1 CIS 5371 Cryptography 3. Private-Key Encryption and Pseudorandomness B ased on: Jonathan Katz and Yehuda Lindel Introduction to Modern Cryptography.

Slides:



Advertisements
Similar presentations
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Advertisements

CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.
CIS 5371 Cryptography 3b. Pseudorandomness.
Cryptography: The Landscape, Fundamental Primitives, and Security David Brumley Carnegie Mellon University.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
1 CIS 5371 Cryptography 4. Collision Resistant Hash Functions B ased on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Computability and Complexity 20-1 Computability and Complexity Andrei Bulatov Random Sources.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
CMSC 456 Introduction to Cryptography
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
CRYPTOGRAPHY WHAT IS IT GOOD FOR? Andrej Bogdanov Chinese University of Hong Kong CMSC 5719 | 6 Feb 2012.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
CS555Spring 2012/Topic 41 Cryptography CS 555 Topic 4: Computational Approach to Cryptography.
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Computer Security CS 426 Lecture 3
1 CSE 5351: Introduction to Cryptography Ten H. Lai Spring 2015 MW 3:55-5:15 PM, CL133.
Foundations of Cryptography Rahul Jain CS6209, Jan – April 2011
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
CIS 5371 Cryptography Introduction.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CS555Spring 2012/Topic 51 Cryptography CS 555 Topic 5: Pseudorandomness and Stream Ciphers.
CS555Spring 2012/Topic 111 Cryptography CS 555 Topic 11: Encryption Modes and CCA Security.
Cryptography Lecture 2 Stefan Dziembowski
1 CIS 5371 Cryptography 5a. Pseudorandom Objects in Practice Block Ciphers B ased on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography.
Cryptography Lecture 2 Arpita Patra. Summary of Last Class  Introduction  Secure Communication in Symmetric Key setting >> SKE is the required primitive.
1 Reasoning about Concrete Security in Protocol Proofs A. Datta, J.Y. Halpern, J.C. Mitchell, R. Pucella, A. Roy.
1 CIS 5371 Cryptography 4. Message Authentication Codes B ased on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography.
CS555Spring 2012/Topic 31 Cryptography CS 555 Topic 3: One-time Pad and Perfect Secrecy.
CS555Spring 2012/Topic 71 Cryptography CS 555 Topic 7: Stream Ciphers and CPA Security.
1 CIS 5371 Cryptography 1.Introduction. 2 Prerequisites for this course  Basic Mathematics, in particular Number Theory  Basic Probability Theory 
Pseudo-random generators Talk for Amnon ’ s seminar.
CS555Spring 2012/Topic 81 Cryptography CS 555 Topic 8: Pseudorandom Functions and CPA Security.
CS555Spring 2012/Topic 151 Cryptography CS 555 Topic 15: HMAC, Combining Encryption & Authentication.
Cryptography Lecture 10 Arpita Patra © Arpita Patra.
Cryptography Lecture 3 Arpita Patra © Arpita Patra.
@Yuan Xue CS 285 Network Security Block Cipher Principle Fall 2012 Yuan Xue.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
1 CIS 5371 Cryptography 1.Introduction. 2 Prerequisites for this course  Basic Mathematics, in particular Number Theory  Basic Probability Theory 
Topic 36: Zero-Knowledge Proofs
Cryptography Lecture 5 Arpita Patra © Arpita Patra.
Modern symmetric-key Encryption
Secrecy of (fixed-length) stream ciphers
Topic 5: Constructing Secure Encryption Schemes
CMSC 414 Computer and Network Security Lecture 3
Cryptography Lecture 6.
Topic 7: Pseudorandom Functions and CPA-Security
Cryptography Lecture 5 Arpita Patra © Arpita Patra.
Cryptography Lecture 4.
Cryptography Lecture 5.
Cryptography Lecture 8.
Cryptography Lecture 6.
Cryptography Lecture 7.
CIS 5371 Cryptography 2. Perfect Secret Encryption
Presentation transcript:

1 CIS 5371 Cryptography 3. Private-Key Encryption and Pseudorandomness B ased on: Jonathan Katz and Yehuda Lindel Introduction to Modern Cryptography

2 A Computational Approach to Cryptography The principal of Kerchoffs essentially says that it is not necessary to use a perfectly-secret encryption scheme, but instead it suffices to use a scheme that cannot be broken in reasonable time with any reasonable probability of success.

3 A Computational Approach to Cryptography That is, it suffices to use an encryption scheme that can be broken in theory but that cannot be broken in practice with probability better than in 200 years using the fastest available supercomputer.

4 A Computational Approach 1.Security is only preserved against efficient adversaries 2.Adversaries can potentially succeed with some very small probability (small enough so that we are not concerned that it will ever really happen)

5 A concrete approach

6 The asymptotic approach

7 The asymptotic approach

8

9 The asymptotic approach – an example

10 The asymptotic approach – an example

11 The asymptotic approach – an example

12 The asymptotic approach – an example The asymptotic approach has the advantage of not depending on any specific assumptions regarding, e.g., the type of computer an adversary will use.

13 Efficient Algorithms

14 Efficient Algorithms Generating randomness There are a number of ways random bits are obtained in practice. One solution is to use a hardware random number generator that generates random bit- streams based on certain physical phenomena like thermal/electrical noise or radioactive decay. Another possibility is to use software random number generators which generate random bit- streams based on unpredictable behavior such as the time between key-strokes, movement of the mouse, hard disk access times, and so on.

15 Efficient Algorithms Generating randomness Some modern operating systems provide functions of this sort. Note that, in either of these cases, the underlying unpredictable event is unlikely to directly yield uniformly-distributed bits, and so further processing of the initial bit- stream is needed. Techniques for doing this are complex and poorly understood.

16 Efficient Algorithms Generating randomness One must careful in how random bits are chosen, and the use of badly designed or inappropriate random number generators can often leave a good cryptosystem vulnerable to attack. Particular care must be taken to use a random number generator that is designed for cryptographic use, rather than a general-purpose random number generator which may be fine for some applications but not cryptographic ones

17 Negligible Success

18 Negligible Success

19 Proofs by Reduction Strategy 1. Assume that some low-level problem is hard to solve. 2. Then prove that the construction in question is secure given this assumption.

20 Proofs by Reduction The proof that a given construction is secure as long as some underlying problem is hard generally proceeds by presenting an explicit reduction showing how to convert any efficient adversary A that succeeds in breaking the construction with non-negligible probability into an efficient algorithm A’ succeeds in solving the problem that was assumed to be hard.

21 Proofs by Reduction

22 Proofs by Reduction Instance  of  BreakSolution to x

23 Computationally Secure Encryption

24 Computationally Secure Encryption

25 Computationally Secure Encryption

26 Computationally Secure Encryption

27 Computationally Secure Encryption

Theorem 28

Proof of Theorem We shall reduce the “indistinguishability of the bits of encrypted messages” to the “indistinguishability of the encryptions of the messages” in the presence of an eavesdropper. 29

30 Adversary A Protocol , being analyzed

31 Proof, in detail

32 Proof of theorem– by reduction Adversary A ( bit distinguisher ) Algorithm A’ ( message distinguisher )

Semantic Security 33

Semantic Security: Definition 34

Semantic Security: Theorem A private-key encryption scheme has indistinguishable encryptions in the presence of an eavesdropper if and only if, it is semantically secure in the presence of an eavesdropper. 35

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.