introduction to modern cryptography -...
TRANSCRIPT
![Page 1: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/1.jpg)
Introduction to Modern Cryptography
Master of Logic 2014
1st Quarter Sep / Oct
![Page 2: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/2.jpg)
Christian Schaffner
• me • pure mathematics at ETH Zurich • PhD from Aarhus, Denmark • research: quantum cryptography • [email protected] !
• plays ultimate frisbee
![Page 3: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/3.jpg)
Malvin Gattinger
• your teaching assistant • ILLC PhD student • [email protected] • https://w4eg.de/malvin/ !
• switched sides of the table
![Page 4: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/4.jpg)
Practicalities
• final grade consists of 50-50:
• weekly homework, to be graded
• final exam in week of 20/10/14 - 24/10/14
• details on course homepage: http://homepages.cwi.nl/~schaffne/courses/crypto/2014/
![Page 5: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/5.jpg)
Expectations
We expect from you
• be on time
• code of honor (do not cheat)
• ask questions!
![Page 6: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/6.jpg)
Expectations
We expect from you
• be on time
• code of honor (do not cheat)
• ask questions!
You can expect from us
• be on time
• make clear what goals are
• listen to you and respond to email requests
• keep website up to date
![Page 7: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/7.jpg)
Questions ?
![Page 8: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/8.jpg)
• Historical cryptography & principles of modern cryptography
• perfectly-secret encryption
Outline of the Course
![Page 9: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/9.jpg)
Outline of the Course II
secret key public key
confidentiality private-key encryption
public-key encryption
authenticationmessage
authentication codes (MAC)
digital signatures
![Page 10: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/10.jpg)
Outline of the Course II
secret key public key
confidentiality private-key encryption
public-key encryption
authenticationmessage
authentication codes (MAC)
digital signatures
• reduction proofs • pseudorandomness • block ciphers: DES, AES
![Page 11: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/11.jpg)
Outline of the Course II
secret key public key
confidentiality private-key encryption
public-key encryption
authenticationmessage
authentication codes (MAC)
digital signatures
• reduction proofs • pseudorandomness • block ciphers: DES, AES
• algorithmic number theory • key distribution, Diffie-Hellmann • RSA
![Page 12: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/12.jpg)
Fun Stuff• bitcoin (guest lecture by Marc Stevens, CWI)
• zero-knowledge proofs
• multi-party computation (secret sharing, bit commitment, oblivious transfer)
• electronic voting and auctions
• quantum cryptography
• position-based cryptography
• ...
![Page 13: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/13.jpg)
Questions ?
![Page 14: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/14.jpg)
Introduction
• for centuries, cryptography has been an “art of writing codes and solving codes”
• goal: secret communication
• mainly used by military and intelligence
• “modern cryptography”
![Page 15: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/15.jpg)
Claude Elwood Shannon1916 - 2001
• Father of Information Theory • Graduate of MIT • Bell Labs !
• juggling, unicycling, chess • ultimate machine
![Page 16: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/16.jpg)
Silvio Micali Shafi Goldwasser
• MIT • Foundations of Modern Cryptography
Oded Goldreich
• Weizmann Institute
![Page 17: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/17.jpg)
Modern Cryptography• “scientific study of techniques for securing
digital information, transactions and distributed computations”
• crypto is everywhere!
![Page 18: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/18.jpg)
Modern Cryptography• “scientific study of techniques for securing
digital information, transactions and distributed computations”
• crypto is everywhere!
![Page 19: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/19.jpg)
Auguste Kerckhoffs1835 - 1903
• Dutch linguist and cryptographer • Kerckhoffs’ principle: “A cryptosystem should be secure even if everything about the system, except the key, is public knowledge”
!
• leader of Volapük movement
![Page 20: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/20.jpg)
AES and SHA competitions
• AES: advanced encryption standard
• SHA: secure hash algorithm
• both determined by a public procedure led by the National Institute for Standards and Technology (NIST)
• SHA-3 zoo
![Page 21: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/21.jpg)
Edward Joseph Snowden1983 -
• former CIA employee and NSA contractor
• whistleblower • on (temporary) asylum in Russia !
• Traitor or Hero?
![Page 22: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/22.jpg)
Politics of Cyberwar• Snowden leaked many thousand top secret
documents to various media, documenting a • mass surveillance programs by secret
services from all over the world
![Page 23: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/23.jpg)
Politics of Cyberwar
![Page 24: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/24.jpg)
• Methods: (in decreasing order of difficulty) • Break cryptography • Influence industrial standards • Pressure manufacturers to make insecure
devices • Infiltrate hardware and software
(communication infrastructure, computers, smartphones etc.)
