Aiden A. Bruen - Cryptography, Information Theory, and Error-Correction

The signing process is merely the CA using its private key to encrypt some known data. The client may then use the CA's public key to decrypt this data and compare it to the known value. If they match, then it must have been the CA who actually signed the certificate.

There are three subprotocols to the TLS protocol: the handshake protocol , the change cipher spec protocol , and the alert protocol . The handshake protocol is used to negotiate the session parameters. The change cipher spec protocol is used to change the cryptographic parameters of a session. The alert protocol notifies the client or server of any error conditions.

The handshake protocol consists of a series of messages between the client and server to negotiate the cryptographic algorithms that will be used so as to provide confidentiality, message integrity, authentication, and replay protection. Symmetric keys and other session parameters are established. There are three phases to the handshake protocol:

1 Key exchange.The client sends a ClientHello message to the server. This message contains a random nonce, it notes which versions of TLS it supports, and it indicates which cryptographic protocols it can use.The server responds with a ServerHello message noting the version of TLS that will be used, and which cryptographic protocols will be used.The client and server exchange messages to determine shared keys and other cryptographic parameters.

2 Server parameters.In this (encrypted) phase, the client and server negotiate the other handshake parameters, including whether the client will be authenticated.

3 Authentication.In this (encrypted) phase, the server is authenticated. The client can be optionally authenticated as well.

As part of the establishment of keys during the TLS handshake protocol, a premaster secret , a master secret and the session keys are derived. The premaster secret depends on the key exchange method that is agreed upon by the client and server, and the version of TLS that is being used. The premaster secret together with values contained in the ClientHelloand ServerHellomessages are used in a pseudorandom function to compute the master secret. Session keys are derived from the master secret. These session keys are used to provide a secure channel for the client and server to communicate with each other. For further details, see [MC19] and [Res18].

When the client and server share the same secret key (in this case, the session keys), they may use a fast symmetric algorithm to communicate. When the two parties are finished communicating, then the session keys are forgotten, and would have to be regenerated for further transactions.

Pretty Good Privacy(or PGP) is a computer program which provides cryptographic privacy and authentication. It is a patented technology created by Phil Zimmerman and owned by the PGP Corporation. PGP may encrypt any type of data but it is most commonly used for e‐mail.

OpenPGPis an open‐source (free) alternative standard for digitally signing and encrypting e‐mail. The most common implementation of OpenPGP is GPG, which stands for GNU Privacy Guard.

PGP and GPG are very similar in their uses and operation, but differ in the algorithms that they use. They both use algorithms such as RSA or Elliptic Curve cryptography (ECC) for asymmetric encryption but PGP uses patented symmetric encryption algorithms, while GPG uses public domain (free) algorithms.

Both programs may be used for encrypting/decrypting e‐mail and signing/authenticating messages.

Before using PGP or GPG, a user generates their own public key and private key pair. Then, the public key must be published so that others may access it. This may be done by putting it out on a website, sending out mass emails announcing the public key, or placing it on a key serverand associating it to an e‐mail address.

To send an encrypted message, the user decides on a symmetric algorithm and then the computer will generate a random key for use with this message. The message is encrypted using this key, and the key is encrypted using the intended recipient's public key. Both the message and the encrypted key are sent by e‐mail to the intended recipient. If the e‐mail is intercepted in this form, the eavesdropper shouldn't be able to read the contents, because they don't possess the proper private key to decode the session key, nor do they possess the session key to decode the message.

Upon receipt of an encrypted e‐mail, the user's computer will use his/her private key to decrypt the enclosed session key, and then will use the session key to decode the message. In many modern e‐mail programs that support PGP or GPG, this is done without the user knowing. That way, the user isn't inconvenienced by the added security, but will still enjoy the benefits of encrypted e‐mail.

Note that symmetric encryption is used for the actual message and asymmetric encryption is used for the key exchange. This is because symmetric cryptography is about 4000 times faster than asymmetric. That means that sending a large e‐mail with large attachments would take quite some time to encrypt if you only used RSA.

Just as the encryption algorithm for PGP and GPG are very similar to TLS, so is the authentication mechanism. A hash of the e‐mail message is encrypted with the user's private key, and then appended to the end of the message. Then when the e‐mail is received, the user's computer may decrypt this message with the sender's public key and check that the hash corresponds to the hash of the current message. This procedure may serve two purposes. It authenticates the original message sender (the person in possession of the private key used to encrypt the message hash), and it almost guarantees that the message wasn't altered since its signing since, with a strong enough hashing algorithm, it is highly unlikely that two messages hash to the same value.

For more information on the encryption of e‐mail, see “Trustworthy Email” by Rose et al., [RNGC19].

NotationIn some of the problems/solutions below, we used the notation introduced in this chapter. Recall that just means the remainder when is divided by . For example, . Later on, in Chapter 19we will also use the equivalent or mod notation.