1 cis 5371 cryptography 1.introduction. 2 prerequisites for this course basic mathematics, in...
DESCRIPTION
3 Goals for the Introduction Discuss the effectiveness & practicality of crypto. Discuss the foundations of crypto. Establish a mindset for developing crypto systems for Information Assurance.TRANSCRIPT
1
CIS 5371 Cryptography
1. Introduction
2
Prerequisites for this course
Basic Mathematics, in particular Number Theory
Basic Probability Theory Problem solving skills Programming skills (for projects)
3
Goals for the Introduction
Discuss the effectiveness & practicality of crypto.
Discuss the foundations of crypto. Establish a mindset for developing
crypto systems for Information Assurance.
4
Cryptography vs Modern Cryptography Pre 1970: The art of writing or solving codes Post 1980: The science/technology of
developing techniques for securing digital information digital transactions and distributed computations
Usage: Pre 1970: military, diplomatic services,
intelligence. Post 1980: most of us
5
Modern Cryptography1. Message Authentication, digital signatures2. Secret Key exchange/distribution3. Authentication protocols (for secure access)4. e-commerce, e-government, e-auctions, e-
voting and other e-applications.5. Digital cash6. Support system security7. . . . and more
6
The setting for Private Key encryption
The syntax of encryption A key generation algorithm Gen:
A probabilistic algorithm that outputs a key k according to some distribution.
An encryption algorithm Enc Takes as input a key k and a plaintext m and
outputs a ciphertext c: c = Enck(m). A decryption algorithm Dec
Takes as input a key k and a ciphertext c and outputs a plaintext m’: m’ = Deck(c).
Must have m’ = m.
7
8
Kerckhoffs’ principle “The cipher method must not be required to
be secret, and it must be able to fall into the hands of the enemy without inconvenience.’’
Todays understanding Security should not rely on the secrecy of the
algorithms being used---indeed these algorithms should be public.
Open crypto design vs “security by obscurity”.
Attack Scenarios Ciphertext-only attack (passive) Known-plaintext attacks (passive) Chosen-plaintext attack (active-adaptive) Chosen-ciphertext attack (active-adaptive)Different applications of encryption may
require the encryption scheme to be resilient to different types of attack.
9
Historical Ciphers and their Cryptanalysis
Ceasar’s cipher a shift cipher that rotates letters
Mono-alphabetic substitution uses a permutation of the alphabet, many more keys
Vigenere’s poly-alphabetic shift cipher Multiple shift ciphers using a word.
Cryptanalysis based on statistical pattern of the English language: the
frequency of letters, digrams etc.
10
Basic principles of Modern Cryptography
1. Formulation of exact definitions2. Reliance on precise assumptions3. Rigorous Proofs of security
11
Principal 1 Formulation of exact
definitions1. Importance of design2. Importance of usage3. Importance of study
12
Examples for Principal 1 Question
An encryption scheme is secure if …
13
Examples for Principal 1 Tentative Answers
1. An encryption scheme is secure if no adversary can find the secret key when given a ciphertext.
2. An encryption scheme is secure if no adversary can find the plaintext that corresponds to a given ciphertext.
3. An encryption scheme is secure if no adversary can determine any character of the plaintext that corresponds to the ciphertext.
4. An encryption scheme is secure if no adversary can determine any meaningful information about the plaintext from the ciphertext.
14
Principal 1A first answer
An encryption scheme is secure if no adversary can compute any function of the plaintext from the ciphertext.1.What is assumed to be the power of the adversary?2.What is considered to be a break?A first definition of security:A cryptographic scheme for a given task is secure if no adversary of a specified power (e.g., an “efficient adversary”) can achieve a specific break.
15
Mathematics and the real world
Models• If a mathematical definition does not model
appropriately the real world problem then the definition may be useless --- e.g., the adversarial power may be to weak, or the break may not may not be foreseen.
Our arguments1. Appeal to intuition2. Proof of equivalence3. Examples
16
Principal 2Reliance on precise
assumptions1. Validation of the assumption By their very nature assumptions/statements are not
proven but conjectured . . . 2. Comparison of schemes If one scheme makes a weaker assumption than another
then the first is to be preferred . . . 3. Facilitation of proofs of security If the security of a scheme cannot be proven
unconditionally and must rely on an assumption then a mathematical proof that the construction is secure requires a precise definition of the statement.
17
Principal 3Rigorous Proofs of
securityReductionist approach: “Given assumption X is true, construction Y is secure according to the given definition.”
18