The secrets of cryptography

The secrets of cryptography

Alice and Bob have secrets they want to talk about without Eve being able to listen in. Worse yet, the mischievous Mallory delights in changing messages sent between parties. In such a hostile environment how can Alice talk to Bob without their messages being overheard and how can she be sure that it was Bob that sent the message in the first place?

This talk will take a brief look at historic codes and ciphers before taking a look at modern day Cryptography. If you want to be able to know the difference between a block cipher and a stream cipher or get a glimpse into the mathematics behind public key Cryptography this talk is for you.

Cipher challenge here: http://tiny.cc/0qq6by

D5a2aef3c745cca287ddef1948157fd3?s=128

carnage

June 24, 2016
Tweet

Transcript

  1. The Secrets of Cryptography Christopher Riley Dutch PHP Conference, 2016

    1
  2. Introduction

  3. Cryptography is HARD 2

  4. Historic ciphers

  5. The ceasar shift

  6. The ceasar shift 3

  7. The substitution cipher

  8. The substitution cipher 4

  9. The substitution cipher: possible keys 403,291,461,126,605,635,584,000,000 5

  10. The substitution cipher: statistics 6

  11. The substitution cipher: frequency analysis 7

  12. Vigenère cipher

  13. The Vigenère cipher 8

  14. The Vigenère cipher 9

  15. The Vigenère cipher 10

  16. Breaking the Vigenère cipher

  17. Breaking The Vigenère cipher 11

  18. Breaking The Vigenère cipher 12

  19. Enigma

  20. Enigma 13

  21. Enigma 14

  22. Breaking Enigma 15

  23. Modern ciphers

  24. Modern cryptography • Confidentiality 16

  25. Modern cryptography • Confidentiality • Key exchange 17

  26. Modern cryptography • Confidentiality • Key exchange • Identity 18

  27. Modern cryptography • Confidentiality • Key exchange • Identity •

    Authentication 19
  28. Modern cryptography • Confidentiality • Key exchange • Identity •

    Authentication • Random number generation 20
  29. Symmetric ciphers

  30. Stream ciphers

  31. A5/1

  32. A5/1: implementation diagram 21

  33. A5/1: register clocking 22

  34. Stream cipher weaknesses • Keys must not be reused 23

  35. Stream cipher weaknesses • Keys must not be reused •

    Easy for an attacker to modify a message 24
  36. Stream cipher weaknesses • Keys must not be reused •

    Easy for an attacker to modify a message • Hard to partially decrypt messages 25
  37. Block ciphers

  38. Advanced encryption standard (AES)

  39. AES: 1 round • Substitute Bytes • Shift Rows •

    Mix Columns • Add Round Key 26
  40. AES: Substitute Bytes 27

  41. AES: Shift Rows 28

  42. AES: Mix Columns 29

  43. AES: Add Round Key 30

  44. Modes of operation

  45. Electronic code book (ECB)

  46. ECB 31

  47. ECB: the ECB penguin 1By Larry Ewing lewing@isc.tamu.edu with The

    GIMP 32
  48. Cipher block chaining (CBC)

  49. CBC 33

  50. Counter (CTR)

  51. CTR 34

  52. Galoris Counter mode (GCM)

  53. GCM 35

  54. Asymetric ciphers

  55. Public key cryptography

  56. Rivest, Shamir, Adleman (RSA)

  57. RSA • (me)d ≡ m (mod n) 36

  58. RSA • (me)d ≡ m (mod n) • c ≡

    me (mod n) 37
  59. RSA • (me)d ≡ m (mod n) • c ≡

    me (mod n) • cd ≡ (me)d ≡ m (mod n) 38
  60. Identity verification

  61. RSA: Message signatures • (md)e ≡ m (mod n) •

    s ≡ md (mod n) • se ≡ (md)e ≡ m (mod n) 39
  62. Implementing Cryptography

  63. Implementing Cryptography • Don’t 40

  64. Implementing Cryptography • Don’t • Use existing implementations 41

  65. Implementing Cryptography • Don’t • Use existing implementations • Bring

    in an expert 42
  66. Implementing Cryptography in PHP

  67. Implementing Cryptography in PHP • Halite + libsodium • https://github.com/paragonie/halite

    43
  68. Implementing Cryptography in PHP • Halite + libsodium • https://github.com/paragonie/halite

    • Defuse PHP encryption • https://github.com/defuse/php-encryption 44
  69. Further reading • Simon Singh - The code book •

    http://simonsingh.net/The_Black_Chamber 45
  70. Further reading • Simon Singh - The code book •

    http://simonsingh.net/The_Black_Chamber • Bruce Schneier • https://www.schneier.com 46
  71. Further reading • Simon Singh - The code book •

    http://simonsingh.net/The_Black_Chamber • Bruce Schneier • https://www.schneier.com • https://github.com/gilfether/phpcrypt 47
  72. Thanks • @giveupalready • https://github.com/carnage • https://joind.in/talk/b0b4d 48

  73. Cipher Challenge • http://tiny.cc/0qq6by 49