Scribd
Upload
92 views34 pages

Reading Assignment: Chapter 1 of Katz & Lindell

The document provides an introduction to cryptography. It defines cryptography as the scientific study of techniques for securing digital information, transactions, and distributed computations. It then discusses some basic objectives of cryptography like protecting data privacy, ensuring data integrity, and providing authentication. It also introduces some common terms and concepts in cryptography like encryption schemes, cryptographic protocols, digital signatures, pseudorandom generators, one-way functions, and different types of attacks.

Uploaded by

iiita123
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
92 views34 pages

Reading Assignment: Chapter 1 of Katz & Lindell

The document provides an introduction to cryptography. It defines cryptography as the scientific study of techniques for securing digital information, transactions, and distributed computations. It then discusses some basic objectives of cryptography like protecting data privacy, ensuring data integrity, and providing authentication. It also introduces some common terms and concepts in cryptography like encryption schemes, cryptographic protocols, digital signatures, pseudorandom generators, one-way functions, and different types of attacks.

Uploaded by

iiita123
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 34

Introduction

Reading assignment:
Chapter 1 of Katz & Lindell

1
Cryptography

 Merriam-Webster Online Dictionary:


1. secret writing
2. the enciphering and deciphering of messages in
secret code or cipher.

 Scientific study of techniques for securing


digital information, transactions, and
distributed computations.
2
A Structural View of Cryptography

APPLICATIONS

Encryption Crypto Sign/MAC


Schemes Protocols Schemes

Pseudorandom Zero-Knowledge
Generators Proof Systems
And Functions

Computational Difficulty (One-Way Functions)

3
Basic objectives of cryptography
 Protecting data privacy
 Data integrity (message authentication): allowing the recipient to
check if a received message has been modified.
 Authentication:
 Data origin authentication: allowing the recipient to verify the
origin of a received message.
 Entity authentication: allowing the entities of a (connection-
oriented) communication to authenticate each other.
 Non-repudiation: to prevent the sender from later denying that
he sent the message.
4
Main Characters

 Alice
 Bob
 Peggy (prover)
 Vic (verifier)
 Eve or Oscar (eavesdropper, opponent)

5
Eve

Bob Alice

6
Encryption and secrecy

Bob Alice
key key’

m E c D m

Plaintext ciphertext plaintext

7
Encryption and secrecy

 Encryption protects secrecy of transmitted


messages
 Encryption Ek: plaintext m → ciphertext c

 Decryption Dk’ : ciphertext c → plaintext m

 Encryption key: k 
 equal or not equal
 Decryption key: k 
8
Symmetric-key encryption

 Also called secret-key or private-key


encryption
 Encryption key = decryption key
 D(k, E(k,m)) = m
 Or, Dk(Ek(m)) = m

9
Example: Caesar’s shift cipher

 Plaintexts m
 English characters
 Represented as integers 0-25
 Key k: an integer in 1..25
 Ek(m) = (m + k) mod 26
 Dk(c) = (c − k) mod 26
 E3: ohio → rklr D3: rklr → ohio
10
Public-key encryption

 Also called asymmetric encryption


 Using a pair of keys (sk, pk)
 sk is secret, known only to the key’s owner (say Alice)
 pk is public, known to everyone

 From pk, it is hard to derive sk.


 Dsk(Epk(m)) = m.

11
Public-key Encryption

Bob Alice
public key secret key

m E c D m

Plaintext ciphertext plaintext

12
Example: RSA

 Public key: ( n, e)
 Secret key: d
 Encryption: E (m)  m mod n
e

 Decryption: D(c)  m mod n


d

13
Message authentication codes

 Ensuring data integrity using symmetric keys.


 Alice and Bob share a symmetric key k.
 Alice sends to Bob the augmented message
(m, x), where x = MACk(m).
 Bob on receiving (m’, x’), checks if x’ =
MACk(m’). If so, accepts m’ as authentic.
14
Digital signatures

 Ensuring data integrity and non-repudiation


using public-key methods
 s = Signsk(m)
 Verifypk(m, s) = true or false.
 Hash-then-sign: s = Signsk(h(m)), where h
is a cryptographic hash function.

15
Pseudorandom generators (1)

 Randomness and security of cryptosystems are


closely related.
 Vernam’s one-time pad encryption scheme:
 To encrypt a message m
 Randomly generate a bit string k

Encrypt m as c : m  k bit by bit
 c looks random to anyone not knowing the key k.
16
Pseudorandom generators (2)

 Expensive to generate truly random bits.


