The Symmetric Cryptographic Primitives

Published Date: 02 Nov 2017

The technical work presented in this thesis makes routine use of collection of crypto-logical tools. While it is beyond the scope of this dissertation to explain these in detail, it is important to present their capabilities, and limitations. Without going into the theory of cryptology (details can be found in [11, 12, 13]) we will concisely present the main primitives, and constructions that are used as basic building blocks in the systems presented in the next chapters.

3.1 Symmetric Cryptographic Primitives

In chapter 5, we make extensive use of hash functions, stream ciphers, and block ciphers. These primitives are quite classic in the sense that they predate the invention of public key cryptography. On the other hand we use them to provide properties that are not usual, like bitwise unlinkability, instead of secrecy. In this section we present each of them, and highlight the properties that are important.

3.1.1 Hash Functions

A cryptographic hash function is a function h(x) that takes an input x of arbitrary size, and returns a fixed output h(x) as output. Hash functions are assumed to be public; therefore given x anyone can compute h(x). The main desirable properties in a hash function are pre-image resistance, weak collision resistance and strong collision resistance.

Pre-image resistance means that given h(x) it is difficult to extract any bits of x.

Weak collision resistance means that given x it is difficult to find y such that h(x) = h(y).

Strong collision resistance means that it is difficult to find any x and y such that h(x) = h(y).

Pre-image resistance does not protect x if the domain over which it is defined can be exhaustively searched. It is called a dictionary attack if it can compute h(x) for all possible combination of x in order to find a match with h(y).

It can be shown that, if a hash function has an l-bit output, a value y with h(y) that matches a fixed h(x) can be found in O(2l). On the other hand it is much cheaper to find any two x and y such that h(x) = h(y) because of the birthday paradox, and takes O (√2l).

The output of main cryptographic hash function used in this work is the standard SHA-1 [53] is 160 bits long (20 bytes), and this algorithm offers good strong collision resistance properties (~280 hashes to break). As it is a National Institute of Standards and Technology (NIST) standard it is readily available in most implementations of cryptographic libraries and it is believed to be secure, since no known attacks have been published against it.

Since many protocols make heavy use of them, it is important to use variants of hash functions for operations within the protocols that have a different purpose. This stops some attacks that use one party in a protocol as an oracle that performs operations using hashed secrets. It is sufficient to prepend a well-known string to the hashed bit-string, h1(x) = h(‘1’; x) ,in order to construct a secure variant h1 of h. This creates differing hash functions quickly and cheaply.

3.1.2 Pseudo-random functions: stream ciphers

A pseudo-random function, or stream cipher s takes a fixed length key k and generates an infinitely long (in theory) string of bits s(k). Some properties of a stream cipher are:

Key secrecy means that given some of the output of the stream cipher s(k) it is difficult to infer anything about the key k.

Pseudo-randomness means that for any party that does not know the key k, the output s(k) of the cipher, is indistinguishable from a truly random bit-string.

In order to generate the cipher text, stream ciphers can be used to provide secrecy by XORing the output of the cipher with plaintext. Such a scheme does not protect the integrity of the plaintext, since the adversary can XOR into the cipher text any bit-string that will be XORed with the plaintext after decryption. Such attacks are called attacks in depth.

Stream ciphers can be considered as the poor man's one time pad [14].That is because even a short secret is sufficient to generate a long pseudo-random stream. The drawback is that the stream generated from a stream cipher does not provide plausible deniability, namely the ability to claim that any plaintext was encrypted. An adversary could compel a user to reveal their keys, and check that the key stream is indeed generated from them. Since the key is shorter than the stream generated, it is impossible to find a key generating any random stream.

3.1.3 Random permutations: block ciphers

A block cipher generates l (called the block length) bit-string called the cipher text on taking a secret key and a plaintext bit-string of length l as input. The mapping between the inputs and outputs of a block cipher is a secret permutation of the l-bit space, for a given key k. For this reason, the operation of a block cipher can be "undone", by a decryption operation that takes the key k and a cipher text and outputs the original plaintext. The main properties of a block cipher are: No operation leaks the key, means given any number of known pairs of plaintext and cipher text an adversary cannot extract the key k and this is said to be Key secrecy.

