WEBVTT 1 00:00:00.120 --> 00:00:04.040 Welcome to the deep Dive. Today, we're jumping straight into 2 00:00:05.240 --> 00:00:09.480 the really crucial world of cryptography and network security. That's right, 3 00:00:09.880 --> 00:00:11.839 We've got a whole bunch of information here, and our 4 00:00:11.880 --> 00:00:14.800 goal is really to give you the essential understanding, you know, 5 00:00:14.919 --> 00:00:18.039 how our digital lives are protected without getting bogged down 6 00:00:18.079 --> 00:00:22.440 in complexity. We'll explore everything from the basic mac behind 7 00:00:22.519 --> 00:00:27.679 encryption to the measure securing modern networks and well the cloud. 8 00:00:27.800 --> 00:00:29.359 Yeah, and to really get under the hood, we've been 9 00:00:29.359 --> 00:00:33.479 looking at a pretty comprehensive textbook. It's actually aligned with 10 00:00:33.520 --> 00:00:36.359 the ACMIE Computer Science standards. 11 00:00:36.479 --> 00:00:37.359 Oh interesting, and. 12 00:00:37.320 --> 00:00:41.280 It really highlights how fundamental information security is today. So 13 00:00:41.320 --> 00:00:44.159 we're trying to pull out those key concepts relevant whether 14 00:00:44.159 --> 00:00:47.119 you're say a tech professional or just curious about how 15 00:00:47.159 --> 00:00:48.439 this all works exactly. 16 00:00:48.520 --> 00:00:50.600 So if you've ever wondered about the you know, the 17 00:00:50.600 --> 00:00:53.359 secret math keeping your data private online or the different 18 00:00:53.359 --> 00:00:56.000 ways your information is shielded, then yeah, this deep dive 19 00:00:56.079 --> 00:00:56.520 is for you. 20 00:00:57.000 --> 00:00:59.640 We want to make these complex topics clear, maybe even 21 00:01:00.320 --> 00:01:02.320 share a few surprising facts so you walk away with 22 00:01:02.359 --> 00:01:04.040 some real aha moments. 23 00:01:04.159 --> 00:01:04.640 Hopefully. 24 00:01:04.920 --> 00:01:08.959 Okay, let's dive in right at the beginning. Number theory Okay, 25 00:01:09.439 --> 00:01:10.120 So at. 26 00:01:10.000 --> 00:01:13.359 The heart of well, a lot of modern cryptography is 27 00:01:13.439 --> 00:01:16.400 number theory. We can kick things off with divisibility and 28 00:01:16.439 --> 00:01:19.719 the Euclidean algorithm. Right, This gives us a really efficient 29 00:01:19.760 --> 00:01:22.799 way to find the greatest common divisor of two numbers. 30 00:01:22.959 --> 00:01:26.879 Okay, finding the GCD seems mathematical, but how does it apply. 31 00:01:27.359 --> 00:01:30.680 Well, it might sound purely academic, but it's actually surprisingly 32 00:01:30.719 --> 00:01:36.719 important in various crypto techniques. Think key generation and calculations 33 00:01:36.719 --> 00:01:37.920 in modular arithmetic. 34 00:01:38.200 --> 00:01:42.599 Ah. Right, And speaking of modular arithmetic, that's all about remainders, 35 00:01:42.640 --> 00:01:43.480 isn't it exactly? 36 00:01:43.560 --> 00:01:45.680 It's where you focus on the remainder after division. Like 37 00:01:45.719 --> 00:01:48.120 a clock, you know, after twelve you wrap around back 38 00:01:48.159 --> 00:01:51.079 to one. Okay, numbers wrap around after hitting a certain 39 00:01:51.159 --> 00:01:53.640 value the modulus. So like if you calculate eleven to 40 00:01:53.640 --> 00:01:55.799 the power of seven and then divide by thirteen, the 41 00:01:55.799 --> 00:01:59.159 remainder you get is two one seventeen mod thirteen is two. 42 00:01:59.480 --> 00:02:02.640 Right. Wrapping around is key, it really is. It seems simple, 43 00:02:02.799 --> 00:02:05.280 but it's what makes certain operations easy one way but 44 00:02:05.400 --> 00:02:09.240 incredibly hard to reverse. And that asymmetry that's a core 45 00:02:09.360 --> 00:02:13.080 principle for secure communication and crypto, got it, And this 46 00:02:13.199 --> 00:02:16.599 whole idea sets the stage for prime numbers. 47 00:02:16.280 --> 00:02:18.360 Which everyone knows are important right now, number is only 48 00:02:18.400 --> 00:02:19.400 divisible by one, and. 49 00:02:19.360 --> 00:02:24.360 Themselves fundamental, absolutely fundamentally crypto. Their unique properties make them 50 00:02:24.599 --> 00:02:27.360 perfect building blocks for keys and algorithms. 