Dan Boneh. Introduction. Course Overview

Similar documents
18733: Applied Cryptography Anupam Datta (CMU) Course Overview

Historical cryptography. cryptography encryption main applications: military and diplomacy

Number Theory in Cryptography

Dan Boneh. Stream ciphers. The One Time Pad

Cryptography 2017 Lecture 2

Public-key Cryptography and elliptic curves

Shift Cipher. For 0 i 25, the ith plaintext character is. E.g. k = 3

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Lecture 1: Introduction to Public key cryptography

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

ECS 189A Final Cryptography Spring 2011

Public Key Cryptography

CPSC 467b: Cryptography and Computer Security

CRYPTOGRAPHY AND NUMBER THEORY

Public-key Cryptography and elliptic curves

2 Message authentication codes (MACs)

Public-Key Cryptosystems CHAPTER 4

Introduction to Cryptology. Lecture 2

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

SIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS. CIS 400/628 Spring 2005 Introduction to Cryptography

Leftovers from Lecture 3

Pseudonym and Anonymous Credential Systems. Kyle Soska 4/13/2016

Question: Total Points: Score:

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Cryptography: A Fairy Tale for Mathematicians and Starring Mathematicians!

Cryptography: The Landscape, Fundamental Primitives, and Security. David Brumley Carnegie Mellon University

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky. Lecture 4

ENEE 459-C Computer Security. Message authentication (continue from previous lecture)

Solutions for week 1, Cryptography Course - TDA 352/DIT 250

CHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Lecture 2: Perfect Secrecy and its Limitations

Problem 1. k zero bits. n bits. Block Cipher. Block Cipher. Block Cipher. Block Cipher. removed

Homework 4 for Modular Arithmetic: The RSA Cipher

Exam Security January 19, :30 11:30

CPSC 467b: Cryptography and Computer Security

Cryptographic Hashes. Yan Huang. Credits: David Evans, CS588

Cryptography CS 555. Topic 2: Evolution of Classical Cryptography CS555. Topic 2 1

Notes for Lecture 17

Security Implications of Quantum Technologies

Foundations of Network and Computer Security

CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.

Cryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev

CPSC 467: Cryptography and Computer Security

Cryptography. pieces from work by Gordon Royle

Chapter 11. Asymmetric Encryption Asymmetric encryption schemes

Implementation Tutorial on RSA

Lecture 10: Zero-Knowledge Proofs

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

1 Indistinguishability for multiple encryptions

Lecture 38: Secure Multi-party Computation MPC

Lecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures

Introduction to Cryptography. Lecture 8

Lecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography

Scribe for Lecture #5

CPSC 467: Cryptography and Computer Security

ENEE 457: Computer Systems Security 09/19/16. Lecture 6 Message Authentication Codes and Hash Functions

Lecture 5, CPA Secure Encryption from PRFs

SYMMETRIC ENCRYPTION. Mihir Bellare UCSD 1

Computer Science A Cryptography and Data Security. Claude Crépeau

Lecture 11: Key Agreement

Great Theoretical Ideas in Computer Science

Asymmetric Encryption

U.C. Berkeley CS276: Cryptography Luca Trevisan February 5, Notes for Lecture 6

Chapter 2 : Perfectly-Secret Encryption

14 Diffie-Hellman Key Agreement

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

Cryptography Lecture 4 Block ciphers, DES, breaking DES

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

Hashes and Message Digests Alex X. Liu & Haipeng Dai

Public Key Cryptography

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

Chapter 2. A Look Back. 2.1 Substitution ciphers

Cryptography and Number Theory

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Notes for Lecture A can repeat step 3 as many times as it wishes. We will charge A one unit of time for every time it repeats step 3.

Practice Final Exam Winter 2017, CS 485/585 Crypto March 14, 2017

Winter 18 CS 485/585. Intro to Cryptography

Practice Assignment 2 Discussion 24/02/ /02/2018

Basics in Cryptology. Outline. II Distributed Cryptography. Key Management. Outline. David Pointcheval. ENS Paris 2018

Number theory (Chapter 4)

Classical Cryptography

CPA-Security. Definition: A private-key encryption scheme

Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle

ASYMMETRIC ENCRYPTION

5 Pseudorandom Generators

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

CPSC 467b: Cryptography and Computer Security

Stream ciphers I. Thomas Johansson. May 16, Dept. of EIT, Lund University, P.O. Box 118, Lund, Sweden

Online Cryptography Course. Message integrity. Message Auth. Codes. Dan Boneh

Foundations of Network and Computer Security

Winter 17 CS 485/585. Intro to Cryptography

Fundamentals of Modern Cryptography

RSA RSA public key cryptosystem

Cryptographic Engineering

QUANTUM CRYPTOGRAPHY. BCS, Plymouth University, December 1, Professor Kurt Langfeld Centre for Mathematical Sciences, Plymouth University

CPSC 467: Cryptography and Computer Security

Practice Exam Winter 2018, CS 485/585 Crypto March 14, 2018

Transcription:

Online Cryptography Course Introduction Course Overview

Welcome Course objectives: Learn how crypto primitives work Learn how to use them correctly and reason about security My recommendations: Take notes Pause video frequently to think about the material Answer the in-video questions

Cryptography is everywhere Secure communication: web traffic: HTTPS wireless traffic: 802.11i WPA2 (and WEP), GSM, Bluetooth Encrypting files on disk: EFS, TrueCrypt Content protection (e.g. DVD, Blu-ray): CSS, AACS User authentication and much much more

Secure communication no eavesdropping no tampering

Secure Sockets Layer / TLS Two main parts 1. Handshake Protocol: Establish shared secret key using public-key cryptography (2 nd part of course) 2. Record Layer: Transmit data using shared secret key Ensure confidentiality and integrity (1 st part of course)

Protected files on disk Disk Alice File 1 Alice File 2 No eavesdropping No tampering Analogous to secure communication: Alice today sends a message to Alice tomorrow

Building block: sym. encryption m Alice E E(k,m)=c c Bob D D(k,c)=m k k E, D: cipher k: secret key (e.g. 128 bits) m, c: plaintext, ciphertext Encryption algorithm is publicly known Never use a proprietary cipher

Use Cases Single use key: (one time key) Key is only used to encrypt one message encrypted email: new key generated for every email Multi use key: (many time key) Key used to encrypt multiple messages encrypted files: same key used to encrypt many files Need more machinery than for one-time key

Things to remember Cryptography is: A tremendous tool The basis for many security mechanisms Cryptography is not: The solution to all security problems Reliable unless implemented and used properly Something you should try to invent yourself many many examples of broken ad-hoc designs

End of Segment

Online Cryptography Course Introduction What is cryptography?

Crypto core Secret key establishment: Talking to Bob Alice Talking to Alice Bob attacker??? Secure communication: k m 1 k m 2 confidentiality and integrity

But crypto can do much more Digital signatures Anonymous communication Who did I just talk to? Alice signature Alice Bob

But crypto can do much more Digital signatures Anonymous communication Anonymous digital cash Can I spend a digital coin without anyone knowing who I am? How to prevent double spending? 1$ Alice Internet (anon. comm.) Who was that?

Protocols Elections Private auctions

Protocols Elections Private auctions Goal: compute f(x 1, x 2, x 3, x 4 ) trusted authority Thm: anything that can done with trusted auth. can also be done without Secure multi-party computation

Crypto magic Privately outsourcing computation search query results Alice E[ query ] E[ results ] What did she search for? Zero knowledge (proof of knowledge)??? N=p q Alice I know the factors of N!! proof π Bob N

A rigorous science The three steps in cryptography: Precisely specify threat model Propose a construction Prove that breaking construction under threat mode will solve an underlying hard problem

End of Segment

Online Cryptography Course Introduction History

History David Kahn, The code breakers (1996)

Symmetric Ciphers

Few Historic Examples (all badly broken) 1. Substitution cipher k :=

Caesar Cipher (no key)

What is the size of key space in the substitution cipher assuming 26 letters?

How to break a substitution cipher? What is the most common letter in English text? X L E H

How to break a substitution cipher? (1) Use frequency of English letters (2) Use frequency of pairs of letters (digrams)

An Example UKBYBIPOUZBCUFEEBORUKBYBHOBBRFESPVKBWFOFERVNBCVBZPRUBOFERVNBCVBPCYYFVUFO FEIKNWFRFIKJNUPWRFIPOUNVNIPUBRNCUKBEFWWFDNCHXCYBOHOPYXPUBNCUBOYNRVNIWN CPOJIOFHOPZRVFZIXUBORJRUBZRBCHNCBBONCHRJZSFWNVRJRUBZRPCYZPUKBZPUNVPWPCYVF ZIXUPUNFCPWRVNBCVBRPYYNUNFCPWWJUKBYBIPOUZBCUIPOUNVNIPUBRNCHOPYXPUBNCUB OYNRVNIWNCPOJIOFHOPZRNCRVNBCUNENVVFZIXUNCHPCYVFZIXUPUNFCPWZPUKBZPUNVR B 36 N 34 U 33 P 32 C 26 E T A NC 11 PU 10 UB 10 UN 9 digrams IN AT UKB 6 RVN 6 FZI 4 trigrams THE

2. Vigener cipher (16 th century, Rome) k = m = C R Y P T O C R Y P T O C R Y P T W H A T A N I C E D A Y T O D A Y (+ mod 26) c = Z Z Z J U C L U D T U N W G C Q S suppose most common = H first letter of key = H E = C

3. Rotor Machines (1870-1943) Early example: the Hebern machine (single rotor) A B C.. X Y Z key K S T.. R N E E K S T.. R N N E K S T.. R

Rotor Machines (cont.) Most famous: the Enigma (3-5 rotors) # keys = 26 4 = 2 18 (actually 2 36 due to plugboard)

4. Data Encryption Standard (1974) DES: # keys = 2 56, block size = 64 bits Today: AES (2001), Salsa20 (2008) (and many others)

End of Segment

Online Cryptography Course See also: http://en.wikibooks.org/high_school_mathematics_extensions/discrete_probability Introduction Discrete Probability (crash course, cont.)

U: finite set (e.g. U = {0,1} n ) Def: Probability distribution P over U is a function P: U [0,1] such that Σ P(x) = 1 x U Examples: 1. Uniform distribution: for all x U: P(x) = 1/ U 2. Point distribution at x 0 : P(x 0 ) = 1, x x 0 : P(x) = 0 Distribution vector: ( P(000), P(001), P(010),, P(111) )

Events For a set A U: Pr[A] = Σ P(x) [0,1] The set A is called an event x A note: Pr[U]=1 Example: U = {0,1} 8 A = { all x in U such that lsb 2 (x)=11 } U for the uniform distribution on {0,1} 8 : Pr[A] = 1/4

The union bound For events A 1 and A 2 Pr[ A 1 A 2 ] Pr[A 1 ] + Pr[A 2 ] Example: A 1 A 2 A 1 = { all x in {0,1} n s.t lsb 2 (x)=11 } ; A 2 = { all x in {0,1} n s.t. msb 2 (x)=11 } Pr[ lsb 2 (x)=11 or msb 2 (x)=11 ] = Pr[A 1 A 2 ] ¼+¼ = ½

Random Variables Def: a random variable X is a function X:U V Example: X: {0,1} n {0,1} ; X(y) = lsb(y) {0,1} For the uniform distribution on U: lsb=0 Pr[ X=0 ] = 1/2, Pr[ X=1 ] = 1/2 lsb=1 More generally: rand. var. X induces a distribution on V: Pr[ X=v ] := Pr[ X -1 (v) ] U V 0 1

The uniform random variable Let U be some set, e.g. U = {0,1} n R We write r U to denote a uniform random variable over U for all a U: Pr[ r = a ] = 1/ U ( formally, r is the identity function: r(x)=x for all x U )

Let r be a uniform random variable on {0,1} 2 Define the random variable X = r 1 + r 2 Then Pr[X=2] = ¼ Hint: Pr[X=2] = Pr[ r=11 ]

Randomized algorithms Deterministic algorithm: y A(m) Randomized algorithm R y A( m ; r ) where r {0,1} n output is a random variable R y A( m ) inputs m m outputs A(m) A(m) R Example: A(m ; k) = E(k, m), y A( m )

End of Segment

Online Cryptography Course See also: http://en.wikibooks.org/high_school_mathematics_extensions/discrete_probability Introduction Discrete Probability (crash course, cont.)

Recap U: finite set (e.g. U = {0,1} n ) Prob. distr. P over U is a function P: U [0,1] s.t. Σ P(x) = 1 A U is called an event and Pr[A] = Σ P(x) [0,1] x A x U A random variable is a function X:U V. X takes values in V and defines a distribution on V

Independence Def: events A and B are independent if Pr[ A and B ] = Pr*A+ Pr[B] random variables X,Y taking values in V are independent if a,b V: Pr[ X=a and Y=b] = Pr[X=a] Pr[Y=b] Example: U = {0,1} 2 R = {00, 01, 10, 11} and r U Define r.v. X and Y as: X = lsb(r), Y = msb(r) Pr[ X=0 and Y=0 ] = Pr[ r=00 ] = ¼ = Pr[X=0] Pr[Y=0]

Review: XOR XOR of two strings in {0,1} n is their bit-wise addition mod 2 0 1 1 0 1 1 1 1 0 1 1 0 1 0

An important property of XOR Thm: Y a rand. var. over {0,1} n, X an indep. uniform var. on {0,1} n Then Z := Y X is uniform var. on {0,1} n Proof: (for n=1) Pr[ Z=0 ] =

The birthday paradox Let r 1,, r n U be indep. identically distributed random vars. Thm: when n= 1.2 U 1/2 then Pr[ i j: r i = r j ] ½ notation: U is the size of U Example: Let U = {0,1} 128 After sampling about 2 64 random messages from U, some two sampled messages will likely be the same

collision probability U =10 6 # samples n

End of Segment

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback