Lec 02

COMP-547 Fall 2023
Cryptography & Data Security

Lecture 02
Claude Crépeau
(To Be Con rmed)
• Tomas Langsetmo • Ziyue Xin

• McConnell 107 • McConnell 305 307
• Of ce Hours:
Mondays 10:30-12:00
• Of ce Hours:
Fridays 12:30-14:00
• For all class matters please use:

cs547@cs.mcgill.ca
fi
fi
fi
tasks
Encryption Authentication Identification Quantum
security
Quantum
Symmetric MVM Wegman-Carter Simple
Key
Informational One-Time PAD Universal Hash Solutions
Distribution
from PRBG from PRBG from PRBG Quantum

Symmetric
from PRFG from PRFG from PRFG Attacks,
Computational
DES, AES, etc DES, AES, etc DES, AES, etc Q-Safety
RSA, ElGammal, Guilloux- Quantum
Asymmetric
Blum- RSA, DSA, etc Quisquater, Attacks,
Computational
Goldwasser Schnor, etc Q-Safety
DONE IN PROGRESS TO DO GIVE UP

Key
Distribution
Information Theoretical Cryptography
• • • • •
Quantum key distribution

• • • • •
Ambiguous Coding Scheme
0 1
+
×
Calcite Crystal
Calcite Crystal
& Photodetection
1/2 1/2
Quantum Key
Distribution
Quantum Key
Distribution
Α: 0 1 1 0 0 1 0 0 1 1 0 1 0 0 0 1 1 1 0 1 1 0 0 0
× + × + + + × × × × + + + + × × × + × + + + × +
Β: × × + + × + + + × + + × × × + × × × + + × + × +
0 0 1 0 0 1 0 0 1 0 0 0 0 1 1 1 0 0 0 1 1 0 0 0
Α: × + × + + + × × × × + + + + × × × + × + + + × +
Β: 0 ææ 0 æ 1 ææ 1 æ 0 ææææ 1 0 ææ 1 æ 0 0 0
Β: 0 0 1 1 0 1 0 1 0 0 0
Α: 0 0 1 1 0 1 1 1 0 0 0
Α: 0 1 0 1 0
Β: = = = ≠ = 20%
Β: 0 1 1 1 0 0
Α: 0 1 1 1 0 0
Bennett-Brassard
Quantum Key
Distribution
• • • • •
• Produces raw classical key
• Observed error rate indicates amount

of eavesdropper information
• Error-correction is used to fix errors
• Random hash function is used to distill

a smaller very secret classical key
• • • • •
Complexity
Theoretical
Cryptography
Complexity Theoretical Symmetric Cryptography
• • • • •
Encryption
Authentication
Identification
• • • • •
Pseudo-random Bit Generator
Manuel Blum Silvio Micali
g g(x) SEEMS
RANDOM x RANDOM
Truelyrandom
Truly Random bits
Bits .
Pseudo-random Bits
?
Encryption
»
pseudo-key
cleartext
⊕ =
ciphertext
ciphertext
pseudo-key
⊕ =
Stream Cipher from Pseudo-random Bits
cleartext
»
The Enigma Machine
Arthur Scherbius
Plaintext
Data
Data EncyptIIPiPon SStandard
Encryption tandatrd .
L0 L0 R0 R0
F K1
L1 =L1
R 0= R0 R 1 = L 0 ⊕ F ( R0 , K 1 )
F K2
L2 = R 1 R 2 = L 1 ⊕ F ( R1, K 2 )
L15 = R14 R15=L 14 ⊕F( R14 , K 15 )
F K16
R16 = L15 ⊕F( R15 ,K 16 ) L16 = R15
-1
inv I PI P
Ciphertext
AdvancedEncryption
Advanced Encyption StStandard
andatrd .
ByteSub
ShiftRow
Joan Daemen MixColumn Vincent Rijmen
AddRoundKey
Figure 7: Propagation of activity pattern (in grey) through a single round

authentication
Authentication from Pseudo-random Bits
» »
?
⊕ = ⊕ =
?
tag
tag
⊗ ⊗
message
message
pseudo-key
pseudo-key
identification
On-line Identification
ALICE ALICE
TEST TEST
» ANSWER
OK
ANSWER
OK
»
ALICE ALICE
TEST TEST
» ANSWER
OK
ANSWER
OK
»
ALICE ALICE
TEST TEST
» ANSWER
OK
ANSWER
OK
»
ALICE ALICE
TEST TEST
» ANSWER
OK
ANSWER
OK
»
ALICE ALICE
TEST TEST
» ANSWER
OK
ANSWER
OK
»
ALICE ALICE
TEST ' TEST '
» ANSWER '
NO!
ANSWER '
NO!
»
Truely Random Function
Pseudo-random Function Generator
?
Identification from PRFG
#6
» »
pseudo-key #6
OK ! pseudo-key #6
Identification from PRFG
#6
» »
pseudo-key #6
fail ! pseudo-key #6
Complexity Theoretical Asymmetric Cryptography
• • • • •
public key distribution
asymmetric encryption
asymmetric authentication
zero-knowledge identification
• • • • •
Public Key
Distribution
Public-Key Distribution
x:=f(p,a) y:=f(p,b)
x
y
k:=f(y,a) k:=f(x,b)
f(f(p,a),b)=k=f(f(p,b),a)
x:=f(p,a) y:=f(p,b)
x
y
k:=f(y,a) k:=f(x,b)
x:=f(p,a) y:=f(p,b)
x
y
k:=f(y,a) k:=f(x,b)
x:=f(p,a) y:=f(p,b)
x
y
k:=f(y,a) k:=f(x,b)
x:=f(p,a) y:=f(p,b)
x
y
k:=f(y,a) k:=f(x,b)
x:=f(p,a) y:=f(p,b)
x
y
k:=f(y,a) k:=f(x,b)
Public Key
Encryption
Asymmetric Encryption
(Public-Key Cryptography)
Encryption
Ke
P C
Kd
Decryption
Complexity Theoretical Security

Public-Key Cryptography
»
»»»
»
»
»
Decryption Encryption
»
»
Will you marry me ? marry me ?
»
»»»
»
»
»
»
»
»
»»»
»
»
»
»
»
Digital
Signatures
Asymmetric Authentication
(Digital Signature Scheme)
Authentication
Ka
M T
Kv
Verification
Complexity Theoretical Security

Digital Signature
Will you marry me ?
?
Digital Signature
»
»»»
Authentication
»
Will you marry me ?

marry me ?
»
»
»
»
»»»
»
Verification Authentication
»
VALID
» marry me ?
Will you marry me ?
Digital Signature
Will you marry me ?
?
Digital Signature
»
»»»
Authentication
»
Will you marry me ?

marry me ?
»
»
»
»
»»»
»
»
VALID
» marry me ?
Will you marry me ?
Digital Signature
Will you marry me ?
?
Digital Signature
»
»»»
Authentication
»
Will you marry me ?

marry me ?
»
»
»
»
»»»
»
»
VALID
» marry me ?
Will you marry me ?
Zero-Knowledge
Identification
Off-line Identification
ALICE »
TEST ALICE
»
» ANSWER
OK PUBLIC CERTIFICATE
ALICE »
TEST ALICE
»
» ANSWER
ALICE » ALICE
»
TEST
» ANSWER
ALICE »
TEST ALICE
»
» ANSWER
ALICE » ALICE
»
TEST
» ANSWER
ALICE »
TEST ' ALICE
»
» ANSWER '
NO! PUBLIC CERTIFICATE
Interactive Proofs and Zero-Knowledge
x∈L
YES !
∀x∈L Pr( [A,B](x)=YES ) ≈ 1

x∉L
NO !
∀x∉L ∀D Pr( [D,B](x)=YES ) ≈ 0

x∈L
YES !
Interactive Proofs and NOT Zero-Knowledge
?
x∈L
x∈L
WOW !
YES !
Zero-Knowledge with Simulator
x∈L
S
x∈L
YES !
∀effD ∃effSD ∀x∈L viewD[A,D](x) = SD(x)

tasks
Encryption Authentication Identification Quantum
security
Quantum
Symmetric MVM Wegman-Carter Simple
Key
Informational One-Time PAD Universal Hash Solutions
Distribution
from PRBG from PRBG from PRBG Quantum
Symmetric
from PRFG from PRFG from PRFG Attacks,
Computational
DES, AES, etc DES, AES, etc DES, AES, etc Q-Safety
RSA, ElGammal, Guilloux- Quantum
Asymmetric
Blum- RSA, DSA, etc Quisquater, Attacks,
Computational
Goldwasser Schnor, etc Q-Safety
DONE IN PROGRESS TO DO GIVE UP

COMP-547 Fall 2023
Cryptography & Data Security
Claude Crépeau

Lec 02

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lec 02

Uploaded by

Copyright:

Available Formats

COMP-547 Fall 2023

Cryptography & Data Security

• Tomas Langsetmo • Ziyue Xin

• For all class matters please use:

from PRBG from PRBG from PRBG Quantum

DONE IN PROGRESS TO DO GIVE UP

Quantum key distribution

• Produces raw classical key

• Observed error rate indicates amount

• Error-correction is used to fix errors

• Random hash function is used to distill

Manuel Blum Silvio Micali

L15 = R14 R15=L 14 ⊕F( R14 , K 15 )

R16 = L15 ⊕F( R15 ,K 16 ) L16 = R15

Joan Daemen MixColumn Vincent Rijmen

Figure 7: Propagation of activity pattern (in grey) through a single round

public key distribution

Complexity Theoretical Security

Complexity Theoretical Security

Will you marry me ?

Will you marry me ?

Will you marry me ?

∀x∈L Pr( [A,B](x)=YES ) ≈ 1

∀x∉L ∀D Pr( [D,B](x)=YES ) ≈ 0

∀effD ∃effSD ∀x∈L viewD[A,D](x) = SD(x)

DONE IN PROGRESS TO DO GIVE UP

You might also like