 Psuedorandom generators are algorithms
that, on input a short random bit string,
generate a longer, random-like bit string.

17
Cryptographic primitives

 These are often regarded as basic


cryptographic primitives:
 Pseudorandom generators/functions
 Encryption & decryption schemes
 Cryptographic hash functions
 MACs, digital signatures
 They may be used as building blocks to build
cryptographic protocols.
18
Cryptographic protocols

 A cryptographic protocol:
 Involves two or more parties
 Often combines different primitives
 Accomplishes a more sophisticated task,
e.g., electronic election

19
Example cryptographic protocol

 Protocol for user identification


 using a digital signature scheme
 Alice has a key pair (pk, sk)
 Alice → Bob: “I’m Alice”
 Alice ← Bob: a random challenge c
 Alice → Bob: a response s = Signsk(c)
 Bob checks if Verifypk(c,s) = true
20
Zero-Knowledge Proofs

 In applications, a party often needs to prove that


he follows the protocol. For example:
 Alice sends a same message to Bob and Cindy,
encrypted using their respective public keys.
 Alice wishes to prove to David that she did send
a same message, without revealing the message
itself.
21
One-way functions

 Modern cryptosystems are based on (trapdoor)


one-way functions.
 A function f is one-way if it is easy to compute, but
hard to invert.
 Easy to compute f(x)
 Hard to compute f -1(y)

 Trapdoor: some additional information that makes


f -1 easy to compute.
22
“Candidate” one-way functions

 No function has been proved one-way.


 Some functions are believed to be one-way.
 For example:
 Integer multiplication
 Discrete exponentiation
 Modular powers

23
“Candidate” one-way functions

 Integer multiplication:
f ( x, y )  x  y where x  y

 Discrete exponentiation:
f ( x)  b x mod n         x : integers, 1  x  n 

 Modular powers:
f ( x)  x mod n         x : integers, 1  x  n 
b

24
Cryptanalysis

 Science of studying attacks against


cryptographic schemes.
 Kerkhoff’s principle: the adversary knows
all details about a cryptosystem except the
secret key.
 Cryptography + Cryptanalysis = Cryptology

25
Attacks on encryption schemes

 Objective: to obtain information about


plaintexts or even the secret key
 Attackers have different levels of computing
power and different amount of information.
 When studying the security of an encryption
scheme, we need to specify the type of
attacks.

26
Different types of attacks

 Different types of attacks (classified by the


amount of information that may be obtained
by the attacker):
 Ciphertext-only attack
 Known-plaintext attack
 Chosen-plaintext attack (possibly adaptively)
 Chosen-ciphertext attack (possibly adaptively)

27
Ciphertext-only attacks

 Given: a ciphertext c
 Q: what is its plaintext m?
 An encryption scheme is completely
insecure if it cannot resist ciphertext-only
attacks.

28
Known-plaintext attacks

 Given: (m1,c1), (m2,c2), …, (mk,ck) and a


new ciphertext c.
 Q: what is the plaintext of c?

29
Chosen-plaintext attacks

 Given: (m1,c1), (m2,c2), …, (mk,ck), where m1,


m2, …, mk are chosen by the adversary; and
a new ciphertext c.
 Q: what is the plaintext of c?
 Adaptively-chosen-plaintext attack: m1, m2,
…, mk are chosen adaptively.
30
Chosen-ciphertext attacks

 Given: (m1,c1), (m2,c2), …, (mk,ck), where c1,


c2, …, ck are chosen by the adversary; and
a new ciphertext c.
 Q: what is the plaintext of c?
 Adaptively-chosen-ciphertext attack: c1, c2,
…, ck are chosen adaptively.
31
Different types of adversaries …

 Classified by the amount of computing


resources available by the adversary:
 The attacker has unbounded computing power
 The attacker only has a polynomial amount of
computing power (polynomial in some security
parameter, typically the key length).

32
Unconditional security

 Secure even if the adversary has infinite


computational resources (CPU time and
memory storage).
 For example, Vernam’s one-time pad is
unconditionally secure against ciphertext-
only attack.
33
Computational security

 Secure if the attacker has only polynomial


amount of computational resources.
 For example, RSA is believed to be
computationally secure; because it may
take thousands years to decipher a
ciphertext.
 This statement is ambiguous. Why?
34

You might also like