51 00:02:27.400 --> 00:02:30.479 Okay, now here's where it gets maybe a bit more complex, 52 00:02:31.080 --> 00:02:33.280 fermats and Euler's theorems. 53 00:02:32.960 --> 00:02:37.280 Right, powerful stuff. Euler's theorem uses something called Eiler's totient function, 54 00:02:37.680 --> 00:02:40.120 often written five N or fn. 55 00:02:40.400 --> 00:02:41.400 And what does that function do? 56 00:02:42.120 --> 00:02:44.960 It basically counts how many positive integers up to a 57 00:02:44.960 --> 00:02:47.240 given number and don't share any common factors with n 58 00:02:47.319 --> 00:02:50.199 apart from one. Okay, and the kind of interesting property 59 00:02:50.280 --> 00:02:53.240 is that fn is always even if n is bigger 60 00:02:53.280 --> 00:02:56.520 than two. Sounds abstract, I know, yeah, a bit, but 61 00:02:56.759 --> 00:02:59.879 it actually has real implications for how cryptosystems are designed 62 00:03:00.240 --> 00:03:01.599 and analyzed. 63 00:03:01.759 --> 00:03:02.199 Interesting. 64 00:03:02.400 --> 00:03:05.400 Okay, these theorems, they lead us towards discrete logarithms. 65 00:03:05.599 --> 00:03:08.439 Discrete logarithms. What's the core idea there? 66 00:03:08.520 --> 00:03:13.520 Okay? Imagine an equation hy equal g to the power 67 00:03:13.520 --> 00:03:16.759 of x, all done modulo p, where p is a prime. 68 00:03:17.319 --> 00:03:20.560 If you know g x and P, finding why is easy, 69 00:03:21.000 --> 00:03:25.800 straightforward calculation. But the reverse problem finding x exactly if 70 00:03:25.840 --> 00:03:28.680 you know YG and P, trying to figure out that 71 00:03:28.800 --> 00:03:33.800 original exponent X is generally incredibly difficult, computationally hard. 72 00:03:33.919 --> 00:03:37.479 Ah, and that difficulty is the security that's the bedrock 73 00:03:37.719 --> 00:03:39.000 for many modern systems. 74 00:03:39.439 --> 00:03:42.639 It's a hard problem, much like factoring very large numbers, which, 75 00:03:42.960 --> 00:03:44.840 as we'll get to, is key for RSA. 76 00:03:45.120 --> 00:03:47.960 Okay, so those are the mathematical foundations. Let's move into 77 00:03:48.000 --> 00:03:51.759 symmetric ciphers now, starting with maybe the classical. 78 00:03:51.240 --> 00:03:52.520 Techniques sounds good. 79 00:03:52.560 --> 00:03:56.479 So first off, what makes us cipher symmetric? In simple terms, 80 00:03:56.639 --> 00:03:57.199 the key. 81 00:03:57.120 --> 00:04:00.000 Thing that defining characteristic is that you use the same 82 00:04:00.080 --> 00:04:03.520 secret key for both encryption scrambling the message and decryption unscrambling. 83 00:04:03.639 --> 00:04:06.319 Okay, one key does both jobs like a safe. 84 00:04:06.120 --> 00:04:08.479 Key, precisely, lock and unlock with the same key. 85 00:04:08.639 --> 00:04:10.960 Makes sense. So what were some of the early ways 86 00:04:11.000 --> 00:04:12.800 people use this single key. 87 00:04:13.080 --> 00:04:17.839 Well, classical methods mostly fall into two buckets, substitution and transposition. 88 00:04:18.319 --> 00:04:20.839 Substitution that like replacing letters. 89 00:04:20.639 --> 00:04:25.040 Yeah, basically replacing parts of the plaintext letters maybe groups 90 00:04:25.040 --> 00:04:28.240 of letters with other symbols or letters. The classic Caesar 91 00:04:28.319 --> 00:04:31.240 cipher is a simple example, just shift every letter a 92 00:04:31.279 --> 00:04:32.839 fixed number of places. 93 00:04:32.519 --> 00:04:34.800 Right A becomes D, B becomes etc. 94 00:04:35.360 --> 00:04:40.319 Exactly. More complex ones like the Visioneer cipher use a keyword. 95 00:04:40.480 --> 00:04:43.240 That keyword tells you how much to shift each letter, 96 00:04:43.639 --> 00:04:46.199 making it harder to crack than a simple caesar. 97 00:04:46.560 --> 00:04:50.160 Okay, and transposition sounds like just shuffling things around, That's 98 00:04:50.199 --> 00:04:50.759 exactly it. 99 00:04:50.839 --> 00:04:53.720 Transposition ciphers just rearrange the order of the letters or 100 00:04:53.759 --> 00:04:56.959 other units in the plaintext. They don't change the letters themselves. 101 00:04:56.600 --> 00:04:58.120 Like making an anagram. 