forked from crypto101/book
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Glossary.tex
151 lines (150 loc) · 7.49 KB
/
Glossary.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
\newacronym{AEAD}{AEAD}{Authenticated Encryption with Associated Data}
\newacronym{AES}{AES}{Advanced Encryption Standard}
\newacronym{AKE}{AKE}{authenticated key exchange}
\newacronym{ARX}{ARX}{add, rotate, XOR}
\newacronym{BEAST}{BEAST}{Browser Exploit Against SSL/TLS}
\newacronym{CBC}{CBC}{cipher block chaining}
\newacronym{CDN}{CDN}{content distribution network}
\newacronym{CSPRNG}{CSPRNG}{cryptographically secure pseudorandom number generator}
\newacronym{CSRF}{CSRF}{\gls{cross-site request forgery}}
\newacronym{DES}{DES}{Data Encryption Standard}
\newacronym{FIPS}{FIPS}{Federal Information Processing Standards}
\newacronym{GCM}{GCM}{Galois Counter Mode}
\newacronym{HKDF}{HKDF}{HMAC-based (Extract-and-Expand) Key Derivation Function}
\newacronym{HMAC}{HMAC}{Hash-based Message Authentication Code}
\newacronym{HSTS}{HSTS}{HTTP Strict Transport Security}
\newacronym{IV}{IV}{\gls{initialization vector}}
\newacronym{KDF}{KDF}{key derivation function}
\newacronym{MAC}{MAC}{message authentication code}
\newacronym{MITM}{MITM}{man-in-the-middle}
\newacronym{OCB}{OCB}{offset codebook}
\newacronym{OTR}{OTR}{off-the-record}
\newacronym{PRF}{PRF}{pseudorandom function}
\newacronym{PRNG}{PRNG}{pseudorandom number generator}
\newacronym{PRP}{PRP}{pseudorandom permutation}
\newacronym{RSA}{RSA}{Rivest Shamir Adleman}
\newacronym{SMP}{SMP}{socialist millionaire protocol}
\newglossaryentry{secret-key encryption}{
name=secret-key encryption, description={Encryption that uses the
same key for both encryption and decryption. Also known as
symmetric-key encryption. Contrast with \gls{public-key encryption}}
}
\newglossaryentry{symmetric-key encryption}{
name=symmetric-key encryption, description={See \gls{secret-key
encryption}}}
\newglossaryentry{keyspace}{
name=keyspace, description={The set of all possible keys}}
\newglossaryentry{block cipher}{
name=block cipher, description={Symmetric encryption algorithm that
encrypts and decrypts blocks of fixed size}, }
\newglossaryentry{substitution-permutation network}{
name=substitution-permutation network, description={Generic design
for block ciphers where the block is enciphered by repeated
substitutions and permutations} }
\newglossaryentry{stream cipher}{
name=stream cipher, description={Symmetric encryption algorithm that
encrypts streams of arbitrary size} }
\newglossaryentry{mode of operation}{
name=mode of operation, description={Generic construction that
encrypts and decrypts streams, built from a block
cipher},plural=modes of operation }
\newglossaryentry{ECB mode}{
name=ECB mode, description={Electronic code book mode; mode of
operation where plaintext is separated into blocks that are
encrypted separately under the same key. The default mode in many
cryptographic libraries, despite many security issues} }
\newglossaryentry{CBC mode}{
name=CBC mode, description={Cipher block chaining mode; common mode
of operation where the previous ciphertext block is XORed with the
plaintext block during encryption. Takes an initialization vector,
which assumes the role of the \enquote{block before the first
block}}}
\newglossaryentry{initialization vector}{
name=initialization vector, description={Data used to initialize
some algorithms such as \gls{CBC mode}. Generally not required to be
secret, but required to be unpredictable.
