Download presentation
Presentation is loading. Please wait.
Published byMaud Lewis Modified over 9 years ago
1
CS 4/585: Cryptography Tom Shrimpton FAB 120-04 725-5392
2
What is cryptography? History History Modern cryptography Modern cryptography The “Provable Security” paradigm The “Provable Security” paradigm Cryptographic goals and models Cryptographic goals and models Sample cryptographic problems Sample cryptographic problems
3
Blockciphers Warm up: shift and substitution ciphers Warm up: shift and substitution ciphers Syntax and the Ideal Cipher model Syntax and the Ideal Cipher model Pseudorandom Permutations and Pseudorandom Functions Pseudorandom Permutations and Pseudorandom Functions The PRP/PRF switching lemma The PRP/PRF switching lemma Feistel ciphers, DES, linear cryptanalysis Feistel ciphers, DES, linear cryptanalysis AES AES
4
Symmetric Encryption Enciphering vs. encryption: syntax, notation Enciphering vs. encryption: syntax, notation Modes of operation: CBC, CTR, ECB, … Modes of operation: CBC, CTR, ECB, … Security goals: semantic security and equivalent notions Security goals: semantic security and equivalent notions Adversarial attack models Adversarial attack models Broken schemes Broken schemes Proofs of security: CTRC, CBC random IV Proofs of security: CTRC, CBC random IV
5
Symmetric Message Authentication What is a MAC, and why isn’t encryption enough? What is a MAC, and why isn’t encryption enough? Constructions: CBC-MAC, universal hash MACS, HMAC Constructions: CBC-MAC, universal hash MACS, HMAC Security goals: existential unforgeability Security goals: existential unforgeability Broken Schemes (that look right!) Broken Schemes (that look right!) Proofs of security: CBC-MAC, UH-MACS Proofs of security: CBC-MAC, UH-MACS
6
Authenticated Encryption The “lead pipe” or “opaque envelope” The “lead pipe” or “opaque envelope” Security goals: privacy + authenticity Security goals: privacy + authenticity Constructions: generic composition, one- pass schemes Constructions: generic composition, one- pass schemes How to break them if implemented poorly How to break them if implemented poorly
7
Cryptographic Hash Functions What are they and why do we need them? What are they and why do we need them? Security goals (crypto with no keys?!) Security goals (crypto with no keys?!) Merkle-Damgard constructions Merkle-Damgard constructions MD5, SHA1 MD5, SHA1 Blockcipher-based constructions Blockcipher-based constructions
8
Math for Asymmetric Encryption Number theory basics Number theory basics Group theory basics Group theory basics “Hard” problems (eg, discrete log) “Hard” problems (eg, discrete log) Examples: RSA, ElGamal, Diffie-Hellman Examples: RSA, ElGamal, Diffie-Hellman
9
Asymmetric Encryption Review of the public-key model Review of the public-key model Syntax of Public-Key Encryption Syntax of Public-Key Encryption How to use RSA properly How to use RSA properly Security goals: Semantic Security and equivalent notions Security goals: Semantic Security and equivalent notions Hybrid Encryption Hybrid Encryption OAEP, the PKCS v1 break… OAEP, the PKCS v1 break…
10
Asymmetric Message Authentication Syntax of Digital Signatures Syntax of Digital Signatures Security goals Security goals RSA-based schemes RSA-based schemes Hash-and-Sign paradigm Hash-and-Sign paradigm Full-domain hash (FDH) signatures Full-domain hash (FDH) signatures ElGamal-based schemes: Schnorr signatures ElGamal-based schemes: Schnorr signatures
11
Stream Ciphers Pseudorandom number generators Pseudorandom number generators What kind of object is a stream cipher? What kind of object is a stream cipher? Constructions: RC4 Constructions: RC4 The infamous WEP (802.11) attack The infamous WEP (802.11) attack
12
Other stuff… Computational issues Computational issues Key-exchange Key-exchange Signcryption Signcryption One-way functions One-way functions Mutual authentication Mutual authentication Zero-knowledge proofs Zero-knowledge proofs Identity-based encryption Identity-based encryption
13
Symmetric Encryption MACS Asymmetric Encryption Blockciphers Number Theory, etc. Auth. Encryption Digital Signatures Hash Functions Stream Ciphers A rough idea of how the “units” fit together…
15
The Big (Partial) Picture Primitives Block Ciphers Hash Functions Hard Problems Stream Ciphers First-Level Protocols Symmetric Encryption Digital Signatures MAC Schemes Asymmetric Encryption Second-Level Protocols SSH, SSL/TLS, IPSec Electronic Cash, Electronic Voting (Can do proofs) (No one knows how to prove security; make assumptions)
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.