CRYPTO PRIMITIVESDefinition. System directories.

CONTENTS

1. Descryption
2. Rationale
3. Combining cryptographic primitives
4. Commonly used primitives

DESCRYPTION

Cryptographic primitives are the basic building blocks of protocols and systems guaranteeing the protection of digital data.

A security protocol is a set of steps taken to achieve the required security goals by utilizing appropriate security mechanisms. Various types of security protocols are in use, such as authentication protocols, non-repudiation protocols, and key management protocols.

Cryptographic primitives are designed to do one very specific task in a precisely defined and highly reliable fashion.

RATIONALE

Since cryptographic primitives are used as building blocks, they must be very reliable, i.e. perform according to their specification.

For example, if the documentation states that a cryptographic primitive can be broken with N number of operations, but it is possible to break it with N-1 operations, then that cryptographic primitive is considered discredited.

If a cryptographic primitive is found to be discredited, almost any protocol that uses it is considered insufficiently reliable to ensure secure protection of critical information.

Since creating cryptographic routines is very hard, and testing them to be reliable takes a long time, it is essentially never sensible (nor secure) to design a new cryptographic primitive to suit the needs of a new cryptographic system. The reasons include:

• The knowledge of the developer related to the mathematical and technical theoretical models used in cryptography is not at the required level.


• Designing a new cryptographic primitive is very time-consuming and very error-prone, even for experts in this field.

The crypto algorithms, which are the theoretical basis on which the individual primitives are designed, must be analyzed in detail. Although they might appear to be extremely reliable, it is possible for an error to occur as a result of incorrect engineering.

Regardless of all theoretical and experimental checks, at the moment there is no methodology guaranteeing the security of the protective mechanisms. The only solution that has proven its effectiveness is the correct combination of the crypto primitives used.

Note: Cryptographic primitives are similar in some ways to programming languages. A computer programmer rarely invents a new programming language while writing a new program; instead, they will use one of the already established programming languages to program in.

COMBINING CRYPTOGRAPHIC PRIMITIVES

Cryptographic primitives, on their own, are quite limited. They cannot be considered, properly, to be a cryptographic system.

For instance, a bare encryption algorithm will provide no authentication mechanism, nor any explicit data integrity checking.

Only when combined in security protocols, can more than one security requirement be addressed.

For example, to transmit a message that is not only encoded but also editing protected (i.e. it is confidential and integrity-protected), an encoding primitive, such as DES, and a hash-routine such as SHA-1 can be used in combination.

If the unauthorized user does not know the encryption key, they can not modify the digital data such that data digest value(s) would be valid.

Combining cryptographic primitives to make a security protocol is itself an entire specialization.

Most exploitable errors (i.e., insecurities in crypto systems) are due not to design errors in the primitives (assuming always that they were chosen with care), but to the way they are used, i.e. bad protocol design and buggy or not careful enough implementation.
There are some basic properties that can be verified with automated methods, such as BAN logic. There are even methods for full verification (e.g. the SPI calculus) but they are extremely cumbersome and cannot be automated.

Protocol design is an art requiring deep knowledge and much practice, even then mistakes are common.

In FDM, there is a wide variety of functions whose task is detailed analysis of encryption processes.

This guarantees the extremely high security of the system and minimizes the probability of an error resulting from an incorrect combination of crypto primitives.

COMMONLY USED PRIMITIVES

Between theoretical and practical cryptography, there are differences that are expressed mostly in the choice of basic crypto primitives that form the security mechanism.

The following procedures are most often used in practice:

• One-way hash function - Sometimes also called as one-way compression function. Compute a reduced hash value for a message (e.g., SHA-256);


• Symmetric key cryptography - Compute a cipherdata decodable with the same key used to encode (e.g., AES);


• Public-key cryptography - Compute a cipherdata decodable with a different key used to encode (e.g., RSA);


• Digital signatures - Confirm the author of a message;


• Mix network - Pool communications from many users to anonymize what came from whom;


• Private information retrieval - Get database information without server knowing which item was requested;


• Commitment scheme - allows one to commit to a chosen value while keeping it hidden to others, with the ability to reveal it later;


• Random number generator - Cryptographically secure pseudorandom number generator.

In Fig.1. some of the most commonly used in practice standard crypto primitives are shown.

Unlike all other information protection solutions, FDM uses synchronized hybrid mechanisms that combine standard and non-standard cryptographic primitives.

An example of a non-standard crypto primitive is control strings. In combination with the unique identifier, time markers, geolocation and other auxiliary solutions, they significantly increase the levels of protection, without in any way affecting the working parameters of the processes.

  Contents