The goal of this tutorial is to fully understand the challenge mini-tls-13.

Authenticated Encryption

Let us assume that Alice and Bob have exchanged a session key k. Alice sends a message m to Bob encrypted with the key k using AES with an Authenticated Encryption mode (encrypt-then-mac method).

1. How does Alice encrypt m with the key k?

2. What does she sent over to Bob?

3. How does bob decrypt that ciphertext while making sure that Mallory has not tampered with the message?

Asymmetric Cryptography

Let us assume the following:

• Alice has an asymmetric key pair (ksA, KpA)
• Bob has an asymmetric key pair (ksB, KpB)
• They have each others public key i.e Alice knows KpB and Bob knows KpA.

To simplify the exercise, let us assume that we can use these asymmetric keys to encrypt and decrypt any message of any length easily (though this is not true in practice).

1. Alice wishes to send a signed but not encrypted message to Bob, how does she generates the signature s and what does she send over to Bob?

2. How does Bob verifies the signature?

3. Alice wishes to send an encrypted and signed message to Bob, how does she “sign-then-encrypt” the message and what does she send over to Bob?

4. How does Bob extract the message and verify the signature?

Key exchange

In practice, it is too slow to use public-key cryptography on large messages. One solution is to use public-key cryptography to exchange a public key but it is usually not recommended.

1. Why is it better to exchange a session key using the Diffie-Hellman protocol rather than using public cryptography directly?

Public Key Infrastructure Trust model

1. In TLS/SSL, how does Alice’s browser trust a certificate supplied by Bob’s website?

2. Describe how a man-in-the-middle attack could succeed on TLS/SSL?