Skip to main content

Cryptography and the Intelligence Community The Future of Encryption (2022) / Chapter Skim
Currently Skimming:

2 Introduction to Encryption
Pages 16-34

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 16...
... Further cryptographic techniques in common use can be used to ensure the integrity or authenticity of data. Private-Key Encryption The simplest form of encryption is called private-key encryption or symmetric encryption.4 To keep information (called plaintext)
Read the entire page →
From page 17...
... or encryption (to tamper with the data) , so implementations use passwords, security hardware, or other measures to help protect keys.9,10,11 Public-Key Encryption and Key Distribution With private-key or symmetric encryption, the encryption and decryption keys are the same, but with public-key or asymmetric encryption,12,13 they are different and knowing the encryption key does not enable decryption.
Read the entire page →
From page 18...
... (Public-key encryption is much slower than symmetric encryption, so it is ordinarily used only to exchange private keys, and symmetric algorithms are used to protect the actual message data.14) In 1976, Diffie and Hellman published a paper in the open literature that built on Merkle's concept of public key cryptography15 and introduced the technique for key agreement that is now known as Diffie-Hellman key exchange.16 This algorithm is still used today in the form originally published, as well as a variant using elliptic curves (see below)
Read the entire page →
From page 19...
... , which is often used for virtual private networks (VPNs) , is for both parties to perform a public key-based key exchange so that both sides agree on a shared secret to use for authentication and symmetric encryption.19,20 Digital Signatures Digital signature schemes use mathematical techniques similar to those used in public-key encryption schemes, but with the specific purpose of authenticating data.21 A digital signature scheme allows anyone in possession of the public verification key to verify a digital signature of a message, but only someone in possession of the matching private signing key can sign the message.
Read the entire page →
From page 20...
... Applying a hash function to the message first means that the digital signature algorithm can be applied to the much shorter hash value. Hash functions have many other common uses, including being used to verify file integrity and to construct blockchains for cryptocurrencies.31 User Authentication The above cryptographic tools can help secure protocols for user authentication and minimize information exposure if the system is compromised.
Read the entire page →
From page 21...
... They use the selected public key algorithm, typically elliptic curve Diffie-Hellman or RSA, to establish a set of shared symmetric keys. As used for typical web traffic, the server also supplies a certificate that specifies the server's public key and domain name so that a server authorized for "example.
Read the entire page →
From page 22...
... that take as input an unpredictable starting string of bits (called a "seed") and produce a much larger "random-looking" sequence of bits that cannot be distinguished from truly random bits without knowing the seed.32,33 These algorithms are a fundamental building block for modern cryptography, and many constructions use symmetric ciphers, hash functions, or asymmetric ciphers as building blocks.34 Box 2.2 defines blockchain and how it relates to cryptocurrencies.
Read the entire page →
From page 23...
... For example, in World War II, the Army Signals Intelligence Service was able to break the Japanese cipher code referred to as Purple by analyzing encrypted messages.35 Modern ciphers are expected to withstand such attacks. Trust in cryptographic algorithms is built over time by community consensus about which algorithms resist all known cryptanalytic attacks.
Read the entire page →
From page 24...
... and accepted the recommendations of the review.44 The recommendations included increasing the openness and transparency of NIST's processes for developing cryptographic standards, increasing NIST's independent cryptographic capabilities, and clarifying the relationship between NIST and NSA with regard to the development of cryptographic standards. However, this incident led to lingering concerns about other NIST standards, particularly those related to elliptic curve cryptography.
Read the entire page →
From page 25...
... In contrast, the known methods for constructing efficient public-key encryption and digital signature algorithms take advantage of sophisticated mathematical structures to enable the proper functioning of public-key cryptography. These mathematical operations make public-key encryption less efficient than the symmetric algorithms in common use (and thus make public-key encryption usable for key distribution but inefficient for protecting large messages)
Read the entire page →
From page 26...
... FINDING 2.1: Stateful digital signatures based on hash functions are practical today and will remain secure even if large-scale quantum computers are practical or if new number theoretic attacks are developed that 50  L.K. Grover, 1996, "A Fast Quantum Mechanical Algorithm for Database Search," Proceedings of the Twenty-Eighth Annual ACM Sym posium on Theory of Computing -- STOC ‘96, https://doi.org/10.1145/237814.237866.
Read the entire page →
From page 27...
... While their wide application would pose some difficulties for system implementers, they would provide a viable digital signature option for some use cases in the event that a cryptanalytic breakthrough rendered other digital signature algorithms vulnerable. The NIST effort has strong support from the international cryptographic community and the recommendations that will be published soon are expected to be widely implemented.
Read the entire page →
From page 28...
... Twenty years later, in 2016, researchers found that hundreds of major websites were vulnerable58 because they still supported SSL 2.0 and used the same RSA private key with SSL 2.0 and newer versions.59 NIST and other organizations are well aware of the challenges posed by algorithm transitions in general, and by the complexity of the anticipated transition to post-quantum encryption algorithms. The Department of Homeland Security has collaborated with NIST on the development of a roadmap for the transition to post-quantum encryption and some private sector organizations have also begun to create and document plans and strategies for managing the transition.60,61 The Future Threat to Collected Encrypted Data When organizations deploy encryption to protect data at rest or in transit, they expect the encryption to protect their data against an adversary that has access to the ciphertext.
Read the entire page →
From page 29...
... that the Prover knows some fact without revealing the fact to the Verifier.63,64,65 Zero knowledge is used in cryptocurrency applications to hide the public keys of transaction participants (Zcash) .66,67 More recently, zero knowledge proofs have been used as the basis of post-quantum digital signature algorithms (NIST-Picnic)
Read the entire page →
From page 30...
... For example, when Microsoft's disk encryption feature (BitLocker) protects data at rest or protocols like TLS/SSL protect data in transit, the main cryptographic objective is to ensure that encrypted data cannot be used unless it has been decrypted.
Read the entire page →
From page 31...
... Such techniques could allow organizations to gain intelligence across siloed datastores that cannot be joined.84,85,86,87,88,89 In theory, entirely untrusted cloud computers could perform general-purpose calculations without ever being able to see the underlying data. FHE allows a computer to perform computations on encrypted data generating encrypted answers; the answers are available only to an entity that has the decryption key.
Read the entire page →
From page 32...
... Trieu, 2021, "Compact and Malicious Private Set Intersection for Small Sets," pp. 1166–1181 in Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security.
Read the entire page →
From page 33...
... that could be executed by a third party without revealing any information about the program's execution (e.g., the value of the key used to decrypt) beyond the result.119 Engineering Alternatives to Cryptography's Limitations For many real-world data security problems, there are no purely cryptographic solutions, or the available cryptographic algorithms do not meet real-world efficiency constraints.
Read the entire page →
From page 34...
... Mishra, 2021, Quantum key distribution secured optical networks: A survey, IEEE Open Journal of the Communications Society 2:2049–2083, http://doi.org/10.1109/OJCOMS.2021.3106659. 121  NSA, 2021, "Quantum Computing and Post-Quantum Cryptography," PP-21-1120, August, https://media.defense.gov/2021/Aug/04/ 2002821837/-1/-1/1/Quantum_FAQs_20210804.PDF.
Read the entire page →

Key Terms

  • quantum computers
  • digital signature
  • intelligence community
  • encrypted data
  • accessed october

  • key distribution
  • cryptographic algorithms
  • symmetric encryption
  • digital signatures
  • hash functions

  • elliptic curve
  • zero knowledge
  • signature algorithms
  • lecture notes
  • quantum computer

  • homomorphic encryption
  • private set
  • private key
  • symmetric key
  • decryption key

  • key exchange
  • cryptographic standards
  • encryption algorithms
  • graduate course
  • quantum key

  • classical computer
  • private information
  • mathematical structure
  • information retrieval
  • set intersection


    • This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
    More information on Chapter Skim is available.