Skip to content

Instantly share code, notes, and snippets.

@AndyNovo

AndyNovo/crypto_roadmap.md Secret

Last active December 1, 2021 22:38
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AndyNovo/f002ad0e9eef2b7912818bdd9d26f3d6 to your computer and use it in GitHub Desktop.
Save AndyNovo/f002ad0e9eef2b7912818bdd9d26f3d6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
crypto_roadmap.md

Major topics in Crypto:

Historical Ciphers

These are classic crypto ciphers that are easy to break with a computer.
The reason they are worth studying is that they show you where the lines are between "easy for a human" and "hard for a human" and "easy for a computer" and "hard for a computer". They also highlight the need for public-testing of your crypto-schemes and honoring "Kerckhoffs' law". It is also amusing to combine them and push the limit of what is "easy for a computer" in order to thumb your nose at too legalistic of a person.

  • Caesar
  • Vigenere
  • Substitution
  • Pigpen
  • Railway
  • Column Transposition
  • Playfair
  • Hill

Pseudo-Random Number Generators

Randomness is crypto

  • The C random number generator
  • LCG (Minecraft seed cracking)
  • LFSR
  • Mersenne Twister (Python's RNG)
  • Salsa20
  • DIY PRNGs

One-Time Pad

This is the only historical cipher that is kind of still in use. To understand how it is both perfect and flawed is the perfect stepping stone from historical crypto into modern crypto. In studying the one-time pad you should look into Claude Shannon's formulation of Perfect Secrecy and the attack modes:

  • XOR XOR XOR (ROX)
  • Given Ciphertext
  • Known Plaintext
  • Chosen Plaintext
  • Chosen Ciphertext
  • Chosen Key
  • Multiple X where X is one of the above

Block and Stream Ciphers

These are the ways that we take the One-Time pad and we make it actually work in a modern setting.
This is the workhorse of modern cryptography encrypting the vast majority of the world's internet traffic (and even being used for ransomware). Knowing AES is probably enough although being aware of the names triple DES, RC4, and Salsa20 are healthy. More important than the specific block cipher is knowing the modes for block ciphers and their pros/cons:

  • ECB (the worst mode)
  • CBC
  • OFB
  • CTR
  • GCM
  • Bonus knowledge: IV/Nonce as a concept
  • Padding Oracle

Hashing, Passwords, Authentication

Hashes are one-way functions that we use for validating that someone has certainly input some secret knowledge.
This is how passwords and anti-tampering algorithms work:

  • Salt (pepper)
  • Stretching
  • HMAC
  • Forgeries
  • Collisions
  • Hash Extention Attack

Public-Key Crypto

Very distinct from those are the public-key schemes, I'm out of time so here they are:

  • Diffie-Hellman (Pohlig-Hellman attack)
  • Man-in-the-middle Attack (PKI: Public-key infrastructure, certificates, etc)
  • RSA (Coppersmith, Weiner, and various other attacks)
  • Elliptic Curve Crypto (singular curves, Pohlig-Hellman returns, Hensel Lifting)
  • Post-Quantum (Lattice based: Ring-Learning With Errors)

Secret Sharing

  • Shamir's Secret Sharing Scheme, or just issue shares with XOR
  • shares are f(x_i) = y_i you get to know (x_i, y_i) f is a polynomial the secret if f(0) the degree of the polynomial is k the number of shares is n >= k+1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment