CWE Unit 1 Notes
CWE Unit 1 Notes
CWE Unit 1 Notes
HISTORY
Cryptocurrency has a rich and complex history, characterized by innovation, speculation, and
evolving technology. Here’s a brief overview of its development:
Recent Developments
Future Outlook
1. Decentralization:
o Data is not stored or controlled by a central authority. Instead, it is distributed
across a network of computers (nodes).
2. Transparency:
o Each participant in the network can access the entire ledger, which promotes
transparency and trust among users.
3. Immutability:
o Once data is recorded in the ledger, it cannot be altered or deleted. This
ensures the integrity and reliability of the records.
4. Consensus Mechanism:
o Distributed ledgers use consensus algorithms (such as proof of work, proof of
stake, or others) to validate transactions and ensure all copies of the ledger are
the same.
5. Security:
o The decentralized nature of DLT provides security against single points of
failure and reduces the risk of data manipulation or fraud.
Applications of Distributed Ledger Technology:
1. Cryptocurrencies:
o Bitcoin and other cryptocurrencies use blockchain, a type of DLT, to record
transactions and maintain the currency's integrity.
2. Supply Chain Management:
o DLT can track products through their lifecycle, enhancing transparency and
traceability.
3. Smart Contracts:
o DLT enables self-executing contracts with the terms of the agreement directly
written into code, facilitating automatic execution and enforcement.
4. Financial Services:
o DLT can improve efficiency in payments, settlements, and other financial
processes by reducing intermediaries and speeding up transactions.
5. Identity Management:
o DLT can provide secure and verifiable digital identities, enhancing privacy
and security in various applications.
If you need specific information about the diagram or have questions about certain aspects of
distributed ledger technology, feel free to ask!
Blockchain Basics
1. Transaction Recording:
o When a cryptocurrency transaction is initiated, it is grouped with other
transactions into a block. The block is then added to the blockchain once
verified by the network.
2. Security and Immutability:
o The use of cryptographic techniques ensures that transactions are secure and
that once added to the blockchain, they cannot be altered.
3. Transparency:
o All transactions are recorded on a public ledger, allowing anyone to view
them. This transparency helps build trust among users.
4. Digital Wallets:
o Users store their cryptocurrencies in digital wallets, which use blockchain to
securely track the ownership and transfer of the currency.
5. Smart Contracts:
o Platforms like Ethereum use blockchain to deploy smart contracts, which are
self-executing contracts with terms written into code. These contracts can
automate complex transactions and enforce agreements without
intermediaries.
Popular Cryptocurrencies
Bitcoin (BTC): The first and most well-known cryptocurrency, created by Satoshi
Nakamoto. It uses PoW to secure its network.
Ethereum (ETH): Known for its smart contract functionality, Ethereum plans to
transition from PoW to PoS with its Ethereum 2.0 upgrade.
Ripple (XRP): Focused on fast and low-cost cross-border payments, using a
consensus protocol distinct from PoW and PoS.
Litecoin (LTC): Created as a "lighter" version of Bitcoin, offering faster transaction
times.
1. Hash Functions:
o Definition: A hash function takes an input (or "message") and returns a fixed-
size string of bytes. The output is typically a "hash" or "digest" that appears
random.
o Properties:
Deterministic: The same input will always produce the same hash.
Fast Computation: Hashes can be computed quickly.
Pre-image Resistance: It is infeasible to generate the original input
from its hash.
Small Changes Produce Drastically Different Hashes: A small
change in input produces a vastly different hash (avalanche effect).
Collision Resistance: It is infeasible to find two different inputs that
produce the same hash.
o Usage: Cryptocurrencies use hash functions to secure transactions and mine
new coins. Bitcoin, for example, uses the SHA-256 hash function.
2. Public Key Cryptography:
o Asymmetric Encryption: Uses two keys—a public key and a private key.
The public key can be shared openly, while the private key is kept secret.
o Encryption and Decryption: Data encrypted with a public key can only be
decrypted with the corresponding private key, and vice versa.
o Digital Signatures: A private key is used to sign a transaction, and anyone
with the corresponding public key can verify the signature, ensuring that the
transaction is authentic and unaltered.
o Usage: Public key cryptography is used in cryptocurrencies to generate
wallets (public addresses) and secure transactions (digital signatures). Bitcoin
uses the Elliptic Curve Digital Signature Algorithm (ECDSA) for this purpose.
3. Elliptic Curve Cryptography (ECC):
o Definition: A form of public key cryptography based on the algebraic
structure of elliptic curves over finite fields.
o Efficiency: ECC provides the same level of security as other systems (like
RSA) but with smaller key sizes, making it faster and more efficient.
o Usage: ECC is widely used in cryptocurrencies for generating keys and
signatures due to its efficiency and security.
4. Zero-Knowledge Proofs:
o Definition: A cryptographic technique that allows one party to prove to
another that a statement is true without revealing any additional information.
oUsage: Some cryptocurrencies, like Zcash, use zero-knowledge proofs
(specifically, zk-SNARKs) to enable private transactions where the transaction
amount and participants are hidden.
5. Merkle Trees:
o Definition: A tree structure in which every leaf node is a hash of a data block,
and every non-leaf node is a hash of its child nodes.
o Properties: Merkle trees enable efficient and secure verification of data
within large datasets.
o Usage: In cryptocurrencies, Merkle trees are used to efficiently verify
transactions within a block. This structure is key to the efficiency and security
of blockchains.
Hashing
is a fundamental concept in computer science and cryptography, playing a crucial role in data
integrity, security, and performance optimization. Here’s an overview of hashing, its
properties, and its applications:
What is Hashing?
Hashing is the process of converting an input (or "message") into a fixed-size string of bytes,
typically a hash value or digest, through a hash function. The output appears random and is
unique to each unique input.
1. Deterministic:
o For any given input, the hash function will always produce the same output.
This consistency is crucial for data verification.
2. Fast Computation:
o Hash functions are designed to compute the hash value quickly, making them
suitable for applications that require rapid processing.
3. Pre-image Resistance:
o It is computationally infeasible to reverse-engineer the input from its hash
output, ensuring data security.
4. Small Changes Yield Drastically Different Hashes:
o A minor alteration in the input data results in a completely different hash
output, known as the avalanche effect.
5. Collision Resistance:
o It is highly improbable to find two distinct inputs that produce the same hash
output, which is vital for maintaining data integrity.
Applications of Hashing
1. Data Integrity:
o Hashing is used to verify data integrity by comparing hash values before and
after transmission or storage. If the hashes match, the data has not been
altered.
2. Password Storage:
o Passwords are often stored as hashes rather than plain text. When a user enters
a password, it is hashed and compared to the stored hash to verify the user's
identity without exposing the actual password.
3. Digital Signatures:
o Hash functions play a critical role in creating digital signatures, which ensure
that a document or message has not been tampered with and verify the sender's
identity.
4. Cryptographic Protocols:
o Hash functions are essential components of many cryptographic protocols,
including SSL/TLS and PGP, providing security and integrity.
5. Blockchain and Cryptocurrencies:
o Hashing is fundamental to blockchain technology. It ensures data integrity,
secures transaction information, and plays a key role in consensus mechanisms
like proof of work.
6. Data Structures:
o Hash tables use hashing to enable fast data retrieval, making them efficient for
tasks like database indexing and caching.
Conclusion
Hashing is a versatile and powerful tool in computing and cryptography, providing security,
data integrity, and efficient data processing. Its importance is evident in various applications,
from securing passwords to ensuring the integrity of blockchain transactions.
Signature schemes
The image you've uploaded appears to be a diagram related to signature schemes. Signature
schemes are cryptographic protocols that ensure the authenticity and integrity of digital
messages or documents. They are essential in securing communications and transactions in
digital systems. Here's an overview of digital signature schemes and their components:
A digital signature is a mathematical scheme for verifying the authenticity and integrity of
digital messages or documents. It ensures that the message was created by a known sender
and was not altered in transit.
1. Key Generation:
o Involves creating a pair of keys: a private key and a public key.
o The private key is kept secret, while the public key is distributed to others.
2. Signing:
o The sender uses their private key to create a digital signature on the message
or document.
o This process involves a hash function that generates a hash of the message,
which is then encrypted with the private key.
3. Verification:
o The receiver uses the sender's public key to verify the digital signature.
o The verification process involves decrypting the signature and comparing the
resulting hash with the hash of the received message to ensure authenticity and
integrity.
The public key consists of the pair (e, n), while the private key consists of the pair (d, n).
Signing Process
To sign a message M, the sender performs the following steps:
1. Hash the Message: Compute the hash of the message M using a cryptographic hash
function, resulting in a hash value H(M). The hash function ensures that even a small change
in the message will produce a significantly different hash value.
2. Encrypt the Hash: Use the private key d to encrypt the hash value H(M). The signature S is
computed as S = H (M)d (mod n).
Verification Process
To verify the authenticity of the message M and its signature S, the recipient performs the
following steps:
1. Hash the Received Message: Compute the hash of the received message M using the
same cryptographic hash function used by the sender, resulting in a hash value H(M).
2. Decrypt the Signature: Use the sender's public key e to decrypt the signature S. The
decrypted value H'(M) is computed as H'(M) = Se (mod n).
3. Compare Hashes: Verify that the decrypted hash value H'(M) matches the computed hash
value H(M). If they match, the signature is valid, indicating that the message has not been
altered and was indeed signed by the holder of the private key.
1. Secure Communications:
o Ensures messages are sent and received by verified parties, preventing
impersonation and tampering.
2. Software Distribution:
o Verifies the authenticity and integrity of software downloads, ensuring they
have not been altered or corrupted.
