Introduction to Cryptology. Lecture 2

Similar documents
Shift Cipher. For 0 i 25, the ith plaintext character is. E.g. k = 3

Introduction to Cryptology. Lecture 3

Cryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

CPA-Security. Definition: A private-key encryption scheme

Cryptography CS 555. Topic 2: Evolution of Classical Cryptography CS555. Topic 2 1

CSCI3381-Cryptography

Classical Cryptography

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

Public Key Cryptography

Data and information security: 2. Classical cryptography

Sol: First, calculate the number of integers which are relative prime with = (1 1 7 ) (1 1 3 ) = = 2268

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Innovation and Cryptoventures. Cryptology. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc.

... Assignment 3 - Cryptography. Information & Communication Security (WS 2018/19) Abtin Shahkarami, M.Sc.

Chapter 2 : Perfectly-Secret Encryption

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.

THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018

Introduction to Cryptography

Cook-Levin Theorem. SAT is NP-complete

Historical cryptography. cryptography encryption main applications: military and diplomacy

Perfectly-Secret Encryption

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky. Lecture 4

Lecture 4: Perfect Secrecy: Several Equivalent Formulations

5. Classical Cryptographic Techniques from modular arithmetic perspective

Lecture 28: Public-key Cryptography. Public-key Cryptography

Lecture 12: Block ciphers

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

An Introduction to Cryptography

Solutions for week 1, Cryptography Course - TDA 352/DIT 250

Lecture (04) Classical Encryption Techniques (III)

one approach to improve security was to encrypt multiple letters invented by Charles Wheatstone in 1854, but named after his

Cryptography. P. Danziger. Transmit...Bob...

CHAPTER 12 CRYPTOGRAPHY OF A GRAY LEVEL IMAGE USING A MODIFIED HILL CIPHER

2.1 Plaintext, encryption algorithm, secret key, ciphertext, decryption algorithm.

CTR mode of operation

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

CLASSICAL ENCRYPTION. Mihir Bellare UCSD 1

Chapter 2. A Look Back. 2.1 Substitution ciphers

18733: Applied Cryptography Anupam Datta (CMU) Course Overview

Cryptography 2017 Lecture 2

CPSC 467b: Cryptography and Computer Security

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018

A Large Block Cipher using an Iterative Method and the Modular Arithmetic Inverse of a key Matrix

Week 7 An Application to Cryptography

Akelarre. Akelarre 1

Lecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography

Chapter 2 Classical Cryptosystems

Lecture 2: Perfect Secrecy and its Limitations

Lecture Notes on Secret Sharing

What is Cryptography? by Amit Konar, Dept. of Math and CS, UMSL

Modern symmetric-key Encryption

Dan Boneh. Stream ciphers. The One Time Pad

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

NET 311D INFORMATION SECURITY

ISSN: Received: Year: 2016, Number: 14, Pages: Published: Original Article **

Block Ciphers and Feistel cipher

PERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY

Outline. Computer Science 418. Number of Keys in the Sum. More on Perfect Secrecy, One-Time Pad, Entropy. Mike Jacobson. Week 3

1 Indistinguishability for multiple encryptions

A Block Cipher using an Iterative Method involving a Permutation

Lecture 13: Private Key Encryption

Winter 17 CS 485/585. Intro to Cryptography

Modern Cryptography Lecture 4

Lecture Notes. Advanced Discrete Structures COT S

CHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30

The Vigenère cipher is a stronger version of the Caesar cipher The encryption key is a word/sentence/random text ( and )

Provable security. Michel Abdalla

10 Modular Arithmetic and Cryptography

1/16 2/17 3/17 4/7 5/10 6/14 7/19 % Please do not write in the spaces above.

Efficient Cryptanalysis of Homophonic Substitution Ciphers

Practice Final Exam Winter 2017, CS 485/585 Crypto March 14, 2017

Computational and Statistical Learning Theory

Outline. CPSC 418/MATH 318 Introduction to Cryptography. Information Theory. Partial Information. Perfect Secrecy, One-Time Pad

Number theory (Chapter 4)

Classic Cryptography Tutorial. c Eli Biham - May 3, Classic Cryptography Tutorial (3)

Chaos and Cryptography

Implementation Tutorial on RSA

Dan Boneh. Introduction. Course Overview

Polyalphabetic Ciphers

Written examination. Tuesday, August 18, 2015, 08:30 a.m.

Question: Total Points: Score:

ECS 189A Final Cryptography Spring 2011

5199/IOC5063 Theory of Cryptology, 2014 Fall

Computational and Statistical Learning Theory

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

Lecture 8 - Cryptography and Information Theory

Winter 18 CS 485/585. Intro to Cryptography

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 4: Enigma.

The Web Cryptology Game CODEBREAKERS.EU edition 2015

Lecture Note 3 Date:

Menu. Lecture 5: DES Use and Analysis. DES Structure Plaintext Initial Permutation. DES s F. S-Boxes 48 bits Expansion/Permutation

monoalphabetic cryptanalysis Character Frequencies (English) Security in Computing Common English Digrams and Trigrams Chapter 2

Lecture Notes. Advanced Discrete Structures COT S

Problem 1. k zero bits. n bits. Block Cipher. Block Cipher. Block Cipher. Block Cipher. removed

Exercise Sheet Cryptography 1, 2011

AN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM

Notes for Lecture A can repeat step 3 as many times as it wishes. We will charge A one unit of time for every time it repeats step 3.

