Cryptography Reference
In-Depth Information
Table 1.1:
Mapping of primitives used on their own to provide security services
Confidentiality
Data
Data
Non-repudiation
Entity
integrity
origin auth.
auth.
Encryption
Yes
No
No
No
No
Hash function
No
Sometimes
No
No
No
MAC
No
Yes
Yes
Sometimes
No
Digital signature
No
Yes
Yes
Yes
No
Table 1.2:
Mapping of primitives that can be used to help provide security services
Confidentiality
Data
Data
Non-repudiation
Entity
integrity
origin auth.
auth.
Encryption
Yes
Yes
Yes
Yes
Yes
Hash function
Yes
Yes
Yes
Yes
Yes
MAC
No
Yes
Yes
Yes
Yes
Digital signature
No
Yes
Yes
Yes
Yes
The entries in Table 1.2 should not be agonised over at too great a length,
especially as we have yet to discuss any of the primitives described there. The main
point is to indicate how intricately related the various standard cryptographic
primitives are and, in particular, to flag that they are often combined to achieve
security services. For example:
• Encryption can be used to design a message authentication code (MAC), which
provides data origin authentication (see Section 6.3.3).
• Hash functions can be used to store special types of confidential data
(see Section 6.2.2).
• In certain circumstances, MACs can be used to provide non-repudiation
(see Section 7.2).
• Digital signatures canbe used in entity authenticationprotocols (see Section9.4).
In the second part of this topic we develop the cryptographic toolkit in terms
of these different security services. Chapters 4 and 5 will focus on providing
confidentiality. Chapter 6 looks at mechanisms for providing data integrity and
data origin authentication. Chapter 7 is concerned with the provision of non-
repudiation. Chapter 8 considers entity authentication.
