Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secrets & Lies, Knowledge & Trust. (Modern Cryptography) COS 116 4/17/2007 Guest Lecturer: Ari Feldman.

Published byCornelius Moore Modified over 8 years ago

Similar presentations

Presentation on theme: "Secrets & Lies, Knowledge & Trust. (Modern Cryptography) COS 116 4/17/2007 Guest Lecturer: Ari Feldman."— Presentation transcript:

1 Secrets & Lies, Knowledge & Trust. (Modern Cryptography) COS 116 4/17/2007 Guest Lecturer: Ari Feldman

2 Literally means “hidden writing” Cryptography Really is the making and breaking of systems designed to achieve two goals:  Confidentiality — Keeping information secret  Integrity — Ensuring that messages are authentic and preventing undetected modifications to messages

3 Ancient ideas (pre-1976)  More and more complicated letter scrambling Ancient vs. Modern Crypto Modern cryptography (post-1976)  Based on computational complexity — the study of what computers can and can’t do efficiently

4 Terminology cipher — an encryption method plaintext — the original message before encryption ciphertext — the encrypted version of the mesage

5 Cast of characters Alice Bob Eve (a.k.a. Mallory) (note the devil horns)

6 Suppose that Alice wants to send the message “THE LECTURER SMELLS” to Bob in encrypted form. What is the simplest cipher you can think of? Sending an encrypted message

7 Caesar’s Cipher (c. 100BCE) To encrypt: replace each letter of the plaintext with a letter that is a fixed number of positions further down the alphabet “THE LECTURER SMELLS”“WKH OHFWXUHU VPHOOV” If Alice shifts by 3 places, then

8 Caesar’s Cipher: A closer look We can represent each letter A–Z as a number 0–25 We can represent the size of the shift with a number K which can have values 0–25 To encrypt, we take each letter L of the original message and calculate: (L + K) mod 26 ‘mod’ gives you the remainder after dividing (e.g. 27 mod 26 = 1) ‘mod 26’ causes numbers greater than or equal to 26 to “wrap around” K is the “key” — a secret parameter to the cipher that Alice and Bob need to agree on.

9 Caesar’s Cipher is weak Caesar’s Cipher can be broken easily. How? “It will keep your kid sister out, but it won't keep the police out.” — Bruce Schneier (Cryptographer) There are only 26 possible keys — you can easily try them all!

10 Another idea: One-time Pad Step 1: Alice and Bob meet in advance Together they generate an array of random numbers that is as long as the message that Alice will later send Bob Each of the numbers in the array is between 0 and 25 This array is the one-time pad 35102516137614 2223192119149

11 One-time Pad (cont.) Step 2: To encrypt the message, Alice adds each letter of the message to the corresponding number in the one-time pad and takes the result mod 26. 35102516137614 2223192119149 197411421920174 1812411 18 THE LECTURER SMELLS + = 2212141020150051813255 4 1 WMOKUPAAFSNZFZEZB

12 One-time Pad (cont.) Step 3: To decrypt the message, Bob subtracts each number in the one-time pad from the corresponding letter of the ciphertext and takes the result mod 26. 35102516137614 2223192119149 197411421920174 1812411 18 THE LECTURER SMELLS – = 2212141020150051813255 4 1 WMOKUPAAFSNZFZEZB

13 One-time Pad — the good news Incredibly strong security: the ciphertext “looks random” — it is equally likely to be the encryption of any message of the same length

14 One-time Pad — the bad news Alice and Bob must share a secret as long as the message itself Using the same one-time pad more than once compromises security — hence the adjective “one-time” (Hopefully, you’ll see why in lab) The one-time pad must be truly random. How does a computer get randomness?

15 Random source hypothesis Integral to modern cryptography I and my computer have a source of random bits These bits look completely random and unpredictable to the rest of the world. Ways to generate: Quantum phenomena in semi-conductors, timing between keystrokes, etc. 0110101010011010011011101010010010001…

16 Communicating with strangers So far, we have assumed that the sender and the receiver of a message have agreed on a secret key in advance But sometimes perfect strangers need to exchange encrypted messages How can you send your encrypted credit card number to Amazon? Insecure link (Internet) (Jeff Bezos ’86)

17 Public-key cryptography Main idea: Amazon has 2 keys:  A public key that everyone knows  A private key that only it knows Important Property: A message that is encrypted using the public key can only be decrypted using the private key

