Security and Cryptography December 4, 2001 Portions stolen from Prof. Sahai (spring 2001)

Slides:



Advertisements
Similar presentations
NP-Complete Problems Coloring is complete In particular, we can reduce solving any search problem to finding a valid coloring for some collection of circles!
Advertisements

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
22C:19 Discrete Structures Integers and Modular Arithmetic
Section 3.8: More Modular Arithmetic and Public-Key Cryptography
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
What is Elliptic Curve Cryptography?
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Creating Secret Messages. 2 Why do we need to keep things secret? Historically, secret messages were used in wars and battles For example, the Enigma.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
CRYPTOGRAPHY WHAT IS IT GOOD FOR? Andrej Bogdanov Chinese University of Hong Kong CMSC 5719 | 6 Feb 2012.
Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Public Key Algorithms 4/17/2017 M. Chatterjee.
ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
Lecture 6: Public Key Cryptography
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
1 Introduction to Codes, Ciphers, and Cryptography Michael A. Karls Ball State University.
Chapter 12 Cryptography (slides edited by Erin Chambers)
Quadratic Residuosity and Two Distinct Prime Factor ZK Protocols By Stephen Hall.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
RSA and its Mathematics Behind
Merkle-Hellman Knapsack Cryptosystem Merkle offered $100 award for breaking singly - iterated knapsack Singly-iterated Merkle - Hellman KC was broken by.
Great Theoretical Ideas in Computer Science.
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
CSCI 3130: Formal languages and automata theory Andrej Bogdanov The Chinese University of Hong Kong Interaction,
Cryptography Dec 29. This Lecture In this last lecture for number theory, we will see probably the most important application of number theory in computer.
Public-Key Cryptography CS110 Fall Conventional Encryption.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
MA/CSSE 473 Day 11 Primality testing summary Data Encryption RSA.
Based on Schneier Chapter 5: Advanced Protocols Dulal C. Kar.
Modular Arithmetic with Applications to Cryptography Lecture 47 Section 10.4 Wed, Apr 13, 2005.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Merkle-Hellman Knapsack Cryptosystem
Network Security – Special Topic on Skype Security.
Introduction to Quantum Key Distribution
RSA and its Mathematics Behind July Topics  Modular Arithmetic  Greatest Common Divisor  Euler’s Identity  RSA algorithm  Security in RSA.
Secrets & Lies, Knowledge & Trust. (Modern Cryptography) COS 116 4/17/2007 Guest Lecturer: Ari Feldman.
1 Concurrency and Zero-Knowledge Protocols Amit Sahai MIT Laboratory for Computer Science.
Zero-knowledge proof protocols 1 CHAPTER 12: Zero-knowledge proof protocols One of the most important, and at the same time very counterintuitive, primitives.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
CRYPTOGRAPHY. WHAT IS PUBLIC-KEY ENCRYPTION? Encryption is the key to information security The main idea- by using only public information, a sender can.
22C:19 Discrete Structures Integers and Modular Arithmetic Fall 2014 Sukumar Ghosh.
Lecture 6.1: Misc. Topics: Number Theory CS 250, Discrete Structures, Fall 2011 Nitesh Saxena.
ENCRYPTION TAKE 2: PRACTICAL DETAILS David Kauchak CS52 – Spring 2015.
14-1 Last time Internet Application Security and Privacy Basics of cryptography Symmetric-key encryption.
The Halting Problem Can we design a program that, given any other program and its input, tells whether that program will halt when run on that input?
CSC 3130: Automata theory and formal languages Andrej Bogdanov The Chinese University of Hong Kong Interaction,
CS Modular Division and RSA1 RSA Public Key Encryption To do RSA we need fast Modular Exponentiation and Primality generation which we have shown.
Introduction to Cryptography Lecture 9. Public – Key Cryptosystems Each participant has a public key and a private key. It should be infeasible to determine.
CSCI 3130: Formal languages and automata theory Andrej Bogdanov The Chinese University of Hong Kong Interaction,
Great Theoretical Ideas In Computer Science Anupam GuptaCS Fall 2006 Lecture 15Oct 17, 2006Carnegie Mellon University Algebraic Structures: Groups,
Week 4 - Wednesday.  What did we talk about last time?  Finished DES  AES.
Cryptography CS Lecture 19 Prof. Amit Sahai.
 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.
Public Key Cryptosystem In Symmetric or Private Key cryptosystems the encryption and decryption keys are either the same or can be easily found from each.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 15: From Here to Oblivion.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Topic 36: Zero-Knowledge Proofs
MA/CSSE 473 Day 10 Data Encryption RSA.
Big Numbers: Mathematics and Internet Commerce
Presentation transcript:

Security and Cryptography December 4, 2001 Portions stolen from Prof. Sahai (spring 2001)

Administrivia oHomework assignment 7 due today oHomework Assignment 8 due January 7,2002 oHomework 9 o Part a due next Tuesday o Part b due next Thursday o Part c due next Friday oLab 8 this week oNo lab next week oGuest lecturer(s) Thursday oFinal Exam CS 104 AM

Last Time We saw examples of undecidable problems that computers can’t solve We saw examples of search problems that we believe computers can’t solve quickly.

“Easy” undecidable problems Halting Problem Post's Correspondence Problem (PCP)?

An instance of Post's correspondence problem of size s is a finite set of pairs of strings (g i, h i ) ( i = 1...s s>=1) over some alphabet . A solution is a sequence i 1 i 2... i n of selections such that the strings g i1 g i2... g in and h i1 h i2... h in formed by concatenation are identical.

Sample PCP g 1 = abah 1 = abaa g 2 = bbab h 2 = abab g 3 = baaa h 3 = a g 4 = ah 4 = bb So, 1,3,1,2 would correspond to aba baaa aba bbab from g’s abaa a abaa abab from h’s (not a match)

Sample PCP (cont.) g 1 = aba h 1 = abaa g 2 = bbab h 2 = abab g 3 = baaa h 3 = a g 4 = a h 4 = bb 1,4,2,1,3 1,4,2,1,3 aba a bbab aba baaa

PCP is undecidable  Post's correspondence problem shown to be undecidable by Post in  The problem with size 2 has been proved decidable.  The problem with size 7 has been proved undecidable.  The decidablility of problems with size between 3 and 6 is still pending.

Last Time – hard search problems We saw examples of search problems that we believe computers can’t solve quickly. A search problem is a problem where Is hard to find solution Is easy to check possible solution A complete search problem is as hard as any search problem Search problem is believed to be hard because We can’t solve it No one else can No one can solve any of the complete search problems

Classes of search problems In computer-science terminology: NP = All Search Problems P = Problems we can solve quickly We believe that P  NP, i.e. not every search problem can be solved quickly on a computer. Search problem is NP but not P are used in situations where we want a problem that is Hard to solve Easy to check a solution.

Coloring

Coloring (cont.) We can build a computer as a coloring problem Build simulations of gates NOT, AND, OR Combine simulations to build circuit for, e.g. Carry- ripple adder Result Here is a graph, Color a few circles to mark inputs Find a valid coloring of all circles Read off values of output circles to get result

Coloring (cont.) Coloring is complete In particular, we can reduce solving any search problem to finding a valid coloring for some collection of circles! So, if we could solve Coloring quickly, then P = NP That’s why we believe Coloring can’t be solved quickly by any computer. We call such problems NP-Complete.

NP-complete problems I Coloring ITraveling Salesman Problem IKnapsack problem IPartition Problem

Knapsack problem Ì We are given a set of items each having a weight measured by an integer Ì We are given a capacity for the knapsack ÌWe ask if we can exactly pack the knapsack

Sample Knapsack problem ÌItem weights 2,4,9,13,17,23,32,70,123,157 ÌCapacity is 228 ÌPacking ÌCapacity is 226 ÌPacking (there are none)

Partition problem Ì We are given a set of items each having a weight measured by an integer Ì We are asked if we can divide the items into 2 groups that have the same total weights. ÌLike a knapsack problem ÌWeight is half of total weight

Sample Partition problem ÌItem weights 2,4,9,13,17,23,32,70,123,157 ÌTotal weight is 450 ÌPacking = 225 ÌPacking = 225 ÌWhy is this different from the PCP?

Other Hard Problems? There are other problems besides NP-Complete Problems that we also believe are hard. Can we be sure? No. But humanity has been trying to solve certain mathematical problems for centuries. So. it seems reasonable to assume that nobody will figure out how to solve them soon.

Cryptography Why do we care so much about hard problems? Because sometimes we want to make things hard. Protecting Privacy, Authenticity Want to make it hard for adversaries to: Steal our credit cards Impersonate us Etc. Makes it possible for companies to protect intellectual property.

