Professional Documents
Culture Documents
Course: Online Cryptography Course Dan Boneh
Course: Online Cryptography Course Dan Boneh
Course: Online Cryptography Course Dan Boneh
Dan Boneh
Introduction
Course
Overview
Dan Boneh
Welcome
Course objectives:
Learn how crypto primitives work
Learn how to use them correctly and reason about
security
My recommendations:
Take notes
Pause video frequently to think about the material
Answer the in-video questions
Dan Boneh
Cryptography is everywhere
Secure communication:
web traffic: HTTPS
wireless traffic: 802.11i WPA2
Bluetooth
(and WEP),
GSM,
EFS, TrueCrypt
CSS,
User authentication
Dan Boneh
Secure communication
no eavesdropping
no tampering
Dan Boneh
(1st part of
Dan Boneh
File 1
File 2
Alice
No eavesdropping
No tampering
Dan Boneh
Bob
E(k,m)=c
D(k,c)=m
E, D: cipher
k: secret key (e.g. 128 bits)
m, c: plaintext, ciphertext
Encryption algorithm is publicly known
Never use a proprietary cipher
Dan Boneh
Use Cases
Single use key: (one time key)
Key is only used to encrypt one message
encrypted email:
new key generated for every
email
Multi use key: (many time key)
Key used to encrypt multiple messages
encrypted files: same key used to encrypt many
files
Need more machinery than for one-time key
Dan Boneh
Things to remember
Cryptography is:
A tremendous tool
The basis for many security mechanisms
Cryptography is not:
The solution to all security problems
Reliable unless implemented and used
properly
Something you should try to invent yourself
many many examples of broken ad-hoc designs
Dan Boneh
End of Segment
Dan Boneh
Dan Boneh
Introduction
What is
cryptography?
Dan Boneh
Crypto core
Talking
to Alice
Talking
to Bob
Alice
Bob
attacker???
Secure communication:
m1
m2
confidentiality and integrity
Dan Boneh
Digital signatures
Anonymous communication
Alice
signature
Who did I
just talk to?
Alice
Bob
Dan Boneh
Digital signatures
Anonymous communication
Anonymous digital cash
Can I spend a digital coin without anyone knowing who I
am?
Who
How to prevent double spending?
was
1$
Alice
Internet
(anon. comm.)
that?
Dan Boneh
Protocols
Elections
Private auctions
Dan Boneh
Protocols
Elections
Private auctions
trusted
authorit
y
hm: anything that can done with trusted auth. can also
be done without
Secure multi-party computation
Dan Boneh
Crypto magic
Privately outsourcing computation
search
query
What did
she search
for?
E[ query ]
Alice
E[ results ]
results
Zero knowledge
N=pq
Alice
(proof of knowledge)
???
Bob
Dan Boneh
A rigorous science
The three steps in cryptography:
Precisely specify threat model
Propose a construction
Prove that breaking construction under
threat mode will solve an underlying hard
problem
Dan Boneh
End of Segment
Dan Boneh
Dan Boneh
Introduction
History
Dan Boneh
History
David Kahn, The code breakers (1996)
Dan Boneh
Symmetric Ciphers
Dan Boneh
1. Substitution cipher
k :=
Dan Boneh
Caesar Cipher
(no key)
Dan Boneh
26 factorial)
Dan Boneh
Dan Boneh
Dan Boneh
An Example
UKBYBIPOUZBCUFEEBORUKBYBHOBBRFESPVKBWFOFERVNBCVBZPRUBOFERVN
BCVBPCYYFVUFOFEIKNWFRFIKJNUPWRFIPOUNVNIPUBRNCUKBEFWWFDNCHXCY
BOHOPYXPUBNCUBOYNRVNIWNCPOJIOFHOPZRVFZIXUBORJRUBZRBCHNCBBON
CHRJZSFWNVRJRUBZRPCYZPUKBZPUNVPWPCYVFZIXUPUNFCPWRVNBCVBRPYY
NUNFCPWWJUKBYBIPOUZBCUIPOUNVNIPUBRNCHOPYXPUBNCUBOYNRVNIWNCP
OJIOFHOPZRNCRVNBCUNENVVFZIXUNCHPCYVFZIXUPUNFCPWZPUKBZPUNVR
3
6
3
4
3
3
E
T
A
N
C
11
P
U
10
U 10
digrams
B
U
IN
AT
UK
B
THE
RV 6
N
trigrams
FZI 4
Dan Boneh
2. Vigener cipher
k
m =
c =
C R Y P T OC R Y P T O C R Y P T
(+ mod 26)
W H A T A N I C E D A Y T O D A Y
Z Z Z J U C L U D T U N W G C Q S
Dan Boneh
3. Rotor Machines
(1870-1943)
rotor)
A
B
C
.