Politics of Cyberwar
![Page 25: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/25.jpg)
• Methods: (in decreasing order of difficulty) • Break cryptography • Influence industrial standards • Pressure manufacturers to make insecure
devices • Infiltrate hardware and software
(communication infrastructure, computers, smartphones etc.)
• Why mass surveillance? • Other than to combat terrorism, these
surveillance programs have been employed to assess the foreign policy and economic stability of other countries, and to gather "commercial secrets“.
Politics of Cyberwar
![Page 26: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/26.jpg)
Why worry?• „I have nothing to hide“ is a very naive reaction.
![Page 27: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/27.jpg)
Why worry?• „I have nothing to hide“ is a very naive reaction.• Think about what your smartphone knows about you.
![Page 28: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/28.jpg)
Why worry?• „I have nothing to hide“ is a very naive reaction.• Think about what your smartphone knows about you.• Tell me something that your smartphone does not know
about you.
![Page 29: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/29.jpg)
Why worry?• „I have nothing to hide“ is a very naive reaction.• Think about what your smartphone knows about you.• Tell me something that your smartphone does not know
about you.
![Page 30: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/30.jpg)
Why worry?• „I have nothing to hide“ is a very naive reaction.• Think about what your smartphone knows about you.• Tell me something that your smartphone does not know
about you.
![Page 31: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/31.jpg)
Why Worry?• „I have nothing to hide“ is a very naive reaction.
• Everyone‘s personal privacy is at stake!• George Orwell‘s surveillance state from his book 1984 has become reality...
![Page 32: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/32.jpg)
Why Worry?• „I have nothing to hide“ is a very naive reaction.
• Everyone‘s personal privacy is at stake!• George Orwell‘s surveillance state from his book 1984 has become reality...
• "They (the NSA) can use the system to go back in time and scrutinize every decision you've ever made, every friend you've ever discussed something with, and attack you on that basis to sort of derive suspicion from an innocent life and paint anyone in the context of a wrongdoer." – Edward Snowden
![Page 33: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/33.jpg)
Gaius Julius Caesar100 BC – 44 BC
• not best known for his cryptographic skills
• Roman general !
• suffered from epilepsy, or migraine headache
![Page 34: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/34.jpg)
Modular Arithmetic
• Given integers a and N>1 we write [a mod N] ∈ {0,1,2, ..., N-1} as the remainder of a upon division by N
![Page 35: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/35.jpg)
Frequency analysis
Wikipedia source
![Page 36: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/36.jpg)
Blaise de Vigenère1523–1596
• diplomat and cryptographer • Vigenère’s cipher !
• interested in alchemy
![Page 37: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/37.jpg)
Friedrich Kasiski 1805 – 1881
• Preussian infantry officer • cryptographer and archeologist
![Page 38: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/38.jpg)
Charles Babbage 1791 – 1871
• mathematician, philosopher, inventor and mechanical engineer
• father of the computer • designed the “difference machine”
and “Analytical Engine” !
• counted broken window panes • hated organ grinders
![Page 39: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/39.jpg)
Jonathan Katz Yehuda Lindell
• 3 Basic Principles of Modern Cryptography
![Page 40: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/40.jpg)
1. Formulation of Exact Definitions
• “a cryptographic scheme is secure if no adversary of a specified power can achieve a specified break”example: encryption
• mathematical definitions vs the real worldexample: power-usage attacks
• cryptographers face a similar problem as Turing: “Am I modeling the right thing?”
![Page 41: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/41.jpg)
2. Reliance on Precise Assumptions
• unconditional security is often impractical (unfortunate state of computational complexity)
• validation of assumptions (independent of cryptography) example: factoring
• allows to compare crypto schemes
![Page 42: Introduction to Modern Cryptography - CWIhomepages.cwi.nl/~schaffne/courses/crypto/2014/Heads1.pdf · Introduction to Modern Cryptography ... •juggling, unicycling, chess! ... •](https://reader031.vdocuments.us/reader031/viewer/2022022607/5b85a4467f8b9aef498ec4e6/html5/thumbnails/42.jpg)
3. Rigorous Proofs of Security
• Intuition is not good enough. History knows countless examples of broken schemes
• bugs vs security holessoftware users vs adversaries
• reduction proofs: Given that Assumption X is true, Construction Y is secure. Any adversary breaking Construction Y can be used as subroutine to violate Assumption X.