• No results found

COMP443-1intro-print.pdf

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "COMP443-1intro-print.pdf"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Modern Cryptography

COMP 443 / 543

Chapter 1

Alptekin K¨up¸c¨u

Computer Science and Engineering Ko¸c University

Fall 2014

Outline of the Course

I Historical Perspective

I Theoretically UNBREAKABLE System

I Defining (symmetric) Encryption

I One-way Functions, Hash Functions, Pseudo-Random Number Generators

I Public-key (asymmetric) Encryption

I Digital Signatures

I Random Oracle Model

I Zero-Knowledge Proofs

I Protocols using Cryptography (e.g., SSL, BitTorrent)

2

Uses of Cryptography

I Military

I Anti-military

I Electronic payments (e.g., Amazon)

I Checking e-mail (e.g., Gmail)

I Operating Systems (e.g., file sharing)

I DVD protection

I File encryption

I Many more complex protocols using cryptography (e.g., BitTorrent)

Encryption (private-key, secret-key, symmetric)

Algorithms

I Key generation

I Encryption

I Decryption Spaces

I Key spaceK

I Message spaceM

I Ciphertext space C

Properties

I Correctness

I Hidden from Eavesdropper

Assumptions

I Key pre-shared

I Key unknown to attacker

I Onlykey and plaintext unknown to attacker Security through obscurity

I Reverse engineering

I Easier to change keys than algorithms

(2)

Caesar Cipher

Rotate 3

ciphertextcharacter = plaintextcharacter + 3 mod 26(why 26?)

Enc(merhaba d¨unyalı)= ?

Dec(EHJLQWKHDWWDFNQRZ)= ?

KeyGen, Enc, Dec algorithms ?

Why so easy to break?

Because there isno secret key!

The key generation algorithm isdeterministic!

5

General Shift Cipher

Rotate R (= 3⇒Caesar)

ciphertextcharacter = plaintextcharacter + R mod 26

What is the key and the key space?

How to crack?

Exhaustive search of 26 possible keys.

Why so easy to break?

Because the key space is too small!

6

Substitution Cipher

Substitute each character with another character, initially chosen at random.

e.g., A with C, B with Z, C with H ...

What is the key and the key space?

How to crack?

Exhaustive search requires 26! tries; does not work.

Still easy to break using frequency analysis attacks, why?

Because the frequency of characters in the ciphertext match frequency of those in the plaintext⇒use frequency information about the plaintext that is well-known.

Vigenere (Poly-alphabetic substitution) Cipher

Substitute each character with another character, initially chosen at random. This mapping changes depending on the key.

e.g., A with C when key is Z and with T when key is F, ... B with Z when key is Z and with G when key is F...

What is the key and the key space?

How to crack?

Simple frequency analysis does not work. But if key length is k characters, group ciphertext into k equivalence classes and perform frequency analysis for each class.

What about known-plaintext attack?

(3)

Possible Attacks ( = Adversarial Model )

I Ciphertext only (single or multiple) ( = Eavesdropper) (passive)

I Easy (especially with wireless)

I Known-plaintext (passive)

I Known protocol

I Published decryption later on (e.g., earnings)

I Chosen plaintext (CPA) (active)

I Chosen ciphertext (CCA) (active)

I Generally differentiate between CCA-1 and CCA-2 (later)

I When said only CCA, assume CCA-2

I Active attacks used in WW2 (see textbook)

Which security level one needs depends on the application!!

9

Modern Cryptography

Principle 1

Precise and formal definition (of security) must be presented.

Principle 2

Assumptions must be completely and clearly stated, and should be minimal and basic.

Principle 3

Rigorous proof of security must be given.

10

Principle 1: Defining Security

I If we do not know what to achieve, how do we realize when and whether or not is is achieved?

I When the cryptographic construction is used in another system, how do we know it fits without knowing the definition?

I How can we compare two different constructions?

I How to understand trade-offs (e.g., security vs. performance) ?

Formal Definition of Secure Encryption

An encryption scheme is secure if

I no adversary can find the secret key when given the ciphertext

I Enc(x) = x

I no adversary can find the plaintext that corresponds to the ciphertext

I Enc(x) = most (or even part) of x

I e.g., salary information without the rightmost digit.

I no adversary can determine any character of the plaintext that corresponds to the ciphertext

I But reveals whether or not salary>10000TL

I no adversary can derive any meaningful information about the plaintext from the ciphertext

I Can you define meaningful? It may be application-specific.