102 00:04:57.600 --> 00:04:59.519 Pretty much, yeah, shuffling the deck basically. 103 00:04:59.759 --> 00:05:02.759 Now, when we talk about how strong these are, unconditional 104 00:05:02.800 --> 00:05:05.839 security versus computational security, what's the difference? 105 00:05:05.920 --> 00:05:09.839 Right? Unconditional security is the gold standard. Theoretically, it means 106 00:05:10.000 --> 00:05:14.319 even an attacker with infinite computing power infinite time still 107 00:05:14.360 --> 00:05:16.920 couldn't figure out the original message just from the ciphertext. 108 00:05:17.160 --> 00:05:20.759 Why not because the ciphertext simply doesn't contain enough information. 109 00:05:21.600 --> 00:05:24.079 The only cipher known to achieve this is the one 110 00:05:24.079 --> 00:05:24.560 time pad. 111 00:05:24.759 --> 00:05:26.319 Ah, the famous one time pad. 112 00:05:26.519 --> 00:05:29.199 Yeah, but it needs a truly random key that's as 113 00:05:29.240 --> 00:05:31.680 long as the message itself, and you can only use it. 114 00:05:31.600 --> 00:05:34.759 Once, which is impractical. 115 00:05:34.240 --> 00:05:37.759 Very impractical. Generating and securely sharing those long keys is 116 00:05:37.800 --> 00:05:42.600 a nightmare. So most modern encryption aims for computational security instead, 117 00:05:43.120 --> 00:05:45.800 which means it means that, yeah, theoretically it might be 118 00:05:45.800 --> 00:05:48.480 possible to break the cipher, but the amount of computing 119 00:05:48.560 --> 00:05:52.720 power and time needed is just astronomical, so enormous that 120 00:05:52.800 --> 00:05:55.319 it's practically impossible in the real world, you know, within 121 00:05:55.360 --> 00:05:56.560 any reasonable timeframe. 122 00:05:56.680 --> 00:05:59.160 Okay, So the security relies on it being too hard 123 00:05:59.160 --> 00:06:00.319 to compute the answer. 124 00:06:00.319 --> 00:06:03.319 Exactly, the key length, the complexity of the algorithm, that's 125 00:06:03.360 --> 00:06:04.439 what provides the barrier. 126 00:06:05.319 --> 00:06:08.879 So that leads us to modern symmetric ciphers. Let's start 127 00:06:08.879 --> 00:06:14.720 with block ciphers and the famous data encryption standard DES OKAYDES. 128 00:06:15.079 --> 00:06:17.920 What's the main difference between a block cipher and say, 129 00:06:18.279 --> 00:06:22.839 stream cipher? Good question. Stream ciphers encrypted data bit by 130 00:06:22.879 --> 00:06:26.040 bit or bite by bite as it comes in. Block ciphers, though, 131 00:06:26.120 --> 00:06:29.480 operate on fixed sized chunks of plaintext. These chunks are 132 00:06:29.519 --> 00:06:30.079 called blocks. 133 00:06:30.319 --> 00:06:31.959 How big were the blocks for das? 134 00:06:32.000 --> 00:06:35.000 The EES used sixty four bit blocks, and it used 135 00:06:35.000 --> 00:06:37.759 a fifty six bit key. Each sixty four bit block 136 00:06:37.839 --> 00:06:39.360 is processed as a single unit. 137 00:06:40.000 --> 00:06:44.399 Our sources mentioned an ideal block cipher. What's that concept about? Ah? 138 00:06:44.519 --> 00:06:47.519 Yeah, Feistal's idea. Think of an ideal block cipher as 139 00:06:48.040 --> 00:06:50.759 like a perfect scrambler for blocks of a certain size. 140 00:06:51.000 --> 00:06:52.839 For an n bit block, there are two to the 141 00:06:52.959 --> 00:06:56.639 end possible inputs, right. An ideal cipher could map each 142 00:06:56.680 --> 00:06:58.199 of those inputs to any of the two to the 143 00:06:58.279 --> 00:07:00.800 m possible outputs in a totally and them looking but 144 00:07:00.879 --> 00:07:03.800 reversible way. It gives you the maximum possible number of 145 00:07:03.879 --> 00:07:05.000 encryption transformations. 146 00:07:05.079 --> 00:07:08.639 Okay. The theoretical maximum and DS uses something called the 147 00:07:08.680 --> 00:07:12.399 Feistyal cipher structure. Not quite ideal, but based on it exactly. 148 00:07:12.399 --> 00:07:14.600 The Fystyal structure is a really clever design used in 149 00:07:14.639 --> 00:07:16.480 many block ciphers des included. 