18 Public-key cryptography at a conceptual level “Box that clicks shut, and only Amazon has the key to open it.” Example:  Enter your credit card number  Put it in box, ship it to Amazon  Amazon opens box, recovers your credit card number credit card #

19 RSA One of the most popular implementations of public-key cryptography Rivest, Shamir, Adleman [1977]

20 Pick 2 large random prime numbers p and q — random source hypothesis! Let N = p q “Derive” values e and d from p and q such that e and d are mathematical inverses — leaving out many details! RSA (cont.) public key = (e, N) private key = (d, N)

21 RSA and integer factoring The security of RSA depends on a problem that is easy to generate, but seemingly hard to solve: integer factoring If you could efficiently derive p and q from N (i.e. factor N), you would be able to derive e and d And once you know d, you know Amazon’s private key!

22 Integer factoring (cont.) Easy to generate: Just multiply two prime numbers (N = p q) Seemingly hard to solve: Given N, find p and q  What algorithm could you use?  What if p and q are each hundreds or even thousands of bits long? (Aside: factoring is also easy to verify because given a potential solution p and q, you can efficiently verify that N = p q. Indeed, factoring is in NP.)

23 Status of factoring Despite many centuries of work, no efficient algorithms. Believed to be computationally hard, but remains unproved (“almost –exponential time”) You rely on it every time you use e-commerce (Aside: If quantum computers ever get built, may become easy to solve.)

24 Last theme Suppose you observe something What does it mean to learn nothing from it? Suggestions?

25 One-time pad revisited In what sense did Eve learn nothing about the message? Answer 1: Transmission looked like a sequence of random letters Answer 2: Transmission looked like something she could easily have generated herself Eve THE LECTURER SMELLS WMOKUPAAFSNZFZEZB Eureka! moment for modern cryptography THE LECTURER SMELLSWMOKUPAAFSNZFZEZB

26 Zero Knowledge Proofs [Goldwasser, Micali, Rackoff ’85] What we want: Prox card reader should accept real prox cards and reject fake ones But it should learn nothing about the prox card except that it is a prox card (e.g. to preserve privacy, it shouldn’t learn which prox card it is) prox card prox card reader Student “ZK Proof”: Everything that the verifier sees in the interaction, it could easily have generated itself.

27 Illustration: Zero-Knowledge Proof that “Sock A is different from sock B” Suppose that I know what distinguishes sock A from sock B, but you don’t Now suppose that I want to prove to you that I know what distinguishes them Normally, I would just tell you: “Look, sock A has a tiny hole and sock B doesn’t!” Sock A Sock B

28 Illustration: Zero-Knowledge Proof that “Sock A is different from sock B” (cont.) But what if I don’t want to give away the distinguishing feature? I could use the following ZKP: “OK, why don’t you put both socks behind your back. Show me a random one, and I will say whether it is sock A or sock B. Repeat as many times as you like, I will always be right.” Why do you learn “nothing”? (Except that the socks are indeed different.) Sock A Sock B

29 Main themes of today’s lecture Creating problems can be easier than solving them Difference between seeing information and making sense of it Role of randomness in the above Ability of 2 complete strangers to exchange secret information

Download ppt "Secrets & Lies, Knowledge & Trust. (Modern Cryptography) COS 116 4/17/2007 Guest Lecturer: Ari Feldman."

Similar presentations

Secrets & Lies, Knowledge & Trust. (Modern Cryptography) COS 116, Spring 2010 Adam Finkelstein.

Secrets & Lies, Knowledge & Trust. (Modern Cryptography) COS 116, Spring 2010 Adam Finkelstein.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Section 3.8: More Modular Arithmetic and Public-Key Cryptography

Section 3.8: More Modular Arithmetic and Public-Key Cryptography
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.

BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
What is Elliptic Curve Cryptography?

What is Elliptic Curve Cryptography?
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Creating Secret Messages. 2 Why do we need to keep things secret? Historically, secret messages were used in wars and battles For example, the Enigma.

Creating Secret Messages. 2 Why do we need to keep things secret? Historically, secret messages were used in wars and battles For example, the Enigma.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.

1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
CRYPTOGRAPHY WHAT IS IT GOOD FOR? Andrej Bogdanov Chinese University of Hong Kong CMSC 5719 | 6 Feb 2012.

CRYPTOGRAPHY WHAT IS IT GOOD FOR? Andrej Bogdanov Chinese University of Hong Kong CMSC 5719 | 6 Feb 2012.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

Similar presentations

Ads by Google