crypto

2024-07-23 23:53:22 +07:00 · 2024-07-23 23:53:22 +07:00 · 1500a3ad4d
parent 505488c63c
commit 1500a3ad4d
2 changed files with 137 additions and 35 deletions
--- a/docs/2023-08-23-real-world-crypto.html
+++ b/docs/2023-08-23-real-world-crypto.html
@ -63,17 +63,16 @@
      >
    </p>
    <div class="markdown-heading">
-      <h2 class="heading-element">
-        <strong>Hash</strong> function convert from input to digest
-      </h2>
+      <h2 class="heading-element"><strong>Hash</strong> function</h2>
      <a
-        id="user-content-hash-function-convert-from-input-to-digest"
+        id="user-content-hash-function"
        class="anchor"
-        aria-label="Permalink: Hash function convert from input to digest"
-        href="#hash-function-convert-from-input-to-digest"
+        aria-label="Permalink: Hash function"
+        href="#hash-function"
        ><span aria-hidden="true" class="octicon octicon-link"></span
      ></a>
    </div>
+    <p>... convert from input to digest</p>
    <ul>
      <li>Pre-image resistance: Given digest, can not find input</li>
      <li>
@ -84,17 +83,17 @@
    </ul>
    <div class="markdown-heading">
      <h2 class="heading-element">
-        <strong>MAC</strong> aka Message Authentication Code produce from key,
-        message to authentication tag.
+        <strong>MAC</strong> aka Message Authentication Code
      </h2>
      <a
-        id="user-content-mac-aka-message-authentication-code-produce-from-key-message-to-authentication-tag"
+        id="user-content-mac-aka-message-authentication-code"
        class="anchor"
-        aria-label="Permalink: MAC aka Message Authentication Code produce from key, message to authentication tag."
-        href="#mac-aka-message-authentication-code-produce-from-key-message-to-authentication-tag"
+        aria-label="Permalink: MAC aka Message Authentication Code"
+        href="#mac-aka-message-authentication-code"
        ><span aria-hidden="true" class="octicon octicon-link"></span
      ></a>
    </div>
+    <p>... produce from key, message to authentication tag.</p>
    <ul>
      <li>A send B message with MAC (generate from message and A key).</li>
      <li>
@ -194,7 +193,7 @@
      ></a>
    </div>
    <p>
-      What if text you want to encrypt longer than 128 bytes ? We add
+      What if text you want to encrypt is longer than 128 bytes ? We add
      <strong>padding</strong> for text to become multi block which has 128
      bytes, then encrypt each block.
    </p>
@ -217,15 +216,15 @@
    <p>
      The problem with naive way to split text, add padding bytes then encrypt
      each block using AES-128 is repeated text. Because it leaks information if
-      text is made up from many repeated text (ECB penguin).
+      text is made up from many repeated text (See
+      <a href="https://words.filippo.io/the-ecb-penguin/" rel="nofollow"
+        >The ECB penguin</a
+      >).
    </p>
    <p>CBC = deterministic block cipher + IV (initialization vector)</p>
    <p>AES-CBC encrypt:</p>
    <ul>
-      <li>
-        IV XOR first plaintext -&gt; AES encrypt -&gt; first ciphertext.
-        ciphertext.
-      </li>
+      <li>IV XOR first plaintext -&gt; AES encrypt -&gt; first ciphertext.</li>
      <li>Use first ciphertext as IV to second ciphertext and so on.</li>
    </ul>
    <p>AES-CBC decrypt:</p>
@ -256,15 +255,16 @@
    </p>
    <p>AEAD provides a way to authenticate <strong>associated data</strong>.</p>
    <div class="markdown-heading">
-      <h2 class="heading-element">AES-GCM (Galois/Counter Mode) AEAD</h2>
+      <h2 class="heading-element">AES-GCM (Galois/Counter Mode)</h2>
      <a
-        id="user-content-aes-gcm-galoiscounter-mode-aead"
+        id="user-content-aes-gcm-galoiscounter-mode"
        class="anchor"
-        aria-label="Permalink: AES-GCM (Galois/Counter Mode) AEAD"
-        href="#aes-gcm-galoiscounter-mode-aead"
+        aria-label="Permalink: AES-GCM (Galois/Counter Mode)"
+        href="#aes-gcm-galoiscounter-mode"
        ><span aria-hidden="true" class="octicon octicon-link"></span
      ></a>
    </div>
+    <p>... is one of AEAD implementation.</p>
