## Encryption Today: How Safe Is Itreally?

Cryptographic algorithms have been in a constant arms race with systems seeking to crack them. Yuri Samoilov/Flickr , CC BY Senior Lecturer in Information Technology, Monash University Ron Steinfeld receives funding from the Australian Research Council. Monash University provides funding as a founding partner of The Conversation AU. Victoria State Government provides funding as a strategic partner of The Conversation AU. When checking your email over a secure connection, or making a purchase from an online retailer, have you ever wondered how your private information or credit card data is kept secure? Our information is kept away from prying eyes thanks to cryptographic algorithms , which scramble the message so no-one else can read it but its intended recipient. But what are these algorithms, how did they come to be widely used, and how secure really are they? The first cryptographic methods actually go back thousands of years to the time of ancient Greece. Indeed, the word cryptography is a combination of the Greek words for secret and writing. For example, the Spartans famously used a system where they wrapped a piece of papyrus around a staff of a certain girth, and wrote their message down the length of the staff. When the papyrus was unravelled, the message was jumbled until it reached its destination and was wrapped around another staff of the correct circumference. Early encryption algorithms like these had to be applied manually by the sender and receiver. They typically consisted of simple letter rearrangement, such a transposition or substitution . The most famous one is the Caesar cipher , which was used by the military commanders of the Roman emperor Julius Ceaser. Each letter in the message was replaced in the encrypted text the ciphertext by another let Continue reading >>

## Hard Mathematical Problems As Basis For New Cryptographic Techniques

Packing a rucksack in such a manner that, taken together, the items inside offer optimal benefit is not trivial from the mathematical point of view at least if you assume the rucksack is very big. Hard mathematical problems as basis for new cryptographic techniques IT security experts dream of unbreakable cryptographic algorithms. Vision or fantasy? For many people, their holidays start with a challenge: how is all that stuff supposed to fit into the suitcase, bag or rucksack? From the mathematical point of view, it is anything but trivial to find an algorithm for packing a rucksack in such a manner that, taken together, the items inside offer optimal benefit. The decision to bring a toothbrush is certainly an easy one, says Prof Dr Eike Kiltz from the Chair for Cryptography. It is small and offers great benefit. But what about the hairdryer? Do I bring that, too? The rucksack problem since more than 100 years unsolved The rucksack example is based on a hard mathematical problem. Researchers have been attempting to find an efficient solution for it for over one hundred years. However, in their variant of the problem, the rucksack would be much larger than in real life. This is precisely the kind of hard mathematical problem that Eike Kiltz studies. He has developed new encryption and authentication algorithms that are virtually unbreakable. If somebody succeeded in breaking those algorithms, he would be able to solve a mathematical problem that the greatest mathematical minds have been poring over for 100 or 200 years, compares Kiltz. Eike Kiltz develops cryptographic algorithms based on hard mathematical problems. Based on this notion, the researcher has opted for an unconventional approach. New cryptographic algorithms are typically created following the ad-hoc princ Continue reading >>

## Traditional Cryptology Problems | Howstuffworks

Both the secret-key and public-key methods of cryptology have unique flaws. Oddly enough, quantum physics can be used to either solve or expand these flaws. The problem with public-key cryptology is that it's based on the staggering size of the numbers created by the combination of the key and the algorithm used to encode the message. These numbers can reach unbelievable proportions. What's more, they can be made so that in order to understand each bit of output data, you have to also understand every other bit as well. This means that to crack a 128-bit key, the possible numbers used can reach upward to the 1038 power [source: Dartmouth College ]. That's a lot of possible numbers for the correct combination to the key. The keys used in modern cryptography are so large, in fact, that a billion computers working in conjunction with each processing a billion calculations per second would still take a trillion years to definitively crack a key [source: Dartmouth College ]. This isn't a problem now, but it soon will be. Current computers will be replaced in the near future with quantum computers , which exploit the properties of physics on the immensely small quantum scale. Since they can operate on the quantum level, these computers are expected to be able to perform calculations and operate at speeds no computer in use now could possibly achieve. So the codes that would take a trillion years to break with conventional computers could possibly be cracked in much less time with quantum computers. This means that secret-key cryptology (SKC) looks to be the preferred method of transferring ciphers in the future. But SKC has its problems as well. The chief problem with SKC is how the two users agree on what secret key to use. If you live next door to the person with whom you Continue reading >>

