7. The Bedrock of Cybersecurity: Cryptography 161 the adversary does not know the key, he still cannot produce the correct keystream (see Figure 7.6). Figure 7.6 A cryptosystem using a nonce. Nonces are used frequently in cryptosystems. They are easy to use and provide enhanced security even though they are not a secret. The “number used once” property means that nonces should never be reused. They are generated randomly, used once, and then thrown out. Keeping a list of used nonces to make sure that new nonces do not match previously generated ones would be prohibitive, and fortunately, it is not necessary. Nonces are chosen at random from a sufficiently large pool of possibilities, that probabilistically, the same one will never be generated more than once. For example, if nonces are sixteen bytes long (128 bits), the total pool of nonces is 2128 ≈ 1038. You would need to produce approximately 264 ≈ 1019 nonces in order for a repeat to become probable. Even if you needed one million nonces per second every second, it would take over 300,000 years before you would need to start worrying about a repeat! When using a stream cipher, the communicating parties input their shared key into a keystream algorithm to produce the keystream. For encryption, the keystream is XORd with the plaintext string to produce ciphertext. For decryption, the keystream is XORd with the ciphertext to produce plaintext (see Figure 7.7). Figure 7.7 Example stream cipher encryption and decryption. But does XOR encryption really work to preserve the confidentiality of messages? Taking the example in Figure 7.7, assume an adversary observes the ciphertext 1101011. From the adversary’s perspective, since he does not know the secret keystream, every possible combination of seven bits of keystream (128 different combinations) is equally likely. By trying all 128 combinations, he will produce 128 different putative plaintexts, including the correct one. However, there is no reliable means by which he can rule out any of the
RkJQdWJsaXNoZXIy MTM4ODY=