When you are trying to develop techniques for protecting digital data, for securing it, you must be able to prove that an adversary has no chance of finding the secret.
- We want to prove such a thing, so it will be a matter of mathematical proof.
- It will be a question of proof of probability and complexity (NP problems, etc.), to translate the fact that there is no risk that the adversary will find the secret.
- In the absence of additional information (e.g., the secret key), retrieving the original information must therefore be too complex a problem, so that the probability of the opponent solving it is as small as possible.
- So we are looking for complex problems to be solved on a computer, which can only handle integers accurately.
From the foregoing, it is therefore understandable why computer security relies on problems that are considered difficult arithmetic problems, such as the factorization of a large integer into its prime factors, and why probability and complexity play an important role in cryptography.
This is why we must first be able to generate random numbers and prime numbers :
- prime numbers will be, roughly speaking, the secret keys,
- whose product is large enough to make it impossible, in practice, to find its primary factors (the keys)
- whose security is guaranteed by this complexity of finding the prime factors of a number,
- random numbers will be of two types:
- the true random numbers, produced materially by the sensors, not reproducible, will be used to generate these encryption keys.
- pseudo-random numbers, produced by algorithms, which are reproducible, will be used to mask messages, in a symmetrical encryption method.
We will thus have to introduce these two elements (generation of prime numbers and random numbers), by considering them in the particular framework of the Internet of Things. But let's start first by illustrating these remarks, by presenting the symmetrical encryption known as one-time pad...