3. Financial Transactions:
Provides security and trust in digital transactions, ensuring they are authorized
o
by the account holder.
4. Document Signing:
o Legally binding digital signatures on electronic documents are used in
contracts and agreements.
Security Considerations
Key Management: Secure generation, distribution, and storage of private keys are
critical to maintaining the security of a signature scheme.
Algorithm Choice: Selecting the right algorithm based on security requirements and
performance considerations is essential.
Hash Functions: The choice of a secure hash function (like SHA-256) is vital to
protect against collision attacks.
If you need more specific information about the diagram or have questions about particular
aspects of signature schemes, feel free to ask!
Encryption Schemes
1. Symmetric Encryption
Description: Uses the same key for both encryption and decryption.
Key Management: Requires secure distribution of the secret key to all parties
involved.
Efficiency: Generally faster and more efficient than asymmetric encryption, making it
suitable for encrypting large amounts of data.
Common Algorithms:
o AES (Advanced Encryption Standard): A widely used standard for secure
encryption, known for its speed and security.
o DES (Data Encryption Standard) and 3DES: Older standards that have largely
been replaced by AES due to security vulnerabilities.
2. Asymmetric Encryption
Description: Uses a pair of keys—public and private keys. The public key encrypts
data, while the private key decrypts it.
Key Management: The public key can be distributed openly, but the private key
must remain confidential.
Efficiency: Generally slower than symmetric encryption, but offers advantages in
secure key exchange and digital signatures.
Common Algorithms:
o RSA (Rivest-Shamir-Adleman): Based on the difficulty of factoring large
integers, commonly used for secure data transmission and digital signatures.
o DSA (Digital Signature Algorithm): Used for digital signatures, providing a
standard method for verifying the authenticity of digital documents.
An elliptic curve is not an ellipse, or oval shape, but it is represented as a looping line
intersecting two axes, which are lines on a graph used to indicate the position of a point. The
curve is completely symmetric, or mirrored, along the x-axis of the graph.
Public key cryptography systems, like ECC, use a mathematical process to merge two distinct
keys and then use the output to encrypt and decrypt data. One is a public key that is known to
anyone, and the other is a private key that is only known by the sender and receiver of the
data.
ECC generates keys through the properties of an elliptic curve equation instead of the
traditional method of generation as the product of large prime numbers. From a cryptographic
perspective, the points along the graph can be formulated using the following equation:
y²=x³ + ax + b
ECC is a form of asymmetric encryption that provides security using smaller key sizes,
making it faster and more efficient than traditional algorithms like RSA.
Elliptic Curves: ECC is based on the mathematics of elliptic curves over finite fields.
These curves provide the basis for generating cryptographic keys.
Smaller Key Sizes: ECC provides equivalent security to RSA and DSA but with
significantly smaller key sizes. For example, a 256-bit key in ECC provides
comparable security to a 3072-bit RSA key.
Efficiency: Due to smaller key sizes and faster computations, ECC is well-suited for
environments with limited resources, such as mobile devices and IoT devices.
ECC Algorithms
ECDSA (Elliptic Curve Digital Signature Algorithm): Used for digital signatures,
providing security and efficiency in signing and verifying data.
ECDH (Elliptic Curve Diffie-Hellman): Used for secure key exchange, allowing
two parties to establish a shared secret over an insecure channel.
Elliptic Curve Cryptography (ECC) was discovered in 1985 by Victor Miller (IBM) and Neil
Koblitz (University of Washington) as an alternative mechanism for implementing public-key
cryptography.
Key Generation
Key generation is an important part where we have to generate both public key and private
key. The sender will be encrypting the message with receiver’s public key and the receiver
will decrypt its private key.
Q=d*P
d = The random number that we have selected within the range of ( 1 to n-1 ). P is the point
on the curve.
Encryption
Let ‘m’ be the message that we are sending. We have to represent this message on the curve.
This have in-depth implementation details. All the advance research on ECC is done by a
company called certicom.
Conside ‘m’ has the point ‘M’ on the curve ‘E’. Randomly select ‘k’ from [1 – (n-1)].
C1 = k*P
C2 = M + k*Q
Decryption
We have to get back the message ‘m’ that was send to us,
M = C2 – d * C1
Proof
M = C2 – d * C1
C2 – d * C1 = (M + k * Q) – d * ( k * P ) ( C2 = M + k * Q and C1 = k * P )
= M + k * d * P – d * k *P ( cancelling out k * d * P )
= M ( Original Message )
Applications of ECC
Advantages of ECC
Security with Smaller Keys: Provides high levels of security with much smaller keys
compared to other asymmetric encryption methods, leading to faster computations
and reduced storage requirements.
Scalability: Suitable for use in a wide range of applications, from large-scale secure
communications to resource-constrained environments.
Overall, encryption schemes and elliptic curve cryptography are vital tools in the realm of
digital security, providing the means to protect sensitive data, authenticate users, and ensure
the integrity of communications in a variety of applications.