## Crypto Algorithms – Hashing, Encryption and Digital Signatures

In this article I will talk about crypto-algorithms (Symmetric and Asymmetric Algorithms) that are the basics for many applications such as Blockchain, Crypto-currencies and Mobile banking. Starting by symmetric cryptography where a common key is used between the sender and the receiver. The main issue with symmetric crypto is that we are exchanging keys over unsecure channel. Under the symmetric crypto, we have stream ciphers where we encrypt bits individually following modular arithmetic with finite sets using pseudo random generators CPRNG and Linear feedback shift registers LFSRs. we also have block ciphers that encrypt block of bits following a number of permutations and encryption steps with S and E-Boxes using Feistel network. DES is an example of that where the encryption key is 56 bits in length. With brute force attack, DES was easily breakable after the raise of new FPGAs that can perform the 2^56 computations. 3DES was the alternative where the encryption is done with 3 different DES keys. The other alternative was AES where the key length is 128/192/256 and which leverages Galois fields. By far, AES is the most used symmetric crypto cipher today, used in most of the web browsers (https) and banking systems (credit card information).

Key establishment is critical for system security. In DH key exchange for instance, both parties agree on the session key (KAB = αab mod p, where a is the secret key of 1st party and b is the secret key of 2nd party). This could be manipulated through the Man In the Middle attack where an adversary can generate her own private keys and send it to both parties; This attack worked against all public schemes and the solution to that was having a Key distribution centre or Certificate Authority; in this case the public keys of both parties are signed by the private key of the CA.

Unlike symmetric algorithms, asymmetric or public key cryptography requires a computation of 2 keys – public key that is available on the internet and a private key; encryption happens using a public key and decryption happens using private and public keys.  There are 2 main families of public key algorithms – the integer factorization family which includes RSA algorithm that can be used as a key exchange, encryption or digital signature algorithm and the discrete logarithm families which includes Diffie Hellman(used mainly as key exchange) , elgamal (used mainly for encryption) and Elliptic curves (used as a key exchange ECDH or as digital signature ECDSA).  RSA Encryption (1024-2048 bit length) which utilizes the Extended Euclidean algorithms gcd and Euler’s ϕ(n) to choose a public key and to compute a private key proved to be secure (2^1024 computation is not an easy task to do). Diffie Hellman key exchange (1024-2048) is another application for asymmetric crypto which utilizes the cyclic group Zp* of integers and requires someone to solve the discrete logarithm problem (log2^1024mod1024) to be broken. Elliptic curve digital signatures (160bits) is the 3rd application which utilizes a cyclic group Zp of (x,y) coordinates in the curve and requires someone to solve the general discrete logarithm which is an extremely hard problem to solve; this is one of the main digital signatures in use today used in e-commerce where you sign a transaction with your private key Kpr and the e-commerce site verifies the transaction using the public key Kpub.

One more restriction we have for digital signatures is the message length of maximum 256Bytes so if you have a long message or a file of big size, we need a hash function to compress the file. Hash functions are auxiliary functions in cryptography used for Digital signatures, MACs, Key derivations etc; the main requirement of hash functions (ex: SHA256) is collision resistance, so in the case of ECDSA, the output bits are 160 so you need 2^((n+1)/2)ln(sqrt(1/(1-  λ)) where  λ is likelihood of the collision; Doing the math, you need 2^81 values to find a collision.

Reference: www.crypto-textbook.com 