cs 4/585: cryptography tom shrimpton fab 120-04 725-5392
TRANSCRIPT
CS 4/585: CS 4/585: CryptographyCryptography
Tom ShrimptonTom ShrimptonFAB 120-04FAB 120-04
725-5392725-5392
What is cryptography?What is cryptography?
HistoryHistory Modern cryptographyModern cryptography The “Provable Security” paradigmThe “Provable Security” paradigm Cryptographic goals and modelsCryptographic goals and models Sample cryptographic problemsSample cryptographic problems
BlockciphersBlockciphers
Warm up: shift and substitution ciphersWarm up: shift and substitution ciphers Syntax and the Ideal Cipher modelSyntax and the Ideal Cipher model Pseudorandom Permutations and Pseudorandom Permutations and
Pseudorandom FunctionsPseudorandom Functions The PRP/PRF switching lemmaThe PRP/PRF switching lemma Feistel ciphers, DES, linear Feistel ciphers, DES, linear
cryptanalysiscryptanalysis AESAES
Symmetric EncryptionSymmetric Encryption
Enciphering vs. encryption: syntax, Enciphering vs. encryption: syntax, notationnotation
Modes of operation: CBC, CTR, ECB, …Modes of operation: CBC, CTR, ECB, … Security goals: semantic security and Security goals: semantic security and
equivalent notionsequivalent notions Adversarial attack modelsAdversarial attack models Broken schemes Broken schemes Proofs of security: CTRC, CBC random Proofs of security: CTRC, CBC random
IVIV
Symmetric Message Symmetric Message AuthenticationAuthentication What is a MAC, and why isn’t What is a MAC, and why isn’t
encryption enough?encryption enough? Constructions: CBC-MAC, universal Constructions: CBC-MAC, universal
hash MACS, HMAChash MACS, HMAC Security goals: existential Security goals: existential
unforgeabilityunforgeability Broken Schemes (that look right!) Broken Schemes (that look right!) Proofs of security: CBC-MAC, UH-MACSProofs of security: CBC-MAC, UH-MACS
Authenticated Authenticated EncryptionEncryption The “lead pipe” or “opaque The “lead pipe” or “opaque
envelope”envelope” Security goals: privacy + authenticitySecurity goals: privacy + authenticity Constructions: generic composition, Constructions: generic composition,
one-pass schemesone-pass schemes How to break them if implemented How to break them if implemented
poorlypoorly
Cryptographic Cryptographic Hash FunctionsHash Functions What are they and why do we What are they and why do we
need them?need them? Security goals (crypto with no Security goals (crypto with no
keys?!)keys?!) Merkle-Damgard constructionsMerkle-Damgard constructions MD5, SHA1MD5, SHA1 Blockcipher-based constructionsBlockcipher-based constructions
Math for Asymmetric Math for Asymmetric EncryptionEncryption
Number theory basicsNumber theory basics Group theory basicsGroup theory basics ““Hard” problems (eg, discrete log)Hard” problems (eg, discrete log) Examples: RSA, ElGamal, Diffie-Examples: RSA, ElGamal, Diffie-
HellmanHellman
Asymmetric EncryptionAsymmetric Encryption
Review of the public-key modelReview of the public-key model Syntax of Public-Key EncryptionSyntax of Public-Key Encryption How to use RSA properlyHow to use RSA properly Security goals: Semantic Security Security goals: Semantic Security
and equivalent notionsand equivalent notions Hybrid EncryptionHybrid Encryption OAEP, the PKCS v1 break…OAEP, the PKCS v1 break…
Asymmetric Message Asymmetric Message AuthenticationAuthentication Syntax of Digital SignaturesSyntax of Digital Signatures Security goalsSecurity goals RSA-based schemesRSA-based schemes Hash-and-Sign paradigmHash-and-Sign paradigm Full-domain hash (FDH) signaturesFull-domain hash (FDH) signatures ElGamal-based schemes: Schnorr ElGamal-based schemes: Schnorr
signaturessignatures
Stream CiphersStream Ciphers
Pseudorandom number generatorsPseudorandom number generators What kind of object What kind of object isis a stream a stream
cipher?cipher? Constructions: RC4Constructions: RC4 The infamous WEP (802.11) attackThe infamous WEP (802.11) attack
Other stuff…Other stuff…
Computational issues Computational issues Key-exchangeKey-exchange SigncryptionSigncryption One-way functionsOne-way functions Mutual authenticationMutual authentication Zero-knowledge proofsZero-knowledge proofs Identity-based encryptionIdentity-based encryption
Symmetric Encryption
MACSAsymmetricEncryption
BlockciphersNumber
Theory, etc.
Auth.Encryption
DigitalSignatures
HashFunctions
StreamCiphers
A rough idea of how the “units” fit together…
The Big (Partial) Picture
PrimitivesBlock Ciphers
Hash Functions
Hard Problems
Stream Ciphers
First-LevelProtocols
Symmetric Encryption
Digital Signatures
MAC Schemes
Asymmetric Encryption
Second-LevelProtocols
SSH, SSL/TLS, IPSecElectronic Cash, Electronic Voting
(Can do proofs)
(Can do proofs)
(No one knows how to prove security; make assumptions)