Presentation is loading. Please wait.

Presentation is loading. Please wait.

15-349 Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "15-349 Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography."— Presentation transcript:

1 15-349 Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography

2 2 Where we are  Course intro  Cryptography  Intro to crypto  Modern crypto  Symmetric encryption  Asymmetric encryption  Beyond encryption  Cryptographic protocols  Attacking protocols  Program/OS security & trust  Networks security  Beyond technology

3 3 Outline  Cryptographic schemes  Design principles  Confusion and diffusion  Randomization  Kerchoff’s principle  Mathematical foundations  Computational complexity  One-way functions  Trapdoors  What is a secure cipher?

4 4 (Symmetric) Encryption Schemes (K, E, D)  Key generation algorithm  K :   {0,1}   Encryption algorithm  E : {0,1}  x {0,1}   {0,1}   E k : {0,1}   {0,1}   Decryption algorithm  D: {0,1}  x {0,1}   {0,1}   D k : {0,1}   {0,1} 

5 5 What makes a cipher good ?  behaves as expected  Functionally sound  based on mathematics  Confusion and diffusion  examined by experts  Open design  stood the test of time  Moore’s law

6 6 Functional requirements E, D : {0,1} n x {0,1}   {0,1} n  D k (E k (m)) = m  For every k, E k is an injection with inverse D k  E k (m) is easy to compute, given m and k  D k (x) is easy to compute, given x and k  Polynomial in max{n,  } - often linear  If x = E k (m), it is hard to find m without k  Exponential in 

7 7 Confusion and Diffusion Confusion  Replace symbol with another  Hide plaintext symbols Diffusion  Mix up symbols  Spread plaintext around WHATANI ZZZJUCL WHATANI ANWIHAT Modern ciphers are a combination

8 8 Augmenting diffusion  Make it harder for attacker  Repeated encryptions of same text are different  Randomization  E k : {0,1}  x {0,1}   {0,1}   D k : {0,1}   {0,1}   It must be that  >   Part of all modern ciphers

9 9 Open Design Kerchoff’s Principle (1883) The security of a cryptosystem must not depend on keeping the algorithm secret No security by obscurity  Better  Lots of smart but innocuous people dissect it  Than a single smart malicious

10 10 Shannon’s criteria 1. Strength of cipher proportional to effort 2. Keys should be simple 3. Implementation should be simple 4. Errors should not propagate 5. Size of ciphertext same as plaintext

11 11 Critique to Shannon’s Criteria Shannon’s criteria based on manual process 1. Strength of cipher proportional to effort  Strength should be depend on value, cost, time 2. Keys should be simple  Not necessarily 3. Implementation should be simple  Efficient! 4. Errors should not propagate  Yes, many countermeasures nowadays 5. Size of ciphertext same as plaintext  Not necessarily Computers allow powerful automation

12 12 Computational problems  Finite space of solutions  Always decidable  Can grow in size (n)  Bigger size, bigger solution space  Questions  How hard is it to find a solution?  How hard is it to verify a solution?  “Hard” = amount of time  Generic algorithms –Best algorithm possible  Not special cases!

13 13 Computational classes PP  Finding solution polynomial in n –Element lookup in list – O(n) –Sorting a list – O(n 2 )  Verifying solution also polynomial in n  NP  Verifying solution polynomial in n  Finding solution may not be polynomial in n –Polynomial if we can “guess” –Polynomial if we can try solutions in parallel  EXP  Finding solution exponential in n  Verifying solution may not be polynomial in n

14 14 Computational complexity  P  NP  EXP  P  EXP  P = NP ?  Open problem  Believed false n n2n2 n3n3 n 100 PNPEXP 2n2n 22n22n

15 15 NP-Complete problems  In NP  As hard or harder than any other NP problem  Represent all NP problems –If polynomial solution exists, all NP problems have one P = NP –If not, no NP-complete problem has one P  NP  Characteristics  Always solvable  Verifying solution is polynomial  No known polynomial way to find solution  Exponential as far as we know

16 16 Computation in practice  Bounded by time  If a small polynomial instance is solvable  Slightly larger instance also solvable  Possibly with tomorrow’s technology  If a small exponential instance is solvable  Slightly larger instance may not be solvable  Maybe not even with tomorrow’s technology  … but Moore’s law is exponential?  Physical limitations  Can always choose a big enough instance

17 17 NP-Completeness and Crypto  Require attacker to solve an NP-complete problem to find plaintext  Exponential work in n  But …  Crumbles if P = NP  May be easy for small n  Side channel attacks  Advances in technology –But Moore’s law is exponential ??  Trends in cryptography  Rely on problems that are harder than NP  Quantum cryptography

18 18 One-way functions  Easy to compute  f(i)  o  Evaluation in P  Linear  Hard to invert  f -1 (o)  I  Inverse is NP- complete  Foundations of  Hashing f inputoutput Easy – P Hard – NP

19 19 One-way functions with trapdoor  Easy to compute  f(i,t)  o  Encryption in P  Linear  Hard to invert normally  f -1 (o)  i  Decryption without key is NP-complete  Easy to invert through trapdoor  f -1 (o,t)  i  Decryption with key in P  Linear  Foundations of  Encryption  Digital signatures f inputoutput Easy – P Hard – NP Easy – P trapdoor

20 20 Some NP-complete Problems  Boolean satisfiability  Is there an assignment of boolean value that make a formula in conjunctive normal form true?  Knapsack  Is there a way to fill a bag of a given size completely with objects of various sizes?  Cliques  Does a graph have a complete subgraph of a given size?  Discrete logarithm  Is there a such that g a mod n = b  Integer factorization  What are the prime factors of number n?

21 21 When is a Cipher Secure? Polynomial adversary cannot tell a real encryption box from a fake one m x Ek(_)Ek(_) m x Ek(0)Ek(0)

22 22 Formal Definition Let  E: {0,1}  x {0,1}   {0,1}   A(x  m) = 1 iff x = E k (m)  A algorithm polynomial in key length   x m = E k (m) (K,E,D) is a secure encryption scheme if  polynomial p(_)   s.t.   >   k  {0,1}  Pr[A(x m  m) = 1] - Pr[A(x 0  m) = 1] < 1/p(  )

23 23 Key length  The strength of a cipher is given by the length of the key  Strength is non-polynomial in   10% longer key requires much more than 10% extra work  Often each extra bit doubles the effort  To get a stronger cipher, make key longer!  Guideline for modern ciphers  Ciphers with variable key length –RSA –AES  Not sufficient for bad ciphers!

Download ppt "15-349 Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.

ONE WAY FUNCTIONS SECURITY PROTOCOLS CLASS PRESENTATION.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…

1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”

Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Week 2 - Friday.  What did we talk about last time?  Substitution ciphers  Vigenère ciphers  One-time pad.

Week 2 - Friday.  What did we talk about last time?  Substitution ciphers  Vigenère ciphers  One-time pad.
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
By Claudia Fiorini, Enrico Martinelli, Fabio Massacci

By Claudia Fiorini, Enrico Martinelli, Fabio Massacci
Announcement Homework 1 out, due 1/18 11:59pm If you purchased the textbooks, but it hasn’t arrived, please see TA for copies of the questions, Project.

Announcement Homework 1 out, due 1/18 11:59pm If you purchased the textbooks, but it hasn’t arrived, please see TA for copies of the questions, Project.
RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem

RSA ( Rivest, Shamir, Adleman) Public Key Cryptosystem
CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Chapter 11: Limitations of Algorithmic Power

Chapter 11: Limitations of Algorithmic Power
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Ref: Pfleeger96, Ch.31 NP-Complete Problems Reference: Pfleeger, Charles P., Security in Computing, 2nd Edition, Prentice Hall, 1996.

Ref: Pfleeger96, Ch.31 NP-Complete Problems Reference: Pfleeger, Charles P., Security in Computing, 2nd Edition, Prentice Hall, 1996.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.

Similar presentations

Ads by Google