Read Aloud the Text Content

This audio was created by Woord's Text to Speech service by content creators from all around the world.

Text Content or SSML code:

Lecture Two: Intro to Cryptography 1. What is Cryptography? • Definition: Cryptography is the science of securing information, ensuring that only the intended recipient can read it. For instance, when you send a message through a secure app, cryptography makes sure that only the person you're messaging can view it. 2. Classification of Actors: • First Part - Alice and Bob: In cryptography, Alice and Bob are often used as names for two people trying to communicate securely. Alice sends a message, and Bob is the intended receiver. • Second Part - Eve the Eavesdropper: Eve represents an attacker who is trying to listen in on the conversation between Alice and Bob without their knowledge. • Third Part - Malicious Mallory: Mallory is a more dangerous attacker who tries to intercept and modify the messages between Alice and Bob, not just listen in. • Fourth Part - Trent the Trusted Third Party: Trent is a trusted third party who helps Alice and Bob exchange information securely by acting as an intermediary. 3. Goals of Cryptography: • Confidentiality: Confidentiality is about keeping information secret from those who aren’t authorized to see it. For example, in a company, only employees in the HR department should be able to access employee personal records. The main way to protect confidentiality is through encryption, which transforms readable data into unreadable data. Only those with the correct decryption key can turn it back into readable form. For example, when you make an online purchase, your credit card details are encrypted, so they can only be read by the store and not intercepted by hackers. • Integrity: Ensures the data hasn’t been altered during transmission. For instance, when a document is sent, cryptography guarantees it reaches the recipient without changes. • Authentication: Verifies the identity of the sender, like logging into a website using a password to prove who you are. • Non-repudiation: Ensures the sender cannot deny sending the message. A digital signature on an online contract is a good example, as it proves the sender's identity. 4. Alice, Bob, Eve the Eavesdropper, and Malicious Mallory: • Alice and Bob: Often used to represent the sender and receiver in cryptographic discussions. For example, Alice wants to send a secure email to Bob. • Eve the Eavesdropper: Represents someone trying to listen in on a private communication. For instance, Eve might try to intercept Alice’s email to Bob. • Malicious Mallory: An attacker who tries not just to listen but also to modify messages. For example, Mallory might intercept Alice's email and change the content before sending it to Bob. 5. Passive and Active Actors, Secured Channel: • Passive Actors: These attackers (like Eve) listen to communications but do not interfere with them. • Active Actors: These attackers (like Mallory) actively interfere by altering or blocking messages. For example, Mallory might change Alice’s message to Bob or send fake messages pretending to be Alice. • Secured Channel: is a mechanism that allows Alice & Bob to communicate with the properties of secured channel. • Secured Channel Properties: A secured channel ensures confidentiality, integrity, and authentication, preventing eavesdropping and tampering. For instance, using a secure website (https) to transmit your credit card information provides these protections. 6. Randomness: • Randomness: In cryptography, true randomness is critical for generating secure encryption keys and other sensitive data. True randomness comes from unpredictable and non-deterministic processes in the physical world. Examples include radioactive decay, atmospheric noise, or hardware-based random number generators (HRNGs) that capture real-world randomness. • Why It’s Important: Cryptographic systems rely on randomness to ensure that attackers cannot predict or reproduce key material. Without true randomness, the security of the entire system could be compromised. • Example: A system using true random data for encryption keys would be nearly impossible to predict or reproduce by an attacker. 7. Pseudorandomness: • Pseudorandomness: Pseudorandomness is generated by algorithms that produce numbers that appear random but are actually deterministic. This means if you know the algorithm and the initial input (seed), you can predict all future outputs of the generator. • How It Works: Computers cannot generate true randomness by themselves because they are deterministic machines. Instead, they use algorithms known as pseudorandom number generators (PRNGs) to create random-looking numbers. PRNGs start with a seed (initial value) and use mathematical formulas to produce a sequence of numbers that seems random but follows a predictable pattern if the seed is known. • Example: If a computer starts with a seed of 42, every time it runs the PRNG algorithm, it will generate the same sequence of numbers. While this sequence may look random to an outsider, it's reproducible if the seed and algorithm are known. 8. Pseudorandom Number Generator (PRNG): • PRNG: A PRNG is an algorithm that generates a sequence of numbers that appear random but are derived in a predictable way from a given starting value (seed). PRNGs are often used in applications where the "randomness" doesn't need to be cryptographically secure, such as simulations or video games. • Key Point: PRNGs are deterministic, meaning if someone knows the seed and the algorithm, they can predict the entire sequence of numbers the PRNG will generate. This makes PRNGs unsuitable for cryptographic purposes without additional measures. • Example: A PRNG could be used to generate random numbers for a game, where predictability isn't a security risk. However, if used in cryptography, an attacker who knows the seed could predict encryption keys or other sensitive data. 9. Cryptographically Secure PRNG (CSPRNG): • CSPRNG: A CSPRNG is a more secure form of PRNG designed to ensure that the sequence of numbers generated is computationally infeasible to predict, even if part of the sequence or the seed becomes known. These are essential for cryptographic applications, where randomness must be truly unpredictable to secure keys and data. • Why It’s Important: In cryptographic systems, if an attacker could predict the output of a random number generator (used to create encryption keys, for example), they could easily break the encryption. CSPRNGs are designed to prevent this by ensuring the generated numbers are effectively impossible to predict. • Example: A CSPRNG is used in generating encryption keys for secure communication protocols like SSL/TLS, where it’s critical that the keys are not predictable by attackers. Even if part of the output sequence or the internal state of the CSPRNG is revealed, the rest of the output should remain secure. 10. Types of Cryptographic Systems: • Symmetric Key Cryptography: The same key is used for both encrypting and decrypting data, like using the same key to lock and unlock a door. • Asymmetric Key Cryptography: Different keys are used—one for encryption (public key) and another for decryption (private key). This is like a mailbox where anyone can drop a letter in (public key), but only the owner can open and read it (private key). 11. Cryptographic Algorithms: • Encryption Algorithms: Convert plain text into unreadable text to protect it. A common example is AES (Advanced Encryption Standard), which is widely used for securing data. • Hash Functions: Generate a fixed-size output (called a hash) from input data to ensure the data hasn’t been tampered with. For instance, systems often store a password as a hash rather than the actual password. 12. Public Key Infrastructure (PKI): • Definition: PKI manages public and private keys to enable secure communication over insecure networks. For example, when you visit a website that uses "https," it relies on PKI to encrypt the connection between your browser and the site.