Cryptography Glossary
Intro to Computer Security — Stallings + professor lectures
Foundations
- Symmetric cipher
- Encryption and decryption use the same secret key. Both parties must share the key securely beforehand. Avoid: private-key encryption (ambiguous with RSA).
- Asymmetric cipher
- Uses a key pair — public key encrypts, private key decrypts (or signs). Solves key distribution but is slower.
- Block cipher
- Encrypts fixed-size blocks (DES: 64 bits).
- Stream cipher
- Encrypts one byte at a time using a keystream XORed with plaintext (RC4).
- Hash function
- One-way mapping from arbitrary message → fixed-length digest. Used for integrity, not secrecy.
- Confidentiality / Integrity / Availability (CIA)
- Core security goals: secrecy, no unauthorized change, systems accessible when needed.
- Authentication vs authorization
- Authentication proves identity; authorization decides permitted actions.
Intro (playlist)
- McCumber Cube
- Framework linking CIA, data states, and security measures (policy, education, technology).
- Sec-SDLC
- Security integrated into the system development life cycle.
- Asset
- Anything of value to protect (data, systems, hardware).
- Threat
- Any source of danger (hackers, malware, disasters).
- Vulnerability
- Weakness an attacker can exploit.
DES
- Feistel network
- Block cipher structure: Lₙ=Rₙ₋₁, Rₙ=Lₙ₋₁⊕f(Rₙ₋₁,Kₙ).
- S-box
- Substitution table: 6 input bits → 4 output bits. Row = b₁b₆; column = b₂b₃b₄b₅.
- Effective key length (DES)
- 56 bits — 64-bit key with every 8th parity bit dropped by PC-1.
- PC-1 / PC-2
- Permuted Choice tables: PC-1 drops parity and splits key into C₀/D₀; PC-2 selects 48 bits for subkey Kₙ.
- Key schedule
- Generates 16 round subkeys from the 56-bit master key via left shifts on C and D halves.
RC4
- KSA (Key Scheduling Algorithm)
- Initializes and permutes the S-box using the key: j=(j+S[i]+T[i]) mod n, swap.
- PRGA (Pseudo-Random Generation Algorithm)
- Generates keystream bytes; ciphertext = plaintext ⊕ keystream.
Public-key
- Diffie-Hellman
- Agree on shared secret over insecure channel via Y=α^X mod q. Does not encrypt messages alone.
- Primitive root (generator α)
- Element whose powers cycle through all residues mod q (for DH).
- RSA
- Public-key cipher: C=M^e mod n, M=C^d mod n. Security based on factoring difficulty.
- Euler totient φ(n)
- For n=p×q (primes): φ(n)=(p−1)(q−1).
- Extended Euclidean algorithm
- Finds d such that e·d≡1 (mod φ) — builds RSA private key.
- Successive squaring
- Binary exponentiation: compute M^e mod n by repeated squaring and selective multiply.
Hashing
- SHA-1
- Produces 160-bit hash. Processes 512-bit padded blocks through 80 compression rounds.
- Padding (SHA-1)
- Append bit 1, then zeros until length≡448 (mod 512), then append original 64-bit message length.
- Message schedule (W)
- 16 initial 32-bit words expanded to 80 words: Wₜ = ROTL¹(Wₜ₋₃⊕Wₜ₋₈⊕Wₜ₋₁₄⊕Wₜ₋₁₆) for t≥16.
- Avalanche effect
- One-bit input change → completely different hash output.