Category Archives: Cryptography

An Open Letter from US Researchers in Cryptography and …

Posted on by

An Open Letter from US Researchers in Cryptography and Information Security January 24, 2014

Media reports since last June have revealed that the US government conducts domestic and international surveillance on a massive scale, that it engages in deliberate and covert weakening of Internet security standards, and that it pressures US technology companies to deploy backdoors and other data-collection features. As leading members of the US cryptography and information-security research communities, we deplore these practices and urge that they be changed.

Indiscriminate collection, storage, and processing of unprecedented amounts of personal information chill free speech and invite many types of abuse, ranging from mission creep to identity theft. These are not hypothetical problems; they have occurred many times in the past. Inserting backdoors, sabotaging standards, and tapping commercial data-center links provide bad actors, foreign and domestic, opportunities to exploit the resulting vulnerabilities.

The value of society-wide surveillance in preventing terrorism is unclear, but the threat that such surveillance poses to privacy, democracy, and the US technology sector is readily apparent. Because transparency and public consent are at the core of our democracy, we call upon the US government to subject all mass-surveillance activities to public scrutiny and to resist the deployment of mass-surveillance programs in advance of sound technical and social controls. In finding a way forward, the five principles promulgated at http://reformgovernmentsurveillance.com/ provide a good starting point.

The choice is not whether to allow the NSA to spy. The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life. We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.

Martn Abadi Professor Emeritus, University of California, Santa Cruz Hal Abelson Professor, Massachusetts Institute of Technology Alessandro Acquisti Associate Professor, Carnegie Mellon University Boaz Barak Editorial-board member, Journal of the ACM1 Mihir Bellare Professor, University of California, San Diego Steven Bellovin Professor, Columbia University L. Jean Camp Professor, Indiana University Ran Canetti Professor, Boston University and Tel Aviv University Lorrie Faith Cranor Associate Professor, Carnegie Mellon University Cynthia Dwork Member, US National Academy of Engineering Joan Feigenbaum Professor, Yale University Edward Felten Professor, Princeton University Niels Ferguson Author, Cryptography Engineering: Design Principles and Practical Applications Michael Fischer Professor, Yale University Bryan Ford Assistant Professor, Yale University Matthew Franklin Professor, University of California, Davis Juan Garay Program Committee Co-Chair, CRYPTO2 2014 Shai Halevi Director, International Association for Cryptologic Research Somesh Jha Professor, University of Wisconsin Madison Ari Juels Program Committee Co-Chair, 2013 ACM Cloud-Computing Security Workshop1 M. Frans Kaashoek Professor, Massachusetts Institute of Technology Hugo Krawczyk Fellow, International Association for Cryptologic Research Susan Landau Author, Surveillance or Security? The Risks Posed by New Wiretapping Technologies Wenke Lee Professor, Georgia Institute of Technology Anna Lysyanskaya Professor, Brown University Tal Malkin Associate Professor, Columbia University David Mazires Associate Professor, Stanford University Kevin McCurley Fellow, International Association for Cryptologic Research Patrick McDaniel Professor, The Pennsylvania State University Daniele Micciancio Professor, University of California, San Diego Andrew Myers Professor, Cornell University Vern Paxson Professor, University of California, Berkeley Jon Peha Professor, Carnegie Mellon University Thomas Ristenpart Assistant Professor, University of Wisconsin Madison Ronald Rivest Professor, Massachusetts Institute of Technology Phillip Rogaway Professor, University of California, Davis Greg Rose Officer, International Association for Cryptologic Research Amit Sahai Professor, University of California, Los Angeles Bruce Schneier Fellow, Berkman Center for Internet and Society, Harvard Law School Hovav Shacham Associate Professor, University of California, San Diego Abhi Shelat Associate Professor, University of Virginia Thomas Shrimpton Associate Professor, Portland State University Avi Silberschatz Professor, Yale University Adam Smith Associate Professor, The Pennsylvania State University Dawn Song Associate Professor, University of California, Berkeley Gene Tsudik Professor, University of California, Irvine Salil Vadhan Professor, Harvard University Rebecca Wright Professor, Rutgers University Moti Yung Fellow, Association for Computing Machinery1 Nickolai Zeldovich Associate Professor, Massachusetts Institute of Technology

This letter can be found at: http://MassSurveillance.info Institutional affiliations for identification purposes only. This letter represents the views of the signatories, not necessarily those of their employers or other organizations with which they are affiliated.

1 The Association for Computing Machinery (ACM) is the premier organization of computing professionals. 2 CRYPTO is an annual research conference sponsored by the International Association for Cryptologic Research.

See the original post:

An Open Letter from US Researchers in Cryptography and ...

An Overview of Cryptography – Gary C. Kessler

Posted on by

Does increased security provide comfort to paranoid people? Or does security provide some very basic protections that we are naive to believe that we don't need? During this time when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with.

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography, which is the focus of this chapter. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. The reader is advised, then, that the topics covered in this chapter only describe the first of many steps necessary for better security in any number of situations.

This paper has two major purposes. The first is to define some of the terms and concepts behind basic cryptographic methods, and to offer a way to compare the myriad cryptographic schemes in use today. The second is to provide some real examples of cryptography in use today.

I would like to say at the outset that this paper is very focused on terms, concepts, and schemes in current use and is not a treatise of the whole field. No mention is made here about pre-computerized crypto schemes, the difference between a substitution and transposition cipher, cryptanalysis, or other history. Interested readers should check out some of the books in the references section below for detailed and interesting! background information.

