Terms¶
links: Index
NIST Glossary
- The NIST maintains a comprehensive cybersecurity glossary: NIST Glossary
- Check actual recommendations for key length on Keylenght.com
AC1¶
Cryptographic Hash Functions
- SHA-1 (Merkle–Damgård construction)
- SHA-2 (Merkle–Damgård construction)
- SHA-3 (Sponge construction / Keccak)
- BLAKE (ChaCha)
KDF (Key Derivation Function)
MAC (Message Authentication Code)
- CBC-MAC (Block cipher based)
- HMAC (Hash-and-Mac based)
- Poly1305 & GMAC (Based on a universal hash family)
- KMAC (Based on Keccak. Also usable as a regular hash function without key)
AEAD (Authenticated Encryption and Associated Data)
- AES-GCM (Block cipher)
- ChaCha20-Poly1305 (Bernstein)
- Ascon (Sponge construction)
XOF (Extended Output Function)
- SHAKE & cSHAKE (Based on Keccak)
Random
- PRG (Pseudo Random Generator)
- PRNG (Pseudo Random Number Generator)
- Subset of PRG. Used interchangeably.
- CSPRNG (Cryptographically secure pseudorandom number generator)
- A PRNG that is safe for cryptographic use. (Assuming the seed is picked correctly)
- PRF (Pseudo Random Function)
- RNG (Random Number Generator)
- Some mechanism that produces random numbers
- TRNG (True Random Number Generator)
- An RNG that is based off of some unpredictable physical process.
IND-CPA
- Randomized Encryption
- AES-CBC (not Chained CBC mode!)
- AES-OFB
- AES-CTR
IND-CCA
- Authenticated Encryption / AEAD \(\rightarrow\) Non-Mallable
Naming Systems
- Cryptography in DNS (DNSSEC / DNSCurve / DoT / DoH / RAINS)
- Ethereum Name Systems
Secure Channel
- Authenticity & Repudiation!
- OTR (DSA & DH)
- Secure Channels#Triple Diffie-Hellman (3DH)|3DH (only DH)
Key Establishing
- Neumann-Stubblebine (Broken)
- Denning-Sacco
- Wide-Mouth Frog protocol
- Needham-Schroeder protocol
- Kerberos
- Otway-Rees protocol
- STS
Key Revocation
- CRL (x.509)
- OCSP / OCSP Stapling
- Controlled flooding
- Bloom Filter (BF / CBF / IBF)
- Set Union Protocol
Key Management
- PSE
- Shamir Secret Sharing (Polynominals)
- Anastasis (Key escrow and recovery)
- Threshold Signatures (FROST / FROSIX)
AC2¶
Math
- GCD (Greatest common divisor)
- Euler's Totient Function (\(\phi\))
- Fermat's Little Theorem (\(a^{p-1}\equiv 1 \quad (mod\; p)\))
- Euler's Theorem (\(a^{\phi(n)}\equiv 1 \;(mod \; n)\))
- Primitive Root
- Multiplicative Inverse
- Co-prime
- Safe prime (\(p = 2q+1\))
- Lagrange's Theorem (For sub groups)
- Miller-Rabin (Primality test)
- Algorithm of Euclid (Standard and extended)
- Square and Multiply
- Hardness Assumptions for Cryptography
- BSGS (Baby-Step-Giant-Step + Pollard's rho)
- Group, Ring and Field (differences)
- Embedding Degree
- Pairing
- Pairing-based cryptography
- Homomorphic Encryption (Make calculations on the ciphertext)
Notation | Description |
---|---|
\(\mathbb{Z}_n\) | Set of integers modulo n, called the ring of integers modulo \(n\). Consists of the integers \(\{0, 1, 2, ..., n-1\}\) |
Additive group \((\mathbb{Z}_n, +_n, −_n, 0)\) | |
\(\mathbb{Z}_n^*\) | Multiplicative group \((Z^∗_n, \times_n,^{−1} ,1)\) |
\(G_q ⊂ Z^∗_p\) | Subgroup \(G_q\) (If \(p\) and \(q\) are used prime numbers are implied) |
\(G\) / \(\mathcal{G}\) | Group notation \(\mathcal{G} =(G,◦,inv,e)\) |
\(F\) / \(\mathcal{F}\) | Field notation \(\mathcal{F} = (F,+,−,0,×,^{−1} ,1)\) |
\(E_{a,b}(F)\) | Elliptic curve over a field with curve parameters \(a\) and \(b\) |
- Generators: {\(3,4,9,16\)} are always a generator
Adversary Model / Security Model
- in Public-Key cryptography, CPA-Security is the minimum (PK is public!)
- CCA1 (non-adaptive): adversary gets \(c\) after asking oracle
- CCA2 (adaptive): adversary get \(c\) before asking oracle
Public-key cryptosystems
- DH (Key exchange)
- ElGamal (encryption)
- RSA (encryption)
- RSA (signature)
- Blind Signatures (with RSA)
- Schnorr (signature)
- DSA (signature)
- BLS (signature)
Certificates
- X.509 (Format of public key certificates)
- CA (Certification Authority)
- OCSP (Online Certificate Status Protocol)
- DANE (DNS-Based Authentication of Named Entities)
- DNSSEC
- HPKP (HTTP Public Key Pinning)
- HSTS (HTTP Strict Transport Security)
Secure Channels / Messaging
- TLS (Transport Layer Security)
- SMTP (Simple Mail Transfer Protocol)
- MIME (Multipurpose Internet Mail Extensions)
- S/MIME (Secure/Multipurpose Internet Mail Extensions)
- Forward secrecy (past stays secret)
- Future secrecy (future will stay secret)
- SCIMP (Silent Circle Instant Message Protocol)
- Signal Protocol
Anonymity
- Anonymity (Different aspects of anonymity)
- Trilemmas (achieve 2 out of 3 goals)
- Sybil attack (many fake identities)
- Eclipse attack (separate nodes from each other)
- Poisoning attack (nodes provide false information)
- Timing attack (latency, delay, timestamps)
- Boyd's Theorems (about secure communication)
- Zfone Authentication (extend DH stuff and call each other)
- Self stabilisation (system that recovers it self)
- SMC (Secure Multiparty Computation. Jointly compute something but private)
- Mixing (Mixing for emails mostly)
- TOR
- TOR Hidden Services
Decentralisation
- GPG (GNU Privacy Guard)
- Trust Model (TOFU, Web of Trust, Hierarchical Trust)
- Fog of Trust (Secure Web of Trust)
- DHT (Distributed Hash Tables and different approaches)
- GNS (GNU Name System)
- GNUnet
Taler
- Cut-and-choose (Zero knowledge proof)
- GNU Taler (Overview)
- Credit Card Surveillance
- Double Spending Problem
- Payto (Similar to mailto)
Offtopic
links: Index