This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: G22.3033-003 Introduction to Cryptography September 20, 2001 Lecture 2 Lecturer: Yevgeniy Dodis Scribe: Ofer H. Gill This lecture begins with a discussion on secret-key and public-key cryptography, and then discusses One-Way Functions ( OWF ), and their importance in cryptography. Essen- tially, an OWF is easy to compute, but difficult to invert. A One-Way Permutation ( OWP ) is an OWF that permutes elements from a set. A Trap-Door Permutation ( TDP ) is essen- tially an OWP with certain information, that if disclosed, allows the function to be easily inverted. No OWF is known to exist, since showing the existence of a function that is truly difficult to invert hasn’t been proven yet. However, there exists good candidates for OWF , OWP , and TDP . I’ll describe Prime Product as an example of an OWF candidate, Modular Exponentiation as an example of an OWP candidate, and RSA as an example of a TDP candidate. And, I’ll back up certain proofs with the appropriate number theory. Then, I’ll go on to discuss how the assumption of the existence of OWF leads to a secure password-authentication system. And, I’ll show that S/Key System (an example of password-authentication where the information stored and used for authentication keeps changing) is secure using any OWP . Next, I’ll describe the criticisms made against OWF , OWP , and TDP in practical appli- cations, and give suggestions of how to overcome these criticisms. 1 Computationally Bounded Adversaries When we say that an adversary (which we’ll call Eve for the rest of this paper) is “Computa- tionally Bounded,” we mean that she can only break a code if there exists a PPT algorithm for this purpose. What is PPT ? Let me address that by first defining a Polynomial Time Algorithm. Definition 1 ( poly-time (Polynomial Time) Algorithm) If an algorithm A gets an input of size k , it is considered polynomial time if it runs in O ( k c ) time where c is a constant. We write y = A ( x ) to denote the output of A on input x . With this definition, now I’ll define PPT . Definition 2 ( PPT (Probabilistic Polynomial Time) Algorithm) It is a polynomial time algorithm A that is randomized . Namely, it is allowed to flip coins during its com- putation. We write y = A ( x ; r ) to denote the output of A on input x , when r were the internal coin tosses made by A . We write y ← A ( x ) to denote the random variable y which corresponds to the randomized output of A on input x . This means that r was chosen at random and y = A ( x ; r ) was computed. And when I mention that an algorithm with input of size k has probability negl ( k ) of portraying some sort of behavior, I’m referring to the definition of negl ( k ) mentioned as follows: L2-1 Definition 3 (Negligible in terms of k ( negl ( k ) )) An arbitrary function v ( k ) (possibly a type of probability function) is negl ( k ) if: ( ∀ c > 0) ( ∃ k ′ ) ( ∀ k ≥ k ′ ) bracketleftbigg v ( k ) ≤ 1 k c bracketrightbigg In other words,...
View Full Document
- Fall '04
- Prime number, OWF, OWP