Cryptography for Absolute Beginners
Svetlin Nakov @ Sofia Science Festival, May 2019
Video (Bulgarian language): https://youtu.be/-QzFcUkM7_4
Blog: https://nakov.com/blog/2019/05/13/cryptography-for-absolute-beginners-nakov-at-sofia-science-festival-may-2019/
1. Hashes, MAC, Key Derivation, Encrypting Passwords,
Symmetric Ciphers & AES, Digital Signatures & ECDSA
Cryptography for Absolute Beginners
Dr. Svetlin Nakov
Co-Founder, Chief Training & Innovation
@ Software University (SoftUni)
https://nakov.com
Software University (SoftUni) – http://softuni.org
2. Table of Contents
1. About the Speaker
2. What is Cryptography?
3. Hashes, MAC Codes and Key Derivation (KDF)
4. Encrypting Passwords: from Plaintext to Argon2
5. Symmetric Encryption and AES
6. Digital Signatures, Elliptic Curves and ECDSA
2
3. Software engineer, trainer, entrepreneur,
PhD, author of 15+ books, blockchain expert
3 successful tech educational initiatives (150,000+ students)
About Dr. Svetlin Nakov
3
4. Book "Practical Cryptography for Developers"
4
GitHub:
github.com/nakov/pra
ctical-cryptography-
for-developers-book
Book site:
https://cryptobook.
nakov.com
6. Cryptography provides security and protection of information
Storing and transmitting data in a secure way
Hashing data (message digest) and MAC codes
Encrypting and decrypting data
Symmetric and asymmetric schemes
Key derivation functions (KDF)
Key agreement schemes, digital certificates
Digital signatures (sign / verify)
What is Cryptography?
6
8. What is Cryptographic Hash Function?
8
One-way transformation, infeasible to invert
Extremely little chance to find a collision
Some text
Some text
Some text
Some text
Some text
Some text
Some text
20c9ad97c081d63397d
7b685a412227a40e23c
8bdc6688c6f37e97cfb
c22d2b4d1db1510d8f6
1e6a8866ad7f0e17c02
b14182d37ea7c3c8b9c
2683aeb6b733a1
Text Hash (digest)
Cryptographic
hash function
9. SHA-2 (SHA-256, SHA-384, SHA-512)
Secure crypto hash function, the most widely used today (RFC 4634)
Used in Bitcoin, IPFS, many others
SHA-3 (SHA3-256, SHA3-384, SHA3-512) / Keccak-256
Strong cryptographic hash function, more secure than SHA-2
Used in Ethereum blockchain and many modern apps
Modern Hashes: SHA-2, SHA3
9
SHA-256('hello') = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7
425e73043362938b9824
SHA3-256('hello') = 3338be694f50c5f338814986cdf0686453a888b84f4
24d792af4b9202398f392
10. BLAKE2 (BLAKE2s – 256-bit, BLAKE2b – 512-bit)
Secure crypto hash function, very fast
RIPEMD-160 (160-bit crypto hash)
Considered weak, just 160-bits, still unbroken
Broken hash algorithms: MD5, SHA-1, MD4, SHA-0, MD2
Git and GitHub still use SHA-1 and suffer of collision attacks
Modern Hashes: BLAKE2, RIPEMD-160
10
BLAKE2s('hello') = 19213bacc58dee6dbde3ceb9a47cbb330b3d86f8cca8
997eb00be456f140ca25
RIPEMD-160('hello') = 108f07b8382412612c048d07d13f814118445acd
11. Hashes – Demo
Play with Hash
Functions Online
http://hash-functions.online-domain-tools.com
https://www.fileformat.info/tool/hash.htm
12. HMAC and Key Derivation (KDF)
MAC, HMAC, Scrypt, Argon2
13. HMAC = Hash-based Message Authentication Code (RFC 2104)
HMAC(key, msg, hash_func) hash
Message hash mixed with a secret shared key
Used for message integrity / authentication / key derivation
MAC Codes and HMAC
13
HMAC('key', 'hello', SHA-256) = 9307b3b915efb5171ff14d8cb55fbc
c798c6c0ef1456d66ded1a6aa723a58b7b
HMAC('key', 'hello', RIPEMD-160) =
43ab51f803a68a8b894cb32ee19e6854e9f4e468
15. Encryption and digital signatures use keys (e.g. 256-bits)
Users prefer passwords easier to remember
KDF functions transform passwords to keys
Key derivation function (KDF) == function(password) key
Don't use SHA256(msg + key) its is insecure
Use PBKDF2, Scrypt, Bcrypt, Argon2
Bcrypt, Scrypt and Argon2 are modern key-derivation functions
Use a lot of iterations + a lot of memory slow calculations
HMAC and Key Derivation
15
16. Scrypt (RFC 7914) is a strong cryptographic key-derivation function
Memory intensive, designed to prevent ASIC and FPGA attacks
key = Scrypt(password, salt, N, r, p, derived-key-len)
N – iterations count (affects memory and CPU usage), e.g. 16384
r – block size (affects memory and CPU usage), e.g. 8
p – parallelism factor (threads to run in parallel), usually 1
Memory used = 128 * N * r * p bytes, e.g. 128 * 16384 * 8 = 16 MB
Parameters for interactive login: N=16384, r=8, p=1 (RAM=16MB)
Parameters for file encryption: N=1048576, r=8, p=1 (RAM=1GB)
Key Derivation Functions: Scrypt
16
18. Clear-text passwords, e.g. store the password directly in the DB
Never do anti-pattern!