Cryptography Science of making things hard for adversaries = Cryptography Dates back to Julius Caeser Caesar cipher – shift each character by a few places "UHWXUA WR URPH" encodes “RETURN TO ROME“ Used extensively during WW 2 (and every other war) Used to encode passwords Used to prevent copying of software and data (e.g. DVD).

Requirements of a cryptosystem Easy to encode messages Hard to decode messages

One Approach... It’s so complicated! It must be secure! Cryptosystem XYZ (Patent Pending)

One Approach... Cryptosystem XYZ Broken 2 Days After Release!

One Approach... Unfortunately, this approach is often used in real life. This is one of the reasons why you hear about so many security systems being broken! Examples:DVD encryption (DeCSS), Cell phones in Europe (GSM), encoding of fonts by Adobe, many many more

More sophisticated approach Use the theory of hard search problems and the notion of reducing one problem to another. Show that if you break this security system, you do so by solving some of the world’s greatest unsolved problems first!

Encryption The most basic problem in Cryptography is Encryption: Alice Bob Private Message m

Encryption The most basic problem in Cryptography is Encryption: Alice Bob Private Message m Eve the eavesdropper

Encryption The most basic problem in Cryptography is Encryption: Alice Bob Encrypted Message E(m) Eve the eavesdropper

Encryption Have to make it easy for Bob to recover m But hard for Eve to learn anything about m Alice Bob Encrypted Message E(m) Eve the eavesdropper

Public-Key Cryptography [Diffie-Hellman 1976] Bob’s Public Key Bob’s Secret Key Bob Everybody knows Bob’s published Public Key. Only Bob knows his secret key.

Public-Key Encryption Alice uses Bob’s public key to encrypt m. Bob uses his secret key to recover (decrypt) m. Alice Bob Encrypted Message E(m)

Public-Key Encryption Alice and Eve both know Bob’s public key. Eve must not be able to “break” the encryption even though she knows the public key. Alice Bob Encrypted Message E(m) Eve the eavesdropper

Basic Math Review Let’s recall some basic mathematics: A number p is called prime if its only factors are 1 and itself. Examples:

Basic Math Review Let’s recall some basic mathematics: A number p is called prime if its only factors are 1 and itself. Examples: 2, 3, 5, 7, 11, 13, 17, 19, …

Basic Math Review Let’s recall some basic mathematics: A number p is called prime if its only factors are 1 and itself. Examples: 2, 3, 5, 7, 11, 13, 17, 19, … There are lots of prime numbers. Fact: It is known how to check quickly if a number is prime or not. So, to find a big prime number, we can just keep generating large random numbers until we find a prime.

Basic Math Review Given two primes p and q, it is easy to multiply them together: N = pq But given N, how do you find p and q quickly? i.e. how do you factor N? Easy for small numbers (e.g. 6 or 35). For centuries, mathematicians have been trying to find ways to factor large numbers quickly. No one knows how! Factoring a 10,000 digit N would take centuries on the fastest computer in existence!

How do we know factoring is hard? Problem has a long history Prizes are offeredPrizes are offered and have been for a long time Prizes are offered Factoring progress happens slowly

Factoring RSA-130 (4/10/96) RSA-130 = = * Moore’s Law would add a digit or 2 every year.

Basic Math & Crypto We want to make it so that if Eve the eavesdropper breaks our system, she would have to factor a very large number. We’ll (almost) do that.

Modular Arithmetic Ordinary Arithmetic: … …

Modular Arithmetic Ordinary Arithmetic: Arithmetic Modulo N: … … N = … (N – 3) (N – 2) (N – 1)

Modular Arithmetic Example: Arithmetic Modulo 12 (like Arithmetic on time) (Modulo 12) = 2 – 4 (Modulo 12) = 5 * 4 (Modulo 12) = 4 * 3 (Modulo 12) =

Modular Arithmetic Example: Arithmetic Modulo 12 (like Arithmetic on time) (Modulo 12) = 2 2 – 4 (Modulo 12) = 5 * 4 (Modulo 12) = 4 * 3 (Modulo 12) =

Modular Arithmetic Example: Arithmetic Modulo 12 (like Arithmetic on time) (Modulo 12) = 2 2 – 4 (Modulo 12) = 10 5 * 4 (Modulo 12) = 4 * 3 (Modulo 12) =

Modular Arithmetic Example: Arithmetic Modulo 12 (like Arithmetic on time) (Modulo 12) = 2 2 – 4 (Modulo 12) = 10 5 * 4 (Modulo 12) = 8 4 * 3 (Modulo 12) =

