*How do Alice/Bob communicate without Eve eavesdropping?*

Agree on a secret key *Ke* and have to do this through the same chan

__When Alice wants to send a msg:__

1. Encrypts its using function *E(Ke, m)* then calls result of cipher text c

2. Alice sends ciphertext* c=E(Ke,m)*

3. When Bob receives c, he can decrypt it using the function *D(Ke, c)* to get plaintext m Alice wanted to send

4. Eve doesn't know key *Ke*, so when she gets c, she can't decrypt it

__Kerkhoff's Principle: 1883:__

Bob needs 2 things to decrypt the ciphertext:

1. The decryption algorithm

2. Key Ke

"...*The security of the encryption scheme must depend only on the secrecy of the key Ke1, and not the secrecy of the algorithm*..."

Why? Because algs are hard to change and built into new hw/sw

**Security by Obscurity: **Attempting to maintain sec by keeping the alg secret

__Modern cryptography falls into 2 categories:__

1. symmetric: Uses the same key to encrypt/decrypt msg w/same key

- Symmetric is always faster than asymmetric

2. asymmetric: uses 2 keys (1 to encrypt 1 to decrypt)

Sender/receiver have 2 diff keys

__Symmetric: __**Encryption:*** c=E(k,p) *[*cipher text =Encryption func (key, plaintext)*]**Decryption:** *p = D(k,c)* [*plain text =Decryption func (key, ciphertext)*]

__Public Key Encryption (asymmetric):__

Alice/Bob no longer use the same key but diff ones

Bob first generates a pair of keys *(S ^{bob, }P^{bob})* using a special alg

1. Secret key

*S*

^{bob}2. Public key

*P*

^{bob}Bob publishes P

^{bob}and when Alice encrypts msg m w/public key

*P*to get ciphertext c, then sends c to Bob. Bob uses his key

^{bob}*S*and decryption alg to decrypt msg and get m.

^{bob}__For this to work:__

1. key pair generation alg

2. encryption alg

3. decryption alg

* D(S ^{bob}, E(P^{bob}, m))=m*

This must hold for all possible msgs m

**Digital Signatures:**Public key equivalent of msg authentication codes

1. Alice, gens key pair

*(S*and publishes public key P

^{alice}, P^{alice})^{alice}

2. When she wants to send a msg to Bob: she computes a signature:

*s:=o(S*and sends s,m to Bob

^{alice},m)3. Bob uses verification alg:

*v(P*and Alice's sig to verify

^{bob}, m,s)**PKI: Public Key Infrastructure:**

"How can Alice be sure it's Bob's key and no one else's?"

CA: Certificate Authority is the idea behind PKI:

Each user takes his/her public key to the CA and ID's themselves to it

The CA signs the user's public key using a digital signature__Attacks: __

1. Ciphertext only model

2. Known plaintext model

3. Chosen plaintext model

4. Chosen ciphertext model

5. Information leaking/side channels__Ciphertext only: __

Alice/Bob are encrypting data: You can see the ciphertext

a. Trying to decrypt msg if you only know the ciphertext

b. You have the least amount of info** Known plaintext: **You know both plaintext/ciphertext

a. Sometimes msgs are easy to predict

__Chosen plaintext:__a. You get to select prepared plaintexts/get corresponding ciphertexts

b. 2 variations:

1.

__Offline:__You prepare a list you want to have encrypted before you get the ciphertexts

2.

__Online:__You can choose new plaintexts depending on ciphertexts you've received

Chosen ciphertext: You get to choose BOTH plaintext/ciphertext

__Distinguishing attack:__- Any method that detects diff bet. ideal encryption scheme +actual one

Information leakage/Side Channels: Attacks that make use of additional info

** Birthday Attacks: **Named after the Birthday Paradox:

*"If you have 23 people in a room, the chance that 2 of them will have the same birthday exceeds 50%"*

Attack that depends on the fact that duplicate values (collisions) appear much faster than you would expect

**Instead of waiting for a key to repeat, you can build a table of keys you choose**

__Meet-in-the-Middle:__**Exhaustive search attack:**Tries all possible values for target, like the key