wonders of the digital envelope computational complexity based cryptography theoretical ideas behind...
TRANSCRIPT
![Page 1: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/1.jpg)
Wonders of theDigital Envelope
Computational complexity based
cryptographyTheoretical ideas behind e-commerce and the internet
revolution
![Page 2: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/2.jpg)
Lecture III - plan
- Cryptography before computational complexity- The ambitions of modern cryptography- The assumptions of modern cryptography- The “digital envelope” and its power- Zero-knowledge proofs- Private communication- Oblivious computation
![Page 3: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/3.jpg)
Cryptography before computational
complexitySecret communication
Assuming shared information which no one else has
![Page 4: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/4.jpg)
What do we want to do?
![Page 5: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/5.jpg)
Modern CryptographyThe basic conflict between:• Secrecy / Privacy• Resilience / Fault Tolerance
Tasks Implements
Encryption
Identification Driver License
Money transfer Notes, checks
Public bids Sealed envelopes
Code books
![Page 6: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/6.jpg)
Modern Cryptography
Tasks Implements
Info protection LocksPoker game Play cardsPublic lottery Coins, diceSign contracts Lawyers
Digitally, with no trusted parties
ALL NONE
![Page 7: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/7.jpg)
What are we assuming?
![Page 8: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/8.jpg)
Axiom 1: Agents are computationally limited.
Consequence 1: Only tasks having efficient algorithms can be performed
![Page 9: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/9.jpg)
Easy and Hard Problems
asymptotic complexity of functionsMultiplication
mult(23,67) = 1541
grade school algorithm:n2 steps on n digit inputs
EASYCan be performed quickly for huge integers
Factoringfactor(1541) = (23,67)
best known algorithm:exp(n) steps on n digits
HARD?We don’t know!We’ll assume it.
Axiom 2: Factoring is hard!
![Page 10: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/10.jpg)
p,q pq
Easy
Impossible
Theorem: Axioms digital
Axiom 1: Agents are computationally limitedAxiom 2: Factoring is hard
![Page 11: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/11.jpg)
x E(x)
Easy
Impossible
One-way functionsAxiom 1: Agents are computationally limitedAxiom 2’: The exist one-way functions E Example: E(p,q) = pq
E is multiplicationWe have other E’s
Easy
Impossible
Nature’s one-way functions: 2nd law ofThermodynamics
![Page 12: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/12.jpg)
Properties of the Envelope
E(x) x
•Easy to insert x (any value, even 1 bit)•Hard to compute content (even partial info) •Impossible to change content (E(x) defines x)•Easy to verify that x is the content
CryptographyTheorem:
OPEN CLOSED
![Page 13: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/13.jpg)
The power of the digital envelope
Examples of increasing difficulty
Mind games of the 1980’s – before Internet & E-commerce were imagined
![Page 14: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/14.jpg)
Public bid (players in one room)
Phase 1: Commit
Phase 2: Expose
E (130) E (120) E (150)
130 120 150
Theorem: Simultaneity
$150$120$130
![Page 15: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/15.jpg)
Public Lottery (on the phone)
Alice Bob
Bob: flipping... You lost!
Theorem: Symmetry breaking
Alice: if I get the car (else you do)
What did you pick?Bob: flipping...
Blum 1981
![Page 16: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/16.jpg)
Identification / Passwords
Public password file
Name E (pswd)… …alice Palice =E (…)… …avi Pavi=E (einat)… …bob Pbob =E (…)… …
Computer: 1 checks if E (pswd)= Pavi
2 erases password from screen
login: avi
password: einat
![Page 17: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/17.jpg)
Theorem: Identification
Problem: Eavesdropping & repeated use!
Wishful thinking:Computer should check if I know x such that E (x)=Pavi without actually getting x
Zero-Knowledge Proof:• Convincing• Reveals no information
![Page 18: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/18.jpg)
Copyrights
Dr. Alice: I can prove Riemann’s Hypothesis
Dr. Alice: Lemma…Proof…Lemma…Proof...
Prof. Bob: Impossible! What is the proof?
Prof. Bob: Amazing!! I’ll recommend tenure Amazing!! I’ll publish first
![Page 19: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/19.jpg)
Zero-Knowledge Proof
“Claim”
Bob Alice (“proof”)
Accept/Reject
“Claim” false Bob rejects
“Claim” true Bob acceptsBob learns nothing
with high probability
Goldwasser-Micali-Rackoff 1984
![Page 20: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/20.jpg)
The universality of Zero-Knowledge
Theorem: Everything you can prove at all, you can prove in Zero-Knowledge
Goldreich-Micali-Wigderson 1986
![Page 21: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/21.jpg)
ZK-proofs of Map Coloring
Input: planar map M
4-COL: is M 4-colorable?
3-COL: is M 3-colorable?
YES!
HARD!