Journal of Babylon University/Pure and Applied Sciences/ No.(3)/ Vol.(22): 2014

Transcription:

Introduction to Cryptology Lecture 2

Announcements 2 nd vs. 1 st edition of textbook HW1 due Tuesday 2/9 Readings/quizzes (on Canvas) due Friday 2/12

Agenda Last time Historical ciphers and their cryptanalysis (Sec. 1.3) This time More cryptanalysis (Sec. 1.3) Discussion on defining security Basic terminology Formal definition of symmetric key encryption (Sec. 2.1) Information-theoretic security (Sec. 2.1)

Shift Cipher For 0 i 25, the ith plaintext character is shifted by some value 0 k 25 (mod 26). E.g. k = 3 a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C goodmorning JRRGPRUQLQJ

Frequency Analysis If plaintext is known to be grammatically correct English, can use frequency analysis to break monoalphabetic substitution ciphers:

An Improved Attack on Shift/Caesar Cipher using Frequency Analysis Associate letters of English alphabet with numbers 0...25 Let p i denote the probability of the i-th letter in English text. Using the frequency table: 25 p 2 i=0 i 0.065 Let q i denote the probability of the i-th letter in this ciphertext: # of occurrences/length of ciphertext 25 Compute I j = i=0 p i q i+j for each possible shift value j Output the value k for which I k is closest to 0.065.

Vigenere Cipher (1500 A.D.) Poly-alphabetic shift cipher: Maps the same plaintext character to different ciphertext characters. Vigenere Cipher applies multiple shift ciphers in sequence. Example: Plaintext: t e l l h i m a b o u t m e Key: c a f e c a f e c a f e c a Ciphertext: W F R Q K J S F E P A Y P F

Breaking the Vigenere cipher Assume length of key t is known. Ciphertext C = c 1, c 2, c 3, Consider sequences c 1, c 1+t, c 1+2t, c 2, c 2+t, c 2+2t,.. For each one, run the analysis from before to determine the shift k j for each sequence j.

Index of Coincidence Method How to determine the key length? Consider the sequence: c 1, c 1+t c 1+2t, where t is the true key length 25 2 25 2 We expect i=0 q i i=0 p i 0.065 To determine the key length, try different values 25 2 of τ and compute S τ = i=0 q i for subsequence c 1, c 1+τ, c 1+2τ, When τ = t, we expect S τ to be 0.065 When τ t, we expect that all characters will occur with roughly the same probability so we expect S τ to be 1 0.038. 26

What have we learned? Sufficient key space principle: A secure encryption scheme must have a key space that cannot be searched exhaustively in a reasonable amount of time. Designing secure ciphers is a hard task!! All historical ciphers can be completely broken. First problem: What does it mean for an encryption scheme to be secure?

Recall our setting Sender k c Enc k (m) c Receiver k m = Dec k (c)

Coming up with the right definition After seeing various encryption schemes that are clearly not secure, can we formalize what it means to for a private key encryption scheme to be secure?

Coming up with the right definition First Attempt: An encryption scheme is secure if no adversary can find the secret key when given a ciphertext Problem: The aim of encryption is to protect the message, not the secret key. Ex: Consider an encryption scheme that ignores the secret key and outputs the message.

Coming up with the right definition Second Attempt: An encryption scheme is secure if no adversary can find the plaintext that corresponds to the ciphertext Problem: An encryption scheme that reveals 90% of the plaintext would still be considered secure as long as it is hard to find the remaining 10%.

Coming up with the right definition Third Attempt: An encryption scheme is secure if no adversary learns meaningful information about the plaintext after seeing the ciphertext How do you formalize learns meaningful information?

Coming Up With The Right Definition How do you formalize learns meaningful information? Two ways: An information-theoretic approach of Shannon (next couple of lectures) A computational approach (the approach of modern cryptography)

New Topic: Information-Theoretic Security

Probability Background

Terminology Discrete Random Variable: A discrete random variable is a variable that can take on a value from a finite set of possible different values each with an associated probability. Example: Bag with red, blue, yellow marbles. Random variable X describes the outcome of a random draw from the bag. The value of X can be either red, blue or yellow, each with some probability.

More Terminology A discrete probability distribution assigns a probability to each possible outcomes of a discrete random variable. Ex: Bag with red, blue, yellow marbles. An experiment or trial (see below) is any procedure that can be infinitely repeated and has a well-defined set of possible outcomes, known as the sample space. Ex: Drawing a marble at random from the bag. An event is a set of outcomes of an experiment (a subset of the sample space) to which a probability is assigned Ex: A red marble is drawn. Ex: A red or yellow marble is drawn.

Conditional Probability A conditional probability measures the probability of an event given that (by assumption, presumption, assertion or evidence) another event has occurred. Probability of event X, conditioned on event Y: Pr [X Y] Example: Probability the second marble drawn will be red, conditioned on the first marble being yellow.

Basic Facts from Probability If two events are independent if and only if Pr [X Y] = Pr [X]. AND of two events: Pr X Y = Pr X Pr [Y X] AND of two independent events: Pr X Y = Pr X Pr [Y] OR of two events: Pr X Y Pr [X] + Pr [Y] This is called a union bound.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback