Show understanding of how encryption works

4. Example Algorithms

4.1 AES (Advanced Encryption Standard)

AES works on 128‑bit blocks and supports key lengths of 128, 192 or 256 bits.

Encryption of a single block can be expressed as

\(C = \text{AES}_K(P)\)

where \(P\) = plaintext block, \(K\) = secret key, \(C\) = cipher‑text block.

4.2 RSA (Rivest‑Shamir‑Adleman)

1. Choose two large primes \(p\) and \(q\).
2. Compute the modulus \(n = p \times q\) and Euler’s totient \(\phi(n) = (p-1)(q-1)\).
3. Select an encryption exponent \(e\) with \(1 < e < \phi(n)\) and \(\gcd(e,\phi(n)) = 1\).
4. Find the decryption exponent \(d\) as the modular inverse of \(e\) mod \(\phi(n)\): \(d \equiv e^{-1} \pmod{\phi(n)}\).

Public key = \((e, n)\); private key = \((d, n)\).

Encryption / decryption:

\(C \equiv P^{\,e} \pmod{n}\)  \(P \equiv C^{\,d} \pmod{n}\)

Numeric example (small primes for illustration)

• Given \(p = 61\), \(q = 53\) and \(e = 17\):
• \(n = p \times q = 61 \times 53 = 3233\)
• \(\phi(n) = (p-1)(q-1) = 60 \times 52 = 3120\)
• Find \(d\) such that \(d \times e \equiv 1 \pmod{3120}\). The modular inverse of 17 mod 3120 is \(d = 2753\).
• Public key = \((e=17, n=3233)\); private key = \((d=2753, n=3233)\).

5. Hybrid Encryption – Combining the Best of Both Worlds

Real‑world protocols rarely use pure symmetric or pure asymmetric encryption. Instead they employ a hybrid approach:

1. Generate a random session key (symmetric).
2. Encrypt the session key with the recipient’s public key (asymmetric).
3. Transmit the encrypted session key together with the data encrypted using the session key.

This gives the speed of symmetric encryption for bulk data and the secure key distribution of asymmetric encryption.

6. Key Management (brief overview)

• Generation – keys must be created using a cryptographically secure random number generator.
• Distribution – symmetric keys are exchanged securely (e.g., via RSA or Diffie‑Hellman); public keys are published in certificates.
• Storage – private keys should be kept in hardware security modules (HSMs) or encrypted keystores.
• Rotation & revocation – keys have a limited lifetime; compromised keys are revoked (CRL/OCSP).
• Future‑proofing – post‑quantum (quantum‑resistant) algorithms such as lattice‑based or hash‑based schemes are being standardised to replace RSA/ECC when large‑scale quantum computers become available.

7. Common Encryption Protocols

7.1 Secure Sockets Layer / Transport Layer Security (SSL/TLS)

Provides confidentiality, integrity and authentication for Internet communications.

Typical TLS handshake (simplified flow)

1. ClientHello – client proposes TLS version, a list of cipher suites and a random nonce.
2. ServerHello – server selects version, cipher suite and sends its own random nonce.
3. Certificate – server sends its X.509 leaf certificate (plus any required intermediates).
4. ServerKeyExchange (if required) – e.g., Diffie‑Hellman parameters or RSA‑encrypted pre‑master secret.
5. CertificateRequest (optional) – server asks the client for a certificate.
6. ServerHelloDone – server signals the end of its part.
7. ClientCertificate (if requested) – client sends its certificate.
8. ClientKeyExchange – client sends the encrypted pre‑master secret (RSA) or its DH public value.
9. CertificateVerify (if client authenticated) – client proves possession of its private key.
10. ChangeCipherSpec – both sides announce that subsequent messages will be encrypted.
11. Finished – each side sends a hash of all handshake messages so far, encrypted with the newly derived session key.

Deriving the session key

\( \text{master\_secret} = \text{PRF}\big(\text{pre\_master\_secret},\; "master secret",\; \text{ClientHello.random} \,\|\, \text{ServerHello.random}\big) \)

The master secret is then expanded to the symmetric keys and IVs used for record protection (commonly AES‑GCM).

7.2 IPsec (Internet Protocol Security)

Secures IP packets at the network layer. Two main protocols:

• Authentication Header (AH) – provides integrity and authentication of the whole IP packet but does not encrypt the payload.
• Encapsulating Security Payload (ESP) – provides confidentiality (encryption) and optional integrity; the most widely deployed option.