## What Is Cryptography?

Cryptography provides for secure communication in the presence of malicious third-partiesknown as adversaries. Encryption (a major component of cryptography) uses an algorithm and a key to transform an input (i.e., plaintext) into an encrypted output (i.e., ciphertext). A given algorithm will always transform the same plaintext into the same ciphertext if the same key is used. Algorithms are considered secure if an attacker cannot determine any properties of the plaintext or key, given the ciphertext. An attacker should not be able to determine anything about a key given a large number of plaintext/ciphertext combinations which used the key. What is the difference between symmetric and asymmetric cryptography? With symmetric cryptography, the same key is used for both encryption and decryption. A sender and a recipient must already have a shared key that is known to both. Key distribution is a tricky problemand was the impetus for developing asymmetric cryptography. With asymmetric crypto, two different keys are used for encryption and decryption. Every user in an asymmetric cryptosystem has both a public key and a private key. The private key is kept secret at all times, but the public key may be freely distributed. Data encrypted with a public key may only be decrypted with the corresponding private key. So, sending a message to John requires encrypting that message with Johns public key. Only John can decrypt the message, as only John has his private key. Any data encrypted with a private key can only be decrypted with the corresponding public key. Similarly, Jane could digitally sign a message with her private key, and anyone with Janes public key could decrypt the signed message and verify that it was in fact Jane who sent it. Symmetric is generally very fast and Continue reading >>

## What Is Lattice-based Cryptography & Why Should Youcare

What is Lattice-based cryptography & why should youcare Or how do we protect todays encrypted information against tomorrows quantumattacks? Lately, the question of how close we are to quantum computing (QC) becoming mainstream have been gaining momentum. Clearly, as we get closer, it is reasonable and even urgent to beef up our systems resistance to post-quantum attacks, some of which, as we can now envision, would leverage future QCs capability to decrypt the data collected today. With that, Lattice-based cryptography has been in the news a lot. So what is it and what is its potential for our post-quantum future? Cryptography comes in different flavors. For the longest time, at least as far back as Julius Caesar, encryption schemes and other cryptographic tools mostly followed ad-hoc designs. Security was mainly based on intuition and heuristics. However, in the late 1970s early 1980s, a new, more principled and rigorous methodology emerged. The key idea is the following. The field of mathematics is full of very-very difficult problems which humanity has collectively failed to solve despite many decades, centuries or even millennia of trying. Now imagine that we could build an encryption scheme in a way that breaking its security requires solving one of these very hard problems. This would turn all the seemingly wasted efforts devoted to that problem by mathematicians present and past into evidence of the security of our newly proven encryption scheme. In fact, all those failed attempts can now be seen as attempts to break the encryption schemes security. Of course, this is easier said than done. Indeed, one of the most difficult tasks here is to find a suitable unsolved mathematical problem. On the one hand, to give us the desired confidence in its difficulty, the pr Continue reading >>

## The Cryptopals Crypto Challenges

This site will host all eight sets of our crypto challenges, with solutions in most mainstream languages. But: it doesn't yet. If we waited to hit "publish" until everything was here, we might be writing this in 2015. So we're publishing as we go. In particular: give us a little time on the challenge solutions. We can't introduce these any better than Maciej Ceglowski did, so read that blog post first. We've built a collection of 48 exercises that demonstrate attacks on real-world crypto. This is a different way to learn about crypto than taking a class or reading a book. We give you problems to solve. They're derived from weaknesses in real-world systems and modern cryptographic constructions. We give you enough info to learn about the underlying crypto concepts yourself. When you're finished, you'll not only have learned a good deal about how cryptosystems are built, but you'll also understand how they're attacked. There aren't any! For several years, we ran these challenges over email, and asked participants not to share their results. The honor system worked beautifully! But now we're ready to set aside the ceremony and just publish the challenges for everyone to work on. If you have any trouble with the math in these problems, you should be able to find a local 9th grader to help you out. It turns out that many modern crypto attacks don't involve much hard math. You'll want to be able to code proficiently in any language. We've received submissions in C, C++, Python, Ruby, Perl, Visual Basic, X86 Assembly, Haskell, and Lisp. Surprise us with another language. Our friend Maciej says these challenges are a good way to learn a new language, so maybe now's the time to pick up Clojure or Rust. Right now, we have eight sets. They get progressively harder. Again: these a Continue reading >>

