Download - CS 568: Applied Cryptography - Piazza
![Page 1: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/1.jpg)
CS 568: Applied CryptographyProf. Mayank Varia
![Page 2: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/2.jpg)
Syllabus
• Instructors: Mayank Varia, Nicolas Alhaddad, and Omar Sagga
• Course websites: piazza.com for discussion, gradescope.com for labs
• Weekly assignments: programming-based labs + textbook reading
• Midterm on Thurs 2/21, final exam on Sat 5/11
• Grading: 40% labs, 30% final, 20% midterm, 10% participation
• Always follow the BU academic conduct code & collaboration policy!
![Page 3: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/3.jpg)
What is cryptography?
![Page 4: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/4.jpg)
Crypto = Scientific field at intersection of many disciplines
Complexity theory Known for reductions. Primarily found inAmerican academia.
Engineering Known for software devand side channel attacks. Primarily found in industry.
Mathematics Known for cryptanalysis. Primarily found ingovernment.
!
"
Algorithms Known for cipher design. Primarily found inEuropean academia. A⇒B
This class
![Page 5: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/5.jpg)
–Ben Adida
“Cryptography is how people get things done when they need one another, don’t fully trust one another, and have adversaries actively trying to screw things up.”
Source: benlog.com/2018/01/07/crypto-as-in-crypto/
![Page 6: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/6.jpg)
The Internet, 1968
Source: twitter.com/pwnallthethings/status/935395453482520576
![Page 7: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/7.jpg)
–Jon Stewart“The Internet is just the world passing notes in a classroom.”
Source: news.bbcimg.co.uk/media/images/75643000/jpg/_75643557_passing-notes.jpg
![Page 8: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/8.jpg)
Facebook friendship graph, 2010
Source: www.facebook.com/note.php?note_id=469716398919
![Page 9: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/9.jpg)
Talking over the Internet
![Page 10: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/10.jpg)
Client-server crypto
![Page 11: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/11.jpg)
End-to-end crypto
![Page 12: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/12.jpg)
Why does crypto matter?
![Page 13: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/13.jpg)
Why does crypto matter?1. We use it all the time
2. It has social consequences, as Rogaway said
3. It has geopolitical consequences
4. It influences how law and regulations are applied and modernized to the digital world
![Page 14: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/14.jpg)
Encrypted web traffic in Firefox
Source: letsencrypt.org/stats
![Page 15: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/15.jpg)
https://www.google.com
![Page 16: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/16.jpg)
BU’s login page
![Page 17: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/17.jpg)
The Signal double ratchet protocol
Used in a messaging system near you!
Signal (formerly TextSecure)
Facebook Messenger
Google Allo (opt-in)
Skype (opt-in)
Source: whispersystems.org/docs/specifications/doubleratchet
![Page 18: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/18.jpg)
–Phillip Rogaway
“Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently political tool, and it confers on the field an intrinsically moral dimension.”
Source: web.cs.ucdavis.edu/~rogaway/papers/moral.html
![Page 19: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/19.jpg)
Crypto Wars: early 20th century editionWorld War I: Zimmerman telegram World War II: Enigma machine
Source: www.bbc.com/news/uk-38581861 Source: en.wikipedia.org/wiki/Enigma_machine
![Page 20: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/20.jpg)
Zimmerman telegram
Source: www.bbc.com/news/uk-38581861
![Page 21: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/21.jpg)
Zimmerman telegram
"I've got something here which - well, it's a rather astonishing message which might do the trick if we could use it.”Source: www.bbc.com/news/uk-38581861
![Page 22: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/22.jpg)
Crypto, meet the Bill of Rights1. Bernstein v. United States established code == speech
2. Crypto used to be regulated as a munition
3. 1990s Clipper chip: government in all computers
4. Crypto !-> reasonable expectation of privacy?
5. Can government request your help to unlock phone?
![Page 23: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/23.jpg)
What is the objective of crypto?
![Page 24: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/24.jpg)
Cryptography Cryptanalysisthe art of making codes the art of breaking codes
Cryptologykryptos = secret, hidden
Schneier’s law: Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break.
![Page 25: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/25.jpg)
Course outline1. Protecting data at rest
3. Protecting data in transit
5. Protecting data during use
2. Attacking data at rest
4. Crypto law and policy
6. Design + cryptanalysis of crypto building blocks
![Page 26: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/26.jpg)
Protecting data in transit
messageM
encodeC=E(M)
decodeM=D(C)
???
keyK keyK
encryptC=E(K,M)
decryptM=D(K,C)
keyagreement
![Page 27: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/27.jpg)
What protections do we want?
Source:Handbook of Applied Cryptography,Table 1.1
![Page 28: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/28.jpg)
Confidentiality
Integrity
Availability
![Page 29: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/29.jpg)
Confidentiality
Integrity
Availability
Private Deniable Withstand device compromise
Authenticated Binding / non-malleable Fresh
![Page 30: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/30.jpg)
Eve’s powers we can handle
• Control over the network: add, drop, alter, re-order packets
• Intermittent control of an endpoint: we can still provide confidentiality at other times
Eve can still learn metadata
• No anonymity:Eve knows Alice and Bob are communicating
• No hiding message length:Eve sees how much data is flowing across the wire
![Page 31: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/31.jpg)
Sources: • www.wyden.senate.gov/imo/media/doc/
Letter%20to%20Tinder%20on%20Cybersecurity.pdf • www.wyden.senate.gov/imo/media/doc/
Match%20response%20to%20wyden%206-27-18%20-%20signed.pdf
![Page 32: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/32.jpg)
Formal security guarantee
gibberishEnc
Dec “I refuse”
![Page 33: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/33.jpg)
Protecting data at rest
messageM
???
keyK keyK
decryptM=D(K,C)
encryptC=E(K,M)
![Page 34: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/34.jpg)
How can Alice encode messages so Eve cannot read them?
![Page 35: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/35.jpg)
![Page 36: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/36.jpg)
Source: www.simonandschuster.com/books/The-Klingon-Dictionary/Marc-Okrand/Star-Trek/9780671745592
![Page 37: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/37.jpg)
Goal 1: Unintelligible to Eve
Plain word Coded wordaba nrqabs mbkace ybdact wxvadd jenado hhgaft uxvage zmxago dgsaha aseaid ktf
⋮ ⋮
zip cyuzoo dux
![Page 38: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/38.jpg)
Goal 1: Unintelligible to Eve Goal 2: Simple for Alice
• Fast + easy to compute
• Secret key is smalland easy to change
• Infinitely reusable
Plain word Coded wordaba nrqabs mbkace ybdact wxvadd jenado hhgaft uxvage zmxago dgsaha aseaid ktf
⋮ ⋮
zip cyuzoo dux
✘ Slow
✘ Big
✘ Frequency✘ analysis
![Page 39: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/39.jpg)
Foreshadowing: block ciphers
Block cipher = family of codebooks
• Each key yields a different codebook
• Fast to compute: throughput of ~3-4 GB/sec
BKK
B
X
Y
K BK
X
Y
or
![Page 40: CS 568: Applied Cryptography - Piazza](https://reader031.vdocuments.us/reader031/viewer/2022013005/61cc9ca8ed47fd3d2300fe67/html5/thumbnails/40.jpg)
Foreshadowing: block ciphers
Block cipher = family of codebooks
• Each key yields a different codebook
• Fast to compute: throughput of ~3-4 GB/sec
BKK
B
X
Y
K BK
X
Y
or
Mode of operation = variability
• Allows long message with short key
• Thwarts frequency analysis
BK
M1
C1
R
BK
M2
C2
BK
M3
C3