1 / 20

Introduction to Modern Cryptography

Introduction to Modern Cryptography. Instructor: Amos Fiat Strongly based on presentation and class by Benny Chor School of Computer Science Tel- Aviv Univ. Administrative Details. Grade –exam ( 75% ), homework ( 25% ) . Exam on last class. In class exam. No 2 nd chance.

odele
Télécharger la présentation

Introduction to Modern Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Modern Cryptography Instructor: Amos Fiat Strongly based on presentation and class by Benny Chor School of Computer Science Tel- Aviv Univ.

  2. Administrative Details • Grade –exam (75% ), homework (25% ). • Exam on last class. In class exam. No 2nd chance. • Homework submission in pairs. • 2-3 “dry’’ assignments. • 1-2 “wet” assignments (in MAPLE). • Office hours: By e-appointment. • E-mail: fiat@cs.tau.ac.il

  3. Course Outline • Encryption • Data integrity • Authentication and identification • Digital signatures • Number theory • Randomness and pseudo-randomness • Cryptographic protocols • Real world security systems • Watermarking, digital rights management, etc.

  4. Prerequisites: Linear Algebra Probability Computational Models “Mathematical Maturity”

  5. Bibliography • Text Book: Cryptography Theory and Practice, D. Stinson, CRC Press, 1996. (should be available at the library) • Recommended: - Handbook of Applied Cryptography Menezes, Van Oorschot, Vanstone (free download at http://www.cacr.math.uwaterloo.ca/hac ) - Applied Cryptography, B. Schneier

  6. Good Crypto Courses on the Web • Hugo Krawczyk course at the Technion. • Ron Rivest course at MIT. • Dan Boneh course at Stanford. • Phil Rogaway Course at UC Davis. • Eli Biham course at the Technion. • Doug Stinson course at Waterloo.

  7. Encryption • Much of Security has little to do with Encryption • Encryption deals with secrecy • Most real security deals with problems of fraud: • Message modifications • Almost invariably, Encryption does not live alone without some form of authentication

  8. Definitions • Encryption function (& algorithm): E • Decryption function (& algorithm): D • Encryption key k1 • Decryption key k2 • Message space (usually binary strings) • For every message m: D k2(Ek1(m)) = m

  9. Communication Model Alice Bob • Two parties – Alice and Bob • Reliable communication line • Shared encryption scheme: E, D, k1, k2 • Goal: send a message m confidentially

  10. Threat Model Alice Bob Eve • 4. Goal: send a message m confidentially

  11. Security Goals Possibilities: • No adversary can determine m • No adversary can determine any information about m • No adversary can determine any meaningful information about m.

  12. Adversarial model • Eve attempts to discover information about m • Eve knows the algorithms E,D • Eve knows the message space • Eve has at least partial information about Ek1(m) • Eve does not know k1, k2

  13. Examples – bad ciphers • Shift cipher • Conclusion – large key space required • Substitution cipher • Large key space, still “easy” to break

  14. Substitution cipher • Example: • plaintext: attack at dawn • ciphertext: waaoq wa vwmk Size of key space: 26!=403291461126605635584000000 ~ 4 x 1028 large enough

  15. Additional definitions • Plaintext – the message prior to encryption (“attack at dawn”, “sell MSFT at 57.5”) • Ciphertext – the message after encryption (“יחלעכ חעכןטאככעכ”,“jhhfoghjklvhgbljhg” ) • Symmetric key – encryption scheme where k1=k2 (classical cryptography)

  16. Perfect Cipher • Plaintext space – {0,1}n • Given a ciphertext C the probability that Dk2(C)=P for any plaintext P is equal to the apriori probability that P is the plaintext. In other words: Pr[plaintext=P|C] = Pr[plaintext=P] • Probabilities are over the key space and the plaintext space.

  17. Example – One Time Pad • Plaintext space - {0,1}n • Key space - {0,1}n • The scheme is symmetric, key k is chosen at random • Ek(P) = C = P  K • Dk(C) = C  K = P

  18. Pros and Cons • Claim: the one time pad is a perfect cipher. • Problem: size of key space. • Theorem (Shannon): A cipher cannot be perfect if its key space is less than the size of its message space. • Why??? Argue in class.

  19. Computational Power • Time • Hardware • Storage • Theoretical – polynomial time • Practical – 264 is feasible, 280 is infeasible

  20. Attack Models • Eavesdropping • Known plaintext • Chosen plaintext • Chosen ciphertext • Adaptive chosen text attacks • Physical access • “Physical” modification of messages

More Related