From 03370e6a55747c75822b45a7cd33990e3a21f2f6 Mon Sep 17 00:00:00 2001 From: Sungchan Yi Date: Mon, 26 Feb 2024 23:41:04 +0900 Subject: [PATCH] fix: remove # after image links --- .../Internet Security/2023-09-10-security-intro.md | 2 +- .../2023-09-18-symmetric-key-cryptography-2.md | 12 ++++++------ .../Internet Security/2023-10-16-pki.md | 2 +- .../Internet Security/2023-10-18-tls.md | 2 +- .../2023-09-07-otp-stream-cipher-prgs.md | 4 ++-- .../2023-09-19-symmetric-key-encryption.md | 6 +++--- ...23-09-26-cca-security-authenticated-encryption.md | 4 ++-- .../Modern Cryptography/2023-09-28-hash-functions.md | 6 +++--- .../Modern Cryptography/2023-10-03-key-exchange.md | 6 +++--- 9 files changed, 22 insertions(+), 22 deletions(-) diff --git a/_posts/Lecture Notes/Internet Security/2023-09-10-security-intro.md b/_posts/Lecture Notes/Internet Security/2023-09-10-security-intro.md index a972483..bd94efd 100644 --- a/_posts/Lecture Notes/Internet Security/2023-09-10-security-intro.md +++ b/_posts/Lecture Notes/Internet Security/2023-09-10-security-intro.md @@ -155,7 +155,7 @@ There are many ways of achieving security. ### Basics of a Cryptosystem -![is-01-cryptosystem.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-01-cryptosystem.png#) +![is-01-cryptosystem.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-01-cryptosystem.png) - A **message** in *plaintext* is given to an **encryption algorithm**. - The encryption algorithm uses an **encryption key** to create a *ciphertext*. diff --git a/_posts/Lecture Notes/Internet Security/2023-09-18-symmetric-key-cryptography-2.md b/_posts/Lecture Notes/Internet Security/2023-09-18-symmetric-key-cryptography-2.md index aa58061..4d93a64 100644 --- a/_posts/Lecture Notes/Internet Security/2023-09-18-symmetric-key-cryptography-2.md +++ b/_posts/Lecture Notes/Internet Security/2023-09-18-symmetric-key-cryptography-2.md @@ -63,7 +63,7 @@ $$ #### The Feistel Function -![is-03-feistel-function.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-03-feistel-function.png#) +![is-03-feistel-function.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-03-feistel-function.png) The Feistel function takes $32$ bit data and divides it into eight $4$ bit chunks. Each chunk is expanded to $6$ bits using a P-box. Now, we have 48 bits of data, so apply XOR with the key for this round. Next, each $6$-bit block is compressed back to $4$ bits using a S-box. Finally, there is a (straight) permutation at the end, resulting in $32$ bit data. @@ -179,7 +179,7 @@ AES, DES use fixed block size for encryption. How do we encrypt longer messages? ### Electronic Codebook Mode (ECB) -![is-03-ecb-encryption.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-03-ecb-encryption.png#) +![is-03-ecb-encryption.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-03-ecb-encryption.png) - Codebook is a mapping table. - For the $i$-th plaintext block, we use key $k$ to encrypt and obtain the $i$-th ciphertext block. @@ -198,7 +198,7 @@ Since the same key is used for all blocks, once a mapping from plaintext to ciph ### Cipher Block Chaining Mode (CBC) -![is-03-cbc-encryption.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-03-cbc-encryption.png#) +![is-03-cbc-encryption.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-03-cbc-encryption.png) - Two identical messages produce to different ciphertexts. - This prevents chosen plaintext attacks @@ -248,7 +248,7 @@ Since the same key is used for all blocks, once a mapping from plaintext to ciph ### Cipher Feedback Mode (CFB) -![is-03-cfb-encryption.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-03-cfb-encryption.png#) +![is-03-cfb-encryption.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-03-cfb-encryption.png) - The message is treated as a stream of bits; similar to stream cipher - **Result of the encryption is fed to the next stage.** @@ -283,7 +283,7 @@ Since the same key is used for all blocks, once a mapping from plaintext to ciph ### Output Feedback Mode (OFB) -![is-03-ofb-encryption.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-03-ofb-encryption.png#) +![is-03-ofb-encryption.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-03-ofb-encryption.png) - Very similar to stream cipher. - Initialization vector is used as a seed to generate the key stream. @@ -316,7 +316,7 @@ Since the same key is used for all blocks, once a mapping from plaintext to ciph ### Counter Mode (CTR) -![is-03-ctr-encryption.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-03-ctr-encryption.png#) +![is-03-ctr-encryption.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-03-ctr-encryption.png) - Without chaining, we use a counter (typically incremented by $1$). - Counter starts from the initialization vector. diff --git a/_posts/Lecture Notes/Internet Security/2023-10-16-pki.md b/_posts/Lecture Notes/Internet Security/2023-10-16-pki.md index 2730a14..ceaa43f 100644 --- a/_posts/Lecture Notes/Internet Security/2023-10-16-pki.md +++ b/_posts/Lecture Notes/Internet Security/2023-10-16-pki.md @@ -83,7 +83,7 @@ We have a root CA at the top. Then there are issuing CAs below. We usually reque ### Certificate Validation -![is-08-certificate-validation.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-08-certificate-validation.png#)[^1] +![is-08-certificate-validation.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-08-certificate-validation.png)[^1] Since we have a hierarchy of CAs, certificate validation must also follow the hierarchy. When we receive a certificate, it is highly likely to be signed by an non-root CA. diff --git a/_posts/Lecture Notes/Internet Security/2023-10-18-tls.md b/_posts/Lecture Notes/Internet Security/2023-10-18-tls.md index 8aa026e..0aff07b 100644 --- a/_posts/Lecture Notes/Internet Security/2023-10-18-tls.md +++ b/_posts/Lecture Notes/Internet Security/2023-10-18-tls.md @@ -146,7 +146,7 @@ Here's how the client and the server establishes a connection using the TLS hand > 3. Use the server's public key to share a secret. > 4. Both parties generate a symmetric key from the shared secret. -![is-09-tls-handshake.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-09-tls-handshake.png#)[^1] +![is-09-tls-handshake.png](/assets/img/posts/Lecture%20Notes/Internet%20Security/is-09-tls-handshake.png)[^1] - `ServerKeyExchange`, `ClientKeyExchange` is optional. Used sometimes if Diffie-Hellman is used. - The actual messages and process differ for each protocol and ciphers used. diff --git a/_posts/Lecture Notes/Modern Cryptography/2023-09-07-otp-stream-cipher-prgs.md b/_posts/Lecture Notes/Modern Cryptography/2023-09-07-otp-stream-cipher-prgs.md index c329fb8..d491d9b 100644 --- a/_posts/Lecture Notes/Modern Cryptography/2023-09-07-otp-stream-cipher-prgs.md +++ b/_posts/Lecture Notes/Modern Cryptography/2023-09-07-otp-stream-cipher-prgs.md @@ -292,7 +292,7 @@ We can deduce that if a PRG is predictable, then it is insecure. *Proof*. Let $\mathcal{A}$ be an efficient adversary (next bit predictor) that predicts $G$. Suppose that $i$ is the index chosen by $\mathcal{A}$. With $\mathcal{A}$, we construct a statistical test $\mathcal{B}$ such that $\mathrm{Adv}_\mathrm{PRG}[\mathcal{B}, G]$ is non-negligible. -![mc-01-prg-game.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-01-prg-game.png#) +![mc-01-prg-game.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-01-prg-game.png) 1. The challenger PRG will send a bit string $x$ to $\mathcal{B}$. - In experiment $0$, PRG gives pseudorandom string $G(k)$. @@ -318,7 +318,7 @@ The theorem implies that if next bit predictors cannot distinguish $G$ from true To motivate the definition of semantic security, we consider a **security game framework** (attack game) between a **challenger** (ex. the creator of some cryptographic scheme) and an **adversary** $\mathcal{A}$ (ex. attacker of the scheme). -![mc-01-ss.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-01-ss.png#) +![mc-01-ss.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-01-ss.png) > **Definition.** Let $\mathcal{E} = (G, E, D)$ be a cipher defined over $(\mathcal{K}, \mathcal{M}, \mathcal{C})$. For a given adversary $\mathcal{A}$, we define two experiments $0$ and $1$. For $b \in \lbrace 0, 1 \rbrace$, define experiment $b$ as follows: > diff --git a/_posts/Lecture Notes/Modern Cryptography/2023-09-19-symmetric-key-encryption.md b/_posts/Lecture Notes/Modern Cryptography/2023-09-19-symmetric-key-encryption.md index a0aa812..810a0ad 100644 --- a/_posts/Lecture Notes/Modern Cryptography/2023-09-19-symmetric-key-encryption.md +++ b/_posts/Lecture Notes/Modern Cryptography/2023-09-19-symmetric-key-encryption.md @@ -131,7 +131,7 @@ Additional explanation available in [Modes of Operations (Internet Security)](.. ### Electronic Codebook Mode (ECB) -![is-03-ecb-encryption.png](/assets/img/posts/is-03-ecb-encryption.png#) +![is-03-ecb-encryption.png](/assets/img/posts/is-03-ecb-encryption.png) - ECB mode encrypts each block with the same key. - Blocks are independent of each other. @@ -139,7 +139,7 @@ Additional explanation available in [Modes of Operations (Internet Security)](.. ### Ciphertext Block Chain Mode (CBC) -![is-03-cbc-encryption.png](/assets/img/posts/is-03-cbc-encryption.png#) +![is-03-cbc-encryption.png](/assets/img/posts/is-03-cbc-encryption.png) Let $X = \left\lbrace 0, 1 \right\rbrace^n$ and $E : \mathcal{K} \times X \rightarrow X$ be a **PRP**. @@ -190,7 +190,7 @@ Note that if $k_1$ is the same as the key used for encrypting messages, then thi ### Counter Mode (CTR) -![is-03-ctr-encryption.png](/assets/img/posts/is-03-ctr-encryption.png#) +![is-03-ctr-encryption.png](/assets/img/posts/is-03-ctr-encryption.png) Let $F : \mathcal{K} \times X \rightarrow X$ be a secure **PRF**. diff --git a/_posts/Lecture Notes/Modern Cryptography/2023-09-26-cca-security-authenticated-encryption.md b/_posts/Lecture Notes/Modern Cryptography/2023-09-26-cca-security-authenticated-encryption.md index 29418d8..9fb5b1d 100644 --- a/_posts/Lecture Notes/Modern Cryptography/2023-09-26-cca-security-authenticated-encryption.md +++ b/_posts/Lecture Notes/Modern Cryptography/2023-09-26-cca-security-authenticated-encryption.md @@ -83,7 +83,7 @@ The attacker shouldn't be able to create a new ciphertext that decrypts properly In this case, we fix the decryption algorithm so that $D : \mathcal{K} \times \mathcal{C} \rightarrow \mathcal{M} \cup \left\lbrace \bot \right\rbrace$, where $\bot$ means that the ciphertext was rejected. -![mc-05-ci.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-05-ci.png#) +![mc-05-ci.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-05-ci.png) > **Definition.** Let $\mathcal{E} = (E, D)$ be a cipher defined over $(\mathcal{K}, \mathcal{M}, \mathcal{C})$. Given an adversary $\mathcal{A}$, the security game goes as follows. > @@ -138,7 +138,7 @@ Most natural constructions of CCA secure schemes satisfy AE, so we don't need to We want to combine CPA secure scheme and strongly secure MAC to get AE. Rather than focusing on the internal structure of the scheme, we want a general method to compose these two secure schemes so that we can get a AE secure scheme. We will see 3 examples. -![mc-05-etm-mte.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-05-etm-mte.png#) +![mc-05-etm-mte.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-05-etm-mte.png) ### Encrypt-and-MAC (E&M) diff --git a/_posts/Lecture Notes/Modern Cryptography/2023-09-28-hash-functions.md b/_posts/Lecture Notes/Modern Cryptography/2023-09-28-hash-functions.md index ba9a67b..7e16602 100644 --- a/_posts/Lecture Notes/Modern Cryptography/2023-09-28-hash-functions.md +++ b/_posts/Lecture Notes/Modern Cryptography/2023-09-28-hash-functions.md @@ -106,7 +106,7 @@ Now we want to construct collision resistant hash functions that work for arbitr The Merkle-Damgård transform gives as a way to extend our input domain of the hash function by iterating the function. -![mc-06-merkle-damgard.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-merkle-damgard.png#) +![mc-06-merkle-damgard.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-merkle-damgard.png) > **Definition.** Let $h : \left\lbrace 0, 1 \right\rbrace^n \times \left\lbrace 0, 1 \right\rbrace^l \rightarrow \left\lbrace 0, 1 \right\rbrace^n$ be a hash function. The **Merkle-Damgård function derived from $h$** is a function $H$ that works as follows. > @@ -151,7 +151,7 @@ Now we only have to build a collision resistant compression function. We can bui Number theoretic primitives will be shown after we learn some number theory.[^3] An example is shown in [collision resistance using DL problem (Modern Cryptography)](../2023-10-03-key-exchange#collision-resistance-based-on-dl-problem). -![mc-06-davies-meyer.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-davies-meyer.png#) +![mc-06-davies-meyer.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-davies-meyer.png) > **Definition.** Let $\mathcal{E} = (E, D)$ be a block cipher over $(\mathcal{K}, X, X)$ where $X = \left\lbrace 0, 1 \right\rbrace^n$. The **Davies-Meyer compression function derived from $E$** maps inputs in $X \times \mathcal{K}$ to outputs in $X$, defined as follows. > @@ -216,7 +216,7 @@ This can be thought of as blocking the length extension attack from prepending t ### HMAC -![mc-06-hmac.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-hmac.png#) +![mc-06-hmac.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-06-hmac.png) This is a variant of the two-key nest, but the difference is that the keys $k_1', k_2'$ are not independent. Choose a key $k \leftarrow \mathcal{K}$, and set diff --git a/_posts/Lecture Notes/Modern Cryptography/2023-10-03-key-exchange.md b/_posts/Lecture Notes/Modern Cryptography/2023-10-03-key-exchange.md index af5fc21..bc257c9 100644 --- a/_posts/Lecture Notes/Modern Cryptography/2023-10-03-key-exchange.md +++ b/_posts/Lecture Notes/Modern Cryptography/2023-10-03-key-exchange.md @@ -74,7 +74,7 @@ $$ We assume that the description of $p$, $q$ and $g$ are generated at the setup and shared by all parties. Now the actual protocol goes like this. -![mc-07-dhke.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-07-dhke.png#) +![mc-07-dhke.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-07-dhke.png) > 1. Alice chooses $\alpha \leftarrow \mathbb{Z}_q$ and computes $g^\alpha$. > 2. Bob chooses $\beta \leftarrow \mathbb{Z}_q$ and computes $g^\beta$. @@ -189,7 +189,7 @@ Taking $\mathcal{O}(N)$ steps is impractical in the real world, due to many comm We assumed that the adversary only eavesdrops, but if the adversary carries out active attacks, then DHKE is not enough. The major problem is the lack of **authentication**. Alice and Bob are exchanging keys, but they both cannot be sure that there are in fact communicating with the other. An attacker can intercept messages and impersonate Alice or Bob. This attack is called a **man in the middle attack**, and this attack works on any key exchange protocol that lacks authentication. -![mc-07-dhke-mitm.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-07-dhke-mitm.png#) +![mc-07-dhke-mitm.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-07-dhke-mitm.png) The adversary will impersonate Bob when communicating with Alice, and will do the same for Bob by pretending to be Alice. The values of $\alpha, \beta$ that Alice and Bob chose are not leaked, but the adversary can decrypt anything in the middle and obtain the plaintext. @@ -211,7 +211,7 @@ Before Diffie-Hellman, Merkle proposed an idea for secure key exchange protocol The idea was to use *puzzles*, which are problems that can be solved with some effort. -![mc-07-merkle-puzzles.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-07-merkle-puzzles.png#) +![mc-07-merkle-puzzles.png](/assets/img/posts/Lecture%20Notes/Modern%20Cryptography/mc-07-merkle-puzzles.png) > Let $\mathcal{E} = (E, D)$ be a block cipher defined over $(\mathcal{K}, \mathcal{M})$. > 1. Alice chooses random pairs $(k_i, s_i) \leftarrow \mathcal{K} \times \mathcal{M}$ for $i = 1, \dots, L$.