PREFACE

Symmetric Key Crypto Framework

Symmetric just means sender and receiver have the same exact shared key (like the JWT HS256).

key = KEY-GEN()

(Use some public-key magic to make sure you and partner get same key)

ciphertext = ENC(plaintext, key)

ciphertext SHOULD LOOK LIKE HIGH ENTROPY NOISE IN TRANSIT

plaintext = DEC(ciphertext, key)

General Network Considerations

Grubby paws will handle your ciphertext, they might know part of your message. They shouldn't be able to figure out anything better than just guessing.

THE SAME MESSAGE SHOULD NEVER BE SENT TWICE... EVER

Someone holding then replaying your message should fail

Someone bouncing your message back to you should fail

Someone cleverly tampering with your message should fail

XOR ROX

TLDR

X + 0 == X

X + X == 0

X + pseudo-random == looks-random

X + key == encrypted

(X + key) + key == X + (key + key) == X + 0 == X

OK so the + in these statements is bit-wise XOR.

If the goal of crypto is to make messages that seem completely random while on the wire then become completely plain once they arrive at their destination then this does the job:

• Make a random key, K
• XOR your secret message X and the random key K (C = xor(X,K))
• Send the encrypted message to your friend on the other side of the planet
• Get them the same random key somehow (more on this later)
• Now they undo the key: xor(C, K) == X

That is, make something random, mix it with your message using XOR, then unmix it again using XOR

Questions:

• So how does XOR do that whole A+A=0 and A+0=A thing?
• How do we make a random number in two places on the planet at once?

ASIDE: how text becomes binary

Typically every character is one byte (8 bits) of data.

These bytes do NOT look random. You can start to see the binary by seeing the HEX digests:

• 0 in hex is 0000 in binary
• 1 in hex is 0001 in binary
• etc
• f in hex is 1111 in binary (15 in decimal)

So something like "A" is 65 in decimal, 0x41 in hex, and (4) 0100 0001 (1) in binary.

How XOR works: A+A=0, A+0=A

Alright XOR works with two binary inputs:

BUT we don't send 1 bit text messages, we send big long paragraphs or novels or movies...

So for that we just do each bit separately:

OK The One-Time-Pad

So plaintext XOR randomlookingkey will look random.

IF we can make a key which is

1) Unpredictably random looking

2) Reproducible at two places on opposite sides of the planet

3) Just as long as the original message

THEN we can do perfect encryption, and that system is called the One-Time Pad

Of course all of those conditions are very hard to pull off.

Why is it called the one-time pad? Well because your method of making random stuff on two sides of the planet CANNOT ever be repeated.

One-Time Pad done twice:

CT1 = PT1 XOR KEY

CT2 = PT2 XOR KEY (same key)

CT1 XOR CT2 == PT1 XOR PT2

Now PT1 XOR PT2 is not random xor random.

Let's play with that.