150 00:07:16.519 --> 00:07:18.279 How does it work? Basically, you take the. 151 00:07:18.240 --> 00:07:21.040 Plaintext block, split it in half, then you run it 152 00:07:21.079 --> 00:07:23.879 through a series of rounds. In each round, a special 153 00:07:23.920 --> 00:07:26.680 function is applied to one half using a round key 154 00:07:26.759 --> 00:07:27.800 derived from the main key. 155 00:07:28.040 --> 00:07:28.480 Okay. 156 00:07:28.759 --> 00:07:31.920 The result of that function is then combined, usually just exored, 157 00:07:32.079 --> 00:07:35.319 with the other half. Then crucially, the two halves are swapped. 158 00:07:35.600 --> 00:07:36.759 Repeat for several rounds. 159 00:07:36.800 --> 00:07:38.199 And the clever part, the. 160 00:07:38.199 --> 00:07:40.439 Really neat thing, is the function itself doesn't have to 161 00:07:40.439 --> 00:07:43.519 be reversible for the whole encryption process to be reversible 162 00:07:44.160 --> 00:07:47.519 because of that swap and XR structure. Decryption just runs 163 00:07:47.480 --> 00:07:50.360 the process backward using the round keys in reverse order. 164 00:07:50.480 --> 00:07:54.000 Ah. Okay, So DES sixty four bit block, fifty six 165 00:07:54.040 --> 00:07:57.800 bit key, sixteen rounds of this feistyle process plus some 166 00:07:57.879 --> 00:07:59.079 shuffling at the start and end. 167 00:07:59.160 --> 00:08:01.920 That's the gist of it. Yeah, initial and final permutations. 168 00:08:02.160 --> 00:08:05.000 What were the main worries about DES security over time? 169 00:08:05.279 --> 00:08:07.319 The big one, really, the killer, was the fifty six 170 00:08:07.399 --> 00:08:10.240 big key size. It seemed okay back in the seventies 171 00:08:10.240 --> 00:08:11.519 when it was designed. 172 00:08:11.199 --> 00:08:13.439 But computing power caught up massively. 173 00:08:14.000 --> 00:08:17.519 The possibility of a brute force attack just trying every 174 00:08:17.560 --> 00:08:19.600 single one of the two hundred and fifty six possible 175 00:08:19.639 --> 00:08:23.279 keys became a very real threat. People started designing machines 176 00:08:23.279 --> 00:08:25.439 specifically to crack DES. 177 00:08:25.279 --> 00:08:26.319 And eventually they could. 178 00:08:26.480 --> 00:08:30.839 Yep, those concerns were validated. DES just wasn't strong enough anymore, 179 00:08:30.879 --> 00:08:32.919 which led to the need for replacement. 180 00:08:32.639 --> 00:08:35.679 Which brings us neatly to the Advanced Encryption Standard AES, 181 00:08:35.840 --> 00:08:38.919 the successor. How does AES differ from DES in terms 182 00:08:38.919 --> 00:08:40.480 of design? Security? 183 00:08:40.679 --> 00:08:43.679 As is quite different? Internally doesn't use that feistyle structure. 184 00:08:43.720 --> 00:08:45.639 It works on larger blocks under twenty eight. 185 00:08:45.600 --> 00:08:48.279 Bits, bigger blocks and bigger keys, much bigger keys. 186 00:08:48.320 --> 00:08:50.639 AES supports key lengths of one hundred and twenty eight, 187 00:08:50.720 --> 00:08:52.519 one hundred and ninety two or two hundred and fifty 188 00:08:52.519 --> 00:08:55.000 six bits. That makes it vastly more resistant to broot 189 00:08:55.039 --> 00:08:55.960 force attacks. 190 00:08:55.600 --> 00:08:59.039 Than des Okay, and internally, how does it process that 191 00:08:59.080 --> 00:09:01.080 one hundred and twenty eight It organizes the. 192 00:09:01.039 --> 00:09:03.080 One hundred and twenty eight bits into a four by 193 00:09:03.159 --> 00:09:06.120 four grid of bytes. This grid is called the state array. 194 00:09:06.320 --> 00:09:09.919 The encryption process involves transforming the state array over multiple rounds. 195 00:09:09.960 --> 00:09:12.639 And what are the main transformations in each as round? 196 00:09:12.639 --> 00:09:15.480 There are four main steps repeated in each round byte 197 00:09:15.480 --> 00:09:17.840 sub shift, rows, mixed columns, and ad. 198 00:09:17.720 --> 00:09:20.840 Round key Okay, break those down briefly, BIGHTE. 199 00:09:20.519 --> 00:09:24.159 Sub byte sub is a substitution step. Each byte in 200 00:09:24.240 --> 00:09:26.840 the state array is replaced by another byte according to 201 00:09:26.879 --> 00:09:31.080 a fixed lookup table called an s box. It provides nonlinearity. 