    <p>AES-GCM = AES-CTR (Counter) + GMAC message authentication code</p>
    <p>AES-CTR encrypt:</p>
    <ul>
@ -284,19 +284,81 @@
      AES-CTR no need padding because if keystream is longer than plaintext, it
      is truncated to plaintext length before XOR.
    </p>
-    <p>This is stream cipher, differ from block cipher.</p>
+    <p>This is stream cipher, differ from block cipher</p>
+    <ul>
+      <li>No need padding.</li>
+      <li>Ciphertext is same length as plaintext.</li>
+    </ul>
    <p>GMAC is MAC with GHASH. GHASH resembles CBC mode.</p>
    <div class="markdown-heading">
-      <h2 class="heading-element">ChaCha20-Poly1305 AED</h2>
+      <h2 class="heading-element">ChaCha20-Poly1305</h2>
      <a
-        id="user-content-chacha20-poly1305-aed"
+        id="user-content-chacha20-poly1305"
        class="anchor"
-        aria-label="Permalink: ChaCha20-Poly1305 AED"
-        href="#chacha20-poly1305-aed"
+        aria-label="Permalink: ChaCha20-Poly1305"
+        href="#chacha20-poly1305"
        ><span aria-hidden="true" class="octicon octicon-link"></span
      ></a>
    </div>
+    <p>... is one of AEAD implementation.</p>
    <p>ChaCha20-Poly1305 = ChaCha20 stream cipher + Poly1305 MAC</p>
+    <div class="markdown-heading">
+      <h2 class="heading-element">Key exchange</h2>
+      <a
+        id="user-content-key-exchange"
+        class="anchor"
+        aria-label="Permalink: Key exchange"
+        href="#key-exchange"
+        ><span aria-hidden="true" class="octicon octicon-link"></span
+      ></a>
+    </div>
+    <div class="highlight highlight-source-mermaid">
+      <pre><span class="pl-k">sequenceDiagram</span>
+    <span class="pl-k">participant</span> <span class="pl-ent">alice</span>
+    <span class="pl-k">participant</span> <span class="pl-ent">bob</span>
+
+    <span class="pl-ent">alice </span><span class="pl-k">-&gt;&gt;</span> <span class="pl-ent">alice</span><span class="pl-k">:</span> <span class="pl-s">generate key pair: public_key, secret_key</span>
+    <span class="pl-ent">bob </span><span class="pl-k">-&gt;&gt;</span> <span class="pl-ent">bob</span><span class="pl-k">:</span> <span class="pl-s">generate key pair: public_key, secret_key</span>
+    <span class="pl-ent">alice </span><span class="pl-k">-&gt;&gt;</span> <span class="pl-ent">bob</span><span class="pl-k">:</span> <span class="pl-s">send public_key</span>
+    <span class="pl-ent">bob </span><span class="pl-k">-&gt;&gt;</span> <span class="pl-ent">alice</span><span class="pl-k">:</span> <span class="pl-s">send public_key</span>
+    <span class="pl-ent">alice </span><span class="pl-k">-&gt;&gt;</span> <span class="pl-ent">alice</span><span class="pl-k">:</span> <span class="pl-s">generate shared_secret(secret_key, bob_public_key)</span>
+    <span class="pl-ent">bob </span><span class="pl-k">-&gt;&gt;</span> <span class="pl-ent">bob</span><span class="pl-k">:</span> <span class="pl-s">generate shared_secret(secret_key, alice_public_key)</span></pre>
+    </div>
+    <p>
+      Prevent MITM (Man In The Middle) passive attack. If attacker can intercept
+      public_key then it's over.
+    </p>
+    <div class="markdown-heading">
+      <h2 class="heading-element">Diffie-Hellman</h2>
+      <a
+        id="user-content-diffie-hellman"
+        class="anchor"
+        aria-label="Permalink: Diffie-Hellman"
+        href="#diffie-hellman"
+        ><span aria-hidden="true" class="octicon octicon-link"></span
+      ></a>
+    </div>
+    <p>... is key exchange algorithm.</p>
+    <ul>
+      <li>
+        Alice and Bob agree on prime number <code>p</code> and generator
+        <code>g</code>.
+      </li>
+      <li>
+        Alice generate secret <code>a</code> and public
+        <code>A = g^a mod p</code>.
+      </li>
+      <li>
+        Bob generate secret <code>b</code> and public
+        <code>B = g^b mod p</code>.
+      </li>
+      <li>
+        Alice and Bob exchange <code>A</code> and <code>B</code>
+        <ul>
+          <li>Same secret <code>A^b mod p == B^a mod p</code></li>
+        </ul>
+      </li>
+    </ul>

