Michael's Wiki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
cryptography_for_dummies [2020/05/05 20:05]
statueofmike
cryptography_for_dummies [2018/02/06 11:57] (current)
Line 1: Line 1:
 +A lot of my coworkers are feeling pressure from "blockchain" hype. Before throwing a blockchain at a problem, let's review some cryptography basics. There's a good chance a simpler cryptography technique will be more appropriate for whatever application someone wants to hit with the blockchain-hammer.
  
 +From building-blocks to blockchain:
 +
 +  - Cryptographic Hashing
 +  - Symmetric Key
 +  - Public/Private Key
 +  - Blockchain
 +
 +==== Architecting With Crypto ====
 +
 +"Encryption is something you go around, not through"
 +-I forgot who said this but it's true 
 +(common avenues: [[http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?hp&_r=0&pagewanted=all|implementation backdoors]], [[https://en.wikipedia.org/wiki/Category:Broken_cryptography_algorithms|broken algorithms]])
 +
 +
 +First consider when NOT to use cryptography.
 +It's like Black Panther's suit:
 +
 +{{ :vibranium-yes.png?nolink&400 |}}
 +
 +It will stop bullets, but it doesn't make you invincible on its own.
 +
 +{{ :vibranium-no.png?nolink&400 |}}
 +
 +Always keep in mind: 
 +  * what is encrypted?
 +  * where are the keys?
 +    * (what are scope limits)
 +  * is usability practical?
 +    * if someone is going to put a vital password on a post-it in the break room, reconsider
 +
 +This is where catastrophic problems usually come from. People get tunnel-vision on the encryption methods and forget to consider the context and environment it's playing around in. 
 +
 +==== Crypto Techniques ====
 +So before jumping into blockchain, consider:
 +
 +=== Cryptographic Hashing ===
 +
 +[[https://simple.wikipedia.org/wiki/Cryptographic_hash_function|{{ :cryptographic_hash_function.png?400 |}}]]
 +
 +The basic building block of encryption. A cryptographic hash is considered "cryptographically secure", which means it is mathematically-really-hard to invert the function. You effectively can't brute-force or guess what input created the output.
 +
 +https://docs.google.com/drawings/d/1I9f3xdHzMs_PfxZWLE8J6LU-6yexycUbeCPGzKRj4hw
 +
 +Cryptographic hashing is also quite versatile. This makes it such a powerful tool.
 +
 +=== Symmetric-Key Methods ===
 +
 +Closest to what we typically think of as "passwords". [[https://en.wikipedia.org/wiki/Symmetric-key_algorithm|Symmetric-key methods]] use a shared secret (a.k.a. "cipher") to encrypt and decrypt data back and forth **symmetrically**. They're relatively cheap on computing resources.
 +
 +Examples:
 +  * password in your ZIP archive file
 +  * user account password used to encrypt the partition or files in your PC/Mac
 +  * keychain "master" passwords, used to store other passwords in an encrypted format
 +
 +
 +=== Public-Key Methods ===
 +
 +A pair of hashing functions R and U are created together. R is "pRivate" and U is "pUblic".
 +They behave in a way that U can verify if some output came from R.
 +
 +$$ R(x) \rightarrow y $$
 +$$ U(\{Y\}) \rightarrow \text{something sane} $$
 +$$ U(\neg \{Y\}) \rightarrow \text{error} $$
 +
 +Common technology used is [[https://en.wikipedia.org/wiki/RSA_(cryptosystem)|RSA]]. Used in e.g. [[https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server|SSH]] and Secure Signing.
 +
 +== Secure signing - Adobe PDF example ==
 +  * R is the "signature" file you create in Acrobat and save to your local computer for future use.
 +  * y is the "signature" left on a PDF you send to someone else.
 +  * U is built or saved in Adobe Acrobat that others use to verify the signature.
 +
 +
 +
 +=== Blockchains ===
 +https://docs.google.com/drawings/d/1RW0rDd5BEQ24e4lQdmxn8bm8dyhhoLROwLIazTCCUb4
 +
 +
 +A blockchain combines a cryptographic hash chain with distributed data storage. Most blockchain issues reduce to distributed storage problems parity and replication efficiency.
 +
 +Recall that cryptographic hash functions can take variable input and produce a fixed-length hash. Each "block" contains a previous block's hash and data, which are all used to compute that block's hash. This is shared across a distributed data storage network. 
 +
 +Replication methods are required to manage data parity across the network (see bittorrent or database clusters for other replication examples).
 +
 +==Benefits==
 +  * auditable
 +  * cryptographically secured by conjugate hashing
 +  * interference requires compromising enough of the network to sway consensus of the replication method
 +
 +{{gdraw>1iZawUscaB8DHnm9qOWMYCjVrGm81IaESTOigAyRPXg0 width=455 title="test title" center}}
 +
 +
 +==== Recommended Reading ====
 +
 +  * Blockchain
 +    * [[http://graphics.reuters.com/TECHNOLOGY-BLOCKCHAIN/010070P11GN/index.html | Reuters Blockchain Guide]]
 +    * [[http://book.mixu.net/distsys/replication.html|The Replication Problem of Distributed Systems]]
 +  * [[https://simple.wikipedia.org/wiki/Cryptographic_hash_function|Hashing]]
 +  * [[https://simple.wikipedia.org/wiki/Symmetric-key_algorithm|Symmetric-Key Methods]]
 +  * Paired-Key Encryption
 +    * [[http://aplawrence.com/Basics/gpg.html|Quick-start blog]]
 +    * [[http://www.gnupg.org/gph/en/manual.html|GPG Documentation]]