Introduction to Cryptography. Susan Hohenberger

Similar documents
Introduction to Cryptography. Lecture 8

Great Theoretical Ideas in Computer Science

Practice Final Exam Winter 2017, CS 485/585 Crypto March 14, 2017

CIS 551 / TCOM 401 Computer and Network Security

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

ENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange

Public-Key Cryptography. Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Public Key Cryptography

Lecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography

Public Key Algorithms

Instructor: Daniele Venturi. Master Degree in Data Science Sapienza University of Rome Academic Year

EXAM IN. TDA352 (Chalmers) - DIT250 (GU) 12 January 2018, 08:

Powers in Modular Arithmetic, and RSA Public Key Cryptography

Notes for Lecture 17

Introduction to Cybersecurity Cryptography (Part 4)

CRYPTOGRAPHY AND NUMBER THEORY

Number Theory & Modern Cryptography

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

Introduction to Cybersecurity Cryptography (Part 4)

Lecture V : Public Key Cryptography

DATA PRIVACY AND SECURITY

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

My brief introduction to cryptography

Lecture 28: Public-key Cryptography. Public-key Cryptography

Cryptography IV: Asymmetric Ciphers

Public Key Cryptography

Introduction to Modern Cryptography. Benny Chor

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Public Key Cryptography

8.1 Principles of Public-Key Cryptosystems

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

Provable Security for Public-Key Schemes. Outline. I Basics. Secrecy of Communications. Outline. David Pointcheval

RSA. Ramki Thurimella

Lecture 9 Julie Staub Avi Dalal Abheek Anand Gelareh Taban. 1 Introduction. 2 Background. CMSC 858K Advanced Topics in Cryptography February 24, 2004

Public-key Cryptography and elliptic curves

Lecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security

Public-key Cryptography and elliptic curves

An Introduction to Probabilistic Encryption

Lecture 1: Introduction to Public key cryptography

El Gamal A DDH based encryption scheme. Table of contents

Public-Key Cryptography. Lecture 10 DDH Assumption El Gamal Encryption Public-Key Encryption from Trapdoor OWP

RSA RSA public key cryptosystem

Introduction to Cybersecurity Cryptography (Part 5)

Public-Key Cryptosystems CHAPTER 4

Chapter 4 Asymmetric Cryptography

Asymmetric Cryptography

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Discrete Mathematics GCD, LCM, RSA Algorithm

Ti Secured communications

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Lecture 11: Key Agreement

Lecture 17: Constructions of Public-Key Encryption

Lecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004

RSA ENCRYPTION USING THREE MERSENNE PRIMES

Chapter 8 Public-key Cryptography and Digital Signatures

Introduction to Modern Cryptography. Benny Chor

ECE 646 Lecture 9. RSA: Genesis, operation & security

Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30

Fundamentals of Modern Cryptography

Introduction. What is RSA. A Guide To RSA by Robert Yates. Topics

Crypto math II. Alin Tomescu May 27, Abstract A quick overview on group theory from Ron Rivest s course in Spring 2015.

Basics in Cryptology. Outline. II Distributed Cryptography. Key Management. Outline. David Pointcheval. ENS Paris 2018

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Advanced Topics in Cryptography

Circuit Complexity. Circuit complexity is based on boolean circuits instead of Turing machines.

Other Public-Key Cryptosystems

Chapter 11 : Private-Key Encryption

Cryptography CS 555. Topic 22: Number Theory/Public Key-Cryptography

Cryptography. pieces from work by Gordon Royle

Quantum Cryptography. Marshall Roth March 9, 2007

Advanced Cryptography 1st Semester Public Encryption

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Interactive Proofs. Merlin-Arthur games (MA) [Babai] Decision problem: D;

Cryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky. Lecture 7

CRYSTALS Kyber and Dilithium. Peter Schwabe February 7, 2018

and Other Fun Stuff James L. Massey

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

dit-upm RSA Cybersecurity Cryptography

ASYMMETRIC ENCRYPTION

Digital Signatures. Adam O Neill based on

Foundations of Network and Computer Security

5 Public-Key Encryption: Rabin, Blum-Goldwasser, RSA

LECTURE NOTES ON Quantum Cryptography

Provable security. Michel Abdalla

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

Cryptography and Security Midterm Exam

Lecture Note 3 Date:

Lecture 14: Hardness Assumptions

The RSA cryptosystem and primality tests

Cryptographical Security in the Quantum Random Oracle Model

Lecture 10: Zero-Knowledge Proofs

RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer

5.4 ElGamal - definition

Number Theory in Cryptography

Transcription:

Introduction to Cryptography Susan Hohenberger 1

Cryptography -- from art to science -- more than just encryption -- essential today for non-military applications 2

Symmetric Crypto Shared secret K => Eve can t eavesdrop key K hello MQZR94W key K hello 3

Classic Ciphers The Shift Cipher A = 0, B =1, C = 2,..., Z = 25 x, y,k " Z 26 e K (x) = x + K mod26 d K (y) = y "K mod26 4

