Example: quiz answers

Introduction to Modern Cryptography

Introduction to Modern CryptographyMihir Bellare1 Phillip Rogaway2 May 11, 20051 Department of Computer Science and Engineering, University of California at San Diego, La Jolla, CA92093, USA. of Computer Science, Kemper Hall of Engineering, University of California at Davis,Davis, CA 95616, USA; and Department of Computer Science, Faculty of Science, Chiang Mai University,Chiang Mai, 50200 Thailand. rogaway2 PrefaceThis is a set of class notes that we have been developing jointly for some years. We use them forcryptography courses that we teach at our respective institutions. Each time one of us teachesthe class, he takes the token and updates the notes a bit. The process has resulted in an evolvingdocument that has lots of gaps, as well as plenty of unharmonized parts.

cryptography courses that we teach at our respective institutions. Each time one of us teaches the class, he takes the token and updates the notes a bit. The process has resulted in an evolving document that has lots of gaps, as well as plenty of “unharmonized” parts. One day it will, with luck, be complete and cogent.

Tags:

  Introduction, Teach, Cryptography

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Advertisement

Transcription of Introduction to Modern Cryptography

1 Introduction to Modern CryptographyMihir Bellare1 Phillip Rogaway2 May 11, 20051 Department of Computer Science and Engineering, University of California at San Diego, La Jolla, CA92093, USA. of Computer Science, Kemper Hall of Engineering, University of California at Davis,Davis, CA 95616, USA; and Department of Computer Science, Faculty of Science, Chiang Mai University,Chiang Mai, 50200 Thailand. rogaway2 PrefaceThis is a set of class notes that we have been developing jointly for some years. We use them forcryptography courses that we teach at our respective institutions. Each time one of us teachesthe class, he takes the token and updates the notes a bit. The process has resulted in an evolvingdocument that has lots of gaps, as well as plenty of unharmonized parts.

2 One day it will, withluck, be complete and viewpoint taken throughout these notes is to emphasize thetheory of Cryptography as itcan be applied to is an approach that the two of us have pursued in our research,and it seems to be a pedagogically desirable approach as would like to thank the following students of past versions of our courses who have pointedout errors and made suggestions for changes: Andre Barroso, Keith Bell, Kostas Bimpikis, Alexan-dra Boldyreva, Dustin Boswell, Brian Buesker, Michael Burton, Chris Calabro, Sashka Davis, AlexGantman, Bradley Huffaker, Hyun Min Kang, Vivek Manpuria, Chanathip Namprempre, AdrianaPalacio, Wenjing Rao, Fritz Schneider, Juliana Wong. We welcome further corrections, commentsand BellareSan Diego, California USAP hillip RogawayDavis, California USAc Mihir Bellare and Phillip Rogaway, 1997 Goalsandsettings.

3 Other goals .. Approaches to the study of Cryptography .. WhatbackgrounddoIneed? .. Problems .. 252 Classical Substitution ciphers .. Problems .. 363 Whatisablockcipher?.. DataEncryptionStandard(DES).. Key recovery attacks on AdvancedEncryptionStandard(AES).. Limitations of key-recovery based security .. Problems .. 554 Pseudorandom Function families .. Random functions and Pseudorandom functions .. Pseudorandompermutations .. Modelingblockciphers .. Exampleattacks .. Security against key The birthday attack .. ThePRP/PRFswitchinglemma .. Unix one-way .. 8734 CONTENTS5 Symmetric Symmetricencryptionschemes .. Somesymmetricencryptionschemes.

4 Issuesinprivacy .. Indistinguishability under chosen-plaintext attack .. SecurityofCTRmodes .. Indistinguishability under chosen-ciphertext ..1336 Hash The hash function SHA1 .. Collision-resistant hash functions .. Collision-finding attacks .. One-wayness of collision-resistant hash functions .. Message Thesetting .. Privacy does not imply Syntax for message authentication .. Definitionsofsecurity .. Examples .. The PRF-as-a-MAC paradigm .. Problems ..1728 Authenticated Encryption1779 Computational Number Thebasicgroups .. Algorithms .. Cyclicgroupsandgenerators .. Groupsofprimeorder .. Exercises and Problems ..196 CONTENTS510 Number-Theoretic Discrete logarithm related.