## Cryptography Methods: Flaws, Solutions, And Outside Threads

Cryptography is easily one of the most important tools in keeping information secure. The algorithms employed in encryption help ensure that data is not tampered with and is able to be seen only by intended parties. Especially in recent years, the discussion of cryptography has moved outside the realm of cybersecurity experts. Many of these discussions encompass various threats to encryption, through legal means or otherwise. As encryption becomes more and more a part of the public consciousness, I felt it necessary to talk about how modern cryptography is threatened. Discussing threats is not sufficient, however, as that only highlights problems and not solutions. In this article, there will also be a discussion of how the cybersecurity community is combating these threats. In order to accomplish the aforementioned goals, we will go through various cryptographic methods widely used today and analyze their flaws (through various threat vectors). It will not be an exhaustive list, but rather an overview. After this, I will explore arguably the greatest threat to modern encryption outside of vulnerabilities: the government. Let us begin first, however, with an exploration of popular modern day cryptographic methods: RSA: Why encryption is meaningless if the developers are hacked The RSA algorithm (named for creators Ron Rivest, Adi Shamir and Leonard Adleman) is an asymmetric cryptographic method. Asymmetric cryptography employs both a public key (which can be shared amongst anyone) and a private key (which cannot be compromised as long as it is guarded). It is imperative to understand that RSA is considered the de facto standard for asymmetric cryptography. It is used in countless situations, such as creating a secure connection over an insecure network (SSH, VPN authen Continue reading >>

## What Cryptography Cant Do

Cryptography is an incredibly powerful technology for protecting information, but it is only one of many technologies that play a role in web security and commerce. Unfortunately, cryptography plays such an important role that many people assume that any computer system is automatically secure, and that any system that does not use encryption cant be made secure. As a matter of fact, the phrase secure web server is often used interchangeably with the phrase cryptographically enabled web server. Encryption isnt all-powerful. You can use the best cryptography thats theoretically possible, but if other mistakes are made in either systems design or data handling, confidential information may still be revealed. For example, a document might be encrypted so that it could only be decoded by one person, but if that person prints out a document and then throws it out without first shredding the paper, the secrets that the document contains could still end up on the front page of the local newspaper. Likewise, cryptography isnt an appropriate solution for many problems, including the following: Cryptography cant protect your unencrypted documents Even if you set up your web server so that it only sends files to people using 1024-bit SSL, remember that the unencrypted originals still reside on your web server. Unless you separately encrypt them, those files are vulnerable. Somebody breaking into the computer on which your server is located will have access to the data. Cryptography cant protect against stolen encryption keys The whole point of using encryption is to make it possible for people who have your encryption keys to decrypt your files or messages. Thus, any attacker who can steal or purchase your keys can decrypt your files and messages. Thats important to remember when Continue reading >>

## A Proof-reading Of Some Issues In Cryptography

A proof-reading of Some Issues in Cryptography Part of the Lecture Notes in Computer Science book series (LNCS, volume 4596) In this paper, we identify some issues in the interplay between practice and theory in cryptography, issues that have repeatedly appeared in different incarnations over the years. These issues are related to fundamental concepts in the field, e.g., to what extent we can prove that a system is secure and what theoretic results on security mean for practical applications. We argue that several such issues are often overlooked or misunderstood, and that it may be very productive if both theoreticians and practitioners think more consciously about these issues and act accordingly. Hash FunctionRandom OracleDecryption AlgorithmRandom Oracle ModelProvable Security These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves. This is a preview of subscription content, log in to check access. Unable to display preview. Download preview PDF. Bellare, M.: Practice-oriented provable-security. In: ISW 1997. Proceedings of First International Workshop on Information Security, pp. 221231. Springer, Heidelberg (1997) Google Scholar Bleichenbacher, D.: Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol.1462, pp. 112. Springer, Heidelberg (1998) Google Scholar Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: ACM Conference on Computer and Communications Security, pp. 6273 (1993) Google Scholar Barkan, E., Biham, E., Keller, N.: Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication. In: Boneh, D. (ed.) CRYPTO 2003. Continue reading >>

