Power of “Integrity” property in Cryptography

Today’s post is about property in Cryptography called “Integrity” and It’s simply something that guarantee that what you send is what the intended  recipient received.. And you know what’s weird ?

Most of the people now a days don’t think about this property anymore and this is shocking.. and this is not just the  normal people or the tech people there is some people who call them self security professionals they are ignoring this property and they think “Encryption” is what matters !!

but let me explain in this post briefly why this is important :

let say that me (Ahmad) I want to send a message to my friend Bob and let say that message is (Hello) I will be very upset  if my message delivered to Bob as (Hi) I know it’s funny but this is a real situation.. And the reason is that Encryption algorithms by nature don’t check for authenticity of the message they only check if the message is applicable to be decrypted by this specific algorithm So this is when this property “Integrity” become very useful to check if the message is encrypted and delivered to the recipient as it is without any single change .. let me define this more formally :

IF the sender Encrypt message m ∈ M and he send it to the receiver but this message got intercepted by a third party in the middle and this party encrypt another message m ∈ M  that he want to deliver to the original receiver .. the receiver now will decrypt m‘  and this is resulting c and you can notice that the receiver have no clue that he decrypted the wrong message.

I know maybe this was confusing for you so let me give you an example to make it more clear :

Example  (XOR-Malleability of the one-time pad). For the one-time pad encryption, the adversary can replace the transmitted ciphertext c by an arbitrary ciphertext c . Assume that c = m ⊕ κ and |c| = |c |, then this means that the receiver will compute m =c‘ ⊕ κ = c‘ ⊕ c ⊕ m. Hence, replacing c by c corresponds to selecting the function m → m ⊕ (c ⊕ c ).

Leave a Reply

Your email address will not be published. Required fields are marked *