Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

Published byDuane McDowell Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell."— Presentation transcript:

1 1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

2 Cryptography  Merriam-Webster Online Dictionary: 1.secret writing 2.the enciphering and deciphering of messages in secret code or cipher.  Modern cryptography is more than secret writing. 2

3 3 Computationally Difficult Problems (One-Way Functions) Pseudorandom Generators & Functions Zero-Knowledge Proof Systems Encryption Schemes Crypto Protocols Sgn/MAC/hash Schemes APPLICATIONS A Structural View of Cryptography

4 4 Basic objectives of cryptography  Protecting data privacy (secret writing)  Data integrity (message authentication): allowing the recipient to check if a received message has been modified.  Authentication: Data origin authentication: allowing the recipient to verify the origin of a received message. Entity authentication: allowing the entities of a (connection- oriented) communication to authenticate each other.  Non-repudiation: to prevent the sender from later denying that he/she sent the message.

5 5 Main characters of cryptography  Alice  Bob  Peggy (prover)  Vic (verifier)  Eve (eavesdropper, adversary)

6 6 Bob Alice Eve

7 7 mc Enc Dec Bob Alice m key k key k’ Encryption and secrecy Plaintext ciphertext plaintext

8 8 Encryption and secrecy  Encryption protects secrecy of transmitted messages Encryption Enc k : plaintext m → ciphertext c Decryption Dec k’ : ciphertext c → plaintext m Encryption key: Decryption key:

9 9 Private-key encryption  Also called symmetric-key encryption  Encryption key k = decryption key k’  Dec(k, Enc(k,m)) = m  Or, Dec k (Enc k (m)) = m

10 10 Example: Caesar’s shift cipher  Plaintext: a sequence of English characters m= m 1 m 2 …m t  Each character represented as an integer in 0-25  Key k: an integer in 0-25  Enc k (m) = c= c 1 c 2 …c t where c i =[(m i + k) mod 26]  Dec k (c) = m= m 1 m 2 …m t where m i = [(c i − k) mod 26]  Example: Enc 3 (ohio) = rklr Dec 3 ( rklr) = ohio

11 11 Public-key encryption  Also called asymmetric encryption  Using a pair of keys (pk, sk) pk is public, known to everyone (who wishes to know) sk is secret, known only to the key’s owner (say Alice)  From pk, it is hard to derive sk.  Dec sk (Enc pk (m)) = m.

12 12 mcED Bob Alice m Alice’s public key secret key Public-key Encryption Plaintext ciphertext plaintext

13 13 Example: RSA

14 14 Message authentication codes  Ensuring data integrity using private keys.  Alice and Bob share a private key k.  Alice sends to Bob the augmented message (m, x), where x = MAC k (m).  Bob on receiving (m′, x′), checks if x′ = MAC k (m′). If so, accepts m′ as authentic.

15 15 Digital signatures  Ensuring data integrity and non-repudiation using public-key methods  s = Sign sk (m)  Verify pk (m′, s′) = true or false.  Hash-then-sign: s = Sign sk (h(m)), where h is a cryptographic hash function.

16 Pseudorandom generators (1)  Randomness and security of cryptosystems are closely related.  Vernam’s one-time pad encryption scheme: To encrypt a message m (a string of bits) Randomly generate a bit string k c looks random to anyone not knowing the key k. 16

17 Pseudorandom generators (2)  Expensive to generate truly random bits.  Psuedorandom generators are algorithms that, on input a short random bit string, generate a longer, random-like bit string. 17

18 18 Computationally Difficult Problems (One-Way Functions) Pseudorandom Generators & Functions Zero-Knowledge Proof Systems Encryption Schemes Crypto Protocols Sgn/MAC/hash Schemes APPLICATIONS A Structural View of Cryptography

19 19 Cryptographic primitives  These are often regarded as basic cryptographic primitives: Pseudorandom generators/functions Encryption schemes Cryptographic hash functions MACs, digital signatures  They are often used as building blocks to build cryptographic protocols.

20 20 Cryptographic protocols  A cryptographic protocol: Involves two or more parties Often combines different primitives Accomplishes a more sophisticated task, e.g., tossing a coin over the phone, electronic election

21 21 Example cryptographic protocol  Protocol for user identification using a digital signature scheme Alice has a key pair (pk, sk)  Alice → Bob: “I’m Alice”  Alice ← Bob: a random challenge c  Alice → Bob: a response s = Sign sk (c)  Bob checks if Verify pk (c,s) = true

22 22 Is this protocol secure? Suppose Bob has a key pair (pk, sk)  Alice → Bob: “I’m Alice”  Alice ← Bob: “What’s your password?”  Alice → Bob: a response c = Enc pk (m), where m is Alice’s password  Bob checks if Dec sk (c) is correct.

