ebook img

Serious Cryptography: A Practical Introduction to Modern Encryption PDF

434 Pages·2017·5.19 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Serious Cryptography: A Practical Introduction to Modern Encryption

SERIOUS CRYPTOGRAPHY A Practical Introduction to Modern Encryption Jean-Philippe Aumasson San Francisco SERIOUS CRYPTOGRAPHY. Copyright © 2018 by Jean-Philippe Aumasson. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN-10: 1-59327-826-8 ISBN-13: 978-1-59327-826-7 Publisher: William Pollock Production Editor: Laurel Chun Cover Illustration: Jonny Thomas Interior Design: Octopod Studios Developmental Editors: William Pollock, Jan Cash, and Annie Choi Technical Reviewers: Erik Tews and Samuel Neves Copyeditor: Barton D. Reed Compositor: Meg Sneeringer Proofreader: James Fraleigh For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 245 8th Street, San Francisco, CA 94103 phone: 1.415.863.9900; [email protected] www.nostarch.com Library of Congress Control Number: 2017940486 No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. BRIEF CONTENTS Foreword by Matthew D. Green Preface Abbreviations Chapter 1: Encryption Chapter 2: Randomness Chapter 3: Cryptographic Security Chapter 4: Block Ciphers Chapter 5: Stream Ciphers Chapter 6: Hash Functions Chapter 7: Keyed Hashing Chapter 8: Authenticated Encryption Chapter 9: Hard Problems Chapter 10: RSA Chapter 11: Diffie–Hellman Chapter 12: Elliptic Curves Chapter 13: TLS Chapter 14: Quantum and Post-Quantum Index CONTENTS IN DETAIL FOREWORD by Matthew D. Green PREFACE This Book’s Approach Who This Book Is For How This Book Is Organized Fundamentals Symmetric Crypto Asymmetric Crypto Applications Acknowledgments ABBREVIATIONS 1 ENCRYPTION The Basics Classical Ciphers The Caesar Cipher The Vigenère Cipher How Ciphers Work The Permutation The Mode of Operation Why Classical Ciphers Are Insecure Perfect Encryption: The One-Time Pad Encrypting with the One-Time Pad Why Is the One-Time Pad Secure? Encryption Security Attack Models Security Goals Security Notions Asymmetric Encryption When Ciphers Do More Than Encryption Authenticated Encryption Format-Preserving Encryption Fully Homomorphic Encryption Searchable Encryption Tweakable Encryption How Things Can Go Wrong Weak Cipher Wrong Model Further Reading 2 RANDOMNESS Random or Non-Random? Randomness as a Probability Distribution Entropy: A Measure of Uncertainty Random Number Generators (RNGs) and Pseudorandom Number Generators (PRNGs) How PRNGs Work Security Concerns The PRNG Fortuna Cryptographic vs. Non-Cryptographic PRNGs The Uselessness of Statistical Tests Real-World PRNGs Generating Random Bits in Unix-Based Systems The CryptGenRandom() Function in Windows A Hardware-Based PRNG: RDRAND in Intel Microprocessors How Things Can Go Wrong Poor Entropy Sources Insufficient Entropy at Boot Time Non-cryptographic PRNG Sampling Bug with Strong Randomness Further Reading 3 CRYPTOGRAPHIC SECURITY Defining the Impossible Security in Theory: Informational Security Security in Practice: Computational Security Quantifying Security Measuring Security in Bits Full Attack Cost Choosing and Evaluating Security Levels Achieving Security Provable Security Heuristic Security Generating Keys Generating Symmetric Keys Generating Asymmetric Keys Protecting Keys How Things Can Go Wrong Incorrect Security Proof Short Keys for Legacy Support Further Reading 4 BLOCK CIPHERS What Is a Block Cipher? Security Goals Block Size The Codebook Attack How to Construct Block Ciphers A Block Cipher’s Rounds The Slide Attack and Round Keys Substitution–Permutation Networks Feistel Schemes The Advanced Encryption Standard (AES) AES Internals AES in Action Implementing AES Table-Based Implementations Native Instructions Is AES Secure? Modes of Operation The Electronic Codebook (ECB) Mode The Cipher Block Chaining (CBC) Mode How to Encrypt Any Message in CBC Mode The Counter (CTR) Mode How Things Can Go Wrong Meet-in-the-Middle Attacks Padding Oracle Attacks Further Reading 5 STREAM CIPHERS How Stream Ciphers Work Stateful and Counter-Based Stream Ciphers Hardware-Oriented Stream Ciphers Feedback Shift Registers Grain-128a A5/1 Software-Oriented Stream Ciphers RC4 Salsa20 How Things Can Go Wrong Nonce Reuse Broken RC4 Implementation Weak Ciphers Baked Into Hardware Further Reading 6 HASH FUNCTIONS Secure Hash Functions Unpredictability Again Preimage Resistance Collision Resistance Finding Collisions Building Hash Functions Compression-Based Hash Functions: The Merkle–Damgård Construction Permutation-Based Hash Functions: Sponge Functions The SHA Family of Hash Functions SHA-1 SHA-2 The SHA-3 Competition Keccak (SHA-3) The BLAKE2 Hash Function How Things Can Go Wrong The Length-Extension Attack Fooling Proof-of-Storage Protocols Further Reading 7 KEYED HASHING Message Authentication Codes (MACs) MACs in Secure Communication Forgery and Chosen-Message Attacks Replay Attacks Pseudorandom Functions (PRFs) PRF Security Why PRFs Are Stronger Than MACs Creating Keyed Hashes from Unkeyed Hashes The Secret-Prefix Construction The Secret-Suffix Construction The HMAC Construction A Generic Attack Against Hash-Based MACs Creating Keyed Hashes from Block Ciphers: CMAC Breaking CBC-MAC Fixing CBC-MAC Dedicated MAC Designs Poly1305 SipHash How Things Can Go Wrong Timing Attacks on MAC Verification When Sponges Leak Further Reading 8 AUTHENTICATED ENCRYPTION Authenticated Encryption Using MACs Encrypt-and-MAC MAC-then-Encrypt Encrypt-then-MAC Authenticated Ciphers Authenticated Encryption with Associated Data Avoiding Predictability with Nonces What Makes a Good Authenticated Cipher? AES-GCM: The Authenticated Cipher Standard GCM Internals: CTR and GHASH GCM Security GCM Efficiency OCB: An Authenticated Cipher Faster than GCM OCB Internals OCB Security

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.