This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: G22.3033003 Introduction to Cryptography September 20, 2001 Lecture 2 Lecturer: Yevgeniy Dodis Scribe: Ofer H. Gill This lecture begins with a discussion on secretkey and publickey cryptography, and then discusses OneWay Functions ( OWF ), and their importance in cryptography. Essen tially, an OWF is easy to compute, but difficult to invert. A OneWay Permutation ( OWP ) is an OWF that permutes elements from a set. A TrapDoor Permutation ( TDP ) is essen tially an OWP with certain information, that if disclosed, allows the function to be easily inverted. No OWF is known to exist, since showing the existence of a function that is truly difficult to invert hasn’t been proven yet. However, there exists good candidates for OWF , OWP , and TDP . I’ll describe Prime Product as an example of an OWF candidate, Modular Exponentiation as an example of an OWP candidate, and RSA as an example of a TDP candidate. And, I’ll back up certain proofs with the appropriate number theory. Then, I’ll go on to discuss how the assumption of the existence of OWF leads to a secure passwordauthentication system. And, I’ll show that S/Key System (an example of passwordauthentication where the information stored and used for authentication keeps changing) is secure using any OWP . Next, I’ll describe the criticisms made against OWF , OWP , and TDP in practical appli cations, and give suggestions of how to overcome these criticisms. 1 Computationally Bounded Adversaries When we say that an adversary (which we’ll call Eve for the rest of this paper) is “Computa tionally Bounded,” we mean that she can only break a code if there exists a PPT algorithm for this purpose. What is PPT ? Let me address that by first defining a Polynomial Time Algorithm. Definition 1 ( polytime (Polynomial Time) Algorithm) If an algorithm A gets an input of size k , it is considered polynomial time if it runs in O ( k c ) time where c is a constant. We write y = A ( x ) to denote the output of A on input x . With this definition, now I’ll define PPT . Definition 2 ( PPT (Probabilistic Polynomial Time) Algorithm) It is a polynomial time algorithm A that is randomized . Namely, it is allowed to flip coins during its com putation. We write y = A ( x ; r ) to denote the output of A on input x , when r were the internal coin tosses made by A . We write y ← A ( x ) to denote the random variable y which corresponds to the randomized output of A on input x . This means that r was chosen at random and y = A ( x ; r ) was computed. And when I mention that an algorithm with input of size k has probability negl ( k ) of portraying some sort of behavior, I’m referring to the definition of negl ( k ) mentioned as follows: L21 Definition 3 (Negligible in terms of k ( negl ( k ) )) An arbitrary function v ( k ) (possibly a type of probability function) is negl ( k ) if: ( ∀ c > 0) ( ∃ k ′ ) ( ∀ k ≥ k ′ ) bracketleftbigg v ( k ) ≤ 1 k c bracketrightbigg In other words,...
View
Full Document
 Fall '04
 Jarecki
 Prime number, OWF, OWP

Click to edit the document details