{Key exchange}-\ub{ECDSA}{authentication}-\ub{AES128}{encryption}-\ub{GCM}{Galois/counter mode}-\ub{SHA256}{hashing} $$
|
||||
\cite{enwiki:ciphersuite,enwiki:galoismode}
|
||||
%\printglossary[type=\acronymtype]
|
||||
%\printglossary
|
||||
\printbibliography
|
||||
|
||||
Reference in New Issue
Block a user