Modes of operation

• Transport mode – encrypts only the payload of the original IP packet; the original IP header remains visible.
• Tunnel mode – encrypts the entire original IP packet and adds a new outer IP header; used for site‑to‑site VPNs.

Key exchange is performed by IKE (Internet Key Exchange), which uses Diffie‑Hellman together with digital certificates or pre‑shared keys.

7.3 PGP / OpenPGP

• Message content is encrypted with a random symmetric session key (commonly CAST5 or AES).
• The session key is encrypted with the recipient’s public key (RSA or ECC).
• Digital signatures are created by hashing the message and encrypting the hash with the sender’s private key.
• PGP uses a Web‑of‑Trust model – users sign each other’s public keys, and trust is built through chains of signatures rather than a single hierarchical CA.

8. Digital Certificates and Public Key Infrastructure (PKI)

A digital certificate binds a public key to an entity’s identity and is issued by a trusted Certificate Authority (CA).

8.1 Definition of a Digital Certificate

• Subject name – domain name, person or organisation the certificate represents.
• Public key – the key that will be used for encryption or signature verification.
• Serial number & validity period – unique identifier and start/end dates.
• Issuer – the CA that signed the certificate.
• Signature – a hash of the certificate data encrypted with the CA’s private key.

8.2 Verification Steps

1. Compute a hash of the received certificate data (excluding the signature field).
2. Decrypt the CA’s signature using the CA’s public key (obtained from a trusted root certificate).
3. Compare the two hashes – a match confirms the certificate is authentic and untampered.

8.3 Certificate Revocation

• CRL (Certificate Revocation List) – a periodically published list of serial numbers that have been revoked.
• OCSP (Online Certificate Status Protocol) – a real‑time query to a responder that returns the status of a single certificate.
• During a TLS handshake the client may check either method to ensure the server’s certificate has not been revoked.

8.4 Certificate Lifetimes

• Typical validity periods: 1–2 years for end‑entity certificates; longer (10–20 years) for root CAs.
• Shorter lifetimes reduce the impact of a compromised key and encourage regular key rotation.

9. Trust Chains

1. Root CA – self‑signed certificate; trusted implicitly by operating systems and browsers.
2. Intermediate CAs – certificates signed by the root or another intermediate; used to delegate trust and limit exposure of the root key.
3. End‑entity (leaf) certificate – signed by an intermediate CA; used by a server or user.

During a TLS handshake the server sends its leaf certificate followed by any intermediate certificates required to build a chain up to a trusted root.

10. Summary Checklist (exam‑ready facts)

• Distinguish symmetric vs asymmetric encryption (key usage, speed, distribution, typical algorithms).
• Explain block‑cipher modes: ECB (insecure), CBC (needs IV), GCM (authenticated encryption).
• State why padding is required and give an example (PKCS#7).
• Recall the RSA key‑generation steps, the formulas for \(n\), \(\phi(n)\), \(d\) and the encryption/decryption equations.
• Know why a 256‑bit AES key is stronger than a 128‑bit key and the performance trade‑off.
• Describe hybrid encryption and its two‑step process (session key + asymmetric encryption of that key).
• Identify each stage of the TLS handshake, the role of the pre‑master secret, and the master‑secret derivation formula.
• Explain the difference between IPsec AH (integrity only) and ESP (confidentiality + optional integrity) and the two modes (Transport vs Tunnel).
• Summarise PGP’s web‑of‑trust model and how it differs from the hierarchical PKI used by TLS.
• Describe the components of a digital certificate, how a CA’s signature creates trust, and how revocation is checked (CRL & OCSP).
• Outline basic key‑management concepts: generation, secure distribution, storage, rotation and the emerging need for quantum‑resistant algorithms.

11. Practice Questions

1. Explain why a 256‑bit AES key is considered more secure than a 128‑bit key, and discuss the practical implications for performance.
2. Given \(p = 61\), \(q = 53\) and \(e = 17\), calculate the RSA modulus \(n\), \(\phi(n)\) and the private exponent \(d\).
3. Describe the role of Diffie‑Hellman key exchange in establishing a TLS session key.
4. Outline the steps a client takes to verify a server’s digital certificate during a TLS handshake, including revocation checking.
5. Compare IPsec AH and ESP, and give an example scenario where each would be preferred.
6. Summarise how PGP’s web‑of‑trust differs from the hierarchical PKI model used by TLS.