I no adversary can compute any function of the plaintext from the ciphertext

(4)

Formal Definition of Security

A formal definition of security must also define

1. What is considered a break?

e.g., finding key or computing if salary>10000TL 2. What are the adversary’s powers?

e.g., ciphertext-only attack vs. known-plaintext attack

3. What are the adversary’s computational resources? unbounded vs. probabilistic polynomial time

butmust not assumeanything about theadversary’s strategy(as shown by the history).

13

Good Definition of Security

Agood definition of security shall be

I mathematical

I so that it is precise

I so that it is comparable

I intuitive

I equivalent to similar intuitive definitions

I exemplified

I a survivor of test of time

14

Principle 2: Clear Assumptions

I Validation or invalidation of an assumption should be possible. This result reflects to the proof of security.

I Assumptions may help comparing schemes. “Standard” assumptions are preferable.

I Older assumptions

I Simpler assumptions

I Shared assumptions

I In modern cryptography, nothing can be proven

unconditionally secure (except what we will see the next time)

Principle 3: Rigorous Proofs

I Yes, bugs do exist, but occur, in general, during non-adversarial usage.

I With cryptography, there are specialized adversaries (akin to viruses)

I Huge gains

I Sophisticated attackers

I Huge losses (e.g., bank)

Typical proof of a scheme X will show, using aconstructive argument, that if X is broken, some assumption Y will be violated. In other words, the proof must show:

I if there exists an algorithm A for breaking X, thenwe constructan algorithm B for breaking Y

I if A is efficient, then so is B

(5)

Final Words

I Coding assignment may be given on cracking the ciphers presented in this lecture.

I Remember,cheating=F (no second chance will be given)

I Solve end-of-chapter exercises 1.3 - 1.6

I Finish reading Chapters 1 and 2

I Read about mathematical background

I Appendices A and B of textbook

I Chapters 2 and 3 of Handbook of Applied Cryptography (you may skip the algorithms in Chapter 3, but read about the problems)

References

Download now ( PDF - 5 Page - 133.33 KB )

Related documents

Challenges and Costs of Integrating Growing Amounts of Wind Power Capacity Into the Grid: Some Experiences Dealing with 12 000 MW in Germany

After successfully supporting the development of the wind power technology, an approach is needed to include the owners of wind turbines in the task of realizing other ways, other

Assessing the Impact of Biodiversity Conservation in the Management of Maize Stalk Borer (Busseola f  

Field experiments were conducted at Ebonyi State University Research Farm during 2009 and 2010 farming seasons to evaluate the effect of intercropping maize with

Enhancing the Security of Simplified DES Algorithm Using Transposition and Shift Rows

The plain text message is first converted into the cipher text by using Simple Columnar Transposition Technique and Shift Row Stage technique .The various rounds of SCTTMR

CHAPTER 1 INTRODUCTION

In the current study, the researcher has considered the OSILS products, where it is true to the advocacy made by the Chudnov (1999), Breeding (2004), Salter (2004) and Riewe

Aortic valve replacement in elderly with small aortic root and low body surface area; the Perceval S valve and its impact in effective orifice area

In our study 25 sutureless self-anchoring, Perceval S, (LivaNova Biomedica Cardio Srl, Sallugia, Italy) valves are compared with 25 conventional biological stented pros-

Media and Adolescents The Impact of Media on Adolescent Socialization. Introduction to Anthropology, Psychology and Sociology (HSP3M Grade 11)

Culminating Activity – Advertisement Rubric Criteria Leve1 1 (50 – 59%) Level 2 (60 – 69%) Level 3 (70 – 79%) Level 4 (80 – 100%) Critical Thinking/ Media Literacy

WOMEN ECONOMIC EMPOWERMENT VIA MICROCREDIT FINANCE-THE ROLE OF NIGERIAN AGRICULTURAL CO-OPERATIVE AND RURAL DEVELOPMENT BANK (NARCDB)

2- Government should provide a policy through the bank to offer credit to women farmers after the harvest period, and keep their farm produce for them, till the period the price of

Formulation Development and Evaluation of Floating Wax Beads of Olopatadine Hydrochloride

After comparing the coefficient of regression (r2) values of different kinetic models, drug release kinetics for optimized floating beads best fitted in Zero order