## Cryptography - Wikipedia

"Secret code" redirects here. For the Aya Kamiki album, see Secret Code . "Cryptology" redirects here. For the David S. Ware album, see Cryptology (album) . Cryptography or cryptology (from Greek krypts, "hidden, secret"; and graphein, "writing", or - -logia , "study", respectively [1] ) is the practice and study of techniques for secure communication in the presence of third parties called adversaries . [2] More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; [3] various aspects in information security such as data confidentiality , data integrity , authentication , and non-repudiation [4] are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics , computer science , electrical engineering , communication science , and physics . Applications of cryptography include electronic commerce , chip-based payment cards , digital currencies , computer passwords , and military communications . Cryptography prior to the modern age was effectively synonymous with encryption , the conversion of information from a readable state to apparent nonsense . The originator of an encrypted message shared the decoding technique needed to recover the original information only with intended recipients, thereby precluding unwanted persons from doing the same. The cryptography literature often uses the name Alice ("A") for the sender, Bob ("B") for the intended recipient, and Eve (" eavesdropper ") for the adversary. [5] Since the development of rotor cipher machines in World WarI and the advent of computers in World WarII , the methods used to carry out cryptology have become increasingly complex and its application more widespread. Modern cry Continue reading >>

## Unsolved Problems Home

In Number Theory, Logic, and Cryptography This is a web site for amateurs interested in unsolved problems in number theory, logic, and cryptography. Please read the FAQ . If you're new to the site, you may like to check out the Introduction . If you plan to be a regular visitor, you might like to bookmark the What's New page. Or go straight to any of the problems listed on the left-hand side. The primary URL for the web site is . There is a companion discussion group, , where questions can be asked and any of the problems or potential solutions discussed. Contributions and proposed solutions can be found on the Solutions page. There are monetary prizes for solutions to most of the problems on this site. For details, please see the Prizes page. If you find the site interesting, please let me know. If you would like to suggest any changes, or if you find any expired links, please let me know. And, of course, if you think you've solved any of the problems, please read the FAQ , and then let me know. Continue reading >>

## The Many, Many Ways That Cryptographic Software Canfail

The many, many ways that cryptographic software canfail Breaking cryptographic software via methods other than cryptoanalysis When cryptographic software fails, whats to blame? We rely on cryptographic algorithms and protocols every day for secure communication over the Internet. Were able to access our bank accounts online because cryptography protects us. Were able to send private messages to our friends because cryptography protects us. Were able to buy and sell things using credit cards and Bitcoin because cryptography protects us. Let me give you a concrete example of this. When you check your email through your favorite browser, the connection between your browser and the email server is secured using the TLS (transport level security) protocol, so that no one can eavesdrop on your emails or modify them in transit without your knowledge. In short, without cryptography, the Internet we know today could not be possible. Law and order on the internet depends on cryptography. But this tool that we all rely upon so heavily is also quite brittle. Our cryptographic software often lets us down . Sometime it really lets us down . Have you ever wondered why the cryptographic software including implementations of the TLS protocol fail over and over again? According Veracodes state of security reports, our cryptographic software is just as vulnerabilities as it was two years ago. Veracode ranked cryptographic issues as #2 vulnerability found in apps in2015 Veracode again ranked cryptographic issues as #2 vulnerability found in apps in2o16 Are these failing because of weaknesses in the underlying cryptographic algorithms? Well, several past attacks ( Apple iOS TLS , WD self encrypting drives , Heartbleed , WhatsApp messages , Junipers ScreenOS , DROWN , Android N-encryption a Continue reading >>

