Cryptography for Absolute Beginners Svetlin Nakov @ Sofia Science Festival, May 2019 Video (Bulgarian language): https://youtu.be/-QzFcUkM7_4 Blog: https://nakov.com/blog/2019/05/13/cryptography-for-absolute-beginners-nakov-at-sofia-science-festival-may-2019/

1. Hashes, MAC, Key Derivation, Encrypting Passwords,
Symmetric Ciphers & AES, Digital Signatures & ECDSA
Cryptography for Absolute Beginners
Dr. Svetlin Nakov
Co-Founder, Chief Training & Innovation
@ Software University (SoftUni)
https://nakov.com
Software University (SoftUni) – http://softuni.org

2. Table of Contents
1. About the Speaker
2. What is Cryptography?
3. Hashes, MAC Codes and Key Derivation (KDF)
4. Encrypting Passwords: from Plaintext to Argon2
5. Symmetric Encryption and AES
6. Digital Signatures, Elliptic Curves and ECDSA
2

3.  Software engineer, trainer, entrepreneur,
PhD, author of 15+ books, blockchain expert
 3 successful tech educational initiatives (150,000+ students)
About Dr. Svetlin Nakov
3

4. Book "Practical Cryptography for Developers"
4
GitHub:
github.com/nakov/pra
ctical-cryptography-
for-developers-book
Book site:
https://cryptobook.
nakov.com

5. What is Cryptography?

6.  Cryptography provides security and protection of information
 Storing and transmitting data in a secure way
 Hashing data (message digest) and MAC codes
 Encrypting and decrypting data
 Symmetric and asymmetric schemes
 Key derivation functions (KDF)
 Key agreement schemes, digital certificates
 Digital signatures (sign / verify)
What is Cryptography?
6

7. Cryptographic Hash Functions

8. What is Cryptographic Hash Function?
8
 One-way transformation, infeasible to invert
 Extremely little chance to find a collision
Some text
Some text
Some text
Some text
Some text
Some text
Some text
20c9ad97c081d63397d
7b685a412227a40e23c
8bdc6688c6f37e97cfb
c22d2b4d1db1510d8f6
1e6a8866ad7f0e17c02
b14182d37ea7c3c8b9c
2683aeb6b733a1
Text Hash (digest)
Cryptographic
hash function

9.  SHA-2 (SHA-256, SHA-384, SHA-512)
 Secure crypto hash function, the most widely used today (RFC 4634)
 Used in Bitcoin, IPFS, many others
 SHA-3 (SHA3-256, SHA3-384, SHA3-512) / Keccak-256
 Strong cryptographic hash function, more secure than SHA-2
 Used in Ethereum blockchain and many modern apps
Modern Hashes: SHA-2, SHA3
9
SHA-256('hello') = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7
425e73043362938b9824
SHA3-256('hello') = 3338be694f50c5f338814986cdf0686453a888b84f4
24d792af4b9202398f392

10.  BLAKE2 (BLAKE2s – 256-bit, BLAKE2b – 512-bit)
 Secure crypto hash function, very fast
 RIPEMD-160 (160-bit crypto hash)
 Considered weak, just 160-bits, still unbroken
 Broken hash algorithms: MD5, SHA-1, MD4, SHA-0, MD2
 Git and GitHub still use SHA-1 and suffer of collision attacks
Modern Hashes: BLAKE2, RIPEMD-160
10
BLAKE2s('hello') = 19213bacc58dee6dbde3ceb9a47cbb330b3d86f8cca8
997eb00be456f140ca25
RIPEMD-160('hello') = 108f07b8382412612c048d07d13f814118445acd

11. Hashes – Demo
Play with Hash
Functions Online
http://hash-functions.online-domain-tools.com
https://www.fileformat.info/tool/hash.htm

12. HMAC and Key Derivation (KDF)
MAC, HMAC, Scrypt, Argon2

13.  HMAC = Hash-based Message Authentication Code (RFC 2104)
 HMAC(key, msg, hash_func)  hash
 Message hash mixed with a secret shared key
 Used for message integrity / authentication / key derivation
MAC Codes and HMAC
13
HMAC('key', 'hello', SHA-256) = 9307b3b915efb5171ff14d8cb55fbc
c798c6c0ef1456d66ded1a6aa723a58b7b
HMAC('key', 'hello', RIPEMD-160) =
43ab51f803a68a8b894cb32ee19e6854e9f4e468

14. HMAC – Demo
Calculate HMAC-
SHA256 Online
https://www.freeformatter.com/hmac-generator.html

15.  Encryption and digital signatures use keys (e.g. 256-bits)
 Users prefer passwords  easier to remember
 KDF functions transform passwords to keys
 Key derivation function (KDF) == function(password)  key
 Don't use SHA256(msg + key)  its is insecure
 Use PBKDF2, Scrypt, Bcrypt, Argon2
 Bcrypt, Scrypt and Argon2 are modern key-derivation functions
 Use a lot of iterations + a lot of memory  slow calculations
HMAC and Key Derivation
15

16.  Scrypt (RFC 7914) is a strong cryptographic key-derivation function
 Memory intensive, designed to prevent ASIC and FPGA attacks
 key = Scrypt(password, salt, N, r, p, derived-key-len)
 N – iterations count (affects memory and CPU usage), e.g. 16384
 r – block size (affects memory and CPU usage), e.g. 8
 p – parallelism factor (threads to run in parallel), usually 1
 Memory used = 128 * N * r * p bytes, e.g. 128 * 16384 * 8 = 16 MB
 Parameters for interactive login: N=16384, r=8, p=1 (RAM=16MB)
 Parameters for file encryption: N=1048576, r=8, p=1 (RAM=1GB)
Key Derivation Functions: Scrypt
16

17. Scrypt
Live Demo
https://gchq.github.io/CyberChef/?op=Scrypt

18.  Clear-text passwords, e.g. store the password directly in the DB
 Never do anti-pattern!
 Simple password hash, e.g. store SHA256(password) in the DB
 Highly insecure, still better than clear-text, dictionary attacks
 Salted hashed passwords, e.g. store HMAC(pass, random_salt)
 Almost secure, GPU / ASIC-crackable
 ASIC-resistant KDF password hash, e.g. Argon2(password)
 Recommended, secure (when the KDF settings are secure)
Password Encryption (Register / Login)
18

19.  Argon2 is the recommended password-hashing for apps
Encrypting Passwords: Argon2
19
hash = argon2.hash(8, 1 << 16, 4, "password");
print("Argon2 hash (random salt): " + hash);
print("Argon2 verify (correct password): " +
argon2.verify(hash, "password"));
print ("Argon2 verify (wrong password): " +
argon2.verify(hash, "wrong123"));
Argon2 hash (random salt): $argon2id$v=19$m=65536,t=8,p=4$FW2kqbP+nidwHnT3Oc
vSEg$oYlK3rXJvk0Be+od3To131Cnr8JksL39gjnbMlUCCTk
Argon2 verify (correct password): true
Argon2 verify (wrong password): false
Register
Login
Invalid Login

20. Argon2
Calculate Hash / Verify Password – Online Demo
https://argon2-generator.com

21. Symmetric Encryption
AES, Block Modes, Authenticated Encryption
encrypt
(secret key)
I am a non-
encrypted
message …
decrypt
(secret key)
I am a non-
encrypted
message …

22.  Symmetric key ciphers
 Use the same key
(or password) to encrypt
and decrypt data
 Popular symmetric algorithms
 AES, ChaCha20, Twofish, Serpent, RC5, RC6
 Broken algorithms (don't use them!)
 DES, 3DES, RC2, RC4
Symmetric Key Ciphers
22

23.  Block ciphers
 Split data on blocks (e.g. 128 bits), then encrypt each block
separately, change the internal state, encrypt the next block, …
 Stream ciphers
 Work on sequences of data (encrypt / decrypt byte by byte)
 Block ciphers can be transformed to stream ciphers
 Using block mode of operation (e.g. CBC, CTR, GCM, CFB, …)
 https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
Symmetric Key Ciphers
23