202 00:09:31.240 --> 00:09:34.720 This rose shift rows cyclically shifts the bytes in each 203 00:09:34.840 --> 00:09:38.000 row of the state array. Row one shifts by one byte, 204 00:09:38.080 --> 00:09:40.600 row two by two, and so on. This helps spread 205 00:09:40.679 --> 00:09:42.000 changes across columns. 206 00:09:42.159 --> 00:09:44.039 Mixed columns sounds important. 207 00:09:44.240 --> 00:09:47.440 It is. It's a more complex mathematical step that mixes 208 00:09:47.440 --> 00:09:50.799 the bytes within each column of the state. Uses operations 209 00:09:50.799 --> 00:09:51.799 in a finite field. 210 00:09:51.960 --> 00:09:54.440 Finite field like that modular arithmetic we. 211 00:09:54.399 --> 00:09:57.639 Talked about sort of, Yeah, it's arithmetic with polynomials over 212 00:09:57.720 --> 00:10:00.480 GF twenty eight. The key point is that this step 213 00:10:00.519 --> 00:10:03.200 ensure is that changes in one byte quickly affect many 214 00:10:03.240 --> 00:10:06.720 other bytes in the block. It provides diffusion, okay, strong mixing. 215 00:10:06.879 --> 00:10:09.480 And the last step add round key ad ground key 216 00:10:09.519 --> 00:10:11.480 is simple. It just xo R is the current statea 217 00:10:11.559 --> 00:10:14.200 array with a round specific key that's derived from the 218 00:10:14.240 --> 00:10:16.919 main AES key. This is where the secret key actually 219 00:10:16.919 --> 00:10:17.639 gets mixed. 220 00:10:17.440 --> 00:10:20.559 Into the data you mentioned. Mixed columns uses finite field math. 221 00:10:20.639 --> 00:10:23.279 Can you give a slightly less mathy idea of what 222 00:10:23.320 --> 00:10:23.919 it achieves? 223 00:10:24.320 --> 00:10:27.360 Sure? Think of it like really thoroughly blending the ingredients 224 00:10:27.360 --> 00:10:30.639 in each column of that four by four grid. Mathematically, 225 00:10:30.879 --> 00:10:34.480 it involves treating each column like a polynomial and multiplying 226 00:10:34.559 --> 00:10:36.919 it by a fixed polynomial using special rules. 227 00:10:37.120 --> 00:10:37.279 Huh. 228 00:10:37.639 --> 00:10:40.240 The result is that every bite in the output column 229 00:10:40.240 --> 00:10:42.840 depends on all the bytes in the input column, great 230 00:10:42.879 --> 00:10:44.200 for scrambling things up quickly. 231 00:10:44.279 --> 00:10:46.799 And these round keys for ad round key. They come 232 00:10:46.840 --> 00:10:48.720 from the main key, Yes. 233 00:10:48.679 --> 00:10:52.759 Through a process called key expansion. The original one twenty eight, one, nine, 234 00:10:52.960 --> 00:10:55.320 two or two hundred and fifty six bit key is 235 00:10:55.360 --> 00:10:58.240 expanded into a whole schedule of round keys, one for 236 00:10:58.279 --> 00:10:59.639 each round plus an initial one. 237 00:10:59.799 --> 00:11:01.559 Is that expansion important for security too? 238 00:11:01.639 --> 00:11:04.639 Absolutely? It's designed so that every bit of the original 239 00:11:04.720 --> 00:11:08.200 key influences many bits of the round keys. This diffusion 240 00:11:08.559 --> 00:11:10.879 is vital. Change one bit in the main key and 241 00:11:10.919 --> 00:11:14.120 the round keys, and thus the encryption changed drastically. 242 00:11:14.240 --> 00:11:17.399 Okay, AES sounds much more robust. Now, how are block 243 00:11:17.440 --> 00:11:20.919 ciphers like AES actually used to encrypt say a large 244 00:11:20.919 --> 00:11:23.240 file that gets us into these modes of operation? Right? 245 00:11:23.440 --> 00:11:26.840 Exactly, a block cipher only encrypts one fixed size block 246 00:11:26.879 --> 00:11:30.120 at a time. Modes of operation define how you apply 247 00:11:30.200 --> 00:11:34.240 that block cipher repeatedly to handle data of any size. Right, 248 00:11:34.440 --> 00:11:38.120 and different modes have different characteristics, different security properties, different 249 00:11:38.120 --> 00:11:39.240 performance trade offs. 250 00:11:39.360 --> 00:11:42.320 Let's run through the main ones. Electronic Codebook mode ECB 251 00:11:43.200 --> 00:11:43.960 sounds basic. 252 00:11:44.279 --> 00:11:47.360 It is the simplest. You just chop the plaintext into 253 00:11:47.360 --> 00:11:51.320 blocks and encrypt each block independently using the same key. 254 00:11:51.480 --> 00:11:52.600 What's the problem with that? 255 00:11:52.919 --> 00:11:56.600 The huge weakness is that if you have identical plaintext blocks, 256 00:11:56.960 --> 00:12:00.000 they will always encrypt the exact same ciphertext block. 