Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dan Boneh Stream ciphers The One Time Pad Online Cryptography Course Dan Boneh.

Published byIris Tucker Modified over 8 years ago

Similar presentations

Presentation on theme: "Dan Boneh Stream ciphers The One Time Pad Online Cryptography Course Dan Boneh."— Presentation transcript:

1 Dan Boneh Stream ciphers The One Time Pad Online Cryptography Course Dan Boneh

2 Dan Boneh Symmetric Ciphers: definition Def: a cipher defined over is a pair of “efficient” algs (E, D) where E is often randomized. D is always deterministic.

3 Dan Boneh The One Time Pad (Vernam 1917) First example of a “secure” cipher key = (random bit string as long the message)

4 Dan Boneh The One Time Pad (Vernam 1917) msg:0 1 1 0 1 1 1 key:1 0 1 1 0 1 0 CT: msg:0 1 1 0 1 1 1 key:1 0 1 1 0 1 0 CT: ⊕

5 Dan Boneh You are given a message (m) and its OTP encryption (c). Can you compute the OTP key from m and c ? No, I cannot compute the key. Yes, the key is k = m ⊕ c. I can only compute half the bits of the key. Yes, the key is k = m ⊕ m.

6 Dan Boneh The One Time Pad (Vernam 1917) Very fast enc/dec !! … but long keys (as long as plaintext) Is the OTP secure? What is a secure cipher?

7 Dan Boneh What is a secure cipher? Attacker’s abilities: CT only attack (for now) Possible security requirements: attempt #1: attacker cannot recover secret key attempt #2: attacker cannot recover all of plaintext Shannon’s idea: CT should reveal no “info” about PT

8 Dan Boneh Information Theoretic Security (Shannon 1949)

9 Dan Boneh Information Theoretic Security R

10 Dan Boneh Lemma: OTP has perfect secrecy. Proof:

11 Dan Boneh None 1 2

12 Dan Boneh Lemma: OTP has perfect secrecy. Proof:

13 Dan Boneh The bad news …

14 Dan Boneh End of Segment

Download ppt "Dan Boneh Stream ciphers The One Time Pad Online Cryptography Course Dan Boneh."

Similar presentations

Dan Boneh Message integrity Message Auth. Codes Online Cryptography Course Dan Boneh.

Dan Boneh Message integrity Message Auth. Codes Online Cryptography Course Dan Boneh.
ElGamal Security Public key encryption from Diffie-Hellman

ElGamal Security Public key encryption from Diffie-Hellman
Dan Boneh Using block ciphers Modes of operation: one time key Online Cryptography Course Dan Boneh example: encrypted email, new key for every message.

Dan Boneh Using block ciphers Modes of operation: one time key Online Cryptography Course Dan Boneh example: encrypted , new key for every message.
Trusted 3rd parties Basic key exchange

Trusted 3rd parties Basic key exchange
Dan Boneh Block ciphers Exhaustive Search Attacks Online Cryptography Course Dan Boneh.

Dan Boneh Block ciphers Exhaustive Search Attacks Online Cryptography Course Dan Boneh.
Conventional Encryption: Algorithms

Conventional Encryption: Algorithms
Online Cryptography Course Dan Boneh

Online Cryptography Course Dan Boneh
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz.
1 PRPs and PRFs CS255: Winter 2008 1.Abstract ciphers: PRPs and PRFs, 2.Security models for encryption, 3.Analysis of CBC and counter mode Dan Boneh, Stanford.

1 PRPs and PRFs CS255: Winter Abstract ciphers: PRPs and PRFs, 2.Security models for encryption, 3.Analysis of CBC and counter mode Dan Boneh, Stanford.
CIS 5371 Cryptography 3b. Pseudorandomness.

CIS 5371 Cryptography 3b. Pseudorandomness.
Introduction to Cryptography David Brumley Carnegie Mellon University Credits: Many slides from Dan Boneh’s June 2012 Coursera crypto.

Introduction to Cryptography David Brumley Carnegie Mellon University Credits: Many slides from Dan Boneh’s June 2012 Coursera crypto.
Dan Boneh Message Integrity A Parallel MAC Online Cryptography Course Dan Boneh.

Dan Boneh Message Integrity A Parallel MAC Online Cryptography Course Dan Boneh.
1 Brief PRP-PRF Recap CS255 Winter ‘06. 2 PRPs and PRFs PRF: F: K  X  Y such that: exists “efficient” algorithm to eval. F(k,x) PRP: E: K  X  X such.

1 Brief PRP-PRF Recap CS255 Winter ‘06. 2 PRPs and PRFs PRF: F: K  X  Y such that: exists “efficient” algorithm to eval. F(k,x) PRP: E: K  X  X such.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Ref. Cryptography: theory and practice Douglas R. Stinson

Ref. Cryptography: theory and practice Douglas R. Stinson
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
A Designer’s Guide to KEMs Alex Dent

A Designer’s Guide to KEMs Alex Dent
Introduction to Modern Cryptography Instructor: Amos Fiat Strongly based on presentation and class by Benny Chor School of Computer Science Tel- Aviv Univ.

Introduction to Modern Cryptography Instructor: Amos Fiat Strongly based on presentation and class by Benny Chor School of Computer Science Tel- Aviv Univ.
Princeton University COS 433 Cryptography Fall 2005 Boaz Barak COS 433: Cryptography Princeton University Fall 2005 Boaz Barak Lecture 2: Perfect Secrecy.

Princeton University COS 433 Cryptography Fall 2005 Boaz Barak COS 433: Cryptography Princeton University Fall 2005 Boaz Barak Lecture 2: Perfect Secrecy.

Similar presentations

Ads by Google