Cryptography Tools

The following pages contain useful cryptographic tools (and explanations of the math behind them), intended to help you learn (they are not industry-grade).

Cryptography Overview

At a high level, DES and AES are symmetric cryptosystems. This means they use the same key for encryption and decryption. DES uses 64-bit keys (really just 56-bit keys; every 8th bit is used for error detection). AES has 128-bit, 192-bit, and and 256-bit versions.

DES is no longer considered secure, but it's much easier to understand than AES, so it's typically presented first. AES is a bit more complicated, though, since it requires some knowledge of finite fields. Like DES, it uses many rounds of low-level bit manipulations. Both algorithms are based on low-level bit manipulations and matrices called S-boxes, while public-key cryptography is based more on pure mathematics.

RSA is a public-key cryptosystem (i.e., asymmetric cryptosystem), which means that separate keys are used for encryption and decryption. The encryption key is public. Anyone is allowed to know that. But the decryption key must remain private to maintain security. In practice, people use a system like RSA to exchange a key for use with a symmetric system like AES. This is because the lower-level calculations with AES are much faster than RSA. This is especially true because RSA requires many more bits of security to match AES (RSA is based on the hardness of factoring integers, which is hard, but perhaps not quite as hard as we might like; there are subexponential-time algorithms for factoring, but no known polynomial-time algorithms). For example, it is estimated that 128-bit AES is about as secure as 3072-bit RSA. This means doing arithmetic calculations with 3000-bit numbers (think in the ballpark of 1000-digit numbers). To match the security of 256-bit AES, RSA requires 15360-bit keys!

ECC (elliptic curve cryptography) is much broader than a cryptosystem. There are cryptosystems, digital signatures, etc., but we'll just focus on key exchanges (specifically, the Diffie-Hellman key exchange). ECC is based on mathematical objects called elliptic curves. The calculations are much more complicated than those needed for RSA, but the main advantage is that we can use much smaller keys. For example, to match the security of 128-bit AES, only 256-bit keys are required; a huge advantage over 3072-bit RSA!

There are many other interesting topics not covered here, such as (cryptographic) hashing, digital signatures, and certificate authorities (like Verisign). Some hashing algorithms that would be good to look up are SHA-1 and SHA-2 (SHA-1 is no longer considered secure). One way to do digital signatures is to take any public-key cryptosystem and sign using the private key and verify using the public key. There are also dedicated signature algorithms, such as the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA). For a few more cryptography resources, go to my Teaching page.