23 Zero-Knowledge Proofs  In applications, a party often needs to prove that he follows the protocol.  For example, in electronic election, say every voter is supposed to vote 0 or 1 encrypted in a certain public key.  Can Alice prove that she did vote 0 or 1 without revealing what she voted? 23

24 24 One-way functions  Modern cryptosystems are based on (trapdoor) one- way functions and difficult computational problems.  A function f is one-way if it is easy to compute, but hard to invert. Easy to compute: Hard to compute:  Trapdoor: some additional information that makes f -1 easy to compute.

25 25 “Assumed” one-way functions  No function has been proved one-way.  Some functions are believed to be one-way.  For example: Integer multiplication Discrete exponentiation Modular powers

26 26 “Assumed” one-way functions

27 27 Cryptanalysis  Science of studying attacks against cryptographic schemes.  Kerkhoff’s principle: the adversary knows all details about a cryptosystem except the secret key.  Cryptography + Cryptanalysis = Cryptology

28 28 Attacks on encryption schemes  Attacks are different in Objectives: e.g. to obtain partial information about a plaintext, to fully decipher it, or to obtain the secret key Levels of computing power Amount of information available  When studying the security of an encryption scheme, we need to specify the type of attacks.

29 29 Different types of attacks  Different types of attacks (classified by the amount of information that may be obtained by the attacker): Ciphertext-only attack Known-plaintext attack Chosen-plaintext attack (possibly adaptively) Chosen-ciphertext attack (possibly adaptively) Chosen plaintext & ciphertext attack (possibly adaptively)

30 30 Ciphertext-only attacks  Given: a ciphertext c  Q: what is its plaintext of c?  An encryption scheme is completely insecure if it cannot resist this type of attacks.

31 31 Known-plaintext attacks  Given: (m 1,c 1 ), (m 2,c 2 ), …, (m k,c k ) and a new ciphertext c.  Q: what is the plaintext of c?

32 32 Chosen-plaintext attacks  Given: (m 1,c 1 ), (m 2,c 2 ), …, (m k,c k ), where m 1, m 2, …, m k are chosen by the adversary, and a new ciphertext c.  Q: what is the plaintext of c?  Adaptively-chosen-plaintext attack: m 1, m 2, …, m k are chosen adaptively.

33 33 Chosen-ciphertext attacks  Given: (m 1,c 1 ), (m 2,c 2 ), …, (m k,c k ), where c 1, c 2, …, c k are chosen b y the adversary; and a new ciphertext c.  Q: what is the plaintext of c?  Adaptively-chosen-ciphertext attack: c 1, c 2, …, c k are chosen adaptively.

34 Different types of adversaries …  Classified by the amount of computing resources available by the adversary: The attacker has unbounded computing power The attacker only has a polynomial amount of computing power (polynomial in some security parameter, typically the key length). 34

35 35 Unconditional security  Secure even if the adversary has infinite computational resources (CPU time and memory storage).  For example, Vernam’s one-time pad is unconditionally secure against ciphertext- only attack.

36 36 Computational security  Secure if the attacker has only polynomial amount of computational resources.  For example, RSA is considered computationally secure; it may take thousands years to decipher a ciphertext.RSA Why is RSA not unconditionally secure?

37 37 Computational Difficulty (One-Way Functions) Pseudorandom Generators and Functions Zero-Knowledge Proof Systems Encryption Schemes Crypto Protocols Sign/MAC Schemes APPLICATIONS (security) This course:

Download ppt "1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Lecture 2.1: Private Key Cryptography -- I CS 436/636/736 Spring 2013 Nitesh Saxena.

Lecture 2.1: Private Key Cryptography -- I CS 436/636/736 Spring 2013 Nitesh Saxena.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CS1001 Lecture 24. Overview Encryption Encryption Artificial Intelligence Artificial Intelligence Homework 4 Homework 4.

CS1001 Lecture 24. Overview Encryption Encryption Artificial Intelligence Artificial Intelligence Homework 4 Homework 4.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Similar presentations

Ads by Google