 Encryption and decryption main algorithm. Let's start with a symmetric cryptography again. An encryption is defined by three things. Algorithm, block size, key size. Algorithm, we'll see triple SOS, okay. Block size. You don't take all your data or all your information and say just encrypt. But it will be, I would say, cut in some blocks. And the block size is something important and is a characteristic of your encryption. Here I'm talking about padding. Padding is when your data is not aligned on this block size. Can imagine if I've got a block size of five and if you've got some data of six. So I have five information to add at the end. This is a pad. It's something important. I would say it should be done in a specific way. I won't deal with this. It's some detail that you can find in some other literature. Here it's just to say that we are on a block size. Then we've got the key size. Key size is very important because it's often linked regarding a same algorithm with the same block size. It's a characteristic of the strengths of your algorithm. The bigger is the key, the more strength is your security on the encryption for a same algorithm, of course. Main encryption algorithm we see together. Triple S. Triple data encryption standard. And iOS advanced encryption standard. Again, you remember it's fast in software and hardware. And why? Because internally, you only use some permutations. Substitution, shift, or XOR. So it's something a microcontroller or any computers manage to do it very quick. So it's why it's so fast. Let's start with TDS. Triple S. Triple data encryption standard. In fact, it's based on a simple, I will say encryption, which is a simple desk which relies on a faster, safer mathematical problem. I won't detail this because I'm not good on mathematics at all. But okay, I'll just give you the name. The block size here is 64 bits for this algorithm on a key size of 56 bits. But we don't choose this one. We use a triple data encryption. So we will run three times this death algorithm with three different keys. First, the plain text, or I will say the block of the plain text, will be encrypted with the first key. We will be decrypt with another key and we will be re-encrypt the result with the third key. If you decrypt something with another key than the one that has been used to encrypt, it's like a new encryption, I would say. So here the key size for the triple desk would be three multiplied by 56 because we've got three key of 56 bits, 168 bits. But you can also use triple desk algorithm with only two different keys. This time you will encrypt the block of plain text with the key one, decrypt it with key two and re-encrypt it with key one. In this case, the key size will be one hundred and twelve bits. So the second one is not as strong as the first one, but the key size is smaller. Sometimes it's important to have a small key. That's all for the tedious. Now we will deal with advanced encryption standard ROS. I would say it's the main standard used today. It's based on the substitution permutation network. The block size is one hundred and twenty-eight bits and the key size is one hundred and twenty-eight bits or one hundred and ninety-two or two hundred and fifty-six bits. In fact, internally, the ROS algorithm operates on a two-dimensional array of four by four bytes. That explains the block size of one hundred and twenty-eight bits. And internally, I would say, ROS will work with this array and will do some round. The transformation to this two-dimensional array. On four key of one hundred and twenty-eight bits, it will do ten rounds. For the key of one hundred and ninety-two, twelve rounds. For a key of two hundred and fifty-six bits, fourteen rounds. So just to show that if you have a bigger key, the algorithm will be, I would say, more long or it will take more times to compute encryption or decryption. So the complete name when you encrypt block by block is IOS ECB. ECB for Electronic Code Book Mode Encryption. So here we've got the plain text or a block of plain text. So one hundred and twenty-eight bits. And it will be cypher as input with the key. And then you will have the cypher text block by block. And then you go to the next block. You encrypt it with the key and you've got the cypher text until the last block where you may need to add some padding and you encrypt it. The encryption will take the cypher text decrypted block by block. I propose that we do now a short hands-on with about these topics. This time we will use OpenSSL. Before, in the previous hands-on, we used some bad files I created for you that rely on OpenSSL. Now I think it's a good time to use directly these tools. And it's a very useful one that you can use for tests or maybe also for your application. Now let's do the first hands-on with OpenSSL directly. So now we're prepared for you just an input file, example abb.bin and one with one bit modified. In the hands-common.txt file, you've got all the commands that have been already typed if you want to copy past. But here I will try to do it, I will say directly in front of you. First, let's check our content of the example file. So this is the input I will use for mainly all the examples I will do. So first we want to encrypt with a harass 128 bits. So it's a command OpenSSL. Then