24.  AES – Advanced Encryption Standard (Rijndael)
 Symmetric key block cipher (128-bit blocks)
 Key lengths: 128, 160, 192, 224 and 256 bits
 No significant practical attacks are known for AES
 Modern CPU hardware implements AES instructions
 This speeds-up AES and secure Internet communication
 AES is used by most Internet Web sites for the https:// content
The "AES" Cipher
24

25.  AES is a "block cipher" – encrypts block by block (e.g. 128 bits)
 Supports several modes of operation (CBC, CTR, GCM, …)
 Some modes of operation (like CBC / CTR) require initial vector (IV)
 Non-secret random salt  used to get different result each time
 Recommended modes: CTR (Counter) or GCM (Galois/Counter)
 CBC may use a padding algorithm (typically PKCS7) to help splitting
the input data into blocks of fixed block-size (e.g. 128 bits)
 May use password to key derivation function, e.g. Argon2(passwd)
 May use MAC to check the password validity, e.g. HMAC(text, key)
AES Cipher Settings
25

26. The AES Encryption Process
26
input msg random IV+
AES
key+ ciphertext
input msg
MAC
key+ MAC code
input msg key+
AES
ciphertext MAC+IV+
KDF
password key kdf-salt+

27. The AES Decryption Process
27
original msg
MAC
key+ MAC code
AES
ciphertext IV+
KDF
password key
original msg
decrypt
Decryption
MAC code
compare Encryption
MAC code
key+
kdf-salt+

28. AES-256-CTR-Argon2-HMAC – Encrypt
28
some text
{cipher=AES-256-CTR-Argon2-HMACSHA256, cipherText=a847f3b2bc59278107,
cipherIV=dd088070cf4f2f6c6560b8fa7fb43f49,
kdf=argon2, kdfSalt=90c6fcc318fd273f4f661c019b39b8ed,
mac=6c143d139d0d7b29aaa4e0dc5916908d3c27576f4856e3ef487be6eafb23b39a}
Text:
pass@123Password:
AES-256-CTR-Argon2-HMACSHA256Cipher:
Encrypted message:

29. AES
Online Demo
https://myetherwallet.com/
create-wallet

30. Asymmetric Encryption
Public Key Cryptography and ECIES

31.  Uses a pair of keys: public key + private key
 Encrypt / verify by public key
 Decrypt / sign by private key
Public Key Cryptography
31

32.  Asymmetric encryption is slow and inefficient for large data
 Hybrid encryption schemes (like ECIES and RSA-OAEP) are used
 Hybrid encryption schemes
 Asymmetric algorithm encrypts a random symmetric key
 Encrypted by the user's public key
 Decrypted by the user's private key
 Symmetric algorithm (like AES) encrypts the secret message
 Message authentication algorithm ensures message integrity
Asymmetric Encryption Schemes
32

33. Asymmetric Encryption
33

34. Asymmetric Decryption
34

35. ECIES
Online
Demo
https://asecuritysite.com/encryption/ecc3

36. Digital Signatures
ECDSA, Sign / Verify

37.  Digital signatures provide message signing / verification
 Authentication (proof that known sender have signed the message)
 Integrity (the message cannot be altered after signing)
 Non-repudiation (signer cannot deny message signing)
 Digital signatures are based on public key cryptography
 Messages are signed by someone's private key
 Signatures are verified by the corresponding public key
 May use RSA, DSA, elliptic curves (ECC) like ECDSA / EdDSA
Digital Signatures – Concepts
37

38.  Well-known public-key crypto-systems
 RSA – based on discrete logarithms
 ECC – based on elliptic curves
 ECC cryptography is considered more secure
 3072-bit RSA key ≈≈ 256-bit ECC key  ~ 128-bit security level
 Most blockchains (like Bitcoin, Ethereum and EOS) use ECC
 But be warned: ECC is not quantum-safe!
Public Key Crypto Systems
38

39. ECDSA
Online Demo
https://kjur.github.io/js
rsasign/sample/sample
-ecdsa.html

40. https://nakov.com
Cryptography for Absolute Beginners