Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography Lecture 12.

Published byArthur Simmons Modified over 5 years ago

Similar presentations

Presentation on theme: "Cryptography Lecture 12."— Presentation transcript:

1 Cryptography Lecture 12

2 Problems 1 Let t be a fixed n-bit value. If we randomly select an n-bit value x. What is the probability of x = t? 2-n

3 Problems 1 Union bound: Pr[E1 V E2] ≤ Pr[E1] + Pr[E2]
E1 V E2: disjunction (E1 or E2 occurs) What is the probability that a random n-bit value y is equal to any of q n-bit different values? = Pr[y = first value] + Pr[ y = second value] + … Pr[y = q-th value] = q/2n

4 Problems 1 Union bound: Pr[E1 V E2] ≤ Pr[E1] + Pr[E2]
E1 V E2: disjunction (E1 or E2 occurs) What is the probability that a random n-bit value y is equal to any of q n-bit different values? What if these q values are randomly selected? Simple… ≤q/2n Remember when this is used? (Our first CPA secure scheme using PRF! Page 83)

5 Problem 2 (Birthday problem) If q people are in a classroom, what is the probability that two of them have the same birthday? (Assume birthdays are uniformly and independently distributed among the 365 days.) Equivalently, if we choose q elements y1, y2, …, yq uniformly form a set of N, what is the probability there exist distinct i, j with yi=yi? This event is called a collision. Let’s write coll(q, N) to denote the probability of this event.

6 Problem 2 It can be proven (book pp. 543 and 544)
q(q-1)/4N ≤ coll(q, N) ≤ q2/2N Conclusion is important Proofs are standard (although not required by the exam, you are encouraged to go over them. It is a good exercise, indeed.) Very tight bound, mathematically beautiful Can be understood in two ways When N is small, coll is high! (so that you can attack!) When N is large, coll is negligible! (so that you cannot attack)

7 The remaining lecture Finish authenticated encryption and secure sessions

Download ppt "Cryptography Lecture 12."

Similar presentations

Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.

Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.
Let X 1, X 2,..., X n be a set of independent random variables having a common distribution, and let E[ X i ] = . then, with probability 1 Strong law.

Let X 1, X 2,..., X n be a set of independent random variables having a common distribution, and let E[ X i ] = . then, with probability 1 Strong law.
Occupancy Problems m balls being randomly assigned to one of n bins. (Independently and uniformly) The questions: - what is the maximum number of balls.

Occupancy Problems m balls being randomly assigned to one of n bins. (Independently and uniformly) The questions: - what is the maximum number of balls.
Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.
CIS 5371 Cryptography 3b. Pseudorandomness.

CIS 5371 Cryptography 3b. Pseudorandomness.
Foundations of Cryptography Lecture 4 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 4 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.
1. Probability of Equally Likely Outcomes 2. Complement Rule 1.

1. Probability of Equally Likely Outcomes 2. Complement Rule 1.
Foundations of Cryptography Lecture 8 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 8 Lecturer: Moni Naor.
This is a discrete distribution. Poisson is French for fish… It was named due to one of its uses. For example, if a fish tank had 260L of water and 13.

This is a discrete distribution. Poisson is French for fish… It was named due to one of its uses. For example, if a fish tank had 260L of water and 13.
CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)

CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)
One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.

One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.
CS555Spring 2012/Topic 111 Cryptography CS 555 Topic 11: Encryption Modes and CCA Security.

CS555Spring 2012/Topic 111 Cryptography CS 555 Topic 11: Encryption Modes and CCA Security.
Ryan Henry I 538 /B 609 : Introduction to Cryptography.

Ryan Henry I 538 /B 609 : Introduction to Cryptography.
CS555Spring 2012/Topic 81 Cryptography CS 555 Topic 8: Pseudorandom Functions and CPA Security.

CS555Spring 2012/Topic 81 Cryptography CS 555 Topic 8: Pseudorandom Functions and CPA Security.
1 4.1 Hash Functions and Data Integrity A cryptographic hash function can provide assurance of data integrity. ex: Bob can verify if y = h K (x) h is a.

1 4.1 Hash Functions and Data Integrity A cryptographic hash function can provide assurance of data integrity. ex: Bob can verify if y = h K (x) h is a.
Cryptography Lecture 3 Arpita Patra © Arpita Patra.

Cryptography Lecture 3 Arpita Patra © Arpita Patra.
Probabilistic analysis

Probabilistic analysis
B504/I538: Introduction to Cryptography

B504/I538: Introduction to Cryptography
Probability – part 1 Prof. Carla Gomes gomes@cs.cornell.edu Rosen 1 1.

Probability – part 1 Prof. Carla Gomes Rosen 1 1.

Similar presentations

Ads by Google