257 00:12:00.320 --> 00:12:02.200 So patterns remain visible totally. 258 00:12:02.320 --> 00:12:04.440 You often see it demonstrated with images. You can still 259 00:12:04.440 --> 00:12:08.039 make out the original image even after ECB encryption, because 260 00:12:08.080 --> 00:12:10.399 areas of the same color encrypt to the same pattern. 261 00:12:10.720 --> 00:12:12.039 Generally you avoid ECB. 262 00:12:12.360 --> 00:12:16.720 Okay, then there's cipher blockchaining CBC mode. How does that 263 00:12:16.759 --> 00:12:17.440 improve things? 264 00:12:17.639 --> 00:12:22.200 CBC introduces dependency between blocks. Before encrypting a plaintext block, 265 00:12:22.600 --> 00:12:24.519 you x R it with the ciphertext from. 266 00:12:24.360 --> 00:12:26.200 The previous block, caning them together. 267 00:12:26.039 --> 00:12:29.360 Exactly for the very first block. There's no previous cybertext, 268 00:12:29.559 --> 00:12:32.840 so you use a random starting value called an initialization 269 00:12:32.960 --> 00:12:33.639 vector or. 270 00:12:33.639 --> 00:12:35.759 Five, and that hides the patterns. 271 00:12:36.000 --> 00:12:39.840 Yes, because now each ciphertext block depends not just on 272 00:12:39.919 --> 00:12:43.159 its corresponding plaintext block, but on all the plaintext blocks 273 00:12:43.159 --> 00:12:47.960 before it. Repeating plaintext blocks won't produce repeating ciphertext blocks anymore, 274 00:12:48.039 --> 00:12:49.440 assuming you use a unique IV. 275 00:12:49.679 --> 00:12:54.919 Okay, what about cipher feedback CFB and output feedback OFB. 276 00:12:55.200 --> 00:12:57.159 They sound like they might be used for streaming data. 277 00:12:57.320 --> 00:12:59.639 You're right. They effectively turn a block cipher into a 278 00:12:59.679 --> 00:13:03.799 stream cipher. How In CFB, you encrypt the previous ciphertext block, 279 00:13:04.000 --> 00:13:06.840 then xor ru the result with the current plaintext block 280 00:13:06.960 --> 00:13:09.600 to get the current ciphertext. That ciphertext then feeds into 281 00:13:09.600 --> 00:13:12.879 the next step. Okay, ANDFB OFD is similar, but instead 282 00:13:12.879 --> 00:13:15.480 of feeding back the ciphertext, it feeds back the output 283 00:13:15.559 --> 00:13:18.919 of the block cipher encryption before the xor This generated 284 00:13:18.919 --> 00:13:22.159 the keystream independent of the plaintext. You then xr this 285 00:13:22.279 --> 00:13:23.799 keystream with the plaintext. 286 00:13:24.080 --> 00:13:26.279 So OFB generates a stream of key bits. 287 00:13:26.519 --> 00:13:28.480 Essentially, yes, like a stream cipher. 288 00:13:28.600 --> 00:13:31.159 Encounter mode CTR that seems popular. 289 00:13:31.360 --> 00:13:34.120 CTR mode is also like a stream cipher. It works 290 00:13:34.200 --> 00:13:36.960 by encrypting a counter value. This counter is unique for 291 00:13:37.039 --> 00:13:39.840 each block, usually combination of a nonce which is a 292 00:13:39.919 --> 00:13:41.279 number used only once per. 293 00:13:41.200 --> 00:13:43.240 Key, anance number use once got it. 294 00:13:43.200 --> 00:13:46.000 And an incrementing counter value. You encrypt this unique counter 295 00:13:46.120 --> 00:13:49.559 value and then xr the result with the plaintext block. 296 00:13:49.919 --> 00:13:53.600 What's the advantage of CTR A big one is parallelization. 297 00:13:54.240 --> 00:13:57.240 Since each block's encryption only depends on the counter, not 298 00:13:57.440 --> 00:14:02.320 previous blocks, you can encrypt or decrypt multiple blocks simultaneously 299 00:14:02.919 --> 00:14:03.879 speeds things up. 300 00:14:04.039 --> 00:14:06.240 But that nonce is critical. 301 00:14:05.919 --> 00:14:08.919 Absolute critical. You must never reuse the same nons counter 302 00:14:09.039 --> 00:14:12.360 value with the same key. If you do, you completely 303 00:14:12.360 --> 00:14:14.879 break the security for those blocks. It's like reusing a 304 00:14:14.919 --> 00:14:15.879 one time pad key. 305 00:14:16.039 --> 00:14:19.000 Okay, very important. We also saw something called format preserving 306 00:14:19.159 --> 00:14:21.320 encryption FPV. What's that about? 