## Legal Issues With Cryptography

The use of cryptography has traditionally been associated with military intelligence gathering and its use by criminals and terrorists has the potential to make law enforcement harder. Hence it should come as no surprise that governments tend to restrict its use. Other legal issues are patent related and arise due to the complex mathematical nature of the algorithms involved. Inventors of these algorithms tend to protect their intellectual property by patenting them and requiring that the user obtain a license. All in all, the legal issues with cryptography fall into the following three categories: Export Control Issues. The US government treats certain forms of cryptographic software and hardware as munitions and has placed them under export control. What it means is that a commercial entity seeking to export certain cryptographic libraries or other software using these libraries must obtain an export license first. In recent years, the export laws have eased somewhat and it has become possible to export freely a number of commercial grade cryptographic software packages. Most of the software and capabilities included in J2SE v1.4 falls under this category. However, it is possible to have a JCE provider with capabilities that warrant review by export control authorities and perhaps, an export license. A practical manifestation of this fact is that a vendor of JCE provider must get export clearance. Import Control Issues. Somewhat less intuitive is the fact that certain countries restrict the use of certain types of cryptography within their jurisdiction. Under the jurisdiction of these countries, it is the responsibility of the user to ensure proper adherence to the law. J2SE v1.4 handles this by tying cryptographic capabilities to jurisdiction policy files. The juris Continue reading >>

## Computational Hardness Assumption

In computational complexity theory , a computational hardness assumption is the hypothesis that a particular problem cannot be solved efficiently (where efficiently typically means "in polynomial time"). It is not known how to prove (unconditional) hardness for essentially any useful problem.Instead, computer scientists rely on reductions to formally relate the hardness of a new or complicated problem to a computational hardness assumption about a problem that is better-understood. Computational hardness assumptions are of particular importance in cryptography . A major goal in cryptography is to create cryptographic primitives with provable security . In some cases, cryptographic protocols are found to have information theoretic security ; the one-time pad is a common example. However, information theoretic security cannot always be achieved; in such cases, cryptographers fall back to computational security. Roughly speaking, this means that these systems are secure assuming that any adversaries are computationally limited, as all adversaries are in practice. Computational hardness assumptions are also useful for guiding algorithm designers: a simple algorithm is unlikely to refute a well-studied computational hardness assumption such as P NP . Computer scientists have different ways of assessing which hardness assumptions are more reliable. (and the converse is false or not known).In other words, even if assumption may still be true, and cryptographic protocols based on assumption may still be safe to use.Thus when devising cryptographic protocols, one hopes to be able to prove security using the weakest possible assumptions. Average-case vs. worst-case assumptions[ edit ] An average-case assumption says that a specific problem is hard on most instances from some exp Continue reading >>

## 6 Encryption Mistakes That Lead To Data Breaches

6 encryption mistakes that lead to data breaches Encryption has made itself famous lately by helping bad guys hide secrets from good guys. If the most powerful supercomputers in the world can't break the mathematical laws of encryption, how can the FBI, NSA and CIA decipher the terrorist communications they intercept? But there's a flip-side to this question that rarely gets discussed: If encryption is so unbreakable, why do businesses and governments keep getting hacked? If terrorists can download an app from the app store that uses encryption to protect their chat messages from the NSA, why couldn't the US Office of Personnel Management, The Home Depot, Target, JPMorgan and Citi Bank (just to name a few ) use the same encryption to protect their customer data from hackers? Why do these data breaches keep happening when unbreakable encryption is readily available? The answer is simple: almost everyone is doing encryption wrong. There has been an explosion of new healthcare, financial and government applications over the past few years resulting in more and more cryptography being added to backend applications. In more cases than not, this crypto code is implemented incorrectly [1] , leaving organizations with a false sense of security that only becomes evident once they get hacked and end up in the headlines. Mistake #1: Assuming your developers are security experts "But my company is different," you might be thinking. "Our engineers are brilliant." Unfortunately, even the brightest software developers are usually not security experts. Security experts are mostly found in IT. They're system administrators, pen testers and CISOs; they're not writing code (unless you count scripts written to break into a system). Software developers are really good at figuring things ou Continue reading >>