we want to do encryption. The algorithm is harass 128 bits. Electronic code books encryption. Then TRK will give here the key. Let's take, I don't know, deadbiff. Deadbiff. Why not? Then we've got an option, no salt. That may, it won't have some special correctness. So we don't just, I want to encrypt what we provided to it. Then no pad. We don't want to add some things because it's already aligned on the block size. So the input file will be my example. And the output file. Let's call it example. Encrypted a CB. So if I check the results. Okay, as you can see, the same size. It's being encrypted block by block. Do you notice something? Okay, I'm nearly sure that you will find it. Here we've got the line of AABB and it's one block. So here we've got one block encrypted, another encrypted, another encrypted. As you can see, you can see some pattern. So, okay, with a CB, it's block by block, but the problem is that when you encrypted two blocks that are equal, you've got the same results. That could be an issue. I will come back to this in the theory after. But now let's decrypt. So, open SSL again. So this time, we always use encrypt but charity to precisely who want to decrypt. We just give the algorithm OS128 bits, electronic code book. The key, we have decided dead beef, dead beef. We say that we have no sort and no pad. So, the input this time would be the encrypted file. Encrypted a CB and the output file. I hope we'll find the good one. So, decrypted a CB. Okay, I hope I forget nothing. So, let's check the results. So it was a decrypted a CB and I found again my data. So, quite simple. So, this is again a basic example but open SSL is very powerful so you can really use it to experiment things. Here I give you just the basic commands after you've got many options but I don't want to go into much details. Here again, it was to fix your hiding. So, we have seen together that with a CB block by block, that's mean when I encrypted one block twice we've got the same result for this block. And it could be an issue. Let's see in the theory now. Let's talk about block ciphering mode. We've seen just in the answer that we managed to find out some pattern. When you encrypt one block and if the block is exactly the same you will have the same results. So, if you encrypt a clear image, images from numerical point of view is just some colors on each byte and such kind of coding. So, if you encrypt such kind of pictures with just a high os and the cbc mode you will manage to see a pattern and it's really, really easy to see. So, there is two ways to address this two possible solutions. The first one is to use some data from the previous block to encrypt the next block. This is a chaining mode. We will see just after the description of the cbc one cfb and ofb. Another possibility is to combine each block of data with a counter and this is conterm mode. We will see the CTR. There is also the CCM and the GCM. GCM will be addressed later in this presentation but CCM I won't address it. But you can find information really easily on it. So, let's see the first one, oscbc. Don't be afraid by these schematics. It could seem to be complicated but not so much. So, here we've got the first block of plain text. The first thing, we have a new input. Initialization vectors. And we will XOR this first block with the initialization vectors and encrypt the results. This is the first suffer text block. And this one will be the input for the next XOR done with the second block of plain text. And it's gone that way. So, you seem okay. For encryption, I catch what is the algorithm but how it works for decryption. You take the ciphertext. The first ciphertext block. You decrypt it. And you XOR it again with the same initialization vector. And you will find plain text. Exactly the same for the next ciphertext. You decrypt it with the key. You XOR it with the previous ciphertext and you will have the plain text. So, this is really a chaining mode and that way you ensure that you won't see any pattern anymore. For sure. The back of this is that you can't parallelize. I need to encrypt the next block. I need the first block to be encrypted. So, this is the main drawback for this algorithm. Let's do a short hand zone again and see that we don't see any pattern anymore now. So, now we'll experiment the Havas CBC. We have seen the problem of this pattern that we could see. So, let's try to use it. So, open SSL again. We want to encrypt. The algorithm is 100 128 bits. And this time it was with the CBC. Ascii, we will use JetBiff again. Why not? And this time I will put an initialization vectors. So, I don't know. Dead, for example. It was advised to change the IV for each encryption. Then the argument no salt. I should not have some space. No salt. Then no pad. The input file will be stillmyexample.bin And the output file will be example. But I want encryption. And it will be with CBC. So, if we check now the results with Xtemp. So, example with CBC. Here, no pattern anymore. If I compare with the one with a CBC, we generated previously. Here, we got two pattern. So, we will address this problem now with the CBC. So, when we want to decrypt, we will also need the IV. So, let's do it. So, we see ink, but minus D to say we decrypt. Then how else? 128 bits. We are in a