
An Overview of Cryptography - miles
https://www.garykessler.net/library/crypto.html
======
galadran
"This scheme also provides nonrepudiation since it proves that Alice sent the
message; if the hash value recovered by Bob using Alice's public key proves
that the message has not been altered, then only Alice could have created the
digital signature."

This is a common misconception.

Just because a signature verifies under Alice's public key, it does not
necessarily imply Alice generated the signature. For many common signature
schemes, if Bob makes a signature using their public/private key, Alice can
produce a different private/public key such that Bob's signature will verify
under Alice's key.

Paper (we) wrote on the impacts of this:
[https://eprint.iacr.org/2019/779](https://eprint.iacr.org/2019/779)

~~~
arkadiyt
LetsEncrypt was vulnerable to this exact attack - it let people issue valid
TLS certificates for domains they didn't control:

[https://www.agwa.name/blog/post/duplicate_signature_key_sele...](https://www.agwa.name/blog/post/duplicate_signature_key_selection_attack_in_lets_encrypt)

~~~
galadran
We discuss this exact attack (and blog post) in Section 5.1 of the paper :).

IIRC: it was missed by both an academic analysis of LE and a 3rd party audit
of their crypto design. Thankfully Andrew spotted it a few weeks before they
went live in major browsers!

------
SilasX
I may be misunderstanding the author's use of terms here, but this seems wrong
(section 3.1):

> A block cipher is so-called because the scheme encrypts one block of data at
> a time using the same key on each block. In general, the same plaintext
> block will always encrypt to the same ciphertext when using the same key in
> a block cipher whereas the same plaintext will encrypt to different
> ciphertext in a stream cipher.

A block cipher will turn the same plaintext into the same ciphertext _only_ if
you're using it with the ECB mode; otherwise, the same plaintext in different
places with the same key will encrypt into different ciphertext.

If he means "key" in the sense of "final thing that gets XORed to make the
ciphertext", then that's true, but then it's equally true of stream ciphers as
well.

~~~
GordonS
I took this to mean "in the simple case" (which would be ECB), but the wording
could be improved here to make that clearer.

~~~
SilasX
Right, especially since a few paragraphs down, he introduces all the different
modes, including ECB.

~~~
GordonS
To me at least, it makes sense to introduce a complex topic gradually, in
stages. But regardless, I still agree that the wording in the paragraph you
called out could be improved for better clarity.

~~~
SilasX
Sorry to keep hammering on this, but ...

I don't know in what context it would be reasonable _even as a simplification_
to say that block ciphers are semantically insecure like that. Anyone who
listed that as a disadvantage to block ciphers should be regarded as confused,
not speaking from a big picture perspective.

Furthermore, even if you're going to explain it that way as a result of
building up the complexity gradually, you need to explicitly "unring" that
bell, e.g. "Earlier I said X, but actually Y...". This author didn't.

------
AllanHoustonSt
Cryptography was both my favorite topic in school and the one that cemented my
realization in that I wasn't good enough to do math for a living.

------
baby
Shameless plug: I’ve been writing my own introduction for
students/developers/consultants/... and you can read it online for free it
seems (or at least some chapters): [https://www.manning.com/books/real-world-
cryptography](https://www.manning.com/books/real-world-cryptography)

~~~
ShorsHammer
The Bleeding Edge section has much on the current status of post-quantum
attempts?

------
Beldin
Side note: Diffie-Hellman predates RSA. I attended a talk by Rivest once,
where he vividly described how that paper triggered them into exploring
whether public key crypto was really possible or not. They ended up
constructing RSA from those sessions.

------
ianstormtaylor
"In many of the descriptions below, two communicating parties will be referred
to as Alice and Bob; this is the common nomenclature in the crypto field and
literature to make it easier to identify the communicating parties. If there
is a third and fourth party to the communication, they will be referred to as
Carol and Dave, respectively. A malicious party is referred to as Mallory, an
eavesdropper as Eve, and a trusted third party as Trent."

I really love this naming system.

------
flowersjeff
Holy smokes - I 'ran' into this website a few weeks ago whilst cleaning up an
old computer.... and chuckled (my copy that I had saved on this computer
is/was old - lets just say that).

And then I chance upon it being talked about on HN. Small world and maybe the
universe is telling me something ;-)

------
marknadal
For those who want a conceptual, visual, cartoon explainer, check out our 1min
animated series: [https://gun.eco/docs/Cartoon-
Cryptography](https://gun.eco/docs/Cartoon-Cryptography)

------
namdnay
I strongly recommend “The Code Book” by Simon Singh. Really readable and very
informative!

~~~
kyteland
It's a great read if you're not too in depth on the topic and want an
overview, but it is badly in need of a modern revision that removes some of
the more speculative parts of the last chapter and replaces it with what
actually happened in the last 20 years.

------
devhwrng
Great paper! Given the write-ups of old and broken crypto, perhaps a better
title would be History of Cryptography?

~~~
ljhsiung
It does say at the top "originally written in 1998" and it was basically
amended over time, but regardless I still love learning about "historical"
views.

Example: A textbook from '95 had a pretty large section on "the future" of ECC
and "current" trends in research. It was interesting seeing what came true, or
what was still being worked on.

------
smbl64
Very interesting paper indeed.

Could be more appealing if the vanilla html was properly styled though.

~~~
ShorsHammer
I find it fairly decent, far better than the usual academic pdf anyway if
that's the standard most accept.

How would you improve the page?

~~~
beefhash
My personal tweaks:

body { font-size: 19px; width: 72ch; font-family: Charter; margin: 0 auto;
line-height: 1.4; }

and then remove the size= option on the <font> element.

------
bordapapa
This is such an awesome paper, thanks for posting it!

