This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: G22.3033003 Introduction to Cryptography September 20, 2001 Lecture 2 Lecturer: Yevgeniy Dodis Scribe: Ofer H. Gill This lecture begins with a discussion on secretkey and publickey cryptography, and then discusses OneWay Functions ( OWF ), and their importance in cryptography. Essen tially, an OWF is easy to compute, but difficult to invert. A OneWay Permutation ( OWP ) is an OWF that permutes elements from a set. A TrapDoor Permutation ( TDP ) is essen tially an OWP with certain information, that if disclosed, allows the function to be easily inverted. No OWF is known to exist, since showing the existence of a function that is truly difficult to invert hasnt been proven yet. However, there exists good candidates for OWF , OWP , and TDP . Ill describe Prime Product as an example of an OWF candidate, Modular Exponentiation as an example of an OWP candidate, and RSA as an example of a TDP candidate. And, Ill back up certain proofs with the appropriate number theory. Then, Ill go on to discuss how the assumption of the existence of OWF leads to a secure passwordauthentication system. And, Ill show that S/Key System (an example of passwordauthentication where the information stored and used for authentication keeps changing) is secure using any OWP . Next, Ill describe the criticisms made against OWF , OWP , and TDP in practical appli cations, and give suggestions of how to overcome these criticisms. 1 Computationally Bounded Adversaries When we say that an adversary (which well call Eve for the rest of this paper) is Computa tionally Bounded, we mean that she can only break a code if there exists a PPT algorithm for this purpose. What is PPT ? Let me address that by first defining a Polynomial Time Algorithm. Definition 1 ( polytime (Polynomial Time) Algorithm) If an algorithm A gets an input of size k , it is considered polynomial time if it runs in O ( k c ) time where c is a constant. We write y = A ( x ) to denote the output of A on input x . With this definition, now Ill define PPT . Definition 2 ( PPT (Probabilistic Polynomial Time) Algorithm) It is a polynomial time algorithm A that is randomized . Namely, it is allowed to flip coins during its com putation. We write y = A ( x ; r ) to denote the output of A on input x , when r were the internal coin tosses made by A . We write y A ( x ) to denote the random variable y which corresponds to the randomized output of A on input x . This means that r was chosen at random and y = A ( x ; r ) was computed. And when I mention that an algorithm with input of size k has probability negl ( k ) of portraying some sort of behavior, Im referring to the definition of negl ( k ) mentioned as follows: L21 Definition 3 (Negligible in terms of k ( negl ( k ) )) An arbitrary function v ( k ) (possibly a type of probability function) is negl ( k ) if: ( c > 0) ( k ) ( k k ) bracketleftbigg v ( k ) 1 k c bracketrightbigg In other words,...
View
Full
Document
 Fall '04
 Jarecki

Click to edit the document details