Permutation pseudo-randomness means that given any number of pairs of known plaintext and cipher text it is not possible for the adversary to infer any other mappings of the random permutation.

High quality AES (Advanced Encryption Standard) [15] implementations are available in most cryptographic libraries and there are no known plausible attacks, being a NIST standard. AES takes keys of 128, 192 or 256 bits in length, and acts on blocks of 128 bits.

3.2 Cryptographic constructions

Beyond the primitives themselves, some standard ways of combining them are frequently used.

3.2.1 Block cipher modes

A block cipher can be used to encrypt a single block of text, but encrypting multiple blocks requires special attention. A set of special modes has been designed to perform such operations, each with different properties. The ones that are relevant to our research are briefly presented. We denote as Pi the ith block of plaintext and Ci the ith block of cipher text. The block cipher encryption operation is denoted by Ek and decryption by Dk, where k is the key.

Electronic Code Book (ECB) mode just divides the message to be encrypted into blocks, the size of the block length of the cipher, and encrypts them separately.

Ci = Ek [Pi] (3.1)

Cipher Block Chaining (CBC) mode divides the plaintext into blocks and transforms the encryption of the previous block into the plaintext before it is encrypted by applying XOR operation. The first block transmitted is a randomly chosen initialization value (IV), to make sure that repeated messages look different to someone who does not have the key.

C0 = IV (3.2)

Ci = Ek [Ci Pi] (3.3)

A notable point here is that while the encryption in CBC is sequential the decryption can be performed in random order. For the same reason errors in the cipher text do not propagate beyond the block that contains the error itself and the next block. Because of the randomized encryption, yielding different cipher texts for the same key and plaintext, and the good protection of confidentiality, CBC is one of the most popular encryption modes.

Block cipher is turned into a random function (stream cipher) by Counter mode. An initialization vector is chosen at random and transmitted in clear. Then blocks containing the ‘IV’ XORed with a counter are encrypted, to generate the stream that will be XORed with the plaintext.

C0 = IV (3.4)

Ci = Pi Ek [IV i] (3.5)

Counter mode does not propagate errors, except if they are in the IV. A careful reader will note that decryption of the message uses the encryption operation of the block cipher again and the decryption of the block cipher is not needed. One could be tempted to replace the block cipher with a hash function containing the key and the XOR of the IV and the counter under these circumstances.

3.2.2 Large block ciphers: BEAR

In order to avoid having to choose a block cipher mode, an alternative is to construct a block cipher large enough to encrypt the whole message as one block. This has the advantage that the error propagation is total and unpredictable, in case the cipher text is modified. An adversary will not be able to guess, with probability better than random, any of the resulting bits of plaintext. BEAR [16] is a construction proposed by Anderson and Biham that builds such a block cipher from a hash function h(x) and a random function s(k). Luby-Rackoff's [17] theorem proves that such a construction is secure against chosen cipher texts and plaintext attacks. BEAR is an unbalanced Feistel structure [18], which divides the block into the left hand size whose length is the key size of the stream cipher |sk| and a right hand side of arbitrary length l-|sk|.

(L|sk| , Rl-|sk| ) = M (3.6)

Lêž‹ = L|sk| h(R l-|sk| K1) (3.7)

Rêž‹ = R l-|sk| s(Lêž‹) (3.8)

Lêž‹êž‹ = Lêž‹ h(Rêž‹ K2) (3.9)

return (Lêž‹êž‹,Rêž‹) (3.10)

An attack is presented in [19] against the key schedule in the original BEAR paper. It can be fixed by making the sub keys K1, K2 used equal to the master key K. That way the decryption operation is the same as the encryption operation. An important feature of BEAR is its all-or-nothing nature. Until all the bits of cipher text are known, none of the plaintext can be retrieved. Furthermore, if any cipher text is modified by an attacker, without knowledge of the key the message will decrypt into a random stream. In many cases even a key-less (or with a fixed globally known key) BEAR transform can be used.