Simple password hash, e.g. store SHA256(password) in the DB
Highly insecure, still better than clear-text, dictionary attacks
Salted hashed passwords, e.g. store HMAC(pass, random_salt)
Almost secure, GPU / ASIC-crackable
ASIC-resistant KDF password hash, e.g. Argon2(password)
Recommended, secure (when the KDF settings are secure)
Password Encryption (Register / Login)
18
21. Symmetric Encryption
AES, Block Modes, Authenticated Encryption
encrypt
(secret key)
I am a non-
encrypted
message …
decrypt
(secret key)
I am a non-
encrypted
message …
22. Symmetric key ciphers
Use the same key
(or password) to encrypt
and decrypt data
Popular symmetric algorithms
AES, ChaCha20, Twofish, Serpent, RC5, RC6
Broken algorithms (don't use them!)
DES, 3DES, RC2, RC4
Symmetric Key Ciphers
22
23. Block ciphers
Split data on blocks (e.g. 128 bits), then encrypt each block
separately, change the internal state, encrypt the next block, …
Stream ciphers
Work on sequences of data (encrypt / decrypt byte by byte)
Block ciphers can be transformed to stream ciphers
Using block mode of operation (e.g. CBC, CTR, GCM, CFB, …)
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
Symmetric Key Ciphers
23
24. AES – Advanced Encryption Standard (Rijndael)
Symmetric key block cipher (128-bit blocks)
Key lengths: 128, 160, 192, 224 and 256 bits
No significant practical attacks are known for AES
Modern CPU hardware implements AES instructions
This speeds-up AES and secure Internet communication
AES is used by most Internet Web sites for the https:// content
The "AES" Cipher
24
25. AES is a "block cipher" – encrypts block by block (e.g. 128 bits)
Supports several modes of operation (CBC, CTR, GCM, …)
Some modes of operation (like CBC / CTR) require initial vector (IV)
Non-secret random salt used to get different result each time
Recommended modes: CTR (Counter) or GCM (Galois/Counter)
CBC may use a padding algorithm (typically PKCS7) to help splitting
the input data into blocks of fixed block-size (e.g. 128 bits)
May use password to key derivation function, e.g. Argon2(passwd)
May use MAC to check the password validity, e.g. HMAC(text, key)
AES Cipher Settings
25
26. The AES Encryption Process
26
input msg random IV+
AES
key+ ciphertext
input msg
MAC
key+ MAC code
input msg key+
AES
ciphertext MAC+IV+
KDF
password key kdf-salt+
27. The AES Decryption Process
27
original msg
MAC
key+ MAC code
AES
ciphertext IV+
KDF
password key
original msg
decrypt
Decryption
MAC code
compare Encryption
MAC code
key+
kdf-salt+
28. AES-256-CTR-Argon2-HMAC – Encrypt
28
some text
{cipher=AES-256-CTR-Argon2-HMACSHA256, cipherText=a847f3b2bc59278107,
cipherIV=dd088070cf4f2f6c6560b8fa7fb43f49,
kdf=argon2, kdfSalt=90c6fcc318fd273f4f661c019b39b8ed,
mac=6c143d139d0d7b29aaa4e0dc5916908d3c27576f4856e3ef487be6eafb23b39a}
Text:
pass@123Password:
AES-256-CTR-Argon2-HMACSHA256Cipher:
Encrypted message:
31. Uses a pair of keys: public key + private key
Encrypt / verify by public key
Decrypt / sign by private key
Public Key Cryptography
31
32. Asymmetric encryption is slow and inefficient for large data
Hybrid encryption schemes (like ECIES and RSA-OAEP) are used
Hybrid encryption schemes
Asymmetric algorithm encrypts a random symmetric key
Encrypted by the user's public key
Decrypted by the user's private key
Symmetric algorithm (like AES) encrypts the secret message
Message authentication algorithm ensures message integrity
Asymmetric Encryption Schemes
32
37. Digital signatures provide message signing / verification
Authentication (proof that known sender have signed the message)
Integrity (the message cannot be altered after signing)
Non-repudiation (signer cannot deny message signing)
Digital signatures are based on public key cryptography
Messages are signed by someone's private key
Signatures are verified by the corresponding public key
May use RSA, DSA, elliptic curves (ECC) like ECDSA / EdDSA
Digital Signatures – Concepts
37
38. Well-known public-key crypto-systems
RSA – based on discrete logarithms
ECC – based on elliptic curves
ECC cryptography is considered more secure
3072-bit RSA key ≈≈ 256-bit ECC key ~ 128-bit security level
Most blockchains (like Bitcoin, Ethereum and EOS) use ECC
But be warned: ECC is not quantum-safe!
Public Key Crypto Systems
38