5 Exercises and Problems ..20811 Asymmetric .. Digital ..24013 Authenticated Key Exchange25714 The Asymptotic Approach25915 Interactive Proofs and Zero Interactive functions and the accepting .. Exercises and Problems ..272A The Birthday Problem273B Information-Theoretic Security2756 CONTENTSC hapter 1 IntroductionHistorically, Cryptography arose as a means to enable parties to maintain privacy of the informationthey send to each other, even in the presence of an adversary with access to the communicationchannel. While providing privacy remains a central goal, the field has expandeded to encompassmany others, including not just other goals of communication security, such as guaranteeing in-tegrity and authenticity of communications, but many more sophisticated and fascinating largely the domain of the military, Cryptography is now in widespread use, and you arelikely to have used it even if you don t know it.

6 When you shop on the Internet, for example to , Cryptography is used to ensure privacy of your credit card number asit travels from you to the shop s server. Or, in electronic banking, Cryptography is used to ensurethat your checks cannot be has been used almost since writing was invented. For the larger part of itshistory, Cryptography remained an art, a game of ad hoc designs and attacks. Although the fieldretains some of this flavor, the last twenty-five years have brought in something new. The art ofcryptography has now been supplemented with a legitimate science. In this course we shall focuson that science, which is Modern Cryptography is a remarkable discipline. It is a cornerstone of computer and communi-cations security, with end products that are imminently practical.

7 Yet its study touches on branchesof mathematics that may have been considered esoteric, and it brings together fields like numbertheory, computational-complexity theory, and probabiltity theory. This course is your invitationto this fascinating Goals and settingsModern Cryptography addresses a wide range of problems. But the most basic problem remainsthe classical one of ensuring security of communication across an insecure medium. To describe it,let s introduce the first two members of our cast of characters: our sender,S, and our receiver,R.(Sometimes people call these characters Alice,A, and Bob,B. Alice and Bob figure in many workson Cryptography . But we re going to want the letterAfor someone else, anyway.) The sender andreceiver want to communicate with each : Several cryptographic goals aim to imitate some aspect of an ideal channel connectinga senderSto a ideal our two parties are provided with a dedicated, untappable, im-penetrable pipe or tube into which the sender can whisper a message and the receiver will hearit.

8 Nobody else can look inside the pipe or change what s there. This pipe provides the perfectmedium, available only to the sender and receiver, as though they were alone in the world. It is an ideal communication channel from the security point of view. See Fig. , in real life, there are no ideal channels connecting the pairs of parties that mightlike to communicate with each other. Usually such parties are communicating over some publicnetwork like the most basic goal of Cryptography is to provide such parties with a means to imbue theircommunications with security properties akin to those provided by the ideal this point we should introduce the third member of our cast. This is ouradversary,de-notedA. An adversary models the source of all possible threats.

9 We imagine the adversary ashaving access to the network and wanting to compromise the security of the parties communica-tions in some all aspects of an ideal channel can be emulated. Instead, cryptographers distill a few centralsecurity goals and try to achieve them. The first such goal isprivacy. Providing privacy meanshiding the content of a transmission from the adversary. The second goal want the receiver, upon receiving a communication pertaining to be from the sender, to have away of assuring itself that it really did originate with the sender, and was not sent by the adversary,or modified en route from the sender to the order to achieve security goals such as privacy or authenticity, cryptographysupplies the sender and receiver with aprotocol.

10 A protocol is just a collection of programs (equiva-lently, algorithms, software), one for each party involved. In our case, there would be some programfor the sender to run, and another for the receiver to run. The sender s program tells her how topackage, or encapsulate, her data for transmission. The receiver s program tells him how to decap-sulate the received package to recover the data together possibly with associated information tellingher whether or not to regard it as authentic. Both programs are a function of somecryptographickeysas we discuss is not hard to convince yourself that in order to communicate securely, theremust be something that a party knows, or can do, that the adversary does not know, or cannotdo. There has to be some asymmetry between the situation in which the parties finds themselvesand situation in which the adversary finds modelspecifies who, initially, has what keys.


Related search queries