The Shift Cipher A = 0, B =1, C = 2,..., Z = 25 x, y,k " Z 26 e K (x) = x + K mod26 d K (y) = y "K mod26 Cryptanalysis? Try 13 times on average. Example (K = 11) : W E W I L L M E E T A T M I D N I G H T 22 4 22 8 11 11 12 4 4 19 0 19 12 8 3 13 8 6 7 19 " " " " " " " " " " " " " " " " " " " " 7 15 7 19 22 22 23 15 15 4 11 4 23 19 14 24 19 17 18 4 H P H T W W X P P E L E X T O Y T R S E 5

The Substitution Cipher A B C D E F G H I J K L M N O P Q R S T U V W X Y Z " " " " " " " " " " " " " " " " " " " " " " " " " " X N Y A H P O G Z Q W B T S F L R C V M U E K J D I W E W I L L M E E T A T M I D N I G H T " " " " " " " " " " " " " " " " " " " " K H K Z B B T H H M X M T Z A S Z O G M Cryptanalysis? Try all substitutions: 26! > 4.0 x 10 26. Can cut down with probabilities of occurrence. 6

One-Time Pad Can only use key once key K M = K M K key K Cryptanalysis? Perfectly secure... but really expensive. 7

Diffie & Hellman s Vision Whitfield Diffie Martin Hellman From New Directions in Cryptography 1976: 1. key exchange 2. public-key encryption 3. public-key signatures 8

Idea #1: Key Exchange Setup shared secret K over insecure channel. 52287000986482716 134876100017373432 key K key K?? 9

A Little Number Theory Let Q be a large prime. g generates a group G of order Q. Example: Q = 3, g = 2, G = {1, 2, 4} (mod 7) 2 1 =2 2 2 =4 2 3 =1 (mod 7) 10

A Little Number Theory We think the following problems are hard. Discrete Log Problem: Given (g,g x ) for random x, compute x. Diffie-Hellman Problem: Given (g, g x, g y ) for random x,y, compute g xy. Decisional Diffie-Hellman (DDH) Problem: Given (g, g x, g y, Q) for random x,y, decide if Q = g xy. 11

The DH Key Exchange Setup shared secret K over insecure channel. g, g a picks: (g, a) key g ab g b picks: b key g ab (g b ) a = g ab?? (g a ) b = g ab Open: given (g, g a, g b ), quickly compute g ab. 12

Diffie & Hellman s Vision Whitfield Diffie Martin Hellman From New Directions in Cryptography : 1. key exchange 2. public-key encryption -?? 3. public-key signatures -?? 13

Inspiration Observation about world: It is sometimes asymmetric. -- Easy to break vase, hard to put it back together. -- Anyone can close a safe, but need the combination to open it. 14

Idea #2: Public-Key Encryption Encrypt without a shared secret. publish a digital description of a safe Keep the safe s combination secret m m put in digital safe open digital safe m?? 15

Idea #2: Public-Key Encryption Encrypt without a shared secret. public PK secret SK m = Dec(SK, c) c PK c = Enc(PK, m) (PK, c),?? 16

Idea #3: Digital Signatures Dear Tal, Do you want to go to a movie on Friday night? --John 1976 Diffie-Hellman: dream of digital signatures 17

Idea #3: Digital Signatures Dear Tal, Do you want to go to a movie on Friday night? --John 1adh84naf89hq32nvsd8 puwqhevhphvdfp9ufew7 u2rasdfohaqsedhfdasjf; 1976 Diffie-Hellman: dream of digital signatures 2000 Electronic Signatures in Global and National Commerce Act 18

Idea #3: Public-Key Signatures Authenticate without a shared secret. public PK secret SK s = Sign(SK, m) s PK Verify(PK, m, s) = 1 can t forge! 19

The RSA Realization (1978) Rivest Shamir Adleman 20

The RSA Realization (1978) Hard problem: Let N = pq. Given (N,y,e), find the x s.t. e >1 and y = x e mod N. Public Key PK = (N, e) Secret Key SK = d Enc(N,e,m): c = m e mod N Dec(d,c): m = c d mod N Sign(d,m): s = m d mod N Verify(N,e,m,s): Accept iff m = s e mod N Is this secure? 21

Insecurity of textbook RSA Enc(N,e,m): c = m e mod N Dec(d,c): m = c d mod N Sign(d,m): s = m d mod N Verify(N,e,m,s): Accept iff m = s e mod N Encryption: Can do a (small) dictionary attack. Signatures: Given signatures on m1 and m2, can compute signature on m1m2. Can Fix. But, what exactly do we mean by secure? 22

Goldwasser-Micali Definition Encryption Security PK Pick bit b. c b = Enc(PK, m b ) m 0, m 1 c b b Pr[b=b ] <= 1/2 + a very small amount 23

El Gamal Encryption Public Key: (g, g a ) Secret Key: a (c1,c2) Enc(g, g a,m): 1. pick a random k 2. c1 = g k 3. c2 = mg ak Dec(a,c1,c2): 1. m = c2 / c1 a Secure if: given (g, g a, g b, Q), it is hard to decide if Q=g ab. 24

Complexity Assumptions Modern Crypto is built on number-theoretic assumptions. Results look like: Theorem: System X satisfies Definition Y under Assumption Z. Technical Challenges: 1. Designing definitions that capture all attacks. 2. Creating systems. 3. Cryptanalysis of assumptions. 25

What else? Next time we ll see something totally different: zero-knowledge proofs. 26

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback