Presentation is loading. Please wait.

Presentation is loading. Please wait.

Course summary COS 433: Crptography -Spring 2010 Boaz Barak.

Published byAsher Meese Modified over 9 years ago

Similar presentations

Presentation on theme: "Course summary COS 433: Crptography -Spring 2010 Boaz Barak."— Presentation transcript:

1 Course summary COS 433: Crptography -Spring 2010 Boaz Barak

2 This course was hard… …and it was (partly) my fault.

3 Goals for this course Balanced coverage of crypto: “appetizers, main course, and desserts” Develop “crypto-intuition”....through hard work but with not too much “grunt work”

4 Coverage of crypto Classical ciphers (ceasar, enigma etc..), one- time pad, limitations of information-theoretic security. Pseudorandom generators and functions, CPA/CCA private and public key encryption, Message authentication codes and digital signatures, hash functions. Zero knowledge, multiparty secure computation (e-voting, a-auctions,..), private information retrieval, homomorphic encryption, quantum & crypto.

5 “Crypto intuition” “Paradoxical tradeoffs”: have the cake and eat it too: – CPA/CCA security: hide all information about message, with a mathematical proof of security. – Public key encryption: secure communication over an insecure channel. – Digital signatures/MACs: authentication stronger than hand- written signatures. – Secure multiparty computation: “virtual trusted party”, elections with ideal privacy and ideal accuracy. – Homomorphic encryption: cloud computing without trust. Subtle issues: but often we get the cake in our face.. – Subtle attacks against protocols using CPA instead of CCA security. – Precise modeling of adversarial capabilities. – Complex interaction of secure components (e.g. EtA vs AtE)

6 Classical vs. “Modern”/Rigorous crypto Build scheme (based on intuition, experience) Attempt to attack. Deploy If attack found then patch/restart Give security definition (partly uses intuition, experience) Build scheme Prove (under assumptions / ROM/ICM heuristics) satisfies definition. Refine: More efficient,better analysis. If attack found then either: Assumption violated. Model doesn’t capture reality.  refine/restart Main difference: security definitions separation of modeling and construction enable rigorous analysis comparison of schemes  make progress art  science

7 What we didn’t do: More coverage of authentication protocols: Much of crypto use: “handshake” protocol using public key crypto to obtain private key k Use key k to establish communication channel with confidentiality and integrity. (MACs+private key crypto) Different scenarios: symmetric case (both sides have public keys) One-sided (only server has public key) Password-Authenticated-Key-Exchange - low entropy password - protocols, salt/pepper/slow hash etc.. Tokens / smartcards (e.g. secureID) Didn’t do enough: definitions (often simulation based), protocols, insecure examples, case studies (SSL,IPSec,GSM,wi-fi)

8 What we didn’t do: More examples of widely used or important constructions, standards Only mentioned El-Gamal encryption. Standard padding schemes for RSA, analysis of OAEP. Standard protocols. Digital signature standard. Cramer-Shoup encryption and signatures. Elliptic curve variants of Diffie-Hellman / El-Gamal More block ciphers, modes of encryption. Constructions of hash functions. Concrete multiparty protocols: set intersection, voting. Moderately hard functions – salts / fighting spam. Lattice / Error-Correcting-Codes based public key cryptography.

9 What we didn’t do: Key sizes, concrete security Attacks: Factoring and discrete log subexponential algorithms: Quadratic/Number Field Sieve, Pollard’s rho method. Attacks on private key crypto. Reductions: Concrete analysis: (T, ² ) security, tighter reductions. Derive key size from reduction.

10 What we didn’t do: Other issues in cryptography: Identity based encryption: keys: (PUBmaster,PRIV master ) e name = DERIVE(PUB master,name) d name = DERIVE(PRIV master,name) example: name = “ boaz@princeton.edu#2010-04-28 ” Crypto using the Weil pairing Forward security: break in time t cannot violate security in time t’<t Entropy seeding in pseudorandom generators. Key leakage and side channel attacks.

11 Some of what we did: Rigorous definitions of security of basic crypto primitives: CPA/CCA/CMA. Importance of right definition: CCA vs CPA. Web of reductions between crypto primitives (e.g., PRFs from PRGs, length reduction for MACs, Goldreich-Levin theorem, signature schemes from one-way functions + collision resistant hash functions) High-level goals using basic primitives (e.g. authentication) Basic number theory and RSA/Rabin trapdoor permutations. Random oracle model Zero Knowledge and its use for identification protocols. Multiparty secure computation, and GMW compiler. Homomorphic encryption.

12 Final Exam All material covered in course (lectures+homework), except quantum. Most likely: 4-5 questions totaling 120 points. Can be downloaded starting Monday May 3, must be completed before min{ time download + 48 hours, Fri May 14 2pm } Can use your notes, homework, my handouts, textbooks (Katz-Lindell, Boneh-Shoup, Trevisan’s lectures). Nothing more. Sufficient time to solve, write, review&polish. Not sufficient to review material. Before you start go over: (1) lecture notes (2) your homework and AI’s comments. Can prepare summary in advance, also in a group.

13 Good luck! My office hours Friday 10:30-12pm Review precept: Saturday 1:30pm. Email me/Sushant/Shi Questions??

Download ppt "Course summary COS 433: Crptography -Spring 2010 Boaz Barak."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.

Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.
A Pairing-Based Blind Signature

A Pairing-Based Blind Signature
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
CIS 5371 Cryptography 3b. Pseudorandomness.

CIS 5371 Cryptography 3b. Pseudorandomness.
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”

Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.

Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.
Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.

Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
CMSC 456 Introduction to Cryptography

CMSC 456 Introduction to Cryptography
Cryptography Basic (cont)

Cryptography Basic (cont)
Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared.

Network Security Review. Secure channel Communication security Confidentiality Message Traffic Authentication Integrity How to achieve? Establish shared.
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.

Similar presentations

Ads by Google