307 00:14:21.759 --> 00:14:24.240 FPE is a need idea. It encrypts data in such 308 00:14:24.240 --> 00:14:27.120 a way that the ciphertext has the exact same format 309 00:14:27.120 --> 00:14:30.159 as the original plaintext. So if you encrypt a sixteen 310 00:14:30.200 --> 00:14:34.000 digit credit card number using FPE, the output will also 311 00:14:34.000 --> 00:14:36.519 be a sixteen digit number. It won't be the original number, 312 00:14:36.759 --> 00:14:39.320 or even a valid card number, but it'll look like one. 313 00:14:39.399 --> 00:14:40.399 Why would you need that? 314 00:14:40.720 --> 00:14:44.600 It's really useful in legacy systems or databases where changing 315 00:14:44.639 --> 00:14:48.000 the data format is difficult or impossible. You can encrypt 316 00:14:48.039 --> 00:14:51.279 sensitive data like credit card numbers or social security numbers, 317 00:14:51.519 --> 00:14:54.240 but they still fit into the existing database fields or 318 00:14:54.320 --> 00:14:55.240 application inputs. 319 00:14:55.360 --> 00:14:56.679 How does it work? Generally? 320 00:14:56.879 --> 00:14:59.960 Algorithms like f F one, f F two, f FI 321 00:15:00.080 --> 00:15:03.879 three typically involve converting the plaintext to a number using 322 00:15:03.879 --> 00:15:06.759 a pseudorandom function, often based on AES and sort of 323 00:15:06.759 --> 00:15:10.759 feistle like structure and carefully using modular arithmetic to ensure 324 00:15:10.759 --> 00:15:13.440 the output number stays within the required range and format. 325 00:15:13.559 --> 00:15:19.000 Clever okay, Shifting gears now randomness crucial for keys ivs nonsays. 326 00:15:19.039 --> 00:15:22.519 We have true random number generators trngs and pseudorandom number 327 00:15:22.519 --> 00:15:24.440 generators pr g's big difference. 328 00:15:24.519 --> 00:15:27.720 The fundamental difference is the source. Trngs tap into physical 329 00:15:27.759 --> 00:15:31.879 processes that are inherently unpredictable. Think radioicive decay, thermal noise 330 00:15:31.919 --> 00:15:35.879 in circuits, atmospheric noise, things that are truly random by nature. 331 00:15:36.000 --> 00:15:39.679 Okay, real physical randomness and PRNGs pr. 332 00:15:39.559 --> 00:15:42.919 And g's are algorithms. They're deterministic. You give them a 333 00:15:42.960 --> 00:15:46.159 starting value called a seed, and they produce the sequence 334 00:15:46.200 --> 00:15:49.240 of numbers that looks random but is actually completely determined 335 00:15:49.279 --> 00:15:51.480 by the seed in the algorithm. If you know the seed, 336 00:15:51.559 --> 00:15:53.039 you can predict the entire sequence. 337 00:15:53.159 --> 00:15:56.639 So not truly random, but they aim for properties. 338 00:15:56.240 --> 00:16:00.759 Like randomness exactly. Good PRNGs produce sequences that pass statistical 339 00:16:00.799 --> 00:16:04.159 tests for randomness. They should have uniformity zeros and ones 340 00:16:04.279 --> 00:16:07.679 roughly equal independence. Knowing part of the sequence doesn't help 341 00:16:07.679 --> 00:16:11.240 predict the rest. Scalability generate long sequences. 342 00:16:11.159 --> 00:16:14.519 And for crypto, the key is unpredictability. 343 00:16:13.639 --> 00:16:19.759 Absolutely crucial. A cryptographically secure PRNG or csprng must be unpredictable. 344 00:16:20.000 --> 00:16:22.279 Even if an attacker sees a large chunk of the output, 345 00:16:22.519 --> 00:16:24.240 they shouldn't be able to figure out the next bit 346 00:16:24.519 --> 00:16:26.039 or work backward to find the seed. 347 00:16:26.200 --> 00:16:29.919 Okay, the sources mentioned. Linear congruental generators lcgs. 348 00:16:30.039 --> 00:16:32.799 Lcgs are a common simple type of PRNG. They use 349 00:16:32.840 --> 00:16:36.399 a formula like next number a precious number plus c 350 00:16:37.080 --> 00:16:41.320 mod m relatively simple yes, with carefully chosen values for 351 00:16:41.440 --> 00:16:45.759 AC and M, they can produce sequences with decent statistical 352 00:16:45.799 --> 00:16:50.360 properties for some applications like simulations. A famous example uses 353 00:16:50.399 --> 00:16:53.240 a one hundred and eight oh seven and m equals 354 00:16:53.279 --> 00:16:54.320 to thirty one one. 355 00:16:54.519 --> 00:16:56.240 But probably not good enough for crypto. 