Presentation is loading. Please wait.

Presentation is loading. Please wait.

15-499Page 1 15-499:Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.

Published byRoger Hodge Modified over 9 years ago

Similar presentations

Presentation on theme: "15-499Page 1 15-499:Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols."— Presentation transcript:

1 15-499Page 1 15-499:Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols

2 15-499Page 2 Cryptography Outline Introduction: terminology and background Primitives: one-way hash functions, trapdoors, … Protocols: digital signatures, key exchange,.. Number Theory: groups, fields, … Private-Key Algorithms: DES, Rijndael, RC4 Cryptanalysis: Differential, Linear Public-Key Algorithms: Knapsack, RSA, El-Gamal, Blum-Goldwasser Case Studies: Kerberos, Digital Cash

3 15-499Page 3 Some Terminology Cryptography – the general term Cryptology – the mathematics Encryption – encoding but sometimes used as general term) Cryptanalysis – breaking codes Steganography – hiding message Cipher – a method or algorithm for encrypting or decrypting

4 15-499Page 4 More Definitions Private Key or Symmetric: Key 1 = Key 2 Public Key or Asymmetric: Key 1  Key 2 Key 1 or Key 2 is public depending on the protocol Encryption Decryption Key 1 Key 2 Cyphertext E k (M) = C D k (C) = M Original Plaintext Plaintext

5 15-499Page 5 Cryptanalytic Attacks C = ciphertext messages M = plaintext messages Ciphertext Only:Attacker has multiple Cs but does not know the corresponding Ms Known Plaintext: Attacker knows some number of (C,M) pairs. Chosen Plaintext: Attacker gets to choose M and generate C. Chosen Ciphertext: Attacker gets to choose C and generate M.

6 15-499Page 6 What does it mean to be secure? Unconditionally Secure: Encrypted message cannot be decoded without the key Shannon showed in 1943 that key must be as long as the message to be unconditionally secure – this is based on information theory A one time pad – xor a random key with a message (Used in 2 nd world war) Security based on computational cost: it is computationally “infeasible” to decode a message without the key. No (probabilistic) polynomial time algorithm can decode the message.

7 15-499Page 7 The Cast Alice – initiates a message or protocol Bob - second participant Trent – trusted middleman Eve – eavesdropper Mallory – malicious active attacker

8 15-499Page 8 Primitives One-way functions One-way trapdoor functions One-way hash functions One-way permutations

9 15-499Page 9 Primitives: One-Way Functions A function Y = f(x) is one-way if it is easy to compute y from x but “hard” to compute x from y Building block of most cryptographic protocols And, the security of most protocols rely on their existence. Unfortunately, not known to exist. This is true even if we assume P  NP.

10 15-499Page 10 One-way functions: possible definition 1.F(x) is polynomial time 2.F -1 (x) is NP-hard It is not hard to come up with such functions. But, what is wrong with this?

11 15-499Page 11 One-way functions: better definition For most y no single PPT (probabilistic polynomial time) algorithm can compute x Roughly: at most a fraction 1/|x| k instances x are easy for any k and as |x| ->  This definition can be used to make the probability of hitting an easy instance arbitrarily small.

12 15-499Page 12 Some examples (conjectures) Factoring: x = (u,v) y = f(u,v) = u*v If u and v are prime it is hard to generate them from y. Discrete Log: y = g x mod p where p is prime and g is a “generator” (i.e., g 1, g 2, g 3, … generates all values < p). DES with fixed message: y = DES x (m) This would assume a family of DES functions of increasing size

13 15-499Page 13 One-way functions in private-key protocols y = ciphertext m = plaintext x = key y = f(x) = E x (m) In a known-plaintext attack we know a (y,m) pair. The m along with E defines f(x) f(x) needs to be easy f -1 (y) should be hard Otherwise we could extract the key x.

14 15-499Page 14 One-way functions in public-key protocols y = ciphertext x = plaintext k = public key y = f(x) = E k (x) We know k and thus f(x) f(x) needs to be easy f -1 (y) should be hard Otherwise we could decrypt y. But what about the intended recipient, who should be able to decrypt y? Note the change of role of the key and plaintext from the previous example

15 15-499Page 15 One-Way Trapdoor Functions A one-way function with a “trapdoor” The trapdoor is a key that makes it easy to invert the function y = f(x) Example: RSA (conjecture) y = x e mod n Where n = pq (p, q, e are prime) p or q or d (where ed = (p-1)(q-1) mod n) can be used as trapdoors In public-key algorithms f(x) = public key (e.g., e and n in RSA) Trapdoor = private key (e.g., d in RSA)

16 15-499Page 16 One-way Hash Functions Y = h(x) where –y is a fixed length independent of the size of x. In general this means h is not invertible since it is many to one. –Calculating y from x is easy –Calculating any x such that y = h(x) give y is hard Used in digital signatures and some other protocols.

17 15-499Page 17 Protocols Built out of the primitives. Often the weakest point in terms of security –Digital signatures –Authentication –Key exchange –Secret sharing –Timestamping services –Zero-knowledge proofs –Blind-signatures –Key-escrow –Secure elections –Digital cash

18 15-499Page 18 Protocols: Digital Signatures Goals: 1.Convince recipient that message was actually sent by a trusted source 2.Do not allow repudiation, i.e., that’s not my signature. 3.Do not allow tampering with the message without invalidating the signature Item 2 turns out to be really hard to do

19 15-499Page 19 Using private keys –ka is a secret key shared by Alice and Trent –kb is a secret key shared by Bob and Trent Sig is a note from Trent saying that Alice “signed” it. To prevent repudation Trent needs to keep m or at least h(m) in a database Trent AliceBob E ka (m)E kb (m + sig)

20 15-499Page 20 Using Public Keys More Efficiently AliceBob D k1 (m) AliceBob D k1 (h(m)) + m K1 = Alice’s private key Bob decrypts it with her public key h(m) is a one-way hash of m

21 15-499Page 21 Key Exchange Private Key method Public Key method Trent AliceBob E ka (k)E kb (k) Generates k Alice Bob Generates k E k1 (k) k1 = Bob’s public key

Download ppt "15-499Page 1 15-499:Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols."

Similar presentations

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
15-853Page 1 CPS 214 Computer Networks and Distributed Systems Cryptography Basics RSA SSL SSH Kerberos.

15-853Page 1 CPS 214 Computer Networks and Distributed Systems Cryptography Basics RSA SSL SSH Kerberos.
CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.

CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)

Csci5233 Computer Security & Integrity 1 Cryptography: Basics (2)
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Similar presentations

Ads by Google