CBC chaining. My key will be deadbiff. Deadbiff. My IV which is dead. We put no salt. No pads. And as input here we got the encrypted CBC. And the output will be the example with decrypted decrypted, sorry, CBC. I missed something somewhere. Okay, no pad. Not no pass. Sorry. Okay. So, let's check the results. So, it was a decrypted CBC and we found out our input. So, here we just seen together that with CBC we don't have the pattern that could be seen now. That's it. Quite simple, I think. Okay, going on with theory. Let's see another chaining mode. CFB, cipher feedback mode encryption. This time it's a little bit different. As you can see, the input of the encryption this time will be the initialization vectors. And it was this one that will be encrypted with a key. And we just saw the plain text with it to have the cipher text. That's really changing from what we have seen before because before we were always encrypted, I would say some kind of plain text we think. Here we just encrypt the initialization vectors. So, you can see the cipher text which is really unpredictable if you don't have the key and you've got the plain text. And this one is the block for the next input. Let's go on, let's go on, let's go on. For the decryption, as you can see, it's not a decryption. We will encrypt again the initialization vector with the key. And we have, I will say, the same resultant here. So, when we will cipher text with the same value we will find out again our plain text. So, from the next one, the block will be the input of the next encryption and so on and so on. Here the main advantage regarding the previous algorithm is that you only unbedded encryption algorithm. You don't need the decryption one. This could be an advantage because for the highest encryption algorithm and the decryption algorithm are not the same code or same way of working. So, when you have some constraint on the size of unbedded code and things like that, you can select this one because you can just unbed the encryption mechanism. You don't need the decryption one. Now, we will talk about the OFB. It was the output feedback mode. So, here again we will encrypt the initialization vector with the key. And the result of this will be so with the plain text. So, I will say this block is exactly the same that previous. But the difference is now it's before using the plain text before XORing with the plain text will take the result of this encryption as the input of the next one. What is the advantage of this? You don't need to wait to have the type of text to manage to prepare the next one. If you've got the initialization vector and the key, you can prepare in advance all those coefficients. So, I would say it's a kind of optimization. You can do some parallelism computing. So, it could be very interesting from a performance point of view. And again, if you look, we are using encryption and encryption. But I would say something is not good. Imagine you managed to have an example of a cipher text on a plain text. So, you will manage to get this algorithm, this value and this value and this one. Because it's really easy. You just have to take one block to XOR with this block and you will get the result of this. If Alice will encrypt another message with the same IV and the same key you will have all the key in advance or you will have all those resistance events, you will manage to decrypt it. So, I would say initialization vector in this case should be changed for each message. Of course, it's not easy for a hiker to manage to get a cipher text but if you manage to get this and if you don't change your initialization vectors you can, I would say, crack the message. So, this is the drawback of this one. Another mode is the cunter mode and this time we are not using some data from the previous block or chaining mode I would say. Here we will use some random data and also added cunters and this is called the cunter mode. Main cunter mode has the CTR, CCM and GCM. Here I will just introduce you to the CTR. CCM and GCM have a particularity. They are doing encryption for sure but they also do some authentication so it's a little bit early in the presentation to introduce you about those. I will come back on GCM once we have seen together authentication. What are the details about CTRs? So again we've got this schematics. I take a lot of points. Here we've got nouns. Nouns mean a random data and with these nouns there is a part that will be a cunter and to encrypt a block of the plain text we will first encrypt the key with these nouns and the cunter and we show the result with the plain text. As you can see, there is no link between each block. It's just the cunter that will change for the decryption we should take the same random value so it should be shared. It's always an initialization vector I would say but this time this initialization vector would change from value due to the cunters. So we take this initialization vectors we encrypt with the key and we show with the cipher text and get the plain text. So here you've got the difference between the other mechanism we've seen of Schenning and what are the advantages of this. Again, we just embedded the encryption so for the constant of the size that's good. Another particularity we can compute in advance all those values so we can do some parallelism but what is also interesting you can just access or we say encrypt or decrypt one block in all your text because in advance you just change the cunter value and you can cipher or decrypt. Here it's a decryption even if you are using encryption for the coefficients and that's it. So very interesting. I think now we have seen the different Schenning mode and the cunter mode I don't give you too much details it's just to give you a flavor about those and it's important when you selected an algorithm to be aware of which Schenning mode or cunter mode is used if you need it of course and now let's do again a short hands-on with open SSL on CTR just to see the results. So now with the cunter mode so I think you have seen we will just change the argument to which specifier what is the algorithm use but let's do it it's good to experiment it I think. So open SSL sorry open SSL again so this time I still want to encrypt the RS 128 bit and this time with the CTR mode we still need the key to encrypt dead beef dead beef we will use an IV also but this time just I will say in a symbolic way I will use this one just to show you or to have the image that this IV will be incremented to have the cunter you got it so let's put dead 0 0 0 but it's symbolic because if I put dead that it will also incremented then we've got the no salt option the no pad option the input is always the same my example my output input with the example and I change the extension with encrypted and I put CTL ok that's it if I do xdamp if we manage to see some button but I don't think so so that's what we already down encrypted CTL this one ok no button could be seen here let's decrypt it so open SSL again and we want to decrypt so here it was the RS128 bits not space but just this ok and it was a cunter mode the key to use dead beef the IV really important and should be changed each time you encrypt the new data ok the no salt option the no pad option no salt no pad then the input so this time would be the encrypted CTL and the output would be this one with decrypt CTL let's check the results decrypted CTL and we find out how our inputs so quite simple you can see with open SSL it's really easy to change the chaining mode and do some experimentation ok let's continue with theory so we finish with the house we have seen some chaining mode we have seen the CTL mode, cunter mode sorry and now I want to do a short comparison with the algorithm because you can wonder which one TDS or RS should I use in fact RS could be considered as the successor of the triple S so in every new new scheme you are using you will probably use RS TDS could encounter some issues more than 32 GB of data with the same key just a weakness to be known but the main argument is that RS is faster than TDS with a lower memory footprint so I would say there is no main advantage to use triple S but it's already using some system so sometimes for compatibility point of view you will need to use this algorithm also and that's it for all the algorithm symmetric where do we stand now let's check our agenda first we've seen together different principle for symmetric encryption let's mean using the same key to encrypt and decrypt symmetric you remember we are using the public key of the recipient to encrypt data and you will decrypt it with this private key combination of the both is a way to encrypt a huge volume data in an efficient way and a shared secret generation Diffie-Hellman which is another way to generate a shared secret to encrypt with symmetric after then we have seen together the main algorithm symmetric triple S, RS is associated with a chaining mode or CTR if needed CTR counter mode sorry now we will see together asymmetric main algorithm RSI, elliptic curves and Diffie-Hellman I will give you here more details about what are the mathematical behind I won't go too deep in this detail because I'm not good at math at all so it's just to give you a flavor about what is the mathematical problem behind those so the asymmetric cryptography main algorithm so the encryption characteristic of the algorithm and the associated key size so two main algorithm we see together RSI and SCC for the RSI the commonly key size is 2048 bits and up to 4096 bits you can use smaller key if you want but today is not considered as secured enough to waste a lot of computation for the SCC the key commonly uses 160 bits and up to 512 bits so really smaller than the RSI one but that doesn't mean that is less secure again and you remember I already told you in the part of theory it's a complex operation so even for hardware or software so generally it's not used to encrypt big data let's start with RSI so RSI stands for reversed shami at demand in fact it based on the difficulties to factorize the product of two large numbers so if you get two large numbers PNQ even if you know the product N it's quite complicated to manage to find PNQ or it's nearly impossible in practice so commonly used key size is 2048 bits and up to 4096 bits so all those numbers will be large I want to give you detail about RSI key creation so let's compute it manually first we need to choose two prime numbers PNQ and compute the product of them so we'll do this with very tiny value because I want to do it manually so I chose P equal 5 and Q equal 11 so the product is 55 then we need to choose another prime number which should be no prime factor with the product of P-1 with Q-1 so in our case this product of P-1 multiplied by Q-1 is 14 so I just check the prime numbers and he could be equal to 7 so now our public key will be the E and N then we compute the private part of the key so we need to choose a number D who will respect one rules E multiplied by D modulus the P-1 multiplied by Q-1 should be equal to 1 so D equal 23 could be a good candidate for us and the private key will be D and N N is public because it's already in the public key but you will need with a private part D why? because if I just give you details about encrypted number N the algorithm to do that it just put M to the power of E modulo N and you've got the encrypted value and when you want to decrypt you will use the same algorithm but this time you will put encrypted number C to the power of D modulo N and you will get the value so it just to show you then a new circuit is composed of many different numbers but the important one are public and the private exponent so public exponent is E the private exponent is D and the modulus which is N so here is CK pair as I've just said we've got a public exponent and modulus this is a public key we've got a private key which is component of the private exponent and the modulus and P and Q is not used anymore to encrypt and decrypt but they have to be kept secret so they managed to find the private exponent so the private key so this is just to show you how a key pair Eresa is composed and what is the important component in it let's do a hands on just to check this with Hopon SSL so now I propose that we generate an Eresa key together so Hopon SSL again we want to generate some Eresa and there how it put fire will be private key dot POM is the extension used by Hopon SSL for the key then I see the size of this key 2048 bit for example here generated and the result is in the file mypref key dot POM if I just dump it with a type we talk about Eresa private key but we don't see all the information in fact it's a proprietary format so there is utilities in Hopon SSL to manage to extract the public key and also all the information inside so let's do it Hopon SSL we are in Eresa domain we will put as input the key and we would like to see the public key with pubouts here we've got the public key but we can also say that I want to store it in a file so with the argument out and say this is my public key this is a way to have a key pair now we can also request to see some detail about this Eresa I will put my private key and I will say I would like to see something under the understance table ok, many information but here you have link with what we studied before you find the modulus it's a public exponent the private exponent the prime number one prime number two ok so really here we've got all the information we know that to encrypt or to decrypt we only use this part but this one could remain secret there is other value after which is exponent one exponent two and coefficient this is partial value that can be used to optimize the algorithm of Hopon SSL but I would say it was deduced from the other part of the key if we check what we've got in the public key so I will put my public key I have to say that it was a public key or it will not be happy and text file you remember what we should see only the modulus and the exponent ok so let's face a idea like I said before in the theory so now I propose that we encrypt our file with eresa so Hopon SSL this time we do eresa utility we want to encrypt so let's say we want to encrypt we will encrypt with the public key you remember that so the key will be my public key.pm I need to say this is a public key I won't be happy what I want to encrypt will be my example and the result will be stored in my example dot onk eresa for example ok I think everything is there seems happy with that if I do extend of the result so example underscore and eresa ok as you can see now it's encrypted so let's decrypt it we encrypt with the public key so we will decrypt with the private key not so complicated so Hopon SSL again we still using eresa utility we say that we want to decrypt this time the in key will be my private key the input will be the example and encrypt eresa and the output will be an example decrypted eresa let's check the result decrypted eresa and we found out our inputs so it's working you have seen how you encrypt with the public key and decrypt with the private key if you try to encrypt with some private key and think like that you will have some warning from Hopon SSL so here I just give you I would say when it works but it's really a good basics and you can do some trial with this ACC let's talk about elliptic curves cryptography so it's based on the elliptic curves and the commonly used key size is 160 up to 512 bits so mathematics behind elliptic curves are quite complicated I want to give you just a flavor about what is this problem and how we can use it so first let's see what is an elliptic curves elliptic curves over a finite field order n satisfies this equation so if I draw it I can have something like that that's really depending on the different coefficient A B let's take this example just to simplify and on these curves I will define a point G the generators then I will define a specific operation on this point G I will show the tangent who go through this point there will be a new intersection with my curves a new point and I will take the symmetric of this one regarding the x-axis and I will define this new point P like G plus G take care this plus is not like you do some addition of two numbers this is really doing this tangent plus the symmetric and I define this point as 2G so I can go on with this algorithm if again I draw the tangent through P I will have a new intersection with the curves I will take the symmetric and it will be 3G on I can go on go on I can add the point P which is equal to KG okay so you know now how I managed to draw G and P and in fact it just keep those two points if I give you the curves if I give you G and P it's quite impossible to find the number K okay and all the problems of ACC rely on these difficulties we managed to compute it because we do just G plus G plus G why can't I do it again so I would say if you try to compute G plus G and check if it's P it would take a very very very long time but if you know the value K and you just compute KG there is some mathematical shortcut to find the final point P so really when you've got some public data like the curves G and P it's impossible to find the K which will be the private key so now I will explicitly just give you some details about the different coefficients obviously we need to have a view for all those coefficients and even for K so INB are the characteristic of the curves selected there is many curves already defined by good mathematical guys and you have to select it carefully some curves are recommended to do signatures, orders for encryption and such kind of things frankly speaking I'm not expert on this domain just remember that you have to select good curves that have been recommended again which is the order of our finite field is the number of points P possible on the curves because you could imagine that we need to have something finite and it's this coefficient that will define the number of points P is the modulus and it's the prime numbers our CCT pairs first we've got G and P two points on the curves linked with the property P equal KG remember G is not just a product it's really this specific operation just to draw a tangent and take the symmetric regarding the X axis so G and P could be considered as the public component of the key on K will be the private key so if you got G, P and the curves quite difficult to compute K but if you select key when you created your key pair it's not so complicated to do the product KG quickly so now we will switch to Diffielman do you remember the Diffielman purpose? I hope so so it's create a shared secret between Bob and Alice without communicate some private information in the previous part I introduced this with some color mixing and color selection so now it's time to use some mathematics in fact it will lie on the discrete logarithm problem if you go at Y which equal to G power of X modulo P with P of prime numbers Y, G and P and X large number it's quite difficult if you know Y, G and P to find X to fix idea I just give you an example with tiny value in Diffielman can you find X quickly? not so easy with the calculator it will manage but it's really tiny value so let's go to the algorithms and check how it works Bob and Alice first they will agree on the common color you remember the yellow here they will select two numbers they will select G and P of prime numbers those data are public because they need to be shared by the both then each one will select his private parts of the key for Alice it will be X, A for Bob it will be X, P then we will apply the previous formula we've seen of before so Alice will compute G power of X, A modulo P and find a Y, A Bob will do the same so we got 15 Alice 8 then they will exchange the value and you remember you know Y, you know P G, you can't find the X it's quite complicated something's very difficult to be done then Alice will take the Y and will apply again the formula she will find Z equal to Bob will do the same and will find exactly the same value now we have a shared secret Z value on the both sides without sharing any private data X can be found thanks Y, P and G that's it so now let's do a differential with OpenSSL it's a little bit tough I mean there is many comments but it's a good exercise so first let's choose the parameters I will say the common colors OpenSSL GenPiki and we've got GenParam the algorithm we want to use it's differentialman for sure and the output would be for example DHP.Pam so here we generated the common color you remember so it would be the modulus and the G because when the case of the discrete logarithm that's done let's check the result so we'll use a OpenSSL command for that with Piki.Param at input we've got DHP.Pam and the output we would like to have something we can read so we find our generators and our prime good so next step Alice will choose a color and I will say the private part of the key and we compute the public part of the key thanks the common color and this private color so OpenSSL again we'll generate a key we will use as param file the common color and the output will be the differentialman key of Alice let's check what we've generated together OpenSSL now the input will be we'll use a key the input will be the key generated for Alice and I would like to see it in a text way to understand what we generate so we've got our private key or Alice private key the public key the prime and generators so everything in one file let's extract the public part of this open SSL again we still use pk command the input will be the Alice public key we want to extract the public part of the key and we put this in the dh pub Alice we can check the results so it's a public key as input we put the Alice public key and I want to see the result in text also though here the private part of the key has been removed okay so now pub should do the same because it's symmetrical and we want to see how they will generate the different circuits so I will do it now with I will say the same so no need to generate again the command color because we've got it and we have to give it so open SSL gen the pk run file the run file it's the command colors as parameters and the output will be dh key pub that's it I won't check this time because we have done it with Alice so it will be exactly the same so let's extract the public part of the key of pub now SSL pk we've got dh pk from pub we want to extract the public part of it and we put it in the dh pub of pub so now we've got all the information so we can try to generate the circuits so the first one we will use I will say the rule of Alice so we will use the open SSL we will use the pk and we say that we want to derive what are the mk that we will use we will use Alice key and the full one with the private parts and we will use the public key of pub pk dh pub of pub the output will be to create Alice that bin so symmetrically pub can do the same command k derive the input k this time will be the pub's one the pk should be the Alice public key and the output would be the secret of pub so let's compare the secret of the secret of Alice we've got this if I do an example of the secret of pub it's exactly the same so here we have done the hands on with Diffierman many commands frankly speaking it's nearly impossible to know them by heart so remember that I gave you some files with all the commands inside but it's just to show you that you can compute it more and more in fact Diffierman could be also associated with elliptic curves that means you don't rely on the discrete logarithm problem but you will use elliptic curves the name of this algorithm is ecdh, elliptic curves Diffierman so let's try to compute this with pub and Alice again so we've got g generators, a curves pub can select a private kb and do the product of kbg with the rules we've seen before it will have a point pb and will send this point to Alice you remember even if you know g, pb and the curves quite complicated or impossible to find kb at least do the same things so you've got the same generators select a private value ka and compute a final point pa and send this to pub then pub will compute based on the point received from Alice the kb value on this point and you will get a final point Alice will do the same she takes the point received from pub and will apply this value on it and she will get a final point and you can see the two final points are equal we've got a common shared data between pub and Alice what we've shared on the public side will be the pb, pa, g and the curves so impossible to find ka and kb if you look at the equation maybe to fix the idea I think it's quite obvious it's just a point in terms of the difference in the case but the final point is exactly the same so now we have finished with the asymmetric cryptography algorithm so let's check the agenda again encryption theory down symmetric asymmetric with differentialman the main algorithm in symmetric for the asymmetric elliptic curves and associated with elliptic curves and just the last point it was a standard combination of symmetric and asymmetric more precisely between differentialman and the symmetric so it's IES just a couple of words because it's important to give this in mind in fact it was standard and there is two main standard for this so the discrete logarithm integrated encryption scheme so I will say the basic differentialman associated with asymmetric encryption and another one the elliptic curves integrated encryption scheme so the name is elliptic curves here if you well remember in the previous part I don't tell you about encryption with elliptic curves because you don't encrypt with elliptic curves you will always do some kind of differentialman elliptic curves associated with a symmetric encryption so where do we stand now we have seen how to encrypt message I mean how we manage to protect the data but there is two remaining points you remember about Bob and Alice okay now imagine Alice is not so shy she don't want to hide the message she's ready that Eve was aware about what she want to write but she want two things first she don't want that anybody manage to modify this message it was the integrity and the other point she want that Bob when you receive it is sure that it's coming from her it's not something written by somebody else who just write Alice at the end of the letter so it was the authentication so let's continue with integrated check