.
X
Y
Z
key
K
S
T
.
.
R
N
E
E
K
S
T
.
.
R
N
N
E
K
S
T
.
.
R
Dan Boneh
Rotor Machines
(cont.)
Dan Boneh
4. Data Encryption
Standard (1974)
DES:
Today:
# keys = 256 ,
(and many
others)
Dan Boneh
End of Segment
Dan Boneh
ee also:
Dan Boneh
http://en.wikibooks.org/High_School_Mathematics_Extensions/Discrete_Probab
Introduction
Discrete
Probability
(crash course,
cont.)
Dan Boneh
U: finite set
(e.g.
U = {0,1}n )
xU
P(x) = 1
Examples:
1. Uniform distribution:
Distribution vector:
xx0: P(x) = 0
Dan Boneh
Events
For a set A U:
Pr[A] =
xA
P(x)
[0,1]
note: Pr[U]=1
U = {0,1}8
U
Pr[A] =
Dan Boneh
A2 ]
Pr[A1] + Pr[A2]
A1
A2
Example:
A1 =
A2 =
all x in
Dan Boneh
Random Variables
Def: a random variable X is a function
Example:
X: {0,1}n {0,1}
X:UV
X(y) = lsb(y)
More generally:
rand. var. X induces a distribution on V:
Pr[ X-1(v)
{0,1}
lsb=0
lsb=1
Pr[ X=v ] :=
Dan Boneh
Pr[ r = a
= 1/|U|
Dan Boneh
Then
Hint:
X = r1 + r2
Pr[X=2] =
Dan Boneh
Randomized algorithms
inputs
Deterministic algorithm:
outputs
y A(m)
Randomized algorithm
y A( m ; r )
where Rr {0,1}n
A(m)
A(m)
y A( m )
Dan Boneh
End of Segment
Dan Boneh
ee also:
Dan Boneh
http://en.wikibooks.org/High_School_Mathematics_Extensions/Discrete_Probab
Introduction
Discrete
Probability
(crash course,
cont.)
Dan Boneh
Recap
U: finite set
(e.g.
U = {0,1}n )
P(x) = 1
A U is called an event
[0,1]
s.t.
xU
and
xA
Pr[A] =
P(x)
Dan Boneh
Independence
Def: events A and B are independent if
= Pr[A] Pr[B]
Pr[ A and B ]
and
Dan Boneh
Review: XOR
XOR of two strings in {0,1}n is their bit-wise addition
mod 2
0 1 1 0 1 1 1
1 0 1 1 0 1 0
Dan Boneh
An important property of
XOR
Thm: Y a rand. var. over {0,1}n ,
var. on {0,1}n
Then
Proof:
X an indep. uniform
Pr[ Z=0 ] =
Dan Boneh
n= 1.2 |U|1/2
Pr[ ij: ri =
Example:
then
Let U = {0,1}128
64
Dan Boneh
collision probability
|U|=106
# samples n
Dan Boneh
End of Segment
Dan Boneh