What is the random oracle model and why should you care? (Part 5) — A Few Thoughts on Cryptographic Engineering

This is part five of a series on the Random Oracle Model. See here for the previous posts: Part 1: An introduction Part 2: The ROM formalized, a scheme and a proof sketch Part 3: How we abuse the ROM to make our security proofs work Part 4: Some more examples of where the ROM […]Continue reading “What is the random oracle model and why should you care? (Part 5) — A Few Thoughts on Cryptographic Engineering”

Attack of the week: searchable encryption and the ever-expanding leakage function — A Few Thoughts on Cryptographic Engineering

A few days ago I had the pleasure of hosting Kenny Paterson, who braved snow and historic cold (by Baltimore standards) to come talk to us about encrypted databases. Kenny’s newest result is with first authors Paul Grubbs, Marie-Sarah Lacharité and Brice Minaud (let’s call it GLMP). It isn’t so much about building encrypted databases,Continue reading “Attack of the week: searchable encryption and the ever-expanding leakage function — A Few Thoughts on Cryptographic Engineering”

DUKPT Explained with examples

Derived Unique Key Per Transaction (DUKPT) process that’s described in Annex A of ANS X9.24-2004. It’s generally considered to be complex, but I’ve simplified it slightly with the help of online resources. Key Management Here’s a basic outline of the technique: You’re given a Base Derivation Key (BDK), which you assign to a swiper (noteContinue reading “DUKPT Explained with examples”

Implementing AS2805 Part 6 Host to Host Encryption using a Thales 9000 and Python

Introduction The AS2805.6 Standard specifies communication security between two nodes during a financial transaction. These nodes needs to have a specific set of encryption algorithms, and needs to follow a specific process. The specification is not very clear on what exactly needs to happen, so I intend to clarify the exact steps, with the HSMContinue reading “Implementing AS2805 Part 6 Host to Host Encryption using a Thales 9000 and Python”

Typical Cryptography in AS2805 Explained

Key Management conforms to AS 2805 part 6.1. KEK Establishment Each interchange node contains an Interchange Send Key Encrypting Key (KEKs) and an Interchange Receive Key Encrypting Key (KEKr). The Interchange Send KEK is the same key as the Interchange Receive KEK in the partnering node, similarly the Interchange Receive KEK is the same as the InterchangeContinue reading “Typical Cryptography in AS2805 Explained”