Typical “claim”: map M is 3-colorable
Theorem [GMW]: Such claims have ZK-proofs
![Page 22: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/22.jpg)
QP
F M ON
L
K JI
H
GE
CB
D
A
I’ll prove this claim in zero-knowledgeClaim: This map is 3-colorable (with R Y G )
Note: if I have any3-coloring of any map
Then I immediately have 6
![Page 23: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/23.jpg)
QP
F M ON
L
K JI
H
GE
CB
D
A
Structure of proof:Repeat (until satisfied) - I hide a random one of my 6 colorings in digital envelopes
- You pick a pair of adjacent countries - I open this pair of envelopes
Reject if RR,YY,GG or illegal color
![Page 24: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/24.jpg)
Zero-knowledge
proof demo
![Page 25: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/25.jpg)
QP
FM O
N
L
K JI
H
GE
CB
D
A
![Page 26: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/26.jpg)
QP
FM O
N
L
K JI
H
GE
CB
D
A
![Page 27: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/27.jpg)
QP
FM O
N
L
K JI
H
GE
CB
D
A
![Page 28: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/28.jpg)
QP
FM O
N
L
K JI
H
GE
CB
D
A
![Page 29: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/29.jpg)
QP
FM O
N
L
K JI
H
GE
CB
D
A
![Page 30: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/30.jpg)
QP
FM O
N
L
K JI
H
GE
CB
D
A
![Page 31: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/31.jpg)
QP
FM O
N
L
K JI
H
GE
CB
D
A
![Page 32: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/32.jpg)
QP
FM O
N
L
K JI
H
GE
CB
D
A
![Page 33: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/33.jpg)
QP
FM O
N
L
K JI
H
GE
CB
D
A
![Page 34: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/34.jpg)
QP
FM O
N
L
K JI
H
GE
CB
D
A
![Page 35: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/35.jpg)
QP
FM O
N
L
K JI
H
GE
CB
D
A
![Page 36: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/36.jpg)
QP
FM O
N
L
K JI
H
GE
CB
D
A
![Page 37: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/37.jpg)
![Page 38: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/38.jpg)
Why is it a Zero-Knowledge Proof?
• Exposed information is useless (Bob learns nothing)
• M 3-colorable Probability [Accept] =1 (Alice always convinces Bob)
• M not 3-colorable Prob [Accept] < .99 Prob [Accept in 300 trials] < 1/billion
(Alice rarely convince Bob)
![Page 39: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/39.jpg)
What does it have to do with Riemann’s Hypothesis?
Theorem: There is an efficient algorithm A:
A“Claim” +“Proof length” Map M
“Claim” true M 3-colorable
“Proof” 3-coloring of M
A is the Cook-Levin “dictionary”, provingthat 3-coloring is NP-complete
![Page 40: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/40.jpg)
Theorem [GMW]: + short proof efficient ZK proof
Theorem [GMW]: fault-tolerant protocols
![Page 41: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/41.jpg)
Making any protocolfault-tolerant
1.P2 send m1(s2)
2.P7 send m2(s7,m1)
3.P1 send m3(s1,m1 ,m2)P1
si secret
s1
P2
P7
P3
s2s3
s7
Suppose that in step 1 P2 sends XHow do we know that X=m1(s2)?s2 is a short proof of correctness!P2 proves correctness in zero-knowledge!!
![Page 42: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/42.jpg)
So Far...
Fault Tolerance(we can force players to behave
well!)
? Privacy/Secrecy(even when all players behave
well)
![Page 43: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/43.jpg)
Private communication
Alice and Bob want to have a completely privateconversation.
They share no privateinformation
Many in this audience has already faced and solved this problem often!
![Page 44: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/44.jpg)
Public-key encryptionE-commerce security
PersonalDigital envelope
x E (x)
Easy for everyone
I want to purchase “War and Peace”. My credit card is number is 1111 2222 3333 4444
you
Hard for everyone
EBECEA
B
Easy for Bob
Diffie-Hellman, MerkleRivest-Shamir-Adleman1976-77
Factoring is hard
![Page 45: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/45.jpg)
The Millionaires’ Problem
- Both want to know who is richer- Neither gets any other information
0 if A>Bg(A,B)= 1 if AB
A B
![Page 46: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/46.jpg)
Computing with secret inputs
g
…S1 S2 Sn Elections: g = Majority
• All players are honest. • All players learn g(S1,S2,…,Sn)• No subset learns anything more
0 Democrats Si = 1 Republicans
Si…
winner
![Page 47: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/47.jpg)
How to compute natural functions privately?
Generalize: Try to do it for every function
Specialize: Identify a universal function
Solve it (using special envelopes)
Yao 1987 Oblivious computation
![Page 48: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/48.jpg)
1
0 1
100
Computation in small steps
1 1
g(inputs)
VV
VV
V
0
V
V
OR
AND
V
Ignore privacy.Every g has aBoolean circuit
![Page 49: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/49.jpg)
aAlice
bBob
AND 0
0 1
0
0 1
0
1
Possible with
personal
Axiom 2: Factoring is hard
AND is universal
Computing with envelopes I
![Page 50: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/50.jpg)
1
0 1
100
Computing with envelopes II
1 1
g(inputs)
VV
VV
V
0
1V
![Page 51: Wonders of the Digital Envelope Computational complexity based cryptography Theoretical ideas behind e-commerce and the internet revolution](https://reader036.vdocuments.us/reader036/viewer/2022062421/56649c4e5503460f948f4994/html5/thumbnails/51.jpg)
SummaryPractically every cryptographic task can be
performed securely & privatelyAssuming that players are computationally
bounded and Factoring is hard.
- Computational complexity is essential!- Hard problems can be useful!- The theory predated (& enabled) the
Internet
- What if factoring is easy?- We have (very) few alternatives.Major open question: Can cryptography be based on NP-complete problems ?