For example, performing a key-less BEAR transform on a whole message, and then encrypting the first block using a block cipher, or by XORing a random value into it, guarantees the confidentiality of the whole message. Similar schemes can be constructed with asymmetric ciphers. Generally, a rule of thumb when reasoning about BEAR is that every bit of the plaintext depends on every bit of the cipher text, and vice versa. All bits of the cipher text and plaintext also depend on all bits of the key when encryption or decryption operations are performed. Modification of any of these will cause an unpredictable stream as output. Constructions with similar properties are described by Rivest as all-or-nothing transforms [20] and their use is discussed in [21].

3.2.3 Message authentication codes for integrity

A message authentication code (MAC) is a short bit-string that is derived from a message and a key. The parties with the key can compute the MAC, which also allows them to verify it, while a valid MAC cannot be distinguished by the parties without the key, from a random one. There are many possible constructions of MACs. Two of them are presented here:

A block cipher in CBC mode can be used to compute a MAC. The initialization vector is set to a globally known value (usually a string of zeros) and only the last block of the CBC cipher text is kept as the MAC. Using AES would result in a 128 bit MAC.

A hash function can be used to compute a MAC by appending or pre-pending the key to the text to be checked.

HMACk(x) = h(k; x; k) (3.11)

It is important to append the key at the end since this prevents an attacker using implementation specifications of SHA-1, to update the message and the MAC, therefore producing a valid MAC without knowing the key [22].

While a MAC can be used by any of the parties sharing the key to assure themselves that another party knowing the shared key has authenticated the particular message, they cannot prove this to a third party. In particular if a symmetric key is shared by Alice and Bob, it is not possible for Alice to show a message with a MAC to Charlie, a third party, and convince him that it originated from Bob. Since the key is shared, Alice could equally have constructed the message and the valid MAC. It needs usage of some form of digital signature in order to convince third parties of the authenticity of messages, and prove that they originated from a particular principal. Therefore the difference between digital signatures and MACs is that the former provide non-repudiation. As argued in Mike Roe's thesis [23], one could consider the complementary property to be plausible deniability, which will be discussed in detail in section 3.4.

3.2.4 SHA-1 Algorithm///

SHA-1 (Secure Hash Algorithm) is a most commonly used from SHA series of cryptographic hash functions, designed by the National Security Agency of USA and published as their government standard. SHA-1 produces the 160-bit hash value. Original SHA (or SHA-0) also produce 160-bit hash value, but SHA-0 has been withdrawn by the NSA shortly after publication and was superseded by the revised version commonly referred to as SHA-1. The other functions of SHA series produce 224, 256, 384 and 512 bit hash values.

Pseudo code For SHA-1 Algorithm:

Initialize variables:

h0 = 0x67452301

h1 = 0xefcdab89

h2 = 0x98badcfe

h3 = 0x10325476

h4 = 0xc3d2e1f0

Pre-processing:

append the bit '1' to the message

append 0 ≤ k < 512 bits '0', so that the resulting message length (in bits) is congruent to 448 (mod 512)

append length of message (before pre-processing), in bits, as 64-bit big-endian integer

Process the message in successive 512-bit chunks:

break message into 512-bit chunks

for each chunk

break chunk into sixteen 32-bit big-endian words w[i], 0 ≤ i ≤ 15

Extend the sixteen 32-bit words into eighty 32-bit words:

for i from 16 to 79

w[i] = (w[i-3] xor w[i-8] xor w[i-14] xor w[i-16]) left rotate 1

Initialize hash value for this chunk:

a = h0

b = h1

c = h2

d = h3

e = h4

Main loop:

for i from 0 to 79

if 0 ≤ i ≤ 19 then

f = (b and c) or ((not b) and d)

k = 0x5A827999

else if 20 ≤ i ≤ 39

f = b xor c xor d

k = 0x6ED9EBA1

else if 40 ≤ i ≤ 59

f = (b and c) or (b and d) or (c and d)

k = 0x8F1BBCDC

else if 60 ≤ i ≤ 79

f = b xor c xor d

k = 0xCA62C1D6

temp = (a leftrotate 5) + f + e + k + w[i]

e = d

d = c

c = b leftrotate 30

b = a

a = temp

Add this chunk's hash to result so far:

h0 = h0 + a

h1 = h1 + b

h2 = h2 + c

h3 = h3 + d

h4 = h4 + e

Produce the final hash value (big-endian):

digest = hash = h0 append h1 append h2 append h3 append h4

3.3 Asymmetric cryptographic primitives

To perform encryption and decryption or authentication and verification, all the keyed primitives in the previous section require keys to be shared between Alice and Bob. In this section we present asymmetric cryptographic primitives that rely on pairs of private and public keys.

3.3.1 Diffie-Hellman exchange

In [24] Whitfield Diffie and Martin Hellman presented for the first time in public, a system that allowed two participants to establish a shared secret, using only publicly available information. The Diffie-Hellman exchange bases its security on the difficulty of the discrete logarithm problem in a finite field.

In the case of integers, it is trivial to compute E = gx mod p for a prime p, a generator g and a random number x. However, it is computationally very difficult to determine x by computing the logarithm x = logg E mod p. In other words, modular exponentiation can be thought as being a one way function with special properties.

To perform a Diffie-Hellman exchange Alice and Bob share g and p that are public parameters of the crypto-system. These can be reused, and are globally known. Alice chooses a random string x, her private key, computes gx mod p and publishes it as her public key. Bob does the same with his private key y and computes the public key gy mod p. Both can then exchange their public keys, or simply publish them, and can compute the shared key gxy mod p. This shared key can be used with any of the primitives described in the previous section to protect the confidentiality and integrity of their communications.

Asymmetric or public key cryptography does not totally solve the problem of secure key distribution. It simply transforms it to an integrity problem, from a confidentiality problem. Alice must be sure that what she thinks is Bob's public key is indeed Bob's public key; otherwise she could be talking to someone else, such as the eavesdropper. Public key infrastructures [26], public key registers [25], and webs of trust [27] have been proposed to solve this problem. The Diffie-Hellman crypto-system, and other systems based on discrete logarithms have a feature: from public information and a strong pass-phrase, the private key can be easily generated. Since it can simply be regenerated when a user needs to use it, there is no need to ever store a private key. The public key can also be trivially recomputed given the secret pass-phrase and the public parameters of the system.

3.3.2 The El Gamal encryption system

The Diffie-Hellman scheme allows two parties to share a symmetric key. El Gamal developed a system that allows the exchange of encrypted messages [28]. The public key y = gx mod p is used for encryption and the private key x is used for decryption. Bob picks a random secret k, and encodes it in the following way, if he wants to send a message M to Alice.

C = (a, b) = (gk mod p, ykM mod p) (3.12)

The first term a can be seen as the ‘hint’ that allows Alice to compute the session key gkx to unblind the second term b using division. El Gamal is a randomized encryption scheme that produces different cipher texts for the same plaintext, to the different session secrets k used. Its main drawback is that the size of the cipher text is always the double of the size of the plaintext.

Blinding and re-encryption are two important operations that can be done to an El Gamal cipher text without the knowledge of the key. These are used extensively in robust and verifiable mix constructions. Blinding is performed by raising a cipher text (a,b) to a power d, resulting in (ad, bd). As a result the plaintext M is also raised to this power, and will be Md. Since p is prime, it is trivial for someone knowing d to recover the plaintext M, but very difficult for anyone else.

Re-encryption uses multiplication instead of exponentiations. The factors (gd ,yd) are multiplied with the cipher text, resulting in (gda,ydb). The decryption operation will still output the plaintext M. The ability to change the cipher text in a way that is not predictable is used in many constructions to provide the bitwise unlinkability necessary to build mix systems.

3.3.3 The Rivest-Shamir-Adelman crypto-system

The RSA crypto-system [29] relies on the difficulty of factoring composites of large primes to provide its security.

A composite n = p x q is computed, and made public, while the two primes p and q are kept secret.

A value e where 1 < e < (p-1)(q -1) is chosen at random, and

d such that d x e = 1 mod (p-1)(q-1) is efficiently calculated.

The public key is (e, n), while (d, n) is the secret key.

To encrypt a message M for the public key (e, n) one simply performs an exponentiation modulo n. The cipher text is therefore Me mod n.

To decrypt, the message is simply raised to the power of the decryption key, Med mod n = M mod n.

Digital signatures can also be implemented. The public verification key is denoted (v, n) while the signature key is (s). The verifier checks the signature by raising it to the power v after the signer has raised the message to be signed to the power s. All operations are performed modulo n. Digital signatures provide integrity properties and non-repudiation properties: if Bob’s public key is well known, Alice can prove to a third party that Bob has signed a message. Often this property is not desirable but for technical reasons other integrity primitives, such as message authentication codes, cannot be used. One can adapt protocols using digital signatures to provide plausible deniability by publishing the private keys as the last step of the protocol.

Chaum invented in [2] a way to provide a valid signature on an unknown plaintext. This can be used to provide unlinkable credentials, special forms of which can be used to construct electronic coins. The setting is simple. Alice wants to make Bob, who controls a key pair (s, n), (v, n), sign a message M, but does not want Bob to be able to link the message M with Alice. Alice can choose a random nonce b and submit to Bob the cipher text bvM mod n. Bob can then perform the normal RSA signature operation and return (bvM)s mod n = bMd mod n. Alice knows b and can therefore get a valid signature Md mod n just by dividing the returned value. This property can be used to build anonymous credential systems or to attack protocols that use "raw" RSA.

3.3.4 Strengthening the primitives

Soon after the introduction of the public key techniques described, it was realized that by themselves they were not as secure as conventional "encryption". In particular the mathematical structure that they relied upon could be used to mount adaptive active attacks, blinding and re-encryption, to leak information about the plaintext. A lot of research has focused on trying to formally define security for encryption, and to try and minimize the potential leakage of information out of public key encryption systems. Semantic security [30] means that no useful information can be extracted from the cipher text about the plaintext. Chosen cipher text security means that no information about the plaintext can be extracted if modified cipher texts are submitted to a decryption oracle. This is quite close to the idea of plaintext-aware encryption that detects any modification to the plaintext. Sometimes this property is also called non malleability [31]. Technically these constructions pre-process the plaintext to give it a particular structure. Luby-Rackoff structures are used to distribute each bit of information across all other bits, so that all or none of the plaintext can be recovered. Hashes are also used to check the integrity of the message.

The PKCS#1 [32] standard defines the Optimal Asymmetric Encryption Procedure (OAEP [33]) that should be used when encrypting with RSA. Another issue relevant to anonymity engineering is that encrypting with an asymmetric crypto-system might not leak any information about the plaintext, but could leak information about the public key used. Systems that effectively hide the public key used to perform the encryption are called key private [34].

3.4 Plausible deniability

Plausible deniability is the security property which ensures that a principal cannot be linked to some action with an appropriate level of certainty. The level of certainty used is usually beyond reasonable doubt in the case of a criminal court, on the balance of probability in a civil court. Michael Roe [23] argues that plausible deniability is the complementary property of non-repudiation, the inability to deny that an action has been associated with a principal, or the ability to prove to third parties that an action was linked to a principal.

3.4.1 Deniable encryption

Plausibly deniable encryption is the inability to prove that a particular cipher text decrypts to a particular plaintext. A system that provides perfectly deniable encryption is the one time pad. Since the key is as long as the plaintext and cipher text, a key can always be constructed to decrypt any cipher text to any plaintext. Furthermore the key provided will be indistinguishable from noise, and therefore any other possible key that might have been used. It is important to notice that under compulsion the sender and the receiver should release the same fake key, leading to some fake plaintext, otherwise they might be uncovered. This might be difficult to arrange if the cipher text has not yet reached the receiver.

From the example above it should be clear that the mathematics, and the procedures, surrounding such systems must be carefully designed to yield plausible outcomes. Furthermore what is plausible is not simply the result of the mathematics, but also made plausible by the fact that the human procedures around them are plausible.

A system that does not simply make the content of messages deniable but allow one to deny their presence have been developed by Clayton and Danezis [35]. Chaffinch is a system that supports the presence of many streams of data, hidden within each other. It follows closely chaffing and winnowing introduced by Rivest [36, 37]. The principal idea behind Chaffinch is that streams of data are made to look like noise using an all-or-nothing transform, and then are multiplexed together. A cover message that can be revealed under compulsion is always included to make the act of communication itself plausible. It is impossible for an adversary not knowing the keys to un-wrap the other channels and tells if any further messages are present or not. The intended recipient can always untangle the streams by recognizing the labels of packets within the stream using different secret keys. An interesting feature of Chaffinch is that the keys are necessary for decoding streams, but any third party can mix streams without directly knowing them. An equivalent system for storage, instead of transmission, is the steganographic file system, as proposed in [38] and implemented in [39]. Again, a user stores files indexed as tuples of file names and keys. An adversary that does not have a key cannot find out if a particular file is present in the file system or not. While the system works very well against an adversary that just gets one snapshot of the file system, it does not protect against an adversary that gets many snapshots at different times, and compares them to find differences. Such an adversary will query the user of the system until all the differences that are due to file insertions are explained. In [40, 41] some deniable public key encryption schemes are presented. It is also argued that deniable encryption is an important element of receipt-freeness that is necessary to build fair election schemes. An attempt to generalize plausible deniability to general multi-party protocols is made in [41]. These aim to avoid transforming the party's inputs and outputs into un-forgeable commitments, which would allow an adversary with coercion powers to check any answers given under compulsion.

3.5 Forward security

Forward security guarantees that after a certain time, or protocol step, none of the security properties of the current state of the system can be violated. Forward security relies heavily on securely deleting information such as key material. Ross Anderson points out in [42] that forward security is deceptive. He argues that the term would better be suited to describe the property of a system to become secure in the future, after it has been compromised. We shall call this property self-healing, and define it as the ability of a system to regain its security properties after an attack, given that the attack has ceased. In practice this property raises the cost of an attacker, and usually forces them to be on-line all the time, recording all the communications as they happen and duplicating all computations. Performing key update at regular time intervals is the simplest way to achieve forward secure confidential communications. Through this updates we can transform the secret shared key using a one way function, such as a cryptographic hash function, and then makes sure that the old keys are deleted. Though hashing the key using SHA-1 would be sufficient, another commonly used technique is to encrypt the key of a block cipher under itself and use the resulting cipher text as the new key. As the transform is one way, an adversary that captures the current key read any previous communications. The ephemeral Diffe-Hellman exchange provides forward secure encryption, without the need to previously share any secrets. Alice and Bob simply compute some fresh public keys and exchange them. They securely delete their respective private keys, as soon as they have generated the shared key. The session key can be used to exchange confidential messages, and periodically key updating can be performed as described above. Note that such a scheme is open to man in the middle attacks, unless digital signatures are used to sign the ephemeral public keys exchanged. All the plaintext transmitted in the channel is hashed instead of just hashing the session key to perform the key updating operation, to generate the new session key. Therefore, even if an attacker gets access to the key, they will have to monitor all communications, and recomputed all the keys in order to maintain their ability to eavesdrop on the channel. SSL and TLS can be made to behave like this. In the same paper Anderson also introduces the concept of forward secure digital signatures. These behave exactly like digital signatures but provide a way of updating the secret signing keys and public verification keys so that signatures in past epochs cannot be forged. A number of such schemes have since been proposed [43, 44, and 45]. A similar idea has been proposed for asymmetric encryption schemes. Forward secure encryption techniques usually make use of identity based schemes, and modify them to provide a succession of public and private keys. Details of such schemes are presented in [46, 47, and 48]. The intrusion-resilience and key-insulation properties discussed in these papers are very similar to self-healing described above. Some work has also been done on using forward secure techniques to detect corruption of signatures [49] or server logs [50] after a successful attack that has leaked private information.

3.6 Conclusion

In this chapter we presented a selection of symmetric and asymmetric cryptographic primitives of particular significance to anonymity systems.