# CMSC 456 Introduction to Cryptography

## Presentation on theme: "CMSC 456 Introduction to Cryptography"— Presentation transcript:

CMSC 456 Introduction to Cryptography
Jonathan Katz

Overview of exam The exam is cumulative
More emphasis on material covered in the second half of the semester Focus on understanding and application, less on being clever Please read instructions, and describe attacks or constructions clearly and unambiguously

Chapter 1 Historical private-key encryption schemes
Why did we talk about these? Modern cryptography Definitions Assumptions Proofs

Chapter 2 Perfect secrecy The one-time pad
Limitations of perfect secrecy Key as long as the message Key can only be used once No security against chosen-plaintext attacks Need pre-shared key!

Chapter 3a Computational security Private-key encryption Definitions:
Indistinguishability in the presence of an eavesdropper Multiple-message indistinguishability CPA-security CCA-security

Chapter 3b Primitives Encryption schemes Pseudorandom generators
Pseudorandom functions (block ciphers) AES, 3DES, (DES) Encryption schemes “Pseudo one-time pad” Deterministic encryption? Basic CPA-secure encryption scheme Modes of encryption

Chapter 4a Message authentication codes, defining security
Collision-resistant hash functions SHA-1 Birthday attacks (other applications?) Constructions Basic construction for short messages HMAC CBC-MAC

Chapter 4b Privacy + message authentication, CCA-security
Encrypt-then-authenticate Why are the other alternatives problematic?

Chapter 5 Definition of pseudorandomness…
Concrete security requirements Substitution-permutation networks Attacks on reduced-round SPNs AES Feistel networks Attacks on reduced-round Feistel networks DES Increasing key length 3DES Meet-in-the-middle attacks

Chapter 7 Modular arithmetic, group theory, cyclic groups, generators
ZN, Z*N, (N) Generating random primes Factoring assumption, RSA assumption, discrete logarithm assumption, Diffie-Hellman assumptions One-way functions, examples

Chapter 9 What are the limitations of private-key crypto?
Why did we bother studying private-key crypto at all? Key exchange Definition of security Diffie-Hellman key exchange

Chapter 10a Public-key encryption Definitions Hybrid encryption
Indistinguishability = CPA-security Deterministic encryption? CCA-security Why important Hybrid encryption

Chapter 10b RSA encryption El Gamal encryption Textbook RSA Padded RSA
Why is it insecure? Padded RSA El Gamal encryption What assumption is it based on?

Chapter 12a Digital signatures Definition of security RSA signatures
Advantages relative to MACs? Definition of security RSA signatures Textbook RSA Why is it insecure? Hashed RSA

Chapter 12b Hash-and-sign 1-time signatures, Lamport’s scheme
PKI, certificates

The real world Pseudorandom functions (block ciphers)
AES, 3DES Collision-resistant hash function SHA-1, others (NIST competition) Private-key encryption E.g., CBC mode, others for CPA-security Encrypt-then-authenticate for CCA-security Message authentication codes HMAC, CBC-MAC, others

The real world Key exchange Public-key encryption Signature schemes
(Authenticated) Diffie-Hellman Public-key encryption (Variants of) padded RSA El Gamal encryption CCA-secure schemes Signature schemes (Variants of) hashed RSA DSS (we did not cover)