Embed Size (px)
Citation preview
1
CIS 5371 Cryptography
1. Introduction
2
Prerequisites for this course
Basic Mathematics, in particular Number Theory
Basic Probability Theory Problem solving skills Programming skills (for projects)
3
Goals for the Introduction
Discuss the effectiveness & practicality of crypto.
Discuss the foundations of crypto. Establish a mindset for developing
crypto systems for Information Assurance.
4
Cryptography vs Modern Cryptography
Pre 1970: The art of writing or solving codes Post 1980: The science/technology of
developing techniques for securing digital information
digital transactions and
distributed computations
Usage: Pre 1970: military, diplomatic services,
intelligence.
Post 1980: most of us
5
Modern Cryptography
1. Message Authentication, digital signatures2. Secret Key exchange/distribution3. Authentication protocols (for secure
access)4. e-commerce, e-government, e-auctions, e-
voting and other e-applications.5. Digital cash6. Support system security7. . . . and more
6
The setting for Private Key encryption
The syntax of encryption A key generation algorithm Gen:
A probabilistic algorithm that outputs a key k according to some distribution.
An encryption algorithm Enc Takes as input a key k and a plaintext m and
outputs a ciphertext c: c = Enck(m).
A decryption algorithm Dec Takes as input a key k and a ciphertext c and
outputs a plaintext m’: m’ = Deck(c). Must have m’ = m.
7
8
Kerckhoffs’ principle “The cipher method must not be required to
be secret, and it must be able to fall into the hands of the enemy without inconvenience.’’
Todays understanding Security should not rely on the secrecy of the
algorithms being used---indeed these algorithms should be public.
Open crypto design vs “security by obscurity”.
Attack Scenarios Ciphertext-only attack (passive)
Known-plaintext attacks (passive)
Chosen-plaintext attack (active-adaptive)
Chosen-ciphertext attack (active-adaptive)
Different applications of encryption may require the encryption scheme to be resilient to different types of attack.
9
Historical Ciphers and their Cryptanalysis
Ceasar’s cipher a shift cipher that rotates letters
Mono-alphabetic substitution uses a permutation of the alphabet, many more keys
Vigenere’s poly-alphabetic shift cipher Multiple shift ciphers using a word.
Cryptanalysis based on statistical pattern of the English language: the
frequency of letters, digrams etc.
10
Basic principles of Modern Cryptography
1. Formulation of exact definitions
1. Importance of design
2. Importance of usage
3. Importance of study
11
Basic principles of Modern Cryptography
Examples for Principal 1 --- Answers
1. An encryption scheme is secure if no adversary can find the secret key when given a ciphertext.
2. An encryption scheme is secure if no adversary can find the plaintext that corresponds to a given ciphertext.
3. An encryption scheme is secure if no adversary can find the plaintext that corresponds to a given ciphertext.
4. An encryption scheme is secure if no adversary can determine any character of the plaintext that corresponds to the ciphertext.
12
Basic principles of Modern Cryptography
Final answer
An encryption scheme is secure if no adversary can determine any meaningful information about the plaintext from the ciphertext.
1.What is considered to be a break?
2.What is assumed to be the power of the adversary?
A first definition of security:A cryptographic scheme for a given task is secure if no adversary of a specified power (e.g., an “efficient adversary”) can achieve a specific break.
13
Basic principles of Modern Cryptography
Mathematics and the real world --- models
1.If a mathematical definition does not model appropriately the real world problem then the definition may be useless --- e.g., the adversarial power may be to week, or the break may not may not be foreseen.
Our arguments
1.Appeal to intuition
2.Proof of equivalence
3.Examples
14
Basic principles of Modern Cryptography
2. Reliance on precise assumptions
1. Validation of the assumption
• By there very nature assumptions/statements are not proven but conjectured . . .
2. Comparison of schemes If one scheme makes a weaker assumption than another then the
first is to be preferred . . .
3. Facilitation of proofs of security If the security of a scheme cannot be proven unconditionally and
must rely on an assumption then a mathematical proof that the construction is secure requires a precise definition of the statement.
15
Basic principles of Modern Cryptography
3. Rigorous Proofs of security
Reductionist approach:
“Given assumption X is true, construction Y is secure according to the given definition.”
16
