1

CIS 5371 Cryptography

1. Introduction

2

Prerequisites for this course

Basic Mathematics, in particular Number Theory

Basic Probability Theory Problem solving skills Programming skills (for projects)

3

Goals for the Introduction

Discuss the effectiveness & practicality of crypto.

Discuss the foundations of crypto. Establish a mindset for developing

crypto systems for Information Assurance.

4

Cryptography vs Modern Cryptography Pre 1970: The art of writing or solving codes Post 1980: The science/technology of

developing techniques for securing digital information digital transactions and distributed computations

Usage: Pre 1970: military, diplomatic services,

intelligence. Post 1980: most of us

5

Modern Cryptography1. Message Authentication, digital signatures2. Secret Key exchange/distribution3. Authentication protocols (for secure access)4. e-commerce, e-government, e-auctions, e-

voting and other e-applications.5. Digital cash6. Support system security7. . . . and more

6

The setting for Private Key encryption

The syntax of encryption A key generation algorithm Gen:

A probabilistic algorithm that outputs a key k according to some distribution.

An encryption algorithm Enc Takes as input a key k and a plaintext m and

outputs a ciphertext c: c = Enck(m). A decryption algorithm Dec

Takes as input a key k and a ciphertext c and outputs a plaintext m’: m’ = Deck(c).

Must have m’ = m.

7

8

Kerckhoffs’ principle “The cipher method must not be required to

be secret, and it must be able to fall into the hands of the enemy without inconvenience.’’

Todays understanding Security should not rely on the secrecy of the

algorithms being used---indeed these algorithms should be public.

Open crypto design vs “security by obscurity”.

Attack Scenarios Ciphertext-only attack (passive) Known-plaintext attacks (passive) Chosen-plaintext attack (active-adaptive) Chosen-ciphertext attack (active-adaptive)Different applications of encryption may

require the encryption scheme to be resilient to different types of attack.

9

Historical Ciphers and their Cryptanalysis

Ceasar’s cipher a shift cipher that rotates letters

Mono-alphabetic substitution uses a permutation of the alphabet, many more keys

Vigenere’s poly-alphabetic shift cipher Multiple shift ciphers using a word.

Cryptanalysis based on statistical pattern of the English language: the

frequency of letters, digrams etc.

10

Basic principles of Modern Cryptography

1. Formulation of exact definitions2. Reliance on precise assumptions3. Rigorous Proofs of security

11

Principal 1 Formulation of exact

definitions1. Importance of design2. Importance of usage3. Importance of study

12

Examples for Principal 1 Question

An encryption scheme is secure if …

13

Examples for Principal 1 Tentative Answers

1. An encryption scheme is secure if no adversary can find the secret key when given a ciphertext.

2. An encryption scheme is secure if no adversary can find the plaintext that corresponds to a given ciphertext.

3. An encryption scheme is secure if no adversary can determine any character of the plaintext that corresponds to the ciphertext.

4. An encryption scheme is secure if no adversary can determine any meaningful information about the plaintext from the ciphertext.

14

Principal 1A first answer

An encryption scheme is secure if no adversary can compute any function of the plaintext from the ciphertext.1.What is assumed to be the power of the adversary?2.What is considered to be a break?A first definition of security:A cryptographic scheme for a given task is secure if no adversary of a specified power (e.g., an “efficient adversary”) can achieve a specific break.

15

Mathematics and the real world

Models• If a mathematical definition does not model

appropriately the real world problem then the definition may be useless --- e.g., the adversarial power may be to weak, or the break may not may not be foreseen.

Our arguments1. Appeal to intuition2. Proof of equivalence3. Examples

16

Principal 2Reliance on precise

assumptions1. Validation of the assumption By their very nature assumptions/statements are not

proven but conjectured . . . 2. Comparison of schemes If one scheme makes a weaker assumption than another

then the first is to be preferred . . . 3. Facilitation of proofs of security If the security of a scheme cannot be proven

unconditionally and must rely on an assumption then a mathematical proof that the construction is secure requires a precise definition of the statement.

17

Principal 3Rigorous Proofs of

securityReductionist approach: “Given assumption X is true, construction Y is secure according to the given definition.”

18