- **Cryptography:** Confidentiality, Authentication, Non-repudiation (Sender cannot deny they sent it)
  - **Symmetric-Key Cryptography**: one shared secret key, faster than public-key but harder to share keys securely.
  - **Classical Cryptosystems** (Old-school ciphers)
    - **Caesar Cipher:** Shift letters by 3 places.
    - **Vigenère Cipher:** Uses keyword to shift letters differently per position.
    - **Transposition Cipher:** Rearranges letters without changing them in zigzag pattern.
  - **The Three Big Ideas**
    - **Confusion:** Hide plaintext-ciphertext link.
    - **Diffusion:** Spread influence of plaintext bits over ciphertext bits.
    - **Kerckhoffs’s Principle:** Keep algorithm public, key secret.
  - **Symmetric Encryption Algorithms**
    - **Stream Ciphers:** Encrypt bit-by-bit (e.g., One-Time Pad: Pass bits through XOR with key).
      - Key must be as long as message, truly random, never reused.
    - **Block Ciphers:** Encrypt fixed-size blocks (e.g., AES).


### Block Ciphers

* Encrypt fixed-sized blocks (e.g., 64 or 128 bits).

* Example: **AES** (Advanced Encryption Standard)
  Block size: 128 bits
  Key sizes: 128, 192, or 256 bits

---

## 6. Block Cipher Modes of Operation (How blocks are encrypted)

### ECB (Electronic Codebook)

* Encrypt each block independently.
* Problem: Same plaintext blocks → same ciphertext blocks (reveals patterns).
* Example: Encrypt image pixel blocks → pattern visible in ciphertext.

### CBC (Cipher Block Chaining)

* Each plaintext block XORed with previous ciphertext block before encryption.
* Uses an **Initialization Vector (IV)** for first block.
* Errors in one block affect that block and the next.

### CFB (Cipher Feedback)

* Turns block cipher into stream cipher.
* Encrypts small parts (like bytes).
* Self-synchronizing.

### OFB (Output Feedback)

* Similar to CFB but errors do not propagate.

### CTR (Counter Mode)

* Uses counter + key to generate key stream.
* Encryption/decryption can be done in parallel.
* Errors affect only corresponding block.

---

## 7. Hash Functions

* Maps any message size → fixed-length hash (digest).
* Used for verifying data integrity.

### Properties:

* **Pre-image resistance:** Hard to find message from hash.
* **Second pre-image resistance:** Hard to find different message with same hash.
* **Collision resistance:** Hard to find two messages with same hash.

### Common Hashes:

* MD5 (128 bits) — outdated, not collision resistant.
* SHA-1 (160 bits) — weakened, collisions found.
* SHA-256, SHA-384, SHA-512 — strong and widely used.

---

## 8. Message Authentication Codes (MAC)

* Small piece of data added to message to verify it wasn't changed.
* Uses a secret key.

### Types:

* **CBC-MAC:** Uses block cipher (like DES) in CBC mode, outputs last block as MAC.

* **HMAC:** Combines secret key with hash function (like SHA-256). More secure and widely used.

---

## 9. Advantages & Challenges of Symmetric Crypto

| Advantages                                  | Challenges                                          |
| ------------------------------------------- | --------------------------------------------------- |
| Fast encryption and decryption              | Hard to distribute and manage keys                  |
| Efficient for hardware and software         | Number of keys grows quickly with users             |
| Provides confidentiality and some integrity | No support for digital signatures (non-repudiation) |

---

## Quick Examples to Remember

| Concept       | Example                                                  |
| ------------- | -------------------------------------------------------- |
| Caesar Cipher | Shift "HELLO" by 3 → "KHOOR"                             |
| One-Time Pad  | Plaintext 0101 XOR key 1010 → ciphertext 1111            |
| CBC Mode      | Plaintext blocks chained with IV and previous ciphertext |
| Hash function | SHA-256("hello") → fixed hash string                     |
| HMAC          | Hash + secret key for message authentication             |