356 00:16:56.559 --> 00:17:00.360 Generally, no standard lcgs are too predictable. Their internal state 357 00:17:00.440 --> 00:17:03.240 is too simple. An attacker can often figure out the 358 00:17:03.240 --> 00:17:05.240 parameters and the seed relatively easily. 359 00:17:05.279 --> 00:17:07.680 So that's where cspr andngs come in. How are they built? 360 00:17:07.839 --> 00:17:12.400 Csprngs are designed specifically to resist prediction. They often use 361 00:17:12.440 --> 00:17:16.039 cryptographic primitives like block ciphers or hash functions as part 362 00:17:16.039 --> 00:17:20.640 of their mechanism, like the CTRDRBG mentioned exactly. Ctrdrbgs is 363 00:17:20.640 --> 00:17:24.680 a block cipher in countermode like ASCTR to generate the output. 364 00:17:24.880 --> 00:17:28.240 They also have mechanisms to periodically recede themselves or update 365 00:17:28.279 --> 00:17:31.000 their internal state based on new entropy, making them much 366 00:17:31.039 --> 00:17:32.240 harder to predict or break. 367 00:17:32.480 --> 00:17:35.000 And how does stream ciphers fit in with PRNGs. 368 00:17:35.079 --> 00:17:37.039 You can think of a stream cipher as essentially a 369 00:17:37.039 --> 00:17:40.359 CSPR and G combined with an xrr operation. The stream 370 00:17:40.400 --> 00:17:43.640 cipher uses a short secret key to see to CSPR 371 00:17:43.680 --> 00:17:47.319 and G. The CSPR and G then generates a long 372 00:17:47.400 --> 00:17:51.599 sequence of pseudorandom bits that's the keystream. This keystream is 373 00:17:51.599 --> 00:17:54.839 then xord with the plaintext bit by bit or byte 374 00:17:54.839 --> 00:17:57.240 by byte to produce the cipher text. 375 00:17:57.079 --> 00:17:59.119 Ah like a pseudorandom one time pad. 376 00:17:59.319 --> 00:18:01.799 That's a great way to put it. The security hinges 377 00:18:01.960 --> 00:18:06.279 entirely on the unpredictability of that keystream generated by the CSPRNG. 378 00:18:07.319 --> 00:18:12.200 Our sources also briefly mentioned nonlinear feedback shift registers nfsrs 379 00:18:12.599 --> 00:18:14.920 as another way to generate complex keystreams. 380 00:18:15.119 --> 00:18:18.240 We talked about trng's maybe being slow, Is that still true? 381 00:18:18.400 --> 00:18:22.400 Historically? Yes, generating true randomness from physical sources could be 382 00:18:22.480 --> 00:18:26.759 slower than algorithmic PRNGs, but hardware trgs have improved a lot. 383 00:18:26.960 --> 00:18:28.200 Like the Intel one mentioned. 384 00:18:28.279 --> 00:18:30.880 Yeah, the Intel Digital Random Number Generator is built into 385 00:18:30.920 --> 00:18:34.519 their processors. It uses onboard physical entropy sources to generate 386 00:18:34.599 --> 00:18:38.079 high quality random numbers very quickly. This makes trngs much 387 00:18:38.160 --> 00:18:40.480 more practical for things beyond just seating pr. 388 00:18:40.279 --> 00:18:42.839 And G's all right. That covers symmetric crypto and randomness. 389 00:18:42.839 --> 00:18:46.759 Now let's step into the other major paradigm, public key cryptography. 390 00:18:47.039 --> 00:18:48.119 Totally different approach, you. 391 00:18:48.039 --> 00:18:52.559 Said, completely different mindset. Yeah. Public key or asymmetric cryptography 392 00:18:53.079 --> 00:18:55.039 uses two keys, a key. 393 00:18:54.920 --> 00:18:56.799 Pair, two keys. How does that work. 394 00:18:57.000 --> 00:18:59.759 There's a public key which you can share freely with anyone, 395 00:19:00.000 --> 00:19:03.400 doesn't matter who sees it, and there's a corresponding private key, 396 00:19:03.680 --> 00:19:05.839 which you must keep absolutely secret. 397 00:19:05.920 --> 00:19:08.279 Okay, public and private What do they do? 398 00:19:09.000 --> 00:19:11.799 The public key is typically used for encryption and the 399 00:19:11.839 --> 00:19:15.039 private key is used for decryption, or, in the case 400 00:19:15.079 --> 00:19:17.839 of digital signatures, the private key is used to sign 401 00:19:18.319 --> 00:19:20.680