This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: ICS 268: Cryptography and Communication Security September 28, 2004 Lecture 1: Crypto Overview, Perfect Secrecy, Onetime Pad Lecturer: Stanislaw Jarecki (These notes incorporate material from Tal Malkin’s Lecture 12 and Yevgeni Dodis’s Lecture 1) 1 L ECTURE S UMMARY We overview the aims and the philosophy of modern cryptography. We exemplify this approach with the first shot at a definition of encryption scheme security, which we will develop later on in this class. We then give a classic definition given by Claude Shannon of perfect secrecy for an encryption. We show that various classic ciphers fail to satisfy this definition, but we also show a cipher called OneTime Pad which does satisfy it. However, this cipher has very limited applicability because the communicating parties must share a preagreed key which is as long as the message, i.e. as all the communication they will be able to secretly exchange between them. We show, moreover, that this is a fundamental limitation of every perfectly secure cipher. In other words, we show that no perfectly secure cipher can have keys shorter than the message. This motivates the need to relax Shannon’s informationtheoretic perfect secrecy requirement on encryption schemes with a computational secrecy property instead. We’ll develop such computational secrecy property in the next lecture. 2 M ODERN C RYPTOGRAPHY : S HORT O VERVIEW The aim of modern cryptography is to design communication schemes (encryption schemes, iden tification schemes, message authentication schemes, etc) whose security properties can be proven , usually based on some computational hardness assumptions, e.g. an assumption that factoring, or computing discrete logs, is hard . 1 However, to create a scheme whose security is provable, we first need to define the security property which we need to prove. The security property will be usually defined as a requirement that no efficient algorithm can win in some communication game with some significant probability (again, we postpone the precise definition of significant to the next lecture). 2.1 EXAMPLE: SECRET COMMUNICATION AND SECURE ENCRYPTION Let’s exemplify the provable security approach with an example of encryption. How to define what a secure encryption is? Assume there are three agents, Bob, Alice, and Eve. Alice wants to send Bob a private message that only Bob can read. Eve, which is an abbreviation for an eavesdropper, is an adversary who 1 We’ll see in the next lecture how to define this hardness precisely, but the intuition is that a problem is hard if no efficient , i.e. polynomialtime, algorithm can solve that problem with probability higher than some negligible factor. (We postpone the definition of negligible to the next lecture.) L11 may intercept Alice’s communication, but reading it should not enable her to reconstruct Alice’s message to Bob. This is the essence of the problem of secure communication....
View
Full
Document
This note was uploaded on 01/30/2008 for the course ICS 268 taught by Professor Jarecki during the Fall '04 term at UC Irvine.
 Fall '04
 Jarecki

Click to edit the document details