Modular Arithmetic Example: Arithmetic Modulo 12 (like Arithmetic on time) (Modulo 12) = 2 2 – 4 (Modulo 12) = 10 5 * 4 (Modulo 12) = 8 4 * 3 (Modulo 12) = 0

The RSA Encryption Scheme [Rivest Shamir Adleman 1978] Bob picks two large primes p and q, and computes: N = pq Fact: Because Bob knows p and q, he can pick numbers e and d such that: For all m: ( m e ) d = m (Modulo N) Bob’s Public Key will be e, N Bob’s secret key will be d

The RSA Encryption Scheme Fact: Because Bob knows p and q, he can pick numbers e and d such that: For all m: ( m e ) d = m (Modulo N) To Encrypt a message m, Alice computes: E(m) = m e (Modulo N)

The RSA Encryption Scheme Fact: Because Bob knows p and q, he can pick numbers e and d such that: For all m: ( m e ) d = m (Modulo N) To Encrypt a message m, Alice computes: E(m) = m e (Modulo N) To Decrypt, Bob computes: m = E(m) d (Modulo N)

The RSA Encryption Scheme To Encrypt a message m, Alice computes: E(m) = m e (Modulo N) The only known way to compute m from E(m) involves factoring N. For Eve to break this system, she would have to solve a long-standing open problem in Mathematics. This is probably the most widely used Public-Key Encryption Scheme in the world. Look at Help on IE

Shifting Gears: Proofs… Bob wants to convince Alice of the validity of some statement (like “I really am Bob!”) But Bob doesn’t want to reveal his secrets to Alice in the process… Alice Bob

Zero-Knowledge Proofs What is the least amount of information Bob can reveal, while still convincing Alice? Amazingly, it is possible for Bob to convince Alice of something without revealing any information at all! How can that be?

Magic Tricks Magic tricks are like zero-knowledge proofs: Good magic tricks reveal nothing about how they work. What makes a magic trick good?

A Magic Trick Two balls: Purple and Red, otherwise identical Blindfolded Magician You give a random ball to magician

A Magic Trick (cont.) Magician tells you the color! Magician proves he can distinguish balls blindfolded. You learn nothing except this. Abracadabra, Goobedy goo! It is Red! Wow! He’s so cool!

A Magic Trick (cont.) You knew exactly what magician was going to do. And he did it! Since you knew to begin with, you could not have learned anything new! It’s Red! I knew he would say that.

Zero Knowledge What it means: Alice “knows” what is going to happen. CS-speak: Alice can simulate it herself! Abracadabra, Goobedy goo! It is Red! Simulation

Another Magic Trick Magician asks you to think of either “Apple” or “Banana” Magician then gives you a sealed box.

Mind Reading You tell Magician what you were thinking. I was thinking of a banana.

Banana Mind Reading (cont.) Magician tells you to open box, and read piece of paper in box. Magician proves he can predict what you will say. How did he do that!!

Mind Reading (cont.) Again, you knew what was going to happen.  Zero-Knowledge I was thinking of a banana. Simulation Banana

Mind Reading (cont.) But why was it convincing? Because Magician committed to his guess before you told him.

Cryptographic Commitment Public Key Encryption Scheme To commit to a string x, I send y = E(x). To open the commitment, I reveal my secret key. Commitment is secret. And I can’t change my mind about x once I’ve sent the encryption.

NP-Completeness Remember we can reduce any search problem to Coloring.

NP-Completeness (cont.) “y is an encryption of a valid tax return” reduction

ZK Proof for Coloring Input: Collection of circles. Magician Knows: Coloring using R, B, G First, Magician picks random permutation  :  R,B,G    R,B,G , and applies to coloring: 

ZK Proof (cont.)

ZK Proof: Analysis Suppose NO valid coloring exists. Then at least one pair of connected circles where colors equal.  Alice catches Magician cheating with probability at least 1/n 2. Repeat protocol 100 n 2 times,  Alice catches Magician cheating almost always!

Simulator

Simulated ZK Proof

ZK Proof: Analysis (cont.) Only difference between real & simulated: In real life, commitments are to valid coloring. In simulator, commitments are to invalid coloring. But commitments are secret, by security of encryption scheme.  Simulator output and real life are indistinguishable.

Wrap-up Today we saw some examples illustrating techniques from modern cryptography: Encryption Zero Knowledge Proofs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.