Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The secrets of cryptography

The secrets of cryptography

Alice and Bob have secrets they want to talk about without Eve being able to listen in. Worse yet, the mischievous Mallory delights in changing messages sent between parties. In such a hostile environment how can Alice talk to Bob without their messages being overheard and how can she be sure that it was Bob that sent the message in the first place?

This talk will take a brief look at historic codes and ciphers before taking a look at modern day Cryptography. If you want to be able to know the difference between a block cipher and a stream cipher or get a glimpse into the mathematics behind public key Cryptography this talk is for you.

Cipher challenge here: http://tiny.cc/0qq6by

carnage

June 11, 2016
Tweet

More Decks by carnage

Other Decks in Programming

Transcript

  1. The Secrets of Cryptography
    Christopher Riley
    PHP South Coast, 2016
    1

    View full-size slide

  2. Introduction

    View full-size slide

  3. Cryptography is HARD
    2

    View full-size slide

  4. Historic ciphers

    View full-size slide

  5. The ceasar shift

    View full-size slide

  6. The ceasar shift
    3

    View full-size slide

  7. The substitution cipher

    View full-size slide

  8. The substitution cipher
    4

    View full-size slide

  9. The substitution cipher: possible keys
    403,291,461,126,605,635,584,000,000
    5

    View full-size slide

  10. The substitution cipher: statistics
    6

    View full-size slide

  11. The substitution cipher: frequency analysis
    7

    View full-size slide

  12. Vigenère cipher

    View full-size slide

  13. The Vigenère cipher
    8

    View full-size slide

  14. The Vigenère cipher
    9

    View full-size slide

  15. The Vigenère cipher
    10

    View full-size slide

  16. Breaking the Vigenère cipher

    View full-size slide

  17. Breaking The Vigenère cipher
    11

    View full-size slide

  18. Breaking The Vigenère cipher
    12

    View full-size slide

  19. Breaking Enigma
    15

    View full-size slide

  20. Modern ciphers

    View full-size slide

  21. Modern cryptography
    • Confidentiality
    16

    View full-size slide

  22. Modern cryptography
    • Confidentiality
    • Key exchange
    17

    View full-size slide

  23. Modern cryptography
    • Confidentiality
    • Key exchange
    • Identity
    18

    View full-size slide

  24. Modern cryptography
    • Confidentiality
    • Key exchange
    • Identity
    • Authentication
    19

    View full-size slide

  25. Modern cryptography
    • Confidentiality
    • Key exchange
    • Identity
    • Authentication
    • Random number generation
    20

    View full-size slide

  26. Symmetric ciphers

    View full-size slide

  27. Stream ciphers

    View full-size slide

  28. A5/1: implementation diagram
    21

    View full-size slide

  29. A5/1: register clocking
    22

    View full-size slide

  30. Stream cipher weaknesses
    • Keys must not be reused
    23

    View full-size slide

  31. Stream cipher weaknesses
    • Keys must not be reused
    • Easy for an attacker to modify a message
    24

    View full-size slide

  32. Stream cipher weaknesses
    • Keys must not be reused
    • Easy for an attacker to modify a message
    • Hard to partially decrypt messages
    25

    View full-size slide

  33. Block ciphers

    View full-size slide

  34. AES: 1 round
    • Substitute Bytes
    • Shift Rows
    • Mix Columns
    • Add Round Key
    26

    View full-size slide

  35. AES: Substitute Bytes
    27

    View full-size slide

  36. AES: Shift Rows
    28

    View full-size slide

  37. AES: Mix Columns
    29

    View full-size slide

  38. AES: Add Round Key
    30

    View full-size slide

  39. Modes of operation

    View full-size slide

  40. ECB: the ECB penguin
    1By Larry Ewing [email protected] with The GIMP
    32

    View full-size slide

  41. Asymetric ciphers

    View full-size slide

  42. Public key cryptography

    View full-size slide

  43. RSA
    • (me)d ≡ m (mod n)
    36

    View full-size slide

  44. RSA
    • (me)d ≡ m (mod n)
    • c ≡ me (mod n)
    37

    View full-size slide

  45. RSA
    • (me)d ≡ m (mod n)
    • c ≡ me (mod n)
    • cd ≡ (me)d ≡ m (mod n)
    38

    View full-size slide

  46. Identity verification

    View full-size slide

  47. RSA: Message signatures
    • (md)e ≡ m (mod n)
    • s ≡ md (mod n)
    • se ≡ (md)e ≡ m (mod n)
    39

    View full-size slide

  48. Implementing Cryptography

    View full-size slide

  49. Implementing Cryptography
    • Don’t
    40

    View full-size slide

  50. Implementing Cryptography
    • Don’t
    • Use existing implementations
    41

    View full-size slide

  51. Implementing Cryptography
    • Don’t
    • Use existing implementations
    • Bring in an expert
    42

    View full-size slide

  52. Implementing Cryptography in PHP

    View full-size slide

  53. Implementing Cryptography in PHP
    • Halite + libsodium
    • https://github.com/paragonie/halite
    43

    View full-size slide

  54. Implementing Cryptography in PHP
    • Halite + libsodium
    • https://github.com/paragonie/halite
    • Defuse PHP encryption
    • https://github.com/defuse/php-encryption
    44

    View full-size slide

  55. Further reading
    • Simon Singh - The code book
    • http://simonsingh.net/The_Black_Chamber
    45

    View full-size slide

  56. Further reading
    • Simon Singh - The code book
    • http://simonsingh.net/The_Black_Chamber
    • Bruce Schneier
    • https://www.schneier.com
    46

    View full-size slide

  57. Further reading
    • Simon Singh - The code book
    • http://simonsingh.net/The_Black_Chamber
    • Bruce Schneier
    • https://www.schneier.com
    • https://github.com/gilfether/phpcrypt
    47

    View full-size slide

  58. Thanks
    • @giveupalready
    • https://github.com/carnage
    • https://joind.in/talk/d31d1
    48

    View full-size slide

  59. Cipher Challenge
    • The cipher challenge is now closed, but if you want to have a
    go anyway, the main text is now here
    • http://tiny.cc/0qq6by
    • @phpyorkshire
    49

    View full-size slide