Cryptography is the science of writing in secret code and is an ancient art; the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously sometime after writing was invented, with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet.

Within the context of any application-to-application communication, there are some specific security requirements, including:

Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication. There are, in general, three types of cryptographic schemes typically used to accomplish these goals: secret key (or symmetric) cryptography, public-key (or asymmetric) cryptography, and hash functions, each of which is described below. In all cases, the initial unencrypted data is referred to as plaintext. It is encrypted into ciphertext, which will in turn (usually) be decrypted into usable plaintext.

In many of the descriptions below, two communicating parties will be referred to as Alice and Bob; this is the common nomenclature in the crypto field and literature to make it easier to identify the communicating parties. If there is a third or fourth party to the communication, they will be referred to as Carol and Dave. Mallory is a malicious party, Eve is an eavesdropper, and Trent is a trusted third party.

There are several ways of classifying cryptographic algorithms. For purposes of this paper, they will be categorized based on the number of keys that are employed for encryption and decryption, and further defined by their application and use. The three types of algorithms that will be discussed are (Figure 1):

With secret key cryptography, a single key is used for both encryption and decryption. As shown in Figure 1A, the sender uses the key (or some set of rules) to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key (or ruleset) to decrypt the message and recover the plaintext. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.

Excerpt from:

An Overview of Cryptography - Gary C. Kessler

Cryptography – Wikipedia, the free encyclopedia

Posted on by

"Secret code" redirects here. For the Aya Kamiki album, see Secret Code.

Cryptography (or cryptology; from Greek , "hidden, secret"; and , graphein, "writing", or -, -logia, "study", respectively)[1] is the practice and study of techniques for secure communication in the presence of third parties (called adversaries).[2] More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries[3] and which are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation.[4] Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.

Cryptography prior to the modern age was effectively synonymous with encryption, the conversion of information from a readable state to apparent nonsense. The originator of an encrypted message shared the decoding technique needed to recover the original information only with intended recipients, thereby precluding unwanted persons to do the same. Since World WarI and the advent of the computer, the methods used to carry out cryptology have become increasingly complex and its application more widespread.

Modern cryptography is heavily based on mathematical theory and computer science practice; cryptographic algorithms are designed around computational hardness assumptions, making such algorithms hard to break in practice by any adversary. It is theoretically possible to break such a system but it is infeasible to do so by any known practical means. These schemes are therefore termed computationally secure; theoretical advances, e.g., improvements in integer factorization algorithms, and faster computing technology require these solutions to be continually adapted. There exist information-theoretically secure schemes that provably cannot be broken even with unlimited computing poweran example is the one-time padbut these schemes are more difficult to implement than the best theoretically breakable but computationally secure mechanisms.

Cryptology-related technology has raised a number of legal issues. In the United Kingdom, additions to the Regulation of Investigatory Powers Act 2000 require a suspected criminal to hand over his or her decryption key if asked by law enforcement. Otherwise the user will face a criminal charge.[5] The Electronic Frontier Foundation (EFF) was involved in a case in the United States which questioned whether requiring suspected criminals to provide their decryption keys to law enforcement is unconstitutional. The EFF argued that this is a violation of the right of not being forced to incriminate oneself, as given in the fifth amendment.[6]

Until modern times cryptography referred almost exclusively to encryption, which is the process of converting ordinary information (called plaintext) into unintelligible text (called ciphertext).[7] Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext. A cipher (or cypher) is a pair of algorithms that create the encryption and the reversing decryption. The detailed operation of a cipher is controlled both by the algorithm and in each instance by a "key". This is a secret (ideally known only to the communicants), usually a short string of characters, which is needed to decrypt the ciphertext. A "cryptosystem" is the ordered list of elements of finite possible plaintexts, finite possible cyphertexts, finite possible keys, and the encryption and decryption algorithms which correspond to each key. Keys are important, as ciphers without variable keys can be trivially broken with only the knowledge of the cipher used and are therefore useless (or even counter-productive) for most purposes. Historically, ciphers were often used directly for encryption or decryption without additional procedures such as authentication or integrity checks.

In colloquial use, the term "code" is often used to mean any method of encryption or concealment of meaning. However, in cryptography, code has a more specific meaning. It means the replacement of a unit of plaintext (i.e., a meaningful word or phrase) with a code word (for example, wallaby replaces attack at dawn). Codes are no longer used in serious cryptographyexcept incidentally for such things as unit designations (e.g., Bronco Flight or Operation Overlord)since properly chosen ciphers are both more practical and more secure than even the best codes and also are better adapted to computers.

Cryptanalysis is the term used for the study of methods for obtaining the meaning of encrypted information without access to the key normally required to do so; i.e., it is the study of how to crack encryption algorithms or their implementations.

Some use the terms cryptography and cryptology interchangeably in English, while others (including US military practice generally) use cryptography to refer specifically to the use and practice of cryptographic techniques and cryptology to refer to the combined study of cryptography and cryptanalysis.[8][9] English is more flexible than several other languages in which cryptology (done by cryptologists) is always used in the second sense above. In the English Wikipedia the general term used for the entire field is cryptography (done by cryptographers).

The study of characteristics of languages which have some application in cryptography (or cryptology), i.e. frequency data, letter combinations, universal patterns, etc., is called cryptolinguistics.

Visit link:

Cryptography - Wikipedia, the free encyclopedia