    <div>
      Feel free to ask me via
--- a/posts/2023-08-23-real-world-crypto.md
+++ b/posts/2023-08-23-real-world-crypto.md
@ -3,14 +3,18 @@
 My notes when reading
 [Real-World Cryptography](https://www.manning.com/books/real-world-cryptography)

-## **Hash** function convert from input to digest
+## **Hash** function
+
+... convert from input to digest

 - Pre-image resistance: Given digest, can not find input
 - Second pre-image resistance: Given input, digest, can not find another input
  produce same digest. Small change to input make digest big change.
 - Collision resistance: Can not find 2 input produce same digest.

-## **MAC** aka Message Authentication Code produce from key, message to authentication tag.
+## **MAC** aka Message Authentication Code
+
+... produce from key, message to authentication tag.

 - A send B message with MAC (generate from message and A key).
 - B double check message with MAC (generate from receive message and B key).
@ -80,8 +84,8 @@ cipher**. AES is deterministic so we can encrypt and decrypt.

 ## AES-CBC (Cipher Block Chaining)

-What if text you want to encrypt longer than 128 bytes ? We add **padding** for
-text to become multi block which has 128 bytes, then encrypt each block.
+What if text you want to encrypt is longer than 128 bytes ? We add **padding**
+for text to become multi block which has 128 bytes, then encrypt each block.

 Adding padding bytes is easy, remove it after decrypt is hard. How do you know
 which is padding bytes you add if you use random bytes ?
@ -99,13 +103,14 @@ know the length to remove trailing padding bytes.

 The problem with naive way to split text, add padding bytes then encrypt each
 block using AES-128 is repeated text. Because it leaks information if text is
-made up from many repeated text (ECB penguin).
+made up from many repeated text (See
+[The ECB penguin](https://words.filippo.io/the-ecb-penguin/)).

 CBC = deterministic block cipher + IV (initialization vector)

 AES-CBC encrypt:

- IV XOR first plaintext -> AES encrypt -> first ciphertext. ciphertext.
+- IV XOR first plaintext -> AES encrypt -> first ciphertext.
 - Use first ciphertext as IV to second ciphertext and so on.

 AES-CBC decrypt:
@ -125,7 +130,9 @@ of authenticity -> use AES-CBC-HMAC or AEAD.

 AEAD provides a way to authenticate **associated data**.

-## AES-GCM (Galois/Counter Mode) AEAD
+## AES-GCM (Galois/Counter Mode)
+
+... is one of AEAD implementation.

 AES-GCM = AES-CTR (Counter) + GMAC message authentication code

@ -142,10 +149,43 @@ of 16 bytes aka 69 GBs.
 AES-CTR no need padding because if keystream is longer than plaintext, it is
 truncated to plaintext length before XOR.

-This is stream cipher, differ from block cipher.
+This is stream cipher, differ from block cipher
+
+- No need padding.
+- Ciphertext is same length as plaintext.

 GMAC is MAC with GHASH. GHASH resembles CBC mode.

-## ChaCha20-Poly1305 AED
+## ChaCha20-Poly1305
+
+... is one of AEAD implementation.

 ChaCha20-Poly1305 = ChaCha20 stream cipher + Poly1305 MAC
+
+## Key exchange
+
+```mermaid
+sequenceDiagram
+    participant alice
+    participant bob
+
+    alice ->> alice: generate key pair: public_key, secret_key
+    bob ->> bob: generate key pair: public_key, secret_key
+    alice ->> bob: send public_key
+    bob ->> alice: send public_key
+    alice ->> alice: generate shared_secret(secret_key, bob_public_key)
+    bob ->> bob: generate shared_secret(secret_key, alice_public_key)
+```
+
+Prevent MITM (Man In The Middle) passive attack. If attacker can intercept
+public_key then it's over.
+
+## Diffie-Hellman
+
+... is key exchange algorithm.
+
+- Alice and Bob agree on prime number `p` and generator `g`.
+- Alice generate secret `a` and public `A = g^a mod p`.
+- Bob generate secret `b` and public `B = g^b mod p`.
+- Alice and Bob exchange `A` and `B`
+  - Same secret `A^b mod p == B^a mod p`