Compare \gls{nonce}, \gls{salt}} }
\newglossaryentry{CTR mode}{
name=CTR mode, description={Counter mode; a \gls{nonce} combined
with a counter produces a sequence of inputs to the block cipher;
the resulting ciphertext blocks are the keystream} }
\newglossaryentry{nonce}{
name=nonce, description={\emph{N}umber used \emph{once}. Used in
many cryptographic protocols. Generally does not have to be secret
or unpredictable, but does have to be unique.
Compare \gls{initialization vector}, \gls{salt}} }
\newglossaryentry{AEAD mode}{
name=AEAD mode, description={Class of \gls{block cipher} \glspl{mode
of operation} that provides authenticated encryption, as well as
authenticating some unencrypted associated data}}
\newglossaryentry{OCB mode}{
name=OCB mode, description={Offset codebook mode;
high-performance \gls{AEAD mode}, unfortunately encumbered by
patents} }
\newglossaryentry{GCM mode}{
name=GCM mode, description={Galois counter mode; \gls{AEAD mode}
combining \gls{CTR mode} with a \gls{Carter-Wegman MAC}}}
\newglossaryentry{message authentication code}{
name=message authentication code, description={Small piece of
information used to verify authenticity and integrity of a message.
Often called a tag}}
\newglossaryentry{one-time MAC}{
name=one-time MAC, description={\Gls{message authentication code}
that can only be used securely for a single message. Main benefit is
increased performance over re-usable \glspl{MAC}}}
\newglossaryentry{Carter-Wegman MAC}{
name=Carter-Wegman MAC, description={Reusable \gls{message
authentication code} scheme built from a \gls{one-time MAC}.
Combines benefits of performance and ease of use}}
\newglossaryentry{GMAC}{
name=GMAC, description={\Gls{message authentication code}
part of \gls{GCM mode} used separately}}
\newglossaryentry{salt}{
name=salt, description={Random data that is added to a cryptographic
primitive (usually a one-way function such as a cryptographic hash
function or a key derivation function) Customizes such functions to
produce different outputs (provided the salt is different). Can be
used to prevent e.g. dictionary attacks. Typically does not have to
be secret, but secrecy may improve security properties of the
system. Compare \gls{nonce}, \gls{initialization vector}} }
\newglossaryentry{public-key algorithm}{
name=public-key algorithm, description={Algorithm that uses a pair
of two related but distinct keys. Also known
as \glspl{asymmetric-key algorithm}. Examples
include \gls{public-key encryption} and most \gls{key exchange}
protocols} }
\newglossaryentry{asymmetric-key algorithm}{
name=asymmetric-key algorithm, description={See \gls{public-key
algorithm}} }
\newglossaryentry{public-key encryption}{
name=public-key encryption, description={Encryption using a pair of
distinct keys for encryption and decryption. Also known as
asymmetric-key encryption. Contrast with \gls{secret-key
encryption}} }
\newglossaryentry{asymmetric-key encryption}{
name=asymmetric-key encryption, description={See \gls{public-key
encryption}} }
\newglossaryentry{key exchange}{
name=key exchange, description={The process of exchanging keys
across an insecure medium using a particular cryptographic protocol.
Typically designed to be secure against eavesdroppers. Also known
as key agreement} }
\newglossaryentry{key agreement}{
name=key agreement, description={See \gls{key exchange}}}
\newglossaryentry{oracle}{
name=oracle, description={A \enquote{black box} that will perform
some computation for you}}
\newglossaryentry{encryption oracle}{
name=encryption oracle, description={An \gls{oracle} that will
encrypt some data}}
\newglossaryentry{OTR messaging}{
name=OTR messaging, description={Off-the-record messaging, messaging
protocol that intends to mimic the properties of a real-live private
conversation. Piggy-backs onto existing instant messaging
protocols}}
\newglossaryentry{cross-site request forgery}{
name=cross-site request forgery, description={Kind of attack where a
malicious website tricks the browser into making requests to another
website. Can be prevented by properly authenticating requests
instead of relying on ambient authority such as session cookies}
}