CS338 Computer Security
Monday, 11 April 2022

+ Today
- Lab: practicing DH and RSA
- Silas's Slack question
- More details about AES and RSA

+ Lab (20-30 minutes)

+ Questions from lab
- Watch out for substitution cipher
- Difference between "do this to get the hang of it"
    and "do this in real life to try to be secure"
    Size of numbers
    Size of blocks
    What constitutes a good key?

+ Public-key cryptography history
- 1970-ish: networks, encryption over publicly-accessible
    shared media (wires & wireless), ATMs, commerce between
    parties that haven't met, etc.
- Diffie-Hellman key exchange 1976
    - Whitfield Diffie and Martin Hellman
        "New Directions in Cryptography"
    - Ralph Merkle
    - James H. Ellis, Clifford Cocks, Malcolm Williamson
        (of the UK's GCHQ, equivalent of NSA)
- RSA paper 1977
    - Ron Rivest, Adi Shamir, Leonard Adleman
      "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems"
    - Clifford Cocks, 1973
- Martin Gardner, Scientific American "Mathematical Games"
    - 1977: "RSA 129" challenge
    - 1994: solved by shared CPU time from 1600 computers on the
        fancy new "Internet"
    - Plaintext: the magic words are squeamish ossifrage
- RSA Laboratories
    - PKCS documents (Public Key Cryptography Standards)
- How's RSA doing?
    - Still used
    - Theory of efficient factoring has advanced a lot (bad for RSA)
        ("Sneakers" 1992 -- great heist movie, dated, doesn't
            pass the Bechdel test, hacking-as-magic trope, etc.
            ...but still pretty fun)
    - Key lengths have gotten long
    - Elliptic curve cryptography
    - Quantum-resistant cryptography (RSA is *not* quantum-resistant)
- Advanced Encryption Standard competition
    - 1997-2000, US National Institute of Standards (NIST)
    - Rijndael (now AES)
    - TwoFish (Schneier, et al, public domain), Serpent,
        RC6 (patented by RSA Security), MARS

+ Main concepts
    - Plaintext, ciphertext, key
    - Symmetric: stream ciphers (note behavior of XOR and randomness)
    - Symmetric: block ciphers, including "mode of operation"
    - Public-key: RSA
    - Key exchange problem
    - Diffie-Hellman(-Merkle) key exchange
    - Person-in-the-middle: DH is vulnerable to it!
    - Standard "hybrid" approach
        DH/RSA to exchange a symmetric cipher key K
        Use K with block symmetric cipher (AES, TwoFish, etc.)
            (symmetric ciphers are *much* faster than asymmetric)

+ Slack question
    "If everyone has a unique identifier which is made by applying
     their secret key to some id, and then applying the server’s public
     key, given enough time, can’t the server eventually figure out the
     client’s secret key? Or does every client randomize their secret
     and public keys before interacting, and change them frequently?"

    - What's the security's basis in each situation?
    - Cryptanalysis research
    - Moore's Law
    - Cryptography and protocols